Archive for March, 2007
Friday, March 30th, 2007
I just received a notice from my national airline’s frequent flyer program (screenshot below), telling me that if the name listed in my air miles account information is different from any of my “official” identity tokens (for example because of a nickname or an initial), I will have trouble being automatically credited with my flight miles.
This is, theoretically, a technical enhancement. Now, I don’t know who exactly benefits from said enhancement, but I’m pretty sure that it isn’t the passengers of the airline, or the help desk people at Aeroplan that will have to take the irate calls and deal with people who have lost their ticket stubs and still want credit for the flight they a) paid for and b) submitted a valid unique identifier for (the Aeroplan account number).
Honestly, what is the point? There are no anti-terrorist requirements here, this policy is not from the airline, but from the frequent flyer company — all this affects is whether you get your air miles, not whether or not you get on the airplane.
It is most likely an anti-fraud measure, to protect against people who don’t actually have an Aeroplan card using another person’s card so that at least somebody gets the points – but wow, that’s some kind of low tolerance they have going there. Perhaps it is merely a coincidence that Aeroplan benefits from every airline mile not credited, since they then are guaranteed never to have to pay a redemption? But then, what do I know, I’m sure there are a lot of valid abuse cases where Fred Smith tries to rip off Aeroplan by using Fred R Smith’s air miles card on a flight… It probably happens all the time. Maybe there is a widespread Jr/Sr father & son conspiracy going on right under our noses, and this is the only way Aeroplan knows to crack down. Or maybe (entering full-scale conspiracy mode now; please don your tinfoil hats if you haven’t already) this is a subtle way to influence which identity token people use, since (for example) my drivers license has a different naming format from my passport — since I can’t set my Aeroplan account to BOTH formats simultaneously, it would seem that the easiest thing to do would be to always use my passport.
But seriously, naming data is notoriously volatile. This is not a new concept. To put into effect name-checking measures that cannot take such volatility into account is just stupid. Either their software is incapable of setting a reasonable threshold, or the company is choosing to set the threshold where it is – no matter which is the case, you just have to wonder what the exact cost vs. reward calculation is, because it isn’t obvious to me…
Sunday, March 25th, 2007
I love this story…
How girl, 6, hacked into MP’s Commons computer
I assume a physical keyboard logger like this could still be used to steal an IdP username & password, even with all the secure desktop stuff that the CardSpace client has built in…
(story via Authentication World)
Tuesday, March 20th, 2007
For all you Canucks in the crowd who are excited about the fact that you can finally take your cell number with you when you change providers up here in Canada, I suggest you wait until all the Telco help desk people have had a chance to screw up at least once in this area and learn the right way to do things. I’m not sure how long this will take, but believe me, it is worth the wait.
Otherwise you might end up like me – a girl who, at the beginning of this week had two cell numbers, one forwarded to the other – and who now has no cell numbers that actually ring through to the cell phone sitting on her desk.
It’s awfully quiet around here. That’s all I can say.
Monday, March 19th, 2007
The Wild Flowers
‘Twas the wild flowers I preferred
Who owed nothing to nobody
Who blossomed in the ditches
And made their own way in the world
‘Twas the wild flowers I admired
Who never done nothing to you
But driven from the garden
They sang their own songs in the spring
You can have your lily
You can have your rose
That were taken and broken
And bred by people
They were grafted and lamed
Twisted and tamed
But the wild flowers I enjoyed
They had nothing to do with you
They flowered by the roadside
And they wore their own colours in the sun
That were there before you
Will be there after you
That will out, that will out
Like your own true nature
You can try, you can try
That you never will defeat
The wild flowers I admired
They had nothing to do with you
But banished from the garden
They made their own way in the world
They wore their own colours in the sun
And they sang their own songs in the spring
(john spillane)
Friday, March 16th, 2007
I was given a new laptop a couple of weeks ago and decided to throw caution to the wind, live in the moment, and install Windows Vista on the thing. Amid general worry and doubt in the media and even in the Nulli Office, I took the leap. After all, I figured I could always just throw my hands up in the air and revert in high dudgeon, like Chris Pirillo did. Melodrama and Vista seem to go together no matter what the outcome.
Installation of the OS, Office 2007, and Virtual PC 2007 were a breeze. Everything just worked. Hmph.
I waited excitedly to see the wife throttle the paperboy. That was a non-event too. A frequent non-event, but a non-event just the same. The most annoying holdups are when I try to edit/rename/move files that I don’t own – but wait, that’s just MS finally catching up with everyone else. All the other OS’s have been annoying on that count forever.
Slowly it began to dawn on me that my big chance at histrionics was a total dud.
Once I found the Run icon (buried in the accessories folder), figured out I could right-click something and run it as Administrator where needed, and learned that you have to hit the ALT key to see the File menu in Windows Explorer, life was pretty good.
