Drew Wagar's Weblog.

All | Astronomy | Automotive | Identity | Industry | Miscellaneous | Technology | Whinge of the week

« Previous month (Oct 2005) | Main | Next month (Dec 2005) »
20051212 Monday December 12, 2005

 Are you feeling secure now?

Well it's good to see the government seem to be waking up to the fact that the Identity Card *might* be able to combat online fraud, and well done to the Register's John Lettuce for restoring my faith (atleast to an extent) in their analysis.

Apparently the government are looking at secure remote authentication because you'll need this to identity yourself online, apparently PIN numbers just aren't good enough. Insert comedic phrase relating to biological excretions and the fictional inhabitant of 22b Baker Street.

Disappointing to note they still seem to think that biometrics are an 'access' technology, rather than the simple 'authentication' technology they really represent. Anyone, how are biometrics going to be checked online? Can't see every one buying a biometric scanner for their PC, on top of the cost of this card, can you?

Nor can I see the 'one time password' stuff working. It's ok for limited deployments, but the cost for a NID card sized deployment means it shouldn't be on the drawing board.

Now, we've been thinking about this problem of course, and I reckon we've cracked it...

Ah, but Drew, (says my devils advocate) your solution with PKI authentication enabled smart cards requires a smart card reader on every PC doesn't it?

Well, sort of..., ok yes. But it's not as bad as you think, because we're using the new JCOP41 smart cards. These are Java enabled smart cards with a built in USB interface. In practice all that means is that the card can be wired to an USB hub directly, meaning no complex smart card reader. Stuff that could be built into a PC or given away for pennies. A strong smart card, with secure remote authentication, that doesn't cost very much to deploy and run? Now that's using your head. Entire-ID.



( Dec 12 2005, 05:19:32 PM GMT / Dec 12 2005, 05:19:32 PM GMT ) Permalink Comments [1]
Trackback: http://blogs.sun.com/Drew/entry/are_you_feeling_secure_now

20051209 Friday December 09, 2005

 Why can't the US make decent film adaptions?

Yes, it's 'whinge of the week time' again...

After blasting the UK media last week, I'm turning my guns on the US this time around. I've getting fed up with Hollywood.

I've been to see three films recently which were adaptions of some of my favourite books.

"War of the Worlds" - H G Wells
"The Polar Express" - Chris Van Allsburg
"Charlie and the Chocolate Factory" - Roald Dahl

Now, I'm always wary of film adaptions as they generally come up short of expectations (notable exceptions include Lord of the Rings and the first Harry Potter film).

War of the Worlds

Recently redone by none other than Steven Spielburg, nothing wrong with that. Starring Tom Cruise... expectations lowered appropriately... Now, anyone who has read this book in its original form knows two things. It was called war of the worlds for a reason, there are two worlds involved, Earth and Mars. The aliens are 'Martians'. It was also set in the UK in the Victorian age. There has already been a tolerable US version, so why set it in the US again and give up on the Martians? It has virtually nothing in common with the original book other than the title. Special effects are up to the usual quality of course, but role on a film adaption that goes with the original story, in the meantime buy Jeff Waynes' musical version and imagine what might have been.

Summary: Absolute rubbish.

The Polar Express

Another disappointment. I really hope Chris Allsburg wasn't involved in this film, because it utterly ruins a great book. The book is a wonderful tale of innocence, childhood lost yet regained and a gentle comment on not growing up too fast. The film, on the other hand is a complete mismash of mild horror (what on earth was that stupid ghost about?), insultingly painful political correctness (the ethnic minorities smugly save the day despite the inadequacies of the dumb caucasians...again), tedious special effects and action sequences to keep the playstation generation awake because nothing actually explodes... The final nail in the coffin is a script which is meaningless, making the conductor (Properly known as a 'Guard', by the way) friendly one minute, aggressive the next and incomprehensible inbetween. The only upside was the music was pretty good other than the hotpotch "christmas hits" medleys near the end.

Summary: Execrable, but get the book, it's great.

