No Such Weblog

I've been a happy user of Movable Type 2.66 for a long time, and along with moving my personal server elsewhere, have upgraded to Movable Type 3.35. Turns out that not just is the license constraining (I thought I was within the constraints, since I only really run a single, personal blog any more), but so is the set of available features. Implement the random pointers part of this blog -- on a purely technical level -- as another blog installation (as I had done back then)? Well, go for Movable Type Enterprise, or buy the appropriate additional plugin to make it all fit together.

Being the "cheap" type who likes extensibility and the ability to play around with the software he uses, I'm now wondering what blogging platform I should choose to run on this Linux machine -- as nice as MT 3 is in terms of UI, I won't stick to it. Wordpress? b2evolution? S9Y, as =F6 recommends? Something else that I haven't heard of, yet?

A smooth migration path from Movable Type is among the most critical criteria for the choice. A decent and simple web interface to post new items and administer comments as well. Oh, and I want to be able to syndicate an external RSS feed into this blog's sidebar, seamlessly. (Now, that's so 2002, as far as feature requests go...)

Engadget reports about the next step in the AACS saga (via BoingBoing): During the time window between one cracked AACS key getting all over the place, and industry revoking that key, yet another key has been compromised.

This is not just a glimpse at the sorry state of DRM technology and deployment, but also a study in failure modes of security technology. What has been demonstrated by this particular crack is nothing less than the total collapse of the protection that AACS is supposed to deliver, because the attackers are capable (probably reproducibly) of opening a new hole while the defenders in the system are still in the process of rolling out the countermeasures to the last. We might end up living in a world in which no Blu Ray or HD-DVD disk will hit the market protected.

Meanwhile, it looks as if we're going to see the defenders engage in an exercise of whack-a-mole in which all they do is burn money, without ever achieving their protection goals. The security technology and the organizational measures surrounding it turn around to damage the defenders more than they'll ever damage the attackers.

For some more reading on the design aspects exposed in this particular DRM debacle, have a look at these links:

• Was a mistake made in the design of AACS? (Perry Metzger on the cryptography mailing list)
• AACS Decryption Code Released (first post in a series by Ed Felten)
• AACS: Modeling the Battle (another post in the same series)

(In the last one, Ed Felten tries to model an attacker with an economic incentive to break the keys, and predicts certain behaviors. It's interesting to observe how the behavior we're seeing in real life is (a) different, and (b) even more damaging to the defenders.)

Even though movies typically get butchered for showing on airplanes (and then the screen is just miserable), there's the occasional movie that grabs me.

On the latest transatlantic flight, I was lucky to watch The Painted Veil, after a novel by W. Somerset Maugham. Naomi Watts and Ed Norton play the main characters. The story is set in 1920s Southern China, where a freshly-married English couple moves from London to Shanghai. The two of them don't really love each other, she meets another man, there's adultery; he (cruelly?) threatens divorce unless she joins him on a daunting mission to a cholera-infested area where he'll help as a microbiologist and M.D., and where they may both well die.

And there, the real story begins. I'll leave it at that to not post too much of a spoiler.

It's love story, big drama, tragedy, with great music and marvelous photography to underpin it all.

Eve Maler, SAML advocate extraordinaire, has compressed the SAML and Liberty spiel down to 12 minutes. If you've always wondered what that stuff is all about, go read it!

While there are a number of gifted photographers among my colleagues, Richard Ishida (aka r12a, for being the i18n activity lead) truly stands out.

His latest stunning photography shows us Wazir Khan Mosque, and the Streets of Lahore. But also go see his collection of Bhutan photos, and the pictures he took in Hyderabad.

(To point to just a few of my favorites. The collection of photos that Richard has online is vast, and worth spending time with.)

In Presentation styles, I wrote about my first attempt at using Lessig style for a presentation.

I've done it again since -- once at the German anti-phishing symposion in Bochum (slides in German), where my point was that security technology can't really work if it ignores the constraints and possibilities of an underlying platform (and where I talked about some of the work of the Web Security Context Working Group) --, and at a panel at W3C's AC meeting in Banff, where our theme was what the failure modes are that keep security technology from getting deployed.

For that last talk, I'll admit that I was about to do a "normal" powerpoint-like presentation (but using slidy, Dave Raggett's XHTML + Javascript based presentation tool for once; authoring Lessig-style with that one is actually an uphill battle). After a while, I gave up in frustration: Turns out that, once you've done that other presentation style for a short while, you don't go back to standard powerpoints that easily. The talk actually went reasonably well.

I still expect to go back to usual powerpoint style for the next two or three talks that I'll need to prepare, though -- simply because they'll be much more like lectures in character than the recent talks have been.

I've been a firefox user for a long while, and normally stuck with the version of the browser that came with my Linux distribution of choice (currently: Fedora Core 6). Recently, however, the Firefox 1.5 builds that are distributed by Fedora seemed to suck up all the memory on my machine, and for good measure started crashing when they encountered complex web applications.

I figured I could try Firefox 2 as well, so I finally installed the thing.

Overall, I'm not noticing huge feature changes. However, some effects are worth it for me:

• The RSS feed auto-detection is now able to redirect to web based feed readers' subscription interfaces; I can subscribe to a feed in Google reader by clicking on the feed icon in the address bar. That's a huge plus.
• The tabbing UI has improved significantly. I'm finally able to manage my tabs reasonably (as opposed to just accumulating them until Firefox crashes, or until I close the window).
• The entire thing feels faster and leaner. That might be related to my previous point above about tabs, though.

