Travels to Egypt

As some might recall, I traveled to Egypt and Jordan over the winter holiday. My wife and I took around 4,000 photos — we’ll spare you all the details and just stick to the highlights.

Both nations were fantastic: everywhere we went the people were pleasant, the sites stunning, and the food delicious. Everywhere was steeped with history. This post is briefly about Egypt, with a soon-to-follow post about Jordan.

At the time (about a year after the January demonstrations in 2011), Cairo had a bit of reputation for being unsafe and so there was essentially no tourists anywhere there. Fortunately, Cairo was quite safe and we ran into no trouble whatsoever and got to benefit from the lack of crowds at the various attractions; unfortunately, you could tell that business was slow for a lot of tourism-dependent merchants. Outside of Cairo there was a lot more tourists — the majority of tourists in Aswan and Luxor were Russians — and business seemed to be better, though the guides said that tourism has definitely been down since the revolution.

One of the great highlights of Egypt is, of course, the Pyramids of Giza. It should go without saying, but the pyramids are really big.

Continue reading

WordPress Security: Google Authenticator

Many of the readers here are also bloggers, and quite a few use WordPress.

If you host your own WordPress installation (as opposed to hosting with wordpress.com), you may be interested in the Google Authenticator plugin for two-factor authentication.

If you have an iOS (iPod Touch or iPhone), Android, or BlackBerry device that can run the Google Authenticator app, the Google Authenticator plugin can help significantly with your site’s security. Once you link the plugin and the device, your device generates a new time-dependent numeric code at regular intervals. To log into your WordPress blog’s account you’ll need your username, password, and the numeric code generated from the mobile device application.

This way, even if an attacker manages to acquire your username and password they are unable to log into your WordPress account because they don’t have the correct code. Now an attacker needs something you know (username and password) and something you have (the mobile device that generates the code).

Update: One can also configure a static password for applications that are not able to deal with one time passwords, like desktop or iPhone WordPress clients. Very cool.

Technical Independence

The internet has contributed enormously to freedom of expression and global communications. Technical measures like encrypted VPNs have enabled people in restrictive, repressive societies to be heard by the rest of the world and access information otherwise prohibited to them.

This is fantastic, but there is one major drawback: the internet relies upon physical infrastructure. While there’s no getting around the necessity to lay cables or have wireless communications that terminate at various physical points (be they cable landing points, satellites and their ground stations, microwave towers, etc.), the issue of physical presence and legal jurisdiction for key internet infrastructure has been a concern of mine for a while.

Take, for example, the DNS root zone: due to the heirarchical structure of the Domain Name System (DNS), there needs to be a “root” from which all names are delegated. As an example consider the name of this website, www.arizonarifleman.com, this server is named “www” and is a subdomain of “arizonarifleman” which is in turn a subdomain of “com” which is in turn a subdomain of the root1.

All top-level domains like “com”, “net”, “org”, “uk”, “au”, and so on are subsets of the root. While alternative roots have come and gone over the years, the official root is the de-facto standard. To put it bluntly, the root zone is critical to the operations of the entire global internet.

Due to the US’s role in creating the modern internet, the DNS root zone is under the authority of the US Department of Commerce’s National Telecommunications and Information Administration (NTIA) who has delegated technical operations (but not ownership) of the root to IANA, operated by ICANN (a California non-profit company that evolved out of early technical management of the DNS root). The root zone is distributed by hundreds of redundant, load-balanced physical servers representing 13 logical DNS root servers (the 13 logical servers limitation is a technical limitation). These servers are located all around the world.

The DoC and NTIA have been remarkably hands-off when it comes to the actual management of the root zone and have worked to build a “firewall” between the administrative/political and technical sides of managing the DNS root.

Even so, many people (including myself) have concerns about a single country having administrative authority over such a key part of global infrastructure. The US government has recently been seizing domain names of sites accused of copyright infringement, as they claim jurisdiction over generic top-level domains like “com”, “net”, and “org” regardless of where the domains are registered or where the registrant is physically located. What would prevent the US government from turning off country-level domains like “uk”, “fr”, or “se”2 in the root? What about “ir” (Iran) or other countries that the US has various issues with?

Obviously if this happened there would be massive international outcry and a fracturing of the unified DNS system currently in place — this would likely be catastrophic to the internet.

What, then, could be done? Perhaps the authority for the root could be moved to another country? Sweden and Switzerland are both well-known for their political neutrality and freedoms, but again one runs into the problem of the authority being subject to the laws of a single nation.

