Categories
System Administration

RFC 5105, enum.at Client Toolkit and Xerces 3

I recently got a request for help concerning the generation of ENUM Validation Tokens according to RFC 5105.

In order to check what went wrong, I had to re-install the software I used while writing that RFC. That wasn’t so easy as the upgrade from Xerces 2 to Xerces 3 made a few changes to the XML Signing module necessary:

Categories
CERT

Memo to Security Conference Organizers

First of all, there are more security conferences in September and October in Europe than any sensible organization will ever want to send people to. Sorry.

Aggressive hard-sell phone calls will not help. Quite to the contrary.

And if you send email invitations, remember that you’re sending mail to security professionals. Including tracking images in the HTML version and linking to a tracked version of your conference website is considered rude in these circles.

Cut it out.

Categories
Pet Peeves

Windows 7 Sync Center

I’ve already written about the broken list of available updates in Windows 7. Today I spotted something similar:

Windows supports keeping a copy of a remote directory on the local computer and syncing back offline changes. Today I got confronted with the following dialog:

Okay, I press “Sync” and get:

Conflicts? Show me:

What gives?

Categories
Internet

The privacy of fonts on the web

Today, heise wrote about Linotype’s offer in the “fonts for webpages” market.

If I’m not mistaken, that’s not the first commercial offering of licensing fonts for the new HTML/CSS font feature. On one hand, this a really good offer, as it allows amateur sites to use professional fonts for free and commercial, high-traffic sites can use these fonts for a reasonable price.

But one thing bugs me about these offers: In order to enforce the pay-per-pagehit business model, these services need to serve the fonts from their own servers. That means:

  • On the plus side, potentially better caching between different sites.
  • But: the font-servers implicitly track all visitors to the website using these fonts.

Given all the privacy implications that embedded ads and social media gizmos (“click here if you like this”) are starting to raise, fonts seem to be the next thing you need to be careful about if you’re conscious about the traces you leave in third-party access-logs.

Categories
System Administration

mod_epp 1.7 released

I’ve just uploaded mod_epp 1.7 to sourceforge.net.

Thanks to CentralNIC for funding the debugging effort.

(And no, there will no picture of me with a brown paper bag over my head on this blog. But yes, that bug was stupid.)