Internet wiretapping

A story about impending U.S. legislation has hit the news in the last few days: Senator Patrick Leahy, along with ten co-sponsors that include Dianne Feinstein and my own senator, Chuck Schumer), has introduced S. 3804, the Combating Online Infringement and Counterfeits Act (link to PDF).

There’s a log of blog outcry about it, of course, and rightly so. I’m less worried about it than many, but I do think it’s a bad idea. Here’s why:

First, we’re meant to be a democracy, different from the totalitarian states we group together with terms such as Axis of Evil and whatnot. That means that, in general, we fit our surveillance and law enforcement into the technology, rather than limiting the technology and building it specifically to enable surveillance and law enforcement. Those who say that this is only paralleling what’s in the telephone system already are missing that the telephone system grew up from a much lower-tech starting point. Wiretaps used to be literally that: wires clipped into wired systems. And it didn’t used to be easy at all.

There’s a lot about surveillance and intelligence gathering that’s hard, and it stands to reason that those tasked with doing it should want to make it easier. Keeping it hard is actually a useful check on nascent authoritarian tendencies, and the temptation for abuse. We’ve recently had court decisions, for example, declaring it a fourth-amendment violation to use GPS tracking without a warrant. These sorts of checks are important.

There’s no saying that the sort of surveillance that S. 3804 proposes will be warrantless — and the bill does specify that a court has to approve it — but we have to remember the warrantless electronic surveillance of the Bush administration, where they bypassed no only the regular courts but also the FISA court, specifically set up to deal with monitoring terrorist action. Official abuse is a real danger.

Further, this bill doesn’t even address terrorism, nor even racketeering or other such crimes. It’s aimed at copyright infringement. Not to put too fine a point on it, but that’s a ridiculous focus for such a broad and risky remedy. There are better ways to address the problem of illegal distribution of copyrighted material, and this is an attempt to shortcut things with a blunt instrument. At least, though, it’s not as bad as the insane French HADOPI law.

Apart from official abuse, though, there’s the issue of abuse by the Bad Guys themselves, who can fool with such a system in two ways:

1. They can take advantage of the holes themselves. Any system that allows authorized intrusion implicitly allows unauthorized intrusion as well, and we should not be so naïve as to think that won’t happen. People are corruptible, security systems are compromised all the time, and if we set it up so that any Internet communication is tappable, malefactors will make their way in and tap it.
2. They can skirt it entirely. It will only be the normal communication channels that will have their encryption compromised, allowing officials to get the unencrypted version. If what gets put on those wires is itself encrypted beforehand — if the unencrypted version is separately encrypted — we’ve gained nothing. Once requiring specialized, high-tech, expensive machines, encryption is now easy, and any ten-year-old with a copy of PGP can do it. And anyone can create a self-signed TLS certificate to secure communication with their web site. There’s nothing the service providers can do to tap into any of that.

The result will be, as often happens with these sorts of things, that private citizens and companies that are trying to abide by the law will have their privacy and liberty compromised, while the real criminals will be able to hide as easily as they do today. If passed, this law will have some effect in the area it’s intended to... but that effect will be limited, and probably short-term.

Finally, there’s the law itself: it actually seems pretty good in its inclusion of safeguards and court involvement. There are two issues I have with it:

1. Sec. 2324(a)(2)(B) is too vague:

   [For purposes of this section, an Internet site is dedicated to infringing activities if such site is] engaged in the activities described in subparagraph (A), and when taken together, such activities are central to the activity of the Internet site or sites accessed through a specific domain name.

   Subparagraph (A) specifies that the site must be specifically designed for these activities, be marketed for these activities, or have no significant purpose other than these activities. That provides a reasonable limitation on the Internet sites that may be targeted here. But then subparagraph (B) opens it back up in a vague way, by saying that any other site might qualify if when taken together such activities are central to the site. Subparagraph (A) clearly does not include such sites as YouTube and Facebook, but subparagraph (B) arguably could. The threat of bringing such an argument to court could exert a severely chilling effect on web sites devoted to social activities and legitimate media sharing.
2. Sec. 2324(j) provides for a public list of sites that are alleged, without any real evidence or court involvement.

   (1) IN GENERAL- The Attorney General shall maintain a public listing of domain names that, upon information and reasonable belief, the Department of Justice determines are dedicated to infringing activities but for which the Attorney General has not filed an action under this section.

   There are mechanisms to ask to be removed from the list, and for judicial review of the case only after the Justice Department refuses the petition for removal. This amounts to an unregulated blacklist of Internet sites, and strikes me as ill advised, and possibly dangerous. There will clearly be such a list held at the Justice Department; the list should not be public. Any public list must be vetted by a court, as a necessary check on law enforcement.

I plan to write to Senator Schumer with a brief version of this post, and a pointer to the full one.

Fiscal responsibility? Or Fiscal lying?

I saw a local political advertisement last night, in which two women are in a diner, talking. One has had a fight with her husband, because she broke the family budget by spending too much on the kids’ school supplies. It seems that she had been hoping the STAR rebate check would come in to cover it.

STAR — the New York State School TAx Relief program — is a program that reduces school taxes for homeowners. The first $30,000 of the assessed value of your primary residence, if you own it, is not subject to school tax (and there are further rules for older people).

In the ad, after the two women set up the situation, the waitress comes over:

Waitress: So, what can I get you girls?

Woman: How about my STAR rebate check? [Smirks.]

Waitress: Can’t help you there. Last year, Senator Suzi Oppenheimer did away with them. [She enunciates the senator’s name especially clearly.]

Woman: So, while I’m trying to make ends meet, Senator Oppenheimer is making it even harder?

Waitress: Can you believe it?

Voice over: Paid for by New Yorkers for Fiscal Responsibility.

Can you believe it, indeed? You shouldn’t.

First, of course, Senator Oppenheimer did nothing all by herself. The New York State Senate has 62 members, and any repeal has to pass with a majority vote.

But what is it that they did away with, according to the advert? The STAR program?

No, look at it carefully. They did away with the STAR rebate checks. The program is still there, reducing our school tax just as it had been.

[Update, 16:00: I’ve made an important error below, and part of the tax reduction has been repealed. Please see the comments.]

See, what used to happen is that we had to pay the full tax, and we had to apply for the rebate. And then, later, the state would send us rebate checks. But that meant that we paid the money up front and got it back later. It also meant that the state had to spend a lot of money processing applications and issuing checks.

What has changed is that we keep the money all along. The STAR rebate has now become a STAR exemption, and it’s calculated into our school taxes from the beginning. There’s no rebate check because we never had to pay the money in the first place. That’s better than a rebate check, and it saves the state a significant expense.

That sounds like fiscal responsibility to me. And this group with the misleading ad is just full of crap.

Analyzing some spam

I got an amusing little piece of email spam this morning. Amusing, that is, from the point of view of someone who likes to figure out what the spammers are doing and what they’ve compromised in order to do it. Here’s the message, as displayed to me in gmail (I’ve inserted spaces in the URL and email addresses, so your browser won’t make them clickable):

from McDonald’s Survey Department. <survey @ mcdonalds.com>
reply-to survey @ mcdonalds.com
to
date Mon, Sep 27, 2010 at 15:01
subject McDonald’s Survey

Dear customer,


Please give us only 5 minutes of your valuable time to ask you some questions about our products . Please be aware that we will not ask you about any personal information.

In return, we will credit $90.00 to your account - just for your time.

If you want to answer our simply 8 questions , please click the link below :

http: //dyn248.ele.uri.edu/.mcdonalds.com/survey/index.html

Thank you for helping us to become better .

Sincerely, McDonald’s Survey Department.


Please do not reply to this email. This mailbox is not monitored and you will not receive a response.

Of course, the message isn’t really from anyone at mcdonalds.com, but you knew that.

The first interesting thing is the URL. As is often the case with spam URLs, they’ve tried to make it look like a legitimate URL from the company by sticking their domain name in there somewhere — in this case, it’s after the slash, and one has to know how to read URLs to understand that putting it there just makes it information that’s passed to the web server, and has nothing to do with what web server gets used.

And the web server it’s pointing us to is at uri.edu, which is what piqued my interest. This isn’t some throwaway domain, nor anything else registered by the spammer, but something residing at the University of Rhode Island. In particular, this looks like a temporary name assigned to some computer connected to U of RI’s network.

My guess is that a student machine was compromised — malware got installed on it — and the malware set up a hidden web server that’s meant to handle these requests.

Let’s look at where the email message really came from, by checking out the Received lines in the headers. Here are the two operative ones:

Received: from www-7419bfef271.modrsoft.com ([218.24.93.98])

by hormel7.ieee.org (8.13.8/8.13.8/Debian-3)

with ESMTP id o8S55UDI020590; Tue, 28 Sep 2010 01:05:32 -0400

Received: from User ([99.97.107.229]) by www-7419bfef271.modrsoft.com

with Microsoft SMTPSVC(6.0.3790.4675); Tue, 28 Sep 2010 02:41:35 +0800

Reading bottom up, the message was submitted by an IP address in SBC Internet Services, to an IP address at Modrsoft, a legitimate service provider in China. The spammers appear to have found an open relay in Modrsoft’s network, or else Modrsoft doesn’t block port 25, and they compromised a machine there, as well.

