Learn Python with Talk Python's 270 hours of courses

#61: Free software, free people Transcript

Recorded on Thursday, May 12, 2016.

00:00 How often do you read some news headline about free speech denied and human rights being suppressed and think that sucks but there is nothing I can do about it from my distant perspective. I guess you could vote slightly differently in the next election and maybe, just maybe, it will have a small impact in 4 years time.

00:00 If you're a technologist or developer, you have way more power than you realize. Still, the challenge is could you use your skills to make a difference? Maybe you could remove a layer surveillance or add a layer of anonymity for the affected people.

00:00 If the answer is yes, and it probably is, then the question becomes would you do and even should you act? This week on Talk Python To Me you'll meet Pete Fein who spent two years of his life helping others using his technical skills. His story is both inspiring and amazing. It will show you what can be done to help people in need.

00:00 This is Talk Python To Me, episode 61, recorded May 12th, 2016.

00:00 [music intro]

00:00 Welcome to Talk Python To Me, a weekly podcast on Python- the language, the libraries, the ecosystem and the personalities. This is your host, Michael Kennedy, follow me on Twitter where I am at @mkennedy, keep up with the show and listen to past episodes at talkpython.fm and follow the show on Twitter via @talkpython.

00:00 This episode is brought to you by Hired and Snap CI, thank them for supporting this show on Twitter via @hired_hq and @snap_ci.

01:45 Michael: Hey everyone. I have a few things to share with you before we talk with Pete. First, one of the listeners suggested that I add all the episode transcripts to Github. And I thought, why didn't I think of that? So now you can find the transcripts at

01:45 https://github.com/mikeckennedy/talk-python-transcripts

01:45 And of course, now there are over 50 hours of interview text online the question is what will people do with it? Well, almost immediately Anthony Shaw from Sydney sprinkled some data science dust on them and within hours answered the burning question of peak Talk Python awesomeness. That's not which show was most awesome but rather which show did I say "Oh, that's awesome!" the most on? You can check out his github gist and cool graph actually showing this over time, I'll put a link in the show notes.

01:45 Now, let's talk with Pete.

02:31 Michael: Pete, welcome to the show.

02:34 Pete: Thank you.

02:34 Michael: We have some really interesting stuff to talk about today and to be honest, I am really thrilled to talk to you about it because you've really done some amazing work and you've helped a lot of people, and I am excited to dig into it.

02:47 Pete: Me too, thank you.

02:50 Michael: You bet. So, before we get into all the work that you've been doing though, let's just start at the beginning, just tell me how you got into Python, how you got into programming, what's your story?

03:00 Pete: Yeah, I've been programming since I was about 16 I think, I took a class in high school in Pascal and C++ maybe, and then a bit at the university. Maybe like 15 years ago somebody who has become a very close friend introduced me to Python at a job I was working at modeling 3:23 or something which was a long time and I passed. Once I had found Python, which was probably like 2002, I just kind of never looked back. 95% of the code I've probably written since then, has been Python.

03:38 Michael: Just Python, so once you kind of got into it you were just like, oh wait, I have found my place, this is it.

03:44 Pete: Yeah, exactly, it's just like why would I use anything else and I can see, I see using other languages and I do a little bit of other things sometimes, but you know, I've heard that Python is the second best language for everything. In the real world you're kind of trying to do more than one thing, you are bringing together a web front end in the data base to like mobile app in a search, whatever. When you have to start doing more than one thing, or three things, or four things, having something that's the second best at all of those, makes getting that total thing you are trying to build much easier. And so yeah, I've just, I was kind of stuck using Python and I've been really happy with it.

04:25 Michael: Yeah, you know it's, you can almost pip install everything, right, like I need to do that thing, let me try, pip install py that thing, oh, look, it worked! [laugh]

04:36 Pete: Exactly, the library is great, the ecosystem is great, the community is great. I've gone to PyCon since 2007 or 2008, whatever the second year in Dallas was, and there was like 700 people and I wanted to be a part of that community to kind of evolve with this language and see the folks.

04:57 Michael: Yeah, it's cool to watch it grow, right. And this year, it's in Portland and I think they have a pretty big location, I don't know what the capacity is but it's been sold out for a while and sadly people send me messages and say, "Michael can you help me get a ticket", and I am like, "I really don't have any leverage on, sorry I wish I could get you a ticket".

05:15 Pete: One of the things that I like about the Python community in particular is the kind of spirit of copying and doing things- I mean, there is like, I mean I can't even think properly, a dozen regional conferences.

05:31 Michael: Absolutely. Hi Ohio, in Texas, yeah.

05:32 Pete: Yeah, Hi Ohio. I lived in Chicago for many years and never made it to Hi Ohio but I moved to Pittsburgh recently and I was just like, oh this is like close by, so I am excited to go, I am excited to go to Portland too, but it's cool that like other languages, other open source things like this don't do that, they don't kind of spon these sort of local-

05:57 Michael: Yeah, they just have the one conference or something like that, right, absolutely.

06:00 Pete: Yeah.

