Monthly Archives: August 2007

The feedback effect, or lack thereof

There is another great article by Steven Milloy about the positive feedback built into the climate models that predict AGW. He makes the great point that if a slight warming cause a positive feedback resulting in greater warming, how come this wass not observed during the El Nino event of 97-98? I have never seen a AGW proponent explain that.

Of course I have never heard an AGW proponent tell me what the falsifiable hypothesis is.

Interesting nanotechnology development from IBM

This is a very interesting sounding development from IBM labs. I wish there was more details in the article though.



 Now here’s a mashup to give you pause; a wood burning cooking device with a gasoline powered vehicle. It’s from Orange County Choppers and the back story and photo are here (via InstaPundit). As soon as I saw this, I knew it was time for another demotivator!

The object lesson is that sometimes you can integrate two best of breed solutions to create a combined solution that is better than the sum if it’s parts. And sometimes you just can’t.

I still want one.

(Mirrored from TalkBMC)

Verisign PiP Managed Cards

I blogged about the Verisign PiP Identity Provider here. I mistakenly said that PiP couldn’t be used as a general purpose IdP for Managed Information cards. Gary Krall from Verisign set me straight. You can indeed do this. There is an option to create what they call an “Identity Card” which is a managed card that used PiP as the IdP. I tried it out at this Bandit site, but I got server errors on the SP side.

It seems that there are very few SPs supporting Self-issued Information Cards and even fewer that support Managed Cards. Can anyone point me to some public SPs that accept Managed Cards?

(Mirrored from TalkBMC)

Brignell vs Hansen

John Brignell of Number Watch skewers former NASA Scientist James Hansen. I don’t mean that Hansen no longer works for NASA, I mean that he is no longer a scientist. Brignell points this out:

The language seems more appropriate to a mad king, raving on a storm-tossed heath about the injustices visited upon him by his tormentors, than to a scientist dispassionately analysing experimental data. It is, however, worse than that. Not only does he predict the end of the world, but he also reserves the right to keep to himself the methods by which he deduces this from measurement data, quite contrary to scientific tradition. There is, indeed, disturbing evidence of continual meddling with data from the past. The abominated McIntyre, however, publishes all his data and programs, accepting manfully the flak when he is caught out in an error. Though the adjustment in question is small, like others that have been made, it just happens, by sheer coincidence of course, to be in the direction to favour the establishment theory. The metaphors Hansen employs might be high in drama, but they are low in appropriateness. In applying the intended insult of “Court Jester” to his opponents, he not only transgresses the normal courtesies of scientific discourse, but also reveals that he does not understand the function of the said courtier in mediaeval monarchies, thereby causing his insult to rebound as something of a compliment. The corny ad hominem about his adversaries being in the pay of evil industrialists is not only without any basis of evidence, but it reveals his wholly political motivation, and comes ill from one who is not only in receipt of a generous salary but has also received munificence from a politically active foundation (the so-called ketchup money).

What a contrast! On one hand we have the modest stillness and humility of the dedicated seeker after truth; on the other, the shrill cackle of the politico-religious demagogue. One can imagine the embarrassment felt by the real scientists and engineers in NASA at the antics of Hansen.

Hansen is quite right, however, in stating that the change brought about by the correction of his error is insignificant, but the fact is that all the numbers that muddy this debate are insignificant, including the purported warming over the last century. It is of no scientific importance that the warmest year of recent times might be 1934 and not, as we were so frequently told, 1998; just as it was of no significance when the ranking was the other way round. It is, however, of great political importance. It was a highly emotive point of propaganda, endlessly repeated, that the earth is warmer now than it has ever been. That it is not even true for recent times is a devastating blow to the alarmist cause, and only the docile acceptance of self-censorship in the media has prevented total collapse of the campaign in the public mind. The few right-wing demagogues that have taken it up are, to say the least, dubious as allies of science and its methods. Global warming is not only a multi-billion dollar industry; it is a religion and a vehicle for political enforcement. The interests involved are not going to abandon all that profit and power lightly; so dirty tricks must be expected. That a handful of individuals without funding can take on and expose such a ruthless industry, however, goes a little way to restoring ones faith in the human spirit.

