• Who has implemented a successfully chained service, with some propagation of identity?
  
• If you have, what architectural approach/technology stack have you used?
  
• How are you propagating identity - "sender vouches", "holder of key", "just trust me"?
• How complex is the chain? Single step, multiple steps, complex orchestration?

Who does not know and dread the recurring discussion of a topic long thought dead? The most egregious one lately was a discussion about the applicability of RFC 2119 to a particular standard I was working on (to protect the innocent I will not disclose the name of the SDO) - the last time I had a discussion about the meaning of "SHOULD" was about 11 years ago... sigh!

But this is not the reason for my current urge to vent - a bug long thought dead is reappearing once more: the old discussion about REST vs. SOAP. It is really annoying for two reasons. Firstly, it is settled - both have their place, and pitting them against each other is pointless. But secondly, posing the question of "Is SOAP or REST better?" is - to paraphrase Mona Lisa Vito - a bu****it question.

Representational State Transfer (REST) is an architectural style, i.e. a general approach on how to design distributed computing architecture. While it was initially described by Roy Fielding using HTTP, and also uses constraints familiar from the web, it is not tied to a particular technology.

The Simple Object Access Protocol (SOAP) is - in contrast - a specific technology; more precisely an XML based protocol designed to transport data across a variety of different underlying transports. In real-world deployments it often uses HTTP (actually almost exclusively its POST method) as underlying transport for the SOAP Infoset. The architectural style used by many (if not most) SOAP designs is best captured by describing it as remote procedure call (RPC) oriented [1]. 

So a correct (in the sense of "apples to apples") comparison would align itself along the lines of comparing HTTP web service using an RESTful architectural style with SOAP web services using an RPC-based architectural style. A simple, incomplete table might look like this:

That's it - rant over.

[1] Note that while SOAP operates typically in two different modes (rpc/encoded and doc/literal), these have nothing to do with the architectural style of the distributed design.

Today, we released the hData technical specifications: hData Record Format and hData Packaging and Network Transport. This is the mail that went out to the mailing lists:

Today we are releasing the first public version of the hData specification for the record format and the packaging and network transport (REST API). They are available here:

http://www.projecthdata.org/documents.html

We will be making some changes to the documents in the next few days to add a simple meta data model and streamline certain elements. Once this is complete, we are planning on moving the specification to a wiki and open up the process of editing. Until this is done, we would like to ask you sending your comments to hdata-general@googlegroups.com

At this time we are also exploring how the hData specifications can be licensed in an open source friendly way. Possible options include an OASIS style non-assertion covenant – please contact us if you have suggestions.

So far, this covers the core data and exchange architecture, but we have started to work on a RESTful security architecture, as well. The scenario we are trying to solve is outline in a recent presentation at NIST's IT Security Automation Conference. In support of this I have come up with a meta data schema, which I will put into the v0.8 version of the hData Record Format specification. Hopefully, I can upload that new version some time next week.

We are very much looking for comments and suggestions. 

tags: hDataehrhealth carehl7hitsp

Our effort to improve electronic health data exchange is starting to pick up some steam: After a very successful rounds of discussions at the HL7 General Plenary in Atlanta in late September (kudos to Andy Gregorowicz for covering this one) and a pretty warm reception, I presented last week at the NIH in Bethesda during the Tao of Attributes workshop on hData and our plans for the identity management and access control piece. I got some really great feedback, and I am hopeful that the idea of using a set of technologies that is know to scale (RESTful architecture style) can address the needs of a complex health data exchange.

Going forward, we would really like to start building a community around hData and L32. To this effect, we have created a couple of email aliases (see here for details) for starting a dialogue. 

hData ehr health care identity

My town (Burlington, MA) has just revived the Information Systems Advisory Committee (ISAC) to assist in the alignment of the school system's and the administration's IT departments. With many high-technology companies in town, the administration has been at the forefront of the IT development, with a respectable web presence that dates back into the 90s - at a time where only few towns and cities took the web seriously.

To support the new projects, I have been appointed to a position in the ISAC, and I am looking forward to helping the town staff to decide how to move forward.

In an earlier article I talked about data ownership - or lack thereof - at a low, technical level. There are three principal technical actors: the physical custodian, the logical custodian, and the data originator. This article deals with the problem (for the data originator) to limit the powers the physical custodian has. As the owner of the physical equipment that hosts the data, the physical custodian can perform a number of undesired actions with the data he hosts, specifically: (i) copy and distribute it and (ii) disable physical access to it. In many cases, both actions are not desired by the data originator or consumer.

As a first step towards limiting the physical custodians powers, it is important to make sure that the physical custodian (PC) is not also a logical custodian (LC). By this I mean the following: the PC has access to the physical equipment that hosts the data, as well as the transport infrastructure to get access to it. By denying the PC the role of the logical custodian, he may ultimately host data, but will not be able to use or interpret the data in a meaningful way. An obvious way to achieve this, is to encrypt the data and make sure that the PC does not get access to the key. For most practical purposes, this addresses action (i).

But even if the PC cannot access the data he hosts, he still has the "power of the plug": if the PC cuts that connection to the network, or switches of the data equipment, all access to data is lost. In order to be able to address this problem, one can use the following scheme:

1. Data is stored in some atomic units like files, that can be represented as a data stream.

2. The data stream is encrypted; keys are not stored with the data.

3. The encrypted stream is chunked into at least two chunks of identical size. The number of chunks is arbitrary.

4. At least one parity chunk is computed - think RAID 5 or 6.

5. The chunks are stored on different data services. This could be a traditional data service, but also other services such as a mail service or a blog service could be used to store the chunks. The table linking the different chunks is stored separate from the data.

The effect of creating such a "Redundant Array of Independent Services" (RAIS) is obvious: not only can the physical custodians not access the data since it is encrypted and they only have a portion. Also, since there is at least one parity chunk, if one provider decides to "pull the plug", the lost data can be reconstructed from the remaining chunks. As an additional protection, users might want to mirror individual chunks on different services as well, thus improving availability.

Data ownership is a rather nasty topic: at a legal level, we have many rights related to data we create or that is about us: privacy regulations, intellectual property rights, copyrights and trademarks, etc. are all aspects of how society attributes ownership to immaterial goods. This practice has been in place since at least the early 19th century, but even then there were critics, among them Thomas Jefferson and James Madison.

With the advent of digitized storage, reproduction of immaterial data has become cheap and lossless. This has a significant impact on the industry: for example, the entertainment industry is currently facing the consequences of this highly disruptive technology advancement, and has yet to redesign their business model to accommodate this paradigm shift.

But this change goes far beyond the entertainment industry or any specific market: at this time, most people have started to realize that data they release about themselves will be reproduced, indexed, and made available via 3rd party search engines. Once the cat is out of the box, it it too late for restricting distribution.