06:01 Michael: So, speaking of PyCon, I think that's a good way to segue into how I got to know you, and I watched an amazing, inspiring talk that you gave at PyCon 2015, and I'll be sure to link to that in the show notes, it's on YouTube. And, it was entitled Free Software Free People. So, give us a background on what you were doing at that time, and maybe we can talk later about what you are doing these days.

06:28 Pete: My talk at PyCon last year was called Free Software Free People and it was about my time as what is called an hacktivist, or an internet activist from probably about late 2010 through 2014, doing everything from organizing protests to helping people circumvent censorship and surveillance around the world, most often in the Middle East.

06:54 Michael: That is super inspiring, that's awesome. Long ago when I saw this I thought about technology, I thought about how it's going to open up the doors and make everything great, but there is two sides of technology, in a lot of places technology is used to stifle people, ideas and so on, right, and especially the dictators in the Middle East during the Arab Spring for example.

07:17 Pete: Yeah, as a technical person I have a really sort of complicated, and so I am trying to be the deliberate about how to use it, and that ethic was certainly up on play when I was doing this work in the Middle East. Yeah, I mean so I worked with the group called Telecomix, which was basically like an IRC network, which was sort of, people are probably, almost certainly familiar with Slack these days, it's a group chat, but Slack is modeled after a much older chat network called IRC, which actually predates the web, it goes back to 1994, and it has a long history of being source of communication, support and activist community, so it was some of the first source of news out of Moscow after the counter-coup, after Soviet Union fell, and also during Bosnia and Sarajevo. I learnt all these stuff later, like I would just hang out on freenode with all the other people, for a couple of years and then stumbled upon this group of what then become hacktivists, called Telecomix who ran their own network, their own set of servers mainly located in Sweden and Germany, it was a group of about 200 to 300 humans and machines, that were sort of an active part of this IRC community and we did everything from kind of advocacy work which I mean like working to change an influence policy, to technical hacking like network scanning and helping people use and install tools and like torrent, configure ssl, so stuff I like to call media hacking which was basically getting the mainstream press to pay attention to things that we thought were important, censorship or surveillance are some other kind of policy positions.

09:06 Michael: Well, so a lot of people like they hear stuff about encryption or it's after the whole Snowden thing it's way higher on people's mind but before that it was just like you know what, that's like some technical mumbo jumbo, right. But so that's a really actually important role to make people that actually have influence on politics pay attention, and they get it right sometimes and they get it wrong, right, we could give a lot of examples where they get it wrong.

09:36 Pete: Yeah. The stuff we were able to do using encryption to help people exercise free speech rights in places like Syria and Egypt, where if they got caught they got thrown in jails that nobody heard from them, then they got beat up, Using those same kind of technologies I think that are, politicians want to have access to is really scary, like because the countries that these people are in had that kind of access.

10:07 Michael: And we saw what they did with it, right?

10:08 Pete: Yeah, exactly, and just that's, it's not a tool like a gun, it's a tool that thought you where to pint your guns. And like, that can sometimes be almost more effective.

10:20 Michael: Right, who needs to disappear tomorrow or some other terrible thing like that, yeah.

10:24 Pete: Yeah, and so I am not like a cryptographer, I am not even really a big security or network dude, and so like there were those kind of people around Telecomix along with people who were not really tech people at all, people who were artists, people who were journalists, people who were just you know, gardeners-

10:45 Michael: They just wanted to help out however they could, right?

10:46 Pete: They just wanted to help out, exactly. And so like putting those skills together we were able to tell people, I mean, really just people came to us and asked for help saying like I can't get on Twitter, like these terrible things are happening they are going around my neighborhood and beating people up, like I have some pictures and like I can't get to Twitter, can you put them on Twitter, and so we are like-

11:07 Michael: You have to tell the world about this.

11:09 Pete: Yeah, exactly and just, it sounds- in Egypt actually what we did is just people found us and you know, they couldn't access their Twitter accounts so we spoke for them, we used our Twitter account like a proxy, like we were human proxies the same there were network proxies.

11:28 Michael: Yeah, a little bit of sneaker net almost to cross the air gap or whatever.

11:31 Pete: Yeah, there were totally worth sneaker nets in Syria, the Syrians had some sort of crazy sneaker nets going on, I don't really know that much about, but you know, also we even worked with guys long time in Syria, like 9, 12 months, and this is like in 2011, 2012 before things got really terrible there. Like, people don't need internet in Syria now, like that's just not, I mean, it's such a minor part of what is- but back then, it was like some people were getting beat up, some people were getting shot at, but it was the censorship and surveillance was much more of a problem and there it wasn't nearly as violent.

12:13 Michael: Sure, well, back then, just looking from the outside, it feels like there was still a public case to me be made about whether it's bad or and not or how bad it is, and now everybody knows that it's bad, and they just don't know what to do about it. But it's not like the fact is bad news to be told, like everybody knows it's bad and we don't really know what to do about it I guess.

12:35 Pete: Yeah. I mean, I didn't know what to do about it back then either. I didn't have any great political insight to what was going on, people asked for help, like this is the thing, you know like we have this internet and people came and we found each other, you know, in the secret back tunnels and I was in a position to help, and that's what I did.

13:06 Michael: That's awesome.

