Tom Marble's Blog

Check out:

See also all posts and comments


M41LZ in Tails

Here is the background on my workshop presentation M41LZ in Tails: securing e-mail at Code Freeze 2015. Currently the slides are under heavy development -- stay tuned as they are updated in anticipation of v1.0.0 on January 14, 2015. Of course the slides alone don't provided the extra commentary and personal experiences -- you'll have to come to Code Freeze for that!

Code Freeze 2015


Tom Marble is best known for being the first "OpenJDK Ambassador" on the Sun Microsystems core team that open sourced the Java programming language. Tom has a Masters degree in Electrical Engineering from the University of Minnesota where he worked under Otto H. Schmitt. He has combined his EE and community experiences in open source hardware projects such as USB TRNG and his software and intellectual property experiences by organizing a legal and policy issues track at Europe's largest open source conference, FOSDEM. Tom's passion for Free Software is demonstrated by frequent speaking at conferences such as O'Reilly's Open Source Convention, JavaOne, the Debian conference, Software Passion (Sweden), Fórum Internacional do Software Livre (Brazil) and Linux Conf Australia.

Mr. Marble is committed to increasing diversity in technology (especially in open source) by volunteering as an organizer for ClojureBridge Minneapolis -- a weekend workshop for women to learn the Clojure programming language -- as well as the GNOME Outreach Program for Women on behalf of the Debian project.

Tom is the founder of Informatique, Inc.: a consultancy which leverages his hardware, software and legal engineering background for client projects as diverse as telematics for electric vehicles, probabilistic model checking, autonomous cyber defense, and multiplayer online gaming.


We are stuck between knowing that our Internet communications are vulnerable and using overly complex crypto tools. This workshop will explain, step by step, how to use open source encryption available in a live USB drive based system to secure e-mail. Along the way you will learn about threats to anonymity on the web and how to harness the Web of Trust. We'll then explore the next steps to making secure e-mail more practical for everyday use.


The presentation can be viewed live at

The source for the presentation is at


Please let me know how I can improve this presentation!



Today I've made some modest changes to my CV, LinkedIn and various online profiles. The theme has been "less is more" and I want to highlight my interest consulting in Clojure, security and embedded hardware.

Why corp-to-corp consulting? I regularly get asked this question by companies that want to fill permanent, full-time positions. Having worked for big companies, small companies and even having founded a Silicon Valley startup from Minnesota (just think of the miles!) I've come to realize that consulting is a great fit for me. I can carefully chose clients projects that have really interesting problems and at the same time invest continually in personal development (e.g. conference organizing, working to increase the participation of women in open source software). One of the nice fringe benefits for clients is I can share best practices that I've learned in my travels with each engagement.

Let me know if your project could use some extra hands!



Yesterday I had a blast presenting my talk Security not by chance: the AltusMetrum hardware true random number generator at DebConf14.

DebConf 14

USB TRNG is a collaborative effort with AltusMetrum to create a completely open hardware and Free software true random number generator.

In my talk I mention the rationale for gathering more entropy: The Linux urandom boot-time entropy hole as described in the paper Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices.

I also mention some of the difficulty in assessing RNG quality for security applications as highlighted by Matthew Green in his blog post How do you know if an RNG is working?.

I've been lucky to work on this design with Bdale Garbee and Keith Packard.

If you'd like to learn more you can...

  • Download the presentation (see below)
  • Check out the web page for USB TRNG
  • Join us on IRC OFTC #altusmetrum
  • Join the trng mailing list

Let me know if you'd like to get involved!


10000 Processes in Om

10,000 Processes in Om

I have just published om-processes which is a port of David Nolen's 10,000 Processes in Clojurescript to Om.

Clojurescript is a port of Clojure to JavaScript which is especially well suited for running in a browser. Just as Clojure offers a pleasant LISP on the JVM Clojurescript offers (nearly the same) LISP in the browser. The performance of Clojurescript is outstanding due to the massive optimizations available from the Google Closure compiler.

