No Such Weblog

Day 2, yesterday, was less exciting than day 1. That might be a function of the talks that I actually attended: The guy who presented an analysis of the Linux kernel-mode PRNG botched his answers to some questions from the audience. Steffen Meschkat gave a nice tutorial about JSON, but ran over his allotted time and skipped the authentication and authorization related part of his talk — pity.The best talk that I got to listen to was in the RFID hacking session; Henryk Plz showed how to replicate an access-control card with home-grown technology and an ipod. Bonus points for hack value.Now, day 3.

I’m in Berlin, at 23C3. Day 1 is getting late. So far, it’s one of the best conferences I’ve been to this year. Packed lectures with attentive audiences; thought-provoking talks; good hallway chats.Today, I heard about a probabilistic trust model for PGP (which is apparently based on theories that deal with reasoning in the face of uncertainty; this looks like one of those cases where the really interesting stuff was left out of the talk); about user interface designs (and what geeks might be tempted to do and rather shouldn’t; great talk and an even more packed room); about surveillance in hotel rooms (and why not to use big brandname hotels); about voting machines in Netherlands (and making them play chess; my “best talk of the day” award goes to this one). I got to catch up with some old friends whom I haven’t seen in a while (and missed some sessions), and I got to talk to the folks at CAcert.org for a bit.Right now, Caspar Bowden is giving a nice presentation about Cardspace; unfortunately, I’ve seen some very similar talks a number of times in the past. During the Q&A, Caspar brings up an interesting question: What implications does Data Retention (more about that later tonight) have for Identity Providers in systems like Cardspace?

The air travel industry is in fear of liquids these days, and so the EU is heading for the same bright system that the US has: A small amount of liquids is permitted in carry-on luggage, in small containers, and to limit the total amount, you have to put it all into a ziplock bag. (There go the 3l of bottled water that I normally take on long-haul flights…)To make things real fun, though, the system isn’t really the same: US rules say “no more than 3oz”, EU rules say “no more than 100ml”; US rules limit the zip-lock bag to 7.5″ﾗ8″, EU rules say 20cmﾗ20cm. All of these are nice, round numbers, and they are about the same. But just about the same: That 100ml roll-on deo that is fine in the EU is clearly above the 88ml that you can take aboard a plane in the US, and the ziplock bag dimensions aren’t really the same, either.In reasonble company, the differences are on a scale where it doesn’t matter. But would you want to trust airport screeners to be reasonable these days? I’ll bet that we’re going to see any number of EU ziplock bags confiscated in the US before this gets any better.

This is a comment that I’ve sent to ICANN about the planned new .org, .biz, .info registry agreements.I am writing this note in my personl capacity, as a long time observer of and some time participant in ICANN. It applies equally to the .biz, .info, and .org agreements.The apparent ability for registries to arbitrarily increase prices for domain names at the time of renewal puts one of the most fundamental factors in the DNS’s success to date at risk (one might say, its very purpose): The easy availability of persistent globally unique identifiers.

The Wall Street Journal thinks it would be a good idea to focus screening resources at airports based on racial or ethnic profiling.What this means is that — for the same level of overall screening resources available — the out-of-profile group gets less screening. I.e., game the profile, and you’e more likely to get something actually dangerous on board. And no, profiles can’t be kept secret — just as frequent flyers learn the profiles applied at their favorite airports, terrorists learn about them. Nothing of this is new; the Carnival Booth paper nicely describes an algorithm for finding the most likely successful attackers given the presence of a profiling system. Racial and ethnic profiling is likely to increase the chances that attackers successfully bomb planes. It’s bad for security.But of course, rational arguments don’t count when hysteria is the order of the day.

I’ve been looking for a decent RSS reader for a long time, without success. Most of the time, I’m using Sage, a firefox extension, but I’m not really happy: I’d like to read blogs as quickly as possible, scan through them without much hassle, and I certainly don’t want to be bothered by feeds that have no news. Just give me the bare essentials.I guess what I’m ultimately looking for is an RSS reader that — finally — gets me back to the user experience that I would get with the good old nn(1) news reader. Amazingly, Google Reader gets closest so far.

