FLOSS Weekly 751, Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
0:00:00 - Doc Searls
This is FLOSS Weekly. I'm Doc Searls. This week we have a roundtable at Square or rectangular, with four people in it. Besides myself, there's Shawn Powers, Jonathan Bennett and Simon Phipps himself and we talk about so many things. It's impossible to summarize them all, but they're all good, they're all current, they all matter and they're all coming up next. This is FLOSS Weekly, episode 751, recorded Wednesday, september 27, 2023. The Phipps certification.
This episode of FLOSS Weekly is brought to you by our friends at ITProTV, now called ACI Learning. Aci's new cyber skills is training that's for everyone, not just the pros. Visit go.acilearning.com/twit. TWiT listeners can receive up to 65% off an ITPro Enterprise Solution Plan after completing their form. Based on your team's size, you'll receive a properly quoted discount tailored to your needs and, by Bitwarden, get the open source password manager that can help you stay safe online. Get started with a free Teams or Enterprise plan trial, or get started for free across all devices as an individual user at bitwarden.com/twit. Hello again, everybody everywhere. This is FLOSS Weekly. I am Doc Searls, and this week, because our scheduled guest came down with COVID, we have to move him elsewhere. We have brought in a team which includes this time we have a square table, not a round table, a rectangular table with.
The Bat signal went up and here we are bats signal went up and Shawn Powers and Simon Phipps.
0:02:08 - Simon Phipps
I'm here for diversity purposes, because I'm in Europe.
0:02:14 - Doc Searls
We're in four Actually. Two of us are in the Eastern Time Zone, one in the Central and one in some. European nonsense.
0:02:23 - Simon Phipps
Yeah, it's almost nighttime here.
0:02:26 - Doc Searls
Yeah, it's, we are a very diverse group of white men.
0:02:32 - Simon Phipps
We are so diverse, you know, we haven't even all got beards.
0:02:37 - Doc Searls
Well, I'm here to represent bald people and another bald one has run the bell, anyway. So let's, we'll start. We're here to talk about news and stuff that matters as best we can, and we'll start with Simon, because Simon jumped in with something I think is pretty important. So go with it, simon.
0:03:06 - Simon Phipps
Well, one of the heroes of the open culture movement is a guy called Carl Malamud who lives over in California. Carl runs an organization called Public Resource and he's driven by the belief that citizens should be able to see the law that governs their lives, and he believes that that's a fundamental principle of pretty much every democratic system in the world. Carl is putting his own safety and his money where his mouth is, and what he does is he buys copies of the printed law and he scans them and he publishes them on the Public Resource website, and the result of that is he is routinely sued by the legal authorities of states all over the United States of America and countries all over the world. At any given moment, carl is likely to be wound up in a number of lawsuits and he's had a significant victory recently. He's now teamed up with Electronic Frontier Foundation and he was able to gain a ruling from the American court system that it is fair use to publish a standard which is incorporated into the law of the United States, and that's extremely significant, because if you are going to make your own gadget for home, it's very important that you're able to go get a copy of the standard for how things are done in your state, how should you wire your electrics, what grade of reinforcement do you need in your walls, and all of those things are covered by standards that are established by the trade that's involved.
But for the longest time those standards have been behind paywalls, and if you want to actually read the standard that sets the rules for how you do it yourself, how you go fix it, you've had to go spend often significant sums of money buying a standard. And, more relevantly, this sets a precedent in open source, because this means that where a standard for how communications takes place, how security is enforced and so on is established in law, it's going to be okay for an organization like the Open Source Initiative to publish a copy of that standard, even if the organization that owns it, like ISO, has decided to charge you for a copy. It will be considered fair use for us to do that. So I think this is a very significant win and I very much want to congratulate Carl on this win, and undoubtedly Carl is going to correct me now and master them for something I said slightly wrong in that, because he's a very precise gentleman. What do you think of this guys? Do you think this is as significant as I do, or am I just an old fogn?
0:06:13 - Doc Searls
I want to know whether or not this is the kind of thing where it's going to be appealed, it's going to go to the Supreme Court and they're going to do what they've done before and side with the powers that be.
0:06:23 - Simon Phipps
I think this is a very final ruling that's in here. Really, I don't think that's. Let's have a look at the original case here. I believe that it's going to be something that is going to be established as law at this point and is not going to be appealed successfully appealed any further.
0:06:46 - Jonathan Bennett
It's already been appealed. It's based on a couple of Supreme Court rulings, it looks like. So it would be surprising to see this go all the way back to the Supreme Court Now. If the district court had ruled the other way, then sometimes the Supreme Court will send a little nastygram that says please consider ruling such and such and such and such that we made when re-deciding this case with a humorous nudge. Nudge, better straighten up or we're coming after you.
0:07:20 - Simon Phipps
So this was a finding by the Court of Appeal for the DC Circuit.
So if there was another circuit where the opposite opinion was found to be the case, it would be possible to appeal to the Supreme Court, but with only. The way the system works is the appeal courts are the final arbiter unless another appeal court in another state finds differently, and then you can go to the Supreme Court to get them to adjudicate between the two appeals courts. And, as you said, this is all based on a whole load of established law from the Supreme Court. The other thing that's going on is Carl's got another case just like this in court in Europe, and that could be even more significant, because in the US system it tends to be individual trade associations that get incorporated into law, whereas in the European system it is the European standards organizations that get incorporated into law, and they are part of the ISO system, and so I think there's a very good chance we're going to see a big upset, and in my opinion it can't come a moment too soon for the very lovely people of the standards environment.
0:08:40 - Doc Searls
And it actually charges, does it not? For its laws? I mean, it's, they're very limited.
0:08:45 - Simon Phipps
Yeah, the ISO charges a ton of money for copies of its standards and ISO is at the moment.