Overall, I'm still amazed how a graphical UI that lets me run a terminal, a graphical web browser, an HTML editor, (recently Skype, some other instant messaging software), and an office suite seems to consistently eat all of a PC's memory, at any given point in the curve of PC and software development history.

(Off to order a memory extension. ;-)

One of the sessions at WWW 2007 that I'd really have loved to attend (but couldn't) was Mashing up the Mobile, by Paul Downey and Uros Rapajic of British Telecom.

Fortunately, their slides are now available online, and I got a quick intro to much of the content while playing booth babe at the W3C booth on another day of the conference. The work that Paul and Uros are doing essentially explores what happens when you connect mash-ups, RSS feeds, and mobile phones with each other in all kinds of ways, and then just let the ideas flow. The results are both playful and powerful.

While talking to Paul, I also learned about Twittervision, Dapper, and what happens when you feed geotagged RSS into Google Maps (try it). Good stuff!

The story of the tastelessly overloaded diamond necklace that had been allegedly ordered by Marie Antoinette (and subsequently led to a major public scandal in 1780s France) can be found at Wikipedia. Antal Szerb's version, written in 1943, however, goes far beyond just telling this particular bit of history: In his uniquely ironic tone, we get an extraordinarily vivid introduction to the institutional and social history of the highest echelons of the ancien régime, right before its fall.

Szerb brings this time to life brilliantly. Historical characters become tangible, among them Marie Antoinette, Jeanne de Saint-Rémy de Valois (impoverished descendant of the royal Valois family, and chief villain of the story), Cagliostro (about whom Szerb notes that he didn't know much less about medicine than any other physician of his time), the Cardinal Rohan (whose boundless naiveté contributed greatly to the general debacle), and finally the Count of Haga (also known as Gustav III of Sweden; his political aptitude serves as a stark contrast to the French royals' political talent). Tangible, too, the court's customs, the functions these customs had (many of them obsolete at the time), the reaction when Marie Antoinette (daughter of Empress Maria Theresia) comes in and stages a fashion rebellion -- and the ways in which the Comtesse de Saint-Rémy social engineers her way through all that.

Interesting, Szerb's observations how the court attempted to get closer to the ordinary citizens, and at the same time demystified itself, thereby maybe helping the revolution along -- a theme, incidentally, that resonates in The Queen's recent rendition of British monarchy's crisis around the death of Lady Diana. "The ancien régime didn't perish so much for its vices, but for its virtues," Szerb writes.

This book is a true treasure trove for the historically interested, but never boring or dry, but always fun, entertaining, ironic, colorful. If you know to read Hungarian or German or one of the other languages it has been translated to (I've been unable to find an English translation), go read it.

In a prior life, I've been a member of ICANN's At-Large Advisory Committee from 2003 through 2004. I was one of the folks who, back then, were seeing ALAC as an advocacy platform, and focused on the policy side of its work, pushing for what, in our judgment, were Individual Internet Users' best interests. Honestly, I can't claim a whole lot of tangible success for that, despite hard work by a number of people.

To this day, I still occasionally dangle my feet into these waters, though I've again and again promised myself not to do it again.

To say I'm disappointed by what I've seen recently would be an understatement: While I'm happy there is a number of people who, presumably, really want to move things, I'm appalled to see how discussions among both European and North American participants take on an increasingly divisive tone. There isn't much to be seen of a common goal to advocate users' interest in ICANN -- rather, a lot of fighting for table scraps (when there's more than enough work for anybody who wants to gamble some of their time on ICANN and its at-large activities!). ALAC's ICANN staff support seems most interested in staging pretty signing ceremonies and press events, one per ICANN General Meeting.

The result? Artificial and rushed time lines, premature consensus calls, and a lot of bad blood and mistrust among participants who really ought to be working together (and have been able to talk reasonably to each other before they got into fights around ICANN). Also, the ability for ICANN to pretend that there's real end user participation and representation, when there are really very few ways (if any) for ALAC to make a real difference in policy decisions -- even though the committee has some limited power to help shape ICANN's policy agenda.

Here's a Gedankenexperiment for you: Imagine ALAC was simply shut down. Would things change for the better? Or for the worse? Would we maybe see more thinking about what accountability in ICANN's processes might really mean? (And no, the sometimes surreal ombudsman doesn't provide that.) Would we see the organization really be any less sensitive to users' needs?

2007-05-21 edited to add: Relevant comment threads are in Wendy's and Patrick's blogs.

May 25 is pangalactic Towel day. In memory of the late Douglas Adams, please carry a towel around all day, and put it to some appropriate use. The flickerati also mark the day by posting photos of themselves and their towel. The tag is, obviously, towelday.

For technorati: towelday

I'll confess that, when I'm wearing my "just a user" hat, I've (mostly) made my peace with Flash -- usually, these sites tend to redner as intended, and plugin support in Firefox 2 was good enough to take care of my installation needs without me thinking much. Which means that flash sites are mostly noticeable for being annoyingly noisy (so much fun when you skype into a telephone conference), or maybe unusable -- as my bank's pretty new login form. (I'm back to paper when they make that thing mandatory for online banking customers.)

In Silly season, Mark Pilgrim gives a fine rant, and a survey of the latest attempts to rebuild the Web by breaking its core design principles. Seems like the system I use is non-mainstream enough again to simply show me those "plugin not supported" errors for a while, as a reminder that some sites use proprietary technology at their own peril.

Thanks to Microsoft and Adobe for the nice demonstration (again) of why proprietary just doesn't work on the Web!

(Found via Silverfish and Appallingo by Paul Downey.)