Category Archives: open source

open source stuff

The Enormous Empowering of Free and Open Source Software Ecosystem


It is quite disappointing to see the escalation of bad behaviour on the part of some of the partners in the technology industry legally pushed on by US politicians who have no idea what they are doing.

I got asked by many people what this withdrawal of access to the Android code by Huawei by Google would mean?

Simple. Nothing. It is just another day, another bad decision.

Why?

The Android ecosystem is driven not only by the business arrangements Google has with the various OEMs, but also by the existence of the Android Open Source Project,

The AOSP is the basis of the various replacement code that run in millions of Android phones already in the market. You have all of the functionality one expects from an Android smart phone but without access to some of the “special sauce” (proprietary) that Google provides to the OEMs. If you think about it for a moment, not having access to the proprietary secret sauce/source is actually a Good Thing.

The special code that Google provides to their OEMs is, among other things, the ability to track users. I know lots of users would say, “but how else can I use the phone”? You do not have to give up your privacy to use the Android device. And for all those who say “privacy is dead, just get on with it”, I would like to ask “why do you close the door when you use the restroom”?

I have 3 Android phones – two Nexus and one Pixel. On the Nexus I am running AOSP and the Pixel is still running stock Android OS from Google. On all three, I use, to the extent I can, mostly all open source applications – FreeOTP, Signal, Telegram, Firefox, Firefox Focus, Tor, Torbrowser, Jitsi, DuckDuckGo, OpenStreetMap, AntennaPod, Keybase, Nextcloud, MIT AI2 Companion, VLC and Feedly. I don’t use Chromium (or Chrome).

About the only Google application I use is Gmail client and Google Maps if I did not download the OSM map for the city I am travelling to. And in case it is not already obvious, I don’t use Google for search. It is DDG for me, everywhere.

I do have ParkingSG, DBS’ apps, NEA, SGBuses and some others. By and large, the phone running AOSP have pretty much the same (minus Gmail) but that is fine.

But let’s return to the issue that is annoying the tech world right now. Since Google, Intel, Qualcomm and others have been arm twisted by the USG to stop providing to Huawei, what do you think will happen? Huawei will turn to others – for the hardware components – and will also potentially spur other Chinese companies to step into the void. Thanks to a braindead move, the rest of the world has been energized to remove the Single Point of Failure situation we are all collectively facing.

Don’t get me wrong in assuming that I think Huawei is above board on all things. They probably are not. But so are the likes of Cisco, Apple etc (just search for the Snowden revelations). But, the major difference between Huawei and the US companies accused of similar bad behaviour is that Huawei has a strong link with the CCP via their CEO (if you are reading this in China, the Wikipedia page is blocked I am sure).

It is all about optics. He might indeed be a fine and honourable person. But the CCP link (and their Great Firewall of China and the slow train wreck that is their Social Credit experiment) does not bestow confidence. Compound that with the removal of the term limits on the presidency of China which essentially means one person will rule for his lifetime, does bring into sharper focus, the entire Chinese technology ecosystem in their lack of independence.

How could this be resolved. Partially, perhaps, by the CEO stepping down and having a very transparent management that we can all check for links to the CCP. This applies to the other Chinese companies as well – ZTE, Ali, Tencent, Baidu, QQ, WeChat, Didi etc. The opacity and the central control of thought by the CCP is a root cause of these troubles.

The accusations that Huawei “stole” “intellectual property” from the US is potentially provable, if we are talking about hardware. If it is about software, the code that is used to run on their systems are all essentially FOSS and GPLed code (most likely). There is no archaic 20th century style restrictions on the code and this is where Free and Open Source Code’s power is shining through. No amount of sanctions can stop the open sharing and collaboration that is already there.

Let’s make one thing clear. When you are looking at the code running on your devices (any), you have the opportunity to examine them, fix them, update them and do what you please, so long as you have access to the code. If the code is proprietary, discovering issues is really hard, not impossible, but hard.

The less informed would say that since the code is open, anyone can put in malicious code to do stuff. Of course that can happen. And precisely because the code is open, you can go in and take out the malicious code, and even publicly shame the perpetrators.

The similar statement of openness in hardware is slightly harder to make. This is because one will have to have access to the entire supply chain all the way to the chip foundry to ensure that there’s nothing that is not supposed to be in there in the first place. The issue with Supermicro board having some malicious components is a case in point. The manufacturer might actually be telling the truth that they were not aware of the issue. This is a failure of the supply chain into whcih sophisticated (perhaps state actors) work is done to incorporate malicious componenets.

