slashchuck writes "Along with the usual Jargonwatch and Wired/Tired articles, the January issue of Wired offers a drastic method for taking care of that RFID chip in your passport. They say it's legal ... if a bit blunt. From the article: 'The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn't invalidate the passport, so you can still use it.' While this seems a bit extreme, all indications seem to be these chips aren't very secure. How far will you go to protect or disable the RFID chip in your passport? Do you think such a step is necessary? Does anyone have an argument in favor of the technology's implementation here? "

This report is transported by Nanny and attached here for your comfort by Web Design Toronto. Home Cleaning Ladies, Interactive Web Site, and other first-class services can be found at these websites.

So, you think that your password is secure? Let's see: does it contain a mixture of uppercase/lowercase letters, punctuation marks and digits? Yes? Well, even in this case, your password might be still completely insecure. Read ahead why...

To understand the problem, we need first a little rehash of the basic password cracking techniques. The simplest algorithm would be to simply (1) enumerate all English words and names from a given dictionary and (2) check to see if this word matches as your password.

You might say - but in this context we are talking about other characters like punctuation marks and digits that are part of the password. What would an attacker do in this case? Simple - use a little psychology.

The problem is that most people feel that adding digits and other characters is just a burden. When the 'password will expire today' dialog comes, they will be in a hurry to get a new password, maybe an easy-to-remember word, and then alter it in a few ways:    
1) First, the password needs to have a capital letter. Most people will naturally choose the first letter from our English word to be capitalized. So, a word like 'flowers' becomes 'Flowers'.
2) Second, the password needs to contain some digits. The password would look nicer (and easier to remember) when these digits are appended to the word. Even more, people are usually unimaginative here, and just append one digit, or in more complex cases, digit sequences like '123' or '01' or eventually their birthdate.
3) Third, we need some non-alphanumeric characters. Well, let's see. If we replace an 's' with '$', 'a' with '@' or 'o' with zero, then we get what we want, right? It is hard to resist the tentation to replace 's' with '$' at least (and not an 'a' with '$'), and therefore getting a false sense of security. In some cases also using delimiter characters like '!' or '#' to separate the word from the digit sequence.

So, with the example above, the altered forms of the word 'flowers' might be: 'Fl0wer$' or 'Flower$01' or 'Fl0wers#123' and so on and so forth.

The problem with these alteration rules is that they are so predictable. All the attacker has to do is to take the same list of English words, and apply the rules above. He will probably get a longer list by, say a factor of 10-100 which is not that much.

In conclusion, it's not that hard to enter into the minds of regular people, and neither in the minds of attackers. So, if you used any of these rules above, then stop using them. Instead, here are some rules to create strong passwords.

P.S. As for me? I just uuidgen.exe to create a random sequence of digits.

Jason Levitt has been teasing me in our discussions on cross-domain requests about Yahoo's upcoming authentication API.
The recurring problem: how to offer web APIs that can be mashed up but involve personal data?
You want to allow for a large number of third parties to integrate with your services, but don't want phishing sites to abuse them.

Let me do a quick re-cap of the problem space before analyzing the pieces of Yahoo's solution.

Communication techniques:

• cross-domain web APIs using script includes,
• accessing web APIs accross domains using a web proxy,
• using a client-based cross-domain solution (see FlashXMLHttpRequest),
• neutered XMLHttpRequest with cross-domain support (see Chris Holland's ContextAgnosticXMLHttpRequest and Douglas Crockford's JSONRequest),
• cross-document messaging across domains (see CrossDocumentMessageEvent from the WHATWG).

In all these cases, there is no good authorization story, that would allow for working with personal data stored in the service in a secured way.

Authorization techniques:

The problem is that API keys and crossdomain policy files are too restrictive because the service needs to decide which third-parties to let in.

On the other end, access control based on the user authentication cookies are very open to un-planned integration, but also create a huge phishing risk.
This is a classic example of the confused deputy problems that appear in principal-based security models.