VPC2007 ran all of my VMs without complaint, including my Mandrake 10 & Ubuntu edgy eft (edit: ha had efty edge there, gotta love friday entries) machines. They all ran MUCH faster than on VPC2004, and at the time I had half the memory in the machine too.
And Office 2007 is BEAUTIFUL. Especially Excel. If you introduced me to the developer who set it up so that you could merge two cells on a row and then insert a column in between and have the merged cells just stretch to encompass that new column cell, you would have a hard time keeping me from kissing his feet. I almost cried the first time it happened.
Can you believe it, such a juicy subject and not one complaint to report. My new machine starts in a tiny fraction of the time the old one did, and it does everything my old machine could do, but much more fashionably. I feel seriously put out.
I’ll just have to go find a rant somewhere else, I guess. Mostly they seem to find me, so I don’t suppose I’ll be bereft for long :)
Thursday, March 8th, 2007
It turns out that my last post was not the end of the XMLDAP on Mac story.
If you couldn’t care less about the why/wherefores and just want the answer – you need to install Kevin Millar’s perpetual motion browser extension along with the XMLDAP extension on the Mac, to be guaranteed that the identity selector will work with all the RPs out there. Big huge thanks to all the people who worked on this problem, I think I would have gone clinically insane at about 11am yesterday without you.
Now – onto the geeky explanations:
After downgrading to FF 2.0.0.1, some subsequent further instability, and a reboot, I found that although I could finally successfully get to Chuck’s RP, I still couldn’t use the PW-wp test blog. I had made the mistake of conflating two issues, and assumed that because one was working, the other should be too.
So I started troubleshooting all over again – but this time with a solid example of a service that worked, to compare to my non-functional service. I copied the page source of Chuck’s form object to my test blog, and started changing it, line by line, to match my form object. Here is the line that eventually caused Chuck’s form to fail:
<input type="submit" id="submit" value="Invoke Identity Selector"/>
And here is the line that works in Chuck’s RP form:
<img src="../images/cardlogo.gif" onClick="infocard.submit()"/>
Yeah, so a basic, HTML 101 type of form submit fails. No way. But it’s true. Feel free to test this out, if you have a Mac: try this link:
With an html submit (first example above, which fails)
and this link:
With an onClick Javascript event attached to an image(2nd example above, which succeeds)
Even if you embed a document.form.submit() call in the document, it fails:
With an embedded submit call
At this point I had enough solid information to talk to Chuck, and bless his heart, he responded right away with a suggestion – if it was a parsing problem, we could diagnose it by installing Kevin Millar’s perpetual motion Firefox extension – because when that plugin is installed, Chuck’s plugin uses the perpetual motion parser instead of the xmldap parser. Sure enough, when the xmldap and perpetual motion plugins are installed together on Firefox, everything works beautifully. Try the 3 links above with the 2 plugins on a Mac — you’ll find they all work.
I *could* change the PamelaWare login page to use the one type of form submit that is guaranteed to work with Chuck’s plugin, and not push the idea of using both plugins together, however from the user’s perspective, this is only a partial solution. As more and more people start writing RP code, there are going to be a million permutations & combinations of a million different forms out there, and I would rather see people installing that extra plugin, so that they can get everywhere, without having to diagnose issues on an RP by RP basis.
So I’m going to update the documentation on the Pamela Project website, and I would suggest that others do so too, to recommend that if you want to use the xmldap identity selector on a Mac, you install both the xmldap and perpetual motion plugins. Yay, case closed, now onto new feature development…
Tuesday, March 6th, 2007
Note: for anyone searching on this issue – it was resolved in version 2.0.0.9 of Firefox and subsequent versions of the xmldap selector. More info here: http://ignisvulpis.blogspot.com/2007/11/new-versions-for-firefox-2009.html
For anyone who is using the “xmldap Identity Selector” Firefox plugin on the Mac and has suddenly found that they are unable to log into the PamelaWare Test Blog or Product Blog or Pat’s or Kim’s blogs, the problem is not with the blogs themselves. The problem appears to be buggy nastiness in the Mac version of Firefox 2.0.0.2, which wreaks havoc with Chuck’s plugin (xmldap Identity Selector v0.8.6) . If you uninstall Firefox 2.0.0.2 and then install Firefox 2.0.0.1 from mozilla.com (get release 2.0.0.1 here), you will again be able to authenticate to everyone’s blogs once again. The Safari plugin works as well, so if you want to remain on Firefox 2.0.0.2, you could satisfy your Information Card needs by using that plugin on your Mac instead.
We now return you to your regularly scheduled blog commenting :)
Monday, March 5th, 2007
Conor, you aren’t REALLY a gadget fan unless you get yourself one of these and fly it around the Swiss Alps.
If anyone can translate what the guy says about his helmet at the end, I’d love to know… I also wish I knew if this was the first prototype, or if any of them had to be jettisoned along the way. Along the same vein, I wonder if this is the first pilot…
Oh yeah Conor, you’ll like the stated destination too :)
|
|
