August 2011
23 posts
2 tags
Trust issues
Today brings the news that a Dutch certification authority, DigiNotar, has been compromised since at least early July, and issued a wildcard server certificate for *.google.com (to somebody who most definitely isn’t Google). Reports suggest the fake Google certificate wasn’t the only one known to have been erroneously issued.
As browser developers and users alike scramble to revoke...
2 tags
Certificate revocation escrow
One of the problems with self-signed certificates is that of revocation: X.509 certificate revocation is predicated around the issuer publishing a revocation list (or providing a queryable) endpoint focussed on certificate serial numbers.
The problem with this in a self-signed scenario is that we are predominantly concerned with the key becoming lost or compromised. If it is, somebody else can...
2 tags
Guidelines for use of self-signed X.509...
Hierarchical universal trust is relatively meaningless for the case where individuals wish to use X.509 certificates to services (and, potentially, each other): the question of “trust” has no meaningful answer in this context; rather, a service cares about the validity of the credentials used for identification, and potentially upon assurance data for the purposes of access control.
While...
1 tag
The BBC Micro effect
Nowadays, we look fondly upon the BBC Micro as a driving force in fostering a new generation of geeks. Although it was to an extent, the pivotal nature of the machine itself is somewhat overstated.
The real success of the Micro was that a trend was spotted – affordable microcomputers all speaking a loosely common language — and seized upon. The effect of the Micro wasn’t that millions of...
1 tag
MacTaggart 2011
I made the mistake this year of doing something I try to avoid: paying attention to the Twitter buzz about the MacTaggart Lecture — this year given by Eric Schmidt of Google.
Of course, paying attention to it meant that I had to comment on the commentary, to my peril.
Realising the error of my ways, I looked to the Google Press Office site for a copy of the transcript of the lecture, to find...
1 tag
Dissonance
In my last post, I talked about the identification portion of identity, but it struck me that there’s a certain degree of cognitive dissonance surrounding the deconstruction of identity systems into this triumvirate of identification, assurance and access-control.
Access control is easy, because it’s a matter of decision-making. Assurance seems easy, in that the notion of assurance processes are...
2 tags
Identity
This post stems from an internal paper I wrote for colleagues on the subject of online identity systems — identification, assurance, access control, that sort of thing. I can’t share the paper itself, but this is something that’s much bigger than “just the BBC”, hence the post. Even so, this is still my personal stance (albeit one informed by policy and direction of the corporation),...
1 tag
Quads
There’s a concept in RDF-land of “named graphs”. If you’re familiar with RDF, you’ll know that collections of triples together constitute graphs. The idea behind named graphs is that you can assign a URI a named graph (which essentially turns a set of triples into a set of quads), which you can use to refer to them collectively from elsewhere.
This seems quite sensible on the...
1 tag
Incorporating Node
For a prototype, I’ve been looking at building something around Node. For those not familiar, Node is a JavaScript-based scripting environment based on Google’s V8 — the JavaScript VM and runtime used in Chrome. Where Chrome provides things like window and document objects, Node provides a process object, a selection of modules providing extra stuff (timers, terminal handling, a CLI, and so...
1 tag
A short guide to some HTTP request methods
OPTIONS
What can I do?
HEAD
If I was to, hypothetically of course, perform a GET, what would the result look like?
GET
Give me the thing
PUT
Replace the thing that’s there with this thing here
POST
Here is a new thing, could you put it somewhere for me?
DELETE
Get rid of the thing
1 tag
A short guide to some HTTP response codes
200 - OK
Here is the resource. kthxbai.
301 - Moved Permanently
The resource was here, but we moved it somewhere else. Future requests should be directed at the place we moved it to.
302 - Moved Temporarily
For some temporary reason or another, the resource you’re asking for can be found somewhere else, so go there instead. Don’t assume this will always be the case.
303 - See...
1 tag
Should there be a public interest defence for...
As noted in my earlier post, copyright exemptions for news reporting specifically exclude photographs. It’s worth also reading Chris Hamilton’s post on the BBC Editors blog which is starting to get a few comments itself.
