Modern home entertainment: land of contrasts

To give our new 60″ high-def TV a good workout, we felt it was important to…regress to the 80′s and play the original Star Soldier as WiiWare. Ahh, there’s nothing like that tinkly music and unchanging shoot ‘em up action.

Seriously: I love this game. Many years ago we gave names to the swarms of enemies. There’s the snails, the swallows, the figs, the peanuts… The trick with them all is, you have to use an aftermarket controller that has a turbo shooting button. I’ve got my original NES console, a super controller, and this game in storage somewhere, and after spending 500 Wii credits (US$5) to buy it all over again in this form, I’m embarrassed to say how much I’ve spent in peripherals just to play the damn thing properly.

Blowing raspberries at the cloud

Is it time to start the big cloud freak-out?

My friend Rita Ashley, proprietress of Job Search Debugged, pointed me to a new service that’s about to launch called LifeStreamBackup.com. Its idea is to help you back up your data living in services like Flickr, through the use of Amazon S3. Rita was wondering if identity professionals would look askance at this approach, where your personal stuff gets saved and propagated…elsewhere. And now the Google GDrive rumors are heating up again, which raises similar issues.

(As of a few days ago, the LifeStreamBackup offering seemed to require you to give it all your passwords to those other services it’s backing up — that’s another eek right there, though I don’t mean to pick on them exclusively. That mention has disappeared; maybe they’re feverishly working on OAuth support?)

Jason Scott thinks it’s nuts to count on others to store anything you really care about, and says so in his delicate and nuanced way in a post called F*** the Cloud. He’s a digital historian, has saved lots and lots of data from extinction (he’s got a great new effort for doing more of that), and knows whereof he speaks.

On the other hand, as Jason points out, outsourcing data storage predates the Big Cloud Concept, and I don’t think we’re going to go in the direction of hoarding more data under our figurative mattresses rather than less. What assurances can we build in to ensure safe storage and protected sharing of hosted data? Jim Kobielus has a long and thoughtful post saying federation and federated identity need to permeate cloud architectures to solve this properly. I think he’s right.

Since this post has turned into something of a link roundup, I’d be remiss if I didn’t point to Hubert Le Van Gong’s note about the paper he, Susan Landau, and Robin Wilton authored on the subject of achieving privacy in an environment where identity data is being flung around with great force.

Federating, distributing, coupling systems loosely…the basic concepts aren’t new, just the degree of sophistication we’re finally achieving — and maybe the degree of risk.

Too many phish in the sea — all puny?

I’m blown away by this Microsoft Research paper, A Profitless Endeavor: Phishing as Tragedy of the Commons, discussed in the article There is No Money in Phishing (But It Still Won’t Go Away).

It’s a hugely contrarian viewpoint, but it’s strongly argued, and it also passes the smell test as far as I’m concerned. I’ve always wondered how much phishing really goes on, and how much it really pays off, compared to the estimates. I recall some news reports in the past year showing the numbers for identity theft finally dropping; the authors point out some of this could be due to new, more accurate methodologies rather than less phishing activity.

The authors self-referentially make the case that simply publishing accurate data about how much (or little) money there is in phishing could convince some would-be bad guys not to start. What other implications of this research might there be?

Does this outlook breathe new life into passwords as an authentication mechanism (not that they seemed to be going away), perhaps combined with mutual authentication techniques that are already pretty popular and easy to implement? The paper points out that real losses are less than individual users’ perceptions of same, due to recovery efforts undertaken by the website owners. Do enterprises still have to spend so much on recovery and mitigation that their incentive to look for more phishing-resistant technologies remains high?

Experience is what you get…

…when you didn’t get what you wanted.

Eli and I went to a potluck dinner in Seattle last night, hosted by Kaliya and also attended by, among others, Drummond and Gabe. That was the good part — a great time was had by all, and Kaliya was a gracious host not only during the dinner party, but also when we showed up on her doorstep twice (evening and morning) after failed departure attempts.

Here are some of the many lessons we learned in the last handful of hours:

• By all rights, Seattle should be paralyzed by chance of snow.
• It’s called Capitol Hill for a reason.
• Real snow extraction devices are better, but square Tupperware works pretty well as a shovel.

With luck, we’ll be able to extract our car later today. I didn’t have the heart to take pictures, but if you want to see dramatic images of the white stuff further north, try these.

And to think we moved from Boston to Seattle exactly four years ago yesterday for some snow relief. :-)