Friday, July 29, 2005
Darth CISCO
As everybody may have noticed, I had a relaxing 3 weeks vacation, just monitoring some spam-lists such as IETF enum, etc and TISPAN to get prepared for next weeks IETF in Paris. I have not read much other blogs in the meantime, so maybe the issue is know anyway. This is also a bit off-topic, but still somehow connected to VoIP and ENUM:
Working for an incumbent telco I am used that my company is regarded as evil empire by some alternative mo.. ah providers, and also every genuine net head considers Microsoft as such, but as some say, there is nothing such a bad press. So some people Cisco may have got the idea to compete also in this regard:
So Cisco started to harras a security researcher:
Bruce Schneier is writing on his blog about a very interesting incident:
"I've also written about how security companies treat vulnerabilities as public-relations problems first and technical problems second. This week at BlackHat, security researcher Michael Lynn and Cisco demonstrated both points.
Lynn was going to present security flaws in Cisco's IOS, and Cisco went to inordinate lengths to make sure that information never got into the hands of the their consumers, the press, or the public.
Cisco threatened legal action to stop the conference's organizers from allowing a 24-year-old researcher for a rival tech firm to discuss how he says hackers could seize control of Cisco's Internet routers, which dominate the market. Cisco also instructed workers to tear 20 pages outlining the presentation from the conference program and ordered 2,000 CDs containing the presentation destroyed.
In the end, the researcher, Michael Lynn, went ahead with a presentation, describing flaws in Cisco's software that he said could allow hackers to take over corporate and government networks and the Internet, intercepting and misdirecting data communications. Mr. Lynn, wearing a white hat emblazoned with the word "Good," spoke after quitting his job at Internet Security Systems Inc. Wednesday. Mr. Lynn said he resigned because ISS executives had insisted he strike key portions of his presentation.
...."
Nice guy's at Cisco ;-)
More info is here.
Working for an incumbent telco I am used that my company is regarded as evil empire by some alternative mo.. ah providers, and also every genuine net head considers Microsoft as such, but as some say, there is nothing such a bad press. So some people Cisco may have got the idea to compete also in this regard:
So Cisco started to harras a security researcher:
Bruce Schneier is writing on his blog about a very interesting incident:
"I've also written about how security companies treat vulnerabilities as public-relations problems first and technical problems second. This week at BlackHat, security researcher Michael Lynn and Cisco demonstrated both points.
Lynn was going to present security flaws in Cisco's IOS, and Cisco went to inordinate lengths to make sure that information never got into the hands of the their consumers, the press, or the public.
Cisco threatened legal action to stop the conference's organizers from allowing a 24-year-old researcher for a rival tech firm to discuss how he says hackers could seize control of Cisco's Internet routers, which dominate the market. Cisco also instructed workers to tear 20 pages outlining the presentation from the conference program and ordered 2,000 CDs containing the presentation destroyed.
In the end, the researcher, Michael Lynn, went ahead with a presentation, describing flaws in Cisco's software that he said could allow hackers to take over corporate and government networks and the Internet, intercepting and misdirecting data communications. Mr. Lynn, wearing a white hat emblazoned with the word "Good," spoke after quitting his job at Internet Security Systems Inc. Wednesday. Mr. Lynn said he resigned because ISS executives had insisted he strike key portions of his presentation.
...."
Nice guy's at Cisco ;-)
More info is here.
Sunday, July 17, 2005
Blogging handicapped
Some may already wonder why I stopped blogging, there are 3 reasons:
1. I am on vacation
2. I am basically cut-off from the Internet (no broadband)
3. my boss is complaining that I still use my laptop too much
Reason 3 is of course the most serious ;-)
Reason 2 is also very bad: I have only access to the Internet via the super QoS GPRS mobile access. This means it is very s l o o o w and also requires a reboot of my laptop nearly every time I login just to check my e-mails. I complained here once about the Nokia PC Suite and Bluetooth, hah. Did not know at this time about Vodafone Mobile Connect. The SW dies everytime my Laptop goes into sleepmode and requires a complete reboot. Nice.
I also discovered a nice surprise in tariffing: I have a Vodafone Broadband Account providing me 500 MB download a month for 39 Euro, which seems resonable. What they did not tell me (maybe it is somewhere in the fine print) that this 500 MB is valid only for UMTS access. If I access the network via GPRS, the limit is only 100 MB. So if you are using GPRS, you idiot, you are punished twice.
