Forgive me, reader, for I have sinned. It has been over a year since my last blog post. Life got busy. Paid work. Another round of challenges managing my chronic illness. Cycle campaigning. Fun bike rides. Friends. Family. Travels. Other social media to stroke. I m still reading some of the planets where this blog post should appear and commenting on some, so I ve not felt completely cut off, but I am surprised how many people don t allow comments on their blogs any more (or make it too difficult for me with reCaptcha and the like). The main motive for this post is to test some minor upgrades, though. Hi everyone. How s it going with you? I ll probably keep posting short updates in the future. Go in peace to love and serve the web.

http://baldric.net/2015/06/05/why-pay-twice/ asks why the government hires civilians to monitor social media instead of just giving GC HQ the keywords. Us cripples aren t allowed to comment there (physical ability test) so I reply here: It s pretty obvious that they have probably done both, isn t it? This way, they re verifying each other. Politicians probably trust neither civilians or spies completely and that makes it worth paying twice for this. Unlike lots of things that they seem to want not to pay for at all

A while ago, I switched from tritium to herbstluftwm. In general, it s been a good move, benefitting from active development and greater stability, even if I do slightly mourn the move from python scripting to a shell client. One thing that was annoying me was that throwing the pointer into an edge didn t find anything clickable. Window borders may be pretty, but they re a pretty poor choice as the thing that you can locate most easily, the thing that is on the screen edge. It finally annoyed me enough to find the culprit. The .config/herbstluftwm/autostart file said hc pad 0 26 (to keep enough space for the panel at the top edge) and changing that to hc pad 0 -8 -7 26 -7 and reconfiguring the panel to be on the bottom (where fewer windows have useful controls) means that throwing the pointer at the top or the sides now usually finds something useful like a scrollbar or a menu. I wonder if this is a useful enough improvement that I should report it as an enhancement bug.

I m getting increasingly cynical about our largest organisations and their voting-centred approach to democracy. You vote once, for people rather than programmes, then you re meant to leave them to it for up to three years until they stand for reelection and in most systems, their actions aren t compared with what they said they d do in any way. I have this concern about Cooperatives UK too, but then its CEO publishes http://www.uk.coop/blog/ed-mayo/2015-02-18/rebooting-democracy-case-citizens-constitutional-convention and I think there may be hope for it yet. Well worth a read if you want to organise better groups.

I expect this is obvious to many people but bahumbug To Phish, or Not to Phish? just woke me up to the fact that if Google hosts your company email then its Sender Policy Framework might make other Google-sent emails look legitimate for your domain. When combined with the unsupportive support of the big free webmail hosts, is this another black mark against SPF?

All I want for 2015 is a Free/Open Source Software social network which is:

• easy to register on (no reCaptcha disability-discriminator or similar, a simple openID, activation emails that actually arrive);
• has an email help address or online support or phone number or something other than the website which can be used if the registration system causes a problem;
• can email when things happen that I might be interested in;
• can email me summaries of what s happened last week/month in case they don t know what they re interested in;
• doesn t email me too much (but this is rare);
• interacts well with other websites (allows long-term members to post links, sends trackbacks or pingbacks to let the remote site know we re talking about them, makes it easy for us to dent/tweet/link to the forum nicely, and so on);
• isn t full of spam (has limits on link-posting, moderators are contactable/accountable and so on, and the software gives them decent anti-spam tools);
• lets me back up my data;
• is friendly and welcoming and trolls are kept in check.

Is this too much to ask for? Does it exist already?

Rather late but I guess that just confirms it s really me, right? The signed text and IDs should be at http://mjr.towers.org.uk/transition-statement.txt Thank you if you help me out here I ll resign keys in a while.

One of the attention-grabbing measures in the Autumn Statement by Chancellor George Osborne was the google tax on profits going offshore, which may prove unworkable (The Independent). This is interesting because a common mechanism for moving the profits around is so-called transfer pricing, where the business in one country pays an inflated price to its sibling in another country for some supplies. It sounds like the intended way to deal with that is by inspecting company accounts and assessing the underlying profits. So what s this got to do with Free Software? Well, one thing the company might buy from itself is a licence to use some branding, paying a fee for reachuse. The main reason this is possible is because copyright is usually a monopoly, so there is no supplier of a replacement product, which makes it hard to assess how much the price has been inflated. One possible method of assessing the overpayment would be to compare with how much other businesses pay for their branding licences. It would be interesting if Revenue and Customs decide that there s lots of Royalty Free licensing out there including Free Software and so all licence fees paid to related companies are a tax avoidance ruse. Similarly, any premium for a particular self-branded product over a generic equivalent could be classed as profit transfer. This could have amusing implications for proprietary software producers who sell to sister companies but I doubt that the government will be that radical, so we ll continue to see absurdities like Starbucks buying all their coffee from famous coffee producing countries Switzerland and the Netherlands. Shouldn t this be stopped, really?