Perhaps the UN? That’s been proposed as well, but there’s definitely some drawbacks: many UN members are not exactly well-known for their support of free speech and would be more likely to manipulate the DNS for their own purposes. The US, even with its myriad legal issues as of late, has some of the strongest free speech protections in the world and a history of non-interference with the root zone.

Personally, I wonder if it’d be possible to raise the technical management and authority of the root zone above that of any particular country — a technical “declaration of independence”, if you will. If the root zone could be abstracted from any particular physical or political jurisdiction, I think that be a great benefit to the world.

Of course, that would involve a change in the status quo and is unlikely to succeed. The US government has made it quite clear that they have no intention of relinquishing authority of the root zone and any organization (such as ICANN) who intends to operate the root must be physically located somewhere and thus fall under the jurisdiction of some government.

Nevertheless, it’s interesting to consider.

Update (about an hour later): The US government just seized a .com domain name registered through a Canadian registrar, owned by a Canadian, operating a legal-in-Canada online gambling site because it violated US and Maryland state laws. (They seized it by issuing a court order to Verisign, the operator of the “com” registry.) This serves to highly my concerns above.

  1. The root name is not normally seen in day-to-day lookups, but represented as a trailing dot. My domain would more properly be defined as “www.arizonarifleman.com.” — note the trailing dot after com; this is the root. []
  2. The Pirate Bay is a big target for authorities, and operates in Sweden under the “se” top level domain. []

Outside the Asylum

Since I moved out of the United States I haven’t been following American politics as much as I used to. Most of the local media here is in German, which I’m not very good at reading, and I’ve been too busy to keep up on anything other than the major headlines from US and global English-language news.

Normally I’m not very involved in politics as I find the day-to-day workings of politics to be distasteful (not to mention that having political discussions with people is usually pointless and frustrating), but I had some free time recently and was catching up on news relating to the November election.

The Democrats haven’t really changed much, and have basically remained the center-right party1 they’ve been for years. The Republicans, however, have lost their collective minds and are basically catering to the lunatic fringe. The Democrats haven’t really changed their message all that much, but the things the Republican candidates have been saying recently is downright chilling. Things really have taken a turn for the crazy recently, particularly with the Republicans. The Democrats have hardly been angels either, but Republicans at the national level have really gone off the deep end.

There has been a definite vibe of “I have to oppose $LEGISLATION, even though it may be beneficial and good, because $OTHER_PARTY suggested it!” going on in American politics, and it needs to stop. Politics should not be like supporting your favorite sports team and demonizing your favorite opponent2 — there needs to be compromise, cooperation, and consensus from everyone involved.

Similarly, there’s a strong “Not Invented Here” thing going on: if a proposal is made based on something that’s been beneficial in Canada or Europe, it’s likely that many Americans will oppose it outright without really considering the idea. Sure, not everything that works in Europe, Canada, or other places in the world will work with the United States3, there’s many ideas that make sense that simply aren’t considered. If the US is going to remain prosperous, we need to improve our country by considering good ideas regardless of the source.

While the two-party system that is firmly entrenched in US politics is unlikely to go away anytime soon4 , this hyper-partisianship is damaging and destructive.

I recognize that politicians aren’t experts on all subjects (and that in general, experts on a particular subject would make terrible politicians), but wouldn’t it be better for everyone if politicians would consult experts before proposing legislation? It’s not necessary for someone to be an expert mechanic to operate a car, but having some basic operational knowledge about the subject (how to change a tire, knowing that it’s necessary to have the car serviced at regular intervals, etc.) is useful, as is having an expert that one can ask if one has car troubles.

Politicians shouldn’t need to be expert mathematicians, but it’s not ok for legislators to not know basic math. Similarly, I don’t expect politicians to be experts on internet infrastructure, but being proudly ignorant of how the internet works and actively shunning experts because their factual statements disagree with your ideology (or that of those who are making “campaign contributions”) is not ok.

Letting ideology and ego (not to mention corruption) get in the way of facts and good policy is terrible. Doing otherwise is an invitation to disaster.

  1. For decades they’ve been “center-right” on a global scale. []
  2. My wife is a die-hard Boston Red Socks fan, and loathes the New York Yankees with the burning passion of a thousand desert suns. []
  3. For example, high-speed intercity trains make a lot of sense in smaller, more densely populated European countries and in the Northeastern Corridor of the US, but are impractically slow for transcontinental passenger traffic in North America due to the great distances involved. []
  4. Though it might be interesting if the US had a more “parliamentary-style” style of government, where the legislature is composed of many parties based on the percentage of votes and several parties need to form alliances to advance mutually agreeable causes, rather than just two parties where the “first past the post” wins. []
Private