RFC 5105, enum.at Client Toolkit and Xerces 3

I recently got a request for help concerning the generation of ENUM Validation Tokens according to RFC 5105.

In order to check what went wrong, I had to re-install the software I used while writing that RFC. That wasn’t so easy as the upgrade from Xerces 2 to Xerces 3 made a few changes to the XML Signing module necessary:

Continue reading RFC 5105, enum.at Client Toolkit and Xerces 3

Memo to Security Conference Organizers

First of all, there are more security conferences in September and October in Europe than any sensible organization will ever want to send people to. Sorry.

Aggressive hard-sell phone calls will not help. Quite to the contrary.

And if you send email invitations, remember that you’re sending mail to security professionals. Including tracking images in the HTML version and linking to a tracked version of your conference website is considered rude in these circles.

Cut it out.

The privacy of fonts on the web

Today, heise wrote about Linotype’s offer in the “fonts for webpages” market.

If I’m not mistaken, that’s not the first commercial offering of licensing fonts for the new HTML/CSS font feature. On one hand, this a really good offer, as it allows amateur sites to use professional fonts for free and commercial, high-traffic sites can use these fonts for a reasonable price.

But one thing bugs me about these offers: In order to enforce the pay-per-pagehit business model, these services need to serve the fonts from their own servers. That means:

  • On the plus side, potentially better caching between different sites.
  • But: the font-servers implicitly track all visitors to the website using these fonts.

Given all the privacy implications that embedded ads and social media gizmos (“click here if you like this”) are starting to raise, fonts seem to be the next thing you need to be careful about if you’re conscious about the traces you leave in third-party access-logs.