Here’s what it looks like:

1. A compromised computer on SBC’s network was ordered to submit the spam message.
2. It submitted it to a compromised computer on Modrsoft’s network.
3. That computer relayed the message to its recipients (including me).
4. The message directs users to a clandestine web server on a compromised machine at University of Rhode Island.

Unfortunately, the trail goes cold there: I tried to snag the web page, to see what it’s meant to do... but I can’t contact a web server at that address. The machine has been taken offline, has a new address, or has been cleaned up. In any case, it’s not serving the bad guys at the moment. That’s often true of these things: they may only work for a brief time, but they can certainly do their work in that time. They might do the dirty work directly, or redirect you to another web server that will.

Probably, visiting that web site with a susceptible browser (or user) would result in the installation of malware on the visiting computer, adding it to the zombie network. In addition, they’re offering $90 to your account for participating, so they’ll obviously be asking you to give them some sort of account information where they can deposit the money — an account they’re actually be sucking dry as soon as they have access to it.

Too bad I didn’t get to it soon enough, to see for sure what the web page is trying to do.

Withhold your vote for the right reasons

The right-wing Tea Party movement has been moving along, winning the occasional primary election and getting some of their loony-bin escapees nominated as Republican party candidates here and there. One of the most touted of those is Christine O’Donnell, who just won the right to represent the Republicans in Delaware, hoping to take the U.S. Senator seat that Joe Biden vacated when he became Vice President (Ted Kaufman is currently filling it). Chris Coons will be her Democratic opponent.

Now, Ms O’Donnell is a religious fanatic with some of the most backward ideas on the planet. The list of people and organizations endorsing her should tell you enough: Sarah Palin, the National Rifle Association, the Family Research Council (you know that when someone puts family in any political organization’s name, it’s means they’re anti-Gay, against reproductive rights, against choice in end-of-life issues, against stem-cell research... and for religious liberty, which basically means that they want to tell everyone exactly what they may and may not do, in the name of God).

And that all means that no thinking person should be voting for her. Alas, a large portion of the voting populace doesn’t think.

The left, though, has surfaced some video footage from some time ago, and is using it to laugh at Ms O’Donnell. You’ve heard about them, surely: There’s the clip from MTV in 1996, after she founded a silly organization called the Savior’s Alliance for Lifting the Truth, in which she says that we should stop kids from masturbating and calls masturbation wrong, an improper, un-Godly use of our God-given sexuality. And there’s the clip from Bill Maher’s show in 1999, where she relates that, years earlier while in school, she dabbled into witchcraft and had a little midnight picnic on a satanic altar.

Sure, we can laugh at these. They’re silly and pathetic. They’re also old; the giggly young woman on those videos is not the 41-year-old candidate who’s been on the podium campaigning. Let’s make sure we’re not rejecting her because she said stupid stuff in her youth. Let’s look at where she stands now.

And where she stands now is scary. Here, for instance, is something from the MTV video, when she was 27:

The reason that you don’t tell [kids] that masturbation is the answer to AIDS, and all these other problems that come with sex outside of marriage is because again, it is not dressing [sic] the issue. [...] You’re gonna be pleasing each other, and if he already knows what pleases him, and he can please himself, then why am I in the picture?

The problem isn’t that she said that at 27, though I’d expect it more from a 17-year-old. The problem is that she stands by that now, that she still insists that the kind of purity she talked about 14 years ago is the only right way. If the answer to AIDS is to stop all sexual thoughts outside of marriage, then we’re in a lot more trouble than any of us thinks.

And here’s another one, from Bill Maher in 1998, where she says that evolution is a myth and asks Why aren’t monkeys still evolving into humans. At age 29 she should have had that sorted out, had she learned anything at all in science class. This, too, she stands by now, as do many of her evangelical fundamentalist fellows. (And this might be a good place to point out that her education isn’t very sharp: she almost graduated from Fairleigh Dickinson University, known for its business school, not it’s science curriculum. What level of education is appropriate for a U.S. Senator could, of course, be an interesting debate on its own.)

As to the witchcraft thing, who cares? It was silly stuff a long time ago. And if we blasted candidates for being juvenile and superstitious, we’d reject ones who beg an imaginary benefactor in the sky to bless their election campaigns, wouldn’t we?

Imaginary Benefactor knows, there are enough reasons not to vote for Ms O’Donnell, nor for any of her Tea-Party-endorsed colleagues. Real reasons, involving what they stand for, and what they plan to do if they get the reins of power. Never mind the old videos; they’re good entertainment, but that’s all. Let’s spend our time pointing to all the reasons that really matter.

Hike of the week: Michael Ciaiola Conservation Area

I went to the Michael Ciaiola Conservation Area, in Patterson, NY, a year and ten days ago, and posted mushroom photos from the hike. Hoping to repeat the mushroom bounty (in photos, not picking) this year, I went again at about the same time.

It’s too bad, though: for whatever reason, whether it be the temperatures during the summer or now, the rainfall, or something else, there were essentially no mushrooms at all there this time. The water level in the stream was also low, and there was no waterfall where the waterfall usually is. I did find a very few mushrooms, and I took pictures of them, but it was just an isolated mushroom here, and another there.

Instead, then, I’ll include a photo from one of the viewpoints, looking down the CT/NY border (CT is left in the photo, and NY is right). Click the photo (and the one in the upper right, of the entrance to the trail) to enlarge.

Verbing of the worst kind

Sometimes, verbing weirds language more than at other times. Dogfooding is one of those cases, perhaps the most horrific verbing I’ve yet run across, turning they’re eating their own dog food into they’re dogfooding, and even making it transitive.

It refers to a company’s use of their own products, as a way to test the product, or sometimes to promote it ("See?: We’re eating our own dog food," and then "See?: We’re dogfooding our new product.")

Some reference put it in quotes, as in this one from December 2009:

Google is dogfooding the Google Phone and has given it to employees all over the world to test it.

Sometimes, there are no quotes, as though someone might actually consider it a real word. See this use, from January 2009:

I then asked if Gdrive is something Google is dogfooding internally. He laughed and repeated nothing I can comment on there. But I could tell he wanted to.

Wikipedia has an explanation of the origin, but I don’t buy it; I’ve watched eat our own dog food evolve this way over some 35 years:

1. First it was We’re eating our own cooking. That actually made sense, because our production of the products can be held as analogous to cooking a meal. As a restaurant does, we’ll sell it to you. But, here, look: our employees eat here too!
2. That morphed into We’re eating our own food. It’s still reasonable, but it’s lost the sense of who produced the food, a sense that was strong in the original. I heard this version for some time, until the first seemed to disappear completely.
3. Initially, the variation We’re eating our own dog food, was meant to be silly, perhaps an ironic reference that implied that our products are not the best, but we’re using them anyway. I know it’s only dog food, but it’s our dog food, so we’re eating it.
4. Alas, people thought that version was funny, and it stuck, eventually pushing out its predecessors entirely. The version with dog food has long been the only one anyone ever uses.
5. Finally, we got the inevitable shortening to a single word, along with turning it into a transitive verb. People still say, We’re eating our own dog food, in general, but We’re dogfooding SuperPanda Pro, is the common form when talking about a specific product.

I’d prefer to go back to We’re eating our own cooking. But, then, you all know I’m a pedant.

Notes on home networks

I have a few notes on home networks, which notes come from recent experience with some network setup issues.

Encryption: How to secure one’s network — or whether not to — continues to be a point of debate. I favour some of the arguments for being a good citizen and leaving your network open, and then making sure your computers are secure. Still, that works best if you don’t want to communicate between computers within your network, and can just wall each one off. If you do want to have them talk to each other, it’s really quite a bit of work to make sure that hackers can’t talk to them as well, and most home users will prefer to lock up the network as an extra layer of protection.

But if you’ve been following things, you’ll know that WEP (Wired Equivalent Privacy, the first encryption scheme used on wireless ethernet) is severely broken. WPA (Wi-Fi Protected Access) replaced WEP, and WPA2 replaced that. And there are personal and enterprise versions of each of those (depending upon whether it uses pre-shared keys or 802.1x authentication), and a choice of encryption algorithms (TKIP or AES). It’s dizzying for techies, so imagine a non-techie picking up a wireless router and trying to set it up.

I recently got to add new devices to two different WPA2-Personal networks that had already been working. Unfortunately, in both cases the device was a limited-function device that didn’t have a full network-configuration interface. For example, one device, with a TV interface, auto-detected the network characteristics, knew it was a WPA network, and had me enter the passphrase by nudging an on-screen letter selector. Fun.

In the end, in both cases, the new devices failed to connect. There was clearly a mismatch between the devices and the networks with respect to the WPA flavour or key. But there was no easy way to diagnose the problem, and no way to change some of the settings on the devices anyway. If they supported only WPA and not WPA2, supported only TKIP and not AES, or screwed up the algorithm to convert the passphrase into a key, I could neither determine that nor fix it.