You know there's another debacle that's been going on the ISO. There is a standard called Schematron for doing XML schemers, and the Schematron standard was written by a guy who thought he would do the right thing and make it into an international standard. It was gratefully accepted by ISO and then, when it came time to revise it, ISO decided they were going to put it behind a paywall so that not even the guy who had originally written the standard could read it. And that has led to an activity at ISO that's reviewing whether or not they should be charging for standards when they were contributed from outside the organization and whether or not they should be charging for standards when they're about software. And the secret information that I have coming through the system suggests that ISO is entirely unsympathetic to giving away things free and does not seem moved to make any of these standards open. So that's why this really pleases me, because this law court finding here is exactly the opposite of what ISO is doing at the moment and I don't know. I'm looking forward to it coming under Roost.
0:10:08 - Jonathan Bennett
Now in most jurisdictions, if I understand correctly, the law itself is going to be public domain and the gray area you get into is where you're talking about where the law references a standard, or I've heard some cases where it's not the law itself. It's like the law with annotations, but in practice those annotations have almost become part of the standard reading of the law. So there's fights over whether you can publish the commentary. Does the commentary therefore become the fair use or even public domain? So there's a little bit of a gray area. But I mean, I think we're all always for putting more information out there for the public to get to.
0:10:47 - Simon Phipps
Yeah, it's interesting that that that case was actually also fought by public resource. So they in 2020, the Supreme Court in the US found that public resource was doing the right thing when it published a copy of the official code of Georgia annotated. The state of Georgia had been keeping its actual official law under copyright through the mechanism of having an outside publisher publish the annotated version, and that meant that everybody who wanted to see the law in Georgia had to buy a copy of the annotated version. There was no publicly available version and Carl Scandit made it available and the state of Georgia tried to sue him for that. So exactly what you just said, you know we've already been there and Carl already won that case in the Supreme Court, and this verdict is very much based on the Supreme Court's finding in public resource versus the state of Georgia.
0:11:55 - Jonathan Bennett
How helpful is it going to be in other places like Europe? Obviously, the European courts don't really have any responsibility to even look at US Supreme Court rulings when they make their decision, but I know that from time to time other jurisdictions will sort of take notes and see which way the wind is blowing. Do you think a US Supreme Court ruling in this district ruling is going to make an impact in Europe?
0:12:20 - Simon Phipps
I think there's already a principle in Europe that the citizen should be able to see the law. I don't think what happens in the US is going to set any kind of precedent there, but it is going to result in Carl being further encouraged to go fight and, as I say, he has a case open in the European courts at the moment. He's actually also fighting cases in the Indian courts on the similar principle. He has a very soft spot for India and has been investing a lot of his self and his time in making the law be open to citizens in India, and I think he would be up for fighting this anywhere people felt it was a problem. So, although it doesn't create a precedent, the individual who won the victory is willing to go fight in anybody's country.
0:13:13 - Jonathan Bennett
Sounds like he has a particular strong moral inclination that the law should be available to anyone, which I daresay I would readily agree with.
0:13:27 - Simon Phipps
I think he would probably get on with Carl very well, and it may be we should be inviting him on the show to tell us about this initiative, even though it's kind of a little bit orthogonal to open source.
0:13:39 - Doc Searls
Open. It covers an open law. I think it makes total sense. So first, I know Jonathan has a question queued up, but first I have to let everybody know that this episode of Laws Weekly is brought to you by our friends at ITProTV, now called ACI Learning.
In today's IT talent shortage, whether you operate as your own department or are part of a larger team, your skills must be up to date. 94% of CIOs and CISOs agree that attracting and retaining talent is increasingly critical to their roles. Access more than 7,200 hours of content available, aci Learning consistently adds new content to keep you at the top of your game. Your team will thank you for entertaining training. Aci Learning's completion rate is 50% higher than their competitors.
Aci Learning is excited to introduce Cyber Skills a solution to future proof your entire organization, not just the IT department. This new Cyber Security training tool is for all members of your organization. It's Cyber Security Awareness Training for non-IT professionals With Cyber Skills get flexible, on-demand training covering everything from password security and phishing scams to malware prevention and network safety. Your employees will stay motivated and engaged throughout their learning process with easy to follow material. With a simple one-hour course overview, your employees gain attack-specific training and knowledge check assessments based on common cyber threats they will encounter on a daily basis. They'll also gain access to bonus courses documentary-style episodes, so your employees can learn about cyber attacks and breaches in their own style.
Aci Learning helps you invest in your team and entrust them to thrive, while increasing the entire security of your business. Boost your enterprise cyber security confidence today with ACI Learning. Be bold, train smart. Visit goacilearningcomtwit. Twit listeners can receive up to 65% off an IT pro enterprise solution plan after completing their form. Based on your team size, you'll receive a proper quoted discount tailored to your needs. Okay so, Jonathan, you got a question.
0:16:16 - Jonathan Bennett
I do. I actually want to ask Simon about what's up with all the millennics. What's going on there? It's interesting All the millennics just got FIPS certified and I imagine Mr FIPS might have some thoughts on that. I know it's such a dad joke the pun, but what's new?
0:16:36 - Simon Phipps
I made it at every board meeting, just so you know.
0:16:42 - Jonathan Bennett
Why don't you give us the commentary on the story of all the millennics and what's new and what you're doing there? I would love to hear it from your perspective, yeah.
0:16:50 - Simon Phipps
So the first thing I have to say is I know nothing about all the millennics itself as a distro, so I joined in with the activity there to help them to create an open community and so I got involved a few years ago now and we have navigated the course to creating a community controlled organization that has got community managed assets. It's a 501c6 organization. There are elections coming up for the board, so if anybody is running an Alma-Linux mirror or is an Alma-Linux committer, they should become a member now so that they can participate in the board elections. And Alma-Linux has always been about creating the downstream from RHEL that has proved to be necessary by many organizations. So Alma-Linux is used now by some very significant end users Organizations like CERN, who've got very unique needs for a Linux distro, and Alma-Linux has proven very popular amongst organizations with large deployments of Linux that don't need high levels of hands-on support from day to day.