JavaScript, however, has some fundamental flaws... Top among these are it is single threaded which leads to an asynchronous callback style of "event programming". Clojure's core.async offers a solution in the form of CSP style programming. Using core.async one can think about coding in a more intuitive way.

In 10,000 Processes Nolen demonstrates using core.async to simulate independent "threads" despite the fact that the underlying platform has no native support for threads.

In Om Nolen leverages Facebook's React to create a high performance, immutable model for client programming.

The technical study om-processes is simply the fusion of all these ideas into one demonstration. Who knew web development could be so much fun!

Is this thing still on

Is this thing still on?

This is just a test of posting to my blog.. it's been too long...

And, since I upgraded my VPS I realize the dates/ordering of posts was lost :(

I'll try to remedy this!

Legal Issues at FOSDEM 2014

Legal Issues at FOSDEM 2014

I'm very pleased to announce the Call For Participation for the FOSDEM 2014 Legal Issues DevRoom.

This is the third year that I've been lucky enough to collaborate with some leading practitioners of Free Software and Open Source licensing and community leadership to organize this intense event on the topic of what makes FLOSS possible and what are the key issues facing FLOSS today. I'm joined by my friends Karen Sandler, Bradley Kuhn, and Richard Fontana.

I have been fascinated by the intersection of law and technology because it is the clever use of copyright that makes Free, Libre and Open Source Software possible. We hope to stimulate discussion on topics such as:

  • Copyleft vs. permissive licensing: What is a policy case for copyleft? If so what form should it take?
  • How is software freedom important in ensuring privacy and security?
  • What defines a Free Software and/or Open Source project?
  • Do traditional Free Software values face some level of cooption from for-profit corporate interest? If so, how?
  • Copyleft licensing models and how they relate to business models. Are there some business models that are license-permissible but bad for community building? On the other side, does your license choice limit or expand your community?
  • Eroding software freedom in the proliferation of closed computing devices such as mobile phones and tablets
  • Copyleft enforcement and compliance planning from a developer perspective. What is the future of GPL enforcement? Is it working?
  • What is its impact on adoption of copyleft?
  • How does the 'so-called' software patent war impact Free Software and Open Source?
  • Copyleft license compatibility. What are the challenges of code base merges when various licenses are in use? How does a compatibility analysis between licenses work?

Please submit your talk idea before December 1st and plan to join us in Brussels on February 1st and 2nd!


ClojureBridge Minnesota

ClojureBridge Minnesota

Of course the weather being what it is -- winter came in with a bang -- our turnout last night at was light....


But we had a small, enthusiastic group that discussed the recent Clojure Conj by editorializing the fine blog bost by Logan Linn.

We also introduced the ClojureBridge effort to the group and everyone sees nice synergy between this and our recent success in November with "beginner's night" (which we plan to repeat every other meeting).

As a software development consultant I often co-work at CoCoMSP -- a melting pot of entrepreneurial energy. I have introduced the idea of hosting ClojureBridge at CoCoMSP with the founders and they are considering it (fingers crossed)!

Now we need to recruit more volunteers to help organize our local ClojureBridge Minnesota workshop next spring!

Ask me how you can help!


Comments on FaiF 0x22

Comments on FaiF 0x22

I have some comments on today's episode of Free as in Freedom: 0x22: Elder's Methods of FOSS Activism. Obviously you should listen to it (and add FaiF to your favorite podcatcher. You will be the forth listener! :) ). This oggcast is the first in a series from the first Legal Issues DevRoom at FOSDEM which Karen, Bradley, Richard Fontana and I organized.

I think Bradley was critical of Ambjörn's talk not enumerating all the collaboration that has taken place in the FLOSS community. To be fair Ambjörn himself said he had tried to enumerate various examples (and has 196 or so pointers on his blog ... see the ?Speakers page for blog links). Karen makes the point that it is precisely these sort of events where we can learn about activisim across a broad range of our communities.

