Pushing String

As a Harry Potter fangirl of a certain (bossy) disposition, I got tagged with the nickname Hermione a couple of years ago. Hey, I can live with that, and I’ve even got the frizzy hair to match. Having now read book 6 twice through, I’m quite eager — desperate? — for book 7.

That’s all by way of explanation for why I was poking around J.K. Rowling’s site today. There, I found an interesting answer to a FAQ about the means of communication between members of the Order of the Phoenix. Passing messages safely, successfully, and confidentially is something we Muggles had to figure out properly in our physical world even before we had computers — but, naturellement, this topic put me in mind of secure end-to-end web service messaging.

Rowling’s answer harks back to information found way back in book 4, Goblet of Fire, so no spoiler warnings here. She explains:

Members of the Order use their Patronuses to communicate with each other. They are the only wizards who know how to use their spirit guardians in this way and they have been taught to do so by Dumbledore (he invented this method of communication). The Patronus is an immensely efficient messenger for several reasons: it is an anti-Dark Arts device, which makes it highly resilient to interference from Dark wizards; it is not hindered by physical barriers; each Patronus is unique and distinctive, so that there is never any doubt which Order member has sent it; nobody else can conjure another person’s Patronus, so there is no danger of false messages being passed between Order members; nothing conspicuous needs to be carried by the Order member to create a Patronus.

Let’s put this in slightly more technical terms and analogize the heck out of it, just for fun. Being naturally resistant to the Dark Arts is like using a modern ciphersuite for encryption. (I’m assuming that your Patronus is somehow instructed not to communicate with anyone besides the designated recipient so that you get confidentiality in that fashion, but I’m not sure she says that explicitly in the books.) Not being hindered by physical barriers is like allowing messages to pass end to end, traversing firewalls and different security domains with ease while retaining their integrity and confidentiality. Unique, un-forge-able Patronuses are akin to digital signing for data origin authentication, allowing detection of a false message inserted by a “wizard in the middle” (”Death Eater in the middle”?). As for needing nothing conspicuous to create your Patronus, if Rowling’s concern here was secrecy so that the sender could remain undetected as an OoP member, the closest analogue I can think of is the ability to obscure malicious traffic analysis. Alternatively, it could be like using a common off-the-shelf solution for doing your secure messaging (which is more about cost and convenience than security or secrecy — but since she referred to this as an “efficient” method, maybe that’s exactly what she meant).

All in all this works well enough that I wish I could use it in my occasional “Securing Your Web Services” talks! I should start asking for a show of hands on familiarity with the Potterverse; maybe I’d be pleasantly surprised.

p.s. I googled “Patronus web services” and “Patronus secure messaging” to see if anything came up, and got nothing directly related. I did get one interesting hit, though: a paper published by the American Bar Association called “The Patronus Technique: A Practical Proposal for Asbestos-Driven Bankruptcies”, about using special-purpose subsidiaries to distract litigious Dementors away from a larger corporate defendant. Whew. I thought I was being geeky about this.

p.p.s. Having used the phrase “we Muggles” above, I half-expect to get indignant mail from some people saying “speak for yourself”…

MORE: Kurt Cagle carries this line of thought even further in delightful fashion, even seeing a connection between Harry’s method of authentication for entering Sirius Black’s home and public key encryption. I’m gonna have to study that passage again — it’s an analogy that’s too cool not to use in a tutorial of some kind. And M. David Peterson (being far too kind and generous to me, as always) decides that the Order of the Phoenix represents object-oriented programming and must be battled! That’s a tough bet to take… Given that today is my first blogiversary (first month’s worth of stuff here), I’m especially delighted that my most recent thoughts got batted around a bit. Thanks, guys, and thanks to you all out there for “listening”.

Mele Kalikimaka me ka Hau’oli Makahiki Hou! That is, Merry Christmas and Happy New Year! Hmm, let’s see, “Happy Hanukkah” in Hawaiian probably wouldn’t change too much: Hau’oli Hanukā? Sure, let’s go with that.