We were slightly disrupted by the decision by Red Hat to no longer make the full source of RHEL available, and we looked at all the options for continuing to make a bug-for-bug compatible release of RHEL available as Alma-Linux and we came to the conclusion that that was no longer viable, that Red Hat had erected barriers. That would mean that anybody who successfully produced a bug-for-bug compatible version would probably be on the end of lawsuits. For one reason or another and I don't want to go into why that would be we decided as a community organization we couldn't do that. What we have done instead is opted to produce an ABI compatible release. So the Alma-Linux release for all intents and purposes is unchanged. There is the potential for there to be a little bit of drift in the functionality, but basically Alma-Linux will continue to be a downstream of RHEL that we construct by using legally publicly available sources, and we've talked to the folk at Red Hat and we've broadly got their support in doing that. They wouldn't be terribly effusive in public, but they like the way that our community works. They like the fact that we want to fix bugs in CentOS Stream and in RHEL and that we want to make them available off our own back. They like the fact that we form a community that funnels new users into using RHEL. They like the fact that there is a big overlap between our community and the Fedora community, and so we believe that we've got the grounds for there to be a peaceful relationship over the long term with Red Hat, while not compromising on producing an up-to-date, abi, compatible, secure, safe version of Linux under the name of Alma-Linux. So that's where we are with that.
Now to do the FIPS certification. That was beyond the means of the foundation and one of our community members has gone ahead and done that and made the build available to everybody. But, yes, alma-linux has got that certification courtesy of one of our community members. That's about everything I can tell you. That's many more things than I even knew. I knew there you go.
0:20:56 - Jonathan Bennett
So two things that come to mind when Red Hat first pulled the plug on CentOS and we got Alma-Linux and we got Rocky, I said back then that I thought it was interesting that there were two of them because I figured they would take slightly different approaches to things. And so now we've actually seen that born out. We've got Rocky that they are committed to continuing to be bug-for-bug compatible with Red Hat, and you have Alma-Linux. That has taken a little bit of a step back from that, because I find that really interesting that that has indeed happened. And then the other thing I've got to say is there's actually a real advantage to running Alma-Linux, and that is you get bug fixes faster, because Red Hat does not like fixing bugs unless they're considered critical.
So one of the ones that comes to mind is Zenbleed. I consider that to be a real problem because you could leak information out of VMs. You could leak information in the VMs. It was pretty bad. It was very trivial to run and it was a lot of information getting leaked.
And at least for the first week or two, red Hat's approach was it's not that big of a deal, we'll get it when we update the kernel the next time, and Alma-Linux actually had a test patch out within 48 hours of Zenbleed being announced and then another couple of days after that it went out stable to everybody, and so I was very impressed with that, and I love the fact that because Alma-Linux is making this little bit of a change in how they approach the compatibility, that it's going to mean some bugs get fixed faster. I think that's a real sorry to use a little bit of corporate speak here, but that's a real value you add. That is a really intriguing advantage of running Alma-Linux. So I pretty much put Alma-Linux on my new VMs and machines now. I think you guys have won me over.
0:22:49 - Simon Phipps
That's fantastic. You know, we did actually upstream that Zenbleed patch because we have a policy of upstream first if we possibly can and we only put out our own patches if we can't upstream the patch in a reasonable time, and so we did actually offer that. And there was an interesting discussion. Again, I want to stay friends with the people at Red Hat, so I don't want to say anything that would prejudice that. But yes, so we're fixing bugs, we're upstreaming them, we've got a good community.
It's very easy to become a member of the Alma-Linux community. All you basically have to do is offer a mirror and, if you want to, you can join the packaging community and fix bugs and do bigger things. To do those things, you'll probably be a Fedora community member. So most of the folks that are making the early bug fixes are from Fedora, and I find the community quite fascinating in that regard because there isn't the polarization that you see in another community that I won't name related to RHEL. There is very much an overlap between the CentOS folks and the RHEL folks and the Fedora folks and the Alma-Linux folks, and quite a lot of the people in the Alma-Linux community are Fedora committed.
0:24:22 - Doc Searls
So we have a topic in the queue which is 3D printing, and one of us just got a 3D printer, another of us has a 3D printer, maybe two of us have a 3D printer, maybe three of us do. I do not. So, sean, you have a.
0:24:37 - Shawn Powers
Yeah, to be clear, this is I am bringing the love of the show. There's nothing profound. We can't, and I don't even have the printer yet. It's in route. Of course, the filaments arrive today, which is about as useful as you can imagine having filaments with no printer yet.
But I did want to. I was curious if anybody had a 3D printer, because I, for years I wanted to have one and I just couldn't justify it. And then my wife needs one for work. She needs to print out some props for like store displays and stuff, and so now I have a rationale for ordering it, and so I ordered a bamboo printer. But the controversy there, which I was kind of scolded on the social medias for, it is not an open platform. It is not the Prusa Is that the one that's like super open and everything? It is not that. And I was going to get a Prusa printer but it was like weeks out before it would ship and I need it sooner than that. So anyway, I ordered a bamboo printer. They seem to be really good but they're not open. And I also went with an FDM printer as opposed to the fancy resin printers, and so I'm curious what the thoughts are on resin printers versus FDM and thoughts on have I shot myself in the foot over getting a non-open printer?
Maybe, you could make a 3D foot.
0:26:15 - Doc Searls
if that happens, go ahead, shadathon.
0:26:21 - Jonathan Bennett
Yeah, I do also have a 3D printer and I've had good success with it. I've printed off cases for mesh-tastic and all kinds of things like that Really really do enjoy being able to do that. In the mesh-tastic group I told the guys what 3D printer I had and I was immediately laughed at and they said, oh, it's my first 3D printer which is fairly accurate. So I went looking. So I said, okay, I want to be able to do multi-material, which that lets you print with two different kinds of material at once. And the fun thing you can do with that is you can print your actual structure and then print supports in a water-soluble material, which means that you can then just go, take your print right off your print bed, stick it in your sink and, you know, wiggle it around and all the supports will just fall off. It's the coolest thing.
Of course I don't have it yet. And then you know I would love to have a self-leveling print bed, because manually leveling your print bed is the worst. And it seemed like there was one more thing, you know a decent print size. There's one more thing that I wanted something like that. And so you go looking for that list of that wish list, and the bamboo X1 is about the only printer that hits all of them. The only problem with it and the only reason I don't have one yet, is it's not cheap. It's like $1,500. But as far as I can tell, it's basically the best print, the best FPM printer that's out there right now, if you can afford it. So I would not feel bad about your choice at all.
