Archive for category Computers and Internet
I’ve been using my notebook as my main Media Player (mainly because all my music is on it). I noticed that if I was pausing a song in Windows Media Player 11 when I click to continue playing it would error on the current song and skip to the next one? This, I thought, was very strange, but of course I knew it had to be the fault of something to do with Vista’s new Audio stack, so I went searching through various control panel dialogs to do with my audio device where I found the culprit:
Un-ticking the "Allow applications to take exclusive control of this device" fixed the issue.
This can be found like by going Start -> Control Panel -> Hardware and Sound -> Sound -> Playback Tab -> (Select "Speakers") -> Properties -> Advanced…. Now that was easy to find wasn’t it?
EDIT: This didn’t fix the problem, the error still happens but only after the song has been paused for at least a minute or two… I’m stumped…
It’s just hitting home, how important and fundamental to our way of life that these Laws exist and are adhered to by all. As a Software Developer, I have followed many of the Laws of Identity when implementing products without consciously knowing them or thinking about why I do.
Here’s my thoughts on the Laws
- User Control and Consent
The first law states that a User must have Control of which Identity is used when communicating with a system and must give consent to use an Identity. This seems obvious but it becomes apparent that even Windows tends to inadvertently violate this Law with it’s NT authentication (which automatically proffers up the NT Username to any requesting application or network resource without the user knowing). Perhaps Windows Vista is heading towards resolving this issue? I somehow doubt it…
Although there have been implementations where their not bending this law slightly has lead to an impossibly annoying implementation, an example being the security fix to Outlook which requires a user to "Allow access for 1 Minute" to Outlook (anyone who’s used MS Project with Outlook will know what I’m talking about)
- Minimal Disclosure for a Constrained Use
Even I’ve violated this one a couple of times, but not to a major extent, perhaps collecting Mobile Phone numbers in a web site when it wasn’t necessary. Some websites violate this so badly and it leads to fake data being provided. If a web site asks for my birth date I give it a fake one, just because I don’t trust them.
- Justifiable Parties
I was considering going with Passport for one of our applications not too long ago, it now seems that this would have an adverse effect on the perception of security of our application. Despite the obvious usability improvement of a unified identity, I’m not sure that if I was a user that I would understand what MSN was doing in between this application and me, if MSN knows I’m logging in, what else do they know?
- Directed Identity
This states that some identities should be able to be used anywhere, and some are only for a particular system and no other. I wish this law was stated to the people who designed Bluetooth technology. That has to be the most fundamental violation of this Law ever. And everyone from the average Mobile phone user, to the person driving their Bluetooth enabled Car is suffering because of the lack of thinking going into it’s design.
- Pluralism of Operators and Technologies
This is obvious I suppose, every system works differently and therefore has different requirements.
- Human Integration
This Law addresses something I’ve felt quite strongly about for many years, that we can secure the channel from my computer to the server in another country 100 times better than we can secure the channel from the computer to the person sitting in front of it. It reminds me of episode of The Simpson’s where Burn’s accesses a "secure" part of his Nuclear reactor by having to pass through an Eye Scan, Face Scan, Voice Scan, Hand Scan, several solid steel doors only to kick a stray cat out the fly screen back door, swinging open in the breeze. I remember years and years ago in high school having devices that would sniff keyboard strokes and log them so that we could steal the teachers passwords. This doesn’t even address the issue of, the computer not knowing if it’s really me sitting there at the keyboard. Biometric fingerprint readers will help but I think it’s only the tip of the iceberg.
- Consistent Experience Across Contexts
This has to be one of the most difficult problems to solve, but the most beneficial for everyone. Users will find it easier to use an Identity, not having go through their short list of usernames and passwords. Users will trust web sites and feel comfortable providing their private data to the appropriate systems which increases usage of those systems.
One question lingers for me which is even with all of this it doesn’t address the "how do I know I can trust you" issue for users. Regardless of whether I can prove I’m purchasing my book from Amazon.com, how do I know I can trust Amazon.com to keep my information private and secure. A classic example of this issue is the 500,000 credit card numbers that were "lost" by couriers transporting a data backup tape. How do we really know that the system is backed up by proper and secure procedures, and that our data is not being misused?
Unfortunately that one is an even bigger challenge to deal with.