There are three basic systems: The first is slick and easy to use, but fiddly to set up correctly and if you want to do something that its makers don t want you to, it s rather difficult. If it breaks, then fixing it is also fiddly, if not impossible and requiring complete reinitialisation. The second system is an older approach, tried and tested, but fell out of fashion with the rise of the first and very rarely comes preinstalled on new machines. Many recent installations can be switched to and from the first system at the flick of a switch if wanted. It needs a bit more thought to operate but not much and it s still pretty obvious and intuitive. You can do all sorts of customisations and it s usually safe to mix and match parts. It s debatable whether it is more efficient than the first or not. The third system is a similar approach to the other two, but simplified in some ways and all the ugly parts are hidden away inside neat packaging. These days you can maintain and customise it yourself without much more difficulty than the other systems, but the basic hardware still attracts a price premium. In theory, it s less efficient than the other types, but in practice it s easier to maintain so doesn t lose much efficiency. Some support companies for the other types won t touch it while others will only work with it. So that s the three types of bicycle gears: indexed, friction and hub. What did you think it was?

While cooperatives fortnight is mostly a celebration of how well cooperatives are doing in the UK, this year is tinged with sadness for me because it sees Downham Food Coop stop trading. This Friday and Saturday will be their last market stall, 9til 1 on the Town Square, aka Clock or Pump square. As you can see, the downturn has hit the market hard and I guess being the last stall left outside the market square (see picture: it used to have neighbouring stalls!) was just too much. The coop cites shortage of volunteers and trading downturn as reasons for closure. But if you re near Downham today or tomorrow morning, please take advantage of this last chance to buy some great products in West Norfolk!

After years of resisting it, I ve added the least evil Twitter/Facebook comments plugin I could find to this blog as a test and updated the comments policy a little. Please kick the tyres and try commenting to see if it works, phase.

So the Kelly report of the independent review into the events leading to the Co-operative Bank s capital shortfall was published yesterday. During the day, I was putting odd bits from it out in 140 characters with the hashtags #coops #kellylessons. Here they are in one more permanent place. How many of these lessons has your organisation whether a co-op or not learned?

1. Running a full-service bank is a complex business Bank failed to understand the limits of its own capability
2. The most important task for any board is to put in place the right Executive leadership for the business
3. Ownership of a regulated bank requires a clearly articulated statement addressing mgmt & gov nance relationship
4. Failures in board oversight are inevitable if the criteria used to elect do not require the necessary skills
5. A bank board must include sufficient numbers of technically competent directors
6. Boards need good m gmt info and to demand it if it is not forthcoming. Failure to obtain explains failings
7. A bank should develop&implement robust risk gov nce&oversight and an appropriate control framework
8. IT transformation keep as simple as poss , phase delivery.., deploy the right resources, plan for contingencies
9. Bank should have paid closer attention and responded with greater urgency to what the Regulator told it
10. Pay careful attention to the advice of external advisors. The Group ignored well-founded inconvenient advice
11. Postponing dealing with problems is almost never a sustainable solution.
12. Values need to be translated into meaningful guidance The Bank s ethical positioning should be more apparent
13. Mantras about scale and ethics are no substitute for strategies grounded in a real understanding
14. Talent management is critical Lack of capability driven by weaknesses in its recruitment&subsequent m gmt
15. Tolerating culture of underperformance, weak transparency and a lack of accountability, constrains an organisation

Are there other lessons that you would add?

Please excuse the intrusion to your usual software and co-op news items but vine seems broken and as part of my community and democratic interests, I d like to share this short clip quoting Norfolk s Deputy Police Commissioner Jenny McKibben about why Commissioner Stephen Bett believes it s important to get views from the west of the county about next year s police budget: Personally, with a King s Lynn + West Norfolk Bike Users Group hat on, I d like it if people supported a 2% ( 4/year average) tax increase to reduce the police s funding cut (the grant from gov.uk is being cut by 4%) so that we re less likely to have future cuts to traffic policing. The consultation details and response form are on the PCC website.

There have been some dark days for UK coops recently the crystal Methodist and all that and I have not been able to talk about it much because of the amount of work that I want to do before the end of the year. Happily good colleagues have been writing about it and here s another good article from Kate Whittle that links to Ed Mayo and Ian Snaith who are the other two that I d suggest. http://www.cooperantics.coop/2013/12/09/co-ops-governance/ I should be back in a few days to summarise the event I attended last week.