0:27:50 - Shawn Powers
All right, cool. And now so you're talking about? You have one with multiple extruders, so like they can print different materials.
0:27:58 - Jonathan Bennett
I do not, I want one. I want one very badly, because I have broken so many prints trying to peel the supports off. Gotcha, but yours, I am pretty sure does.
0:28:07 - Shawn Powers
This is not that. No, this that has an optional add-on, ams, where it will allow you to switch filaments during the print, but it doesn't have the multiple extruders where you can print two different things at the same time, so like you can't do like a support and then a thing at the same time. I think the Prusa XL is that one that has a multiple, but it's like $3,500. I don't even know. Yeah, they're expensive to do it. Yeah, mine doesn't do that, mine's not that cool.
0:28:36 - Jonathan Bennett
I really thought yours was one of them that had it. But you do have the auto bed leveling. At least That'll help you out a lot.
0:28:42 - Shawn Powers
Yeah, it has auto bed leveling. It has. So I've never had a printer, so some of the like cool features mean nothing to me. So it's like oh, it has spaghetti detection, Like okay, I mean.
0:28:56 - Jonathan Bennett
I don't have it here. So one of the things I do with my printer is I print like D&D miniatures and I had a print go to sort of spaghetti but it actually ended up just melting all of the plastic together and so I have essentially a living blob about yay big, that's just melted plastic on top of melted plastic in this weird amorphous blob shape and it's the coolest looking monitor or monster. But was not what the print was supposed to look like. That's the kind of thing spaghetti detection is. It'll figure that out mid print and stop it.
0:29:29 - Shawn Powers
Okay, and so you do D&D characters with an FDM printer, then not resin, because like that was the whole thing about resin, right, it's like super fine detail, no lines, yes, etc. Etc. But also messy and stinky and you got to wash them and you get resin everywhere and toxic and stuff. And it seemed like a lot of effort and you probably know me well enough to know that a lot of effort is not my emotion, so yeah, resin will get you finer details.
0:30:01 - Jonathan Bennett
It's true, because you know the way resin works essentially is that you've got you've got a little projector that is shooting like a 1080p image in UV, and it's so. What it does is it cures little tiny bits, a pixel or maybe a voxel at a time of that resin. Well, if you're printing something small and you've got 1080p to work with, you end up with really really fine resolution. So that is great. And so if you're making little miniatures, you can get really really fine details.
The problem there's multiple problems with resin. One is it is a mess and it's a pain to work with. But also you don't get as much structural strength with resin Whereas, you know, with with FPM you can do something like you could. You can print with some of the filaments that have even like fiber reinforcement built right into them. There's a lot you can do with it. So I am I am pretty satisfied with having a conventional printer as far as that goes. And then, if you're really, if you're really into the the miniature thing, you know you you're going to print them and or you're going to print them and then paint them and the paint's going to cover up all the layer lines. You put all your details back in that that was another question I had.
0:31:08 - Shawn Powers
Can you paint over the, the extruded stuff, the plastic? I mean, does paint stick to it? I know there's lots of different kinds of filament, but all right, cool. Yeah, and you sure I mean you've done it. So the proof is in the pudding. Is that? Is that printed? Did you print that and paint it? Yeah, that is printed and painted.
0:31:25 - Jonathan Bennett
Nice, that's a character from one of my campaigns from a while ago, right, yeah, it turned out pretty well too. That one's actually printed at like three or four X scale basically as big as I could get it on the printer, and it took something like 24 hours to print it out, but it turned out great.
0:31:41 - Shawn Powers
And you kept the amorphous blob right and named it.
0:31:44 - Jonathan Bennett
Yeah, that's somewhere around here. I try painting that too. I'm very sort of a novice when it comes to painting miniatures. The paint work on that one didn't turn out as well, but yeah, I've worked on painting it too and it looks fairly nice.
0:32:00 - Shawn Powers
All right. So apparently this is a I mean it's nerdy, I guess a little techie. What kind of paints do you end up? Is it like acrylic paint staff to use like stinky?
0:32:11 - Jonathan Bennett
I went with acrylic. Now they're not stinky at all. I just I got the one of the cheap sets off of Amazon and so there, actually there is an open source angle here. Even if your printer is not running open source firmware, most of the things that you print are going to be some iteration, some variation of an open source license. And I want to say I'm of the opinion that 3D printing has almost done as much for making things for normal people as open source licensing did for making software for normal people.
Because you can, you can go from well, you can go from an idea to having something physical very quickly with 3D printing. But you can also share those ideas and those designs and have them printed out. So you can go to printablescom and I'm pretty sure there you can tell it. I want to sort this by license and only show me you know permissive open hardware sort of licenses. You can find things where people have shared. You know cases for electronics I don't have any of my other neat prints right in front of me here but all kinds of stuff that you know. You put an open hardware license on it, you share it and it just it's, it's really become sort of transformative for making those sort of little knickknacks and bits and bobs that you need for all sorts of hardware projects.
0:33:35 - Shawn Powers
I'm hoping that it becomes a useful thing for me. Like I said, over the years I haven't had a real rationale for it, but now that my wife needs one, well, I'm going to be able to use it too. Like my first project, I have this, the Ember mug that you see me drinking all the time out of, and you know it keeps keeps your coffee at the perfect temperature. And this is the charging coaster. It's got two little Pogo pins on it and it's like out of 19 volt power supply and it just seems like my perfect project. So I'm looking forward to doing that, because they're like 40 bucks and that seems excessive to buy a brand name replacement. So anyway, that was my whole topic. Thank you for indulging me with, with making me feel better about my purchase.
0:34:15 - Jonathan Bennett
That was a discussion Weird guy. Yeah, it'll be fun. I'm looking forward to seeing you come in you know, future shows with some of your prints, because there's this, there's this time period where everything that prints you're so excited and you'll be like I made Benchy Look, guys.
