This is a wonderful story about the hacking of Marconi’s wireless system in 1903. Marconi touted the security of his system based on a tight (and presumably not publicly disclosed) frequency bandwidth. Of course it was hacked in a public and humiliating fashion.
Security via obscurity, as effective in 1903 as it is today.
Hat tip to Bruce Schneier.
The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.
Here’s an excerpt:
A New York City subway train holds 1,200 people. This blog was viewed about 7,600 times in 2011. If it were a NYC subway train, it would take about 6 trips to carry that many people.
Posted in Uncategorized
One of the most puzzling complaints I have heard about SPML is the search filter. The complaint is that it requires the service to support search filters of arbitrary complexity. I have never considered it that hard and have posted sample code to demonstrate it.
Still, perception has a reality of its own and search filters are often given as a reason not to support SPML.
So now that SCIM has finalized the 1.0 version, the filter-phobes can breathe easy, right? Not so much it seems. Like SPML, SCIM has a search filter mechanism that supports filters of arbitrary complexity. Which is a good thing for without that capability a provisioning service would be severely limited.
But really this should not be a reason to avoid either SPML or SCIM. This class of problem comes up regularly and provisioning service developers should learn how to handle it (if don’t already). One could argure that it would even be considered a pattern.
Actually it is: the Specification Pattern.
Posted in Identity, Identity Management, Software, SPML, Standards
Tagged SCIM, Software Patterns, SPML
One of the more frustrating thing about flying is being asked to turn off your devices on takeoff and landing. You probably already suspect that your Kindle was not going to make the plane crater into the ground, but reading this will make you even more convinced that the whole thing is quite absurd.
Off course now we hear that pilots and navigators will start using iPads in the cockpit. iPad in the cockpit, perfectly safe. Kindle on seat 26f, safety hazard.
To paraphase Bruce Schneier, it’s Safety Theater, nothing more.
Posted in Skeptic
The new RESTful provisioning standard, SCIM, is being discussed a lot recently in comparison to SPML. Dave Kearns has some interesting thoughts here.
While Dave makes some good points I think he is entirely missing the reason the SPML was never accepted. SPML never gained traction because enterprises and application vendors never adopted it. It didn’t matter whether the provisioning vendors supported it or not, and it won’t matter if provisioning vendors adopt SCIM or ignore it.
Enterprises and service providers drive adoption. The ISVs will meet their needs. If SPML or SCIM is demanded, it will be provided. That demand never materialized for SPML, partly because the provisioning vendors already had non-standard solutions for the problems SPML was intended to solve.
Will this demand materialize for SCIM? Time will tell the tale of these two standards.
Posted in Identity Management, Provisioning, SPML, Standards
Tagged Provisioning, SCIM, SPML, Standards
The latest chapter of my career finds me back in the identity management business. I have joined OptimalIdM, a company founded by some great folks I worked with at OpenNetwork.
OptimalIdM’s main focus is their virtual directory product, VIS, but we also have federation products and other IdM plays.
Posted in Uncategorized
There are a couple of interesting articles on Stuxnet out recently. This article poses the astonishing possibility that it was a directed attack at the Iranian Bushehr nuclear plant. The arguments given, however, are highly circumstantial.
This article also puts forth the notion that Stuxnet was likely created by some government.
Is this the first instance of SaaW, software as a weapon?
Posted in Cyber-warfare, Hacking, Security
Tagged Cyber-warfare, Hacking, SaaW, Security
