On friday, I came across an interesting article in the Norwegian web based ICT news magazine digi.no on how to collect the IMSI numbers of nearby cell phones using the cheap DVB-T software defined radios. The article refered to instructions and a recipe by Keld Norman on Youtube on how to make a simple $7 IMSI Catcher, and I decided to test them out. The instructions said to use Ubuntu, install pip using apt (to bypass apt), use pip to install pybombs (to bypass both apt and pip), and the ask pybombs to fetch and build everything you need from scratch. I wanted to see if I could do the same on the most recent Debian packages, but this did not work because pybombs tried to build stuff that no longer build with the most recent openssl library or some other version skew problem. While trying to get this recipe working, I learned that the apt->pip->pybombs route was a long detour, and the only piece of software dependency missing in Debian was the gr-gsm package. I also found out that the lead upstream developer of gr-gsm (the name stand for GNU Radio GSM) project already had a set of Debian packages provided in an Ubuntu PPA repository. All I needed to do was to dget the Debian source package and built it. The IMSI collector is a python script listening for packages on the loopback network device and printing to the terminal some specific GSM packages with IMSI numbers in them. The code is fairly short and easy to understand. The reason this work is because gr-gsm include a tool to read GSM data from a software defined radio like a DVB-T USB stick and other software defined radios, decode them and inject them into a network device on your Linux machine (using the loopback device by default). This proved to work just fine, and I've been testing the collector for a few days now. The updated and simpler recipe is thus to

1. start with a Debian machine running Stretch or newer,
2. build and install the gr-gsm package available from http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/,
3. clone the git repostory from https://github.com/Oros42/IMSI-catcher,
4. run grgsm_livemon and adjust the frequency until the terminal where it was started is filled with a stream of text (meaning you found a GSM station).
5. go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.

To make it even easier in the future to get this sniffer up and running, I decided to package the gr-gsm project for Debian (WNPP #871055), and the package was uploaded into the NEW queue today. Luckily the gnuradio maintainer has promised to help me, as I do not know much about gnuradio stuff yet. I doubt this "IMSI cacher" is anywhere near as powerfull as commercial tools like The Spy Phone Portable IMSI / IMEI Catcher or the Harris Stingray, but I hope the existance of cheap alternatives can make more people realise how their whereabouts when carrying a cell phone is easily tracked. Seeing the data flow on the screen, realizing that I live close to a police station and knowing that the police is also wearing cell phones, I wonder how hard it would be for criminals to track the position of the police officers to discover when there are police near by, or for foreign military forces to track the location of the Norwegian military forces, or for anyone to track the location of government officials... It is worth noting that the data reported by the IMSI-catcher script mentioned above is only a fraction of the data broadcasted on the GSM network. It will only collect one frequency at the time, while a typical phone will be using several frequencies, and not all phones will be using the frequencies tracked by the grgsm_livemod program. Also, there is a lot of radio chatter being ignored by the simple_IMSI-catcher script, which would be collected by extending the parser code. I wonder if gr-gsm can be set up to listen to more than one frequency?

Just watching Lars Wirzenius talking about Qvarn - identity and data protection management on large scale. Compliant with EC data/identity management regulations and concerns.

The room fell silent at 1100 for two minutes - as we did on Friday 11/11/12.
This is remembering the dead, wounded and those affected by the wars of the 20th and 21st centuries.

Inevitably, it also reminded me of friends and colleagues in Debian that are no longer with us: for Espy and so many others before and since, thanks from me - you are well remembered here.

My work colleagues know me well as a Free/Libre software zealot, constantly pointing out to them how people should behave, how FLOSS software trumps commercial software and how this is the only way forward. This for the last 20 odd years. It's a strain to argue this repeatedly: at various times, I have been asked to set out more clearly why I use FLOSS, what the advantages are, why and how to contribute to FLOSS software.

"We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.
We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.
Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here
...
In our world, whatever the human mind may create can be reproduced and distributed infinitely at no cost. The global conveyance of thought no longer requires your factories to accomplish."
[John Perry Barlow - Declaration of the independence of cyberspace 1996 https://www.eff.org/cyberspace-independence]

That's some of it right there: I was seduced by a modem and the opportunities it gave. I've lived in this world since 1994, come to appreciate it and never really had the occasion to regret it.

