Adventures of an Eternal Optimist

With respect to Lloyds being pants:

Telephone Support: Good morning, Lloyds TSB,  how may I help you?

Mr. Jetley:  Hello, I would like to see my balance.

TS:  May I have your password sir?

MJ:  Lloyds is pants.

TS:  Excuse me sir?

MJ:  Lloyds is pants!

TS:  Sir, there is no need to be rude!

MJ:  My password.  That’s my password.

TS:  Lloyds is pants?

MJ:  Yes, Lloyds is pants

TS:  No  it’s not.

MJ: Not what?

TS:  Lloyds is pants!

MJ:  Well what is it then?

TS:  No it’s not.

MJ:  Yes, I understand my password is not “Lloyds is pants”, but what is it?

TS: It is, no it’s not

MJ:  Make up your MIND!!!

TS:  Sir, your password is “No it’s not”.

MJ:  No it’s not?

TS:  Yes that’s it.

MJ:  No it’s not.

TS:  No it’s not your password or yes it’s “No it’s not”?

MJ:  BOTH!!!

*giggle*

Did you read about the guy who had his password changed by a bank staff member from “lloyds is pants” to “no, its not”?

I don’t care what kind of account this guy had — shared passwords? Stored in the clear? Visible to bank staff? Password policies that state he can’t make his shared, stored-in-the-clear password for his business banking account longer than six characters, one word?

This is my favorite quote:

“In this case it was a business banking customer using a system where more than one person from a business can check their balance.

“In these cases an advisor can read the full password.

“But if such customers require more complex transactions, then full security procedures apply and advisors cannot read secure information.”

Who wants partial security procedures?  Ever?  And how could you ever trust what this bank’s idea of a full security procedure is?   I wonder how many customers use the same password for viewing their bank balance as they use for the rest of their activities with the bank?  Probably quite a few.  Good thing one of the two is protected by full security procedures, eh?

Kim has been working on a less internerdy version of the Laws of Identity – but I’m not sure the current version would resonate with people like my Mom. So – being the go-getter that I am, I had to take a minute and come up with alternatives. What do you think?

If I could use any terms I wanted and assume that everyone understood them, I could get even shorter:

1. Don’t share my information behind my back.
2. Don’t take more information than you need.
3. Don’t expose my information unnecessarily.
4. Don’t link me or allow others to link me unless I want to be linked.
5. Don’t lock me into silos.
6. Don’t tell me to RTFM in order to be secure.
7. Don’t let the product interfere with the ceremony.

With much fanfare, I’d like to announce the availability of my analysis of the last OSIS Interop.  Hosted on the Nulli Secundus website, the paper is possible due to sponsorship contract from Microsoft that allowed me to also create a lot of the infrastructure supporting the I3 Interop.  With luck, that infrastructure will serve as the basis for many more Interops to come!

This paper is not about who “won” the Interop;  in fact, no solutions or participants are explicitly named at all.  Instead, the focus was on participation, cumulative results analysis per solution role, achievements as a community, and next steps.

I believe that the I3 Interop has set us up to build a very robust, very comprehensive common feature landscape for Information Cards. The I3 Interop was not nearly as impactful for OpenID, however due to the incredible efforts of John Bradley, I believe that I4 will see some very interesting developments and participation on the OpenID side of the house.

I continue to be in awe of the dedication and spirit of collaboration that our community has demonstrated over the last two years.  It is clear that everyone is interested in getting it right, first and foremost; enough for Interop testers to enter more than 1200 separate test results into our wiki over a five-month period.

You’ll have to read the report to learn what else went on :-)   If you were a participant in the Interop and you have additional wisdom to offer or you completely disagree with my interpretation, I am very open to putting out a revised version of this document incorporating additional perspectives!

Big thanks to Dale, Axel, and Mike for adding their thoughts, and MASSIVE MONUMENTAL thanks to Trish Jones (who goes by Patricia L. Jones professionally), who went far far above and beyond the call of duty to act as editor through revision after revision.  I used to think I had a fairly good grasp of the English language;  I now know that I have a long way to go to attain technical writing zen.  Without Trish, you would be reading a very different paper.

