I get a steady stream of indignant sputtering about this post on the metric system and what it means for authentication. One common point that readers make is that Celsius is better than Fahrenheit because it is based on natural law, defined as 100 degrees between the freezing and boiling point of water.
Only it isn’t, and hasn’t been for some time (at least not since 1954). While the freezing point and boiling point of water was precise enough in the 1700’s, it is no where near precise enough to act as a standard. The reason is that no two samples of water will melt and freeze at the same temperature due to variations in water purity, air pressure, and humidity.
By international convention, the Celsius scale is defined by a range between absolute zero and the thermodynamic triple point of Vienna Standard Mean Ocean Water (VSMOW). This point, by the way, is 0.01 C. And VSMOW is not ocean water (despite it’s name), but rather is a carefully crafted lab concoction comprised of specially defined proportions of oxygen and hydrogen isotopes.
So while we are taught Celsius is defined by the freezing and boiling points of water, it is actually defined by absolute zero (which doesn’t exist in the natural world), and the triple point of a form of water that only exists in the lab.
Explain to me again, why this is less arbitrary that Fahrenheit?
And why is it still taught incorrectly in schools (at least in the US)?
Categories: Freedom · Science · Uncategorized
Tagged: Celsius, Metric System
I usually find what’s not being said far more interesting than the platitudes that are uttered. According to this article Google and China are negotiating a face saving compromise to allow Google to remain in China. What is being said is that this is about the level of censorship. What is not being said, and what is probably really the truth is that this is really all about the Chinese government hacking Google.
I mean seriously. Google China censored content from day one and now it all of a sudden decided to “do less evil”? As Corporal Nobbs likes to say “pull the other one, it has bells on it”.
No, what changed is that the government has hacked Google and gotten caught doing it, and probably affected some high-level Google execs.
Here is my prediction; the face saving compromise will involve a little easing of the censorship rules, a promise not to hack Google any more, and Google quietly giving some sweetheart deals to some high-level Chinese officials.
Categories: Censorship · China · Cyber-warfare · Freedom · Google · Hacking · Security
Tagged: Censorship, China, Google, Hacking, Security
Bruce Schneier writes this, in which he lays the blame for the Chinese hack of Google on the US Government. His reasoning is that since Google put in a back door surveillance mechanism to enable the US to eavesdrop on Google users, it is then the US’s fault that Chinese hackers used that mechanism to hack Google accounts.
This is a little like me blaming my employer if I have an accident on the way to work.
While I agree that companies should not be making it easy for governments to spy on people, when legally required to do so it is also their responsibility to make sure that this done in as secure a manner as possible.
Also note the interesting linguistic phrase that most journalist have used in this issue. The hacking of Google is usually described as being done by “Chinese hackers”. That’s not wrong, but it missing the most important point. No one seriously believes that the attacks were not done at the behest of the Chinese government itself. That is a very important distinction.
Categories: Censorship · China · Google · Hacking · Security · Uncategorized
Tagged: China, Google, Hacking, Security
OptimalIdM has announce support for Microsoft WIF (you can get more info here). What they have done is pretty interesting. The have created an STS that front ends their Virtual Directory. This allows a single STS to be used to issue claims against multiple identity stores.
Of course the main use case here is the multiple AD forest scenario, but it could also support disparate identity stores such as other LDAP directories, databases, etc.
[Full disclosure: I have done consulting work for OptimalIdm in the past.]
Categories: AD · Identity · Identity Bus · Standards · Virtual Directory
Tagged: AD, ADFS, Federation, Identity, OptimalIdM, Virtual Directory, WIF
Nishant Kaushik posits an interesting question; can OAUTH fill the provisioning role in Just-in-time federated provisioning. Mark Wilcox follows up here and here.
I agree with Mark’s commenter who suggests that a SAML attribute service fills the role just as well. Mark suggests that a SAML attribute query is too difficult to implement in some development environments. But I am not sure that I buy the argument that there are environments where doing the SAML SSO is doable but doing the attribute query isn’t.