In response to my post, James Cridland stated that I don’t understand the pressures of a busy newsroom. He’s right — I haven’t worked in a newsroom, and...
“In a speech that ranged through topics as diverse as parenting, health and...”
– Ross Hawkins, BBC News
1 tag
The BBC and Copyright
[Note: usual disclaimer applies; note also that at this stage we only have Andy’s word for the wording of his complaint and the response he received, but there’s no reason to believe he’s not being truthful about them!]
Update: Chris Hamilton has posted an official response to Andy Mabbett’s post on the BBC Editors blog
Judging by the traffic statistics he’s been relaying, there’s a good...
1 tag
Those Twitter-blocking options
None of the upsides/downsides discussion below covers the “slippery slope” issue — once the facilities are in place, there’s a significantly increased risk of it being made use of in other contexts. That’s something for another day.
There are, as I see it, four options for doing as David Cameron spoke of today in relation to social networks, plus a fifth bonus option. I’ve used...
1 tag
Internal Communications
This is the culmination of some musings over the past few days. It’s especially not aimed at any individuals in particular, just so we’re clear.
I don’t understand why “Internal Communications” departments exist.
I do understand why the function of Internal Communications departments exists: in a sufficiently large organisation, there’s a need to get the word “out”...
1 tag
A thought on those involved in rioting and looting
Whatever the reasons and so forth behind the acts, it struck me when I first saw the Met and the Home Secretary talking about sending anybody they caught to prison that this wasn’t necessarily a brilliant idea.
Three angles on this which sprang to mind:
Re-offending rates are, frankly, horrific, especially for teenagers
As much as the prison service is at pains to point out that prisons...
1 tag
I predict a riot
The capital is ablaze. Humanity is crumbling. Arab Spring, London Summer. amirite?
Okay, perhaps that’s exaggerating slightly. But there is rioting going on, albeit sporadically (at the time of writing).
I’m not going to attempt to defend the rioters, nor justify their actions. I don’t think that rioting is an especially sensible way to protest about something (whatever that...
1 tag
That Top Gear thing
So the other day I watched the last in the current run of Top Gear and they did an “electric cars” bit. Like many others, I suspect, I raised an eyebrow when the segment was introduced, mindful of the Tesla controversy of days past.
I didn’t think there was much controversial about the piece, really. In fact, I didn’t really give it any further thought until I noticed a bit of furore...
1 tag
The US Box Office
Note — Darren has posted his response to this post on his blog. It’s definitely worth reading, and it’s fair to say that in my typical question for quantification, I missed the real crux of what he was saying in our… discussion.
I had a somewhat protracted, er, debate with Darren Ewing on Twitter earlier — with apologies to any of our mutual followers for the noise. If you missed...
1 tag
Claim Chowder in the Guardian today
Writing in the Guardian today, Mark Sweeney tells us that:
Plummeting CD sales, the ongoing toll of digital piracy and a lack of big name acts on tour fuelled a £189m drop in UK music revenues last year.
Now, to be clear, I don’t doubt for a minute that there is — as there has been for decades — a proportion of people who have been obtaining music without paying for it. However,...
1 tag
The Duncan Bannatyne tweet
Earlier on this afternoon Duncan Bannatyne tweeted an offer of a £25,000 reward for the “capture” of an individual or “Double if his arms are broken first”. He later deleted this tweet and amended it to a £30,000 reward for information leading to the arrest of the individual.
For background, have a read of The Next Web’s write-up. The short version is that this was in response to a threat being...
1 tag
Things you should know about Global iPlayer
Recently, BBC Worldwide launched “Global iPlayer” in a select number of (overseas, if you’re in the UK) territories.
Here are some key bullet-points that you should be aware regarding Global iPlayer, particular as compared to domestic iPlayer.
First, the similarities:
It’s called “iPlayer”, and it’s from the BBC.
You can get it on the iPad.
Now the differences:
It’s a product...