This leads me to believe that we need to re-think the concept of data ownership, at least at a technology level: it does not make a lot of sense to claim ownership of data if one has no means of asserting this ownership in an effective manner. The judicial processes are too slow and too much bound to physical objects. As a result, only a small portion of data ownership infractions is dealt with by courts, and effective enforcement on a global scale is practically impossible.

As a result, it would seem appropriate to me to abandon the concept of data ownership on a technical level altogether - and replace it with concepts that are better suited to how information systems are designed in the 21st century:

• A physical custodian of data has access and control over the physical object where the data is stored. In many cases this will be effectively a system administrator that is taking care of the computer and harddrives where the data is stored. It also makes sense to consider the organization that employs the system administrator(s) to be physical custodians. The physical custodian has significant control over the data, since he can simply "pull the plug" and make data unavailable.
  
• A logical custodian can access and modify the data. A logical custodian can also grant the logical custodian role to other entities. While in many cases a physical custodian is also a logical custodian, there are important cases where this is not the case: in multi-level security systems or environments where data-at-rest is encrypted, the physical custodian might not have meaningful access to the data. The granting of this role can not be reversed: once an entity has access to data, this data can be copied to other physical systems and be re-used.
  
• The data originator is the entity that created the data. While origin may be an important factor to determine authority or validity of the data, it does not guarantee either.
  

Anything beyond these roles cannot - at least with current technology - be properly modeled without relying on concepts beyond the realm of technology. Nevertheless, even these limited roles can be used to model interesting scenarios. For example, a distributed storage system that stores encrypted and chunked data with parity (i.e. RAID 5 or 6 across different services, not disks), can practically eliminate the role of the physical custodian.

Higher level technologies (such as DRM or multi-party encryption) may be successful in restricting the significant control that a logical custodian to some extent, only external mechanisms (such as system certification, trust models, or judicial redress procedures) can limit the logical custodian.

tags: dataprivacyintellectual property

For some time I have been working with a number of folks at MITRE on a simple representation for electronic health data. Digging into the depth of various standards organizations such as HL7, HITSP, or HIMSS was interesting, painful, and enlightening at the same time. Since last week, our project is online at http://projecthdata.org/, and the hData project has announced releasing specifications, schemas, and code there soon. At this time, you can get the hData white paper, which was also presented at the recent Balisage 2009 conference in Montreal. Overall, hData's approach is very much focused on implementability and ease-of use for developers (since - quoting Mike Kay at Balisage - "As a developer I am also human.")

Interestingly enough, the combination of ODF/Jar style packaging and RESTful integration (taking a ZIP archive of hierarchically organized component documents and representing it as a collection of resources) has some folks interested. If there are more, I will suggest taking this out of hData and creating an independent specification.

tags: hDataehrhealth carehl7

Title: hData - A Simplified Approach to Health Data Exchange

Interoperability issues have limited the expected benefits of Electronic Health Record (EHR) systems. Ideally, the medical history of a patient is recorded in a set of digital continuity of care documents which are securely available to the patient and their care providers on demand. The history of continuity of care standards includes multiple standards organizations, differing goals, and ongoing efforts to reconcile the various specifications. Existing standards define a format that is too complex for exchanging continuity of care information effectively. We propose hData, a simplified XML framework to describe health information. hData addresses the challenges of the current HL7 Continuity of Care Document format and is explicitly designed for extensibility to address health information exchange needs, in general. hData applies established best practices for XML document architectures to the vertical health domain, which has experienced significant XML-based interoperability issues.

This is a little off-topic: I just got an invite to cast my proxy vote for my Fidelity mutual funds. In addition to the usual crud like blessing the board, there was an initiative to instruct the board not to invest into companies that support genocide in e.g. Darfur. While this should be a no-brainer, I was extremely surprised to see that the current board (which is seeking re-election just two lines up) is strongly suggesting to vote AGAINST such guidance (see also here). Their line of thought is that they are already barred from any direct investment into companies related to Darfur and Sudan, and that every thing else (such as investments into PetroChina Co.) is just sound investment.

I strongly object to this: the activities of the Sudanese government and their henchmen in Darfur have been determined to be genocide and crimes against humanity.I do not want to see any of my money being used for fostering these criminals or any other group that perpetrate the most heinous crimes. At this time, I am very much leaning towards moving my entire portfolio away from Fidelity to TIAA-CREF if there is no satisfactory resolution on July 15.

tags: fidelityinvestmentgenocidedarfur

Right now, I am taking a class on Air Traffic Management (ATM), which is already yielding some very concrete useful knowledge: unbeknown to me, the FAA and NOAA have a lot of very interesting tools on the web. These web sites may help you to get a better picture of your expected delay; much better than what gets announced at the airport or within the cabin, anyways.

ATCSCC

The Air Trafic Control System Command Center (ATCSCC) is responsible for mananging the entire National Airspace System (NAS). As such, they are in charge of all re-rerouting and have tons of interesting data for travelers. From their web page I can recommend:

• The overview map (by region or airport) on their home page gives you an interactive and easy to interpret view of the current air traffic situation. Clicking on the airport yields a summary of expected delays and their real reason (no more airline babble about that strange gasket that was out of order).
  
• The Operational Information System has a nice overview about what is going on in the NAS in more detail.
  
• The airport arrival demand chart tells you what the line for arrivals at the destination looks like. If there is a backup, you will fly happy holding patterns.
  
• The advisories database has all current ATCSCC advisories, including ground stop (i.e. the reasons for sitting on the tarmac for 3 hours before getting cleared for departure). Note that these advisories are not in clear text, but you need to understand the shorthand.
  

Finally, you can sign up for an airport delay email notification for the 40 busiest US airports at: http://www.fly.faa.gov/ais/jsp/register.jsp

NOAA

The National Weather Service has an aviation weather site at http://aviationweather.gov/. There are a lot of interesting services there for the avid hobby pilot or flightsimulator nerd, but the CCFP is most interesting from a airline-delay-perspective: it provides a 2h, 4h, and 6h convective pattern forcast (read: bad flying weather). This, and the turbulence charts can tell you at what segment of your trip to expect flying coffee cups (in the best case). Putting everything together, you can install the Flight Path Tool for a rich client GUI.

tags: faaaviationtoolsweather

This is a happy Friday afternoon rant.

I am still following the headlines for Sun (as long as that is still possible), and today I found some interesting headline: "Oracle Should Spin/Sell Sun Hardware Unit, Analyst Says". Well, interesting enough, I open the article, expecting some deep insight into what is going on. Unfortunately, the full report was not available, but the blog did mention the $23 dollar target set by the analyst, and that he would not know who might be interested in buying the Sun hardware business from Oracle.