My solution was to take the easy route: switch the network to WEP and figure that it was good enough for a low-value home network. Sigh.

Network speed: People Marketing often makes a big point of the speed of in-home wireless networks. If you’ve looked at the boxes, you’ve seen wireless routers (more accurately, switches) go from 802.11b to 802.11b/g, and now to 802.11b/g/n.

802.11 is the IEEE standard for wireless ethernet, and that’s what we network folk always used to call it (pronounced eight oh two dot eleven) before the annoying but popular term Wi-Fi was coined. The bare version, with no letters, was the first, and has long been obsolete. 802.11a and 802.11b have been in wide use for a long time, but most home routers don’t do a (which has the advantage of faster speed and less interference, and the disadvantage of covering slightly less distance). 802.11g matches (almost) the speed of 802.11a, and the recent addition of 802.11n adds a great deal of speed, along with other new features, and doubles the range.

Because of the new features of 802.11n, it’s an important step. If you have a big house to cover, its extended range is also useful. But from the point of view of speed, let’s look at what we have: 802.11b has a maximum speed of 11 megabits per second (Mb/s),^[1] though it will slow down as the signal gets weaker (like, at the wrong end of the house). 802.11g (and a) goes up to 54 Mb/s. 802.11n will crank at up to 150 Mb/s (and there are proprietary extensions that push it higher, if all devices support those extensions).

That’s great if you want to move data around your house. If you back up your hard drive over the wireless network, you really want everything to support n, to get the maximum throughput for your backups. A backup of a lot of data that moseys along at, say, 5 Mb/s (a typical rate for a b router at the other end of the house) will take a long time.

But if what you need is to transfer a lot of stuff from the Internet, like for streaming movies and TV programs... well, typical cable download speeds are on the order of 5 Mb/s, at least ’round these parts. A 54 Mb/s or 150 Mb/s pipe from your router won’t help at all if you’ve only got a 5 Mb/s pipe from the Internet. The limiting factor on how fast you can stream movies (and play games and access web pages and download your email) is the slowest piece of the link — the 5 Mb/s connection to the Internet.

If you want to measure your connection speed, there are lots of sites that will help. Try My-Speedtest.com, for one.

Networking over power lines: If your wireless router won’t cover your whole house, you have devices that do wired ethernet but not wireless, or you need higher in-house speeds than you can get over wireless, there are devices such as this, which feed the network signal over the power lines in your house. You plug one of these adapters into a power outlet near your cable modem, and you connect the modem’s ethernet to it. You plug another adapter into a power outlet somewhere else in the house, and you connect it to some wired ethernet device (perhaps even a wireless router, allowing you to put the router in a more useful part of the house).

I wonder how well they work. Readers: have any of you used these? Any comments? (Here’s a silly late-night-TV-style ad on YouTube. Ya gotta love the bit with the guy holding the tangled ethernet cables.)

Of course, again, they’re marketing this as a high-bandwidth (200 Mb/s and 500 Mb/s, for the newer models) network adapter, allowing multiple HD video streams:

High Performance Powerline delivers gigabit-fast wired connection and is perfect for connecting HDTVs, Blu-ray™ players, DVRs and game consoles to your home network and the Internet.

As I said above, this won’t really do better than an 801.11g/n router at snagging HD streams from the Internet, unless you really have an Internet connection that goes at 200 Mb/s or more. As far as I know, there’s nothing remotely close to that for home use now, and won’t be for quite some time.

---

^[1] Remember, that’s megabits per second, not megabytes; at a rate of 11 Mb/s it will take on the order of 3 or 4 seconds to transfer my MP3 of Santana’s Oye Como Va, which is about 4 megabytes.

HDCP master key cracking

It’s managed to stay out of the general press, mostly — probably because it’s geeky, it’s hard to explain what it really means, and it’s not likely to affect anything any time soon — but the tech press has been covering the cracking of the HDCP master key. But even PC Mag got it wrong at first, having to correct their article.

To see what it does mean, it helps to back up a bit. If you have a TV made in the last few years, look at the back, where all the associated components can plug in. Especially if your TV is high-definition, you’ll have quite a mass of sockets back there.

Originally, televisions just got their signals off the air, using antennas. The only connectors on those TVs, if any, were for antenna wires. By the time cable and VCRs came along, they just plugged into the TV through the 75-ohm antenna connector, you tuned your TV to the appropriate channel (usually 3 or 4), and the signal on the wire looked to the TV just like a broadcast station. The quality was only OK, but there wasn’t any better quality available anyway, so it didn’t matter.

Eventually, TVs started to sprout other connectors, and components had outputs to match. One yellow RCA connector brought a two-wire composite video signal to the TV, and you no longer had to worry about what the tuner did on channels 3 or 4. Then we got S-Video — Super Video, quite an advance in quality at the time — which came on a four-wire cable with round 4-pin connectors.

S-Video served us through the 1980s, but in the ’90s we went to component video cables: three separate two-wire cables that brought in the red, green, and blue signals for the picture. This was the highest quality yet, and remains the best available for analogue TV.

Of course, each of those only brings in video, so two audio cables (left and right channel) are also needed. Five connectors for each component-video input can really clutter up the back of the TV. And, as I said, all that just works for analogue signals. What do we do for high-definition digital stuff?

For that, we have Digital Visual Interface (DVI), available on some TVs but largely used for computer displays, and High-Definition Multimedia Interface (HDMI). Modern televisions will have two to four HDMI inputs, so users can connect several HD components, such as cable boxes, digital video recorders, game systems, Internet streaming boxes, and Blu-ray disc players. HDMI carries audio, as well as video, so no extra audio cables are needed.

With digital data comes the ability to make perfect copies of source material. There’s no quality lost within the components or through the transmission medium, as there is with analogue data, and what comes out of the TV end of the HDMI cable is exactly the same as what was sent out of the cable provider’s office, sent by the streaming company, or burned onto the Blu-ray disc. The industry needed to prevent users from storing the stream and retaining — and distributing — perfect copies of the content.

That’s where High-bandwidth Digital Content Protection (HDCP) comes in. It’s a system that was developed by Intel, and it ensures that the digital content is encrypted during transmission and can only be decrypted by a licensed device at the other end. Further, the encryption negotiation involves assuring the sending device that the receiving device is licensed, so the data won’t even be sent in the first place if there’s a non-approved device connected. And approved devices promise not to do things the industry doesn’t want them to do.

The system is designed so that each device (not each individual device, but each model) has its own key, generated from a master key, which is used during the negotiation. If someone manages to get a rogue device licensed, or modifies a licensed device to break the rules, the Digital Content Protection company can revoke that device’s key. Other devices will, once they’ve received the revocation information, refuse to send to the compromised device.

OK, so what’s been cracked?

The crackers have, perhaps by analyzing the data from a few dozen licensed devices, generated a master key that can create device keys, allowing a device to negotiate as a licensed device, get a digital data stream that it can decrypt, and circumvent the revocation system. Intel has confirmed that this is real.

This is a big deal. But it’s not a big deal immediately, and it is limited. For one thing, it does not mean that people will be able to copy Blu-ray discs: the HDCP encryption is just dealing with the protocol between devices, and has nothing to do with how the data is encoded at the source (onto discs, or whatever). To copy the content, one has to play the disk and capture the HDMI stream.

For another thing, it’s currently impractical to do all this in software, so someone has to create a piece of hardware that uses this cracked master-key system. That’s clearly possible, and perhaps likely, but it means that we’re not going to have a couple of college students writing HDMI copying code in their dorm room.

It’s also the case that Intel knew about this weakness in the HDCP system at least as long ago as 2001 (before HDMI), when Crosby, et al wrote a paper on it, A Cryptanalysis of the High-bandwidth Digital Content Protection. From the abstract:

We describe a practical attack on the High Bandwidth Digital Content Protection (HDCP) scheme. HDCP is a proposed identity-based cryptosystem for use over the Digital Visual Interface bus, a consumer video bus used in digital VCRs, camcorders, and personal computers. Public/private key pairs are assigned to devices by a trusted authority, which possesses a master secret. If an attacker can recover 40 public/private key pairs that span the module of public keys, then the authority’s master secret can be recovered in a few seconds. With the master secret, an attacker can eavesdrop on communications between any two devices and can spoof any device, both in real time. Additionally, the attacker can produce new key pairs not on any key revocation list. Thus the attacker can completely usurp the trusted authority’s power. Furthermore, the protocol is still insecure even if all devices’ keys are signed by the central authority.

In 2001, it was theoretical, and Intel did nothing to address it. Now, it’s real, and they threaten legal action against anyone who takes advantage of it. I am not a lawyer, but they seem lacking in due diligence, don’t they?

Personally, I would like to see HDCP fall; it’s a terrible nuisance. As with many of these sorts of data-protection technologies, as with any sort of DRM system, HDCP gets in the way of legitimate, normal usage of licensed devices. It makes it difficult or impossible to interconnect multiple devices. There can be random negotiation errors that show up without warning, preventing devices from working — not great if you’ve scheduled the recording of a high-definition program on your licensed DVR while it’s connected to your licensed TV, and something goes wrong.

