Monthly Archives: March 2009

King of the wild frontier

You have to love it when someone ties together Davy Crockett and the iPhone as Mark Wilcox does here. And he makes a great point about federation as well:

Thus you should begin adjusting requirements. For example – its time to break the addiction thinking that just to get access to IT resources they need to log into a Windows domain. Instead focus on network-based services such as file shares & network mail (whether Web and/or IMAP based).

Accept that federation (such as SAML) is not just SSO between your company and a remote service but really about SSO between domains that do not control the other. Sometimes that is going to be an external partner but it could also be another business unit.

When I was with BMC/OpenNetwork I often worked on federation projects that did exactly that. Companies where federation (typically SAML) was used to allow users to cross domains with organization. One example was a large communications company that had acquired multiple subsidiaries that still operated fairly independently. They wanted all users to be able to access common services such as HR Portals. In such an environment provision usually plays a key role as well as federation (one could even call it federated provisioning).

There is one IT/Davy Crockett analogy I want to make:

Be careful what cause you take up. It may not end well for you if you choose poorly.

An interesting OpenID Provider

There is an interesting new OpenID provider called MyID.is. The stated goal is to provide a verified OpenID:

MyID.is trying to answer a simple question, how can we provide our users a digital ID that have been certified with the same level of trust as if we met in real life with a valid ID delivered by a governement administration but without the need to actually meet in real life?

By certifying your ID you’ll be able to certify all of your online presence, such as your blogs, your Facebook, LinkedIn profiles…, your comments,… and any kind of online presence that is part of your Identity 2.0.

They validate who you are by billing you a small amount via credit card and then sending you a code via postal mail. You have to wait until to get the code to use the OpenID.

What I find most interesting about this service is that they are not trying (at least at this point) to solve the age verification issue. That’s a good idea in my opinion as I feel that the age verification issue is one of the most oversold issues in the identity space.

There is also a good ARS Technica article on MyID.is here.

Downright creepy

Now this is downright creepy. The Orwellian land of Britain is now using airborne IR cameras to detect homes that are wasting energy:

Our movements are already tracked by CCTV, speed cameras and even spies in dustbins.

Now snooping on the public has reached new heights with local authorities putting spy planes in the air to snoop on homeowners who are wasting too much energy.

Thermal imaging cameras are being used to create colour-coded maps which will enable council officers to identify offenders and pay them a visit to educate them about the harm to the environment and measures they can take.

“educate them”. How wonderful of the government.

I can only imagine that trying that where I live would likely result in “education” as well. Only it would be the education by the tax-paying home owners on how they feel about the government spying on their energy usage. I suspect they would educate with extreme prejudice. Not that I am condoning or encouraging such actions.

Web 2.0, Border Security, and Alcohol

In one of the strangest new ways that the internet is affecting our lives, pub patrons in Australia are patrolling the US border with Mexico while they drink:

The United States has unveiled an unlikely weapon in its battle against drugs gangs and illegal immigrants at the Texas-Mexico border – pub-goers in Australia.

The drinkers are the most far-flung of a sizeable army of hi-tech foot soldiers recruited to assist the border protection effort.

Anyone with an internet connection can now help to patrol the 1,254-mile frontier through a network of webcams set up to allow the public to monitor suspicious activity. Once logged in, the volunteers spend hours studying the landscape and are encouraged to email authorities when they see anyone on foot, in vehicles or aboard boats heading towards US territory from Mexico.

So far, more than 100,000 web users have signed up online to become virtual border patrol deputies, according to Don Reay, executive director of the Texas Border Sheriffs’ Coalition, which represents 20 counties where illegal crossings and drugs and weapons smuggling are rife.

“We had folks send an email saying, in good Australian fashion, ‘Hey mate, we’ve been watching your border for you from the pub in Australia’,” he said.

Truth is stranger that fiction. And the internet is stranger still.

Not everyone is amused, however:

Opponents have dismissed the project as “the perfect Google border” and say the cameras do little to deter criminal activity. “Border security deserves trained professionals, not pub-goers in Perth,” said Eliot Shapleigh, a state senator from El Paso, Texas, who claims that the programme has resulted in only a handful of arrests. “It’s wholly ineffective for the governor’s stated goal of security, it panders to extremists for political purposes and it’s not an effective use of $2m for just three apprehensions.”

I’m sure there is a Google PR person cringing even now thinking “why do you have to drag us into this?”

Fun with chemistry

I briefly considered chemical engineering as a freshman, but it didn’t take. Had I known then what exciting lives some chemists lead I might have given it more thought. I just discovered this delightful blog category titled “Things I Wont Work With“. What kind of chemicals might scare the bejeezers out of a professional chemist? How about this:

Did I mention that this prep was performed on less than one millimole? Spirited stuff, that tetra-azide. The experimental section of the paper enjoins the reader to wear a face shield, leather suit, and ear plugs, to work behind all sorts of blast shields, and to use Teflon and stainless steel apparatus so as to minimize shrapnel. Hmm. Ranking my equipment in terms of its shrapneliferousness is not something that’s ever occurred to me, I have to say. It’s safe to assume that any procedure which involves considering which parts of the apparatus I’d prefer to have flying past me will not get much business in my lab, no matter how dashing I might look in a leather suit.

That procedure deserves a closer look, though. You can’t just crack open a can of selenium tetrafluoride whenever you feel the urge, you know. That stuff has to be made fresh, as far as I can see, and the way these hearty sons of toil make it is by reacting selenium dioxide with chlorine trifluoride. Yep, that stuff, the delightful compound that sets sand on fire and eats through asbestos firebrick.

So if you’re going to make selenium polyazides, your day starts with chlorine trifluoride and I’m sure that it just rolls along from there. Before you know it, you’ve gone from viciously reactive halogens, paused to prepare some disgusting selenium fluorides, made some violently unstable azides that explode if you stick your tongue out at them and hey, it’s dinnertime already. . .

Fun with chemistry!

The Smart (and vulnerable) Grid

Here comes the stunning revelation that the more of an infrastructure you automate and network the more vulnerable it becomes to hacking. In this case it is the realization that the nationwide “Smart Grid” would become a target for hackers should it ever be implemented:

The Smart Grid will use automated meters, two-way communications and advanced sensors to improve electricity efficiency and reliability. The nation’s utilities have embraced the concept and are installing millions of automated meters on homes across the country, the first phase in Smart Grid’s deployment. President Obama has championed Smart Grid, and the recent stimulus bill allocated $4.5 billion for the high-tech program.

But cybersecurity experts said some types of meters can be hacked, as can other points in the Smart Grid’s communications systems. IOActive, a professional security services firm, determined that an attacker with $500 of equipment and materials and a background in electronics and software engineering could “take command and control of the [advanced meter infrastructure] allowing for the en masse manipulation of service to homes and businesses.”

Experts said that once in the system, a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously. A hacker also might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout. No one knows how big it could get.

If recent history is any guide, the system will be rolled out with in sufficient attention paid to security. It will then be breached, patched and breached again. The reason is simple. Engineering is a set of complex trade-offs between competing requirements. Of all those requirements security will be the hardest to quantify. Also the best practices learned from other industries will likely be deemed “too costly” while a system breach is merely a theoretical possibility.

ChangeGear 4.0 is now released!

I haven’t been blogging much lately due to being in the final push on the ChangeGear 4.0 release. This release is quite an achievement for the ChangeGear team. In addition to the release, SunView Software has rolled out a great new web site.

If you are interested in Service Desk, Change Management, Release Management, or Configuration Management (CMDB) you should drop by and take a look. I’ll think you will like what you see.