if ( knowledge ) {

A place for thought, progress, and dissent.

Monday, July 17, 2006

Sign Up?

Hash: SHA1

My email box is constantly plagued by spam, phishing, and other random junk. Banks, PayPal, and other merchants have spent a lot of time educating the public on how to recognize "spoofed" emails, and not believe (or click) everything they get in their inbox.

Wouldn't it be great if I could know that email came from PayPal?

We have the tools--we have for years. Public Key Encryption (PGP, GPG, and the like), in addition to allowing for top-notch privacy also can allow for nearly-perfect sender identification.

With Encryption, I can send an email to a colleague and know that only he can open it (at Collective Idea, we do this as a matter of habit--even if we're just sending a funny link). The other side, Signing, allows for me to send an email to anyone and have them *know* that I am the only person who could possibly have sent it.

To know that the sender is who they say they are, I do need to have PGP installed, and be smart about accepting keys. If I do both of these things, I have a greater level of assurance. If I don't, I see a message that looks exactly like this one.

I'm starting to think that all web applications should sign emails without exception. Do I care if my account notice from Bascamp is real? Probably not, but I would like to know I can. I'd also like to see PGP more widely used... this could help, if only in a small way.

I'm considering adding signed messages to some apps I'm working on. Is it worth it? Would people respond well, or get confused?

Version: GnuPG v1.4.3 (Darwin)


Tuesday, July 11, 2006

Coded Message

Aaron: 200 I'm 410
Daniel: 406!
Aaron: Jodi says 405
Daniel: 200.

We're leveraging our knowledge of HTTP.

Saturday, July 08, 2006

On Rails

Some brief notes:

RailsConf was fantastic. I expect next year to be much crazier, but we'll hope it keeps its class. The current community is so bright as a collective whole.

Chicago's "L" system is really good. People who live there often don't realize how easy it is to get around the city.

Chicagoland's Metra trains are also very nice. No complaints there, though I wonder if they could add wi-fi...

I took an Amtrak train from Chicago to Washington, D.C. which arrived 7 hours late. I do love Amtrak, but they don't make it easy. We really need to make rails service more of a priority in this country.

D.C.'s Metro system is surprisingly nice. Very clean and few advertisements. July 4th found it body-to-body after the fireworks, but it could have been much worse.

The airline industry, while much quicker, is completely backwards. I should be able to pick and choose flights (find a cheap one from D.C. to chicago, then find one to Grand Rapids) but instead, am forced to pick one airline for the entire trip, limiting my options. It is ridiculous that a ticket from D.C. through Chicago to Grand Rapids is cheaper than a ticket from Chicago to Grand Rapids (on the same flight) alone.