An Illusory Intertwingling of Reason and Response

Tafelmusik is a look askance at life. It is a chronicle of the Dance of the Good Thing, a part in which I strive always to take. Here lie my musings, my thoughts, my beliefs, and my desires. Join me. Dance.

[ Previous 3 entries ][ Next 3 entries ]

Saturday, April 05, 2008

MicroID v0.1a for Blosxom

Mood: Geeky
Mood: Geeky

Download MicroID v0.1a

Sometimes I think my pages include more metadata than data. Ahh, well . . . at long last succumbing to the need to serve valid MicroIDs for each page of my own Blosxom installs (rather than simply for the first page), I bring you MicroID for Blosxom. MicroID will generate an arbitrary number of MicroID <meta> tags (for multiple claim emails) for your templating pleasure.

The difficulty with dynamic sites is that the MicroID contains the URL of the page signed, requiring pages to be signed on-the-fly as they're created. A precomputed MicroID for, say, the root level of a weblog, would become an invalid assertion over any other pages within.

For those of you who don't know, MicroID is a claim verification protocol allowing anyone with access to your email address to verify your ownership or control of your web pages. What it amounts to is the SHA-1 or MD5 signing of the page URL with your email address. Thus, you're able to attach your email address to pages, but only people who already know your address will be able to "read" it.

It's really no more secure in se than putting a <link rel="author" /> or any number of other semantic tags in your documents, as anyone who wants to could assert your authorship of an arbitrary document. However, it does provide a way for you to claim authorship without revealing personal details to anyone but the party you wish to convince. Thus the utility of MicroID is not in accountability (as it's too trivially forged), but in assertion of ownership.

Wednesday, February 20, 2008

On the Inanity of Funeral Procession Traffic Customs

Of what value is respect granted pro forma? Worse, of what value is respect granted out of coercion? Such respect is all the custom (still legally enforced in many southern states) of stopping or granting the right-of-way — regardless of en-route traffic signals and signs — to funeral processions out of "respect" for the dead and the mourning.

As an example, here's an excerpt from the Georgia Motor Vehicle and Traffic Code Title 40, §40-6-76:

(b) Funeral processions shall have the right of way at intersections ....

(f) The operator of a vehicle not in a funeral procession shall not attempt to pass vehicles in a funeral procession on a two-lane highway.

(g) Any person violating subsection ... (f) of this Code section shall be guilty of a misdemeanor and, upon conviction thereof, shall be punished by a fine not to exceed $100.00.

A funeral procession in Georgia needs no permit to claim the above benefits, and need not even travel with police escort (though such escort is often sought and provided). In exception to this, no other private procession for private purposes can claim the right of (b) without a parade permit and posted public notice.

Arguments from safety are generally made: applying normal right-of-way rules in the case of a procession may cause unsafe situations due to procession members attempting to follow cars ahead of them immediately through intersections. As well, one might say that procession members could be unduly inconvenienced if forced to wait for the right-of-way to fall on them in normal course. However, such arguments dissolve if not applied to all private processions.

Not all states waive the requirement for police escort like Georgia does, but the principle remains: the only reason for this singling-out of funeral processions as unique is sentimental, and sentiment has no place in law.

If you think that's sentimental, (f) is even more blatantly so. While arguments from safety for yielding the right-of-way appear secondary even to a charitable observer, a no-passing rule appears on the surface to be solely based in safety concerns. Indeed, under normal circumstances, one ought not attempt to pass more than a single vehicle at a time on a two-lane highway. However, to fully understand the law, you must consider "the custom as she is practiced"1.

While not required by law, and not even actually permitted (no minimum-speed exception is given as the right-of-way exception), general practice is for funeral processions to move at somewhere between five and twenty miles per hour, regardless of the established speed limits and minimum-speed laws governing the roadway travelled.

Georgia law states that "no person shall drive a motor vehicle at such a slow speed as to impede the normal and reasonable movement of traffic, except when reduced speed is necessary for safe operation."2 However, funeral procession leaders routinely drive half the posted speed limit (and sometimes far less), which quite objectively impedes "the normal and reasonable movement of traffic" when — again, quite objectively — not "necessary for safe operation".

Where does the sentiment in the enforcement of (f) above come in? By rights, at least the hearse driver — if not the entire procession — ought to be fined for obstruction of traffic: a definitely unsafe situation.