Can this issue be fixed?

Potentially by having DLT (distributed ledger technologies like Hyperledger, or HashGraph, or Blockchain) in the supply chain to authenticate and verify the hardware from design to delivery. We do not yet have such a system.

To summarise, the technology world will continue to move on. Free and Open Source Software is the bedrock of all of these technology and no one can stop it from continuing to conquer the world.

 

Advertisements

“All of humanity’s problems stem from man’s inability to sit quietly in a room alone.” – Blaise Pascal


This. There was a time when I was so happy to be able to connect to the Internet with my mobile phone by dialing-in into the ISP. I remember on a trip to Tel Aviv, Israel in 2000, a colleague SMSed me from Singapore (remember SMS?), that there was a problem with name resolution of the service we were providing. He had updated something in the table and after that, the DNS was not resolving and could not figure out why. I was the CTO of that organization and it was cool to be able to fix operational technical issues.

I was in a cab on my way to a meeting when the SMS came in. I plugged in the Nokia proprietary data cable for my Nokia phone – 6210. The cable had a 9-pin RS-232 serial port which went into my laptop. With that setup, I then fired up minicom (the laptop was running Red Hat Linux 6.1 I think), dialed in the local ISP in Israel (as part of the “roaming” for ISP dialups), ssh‘ed into the server, checked the DNS named files, found the issue (a missing trailing “.” after a domain name), restarted named and viola, all’s well. What a thrill that was. Thousands of kilometers away, but still able to fix an issue remotely, via the mobile phone connection on a laptop, in a cab.

I was pretty pleased to have been able to make something happen successfully. I felt like a hero.

Why am I relating this story?

I do wonder how I would have managed this technical issue if I did not have Internet access the way I had then. Today, being on the Internet is the default. 24/7 is the norm. When are you not connected?

I have come across Blaise Pascal’s quote many times before, but today it made particular sense to me. As I have noted in a previous blog post – A Simple Life Hack – I turn off my mobile data on my phone when I am moving around – in a bus, car etc. I turn it on only when I need to. I have setup the wireless on the phone to connect automatically to Wireless@SGx, so when I am the MRT stations, I get connected to the net.

This disconnectedness is really wonderful. Some people go for “digital detox“. That’s not what I am suggesting. I am suggesting a deliberate and thoughful disconnection from the online world for shor durations of time. Eventually, by doing this, I’ve found that I am really not missing the constant barrage of chatter and information. I am (re)discovering the world around me.

I am able to revisit my own thoughts, roam around the place I am at, and be able to be in the moment, being mindful. I truly like that.

I like it because it is now a deliberate action on my part and I see and observe things around me that I would have missed. Lots of things are happening around you. If you choose to observe, see, listen, smell, you’ll learn some. You’ll probably smile. Not everything happens online – to state a truism.

If you do not get to sit quietly in a room and contemplate – heck, even navel gaze – I think Pascal’s observation will be spot on.

What happened today? Well, I have been trying to figure out how to use a regular scanner to scan photo negatives. negative-scanning-mediumIt was in the 30 minute bus ride home, disconnected from the Internet, that I came up with the solution.  I will write that up and post once I’ve built it.

If you are reading this on my mobile phone (thanks btw), go turn off your mobile data, put the phone back in your pocket, look around, be mindful and live in the moment.

Simple life hack


Turn your mobile data to the OFF as a default when out and about.

Why? Read on.

Since about October 2017, I’ve been quite conscious about how my phone connects to the data network via the mobile provider. There was a time I did not bother about it and having the instant connection to the Internet that I love and can’t live without, came at a price. The price of being constantly on and constantly distracted. It was getting to be too much. We see this everywhere.

I had to do something, if anything, for myself. My phone’s mobile data is now set to default OFF when I am out and about.

The advantages are:

  1. You get back your time. You can then enjoy the world around you.
  2. You have control as to when you can be contacted. My family knows that I will turn off the data when I am outside and turn it on only when needed. If there is anything they need to contact me on, they can first SMS (remember that feature?) and then I can turn on the data and do what is needed.
  3. Your mobile data usage is not going to surprise you by being excessive. In face, my average for the last 1 year and a bit of doing this, has been just about 1GB.

Remember, there is nothing so important that you must have your mobile turned on at all times. If you can’t be reached, there are other means if it really matters.