I just did an upgrade of my laptop (a Thinkpad T43) from Fedora Core 4 to Fedora Core 5, using the yum package manager. Instructions here.This has been the most hassle-free upgrade since Debian. Points to consider:

• Remove the jpackage repositories, if you were using them. The relevant packages seem to have become part of Fedora.
• You can upgrade Fedora Core (core) and packages from the Livna repositories in one pass.
• Yes, it does take a bit too much time.

In terms of after-upgrade pain, in typical RedHat fashion, suspend/resume is broken with the latest kernels, so I’m running on the same old Fedora Core 4 kernel that I’ve been using in a while. Overall, FC5 feels snappier than FC4; it seems like some major memory hogs might have been removed. NetworkManager now supports Wireless Protected Access (and the necessary infrastructure is installed by default); that’s a very welcome addition, and I’ve reconfigured my access point.My favorite text editor (jed) is included in a version that deals with utf-8, so I’ve finally switched to a native utf-8 environment for all I do. This particular update required a one-line change to a custom SLang script that I use for editing e-mail, but that’s not to blame on the distribution. Overall, the switch from iso-8859-15 to utf-8 was limited to putting a different system default locale into /etc/sysconfig/i18n, and removing some iso-latin specific stuff from my .jedrc and my .Xresources.Overall rating: 8/10 points; I don’t get why Redhat isn’t able to consistently support suspend/resume on one of the more common laptop platforms around.

One of the few things that have been bugging me for a while about my Treo is the fact that the stylus that is shipped with the device has a tendency to slip out and get lost. Last week, I seem to have lost it for good, so i ordered an entirely overpriced set of replacement styli from Palm.Surprise of surprises: These beasts fit properly, and don’t feel like I might lose them any time soon.Why not do it properly in the first place?

Susan Crawford has a laundry list of things that ICANN needs to do. One of her items has been a theme in the ICANN community for a while, and it came up in Wellington as well: 1.5 We need to make better tools available for policy development purposes.As I told some senior ICANN staffers in a hallway down there, ICANN isn’t really lacking the tools. ICANN has archived mailing lists. It has a web server. People do use instant messaging. It is possible to build a decent collaborative environment based on these tools.What ICANN lacks is a culture of collaboration: Appoint an editor for documents. Publish things quickly, and at a stable location — right now, everything that goes on the ICANN web site needs five days for conversion to HTML (why not use HTML for authoring?) and review by General Counsel; drafts are generally word documents that are exchanged by e-mail. Make minutes available, quickly, and link them from a web page. Link, whenever you refer to something. Have Instant Messaging back-channels during conference calls.Bad enough, a large part of the ICANN community seems to believe that tool support can solve problems that are actually caused by the overall work style in the ICANN community.Unfortunately, it doesn’t really look like the work style of ICANN’s current leadership mixes too well with online collaboration. So we’ll probably hear more about how ICANN suffers from inadequate tools, how a new position has been staffed to achieve Excellence in Collaboration and is now reviewing a lot of expensive toys — and in the end, everybody will continue to work the same way they do now.As someone said in Wellington: “E-Mail doesn’t really fit my work style.” I think I was speechlessly puzzled in that moment. And then, I started to wonder how on earth that person got the job they hold now.

I spent the last two weeks in Wellington and Auckland, New Zealand — and, for a significant amount of time, on board various aircraft. The occasion was attending the ICANN meetings in Wellington; I’m currently involved with ICANN as a member of its Nominating Committee. Unfortunately, much of what goes on on the NomComm is unbloggable. Much of the rest of the meeting didn’t strike me as particularly note- or blog-worthy.One important part of these meetings is the social event (or, rather, are the social events). ICANN is, fortunately, joining the club of those who hold these in nearby major museums: We were served canapees at the Te Papa Tongarewa, the Musem of New Zealand, and had access to (most of) the exhibits there. After the IETF’s visit to the antisocially good Mus馥 d’Orsay last summer, this is one of the better social events I’ve experienced, and I very much hope that other groups will start to join this trend.Another tradition that is evolving in ICANN Social Events is the sports evening; this time, bowling. Besides being a clever marketing event for Auda (they were clever enough to give out free baseball caps for the first strike — people were actually wearing these, despite the incredibly ugly and Cheney-safe color combination), these ones help to bring the rather diverse and fractioned ICANN community together.Kudos for both of these choices to the local organizers.(And yes, it is a bit sad that the social events were the most bloggable thing that happened all week. Besides Mike Palage leaving the board, maybe.)