0:34:32 - Doc Searls
I think you should print a 3D wig that's green for your head. Since you're not green anymore, I get to be green again.
0:34:42 - Shawn Powers
My daughter's getting married this this Saturday, but the Saturday after, and then green for that After that. So I have to have I cannot be the focus of attention when I'm walking my daughter down the aisle. It has to be hard, and so yeah, after that, and I start a new job on the 16th and I already have permission to have green hair there, so yeah, I'm glad you cleared that I did.
0:35:07 - Doc Searls
I know you weren't asking for this employer, but I'm I'm going to go green. I believe in in green tech. I'm a green head.
0:35:17 - Shawn Powers
Although it did run into a complication because it's a video training. So I'm going to be working for CBT nuggets Again. I did years ago. But a lot of the stuff we do is green screen, which like. Well, that's going to be interesting. I may have to break out the blue screen because part of your head is missing.
0:35:35 - Doc Searls
Then Exactly, yeah.
0:35:36 - Shawn Powers
Yeah, so that's going to be an interesting thing I have to have to do.
0:35:41 - Doc Searls
Wow. Okay, so we're going to get to some other questions, but first I have to let everybody know that this episode of Floss Weekly is brought to you by Bitwarden, the only open source cross platform password manager anywhere anytime Security. Now Steve Gibson has even switched over. With Bitwarden, all of the data in your vault is end to end encrypted, not just your passwords. In the summer 2023 G2 enterprise grid report, they solidified their position as the highest performing password manager for the enterprise, leaving competitors in the dust.
Bitwarden protects your data and privacy by adding strong, randomly generated passwords for each account. Go further with the username generator. Create unique usernames for each account or use any of the five integrated email alias services. Transparently view all of Bitwarden's code available on GitHub. On top of being public to the world, bitwarden also has professional third party audits performed yearly and the results get published on their website.
Bitwarden is open source security that you can trust. Share private data securely with coworkers across departments or the entire company, with fully customizable and adaptive plans. Bitwarden's teams organization option is $3 per month per user, while their enterprise organization plan is just $5 per month per user. Individuals always get Bitwarden's basic free account for unlimited passwords. Upgrade any time to a premium account for less than $1 a month, or bring the whole family with their family organization option to give up to six users premium features for only $3.33 a month. Bitwarden just released a new passwordless SSO feature. Sso with trusted devices lets users log into Bitwarden and decrypt their vault after using SSO on a registered trusted device, no master password needed. This new solution makes it even easier for enterprise users to stay safe and secure with Bitwarden. Learn more about SSO with trusted devices at bitwardencomtwit. At twit, where fans of password managers get started with Bitwarden's free trial of a teams or enterprise plan, or get started for free across all devices as an individual user at bitwardencomtwit. That's bitwardencomtwit.
So I've got an issue here which is relevant to me, because I've been looking at maybe getting a new car. I have a 2005 Subaru Outback, which is basically a box on wheels with all-wheel drive. It's very handy for hauling stuff around. It's actually only just turned 100,000 miles because it's actually left outside by an old lady for nine years, but it does work and we like it. It's not comfortable for long drives, though, but here's the cool thing it's pre-spying it doesn't spy on you.
And Mozilla, on the sixth of this month came out with a really pretty comprehensive report called Privacy Nightmare on Wheels. Every car brand reviewed by Mozilla, including Ford, volkswagen and Toyota, flunk's Privacy Test is very long headline and you can go in and look at all the different kinds of cars and what their privacy policies are. You can't get, they can't get into them very well, because these are not open source at all, they're closed source, they're buried behind the dashboard. One interesting one for me is Tesla, because one would think, hey, tesla, boy, they could spy on you so many ways and things. Electric does all these things, but the Tesla is basically a computer. That's also a car and you're looking. It's not perfect open source wise, but they sound at least a little bit more committed to privacy than the others are, even though they can spy on you all kinds of ways. It's a pretty depressing report because in the computing world with phones and computers and mobile devices and little portable things, you can get and carry around Anything that computes we could generally look at to some degree.
But your car is opaque. This stuff's going on behind the dashboard. The car comes with, for example, a cell phone in it, but you never see it. But it's a cell phone number. Your car has a cell phone number, just like it has a vehicle identification number, and it's darking on you. Some of this we're already familiar with our mobile devices, for example, because that's what tells Google and Bing and Apple that there's traffic. Because your phone is telling those outfits to the phone company that you are a traffic sensing device. We never get that information, but they do. It's a separate issue. But cars are bad privacy wise, and I don't know how we approach these. I'm curious to know also maybe Simon does something about this whether or not it's as bad in Europe. Volkswagen and BMW are among the offenders here. They sell in the US, obviously. I don't know. You guys have any thoughts about this.
0:41:25 - Shawn Powers
I was encouraged by the. I'm no longer encouraged, but I was encouraged with the notion of things like Apple's CarPlay and Android Auto, where the smarts were going to be in your phone. I still I'm an Apple phone user, my family is, so that's what I have. I like that the smarts are there, but I'm disheartened because, for example, chevrolet CarPlay is not going to be having, though, like Android Auto or Apple CarPlay in their EV line. They're going to be using their own software, which means you have no access at all. I mean you have no control over what is happening there. I don't even know what it's going to look like. I think it was a terrible idea.
0:42:10 - Doc Searls
It's going to be bad, it's just going to be bad, thank you.
0:42:13 - Shawn Powers
I did notice my lower third. Now I appreciate that, anyway. So I don't know even our car. Right now, when I use something like CarPlay, yeah, my car still has a 4G modem that's connected, even though I don't subscribe to the service. It's still connected to towers. I don't know what kind of data is going to and from my car to anyone. I just have no idea. So I was hoping that automakers would get out of the. We are the smart software people because they suck so bad at making decent software in their head end units. But that doesn't seem to be the case. So yeah, I don't have a good answer other than drive a really old car.
0:43:01 - Jonathan Bennett
I was just thinking that my 97 Ford Ranger and my 05 Nissan Quest seemed really really good and really worth keeping on the road now yeah, the Beatles are awesome for a different reason now, right?
