Episode 57: Do we have to do more Facebook?

Posted on by Christie Koehler

Download: Episode 57

This week Audrey and I chat about Facebook and Mark Zuckerberg’s testimony to Congress, the Fuse payment card hack, encrypted DNS, and more. Enjoy!

Show Notes

Community Announcements

The Responsible Communication Style Guide is headed back to the printers!

When we sold out of print copies of The Responsible Communication Style Guide last fall, we promised to do another print run in early 2018. We’re happy to announce that we’re ready.

If you’ve been waiting to pick up a printed book (or enough for the rest of the office so they stop filching your copy), this is your chance. Order now!

Now Broadcasting LIVE most Fridays

We broadcast our episode recordings LIVE on most Fridays at 10am PST. Mark your calendars and visit recompilermag.live to tune-in.

We love hearing from you! Feedback, comments, questions…

We’d love hearing from you, so get in touch!

You can leave a comment on this post, tweet to @recompilermag or our host @christi3k, or send an email to podcast@recompilermag.com.

Transcript

CHRISTIE: Hello and welcome to The Recompiler, a feminist hacker podcast where we talk about technology in a fun and playful way. I’m your host, Christie Koehler.

Episode 57. This week, Audrey and I chat about Facebook and Mark Zuckerberg’s testimony to Congress, the Fuse payment card hack, encrypted DNS, and more. Enjoy!

I think we should get started. Full show today. First, you got any announcements, Audrey?

AUDREY: I do. Do I have the announcement in front of me? Is the next question. Okay. So, we are a media sponsor for the upcoming Heartifacts conference. We talked about it last week. But it’s this really neat event coming up later this month, I believe, in Pittsburgh, about technology and people, how we do the work that we do. It sounds like it’s got some great talks. And so, we encourage you to check it out. They’ve offered us a discount code, which we’ll have in the notes.

CHRISTIE: Awesome. And yeah, it’s April 20th and 21st. In Pittsburgh and the code is, is it media-RECOMPILE?

AUDREY: I think, yeah.

CHRISTIE: For 20% off. So, that’s pretty good. 20%. That’s nothing to… yeah. What else you got, Audrey?

AUDREY: We are also still taking pre-orders for the second printing of ‘The Responsible Communication Style Guide’. Right now, I don’t think we’ve even hit half of our minimum order that we’re going to need to do a full reprint. So, we still need orders. We especially need office and classroom orders, if you’ve been thinking about that. Anything that will kind of help us get to that minimum order so that we can send it out.

CHRISTIE: Awesome, yeah. So, if that’s been on your to do list, to do an order of that, now is the time. Don’t wait any longer. And you can go to shop.recompilermag.com or RCStyleGuide.com for links to how to do that, and more information about it. Any other announcements?

AUDREY: That’s it.

CHRISTIE: Cool. Alright. First topic, Facebook.

AUDREY: We talked about this before and it was like, do we have to do more Facebook? Really?

CHRISTIE: Yeah. And when I tweeted just now the topics we were going to be talking about, I included the eye-roll emoji. That’s not to say I don’t think this is important. It’s just, I find it tedious and exhausting, right?

AUDREY: Especially because the shape of what we’ve learned hasn’t changed. And there were folks pointing out the possibility of this and the likelihood of this years ago. It’s just that…

CHRISTIE: Some people were even doing on the ground research with puppets to demonstrate some of these issues with Facebook.

AUDREY: Yes, some of us were. And so, given that, given that we have this long history of criticism of Facebook and similar providers that do data collection and [may] abuse their data collection, it just feels like, “Okay, so now we’re finding out the ball of ick is the size of two houses instead of one house,” or I don’t know. It just seems like really, what we’re talking about is scale and responsibility. And the responsibility is I think the part that we’re going to dig into this week.