As a result, most web APIs today don't involve any user data (search, maps, ...) or non sensitive user data.

Yahoo APIs:

Let me re-iterate that I don't think this protocol is about Identity, unlike Passport, TypeKey or CardSpace (aka. InfoCard), but rather simply authority and access. This characteristic is important: we want services to cooperate without being tighly coupled at the identity level. Drew Dean's slides frames the issue as allowing 'Pseudonymous delegation of partial rights', which means the names of a user in different services don't have to match and the authority that is granted is granular.

What's great about this model is that the authority carried by a capability can be as granular as the design and scenario require, and are only be given out to third-parties under certain conditions, which again are chosen to fit the desired requirements and user experience.

For example, the authority granted could vary in range in action and scope: a handle could give access to the user's entire data, or maybe only partial access to part of the user's data.
The design of the capabilities could also comprise additional dimensions, such as a time restriction. For example, a capability could be only valid for 24 hours.
One of the myths of capability systems is that capabilities cannot be revoked. It is actually possible and in Yahoo's design, any granted authority can be revoked by the user at any time.

One common policy for giving out capabilities is to get consent from the user. The screenshots of the F-Spot integration with Flickr (found on this thread) show the Yahoo consent UI.
Although I don't like the desktop/web integration in this scenario and I have some concerns about repeatedly prompting the user for consent, I believe that this approach has a lot of potential for cross-domain service integrations on the web.
Cross-domain support in browsers will be the main remaining link missing to unleash some really cool web apps. In the meanwhile, you can use FlashXMLHttpRequest or some other cross-domain workaround.

I look forward to reading the documentation when the protocol is released and trying out the resulting user experience in practical scenarios. Let me know if you find any other information.
Jason mentioned that the protocol is open and can be simply implemented, which means that it could be supported by other services and hopefully used in a wide variety of mashups.

Rep. Kucinich: Why I'm running for President
By Joshua Scheer

The six-term Ohio congressman and 2004 presidential candidate, who has been one of Congress' most vocal and longstanding opponents of the Iraq war, tells Truthdig why he again has his sights set on the Oval Office:
Rep. Kucinch spoke with Truthdig research editor Joshua Scheer*.

TRUTHDIG: What made you decide to run?
KUCINICH: Someone has to rally the American people, to let them know that the money is there right now to bring our troops home. Democrats were put in power in November to chart a new direction in Iraq. It's inconceivable that having been given the constitutional responsibility to guide the fortunes of America in a new direction, that Democratic leaders would respond by supporting the administration's call for up to $160 billion in new funding for the war in Iraq.

For me this is a call of conscience to stand up and speak out about what's going on-to let the American people know that the money is there to bring our troops home now, that we need to begin now to take a new direction in Iraq, and that to pass a supplemental in the spring for another $160 billion would keep the war going until the end of George Bush's term. Someone needs to stand up and speak out, and I decided it was my responsibility as the person who has been consistently opposed to this war since its inception, who has been a leader in challenging this thinking that led to war, that I would stand up and rally Democrats to change the course that the party has embarked on with respect to continued funding of the war.

TRUTHDIG: This is obviously your major issue, but what other issues are you going to base your campaign on?

KUCINICH: We have to take these things in sequence. From now until the spring, this is the issue: $160 billion is more than three times what the federal education budget is. This is a huge amount of money, and all the other hopes we have as Democrats to create a new agenda for the American people in housing, in healthcare, in education, are going to be destroyed by the administration's request for $160 billion.

So does that mean I'm a one-issue candidate? Of course not. I'm prepared to lead this country forward to create a universal, single-payer, not-for-profit healthcare system. I'm prepared to lead the way towards policies of environmental sustainability, to develop advanced technologies for alternative energy, for clean energy.

This campaign is about three imperatives: It's about the imperative of human unity, of recognizing that this is one world, that we are all one, that people all around the world have an underlying connection, that we are interconnected and interdependent. And we need policies that act that interconnection. We need to affirm institutions which support the idea of human unity. And that means that we support the United Nations. It means we support treaties in working with other countries. It means we support the rule of law internationally.