I would be remiss if I don’t also mention that turning off the mobile data as a default is also driven by the fact that there are now plenty of wifi hotspots that one can access. In my morning commute from home to the office which takes about 35 minutes or so by bus, I come across two spots where Wireless@SGx is active. As the bus enters those zones, viola, my phone connects automatically (yes, Wireless@SGx works flawlessly for me on my Android and Fedora systems). If the bus was around these hotspots for long enough, I get messages coming in and I can choose to do what I want. Most times, it is those that are quite superfluous and would have distracted me otherwise.

When I travel, I do not subscribe to the expensive data roaming plans that Singttel offers. They have a stupid way to compute and I do two things: a) use wifi where available and b) get a local SIM (data only if possible, else the usual types). Fortunately, I do not have any need to be reached on my Singapore phone number and if needed, I can be reached by other means first and I can then get on to a voice call using many of the tools out here like Jitsi, or Signal, or Telegram. I have VOIP set up as well via LinPhone on my mobile and laptop, so I am pretty much covered if I really need to do a voice chat.

Working around censorship


The Internet is a wonderful and absolutely essential resource that needs to be looked after, managed well and secured so that it can deliver the vast benefits to humanity and more.

But along with that massive good that the Internet brings, there are aspects of the Internet which is deemed negative. I refer specifically to information available on the Internet that would be deemed by some parties to be against their interest.

I must make things clear that what I am talking about is freedom of speech and the freedom to read what I want. You are free to say what you want, and I have the right to ignore what you are saying if it is not true, is rude, is demeaning. If what one says is dangerous (like physical abuse), it is definitely not acceptable.

Let the marketplace of ideas flourish. It is in this petri dish of ideas that help sharpen viewpoints, surface unthought of possibilities. When there is a contest of ideas (could be done using a platform like kialo and no, it is not an open source tool (yet)) are entered into, amazing things can and will surface. That’s the beauty of keeping things open and inviting.

The Internet brings forth many angles about things, but like it is in real life, not everyone will have spent time and effort on getting a full understanding (perfect information) , but at least, there is a much higher chance that everyone could have opportunity to get to that level.

The debates around falsehoods and dubious information on the Internet is nothing new. Falsehoods have always been part of the human condition. There is a Tamil saying “a thousand lies can be said for the sake of a marriage” or something like that.

The way societies have tackled falsehoods is via laws that can be invoked to address it. Laws that address fraud and libel are generally what gets invoked. It is a difficult thing to have to go to court around a libel or fraud, but that’s the process. That process has stood the test of time and is very well documented and understood. In addition to the legal track, there is another means as well to counter falsehoods: getting whoever that makes that falsehood to apologise if indeed what is said is untrue. It is far better to apologise, have an arrangement between parties and move on. Invoking the legal process is expensive and can be long drawn and the outcome can’t be assured.

So, when governments start going after websites (for example) saying that those websites are carrying falsehoods, we end up with an asymmetric power balance. On the average, website operators/owners are not as financially endowed as governments can be and in many cases, he legal route is seen to be a way to silence opponents or those with inconvenient truths.

We saw that in Malaysia when The Sarawak Report started uncovering massive corruption in Sarawak (the Chief Minister siphoning off monies from the state to benefit his family and later the 1MDB scandal). Malaysia’s former prime minister, Najib Razak, was not happy with the revelations about corruption in the IMDB as reported by The Sarawak Report, that he ordered that site to be blocked from access within Malaysia. What the former prime minister could have done is to sue the site for libel. But that would mean having to counter the allegations on the site with relevant information. Blocking is a, frankly, a sure indicator that there is some element of truth in what is being blocked.

The resources of the government can bear up very heavily on a website if the site was brought to court. This will work if the site contains false, incorrect and otherwise wrong information. People will be able to see the truth for themselves. But when a government goes after a site by blocking it, it raises the question: you are blocking because there is truth in it?

The Sarawak Report clearly won the game of siteblocking in Malaysia. The former prime minsiter, his wife and many of his regime are being investigated for corruption now.

So, what can you do if a site is being blocked because the government/regulators order it? Use the Tor Project. Tor allows for anonymous access to sites going past censors. Of course the likes of the Great Firewall of China are always trying to thwart the tor protocol and vpn systems. The Chinese CP and government are so insecure that they cannot afford anyone to know anything other than the official narrative.