CHRISTIE: Yeah. And I feel like there’s a couple of intersecting issues when it comes to Facebook. They’re all really big. There’s the issue of algorithm transparency, right? And in terms of the information that people see and how they interact with each other. And we’ve talked about that. We’ve talked about this concept of algorithmic violence and how not having transparency about this stuff is really damaging. You dug up a really interesting example that we’re going to try to get more information about locally with software that determines who should be released when the local jails are at capacity. So, we’re just starting to see examples of this everywhere. And then there’s this issue of monopoly, power, right? And then there’s also this issue of – I didn’t add it to the show notes until just this morning, Audrey. So I’m not sure you saw it. But New Yorker had this piece I really appreciated. It says, “We may own our data, but Facebook has a duty to protect it.” And it introduces this idea of an information fiduciary where – did you see this?

AUDREY: No. but the concept makes sense to me.

CHRISTIE: Yeah. Someone – there’s a researcher who’s – of course I glossed over the name of the researcher. Jack something. Let me grab it. Jack M. Balkin, a constitutional-law professor at Yale. And I want to go deep-diving into this, because it probably doesn’t surprise you Audrey, and it probably won’t surprise some of our listeners, that this concept of fiduciary is totally up my alley. But it says, “Fiduciaries, in traditional contexts, are defined by two responsibilities. They must be loyal to their clients’ interests, and they must show a duty of care.” And then the article goes on to give some examples of that. And it specifically gives examples of like, how the congressional testimony this week is really getting bogged down in this idea of who owns the data on Facebook. And that might be the wrong model to think about this, because when you go to work with your accountant, you don’t have this back and forth about who owns the data about you. In that profession, there’s an expectation that the accountant will be loyal to you and that they will show duty of care and that they’re not going to like, go…

AUDREY: Put your tax records on Facebook?

CHRISTIE: Right. Or to leave Facebook out of it, they’re not going to go to the local paper and tell things about you. Or go to sell your name as someone who might be a good lead for certain kinds of other financial services.

AUDREY: Right, yeah.

CHRISTIE: That if you need a referral for something like that, it’s much more consent-based and opt-in.

AUDREY: You wouldn’t just yeah, get a deluge of mail from people saying, “Well, if you need to reschedule your IRS payments, then here. We’ll negotiate that for you.” That’s something that your accountant and you would talk through directly.

CHRISTIE: Yeah. And it also points out that an accountant is someone you pay to do work for you. And so, there’s this “Who’s the customer and the user and whatnot on Facebook?” is all mixed up.

AUDREY: Right, yeah. Oh shoot. I think I meant to bookmark – there was a thing that I saw where somebody – maybe because Zuckerberg had said, “Oh well. What we do is equivalent to eight different apps that you could have.” Somebody had calculated what the cost per user would be to replace the value that a user has for Facebook. And I think that they worked it out that it was like $100 a year, if you were to pay for what Facebook does for you. And I thought that that was really interesting, because that does give us a starting point to talk about this idea of who the customer is and who pays for it. That some of us might find Facebook worth $100 a year, but a lot of people wouldn’t.

CHRISTIE: Right.

AUDREY: And that $100 a year as a person in the United States would still be subsidizing people elsewhere. It would still be subsidizing customers in other countries where their advertising data value just isn’t as high to the companies that are buying it.

CHRISTIE: Yeah. So, there’s a couple of monetary things to consider there. There’s “How much would you as an individual, if you were to pay for the services Facebook provides, how much would you have to shell out if that weren’t free?” There’s “How much is a user worth to Facebook?” Then how much does that user cost to Facebook? And I’m guessing they cost very little compared – on average, they cost very little to what they earn for Facebook.

AUDREY: Sure. I mean, with that may users, the cost per users just – it has to be fundamentally pretty low.

CHRISTIE: Right. And Facebook’s real value is generated from these aggregates, for the most part.

AUDREY: Yeah. So yeah, I guess the way that I was thinking of it is that if you are paying Facebook, you’re sort of paying the replacement value of what you’re worth to them. Which, it isn’t necessarily how that would actually play out. But I don’t know. It was helpful for me to think about that.