I'm involved in the Debian community - which is very much a "do-ocracy" - and I've lived with Debian GNU Linux since 1995 and not had much cause to regret that either, though I do regret that force of circumstance has meant that I can't contribute as much as I'd like. Pretty much every machine I touch ends up running Debian, one way or the other, or should do if I had my way.
Digging through my emails since then on the various mailing lists - some of them are deeply technical, though fewer these days: some are Debian political: most are trying to help people with problems / report successes or, occasionally thanks and social chit chat. Most people in the project have never met me - though that's not unusual in an organisation with a thousand developers spread worldwide - and so the occasional chance to talk to people in real life is invaluable.

The crucial thing is that there is common purpose and common intelligence - however crazy mailing list flame wars can get sometimes - and committed, caring people. Some of us may be crazy zealots, some picky and argumentative - Debian is what we have in common, pretty much.

It doesn't depend on physical ability. Espy (Joel Klecker) was one of our best and brightest until his death at age 21: almost nobody knew he was dying until after his death. My own physical limitations are pretty much irrelevant provided I can type.

It does depend on collaboration and the strange, dysfunctional family that is our community and the wider FLOSS community in which we share and in which some of us have multiple identities in working with different projects.
This is going to end up too long for Planet Debian - I'll end this post here and then continue with some points on how to contribute and why employers should let their employers work on FLOSS.

Last year, via jwz, I watched the video "Archive Team: A distributed Preservation of Service Attack" from Defcon 19. I learned about the Archive Team and the work of Jason Scott. More recently I learned about the archive.org Shareware CD Archive. In the fledgling days of the Internet, shareware (and cover-mount) CD-ROMs were a popular way for files to be distributed. They therefore archive an interesting age in the history of modern Internet culture. Inspired by the above, I dug out some of my old shareware Doom CDs, ripped them, scanned their covers (where I had them) and uploaded them to archive.org. Here they are:

• The Ultimate Add-On Collection for Doom and Doom II
• D! 1000 (better CD scan needed)
• D! Zone Gold
• 3D Game Alchemy the CD that accompanied the book "3D Game Alchemy" (needs a better CD scan). I thought everyone had seen the stuff on this, but when Justin Fisher's NEMESIS.WAD appeared on Doomworld - relatively recently - I was surprised how few people were familiar with it.

They are all part of the growing Doom Level CD Collection. In most cases, the CDs are a super set of files that exist in the /idgames archive. I'm fairly sure there is some stuff on these CDs that never made out of BBSes or the AOL and CompuServe walled gardens onto the wider Internet, with the exception of these shovelware collections. A follow-on project would be to cross-reference their indexes with the /idgames archive and upload whats missing (that can be done so, legally.) Finally, I also had a single, solitary PC ZONE covermount CD that I held on to because it was a Quake (and Duke Nukem 3D) add-on special:

• CD Zone issue 48, March 1997

From an archive-perspective, Quake has not fared as well as Doom did. The Internet was young when Doom was popular, the World Wide Web was not the all-encompassing thing it has become and by accident rather than design nearly all Doom add-ons ended up being uploaded to a single FTP server: The Walnut Creek CDROM FTP Server, to a sub-folder /idgames. This single archive was mirrored wide and has lived on past the death of Walnut Creek. Today, it is small enough for casual enthusiasts to mirror, and has been kept alive by volunteer admins. The most popular front-end is now http://www.doomworld.com/idgames/. The WWW had grown up by the time Quake came along. There is an /idgames2, but it was never as popular as /idgames was for Doom. The Quake modding community was centered around a series of commercial websites such as Planet Quake, later part of the Gamespy network. Sadly the vast majority of web pages on the old Planet Quake site and similar sites have died completely from bit-rot. Large chunks of the history of the Quake community are therefore lost to a sort-of technological dark age.

