Monday, June 05, 2006

Second day BarCamp Boston 2006

Second day of BarCampBoston started out a bit slower. Many had not come back for a second day at least not very early. May be I missed some important sessions on the bar on the night before.

  • Today I enjoyed a very energetic session about "Powerful, Pointed Presentations". In essence cater to the emotions of your audience to get both halves of the listener's brain involved. Also, the obligatory slide-show print-out should be avoided and replaced by a text document presented after the oral presentation has finished.
  • It was also time to jump into the ring and educate fellow BarCampers about Open Document Format, why the State of Massachusetts did mandate it and what the role for OpenOffice.org is in this development. Unfortunately my session was at the same time as "Newbie on Rails", which did draw the bulk of the crowd.
  • More BarCampers were interested in the topic "Solving Spam by signing messages with PGP" which I offered. I have this idea in my head for more than two years and I wanted to here what other have to say about it. I think the basic issue with spam is the ability to falsify the sender. If all (or most) e-mail is signed with PGP, then everybody can filter on that signature (which can't be falsified) and so determine if that e-mail is important to him or not. Here are some of the arguments:
    • You create your own signature, and publish the public key. Your signature becomes more trustworthy through other people signing it with their signature.
    • One also needs to be aware that by signing some else signature I do not claim this person is not a spammer. I only authenticate that he is who he says he is in the signature. All I verify is her name and her e-mail address. But this gives any recipient the ability to forcefully filter on that identity.
    • If we get to the point that most e-mail is signed and I mostly care about e-mail signed by a someone I know already, then I would blacklist all unknown senders. This can be solved by prioritizing e-mail according to the trust level of the signature and the distance between me and the closest signer of the signature to be checked.
    • One member of the audience did say that e-mail lists would brake the signature by adding their own footer, such as Yahoo. However, they can either add the footer in a mime compliant way or resign the message with their own key.
    • Another member pointed to HushMail having implemented an interesting PGP signed web-mail trust. I got to check this out soon.
    • Many agreed the key to such a system is two-fold
      • We need a wide spread filter, preferably a spamassassin filter. This filter needs to verify the signature of the e-mail and then use the trust vote in the my key-ring to apply the filter I defined.
      • The second component would be E-Mail clients, such as Thunderbird, to come integrated with PGP and the ability to create or load a PGP key with every profile one creates.
I really enjoyed this BarCamp and look forward to the next one. Mike Walsh said planning is in progress for one in fall 2006.

I want to thank Monster for hosting us and the other sponsors for making it possible. If one thing I would improve for next time, it is a better scheduling system, that is available via the net. Especially in the Monster location, where the event was spread out between three disjunct locations this would be a great plus.

No comments: