One Small Voice: The Journal of Peter Saint-Andre


RFC 7525

2015-05-04

Internet security is very important to me. That's why I pushed hard last year to encrypt the XMPP network. It's also why I've been working on two specifications at the IETF that document major attacks on SSL/TLS as well as best practices for preventing those attacks on a wide range of Internet applications (websites, mobile apps, email, messaging, etc.). I'm happy to report that those best practices were published today as RFC 7525 and that before long we'll also be strengthening the use of TLS in XMPP to further enhance the security profile of the XMPP network. Is that security perfect? No, because we still need end-to-end encryption and several other improvements (indeed, our work is never over because the attacks keep getting better, too). But we're doing what we can within the confines of existing technologies to make Internet applications as secure as possible. Onward and upward!


Purposes

2015-04-17

During a conversation not long ago with my friend Sarah, she mentioned the view of author John Maxwell that you cannot be a success in life unless you know your purpose, as in the one and only reason you are here on this earth.

Wow, what a destructive idea it is to assume that you must have a single purpose in life, or else you'll never be a success! Who says you can't have multiple purposes? For example: bringing joy to your family, building excellent products or providing excellent service in your work, helping your teammates, strengthening your community, and understanding yourself and the world around you (to name just a few). Even further: perhaps being truly successful at living a deeply human life is a matter of balancing and being good at a wide range of passions and pursuits, not some having a single-minded focus on one thing to the exclusion of all others.

The misguided notions put forth by so-called gurus never cease to amaze me.


Self-Patronage

2015-03-16

A friend recently pointed me to a fascinating essay over at the Atlantic entitled The Death of the Artist — and the Birth of the Creative Entrepreneur by William Deresiewicz. After exploring the major financial models for artistic creation over the centuries (classic patronage, aristocratic independence, the never-popular starving artist, twentieth-century credentialed professionalism, and just recently a kind of hustling entrepreneurship), the author wonders if the artist as entrepreneur provides a model under which it is possible to create art that can serve as as a "vessel for our inner life" (since artists who are hustling for a living might tend more toward entertainment than deep and lasting art).

These are good questions, and they apply to more than the fine arts since they might be asked of philosophy, history, and other forms of inquiry, too. Yet I suspect that there might be more economic approaches here than the author has imagined. In particular, my financial model for the scholarly and artistic work I do is what we might call self-patronage: I strive to earn enough money from my primary career in technology that I can write and create whatever I please. I feel that acting as my own patron gives me a high degree of freedom: I don't have to worry about achieving tenure, maintaining academic respectibility, surviving the publish-or-perish treadmill, pleasing some rich benefactor, or building a large fanbase. Instead, I can take 5 or 10 years to write a book about Epicurus or Thoreau, explore fundamental truths instead of producing what some academic journal will accept for publication, spend my time on creation instead of marketing, and so on.

The only problem is time: I've been so busy in my career for the last 20 years that I haven't been able to devote as much time as I would have liked to philosophy or music. Yet I am starting to get more disciplined about carving out creative time, and I expect that will begin to bear fruit over the next 5 years or so...


Long-Term Projects

2015-02-25

People I interact with sometimes ask me how I accomplish so much. The last time I gave some thought to it, I wrote a blog post about My To-Don't List - all the things I don't spend time on.

A recent conversation with my friend and &yet teammate Adam Brault yielded another insight: the power of long-term projects.

As an example, in the last week I've had two major specifications on security and internationalization approved for publication as RFCs through the IETF. Yet the security document is something I've been laboring on for about 18 months, and the internationalization initiative started 5+ years ago when folks in the Internet community realized that our old approach (based on "stringprep") was unsustainable. Right now at the IETF I'm also pushing to finish a few other long-term efforts, including definitions for SIP-XMPP interoperability that I began probably 10 years ago.

And that's far from a record with me. I've been helping to build Jabber/XMPP (and, more broadly, open communication) technologies for over 15 years. My book The Tao of Roark was 17 years in the making. I've even written a bunch of guitar pieces and songs that have gone unrecorded for almost 30 years. (That's too long!)

What I tend to do is work on these long-term projects in parallel. At any one time I have several on the front burner and others on the back burner. For example, these days I'm spending a lot of time reading all 7000 pages of Thoreau's Journal in preparation for writing a book about his approach to the art of living; however I also continue to do a bit of research on the side into the subjects of subsequent books I have planned on Nietzsche, Aristotle, and Lao Tzu. On the music front, I'm improving my arrangements and performances of six pieces by Yes for solo electric bass, but I'm also practicing some songs by Bob Dylan and my own folk-rock compositions. And even as I finish up an ungodly number of Internet-Drafts at the IETF, I'm also starting to think seriously about some more future-oriented technology initiatives centered on real-time collaboration.

I don't know if working on so many projects in parallel over such long spans of time is the best way to accomplish a lot in life (I always hesitate to say that my way is the right way for anyone else). And it has its hazards: I could get hit by a bus tomorrow and leave all these projects unfinished. Plus it's important to complete something once in a while, if only to get things off my plate. But for me I find that long-term parallel processing is the most effective and engaging approach to getting things done. Your mileage may vary. :-)


Low Information Diet

2015-02-25

Today I had to run an errand and happened to turn on the radio at the top of the hour, so both my favorite jazz station and an AM station I listen to occasionally for baseball games had the news on. Something was happening somewhere! A terrorist attack in the Middle East, political wrangling in the District of Columbia, and other horrors - essentially the same stuff I might have heard on the radio the last time I listened a few years ago.

To what end? This is all mental junk food, designed to give me the intellectual equivalent of a sugar high so that I'll need to get dosed up again a few hours later.

Yes, I used to follow the news. Radio in the car, newspapers in print or on the computer, magazines on the plane, a few weekly TV programs. Political news, economic news, financial news, technology news. You name it, I consumed it.

Oh, I was informed, all right. Stuffed to the gills with facts and figures and opinions and perspectives. But was I happier for all that? Did I make wiser decisions? Was I a better person? Or was I just stressed out?

For the last year or two, I've been on a low information diet. You could even call me a recovering infoholic. Instead of skimming the surfaces of things that people in power think I should care about, I've been trying to dig down into the depths of what truly matters: love, friendship, community, art, science, wisdom, and the long-term projects I'm working on.

Instead of getting upset about the latest Internet security attacks, I help develop solutions. Instead of following the twists and turns of the stock market, I prefer an all-weather, low-maintenance approach called the permanent portfolio. Instead of feeling my blood boil over the skullduggery of politicians everywhere, I focus even harder on the team I work with and other communities where I can have a direct, positive influence.

It's true that you need to be somewhat aware of what's going on in the world, if only so that you can help defend what's important in your life. But I find that reading a few judiciously chosen analyses of longer-term trends tells me most of what I need to know. And, in any case, if something truly momentous happens I'll certainly hear about it. In the meantime, I'll continue to devote my time and energy to the projects and relationships that are within my span of control, and to studiously ignore everything else.


RFC 7457

2015-02-05

I'm in the midst of a big push to finish off the ~15 Internet-Drafts I have underway at the IETF, on topics such as security, internationalization, SIP-XMPP interworking, and even Uniform Resource Names (the lesser-known cousin of URLs). The first of these to be published as an RFC is a document entitled "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)", a.k.a. RFC 7457. Here I'll freely admit that Yaron Scheffer and Ralph Holz did most of the hard work, but they were gracious enough to include me as a co-author. The three of us are also close to finishing a companion document that describes how to address some of these attacks, so look for that soon!


For older entries, check the archive. To track changes, follow the feed.


Peter Saint-Andre > Journal