Oppression - particularly race and gender based oppression - has a long sordid history. One important aspect of oppression is exclusion. It doesn't matter whether it's officially acknowledged (segregation) or hidden (old boys networks) or something in between. It also doesn't matter whether it's explicitly based on race or gender or if that exclusion happens in a de facto way. Exclusion, in all forms, is a central tenant of oppression.

Tech culture within the Internet is one of the most gender and race-based exclusive cultures in the mainstream today. Sadly, the radical tech sub-culture of the Internet rarely challenges this exclusion and often furthers it.

Consider security. Before getting into the tech aspects of security, the general concept itself is fraught with gender and racial overtones. For example, there's the aggressive macho approach to security, or the racialized circle the wagons to defend against the "outsiders."

Our impression (and reaction) to security can vary wildly depending on our experience with oppression. It frequently comes as a surprise to one person that an idea about security could be interpreted as oppressive. However, to an entire group of people who have experienced a pattern of exclusion resembling that approach to security, it's profoundly racist or sexist.

Security and the Internet: default closed

With regard to Internet, there are an many ways to interpret security. However, within radical tech culture, most of the approaches involve exclusion.

Encrypted email, for example, requires that every participant have a special key, a working and configured program that can use the key, and access to this working installation for all email communications. If you don't have that, you can't participate.

Key-based shell access to a server is another example. A common and secure way to provide access to servers is to use an approach requiring every user to have a public key - rather than a password. You then need to connect from a computer that has the private key corresponding to your public key. More secure - yes, however it has the effect of excluding everyone without a key or the knowledge to generate one.

However, the example that is the most striking is the way we treat the concept of privacy. In radical tech culture, privacy is often the default. We decide to be private and then, maybe later, decide what we want to make public. Email list archives become private, email has to be encrypted, wikis have to be password-protected and the list goes on.

This approach requires a pre-defined group of people who are in. Nobody gets access to what this group produces unless the group decide later to make it public. And - people can only join if someone in the group can vouch for them.

Furthermore, even within this group, the overhead involved in communication is immense since every channel has to be secured before you can begin.

The result is an exclusive enclave within a network that is internationally famous for being decentralized and open. A country club on the Internet built by people who identify with left politics. And a very difficult environment for including new people.

And when a group like this is predominantly run by white men - or any other grouping of people with privilege - it effectively creates an environment that is not only exclusive but throws huge structural obstacles to challenging racism and sexism by removing itself from a bigger movement for liberation.

A "default open" approach to security

There is, of course, a need for security when organizing. However, "default closed" is not the only way to organize and, from both an anti-oppression and pro-security perspective, is not necessarily the best way.

A different approach is to consider a default open approach, and then figure out where to make exceptions. In other words:

• Organize most activities in such a way that all newcomers can be safely treated as part of the group until they demonstrate otherwise.

• Organize most meetings so that they are public and open to all (if it's an online - you don't need a GPG key or an SSH key to participate - although you will be encouraged to get one moving forward).

• Publish as much information about what you are doing publicly so new people can decide whether they agree with what you are doing before deciding to participate.

This approach probably sounds familiar to veteran organizers, since it's an old method for movement building. It also may sound familiar to techies used to Unix - since it's the approach taken with the file system (all files are readable by everyone, except the small handful that should not be public).

In an organizing context, certain information and certain discussions will need to be exclusive to a smaller number of people who are trusted with the group - however, this division and explanation can be public without divulging the private information. And this distinction should be a healthy debate within the group.

This approach doesn't guarantee an oppression-free organizing environment. However, it does provide an environment in which challenging oppression can take place.

In addition, this approach makes security significantly easier. Rather than trying to secure everything, we only have to focus on a securing a smaller subset of information and communications. And, we reduce our risks of divulging private information due to a technical compromise by operating mostly in the public.

Deciding on an approach to security

Ultimately, a group's approach to security will depend on the group's priorities. There are organizing campaigns now (and from our history) in which individuals face serious persecution for having their identities divulged or activities public. Sometimes that happens when we are working in a regime with laws we do not respect, other times our politics dictate acting in a way that makes us unacceptably vulnerable. And there are a many other reasons why staying under the radar is critical for one's organizing objectives.

How a group of people decides to organize will be a result of the individuals involved and their collective politics. Ultimately, we have to consider the risks involved, the sacrifices we are willing to make, and what our political priorities are. While the decision will be different for every group, there are few areas of work more in need of attention to exclusion and oppression than the Internet.