Debian always was known for its communication "style". There were even shirts sold in memory of Espy Klecker with a quote he is known for: Morons. I'm surrounded by morons. Yes, I bought me one of those shirts too in the early days. And there were the talks that promoted Debian as a place to have Good flamewar training. And people considered that to be the fun part. After some years it got tiring. It got stressful. It got annoying. Bad feelings popped up, stirred you into the next flamewar, and it went down the gutter from there. It was almost becoming impossible to not be the target of a flamewar when one was doing more than just basic maintenance. Snide and extreme terse responses became the standard. In the end people are starting to give up and leave. The Ugly thing about this is that human resources are crucial. They aren't endless and can't be replaced as easily as broken hardware, especially when capable people or when people leave who invested an enormous amount of their spare time and effort. And given that a fair amount of people do put their heart into Debian, it feels like a small suicide to them and the public thinking about leaving is meant as a call for help which wasn't and isn't given. The solution to this death swirl? I'm not sure. When one looks over the edge of the plate and ignores for a moment all the bad feelings they one might have built up against Ubuntu because of their success and possibility to find new contributors on a regular basis one is able to find a much friendlier and productive environment there. This might be attributed to the Code of Conduct about which I wrote about last year already and which is an extremely well intended and useful document (the point I raised in there is already solved for a while, so I became a MOTU). And even if it might be hard to follow it at times, Mark Shuttleworth reminds and encourages its contributors to stick to these principles even in tough times. The result? When following the planets, one finds on Planet Ubuntu a very good rate of blog posts on things that had been done, compared to the good rate of blog posts of rants on Planet Debian. And even though people regularly complain about the communication style within Debian, the answers of this year's DPL candidates to the question about a code of conduct for Debian were rather rather disappointing. So it is just well too understandable that people go the path that hurts themself, take a cut and leave the project behind in its mess. For myself? I'm not too far from that point on a regular basis, and I can understand those who did the final step only too well. Regular abuse, especially when doing stuff that others neglect on a regular basis but needs to be done anyway, being belittled on that grounds and not being taken serious and getting disrespectful responses isn't improving the situation. It happens to way too many people, and the only thing that still keeps me on tracks is that I do not want to give in yet, that I don't think that it would improve Debian to leave the grounds to various destructive people. On the other hand, there is only so much abuse one can take...
ObTitle: Ennio Morricone - The Good, The Bad and The Ugly

/debian permanent link Comments: 5

Debian always was known for its communication "style". There were even shirts sold in memory of Espy Klecker with a quote he is known for: Morons. I'm surrounded by morons. Yes, I bought me one of those shirts too in the early days. And there were the talks that promoted Debian as a place to have Good flamewar training. And people considered that to be the fun part. After some years it got tiring. It got stressful. It got annoying. Bad feelings popped up, stirred you into the next flamewar, and it went down the gutter from there. It was almost becoming impossible to not be the target of a flamewar when one was doing more than just basic maintenance. Snide and extreme terse responses became the standard. In the end people are starting to give up and leave. The Ugly thing about this is that human resources are crucial. They aren't endless and can't be replaced as easily as broken hardware, especially when capable people or when people leave who invested an enormous amount of their spare time and effort. And given that a fair amount of people do put their heart into Debian, it feels like a small suicide to them and the public thinking about leaving is meant as a call for help which wasn't and isn't given. The solution to this death swirl? I'm not sure. When one looks over the edge of the plate and ignores for a moment all the bad feelings they one might have built up against Ubuntu because of their success and possibility to find new contributors on a regular basis one is able to find a much friendlier and productive environment there. This might be attributed to the Code of Conduct about which I wrote about last year already and which is an extremely well intended and useful document (the point I raised in there is already solved for a while, so I became a MOTU). And even if it might be hard to follow it at times, Mark Shuttleworth reminds and encourages its contributors to stick to these principles even in tough times. The result? When following the planets, one finds on Planet Ubuntu a very good rate of blog posts on things that had been done, compared to the good rate of blog posts of rants on Planet Debian. And even though people regularly complain about the communication style within Debian, the answers of this year's DPL candidates to the question about a code of conduct for Debian were rather rather disappointing. So it is just well too understandable that people go the path that hurts themself, take a cut and leave the project behind in its mess. For myself? I'm not too far from that point on a regular basis, and I can understand those who did the final step only too well. Regular abuse, especially when doing stuff that others neglect on a regular basis but needs to be done anyway, being belittled on that grounds and not being taken serious and getting disrespectful responses isn't improving the situation. It happens to way too many people, and the only thing that still keeps me on tracks is that I do not want to give in yet, that I don't think that it would improve Debian to leave the grounds to various destructive people. On the other hand, there is only so much abuse one can take...
ObTitle: Ennio Morricone - The Good, The Bad and The Ugly

/debian permanent link Comments: 8

One of the most frustrating things about being an untenured anthropology professor (aside from being untenured) is that, for the most part, the articles you must write to get tenure strike those you write about as hopelessly boring and jargony. I always imagine that when geeks read my articles, the experience can be represented as follows:

%*&%*&*(((& Linux *(&*(^%&%%^%% DeCSS &*(&^&&*^&^&^& Free Speech %^&%^%^%%^ Hacking &*(&^*(^^*^**^*Code*((*&&**&&*&* Emacs **(**)*( New Maintainer Process *&())))))))))&*&7&&*&)*&*&*&& DMCA **(**((( Copyleft. ****W$$&& TINC

