Singpolyma

Severed Fifth Denied by Reign

Posted on

Jono Bacon‘s Severed Fifth project released its debut album today.  I torrented it first chance I got and listened to the vorbis files on my stereo from my media centre.  I must say that Jono has delivered, as promised, a pounding metal album that instantly takes it’s place at the top of the heap in free as in freedom death metal.  The album is well on it’s way to being one of my favourites.

Not content just to thrash and scream for the length of an LP, Jono mixes it up with softer vocals in some songs, singing over growls, a hard guitar solo in The Lake, and even a more bluesy solo in another track.  A few tracks are also interjected with monologue snippets.

One song pauses near the beginning in that just-out-of-sync way that surprised my brother and I a lot when we first heard it, but is really enjoyable.  The guitars and vocals deliver that moshable experiance that makes metal concerts so much fun.

The album is also released under a truly free license: CC-BY-SA.  While I’m no fan of the ShareAlike clause, Jono’s willingness to step outside of the NC-SA/NC-ND non-free regime that too-often dominates “free” music is really refreshing.  I’m looking forward to the mixes, mashes, and hopefully videos that fans put out.

No review can be all-positive.  As great as this album is musically, there are a few small things that I would have appeciated.  For one, it may just be me, but the album seems to have less bass than I like.  My subwoofer barely moved.  This may be the vorbis compression or the mix, and it may even have been on purpose.  I’m still willing to chalk it up to my soundcard, but I do play other music and I get bass tones a lot better on much of my stuff.  I would also have appreciated lyrics with the release: I know Jono’s a busy guy and I appreciate that not everything can be done before release when you have a firm date.  I’m just saynig that I really like to do a second listen while reading along, and that just isn’t possible yet.

I was also personally not a huge fan of a few of the very pronounced “moth-er-fuck-er” uses in two of the songs, but that’s much more a matter of personal preference.  The lyrics are not so laced with profanity as to be outright offensive like some other artists may be.

Overall, a very good album.  We’ll see where the project goes next.

Why I Support Free Culture

Posted on

The free culture movement is a social movement that promotes the freedom to distribute and modify creative works, using the Internet as well as other media. Wikipedia

There are a number of things that get associated with the term “Free Culture” and a number of reasons people support them.  Let me start with what I do not support:

  • I do not support the rampant piracy of music, or the triumph over the RIAA through possible loopholes.
  • While current copyright laws and enforcement practices are counterproductive and unfair, I see this an a separate issue to Free Culture.
  • I do not support Free Culture just because I believe in Freedom (although I do).
  • I do not support “mix culture” that thrives on living just as close as they can to the Fair Dealings (/ Fair Use) lines just because they want to use the content without paying.

If these things, to me, are not Free Culture, then what is?

First, it’s been beaten to death but I must say it: libre is not gratis.  When I talk about Free Culture, I’m not talking about not paying for things.  A lot of Free Culture is available gratis, but also some is not: and I have been willing to pay / donate to even those that are available at no cost.

I support free culture because a harmonic culture is a strong culture. Let me expand on that.  Harmonics are those things which reinforce each other.  Musical melodies can be harmonic, and that is the most common context for the term.  A culture in which  The Backstreet Boys sing I Want it That Way is alright. Artists can create original works and distribute them. But a culture in which “Weird Al” Yankovic can then sing eBay reinforces itself.  Culture builds on culture.

Nothing new here, and many would point to the infringing mix culturists and say that’s what they’re trying to do.  But by mixing locked culture, often illigally they hurt the cause and their art form.  I support Free Culture not because I want to see more mixes, but because I want to see more things that can be mixed.  To me, that is free, no-strings-attached permission to build on your work.  If you make a song, I make a video.  You make a cartoon, I include it in a documentary.  It’s not the building on that is important, though, but having things to build on at all.

Some Free Culturists want to acheive this goal by making more lax copyright laws.  This is a fine goal, but is ultimately the wrong solution.  While having more Fair Dealings allowances and content entering the Public Domain faster gives us greater access to our culture – even more can be done by licensing works freely now.

