Pushing String

As a Harry Potter fangirl of a certain (bossy) disposition, I got tagged with the nickname Hermione a couple of years ago. Hey, I can live with that, and I’ve even got the frizzy hair to match. Having now read book 6 twice through, I’m quite eager — desperate? — for book 7.

That’s all by way of explanation for why I was poking around J.K. Rowling’s site today. There, I found an interesting answer to a FAQ about the means of communication between members of the Order of the Phoenix. Passing messages safely, successfully, and confidentially is something we Muggles had to figure out properly in our physical world even before we had computers — but, naturellement, this topic put me in mind of secure end-to-end web service messaging.

Rowling’s answer harks back to information found way back in book 4, Goblet of Fire, so no spoiler warnings here. She explains:

Members of the Order use their Patronuses to communicate with each other. They are the only wizards who know how to use their spirit guardians in this way and they have been taught to do so by Dumbledore (he invented this method of communication). The Patronus is an immensely efficient messenger for several reasons: it is an anti-Dark Arts device, which makes it highly resilient to interference from Dark wizards; it is not hindered by physical barriers; each Patronus is unique and distinctive, so that there is never any doubt which Order member has sent it; nobody else can conjure another person’s Patronus, so there is no danger of false messages being passed between Order members; nothing conspicuous needs to be carried by the Order member to create a Patronus.

Let’s put this in slightly more technical terms and analogize the heck out of it, just for fun. Being naturally resistant to the Dark Arts is like using a modern ciphersuite for encryption. (I’m assuming that your Patronus is somehow instructed not to communicate with anyone besides the designated recipient so that you get confidentiality in that fashion, but I’m not sure she says that explicitly in the books.) Not being hindered by physical barriers is like allowing messages to pass end to end, traversing firewalls and different security domains with ease while retaining their integrity and confidentiality. Unique, un-forge-able Patronuses are akin to digital signing for data origin authentication, allowing detection of a false message inserted by a “wizard in the middle” (”Death Eater in the middle”?). As for needing nothing conspicuous to create your Patronus, if Rowling’s concern here was secrecy so that the sender could remain undetected as an OoP member, the closest analogue I can think of is the ability to obscure malicious traffic analysis. Alternatively, it could be like using a common off-the-shelf solution for doing your secure messaging (which is more about cost and convenience than security or secrecy — but since she referred to this as an “efficient” method, maybe that’s exactly what she meant).

All in all this works well enough that I wish I could use it in my occasional “Securing Your Web Services” talks! I should start asking for a show of hands on familiarity with the Potterverse; maybe I’d be pleasantly surprised.

p.s. I googled “Patronus web services” and “Patronus secure messaging” to see if anything came up, and got nothing directly related. I did get one interesting hit, though: a paper published by the American Bar Association called “The Patronus Technique: A Practical Proposal for Asbestos-Driven Bankruptcies”, about using special-purpose subsidiaries to distract litigious Dementors away from a larger corporate defendant. Whew. I thought I was being geeky about this.

p.p.s. Having used the phrase “we Muggles” above, I half-expect to get indignant mail from some people saying “speak for yourself”…

MORE: Kurt Cagle carries this line of thought even further in delightful fashion, even seeing a connection between Harry’s method of authentication for entering Sirius Black’s home and public key encryption. I’m gonna have to study that passage again — it’s an analogy that’s too cool not to use in a tutorial of some kind. And M. David Peterson (being far too kind and generous to me, as always) decides that the Order of the Phoenix represents object-oriented programming and must be battled! That’s a tough bet to take… Given that today is my first blogiversary (first month’s worth of stuff here), I’m especially delighted that my most recent thoughts got batted around a bit. Thanks, guys, and thanks to you all out there for “listening”.

Mele Kalikimaka me ka Hau’oli Makahiki Hou! That is, Merry Christmas and Happy New Year! Hmm, let’s see, “Happy Hanukkah” in Hawaiian probably wouldn’t change too much: Hau’oli Hanukā? Sure, let’s go with that.

Growing up in Los Angeles and then Honolulu, I delighted in the whole Santa-Claus-on-a-surfboard aesthetic of winter holidays in warm places, though I did regularly wish for snow. It was a red-letter day, every couple of years, when I could see my breath while waiting for my carpool ride to school. Snow was one huge attraction of attending college in Boston (trains and being able to drive across state lines were two others…). It was only when I bought a house with a big sloping driveway and lived in it (the house, not the driveway) for 12 years that I became extremely grumpy about the way snow can mess up your plans.

January 5, 2005: The day they came to pick up our cars for shipping cross-country

Luckily for me, in my new locale snow is rare. Not being the sort who makes recreational use of frozen precipitation in any form, I might not fully appreciate it again for years and years. A local mall has been throwing a little holiday “do” every evening with a snow machine tossing some symbolic flakes. People have been lining the streets. Amazing!

I wish all (three of :-) my readers wonderful holidays, a happy and prosperous new year — and {lots of/a dusting of/no} snow according to their preferences.

…or are there others who think it would be a good idea, just to be absolutely above-board about all this, to openly strip-search the guy looking for bruises, and if they’re found, ceremoniously transfer him from the care of American guards to that of Iraqi guards, who will surely be much kinder to him after all he’s done for them?

It’s like the weather: Everyone talks about helping and educating users when it comes to effective online security, but no one’s doing anything about it. Well, now W3C is hosting a workshop to figure out what to do. Excellent!

I think this topic is a sweet spot for W3C, given their longstanding commitment to usability and their history of XML security spec development. I also like their workshop format, since it requires each participant to have submitted a position paper (and you don’t even have to be a W3C member). Danny Weitzner asked me to be on the program committee, and I was happy to join up.

Check out the Call for Participation — the paper submission deadline is January 25, so all the really committed geeks (and you know who you are…) can be thinking about potential topics over the holidays.

Regarding the bad Santas: “A police spokesman described it as ‘fairly average behaviour’ from ‘an organised group of idiots’.”

Remember, never underestimate the power of stupid people in large groups. (That’s always been my favorite Demotivator.)

Very cool: Bob DuCharme, all-around XML smart guy and my most prolific source of weird crafting links, has started his first general-purpose blog. It’s already interesting and informative, and he says it’ll go beyond the scope of his Thinking about Linking space at O’Reilly.

Just to take the pressure off him, since he’s sure to be extra-busy now :-), here are a couple of saved-up crafting links sent to me by others:

#1: A pattern for a crocheted snowman, brought to my attention by Marc Hadley. I’ll have to check out this Roxycraft site in more detail when time allows; its slogan is “patterns that don’t suck”, and most of the crochet patterns I’ve come across truly do. (Why is it that the results of knitting usually look cool and the results of crocheting usually look dopey?)

#2: A story passed along by John Kemp about metal knitting needles and an easily frightened airline passenger. I have no idea why said passenger isn’t also afraid of sharpened pencils — or perhaps he is. Just for the record, the needles you use for cross-stitch are actually tapestry needles, and they’re pretty blunt. This means that it’s hard to break skin with them in the course of stitching, but I have no doubt that if you applied yourself to the job, they’d go right through. It wouldn’t be pretty.

Thanks, guys!