Monthly Archives: December 2007

Free speech for me but not for thee

I am continually shocked (though I probably shouldn’t be) by how many people in the media are willing to deny free speech to others that they claim for themselves. For instance there this opinion piece by David Hazinski in the Atlanta-Journal Constitution that advocates media control of bloggers:

The premise of citizen journalism is that regular people can now collect information and pictures with video cameras and cellphones, and distribute words and images over the Internet. Advocates argue that the acts of collecting and distributing makes these people “journalists.” This is like saying someone who carries a scalpel is a “citizen surgeon” or someone who can read a law book is a “citizen lawyer.” Tools are merely that. Education, skill and standards are really what make people into trusted professionals. Information without journalistic standards is called gossip.

Mr. Hazinski, I hate to burst your bubble here, but you guys just aren’t that important. I have consumed your product for the last 30 years and it’s just not that good. Much of what the media produces today is opinion dressed up as news. A lot of the rest is just aggregation from various wire services.

Opinion and aggregation. Sounds a lot like what bloggers do.

And then, ironically, there are these whoppers:

CNN’s last YouTube Republican debate included a question from a retired general who is on Hillary Clinton’s lesbian, gay, bisexual and transgender steering committee. False Internet rumors about Sen. Barack Obama attending a radical Muslim school became so widespread that CNN and other news agencies did stories debunking the rumors. There are literally hundreds of Internet hoaxes and false reports passed off as true stories, tracked by sites such as

Yes there was a breach of journalistic ethics in allows a campaign staffer ask a question in the CNN/YouRube Republican debate. But this breach was made by CNN who selected the question but did zero background checking. This example is actually contrary to his point.

Yes there are a lot of hoaxes in the internet. But a lot of these get reported by the media as well with little fact checking. And is a great example of a citizen journalist who regularly out-performs his media counter-parts.

Here is a question for Mr. Hazinski; what do journalistic ethics say about a newspaper publishing an editorial proposing regulation that would benefit them directly?

Aussie Cell Phone Identity

Here is an interesting view on how cell phone numbers are becoming the key personal identifier in Australia. From the article:

Most Australians can be identified by their date of birth, driver’s licence or tax file number, but a person’s mobile phone number is becoming an increasingly important part of their identity.

Queensland University of Technology researcher Dr Christine Satchell believes a person’s mobile phone is a type of virtual “home” where they can always be found.
“Changing your phone number is a very alienating thing to do, both for the person and their friends,” Dr Satchell said.

“It forms part of a person’s digital identity and even though it’s just a number, it’s very powerful.”

The Australian Mobile Phone Lifestyle Index shows most Australians retain their mobile number for about seven years, which is in contrast to other forms of contact.
Research suggests people change their e-mail address on average every six to 12 months, which Dr Satchell believes is linked to unwanted junk mail.

The number that really jumps out at me is email address change every six to 12 months. That seems a little hard to believe. But if it’s true that’s going to be a headache for a lot of services providers that use email addresses for their user’s identifiers.

(Mirrored from TalkBMC)

Read vs Write in the Enterprise

I blogged about User Centric Identity in the Enterprise domain here. Matt Flynn blogs about it here and makes a very good point that I overlooked. I noted that the aspect of User Centric Identity that enterprises are most interested in is user self-service of personal information and credentials.

Matt makes the point that while users may provide this information via Self-Service, the typically can’t control who gets access to it afterwards. Basically the employee has read/write access and an indeterminate number of people have read access. So really the whole thing boils down to a terminology debate. I loathe terminology debates.

Clearly enterprises are not going to let employees control the use of their identity and personal information in general. Just as clearly they want to the employee to be responsible for providing and maintaining that same data.

Call it what you will.

(Mirrored from TalkBMC)

Turing’s Flirt

In 1950 Alan Turing described what became later known as the Turing Test. The Turing Test, which is a test of one aspect of Artificial Intelligence, involved a person sitting in front of a terminal exchanging in a typed conversation with another party. If the person could not determine if the other party was a person or a bit of software, then that software would have passed the Turing Test.