They're not, of course, due to sentiment: can you imagine the reelection campaign a sheriff attempting to actually enforce minimum-speed law on funeral processions would face? This turning of a blind eye to the actual agents of this unsafe situation necessitated the explicit prohibition against passing funeral processions, and in turn further elevated sentiment above reason in state law.

"But," some cry, "we're losing respect for others! We're losing respect for tradition!"

As I asked at the beginning, of what value is pro forma respect? I respect many people, all because of something: whether they're teachers, parents, friends, soldiers, or anyone else, they've all done something to warrant my respect.

Nearly anyone would say he wants to be respected, but what he truly wants is to be worthy of respect: respect garnered undeserving is empty.

Is someone inherently worthy of respect because he's dead? Are mourners inherently more respectable because they know someone who died? Of course not: to claim that would be absurd. Yet tantamount to such a claim are the cries for "respect for the dead" and "respect for the bereft".

From a discussion on the opinion section of The Chattanoogan:

... it suddenly occurred to me that I had no idea who was in that hearse being carried to the cemetery.

For all I knew, it could have been a man who beat his wife and children, an adulterer, a drunk, a drug pusher, a gang leader with all his gang buddies riding behind him, or even a murderer.

Can you imagine — and this could have happened — pulling off to the side of the road while paying your respects to those in a funeral procession and later learning that it was the funeral of Ted Bundy or Jeffrey Dahmer?

I have no problem showing respect to someone who is truly worthy of it, but I'm doing no one favours by doling out empty, unknowing respect.

The emptiness of pro forma respect would not be a reason not to stop for a funeral procession: it's simply means that "respect" is not a reason to stop. I mention it to point out what is being put forward as more important than safety: namely vain respect.

Southern funeral procession custom does not result in safer roadways: indeed, it results in unsafe situations due to unclear right-of-way and obstruction of traffic. It does not result in true respect being shown, but rather a devaluation of the concept of respect. I'm willing to be inconvenienced if objective reasons can be brought forth to demonstrate the value of my inconvenience; but an objective look reveals Southern funeral procession custom to be damaging both physically and philosophically.

1. "English as She Is Taught", from _[What Is Man? and Other Essays][3]_, by Mark Twain.

Friday, February 08, 2008

Call me ishmael.infiniteplane.com

At long last, I've decided it's time to start serving OpenID. There are enough sites permitting me to log in, comment, and otherwise use and contribute with the protocol that it'd be rather foolish of me not to have an OpenID URI. It's always seemed silly to me, though, to use OpenID — a protocol designed for decentralization — in a centralized manner, procuring an OpenID from some Supreme Arbiter of Identity, when the possibility exists for me to keep my login credentials under my own lock and key.

Enter ishmael.infiniteplane.com (what more fitting name for a server used to establish identity than "Ishmael"?) and phpMyID. phpMyID, despite its rather unfortunate cliché of a "phpMyXYZ" name, is one of the nicest little single-user OpenID scripts available. Since serving one's own OpenID generally involves either rolling one's own with a ponderous array of libraries or installing a large-scale multi-user, database-backed authentication system, I didn't begrudge it the couple of hours spent in the code tweaking.

By default, phpMyID has a couple of — while not actually flaws — less-than-ideal design decisions.

First, it uses (and recommends against changing) a hardcoded HTTP authentication realm. While in a vacuum, that's not too major a difficulty, on a web with a major OpenID component, compromising OpenID servers will become a more lucrative proposition. In the same way one ought to remove easily-queried identifiers such as META Generator tags from CMS software to reduce the likelihood of unpatched vulnerabilities being exploited due to automated identification, a realm of "phpMyID" sent in every authentication header seems to invite malicious vulnerability profiling. Luckily, while the README is ambivalent about the value of such a change, it permits it easily through a configuration variable.

As well, I've made numerous other little changes, such as:

  1. defining an optional CSS file (no reason it has to look ugly)
  2. making it work properly when called as different hostnames, so that a single installation can, via a switch on HTTP_HOST, serve multiple users each with their own identity provider (IdP) hostname.
  3. enabling selection between use of META refreshes and HTTP Refresh headers
  4. optional suppression of filename requirements in IdP URIs
  5. suppression of unnecessary information at the "front gate" for security

[ Previous 3 entries ][ Next 3 entries ]