CHRISTIE: $100 sounds way too low. But, yeah.

AUDREY: On average, though.

CHRISTIE: Well, okay, yeah.

AUDREY: I’ll have to go look up what the person was actually saying.

CHRISTIE: Right. And maybe, yeah, because Facebook has a lot of users. There’s this tweet from David Carroll that said, “Did you notice #Zuckerberg attempts to redefine the very definition of ‘privacy’ as what we share, not what he collects?” That was interesting.

AUDREY: And it’s like, the Wired pieces that we have linked here talking about what community is and how every statement that Zuckerberg makes is about this idea that Facebook is a community. But communities are reciprocal. They’re multi-directional. You don’t have – it’s so funny because to me, this goes back to this conversation we’ve had in open source a long time about the role of a corporate community manager. That’s a job title that a lot of people have. But what it actually means in these tech company contexts is somebody who shapes the interactions between the company and its customers or the company and its users. And that’s really not what we mean when we – me, you – talk about community at all.

CHRISTIE: Yeah. That was always my frustration in going to conference type things that were geared at community managers, is that there was a big split between the people who did it for a living and essentially were part of a companies’ marketing departments usually and then the people who were doing it on a volunteer basis.

AUDREY: Or is part of their actual community participation.

CHRISTIE: Right. In Wired, it says, “Facebook’s 2 billion users…” – so I guess $100 per user if there’s two billion users. Okay. That makes more sense now. “Facebook’s 2 billion users are not Facebook’s ‘community’. They are its user base, and they have been repeatedly carried along by the decisions of the one person who controls the platform.” Zuckerberg.

AUDREY: Yeah. And the more that I read about how things work internally at Facebook, the more that it really emphasizes that personal responsibility. There are lots of people at companies that distribute the responsibility such that their liability is smaller. Zuckerberg has actually left himself in a situation where his personal liability – and I mean this more in like a moral sense than a legal sense.

CHRISTIE: Darn.

AUDREY: That his personal liability is very high, right?

CHRISTIE: Right.

AUDREY: Because he is directly making a lot of decisions because he micromanages. Because if it interests him, he is involved in the day-to-day aspects of it.

CHRISTIE: Right.

AUDREY: That’s another thing that I have bookmarked that I didn’t put in here, actually. Somebody did a bunch of interviews with ex-Facebook employees about this stuff.

CHRISTIE: Ooh.

AUDREY: And yeah, they had some interesting perspectives on that.

CHRISTIE: When I was at Mozilla, periodically someone would leave and go to Facebook. And that always – I mean, I got used to it. But at first, it really surprised me because I had trouble making sense of, “If you came to Mozilla for the mission and all, how can you possibly go to Facebook?” But yeah.

AUDREY: But I mean, maybe if people are interested in that big user base and what they can provide to them, then it might be appealing in that way, even though one of them monetizes it and – well, they both monetize it, just in very different ways.

CHRISTIE: Yeah, I don’t know if it’s all that different.

AUDREY: I guess I’m thinking about the specifics of the data and the user aggregation.

CHRISTIE: Yeah. I don’t think they’re equivalent. But it’s still selling attention in a way. I was listening to some NPR coverage – it might have been Marketplace – talking about Facebook and congress. And they made one comment that I thought was interesting. They were saying congress – what is the population now? Is it 350 million at this point? In that range? So, that’s the sort of number of people that congress is – not responsible for but part of governing.

AUDREY: Responsive to?

CHRISTIE: Yeah. Facebook has 2 billion users. So, there’s this disparity between the user base of Facebook and the user base of the United States.

AUDREY: Right, yeah. Facebook is bigger than a country. And yeah, it’s absolutely right to think about how the political power that they have is proportionate to that. And also, one of the things I keep seeing people mention is that Facebook is still trying to figure out how to get into China. And so, a lot of what they’re doing in a way is preemptively becoming friendly to what China would want from this kind of service. China in the sense of the government, not the individual users. And yeah, I don’t know. I thought that was really interesting that one of the things that might be shaping this attitude toward privacy and this lack of responsibility is the thought that they’re not aiming for us as their standard.

