What constitutes a hostile environment for software? For one Martus user in Colombia, it meant being held up at gunpoint one evening after leaving work and being forced to hand over her laptop. Without Martus, doing so may have placed the lives of a large number of people in danger. Thanks to Martus, she could hand over the computer secure in the knowledge that these people were safe.
Martus (from the Greek for "Witness") is a fairly simple program - it records reports of human rights abuses ("bulletins" in Martus terminology), encrypts them, and stores them securely off site. But given the circumstances under which it's used, it is vital that its users have an absolute confidence that it does those things well.
At the recent Open World
Forum in Paris, I had the opportunity to talk with Dr. Jeff Klingner of
Benetech, the US-based non-profit
that wrote Martus. Jeff was speaking in the "Humanitarian
Free and Open Source Software" track at the conference. He mentioned
that "NGOs [Non-governmental organizations] who use Martus have confidence in the security of our software because it's open source". Because records are stored encrypted by Benetech, "they don't even have to trust us" - something Jeff admitted was a concern for some NGOs around the world.
Security before convenience
Martus is designed for ease of use, but whenever security concerns come
into conflict with usability, security wins through. One example: there is
no key recovery service. If you lose your private key or forget your
passphrase, any data encoded with that key is lost. Benetech has put a lot
of effort into educating its users about best security practices - there is
an entire chapter of the Martus
user guide [PDF] dedicated to safe computing, guarding against malware and handling passwords. Martus also includes an onscreen keyboard for password entry, to help defend against key-sniffer malware.
Martus is written in Java, and licensed under the GPL. It consists of two distinct parts: a server which stores encrypted bulletins, and a client, which provides for data entry, search and encoding of bulletins.
Each Martus user has their own key and passphrase, which is used to encrypt all data they enter into the system. In addition, users may set up a HQ account, so that others who you trust in your organization will be able to see your private data, once you have sent it to the server. Bulletins are also kept encrypted on the local hard drive until they are deleted by the user.
Internally, keypairs are 2048-bit RSA keys that are encrypted with SHA1
and TwoFish using a passphrase. All bulletin data is encrypted with 256-bit AES, and
signed using SHA1 digests and the private key. And all client-server
communications are transferred using SSL with self-signed
The team have considered using biometrics or physical objects to complement passphrases and private keys, but according to Benetech engineer Kevin Smith, the Martus Technical Lead, "whenever we have researched biometric authentication, we have not been comfortable with the reliability and security, and/or with the impossibility of changing your credentials if they become compromised".
Releasing the software as open source has not been a panacea for the
project. Jeff Klingner notes that "we have been asking for a security audit by the open source community for years, but to our knowledge no-one has done one." Just because the project is open source does not mean that people are reading or reviewing the source code. He did mention that he suspected that some governments may have taken a look at the software, but (unsurprisingly) did not share the results of their review.
So what is the basis for Martus's users trusting the software? In the absence of a security review, isn't there a chance of a Haystack-style security flaw? Jeff says:
There's two senses to the term "trust": If you mean trust that we are not deceiving them and have not snuck in a back door through which we, the US govt, or their govt/police could see the data, this trust is based on two things: they usually trust us as partners, and because it is open source. They trust us as partners, because of they way we deal with them, and because of the long history of human rights groups and truth commissions we've worked with successfully.
The second sense of trust is trust that we haven't made a mistake in our implementation that has led to an unintentional security hole. In the absence of an audit, this trust is based on our credentials, and on a clean history, with no known attacks or post-release vulnerabilities discovered to date.
In addition to their track record, Jeff also pointed to the core team members, Kevin Smith and Scott Weikart. Scott in particular "has a totally paranoid approach to security and dreams up security threats that would never have occurred to me. The Martus data servers are locked up tighter than any other Linux security configuration I have ever seen" according to Jeff.
Several other things make Jeff confident that Martus will not see a Haystack-like security vulnerability uncovered. Firstly, Martus is open, while Haystack was not. Secondly, Benetech are very clear what is and is not being protected against - and are frank about their potential failings. According to Jeff, "even though we've been as careful as I think it's possible for people to be, we also understand and openly acknowledge the very real possibility that we've made an important security mistake. This fact comes through in Martus's documentation, and in the way we present Martus to potential users
Part of the reason for the lack of community traction could be how
difficult it is to get hold of the software on Linux. There are no packages
available for either RPM or .deb based systems, either for the
server or client components. Binary distributions for Windows, Mac, and
Linux are available from the
project's download page, but there was a server problem when I tried to
download the latest version of the client software. Source code is
available directly on the
project's sourceforge page, but I have not been able to find the project developers' mailing list. The project could definitely provide a better experience for developers, and if they do, there are a lot of easy ways for people to help, including packaging, translations, and security review.
Social coding for good
In addition to Martus, Benetech also runs a number of other projects in the areas of human rights, literacy, and environmental protection. To attract new contributors to these and other humanitarian software projects, the company recently launched a new initiative, Social Coding 4 Good, to increase awareness of these projects and to put potential contributors in contact with projects that can use their help. Jeff mentioned that he believed that a lot of young programmers would like to give time to a project which is both technically challenging and provides some social benefit - Social Coding 4 Good aims to fill that gap, in a way similar to what HFOSS does for academic programs.
