Confronting the difficukties of learning from the open source for contemporary social movements

live blogging the oekonox conference

social movements and the internet and how ngos use open source.

The internet is chaning political communication. There isa lot of research around these issues, for example: facebook and the obama campaugn. The impact includes previously excluded people. While the means have changed, goals have not.

Floss projects have tried to remain politically neutral. Even as social movemebts try to change the world. They represent a challenge to existing authority.

Social movement theory is explained very quickly by the speaker. One talks about social structures. Others talk about individuals. In the us, people talk about resources.

How new are new social movements? Where do they get their inspiration or resources? Are they product of post industrial economies? Are the participants all middle class? Are they intwrested in post material values? No, especially not in latin america where they engage things like access to clean water.

Resource mobilization theory
it’s good because you can talk about some other vocabulary words that are not meaningful to me.

There are different conflicts like ethnic or religious issues. But people work in more non-heirarchal structures. Maybe.

You’ve got you hacktivists. And then you’ve got your protest announcemebts or usibg email or whatever to progoate political messages.

What are the political unintended consequences of foss?

This theory does not talk of why, just how.

Mobilization structures include ideology. Activists may distrust foss organization may not have goals in common. There has only once been a foss physical protest. Tactics are more about production. Other movements are more about protest, generally.

Are all foss people white male and middle class? This has become more diverse recently. Private companies also participate in foss.

Recruitment is easier because onlibe causes don’t take much time, but the network is weaker.

Some argue that political ideology would reduce participation in open source. For example, the ron paul pitch on ardour certainly alientated me.

Who and how is the master frame defined. There are different ideologies arund the meaning of foss. In some culture, it’s about liberation. But in western europe, not as much.

Strategy and identity. This talk is over my head.

Greenpeace tried to migrate to foss, but had trouble. Indymedia has a principle of unity which includes dedication to foss. People new to technology may have problems with foss.

Dotcauses glue movements together. They are purely virtual. The symbols of actual protest are lost. But information can be widely distributed.

Are hack attacks ethical?

Why invest in social movements? Why do companies invest in foss? To look good! Why social movements use foss? Ngos generally only have one it person who may have a lot of trouble with foss. Do you give real support to your dotcauses? Which of your many ones do you help?

The world social forum will have a panel on foss, but foss may not want to be tied to the wsf. Some wsf folks want to use a foss organizational model.

Foss promotes liberation despite it’s apolitcal veneer.

Question: What about a conflict between openness in foss vs a need for privacy and protection in grups like indymedia? Their enemies will try to spy or disrupt.

Answer: Transparency is ideologically important to indymedia, so they compromise by using human moderation. You cannot impose ideology with technology.

Should they take money from the Ford Foundation?

Queston: If you subscribe to idelogy x, you must use foss. If you subscribe to ideology y, you must use foss. Does it apply to every ideology?

Answer: Human rights and social justice are not the goals of every ideology. If you don’t say what you stand for, somebody else will.

David Cameron says he likes open source. Does that mean it’s apolitical. Or is he a lying bastard who says he’s for lgbt rights but voted against lgbt rights legislation last week.

Question can old ideologies really apply to our shiny new product in which the rules of physics and banking no longer apply? Answer: if you don’t want to be labelled as a marxist, then name yourself as something.

Freedom can stand in conflict with the goals of equality. So how do we frame or name foss? This is still a contest. Is this actually a movement? All of this has happened before and will happen again.

Political agnosticism is dangerous. You must define yourself or else there will be a struggle to define you.

The word meritocracy is certainly a loaded term.

Incidentally, the presenter is using windows on her laptop.

Technlogy is changng our brains. Multitasking comes at the expense of memory.

The internet may be like the printing press. Ideolgies will expand rather than contract.

Key signing parties

live blogging oekonux

i came late, alas. Government ids are used. Language barriers are an issue. Names can become factors of exoticism. This can be meant to be friendly, but people are are asked about their name again and again. Foreigness is empahsized.

Ids are an issue. People may doubt the validity of foreign documents. This can also be framed as a joke. Expired documments may also be an issue.

Gender is an issue, but, the speaker claims, less of an issue than foreign. There is a roll call. Everyone turns to look at women.

Key signing parties provide no extra information. You must know ahead what’s going on. This is mainly an issue for experts.