Well?  What’re you hanging around here for?  Go read the paper!!!

I haven’t been able to do much (anything) in the world of Information Cards lately.  No work on my code, no examination of the new version of the protocol.  It’s like the Ice Cream truck is driving around and around my house, and I can only watch it circle…  soon though.  I keep telling myself that…

For those of you out there that want to know what’s going on,  you should be subscribing to Vittorio and to Axel.  Vittorio is posting all sorts of delicious technical information about Zermatt, the new Microsoft Identity coding framework bits, and Axel is posting all sorts of tasty tidbits of information about ISIP 1.5.

There is a huge conversation to be had around what in the new ISIP document dictates change in code for existing common features.  I’m sure people have already been having that discussion in private, but I hope to see some of the subtleties come out as part of our next Interop effort, underway now!

The Girly Geekdom blog posted a cry of despair today,  reacting to the face of Julia Allison on the cover of last month’s Wired magazine:

Well Girl Geek’s could there (finally) be a leading lady in technology and with enough kudos to be on the cover of Wired? Prestige indeed. In short, no is the answer that you are looking for.

Of course not.  I hope Ms. Allison has all the success in the world, it looks like she has figured out how to use Web 2.0 to gain notoriety. If she’s happy about that, then I’m happy for her, I’m sure the Wired cover was quite a coup.

Wired is a publication that requires readership.  Julia Allison as a commodity caters to that.  Is it possible to be on the cover of Wired without some kind of PR engine?  Seems unlikely to me.  The women I know who could be on that cover aren’t interested in the self promotion it takes to get there.  Of course, perhaps there have been many women on the cover of Wired; I am unqualified to judge, and unwilling to research.

Geek girls don’t generate traffic, at least not in and of ourselves.  We are a minority.  Small.  Not to be catered to, even in a tech magazine.  Case in point the  “Women in Tech: hear us roar” O’Reilly book:  Tim O’Reilly himself said that the series drew very little traffic, which is why it was shelved.

It’s true that we are a small group, but I believe we make a large impact.   Maybe we can’t sell out a magazine edition, or justify the printing of a book.  We can, however, change the world in our own way, and we will continue to do so with or without a poster child.

Microsoft has just announced a new version of the ISIP (Identity Selector Interoperability Profile, the main document describing information card interaction behavior).  This is a BIG deal, certainly from an interoperability perspective, although I don’t expect much to be a surprise in the document, as the CardSpace team has been working hard to blog upcoming features.

In conjunction with the new documentation,  there is also a Service Pack release for .NET 3.5.    I can’t wait to see what goodies await in the CardSpace arena — perhaps it will mostly be under the hood, only play time will tell…

Er, when exactly I’ll get that play time is a different question.  Soon, I hope.  If you get there first, be sure to let me know what you think!

It is intriguing what happens when your critical (but hosted) business service goes down.   What can you do?  In the old days, when the mail server went down, everyone could at least wander by the server room and see that the spare drive was being brought in and recovered, or in the worst case that nobody knew what happened yet, at least you could verify that somebody was sweating, laboring, working as hard as they could to rectify the problem, somebody you might have sat beside at the company picnic.

When a hosted service goes down, there is no sense that Fred in IT is having a bad day.  All you get to see is the error screen.  I’m sure that, in fact, there are any number of people having a very bad day right now on the Google campus – but I don’t know them, and I’m sure they couldn’t be bothered to know me.

There is literally nothing to be done.  Not by you, anyway.  You can’t “get to the bottom of it”.  Heads will not roll, at least not according to you.  Perhaps if you are a very, very big customer,  you might have an account manager to abuse, but really, what’s the point?  What are you really going to do, change services?

Nothing to do but go for ice cream, I reckon.  Patience is a virtue, but ice cream makes it go down easier.

I suppose this is nicer than telling people to RTFM before continuing :)