Monthly Archives: March 2009

King of the wild frontier

You have to love it when someone ties together Davy Crockett and the iPhone as Mark Wilcox does here. And he makes a great point about federation as well:

Thus you should begin adjusting requirements. For example – its time to break the addiction thinking that just to get access to IT resources they need to log into a Windows domain. Instead focus on network-based services such as file shares & network mail (whether Web and/or IMAP based).

Accept that federation (such as SAML) is not just SSO between your company and a remote service but really about SSO between domains that do not control the other. Sometimes that is going to be an external partner but it could also be another business unit.

When I was with BMC/OpenNetwork I often worked on federation projects that did exactly that. Companies where federation (typically SAML) was used to allow users to cross domains with organization. One example was a large communications company that had acquired multiple subsidiaries that still operated fairly independently. They wanted all users to be able to access common services such as HR Portals. In such an environment provision usually plays a key role as well as federation (one could even call it federated provisioning).

There is one IT/Davy Crockett analogy I want to make:

Be careful what cause you take up. It may not end well for you if you choose poorly.

An interesting OpenID Provider

There is an interesting new OpenID provider called MyID.is. The stated goal is to provide a verified OpenID:

MyID.is trying to answer a simple question, how can we provide our users a digital ID that have been certified with the same level of trust as if we met in real life with a valid ID delivered by a governement administration but without the need to actually meet in real life?

By certifying your ID you’ll be able to certify all of your online presence, such as your blogs, your Facebook, LinkedIn profiles…, your comments,… and any kind of online presence that is part of your Identity 2.0.

They validate who you are by billing you a small amount via credit card and then sending you a code via postal mail. You have to wait until to get the code to use the OpenID.

What I find most interesting about this service is that they are not trying (at least at this point) to solve the age verification issue. That’s a good idea in my opinion as I feel that the age verification issue is one of the most oversold issues in the identity space.

There is also a good ARS Technica article on MyID.is here.

Downright creepy

Now this is downright creepy. The Orwellian land of Britain is now using airborne IR cameras to detect homes that are wasting energy:

Our movements are already tracked by CCTV, speed cameras and even spies in dustbins.

Now snooping on the public has reached new heights with local authorities putting spy planes in the air to snoop on homeowners who are wasting too much energy.

Thermal imaging cameras are being used to create colour-coded maps which will enable council officers to identify offenders and pay them a visit to educate them about the harm to the environment and measures they can take.

“educate them”. How wonderful of the government.

I can only imagine that trying that where I live would likely result in “education” as well. Only it would be the education by the tax-paying home owners on how they feel about the government spying on their energy usage. I suspect they would educate with extreme prejudice. Not that I am condoning or encouraging such actions.

Web 2.0, Border Security, and Alcohol

In one of the strangest new ways that the internet is affecting our lives, pub patrons in Australia are patrolling the US border with Mexico while they drink:

The United States has unveiled an unlikely weapon in its battle against drugs gangs and illegal immigrants at the Texas-Mexico border – pub-goers in Australia.

The drinkers are the most far-flung of a sizeable army of hi-tech foot soldiers recruited to assist the border protection effort.

Anyone with an internet connection can now help to patrol the 1,254-mile frontier through a network of webcams set up to allow the public to monitor suspicious activity. Once logged in, the volunteers spend hours studying the landscape and are encouraged to email authorities when they see anyone on foot, in vehicles or aboard boats heading towards US territory from Mexico.

So far, more than 100,000 web users have signed up online to become virtual border patrol deputies, according to Don Reay, executive director of the Texas Border Sheriffs’ Coalition, which represents 20 counties where illegal crossings and drugs and weapons smuggling are rife.

“We had folks send an email saying, in good Australian fashion, ‘Hey mate, we’ve been watching your border for you from the pub in Australia’,” he said.

Truth is stranger that fiction. And the internet is stranger still.

Not everyone is amused, however:

Opponents have dismissed the project as “the perfect Google border” and say the cameras do little to deter criminal activity. “Border security deserves trained professionals, not pub-goers in Perth,” said Eliot Shapleigh, a state senator from El Paso, Texas, who claims that the programme has resulted in only a handful of arrests. “It’s wholly ineffective for the governor’s stated goal of security, it panders to extremists for political purposes and it’s not an effective use of $2m for just three apprehensions.”