Well, finally, I have my hands on the uncorrected proofs of an article that is far far more readable, accessible, and truth be told, romantic than anything I have written The Hacker Conference: A Ritual Condensation and Celebration of a Lifeworld. This article s ancestry goes back to this ancient blog entry that I wrote after Debconf4 in Brazil, later made it into my dissertation, and finally a gabillion years later is on the verge of publication. Debian developers, in particular, might dig this piece. I made use of your blog entries, mailing list discussions, interviews, and photos to reveal what is special about these events and also memorialize some important events, such as the the founding of Debian Women. So while some I am sure some academics will find this piece distasteful for idealizing these events, so be it. I grew very fond of these conferences, they changed the way I thought of computer hacking, and why not write something that makes those you worked with feel good (as opposed to bored and confused). Finally, academics have totally missed the theoretical boat when it comes to conferences, which are probably one of the most important ritual forms of modernity and yet there is so little written on them an issue I address briefly in the conclusion. Note that this version has various mistakes (including the name of Joel Espy Klecker and the caption under Figure 3, and Figure 9). Since many of your are human debugging machines, if anyone takes a preview read and finds any typos, feel free to send along as I will be sending the proofs back next week.

One of the most frustrating things about being an untenured anthropology professor (aside from being untenured) is that, for the most part, the articles you must write to get tenure strike those you write about as hopelessly boring and jargony. I always imagine that when geeks read my articles, the experience can be represented as follows:

%*&%*&*(((& Linux *(&*(^%&%%^%% DeCSS &*(&^&&*^&^&^& Free Speech %^&%^%^%%^ Hacking &*(&^*(^^*^**^*Code*((*&&**&&*&* Emacs **(**)*( New Maintainer Process *&())))))))))&*&7&&*&)*&*&*&& DMCA **(**((( Copyleft. ****W$$&& TINC

Well, finally, I have my hands on the uncorrected proofs of an article that is far far more readable, accessible, and truth be told, romantic than anything I have written The Hacker Conference: A Ritual Condensation and Celebration of a Lifeworld. This article s ancestry goes back to this ancient blog entry that I wrote after Debconf4 in Brazil, later made it into my dissertation, and finally a gabillion years later is on the verge of publication. Debian developers, in particular, might dig this piece. I made use of your blog entries, mailing list discussions, interviews, and photos to reveal what is special about these events and also memorialize some important events, such as the the founding of Debian Women. So while some I am sure some academics will find this piece distasteful for idealizing these events, so be it. I grew very fond of these conferences, they changed the way I thought of computer hacking, and why not write something that makes those you worked with feel good (as opposed to bored and confused). Finally, academics have totally missed the theoretical boat when it comes to conferences, which are probably one of the most important ritual forms of modernity and yet there is so little written on them an issue I address briefly in the conclusion. Note that this version has various mistakes (including the name of Joel Espy Klecker and the caption under Figure 3, and Figure 9). Since many of your are human debugging machines, if anyone takes a preview read and finds any typos, feel free to send along as I will be sending the proofs back next week.

Whew! Is it karma or what? What makes me get involved in two horribly complex, two-week-long conferences, year after year? Of course, both (DebConf and EDUSOL) are great fun to be part of, and both have greatly influenced both my skills and interests. Anyway, this is the fifth year we hold EDUSOL. Tomorrow we will bring the two weeks of activities to an end, hold the last two videoconferences, and finally declare it a done deal. I must anticipate the facts and call it a success, as it clearly will be recognized as such. One of the most visible although we insist, not the core activities of the Encounter are the videoconferences. They are certainly among the most complex. And the videoconferences' value is greatly enhanced because, even if they are naturally a synchronous activity (it takes place at a given point in time), they live on after they are held: I do my best effort to publish them as soon as possible (less than one day off), and they are posted to their node, from where comments can continue. This was the reason, i.e., why we decided to move at the last minute tomorrow's conference: Due to a misunderstanding, Beatriz Busaniche (a good friend of ours and a very reknown Argentinian Free Software promotor, from Via Libre) thought her talk would be held today, and we had programmed her for tomorrow. No worries - We held it today, and it is already online for whoever wants to take part :-) So, I don't want to hold this any longer (I will link to the two conferences that I'm still missing from this same entry). Here is the list of (and links to) videoconferences we have held.

