No Such Weblog

I’ve been a firefox user for a long while, and normally stuck with the version of the browser that came with my Linux distribution of choice (currently: Fedora Core 6). Recently, however, the Firefox 1.5 builds that are distributed by Fedora seemed to suck up all the memory on my machine, and for good measure started crashing when they encountered complex web applications.I figured I could try Firefox 2 as well, so I finally installed the thing.Overall, I’m not noticing huge feature changes. However, some effects are worth it for me:

• The RSS feed auto-detection is now able to redirect to web based feed readers’ subscription interfaces; I can subscribe to a feed in Google reader by clicking on the feed icon in the address bar. That’s a huge plus.
• The tabbing UI has improved significantly. I’m finally able to manage my tabs reasonably (as opposed to just accumulating them until Firefox crashes, or until I close the window).
• The entire thing feels faster and leaner. That might be related to my previous point above about tabs, though.

Overall, I’m still amazed how a graphical UI that lets me run a terminal, a graphical web browser, an HTML editor, (recently Skype, some other instant messaging software), and an office suite seems to consistently eat all of a PC’s memory, at any given point in the curve of PC and software development history.(Off to order a memory extension. 😉

In Presentation styles, I wrote about my first attempt at using Lessig style for a presentation.I’ve done it again since — once at the German anti-phishing symposion in Bochum (slides in German), where my point was that security technology can’t really work if it ignores the constraints and possibilities of an underlying platform (and where I talked about some of the work of the Web Security Context Working Group) –, and at a panel at W3C’s AC meeting in Banff, where our theme was what the failure modes are that keep security technology from getting deployed.For that last talk, I’ll admit that I was about to do a “normal” powerpoint-like presentation (but using slidy, Dave Raggett’s XHTML + Javascript based presentation tool for once; authoring Lessig-style with that one is actually an uphill battle). After a while, I gave up in frustration: Turns out that, once you’ve done that other presentation style for a short while, you don’t go back to standard powerpoints that easily. The talk actually went reasonably well.I still expect to go back to usual powerpoint style for the next two or three talks that I’ll need to prepare, though — simply because they’ll be much more like lectures in character than the recent talks have been.

While there are a number of gifted photographers among my colleagues, Richard Ishida (aka r12a, for being the i18n activity lead) truly stands out. His latest stunning photography shows us Wazir Khan Mosque, and the Streets of Lahore. But also go see his collection of Bhutan photos, and the pictures he took in Hyderabad.(To point to just a few of my favorites. The collection of photos that Richard has online is vast, and worth spending time with.)

Eve Maler, SAML advocate extraordinaire, has compressed the SAML and Liberty spiel down to 12 minutes. If you’ve always wondered what that stuff is all about, go read it!

Even though movies typically get butchered for showing on airplanes (and then the screen is just miserable), there’s the occasional movie that grabs me.On the latest transatlantic flight, I was lucky to watch The Painted Veil, after a novel by W. Somerset Maugham. Naomi Watts and Ed Norton play the main characters. The story is set in 1920s Southern China, where a freshly-married English couple moves from London to Shanghai. The two of them don’t really love each other, she meets another man, there’s adultery; he (cruelly?) threatens divorce unless she joins him on a daunting mission to a cholera-infested area where he’ll help as a microbiologist and M.D., and where they may both well die.And there, the real story begins. I’ll leave it at that to not post too much of a spoiler. It’s love story, big drama, tragedy, with great music and marvelous photography to underpin it all.

Engadget reports about the next step in the AACS saga (via BoingBoing): During the time window between one cracked AACS key getting all over the place, and industry revoking that key, yet another key has been compromised.This is not just a glimpse at the sorry state of DRM technology and deployment, but also a study in failure modes of security technology. What has been demonstrated by this particular crack is nothing less than the total collapse of the protection that AACS is supposed to deliver, because the attackers are capable (probably reproducibly) of opening a new hole while the defenders in the system are still in the process of rolling out the countermeasures to the last. We might end up living in a world in which no Blu Ray or HD-DVD disk will hit the market protected.Meanwhile, it looks as if we’re going to see the defenders engage in an exercise of whack-a-mole in which all they do is burn money, without ever achieving their protection goals. The security technology and the organizational measures surrounding it turn around to damage the defenders more than they’ll ever damage the attackers.For some more reading on the design aspects exposed in this particular DRM debacle, have a look at these links:

• Was a mistake made in the design of AACS? (Perry Metzger on the cryptography mailing list)
• AACS Decryption Code Released (first post in a series by Ed Felten)
• AACS: Modeling the Battle (another post in the same series)

(In the last one, Ed Felten tries to model an attacker with an economic incentive to break the keys, and predicts certain behaviors. It’s interesting to observe how the behavior we’re seeing in real life is (a) different, and (b) even more damaging to the defenders.)