Since a customer cannot choose what technology is provided at the location he wants to access the Internet, this is IMHO very near to cheating. I decent company would do it the other way round, apologizing for the inconvenience.
So I have to be careful not overrunning the limit to prevent my poor company from going bankrupt.
So I am stuck to read some books I wanted to read anyways.
The first book I read explained to me that the future of new enterprises is to be customer driven and NOT shareholder-driven. Now I just have wait until the mobile operators get this message.
Ceterum censeo, MO delendam esse.
1. I am on vacation
2. I am basically cut-off from the Internet (no broadband)
3. my boss is complaining that I still use my laptop too much
Reason 3 is of course the most serious ;-)
Reason 2 is also very bad: I have only access to the Internet via the super QoS GPRS mobile access. This means it is very s l o o o w and also requires a reboot of my laptop nearly every time I login just to check my e-mails. I complained here once about the Nokia PC Suite and Bluetooth, hah. Did not know at this time about Vodafone Mobile Connect. The SW dies everytime my Laptop goes into sleepmode and requires a complete reboot. Nice.
I also discovered a nice surprise in tariffing: I have a Vodafone Broadband Account providing me 500 MB download a month for 39 Euro, which seems resonable. What they did not tell me (maybe it is somewhere in the fine print) that this 500 MB is valid only for UMTS access. If I access the network via GPRS, the limit is only 100 MB. So if you are using GPRS, you idiot, you are punished twice.
Since a customer cannot choose what technology is provided at the location he wants to access the Internet, this is IMHO very near to cheating. I decent company would do it the other way round, apologizing for the inconvenience.
So I have to be careful not overrunning the limit to prevent my poor company from going bankrupt.
So I am stuck to read some books I wanted to read anyways.
The first book I read explained to me that the future of new enterprises is to be customer driven and NOT shareholder-driven. Now I just have wait until the mobile operators get this message.
Ceterum censeo, MO delendam esse.
Thursday, July 07, 2005
FAQs: Definition of User and Carrier (infrastructure) ENUM
Currently the issues User ENUM, Carrier (or Infrastructure) ENUM and VoIP peering are discussed in various bodies.
I will try to give defintions (from my point of view) of User and Carrier ENUM. The definitions are also related to the discussions on VoIP peering (Interconnect) via the public Internet.
User ENUM
User ENUM in e164.arpa allows end-users to link either existing E.164 phone numbers or phone numbers assigned specificly for this purpose to applications reachable via URIs on the Internet. The decision to request the domain associated to the E.164 number (opt-in) and to fill the domain with ressource records of choice is with the end-user. If an existing E.164 number is used, the end-user must prove the right to use this number with the request of the associated domain.
Carrier ENUM
Carriers use E.164 numbers currently as their main naming and routing vehicle. Carrier ENUM in e164.arpa or another public available tree allows Carriers to link Internet based resources such as URIs to E.164 numbers (Note: this is the other way round then User ENUM). This allows Carrier in addition to the interconnect via the PSTN (or exclusively) to peer via IP-based protocols. Carriers may announce all E.164numbers or number ranges they host, regardless if the final end-user device is on the Internet, on IP-based closed NGNs or on the PSTN, provided an access (e.g. SBC or gateway) to the destination carriers network is available on the Internet.There is also no guarantie for the originating carrier querying Carrier ENUM that he is able to access the ingress network element of the destination carriers network. Additional peering and accounting agreements requiring authentication may be necessary. The access provided may also be to a shared network of a group of carriers, resolving the final destination network within the shared network.
The usage of ENUM within a carriers network or within shared networks in private ENUM trees is out of scope.
A virtual VoIP provider on the Internet may provide his end-users access to User ENUM and at the same time also may access Carrier ENUM, provided he has peering agreements with other Carriers. He may also populate Carrier ENUM with the numbers he is hosting. It is at his discretion if he provides other Carriers access to the users holding this numbers with or without special peering agreements.
I will try to give defintions (from my point of view) of User and Carrier ENUM. The definitions are also related to the discussions on VoIP peering (Interconnect) via the public Internet.
User ENUM
User ENUM in e164.arpa allows end-users to link either existing E.164 phone numbers or phone numbers assigned specificly for this purpose to applications reachable via URIs on the Internet. The decision to request the domain associated to the E.164 number (opt-in) and to fill the domain with ressource records of choice is with the end-user. If an existing E.164 number is used, the end-user must prove the right to use this number with the request of the associated domain.