If you are using a smart phone, you can install Tor and accompanying Tor browser as well. See https://www.torproject.org/download/download-easy.html.en for the download options including for your laptop/desktop. For Android, go to: https://play.google.com/store/apps/details?id=org.torproject.android and for the Apple people: https://itunes.apple.com/us/app/onion-browser/id519296448.censored-stamp-shows-prohibited-and-censorship-182563c

NASA Space Apps Challenge 2018 – Singapore


It was wonderful that Red Hat’s Open Innovation Labs is a sponsor of this year’s NASA Space Apps Challenge event that is being held in Singapore. It was held at LEVEL3‘s offices at the Mapletree Business Park in Pasir Panjang.

At the briefing session held on Tuesday, 16th October 2018, there was a good turnout of more than 120 interested participants.

The briefing session featured four speakers, Bidushi Bhattacharya, Michelle Gillmour, Sandra Arps and Chirdeep Chhabra.

 

L-R: Sandra Arps, Michelle Gillmour, Bidushi Bhattacharya (via remote)

 

The Ocean Protocol by Chirdeep Chhabra.

This year’s Space Apps Challenge had a bunch of categories that were formulated by NASA which also included access to the vast amounts of data the NASA has accumulated about Earth and the cosmos.

The actual hackathon was held over the weekend (as any good hackathon would) of 20/21 October 2018  at the same location and, as is expected, the turn out of participants will always be lesser than those who showed up during the briefing.

Anyway, it is all about participation and I am glad that those who did eventually show up did a good job. The pitch hour was on Sunday at about 3pm and here’s the list of 19 who pitched.

In the end, the judging had to be done to come up with the overall winner and it was a tough process of choosing from a good set of pitches and teams.

The eventual winner was team Inferno (left) who gets S$1k and some Ocean Prototol tokens and the 2nd prize went to c10ud (right).


Congratulations all on this exciting hackathon.

I am glad that we were able to mentor the participants around Lean Canvas that the OIL uses as part of our consulting and mentoring work.

Next year, I would want to take part in this myself with a team for at least this can be my long unfulfilled dream of doing something about Space since watching on a black & white TV, Neil Armstrong jump off the ladder from the Apollo 11 Lunar Module and stand and walk on the moon in 1969. I still want to go to the moon (and thanks to Kelvin for locating the talk from 2007).

Not allowed to code? Really?


[image from: http://cdn.blog.safe.com/wp-content/uploads/2013/11/no-coding.png]

Lots of interesting, but not surprising, information is being made public about the Singhealth data breach.

The Commitee of Inquiry has been told that there was an IHIS employee who found a bug in the Allscripts “Sunrise Clinic Manager” EMR in 2014 who then made the loophole known to a rival of Allscripts, Epic Systems Corporation. Both of these vendors products are closed, proprietary and, IMHO, unnecessarily and excessively expensive products.

From this report (again, this is MSM reporting, so take it with two pinches of salt – you have to read the court transcript which I am not sure if available, yet, if ever), says that the IHIS employee was “unhappy” that he could not do coding in the job role he was doing and so, he then decided to contact Epic to tell them of the issue so that it could “… leverage the vulnerability to gain a larger market share” (emphasis mine).

Larger market share? How so? The hospital clusters in Singapore are about evenly locked-in between these two proprietary vendors. Moving from one to another is not a simple thing. And one bug does not even start the thinking process. Who knows if the Epic product has similar issues?

Not being able to ascertain if the reason offered by the former IHIS employee is indeed valid, I find that it seems to be a fluffy afterthought. Having been caught out, the former IHIS employee is offering excuses.

Not Allowed To Code?

I find that reason to be intriguing. Did the job that the IHIS exmployee took on involve coding? No indication in the report. If that was what the person wanted to do, why not channel the skills an open source project that could use help? No one will stop you from doing that, unless, the terms of employment of IHIS says that a developer “cannot work on any software project other than what is part of the job”.

I have no insights on what the terms of employment are, but here is an example of an enlightened and correct way to encourage developers:

“Participation in an open source project, whether maintained by the Company or by another commercial or non-commercial entity or organization, does not constitute a conflict of interest even where such participant makes a determination in the interest of the project that is adverse to the Company’s interests.”

– taken from page 3 of https://investors.redhat.com/~/media/Files/R/Red-Hat-IR/governance-docs/code-of-business-conduct-and-ethics.pdf

Software developers are artists. Software development is an art form. One would not constraint a painter, so why would one shackle a software developer?