I appreciate Ambjörn's view that we can develop and use various norms and legal tools to help promote Internet Freedom generally, but sometimes activism is necessary to educate and move public policy (e.g. the SOPA protests). Indeed we seem increasingly under threat of being limited to walled application gardens or even being literally firewalled from the open Internet.

The key takeaway, I believe, is we need to collaborate more between Free Software, Open Source, Free Culture and broader Internet Freedom communities generally. In a conversation with Mike Linksvayer after the DevRoom session we discussed the challenge from a FLOSS project level of designing the licensing of software and non-software artificacts such that both could evolve together over time. This is a tricky issue which involves "or later" (plus licensing) versions and software/non-software licensing compatibility. We shared the observation -- apropos to Ambjörn's talk -- that many humanitarian or otherwise public activisim efforts often don't make FLOSS part of their agenda (and, in fact, may not even be aware of it). We need to do a much better job at this collaboration and cross-community education.

As for the logistics of the DevRoom allow my to publicly express a mea culpa. I have been to FOSDEM before and I know how challenging it is to fit "a 20lb conference in a 10lb bag" (as @spot said). I knew that 30 minute sesssions would be short... We had so many great proposals that I was happy to hear from as many as possible. However it is true that this was ultimately too short and the format did not adequately allow for Q/A, discussion, time to change DevRooms and setup for the next speaker. And I especially want to apologize to anyone who was waiting outside the DevRoom that I steadfastly refused to let in :-| . I didn't want the FOSDEM volunteer organizers to have the University withdraw support for future conferences due to violating fire codes.

I hope everyone will be able to check out the ?slides and/or audio oggcasts of the talks as they become available. And, yes, we'll hopefully get a bigger room and plan for more discussion time next year!

first post

This is the first post to tmarble example blog.

Nevermind the testing... testing 1 2 3 :)

You are going to find yourself immersed in legal issues

You are going to find yourself immersed in legal issues

The title of this blog post is a quote from Karen in the most recent Free as in Freedom oggcast

FAIF 0x1E:
Legal issues are an inherent part of Free and open source software generally. If you get passionate about Free and open source software you are going to find yourself immersed in legal issues. It's something I think developers are really aware of... much more so than in other fields.

I consider myself to be very passionate about FLOSS and I care about the it's legal underpinnings because I see the enormous potential good FLOSS can bring to addressing the big challenges facing the planet. Continuing to enjoy the right to engage in FLOSS depends on the legal terrain which makes it possible.

We have seen the excesses of copyright maximalists in Free Culture and the damaging impact they can have. The SOPA (PIPA) debates are simply the latest chapter in that saga. Lessig points out that, at least in the USA, we will never win that war until we win the war against corruption of our Republic. We must strike the root of the problem in addition to the branches. I say we must remain vigilant about the branches as well.

FLOSS is another branch which is as important as Free Culture. Understanding that FLOSS is possible due a hack on copyright underscores how critical it is for developers to be aware of the legal environment in which their creativity can thrive. And the escalating software patent war -- especially in Java and mobile -- has had a chilling effect on innovation.

One the strengths (can we think in terms of countermeasures?) of our community is that we function out of basic principles of transparency and respect. The traditions in FLOSS like the traditions in the early open Internet form a culture of true innovation where working code drives collaboration and makes it possible to "stand on the shoulders of giants". Fontana has talked about this lex mercatoria in Free Software as an essential part of understanding the context of legal issues in FLOSS. I hope he will expand on this in his new blog.

I am optimistic that if we combine our brainpower to protect FLOSS as we do to create awesome software we can enable new kinds of working together which other fields will emulate. I can't wait to explore the frontier of the future possible.

Listen to the oggcast introduction [4:25..12:55] (at least) to hear Karen and Bradley discuss the upcoming Legal Issues DevRoom at FOSDEM 2012. The Legal Issues DevRoom Call For Participation closes on December 30 -- please consider submitting a talk today!


This blog is powered by ikiwiki