More and more, people are interested in working on "stuff that matters",
to use a phrase made famous by Tim O'Reilly. Projects like Martus, that can
make a real difference during times of political turmoil in some of the
most troubled regions of the world, offer an opportunity to do something
that matters. If you want to help with the project, report a security bug
or propose packaging the software for your Linux distribution, you can
contact the project at info at martus.org.
Comments (5 posted)
I'm significantly happier with the ideas in PEP 3150 now that I've
reframed them in my own head as: "You know that magic fairy dust we
already use inside the interpreter to support out of order
execution for decorators, comprehensions and generator expressions?
Let's give that a syntax and let people create their own
-- Nick Coghlan
The FSF would welcome a legal requirement to make all software free
but does not advocate one now. It would be too drastic a change
for the current situation.
-- Richard Stallman
I'm not advocating breaking other apps for "no good reason", but
moving faster and making bigger strides in Gecko and Firefox
development is "good reason". These are the big levers the Mozilla
project has in advancing the Mozilla Mission. They will become less
effective over time if we do not move faster and smarter with both
-- Asa Dotzler
Comments (7 posted)
of the Apache Cassandra distributed key-value data store is out.
New features include on-disk compression, better memory management, and a
lot of performance improvements.
Comments (none posted)
IcedTea 2.0 has been released. "This release is the first release of
IcedTea based on OpenJDK7 since it was released for general availability.
It includes all changes from the public OpenJDK7 tree, together with the
latest security fixes and a number of IcedTea enhancements.
those running older versions of IcedTea, versions 1.8.10, 1.9.10, and
1.10.4 are available with several security
Full Story (comments: none)
The Document Foundation has sent out an email that highlights some of the announcements from the LibreOffice conference
, which is being held in Paris October 12-15. Two of those are "advanced development projects
" that will become available in 2012 or 2013: LibreOffice Online and ports of the office suite to Android and iOS. In addition: "500.000 desktops, mostly Windows, at several French Government entities switching from OpenOffice
to LibreOffice (this increases the Windows installed base of LibreOffice by 5% in a single move).
Full Story (comments: 22)
Samba-VirusFilter is a new project to integrate various malware scanners
with the Samba server. Version 0.1.0 is out with support for ClamAV,
F-Secure, and Sophos scanners.
Full Story (comments: none)
STEED is a project to create "usable end-to-end encryption" using GnuPG.
It features automatic key generation and distribution and a "trust on first
contact" trust model. More information can be found in this white paper
Full Story (comments: none)
Version 1.2 of SyncEvolution, a personal information management and
synchronization application, is out. The headline feature appears to be
support for the CalDAV and CardDAV protocols, with ActiveSync support in
the works for the 1.3 release. Support for Akonadi and KWallet has also
Full Story (comments: none)
From the Xpra web site
: "Xpra is
'screen for X': it allows you to run X programs, usually on a remote host,
direct their display to your local machine, and then to disconnect from
these programs and reconnect from the same or another machine, without
losing any state.
" The 0.0.7.28 release adds a number of
significant performance improvements, forwarding of system notifications,
Full Story (comments: none)
Newsletters and articles
Comments (none posted)
On his blog, Xan Lopez looks
at the GNOME app story and comes to a familiar conclusion: "Why is this relevant for GNOME? Never mind iOS, never mind Android,
one thing is clear: most of the next million apps written will be web
applications. Some huge players like Microsoft are already moving
there as fast as they can, and the rest will follow sooner or
later. Native apps won't go anywhere for a long time, but developers
willing to maximize their reach will, increasingly, prefer web
applications over anything else. At least as their first choice. This
brings us a great opportunity. If we jump on this bandwagon, support
web applications as first class citizens on top of world-class
runtimes, and accept and even encourage people to run their web
apps on our operating system we can maximize our reach with a
fraction of the effort of fighting in the native SDK war against Apple
Comments (35 posted)
Lennart Poettering covers
announcement that Google Code Search will shut down in January. "I
think it must be of genuine interest to the Free Software community to have
a capable replacement for Google Code Search, for the day it is turned
off. In fact, it probably should be something the various foundations which
promote Free Software should be looking into, like the FSF or the Linux
Foundation. There are very few better ways to get Free Software into the
heads and minds of engineers than by examples -- examples consisting of
real life code they can find with a source code search engine. I believe a
source code search engine is probably among the best vehicles to promote
Free Software towards engineers. In particular if it itself was Free
Software (in contrast to Google Code Search).
" (Thanks to Paul
Comments (26 posted)
Cornelius Schumacher reflects on 15 years of KDE
on his blog as well as looking to the future for the KDE "desktop" (which is moving well beyond the traditional desktop these days). "Fifteen years ago Matthias Ettrich started the KDE community. On 14th October 1996 he wrote his famous email to the de.comp.os.linux.misc group on Usenet. He called for other programmers to join him to create a free desktop environment for Linux targeted at end users. Many, many people joined. Thousands of developers wrote millions lines of code. We did 90 stable releases of our core set of applications alone, not counting all additional stuff and the thousands of 3rd party applications.
Comments (2 posted)
Page editor: Jonathan Corbet
Next page: Announcements>>