13:05 Pete: Yeah, I guess, I don't know, sometimes people ask for things and we are like you know, that's not the kind of thing we want to help you with and like, we are glad they went away.

13:13 Michael: Yeah, I guess it has to match your mission, right, you can't just be doing whatever out there.

13:18 Pete: We just, Telecomix just did communication support, like we did censorship and surveillance, it's free, basically free speech, it's kind of the driving scene, people come by and they are like hey, can you help us make bombs, we are like no we can't go away. It's not that complicated, you know, there is nobody like I don't know how 13:35 what are you guys doing here, like just like go find some other IRC network and bother them, like it just, yeah, and so-

13:45 Michael: You must have gotten the reputation about that's where people will go to get help from the outside or whatever, right, and so they show up.

13:51 Pete: We had you know and that was just rare, it just like mainly was people asking for help, wanted VPNs, wanted help setting up Tor, proxies, help publish and share things.

14:05 Michael: Yeah, you had some-

14:06 Pete: Long term anonymity is complicated and hands on work, you can't just give somebody tor and be like have a nice day. Like there is a lot of ways that you know, if you have say some photos or some pdfs or whatever, somebody gave you Tor and you went on and setup a Twitter account, and setup an email account, like there is a lot of ways you can still give away who you are, it's really kind of like the one thing I kind of, I mean just, it's such a human and machines, you know, like working together makes this things possible, like as I said there is like 300 humans and bots, there is websites, there is servers like the main server I found out was, like at the end of all this was 686 or something, like some old like 16, like maybe- I don't even remember it's an ancient machine that was running IRC network, it was just, it doesn't take-

15:06 Michael: It's 16 bit, what are you talking about?

15:07 Pete: Yeah, some ancient 32 bit Linux install, that happened to be located in ISB data center in Sweden, because those are some of the people that were like in this network of folks.

15:23 Michael: Yeah, someone was like hey I've got a server.

15:25 Pete: Yeah, sure, somebody is like yeah sure I've got an old server, like there is no money involved, there was no mailing address, there was no like border directors, like literally, it's just a bunch of people like bootstrapped an IRC network and started hanging on it and like put up some websites and found some friends.

15:39 Michael: Yeah.

15:42 Pete: Yeah. And so the appeal for me for finding that, coming from working in open source community, is I was like oh I can have this works, I get how this works, you want to build a project, like you just go find some people and you go do it, and like the things that succeed you know, like you can't get any of these whether it's like an open source project or like helping people avoid censorship it takes a lot of hands, you can't, the things can succeed or not, it's not just good ideas or good technology, but there is people involved here too, like in 3 years or so of doing this full time and then some- I didn't have a job, I had a couple of periods where I worked like 16 hours a day for like 3 or 4 weeks, and the one lesson I take away from this is just how important the people are in this, your users, your collaborators, just people have great ideas and you- I had great ideas, and I couldn't find anybody to help me, and so those things needed to get done and so I went and helped somebody else. And, that's just crucial.

16:53 Michael: Yeah, I think it's easy to confuse our use and need of privacy with others, right, so for example if I want to go to Starbucks and I'd want to feel little bit better about using the public Wi-Fi, I might fire up a VPN to go do something, but that's not the same as like the consequence of making that wrong is pretty low.

17:14 Pete: Exactly. Yeah.

17:17 Michael: Versus, if I am in somewhere where there is actual turmoil.

17:20 Pete: Yeah, turmoil or just police state, or surveillance state or like a government that is listening to what you do on those open networks, and how often they go send you know guys with guns and nightsticks around to your house. If you do it wrong.

17:37 Michael: Yeah, yeah, that's definitely a higher consequence. So tell us some stories, there is a couple of things that you talked about in your talk that were really interesting, one involving modems and another involving like filtering monitoring hardware.

17:54 Pete: Sure, so I stumbled across Telecomix in January of 2011, about a week before the Egyptian revolution kind of got publicly rolling, so people may remember the Jan 25 hashtag so I kind of stumbled on Telecomix on January 20. You know, so at that point, Twitter was blocked in Egypt, we knew there was kind of various degrees of surveillance, but like the internet was still largely operable, and so this was this period where we get people who would find our IRC network and come on and like share stories and photos with us about what was happening, and we would re-tweet them using our like collective Telecomix twitter account. It's kind of acting like human proxies. And some of those people would stick around and we would help hem set up a technical proxies like tor kind of VPNs so even just basic http proxies. I got involved working on a ham radio project, so we didn't foresee that the entire internet was going to go down like which happened basically on January 28th, the Egyptian government like turned off 95% of the routes into the country. So we can see that, like I said, we foresaw that but like just we were throwing a lot of things against the wall and some of them stuck and some of them didn't, and somebody threw out the idea of a ham radio, so amateur radio, like long wave, short wave, radio.

19:29 Michael: Right, if they are going to turn off the internet let's just go old school on them, right?