CHRISTIE: Right. So, what’s interesting is I was curious how that 2 billion figure compared. According to Wikipedia, India has 1.2 billion and China has 1.4 billion population. So, 2 billion. Anyway, that’s…

AUDREY: Yeah. Well, it’s like, I don’t know, all of Western Europe plus the United States plus Brazil. And yeah, some of India – where that 2 billion user base could come from. Yeah.

CHRISTIE: Okay, so we’ll have a bunch of links. Anything else about Facebook?

AUDREY: Well, that there is a bill that was introduced to try to take on some of this Data Privacy stuff.

CHRISTIE: Is that the Consent Act? Or is that totally different?

AUDREY: I think so, yeah.

CHRISTIE: Okay.

AUDREY: Yeah. And then I think after these hearings, there’s probably a lot more interest in regulation or looking at Facebook as a monopoly that can’t be responsible for itself.

CHRISTIE: Yeah. “After Facebook hearing, senators roll out new bill restraining online data use. The CONSENT Act is the toughest effort yet to rein in ad targeting online.” So, we’ll link to that. It’s short of Customer Online Notification for Stopping Edge-provider Network Transgressions.

AUDREY: And did you see that photo of Zuckerberg’s notes from the hearings?

CHRISTIE: No.

AUDREY: I guess he left his notebook open at one point. And I don’t know. There’s some interesting details in there.

CHRISTIE: Oh. You’ll have to track that down for me. I’m curious.

AUDREY: Yeah.

CHRISTIE: Or I’ll look for it.

AUDREY: Yeah. One of the things that I think we had talked about before is the new EU Data Privacy Law. And whether this has an impact on US customers, too, if they have to meet a certain standard. And Facebook had been – well, Zuckerberg had been saying that they were only going to do it for EU customers. But his notes seem to imply that it might be a little bit broader than that.

CHRISTIE: Okay. Okay. So, next up in horrible security news.

AUDREY: The endless, endless security news, yeah.

CHRISTIE: Apparently there’s this thing called a Fuze card which I guess there’s some class of product called smart cards. And this one was intended – the pitch behind this is that you only have to have one card in your wallet. That this is a smart card. It holds data. You load the information for all your other credit cards onto this thing and then it’s got some buttons on it. And when you want to pay for something, you select the credit card you want to use. That information gets loaded up on the mag strip or the chip. I’m not sure how this works. And then you’re good to go. Have you ever used one of these, Audrey?

AUDREY: No. But I have set up Apple Pay on my phone. And so, for things that are set up for that, I do have a similar ability to pick which card I want to pay with.

CHRISTIE: Okay. So, this is like – so, Apple Pay is like a software version of that. Well, I guess not if you…

AUDREY: Using the iPhone hardware.

CHRISTIE: Use your phone. Yeah, okay. The iPhone is probably a more secure implementation.

AUDREY: I think that iPhone’s the more secure implementation of most things.

CHRISTIE: Okay. So, some researchers – a researcher from a security firm ICE9 Consulting found this vulnerability. And they did it using an x-ray machine and forensic software to thoroughly reverse-engineer the inner workings of the Fuze card. And it says, “After analyzing the pairing process and the way the app communicated with the card, he quickly discovered it was possible for anyone with physical control to view or tamper with all the secret data it was designed to securely store.” And then I watched the video. You basically can use Linux software to pair with it and then dump information from it.

AUDREY: Nice.

CHRISTIE: It says, “The vulnerability appeared to stem from an ‘oversight around assumptions of who would be able to communicate with the card.’ The assumption seemed to be that ‘if someone got hold of your card, they would never try to pair the card over Bluetooth and download the data.’”

AUDREY: Isn’t bluetooth one of the primary attack vectors for this kind of thing? Because of oversights in pairing.

