ian glazer's tuesdaynight

Pat and Jeff have run their blogs through Typealyzer, an interesting little site that applies a Myers-Briggs personality test to a URL you give it. (The cynic in me thinks it picks four letters at random.) So aiming it at Tuesday Night we discover that it is an ESTP - The Doers. As Typealyzer says:

The active and play-ful type. They are especially attuned to people and things around them and often full of energy, talking, joking and engaging in physical out-door activities. The Doers are happiest with action-filled work which craves their full attention and focus. They might be very impulsive and more keen on starting something new than following it through. They might have a problem with sitting still or remaining inactive for any period of time.

As some of you know, my wife and I were recently in Thailand. We were, in fact, there while People’s Alliance for Democracy (PAD) closed down the airports in Bangkok. Once that happen, we (a long with 349,998 people) were pretty screwed getting back home. The following is a rough account of what we went through to get home. It is a bit long, but enjoy it anyway. By way of an introduction, the following is a map of roughly where we were and where we went. View our route on Google Maps

I’ll wait to write a longer trip report until I get back to the states. We are currently on the island of Lanta and having a great time, all things considered. We were supposed to leave for home tonight, but Bangkok’s airport has not reopened and there are no signs it will do so for a while. We are going to make our way to Singapore by way of Langkawi and then KL. Hopefully, we’ll he home by the 1st. Safe, sound and a little stressed are we. United hasn’t been the best travel partner for us this trip, but the hotel, Layana, has been a second home. Finally, to those of you with family in Bangkok or Mumbai I hope they are safe and out if harms way. I have a lot to be thankful for today as I am sure you have as well.

Follow me on Twitter for my color commentary on the conference. So far - this is one of the most interesting conferences I have ever been to.

I have a great G5 iMac. It has been my main machine for years now. I recently upgraded Flash to version 10 and performance began to suck. The new, supposedly high performance version of Flash made whole sites unusable. Last night I downgraded to Flash 9 and life is good. Here’s what I did:

1. Download the Flash Uninstaller from Adobe - here
2. Fix Disk Permissions via the Disk Utility
3. Download all whole slew of versions of Flash 9 - here. If you are just looking for the seemingly latest (as of November 2008) go here, but be warned I had problems with both the Universal and PowerPC installers.
4. Fix Disk Permissions via the Disk Utility

Things seems to be working a heck of a lot better now. Guess I’ll have to wait for a rev’ed iMac before I a) give this G5 up and b) upgrade to Flash 10.

If I wanted to print US Dollars at home, I’d need the printing equipment, the paper stock on which to do it, and the magical ink. To thwart me, the government controls access to the printing plates, blank paper stock, and ink. This, of course, hasn’t stopped people from trying to print money, but their produced fake money can be detected as fake because they do not have access to the real plates, stock, and ink. Because the government tightly controls access to the original materials and the flow raw materials into the printing process, our money can be trusted. (Financial crisis and the government’s predilection to just print heaps of dollars not withstanding.) The government has not implemented the same model in the case of identification systems: passports and REAL ID driver’s licenses. Consider this article from the Washington Times. The raw materials to make a new RFID passport, namely, the blank covers with RFID chips in them, originate in Thailand. They are then shipped here for printing and binding. The control over access to this supply-line seems to be very weak. The new RFID passports are part of a chain of trust. Border Control allows me to re-enter the country if the passport is trustworthy and valid. Cloning passports has been demonstrated to be a trivial process. So one trustworthy passport can become an infinite number of trustworthy passports. The chain of trust extends from me and the INS at the airport, back to the passport issuance office, to the State Department, to Thailand, and back to Europe where the RFID chips are made. If any link along the chain cannot be trusted, then the entire chain of trust breaks. And this seems to be the case. This is similar to REAL ID. In this case, municipal Departments of Motor Vehicles are responsible for protecting access to blank REAL ID stock. That, in and of itself, isn’t any different than what happens today. By transforming the driver’s license from a piece of plastic that says I am allowed to drive, into a proof of citizenship, REAL ID extends the chain of trust in new ways. DMVs have been and are relatively weak targets. This breaks this newly extended chain of trust. The government, if it wants to establish and extend chains of trust, it must control the flow of raw materials into the process and must ensure that each step is trustworthy. And if you think I am picking on the government, here’s a third example that doesn’t involve the US government. It appears that credit card readers we altered during their construction. These altered readers were indistinguishable from their unaltered peers. These altered readers sent account data to unknown people in Pakistan. Swipe a card to pay for groceries and off your data goes. In this case, the last stop in the payment card chain of trust was effected. If I cannot trust the card reader not to send my account information to someone I do not know, do not have a relationship with, and inherently do not trust, then I will stop swiping my cards and just order things online or pay cash. A system designed to broker trust must consider the extent of its chain of trust. Each link in the chains must be fully vetted and strengthened. Until I see evidence of that, I am still going to keep hold of my non-RFID passport.

