One of my favorite runs in the world is the loop along the Charles River between Boston and Cambridge — connecting MIT, Harvard, BU, and Back Bay, if you run the long version. That’s but a few blocks away from where yesterday’s attack happened.

I’ve never run the Boston Marathon. During the day, I was joking with a friend there about who was how far from qualifying. I didn’t quite say “there’s a challenge to compete on, let’s run it next year”, mostly because I didn’t think I’d be in shape to make that challenge — I’ve never actually run a marathon, and the few half marathons I’ve done were well above 2h. No way I’d qualify.

A few hours later, the news hit twitter.

We quickly established that some MIT-based colleagues who had been helping with the communication infrastructure around the run were taken care of. A former colleague who used to run the marathon wasn’t in town this year. That was good news. And then, the fog of terror: Was a fire at the JFK library related? (didn’t seem so) Had more bombs been found, or not (none found)? Had the cell phone networks been shut down? (probably not, also: probably a bad idea) Classical media didn’t do much better than the social media rumor mill. Some news sites were down, given all the traffic.

On the day after, the news is full of security taking over, and full of reactions and worries around the world. How can we make sports events secure?

And there is that urge to say something, anything, when one really doesn’t have anything to say — for example, this blog post.

Bruce Schneier has it right: keep calm and carry on. We mustn’t let fear take over public spaces, or our thinking.

Here’s hoping that, next year, the Boston Marathon will be even harder to get into, because more people will want to run it.

Henry Kissinger’s “On China” is part historical and strategic tour de force, part personal memoir, part political legacy. It’s a book you must read.

Starting with a quick survey of China’s long history, Kissinger sets out to investigate the interaction between China and other powers near and far — from the barbarian management strategies practiced by the Middle Kingdom over millennia, through the unequal treaties of the 19th century, to the subsequent century and a half of turmoil, both foreign and domestic.  Kissinger is at his best as a writer and story-teller when he can mix strategy, history, personal memory, and the explication of diplomacy: The diplomacy and negotiation of the 1960s and 70s are at the heart of the book, and worth the read alone — both as an account of Chinese and US strategic challenges and eventual alignment, and as the story of careful negotiation and diplomacy, with all its absurdities and difficulties.

Yet, all that — and the subsequent material about the country’s stabilization under Deng and tense relationships post Tiananmen — is merely a foil before which Kissinger sets out, in the book’s epilogues, the strategic imperatives and challenges that the US (and the West more broadly) face in interacting with a resurging China today:

Both sides run great risks through confrontation; both sides need to concentrate on complex domestic adjustments.  Neither can afford to confine itself to its domestic evolution, important as it is.  Modern economics, technology, and weapons of mass destruction proscribe preemption.  The histories and economies of both countries compel them to interact.  The issue is whether they do so as adversaries or in a framework of potential cooperation. [...] history lauds not conflicts of societies but their reconciliations.

Are we facing an inevitable conflict (as Germany and the UK might have before World War I, by some analysis), Kissinger asks, or can we manage to evade conflict, by recognizing what relationships, what histories, and what potential futures are at stake?

This blog started on self-rolled software (deservedly lost), then moved to Movable Type, then to posterous.  As a result of Posterous’ untimely demise, it’s now hosted on WordPress.com, but under a domain name under my control.

Two quick notes.

1. It was reasonably easy to redirect the URIs of the old Movable Type instance of this blog to its new version.  Wouldn’t it be nice if posterous at least gave us a chance to keep old links intact?  Alas, none of that.

2. Why wordpress.com?  I originally looked for something self-hostable.  WordPress is reasonable blogging software, but sufficiently insecure that I don’t want to have to administer it. The paid, cloud-hosted service sounded like the right balance between ease of use, outsourced administration, and ability to just install the software myself and move on should I wish to.

Inspired by the Big Data panel at this year’s Computers, Privacy and Data Protection conference, a few quick questions.

We know that human cognition is full of bias and fallacy, and that humans aren’t Econs. Among other pieces, we know that humans confuse correlation for causation, and that machine learning and big data operate on the level of correlations only. We also know that machine learning can generate good hypotheses for what might be a controlling variable, and what might be a useful course of action.

The questions, then: What determine’s society’s attitude toward the tradeoffs between machine and human decision making, and is that attitude rational? What are the qualities we seek in these decisions?

And: Who’s said interesting things about these questions since danah boyd’s work in 2010, e.g., in “Privacy and Publicity in the Age of Big Data“?

When in the US, I’ll usually avoid roaming fees by using a T-Mobile SIM card and a Boston number. Due to a recent phone upgrade, I had to move to a different SIM card form factor.

Imagine my surprise when the interaction at the T-Mobile shop in Berkeley today went, roughly, like this: “What’s your number” — ” 857 …” – “Thomas?” – “yes” – “Hold on.”

I paid for the new SIM card, in cash. I put it into the recently-acquired phone. It worked. I walked out of the shop. At no point did I have to prove ownership of a SIM card that belonged to that phone number. And at no point did I have to produce any credentials.