We like guidelines. In our work, things like the Debian Free Software Guidelines, pep8 and Koha Coding Guidelines are quite useful. I follow guidelines for how I work, too. In addition to the financial reports required by government, our co-op produces an annual social report which we share with our members and other key stakeholders. Since 2007, the backbone of it is The Worker Co operative Code of Governance published by our national federation. In 2012, the Worker Co-op Council updated the code. I don t remember why an update was felt necessary, but as a side-effect of producing of our 2013 social report, I ve made a list of the changes:

1. Principle 1 is reordered, with information becoming the first point and membership offered to all becoming the last item.
2. Principle 2 sees democratic processes drop down the order, plus it loses the item on long-term planning.
3. Principle 3 has the point about reserves clarified and gains a last item about distributing surplus fairly.
4. Principle 4 loses its first item about regular reviews, the skills assessment point moves to principle 5 and it gains a build capability point.
5. Principle 5 gains items on replacing key members and skills assessment (from the previous section), while most points seem rephrased.
6. Principle 6 is reordered, active co-operation is split into distinct points about referring and collaborating and the point about actively sharing good practice is deleted.
7. Principle 7 is unchanged.

Are these good changes? Much of it seems like tinkering and maybe shifting emphasis the reorderings add little and make it harder to spot the changes while the lost points on long-term planning and sharing good practice are surprising. I would have preferred to see the items that seem mainly to promote the code itself and its publisher Co-operatives UK deleted instead. The additions and clarifications about surplus are good, though, and there s nothing new that I think should stop us adopting it. What do you think? Should all business behave this way?

The BBC coverage of the UCI Women Road Race World Championship wasn t starting until 3pm, BBC Radio 5 Live had football and Sports Extra was playing an advert loop (really BBC?), Eurosport wasn t covering the race at all, RAI Sport 2 had coverage which was fine while I was watching the TV, but my Italian isn t good enough to follow the commentary and I wanted to get some other stuff done. So the obvious thing is to have the computer watch for changes to the great http://live.cyclingnews.com/ ticker and read them out, right? Well, it was to me. Here s the script I used:

#!/usr/bin/rc
# Send updates to live cycling news reports to the speech synth
# initialise
url=http://live.cyclingnews.com/
if (~ $1 *:*)  
  url=$1
 
last=""
while (true)  
    # download the update and strip html - if you don't have html2text try
    # sed -e '1,/<ol/d;s/<br[^>]*>/n/g;s/<[^>]*>//g;s/ / /g;s/[[:space:]]*$//'
    next= () curl -s $url   html2text -width 9999   sed -e 's/^ *[0-9]*. //'  
    # look for some added lines in the update section - timezone will need changing for non-European races
    say= () diff -u < echo $last  < echo $next  
        sed -ne '/^+/!d;s///;s/**//g;/ CES*T/,/^ *$/p'   head -9  
    # feed them to the speech synth in reverse order
    echo $say '
      Race Update'   tac   spd-say -e
    # update variables, pause and loop
    last=$next
    # set this to a prime number over 60, like 61, 67, 71, 73, 79, 83, 89
    sleep 67
 

Any questions, comments or improvements? I could have done more, like not saying Race Update even when there was no update, but I wanted to start listening as soon as possible!

So I have upgraded my main workstation at last, but there are a few things I wanted to figure out. Some of these I found an answer to, but others I haven t and some answers open more questions: Where did debian-menu.menu go and why doesn t lxlauncher have the Debian menu by default anyway? Answer: It seems this is a combination of debian bug 333848 and bug 722563 which I reported yesterday in that lxlauncher doesn t use the debian menus. Workaround for now: install menu-xdg and hack the lxlauncher menu file. Why don t my xterm shells load .profile any more? Did I bodge that before without making a note? How do I stop kernel or initrd or whatever it is configuring the network with the dhcp settings at boot time instead of the better wicd ones that are available once the system is up? Continuing with networking, how did network-manager (which doesn t cope with my network configuration) get installed again? Answer: debian bug 645656 explains that debian is simply following a silly decision taken upstream and refers to attempts to make network-manager optional as the Crusade . Workaround: remove gnome and install its dependencies like gnome-core directly instead. Drawback: any new dependencies of gnome will have to be installed manually. Why is the audio capture volume at 10% by default and what s the best way to change that? I suspect this might be 682731 but that bug is untouched in over a year. I m tempted to remove pulseaudio, but gnome-core Depends pulseaudio so this is yet more hardware-breaking caused by gnome dependency changes and the only way out of this one would be to remove gnome-core and install its dependencies. Or maybe I should just give up and finally remove gnome because its packages have jumped the shark. I installed gnome to make the system easier to use and it s broken it in at least two ways now. One question that makes me hesitate is: why is gdm3 faster to start than lightdm?

