May 29th, 2021

blackhat

(no subject)

Such happy news: Dad's exhaustion is gone and i am not taking next week to do respite. Dad has been taking medication for tachycardia for years. Years ago, if i recall correctly, he had an adrenaline attack, and following up found he'd had an unobserved, unidentified heart attack (years before that) and he was diagnosed with tachycardia, and went on meds for it. It was astounding how stressed out in reacting to things he would be with the higher pulse rate, and how much more pleasant (patient) he could be on the meds.

In the past few years he has intentionally lost MUCH WEIGHT. (Me, yes, there's some weight i want to loose but, i dunno, i don't think i want to be skinny or thin or lithe.) Turns out the tachycardia meds are too much, and slow his heart way down, and he is now back to himself. I do wonder about emotional regulation and whether he'll be accessing his patience as well, but fingers crossed.

He's still going to have the person he's hired, B, in three days a week. And i'm trying to encourage him to budget his energy to take care of himself first and of strategic planning and let his hire take care of house cleaning etc.

--== ∞ ==--

Do you care about IETF RFC's? https://datatracker.ietf.org/doc/draft-wkumari-not-a-draft/ is a work of art.

Meanwhile the brief

Farrell, S, and H Tschofenig. “RFC-7258: Pervasive Monitoring Is an Attack.” Best Current Practice. IETF, May 2014. https://tools.ietf.org/html/rfc7258.


underscores what i came to realizes in a workshop this week. The IETF (the architects of internet protocols) and the W3C (the architects of the web, depending on the IETF work) belive the web is broken by the pervasive tracking so if they implement something that breaks stuff that has been working for 20 years to mitigate tracking, that's OK because the web is already broken.

And authentication looks like tracking.

I am tempted -- based on a respected colleague's idea raised in an argument with a couple leading browser manufacturers in a meeting leading up to the workship -- to submit an RFC to suggest a new cookie tag. Authentication space folks were frustrated when browser manufacturers made understanding the lifetime of what were called session cookies (cookies that did not have a lifetime or explicit expiration date) very hard. Well i don't want to name the flag and it really isn't in my work remit.

It won't fix RFC-7258 either, so i will leave that unless someone brings it back up.

Meanwhile, this workshop had the people involved in authenticating you -- someone with a diverse 20 year history now at Facebook, a Microsoft guru, folks who define the standards for OAuth, some SAML folks, Google authentication -- AND the browser folks -- Safari, Firefox, Chrome, Edge.

The browser folks are full in on stopping tracking, which i appreciate every moment i am not working and sometimes even while i am. For meeting the demands of getting library patrons to resources i am pretty worried ... but do see some opportunities and some costs other companies might have to bear. It's a weird swirl of emotion and ideas. I have succeeded in raising the NISO OpenURL standard to a little visibility (and the NISO folks have said they'd engage with the W3C Privacy CG to raise awareness), but i think that cross-site functions mediated by the browser are not long for this world.

Thank you greedy advertising marketing people and scammers. Between spam and pervasive monitoring, you are (part of) why we can't have a nice internet.

Of course, the problem is not just the browser. Apple's iOS policing is one thing; but who is policing all the smart devices. A colleague explained how he was using DNS in his house to block calls from his TV to tracking services, and how the software is smart enough now to know to call around the configured DNS to one like Google's 8.8.8.8.
This is also posted at https://elainegrey.dreamwidth.org/853949.html .