19:31 Pete: Yeah, and so I am not a ham, some of these guys were, but like I had an interest just in amateur radio and pirate radio and like from media theory and communications history perspective; and so I was like ok, well, I am new here, like let me try work on helping out with this, and so I ran around the internet and tried to find people to help like I googled up ham forums, and we tweeted about it, I ran around and I found like other IRC networks like there was like amateur radio channel on freenode and like these different, I just kind of like dug around for a couple of days and like call people to come help and like you know, it went from 5 people to a 130, in like 3 days or something like that, just yeah, and part of it was it's just like spectacle of it, it's just this is like hey this is this cool thing we are doing- people were like oh my gosh, they are going to use amateur radio to save Egypt, that's so cool, here, we'll write a little blog about them, we'll write a press story about them. Like there was value in that as well, it was legitimately helpful but like that aspect, and just getting like hey like let's get some more people come help. It turned out not to be actually the best way of maintaining contact in Egypt. There were probably a 130 licensed radio operators in Egypt, they were mostly ex military, technology just kind of wasn't available.

19:31 [music]

19:31 This episode is brought to you by Hired. Hired is a two-sided, curated marketplace that connects the world's knowledge workers to the best opportunities.

19:31 Each offer you receive has salary and equity presented right up front and you can view the offers to accept or reject them before you even talk to the company. Typically, candidates receive 5 or more offers in just the first week and there are no obligations ever. Sounds awesome, doesn't it? Well did I mention the signing bonus? Everyone who accepts a job from Hired gets a $1,000 signing bonus. And, as Talk Python listeners, it get's way sweeter! Use the link hired.com/talkpythontome and Hired will double the signing bonus to $2,000!

Opportunity is knocking, visit hired.com/talkpythontome and answer the call

19:31 [music]

22:03 Pete: Yeah, a whole bunch of cool other stuff, spun out of it, people working on, all sorts of different projects, we sent a lot of fax spam, these were cool, so like, but before it's a basically they cut of the fibre, there is no cell, there is no internet, there is no text messaging, the only they left out that was working was landline phones. Which, in Egypt there isn't like actually a lot of the rest of the world are like core infrastructure, for everything, for the military, to keeping power plants running, again just like copper line phones, like just turning that off actually breaks totally everything. So, yeah we did things like googled up the numbers of fax machines of hospitals and universities, and coffee and copy shops, lists of these together and put together a pdf in English and Arabic explaining who we were and that we were here to help, and instructions for medical treatment, treatments for tear gas for people who were out protesting and getting shot with tear gas, and put this pdf out there like a list and basically got volunteers to go through one free international faxing services and like upload the thing and click accept, and send it to all of these places. Yeah, I mean, just kind of using whatever technology we had at hand. Those things worked well, we ran about 500 dial up modem lines, so again the only thing working was- I mean this was crazy, this is like 2011, half on Egypt was on dial up modems, about a quarter was on like wired ethernet about quarter was Wi-Fi about half was on dial up modems. The other strange thing was that the local ISPs didn't peer with each other, so there were like 3 or 4 ISPs in Egypt, and they didn't actually exchange packets in Egypt, they sent their packets like up to like Cyprus or whatever, like where there was a data center, you know the fibre cable, and they crossed and then they came back to Egypt and went to the other ISP. So when they turned off the 2 or 3 pieces of fibre the ISPs were isolated from each other within Egypt because they didn't exchange traffic.

24:36 Michael: Right, so it wasn't just getting out to the world that was even communicating within the country still.

24:41 Pete: Internal communications, right, and like we had this idea that the internet is this redundant thing and it's kind of like you know, was designed to survive nuclear strikes or whatever, and you go start poking around the networks and some of the other places in the world, and you just go like what the heck is this, this is just like both built from components and routers and stuff that we just would be like where did they get this, ebay? And the answer is yes, they bought it one ebay, like just random, whatever random old stuff they can afford and get their hands on, that is also architected with just trying to totally different- really like political objectives built into the network, like built into the infrastructure of the network, that these networks are built centralized so they can be monitored and surveilled and censored and turned off, like and turned on.

25:33 Michael: Yeah, a political network topology, yeah.

25:36 Pete: And that is just such a different approach and attitude than we think the internet should be built, and in some places more or less is.

25:45 Michael: Wow, that's pretty wild. So speaking of controlling stuff and looking at it, there is some really interesting stuff that came out with some network surveillance hardware form a company, was that in US that company?

25:59 Pete: Yes, so in Syria we started working in Syria in the summer of 2011, in July, maybe about 3 months after the protest started, and the fist thing we started doing was Nmapping the networks, so basically Nmap is a network scanner so basically like it pings all the ports and all the, you know, you give it some range of IP address and it pings all the ports, and it like tries to fingerprint what's there and tells you like oh hey here is a web server here is a printer, here is an ftp server, here is another printer, here is a webcam, like you know, and so basically you can go get what IP blocks are assigned to Syria, like that's kind of just public information from the register. And so we scanned the whole country over the course of like I think it was about six weeks-

26:51 Michael: Wow, so you built like a network map of all of Syria basically?

26:55 Pete: Yeah, yeah, with kind of like 26:57 probing, like so, and map is kind of like pretty coarse tool, so this was maybe a dozen people over the course of about 4, 6 weeks, with mainly with Nmap, and kind of some manual probing, and that's how, like now there is tools out there now that you could do this like by yourself, from a single machine in EC2 in like 3 days, [laugh] like the tooling is 5 years later and the tooling has just gotten, like sure, you can scan like that much space, like so much more efficiently, just because the software has gotten better.