I’m sure there is a Google PR person cringing even now thinking “why do you have to drag us into this?”

Fun with chemistry

I briefly considered chemical engineering as a freshman, but it didn’t take. Had I known then what exciting lives some chemists lead I might have given it more thought. I just discovered this delightful blog category titled “Things I Wont Work With“. What kind of chemicals might scare the bejeezers out of a professional chemist? How about this:

Did I mention that this prep was performed on less than one millimole? Spirited stuff, that tetra-azide. The experimental section of the paper enjoins the reader to wear a face shield, leather suit, and ear plugs, to work behind all sorts of blast shields, and to use Teflon and stainless steel apparatus so as to minimize shrapnel. Hmm. Ranking my equipment in terms of its shrapneliferousness is not something that’s ever occurred to me, I have to say. It’s safe to assume that any procedure which involves considering which parts of the apparatus I’d prefer to have flying past me will not get much business in my lab, no matter how dashing I might look in a leather suit.

That procedure deserves a closer look, though. You can’t just crack open a can of selenium tetrafluoride whenever you feel the urge, you know. That stuff has to be made fresh, as far as I can see, and the way these hearty sons of toil make it is by reacting selenium dioxide with chlorine trifluoride. Yep, that stuff, the delightful compound that sets sand on fire and eats through asbestos firebrick.

So if you’re going to make selenium polyazides, your day starts with chlorine trifluoride and I’m sure that it just rolls along from there. Before you know it, you’ve gone from viciously reactive halogens, paused to prepare some disgusting selenium fluorides, made some violently unstable azides that explode if you stick your tongue out at them and hey, it’s dinnertime already. . .

Fun with chemistry!

The Smart (and vulnerable) Grid

Here comes the stunning revelation that the more of an infrastructure you automate and network the more vulnerable it becomes to hacking. In this case it is the realization that the nationwide “Smart Grid” would become a target for hackers should it ever be implemented:

The Smart Grid will use automated meters, two-way communications and advanced sensors to improve electricity efficiency and reliability. The nation’s utilities have embraced the concept and are installing millions of automated meters on homes across the country, the first phase in Smart Grid’s deployment. President Obama has championed Smart Grid, and the recent stimulus bill allocated $4.5 billion for the high-tech program.

But cybersecurity experts said some types of meters can be hacked, as can other points in the Smart Grid’s communications systems. IOActive, a professional security services firm, determined that an attacker with $500 of equipment and materials and a background in electronics and software engineering could “take command and control of the [advanced meter infrastructure] allowing for the en masse manipulation of service to homes and businesses.”

Experts said that once in the system, a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously. A hacker also might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout. No one knows how big it could get.

If recent history is any guide, the system will be rolled out with in sufficient attention paid to security. It will then be breached, patched and breached again. The reason is simple. Engineering is a set of complex trade-offs between competing requirements. Of all those requirements security will be the hardest to quantify. Also the best practices learned from other industries will likely be deemed “too costly” while a system breach is merely a theoretical possibility.

ChangeGear 4.0 is now released!

I haven’t been blogging much lately due to being in the final push on the ChangeGear 4.0 release. This release is quite an achievement for the ChangeGear team. In addition to the release, SunView Software has rolled out a great new web site.

If you are interested in Service Desk, Change Management, Release Management, or Configuration Management (CMDB) you should drop by and take a look. I’ll think you will like what you see.

The decline of newspapers, explained

That newspapers were already in trouble before the recent financial downturn is hardly a surprise. That so many may not live (at least in print form) to see the recovery is still shocking. I personally have gone from being a daily avid reader of the LA Times to being a Sun only subscriber to the Tampa Trib, and seriously considering dropping that. It just doesn’t seem very relevant to our lives anymore.

 This article outlines the whole long history of why news papers are in trouble and why they really can’t fathom what is happening to them:

As these ideas were articulated, there was intense debate about the merits of various scenarios. Would DRM or walled gardens work better? Shouldn’t we try a carrot-and-stick approach, with education and prosecution? And so on. In all this conversation, there was one scenario that was widely regarded as unthinkable, a scenario that didn’t get much discussion in the nation’s newsrooms, for the obvious reason.