In general, I don’t support the use of any technology that stops people from doing legitimate things with products they’ve legitimately purchased. No copy-protection scheme has stood the test of time, and they’ve only caused problems for the legitimate users. I hope this is the beginning of the end of HDCP... not now, and not soon enough... but soon.

Fascist bullies

There’s a guy in Arizona — yeah, Arizona, that noted hotbed of anti-liberalism that fosters (I want to say festers) delightful folk like Joe Arpaio, Ev Mecham, and Russell Pearce (not to mention John McCain) — who’s having a fight with his homeowners’ association about the flag he’s chosen to fly. The association allows a handful of flags that are specifically listed in Arizona state law (in other words, they can’t stop you from flying those), but Andy McDonel is displaying a different one, the Gadsden Don’t Tread On Me flag.

They don’t like that.

Now, Mr McDonel says that his use of the flag has no connection to the Tea Party movement, which has recently adopted it. It’s a patriotic gesture, he says. It’s a historic military flag. It represents the founding fathers. It shows this nation was born out of an idea.

I don’t really care why he wants to fly it. I only care that no one has any moral right to tell him that he can’t. And, as yesterday, this is my opinion, not coming from any legal expertise (and this time legal precedent is against me). Similarly, folks who are proud of their heritage have every right to display a Union Jack or an Irish flag, a French or German or Italian one, an Israeli flag, a Palestinian flag, an Egyptian flag, or an Iranian flag, if that’s what they want to do.

The problem is that homeowners’ associations, as they currently exist in many places, should simply not be. They have turned into organizations of fascist bullies, they have no place in a country such as ours, and they should be outlawed.

Their premise looks appealing, at least to many people: folks in a community want to get together and make sure their community meets a reasonable set of standards. They want a neat community, a pretty community, a community that maintains high property values. They want to make sure people keep their lawns trimmed, don’t let their houses fall into disrepair, don’t paint their houses unattractive colours, and don’t have half-disassembled cars parked in their driveways in front of God and everybody.

The problem is that what’s an attractive colour to me might not be to your taste, there’s a difference between a two-day rebuilding of a classic Mercedes engine and half a dozen broken-down jalopies that have been sitting around for two years, and some people prefer other sorts of ground cover to grass lawns. Homeowners’ associations do not take such reasonable variations into account.

They are, in general, authoritarian and lacking in any flexibility, taking people to court for minor violations, forbidding people from making normal use of the houses and land they bought, and seizing people’s property, sometimes for just being a month or two behind on their payment of association fees.

Places without associations deal with the same issues of community standards, but it’s done by peer pressure. There are ordinances, to be sure, that address health and safety concerns, so one mayn’t throw one’s garbage on the front lawn and leave it there, and one must repair exposed electrical wires, broken glass, and the like. Beyond that, well, if one is in the habit of mowing only every two months, one will hear suggestions — sometimes gentle, sometimes less so — from the people next door and down the street. It works well enough.

Not well enough for some.

Well, hey, you say, you know the rules when you move in. Just don’t buy in such a community. As the lawyer for the Arizona HOA in the Times article says, Bottom-line, anyone considering residing in a community association should carefully review the association’s governing documents beforehand to ensure that the community is a good fit for them.

The problem is that people often have little choice in the matter. In some areas, HOAs are ubiquitous, as all new communities have had them for several decades. Where I live, I can make that choice. In other areas, that’s not true.

What’s more, people often find themselves violating things they never imagined would be a problem when they moved in. Rules change after you’re there, and unless you were right on top of it and had the time to garner a large base of support to defeat the proposal, you’re stuck with the result. In new communities, the developer often retains a controlling vote on the association board anyway, so it doesn’t matter how much support you can get.

Years ago, a friend of mine found the outside of her back fence vandalized with spray-painted graffiti... and then was told that she had only a week to paint over it, or face fines. Ah, and the paint had to be exactly colour X, purchased from the local store. Another friend with a white house and green trim found that he liked the blue trim of another house down the street. He was told that the colours were planned from house to house, and even though he wanted to use an already approved colour, that colour wasn’t assigned to his house. He would have to apply to the association board — and, here’s a surprise, pay a substantial, non-refundable application fee — and hope that they said yes to the change.

And then there are the foreclosures.

Of course, we do limit the HOAs in some ways. Much as some might want to, they may not refuse to allow blacks, Hispanics, or gays into the neighbourhood, for example. Yet, they can make everyone live their lives in the same white-bread middle-of-the-road way, under threat of losing their houses. This isn’t right.

They’re just abusive, tyrannical bullies, bent on telling everyone else what to do. They have to go.

Free speech and firing

Derek Fenton was, until recently, an employee of New Jersey Transit, responsible for some back-office stuff that kept the trains running smoothly. Until recently, because he was sacked last week. No, the trains were still running smoothly, and his sacking had nothing to do with how he did his job. He was fired for having participated, on his own time and with nothing tying him to his employer, in the burning of a Koran in lower Manhattan in protest of the planned Islamic Center there.

You all know, of course, that I think he’s a bozo for that. That said, though, does he deserve to be an unemployed bozo?

The New York Times got some folks to debate the First Amendment issue that this raises:

New Jersey Transit fired an employee last week for burning a Koran in Lower Manhattan on Sept. 11 in his off-duty hours. Whether public agencies can control or punish their employees for speech they engage in when they are not on the job has been a matter of dispute. [...] New Jersey Transit said the employee, Derek Fenton, had violated its code of ethics. Assuming he wasn’t dismissed for other reasons, should he have been fired for his action?

All but one of the contributors to the debate are legal experts, and they answer the question from a legal perspective. I, on the other hand, am looking at it from my own moral perspective, instead. As it turns out, this largely agrees with the legal one, but I can be less circumspect, and I need not seek precedent to support my views.

And my views are these:

1. You do not have free speech when it involves your job.
2. Your job gets involved when you are speaking in representation of your employer, or when what you’re doing is during your working hours.
3. You may be representing your employer by being in uniform, by identifying yourself as an employee in some other way (saying so, wearing a name badge, that sort of thing), or by being so well known that we just have to accept that you’re always representing them (Mayor Bloomberg, for example, is always representing New York City).
4. Any employer has every right to sack you if you do or say something that adversely affects your job or your ability to do it, or reflects negatively on your employer.

There seems to be a thread throughout the discussion that makes a point of New Jersey Transit’s being a government agency; I don’t see that this matters. They’re an employer, and what I said above should (remember, this isn’t a legal opinion, but a moral one) apply to any employer, equally, whether public or private.

And, so, here’s the nut of it: Mr Fenton was not on duty, was not doing this at a time when he should have been on duty, was not wearing a uniform, was not presenting himself as a New Jersey Transit worker, and was in no way or sense representing New Jersey Transit. What he did had nothing to do with his job and had no effect on his continued ability to do his job. Mr Fenton’s actions reflected badly only on Mr Fenton, and not — until the firing — on New Jersey Transit.

New Jersey Transit was absolutely wrong in sacking him. They don’t have to like his political views, but, well, I’ve worked with many people over the years with whom I disagreed politically. It’s part of being out in public, instead of holing up in a cabin in Montana. They should give him an apology, and his job back.

The only Times contributor who disagrees with that is also the only one who is not a legal expert, and who is a Muslim representative. Salam Al-Marayati, executive director of the Muslim Public Affairs Council, likens burning a Koran to burning an American flag:

Burning the American flag is also protected by the First Amendment. But I certainly would fire any of my employees who would consider flag-burning as an act of defiance. It’s not. It’s childish and immature behavior, and those who would do such a thing would be unworthy of public employment.

Childish and immature are good words to describe that sort of activity. I’d add boneheaded, moronic, and a lot of others. But grounds for termination is not one of them, and Mr Al-Marayati is just wrong. Going to sci-fi conventions dressed as a Wookie is also childish and immature behaviour, but you’d better not dismiss your employees for doing it. I would hope that if he fired his employees so frivolously, he would be in for the same difficulties that New Jersey Transit should be getting into for this one.

Interesting hacks: IPv6 addreses in UNC names

Microsoft’s Raymond Chen tells us about an interesting hack that Microsoft uses. When you’re using a disk drive over the network from Windows, you normally refer to it with what’s called a UNC name (for Uniform Naming Convention). Normally, what goes into the UNC name is the name of the computer the drive is on, so if you want to use a share called Banana on a computer called HomeSrv, you write it as \\HomeSrv\Banana. So, for example, you might copy MyFile.html into the WebFiles subdirectory this way:

copy MyFile.html \\HomeSrv\Banana\WebFiles

That uses a NetBIOS name for the computer, but it’s common to use an Internet address instead, often written as a domain name. So, maybe:

copy MyFile.html \\homesrv.example.net\Banana\WebFiles

Sometimes, you have to use a computer that doesn’t have a resolvable name, perhaps because it’s on a private network that doesn’t have name-resolution service (DNS). In that case, you have to use the numeric Internet address (IP address):

copy MyFile.html \\192.168.2.13\Banana\WebFiles

Now, 192.168.2.13 is an IPv4 address — the form of address most of us are using today. But as we switch to IPv6, we’ll be using addresses in a different form. They’re 128-bit addresses, and they’re written as eight sixteen-bit chunks, separated by colons (not dots). Like this:

copy MyFile.html \\2001:DB8:0:0:8:800:200C:417A\Banana\WebFiles

The trouble is that the colon character has a special meaning in Windows identifiers, from way back before anyone had thought of IPv6, and many programs can’t deal with something that looks like that. To help out, Microsoft registered the domain name ipv6-literal.net, and you can do this with it:

copy MyFile.html \\2001-DB8-0-0-8-800-200C-417A.ipv6-literal.net\Banana\WebFiles

That special name, 2001-DB8-0-0-8-800-200C-417A.ipv6-literal.net, will resolve to the IPv6 address 2001:DB8:0:0:8:800:200C:417A... and it might look long and ugly, but it will work in any program that supports domain names in UNC names.