I’ve been a happy user of Movable Type 2.66 for a long time, and along with moving my personal server elsewhere, have upgraded to Movable Type 3.35. Turns out that not just is the license constraining (I thought I was within the constraints, since I only really run a single, personal blog any more), but so is the set of available features. Implement the random pointers part of this blog — on a purely technical level — as another blog installation (as I had done back then)? Well, go for Movable Type Enterprise, or buy the appropriate additional plugin to make it all fit together.Being the “cheap” type who likes extensibility and the ability to play around with the software he uses, I’m now wondering what blogging platform I should choose to run on this Linux machine — as nice as MT 3 is in terms of UI, I won’t stick to it. WordPress? b2evolution? S9Y, as =F6 recommends? Something else that I haven’t heard of, yet?A smooth migration path from Movable Type is among the most critical criteria for the choice. A decent and simple web interface to post new items and administer comments as well. Oh, and I want to be able to syndicate an external RSS feed into this blog’s sidebar, seamlessly. (Now, that’s so 2002, as far as feature requests go…)

Imagine my surprise when my attempt to buy a good friend dinner failed that way earlier this year. Imagine my dismay when (after said friend had put the bill on her card; different brand) my ATM card failed, too, and I suddenly seemed stranded without access to money. All that was, incidentally, right in the middle of a longer trip abroad, and I knew I’d still have a bunch of hotel bills to pay — and no way to just walk to my local bank branch and get cash, since that was some 4000 miles away. Fortunately, things had sorted themselves out the next day; when I called, I was told they had a “computer outage” that night.Disquieting, though, that a single computer outage was enough to knock out both my ATM card and the Mastercard. One might have hoped these were running on different systems.A similar (but less embarrassing) experience today: Amazon bounced a Visa card that I’m essentially only ever using with them. When I called CETREL, I was told that, well, all was right with my card, but “Visa International is down today.” When I grumbled that this was the second bounced card this year, the reply was a stunning, “well, ya know, they’re down the third time today.”I can’t think of any better advertising for having credit cards with more than one company (and ideally in more than one country), but I’m also surprised how the systems that we’ve come to rely on for payment seem to have significant single points of failure built in — unfortunately, points of failure that apparently can collapse without the impact of major catastrophic events.I, for one, am now seriously considering to get another card from another brand, and am also thinking of keeping a reserve of travelers cheques or cash around when I’m on the road.

Airport bookstores are usually heavy on Brown and Crichton, so there is no risk to mistake them for beacons of literature. Still, I end up in these book stores (in particular when I’m out of reading material for a particular trip), and often get desperate.Therefore, I was pleasantly surprised by my latest two rounds of airport book shopping.In Schiphol, I bought Khaled Hosseini‘s Kite Runner, which I had seen recommended. The story takes up all the classical motives: Betrayal between fathers and sons and among friends and brothers, masters and servants; the quest for redemption that leads to more tragedy; exile; love; foreign countries and countries that become foreign. The background for that is Afghanistan from the 1970s (where a seemingly untroubled childhood ends suddenly) through today; Kabul’s upper class back then (where unwritten rules lead to cruel lies) and the Afghani exile community in the US (where links within that community provide help when Western society turns into inhumane bureaucracy). The novel is brilliantly written and thought-provoking; go read it if you haven’t.In Budapest, I stumbled over a shelf dedicated to Hungarian authors. There, I found Antal Szerb‘s 1934 “Pendragon Legend”, which has recently come out in a new English translation. That novel tells of a Hungarian private scholar in early 1930s London, who spends an inherited fortune to fund a life spent on research in libraries. Jan�s B�tky, as that apparently autobiographic hero is called, is drawn into the somewhat mystifying family history of certain Welsh earls, and soon finds himself in the middle of a maelstrom of alchemy, Rosacrucians, old Welsh legends, (courtly?) love for the Lady of the Castle, and temptations of all kinds; not to forget nightly expeditions to haunted lakes, castles, and forests. On its surface, this novel is a bit detective story and a bit mystic thriller – but it doesn’t take itself seriously; instead, Szerb gives a uniquely ironic rendering of his motives, of the genres he takes up, and of his characters. A thoroughly enjoyable read.

I was asked to speak at the Hungarian Web Conference in Budapest last week-end. That conference brings together about 500 Web aficionados at a conference center in Budapest’s tenth district. Most of the conference was in Hungarian; talks are given in four tracks throughout all Saturday. Kudos, first of all, to W3C’s Hungarian Office which was a co-sponsor of the conference!For my talk on security and usability on the web, I tried a Lessig-like presentation style. The result was, I dare say, a pretty good talk — one of the better ones I’ve given in a while –, and a lesson learned about how I prepare talks.Usually, what I do is ultimately an academic lecture: I prepare some material, I assume that I’ll have slides to serve as a buffer for the audience to hold context (just like we had the blackboard back when I did talks about maths), and then I start explaining things. Of course I rehearse once or twice, readjust some things, make sure there’s some kind of flow to what I tell — but, ultimately, I rely on the written material, and you’ll be able to extract much of the talk’s content from it.In Lessig-like mode (similar to Takahashi style or Hardt style), I found myself preparing a speech. The slides served to underline a point, to hold a quote, to emphasize — but not to hold context. I found myself in story-telling mode much more than I usually am. I found myself forced to break down my argument more simply and more clearly than I’d usually do. I found myself using more rhetorics than I normally do, and I found myself preparing by giving the speech I was going to hold in little pieces, by iteratively changing the slides, by rehearsing this point or that point over and over.The downside is clear: While the slides are now available for public consumption, you may not easily get some of the points in there; some of the slides really only make sense when they are combined with the spoken word. I hope none of the possible misunderstandings will haunt me later; actually, I was quite reluctant about making these slides public in the first place (though I’d any time make a recording of the speech together with the slides public, if I had one).I’ll try this presentation style again: while it takes more preparation than an off-the-mill “powerpoint” presentation (I’d never dare to prepare a talk like this during the session that leads up to mine, for instance), I find it more fun to prepare and give talks like this.If you haven’t ever tried this style, go try it. It’s worth the effort.