You can rank keys by degrees of separation. This also creates a gap for noobs. Key signing thus becomes a source of othering.

The key signing party logs create data that can be used to reconstruct social networks. Also, ids come from the state.

Why are id cards worthy of trust?

Untrustworthy people have invalid paperwork, ergo only citizzens are trustworthy.

People who are foreign or exoticized are trust worthy, but their non-normativeness is emphasized.

Small talk can come from projects, but more likely about exoticism.

Processes of otherings impact the community. What is the difference between friendly jokes and the subtle exclusion methods used t perpetuate discrimination?

Which power relations are reproduced in floss?

Question: what should be used instead of id?

Answer: people who actually know each other could sign ids.

Question: is there really a risk of impersonation?

Answer: they say yes, but it’s never actually occured.

Some participants view key signing as a form of public demonstration.

People may gain rank in projects by having a lot of key signing connections. It’s like being golfing buddies.

Key signing parties do not sound like parties. There is no social interaction, especially at conferences.

How does a government identity card enhance trust?

Key signing becomes a social networking tool, which does not further security and may decrease it.

How do you talk to participants about these issues?

A comic book has been suggested. It is non-threatening and can show the other’s experience at being othered.

Personally, i would not even consider going to one of these events. The constant comments i would get around my id would be difficult, to say the least.

Women in foss

live blogging the oekonox conference.

gender gap in technology. Starts from childhood socialization. Leads to life long work division.

There is unequal access to tchnology and imbalance in participation in development.

The number of women in computer science falls every year. Researchers in belgium interviewed girls, who mostly thought that cs sounds boring. Men control the production and distribution of nachines, and thus hey contain a male logic, said the researchers.

Foss is both a social and technical phenomenon.

Researcers mostly look at core developers and less at co-developers or users. Gender is rarely investigated.

The context of foss includes inequsl participation in core development. Andd foss projects tend to be homogenous and masculibe. 1.1% of women are in foss, but do we mean cire, co-dev or active users?

Foss participation has a steeper learning curve. Also hacker culture is male normative. Jargon can be exclusive. Beginner questions are met with irritation. Time is volunteered. Finally, sexual harassment is a problem.

The same forces that exclude women from cs are intensified in foss.

Women are less likely to have help / friends working with them to learn or use foss.

There is a false concept that programmers are the entire story. Not all developers are programmers. There is product management, i18n, testing, documentation, etc.

Discussion of foss must include social activities. The over valuation of coding discourages many people.

What is the specific contribution of women in foss?

Research example in Quebec:

All respondents considered themselves part of a foss community. 15.5% of partcipanrs were women. Half were from the most remote regions of Quebec. Women tended to rank activities: training or promotion, users, community participation, then finally, development.

Half were trainers. A third went to conferences. Only 1 self ided as a coder, but when interviewed, several more spoke of writing code. One, for example set up networks and installs ubuntu in community centers. Is she a ‘user?’

Question from the audience – are the catagories any more suited to men? Answer seems to talk about men having more confidence and possbly overstating their participation vs women understating.

Important conclusion: reduce the emphasis of programming.

Non technical tasks are a gateway drug to more techincal participation and a way to do outreach.

The Last Day


So on the last day to the ETC, we started out with an evaluation. It was a big love-in. “I love you guys! You’re all so great!” It was a nice, positive vibe. There was some discussion about privacy and posting images from the con and some also about possibly having some equipment or an organization. The stream was constantly screwed up, so maybe an org should buy a computer for streaming instead of trying to recycle junk computers into a stream machine every time?
Aileen spoke up about how she was happy that there was no organization and it was all kind of ad-hoc. She talked about how people could just do things and it would all fit in some how. She said that since people wanted me to come, they had just changed the policy on who could come and that was that. An organization might be limiting.
I felt all warm and fuzzy. Aw, they really do like me! I’d spent the whole week feeling awkward about whether I was really meant to be there. Was I intruding? Were people annoyed by me? Was it all in my head? When people shortened “women and gender minorities” to “women” what did that imply for my presence? Aileen’s statement was not contradicted at all. Clearly my nervousness had been in my perceptions only! I felt pretty good and thanked people for letting me come.
That was a weird thing to do.


