Thursday, June 12, 2014
How dumb do you think I am?According to an article in Time Magazine, you can Opt Out of Facebook’s New Ad-Targeting Program .
But FB will still track your web browsing. And FB will still show you lots of ads. The difference is that the ads will not be particularly relevant to your needs and preferences.
So, show of hands - how many of you don't mind being tracked, but love seeing irrelevant advertising? I thought so.
Friday, April 18, 2014
Sunday, April 06, 2014
It's a dangerous world, learn about itTim Bray recently posted an article ("Ethical Privacy Choices") in which he asked, well no, demanded that:
"the only sane ethical position [for web site operators] is to operate in a mode that is private by default..."
He does offer this strawman codicil:
"Yes, it is certainly desirable that for those who are in theCatch the subtle sarcasm? I beg to differ.
A site operator should set the default to what the mojority of the site visitors would prefer. That's not as difficult as it sounds. When designing the site you target a specific demographic. Set defaults to what hat demographic has shown they like. If that's full privacy/security then so be it. If not, then do that.
What is imperative, though, is that the options to fine-tune that default are easily available and the explanation for the settings is succinct but easily understandable.
The world should not be designed to save the self-naive at the expense of those who have chosen to know its dangers.
Saturday, March 15, 2014
Onenameio - a new ID layer for the internet.Onenameio /onename is it's name, described as "the decentralized identity system built on Bitcoin". Yeah, already sounds bad, doesn't it? But wait, there's more. The introduction states (in part):
"Nobody owns or controls OneName and users are in complete control of their data.
Better tell that to the folks who stored their wealth on Mt Gox!
And this suffers another problem in common with Bitcoin - when it goes bad (and it will) who is responsible? Even without a bad event, who is vouching for my identity? Or any of the values associated with it? Why should I believe your self-assertion even if it is signed?
This one is going nowhere.
Tuesday, December 17, 2013
This Christmas, walk a mile in someone else's shoes
It’s the time of year when we get together with those we know, love or just work with, to share the joy of the holiday season. If your holiday get-togethers include sessions with other network managers, helpdesk professionals, IT or IS personnel I’m sure the chat will eventually turn to “stupid user stories” – tales of the wondrous things that users say and do showing how clueless they are about technology.
You know the sort of stories I mean, they have punch lines like “…so he stuck the floppy in the fax machine!” We all chuckle, take another sip of some fermented or distilled beverage and attempt to top that story with one showing an even more egregious misunderstanding of tech stuff.
But did you ever stop to think that it really isn’t the marketing peoples’ responsibility to know the difference between Oauth and SAML or that salespeople don’t actually have to be able to debug a Windows error message?
It’s not a big stretch to imagine the telecom folks – at their holiday bash – guffawing over how you managed to screw-up the phone system. I don’t even want to think about what the auto mechanics have to say about me!
Every system, technology, discipline or area of activity has users and maintainers. Sometimes we’re the users, sometimes we’re the maintainers but it’s a sure bet that the users (in general) won’t have the same knowledge and expertise as the maintainers I don’t consider helpdesk personnel to be “maintainers”, by the way). Every single one of us is a user of some system, technology or discipline which we don’t fully comprehend – and needn’t fully comprehend. I know when and how to put gas in my car. My mechanic gives me reminders about oil changes and other maintenance requirements. Anything beyond that, I call the mechanic and describe what won’t work. I try not to attempt to demonstrate knowledge beyond my ability by diagnosing the problem, but occasionally I’ll try. I’m sure those stories make the rounds at the next ASE meeting (ASE is the certification program for auto mechanics – just like our MCSE).
So this year, as you gather at the local watering hole for a glass of holiday cheer, if you’re tempted to tell the one about the user and the “cup holder” think twice – remember some of the less-than-knowledgeable comments or activities you’ve perpetrated this year and remember the words of the old Christmas carol: “Peace on Earth, Good Will towards Men”. Make the world a kinder, gentler place – starting with your own organization.
Friday, September 06, 2013
How long has NSA been asking for back doors?
I wrote this in my Novell NetWare Tips newsletter back in August, 2001, joking (I think) about the NSA and CIA. But, perhaps, it was prophetic - or I'd stumbled onto the truth!
What has been truly amazing during the recent flap about Novell’s “Padlock” patch for GroupWise (see “GroupWise Users Fight Mystery Bug”, http://www.nwfusion.com/news/2001/0820gwbug.html) is the large number of network managers who appear to trust Novell implicitly.
Let’s say some other software company, perhaps one with headquarters in the far northwestern part of the US, had done the following:
1) Send email – often multiple emails – to people requesting they immediately download and install a so-called patch file.
2) When asked what the patch is for, reply “We’re not giving out details of the problem or the fix”.
3) Told you to patch all systems within hours, if possible – even though no system had ever been compromised by the so-called “security issue”.
4) Refused, categorically, to discuss – even in general terms – the area of the security issue (server access, file access, denial or service attacks, etc.).
The outcry from users would be intense! Just look at the endless wrangling now going on over the new Windows Product Activation (WPA) scheme – which could require new activation codes should you modify hardware. Or Microsoft’s plan to require Microsoft Passport (its proprietary “wallet” technology for storing identity information) as part of the “Hailstorm” initiative for the new .NET technologies (and aren’t those a lot of weasel words!). Millions would be convinced that the “patch” was just a way for Microsoft to gain control of your computers, perhaps monitor all of your email! Conspiracy theorists might have them in league with the CIA or the NSA to create dossiers on everyone with an email client. [emphasis added]
Yet Novell does this, and most managers say “OK, we’ll apply the patch.” Even knowing Novell’s bad track record with patch files (think of how many patches or support packs you’ve downloaded, then had to go back to get the “a” revision), network managers and email administrators broke all records for downloads from the Novell web site to acquire and install the Padlock patch.
That’s a large amount of trust in a software vendor. Its been built up over almost 20 years of providing some of the finest products and services available, and it’s a wonder to behold. But just one word of warning, Novell – it only takes one or two small violations of that trust to undo everything you’ve built up over the years.
Friday, August 02, 2013
Properties necessary for an IdP and an AP
In reviewing some early Directory Service newsletters, I came across a series of three defining necessary qualities of a DS. But they're also necessary qualities of an Identity Service (as offered by an Identity Provider - IdP) and an Attribute Service (as offered by an Attribute Provider - AP). I've updated them a bit (mostly for terminology) but the originals are here, here, and here. Enjoy!
© 2003-2006 The Virtual Quill, All Rights Reserved Home