Wow, impressive. Unless there is a lot of interesting detail in that research report (which is not available on AmTech's website), this is completely trivial: yeah, Oracle holding on to Sun's hardware business seems illogical from the outside. Good thing we have an analyst telling the world that. And Oracle will soon be at $23? I would neve have guessed that, given that they are currently at about $20, the market is pointing upward, and there is a good chance that the market will see the completion of the aquisition some time in the summer as something positive.

I think that I should consider a second career as software industry analyst: Money for nothing and the chicks for free...

The excellent article "Security and Data Sharing" by Mark Richard and Leslie Lebl points to a few very important ramifications that the less than ideal current data sharing situation with the E.U. brings and what the ratification of the horrible Lisbon Treaty would mean for the future of international security cooperation. The article also mentions the potential positive effects of the U.S.-E.U. MLAT framework.

What really caught my attention, though, was the authors' regard for the supposedly high European standards for data protection and privacy. They are correct in assesing that the implementation of the Privacy Directive varies within the various member countries, with countries like Spain or some of the relatively new members not paying to much attention to privacy issues at all. At the same time, Germany is portrayed as having a very high standard of privacy and PII data protection. Unfortunately, this is not at all the case:

While many middle-aged Germans do remember the strong controversy about the 1983 census (which was relatively harmless in itself) and the German surpreme court even recently emphasized a basic right to privacy protection, the implementation in the real world are a far cry from the supposed nirvana of "information self-determination".

First, it seems prudent to make a fundamental difference between the rights of the German population viz-a-viz the private sector and government. When dealing with private entities, Germans do actually enjoy a fairly high level of control over what information someone might legally store about them, how it is used, and when it has to be amended or destroyed. Reality paints a somewhat different picture, though. Over the last few months, a number of scandals have surfaced, cutting across the entire spectrum of privacy invasions: large companies have spied on their employees and customers using hidden cameras or collected and used profile data without their knowledge. Beyond that, a number of shady address collection agencies have sold millions of records including financial information. In some cases, significant sums of money were misappropriated by thieves that automatically drafted funds from bank customers through the ACH. Obviously, these criminal acts (at least those that have surfaced) are being investigated, and hopefully the judical system will be able to mediate the harm done. 

The situation with respect to government privacy intrusion is much more dire, though, and it would be fair to state that any resident in the U.S. enjoys a much higher level of government intrusion that any German ever had. For starters, every German (in fact, European) is now issued at birth an 11-digit taxpayer identification number that is unique and valid over their entire life. One might argue that the SSN is very similar in this respect, but there are two significant differences: (i) no U.S. resident is *legally required* to obtain a SSN and (ii) the FTC and the other government agencies have realized the ID-Theft threat that such an identifier poses and there is active work to limit the use of SSNs.

But the issues go far beyond unqiue identifiers: every resident of Germany is legally required to notify city hall within 30 days if they move  - either within their street or across the country. Interestingly enough, this data is readily available to any interested private company, and some 400+ towns and cities have made some nice extra cash by selling off these lists. In addition, all residents are required to own a national ID-card, which will soon contain their digital photo, fingerprint, and a practical RFID chip for easy data skimming. 

This list goes on, and includes absurd stories of mandatory public broadcast fees (which are sometimes collected from residents that have been dead for more than 400 years - but, being Germany, they do have to pay.. or at least the church where they are burried). At the end of the day, the de-facto privacy protection in Germany is not at all better than e.g. in the U.S., where at least a strong vertical and horizontal division of powers and an active community prevents a centralization that has become so typical for Europe.

Totally off-topic, but I really feel like communicating this: After 9 years in Massachusetts, I can now proudly claim to be a U.S. citizen! Along with 2717 other condidate, I took my Oath in the Hynes Convention Center in Boston and may now feel as a part of the family...

Here are a few pictures:

Jeff thinks that my term describing the privacy situation in Europe is a little harsh. I cannot blame him, since the Europeans, and especially Germany has been working hard on presenting themselves as the global guardians of privacy. And, true enough, the rights that a European citizen has viz-a-viz private sector companies is considerable. Also, Germany's supreme court confirmed on multiple occasions that there is a "Informationelles Selbstbestimmungsrecht" (right to information self-determination).

Yet, when it comes to the government or its associated entities prying into peoples lives, all bets are off:

• Go to the U.K. and try to not be captured on a surveillance camera. Anywhere.

• Try renting an apartment or buying a condo in Germany. Within 30 days you must submit a form to city hall declaring who you are, where you lived before, and who else is living in your home. This data is automatically shared with semi-private organizations such as the collection agency for public broadcast fees, but also with anyone walking up to city hall that deems you a debtor.

• There is a EU directive that establishes a community-wide unique tax ID number far all citizens and residents of all ages. This number is permanent, and must be shared with employers, banks, and - potentially - insurance companies. Sounds familiar?

• All trucks in Germany are required to use a satellite-based tracking system to determine tolls for using the Autobahn. This data is collected by a private-sector consortium on behalf of the government, and there are a number of politicians suggesting this for all vehicles.

• Finally, Germany's "Personalausweis" (national ID card) is mandatory for anyone over 16. So far, city hall was managing this data, but since there are preparing to put biometrics on this one, there will soon be a comprehensive federal database of all citizens of Germany over 16, complete with digitized photo, fingerprints, and later iris scans.

The list could go on and on - I am sure that Robin has a lot to add to this list. Needless to say that there have been numerous occasions where data collected by government agencies has been "lost", stolen, or otherwise compromised. While we are talking about theft: Germany has paid more than EUR 5 Mio for stolen data about alleged tax evaders.

So yes, my choice of words might have been harsh, but unfortunately quite justified.

tags: privacyeuropegermany

Most often people will believe bad news much easier than good news, displaying a general sense of pessimism that is part of the human soul. But sometimes it is really hard to believe what kind of madness politicians come up with: The Governor of Massachusetts, Mr. Deval Patrick, is currently concerned with the state's budget. Well, the times are tough, and it is understandable that we either have to cut programs, raise taxes, or both. These are hard decisions, and I do not envy anyone having to take them.

However, one suggestion Mr. Patrick made yesterday immediately got my attention: there are apparently plans on the table to introduce a "chip" in the state's vehicle inspection stickers, so that cars can be tracked as they use the Commonwealth's highway system. What might seem like a prudent idea to shift the cost of the transportation infrastructure to those that are causing them, is in reality an attempt to introduce an Orwellian surveillance system of European proportions.

It is bad enough that the private industry (in the form of the wireless carriers) have a rather comprehensive location profile of all their customers. Yet, it is really easy to turn of the cell phone, leave it at some place, or switch to another cell phone, in case one wants to obfuscate one's location. However, even in Massachusetts it is rather hard to get around without having to resort to using a car. Within the 128 belt this might be manageable, but once you get beyond 495 it becomes impossible. Mandating a tracking and surveillance device in vehicles for tax purposes will now create a gigantic database with rather sensitive information. The potential for abuse is scary:

• With location data, one can attempt to create a political profile by tracking conventions, conferences, and events a person goes to. I am not a lawyer, but this seems to be getting rather close to infringing a couple of First Amendment rights.
  