Growing up in Los Angeles and then Honolulu, I delighted in the whole Santa-Claus-on-a-surfboard aesthetic of winter holidays in warm places, though I did regularly wish for snow. It was a red-letter day, every couple of years, when I could see my breath while waiting for my carpool ride to school. Snow was one huge attraction of attending college in Boston (trains and being able to drive across state lines were two others…). It was only when I bought a house with a big sloping driveway and lived in it (the house, not the driveway) for 12 years that I became extremely grumpy about the way snow can mess up your plans.

January 5, 2005: The day they came to pick up our cars for shipping cross-country

Luckily for me, in my new locale snow is rare. Not being the sort who makes recreational use of frozen precipitation in any form, I might not fully appreciate it again for years and years. A local mall has been throwing a little holiday “do” every evening with a snow machine tossing some symbolic flakes. People have been lining the streets. Amazing!

I wish all (three of :-) my readers wonderful holidays, a happy and prosperous new year — and {lots of/a dusting of/no} snow according to their preferences.

…or are there others who think it would be a good idea, just to be absolutely above-board about all this, to openly strip-search the guy looking for bruises, and if they’re found, ceremoniously transfer him from the care of American guards to that of Iraqi guards, who will surely be much kinder to him after all he’s done for them?

It’s like the weather: Everyone talks about helping and educating users when it comes to effective online security, but no one’s doing anything about it. Well, now W3C is hosting a workshop to figure out what to do. Excellent!

I think this topic is a sweet spot for W3C, given their longstanding commitment to usability and their history of XML security spec development. I also like their workshop format, since it requires each participant to have submitted a position paper (and you don’t even have to be a W3C member). Danny Weitzner asked me to be on the program committee, and I was happy to join up.

Check out the Call for Participation — the paper submission deadline is January 25, so all the really committed geeks (and you know who you are…) can be thinking about potential topics over the holidays.

Regarding the bad Santas: “A police spokesman described it as ‘fairly average behaviour’ from ‘an organised group of idiots’.”

Remember, never underestimate the power of stupid people in large groups. (That’s always been my favorite Demotivator.)

Very cool: Bob DuCharme, all-around XML smart guy and my most prolific source of weird crafting links, has started his first general-purpose blog. It’s already interesting and informative, and he says it’ll go beyond the scope of his Thinking about Linking space at O’Reilly.

Just to take the pressure off him, since he’s sure to be extra-busy now :-), here are a couple of saved-up crafting links sent to me by others:

#1: A pattern for a crocheted snowman, brought to my attention by Marc Hadley. I’ll have to check out this Roxycraft site in more detail when time allows; its slogan is “patterns that don’t suck”, and most of the crochet patterns I’ve come across truly do. (Why is it that the results of knitting usually look cool and the results of crocheting usually look dopey?)

#2: A story passed along by John Kemp about metal knitting needles and an easily frightened airline passenger. I have no idea why said passenger isn’t also afraid of sharpened pencils — or perhaps he is. Just for the record, the needles you use for cross-stitch are actually tapestry needles, and they’re pretty blunt. This means that it’s hard to break skin with them in the course of stitching, but I have no doubt that if you applied yourself to the job, they’d go right through. It wouldn’t be pretty.

Thanks, guys!

My band is playing tomorrow night, Saturday November 26, at the Montlake Ale House starting at 8:30pm. As of our second gig, I’ve been adding some keyboard-playing to the mix, mostly just simple — okay, extremely simplistic — blues piano and organ. I hadn’t played in years, but felt the urge to add a few strains at some point using the synth our drummer had lying around in our practice space, and then got the brilliant idea to add Use Me by Bill Withers to our repertoire. I had to puzzle out how to make the fantastic fat keyboard sound you find in this song; turns out that playing a harpsichord setting way down low sounds great. I actually do have a modern(ish) keyboard myself, a Yamaha Portatone PSR-530 that I bought maybe five years back to help me get reacquainted with playing, but it turns out that I needed a reason to be forced into practicing — and now I’ve got it.