Of course almost everyone one the web has by now participated in a Reverse Turing Test where a computer tries to distinguish between a human and a computer (the T in CAPTCHA stands for Turing). But AI researchers over the years have failed to create software that can pass the standard Turning Test.

Who knew that the whole approach has been wrong? Instead of grad students and professors toiling away in major research institutions, the problem might instead be solved by Russian hackers looking to rip people off? If this doesn’t describe a piece of software that passes the Turing test, it’s closer than anything else I have heard of so far. Graft is apparent for more effective than research grants.

There are three things makes this really interesting. First, the environment (chat rooms) exactly matches the Teletype mechanism Turing first proposed. Second, the “test subjects” don’t actually know they are participating in a test. Ironically the software developers don’t either. Third, it’s illegal. So if the developers have actually cracked the Turning Test, they will never receive any recognition for it.

(Mirrored from TalkBMC)

Happy Repeal Day!

Today is Repeal Day, the day we should celebrate our personal freedoms and remember that once we cede a personal freedom to the government, it is very hard to get it back.

User Centric in the Enterprise

Nishant Kaushik has this very interesting post about enterprise adoption of User Centric concepts. My experience talking about User Centric with my enterprise customers is quite different from Nishant’s. First almost none of my enterprise customers are interested in Information Cards or OpenID. Most haven’t heard about the concepts yet. But they really want User Centric Identity. The want it very badly. They just call it something different. They call it User Self-Service.

In other words the want the users to be responsible for every scrap of information for which they are the authoritative source of information. They want users to be responsible for managing their own credentials (typically passwords, but sometimes SecureID tokens). In some cases they want users to be responsible for determining what systems they should be granted access and making workflow requests to get that access.

Of course some will argue that using a Self-issued Information Card is User Centric, where as entering the same information into a self-service profile application is not. But my customers don’t care either way. So long as users can manage their own personal information without using help-desk or HR personnel, they are happy.

(Mirrored from TalkBMC)

Granted Privacy vs Real Privacy

When I think about privacy I like to think of it in two terms. Granted privacy and real privacy. Granted privacy is when your neighbor agrees not to look into your window. Real privacy is when you buy curtains. That’s a good way of looking at this excellent post by Vikram Kumar about the privacy of Amazon purchases. Amazon, like most large retailers, will do their best to protect their customers privacy. But this is granted privacy and there are numerous situations (some outlined in this article) in which that grant will be revoked. All the big vendors do business word-wide in many countries with different and often conflicting privacy laws. Past experiences has taught us that some vendors will cough up their customers private information merely for the privilege of business in China.

In a nut-shell, Amazon will grant you privacy so long as it doesn’t conflict with the laws or dictates of a country that they want to do business with. If you want real privacy you have to drive to the bookstore and pay cash.

On a similar subject there is this interesting article about privacy concerns on Google’s upcoming Gdrive service. Unless Google incorporates some pretty strong encryption (with user managed keys), anything you store on it will have only granted privacy. Of course in the US the government can always search your computer disk drive if the get a search warrant. The big difference is that a search warrant is harder to get than a subpoena, it usually requires a criminal investigation, and you would typically know about it.

(Mirrored from TalkBMC)

Two important Passlogix announcements

Passlogix made two important announcements today.

[Full Disclosure: BMC is a Passlogix partner.]

First they are jumping into the privileged account management business, but with a huge advantage. Passlogix can leverage their ESSO technology to present shared credentials to applications without displaying them to the user. Or at least the user can’t easily see the passwords. The is a better approach than competing products which cough up the password in clear text that the end user would then copy down for use. 

Many IT departments view shared accounts as a necessary evil. No one likes it, but the alternatives are viewed as too painful. But with a product like this combined with a good password management product (like BMC Password Manager) to set passwords on non-AD systems, shared accounts can be managed in a more controlled fashion.

Second, Passlogix is easing the pain of needing desktop software for ESSO.

(Mirrored from TalkBMC)

Does the Router go next to the air filter?

Here is an interesting article about BMW experimenting with using an IPv4 network for in-chassis communication. The idea is that it would open it up for a wide variety of add on products. Sounds reasonable to me (Hat tip to Instapundit).

(Mirrored from TalkBMC)