Charlie and the Chocolate factory (starring Johnny Depp)

This had me fuming from almost the start. This story is set in North England, against a backdrop of mid twentieth century recession (coal mining towns going out of business). So what do we get? Daft fake english accents done by the american actors, people buying 'candy' bars (what is a candy bar?)... worst of all (YE GODS!) people using 'dollars' in the UK! Not only are you insulting the whole of the UK by implying we don't actually exist, but you're insulting the intelligence of the whole of the US by assuming they can't actually cope with another country having a different currency. Dumbing down or what? Christopher Lee (Wonka's father, a dentist) was way too typecast for this role as well, I kept expecting him to get out his drills whilst wrestling with a stubborn molar and say "The force is strong with this one..." or "Open wider young halfling." Johnny Depp did a pretty good job though. Get the other version starring Gene Wilder back in 1971, far superior.

Summary : Fun, but badly flawed.



( Dec 09 2005, 02:23:56 PM GMT / Dec 09 2005, 01:43:33 PM GMT ) Permalink Comments [3]
Trackback: http://blogs.sun.com/Drew/entry/why_can_t_the_us

 Yep, did it!

Got to shake Jonathans hand at the Niagara launch, got the set now... ;-)

More importantly, got a chance to talk to him about Entire-ID... keep you all posted.

( Dec 09 2005, 01:00:37 PM GMT / Dec 09 2005, 01:00:37 PM GMT ) Permalink Comments [1]
Trackback: http://blogs.sun.com/Drew/entry/yep_did_it

20051205 Monday December 05, 2005

 Will I get to meet Jonathan Schwartz then?

I'm off to our 'Niagara Launch' tomorrow in London.

Now, being a software guy, you could write all I know about 8 core multithreaded chips on the back of, well, an 8 core multithreaded chip. But Jonathan will be here in the UK, and he's the last person left to cross out on my 'Top Sun execs I have met scratchcard bingo' card. Got to have a handshake to qualify though, none of this namby pampy 'saw him at a distance' lark.

I'll be on the 'Entire-ID' stand talking PKI, smart cards and security. So, if you're reading this Jonathan, pop over and make a software guy really happy! ;-)

( Dec 05 2005, 09:48:17 PM GMT / Dec 05 2005, 09:39:13 PM GMT ) Permalink Comments [0]
Trackback: http://blogs.sun.com/Drew/entry/will_i_get_to_meet

20051203 Saturday December 03, 2005

 Register fails to register...

Is it me or is the quality of stuff being reported on the register going bit downhill?

Now I don't have a problem with the BOFH and stuff like mp3 breast implants as it gives me something to read on a late friday afternoon, but when you get unqualified quotes from people like Gavin Clarke such as "rather poorly architected application server" it makes you wonder where the quality is. How many applications servers have you architectured then mate? And did he totally miss the point of the 'free software' thing or what?

I used to find their 'analysis' quite insightful, even when it was pretty hostile to Sun (hey, we screwed up a few times, fair do's ;-), but I'm picking and choosing nowadays. It's like some of their commentators just like making waves to get noticed, and that's just cheapo journalism.

ps. Gets even worse... This diatribe by Andrew Orlowski on web 2.0 is just comical. Er, guys, I think you need to stop taking your 'surveys' quite so seriously. Every new wave of technology gets over-hyped, live with it. Doesn't make it any less relevant in the long term.



( Dec 03 2005, 10:29:43 PM GMT / Dec 03 2005, 09:26:18 PM GMT ) Permalink Comments [0]
Trackback: http://blogs.sun.com/Drew/entry/register_fails_to_register

20051202 Friday December 02, 2005

 Free software : Our new big bet...

Well, I guess you've seen the whole free software thing by now ;-)

Funny how most of the negative comment has been from the official media, and most of the positive comment has come from the blogosphere...

I'm looking at it from a pre-sales perspective (as that's my job) and to be honest it won't make much of a difference to me in the short term, but I think the long term is all upside.

I work in pre-sales and see the world as follows.

1. We will still be responding to tenders etc as we usually do. Nobody runs unsupported software at the enterprise level.

2. None of my customers have ever evaluated software using closed door in house resources. They are always POCS (proof of concept) bake offs between competitive companies run by us (pre-sales geeks). Can't see them starting to pay for their own resources to do a job that us suppliers perform as part of the 'cost of sale'.