You should read the whole thing. And NumberWatch is always worth reading for the heresy of real scientific reasoning. The current debate on global warming is much more about politics than science. Which is why I write about it so much.

Hat tip to JunkScience for the article.

Random Password Manager

Dave Kearns points to a product called Random Password Manager that can create random password for use for administrative accounts. It seems to be similar to the Secret Server product I blogged about here.

Dave talks about the use case of having the password management system give an IT administrator a clear text version of the password which the gets automatically reset to a new unknown value. This is a crude approximation of a OTP.

While this is a great idea, it is limited by the ability of the password management product’s ability to set the password directly on the specific system. For systems that use AD authentication (or other LDAP) this isn’t difficult. But for systems such as RACF, SAP, Siebel, etc, it’s very difficult for a vendor to maintain all the connectors.

If this kind of functionality gets popular, I would expect these companies to start to set up partnerships with the IdM companies that maintain connectors to all of these systems. Many of the IdM systems have SPML interfaces for invoking password changes on the managed systems.

Another aspect to this would be to integrate one of the Enterprise SSO products such as Passlogix vGo into the mix. The admin password could set in the ESS repository and replayed for the user without the user ever even seeing it.

Nishant Kaushik of Oracle has some thoughts about this here.

[Full Disclosure: I am a SW Architect for the BMC Identity Management suite which does password management, although it does not support the kinds of functionality in these products. BMC currently has no partnership with Lieberman Software or Thycotic Software. BMC does have a reselling agreement with Passlogix]

(Mirrored from TalkBMC)

Great Interview with Bjorn Lomborg

Salon has a great interview with Bjorn Lomborg here. It’s grea to see someone approaching this controversial subject is a cool and scientific manner. There’s far to little of that in this area today.

Correlation is not Causation

A great article from Fred Singer can be found here. The confusion of correlation with causation is probably one of the most common logic fallicies that reasonably intelligent people fall into. Anyway the article is well worth reading.

PIP, Seatbelt, and a New Information Card Use Case

I finally got around to playing around with some of the new features of the Verisign OpenID provider, PIP. One of the interesting new features they have added is a Firefox plugin called Seatbelt. Seatbelt automatically detects attempted OpenID authentication and automatically populates the ID field. It also will show your PIP session status and forward you to the PIP login page if needed. That’s very important from a usability standpoint.

I tried it out and it work pretty well, although doing the Relying Party first use case with a brand new web session seemed a little rough on a couple of site. Overall it was a really good user experience.

Here is an interesting question. Why do so many browser plugins for identity support Firefox rather than IE? I haven’t built a browser plugin so I don’t know how hard it is to do it in IE vs Firefox, but it seems odd that the first choice wouldn’t be the most popular browser.

Then I tried out the Information Card support in PIP. It was quite unexpected how it worked. I had imagined that I would be able to register a self-issued card and be able to authenticate to PIP as an OpenID provider using a Self-Issued Card.

What happens instead is that you authenticate to PIP using your User ID and Password and then download a Managed Information Card that has PIP as the IdP. Then for future OpenID sessions you can authenticate to PIP (which is your IdP) with a Managed Information Card which as PIP as the IdP.

Confused? It seems Information Cards is being used as a Phishing resistant user ID and Password login. In other words if you use the Managed Card option instead of using the web form for authentication, you are very safe from a phished MITM attack. This is a use case I had never thought of.

If I am misinterpreting this I would appreciate it if someone would let me know.

Now what would be really cool would be if my PIP Managed Information Card could be used to do SSO to other Information Card enabled sites. That way PIP could be my IdP for both OpenID and Information Cards.

(Mirrored from TalkBMC)



This is a slight departure from my other DYI demotivators in that the center image is not a photograph. The center image is from here. There is more about the Maginot Line analogy of Deperimeterization here. You can read more about the Jericho Forum here. There is also a related article here.

(Mirrored from TalkBMC)