27:28 Michael: Yeah, and the cloud, and the network speeds, and all that right?

27:31 Pete: Yeah, and I mean these guys had like data center class network speeds, but just the software, like there is things called z map and mass scan now that do the same thing Nmap does, but like same hardware it's just the software, like it's just way better to do this. Which is crazy to me, but we found whole bunch of interesting things, a whole lot of cable modems, cable modems with the default password.

27:55 Michael: Admin username and password password.

27:58 Pete: One of the things the guys did was change the DNS settings on these cable modems, this was done with Perl scripts actually, I didn't write any Perl, these guys they were Perl scripts, so they changed the DNS setting so that when people in Syria would go on their cable modems, would go to Google.com or Facebook or whatever they would get set inside a network code, 19 web servers that the Telecomix guys put up that had a page in Arabic and English that said your connection is being monitored, you are under surveillance, here are some tools like to help, and an explanation. And so, yeah, and like they flipped this on and like it took like 40 or 60 % of the web traffic in Syria for the 2 days, whatever they had this thing going. Yeah, and it just- this was the kind of stuff we could do, like this was the kind of stuff we could do, because we didn't have many money, like who do you- it's just kind of right at the border of legal and not lot and like legitimate and like we were able to kind of scurt that border because we didn't, we didn't do those things like take money.

27:58 [music]

27:58 Gone are the days of tweaking your server, emerging your code and just hoping it works in your production environment. With SnapCi's cloud based, hosted continuous delivery tool you simply do a git push and they autodetect and run all the necessary tests through their multistage pipelines. If something fails, you can even debug it directly in the browser.

27:58 With the one click deployment that you can do from your desk or from 30,000 feet in the air, Snap offers flexibility and ease of mind. Imagine all the time you'll save. Thank SnapCI for sponsoring this episode by trying them for free at snap.ci/talkpython.

27:58 [music]

30:11 Pete: And so when I talked about earlier about sort of being very technical like this was really deliberate, like there is a lot of thought and a lot of discussion about how to do the safe way, should we do this at all, like from a technical level, from an ethical level, that I feel like characterizes- yeah, some of the, you know I feel like there is reasons I talked about it, at the PyCon community, like there has been an interest in broader kind of social issues and political issues in the Python community, in the PyCon talks for a long time, and I entirely mean that I probably pushed that further than anybody else and I am grateful for that opportunity and people seems to appreciate it. But, I feel like the Python community is now far more thoughtful about those sort of issues than other technical community I have participated in.

31:08 Michael: I think there is a down to earth-ness of those folks, it's awesome. Do you want to tell us a story about the network monitoring stuff with Blue Code?

31:17 Pete: Sure, one of the other things we found while pocking around inside the Syrian networks were a dozen unsecured ftp servers that were basically like the file storage engine on these network traffic monitoring and shaping devices manufactured by a company called Blue Code. She is based in California, and so you can think of these, so these things could like ran at the speed of the fibre so these were actually Windows machines but they had like a custom chip in hardware to process some like 200 different kinds of traffic so http traffics, Skype traffic, windows file sharing traffic, like you name it, and sort of analyze what was happening and then either both control the bandwidth so in their marketing docs they talked about like don't just outright block YouTube and Facebook games because your employees, because they are made for mainly corporate use.

32:16 Michael: Right, these were like enterprise devices to keep people-

32:19 Pete: And you are right, they are totally like enterprise firewall great stuff and so you don't outright block You Tube because then your employees get pissed but you just like really degrade the bandwidth, and so they get same thing with games, like make them like really painful to play so they just get frustrated and get back to work. Whereas if you outright block it, they get upset. And so, and this is kind of you know, this is in the corporate environment but I think it kind of gets you a sense of the sort of censorship [laugh]

32:51 Michael: Right, put this in the hands of a dictator and turn the nobs differently right?

32:54 Pete: Exactly, and so we found about a dozen of these machines with their log files just so they are open, unpassworded, fttp server and so these were basically like web logs for like all of the web traffic for Syria for like a week, it was 64 gigs web and so it basically has a source IP, it has the url they are trying to visit, cookies, accept or deny whether the proxy blocked it or let the traffic through things like that. For the whole country, like the whole country. We found these things, and digging through it we found things the words like Israel or proxy were blocked, specific Facebook pages that were specific to Syrian activists and justice groups were blocked, the whole lot of porn- that was actually allowed through, and so we had this idea- no, I mean we had this idea that Middle East was very sort of uniformly conservative in sense, it's not like that at all and like what's accessible on the Syrian internet is really different than what's accessible on the Saudi Arabian internet or on the Iranian internet, or on the Turkish internet. But within terms of local political issues you know, specific to that country, like more regional issues as well as like sex and violence and you know, all the other kind of crazy things that are on the internet. And so, Syria had a long reputation of being actually quite liberal for porn, but you know, there were whole bunch of kind of political stuff that was specifically blocked.