Bug Reporting, Fixing and Regression Testing

If a bug is reported – whether it is a “the button is of the wrong shape” or “this option dumps out the entire database”, assuming that proprietary vendors have a bug reporting process – nope, they don’t – then things can be moved along without too much excitement. All software have bugs. If a vendor (open or closed) does not offer a way to report bugs, you have to demand that there is a way to do it.  Red Hat has both bugzilla.redhat.com and access.redhat.com to submit bug reports on all of the open source projects and open source products (go here for an understanding of the differences between open source projects and an open source products) that Red Hat is involved in and makes available to paying customers (access.redhat.com).

Maybe there is a some place at Allscripts and at Epic Systems that one can file bug reports, but it is not immediately evident.

Regardless of being able to report bugs, I do wonder how these vendor organizations manage bug reporting/fixing and regression testing. I have to assume that they do it properly (for some definition of properly) but it is telling that a trainer of Allscripts said this:

“Another witness, however, called the loophole “perfectly normal”. Mr Loo Yew Tuck, senior lead analyst at IHiS’ clinical care department, said that he had seen an Allscripts trainer demonstrate its use and method previously.”

Really? There is a “perfectly normal” loophole? Or did he mean, backdoor (of the NSA type)?

I particularly concerned with this paragraph – as reported in another MSM report

“… She also did not know the details of the alleged loophole. Neither did she ask her staff for it to be verified. She also assumed that the problem would be rendered “irrelevant” as IHIS had just upgraded the EMR system architecture”.

If the bug is not reported, how would one know if it was really an issue and if so, if it was indeed fixed? Granted, we cannot all be on top of things all the time, but if there isn’t a process to track issues, what then?

“… did only what … was asked to …”

Leadership and empowerment failure. Whether it is real or otherwise it is hard to tell. Perhaps there is a culture of empowerment but not everyone got the memo. Of maybe not. I can’t tell.

Happy 35th Birthday GNU!


The GNU project was officially announced on 27 September 1983 by Richard Stallman. Thirty-five years of a project that has now become the fundamental building block of everything we use and see in technology in 2018. I would not be wrong to say that there isn’t a single proprietary piece of software that anyone is still using from 35 years ago – please post comments if there is something still being used.

There is only one reason for this longevity: the GNU project was built upon the premise that the code is available to anyone, anywhere with the only restriction that whatever is done to the code, it shall always be available to anyone, forever. Richard Stallman’s genius in crafting the copyleft license is the GNU General Public License is probably the best hack of the 20th century software industry.

What was I doing in 1983? I was working at the Computer Systems Advisors (no longer around, after being bought up by CSC). I was working on a system from DEC – the PDP-11/44 running RSX-11. We were creating software using Digital’s DIBOL – a variant of COBOL. DIBOL was, IMHO, the sink-hole of GOTO statements. I truly did not like that language. I can’t pinpoint why, but it just did not appeal to me. I had learned FORTRAN and BASIC before and they were so much more expressive. Editing the code in the PDP-11 was using some editing tool (perhaps teco or something) on a VT-100 terminal that was attached to the RSX-11 system. I think I was working on some insurance company’s bespoke code – but, frankly, those are all wishy-washy to me now.

The IBM PC was becoming an interesting offering and CSA’s sister organization, Automated Systems, got the distributorship of the Corona Data Systems PC. I got asked to take on the Corona PC as a main product person, I began my involvement with the PC-DOS/MS-DOS/CP/M world. I was learning a lot about this world with the ISA cards, Interrupts, RAM cards, RS-232 terminal connectivity, writing Interrupt Service Routines, terminate-and-stay-routines, and later 3Com‘s network cards – 3C501, 3C509 etc) with coaxial cables (yes, you better terminate the end of the bus with a terminator plug or else the network freezes). I recall that there was some networking software to share files (perhaps 3+Share or the like).

In parallel, the reason for the PC (including the Apple ][) getting traction in the early 1980s, was the famous spreadsheet product called VisiCalc created by VisiCorp. Their success encouraged VisiCorp to create something else called Visi On. This was an interesting product that provided a GUI for the IBM PC.

Automated Systems managed to get the distributorship of Visi On and I was then tasked with understanding the product and helping to get the training/sales going. There were many things I liked about it, but there was a lot more I could not understand because of the lack of documentation – or rather, insufficient documentation – on how to program in it etc. I recall a training session for a customer who specifically asked about creating macros for Visi On like one could with VisiCalc. To whoever that asked me then, I still don’t know.

I am sad to note that none of those closed, proprietary products are around. The loss of all of the good work done by the developers of those products is disappointing. If they had the foresight of Richard Stallman and made the code available, we might be on a different trajectory with technology than where we are now.