The amusing part of the hack is that it doesn’t actually go out to DNS and resolve that name. Indeed, if you try it from nslookup, it will resolve to the same address that ipv6-literal.net does. If you put it in a web browser, it will do a Bing search on the address string and ipv6-literal. No, what’s interesting is that the name is specially handled by Windows, and resolved in the Windows internal name resolution scheme, without its ever going out to the Internet.

It’s the true definition of a hack, put in to make old resource-name parsers happy. And it only has to work on Windows, because Windows systems are the only ones that have that issue with the colon character.

Hike of the week: Ward Pound Ridge

The Deer Hollow Trail and the Brown trail, a nice loop on the order of five miles long. It goes gently up and down, and wanders along the Cross River for a while (hardly a river, though... barely a stream at this point). No great vistas here, but just a nice walk through the woods. As usual, click the images to enlarge.

40 years after Jimi

Johnny Allen Hendrix, was born in Seattle in 1942. Legendary psychedelic-blues/rock guitarist Jimi Hendrix died in London 40 years ago today, at the age of 27.

Maybe you liked Hendrix’s music, or maybe you thought it was just so much distorted noise. Either way, there’s no arguing that he created new ways to play an electric guitar. He used reverberation, distortion, and feedback, not as accidental or undesirable artifacts, but as part of the music he made. Wah-wah, tremolo, phasing effects, and simply striking the guitar to create crashing sounds were all part of it as well. In Jimi Hendrix's hands, an electric guitar became more than just an amplified guitar.

And, of course, it was loud. Sample his version of The Star-Spangled Banner from the close of the 1969 Woodstock weekend.

The Jimi Hendrix Experience only released three studio albums during his lifetime, in 1967 and ’68, but he recorded a lot of material and a number of records came out years after his death.

Why not sit back this afternoon, and soak in some Purple Haze, The Wind Cries Mary, Castles Made of Sand, or Electric Ladyland?

Purple haze all in my eyes
Don’t know if it’s day or night
You’ve got me blowin’, blowin’ my mind
Is it tomorrow or just the end of time?

Kindle and security

Wednesday, I talked about Amazon’s email-in service, which lets you send documents to your Kindle by email. The nicest part of it for me is the PDF conversion feature, but you can, in general, sent any personal documents you like, with or without conversion to AZW.

The way it works is this:

When you buy your Kindle, it’s automatically registered to your Amazon account, so ebooks that you buy there are pushed to the Kindle for you. You also get an email address at kindle.com (and also free.kindle.com), and documents you send there are sent on to your Kindle — free if they’re sent by WiFi, and for a small fee if they’re sent over 3G (if you want to make sure you’re not charged, you can send things only to the free.kindle.com address).

You can control who’s allowed to send stuff to your Kindle by listing the authorized email addresses at the Manage Your Kindle page, or through the settings on the Kindle itself, and the only address that’s authorized by default is the one you use for your Amazon account. Makes sense.

But here’s the thing: there’s no password or other security, other than the sender’s email address. You may or may not know this, but it’s trivial for anyone to send email using someone else’s email address. Anyone who knows my email address can guess that I might use that same address on Amazon, and the address to send to at kindle.com defaults to the left-hand side of that address. So it would not be hard for anyone to send stuff to my Kindle, whether I want them to to or not, and whether I want what they’re sending or not.

So what? If people want to send me free ebooks, why is that a problem?

It’s a problem we’re all aware of: spam. Because it’s not just ebooks that can be sent; PDFs, MS Word documents, and plain text can all be sent, as well as pictures and other images. Imagine getting a kindle-ful of advance-fee fraud scams, Viagra ads, and pornographic images. And then imagine paying for those, if you have a 3G Kindle (I don’t, so it’s all free over WiFi).

The good thing is that Amazon’s Manage Your Kindle page lets you do three things that help here:

1. set the maximum charge allowed for any one document sent to your Kindle,
2. change the email addresses that can send to your Kindle, and
3. change your Kindle’s email address.

Because I never want to accept any charges, I’ve set the maximum charge to zero. I’ve also removed the authorization for my regular email address, and authorized only an email address that no one knows. And, most importantly, I’ve changed the email address of my Kindle to something unguessable, essentially a strong password.

I recommend that everyone do the same (except perhaps for the maximum charge, if you want to be able to send things yourself that you’ll be charged for). At the least, everyone should change her Kindle’s email address to something that isn’t likely to be a target for spammers, and that means something long and relatively ugly.

I’m sure that Amazon does spam filtering on kindle.com, but we all know how much gets by the spam filters, in general. I can’t wait until Kindle spam joins email spam, Facebook spam, Twitter spam, and the rest.

New York primary election

It was very strange, after more than twenty years of voting on big, clunky machines with levers, to vote for the first time on a paper ballot this Tuesday.

Well, not the first time for me, but the first time at a regular polling place in New York. I once voted by absentee ballot because I was off at an IETF meeting on voting day. And when I lived in Maryland, we voted with a punch-card system (yes, with issues of pregnant and hanging chads, which we never thought of at the time).

But starting with Tuesday’s primary election, New York has switched from the old voting machines to paper ballots, large sheets with small circles that one fills in with a black marker. I have to trust that they work well, but who knows for sure? I suppose we trusted the old machines, and maybe that trust was ill-founded. But they were stately and venerable, and the levers made satisfying and reassuring sounds.

Now I have to wonder whether I really marked the right circle, and whether the machine counted it correctly. I have to make sure I didn’t brush the marker against the paper and make a stray mark, check that I didn’t crease the page in a funny way. Why does it feel odd? Maryland’s punch-cards didn’t give me the same feelings, yet they surely suffered from similar effects, and worse. Perhaps I’m just getting old and inflexible.

Anyway, I voted, of course; that should surprise none of my readers. The New York primary ballot was easy for the Democrats, with just two races: a choice among five for the Attorney General nominee, and one between two for Kirsten Gillebrand’s U.S. Senate seat — Ms Gillebrand was appointed to Hillary Clinton’s seat in 2009, and has to stand in a special election in November to get the final two years of that seat’s term. (Meanwhile, our other U.S. Senator, Charles Schumer, is up for re-election normally, so we’ll have the unusual situation of voting for both of our senate seats at the same time this November.)

Ms Gillebrand easily won her nomination, as everyone expected. The Attorney General contest was more hotly contested, and State Senator Eric Schneiderman — who had the endorsement of the New York Times — fairly closely edged out Nassau County District Attorney Kathleen Rice, my own choice on the ballot. To be sure, all five candidates were reasonable, and I’m perfectly happy with Mr Schneiderman.

On the Republican side, Tea Party idiot Carl Paladino beat perennial loser Rick Lazio by quite a lot to become the Republican nominee for Governor. This is probably good news for our current AG, Andrew Cuomo, who has the Democratic nomination in hand, with no opposition.

Tea Party candidates kicked out traditional Republican incumbents in a few places — the most newsworthy one was in Delaware. Either that will mean good things for the Democrats, who will sail to victory over right-wing nutjobs, or it will say some very bad things, indeed, about the state of the country, should those nuts win in November. We’ll have to see.

What’s always disturbing is the low turnout in these elections. Primary elections get low voter turnout in general, and midterm elections do as well... so the primaries in the midterms involve just a handful of voters deciding things for the entire state.

With 98% of the votes counted, as I write this, we had about 440,000 votes cast in the Republican primary and about 590,000 in the Democratic primary. Put in perspective, there are about 20,000,000 people in the state (of course, they’re not all eligible to vote, and I don’t know how many voters there are). That means that each voter made the choice for about twenty people — only five percent of the population of New York took part in deciding who might be our governor, our attorney general, and our two senators for the next four to six years.

I find that sad.

More Kindle notes

Yesterday, Dadinck made a comment that showed me a faster way to enter numbers, by using the alt key on the keyboard instead of hitting the sym key and using the tedious symbol selector. He also pointed me to a good site for Kindle tips. Thanks!

Meanwhile, I discovered that Amazon has a PDF conversion service, which will let me email PDFs to it, convert them to AZW files for the Kindle, and push them to the Kindle through WiFi (it emails them back to me, as well). The pretty formatting is lost in the process, but it retains any images, and for almost all the PDFs I want to read the result is just what I need. Having them converted to Kindle format means that I control their display as text files and the text reflows as I change the font size, so the zooming problems go away.

