Technology Stir Fry, the blog

Now available for your normative referencing pleasure:

Young, I., Ed., Johansson, L., and S. Cantor, The Entity Category Security Assertion Markup Language (SAML) Attribute Types, RFC 8409, DOI 10.17487/RFC8409, August 2018.
See https://www.rfc-editor.org/info/rfc8409.

This has been cooking for quite a long time: the original discussions about the need for something like this go back to early 2012, and the initial specification drafts are from later in that year.

Some very early mail I have from Leif credits RENATER (the operator of the French research and education identity federation) with the original idea, but as you can see from the Acknowledgements section it has definitely been one of those “it takes a village” enterprises.

The technical content hasn’t changed very much in the last five years, but it’s wonderful to have a stable reference available for the many use cases and specifications we have already built, and continue to build, on top of the entity category concept.

A recent Internet-Draft catches my eye: Social Media (An Apology), ostensibly authored by “The Elders of the Internet” (or “Edlers”, as Appendix A has it).

As a result, we were caught unawares when the Internet became the sink for every poorly-considered argument, paranoid thought when you wake up in the dead of night, and shrieking nutjob you’d usually cross the street to avoid.

It’s really hard to argue with all this, particularly section 2.4.

It has been more than a decade since I wrote Responsible Behaviour, in which I mused about how many Wikipedia articles the man on the Clapham omnibus would need to read to understand a particular cryptography-related joke. I saw this, in part, as a proxy for whether cryptography was becoming mainstream. I ended with:

Do you agree? More interestingly, what do you think the answer will be in ten years?

The 38th meeting of the REFEDS (Research and Education FEDerations) group took place this weekend. After Matte Miettinen had summarised the state of the Shibboleth Consortium, I gave a brief presentation updating everyone on the project’s technical status. You can download a PDF copy of the slides.

My podcast application of choice is Overcast by Marco Arment. He has just released Overcast 4.2, and the announcement is notable for its enlightened approach to user privacy:

Your personal data isn’t my business — it’s a liability. I want as little as possible. I don’t even log IP addresses anymore.

If I don’t need your email address, I really don’t want it.

…

And the first time you launch 4.2, people with email-based accounts will be encouraged to migrate them to anonymous accounts:

Of course it’s not possible for all applications to operate anonymously, but the principle is important: you should collect only as much personal information as you require and no more. Anything more than this is a GDPR concern and a data breach waiting to happen.

In one of the static web site projects I have been working on, the main text is composed using Markdown but a number of common constructs are used which Markdown can’t easily express. That’s not Markdown’s fault in any sense; I’m using it well outside its originally intended scope.

Here’s how I made things a bit simpler by using a Nanoc filter as a pseudo-extension for Markdown.

I have been writing here (or on the predecessor site) since 1996. That means that at the time of writing in 2018, some of that content is over twenty years old. If your reaction to that statement is “that’s plenty of time for something to break” then your instincts are perfectly sound.

It has been a month now since I finished my Nanoc conversion work, and it’s pretty obvious from the chart below that the performance improvements I expected from converting to a static site are real, and are here to stay.

The chart is from Google’s search crawler, so it doesn’t represent real human usage, but the dramatic lowering of the access times since the beginning of February is undeniable. Previously, if you got unlucky, you might have waited more than a second for even one of my pearls of wisdom. Now the most banal observations might be available in mere milliseconds.

I’ve been using rsync to build my site as a combination of a base layer held in git plus an overlay generated using Nanoc. Here’s how.

This site is going all-HTTPS, all the time. Read on for background and details.

[2018-03-11: HSTS implemented with max-age=1800, i.e., 30 minutes.]

[2018-04-16: HSTS implemented with max-age=31536000, i.e., one year.]