0:43:12 - Doc Searls
Yeah, I'm holding on to this old Subaru for the same reason. So, Simon, I mean you must have some thoughts about this.
0:43:22 - Simon Phipps
Well, you know I'm hugely discouraged by the whole motor industry. You know forgetting all the stuff about. You know gasoline or petrol. If you look at the vehicles they're producing now, they come with the invasion of your privacy built in by default and they come with software that is intended to monetize you and turn the car into, you know, vehicles of service. So I was particularly discouraged, for example, by BMW, who now sell access to the heated seats that are in your BMW already, but they now cost you $18 a month to activate, or you can at the moment pay them $415 for unlimited access, but we'll see how long that lasts.
And this trend is continuing through all the features that they're putting in. You know the premium. Access to the locations of traffic cameras and to the access to reporting on accidents and different kinds of routing is going to be restricted. Access to features in the vehicle is going to be restricted. And then that's on top of what you just described, which is they are involved in the surveillance society, instrumenting the vehicle and selling information about you to absolutely everyone they can. And I'm especially discouraged by the fact that the laws in Europe that are meant to deal with that in the rest of society. The Digital Services Act and the Digital Markets Act have basically got big carve outs for the motor industry in them.
So I think we're in a terrible place here at the moment with motor vehicles, because if you want to get an electric vehicle, you are going to have to have one that is permanently connected. There are, as far as I know, no electric vehicles on the market that are not permanently connected to the company that sold them to you, and so my lifelong instinct, which is that I never want to have a relationship with a motor vehicle manufacturer and I want the transaction to be one that concludes as I leave the showroom, and I never want to hear from them ever again, if I possibly can. That is now impossible with electric vehicles because you have to have an ongoing relationship, and they're making it impossible with fossil fuel powered vehicles as well, because you're going to need to have a relationship in order to have the steering wheel have a full 180 turn and to have the heated seats turn on and for the headlights to work at night and for all of those sorts of things. You know, those are all going to be premium extras. Oh, doc, you want to drive at night? Oh well, that's in our deluxe night driver package.
Oh, you want to drive in the rain, do you? Oh well, I'm afraid the windscreen wipers are extra.
0:46:12 - Doc Searls
Your seats, your locks. I have to rent those.
0:46:16 - Simon Phipps
You know, it's exactly like flying Ryanair, but it's in your own car.
0:46:21 - Doc Searls
Yeah.
So I see this two ways. Neither one of them is good, but I think it's part of the same thing. One is the digitization of everything and there's this law almost an iron law in tech that what can be done will be done, and we take it to an extreme and then back off one way or another. It applies to nuclear power, it applies to hammers, it applies to everything and it applies here. It's like what can be done will be done. I can name T Rob Wyatt, who is in one of the communities that I'm involved with Back in 2012, had a very eloquent blog post about this and he came to meetings just shouting to the rooftops about how this is starting to happen, that the automobile industry is completely in the thrall of jealousy over the online advertising industry, saying we want to be able to do this in cars.
We're looking at this as a profit center. We want to just digitize everything. But I think it's that's one thing that's going on, but the other thing is, as cars become more electrical to become more electronic, and as we drift toward getting all you know, toward electric cars becoming and hub first with hybrids and now with electric cars becoming the norm it's like we as drivers become use a new verb here back seated more and more and more. We're not the drivers, we're driven and we're driven by. You know, these things are our chauffeurs and they're knocking on us all the time because they can.
And the hard thing for me is where I this. I am not. You know, I have this libertarian streak that says every new law protects yesterday, from less than last Thursday and less of this for another 150 years or something, and I worry about new laws respecting this. But I think we law may be the only way we could do this. We may only need, we may need regulation that says no, no, no, and all the data you're gathering about people, it goes to them first. They get the valve, it on or off, whether or not it's shared, and maybe you could leave a back door in for law enforcement. But I don't like that either. But I don't. Jonathan, you have any thoughts about this? I think you're sort of somewhat of a similar mind on this kind of thing. Yeah, so I will.
0:48:38 - Jonathan Bennett
I will tell you. The thing that really first comes to mind for me is that in the United States and other places around the world there is there's quite a culture of doing car modifications. Yeah, you know, bolting on hearts to get more power. Yeah, and so that's the thing that comes to mind. What on a lot of these new cars? Is there somebody selling a replacement Navin Entertainment Center? Or, alternatively, can you jailbreak your Navin Entertainment Center on such and such new car or replace it with something open source, or you know?
0:49:09 - Shawn Powers
at least go in and flip the switches. I bet it voids the warranty. I bet you know if you do something like that, nothing is your is warranted then in your car anymore. It would be my guess you know like what if you unplugged the plug to make it and plug, you know you just shorted the thing, so your seats heated up and the computer detected that it was unplugged or something. I mean I could picture like oh no, sorry, your warranty is voided. Oh, your transaxle went out right after you did that.
0:49:37 - Jonathan Bennett
Oh, sorry, yeah, so the thing that I fear is and I get that, and that's. That's something to worry about. The thing that I fear even more is car manufacturers using the DMCA to say oh no, no, you can't sell A piece of software that turns off our are tracking and advertising because you had to circumvent our DRM to be able to do it. And here you have to take that down, so okay so?
0:50:06 - Doc Searls
so your answer, Jonathan, is let's just get a culture to jailbreak these things and make them ours as much as possible, absolutely, warranties be damned. So, simon, you're sharing your experience with us. So, simon, you're sharing with us on our back channel, classicelectriccarscouk. Yeah, that's cool, it looks cool.
0:50:27 - Simon Phipps
These people will let you turn your car into an EV. They do a really excellent job. I've seen some of these. You'll notice that most of these vehicles are small and cute that they're doing it with, and that's great as well, because I've discovered it's really hard to buy a small EV. Most EVs are the size of American cars. So, yeah, I like the look of these people.
I don't think they're the answer, though. I also tend to believe that the only answer is for us to have the surveillance society become illegal, and I think that that is probably the fix. I don't dislike advertisements. I find advertisements quite colorful on my web pages.