Tuesday 2009-11-17

• Debian-Women, by Margarita Manterola (Buenos Aires, Argentina) (PDF presentation, .ogg file, IRC log)
• Personal networks, by Isidro Maya Jariego (Sevilla, Spain) (.ogg file, IRC log)

Wednesday 2009-11-18

• Social networks, by Sof a Liberman Shklonikoff (Mexico City, Mexico) (PDF presentation, .ogg file, IRC log)
• Open Social Education, by Dolors Reig Hern ndez (Barcelona, Spain) (PDF presentation, .ogg file, IRC log)

Thursday 2009-11-19

• Politics 2.0, by Txopi, Bilbao, Basque Country (ODP presentation, .ogg file, IRC log)
• OpenSocial, by Rodrigo Gallardo (Portland, USA) (.ogg file, IRC log)
• Informatic analfabetization, or why does privative software work towards analfabetization? (.ogg file, IRC log)

Friday 2009-11-20

• Education and cognition from Free Software, by Offray Luna (Bogot , Colombia)< (PDF material, .ogg file, IRC log)/li>
• EDUSOL's state / EDUSOL projects, by the EDUSOL organizer team (which attempts to be distributed ;-) )

As two last notes: Regarding the IRC interaction photos I recently talked about, we did a very kewl thing: Take over 2000 consecutive photos and put them together on a stack. Flip them one at a time. What do you get? But of course A very fun to view and interesting interaction video! We have to hand-update it and it is a bit old right now, but nevertheless, it is very interesting as it is. Finally... I must publicly say I can be quite an asshole. And yes, I know I talked this over privately with the affected people and they hold no grudge against me... But still - yesterday we had an IRC talk about NING Latin American Moodlers, by Luc a Osuna (Venezuela) and Maryel Mendiola (Mexico). One of the points they raised was they were working towards (and promoting) a Moodle certification. And... Yes, I recognize I cannot hear the mention of the certification word without jumping and saying certifications are overrated. Well, but being tired, and not being really thoughtful... I should have known where to stop, where it was enough of a point made. I ended up making Maryel and Luc a feel attacked during their own presentation, and that should have never happened. A public and heartfelt apology to them :-(

As some of you know, yesterday we started the two weeks of activities for the Fifth On-line Encounter of Free Education, Culture and Software. This year, the main topic for the conference is social networks, but not in the twitter-facebook sense Social networks as ways of understanding and modelling human-to-human interactions. Of course, there is interest from many attendees in using and taking advantage of said social network systems (and others), but the topic is far broader. One of the core tools of EDUSOL, and the only tool that is constantly active through our two weeks of activity, is IRC Which is somewhat of a challenge, as we receive some not-tech-savvy users from all over the world. The first year or two we asked everybody to connect via an IRC client (and we had even decided that it would be a technological filter We thought we would not cater for people without the technical skills to install and use IRC). Life proved us wrong, and we ended up using two web-to-IRC gateways: One of them, via an instance of CGI:IRC, and the other one via a third-party service, Mibbit. Now, the core mind behind EDUSOL is Alejandro Miranda, Pooka; I am not really into education (it is a very interesting topic but far from what I am good at). Pooka has been invovled in on-line communities analysis for several years already, since we worked together at FES Iztacala. For a long time he wanted to graph the interactions at EDUSOL, which was obviously possible given it was all centered on three tools (IRC for live chat, Drupal for generic information and Moodle for the talks and workshops' material This has changed this year, as we are giving much more weight to Drupal and taking it off Moodle), and so last year he was finally able to generate a EDUSOL 2008 conference photo (warning: 2MB image, 4311x3352px), where each person's avatar appears where most of his interactions were. This photo was (unfortunately) achieved using non-free software, but is very much looking at! Now, this year Pooka stumbled upon a great tool, PieSpy (available in Debian package piespy). Piespy generates very interesting interaction graph for IRC channels, as you can see here: Piespy is a bot that sits in the IRC channel logging everything that any given user "says" directly to another one, and graphs it. Not much to say here, only that it generates a very good (and practically real-time) view of what happens on the channel. For this particular channel, and during EDUSOL, you can see here the latest IRC snapshots. Very fun to see - and somewhat addictive how it morphs across time :)

Attachment	Size
EDUSOL 2008 - Conference photo	1.97 MB
Current (Monday+Tuesday) interaction graph for our IRC channel	39.89 KB

I just finished packing up the signature collection for dedication-5.0.txt. Hopefully I didn't miss any signatures, saving about 400 attachments is tedious. Fortunately most people got the filenames right. On the down side, there were about 80 signatures that I couldn't verify because the corresponding key could not be found on the key servers. I've mailed the owners, and about 20 have uploaded their key until now. There are 355 valid signatures. Thanks to all for such a huge participation, that's about twice the number (185) we got for dedicating Potato to Espy in 2000. (These were DD-only, though.) Comparing to the various Debian keyrings, 207 active DDs participated, 3 former DDs, 12 Debian maintainers, and 133 other contributors. Let's hope Lenny will be as great as Thiemo would have liked it.