The great benefit to this model is it helps artists who are creating work right now, not only to have a rich community to draw from, but also to market themselves at all.  In a traditional copyright model, everything hinges on expensive licenses, equiptment, and lawyers protecting it all.  If you open yourself up to unrelenting remixing, and business models that cut out the middle men (and this applies well outside of music) you can interact with the fans/consumers more directly and make as much or more money doing it.  All without selling your rights or giving someone else a chance to meddle in what you do best: being the artist.

The One True Format: Technological Snobbery

Posted on

There’s an odd phenomenon that occurs as one transitions from an outsider writing code to someone who actively contributes to a community.  The more you contribute to mailing lists and blog discussions, the more you realise it.  You have an opinion.

You never meant to have an opinion, you just meant to write code.  Let brighter minds decide how it all works and just build the solution.  Code, not specs, not politics.  Re-use what’s out there in new and interesting ways.  Yet this, in and of itself, is an opinion.  The more you contribute, the more you realise that you are no longer just asking that things be made easier for implementors or answering questions about past decisions: you are advocating solutions.

This has happened to me more than once as I have transitioned from community to community.  The first was when I began a project to write my own feed reader (BoxtheWeb) and simultaneously became involved in the Blogger Hacks community.  I slowly went from a hacker who thought feeds were cool and wanted to build stuff with them, to an advocate of the RSS2.0 format.  Somewhere in my coding I decided that format was the easiest to use and the best suited for what I wanted, and I began to advocate.

Next was JSONP.  One of the few things I have advocated that gained much headway fast (through nothing I did, I’m sure, but still exciting to see).  Yahoo, coComment, del.icio.us, and others all jumed on the JSONP bandwagon and I was happy.

Other formats got either on my “good side” (OpenID, OAuth, POSH, Microformats) and my “bad side” (ATOM, EAUT, PortableContacts) for one reason or another.

Ridiculous.  Sure, solutions should be chosen based on technical merit, but who gave me (or anyone) the right to decide which technologies have merit?  It’s time to get back to basics.

If it works.  That’s the key.  Working code.  RSS, ATOM, ActiveChannel, hAtom, or a list of URLs in a text file… really, I don’t care.  As long as the data is there and I can read it, I can write code.  Who cares if EAUT takes off or if http://me@you.tld/ remains valid?  If people can log in: we win!  Not only is there not One True Format, there is no long-term difference between formats.  Sure, there may be reasons to choose one over another, but ultimately it’s just data.  What users (or, even better, developers) can do with that data is what’s important.  These days, we’re better at working around the deficiencies of services (*cough*twitter) than building ones that do what we want anyway.

Groups on the Open Web

Posted on

Groups seems to be a very popular concept on the social web.  Facebook, Myspace, Orkut, last.fm, Ma.gnolia, FriendFeed (rooms) : everyone has groups.  How do we think about these groups in the context of tearing down walled gardens?  Do we think of places like Ning that replicate all this functionality in a more open ecosystem?  Or do we push further into a more decentralized way of thinking and collaborating?  Try the following links out:

What do you think?  Besides being a bit rough (some unrelated data sneaks in), this seems like a very good snapshot of what is going on in and around DiSo : better, perhaps, that any of the “official” sources.

I would maintain that on the Open Web we can see two different kinds of groups: ad-hoc and gardens.  Both could be maintained by the same software (which I would love to build, but will not be upset if the lazyweb beats me to it!)  Ad-hoc groups are the simplest: let a user choose one or more defining keywords and then display content from all over the social web that fits that tag (with options to filter by blog, microupdate, bookmark, event, etc).  Done.  A group is born that you can track and reply to and interact with (with appropriate links back to the original service, of course, no extra comments layer like we see in FriendFeed if we can help it).

Gardened groups would be a step more formal, and would be the open variant of existing walled-garden groups.  Group administrators (“gardeners”) could choose a group name/shortname and keywords.  They could then choose to have the group not follow certain services (for example, if no photos would be relevant, not track Flickr) and could also add other relevant feeds/respose links (ie mailing list RSS feed with mailto: links for the “reply” function, code repository commit feeds, etc) and links to relevant pages that are static content (wikis).  Content coming in from all sources could be pruned to hide content that matches the keyword(s) but is not relevant.