Then, we rode the train north to the the dunes and walked several km to the beach. It was a bit cold and cloudy, but still very nice. The beach had a strange, thick foam. We sat out and picnicked. Some people tried to swim in the frigid, foamy north sea. After a while, we moved to a cafe where we drank tea and hot coca and beer. It was on the beach, but had glass set up to obstruct the wind, but not the view. Some ETC people starting climbing up the outside and juggling and otherwise being silly. I laughed so hard my sides are still sore.
It started to rain, so we went back to A’dam. Some of us went to a benefit dinner for migrants. A few others, including me, went to get stuff from our space, with a vague promise of dinner.

The Discussion

There was no dinner. Instead there was a lot of discussion about the future of ETC. I felt really uncomfortable during it because it talked a lot about trans issues. Some of the people there felt like there should have been discussion before the definition of who was to come was changed.
What I was thinking at the time was, “I’ve only been transitioning for a few months. I’m not fully secure with it. Anything talking about this is like poking a fresh wound. I want to be proud of who I am and my queer identity, but I still feel sad that I failed at being a woman. I really tried to make it work, but couldn’t.”
I don’t have a clear memory of everything that was said. Because unless somebody is saying something like Aileen said, it feels like poking a wound. In fact, some of the things said were transphobic. It mostly wasn’t personal (it never is), but I felt terrible afterwards.
Right now, my inclination is that I will not go to another ETC event. Last year was really the last time I went into a gendered space as a woman and it was so positive and the contacts that I made so valuable, that I had hoped I could still participate. Part of my pre-transition identity really had a lot to do with being in a certain kind of gendered space: feminist spaces where variance is welcome. ETC was the perfect combination: feminism, tech, green, free culture. All these progressive elements have synergy and it was so wonderful to be around others making the same connections.
A generation ago, there was worry that lesbians would somehow mess up feminism. Now it’s transgender people. C’est la vie. I’ll do my own sort of gender liberation, you do yours. I’m in search of a community. God knows where I can find it.

The Party

So, feeling like shit, I started biking towards a drag party. At least I can do drag, right? Or something. I was really feeling low wondering how I will ever be able to have a coherent sense of self if I have to pick between my own gender and the political issues that I see as so vital. Part of what motivated me to transition was that guys a few years out say that they don’t really have to think about gender anymore. It’s something that for years now, I’ve had to think about all the time. Now my hopes to be able to move on to something else seemed to be doomed. I wanted to just keep biking forever and not stop.
But I did stop and there was a sign on the door which said, “you are now entering a gender-free zone.” Well, that’s a positive development. I paid my cover and went to get a beer and one of my (awesome) hosts was behind the bar dressed as a pirate! She took me around backstage where I painted on a goatee. There were people in all kinds of drag. Butch women in dresses. People presenting some female drag items paired with some male drag items. Hairy cleavage. Goatee and eye makeup. Every kind of genderfuck. I started feeling better.
There was a burlesque show / drag show / comedy show / whatever fun thing. Dykes, bis, trannies, queers. It was awesome. Afterwards there was dancing. This being amsterdam, there was also more booze and more pot and it was totally awesome.
And suddenly, instead of being some irreconcilable fringe character, I’m all sexy and cool. Girls were after me!
I’m in puberty right now, for the second time. It’s cool, but it’s still weird. I haven’t been feeling especially attractive. But there, suddenly, people wanted to kiss me! I was out dancing and being drunk and stupid until the sun came up.

The Next Day

I went to help clean the bar. I was supposed to help clean the ETC space, but the bar also needed cleaning. And I had happier feelings about it. There were people I really wanted to see while doing ETC cleanup, but my last conversations there had sucked so much.
So I got things out of going to ETC this time, but I think it was a lot about seeing people I had met before and being in a country that I want to return to. And being in queer spaces that were just coincidental to ETC.
I don’t know anything about anything. I kind of like being foreign, obviously, or I would move home. But, I guess that’s a broad category of experiences and some are great and some are not. I was thinking of trying to play on the Ladyfest circuit, but right now, I’m wary of it. Part of being foreign is creating communities of outsiders, of expats, of artists, of queers. I felt it sometimes in ETC, with some people. Some folks there were awesome.
I need something right now. English isolation = not so great. Somebody in the discussion of doom suggested that I start a group. I guess I have to.
Anyway, that’s the last about ETC. I’m ready to move on and feel some complexities some place else. Maybe in music. I’m supposed to be a composer.


this group was declared immoral yesterday. It’s an LGBT Solidarity Association founded in 1993. And a cultural center since 2000. Grassroots, non-hierarchical, volunteer based. They are anti-military.
They have commissions within the org. Trans, Women’s Group, Pride, Performance, Family, Human Rights Violations Reporting. Alas, the police have a lot more power recently and raid groups, including this one. The government insists that human rights are not violated. They work a lot with trans people including sex workers, trans women in feminism, etc. They do also legal aid for trans women harassed by the police.

April 7, 2008, 15 big police guys searched everything. They saw a trans woman coming in, so therefore they must be running a prostitution ring. (Because it’s really great for women to make prostitution illegal.) the government of Istanbul said the group violated public morality.
And then I had to g chase after my dog. Now the speaker is showing pictures from the pride parade. Apparently, this was an illegal protest? Last year, there were over 1000 people. Nobody is allowed to protest on the biggest street. But they were so small in the past, they were ignored. The police followed them last year, because of the size. It’s not a big party, it’s a protest march with chanting.
There was participation from some political figures, including a guy running for parliament and an italian politician.
she’s showing up a movie of another march which was stopped by the police and football hooligans. Turkey is not a great place to be queer.
and holy fuck. they were attacked by a giant mob, helped by the police and had to sit on the floor of a bus while people tried to break the windows while they escaped. mobs of men sang “die trannies die”

Queer festival action in slovenia

This speaker is talking about a festival they’ve been doing for 10 years. It was a DIY thing in a squat. It was a women’s festival.  Culture and art for women. They wanted to increase visibility of their own work. Local women could meet and talk about feminism and stuff.  It grew over time.  This is in around Slovenia now.

The festival grew to include more of the balkans and then farther outwards.

IT’s now a feminist festival and not just a women festival to be less essentialist. There was a lot of resistance to this change. alas. The latest version is feminist and queer.  I see this as a good thing.

Eventually participants were cool, but the media would just skip the word queer.

Theyve had themes around sex work.  A documentary was made. 

Last year they wanted to think about how to make it have a more lasting impact in the town. They decided to do a lot of workshops.

They did an action where they renamed the streets in responce to the revision of history going on in responce to the system change.  They changed names to be names of women instead of men.  They change “master” street to “servant” street.  The city didn’t take down the changes for a while.

Drupal video server.

Generatech, the post porn folks, use drupal video server.

Their content is queer, performances and post porn.  These go up on their website. It is politically decentralized actions made visible and empowering.

They ARE code. Code and surface creates agents. Code is central in defining technology, subjectives and culture. The digital divide is an issue of access to code. There isa gebder gap and an ethnic gap in access.

Capitalism restricts code access through software patents.

Access to code is cultural power. The net creates culture and represents culture. Media corporations want to control and sell culture.  They represent women poorly. They sell western culture to everyone.

There are economic issues in regards to access and also knowledge issues. I can’t afford it. I don’t know how.

We need to write our own code and make our own culture. Free software lets us protect our interests. We can make sure out interface is non-sexist.  Queer theory lets us rewritew the gender/sex code.

They use inkspace as a tool. And cineralla.  Their work is copylefted.

Their plan of action: is to increase access to tech by increasing knowledge of foss tools.

They want to specifically promote these tools among people who tend to have less access. is to share documentation of their acts of “gender terrorism.”  They did a festival with an image of jesus with boobs and a penis crown (instead of thorns). The police came to the house of the graphic designer.

Post pron is non-normative. It seems theyre trying to tweak social conservatives. They want to re-sexualize the body and change social definitions of sexiness.

“Gender hackers” can be whatever they want and rewrite the gender code. YAy.

They are trying to fight censorship.  One of the speaker’s friends got banned from youtube. ANother from myspace. ANother from blogger. Her POETRY was banned?

In summary: we are code. COde is being privatised. We have to rewrite all our codes for social transofmration.

They want to combine all progressive causes in a larger millieu.

They really beleive in online video, free software and progressive causes. Yay.



