venerdì 30 novembre 2018

And now for something completely different: QtQuick.Controls 2 for the desktop!

As you might know, the QtQuick.Controls 1 module has been officially deprecated since Qt 5.11; this had been in the air already since quite some time, given that the development of the module had almost stopped. It looks like The Qt Company is mostly investing on the more performing QtQuick.Controls 2 module, and is inviting developers to switch over to that — at least for new projects.

However, there currently isn't a style available that would make an application using the QtQuick.Controls 2 look native on the desktop. There has been an attempt at it, but it soon turned into a custom style for the KDE desktop environment. So, some time ago I decided to give it a try: I started by forking the project of the KDE guys and as a first step I removed the dependency on the KDE libraries.

A button generated by the QML QQC2 desktop style
A traditional QPushButton
The difference (enhanced in Gimp, or you wouldn't see a thing)

It's a work in progress, and it probably has a long way to go before it's usable for a real world product, but I'm trying my best to turn it into something you can trust: this is a project where Test Driven Development fits very well, because in order to ensure pixel by pixel visual compatibility (that's my goal indeed!) I'm running a test where I create the same widget using the QtWidgets module and with this QQC2 style, and comparing the resulting surfaces for equality. In the pictures above you can see how the Button element looked earlier today (before I fixed it 🙂), compared to a traditional QPushButton: the test code creates a visual diff of the two images, and the test passes only if the resulting image is pitch black (with a very small tolerance for possible differences in font antialiasing).

For the time being I'm focusing my attention on the visual appearance of the individual widgets and their implicit size, but I'll soon add tests (and code) for layouts and interaction behaviours. I also need to extend the tests: they are currently run in GitLab CI for Linux only (where I can test the Fusion and the Windows styles), but I hope to find a way to run them in AppVeyor and on Mac OS. By the way, if someone knows of a CI service which would allow me to run my graphical tests on a Mac, please let me know in the comments.

This is an early notice that the project exists; if you have some time and energy to spare, you are very welcome to help me with the development.

Etichette: , , , ,

sabato 24 novembre 2018

Cammino quindi penso - 2018-11-23 - Storie di ordinario giornalismo

L'imperdibile scontro tra il giornalista Manfellotto e l'economista Claudio Borghi ad Agorà è l'ennesimo episodio di cattiva informazione. Inevitabilmente la faziosità dei professionisti si riflette nel giornalismo da loro prodotto.

Etichette: , , , ,

martedì 20 novembre 2018

Why you shouldn't encrypt all your private communications

I was at the LinuxPiter conference a couple of weeks ago, and among the many interesting talks, a couple were about cybersecurity, privacy, encryption.
The main point of these talks was roughly this: end-to-end encryption is getting easier to setup, so we (the technical audience at the conference) can start protecting all our private communication and hopefully help bringing the technology to a state where it's more accessible to the masses.

Cyber Security

The reasons why people want to encrypt their private communications are varied: sometimes it's about hiding one's communications away from an oppressive government or from big corporations; other times it's about avoiding personality theft or stalking; but in general, the core point is that it's my private communication, and no other eyes than mine and the intended receivers's should have any right to see it. And this sounds pretty reasonable indeed.

However, some reading into the history of the technologies used to achieve this result has left me doubting. And actually, as this article's title says, I've slowly grown convinced that I should fight the battle on the opposite front, and convince people not to pursue the goal of encrypting their private digital lives. Which will probably get you suspecting that I've gone out of my mind, to propose not supporting something that nearly the entire technical community recognizes as valuable. But if you bear with me a little longer, I'll try to explain.

Let's start with this quote by Edward Snowden:

“Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.”

I do care about my privacy and, furthermore, I'm not such a hypocrite to say that I don't have anything to hide: quite the opposite, there are plenty of things I don't want people to know about me. I'm not arguing against the right to one's privacy, and I do use encryption when storing sensitive data on my computer or when sending out passwords to people. And I've long stopped sharing bits of my private life on the big social networks, which I mostly use in write-only mode for spreading political propaganda (and I invite you to do the same, unless you have already left them: these places must die). What I am objecting to is mass encryption of all of your communications, just for the sake of making them inaccessible to everyone else.

I don't want to hide things from the government. I definitely want to hide as much as possible from corporations and other individuals, but I do want the state officials to be able to access any private conversation of any citizen. I do not want mass surveillance, but if there are serious reasons to suspect that a person could be involved in some crime, then I want the state to be able to look into the suspect's conversations — while exercising maximum care so that these are not leaked to the press and, in general, to people who don't need to know about them. Call me naive or an idealist, I still hold the state responsible for my own safety and the sole guarantor of justice. Should state officials abuse their position and either leak the private communications of the citizens or — worse — use them for blackmailing, this is something that should be investigated and punished, but I don't believe that it is the norm. Considering Snowden's revelations about the extent of the mass surveillance program in the U.S. and seeing how little of this information has been revealed or used by malicious state officials makes me optimistic in thinking that this is a secondary problem.