Here are some of my notes from attending the second day of the Open Video Conference in June 2009.

Opening Remarks

Jonathan Zittrain gave the opening address. Striking was the prediction (from the conference organizers) that by 2013 90% of all video traffic will be video. We can expect bandwidth costs for providers will go through the roof. Jonathan point's is the the big content providers ultimately sign contracts with the big Internet service providers. The basis is: the content providers suddenly, once they become big enough, can approach the ISPs and say: your subscribers want our content - let's strike a deal. And the deal is that they don't have to have their costs sky rocket as their bandwidth goes up.

Where does that leave small providers? It's an impossible to sustain growth model.

Makes me think a lot more about varnish - a web proxy server that allows you to create a network of servers proxying static content (like video) across many different servers on different providers. As DSL and cable providers are rolling out very high bandwidth personal packages - it could provide an opportunity for our members to contribute their own home bandwidth to the organization for distributing our video bandwidth.

Free Editing Software

A new one!! pitivi. Still doesn't work for me - but the demo makes it look like the uber simple video editing software of my dreams.

DMCA Take downs

YouTomb reports that it seems like the number of YouTube videos being pulled down is going down, but in fact the truth is that they are coming down so quickly after going up that they can't track it. The average is 8 days.

In one case, a YouTube user's video was taken down after a big company used his video. YouTube assumed the big company's work was the original.

We were also entertained by Scott Smitelli's experiment with YouTube's fingerprinter. YouTube maintains a digital fingerprint database of copyright works and automatically scans uploads against this database and automatically takes them down.

Some of the conclusions about how you can fool the fingerprinter:

• Don't bother changing metadata, title, description etc.
• Altering pitch or speed works (as little as 3% slowdown or 4% speedup)
• Volume changes don't work
• Removing parts of the song works in most cases.

As for video:

• Inverting colors works
• Removing initial a few seconds works
• Speedup/slow down works

Chilling Effects was mentioned as an important resource in fighting DMCA take downs.

A striking point made on a few occasions is that copyright law is causing increasing numbers of people to build private networks - a terrible trend for a public network.

HTML 5 and the video tag

Yes - it's coming! Support is coming soon in Opera, Safari, and of course Firefox. Soon, we'll be able to include streaming video in our web page by using the <video> tag just like we use the <img> tag for an image file. And, it looks like there's broad support for ogg/theora as the default encoding.

The problem, of course, is that Internet Explorer doesn't support it. How are we going to make this transition given their (still) majority share of the browser sphere?

And one last tidbid on the topic of ogg: A web site that will convert your video to ogg.

Bittorrent and pirate bay

The closing drew a comparison between the seizure of Elite Torrents in the United States, in which network admins went to jail with little or no notice among the rest of the country. In comparison, when Pirate Bay came under pressure, there were demonstrations and even a political party that jumped in to support the freedom of sharing.

The time has finally come.

After putting it off, I've finally started transitioning my gpg key.

I've published instructions for how to find (and sign) my new key. Thanks to dkg and micah for the help in getting this out.

If you have a gpg key, you may want to check to see if your key should be transitioned as well.

Technology, in particular the Internet, has revolutionized the use of video among progressive activists over the last 15 years. During this short span of time, the production and distribution of progressive video has moved from the domain of a small number of individuals and organizations with specialized skills and equipment to being within reach of nearly every movement activist or organization.

Despite the enormous contribution of the left toward democratizing media in general, and the influence of the left on the Internet itself, the first wave of this revolution on the Internet has corporate roots. In 2009, the ubiquity and ease with which anyone can distribute video to a large audience boils down to two develpments:

• Common file format. After years of struggle and confusion, the flash video format (.flv) has emerged as the dominant standard for delivering video on the Internet. The emergence of a dominant file format has lead to the wide adoption of flash video enabled web browsers, relieving video producers of the need to save their videos in multiple and often confusing formats in order to ensure that their work is accessible to everyone. Flash video is a foramt created and controlled by the Adobe corporation.

• Internet server infrastructure to distribute videos. Despite Free Speech Video's initial foray into hosting video (which was well ahead of its time), YouTube led the way for the masses to upload and share their videos. They've been followed by Blip TV and other corporations who have used their capital to finance large scale, centralized and tightly controlled spaces for activists to distribute their video files.

The second wave of this revolution is yet to come. Given the economic crisis, and the growing strength of the progressive movement both in the US and internationally, now is a critical time for the left to define and develop the next wave in video distribution.