The reason I have a copy of Piehole installed on my home network is not to get rid of the advertisements. It's to get rid of all of the intrusive surveillance and collection of information about me by the advertising companies that I have Piehole installed, and I think that's the stuff that we need to see more legislation about, and there's legislation in California about it. There's a bunch of legislation in Europe about it, but we have to get more serious and tell the advertising industry and my apologies to Twit TV, who make all their money from advertisers, but nonetheless I think we need to tell the advertising industry that it is not okay to mass collect information about us, triangulate on us with it, sell it to political campaigns to target us, sell it to medical companies to target us. That's all disgusting behavior and I think that we need to tell our representatives in our parliaments and in Congress that we believe it's disgusting and get it made illegal.
0:52:19 - Speaker 5
And prude button in here. Mr Phipps, no need for that apology, because here at Twit we are strongly against advertiser tracking. We discuss that quite heavily here on the network each and every day. Yes, we have host read ads. You're not going to get all of this crazy tracking analytics from us. Plus, there's other ways that we try to monetize, which I'm sure we'll get into at the end of the show.
0:52:45 - Doc Searls
Okay, back to you guys, thanks. So you mentioned Piehole. That's pie-rollnet. So tell us a little bit about that, then we'll take a break.
0:52:57 - Simon Phipps
Okay, piehole is a DNS that is connected to DevNull so that every time any device on your home network requests the resolution of a domain name that is known to be part of an advertising surveillance activity, what gets returned is something harmless, and it results in all of the apps that you're running in your home, on your PCs and on your smart TV, on your phones. All the time you're on your home network. You don't get any advertisements because you're not being tracked, and so I have that installed on a Raspberry Pi in the rack downstairs and it's covering all of my devices. Let's just look at the display here today. It has blocked 567 advertisements for me today on my devices at home, so I very much recommend people looking at that. It's all open source. It all runs on any computer you like. It doesn't have to be on a Raspberry Pi and it is very straightforward. What it's doing it's being a proxy DNS so that all of the mechanics of the surveillance system are being intercepted and neutralized.
0:54:13 - Jonathan Bennett
It might be worth noting real quick that blocking ads is actually becoming a security recommendation too. I forget who, but somebody pointed out that?
well, yeah, the FBI, among other people but somebody pointed out that this wasn't a thing until the advertisers on multiple websites kept having worse and worse behavior and not cleaning it up. And it's gotten to the point now where you just and I start doing this for customers too. You pretty much have to block ads to be able to keep them from accidentally clicking on something that you know it'll redirect you to a website which goes to another website, and suddenly you've got malware on your machine.
0:54:55 - Doc Searls
So we're getting close to the end of the show, so let's take a quick break and we'll be back with the finals right after that. So any final thoughts? Any one of the three of you want to jump in with something?
0:55:07 - Shawn Powers
to help us. I mean, I'll just say you know Simon mentioned that place that will do cars and convert old cars to EVs. Ev West here in the States sells DIY kits which I have, I want so bad, but they're like just under 20 grand, which is about 20 grand more than I have to spend on such a thing.
But it comes with like the mode. It's like a complete kit to switch a classic Beetle to full EV and includes like motor and a battery packs and all the wiring and you don't have to do it, just bolts on where the engine would bolt onto your transmission. So your transmission and clutch and everything is the same. So I want it so bad. I just can't even explain how bad I want it and that was the only. I had nothing useful to add other than that would be so cool.
0:55:57 - Simon Phipps
You know, I have to say I did make my bike an EV. I bought a kit for it and made my pedal bike into an EV, and it's a lot cheaper than that.
0:56:06 - Shawn Powers
Yeah, I believe that's the case. Yeah, and I have a. I already have an EV bike.
0:56:11 - Jonathan Bennett
A little less fun in the winter to that'll depends from where you live here in Oklahoma. It'd be fine in the winter, but trying to drive your bike out when it's 110 degrees Fahrenheit is just not something I want to do.
0:56:26 - Shawn Powers
That's a, that's a pure throttle. No pedal day If it's still too hot for that.
0:56:31 - Doc Searls
You want to. You can only, you should only go fast. There should be no slow on that.
0:56:36 - Simon Phipps
Kind of tricky up in Minnesota in the winter as well.
0:56:39 - Doc Searls
There you go Probably, and you pointed out, I think, simon, and our own back channel here that John Deere, which is famously locked up their stuff, is now allowing farmers to fix their own tractors, which are yeah. I think they saw the writing on the wall.
0:56:58 - Simon Phipps
No, I think they saw that there was a lot of outcry about it and I think they saw legislators beginning to pay attention to the fact that this was not okay, and I think that they've made that concession so that it doesn't become a legal requirement. I think that's what's going on there, but I think there is legislators have caught wind of the fact that the fix it yourself movement is a very real, very realistic and very necessary, and I think we will see legislation put in place if vendors try to bolt everything to the floor. That's why I think we're going to see modular, modular Apple phones in Europe at some point soon is because they understand that. Yeah, I think we're going to see well, we're going to see replaceable batteries, certainly Because I think they're about to become a legal requirement and I think they're getting out ahead of that.
We finally have USB-C. If only it worked.
0:58:00 - Doc Searls
There's a Corey Doctor had a piece about it about how Apple did make their make changing your own battery available, where you ordered something and a thing came in a suitcase and then you did a whole bunch of stuff in a suitcase or you could go down to the fixer shop on the corner and they could do it in 10 minutes with their own tools. You know anyway, because they've been doing this for years anyhow. So it's a. Yeah, I think my way of thinking is an iPhone 6 and I think she's had the battery replaced two or three times than that, always by the after market world.
0:58:41 - Shawn Powers
I didn't. I mean, I thought the 3G towers were shut down. So if she has an iPhone 6, that's no, it does.
0:58:47 - Doc Searls
it does 4G the iPhone 6 is 4G.
Yeah, it's still works. It still works. I should note, as you're pretty close to the end here, this is a we have. We went to T-Mobile here in the US owned by a German company, by the way, also called T-Mobile that we got the international plan, which had unlimited data, and it was a 2G, then 3G. When 4G came along, it tended to be slower, but often it popped up to 4G because it's harder for the carriers to disable the 4G to get it down to 3G, because nobody wants to use it anymore, Anyway, or the towers being to be built for it and they're not just towers, by the way.