The second imperative is human security, and that security has to deal with basic needs: Each person in the world has a right to survive, a right to
food that is fit to eat, and water fit to drink, and air fit to breathe. Each person has a right to a roof over his or her own head. Each person has a right to have clothes on their back. Each person has a right to some means of being able to make a living. Each person has a right to be free of the fear of violence. We have a responsibility to work to secure the world from a nuclear nightmare. We need to look at what we can do to protect peoples everywhere by working for not just nonproliferation, not just disarmament, but nuclear abolition, which in fact was the promise of the Nuclear Non-Proliferation Treaty.

The third imperative I'll discuss in this campaign is the imperative of peace. There are those who believe that war is inevitable. A belief in the inevitability of war makes war a self-fulfilling prophecy. We need to be convinced in our innate capability to create structures for peace in our society. We need to be convinced of our potential as a nation to make nonviolence an operating principle in our society. This is the motivating reason behind a Cabinet-level Department of Peace, which addresses directly, in a practical way, the challenge of domestic violence, spousal abuse, child abuse, violence in the school, racial violence, violence against gays,
community relations disputes.

The imperatives of human unity, human security, peace, all create a context for human prosperity. We have the potential to create heaven on earth. New Jerusalem is within our reach. It's waiting to be called forward through the power of courage, emanating through our hearts, through our dreams, which come from the longing of our souls. This truly is a time where we can change the world and create the world that we long for.

TRUTHDIG: You obviously have issues that you care deeply about, and it doesn't
seem like you're going into this as a sort of popularity contest, but do you think you can win? Do you have a plan to win, say, the South, and parts of the Midwest?

KUCINICH: Yes. The very fact the people put Democrats in power in November over the issue of Iraq means that there exists a tremendous amount of support for affirming the will of the people to set a new course, not only for Iraq but for all of U.S. international policy. That percolation, which resulted in the Democrats gaining control of Congress, is still there. It is fairly astonishing that Democrat leaders would forget that only a month ago we were given the control of the Congress because of Iraq. It is fairly astonishing that less than a month after being given that constitutional obligation to assume a coequal position in the government, [we] would
capitulate on Iraq by publicly declaring support for up to $160 billion in additional funding to keep the war going.

I've said it before, I've said it again: It is not credible to simultaneously say you are opposed to the war and continue to support funding for the war.

So these are some of the reasons why I'm running for president. And I believe that I will win, because people are truly looking for a new direction. Not by incrementalism, not by capitulation, but people are looking for real leadership, people are looking for foresight. And I've demonstrated foresight by moving out front very quickly when the administration was talking about attacking Iraq-warning the country that this was folly, warning the country that we needed to avert this conflict, letting Americans know that there was no connection between Saddam Hussein
and 9/11 or Al Qaeda's role in 9/11, that Iraq did not have WMD, did not have the intention or capability of attacking the United States.

Everything I said turned out to be true. People want leaders who know what the right thing is to do in the moment of crisis, not people who will say, years later, 'Well, you know, I agree, this is what should have been done.' This is a call for clearsightedness for foresight and for action, and in each case I've demonstrated an ability to step forward. And I'm going to do it again, and I expect that the American people are going to respond very powerfully to my candidacy.

TRUTHDIG: John Kerry got tarred with the 'flip-flopper' label in 2004 for his perceived wavering on the issue of Iraq. Do you think you're going to have a better chance than someone like Kerry-or Clinton, who's also been wishy-washy on some of the issues?

KUCINICH: I haven't talked about any other candidates, and I'm not going to now. I think that my consistency speaks for itself, and I think that my opposition not only to the authorization for the war but continued opposition to its funding puts me apart from all the other candidates. I'm the only member of the House and Senate who has consistently voted against continued funding for the war.

TRUTHDIG: I saw Stephen Hesse of the Brookings Institute on CNN saying that candidacies like yours are just an ego trip. Is this an ego trip for you?