I also found the troves of free books, and, despite my intent not to load the device up with books, I did snag a few of the free ones — about a dozen — including such wonders as Alice’s Adventures in Wonderland and Through the Looking-Glass, and what Alice Found There, James Joyce’s Dubliners, P.G. Wodehouses’s Jeeves books, and Doyle’s Sherlock Holmes stories.

OK, maybe I’ll keep it.

Very early user experience with a Kindle

I decided to try out one of the new Kindle e-readers. Only, I’m not planning to use it for the purpose that most buyers do — purchasing and reading books. I want to use it to read academic papers, articles, and IETF documents, which I will put on the device myself. These will generally be either plain text files or PDFs, and I decided to try the Kindle because it will read those types of files.

First, I’ll note that the new device is all it’s advertised to be: it’s small, it’s light, it’s crisp and easy to read, and it’s sleek and comfortable. I imagine it’s a really great device to read books on, when you don’t want to schlep a bunch of books around.

And, yet, I’m not sure that I’m going to keep it for the use I want to put it to.

First, there’s the wireless setup. It’s very smooth for fully open networks, but I haven’t yet tried it at, say, the local Panera, where one has to click through a login screen. It does have a web browser, though (more on that later), labeled as experimental, so it might be possible to use the browser to do the click-through. But if you want to use a closed network, you ned to enter the encryption key or WPA password, and you do that from the keyboard that’s below the Kindle’s screen. You can see from the picture on the Amazon site that it’s a full alphabetic keyboard, but that it has no punctuation other than the period, and no numbers. To get numbers, punctuation, and other symbols, you have to press a sym key, and then move left/right/up/down on an on-screen selector. That makes it very tedious to enter 26 hexadecimal characters for a WEP key.

One would think that not to be a problem, because it’s just one-time setup... but my first experiments seem to indicate that the device won’t remember the encryption keys for multiple networks. I have to spend more time with that before I’m sure, but I think this is a problem.

Only, it’s not really so much of a problem, because the wireless is only for downloading books (or using the web browser), and I don’t plan to do that, at least not much. In order to put my own document files on the device I have to connect it to my computer by wire (USB), and it appears as a drive on the computer. I can copy files to and fro. That works fine.

I’ve put about a dozen PDFs and a bunch of Internet Drafts on it, and they’re all just listed on the main page. Being the organized guy that I am, I want to organize them. Happily, the Kindle supports user-created collections, and each book can belong to zero, one, or multiple collections. Great. I created a collection, looked up how to add books to the collections (you’d never guess how, but the Kindle User’s Guide, one of the books pre-loaded on the Kindle, is easy to find things in), and added a few documents to the collection.

Then I plugged the device back into the computer to see what that did. It created a JSON file in the system directory, a file called collections.json, which enumerates the collections and their contents. I could edit that file, except that the list of documents in a collection is made using document IDs; it looks like this:

"IETF Drafts@en-US":{"items":["*cd80d00889290d128d26ba714e462b4d58445416",
"*08b4be751d627dd636ad0894cef0eaa2d0dac8b1"],
"lastAccess":1284403650511}

Your guess about how to figure out the document ID for each document is as good as mine. They look like hexadecimal representations of 20 bytes, 160 bits, so they could be SHA-1 hashes. But I tried computing SHA-1 hashes of both the files and the file names (with and without the extension), and didn’t get any matches. It’s clear that it’s not going to be easy for me to organize files into collections, and I’m just going to have to use the Kindle’s user interface to do it, one document at a time. That’s very tedious, when I want to add a lot of documents to the device at once.

All right, but I can cope with that, so let’s see how it is to read the documents.

The plain text files are good — reading Internet Drafts on the Kindle works nicely. Using the smallest font size and setting the font to condensed (as opposed to regular) allows me to read the drafts with the device held vertically, and most lines come out OK. The longest lines, though, do wrap the last word to the next line, chopping things up. But most lines don’t suffer from that, so the drafts are readable. If I rotate the display (through the settings — it doesn’t automatically rotate when you turn the device), I can use the smallest regular font and not have any lines wrapped, but then I can only see 26 lines on the screen at once. Using vertical orientation is better.

PDFs don’t fare as well. I’m using two classes of PDFs: ones that I’ve created myself (by printing web pages or e-mail discussion threads, for instance) and ones that I’ve gotten from other people (downloading the papers that researchers, conferences, or journals post). In the former case, I can control the font size in the PDF itself, and make sure I create the PDF that’s nicely readable on the Kindle. Cool.

In the latter case, though, I have no control over the text size in the document, and have to use the Kindle’s features to zoom the text so I can read it. Most PDFs of academic papers are not readable at the one-page-fills-the-screen size, and need to be zoomed. And this is where things fall apart.

You don’t get to pick the zoom amount arbitrarily, but you have to choose from among a few fixed choices: fit-to-screen, 150%, 200%, 300%, and actual size. If one of those fits things nicely, either in vertical or horizontal orientation, that’s great. Most often, it doesn’t, and side-to-side scrolling is necessary to read a column of text. And we get into the other problem with PDFs:

You don’t get to scroll arbitrarily either, at least not easily. If the document is arranged in two columns (or more), it’s often possible to find a comfortable zoom size that fits the left column readably, along with a part of the right column. As you press the next page button, the Kindle scrolls down and you can read down the left column. When you’re done with that, you have to press the previous page button once or twice to get back to the top of the PDF page, and then you scroll to the right to see the right column. But it scrolls too far, and you only see the part of the right column that you couldn’t see before. You can nudge the scroll using the shift key on the keyboard and the scroll button, but that’s also hard to make work, and it gets messed up every time you page down.

Even as you page down the PDF page, things aren’t great. The device scrolls a little less than the full visible text, so that there’s some overlap, but there’s no marker to show where you were. That means you have to find your place again. What’s worse is that if you need two scrolls to get from top to bottom, there where you were spot is likely to be in a different place each time. That also doesn’t work well.

They could fix this with three changes, all of them easy:

1. Allow entry of an arbitrary zoom percentage, allow repeated zooming-in (and out) by 5% or 10% at a time, or give some other way to be more granular in selecting how much you want the PDF page zoomed.
2. Allowing the user to lock in the horizontal scrolling, so it’s not reset by vertical scrolling. Even allow the user to set the scroll and zoom characteristics of a document, and remember those characteristics for each document (as it currently remembers where in the document you were reading, and the annotations you’ve made).
3. Place visible tick marks on the left and right of the screen, showing the limits of the previous view, so it’s easier for the user to see where to start reading on this page segment.

Then there’s the web browser. They say it’s experimental for now, so maybe it’ll get better, but it suffers from the same zoom and scroll problems that PDFs do, so unless they fix that problem I’m not sure what they can do to make the browser better. It would make the Kindle a great way to follow RSS feeds (using Google Reader) and read news and blogs, if they should get the browser to work well. It would also be a very nice use of the WiFi capability. For now, though, that’s just not on.

I’m very disappointed with the handling of PDFs, and that might make me give up on the Kindle for this purpose, and send it back. But I’ll give it a bit more time before I do that, and see if I can get used to it.

IETF 78, Maastricht

The 78th IETF meeting was held at the end of July in Maastricht, Netherlands. Maastricht is an old town in the far southeast of the Netherlands, right next to Belgium; it’s just about the midpoint of a line between Brussels, Belgium, and Köln, Germany.

The meeting venue itself, the Maastricht Exhibition and Conference Center (MECC), was pretty good for the meetings. The logistics were less good in dealing with food and lodging, with us using hotels strewn all about the city, and with very limited options for lunch. The host arranged for us to use the bus system for free during the meeting days, so people could more conveniently get between their hotels and the meeting, and could get to dinner more easily. I found it nice to walk.

The customary Tuesday night social event was held along the Maas river, set up on three docked boats and on the dock itself. They had bands playing music, and they served local food and drink, with the old town area right nearby.

 

As usual, I’m keeping the detailed meeting report off the front page (unless you’re reading the RSS/Atom feed). Click here to read the detailed report.

Detailed report...

I chaired four sessions at this meeting: three working groups (DKIM, MARF, and MORG) and a BoF (ftpext2). I chair a fourth working group, VWRAP, which did not meet this time. There’s a bunch of new work in the IETF Applications Area dealing with three things:

• HTTP, and HTTP-related issues (hybi, httpstate, core, hasmat, in addition to httpbis).
• Internationalization (iri, urnbis, precis, and the recharter of eai).
• Updating of some old standards and experimental protocols (iri and urnbis fall here, too, and also ftpext2 and yam).

