Right now, I am taking a class on Air Traffic Management (ATM), which is already yielding some very concrete useful knowledge: unbeknown to me, the FAA and NOAA have a lot of very interesting tools on the web. These web sites may help you to get a better picture of your expected delay; much better than what gets announced at the airport or within the cabin, anyways.

ATCSCC

The Air Trafic Control System Command Center (ATCSCC) is responsible for mananging the entire National Airspace System (NAS). As such, they are in charge of all re-rerouting and have tons of interesting data for travelers. From their web page I can recommend:

• The overview map (by region or airport) on their home page gives you an interactive and easy to interpret view of the current air traffic situation. Clicking on the airport yields a summary of expected delays and their real reason (no more airline babble about that strange gasket that was out of order).
  
• The Operational Information System has a nice overview about what is going on in the NAS in more detail.
  
• The airport arrival demand chart tells you what the line for arrivals at the destination looks like. If there is a backup, you will fly happy holding patterns.
  
• The advisories database has all current ATCSCC advisories, including ground stop (i.e. the reasons for sitting on the tarmac for 3 hours before getting cleared for departure). Note that these advisories are not in clear text, but you need to understand the shorthand.
  

Finally, you can sign up for an airport delay email notification for the 40 busiest US airports at: http://www.fly.faa.gov/ais/jsp/register.jsp

NOAA

The National Weather Service has an aviation weather site at http://aviationweather.gov/. There are a lot of interesting services there for the avid hobby pilot or flightsimulator nerd, but the CCFP is most interesting from a airline-delay-perspective: it provides a 2h, 4h, and 6h convective pattern forcast (read: bad flying weather). This, and the turbulence charts can tell you at what segment of your trip to expect flying coffee cups (in the best case). Putting everything together, you can install the Flight Path Tool for a rich client GUI.

tags: faa aviation tools weather

Today should be "International Freedom Day", against all suppression of individual liberties, everywhere.

Working currently on an RelaxNG project, I needed to automate conversion of RNG schemas to a W3C compliant schema in NetBeans. The tool I used to perform the transform is Trang. I added this macro to the build.xml file:

All necessary libraries reside in the ./resources/tools directory. Now, in order to use this macro on a number of RNG files, I decided to use the <for> directive from ant-contrib. James Allen has good instructions on how to integrate ant-contrib within NetBeans (or arbitrary ant environments) without having to drop the ant-contrib Jar into the ant/NetBeans installation.

Here I am iterating over the ${rng-files} property that contains a comma delimited list of the RNG files you want to convert (without the .rng extension). I filled this through <pathconvert>:

Obviously, these XSDs can then be used with any other tools, such as JAXB.

This is a happy Friday afternoon rant.

I am still following the headlines for Sun (as long as that is still possible), and today I found some interesting headline: "Oracle Should Spin/Sell Sun Hardware Unit, Analyst Says". Well, interesting enough, I open the article, expecting some deep insight into what is going on. Unfortunately, the full report was not available, but the blog did mention the $23 dollar target set by the analyst, and that he would not know who might be interested in buying the Sun hardware business from Oracle.

Wow, impressive. Unless there is a lot of interesting detail in that research report (which is not available on AmTech's website), this is completely trivial: yeah, Oracle holding on to Sun's hardware business seems illogical from the outside. Good thing we have an analyst telling the world that. And Oracle will soon be at $23? I would neve have guessed that, given that they are currently at about $20, the market is pointing upward, and there is a good chance that the market will see the completion of the aquisition some time in the summer as something positive.

I think that I should consider a second career as software industry analyst: Money for nothing and the chicks for free...

Trust is one of those concepts in IdM that are hard to define or measure, yet are at the basis of most of our transactions. There are a few different ways to look at trust or capture its essence, including reputation systems, assurance frameworks, and similar solutions. At the end of the day, however, it most often comes down to this:

Basic law of trust (BLT): Alice will only trust Bob in a transaction, if the benefits outweigh the perceived risk plus her personal margin of safety.

Sometimes there are situations where we MUST trust another party (through legal requirements or lack of other options), but these can be seen as special cases.  

Now, applying the BLT, one has to manage both parts of the equation: risk (including the safety margin) and benefits. The benefits can be rather manifold, and cover all aspects of internet usage: services, purchases, personal enjoyment.

The risk on the other side can also fall into different categories: financial, reputation, legal, etc. In many cases the financial risks are most prominent: for example, when I buy some book on the internet, how can I be assured that (i) I really get the book, and (ii) my financial and personal information (shipping address) is safe and not misused. Obviously, I do have to trust the retailer and his ecosystem of partners (payment provider, shipping company, etc.) to perform the requested services to my satisfaction.