Feminist festival in Croatia. The first one in the country.  The organizer started. Itś about art and music and stuff.

Cultural events used to be very male dominated. So she started something for women. The festival is annual and for all kinds of arts. ITś an NGO funded by the ministry of culture. They decided to not take commercial sponsorship.  It was for 3 days in the student center. It had international participation.

Donna gave a workshop, but nobody came.  This festival is more about art and music and not about tech. Maybe they shouldnt have tried to give a tech workshop.

The speaker is asking how we organize these kinds of festivals in other countries. How to make it more visible?  How to communicate its specialness? How to avoid corporate sponsorship? Nobody seems tohave answers.

Another speaker is talking about a lesbian band she started called Burabend. They play covers (alas). The members are all on a football team in croatia. During the half time, they decided to start a pop band.  Its all very political. Plus they thought it would help them get girls. Apparently, itś the only dyke band in croatia.

They are political and an art project as much as a musical project.

they hope to play gay weddings. Just as soon as it gets legal in croatia.

They mostly play at festivals. At pride. Also at the only gay club in crotia. (there is only one?)

Alas, their website has no mp3es. They will play anywhere, they say. In fact, they want to branch out to more straight venues.  Their band is not making money, alas.

As an asde, they speaker is really cute.

The next vox feminae will be in october. I wonder if i can play at it?

Security and .Net Programming

.NET is a Java competitor from M$. It is also cross-platform, compiles to virtual machine code. During run-time is Just In Time compilation. So the source code compiles most of the way and goes the rest of the way when you run the program.


Security aspects: secret data must be kept secret. Data I want to protect is confidential. Some data can be readable by many, but not writable. I want to protect the integrity of that data. Sometimes I don’t want to leave a paper trail for the feds. That’s non-repudiation. Data must also be accessible to me when I need it.
so to ensure all of that, I have authentication and logging. The Authorization and authentication protects confidentiality and integrity. Hashing also helps protect integrity. Encryption. logging for non-repudiation (have i got ths term backwards?). And redundancy keeps stuff available.
Now we’re talking about why we should care. Firewalls are no substitute for proper design, etc. I can’t even believe that people would think they didn’t need to worry about this if they were writing network applications.
.Net has it’s own sandbox concept called CAS: code access security. It is really similar. Code gets permissions based on origin and you can say how much you trust it, etc.
How about security for the developer? You need to figure out which permissions that your code will need. Communicate your permission requirements. Make the documentation machine readable. (Is this built-on/for free?)
What about for the admin? What permissions should the code get? What’s the source of this code? How much do i trust the source? Check the hash and the signature (x 509 or strong name (I don’t know what that means, but ok))
there are some pre-defined permissions. They can let you at some resources.
This talk is really intense for this group. I wonder if anybody in this room is a .net programmer.
ok, so you might want to access the printer or to skip verifying stuff. Full trust allows everything. Be careful. Did she just say that Microsoft must have full trust at all times? Isn’t that a huge issue?
So one spot to attack is input validation: Cross-scripting (XXS), SQL Injection, buffer overflows, canonization attacks. Double check everything!
Validate input against XXS:Cross Site Scripting. Lookout for javascript in image tags and weird html tags. Look out for .. in urls. Blackhats might be trying to get into forbidden directories.
The speaker is now warning us not to try this on other people’s websites, lest we become blackhats.
She is further warning us to make sure things are escaped and sanitized. And now the whiteboard has suddenly collapsed on my dog. Who seems ok. Um, so make sure html doesn’t get executed. And check your SQL. Is this actually a string? Is this way too long? Ironically, she’s going on great length about buffer overflow. Great, great length.
Now it’s canonicalization attacks, which is the thing where you need to use a full path or else somebody might be evil.
Ok, in summary: check all your input. know what you expect. check fr it. check for weird input. She’s asking somebody to describe what a regular expression is. I don’t know how to define this. She’s giving us an example. I don’t know if the point is to look out for regular expressions lurking in input or telling us to be smart with our regex. Ok, it’s the latter. Be precise.
Um, yeah obviously do all of this on the server side.

Session management

http is stateless. so fake states with cokies (um, be careful with that), encrypt the authentication cookie with SSL. There must be timeout.
Um, I’m going to skip out before everybody else eats all the food.