The unthinkable scenario unfolded something like this: The ability to share content wouldn’t shrink, it would grow. Walled gardens would prove unpopular. Digital advertising would reduce inefficiencies, and therefore profits. Dislike of micropayments would prevent widespread use. People would resist being educated to act against their own desires. Old habits of advertisers and readers would not transfer online. Even ferocious litigation would be inadequate to constrain massive, sustained law-breaking. (Prohibition redux.) Hardware and software vendors would not regard copyright holders as allies, nor would they regard customers as enemies. DRM’s requirement that the attacker be allowed to decode the content would be an insuperable flaw. And, per Thompson, suing people who love something so much they want to share it would piss them off.

 It well worth reading the whole thing. One theme that is hit home is that it really doesn’t matter is we like it or not, it’s going to happen:

And so it is today. When someone demands to know how we are going to replace newspapers, they are really demanding to be told that we are not living through a revolution. They are demanding to be told that old systems won’t break before new systems are in place. They are demanding to be told that ancient social bargains aren’t in peril, that core institutions will be spared, that new methods of spreading information will improve previous practice rather than upending it. They are demanding to be lied to.

There are fewer and fewer people who can convincingly tell such a lie.

Civil Liberties Mugged

Greg Beato has written an interesting article in Reason about how many municipalities are publishing mug shots as a way of publicly humiliating people. What is lost in the bread and circuses is that being arrested in not the same thing as being guilty. We forget this to our own detriment.

From the article:

Like most of these sites, Peoria’s is careful to include a disclaimer that the individuals depicted on it are “presumed innocent until proven guilty in a court of law.” But if there’s a chance that the people on display there haven’t committed a crime, why are they being punished? As soon as a law enforcement agency presents its online rogues’ gallery as a form of deterrence, it transforms the pictures into a form of punishment as well. If appearing in this context is a fate so unpleasant that it can persuade other people to avoid engaging in illicit behavior, then surely it constitutes a penalty. And it’s a penalty that’s being applied without the hassle of due process.

We tend to overlook this fact because, frankly, it spoils the mood. The presumption of guilt makes it easier to justify laughing at 23-going-on-zombie crack whores and bugeyed misfits sporting felony-caliber mullets. They deserve the derision they get-they’re criminals! But the joke is really on us. As law enforcement agencies expand their powers of surveillance, as they encourage us to think of punishment without due process as standard operating procedure, we not only tolerate it, we click and click and ask for more. If America’s citizenry were more uniformly presentable, and its mug shots correspondingly less entertaining, we might protest these developments more strongly. Instead, we simply laugh at the latest person guilty of wearing a cow costume while being arrested, then pass along the link to our friends.

And here is one point I will make repeatedly: just because something is a public record doesn’t make it alright to publish it.

An interesting and contentious privacy issue

A TN newspaper is maintaining an online DB of the personal information of people that have been issued a conceal carry permit in the state:

The Commercial Appeal added the database to its Web site in December, but it did not draw attention until an early February story about a parking spot argument that ended with a motorist shot dead.

Editor Chris Peck said the paper added the database because newspapers should be a thorough source for community information. He pointed to the recent shooting as a proof why the database is valuable to readers.

After the parking lot dispute, a reader posted an online comment asking whether the suspect charged with murder had a permit to carry a gun. The newspaper responded by directing readers to its database.

“When that gun comes out in public, the citizens of Tennessee have right to know,” Peck said. “When and if it is used in public, the private weapon becomes part of public policy.”

The database allows people to search for those who have a permit to carry a concealed weapon by name, ZIP code or city. It makes more easily accessible data already available to the public through records requests to the state Department of Safety.

I find this logic interesting. They are defending the public’s right to know who has a permit be saying “When and if it is used in public, the private weapon becomes part of public policy.” But they are publishing names of people that have a permit, regardless of whether they have ever used the gun in public, carry it on a regular basis, or have even purchased one.

One wonders why any newspaper in today’s economy would offer a free service that offends so many of its customers. I don’t think this is going to end well for the paper in question. They are going to learn the painful lesson that “it’s public anyway” just doesn’t cut ice when you publish people’s personal information. Especially if it’s the same people to who you expect to sell newspapers.

And of course this has spurred an effort to make the information private anyway. Better late than never.