May Contain Blueberries

the sometimes journal of Jeremy Beker


Over the next few days I am going to try to type in my experiences at the ACLU Inaugural Membership Conference. Overall it was a great experience and I would recommend in future years that people attend; Not to mention join this wonderful organization that is doing great work for all of us every day.

There is considerable information on the ACLU website about the conference and I will attempt to link to the relevant items and even some webcasts when appropriate.

Read on for my first day experiences. Tuesday, June 10th

This was travel day, in more ways than I originally expected. I had been invited to a reception being hosted by the VA ACLU chapter, so I needed to get up the hotel a day earlier than I had originally planned. I left Williamsburg around 1:30 ish and got in to DC and my hotel (the Omni Shoreham) relatively uneventfully. This trend was not to continue. The reception was occurring in Alexandria and started at 6:00 pm and, according to the directions I had, the house where it was hosted was 17 miles away. I did not want to arrive right at 6:00, so I decided to leave my hotel at 5:45, expecting that it would take me 20-30 minutes to get there. That was not to be; after getting lost I arrived at the reception at 7:00. I hate DC.

I only caught the tail end of the two speakers: Barry Steinhardt, the director of the Technology and Liberty Program (whom I was able to meet later, thankfully), and Dalia Hashad, the Arab, Muslim, and South Asian Advocate, both from the National ACLU office. Aside from that, I had a very good time. I was able to meet all of the members of the VA ACLU office and talk with them. I was slightly surprised that Kent Willis, the Executive Director of the VA ACLU had found my website and we spent some time talking about that. I spent an enjoyable time with their Legislative Director, Aimee Perron talking about many issues. She and I are both about the same age and we got along well in the subsequent days.

When describing my driving adventure to some of the assembled guests, they indicated that on my way back there was a far more efficient way to get back. In a lack of brilliance I decided to try this more efficient but undocumented way to get back to my hotel instead of the way I knew would work. Sadly it didn’t work and it took me an hour to get back to the hotel. ::sigh::



Unlike similar previous services, Apple’s has more user-friendly options. There is no subscription necessary, customers can keep the songs indefinitely, they can burn unlimited copies of the songs onto CD’s, and, as with any Apple product, get to feel as if they are giving the finger to Bill Gates and Windows every time they use it.

Need we say any more?


This is what happens when I read books that cover security. I just finished reading Bruce Schneier and Niels Ferguson’s book, Practical Cryptography and it was wonderful. It had sections that made my brain hurt (group theory, argh) but the concepts presented were very important. It made me reconsider many of the technologies I had helped to develop at 3GI (and made me realize that much we had done was purely to fool the ignorant, not provide real security). The result that often happens when I read books that make me think about security is that I realize the mistakes I make in my own security precautions. So I have been going on a small campaign to secure my credentials better.

Passwords are a hard one. According to the book (and other literature I have read) the English language provides about 2 bits of entropy per letter. This is not so good, especially when you are using an 8 character password (which is about the best anyone can remember). What this means is that you may have a nice huge 1024 bit RSA key, but if it is protected by an 8 character password, guess which is the weak point someone might try to exploit?

The alternative (on systems which support it) is to use a phrase or sentence that you come up with. It takes longer to type, but you get a much more secure system.

So I have replaced my pidly password on the high security items with 30-40 character passphrases.

At least my typing will have to improve.


                                     P
      GRADE       COURSE     HOURS   F   GRADE DATE   AUDIT       INSTRUCTOR(S)
      -----

From the NY Times:

The cities of Chicago and Seattle will be the focus of a $16 million exercise next week to test how well the federal government would deal with simultaneous attacks by terrorists using biological and radiological weapons. The exercise, said to be the largest domestic security drill ever carried out by the federal government, will be played out over five days starting on Monday and involve dozens of federal, state and local emergency-response agencies.

OK, reading that it seems like not such a bad idea. See how people react. Prepare for the unexpected, right? Then I read this (from USA Today):

Although participants have been told when and where the simulated attacks will occur, and that they involve a radiological device and biological agent, the details remain secret to allow for some elements of surprise.

What?! Exactely what element of suprise is left? They know What, When, and Where. Will they be suprised because they get jelly beans at the command center instead of donuts?

It is wonderful to know that our governement will be fully prepared the next time that the “bad guys” send us an invitation to their attack complete with full description of the items being served.


As many of you know, I have gone back and started taking classes again now that I work for the College of William and Mary. As you may also know, the professor for my class this semester is awful. My classmates and I were very expressive when we completed our course evaluations, but we had yet to experience the final exam. Below is the letter I wrote the chair of the department after turning in my exam. Enjoy.

Letter to the chair of the W&M CS department


Something good to come out of Richmond:

Governor Mark R. Warner today ceremonially signed two bills to raise the penalty to a felony for high volume unsolicited bulk e-mail, known as “spam.” The new anti-spam provisions of the Virginia Computer Crimes Act make it the toughest such law in the United States

Full Press Release


As with any skill that you do not use on a daily basis, your knowledge of the details is going to fade. This is especially true of technologies like XML that have lots of syntactical quirks that are easy to forget. This is where XML in a Nutshell comes in. Like all O’Reilly Nutshell books it does an excellent job of cramming all of the little facts needed to work with XML into a concise easy to reference book.   But, like all Nutshell books, this is not a tutorial! You need to know what you are doing with XML and why you are using XML before it will be of much help to you.

The book itself is divided into 4 sections.

First an overview is given of the basic concepts to help you brush up on the fundamentals. This covers the basics of XML formatting, entities, DTDs, namespaces and how to deal with non-US character sets.

The second section covers what the authors refer to as Narrative Centric Documents. I would better describe this as methods of using XML that relate to presentation of data. This covers XHTML (and it’s helper CSS), and XSL (and it’s helpers XSLT, XPATH, XLINKS, etc).

The third section covers using XML as a data storage format (which can then be presented using the technologies in section 2). It also covers the technology and methodologies used to access XML documents; SAX and DOM.

The forth section is a reference to all of the syntax and formatting issues that you need to know to generate valid forms of the technologies discussed.

If you need to learn XML and what it can be used for, this is probably not your book, but if you need to look up the attributes for the xsl:output tag, this is what you need.


After much procrastinating, I have finally posted some photos of our spring flowers. I hope this gets the ball rolling and I will start taking and posting more.

Photos under Spring 2003.