Carrier ENUM
Carriers use E.164 numbers currently as their main naming and routing vehicle. Carrier ENUM in e164.arpa or another public available tree allows Carriers to link Internet based resources such as URIs to E.164 numbers (Note: this is the other way round then User ENUM). This allows Carrier in addition to the interconnect via the PSTN (or exclusively) to peer via IP-based protocols. Carriers may announce all E.164numbers or number ranges they host, regardless if the final end-user device is on the Internet, on IP-based closed NGNs or on the PSTN, provided an access (e.g. SBC or gateway) to the destination carriers network is available on the Internet.There is also no guarantie for the originating carrier querying Carrier ENUM that he is able to access the ingress network element of the destination carriers network. Additional peering and accounting agreements requiring authentication may be necessary. The access provided may also be to a shared network of a group of carriers, resolving the final destination network within the shared network.
The usage of ENUM within a carriers network or within shared networks in private ENUM trees is out of scope.
A virtual VoIP provider on the Internet may provide his end-users access to User ENUM and at the same time also may access Carrier ENUM, provided he has peering agreements with other Carriers. He may also populate Carrier ENUM with the numbers he is hosting. It is at his discretion if he provides other Carriers access to the users holding this numbers with or without special peering agreements.
New I-D: Combined User and Carrier ENUM in e164.arpa
Michael Haberler and I just submitted a new I-D on Combined User and Carrier ENUM in e164.arpa.
Abstract:
ENUM as defined now in RFC3761 is not well suited for the purpose of interconnection by carriers, as can be seen by the use of various private tree arrangements based on ENUM mechanisms. A combined end- user and carrier ENUM tree solution would leverage the ENUM infrastructure in e164.arpa, increase resolution rates, and decrease the cost per registered telephone number. This document describes a minimally invasive scheme to provide both end-user and carrier data in ENUM.
This draft is intended as a potential alternative to draft-pfautz-lind-carrier-enum-carrier-user-00 to be discussed on the list and at the next IETF#63 in Paris.
The basic idea is to split the user and carreir information not by non-terminal or terminal NAPTRs as discussed on the list, but to separate the information by introducing a special domain below the country code layer, e.g. carrier.3.4.e164.arpa.
We gratefully acknowledge the suggestions and improvements made during and after the ENUM Summit 2005 in Maimi by Jason Livingood and Tom Creighton of Comcast, Penn Pfautz of ATT, and Lawrence Conroy of Roke Manor Research.
Abstract:
ENUM as defined now in RFC3761 is not well suited for the purpose of interconnection by carriers, as can be seen by the use of various private tree arrangements based on ENUM mechanisms. A combined end- user and carrier ENUM tree solution would leverage the ENUM infrastructure in e164.arpa, increase resolution rates, and decrease the cost per registered telephone number. This document describes a minimally invasive scheme to provide both end-user and carrier data in ENUM.
This draft is intended as a potential alternative to draft-pfautz-lind-carrier-enum-carrier-user-00 to be discussed on the list and at the next IETF#63 in Paris.
The basic idea is to split the user and carreir information not by non-terminal or terminal NAPTRs as discussed on the list, but to separate the information by introducing a special domain below the country code layer, e.g. carrier.3.4.e164.arpa.
We gratefully acknowledge the suggestions and improvements made during and after the ENUM Summit 2005 in Maimi by Jason Livingood and Tom Creighton of Comcast, Penn Pfautz of ATT, and Lawrence Conroy of Roke Manor Research.
Saturday, July 02, 2005
Gizmo - Alpha Beta
Basically I am getting too old being an alpha-tester according to Tom Evslin's "Decoding Programmers Speak":
“It’s Beta ready.”
Translation: It’s Alpha ready.”
When I downloaded and installed it on Thursday, I could not even register. It said invalid whatever, every time I tried richard.stastny, richard, stastny or f*ck off. So I gave up. BTW, it would have been helpful to get a notice that you could also register with your old sipphone account. I detected this later. The behaviour on this day must have been somewhat erratic, because a collegue of mine had the same problem, but in his case ALL his tries succeeded despite of the error messages, so he has now 4 accounts, as he detected after receiving the ack e-mails. BTW, I never received any welcome e-mail, despite of being registered now as stastny. (One also gets a Sipphone Boing 747 number again in the background, which you also only find out looking up your own profile)
So I gave it a last try yesterday and first thing it did was downloading an update. Aha - and I could register ;-)
My first impression: a Skype clone - which is basically not a bad idea. If you clone something, take the best product. So it makes sense.