CHRISTIE: Yeah. And how much of it is not encrypted and yeah. So yeah, I think to me the biggest thing – and here’s another quote from the Ars Technica article: “The vulnerability is a reminder that sound security often works at cross purposes with the type of convenience Fuze is promising. The company’s website devotes a large amount of space to the features it offers and the ease of using them, but it offers comparatively little space to describing its security.”

AUDREY: It’s good when the stuff gets audited.

CHRISTIE: Yes. And I think it’s – we’ve talked before about how sometimes company go after security researchers. And because we don’t have what I think is an appropriate amount of government oversight and regulation, we really need those third parties working on this stuff.

AUDREY: Right, that you can actually go ahead and sell something like this without having a security review done that’s sufficient to detect these kinds of things.

CHRISTIE: I was a little annoyed that the article implied that waiters were the most concerning vector for this. Like, there’s any number of people that you hand your credit card to. And most servers in my experience are way too frickin’ busy to take a card in the back room and do – anyway. I just.

AUDREY: Well, I think – I’ve seen that come up with hard swiping theft, too. And I think that what they’re really trying to point to you is times when your card is taken away and you can’t see what’s going on.

CHRISTIE: Okay.

AUDREY: There aren’t as many transactions where that happens.

CHRISTIE: Unless you live in Oregon and you can’t pump your own frickin’ gas. And you have to hand your card over.

AUDREY: Yeah, no. I mean, gas station pumps are worrisome, right? The skimmers that you can attach to them.

CHRISTIE: Okay. So, another interesting article, and this one I appreciate because it’s much more of a technical deep-dive – but it says ‘How to keep your ISP’s nose out of your browser history with encrypted DNS’. And this came a little bit after Cloudflare announced their DNS service which supports encrypted traffic. And the article starts off by talking about what encrypted DNS is, who provides it, why you might want to use it. Then it talks about the three main ways to do it, which are DNSCrypt, DNS over TLS, and DNS over HTTPS. And they say, “All of them can work, but let me warn you: while it’s getting easier, choosing the encrypted DNS route is not something you’d necessarily be able to walk Mom or Dad through over the phone.” Their analogy, not mine.

AUDREY: I appreciated seeing this because I know when I saw the Cloudflare announcement, encrypted DNS was sort of thrown in there. And it wasn’t obvious at a first glance what that actually meant for users. And I’ve been messing around with different DNS server options on my laptop and on my iPad for various reasons. And so, what am I trying to say? I don’t have the Google ones set up anywhere. But I did put the Cloudflare one in on my laptop and sort of meant to look into it more. What kind of privacy does it offer? It’s certainly going to be better than my ISP.

CHRISTIE: Yeah. And so – and just to remind people: DNS, Domain Name Service, is the thing that translates RecompilerMag.com into the actual numerical internet address of the server that hosts the website for Recompiler Mag. And right now, all of that – so basically, from your computer or your phone, any time you want to query an internet service, whether it’s a website or a mail server or whatever, it can be anything, usually you also make a DNS request so that you can get that internet address. All of that is unencrypted. So, it means that anyone along that route can see, see the sites you’re going to. And already, we know that ISPs look at this information, sell it for advertising purposes. Sometimes they intercept it. Like, some of you may have experienced when you first – well, it might still be happening – where you mistype a domain name and something comes up from your ISP that is like, “Did you mean blah-blah-blah?” That’s because they’re looking at your DNS queries and intercepting them.

AUDREY: Yeah. That’s usually the thing that reminds me to go update the DNS on a particular computer or device.

CHRISTIE: Right. You can also use – and you can change what DNS server you use. So, Google provides the service for free. Cloudflare now does. There’s another one that specifically is to help block certain kinds of content. I forgot the name of it.