• The collected data can be subpoena in all kinds of litigations, including sensitive things like divorce proceedings or insurance disputes.
  
• If the database is ever breached, the hacker could have a field day, exposing location profiles of individuals. Depending on whose data is stolen, this could actually result in increased personal risk for exposed persons.
  

The DHS Data Privacy and Integrity Advisory Committee of the Privacy Office of DHS has sent a letter to the new Secretary of Homeland Security, Janet Napolitano, making some recommendations for the adjustment of the way the department deals with privacy policy and issues. Some of the more notable ones include:

• Compartment Privacy Officers

• Data Governance

• Interoperability and Data Integrity

• Overhaul of the 1974 Privacy Act

• Independence of the Privacy Office from the rest of the organization

These are excellent suggestions, especially when applying them as a whole: having a compartment Privacy Officer, that can act independently of the rest of the organization has the potential of channeling the efforts of the department into the right direction. Improved data governance, integrity, and better interoperability should really be on the agenda of the CIO as well, but especially in the context of E-Verify or Border control these issues also gain a privacy facet.

Overall, this letter should be a recommendation not only to the DHS, but government and private organizations in general (mutates mutandis). Major privacy invasions (as we have recently witnessed them en force in Germany) can only be avoided if privacy compliance is considered as critical to an organizations success as any other good governance principle.

tags: privacydhs

Oh well, I finally sat down and took the time to convert my aging main web site into something more dynamic. Since my - overall - quite reliable hoster gives me free PHP5 and MySQL databases, I took a closer look at Drupal, given its overall support, ease of use and add-on module availability. My first impressions are quite good: it was easy to get up and does not seem to be too hard to administer. Converting my exising HTML went well, although the default editor (or more specifically: the Drupal filters) have a tendency to get in the way at the beginning.

Now, one thing I will probably spend a little time on over the next few weeks (time permitting - haha), is to develop a somewhat more reasonable authentication scheme for my various web properties. I have a happy collection of PHP apps, this .NET based blog, and also some custom Java apps. So far there is really no identity management in place; a fact that has been a sore for a while. A simple SSO authentication scheme across these difference platforms is a panacea, but it should not be to difficult to achieve. I am looking actively into using Oauth or SAML as the token format, and a simple RESTful transport.

tags: web siteidentitysamloauthrest

Times are changing, and people have to change with it. Doh - another pearl of obvious wisdom, but there is an interesting application to the work life: while regular employment might change rather abruptly, business and community relationships usually do not. So while you might no longer be working for a particular company (say, Sun, for example), you would still be interested in continuing your work in a particular area of interest (say, identity, for example).

In this spirit, I decided to join the Liberty Alliance as an individual member. The new structure of the organization, combined with a reasonable fee schedule allows me to continue my formal relationship with one of the more comprehensive identity consortia currently in existence. While I have not yet quite made up my mind on how this engagement will be, I know that there are a number of current project in TEG and IAEG that stir my interest.

One of the most interesting developments in Liberty right now is the realization that a RESTful approach is quite necessary to extend from an enterprise-centric identity management system to one that can scale up to the needs of health care providers and governments. The need for a lightweight IdM and federation framework is indisputable, and the GSA and Internet2 have already demonstrated that the existing feature set in SAML2 is sufficient to build a meaningful federation. However, it will take the legal and business rules framework of the IAF and related efforts to extend these technologies into the realm of social networking and eGovernment where you cannot rely on having a mutual trusted partner in identity.

So, going forward, it will be a lot of fun to dabble with the same technology, only now from a slightly (or not so slightly) different angle. 

tags: project libertyidentityrest

Wow - what a week this was... I have been through quite some ups and downs, and that is not even mentioning the fact that the U.S. got a new administration.

Bad news first: not only did I have a mild form of food poisining (not that there was anything 'mild' about it, but I heard it can be much worse), but I am also affected by the workforce reduction at Sun. Yes, that's right... after a meager 11+ years I am on to new adventures elsewhere. To all those that I have been working with: it was a very interesting and mostly fun ride. I really had a sense of being able to work on something big and accomplish a lot, but the energy and the creativity at Sun was very inspiring. I met a lot of smart people there, and I hope that I will have the chance to continue working with them, one way or another.

Going forward, I see myself continuing on the themes that I have been dealing with for a while now: interoperability, web-centric (now cloud) computing, and the related identity and security aspects. There is a lot of work ahead, and I am quite determined to continue contributing. 

Since my age-old email at Sun will cease to work soon, you will now be able to reach me though an interim alias: work-at-removethispart.beuchelt.com^[1]. I am also on Facebook and LinkedIn, so please feel free to connect with me:

http://www.facebook.com/people/Gerald-Beuchelt/615829807

http://www.linkedin.com/in/beuchelt

With more time on my hands for now, I will also start spamming your RSS readers... just kidding - but I will write more here now, so stay tuned.

But now for the good news: yesterday my application to become a U.S. citizen was approved and - assuming all goes well - I will take my Oath in early March. Contrary to its horrible reputation my experience with USCIS (formerly INS) was actually quite good: yes, they are bureaucratic (you should have seen the piles of files they had on me), but overall the process was quite efficient and fast: it will have taken less than 6 months from sending in the application to my Oath ceremony.

Interestingly enough, my becoming a U.S. citizen will also open new doors on the job market: as of March I will be able to get a security clearance, work on certain government contracts, etc. The timing could not have been better.

tags: identity managementnaturalizationworkforce reduction

[1]Sorry for putting the "removethispart" subdomain in - obviously it is only beuchelt.com after the @ sign. 

UPDATE: Many thanks to Tim Bray for highlighting this note in his (most unfortunately rapidly growing) Stray Sunbeams series!

As part of the new U.S. administration's BigDialog and Open Government technology agenda, the CommunityCount web forum is polling for issues that are relevant to the identity management community. If you want to make you voice heard with the transition team and the next CTO and science office staff go here, put in your questions and issues, and vote on the others.

Here is my contribution - please vote.

tags: identity managementpolicy

    I love foundational discussions - they always have the potential to fundamentally change my world-view, which is quite stimulating.

    Radovan picked up on my little piece on reputation. In particular he suggests that the question "What attributes should be influenced by reputation and what should not?" does not make any sense.

    I fully agree with this statement, but not necessarily with all conclusions that Radovan draws. As I see it, the question is not what attributes of an entity should be influenced by reputation, but much more about what attributes can be reasonably approximated by a mean-value approach such as reputation.