It also uses the ILBC codec, again not a bad idea, so one can expect a good sound quality.
But to clone something, it takes more: e.g. usability.
Since I had no buddies yet to call on Gizmo, and since you get 0,25 cents for out calls, I tried to call some numbers. I entered some numbers in the well known international format, also called E.164, e.g. +43xxxx.
Result: a nice announcement: "The number you have dialed is crash". Of course she did not say "crash", it just sounded like this.
Then I tried to call some sip URIs, e.g. on fwd and sipgate, same effect.
After thinking a bit about this, and since I know from earlier discussions whith Michael that he has the same understanding on numbering I have on baseball, I tried 01143xxx and voila, it worked.
Having this worked out, I also found that you may call another SIP user with entering the sip URI with SIP:16241@fwd.pulver.com and not without. Entering such an acoount into the Buddy List does not work, it is not accepted.
I was even able to reach my sipphone account from FWD, still remebering that the URI to call sipphone is proxy01.sipphone.com, which also nobody tells you (or the siphone number). Note on the side: It is urgently needed that presence finally works between such domains.
One major drawback from my point of view: Gizmo is not ENUM-enabled.
Another issue I do not like is that voice-mail only works SER style by sending you the voice-mail in an e-mail attachment. I got used to the Skype-style in just clicking a botton in the call list.
InCalls use the combined FWD and Sipphone gateway e.g. at Washington 1 202 742 5739, which is not very user-friendly, because it is two-stage dialing. And it worked only with my FWD account, but not with Gizmo, because of a "codec mismatch". Gateway not understanding ILBC yet, or what? ;-)
There are of course other comments on Gizmo, the general impression is that most welcome the idea to have finally a non-propriatory SIP product similar to Skype, but that is is still very Beta.
It is really very Beta, my rant at the beginning is cause by the fact that I had to stop testing because the application stopped working. This is not quite true, it is hiding (lurking?). If you log in, it is showing up in the task bar as running, but you cannot see it. It is still running and working, it even rings, but it does not show up on the desktop. I re-booted Windows, but still the same. Maybe I have to re-install it, but here I will wait on the next version.
Andy and Phoneboy are quite positive and are awaiting additional clients:
Stuart from the Skype Journal is raising some good and valid questions, the same I have:
David is first blaming Niklas for being assymetric (BTW - this is quite a usual behaviour from all alternative providers (TDM and IP) - basically being in contact with the voice business turns you in a bellhead sooner than later).
He continues: So in fact, Gizmo interoperates with any service, PBX, or network using SIP, i.e. every service out there except Skype.
One solution may be that Gizmo is also using the Skype API like the Pulver Communicator.
The other possibility is that SIP applications like Gizmo will finally overtake Skype, but this will not be easy.
Skype has shown that normal customes do not want to configure the client and attach it to a provider, they want to have a bundled product.
“It’s Beta ready.”
Translation: It’s Alpha ready.”
When I downloaded and installed it on Thursday, I could not even register. It said invalid whatever, every time I tried richard.stastny, richard, stastny or f*ck off. So I gave up. BTW, it would have been helpful to get a notice that you could also register with your old sipphone account. I detected this later. The behaviour on this day must have been somewhat erratic, because a collegue of mine had the same problem, but in his case ALL his tries succeeded despite of the error messages, so he has now 4 accounts, as he detected after receiving the ack e-mails. BTW, I never received any welcome e-mail, despite of being registered now as stastny. (One also gets a Sipphone Boing 747 number again in the background, which you also only find out looking up your own profile)
So I gave it a last try yesterday and first thing it did was downloading an update. Aha - and I could register ;-)
My first impression: a Skype clone - which is basically not a bad idea. If you clone something, take the best product. So it makes sense.
It also uses the ILBC codec, again not a bad idea, so one can expect a good sound quality.
But to clone something, it takes more: e.g. usability.
Since I had no buddies yet to call on Gizmo, and since you get 0,25 cents for out calls, I tried to call some numbers. I entered some numbers in the well known international format, also called E.164, e.g. +43xxxx.
Result: a nice announcement: "The number you have dialed is crash". Of course she did not say "crash", it just sounded like this.