AUDREY: Well, and I’ve used OpenDNS a lot, Cisco’s option. In part because – do you remember when, we talked about this a while back on the podcast, but that DDoS attack that took down a lot of DNS servers? I had seen somebody say, “Oh, well OpenDNS isn’t being affected.” So, I switched a bunch of things to that, at that point. And I thought that was sort of interesting, too, that DNS hopping could help as different parts of the internet are being attacked.

CHRISTIE: Right. Okay, so there are existing – there’s three main ways of doing encrypted DNS. However, “None of the protocols,” it says, “are currently supported natively by any DNS resolver pre-packaged with an operating system.” So, the issue is mostly on the client-side. And it says, “So if you choose to dive into encrypted DNS, you will probably want to use a Raspberry Pi or some other dedicated piece of hardware to run it as a DNS server for your home network.” So, it’s basically saying you need to – rather than trying to get a DNS client that supports encrypted DNS on your computer or your phone, just put an intermediary server that you control that you will connect to regularly in your network. And then it would send encrypted DNS to the actual server. Does that make sense?

AUDREY: Yeah, I think so. And I think with router gateways, that already kind of happens for folks. You put the router gateway in and it forwards.

CHRISTIE: Right. So, you have to add another thing.

AUDREY: Right. Something else on your home network. You put that in. That address then is your DNS server. And it goes and connects. And yeah, until I started looking at some of this stuff a little bit more, I hadn’t really thought about it, that you could have a multi-hop DNS query in that way going through different intermediaries for different purposes.

CHRISTIE: Yup. So, the rest of the article is reporting about – the reporter tried each of the three different ways of doing it. It kind of reports on the process. And the biggest thing aside from the headache of setting it up is the performance hit. And different options have different amounts of performance overhead.

AUDREY: Interesting.

CHRISTIE: So, we’ll link to that. And I think it would be kind of fun if we can round up a Raspberry Pi or something like it to maybe try to do this and record it.

AUDREY: Sure. Yeah, I would definitely be interested in trying it. I saw another cool example, a couple of them I guess, of people setting up local DNS on their home or office network just to help them control different kinds of devices. Or in one case, the person was doing some I think local caching. And yeah, it’s pretty interesting, with just a little bit of digging and experimenting, what you can do with this.

CHRISTIE: Well, we should round up those links and then – I feel like I might have a Raspberry Pi around here. If not, maybe we can – I don’t think they’re too expensive – maybe we can figure something out.

AUDREY: Yeah.

CHRISTIE: Alright. Yeah, so I did find it interesting that no operating systems support this. And I’m wondering…

AUDREY: Yeah, I’m a little surprised about that. And maybe it is just about the speed. And seeing it as a fairly specialized thing.

CHRISTIE: Yeah, could be. Okay.

So, I don’t know how much this is news-y but I thought it was interesting, that the FTC is warning manufacturers that those “Warranty Void If Removed” stickers are bullshit. And that’s not their words. That’s Motherboard’s words. But basically, that 1975 Magnuson-Moss Warranty Act prohibits manufacturers from putting repair restrictions on any device it offers a warranty on. So, companies do this left and right. So, the FTC is sending letters to – who are they sending it to? Six companies on notice. Which six companies? Well, I have to click through to FTC. But it says, “The letters warn that FTC staff has concerns about the companies’ statements that consumers must use specified parts or service providers to keep their warranties intact,” the FTC wrote in a press release. “Unless warrantors provide the parts or services for free or receive a waiver from the FTC, such statements generally are prohibited by the Magnuson-Moss Warranty Act.”

AUDREY: Interesting.

CHRISTIE: It says, “Similarly, such statements may be deceptive under the FTC Act.”

AUDREY: I wonder when the act was passed, what sorts of devices or I guess home appliances they had in mind at the time.

CHRISTIE: Yeah. And I have a link to – oh, it doesn’t say, the FTC didn’t say which six companies it sent to – yeah, and I have a link to the actual code. But I didn’t look at the – let’s see if Wikipedia says. I mean, 1975.

AUDREY: It could be…

CHRISTIE: So, like TVs, radios?