Now, I’m suspecting that some of this might be related to me lacking a US street address — I’m just traveling here. But even if they were to ask me about an address: Just knowing somebody’s phone number and address, and nodding convincingly when asked whether I’m their first name, doesn’t strike me as a useful way to check that I actually am the owner of that number.

Anybody else see a problem here?

With all the recent attention to WHOIS, it’s time for a confession: I’m somewhat guilty for the infamous WHOIS Data Reminder Policy. With hindsight, it’s a bad policy, and it needs to die.

The year was 2002. ICANN’s DNSO (soon to be renamed as the GNSO) had a WHOIS Task Force, and was trying to extract policy choices from an ill-conceived and worse-executed survey of assorted self-selected stakeholders. As today, the topics at hand included privacy protections, compliance (and graduated sanctions for non-complying registrars), and accuracy of WHOIS records.

To get the discussion going, I threw a few of the proposals that had come up in the survey into a draft report as straw men; I probably made up a few more policy proposals out of whole cloth. Alas, there it was: The seemingly-innocuous concept that having an annual data reminder might be good customer service, and that it might somehow help to increase data accuracy. Next to graduated sanctions and other proposals on the table at the time, this idea had the attraction of saving face in the accuracy area, while not being an obviously bad idea by the standards of that particular task force. And so we inflicted it on the gTLD registrars and registrants of the world. And on ICANN’s not-yet nascent compliance department.

The policy appears to be implemented by most registrars in the form of an e-mail notification to registrants (even though it doesn’t have to be in email). By definition, these notifications include almost entirely public information. They’re therefore a first-rate phishing vector: For example, send a notification with slightly (but embarrassingly) wrong WHOIS data, give a link to fix the data, and hope that people will click that link and hand over the credentials that they’re using to manage their registration.

More generally, this policy exhibits a few flaws that are symptomatic for the broken policy process of the time: It micro-managed a particular piece of registrars’ interactions with their customers. It didn’t have a sunset date. It had no clear success metrics (e.g., number of corrections traceable to notices) that would have permitted ICANN to phase it out if unnecessary. It had no proper review for its security impact on registrants.

Even the WHOIS Review Team acknowledges that the policy is probably ineffective.

It’s time for the GNSO to propose to the Board to repeal this policy. Should be a slam dunk of a task force.

I’m on my way to the IETF meeting in Paris, and it’s close enough to take the train. Timing means that I won’t use the direct TGV from Luxembourg to Paris today, and so the trajectory I’m taking — a regional train to Nancy, and then onward by TGV –, carries some strong reminders of Germany’s and France’s long and painful history with each other, and that history’s traces in the region where the two countries touch.

I live in the Mosel valley, on the Luxembourg side of the river. In walking distance, a bridge across, and a somewhat decrepit train station on the German side. The railway that follows the Moselle is today a minor regional affair, but was originally built as a Prussian / German military investment: Purpose-built to transport troops and heavy guns from Berlin to Thionville, and onward to Metz; often tunneling through the Moselle’s tightly wound vineyards to not make those heavy trains brake. When it was built, that railway line had the world’s longest rail tunnel, and the infrastructure is still impressively over-engineered for today’s use.

The tracks are still there all along the Mosel, and along that route, Thionville train station still shows some of its belligerent past, in the form of bunkered-up artillery casemates right next to the station (and a matching fortress across the river) — as does the gorgeous city of Metz, with one of the larger surviving fortresses of the region. And even as the train makes it further into France, through towns too small for a stop and therefore nameless to this traveller, there are castles and fortresses to be seen, witnesses of wars gone by.

Also along these tracks: The remains of the steel mills that once contributed to making Lorraine a strategically important bone of contention between Germany and France — now either owned by Arcelor Mittal, torn down, or turned into repurposed heritage structures.

It would have seemed natural for me, then, to have jumped on a regional train to take me to Metz or Nancy along these direct tracks, and onward to Paris from there. But alas, that train doesn’t run: To this date, the German railway system stops at Perl, and the French one stops a kilometer or two upstream at Apach. Between them, Sierck-les-Bains, an old seat of the Dukes of Lorraine, features the ruins of their castle torn down by war in the early 1700s. Across the Moselle in Luxembourg lies the small village of Schengen, with its peaceful vineyards. The Schengen agreement was signed on a ship on the river right where Germany, Luxembourg, and France meet each other.

That one or two kilometer piece of train tracks between Perl and Apach is crossed by two local passenger trains in each direction every Saturday, and by the occasional freight train between France and Germany. To this date, there is no direct train connection between the neighboring cities of Trier, Thionville and Metz, and German train passengers have to travel through Luxembourg to make it into Lorraine — and back into the Moselle valley. Even today, the train routing strangely exaggerates the distance between Trier and Thionville.

Along this trip, it is tangible how the European unity, the Schengen agreement, and globalized trade more generally have helped to bring peace to this region that was ravaged by war for centuries, and changed owners far too often, and far too violently. But it is also tangible how the traces of past wars, past borders, and artificially built-up distance between nations still exist — for example in that direct railway track without a direct train.