3. If a few more geeks and techies out there start mucking about with our software and writing up answers to installation/configuration queries etc, then Fan-bloody-tastic I say. (Eg. Do a search on google for help installing php and mysql on apache webserver, then do the same thing installing php and mysql on sun webserver - both can be done, but it's a damn sight easier to do on apache today from a standing start using just the internet as a support resource... community/volume wins)

Jonathan is right on the money still, keep up the good work! ;-)

( Dec 02 2005, 10:49:12 AM GMT / Dec 02 2005, 10:49:12 AM GMT ) Permalink Comments [0]
Trackback: http://blogs.sun.com/Drew/entry/free_software_our_new_big

 Aloha!

Hey! Got somebody in Hawaii! Hello! :-)

Little things please little minds!

Though conversely: "A little nonsense now and then, is relished by the wisest men." !

( Dec 02 2005, 09:08:55 AM GMT / Dec 02 2005, 09:08:55 AM GMT ) Permalink Comments [0]
Trackback: http://blogs.sun.com/Drew/entry/aloha

20051201 Thursday December 01, 2005

 Er... Hello World!?

Since Robin was blogging about his Hawaii blog reader (what is the proper term for someone who reads a blog? Blogee? Blogette? How about Blogerator? Perhaps not;-).... I thought I would take a look at my clustermap...well!

Hello this week to Northern New Zealand, Japan, The West Indies, The Canary Isles, Iceland, Jakarta, Borneo and most interestingly of all, some tiny island in the Polynesian chain in the middle of the pacific which I can't quite make out...(no Hawaii for me though!). Nice to have you all aboard though and thanks for reading!

Is there a closet steam train fanatic out there in the pacific? ;-)

( Dec 01 2005, 11:37:35 AM GMT / Dec 01 2005, 11:33:06 AM GMT ) Permalink Comments [0]
Trackback: http://blogs.sun.com/Drew/entry/er_hello_world

 Swearing at the Radio... Nuclear Power

I'm usually a very placid sort of chap, I have the patience of a saint, and a generally laid back attitude to life in general, in short, it takes a lot to get me riled.

Radio 4's PM programme, however, often manages this.

This is not a complaint against them though, as it's actually pretty good. However, the subject matter Tuesday gone was about the UK's burgeoning power crisis. As my web services counterpart Steve is fond of saying... "We're doomed!"

Residents of California will doubtless be nodding knowledgably at this point.

The solution is, of course, nuclear power, and anyone who disagrees is wrong. (You can see I'm not a diplomat).

Now this isn't a popular position obviously, but I counter it with a few facts.

1. Nuclear power stations (as opposed to bombs) have killed far less people than any other type of power station over their working lives. Why is everyone terrified of nuclear power anyway when far more people die from car crashes, alcoholism and eating rubbish food?

2. Nuclear power stations don't produce CO2, enough reason on its own if you believe all the loony global warming stuff.

3. Nuclear power is safe provided it is well funded and well managed. Ahem, well, we've hopefully learn't some lessons there!

4. Nuclear power stations aren't threatened by terrorism. If you don't understand why then you don't understand nuclear power.

I've already been asked... "Ah yes, but what would you say if one was built near to you then?"

1. I already have one near me and it's been there my entire life. Dungeness nuclear power station is here, about 15 miles from my house. Curiously, it is also at the end of that little railway I was on a couple of weeks ago. I havent got three arms or six eyes.

Here is what it look like...



Can you spot the huge tracks of glowing red devastated land, disfigured radiation soaked inhabitants drawing their last breaths?(For my American readers, that was indeed a piece of 'irony')

2. I've stood on top of the Dungeness nuclear reactor when it was operating at full power with a Geiger counter, the same Geiger counter registered more radiation in my garden due to granite rocks. It's safe, got that?

Of course all the loonies like Greenpeace came out with the all the usual tripe about Chernobel and three mile island, well they would wouldn't they. But when a when a 'Minister' started chuntering the same stuff, I'm afraid that got me swearing at the radio, I don't suffer fools gladly. Fortunately, for once, old Tony is talking a bit of sense though. The UK will be at the mercy of gas and oil prices if we don't act now.

I'm all for cutting down on power usage where appropriate, I use economy bulbs and switch off stuff when it's not being used. I have cavity wall insulation etc etc etc. We all know that wind farms and wave power are about as much use as a chocolate tea pot when there isn't any wind, alongside the damage they do to the landscape. Nuclear power stations are small (relatively), clean and efficient. Yes, we need to give thought to the waste problem, but lets stop mucking about with everything else and get serious on this. What we need is a big, deep hole in the ground.