KUCINICH: I've spent the last five years of my life warning our nation about the path to war and about our occupation of Iraq. There are probably easier ways to pamper oneself.


*Truthdig interviewer Joshua Scheer worked as an entry-level staffer on Kucinich's state Senate campaign and was later a summer associate in his congressional office. In this weekly interview series, Rep. Kucinich gives his take on the goings-on in Congress in the wake of the Democrats' victory.

Project Distributor: Introduction to our distributed web service model
So Darren and I have put in about a month now on the Project Distributor website. We are starting to reach that critical point where the site is pretty cool, we have plenty of users, we are thinking about running out of the allowable bandwidth for the demo site, and all sorts of other things that tend to happen all at once. Now, there are some problems you can design yourself out of, and others that you really have to throw some money at. Our latest enhancements can be summed up in a short list.

• Buy a domain name and start hosting in two places. Project Distributor.com should be up fairly soon to accompany MarkItUp.ASPXConnection.com
• Have people host their own versions of the application. And that means a big source release is in the future. At this juncture risk fragmentation.
• Design away fragmentation with a series of ingenious features that will make everyone want to use the application at hand.

I'm here to talk about the last two, since Darren already bought some additional hosting for us. The concept will be to release a fairly stable version of the application so that groups can host tools, code snippets and other source/binary releases for their teams to share. The application is very lightweight and easy to set-up, so it won't require a bunch of hand holding and configuration to get up and running initially. From our standpoint we solve a number of issues at this juncture. The most obvious problem is what we classify the Lutz Roeder use case. .NET Reflector is the key type of application we'd love to get hosted because it makes it a bit easier to find, not that Google does a bad job, we'd just like to get a bunch of tools in one place, with some features for feedback, new releases, and some cool client tools for publishing.

Now, Lutz would put his application up and he'd whack our bandwidth. He is the prime example of someone that should be hosting their own tools, but possibly using our interface. He doesn't have to, we haven't even asked him yet in fact, but if he decides to do so, then all the better for the web application moving forward. Users such as Lutz probably want a certain level of control over their own sites as well in terms of branding and controlling access. This will only come from hosting the application yourself (and maybe some other features we'll see later).

From a security standpoint many teams will also want to host their own servers. In this manner they get control over the hardware their sources and binaries are stored on. They can accept tools up to any maximum (instead of our imposed limits) and provide unlimited download bandwidth if they choose. Or they can take advantage of our gating mechanisms to make sure their server doesn't get overloaded with downloads and open their tools up to the public.

The only major problem from this source release is that the initial problem we were trying to solve, promoting the visibility of tools, starts to erode. You see, the more sites that host their own tools the harder it is to find the right site with the right tools. We are trying to solve this in a number of ways. The first is allowing users of a site to store bookmarks to other projects and external resources. This is only a temporary fix, because it still doesn't allow a mass search and categorization infrastructure required to truly promote the visibility of the tools being hosted. We have to come up with a solution that brings all of the sites, but we don't want to create just another portal or gateway site. That is boring. Now you have the background, so how will we solve the fragmentation issue?

Designing away Fragmentation
I won't lie to you, I've implemented this model several times, but have never had a project that was capable of really showing off the feature set we are about to talk about. The concept is to unify all of the sites, by allowing them to easily manage views of data from all of the sites combined. Each site owns their own content, maintains their own users, but in turn peers with other sites to obtain additional content.

Web services provide a dual feature set in this model. At the current level they allow us to generate really great client-side tools for managing, well, your tools! We have a drop-client target right now so you can drag and drop new releases to existing projects in just a few seconds. Some new tools for working with build systems to promote the source code up to the server are in the works. We natively integrate with your RSS reader and will have our own alert services in the drop client just in case you don't have one. There aren't any search or local caching features, but those are also planned for the drop client so you can background download new releases, just like Windows Update.