Surely someone could point out that not all governments are trustworthy: totalitarian regimes suppress dissent, while encryption could help the oppressed speak freely and organize themselves. The first part of the sentence is certainly true, but the second part reveals, in my opinion, a wrong evaluation of the reactionary movements. Let me explain it more clearly with one example.
My western readers would probably include Russia (the country in which I live) in the list of the “totalitarian regimes” I mentioned above; but you might be surprised to know that the West's favourite opposition character, the nationalist Alexei Navalny, who is getting jailed every other month for minor offences, is quite open in his criticism, and provocatively organizes actions that he knows will get him into trouble, with the goal of getting maximum visibility and exposing what he believes are unreasonable laws. If on one side there could be some value for revolutionaries to use encrypted communications during the initial phases of their action, on the other, the real change can only be brought forward with the involvement of the masses — which means one needs open talks.
And even if we limit ourselves to the early phases of the organisation of a reactionary plan, I do believe that using encryption carries the bigger risk of alienating one's potential allies, which were not part of the conversation, who might easily be led to believe (the conversation not having been released) that the participants in these secret talks were after some criminal plan or were getting support from some foreign country.

Beijing Airport
Picture this: at the airport security check (maybe in a country whose government you don't trust the least), you are asked permission by the officials to open your luggage for a search. If you refuse, they'll confiscate your luggage, but they'll let you return home free; if you agree, you'll be able to return home free, and with your luggage.

And we get to the real criminals. No matter how some politicians are abusing the topic for their own profit, it remains a fact that terrorism exists and terrorists operate in our cities. If we all encrypt our conversations, we practically preclude the security services from performing a screening which could help them focus their attention on potential suspects; and whether the terrorists encrypt their conversations has little impact: the very fact that a conversation is encrypted could raise some suspicion (which doesn't mean that the security services would hunt down everyone who uses encryption! — but their online behaviour could be monitored for some time).
Furthermore, I don't buy the story that these technologies are good because they can help those who fight against injustices in some remote oppressive country; on the contrary, I have a strong suspicion that the reason why these technologies are pushed forward it to protect the corrupted financial world from having their deeds exposed, here at home. Well, maybe that's not the goal, but indeed those people would benefit from it, at our expense.

Finally, let me spend a couple of words on encryption technologies, because I believe that their history matters and that we should be aware of who stands behind them. Suppose that you were a Russian dissident, and the GRU sponsored the development of some technology that promises full anonymity and secrecy; would you use it? I hope you agree with me, if I say that you'd have to be a complete fool to use it, no matter how many independent agencies have analyzed the technology and found it to be impenetrable. The lamb would never live in a house built for him by the wolf, no matter how comfortable or solid it looks like.
That's why, if I had to name one particular privacy enabling technology which I recommend you not to use, that would be Tor. Developed in the '90s by the U.S. Navy to be used by U.S. intelligence agents embedded in foreign countries, the Tor project is still being funded by the U.S. government and its usage is being promoted worldwide, in order to make it harder for foreign government to identify the American agents; because it goes without saying that, if the U.S. agents were the only people using Tor, then foreign security services would have a rather easy time spotting them.
Now, if you are perfectly fine with the U.S. government being able to read your secret communications, by all means do feel welcome to use Tor. But if you are a dissident in either the U.S. or an allied country, be it a Western European country, Japan, Israel or Saudi Arabia, then I'd think twice before using it. And even if you lived in Russia, China or Iran, well, the same fact of connecting to Tor carries the potential risk of exposing you as a rebel or as a foreign agent.

That's why I don't encrypt my online conversations, and I don't strive to be anonymous online. No matter how bad the government we live in might be, I'm deeply convinced that the state is the only authority that can protect us; and if we don't trust it, or if we want to act against it, then we'd rather do it openly, suffering all the consequences that might arise, but having done all our best so that other people might find the courage to join our cause.

Etichette: , ,

sabato 10 novembre 2018

Cammino quindi penso - 2018-11-10 - Di Maio, figuroni con l'inglese!

Prendo alcuni spezzoni dall'incontro di Luigi Di Maio con la stampa estera in cui - a mio parere - la lingua inglese l'ha fatta un po' troppo da padrone. Per sorridere un po'.

Etichette: , , ,