Feeds and OPML files should be provided to go along with groups, interaction links should make it into the footers of feed item bodies.

PGP UI Suggestions

Posted on

Lets face it: currently, PGP is hard.  Most geeks even consider it “geeks only”.  While few average users can benefit from encryption (few people say things that secret) – everyone can benefit from signed authenticity (at very least to cut down on spoofing).  The biggest obstacles to end users are (a) they don’t see the point (b) they freak out when they see “weird” inline content or attachments (c) verifying long hexadecimal signatures is hard.  I will make suggestions about these is order.

The fact that users don’t see the point really is the biggest problem.  If more users cared about authenticity, more would be willing to endure the pain of doing things “right”.  My hope here is that if seamless enough solutions become common enough, some people will use it because it is “right there” and as more people they know are sending signed messages perhaps some network effect can be leveraged.

Weird content is on it’s way to being fixed.  If everyone installs FireGPG and uses a mail client (/webmail supported by FireGPG) that supports PGP (a growing number) then at the very least, the noise gets hidden behind a “this message is signed” notice.

Few people want to read off long hex number to each other in person.  Here’s where it gets touchy, because anything we change here changes the security of the transaction.  I’m ok with that.  I’d rather my non-geek friends have a somewhat-trusted key than an untrusted key or no key at all.  My geek friends and I will still verify each others’ fingerprints.

Alice receives an email from Bob, with whom she has never previously shared cryptographic information.  Neither Alice nor Bob is a geek, tech savvy, or familiar with cryptography.  Alice knows her email program has a new feature that lets people verify each others’ messages and decides to try it out.

Alice elects to share her PGP key with Bob.

Alice has never shared her key with anyone before (she doesn’t have one).  She is told this and asked to wait while “some setup occurs”.  The key is generated and UI moves to the next step.  Somewhere in here there should be a notice to backup the key, “since if you lose it you can no longer send verified messages”. Public keys should be sent to a public key server automatically.

Alice secures her key to Bob.

Alice now picks a secure question and answer to prove to Bob (within a reasonable, but not cryptographically rigorous) measure of certainty.  An email is sent to Bob’s address with the output of `gpg -a –openpgp –export KEYID | gpg -ac –openpgp -` attached.  Also attached, it sends an unencrypted export of the public key, for use (moot in this case, on a new key) if this key has been signed by others Bob knows.  That is, Alice’s public key is symmetrically encrypted with an algoritm allowed by the OpenPGP standard (currently 3DES) with the passphrase as the answer to the secure question.  I’ve marked it case sensitive, but all UIs COULD downcase passphrases to simplify this.  The secure question becomes the body of the email and the subject can be something like “Alice is sharing her verification key with you!”

Bob recieves the email, an his client flags it (with an icon or similar) as containing verification information.  Some clients may find it makes more sense to process the message immidiately upon receipt, instead of just flagging it.

Bob opens (or his client auto-opens) the message.  Instead of being presented with an email full of gook, he is presented with a window by his client.

Bob decrypts the key.

Bob enters the answer and is presented with a window describing the key.  This window should say “Alice is claiming…” or similar and display the image in the key (if there is one) and all UIDs/comments.  There should then be a list of how well Bob knows this key:

It claims to be alice@example.com and was sent from there: very low

It was found to be the same as one available on public key servers: very low

It was verified using a secret question: medium

It has not been verified by anyone you know [aka, key signatures, high]

[Button: Advanced Verification, showing the key fingerprint – for advanced users]

[Button: trust this key]

[Button: I have talked to Alice and know this is her key (ultimate trust, signs key)]

If three or more signatures from people Bob trusts are on the key (remember, the unencrypted one) the client may skip to this step and provide a “verify using secret question” button.

Opening this message in the future should sync with keyservers, and then show the last dialog again, showing any new signatures from people Bob trusts, and allowing him to verify/sign it.