34:30 Michael: Yeah, it was more about protecting the government, they didn't really care what you did or something like this, yeah?

34:34 Pete: Yeah, to some degree, right, so it's like I said it's different in different countries. And so, these eventually got leaked, some of the Telecomix agents had done some analyses on these things, and just like splashed them out on the internet, and so I wrote a story for Slashdot, I am a proud reader of slash dot's in probably like 1997, you know, back when I started like playing around with Linux in college. And so, I thought this was cool and so I wrote post for Slashdot, and so this is kind of like media hacking that we did, and this got picked up by I don't even remember, the Washington Post eventually The Wall Street Journal, and so like I wrote this story for Slashdot and said hey look, here is this like digital evidence of these companies, hardware was being used by the Syrian government to censor and surveil the net, like there is export controls, on Syria, like there was an embargo, you can't sell anything to the Syrian government.

35:30 Michael: Right, absolutely.

35:31 Pete: Somehow these devices that were hand built in California have wound up their way in Syria like what has happened. And so, the company first denies to Slashdot that there is like any evidence that this is their equipment at all, and we are like it says like right in the header of the log, like in well known format like Blue Code and here is like the device id, you know, we sent-

35:53 Michael: The serial number?

35:54 Pete: Yeah, like we sent, we had the Telecomix agents like the Syrians, send traffic out to servers we controlled, and like we could basically see how, like the headers get injected you know, by the log the box itself, like, we had really from these IP addresses, we'd see that all the traffic from Syria has been forced routed through these proxies. And so they are denying this is this, it gets picked up by the Washington Post and then maybe about a week and a half later I am at Human Rights conference and I get a call from a reporter at the Wall Street Journal and she says I am on the phone with Blue Code, for the last week yelling at them and begging them to stop lying to me. Do you have anything you would like to add- I was like sure, sure, and so I kind of explained to you what these things were and how we found then what they are capable of. So you know, Blue Code advertised itself as being capable of distinguishing between updates to your Facebook wall and 37:02 , they're pretty fine, this is not just like oh it's http traffic to this host name.

37:08 Michael: Right, it's looking inside the packets in some ways and things like this, yeah.

37:12 Pete: Exactly, inside the stream of packets and doing contextual analyses, and so what we also found out was that these machines were phoning home to the company headquarters, not only for monitoring services, so like they had built in heart beat monitor but also for collaborative filtering, so like when they saw some traffic that the local proxy couldn't classify, it would send it off to the headquarter and run some other algorithms on it and give us real spec in like 300 milliseconds just like pretty low latency, but so the kicker of this is that Blue Code had they have been paying attention to their internal log would have clearly saying these boxes were in Syria. And so, because they are getting traffic to their internal services coming from these machines, and so they just have this incentive not to look because the expert control saying no economic activity, and so you know, if it's known that they block things from these countries like there is less resell market, there is black market, they are providing the service they are not supposed to be doing that, and so like they just don't even want to look, they just don't even want to know, where these things are.

38:21 Michael: Well, it's kind of like- what that Italian group was that hacking team?

38:26 Pete: Hacking team, yeah.

38:27 Michael: Yeah, when it comes unglued, it's a serious pr nightmare, like this can't be good for them, right.

38:34 Pete: And so this was right, exactly, and so there is eventually the story in the front page of the Wall Street Journal and the company admits yes, this is our stuff, and like we should have known and like the machines were actually destined for the government of Iraq, I don't know why that's better, for them to use - this is 2011, I don't know for them to use for censorship, ok, whatever, some of the other Telecomix agents worked in Brussels, in the headquarters the European Union, they were like legislative in the European parliament, and they lobbied to have the EU pass technology export controls, for Syria, so that you know, the stuff couldn't get like you mentioned hacking an Italian company so that this kind of equipment couldn't be sold by EU members to Syria. December of that year they passed that, and that was the first time the EU has ever passed this kind of technology export controls.

39:33 Michael: That's awesome that you guys made that kind of difference, right?

39:34 Pete: Yeah, and so like, and so there is kind of this loose chain of maybe like 50 people, from over the course of six months like that nobody really like intended to do this, we all sort of picked up the parts we had found interesting, like the folks in Brussels like they are not, they don't run Nmaps, like they lobby legislate to the great effect, and it's you know, we are able to change international law, this kind of like sketchy group of hackers with no money.

40:07 Michael: This ragtag group of folks that just organized an IRC right, that's awesome.

40:12 Pete: So, the US like, it's like a year and a half later and like 2014 finally 40:21 some fines on the reseller, there was some company and some dudes in Dubai who supposedly bought this blue code and you know, we ship them on to these dudes, and the company like gets a pass.

40:34 Michael: Yeah, but the PR still has to sting, right, so it's not a full pass?

40:40 Pete: Yeah, they got sold, they got bought by some private equity fund, and like you know, it's been, people have found their stuff like all over the world now, and it's really been helpful to raise attention of this kind of before, this was all before Snowden.

40:56 Michael: Right. So do you think this is a good example of the type of the ways that what the US government is trying to pull, gets out of control and has like unintended consequences like oh we just need a back door for us-

41:11 Pete: Oh, yeah, there is no such thing as a back door just for us, like there is no such a thing as back door just for us.