Then I tried to call some sip URIs, e.g. on fwd and sipgate, same effect.
After thinking a bit about this, and since I know from earlier discussions whith Michael that he has the same understanding on numbering I have on baseball, I tried 01143xxx and voila, it worked.
Having this worked out, I also found that you may call another SIP user with entering the sip URI with SIP:16241@fwd.pulver.com and not without. Entering such an acoount into the Buddy List does not work, it is not accepted.
I was even able to reach my sipphone account from FWD, still remebering that the URI to call sipphone is proxy01.sipphone.com, which also nobody tells you (or the siphone number). Note on the side: It is urgently needed that presence finally works between such domains.
One major drawback from my point of view: Gizmo is not ENUM-enabled.
Another issue I do not like is that voice-mail only works SER style by sending you the voice-mail in an e-mail attachment. I got used to the Skype-style in just clicking a botton in the call list.
InCalls use the combined FWD and Sipphone gateway e.g. at Washington 1 202 742 5739, which is not very user-friendly, because it is two-stage dialing. And it worked only with my FWD account, but not with Gizmo, because of a "codec mismatch". Gateway not understanding ILBC yet, or what? ;-)
There are of course other comments on Gizmo, the general impression is that most welcome the idea to have finally a non-propriatory SIP product similar to Skype, but that is is still very Beta.
It is really very Beta, my rant at the beginning is cause by the fact that I had to stop testing because the application stopped working. This is not quite true, it is hiding (lurking?). If you log in, it is showing up in the task bar as running, but you cannot see it. It is still running and working, it even rings, but it does not show up on the desktop. I re-booted Windows, but still the same. Maybe I have to re-install it, but here I will wait on the next version.
Andy and Phoneboy are quite positive and are awaiting additional clients:
Of course, if they want to go head-to-head with Skype, they're going to have to
get clients out there for Linux, Pocket PC, and Symbian. God, I wish I could
find a free SIP client for my Nokia 9500...
Stuart from the Skype Journal is raising some good and valid questions, the same I have:
- What would be the compelling reason to switch? From Skype to Gizmo?
- How and what opportunities does this provide for PBX integration; something many Skypers want?
- Is the fragmentation of the VON VoIP market only going to affect other SIP players and have no impact on Skype?
- Why aren't the "rates" for CallOut or CallIn competitive?
David is first blaming Niklas for being assymetric (BTW - this is quite a usual behaviour from all alternative providers (TDM and IP) - basically being in contact with the voice business turns you in a bellhead sooner than later).
He really likes the app on the Mac (ok, I missed this one) and then he is missing the find button - this is not true - you just have to use "search" - or they forgot this on the Mac.At a recent conference, a Skype founder suggested "regulating the incumbents" to force others to carry Skype calls. Skype calls go over the public Internet, but are often carried on telephone company wiring (DSL) which Skype is worried could be configured to block their calls. They are proposing that the government should step in and demand that those telephone company networks carry Skype calls.
Meanwhile, Skype is refusing to carry anyone else's calls on their own phone system. They are engaging in exact behavior - they are worried about others trying. Skype can't have it both ways. If Skype wants to lock others out of their system, shouldn't the telephone companies have the same right also?
SIPphone.com really stresses the open standard and interoperability aspects of Gizmo and for my part, I couldn't agree more.
He continues: So in fact, Gizmo interoperates with any service, PBX, or network using SIP, i.e. every service out there except Skype.
One solution may be that Gizmo is also using the Skype API like the Pulver Communicator.
The other possibility is that SIP applications like Gizmo will finally overtake Skype, but this will not be easy.
Skype has shown that normal customes do not want to configure the client and attach it to a provider, they want to have a bundled product.
Friday, July 01, 2005
DTI UK published Response to ENUM Consulation
DTI UK published the Response to the ENUM Consultation and the ENUM Final Regulatory Impact Assessment.
The recommedation is:
From the responses to the Consultation it is apparent that option 3 of self-regulation is generally accepted by all parties, and was originally advocated as our preferred option. We thus endorse this as a way ahead and look to industry to form the body know in the Consultation as the UK ENUM Committee (UKEC) to carry the use of ENUM forward.
The recommedation is:
From the responses to the Consultation it is apparent that option 3 of self-regulation is generally accepted by all parties, and was originally advocated as our preferred option. We thus endorse this as a way ahead and look to industry to form the body know in the Consultation as the UK ENUM Committee (UKEC) to carry the use of ENUM forward.
