Mailing List Archive

pyjamas domain has been hijacked
i have an apology to make to the python community. about 3 or 4
months ago a number of the pyjamas users became unhappy that i was
sticking to software (libre) principles on the pyjamas project. they
saw the long-term policy that i had set, of developing python-based
pyjamas-based infrastructure (such as pygit) for pyjamas to become a
demonstration of its own technology, as being unnecessarily
restrictive, and for their convenience, they requested the use of
non-free hosting services such as github, google groups and so on. i
patiently explained why this was not acceptable as i am software
(libre) developer, and advised them that if they wanted such services,
perhaps they could help themselves to learn pyjamas and python by
helping to improve the existing infrastructure, and that i would be
happy to help them do so. many of them did not understand or accept.

what i did not realise was happening, until it was announced a few
hours ago, was that in the intervening time a number of the pyjamas
users had got together to develop alternative infrastructure which
makes use of non-free hosting facilities such as github, and that they
also planned to hijack the domain... *without* consulting the
650 or so members on the pyjamasdev mailing list, or the python
community at large.

so this is rather embarrassing because i had just put out a request
for help to the wider python community, with the pyjamas 0.8.1
release, when it turns out that 12 hours later the domain has been
hijacked. my first apology therefore is this: i apologise to the
python community for being a cause of disruption.

the second apology is - if priority can ever be applied to apologies
at all - is i feel somewhat more important. i am a free (libre)
software developer, and i am a teacher, as many of you will know from
the talks that i have given on pyjamas at various conferences. i lead
by example, and it is not just free software development itself that i
teach, but also free software principles. this was why i set the
long-term policy that pyjamas should migrate to running on
python-based server infrastructure and pyjamas-based web front-end
applications, *even* for its own development, because the most
fundamental way to teach is to lead by example.

my apology is therefore for the disruption caused to the pyjamas
project - and to the python community - as a direct consequence of me
wishing to uphold software (libre) principles, and for using the
pyjamas project as a way to do that. that may sound incredibly
strange, especially to those people for whom software (libre)
principles are something that they just accept, but it is a genuine
apology, recognising that there are people for whom free software
principles are not of sufficient importance to have their day-to-day
development made inconvenient.

i don't know what else to say, so i'll leave it at that.

sorry folks.

Re: pyjamas domain has been hijacked [ In reply to ]
... i'm reeally really sorry about this, but it suddenly dawned on me
that, under UK law, a breach of the UK's data protection act has
occurred, and that the people responsible for setting up the hijacked
services have committed a criminal offense under UK law.

ordinarily, a free software mailing list would be transferred to
alternative services through the process of soliciting the users to
enter into an implicit contract over a legally-enforceable reasonable
amount of time, as follows: "in 30 days we will move the mailing list.
anyone who doesn't want their personal data moved to the new server
please say so".

unfortunately, in this case, i have to advise that no such
announcement had been made. although i gave permission to one of the
people who has hijacked the domain my permission to aid and assist in
the administration of the server, i did NOT give them permission to do
anything else. unfortunately, they then abused the trust placed in
them in order to gain unauthorised access to the machine. in this
way, the data (ssh keys and user's email addresses) was copied WITHOUT
my express permission (constituting unauthorised computer access and
misuse of a computer), but worse than that WITHOUT the permission of
the users who "own" their data (ssh keys and email addresses).

as it's 2am here in the UK and also i will be travelling for the next
couple of days, and also to preserve the state of the machine as
evidence, i have had to shut down the XEN instance and will not be in
a convenient position to access the email addresses in order to
directly notify the users of the UK Data Protection Act breach. so
for now, this announcement (to the python list, of all places) will
have to do.

for which i apologise, again, for having to inconvenience others who
may not be interested in what has transpired.

but to all concerned i apologise again, deeply, for putting everyone
to trouble just because i decided to stick to free software
principles. strange as that sounds. i honestly didn't see this