Topics

Accessibility

Video collectives have a long history and intimate knowledge around the issue of accessibility to video. Having experienced the transitions from 3/4", to Hi-8 to MiniDV and other formats, and havig gone through the expensive and time consuming process of archiving work for future generations, video collectives have a lot to contribute toward the debate over how we should be saving our work online. Who should define the video formats we use? How do we ensure they will stay free and open?

Ownership/Control

In an era where exact duplicates of video works can easily be made, how should we define ownership of our work? How does Internet distribution affect ownership? Under what conditions should we be distributing our work?

Infrastructure

Who owns the airwaves becomes who owns the servers? How do we assert control over the means of distribution? How do we communicate this principle to our allies?

Collaboration

Groups like Paper Tiger and Indy Media have redefined the way we can make television by introducing a collaborative approach. How can we extend this idea from a small group of producers to the Internet? How can Internet distribution contribute to collaboration?

Sustainability

The corporate Internet is a graveyard of failed ideas. How can we build a distribution system that won't fail when it runs out of venture capital?

What's happening now?

There are a number of promising developments in the area of Internet/video that are relevant in this discussion.

Internet Archive. The Internet archive is a nonprofit building a library of online artifacts (including video).

Miro. Miro TV is an effort to combine a free media player with free software that aggregates existing video on the Internet, providing a "TV Guide" for leftist video on the Internet.

Engage Media. Engage Media is an activist video sharing site focused on Asia Pacific (based on Australia). They are an example of a YouTube alternative for activists.

Transmission.cc. The Transmission Network is an international coalition of groups working on online video distribution tools for social justice and media democracy.

Open Video Alliance. The Open Video Alliance seems similar in scope to the Transmission Network. They are having a conference in July in NYC.

I just saw an announcement on a politically smart list saying that a collaborative document was just made available on Google Docs (a web application provided by Google that allows multiple people to collaboratively edit a word processing document).

Many people are concerned about privacy in the realm of corporate services like Google Docs (Google, and anyone with legal access to Google, can read everything you post).

While I agree, I'm even more concerned about reliability. I don't believe we should count on services provided by corporations (or corporations themselves) being around for the long haul and we certainly can't count on them to gracefully close. When capitalism is doing well, corporations are purchased, merged, and re-organized with unpredictable changes in the quality or future of services. In times like the present, corporations slash services or just go belly up. And regardless of the economic climate, network access to corporate services can be turned off in an instant in response to any number of spurious copyright complaints or politically motivated criminal investigations.

What happens to our library of documents when this happens? Can we count on a warning that would allow us to retrieve our data?

You could argue that Google is one of the most financially powerful institutions on the Internet and is therefore highly unlikely to be bought or go belly up. Yet, do we really want to hitch our political movements to the financial success of a corporation whose intent is to dominate the Internet? Do we want to support a practice that will, over time, make us increasingly interdependent on Google?

Fortunately, there are alternatives. "Alternative" in this sense doesn't mean a nonprofit or other entity offering the same services as Google Docs (yet another unreliable data silo), but instead alternative in the real sense of the word.

The project is called oo2gd (OpenOffice to Google Docs). It allows you to synchronize your documents from OpenOffice, a free office suite, to Google Docs (and several other network platforms). With oo2gd you can use Google Docs while always preserving, off line on your own computer, copies of your work.

One of the best conferences in New York City is looking for fresh volunteers! Anyone who feels strongly not just about grassroots media but about broad based progressive organizing should consider helping out. For more information about the project (if you are not already familiar with it) - you can checkout their website.

Here's the call for the volunteers:

CALL FOR PARTICIPATION: Sixth Annual NYC Grassroots Media Conference!

Host: NYC Grassroots Media Coalition
Date:Wednesday, January 14, 2009
Time:7:00pm - 8:00pm
Location:NACLA office
Street:38 Greene Street, 4th floor (corner of Grand Street), SoHo

Come out and help organize the most important media gathering in NYC! Get to
know grassroots media makers and social justice organizers from around the
city while working to change our city's media landscape. Network, learn
about media, and make friends!

We're looking for people to join our core organizing team. Starting in
January, you'll work closely with staff and other organizers to make this
the most diverse and exciting GMC yet. We particularly need people with
event organizing, design, and web skills, but we welcome everyone. So come &
learn about the organizing process and meet the rest of the group.
The NYC Grassroots Media Conference organizing committee actively seeks
participation from different ethnic and racial backgrounds, sexual
orientations, classes, and physical abilities.