    In Radovan's example, the height of a given person can be precisely determined (up to an error margin, that is part of that measurement). The result of such a measurement--as long as it is reproducible--is the objective value of the attribute "height". It does not make any sense to attach a reputation to this value. But you can attach a reputation/"credibility score"/whatever to the measurement process (this is typically done through the specification of the error margin), or the faithfulness of storing this information in a given storage system (e.g. through the reliability score of this provider, determined by averaging over the subjective reliability score given to the storage system by its customers/clients). The aggregate "reputation" of this process (measuring, recording, storing, reproducing) can then be used to calculate the "reputation" of you saying that I am 147 cm tall.

    But--and this is important: your statement about my height (or the aggregate statement of the community about my height) does not influence the fact (if you want to use this hopelessly overloaded term) that I am 187cm tall.

    This is fundamentally different from what might happen with other attributes: for example, let us look at my "reputation for drawing aesthetically pleasing pictures". While I ( or my daughter) might be convinced that I have a rather high score for this attribute, the rest of the world might beg to differ. My community-wide^[1] reputation as a gifted painter could thus be much lower. Note that I do not have any reasonable recourse: there is (fortunately) no final authority, or repoducible process that can determine a definite value for this particular attribute.

    Nevertheless, for such non-CFD, mean-value attributes you still face the same issues that you do face for objective attributes: there is the change of recording or storage failure, and thus other factors that might ultimately determine the reliability of a "reputation as painter" score I might have.

[1] Note that at this point it becomes very important to define the correct domain of your mean-value process, i.e. you have to fix an ensemble.

    Paul proposed a conjecture regarding the validity of using reputation systems in the context of identity systems. This (and some discussion on the IDGang list) inspired me to dig again through some of my notes regarding the ontology of physical reality (and thus--by extension--quantum theory).

    My personal position in the discussion on the most sensible approach to physial ontology was always firmly rooted in the realist corner: I completely reject positivism and--mostly-- empiricism on fundamental principle. There is no doubt in my mind that there is an objective physical reality, independent of human (or any other) observer^[1].

Reputation in information systems

    Now, a reputation scheme can easily be interpreted as mechanism to determine the value of an entity's attribute by averaging over the subjective values of that particular attribute, as seen by an ensemble of parties interacting with the entity in question. So, for example, to determine the "trustworthiness in business transactions" of user A of an auctioning site, one can average over the subjective opinion of business partners of user A on his trustworthiness.

    This approach is valid, and as many social (or even business) sites indicate very useful. It can be applied reasonably well to attributes of an entity that are either non-counterfactual definite (i.e. completely subjective), or not measurable by an objective and reproducible measurement approach.

    "Trustworthiness" is a good example for a subjective attribute, and credit-worthiness of a company or individual might be an attribute of the later type: while the fundamentals of a company determine its ability to shoulder a certain about of debt without collapsing, there is (to my knowledge) no definite algorithm to compute a simple "creditworthiness" attribute. However, the averaging over the credit ratings from different rating agencies (i.e. a kind of "credit reputation") is normally a good approximation of this attribute^[2].

    However, there are some attributes that cannot be averaged over: those attributes are counterfactual definite, i.e. objective and can be measured by a repoducible mechanism. A good example for such an attribute is my physical height,  my employment status with a given company, or my gender. All of these might change in time, but at a given point in time, they can be easily determined and have an objective value--even if nobody measures it. Applying a mean-value approach to these does not make any sense.

    One might interject, that for such a counterfactualy definite attribute there might be a different perception of its value with other entities. For example, while my actual height is 187cm (~ 6' 1"), some people might think that I am taller or shorter.  Now, my actual height does not change because a number of people are thinking so. It is my perceived height that changes and this attribute is entirely different from the former.

    So, in the end it is very important to evaluate carefully if a given attribute of an entity in an information system lends itself to be used in the context of reputation systems. In some specific cases this does make sense, but in others it is entirely pointless.

[1] Yet, while realism is vital to my world view, I am much more inclined to abandon local reality than counterfactual definiteness.

[2] The current financial quagmire is an example of how such a reputation system can fail.

  GIMPS has released a statement indicating that the 45th and 46th Mersenne primes were recently found at Sun by Tom Duell (right here in Burlington, MA) and Rob Giltrap (Wellington, New Zealand). Both ran on Sparc based systems. Congratulations!

tags: mathematicsprime numbers

    Amazingly enough, it took less than 24 hours to see the first massive privacy issues flaring up with Google Chrome. In a CNET interview, Peter Eckersley of the EFF says:

"We're worried that Chrome will be another giant conveyer belt moving private information about our use of the Web into Google's data vaults," Eckersley said. "Google already knows far too much about what everybody is thinking at any given moment.

    Now this is a total surprise, is it not? Not only can Google read all your mail, knows what you are looking for on the web, and has your financial information through Googlc Checkout or Adsense. With the Omnibox (or the mysterious "one or more unique application numbers"), they now also see all the places you go to -- on the internet and any possible intranets.

    Now, I do not know exactly how this will play out legally, but as far as I am concerned, the internal structure of an Intranet is usally some I'd rather not expose to outsiders. Beyond privacy concerns, there are clear security and intrusion concerns, and allowing Google to obtain this data for free and without any binding contract between Google and my company does not seem very prudent. If I had any say, I would strangle recommend to prohibit the use of Chrome in any enterprise environment. This should obviously extend to government agencies, and among them law enforcement and military. How embarrassing would it be, if--by honest mistake--the DNS or CA infrastructure of the combat command and control systems of say, the Airforce or the CIA would suddenly appear on a Google search result.

    Do not get me wrong: I do like Open Source, and adding competition to the market is always a good thing. I simply see the ugly face of monopoly lurking around the corner, and this time it also has a big file on any internet user. This is a little too much power in the hands of a single entity. If Google was part of a government, people would be a lot less eager to submit their most private data (with the exception of Germany, of course--there it works the other way round).

tags: google chromeprivacy

  No, I am not talking about Google Chrome (yet). But it is related: if you look at

it seems that Germany has already conquered Denmark, Benelux, Switzerland, and Austria-Hungary. It could also be a the EUSSR with its capital in Brussels...

  Or maybe this is a completely new country call "Googleland", where every citizen deposits all their data in a save datacenter, identified by a unique id. "Information Self-Determination" is a basic human right, and any data merchant will get shot on sight. 

  The only exception is the operator of the datacenter (that would be Google, being compensated for their services by an unalienable right to use any of the data for targeted advertising campaigns), or any data thief that offers information on citizens suspected of being involved in terrorism, sedition, or tax evasion.

humor privacy google chrome

  This is just another installment of how the freedom of expression and scientific research is being sacrificed on the altar of "public safety" and "property rights". From the CNET article:

"A federal judge on Saturday granted the Massachusetts transit authority's request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system."