Details of the working groups and BoFs I attended follow.

apparea — Applications Area general session

1. The Area Directors did a brief demo of the datatracker, to remind working group chairs and participants of the capabilities. They followed with a short discussion, and a reminder that new work on the datatracker and the state machine behind it is underway.
2. BoF introduction: hasmat (HTTP application security minus authentication)
   Jeff Hodges gave the introduction:
   • Modern web apps (web 2.0, rich internet apps) have grown, become very complex, with gnarly interactions.
   • Javascript, HTML 5, secure/unsecure HTTP, redirects, etc... all leave us open to vulnerabilities and attacks (cross site scripting, man-in-the-middle, cookie theft, etc.).
   • Researchers have been developing web security things haphazardly.
   • Goal: Work closely with web applications people & web security community, generate coherence in this area.
   • Initial work done: 3 Internet Drafts.
   • Propose working group to finish those specs, develop problem statement & reqirement doc for wider space.
   • Coordinate with W3C... new web-application security working group forming there.
3. BoF introduction: urnbis (Update to URN specifications)
   Alfred Hönes gave the introduction:
   • URNs are persistent identifiers; most important application so far: libraries use URNs to identify documents, and to do archiving.
   • Libraries need clear standards. URN specification is still informational/experimental.
   • Name spaces have evolved, increased in scope; there have been modifications.
   • URN docs need to be updated for persistent identifiers (libraries) — ISBN, in particular
4. BoF introduction: ftpext2 (FTP extensions)
   I gave the introduction, as BoF chair:
   • Active work exists on ftp extensions.
   • It’s best for the protocol to coordinate these, avoid haphazardness.
   • BoF will explore interest in doing this in a working group.
5. Breakfast BoF introduction: resource discovery
   Patrik Fältström gave the introduction:
   • New DNS RR record for resource discovery, returns a URI.
   • How many ways do applications have to find necessary resources/servers/etc?
   • Each protocol shouldn’t have its own way.
   • This has been discussed on the apps-discuss mailing list; a core group is interested.
6. ADs ask for resolution of unresolved errata for Applications Area RFCs. It’s a particular issue for RFCs that are not associated with an active working group. There was a discussion about handling errata for RFCs that have been obsoleted.
7. Presentation of idnkit-2.0, an implementation of IDNA2008
   • APIs for encoding, decoding, comparison, validity check (C only; java/perl/python & doc in the works).
   • Command-line tools for all functions as well (idnconv, idncomp, idncheck).
   • Looking for feedback, bug reports, suggestions, information about other implementations.
8. Presentation of HTTP mutual authentication proposal
   • Current http authentication weak in security, functionality:
     • Basic is plain text, relies on TLS for security.
     • Digest is open to offline attack, and is not widely implemented.
     • TLS client certificates are too complex.
     • No log-off function is present.
     • Implementations block the UI with modal dialogues.
     • There’s no provision for guest users.
   • New authentication scheme proposed: mutual.
   • Mutual authentication stops phishing.
   • Dased on RFC2617, PAKE; relies on TLS for encryption.
   • Want reviews & comments.
9. Presentation of privacy preferences for email messages (Ulrich Koenig)
   • Proposed by the Independent Centre for Privacy Protection (Germany)
   • Want to tell the receiver what to do with email (don’t forward, don’t print, etc).
   • Proposed solution: include polite, standardized statement at the beginning of the message.
   • Privicons: X/=0o>
   • There had been some discussion of this before the IETF meeting, among some Applications Area regulars. There was much discussion in the room.
   • These are just advisory. Will they help? Will they do any good at all? Will people understand them? Will clients use them to show useful/understandable cues for the user? Will clients try to enforce them? Etc.
10. Presentation of name-based sockets (Javier Ubillos, Swedish Institute of Computer Science)
    • Problem: applications use gethostbyname, then use the returned IP address.
    • Problems with mobility, multi-homing, renumbering, NAT, v4/v6 interop, etc.
    • Need a surrogate address (HIP, Shim6) or socket abstraction.
    • Existing abstract sockets reuse the resolved IP address forever.
    • Need to solve this with no new indirections, no new delays (first-packet delay, 4-way handshake, ...), strong address management, backward compatibility.
    • Propose new socket API: give name, get stream; uses standard socket semantics.
    • Currently supports TCP, Shim6; adding UDP, mobility/multi-homing.
11. Presentation on deprecating unicode language tag chars: 2482 is historic (John Klensin)
    • Unicode has deprecated the capability.
    • When it’s needed, proper markup, such as content-type is better.
    • No discussion....
12. Presentation on HTTP timeouts (Martin Thomson)
    • Came out of HyBi, but that group is not chartered for this.
    • Long polling is the de facto asynchronous communication standard for the web.
    • Problem: no information is available on how long to hold a request open.
    • Propose a new HTTP header. Timeout is already used, so request-timeout.
    • Intermediate hop may reduce the timeout value.
    • Idle connections are reusable in theory, but not in practice.
13. The ADs presented a proposal for an Applications Area working group
    • Would handle things that would otherwise be individual submissions.
    • Much discussion...
    • Concerns that it only adds another layer of management, unnecessary.
    • Could reduce load on ADs, but will it?
    • Does it help or hinder broad review and gathering of consensus?

codec — Internet Wideband Audio Codec working group (charter)

The goal of this working group is to produce an audio codec that is optimized for use in interactive Internet applications, that can be widely implemented and easily distributed among application developers, service operators, and end users, and that is published as an IETF standards-track document.

1. Working group status:
   • Guidelines document: behind schedule and inactive; needs work.
   • Requirements document: behind schedule and progressing.
   • Specification document: ahead of schedule for now; good collaborative development.
2. Liaison status: ITU SG-16, 3GPP, ISO/IEC, all OK.
3. Prototype codec:
   • Koen Vos & Jean-Marc Valin are working on it.
   • Hybrid implementation.
   • Mixes aspects of kelt & silt.
   • Good initial results.

httpbis — HTTP update working group (charter)

1. Status review.
2. Review & resolution of some open issues.
3. Version 11 of the document set will be out soon.
4. Memento overview (http://mementoweb.org).

ftpext2 — FTP Extensions BoF (as chair)

The FTPEXT2 BoF met at 5:40 p.m. on Mon, 26 July 2010. There were approximately 22 attendees in the room, and four participating remotely on jabber.

1. Review of purpose and goals of BoF.
2. Review of two behave documents,^[1][2] with discussion.
   Consensus to separate alg and non-alg into two docs, released as a pair.
   Iljitsch has the action.
3. One-minute overview of hash document.^[3]
4. Note existence of other documents.
5. Call for participation...
   Authors, implementors, reviewers: 5 in the room, 4 on jabber.
   Interest in creating a working group.
   No face-to-face meetings.
   Will have relatively few participants.
   Participants do represent most of the current FTP work.
   Consensus can thus be considered valid.
6. AD uncertain about WG formation at this point.
   Participants will work on draft charter on mailing list.

---

^[1] http://tools.ietf.org/html/draft-ietf-behave-ftp64
^[2] http://tools.ietf.org/html/draft-liu-behave-ftp64
^[3] http://tools.ietf.org/html/draft-bryan-ftp-hash

fedauth — Federated Authentication Beyond the Web BoF

1. Descriptions of use cases and related work.
2. Discussion of use cases.
3. Discussion of approach: EAP over GSS, vs something else.
   Several participants don’t like GSS, don’t want to see a working group with a charter that locks GSS in.
   Pushback: If you have a concrete alternative, let us see it written down.
   Comment: Different groups can work on different things. This group wants to work with GSS. If you want something else, that’s OK, but that’s a different group.
4. Consensus that charter is basically OK.

hasmat — HTTP application security minus authentication BoF

1. Overview:
   • Vulnerabilities: cross-site request forgery, cross-site scripting, overlaying windows on browsers, clickjacking, malvertising, man-in-the-middle attacks against supposedly secure sites.
   • Uncoordinated solutions: HTTP headers, secure cookies, HTTP-only cookies, content-type.
   • Policy framework: need to set policy via configurable declaration.
   • Uncoordinated solutions require developers to get it right every time.
   • Existing drafts: strict-transport-sec, origin, media-type sniffing
   • Work in W3C: charter for web-applications security WG; cross-origin resource sharing; unified messaging policy.
   • Mozilla work -> W3C; content security policy
2. Web security
   • Honest browser isolates different sites.
   • User visits bad web sites.
   • Assume user is not infected.
   • Cookies based on (sub)domain.
   • Script and images can come from anywhere; forms can be sent to anywhere.
   • Same-origin: DOM access, XMLHttpRequest
3. Media-type sniffing
   • Only browsers that sniff appear to work, so sniffing persists.
   • But diff browsers sniff differently, with different results and security holes.
   • Solution: define standard sniffing algorithm, balancing security and compatibility.
4. Strict transport security
   • Addresses vulnerabilities with HTTP over TLS.
   • Sniff wireless (WEP/WPA).
   • Steal session cookies.
   • Compromise wireless access points.
   • Certificate error bypass...
   • ...click-through insecurity.
   • Web site bugs.

My comments: This was presented as a solution to haphazard, uncoordinated mechanisms. But then the proposed charter looks to standardize three haphazard uncoordinated mechanisms. That leaves me puzzled. The charter does talk about a broader problem statement and looking to the future, and I would like to see the charter go more in that direction.

marf — Message Abuse Reporting Framework working group (as chair) (charter)

The MARF working group met at 3:20 p.m. on Tue, 27 July 2010.