Phone: 8023098146
Email: jbatten517@gmail.com

Thanks for the work of May First/People Link member AWAAM, I've been following the story of Khalil Gibran International Academy, a school that opened in 2007 in Brooklyn to serve as a dual-language Arabic/English school where a mixed group of Arabic speakers and non-Arabic speakers would learn together.

The story of the school's opening and the original principal getting pushed out because she acknowledged that "intifada" was a word with meaning and history is tragic. However, that was just the beginning. Seth Wessler has written an article documenting the continued impact of a conservative campaign to undermine the school with the latest twist: pictures of mosques being cut out of the text books.

On Wednesday, November 12, a collaboration of activists and pranksters distributed a remarkably high quality spoofed copy of the New York Times along with an equally artful website.

The reaction was phenomenal. News of the project was forwarded, blogged, discussed, txt'ed; subjected to rants and raves; and picked up by news organizations all over the world.

The server hosting the website, run by May First/People Link members The Yes Men got slammed. Almost immediately. And, was practically unreachable for the first day.

By the next day, the website was being distributed over four servers in three locations (later extended to six servers in six locations) and was being supported by activist techies spanning close to a half dozen radical tech collectives throughout North America, including May First/People Link, Riseup, Indymedia, Koumbit, Guerillartivism and more. And, the site was delivering page views faster than anyone expected.

What happened? How was this turn-around possible?

Day 0

Before this idea was even born, The Yes Men chose to host with a politically progressive provider, not a corporate provider. This step is one of the most crucial steps any politically focused organization can choose. Here are a few reasons why:

• Activist providers have more resources. This assertion sounds counter-intuitive to the way we think about the left and capitalism - we're used to being in situations where the left is under-resourced and the capitalists are awash in venture capital funding. However, when it comes to the Internet, hardware/capital is only one of many resources we need. Labor, particularly highly skilled labor available on a moment's notice is far more critical. And activists providers are impressively organized with high caliber skills. Furthermore, the hardware costs are increasingly coming down to a point where even under-financed activist groups can afford them. And finally, in case you haven't noticed, venture capital is waning these days. Really. Waning.

• Activist providers are more flexible. We're used to calling our corporate service providers and getting someone on the phone relatively quickly. That's great. Except the person we get on the phone usually knows less than we do and has no power or authority to do anything. Activist providers don't have the resources to be on call 24/7, but once we got on a problem, we have the flexibility, authority, and knowledge to help. Furthermore, we have the ability to call in our networks to bring in resources beyond our organization.

• Activist providers actually want you to get more traffic so that you'll win. We experience a lot of strange hand-wringing from our members over what happens if we get a lot of traffic. That's understandable since commercial providers want you to get more traffic so that they can charge you more. Activist providers want you to get more traffic so that you'll win. Most of the activist providers who stepped in to support the Yes Men will be getting higher than usual bandwidth bills this month. Although we're all strapped for cash, this is a good thing and the very reason why we exist.

• Activist providers extend the organizing project to the Internet. By choosing an activist provider, the Yes Men made a conscious and active decision to share their success with the radical tech movement. We're stronger as a result, meaning the next time we have a similar situation with another site or another group, we will be that much more prepared and ready thanks to this decision by the Yes Men.

By hosting with an activist provider, the project had a different level of access to the network of people and organizations that eventually made the site sing.

Day 1

The site, which is running a free content management system called WordPress, is on a mostly dedicated, very powerful server (4 processors, 4 GB of RAM). Nonetheless, by the middle of day one the server was on it's knees.

When the server went into overload, we immediately created an Internet chat room open to the public to help figure out how to get the site up and running. Although the handful of people working on the server were able to make small improvements, the real change happened when we were joined by our allies from Riseup and the network of tech activists they had access to. May First/People link has at our disposal two dozen machines in 5 locations around the country and an impressively skilled tech team. When we were joined by our allies, the resources at our disposable (directly and indirectly by our ability to grow even larger) became incalculable.

We spent the next several hours setting up caching servers around the country to reduce the load on the primary server. We experienced a lot of serious technical hurdles in the process, however, between the half dozen techies involved, we were able to declare success at 1:30 am. We experienced a few blips and minor problems, however, for the most part, the site was being successfully server to everyone who came.

Day 2

The next day we all monitored the site and the caching servers, eventually increasing the number of servers involved roe 4 to 6. We experienced a few minor problems, however, the site worked so well that conversation on the chat channel turned to brain storming new content to add.

Lessons Learned

"If we could do it over again" is a common refrain on all projects and this one is no exception.