AUDREY: Yeah.

CHRISTIE: Computers weren’t in.

AUDREY: Maybe kitchen appliances?

CHRISTIE: Oh, yeah.

AUDREY: Radios though, yeah. You know, I just saw something about how a recent iPhone update made third-party screen repairs not work. And I’m very intrigued about how that technically works. But it does seem to be a pretty common thing that companies do, not to necessarily avoid the warranty, but just to make it impossible. To make it so that third-party parts and repairs just don’t work using some other software option.

CHRISTIE: Yeah. And I’m betting that’s not covered.

AUDREY: No. It isn’t a change in the warranty or licensing.

CHRISTIE: Right. And I wonder how you would – yeah. Alright.

AUDREY: But this is still a nice statement, a nice warning. Because it’s just the sort of knee-jerk way that companies shut down folks repairing, experimenting, modifying things that they actually own.

CHRISTIE: Yeah. And it does have a chilling effect. And I do think things are getting harder to self-repair, right? But I still think there’s a fair amount that you can do.

AUDREY: And there’s just a lot of different ways. I don’t know, if we’re imagining a 1975 radio, probably there aren’t any unique parts in it. But now, a lot of things where this might come into play, we have a combination of – like the warranty but also the license to use the thing as identified by the software, and specialized parts. And it all can come together in just really kind of a messy way that makes it hard for people to do basic stuff like fix it or again, modify it for their own use.

CHRISTIE: And we talked about this with Tesla, right? You don’t actually own a Tesla. You’re licensing its use.

AUDREY: Right.

CHRISTIE: So, how does that apply to more and more when equipment is leased to you?

AUDREY: And I think of this as the John Deere problem, because they’re one of the companies that pushed first and hardest for this sort of change.

CHRISTIE: Right. I was quiet there for a second because I’m looking for programming work and I saw a listing – I don’t know if it was John Deere, but it was in that space – and I just kind of laughed at myself about it.

AUDREY: That there’s software in yeah, tractors, trucks.

CHRISTIE: Yeah. Software in everything these days.

AUDREY: Pretty much.

CHRISTIE: Okay. So, Oregon has been doing some work towards net neutrality. I had missed this somehow. Audrey, you brought it to my attention. Tell me about it.

AUDREY: Well, I think I’m following our governor on Twitter. And she had – or her staff had posted a bunch of photos from the signing of this new net neutrality law. And I thought it was really interesting that there are things that can happen on the state level. In this case, what they have signed makes it so that Oregon state departments, when they are procuring services, internet services, that they will be required to only use services that assert net neutrality for all customers, not just the state. So, if the State of Oregon has an office and they’re on Comcast and they don’t want any difference in their ability to access different parts of the internet, Comcast actually can’t do that kind of traffic shaping or narrowing for anybody.

CHRISTIE: That’s a pretty big deal, especially considering there’s only so many ISPs in Oregon, right?

AUDREY: Yeah. Yeah no, it’s a super big deal. And there’s going to be kind of an implementation process where they’ll have to tell agencies how to do this identification process. I also, I didn’t look closely. I assume that they can only adjust Comcast’s or CenturyLink’s [inaudible] activities inside the State of Oregon. I don’t think that they could make them apply net neutrality everywhere. But the ACLU statement on this said that basically they had advocated for the broadest law they thought would meed federal requirements, that would hold up in federal court.

CHRISTIE: Right.

AUDREY: More general net neutrality laws have been challenged, just sort of a blanket state-wide law. But they think that this is specific enough to the rights that the State of Oregon has over its own purchasing that it should be okay.

CHRISTIE: Yeah. I think this is a neat approach.

AUDREY: Yeah. We talk about this a lot, like where the point of intervention is or where the leverage is to make companies do the more user-friendly and reasonable things for us. And this just seems like a really alert and aware way to handle it.

CHRISTIE: Indeed. And for some reason, middle schoolers had a lot to do with this.