1. Review document status:
   marf-base in RFC editor queue.
   dkim-reporting under discussion; need reviews and comments.
2. Discussion of two new documents — JD Falk.
   Please comment on the docs, consider adopting (within charter).
3. Discussion of coordination with OMA SpamRep:
   Presentation of differences & pain points.
   Avoid duplication of effort, avoid divergent specs.
   XML vs email-header format is significant.
   Deployed base for ARF; end of doc schedule for OMA.
   Working group needs to consider shifting format to coordinate with OMA.

morg — Message ORGanization working group (as chair) (charter)

The MORG working group met at 5:10 p.m. on Tue, 27 July 2010.

1. Review doc status and issues:
   Problem: no reviews coming in; group needs to review docs.
   4 docs almost ready to go.^[1][2][3][4] Again, need reviews.
2. Consider message-recall,^[5] after update:
   Decision: morg may be wrong place for that; discuss on ietf-smtp list
3. Consider imap-move:^[6]
   Much interest in the idea, but there are serious implementation problems
   Decision: add experienced co-authors, include discussion of problems

---

^[1] http://tools.ietf.org/html/draft-ietf-morg-fuzzy-search
^[2] http://tools.ietf.org/html/draft-ietf-morg-list-specialuse
^[3] http://tools.ietf.org/html/draft-ietf-morg-multimailbox-search
^[4] http://tools.ietf.org/html/draft-ietf-morg-inthread
^[5] http://tools.ietf.org/html/draft-leiba-morg-message-recall
^[6] http://tools.ietf.org/html/draft-krecicki-imap-move

Service discovery discussion (breakfast BoF)

1. Harder to implement new RR in DNS.
2. What do application clients want for service discovery?
3. Part of application provisioning in general, including metadata about service.
4. Configure per user, per server, per domain... configure all services in one discovery.
5. Not end up with arbitrarily large number of these... complicates things.
6. Won’t get to one, but prefer not to strew many around.
7. DNS: right place to put pointer to these things, wrong place to put the things themselves.
8. Apple bonjour system; Stuart Cheshire gives overview, much discussion follows.
9. Discovery of context in order to proceed to discovery of services.
10. Will create mailing list to continue discussion.

core — COnstrained Restful Environments working group (charter)

1. WG status review: working group document for basis of CoAP.
2. One WG draft, but many related drafts. Lots of work.
3. Description of CoAP, some detail.
4. CoAP goes over UDP, msg/response; one-way messages.
5. Service discovery through DNS-SD.
6. Resource discovery through HTTP get /.well-known/r
7. Retrieving offered links, modeled on web discovery.
8. Long discussion on discovery.
9. Mapping/proxying between CoAP and HTTP.
10. Comment (Mark N): mappings usually incomplete, leaky abstractions. Worries.

[I left at this point, to go to vCardDAV.]

vcarddav — vCard and CardDAV working group (charter)

1. Document status:
   • mkcol, issued as RFC5689.
   • carddav, in RFC Editor queue.
   • vcardrev, in working group last call, some issues:
     • Escaping of semicolon, tab, unicode codepoint.
     • Must use PID with LANGUAGE.. maybe put the grouping into the language parameter.
   • vcardxml, in working group last call, no open issues.
   • SRV service types, CardDAV discovery... port registration/alias issue.
2. Charter discussion:
   • Current docs mostly done.
   • Leave working group open and expedite new docs.
   • draft-smarr-vcarddav-portable-contacts
   • draft-george-vcarddav-vcard-extension (needs my action)

dkim — Domain Keys Identified Mail working group (as chair) (charter)

The DKIM working group met at 1 p.m. on Wednesday, 28 July 2010. Theworking group has just rechartered, and we discussed the new charteritems and assigned tasks.

1. Advancement of DKIM spec to Draft Standard
   We clarified what’s needed for the interoperability report. Tony and Murray tested their implementations at a DKIM interoperability test in 2007. They will repeat their tests and dig up the 2007 data, and they’ll prepare a draft report. Target date: end of August.
2. Other DKIM data collection
   Murray is collecting data on deployment, verification failures, etc. JD will get data too, and Jim posted URLs with data. SM agreed to collate and organize.
3. ADSP data collection
   Jim posted some brief ADSP data; Murray can provide some counts. This item is lower priority for now, and we need more data sources.
4. mailing-lists draft
   New version just pushed out, incorporating recent comments. There are no particular issues still open. Murray will solicit more comments, and if the draft stays stable we’ll consider WGLC in September.
5. TPA label for ADSP (individual draft)
   Doug Otis presented the current state of this draft, which specifies a mechanism to deal with third-party authentication. It was revised recently, based on comments from DKIM participants. We had some discussion; the draft will continue as individual.
6. Other business
   We had a brief discussion of the appropriate home for a domain reputation protocol. The suggestion is to go to the app area, create a non-wg mailing list, and discuss there.

We’re anticipating not meeting at IETF 79 (Beijing), as most upcoming work appears not to need face-to-face time.

precis — Preparation and Comparison of Internationalized Strings working group (charter)

1. Problem statement: current version of stringprep is limited.
   • Bound to unicode 3.2.
   • Poor bidirectional script support.
   • In new version, backward compatibility is important.
   • Normalization in current profiles differs from IDNAbis.
   • Design new stringprep, similar approach to IDNAbis.
   • Discussion of problem statement (and difficulties).
   • Problem statement document adopted as working group doc.
2. Framework: replacement solution.
   • Survey existing stringprep use, analyze & propose replacement.
   • Proposal: define two classes of internationalized strings... restricted, and less restricted.
   • Satisfies 4 of 6 profiles, follows initial objectives.
   • Framework document not ready for working group yet.

sieve — Sieve Mail Filtering Language working group (charter)

1. Discussion of sieve-include, and potential implementation issues:
   • Considering multiscript as well.
   • Interaction with managesieve also needs to be documented.
   • Needs thorough review.
2. Discussion of imap-sieve:
   • Needs reviews, especially from Ned, also from others.
   • I will revise the draft to keep it from expiring, chairs will ask Ned again for review.
3. Discussion of external-lists:
   • One comment, about LDAP and comparators.
   • We don’t think the situation is a problem.
4. Discussion of sieve-regex:
   • No discussion in the room; needs comments on the mailing list.
5. Discussion of notify-presence, vacation-seconds, auto-reply:
   • No discussion in the room; all are ready for working group last call.
   • Looking for other use-case examples for auto-reply.
6. Discussion of sieve-convert:
   • Needs security considerations.
   • Issues of looping through parts.
   • Maybe change convert to a top-level action.
7. Review other charter issues:
   • Much discussion on moving Sieve base to Draft Standard.
   • I will write a test-plan Internet Draft.
   • Alexey will take it to the IESG for comment.
8. Discussion about Sieve error reporting (to end users):
   • Stephan Bosch will solicit and collect info for a possible BCP.
9. Discussion (blue sky) about using Sieve for instant messages.
10. Discussion (blue sky) about using Sieve with reputation tests.

yam — Yet Another Mail working group (charter)

The primary issue for YAM this time was what to do in light of the two-maturity-levels draft that may, if approved, abolish the distinction between Draft Standard and full Standard, since the purpose of YAM is to advance a number of Draft Standard documents to full Standard level.

1. Off-topic discussion of svg+xml media type registration.
2. Long discussion (most of meeting) about whether to continue in light of draft-housley-two-maturity-levels.
3. Call for consensus: going dormant or closing the working group?
4. Inconclusive; take the decision to the mailing list.

eai — Email Address Internationalization working group (charter)

1. Three docs (one in working group last call) need reviews and comments.
2. Few have reviewed, no substantive comments.
3. Chairs get out their figurative club, people promise to do reviews. Chair photographs raised hands.
4. Most of the remaining discussion was about one issue, brought up on the mailing list:
   • What do we say about improper addresses, of the form <ascii-string@non-ascii.string>?
   • Argument about flexibility/heuristics vs well defined behaviour.
   • Overwhelming consensus, after discussion, to say MUST reject.

Other meetings

DNS dinner discussion: In preparation for the ISOC lunchtime press event (see below), a small group invited by ISOC had a discussion of DNS and DNSSEC over dinner. We talked about our thoughts on the current state of DNS (secure and non-secure), about the challenges ahead, and about future directions with DNS and DNSSEC.

ISOC lunchtime press event: I was invited by the Internet Society to participate in a panel discussion of DNS and DNSSEC, and what it means for the trust and security of the Internet. The session was set up in light of the recent signing of the root DNS zone. The session was well attended, and there were questions from the floor, in addition to the moderated discussion.

WG chairs lunch: Adrian Farrel (Routing Area Director) gave a presentation to the working group chairs about advice for moving individual drafts into working groups. There was discussion, along with further advice from some of the working group chairs.

IESG scribing: I responded to a call by the IESG for scribes to take narrative minutes of IESG meetings, and I scribed three IESG meetings during the IETF week. I’m glad that I volunteered: it’s interesting to attend the meeting and to pay close attention to the conversation, so that I can make a best effort at taking down what everyone is saying. The narrative notes will be used by the IESG to help them keep track of the substance of the discussions, beyond what’s noted in the regular minutes. Narrative notes of the regular telechats will also be posted for public use.