It is very difficult to predict success and even harder to predict server load of a successful project, since every year the numbers of people who might view our site changes along with the software and hardware we use to power the site. At May First/People Link we have members predicting huge spikes that never materialize, while at the same time experiencing spikes they had no idea were coming. Nonetheless, with more advance warning, we could have had the caching network in place for the day of the launch. Additionally, we should have put a call out to our network for help immediately, which may have resulted in the caching system setup happening earlier on the first day.

For obvious reasons, the project chose to use the commercial DNS provider joker.com to host their domain name so that if anyone queried who was handling their domain name, the query would return:

a.ns.joker.com b.ns.joker.com c.ns.joker.com d.ns.joker.com

Yes, irresistible.

However, since the domain name was under the control of a corporation, not one of our allies, we were unable to properly control how long an IP address was assigned to the domain name nytimes-se.com. This lack of fine grained control made if difficult to switch to the caching system we had in place, and made it difficult to remove mis-configured caching servers.

Technical details

For the technically curious, below is a brief synopsis of what we did.

Our first move was to install and enable the WordPress supercache. For a while we thought it was broken because we experienced a lot of Redirect errors:

Request exceeded the limit of 10 internal redirects due to probable
configuration error. Use 'LimitInternalRecursion' to increase the limit if
necessary. Use 'LogLevel debug' to get a backtrace., referer:
http://www.nytimes-se.com/nytse/wp-content/themes/nytimes/style.css

However, we later realized that the errors were caused by an errant .htaccess file one directory up from the root directory.

Next we worked on getting the right number of MaxClients set in the Apache configuration. Too many clients and the server load sky rocketed. Too few clients and the server would start refusing connections. After a lot of back and forth we settled on 256.

Also, the following sysctl parameters were changed from 60 to 15 and from 7200 to 1800 respectively:

/proc/sys/net/ipv4/tcp_fin_timeout
/proc/sys/net/ipv4/tcp_keepalive_time

Next we tried to off load some of the large files (a few pdfs and mov files). After struggling for too long trying to get a fancy ModRewrite to work that would have allowed load balancing between multiple servers, we just put in a RedirectTemp to a single server.

Finally, we moved the database driving the WordPress site to another server.

For a few extra CPU cycles, we temporarily turned off two services: munin, and cron.

Despite all of these efforts, we were hitting loads of up to 170 and nobody could access the site.

We next worked on what appeared to be some WordPress rewrite rules going awry, which may have been contributing to the load problems (loops and loops and loops). At the same time we started setting up Squid proxy servers to help balance the load. Between the pool of techies working on the project, we got four squid servers up and running very quickly.

The next period was the most frustrating. It was really hard to trouble shoot the rewrite/looping rules after we had the proxy system in place - we couldn't tell if the looping was caused by the proxy setup or was an undetected error prior to moving to the proxy setup.

Eventually, we stopped the loops with a one line WordPress plugin.

However, Squid and WordPress still gave us problems. They simply do not seem to get along very well (specifically - Squid re-writes http requests that is passes back to WordPress in a way that WordPress cannot handle). After hours and hours of trouble shooting, a brilliant 1:00 am suggestion was made: let's switch to varnish (an alternative caching server). Varnish was setup in a matter of minutes (much simpler to configure) and worked extremely well. In the end, we got three varnish servers up and running.

The stats

A look at the stats is quite sobering. Normally, in our colo center in Telehouse, our combined membership uses just under 10 Mbits. Below is the graph for just the nytimes-se.com server:

And here are statistics for just one of the caching servers:

The offline world

Fortunately, thanks to some members of the Rude Mechanical Orchestra (and many many others) there were other methods for people to access the paper:

Working on tech support in Guatemala City in October 2008 for the Social Forum of the Americas is having a profound impact on my assumptions.

The Internet and all my assumptions about tech are very different in a place without regular, high speed Internet access. It's not possible to just say it's like being in New York 10 years ago, because it's not like that. The Internet I use regularly is an Internet based on an assumption that you have high speed Internet access - an assumption that didn't exist 10 years ago.

Now, I'm re-thinking everything, like when and how often I install full system upgrades, the value of having installation disks that don't need a network connection to install an operating system or program, and how our communications protocols should function if we assume inconsistent network connections rather than the opposite.

I've arrived, with less than an hour of sleep. The irony of the last leg departing from George Bush Airport is not lost on me.

The big news today: Evo Morales is going to address the Forum!

It's happening on Thursday. It's throwing a bit of wrench in the scheduling, but there's definitely excitement here.