That doesn't solve fragmentation though, that just makes me realize how much work I have left to do. The second feature of web services lies in the ability for each site to aggregate data from the many other sites that are out there hosting the application. Remember, everything we make available at the service layer can also now be remoted. The more caching we put into the data layer, the more performant the entire process will be, and we can even tune the caching depending on whether the data layer is merging off-site contents or database contents.

Peer Sites
I'm sure there is another name out there somewhere, but for the past 2 years I've called these peer sites. Each instance of the project distributor will have a number of options allowing for adding peers that will be aggregated and added to the local collection while users traverse the site. The first step is to get the peer sites running in a read-only mode. And set up some really great options so the entire process can be controlled. This solves a number of use case scenarios for us including the following.

• Fragmentation can be mitigated through proper configuration. If everyone aggregates 5 or 6 sites into their peers, then we have a huge network now of interconnected peers and users can pick and choose which one they use for purposes of searching the tool network.
• Peer connections are unidirectional or bidirectional. Access is configurable. Teams can include tools from external sites while keeping their own tools completely private. They can exist behind a DMZ or a private network.
• Users can host their own personal tool sites in the same manner as the team sites. They can configure statically which projects to make available even. In this way you can build a collection of personal tools that you love, and have the latest information automatically update on your machine for your perusal.

Peer sites solve plenty of visibility issues, but that is pretty much all they solve for now. We still want to enable all of the features available to the client tools. After all, the web service methods and proxy infrastructure is in place to do so much more.

Master Sites
Well, we want to solve another problem. That is where you edit your data. A master site is where the users, groups, projects, etc... are all hosted, but thankfully, you'll be able to log in through any site (assuming it is peered with your master site) and then edit your own projects and such. This is a remote principal context and is actually one of the cooler features associated with the peering functionality of project distributor. We'll be fully secure in our login and credentials region, but unfortunately we'll still be transferring data in open text in the short term. Maybe we'll fix that with enough push back.

Clone Sites
A clone site is where we empower a site to act on behalf of a master site. For me, my local project distributor is currently cloned to the main project distributor site. What does this mean? Right now it means I get all of the data from PD, and that users who trust my site can log-in to their project distributor accounts and cross edit data. Pretty nice if you ask me. It basically means you can fully host a project distributor installation and never, ever have to install a database server. Users can just act on behalf of a remote server.

Configuration
This isn't a super reusable model like some of those you read about in the popular software architecture books, and it probably accounts for why master/peer/clone sites don't exist very often. The considerations for every option are heavily customized to the problem being solved, and I'm sure we'll be making modifications or updating the configuration context for a while. Right now you can independently configure your primary server type, whether master or clone, whether or not users can use you for a pass-through authentication and edit server, whether or not web services are enabled so peers can enable unidirectional only communications, setting up asymmetric security credentials. Man, you name it and it is in there

For the peer section we have full and selective modes. A full peer pulls all of the data on the remote peer locally for display (in a delay caching manner, just like you'd expect, unless you set up a scheduled pull which is also possible). I expect most people to configure full peers because they really are really easy to set up and maintain. A selective peer is where you specify the groups/projects that you want to display. This is best for a user setting up their own personal toolbox who wants to select a couple of items from many different peers.

We have an extensively exhaustive configuration module already and we'll be continuously adding more to it. The concept is to easily modify your toolbox to your own designs without having to touch the code. If we haven't given you enough options to satisfy your need then we'll have to make something up, because I'm just about running out ;-)

These are the basics of the model ideas I have for project distributor. That doesn't mean Darren doesn't have other great ideas happening as well. He has some pretty extensive UI enhancements, but I'll let him talk about those. We even have another product idea that is kind of a bolt-on for project distributor, but that is probably a couple of months out putting it into next year. Unfortunately we have too many ideas for our own good right now. Better than not having any ideas I guess. I'll try to drop some code with some of the ideas above, that way you can get a look at how the entire system is implemented. I have some diagrams as well, but I'm far too tired right now to add the img tags to the HTML view.