There s been some media coverage at the start of this week about blocking child porn. Except it s not about child porn that s a trojan horse. People who want to access pornography that is already illegal (Protection of Children Act 1978) are probably already using security tools to hide their downloading and will be unaffected by this unless they re pretty stupid. And the announcement, about the same time as the predicted birth of a royal baby, third in line to the throne, seems like a cynical attempt to bury bad news taken straight from the Blair Government. That would almost be enough reason to oppose it: they don t want the media to look at this too closely for some reason. So what s this actually about? It looks like a way to force through widespread acceptance of the ability to censor most UK internet users by shouting won t somebody think of the children? If you doubt it, take a look at the list of filtered topics:

• Dating
• Drugs, Alcohol and Tobacco
• File Sharing Sites
• Gambling
• Games
• Pornography
• Social Networking
• Suicide and Self-Harm
• Weapons and Violence

So if they get away with this censorship, you won t be able to use Twitter or contact the Samaritans until you deactivate it. Except I suspect you will because they re pretty big and the Cameron Government won t want to pick a fight with them: it ll be the next Twitter and the next Samaritans, currently much smaller and unable to defend themselves, who get shut out of UK homes. So what can we do, besides explaining this and writing to our MPs? Are we better off joining parties who oppose this censorship, like the Pirate Party, or joining existing parties and trying to overturn their stupid support for it?

Cooperatives Fortnight 2013 starts tomorrow. Our co-op is taking part in a few activities this year. Come along and meet us, or find other events on the national website. This Sunday, I ll be riding 50 miles in support of Leonard Cheshire. Some of it is familiar roads, some of it new. I ll also be riding 12 miles just to get to the start line. If you re a UK resident and would like to guess my time and make a small donation, please give it a try on guess2give. Next Thursday 27 June, I ll be at Somerset Cooperative Services AGM in Taunton. See their site for further news. There might be something on Monday 1 July. To be announced later maybe. On Thursday 4July, mjkaye will be at Building Our Co-ops in Liverpool. See the national event listing for details. So what will you be doing for co-ops fortnight?

One of our co-op s clients asked me what I use for anti-virus at the moment and tips for what they should use on their Windows system. Well, flame me now, but I don t actually use any anti-virus at the moment: I rely on system security, firewalling and intrusion detection. The diversity of GNU/Linux software and I use some pretty odd stuff probably helps too. Even if I did want to run antivirus software, most of what s available for GNU is actually aimed at detecting and preventing transmission of Windows viruses. There are few real-world GNU viruses and fewer attack opportunities left open. Also, I prefer firewalling and fairly paranoid security settings because, like an antibiotic, an antivirus is only effective once the virus is already on your system somehow hopefully held in quarantine by the browser or email client and not actively malignant in the processor. There s quite a list at http://en.wikipedia.org/wiki/Comparison_of_antivirus_software#Microsoft_Windows but I expect most of the purchase-free proprietary ones (labelled as Free or Freemium but you usually pay by watching adverts) will try to sell you upgrades, as that s how their production is funded. If you don t mind doing such things, you can disable the ads in at least one of them The only very free ones I found were Immunet (also funded by upgrades not sure if it s actually Free and Open Source Software) and ClamWin (donation-funded) which both use the same scanning engine. If I had to use Microsoft Windows, I think I d probably use and donate to ClamWin, install the (altruism-funded I think) Clam Sentinel alongside it and be rather cautious about what I downloaded or used online. I m a bit worried that it doesn t do great in reviews, though. What do/would you do? I don t really know about paying for security. The only paid product I ve really seen has been Norton and that seemed no better than the ad-funded ones, still getting in the way and always trying to sell upgrades. It also irks me that there s this huge market just to fix fundamental defects in Microsoft s product. There s a Microsoft Security Essentials add-on listed on Wikipedia, but it does fairly badly in this PC Magazine review and do any of them do intrusion detection? And finally, if you do decide to download something new, I strongly suggest getting it from a trusted source and/or triple-checking the link with wikipedia, a magazine review like CNET and a search engine. Don t just trust a search engine, because fake antivirus software is a big way of getting viruses and worse onto computers: there s even one calling itself Microsoft Security Essentials 2011 !