This gig will be interesting, as we added enough songs to make two sets’ worth only a couple of weeks ago, and since then I’ve been on the road solid with no good way to practice! We’ve picked out some great new tunes, though, like the classic Cold Duck Time, so I’m looking forward to it. And the original Eddie Harris/Les McCann recording had them trying it out after pretty much no practice time either, so it seems only fair. (Hmm, I think that rationale would definitely count as a case of flattering ourselves.)

So stop by if you’re in Seattle tomorrow night. Oh, and don’t go looking for the Madrona Social Aid & Pleasure Club — yes, we changed our name again. This time we settled on Mudcat. The real thing is a kind of skanky catfish. It’s not a terribly original name for a band like ours but I think it will serve our purposes nicely.

Since my travel schedule is so heavy and unpredictable, I think I’d better consider investing in one of these marvels. No, seriously. I’m not kidding. (Got any alternative suggestions??)

If you can read the title (that’s “electronic data exchange” if you can’t), then you might be interested in this post by my colleague Gerry Beuchelt. He has found an online petition that German citizens can sign to encourage their government to select and use open document standards (which pretty much nets out to the OpenDocument standard).

Next week I’ll be off to Atlanta for the annual North American XML conference, and I can’t wait. Sometimes I feel like a “write-only device,” without enough time to learn new ideas from others and reflect on them. This conference is an excellent way to fill up on new ideas, discuss and morph them, and make new connections (okay, and drink beer with friends, too). I have yet to plan the sessions I’ll be attending, though I gather others have done so.

I’m speaking this year on Federated Identity Management: An Overview of Concepts and Standards; roughly what I’ll be covering is the SAML V2.0 problem space and some of its solution space, at a middling level of technical complexity. My speaking companion in this session is Yvonne Wilson, who will be sharing a Liberty Federation Deployment Case Study. I think these topics make an excellent pairing. We’re on at 2pm on Tuesday. If you need to get up to speed on privacy-enabled ways to share identity information across distributed-computing chasms, be there!

The paper I’ve written for the conference turns out to be a pretty good companion for the SAML Basics slides that I’ve already made available at the SAML group site. I’m hoping to revise both the slides and the paper once I get through the conference to make a cohesive whole. At the least, I’ll blog a link to the conference paper whenever IDEAlliance makes the proceedings public.

By the way, I hear tell that Len Bullard will be at the conference for the second time in as many years. He and I have some jamming to do; anyone else interested?

I have one of those page-a-day calendars with a new “insult from Shakespeare” on each page. (Actually, I have three of them. The others are a cross-stitch-a-day and an Atkins-tip-a-day. May I just say that I think the newer styles of these calendars that force Saturday and Sunday to share a page are a ripoff? Uh, that is, in the sense that there’s nothing to rip off when Sunday comes along.)

Today’s quote is one of those lines from Shakespeare that sounds weirdly modern:

Draw, you rogue, or I’ll so carbonado your shanks. — King Lear: 2.2.34-35

(Kent to Oswald, steward to King Lear’s evil daughter, Goneril)

As in, “he’s so not into you” or “she’s so dissing him”? I thought this was a very recent formulation, and had mildly disdained it, though I’m sure I’ve used it. I found a sub-category of this usage mentioned on a linguistics blog as “the So Not negative”, but without any history. Even the lovely Language Log seems not to have taken up this question, though it’s hard to tell when you’re trying to search on the word “so”.

There are plenty of normal uses where the degree of the “so” is designed to be proven or balanced with a “that” or “because”, as in this poem or the classic comedy bit — “My dog Buster is so lazy…” — “How lazy is he?” And if you translate the “I’ll so [verb]” formulation into “How I’ll [verb]” — like “How I’ll miss you” — the first one doesn’t seem so much like teen-speak (but maybe that’s because I’m using a verb like “miss” instead of “diss”!).

I guess I can now use it confidently, knowing that even Shakespeare sounded like a mall rat from time to time.

(By the way, there seems to be some disagreement over what “carbonado” means. My calendar defined it as cutting into strips or cubes, but some other sources I found suggested it was more like slashing or scoring the outside of the meat to make it cook faster. It makes an excellent threat either way, and “I’ll so carbonado your shanks” sounds positively piratical.)