In Europe they do a good job of disguising them as church steeple and flagpoles and road signage and other stuff like that. But anyway, she just went to Italy while I went to Boston for an obligation and our unlimited plan turned out not to be unlimited. It gave you five gigabytes and then you had to pay more and they said no, that's part of the unlimited plan now and apparently I'm told from doing a little bit of research there's still the best of the breed here in the US, but it's gotten worse going outside the country. It's kind of moved back into the past. Unlimited data is not as easy to get, and that's really sad and unfortunate because it feels like we're going back into the past here. Simon, do you have any thoughts about that, that the tariffs going back up, or the countries aren't getting along, or all the different carriers are just trying to bring back the charge for everything you can? Anyway, you can.
1:00:25 - Simon Phipps
They'll charge for everything they can at any moment, and you can tell that, because I'm not allowed to talk about partisan politics here. But it's not partisan to say that I hate Brexit, and one of the things that happened as a result of Brexit is Roman charges came back for UK citizens going into Europe, which the phone companies had said would not happen. But as soon as they saw that lovely money just sitting on the table, they immediately went for it. And the golden rule is that if there is money left on the table, the phone companies will go for it because they're reptiles. There's no other way to talk about it.
1:01:03 - Doc Searls
We're allowed to say they're reptiles, as GP Raghuswamy, who he may want to get on this at some point. They're dinosaurs, but they're still alive. Anyway, I worked for him at BT in the UK and my favorite line from him was saying at BT, as their chief scientist, our core competency is not communications, it's billing. So there you go.
1:01:35 - Simon Phipps
Anyhow, it's a very hard problem.
1:01:39 - Doc Searls
It's hard to solve that problem. Okay, so let's go around the square table hearing sound effects there and get to our plugs.
1:01:53 - Shawn Powers
Oh, I'll go first. I got really nothing other than the weird guy lower third that has my newsletter. You know I'm switching jobs, which I don't know what that means. As far as like online activities go, my newsletter there the first link. You'll always get information about me from me, and about other stuff too.
1:02:14 - Doc Searls
So yeah, so trying to think you got ahead of me there.
1:02:17 - Jonathan Bennett
Yeah, I'll jump in next. So I will plug Hackaday. We've got an article upcoming working on it late into the night last night about the Mishastic radios, the part two of three of fun things you can do with that, and open source. And then don't forget the untitled Linux show. We had quite the milestone this past week the 20,000th podcast on the Twit network was our latest ULS episode, and so I think we might whisper into somebody's ear and ask that one to get released publicly for everybody to be able to enjoy. I think that would be fun, but that is for most of the episodes. A club Twit exclusive. And goodness, if you're not on club Twit yet, why not? It's about the cost of a cup of coffee per month. Get on club Twit.
1:03:04 - Doc Searls
Great plug, great plug. So, simon, you've got something.
1:03:08 - Simon Phipps
Yeah. So there is my favorite conference coming up in Europe. If you're looking for a conference to go to, you want to meet an amazingly welcoming and warm group of people in a fantastic location for a short but beautiful conference. It's called the South Turol Free Software Conference. It happens in a city you've never heard of called Balsano, in Italy, and it is happening at the start of November, and that's the. It's the other link, and SFSCon is a conference that you've probably never heard of, but you'll see that the agenda is fantastically varied.
The presenters are people who are not at every other conference that you've ever been to. It's a free conference. There's no fee to attend it. I absolutely recommend that you go along to SFSCon or, if you can't make it to SFSCon, to that you watch the live stream of the sessions, which will all be very good, and then at the start of December I'll be at that other conference, at the open source experience in Paris. That's 6th and 7th of December. We'll be having the last birthday party of the year for the 25th anniversary of open source. So come along to that and have a slice of cake with me, and I think that that's my plugs. Oh, and follow me on MasterDone please. Webmink.
1:04:35 - Doc Searls
The one and only Webmink. I have a couple small ones. One is that I will be actually at the Computer History Museum and week after next I'll be a display in the Computer History.
1:04:51 - Simon Phipps
Museum. I was thinking it, I was thinking it, I admit it when I die.
1:04:56 - Doc Searls
That's what I should be like, like, like Jeremy Bentham, you know, like.
1:05:00 - Simon Phipps
Yeah, the case and the wooden case.
1:05:03 - Doc Searls
In the case, my head will be somewhere else because it's you know, they put a coconut there instead. But I'll be at the Internet Identity Workshop which I co-organize, and that is the week after next. It is a fantastic conference. It's no panels, no speakers of any kind, we just install breakouts and all working on stuff and it's fairly cheap as those things go, and the day before that there's going to be something called a VRM day, and look that up or look at my blog, you'll find it there. Anyway.
But the other thing is I'm going to stop and I'm only mentioning this because of the cars, not for the wine, but little Yuvos Vineyards is the love vineyards. My brother-in-law and my sister-in-law run that place. It's off of 101, south of Morgan Hill, at the Madsen exit. Anyway, they have the most amazing collection of old cars, classic cars, there, and I'm sure none of them spy on you. So I wanted to let you know about that because it's not just good wine and pizza and other stuff like that, but they have these amazing cars, so always fun Anyhow. So that's about it. Next week I have to bring up the thing again because I'm never prepared. I was prepared last week for something that didn't happen. So for this week, next week got it Okay. Cooper Quinton of the EFF We've been talking EFF stuff this week. He'll be back. I'll be back next week. Catherine's going to co-host, so show up for that. It's always going to be good and we'll see you then.
1:06:46 - Jason Howell & Mikah Sargent
It's mid-week and you really want to know even more about the world of technology, so you should check out Tech News Weekly, the show where we talk to and about the people making and breaking the tech news. It's the biggest news. We talk with the people writing the stories that you're probably reading. We also talk between ourselves about the stories that are getting us even more excited about tech news this week. So if you're excited, well then join us. Head to twittv and don't forget to hit the bell icon to get notified when I post new videos.