AUDREY: Yeah. I didn’t really dig too far into that. But I don’t know. Maybe it was a class project.

CHRISTIE: That’s pretty cool. Oh wow, I really breezed us through our topics.

AUDREY: That’s great. Oh, we could talk about DNS more.

CHRISTIE: We could. Did you – what did you want to say more about DNS?

AUDREY: Oh, no. Nothing in particular. No, I think it’s funny that for once we’re talking about ways that DNS is functional and working very well and not the failures.

CHRISTIE: Right. No, this got me kind of energized. I want to see if we can figure this out.

AUDREY: Sure, yeah. And like I said, there were a couple of examples I saw of people setting up home DNS for specific purposes and talking about it. And that did make me think about doing that myself.

CHRISTIE: Okay. So, things we like on the internet this week. What have you got, Audrey?

AUDREY: So, I saw a tweet about the Tor Project and how they officially finally have a full Code of Conduct. And that this is – I’ve been aware a little bit of the process. This has been a long process for them, a lot of discussion. But I was really excited to see this. And especially that their Code of Conduct is built on the work that you and I did with Stumptown Syndicate.

CHRISTIE: Yay!

AUDREY: Yeah. So, it’s great to see it out there in the world and getting used by a community that’s struggled with this in the past and is definitely trying to build a healthier environment for contributors.

CHRISTIE: That’s cool. We will dig up that tweet and share it. Or share some kind of a link.

AUDREY: Yeah.

CHRISTIE: My thing this week is something on archive.org, on the Internet Archive. And it’s called the Voynich Manuscript which is a document that is notable for its strange text. The dated hasn’t been deciphered. But it has all kinds of botanical drawings. And oh, I didn’t – where’s my original tweet?

AUDREY: While you’re looking for that, I’ll open it and have a look.

CHRISTIE: Yes. Sorry, I didn’t realize that the tweet had more information than the link. One of the reasons I like this so much is that I like to grow plants, particularly flowers. And then I like to take pictures of flowers. And I really like botanical drawing and I’ve been trying to learn how to do it more with ink and watercolors. And so, I like examples of botanical art. And this one is an earlier one. Okay, it says – this is from Erica Moen, “An untranslated codex of mostly plant illustrations from the 15th century.”

AUDREY: They’re pretty. Yeah. Yeah, I like that they have the root structures and these look like some kind of solar charts or planting charts? I’m not really sure.

CHRISTIE: Oh, what page are you on?

AUDREY: That’s a good question. I…

CHRISTIE: Now how do you – this is when I’m like, “I don’t know how to use this.”

AUDREY: Yeah, I can’t tell either. I’m somewhere in the middle of it. There’s these circular diagrams.

CHRISTIE: So, it has a – oh yeah, I see. So, it has – I kind of like code and mystery and then botanical drawings. And it kind of has both.

AUDREY: All your interests.

CHRISTIE: Yeah.

AUDREY: Nice.

CHRISTIE: Alright. That’s our super speedy show this week.

AUDREY: Yeah.

CHRISTIE: Thanks everyone for listening. And we’ll talk to you all again soon.

AUDREY: Bye

CHRISTIE: And that’s a wrap. You’ve been listening to The Recompiler Podcast. You can find this and all previous episodes at RecompilerMag.com/podcast. There you’ll find links to individual episodes as well as the show notes. You’ll also find links to subscribe to The Recompiler Podcast using iTunes or your favorite podcatcher. If you’re already subscribed via iTunes, please take a moment to leave us a review. It really helps us out. Speaking of which, we love your feedback. What do you like? What do you not like? What do you want to hear more of? Let us know. You can send email feedback to podcast@recompilermag.com or send feedback via Twitter to @RecompilerMag or directly to me, @Christi3k. You can also leave us an audio comment by calling 503 489 9083 and leave in a message.

The Recompiler podcast is a project of Recompiler Media, founded and led by Audrey Eschright and is hosted and produced by yours truly, Christie Koehler. Thanks for listening.