And we need to spend as much money as possible on fusion research. Then I won't have to worry about switching anything off ever again.

( Dec 01 2005, 11:14:48 AM GMT / Dec 01 2005, 10:59:25 AM GMT ) Permalink Comments [4]
Trackback: http://blogs.sun.com/Drew/entry/swearing_at_the_radio

 Entire-ID : Launching today!

I've been dropping enough hints about this for the past few weeks, and since we're about to go public with it (infact it just went live on the main Sun UK site as we speak - direct link here!), I think it's about time that you all got a low down on the monster that has been consuming my time for the last few months. (Other than the normal day job of course!)

Here it is...ta da!



So what is Entire ID? Well, it's a pre-integrated and pre-tested system designed to provide the complete backbone infrastructure of an Identity control system. I will introduce it today and then go through some of the details section by section in future entries.

The first issue it addresses is 'Registration'. How do you strongly associate an individual (citizen, employee, user or customer) with an electronic credential? Consider, if you can't guarantee the authenticity of the users who sign up to your system, any security you apply down the road is meaningless regardless of how good it is. Registration is key... and talking of 'keys', the (ahem) key output of the registration process is a digital certificate strongly bound to a registree. We also force the registration process itself to comply with E-Gov level 3 (Beyond reasonable doubt) legal requirements along with a whole bunch of other UK and EU legislation.

Next up is provisioning. Once we've got a user, we need to propogate and manage that user across all the systems and services they need to access. We need to do this in a way that is easy to manage, scalable and compatible with a huge variety of technologies. We also need to 'provision' the user with a Card...

Which brings us to Card Management. That digital certificate needs to be managed and placed on a card automatically (along with optional stuff like biometrics, photo/images and data). We also need to manage issuance, renewal, lost/stolen process etc etc...

We also need to use that card. Thus we provide authentication and authorisation services against that digital certificate, and in our demo example, create SSO tokens as a result of successful authentication (but you could do all sorts of interesting stuff - building access, car park spaces, online authentication...). There is also a whole bunch of federated stuff in here too...

Finally, we need to wrap an auditing function around all this, so we can provide and end to end view of the lifecycle of identies through the system.

It looks like this.



What you have in essence, is a pre-built, pre-integrated and pre-tested PKI authentication mechanism that manages sign-up, user provisioning, access and card management, using open standards and federation as guiding principles.

Can you think of anyone who might need one of these? ;-)

We've been partnering with a few companies to provide this solution as you can see. It's worth pointing out at this stage some top techie dudes here as well: Patrick (Objectsoft), Pascal(ActivCard - now ActivIdentity) and Marc (Isosec) who are the brains behind much of this. There is also the extended sales team (Brian, Les, Nigel, Giovanni, Robert and the other Les ;-) and our marketing lady, Suzie , who has been instrumental in bring all the stuff together for shows and events. (She still can't spell 'compatible' right though ;-)

The website is a bit sparse at the moment, you know how it is when you're playing with technology, documentation is so... tomorrow. One other thing though, I designed the entire logo myself using a copy of paintbrush on my laptop and used the official sun colours... it got all the way through marketing without being altered. How cool is that? LOL!

( Dec 01 2005, 10:29:14 AM GMT / Dec 01 2005, 10:06:23 AM GMT ) Permalink Comments [0]
Trackback: http://blogs.sun.com/Drew/entry/entire_id_launching_today

 Reality meets the blogosphere

I haven't had much time to update the blogs on account of a lot of conference and demo work recently. However, during the Manchester conference we all attended last week a handful of people who have been reading my blog actually took the trouble to come and visit us.

Quite cool when you realise that real people are reading what you write! :-) So special thanks to Stuart, Mike and Phil for emerging from the blogosphere into the real world!

And not a mention of trains either!

( Dec 01 2005, 09:13:44 AM GMT / Dec 01 2005, 09:13:44 AM GMT ) Permalink Comments [0]
Trackback: http://blogs.sun.com/Drew/entry/reality_meets_the_blogosphere


Yep, me.
« December 2005 »
MonTueWedThuFriSatSun
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today



moon phases

Locations of visitors to this page
XML - Get my RSS Feed!

people stopped by, thanks everyone!

My Blog Entries...


Today's Page Hits: 12