Jeffery Goldberg of The Atlantic tries to get arrested at a variety of US airports… and fails. He even traveled with Bruce Schneier and you’d think by know that Bruce’s picture would have been handed to every single TSA employee with a caption like, “Known security expert. Known to claim that Kip Hawley isn’t wearing any clothes. Assume everything he tells you is a lie. Assume he knows your private key.” Now if someone can produce a mashup of people mocking security theater and John Hodgman’s SPAMasterpiece Theater over on boing boing TV, that would be awesome!

Safe to say that these are extremely turbulent times. The mixture of wars, financial crisis and meta-crisis, election cycles, and a looming global recession have combined to form enough angst and fear that it makes emo seem like Elmo. And it is in these times that one could easly just pull the covers over your head and go back to bed. But in doing so, you’d miss some amazing opportunities. They say that necessity is the mother of invention, but I think that the “oh crap” moments are far more inspiring and lead to better, more useful innovations.

Yesterday CA announced its acquisition of IDFocus, a small Israeli company. Among other abilities, IDFocus provides a finer-grained segregation of duty (SoD) analysis engine. CA has previously integrated this engine into Identity Manager, their user provisioning tool. This is an interesting wrinkle in an ever-changing market. CA now possesses a preventive-controls engine with the ability to look further into the security stack of an application. This engine allows customers to make SoD decisions below the role or group level, at the lower ACL/security object levels. Provisioning vendors have until now done this by calling external services provided by Enterprise Application Controls Management (EACM) vendors. On one hand, CA has partially obviated the need to integrate with an SAP, Oracle, or Approva by integrating the IDFocus capabilities into CA Identity Manager. On the other hand, CA’s move may have made things more confusing for customers. By increasing the number of controls repositories that a customer has to maintain, integration of IDFocus makes compliant provisioning deployments more challenging. What would be really slick is if CA could find a way to work with the EACM vendors to synchronize SOD tests so that a customer could use the same test for both detective and preventive applications. I was speaking on this very topic in Europe last week. I commented on the various architectures for integrating EACM into user provisioning to provide compliant provisioning services. (For more on this subject, check out Lori’s report on the matter.) CA has now introduced a fourth deployment model in which the provisioning engine owns the entire compliant provisioning event from the request through the SoD test to the provisioning event itself. An interesting alternative. I’ll be curious to see where CA takes this. (Originally post on Burton Groups’ IdPS blog.)

I really enjoy David Foster Wallace’s writing: the short stuff and the long stuff. Dead, apparently at his own hand, his writing genius is no longer among us. Rest well David. – I didn’t really like the title of this post and thus I changed it. I never really got the sense that DFW was toying with his readers and laughing as they struggled through his works. That being said I do feel like he had a real sense that his readers were out there nearly close enough to touch. Currently, McSweeney’s is collecting people’s memories and stories about his. Check it out.