Regardless all this got me thinking about impedance matching. When we wear our standards hat, all things are possible. But we need to step back at times and put on our developer hat and think about how are designs are going to be implements. While we could mix SAML and OAUTH to support JIT federated provisioning, implementation now requires tools, libraries, and implementers that can implement both SAML and OAUTH as well as handle the rough edges where the don’t mesh well. That’s an impedance mismatch in my opinion.
Categories: Authentication · Identity · Open Source · OpenID · Provisioning · SAML · SPML · Standards
Tagged: Federated Provisioning, Federation, Identity, OAUTH, OpenID, Provisioning, SAML, SPML
My current employer, CareMedic, has been acquired by Ingenix. The announcement is here. I am cautiously optimistic that this will be a good deal for both parties.
Categories: Healthcare · Software
Tagged: CareMedic, Health Care IT, Ingenix
Luca Mayer has this summary of Sun’s open source IdM projects. I have some experience with OpenSPML (obviously), and I have fiddled with OpenDS. There is some great stuff there.
I hope this all survives the acquisition.
Categories: Identity · Identity Management · Open Source · SPML · Software · Standards
Tagged: Identity Management, IdM, Open Source, OpenSPML, OpenSSO, SPML, Sun
Jackson Shaw recently wrote this comparing smoke detectors to automatic screen lock policies for desktop PCs. While I agree that both smoke detectors are a great idea, there is another fire safety mechanism that far too few people take seriously, that is a fire extinguisher. Everyone should have a fully charged fire extinguisher in their house, but not in their kitchen.
Statistically the vast majority of fires occur in the kitchen, and most of those occur on the stove top. You want you fire extinguisher to be near the kitchen, but not too close to the stove so that retrieving it won’t expose you to harmful heat or flames.
So if screen locks are the equivalent of smoke detectors, what security mechanism is the equivalent of a fire extinguisher?
Coincidentally Bruce Schneier recently wrote this in which he make the risible argument that if one hears a fire alarm while sleeping in a hotel, you should ignore it and go back to sleep because hotel fires are very rare. Quite the contrary, completely false alarms in hotels are quite rare. While many alarms are due to small localized fires (such as in a trash can), they are seldom completely false. At a minimum it’s worth investigating what situation is before deciding to simple ignore it.
Categories: Security
Tagged: Fire Safety, Security
It was great great sadness that I learned that Don Bowen was welcomed home on All Hollows Eve. I did not know Don well, but I knew him to be a man that was always friendly, with a happy enthusiasm that was a wonder to behold. To know Don was to instantly like him.
Don was open about his Faith in an industry that does not always welcome it. I always respected him for that.
Godspeed Don.
Categories: Uncategorized
Tagged: Don Bowen
Bob Blakely is getting a lot of attention lately for this post about a report the he and Ian Glazer wrote on privacy. On the one hand I completely agree with him that privacy is a social rather than a technical issue (which is why I have never been that interested in concepts like the minimal disclosure tokens and identity oracles).
But I feel the Bob and Ian give too much emphasis the how your personal information is handled after it has been disclosed rather than the issue of not asking for it to be disclosed in the first place. In other words, no one can abuse private information if they don’t have it in the first place.
Obviously some information needs to be disclosed to drive the required social interactions. But today there is too much information being asked for and I feel that is also a serious violation of privacy. Let me give you an example, following Bob’s Dr’s office example. Suppose you take your child for a check up and the pediatrician asks your child:
Has your daddy ever slept with another man?
You would be appalled at that for several reasons. First, it not remotely relevant to your child’s check up, and second it’s none if his business. Even assuming the Dr would scrupulously keep secret the answer, he shouldn’t even ask the question. I think we can all agree on that. But what if he asks your child:
Is there a gun in your house?
Now how do you feel about that? How is that any different? This is not a hypothetical question either, but a regular screening question asked today by pediatricians across the country. The American Academy of Pediatrics has instructed your pediatrician to routinely screen for household gun ownership because some irresponsible people have left loaded guns where children could get them, and they feel your privacy as a parent has no value. Further they are instructed to ask your children, not you for this information.
And that is just one of many examples where we are asked to divulge personal information beyond what is needed for the social interaction. At the point of asking the privacy is already being violated regardless of what happens to that information later.
Categories: Freedom · Gun Control · Identity · Privacy
Tagged: Data Privacy, Freedom, Privacy