  To summarize this incident: a couple of student find a giant security hole is a publicly financed payment system. They inform the authorities and involved parties to given them a change to work on the situation. The faceless bureaucrats respond in the way any large (and thus inefficient) organization will respond: ignorance and disbelief. The students follow the time-honored tradition of publicizing their results and suddenly the gears spring into actions: federal courts, FBI, and preliminary injunctions appear. The official reason is "public safety", but everyone involved knows that this is just a very lame excuse. In truth, it is the desire of an inadequately powerful state-sponsored enterprise to hide their incompetence and silence their "subjects".

  The fact that this can even be done is the availability of unconstitutional laws (at least in spirit) like the DMCA and similar utterly meritless legislation. Coming from Europe, I am used to the frequent oppression of freedoms, even today. So far, the U.S. has been setting an example of how e.g. the freedom of expression should be interpreted. This gag order by a federal judge in Boston (sic!) is an untenable limitation of this right. It goes against some of the most fundamental principles enshrined in the Constitution and the Bill of Rights. 

  For more information, check the EFF website. 

tags: civil rights, freedom of speech, mbta

I just laughed out loud:

Go King Homer I. of Spain!

tags: humor, simpsons

The U.S. Patent and Trademark Office (USPTO) is considering to invalidate many (if not most) software patents and significantly restrict the issuance of new process patents. No doubt, intellectual property does deserve decent protection, and I think that this move by the USPTO will in fact result in better protection of property: copyright law provides ample protection against IPR theft while not getting in the way of real innovations.

To draw a technical comparison, process patent law protects the API, while copyright law protects the implementation. Although it takes a lot of thought to come up with a good API, it should be the implementation that is at the heart of the competition to not harm the end-user.

In this sense, the new direction of the USPTO will benefit the end-users (consumer as well as application developers) by allowing the concrete implementation of ideas to compete while keeping interoperability at the idea-level intact. In the end, the entire market will benefit including the vendors by lowering the barrier for interoperability significantly. 

tags: internet lawIPRpatents

The current economic situation is not exactly ideal: amongst many significant issues, one of the most concrete and pressing problems of today is the highly volatile energy market. Many current problem in the world (such as clean water, food, housing) could be solved almost completely, given that there is sufficient energy at hand[1].

Electric energy generation has seen a variety of approaches: some of them are quite childish, while others lack in public acceptance. Ultimately, only a sound mix of nuclear fusion and a select number of reasonable renewables such as solar or geothermal energy source (were available) will make sense.

However, electricity is not particularly easy to store, making it by far less attractive for any type of transport, especially individual transport. No technology that has been available so far has created a reasonable alternative to fossil hydrocarbon fuels: they have a sufficient energy density, are easy to handle, and the technology is very well understood. Alternatives such as canola-based diesel or ethanol-enriched gasoline are mostly carbon-ineffective ways of wasting money and alimenting lobbies.

Now, a new genetics based approach is making the rounds in various news outlets: LS9 is a South San Francisco company that succeeded in creating microorganisms that can produce hydrocarbons from renewable sugar sources. In other words, it will soon be possible to replace the back-yard compost heap with a small LS9 reactor that produces gasoline instead of dirt.

It will be interesting to see, if this technology can actually scale to a level where a large (and energy hungry) economy such as the U.S., China, or the E.U. can rely on this renewable fuel for a significant portion of their needs. But even if this approach is not fit for mass energy production, it still guarantees the available of hydrocarbon based products (i.e. plastics) in the post-fossil age.

[1] Obviously, in today's world there is also in many cases a lack of political will, but that is - at least to some extend - again a result of scarce energy.

In my earlier article today I pointed out a rather significant security blunder in Germany, where a number of municipal IT departments failed to secure their systems. This lead  to exposure of at least 500,000 personal data records to the internet - so far I have not heard that any affected person was informed about their involuntary expose to identity thieves.

In this context it seems a little untimely to publicly announce a new electronic signature program that will start in 2012.Under this program, anyone claiming any benefits from any public source (unemployment, social security, etc.) will be required to use a smart card with a personal key. In addition, employer will have to submit all salary and compensation information to a federal, centralized database that will be fully accessible to all participating government agencies on the federal, state, and local level. Contained in this database are obviously all employer records, but - in all likelihood - also all data records of current or past applications for government benefits. Employees are expected to pay for these new services themselves, with private sector  financial institutions or government agencies playing the role of the trust broker.

This program is sold to the public in two ways: on the one hand, it is supposed to save the employers and the government agencies a lot of money by streamlining reporting and decision making processes. On the other hand, in its centralized form it is expected to help limit welfare fraud, which is quite common in Germany. 

In and by itself, such a database seems harmless enough: it has some tangebile benefits, including significant savings for the private and public sector. However, this effort does not stand by itself. Over the past couple of years, privacy from prying government eyes has been under the most severe attack immaginable: A comprehensive tax ID that is coma

While Germany and Europe in general have some of the strictest rules regarding the use and storage of personally identifiable information, the last few months have seen rather extreme data security breaches. Today, the German media is reporting about a new installment of irresponsible negligence government incompetence:

According to the SPIEGEL ONLINE a spokesperson for the software company HSH admitted that the personal information of more than 500,000 residents of at least 15 cities and towns were readily available on the internet for at least 3 months [1]. According to a investigative news program (Report aus München), this problem actually affected more than 200 municipalities for more than 3 years. The alleged cause for this blunder was rather simple: the software used by the cities to manage these huge data collections had at least one default/demo account that was not disabled by the IT staff of the authorities. These credentials were inadvertantly published by the software maker on their web site and thus available to every one.

While problems like this can happen, it seems odd that this massive security breach has not caused a major uproar with the various highly paid privacy guardians. In fact, there i svirtually no report on this incident in any language but German. One might get the impression that there is a strong desire with a rather large number of people to keep this incident on the q.t. and avoid further investitigations and public disclosures.

Germany has (or had?) after the horrible experiences with two dictatorships and their respective secret police a tradition of resistance against data collection and privacy invasion. The proposed general census of 1983 was stopped by the German Supreme Court in a decision that laid the foundation of what has recently been termed "Informationelles Selbstbestimmungsrecht" (right to informational self-determination).

So far, Germany has not seen a large number of identity theft cases: until last year, there was no unique ID  in use and most electronic transactions are currently handled through a European debit card system that is less exposed to a number of frauds. Also, while the various branches of government had been busy collecting large amounts of data on German citizens and residents, there have been only a few federal databases. When talking to people on the street, I found a growing indifference to the German governments extended data collection and linking programs. The general attitude seems to be that "we do not have anything to hide", and if a little (or even more than just a little) loss of privacy leads to a few high profile tax evasion prosecutions, everyone is happy.

[1] Germany has a national ID law that requires citizens to register with city hall and disclose persoanlly identifyable information such as names, current and former addresses, religious affiliation, birth date and place, children, current and former spouses, tax information, serial numbers of the national ID card and passport, and more. Since last year's July, this data also includes a tax ID, the German equivalent of a social security number.