George Bush to World: Go Jump into the Lake
The NTIA states the U.S. Principles on the DNS:
This document contains four statements, the first reads a following:
This document contains four statements, the first reads a following:
The United States Government intends to preserve the security and stability of the Internet’s Domain Name and Addressing System (DNS). Given the Internet's importance to the world’s economy, it is essential that the underlying DNS of the Internet remain stable and secure. As such, the United States is committed to taking no action that would have the potential to adversely impact the effective and efficient operation of the DNS and will therefore maintain its historic role in authorizing changes or modifications to the authoritative root zone file.
Some of the comments on various sources are not very friendly:
HustonCronicle: U.S won't cede control of Internet's key computers
ZDnet: U.S. to retain control of Internet Domain Names
The Register: Bush adminstration annexes internet (I like this one)
CNN: U.S keeps control of Internet computers
BBC: US holds onto key internet role
I just wonder how ICANN and especially the ITU-T will comment this.
Please show me your Boarding Pass and Passport Mania
I still can remember the days when you could leave the US without showing your passport. In the worst days of the German Democratic Republic, you had to show your passport only twice. Yesterday in Miami I had to show my boarding pass and my passport three times:
1. at check-in to get the boarding pass-ok
2. entering the concourse in front of the escalator: pls show boarding pass and passsport
3. On top of the escalator: pls show boarding pass and passport
Now this is an interesting one, because there is no way in or out from the bottom to the top of the escalator. Are they starting to check each other, like in the GDR?
4. in front of the x-ray again, this time only the boarding pass. Why? No idea. Why would anyone not forced to go through security and if, who cares? It is secure by definition, isn't it?
BTW, I have no problem showing my boarding pass at the gate, it prevents you from taking the wrong bus.
Of course there is a potential to improve this harrassment: e.g. in Washington at the duty-free they wanted in addition to the boarding pass also the passport and at some other airports they want to see the passport in addition to the boarding pass again at the gate. So you would end up showing the passport five times.
The next step will be that any officially or half-officially looking person may check your passport at any time, e.g. if they are getting bored standing around chatting with each other. Or you have to show your passport at Starbucks or Burger King.
The final step will be that any passenger may ask any other passenger at anytime for the passport, also to get over the boring wait and even to make some contacts: "What nice cute passport you have"
The interesting issue with all this security is that everybody is taking this deadly serious, but the procedures are different on any airport. I just wonder if something is so deadly important on one airport, why is it not happening on another? BTW, you may do anything in front of these persons but definitely not a joke.
My final conclusion is that this a well prepared conspiracy to finally overcome any restistance to get two chips (for redundancy) implanted in the ears like cattle, just to avoid waiting in line for hours and get asked 10 times for the passport within 10 minutes.
1. at check-in to get the boarding pass-ok
2. entering the concourse in front of the escalator: pls show boarding pass and passsport
3. On top of the escalator: pls show boarding pass and passport
Now this is an interesting one, because there is no way in or out from the bottom to the top of the escalator. Are they starting to check each other, like in the GDR?
4. in front of the x-ray again, this time only the boarding pass. Why? No idea. Why would anyone not forced to go through security and if, who cares? It is secure by definition, isn't it?
BTW, I have no problem showing my boarding pass at the gate, it prevents you from taking the wrong bus.
Of course there is a potential to improve this harrassment: e.g. in Washington at the duty-free they wanted in addition to the boarding pass also the passport and at some other airports they want to see the passport in addition to the boarding pass again at the gate. So you would end up showing the passport five times.
The next step will be that any officially or half-officially looking person may check your passport at any time, e.g. if they are getting bored standing around chatting with each other. Or you have to show your passport at Starbucks or Burger King.
The final step will be that any passenger may ask any other passenger at anytime for the passport, also to get over the boring wait and even to make some contacts: "What nice cute passport you have"
The interesting issue with all this security is that everybody is taking this deadly serious, but the procedures are different on any airport. I just wonder if something is so deadly important on one airport, why is it not happening on another? BTW, you may do anything in front of these persons but definitely not a joke.
My final conclusion is that this a well prepared conspiracy to finally overcome any restistance to get two chips (for redundancy) implanted in the ears like cattle, just to avoid waiting in line for hours and get asked 10 times for the passport within 10 minutes.