Reputation of the retailer does play a critical role: if I personally know people that had a good shopping experience at the retailer, and in addition know that there are (apparently?!) many good review by people I do not know, I am tempted to assume that the risk is not too big. At the end of the day however, it really comes down to this:

Financial trust - sue and collect: Alice will only trust Bob, if - in case something goes wrong - Alice has legal recourse and can expect Bob being able to pay sufficient damages.

I am not 100% sure if this is really at the foundation of trust in commercial transactions, but it seems to be at least one important factor. Obviously this is not a very optimistic point of view, hence the title of the blog entry.

Ok, fair enough - I give up: now on Twitter: @beuchelt. Big question: what are people using to keep up with Twitter? Right now I got the MicroBlog plugin for Pidgin, but I am not 100% sure if I like it.

When I read Larry Seltzer's piece on H.R. S 773 IS, I fell into a constant nod about the issues he raised. In addition, I have two more:

SEC. 11 (a): Lofty goals, but these seem rather obvious, since they have been at the heart of any computer security research for a rather long time.

SEC. 14: This sections empowers the Secretary of Commerce with very far reaching powers, especially since 'critical infrastructure' is so woefully underspecified.

In general, I am very unhappy with the bill's vagueness and lack of definition, especially since there are enough provisions (such as SEC. 17 - see Larry's comments) that can significantly impact the civil liberties of all U.S. persons. The intent of the bill seems honest enough, but in order for this to not backfire, a lot more work needs to go into a more robust draft.

The excellent article "Security and Data Sharing" by Mark Richard and Leslie Lebl points to a few very important ramifications that the less than ideal current data sharing situation with the E.U. brings and what the ratification of the horrible Lisbon Treaty would mean for the future of international security cooperation. The article also mentions the potential positive effects of the U.S.-E.U. MLAT framework.

What really caught my attention, though, was the authors' regard for the supposedly high European standards for data protection and privacy. They are correct in assesing that the implementation of the Privacy Directive varies within the various member countries, with countries like Spain or some of the relatively new members not paying to much attention to privacy issues at all. At the same time, Germany is portrayed as having a very high standard of privacy and PII data protection. Unfortunately, this is not at all the case:

While many middle-aged Germans do remember the strong controversy about the 1983 census (which was relatively harmless in itself) and the German surpreme court even recently emphasized a basic right to privacy protection, the implementation in the real world are a far cry from the supposed nirvana of "information self-determination".

First, it seems prudent to make a fundamental difference between the rights of the German population viz-a-viz the private sector and government. When dealing with private entities, Germans do actually enjoy a fairly high level of control over what information someone might legally store about them, how it is used, and when it has to be amended or destroyed. Reality paints a somewhat different picture, though. Over the last few months, a number of scandals have surfaced, cutting across the entire spectrum of privacy invasions: large companies have spied on their employees and customers using hidden cameras or collected and used profile data without their knowledge. Beyond that, a number of shady address collection agencies have sold millions of records including financial information. In some cases, significant sums of money were misappropriated by thieves that automatically drafted funds from bank customers through the ACH. Obviously, these criminal acts (at least those that have surfaced) are being investigated, and hopefully the judical system will be able to mediate the harm done. 

The situation with respect to government privacy intrusion is much more dire, though, and it would be fair to state that any resident in the U.S. enjoys a much higher level of government intrusion that any German ever had. For starters, every German (in fact, European) is now issued at birth an 11-digit taxpayer identification number that is unique and valid over their entire life. One might argue that the SSN is very similar in this respect, but there are two significant differences: (i) no U.S. resident is *legally required* to obtain a SSN and (ii) the FTC and the other government agencies have realized the ID-Theft threat that such an identifier poses and there is active work to limit the use of SSNs.

But the issues go far beyond unqiue identifiers: every resident of Germany is legally required to notify city hall within 30 days if they move  - either within their street or across the country. Interestingly enough, this data is readily available to any interested private company, and some 400+ towns and cities have made some nice extra cash by selling off these lists. In addition, all residents are required to own a national ID-card, which will soon contain their digital photo, fingerprint, and a practical RFID chip for easy data skimming. 

This list goes on, and includes absurd stories of mandatory public broadcast fees (which are sometimes collected from residents that have been dead for more than 400 years - but, being Germany, they do have to pay.. or at least the church where they are burried). At the end of the day, the de-facto privacy protection in Germany is not at all better than e.g. in the U.S., where at least a strong vertical and horizontal division of powers and an active community prevents a centralization that has become so typical for Europe.