While Germany and Europe in general have some of the strictest rules regarding the use and storage of personally identifiable information, the last few months have seen rather extreme data security breaches. Today, the German media is reporting about a new installment of irresponsible negligence government incompetence:

According to the SPIEGEL ONLINE a spokesperson for the software company HSH admitted that the personal information of more than 500,000 residents of at least 15 cities and towns were readily available on the internet for at least 3 months [1]. According to a investigative news program (Report aus München), this problem actually affected more than 200 municipalities for more than 3 years. The alleged cause for this blunder was rather simple: the software used by the cities to manage these huge data collections had at least one default/demo account that was not disabled by the IT staff of the authorities. These credentials were inadvertantly published by the software maker on their web site and thus available to every one.

While problems like this can happen, it seems odd that this massive security breach has not caused a major uproar with the various highly paid privacy guardians. In fact, there i svirtually no report on this incident in any language but German. One might get the impression that there is a strong desire with a rather large number of people to keep this incident on the q.t. and avoid further investitigations and public disclosures.

Germany has (or had?) after the horrible experiences with two dictatorships and their respective secret police a tradition of resistance against data collection and privacy invasion. The proposed general census of 1983 was stopped by the German Supreme Court in a decision that laid the foundation of what has recently been termed "Informationelles Selbstbestimmungsrecht" (right to informational self-determination).

So far, Germany has not seen a large number of identity theft cases: until last year, there was no unique ID  in use and most electronic transactions are currently handled through a European debit card system that is less exposed to a number of frauds. Also, while the various branches of government had been busy collecting large amounts of data on German citizens and residents, there have been only a few federal databases. When talking to people on the street, I found a growing indifference to the German governments extended data collection and linking programs. The general attitude seems to be that "we do not have anything to hide", and if a little (or even more than just a little) loss of privacy leads to a few high profile tax evasion prosecutions, everyone is happy.

[1] Germany has a national ID law that requires citizens to register with city hall and disclose persoanlly identifyable information such as names, current and former addresses, religious affiliation, birth date and place, children, current and former spouses, tax information, serial numbers of the national ID card and passport, and more. Since last year's July, this data also includes a tax ID, the German equivalent of a social security number.

Starting today, I will try to review some of the more interesting gadgets that I have been playing with. The first installment will be on the Windows Mobile phone that I won last week at TechEd. After attending a Mobile Security session, I won this phone for knowing the original code name for the first Windows Smartphone (that was "Stinger"). The phone is a SAMSUNG Blackjack II with AT&T branding.

The list of features is good:

• Windows Mobile 6.0

• Tri-Band UMTS (3G) and Quad-Band GSM

• 128 MB RAM and µ-SD port (up to 4GB)

• GPS

• Thin (0.4") and light-weight

• 2.0 MPixel camera

In general, the device is easy to handle. It has a jog wheel that feels a little flimsy, but it works ok (so far). The keys are a little small for my clumsy fingers, but that way the phone does not get too big, so it is a good compromise. While the above feature list ist good, there are a few things that are sorely missing:

• No WiFi - this is probably the biggest shortcomming on this device.

• Proprietary connector - now standard USB, no standard headphone jack, no antenna extension - just proprietary connectors. This was acceptable in 2000, but I am no longer willing to tolerate this in 2008.

UMTS/3G internet services are quite good, at least in most places North of Boston. As such, most web sites suited for mobile browsers display quickly and efficiently in IE mobile.

The advertised add-on software (mobile TV, Navigator, etc.) is rather disappointing: some of it works all-right, but pretty much all of the applications are only short-term trials. This is highly annoying, especially since there is no easy way to remove the various links to these app from the Start menu.

Overall, I am quite happy with this new toy (especially at the price), allthough I would probably not have extended my contract for two years and paid USD 99 for it.

I attended a meeting of the Hartford, CT, chapter of OWASP yesterday - James McGovern was so nice of inviting me there. OWASP is a group focusing on web application security, with a heavy emphasis on "application" (in contrast to "infrastructure"). Most of the attendees were either directly working in the financial industry or closely working with them - at the end of the day, it was Hartford.

To me it was a very interesting event - especially since I have mostly been thinking about platform and infrastrastructure security and not so much about the applications. Some of the emerging standards (like PCI DSS) were rather new to me, but seem interesting enough for me to take a look at.

Some more interesting tools and tidbits:

• WebGoat is a "deliberately insecure JEE application", designed to teach developers how to *not* code a web application. This should be fun to take a look at.
  
• WebScarab is an intercepting HTTP(S) proxy.
  
• The OWASP Top Ten also has some interesting reading.
  

Overall, I am looking forward to staying in touch with this group.

tag:qtrax, iPod, music

Maybe, maybe: there are signs on the horizon that the content industry will finally come to grips with the harsh reality that their old models just do not work anymore the way they used to: enter Qtrax, a free, ad-supported P2P network that claims to have the blessings from a bunch of major labels, including Sony/BMG and EMI. Qtrax will lauch tonight, so soon we will know more.

Overall, this might be a sign that the RIAA monopoly is finally understanding that suing their customers is not a good way of advertising your goods. And while MP3s are not exactly the encoding that HiFi fans' dreams are made out of, it is still an interesting start into a hopefully much brighter future.

There are a few things that really interest me:

• They are using the Mozilla rendering engine. That is a good thing. Period.

• They promise iPod compatibility. Hmm.. this sounds odd, since the iPod is quite capable of playing back MP3s. Now - assuming for the moment that they are using MP3s - why would you need to make the iPod compatible? Unless there is some sort of DRM or platform lock-in included ... we will see in about 3.5 hours ;-)

• Who will be the ad source, ie. which advertising seller will get the opportunity to get access to a potentially gigantic market. While I have absolutely no idea, I'd be surprised if the name of that company started with a 'G'.

• How will Apple and the market react? At the end of the day, this whole thing is a thinly-veiled attack against Apples extremely strong position with the iPod and iTunes. If Qtrax can offer a similar level of ease-of-use, Mr. Jobs will have to do some very creative thinking.

• What is their Linux story? Or - to rephrase the question in a more interesting way: What is their open source/open specification story? I can see that they are not particularly interested in opening up their platform, as this would directly undercut their ad-based business model. But will they allow ports or make the engine at least reasonably portable to other OSes, including Linux, but also Symbian or other cell-phone OSes (and - of course - OpenSolaris)?

We will see ... soon.

tag: iPod, apple, audio, music, qtrax

For years I have been playing around with all kinds of computer based TV and multi-media solutions and toys: Windows MCE in its various editions from 2004 to Vista, early versions of MythTV and proprietary stuff. Until now none of these where really at a point where they were actually useful for a family room:

While Windows did have a reasonable UI from the start, the fact that it recorded to a highly proprietary format with nasty DRM implication was a deal-killer right from the start. Some of the tuner-cards (like ATI) attempted to mitigate this by bundling plugins for MPEG-2 conversion, but these were implemented rather clumsily and had frequent failures.