41:17 Michael: But we'll keep the key really safe?

41:17 Pete: The FBI, Google built them the back door like 2010, it's called project Aurora, and the Chinese hacked it, and used it to go after their own people. Google has better security engineers then the FBI does, oh my gosh, [laugh] like, yeah, there is no, and you know, and they still get hacked by the Chinese, like these things are not, there is no back door just for you.

41:47 Michael: And one thing to build the safe wall it's noticing to build the safe door, right? These are like different levels of hard I guess.

41:53 Pete: Yeah, it's like, it's so funny, it's so funny like I went to hardware store, my mother wanted to buy- I had just bought a new house which was a new experience for me, but we went to the hardware store and she wanted me to buy a new lock for my door. I was like, ok, that sounds like a reasonable thing, I bought a new house, I don't know who has keys to the old house, I buy a new lock.

42:15 Michael: Yeah, I did that when I got a house.

42:16 Pete: Yeah, sure, and so we go and we talk to salesman and he goes like ok, this is really the good lock that we recommend and I was like oh, I'd pick that, I was at hope it's like a hacker convention in New York and have a lock pick, and I've done this maybe 3 or 4 times, I was like oh I'd pick that lock, all right cool, but I mean I bought it anyway, right, like it's different levels of security but just like it's the door to my house, it's not a door to like everybody's private information, like your medical information, your financial information, the letters you wrote to your spouse...

42:56 Michael: Yeah, well, the thing is you- we have these sort of concepts that we map up into the digital world I think as at least you are trying to speak for the non technical politician types and law enforcement and so on, and you think I can get access to your lock on your door, so why can't I just have a lock on this other thing but the problem is if you hack that, you hack everybody in the world, if you break into one house you don't break into every house in the world when you break into it, right? It's crazy.

43:28 Pete: 43:29 they had a dual mandate, they had a mandate for both cyber surveillance and cyber security and they have entirely neglected the later, you know, they've hired- I mean, I've sat in classes with dudes like Python high level, you know, advanced types on trainings with guys who worked for contractors in Maryland and weren't allowed to tell the rest of us what they did, and you know, by hiring those guys and putting on 44:03 like they have both starved the market in terms of like knowledgeable people but also like they had a mandate to play defense, all these problems and all these bugs to finding like they should be closing them, they should have been fixing those, they should have been- instead, they want to rule the world, they want access to everything and as a result, now everybody has access to everything.

44:24 Michael: I totally agree with you that that is the serious problem and I think the US and Western Europe, but especially the US has more to lose than they have to gain by being able to access stuff, so if the US can break into other people's things, and those people break into the US's things like there is more IP and technical stuff that we have to lose than we are ever going to gain from getting other places I think.

44:51 Pete: Yeah.

44:52 Michael: I don't think it really makes sense, but you know.

44:55 Pete: I think these are people who grew up the political children of the people who came up with MAD, I don't know how old you are, remember like mutual assured destruction, like these, I think that whoever came up with what passes for cyber surveillance and security policy like I think, that stuff didn't make any sense either, [laugh] like, wait so we are all going to die, that's better, and I feel like that this is somehow like that these people are like the digital version, like children of that craziness. Like-

45:32 Michael: You give me like flashbacks.

45:33 Pete: It makes me really sad, you know, as somebody who loves the internet, loves what we do with the internet, like it makes me so sad that people are just treated as something to be ravaged and pillaged and controlled, you know, I feel like one of the lessons from Telecomix is like that we can use this technology to get together and make cool stuff and do beautiful things, and actually make a difference in the physical world, and in lives of people like ourselves and each other and people who need help, just in a way that is very rewarding. I mean, it's very rewarding to have been able to put the skills that I have cultivated for such a long time like in direct service of what I believe when you know, like I felt just so disconnected, I like just didn't care, like I just didn't like pay attention to what happened in politics and just to be able to do stuff, I mean that's the same ethic that's drawn me to working on open source, it's just that like we can go out and actually build stuff and things get better. It's so rare we get to have that experience.

46:48 Michael: It's a very different life, right, just think that that can be a thing right, like your view of the world is so different if that is your view of the world, right.

46:58 Pete: Yeah, exactly, exactly, and like just that's at the end of the day, I don't do this activism stuff anymore, it just kind of, it took over my life, I just like, it took all my money, it did things for relationships, and like just doing this like as a full time and then some like that much, it's just not sustainable. And, I fell ok about that, I feel like I had like this, like the world's needs and my interest and ability is kind of like aligned and then they sort of passed on, and like I am grateful to have had that opportunity.

47:38 Michael: It sounds a little like people go into the piece court, to like take a few years and like dedicate theirselves to something and this is kind of a- it sounds a little like an unofficial version of that in the technical world. A little bit maybe.

47:50 Pete: Something like that. You know, I look back on that and just how the Middle East, what has happened there since, it just, yeah, I mean I don't think anybody saw that this was going to look like and even if I did, I mean it just like I said, people just asked for help and when I think about the lasting impact, like I still get like emails from people who see documentaries I was in, or found a new articles and they are like oh tech me how to be the greatest hacker in the world, I am going to break it down- I'm like I am not that kind of hacker, and you know, I also get like-

48:26 Michael: I just connect people man, leave me alone, this is not me.

48:28 Pete: Yeah, exactly. It’s just people who have more kind of interest and skills kind of more aligned with my own, and just to have inspire people to do cool stuff, like you don't have to let it take over your life and you don't have to like do things that are big and dramatic, like I said I moved to Pittsburgh pretty recently and I am involved in starting a pedestrian activism group here.

48:53 Michael: Yeah, so we are getting near the end of the show, maybe just take a moment or two and tell people like what are you up to these days.

48:59 Pete: Yeah, sure, so I moved to Pittsburgh and I have started this pedestrian activism group which is like way less earth shaking and daunting and kind of more close to my heart, but like I set them up a website, I set them a Twitter, I helped them set them up a email at our domain. And just, this is just like to help facilitate things what would otherwise be a Facebook group, this kind of like, most people must think you probably set up a domain and setup email routing to be able to go out and do that for some like local neighborhood, we are not like a nonprofit, we are just like there is like 4 of us and we meet once a month or every other month and we pick a walk, just to be able to go to that, technical work is so helpful.

49:41 Michael: That's so awesome. Yeah, that's really cool, it sounds like you find people and charities that are trying to make a difference, and you give them a bigger lever then they would otherwise have, right.

49:49 Pete: Yeah and I lever the things that I care about and I think that can be useful about, you can't lever everything but that doesn't mean you shouldn't do something, and there is a real difference between like being that leverand and doing that work and like donating is not a substitute for that, donating is good and like organizations like the EFF do really good work and- the tor projects they need money for that but like I just personally feel like that we have individual responsibility to actually do things as well.

50:20 Michael: Yeah, that's awesome. And you've definitely lived up to that, some of the stuff you've done so that's really cool. All right Pete, I normally ask people two questions on their way out the door, but they seem anticlimatic compared to the awesome stuff that you covered. So, you must have a unique view into the Python world and there is over 80 000 packaged on PyPi now, it's like 300 a day every few days, not updates, but new right, so are there ones that maybe you think are not well known that you should tell people what's awesome.

50:59 Pete: Working as freelancer developer I will straight up say Django pays my bills. And I am very grateful for that, like stuff that is fun for me these days is PySpark.

51:11 Michael: Ok, yeah, some big data stuff. Very cool.

51:14 Pete: Yeah, yeah, my background is that but you know, when you work as a freelancer you 51:18 and I get to do some of the other big data stuff as well, but...

51:23 Michael: Yeah, awesome. And then, when you edit your code, your Python code, what editor do you use?

51:28 Pete: I have two, I use Wing ide, I have been using it for a number of years, it had the best kind of code navigation and completion specifically for Python.

51:40 Michael: Yeah, I've heard that about it.

51:42 Pete: Yeah, it's just awesome. And, in the shell, Nano, I like Nano a lot [laugh] really.

51:50 Michael: I actually like Nano too, yeah.

51:51 Pete: People laugh at me but they are like you must use Emacs, you must use vi yeah, and I am like no, I like Nano, because I just want to get stuff done and I just when editing things in the shell, it's just because it's small and I just need to be quick and get it done and get it fixed and I don't want to have to think about how to quit my editor. [laugh] I wanted to say right at the bottom, here is how you quit, like yeah, so. Nano.

52:13 Michael: Ok, cool. Well thank you so much for taking the time to share these stories, hopefully it inspired people to do some stuff because it's very cool what you did and it sounds like you made a real difference.

52:25 Pete: Thank you so much, it means a lot.

52:27 Michael: You bet, yeah, see you later.

52:27 This has been another episode of Talk Python To Me.

52:27 Today's guest was Pete Fein and this episode has been sponsored by Hired and Snap CI. Thank you guys for supporting the show!

52:27 Hired wants to help you find your next big thing. Visit hired.com/talkpythontome to get 5 or more offers with salary and equity right up front and a special listener signing bonus of $2,000 USD.

52:27 Snap CI is modern continuous integration and delivery. Build, test, and deploy your code directly from github, all in your browser with debugging, docker, and parallelism included. Try them for free at snap.ci/talkpython

52:27 Are you or a colleague trying to learn Python? Have you tried books and videos that left you bored by just covering topics point-by-point? Check out my onlne course Python Jumpstart by Building 10 Apps at talkpython.fm/course to experience a more enga ging way to learn Python.

52:27 You can find the links from the show at talkpython.fm/episodes/show/61

52:27 Be sure to subscribe to the show. Open your favorite podcatcher and search for Python. We should be right at the top. You can also find the iTunes feed at /itunes, Google Play feed at /play and direct RSS feed at /rss on talkpython.fm.

52:27 Our theme music is Developers Developers Developers by Cory Smith, who goes by Smixx. You can hear the entire song at talkpython.fm/music. This is your host, Michael Kennedy. Thanks for listening!

52:27 Smixx, take us out of here.

Back to show page
Talk Python's Mastodon Michael Kennedy's Mastodon