Wednesday, 24 August 2011
- you log in with your uni-id to prove you belong to the university
- the service provides you with a connection as if you have a campus id address
- you are logged into google and you google credentials are cached locally
- you connect to the proxy server.
- The proxy server inspects your machine and notices your google credentials are set. It looks up your gmail address and sees you have previously linked that to you institutional id
- it asks you to type your institutional password to confirm it's really you
- just as in CAS it creates an obfuscated token it passes to all services that request it to allow access to institutional resources including federated resources
Tuesday, 23 August 2011
- mount hardware specific startup volume
- mount the rest of the operating system and continue booting
- mount the user and application volumes
Wednesday, 17 August 2011
Friday, 12 August 2011
Personally, I've a lot to thank the PC for as it has kept me more or less gainfully employed for the last 30 years, through the rise of the clones - when just about anyone with a wrist strap and a torx driver seemed to be making clone pc's in their shed, the wordprocessor format wars - wordstar/word/wordperfect - I still have a wordperfect mug - operating systems - dos, windows, windows 95, NT, OS/2, Windows 2000, XP and windows 7 and of course not forgetting peripherals along the way - principally printers.
And while I like to accentuate the sexy, doesn't everyone, it's been the humble desktop computer and laptop that's been my mainstay. And even when I've strayed to other architectures and operating systems, I've got to admit that the original concept behind the IBM PC design has stayed good - allowing you to easily make and upgrade systems out of standard components as seen in my $83 linux PC - which was actually only $20 for the box, memory and disks, with bits stolen begged or borrowed from other dead machine - the principal cost being a second hand Sun LCD screen.
And that's it exactly - the design took the world by storm because it was so open so that in the end it had so much momentum behind its general purpose open extensible architecture many of the non Wintel suppliers ended up using the design and the components to get costs down. And whatever anyone tells you about PC's being dead, ignore them. Have you ever seen an ATM boot up? or an airport self check in terminal, not to mention all these train station screens telling you windows has failed to restart correctly ...
Thursday, 11 August 2011
Dropbox of course lets you share files with yourself, applications such as zend.to and yousendit make it easier to share files with others.
We therefore have two slightly orthagonal use cases:
Use case 1 (the zend.to scenario)
- user wishes to share files or data with another user (or group of users) on campus or elsewhere. The files are too large to send via email, nor are they lodged on an open repository
Use case 2 (the syncany scenario)
- user wishes to ensure that files held on a local directory on their personal computing device are backed up to a central location on a periodic basis
- user wishes to share these files across multiple computing devices in various locations
- user does not necessarily wish to share contents with other users
Incidentally Asus's webstorage does exactly that. If I hadn't let mys subscription lapse (my bad) I could have experimented with doing this with the Ookygo for local files. However given that 95% of everything that I use the Ookygo for on the road is done via a browser I probably wouldn't have much in the way of a valid experiment ...
Friday, 5 August 2011
- you run it on a server owned by you - no nasty questions of trust and third party intermediaries using transit servers in Ktoznaetistan
- you tie it into local authentication making it easy for your users to exchange files
- it presumes that if you are a home user and are sending the file to an external user the external user is known to you
- it does some standard address verification if the external user wishes to send a file to an internal user - again there is a presumption that the recipient will know/recognise the email address of the originator
I also guess it would be possible to add shibboleth authentication as an option for originators for added verification for cross institutional collaboration...
Thursday, 4 August 2011
... Traders avoid the need to carry large amounts of Somali shillings by converting them to U.S. dollars and then wiring them to money houses in Somalia. Because identification can be easily forged, those seeking to pick up wired money are required to answer questions about their clan and kinship relations ...
What's interesting is that the de facto solution is based on private knowledge. So for data transfers, rather than send the key, one should perhaps think of a two or three factor response system, similar to those used by banks to establish your identity for online banking.
I've also suggested in the past that such a solution would help in digital cultural repatriation in Aboriginal communities where, as custodian of digitised cultural heritage, you need to maintain the trust of the traditional owners of that heritage by putting in place measures that require people requesting access to demonstrate that they have the right of access under traditional law.
As a content sharing solution it also has the merit of not requiring people to remember passwords or do something sophisticated with encryption keys, but of course it does mean people having to register with the file sharing service, ie establish their bona fides, before being able to use it - which would constitute a barrier to adoption ...
In the old days of course it was simple - mailboxes were small and any (relatively) big files were transferred by ftp either from your machine, or via some server.
Nowadays. mailboxes are considerably larger, but quite a few systems impose limits on the size of attachments, which can be a problem when sending verbose files such as scanned pdf's of contracts.
Now we could simply use ftp, or better sftp, but of course this has a problem - distribution. Using an ftp solution is reliant on the end user bothering to download the file. A proportion won't. And these days a greater proportion won't know how to use ftp. Email wins as all they need do is click on an icon and the file opens in Acrobat, Preview, or whatever.
Commercial services like Yousendit are a bit better. Even though conceptually simple as an http file upload/download service they generate an email with a link that you click on and the download happens. It's immediate and almost as good as clicking on an attachment.
However, to send a file you are entrusting your content to a third party. A third party elsewhere. And the server is in?
The Dropbox sign in fiasco tells us that however good third parties services are we need to reserve judgement. Sure 90% of the data shared is cat pictures, but what about the 10% that is contracts or X-rays or something equally private or confidential?
In Australia we do at least have Cloudstor that uses Shibboleth to ensure that those you share with are members of the club but this has a disadvantage - one you can't share with non Australian Access Federation people (or the NZ equivalent) ie you can't share with non university people or people in the Northern hemisphere eg UK or US.
So, do we have to trust a third party - for the moment yes, otherwise it's down to sending encrypted USB sticks through the mail. What perhaps we need is a third party encrypt and submit service that sends the key separately to the uploaded file ...
Wednesday, 3 August 2011
If you’re a regular follower of this blog, you’ll realise that one of the themes is central Asia. So when Librarything offered me the chance to review Waiting for the Dalai Lama by Annelie Rozeboom I was more than happy to do so.
Some of the review was written on the plane back from my recent trip to Evanston, any misspellings and mispunctuations are mine, even if I would like to blame the airline for the rather cramped journey …