MythTV was - until recently - also more of a geek toy: nice for my lab or office, but nothing I could really throw at my family. Now, with the 0.20 config found in the Gutsy release of Mythbuntu, MythTV takes a rather large leap towards usability. 

• The UI is basically usable and driver support (especially for the tuner cards) is becoming acceptable. I am using an WinTV HVR-950 USB stick now with my digital-over-the-air setup and there is not a lot more I could ask for in terms of device support.

• The proprietary NVidia drivers are good enough and support the motion extensions that are needed to offload motion processing to the GPU.

• For audio, I require at the very least S/PDIF support (mostly for lossy Dolby Digital, but there is no other format like e.g. MLP being used for digital TV at this time), which has been quite painful, but ultimately doable.

• There seems to be decent remote support, but I am right now still fighting with my old ATI Remote Wonder (I think that I will cave in here at some point in time though).

The by far most important factor for family room usability for me is RTC wakeup: I could not near having a computer with its nasty fans running all the time. Enter ACPI controlled RTC wakeup: using a couple of scripts^[1], I was able to make the MythTV box boot up in time for any show that I wanted to record. Very cool.

One thing that I was fighting with in the end was a problem with the way MythTV could be shut down automatically after an unattended recording session. For this, MythTV provides mythwelcome(1) which is a helper program to start the MythTV frontend^[2]. The trick that made is work for me was to instruct^[3]mythwelcome(1) to not start mythfrontend(1) automatically: This overcomes a problem with session management in Ubuntu and mythwelcome, and allows the box to shutdown automatically after it completed recording.

Bottom line is that I am quite happy with my MythTV box for now.

[1] There are quite a few of tutorials on ACPI wakup out there, many using nvram-wakeup. Discard all these, and only use those centered on /proc/acpi/alarm, instead (if you can).

[2]  Mythbuntu Gutsy is actually quite smart about using mythwelcome(1): You only need to go into /etc/mythtv/session-settings and enable the welcome shell. No need to change the mythstartup.sh script.

[3] Press the 'i' key while in mythwelcome(1) to configure this.

This is so brain-dead, it is actually quite funny: In a move to make sure that he will be seen - once again - as a brave contrarian, John Dvorak thinks that Oracle paid Sun to kill MySQL. After reading this article, I had to verify that this was not The Onion, but actually MarketWatch.

His argument is fairly simple: Sun has a bad track-record of M&A, so Larry Ellison forces his old buddy Scott  ... ahmm, no wait, it's Jonathan now ... to buy MySQL and ruin it. To prove his point, Dvorak links to a list of recent Sun aquisitions that - allegedly - went bad.

Let's take a look at that list of "failures" again:

• SavaJe - JavaFX Mobile

• SeeBeyond - JavaCAPS

• Tarantella - Secure Desktop

• Waveset - Identity Manager

• StarDivision - OpenOffice (my addition to the list)

Last time I checked, pretty much all of these above technologies were thriving, some of them actually driving at the leading edge of their respective markets and/or standards regimen. Have there been failures or less successful aquisitions? You bet - that happens practically everywhere. There were also some aquisitions that were mildly successful, and others that came to pay off in rather unexpected ways or much later (Cobalt and the Sun x86 story come to mind).

The MySQL acquisition was and still is nothing short of brilliant. Sun has a major league RDBMS now that is being used by virtually everyone in the (your favorite technology moniker here) 2.0 market. And while most of these organizations and individuals are happy with an unsupported open source model, there are still a lot of big companies that use MySQL who are in need of support and other services. This business model fits perfectly into the entire Sun software portfolio and long-term strategy.

It is probably a sign of the time that tech pundits and columnists are now far behind of what is happening in the industry - especially when it comes to business models. On the other hand, Dvorak has been a commentator with a particularly bad track record of making predictions: think about his dismissal of the Macintosh mouse in 1984, his prediction of the iBook failure, his expectation that the iPhone will be a miserable failure, or even his prediction on Microsoft closing down, since the software market is supposedly dead.

The thing that is really sad is that there are even today people who read the name and the headline and assume that he has got a point. He doesn't.

tag: MySQL, Sun

Dare wrote an interesting piece on why RESTful service are much better off without an interface definition language. He is especially picking up on teve Vinoski’s IDLs vs. Human Documentation post, which emphasizes human readable documentation over IDLs.

I am sure that Marc has a somewhat different opinion on this ...

tag: development, REST, WADL

This makes total sense - and finally Sun gets a real database. I can think of at least 10 different major software products from Sun that would benefits enomously from switching from their respective current database platform to a single data store. I am really looking forward to having a single API and place to store structured data in Solaris and Java. Cool.

It reminds me also of the phrase someone coined: "LAMP is for boys, MARS^[1] is for men."

tag: Sun, Solaris, MySQL

[1] MySQL, Apache, Ruby, Solaris

A nasty experience, that I would like everybody to avoid if you can: A few months ago, my bank (NetBank) was acquired by a - by then to me - unknown bank called ING Direct. Having gone through this cycle a couple of time, I did not think a lot of it and trusted that this acquisition process would go as smoothly as the many I have experienced before. Boy, was I wrong.

During the acquisition process, we had our grand family vacation, and shortly after I had a couple of trips to California scheduled. During the vacation, my father-in-law passed away, and we had to arrange for travel and some fund transfers to Germany. The travel was quickly arranged, only the - otherwise perfectly simple - international wire transfer was suddenly impossible with this new bank. Over the course of a few weeks (during which I was not able to sit down at home and sort things out), the quality of service degraded steadily from good (prior to the acquisition), through horrible (prior to the complete conversion) to street robber courtesy (after the conversion to ING Direct).

Here is an example: with NetBank, I had a checking account and a money market account. Simple, nothing fancy. After the ING conversion, I ended up with two savings accounts, no ATM cards, and no checks. Transferring money from either of my "Orange" accounts to an external checking account was - essentially - impossible. Now, ING offers account linking of their savings accounts to an external checking account. I tried that, and it turned out that they had an incorrect social security number registered for both accounts. Ouch! After this was resolved (another 5 ING banking business days, i.e. 12 calendar days pass), they presented me with an online quiz about prior credits (the one you have to fill out to get your credit report online). Fine, unfortunately the credits/data presented had nothing to do with me, so they blocked the option to link accounts online.

And so on, and so on. Bottomline is that ING Direct and their representatives I talked to never even pretended that they were appreciating my business. In that category, they get big kudos for being honest. Everything else, including the online login, which could easily be inadvertently misused to get information about other customers, was an outright disaster.

So here is my verdict: even though they offer pretty decent interest, you will pay for this by having to deal with a customer service department that is only rivaled by United Healthcare for customer non-appreciation. Stay away.