If you tell enough stories, perhaps the moral will show up.


Unnatural Selection

I've just started on my Christmas present, Kolmya Tales, by Varlam Shalamov. The introduction describes Shalamov's time in the mid-century Soviet labour camps and mentions the strokes of luck which allowed him to survive. I've read a little of the popular history and translated literature of the camps and the system that required them, and it struck me that all political survivor's stories have one feature in common: the amazing luck -- a necessary skill leading to a warm job, awakened sympathy in a guard or criminal, wasted food found or any of a host of other things -- that saved the witness' life. You could end up thinking that the penal labour was a happy-go-lucky setting where something would always turn up in time....

Of course that's wrong. There are no first person stories that don't have that lucky break, because all the potential authors -- without the lucky breaks -- died. By focussing on eyewitness accounts -- the best possible sources -- we've gone wrong. The camps were not about misery overcome by good fortune; they were about misery closed with death. Everyone is telling their truth, but the sample is bad, and so the picture is false.

Sex Differences

As I write, the three household males are all in front of general purpose computers of one sort or another. The MMS is building layouts with his Trainz program; not a Christmas present, but running much better on the new computer. He's passed a little milestone that no-one else seems to have noticed -- he's saving files with worthwhile names, so it's probably time to get a modern version for his birthday. The LMS is playing Half-Life downloaded as a Christmas present (very Christmassy...) and I am writing this.

The females are on the sofa, with a nice fire, watching High School Musical...

Which is better?


Happy Christmas

This hedging porn looks a bit Christmassy so it seems appropriate. Both taken on the solstice, truly just an hour before the thaw turned the rime to drips.

The hedge is my current work in progress -- you might just see I've reached the limt of my dewiring, and as the ground is too hard for stakes, I spent the time peeling back the stockfence and tidying up.

If you think the stakes look a bit dodgy, you're right. I salvaged them out of some chesnut paling lattice. Years old, but still hard enough to drive with a hammer, once I've opened up the ground with the iron. Almost any stake makes the job much easier.

The second picture looks very frigid indeed, but that's what happens if you go outside with the white balance set to flourescent...


Paid-for Malware

I sometimes get asked what anti-virus software I recommend for use on the home PC. I've tried a number of possible answers but my heart isn't in any of them: I know McAfee is a pain; bouquets for Norton outweigh the complaints, but not by much, so I've been recommending Kapersky -- I know it works and and the price is closer to reasonable. So a story like this one is a bit disconcerting. What are the lessons?

  1. Don't trust software more than you need to. We had all the warning we needed when McAfee pulled this same stunt on a bunch of system files a few years ago. Don't delete: Quarantine.
  2. It's time to start getting more assertive about my true answer....
Which is this: I don't run AV software at home. I never have. I don't do stupid things, mostly, and I don't let the children or Mrs U have administrator accounts. I know how to use autoruns (though I've never needed it) and there are the web scanners. I've never had any trouble, even on Windows, and my truly personal computer runs Linux.

Even just writing that, I can see how eccentric and impossible it seems.... really I should just say that I've no useful advice to give.


We are Them

Interesting session with Mrs U in which she dammed her mother's eccentricities. I think she was completely unconscious that the traits she found most obnoxious were those shared most identically between mother and daughter.

We believe that introspection is the most reliable source of knowledge -- it certainly feels that way. In fact, we are strangers to ourselves.

For an accurate portrait we need the opinions of those who know us, expressed in their private conversation and writing. But an accurate portrait is almost unbearable. The shocked diary snooper or eavesdropper -- the relationship changed needlessly but forever -- is one of those cliches that's trite because it's so real and so common.

I wonder whether this is the real reason why words like "nosing" and "prying" carry such an ugly load: not defence of privacy, but psychic self-protection. We can't bear to know.


Insourcing Authentication

It's appraisal time and the focus is on the performance management system. That's outsourced -- Internet delivered and hosted somewhere in Florida.

The issue that was brought to me was concern that users might be saving their performance management password in the Internet Explorer credential cache. It's never something that's worried me very much -- if you lose control of your workstation session, you've lost a lot more than the right to express an opinion on that annoying support guy with the awkward questions....

But it tied up some ideas that have been rather weakly formed in my mind.

We're outsourcing more and more, and the result is that our users do their jobs with accounts on this system and accounts on that, and I have no real confidence that there's even a consistent list. I'm certain that there are some systems a leaver will retain indefinite access to, simply because the whole service was set up by the business with no IT involvement and the helpdesk will never know to cease the account. This is pretty galling when we've recently put so much work into the Joiners/Leavers/Absentees process and the unused account purge. We're actually getting on top of this, but it's slipping away though a side door. There's certainly no hope of enforcing a consistent account name or password complexity policy.

At the same time, to deal with the many sites like Blogger, Delicious and others that I use all the time from loads of PCs, I've been looking at OpenID, a public authentication system, that allows the administrators of an Internet hosted application to securely trust a logon completed at a different site. I've gone so far as to set up an OpenID on the Verisign test site, even though I've nothing to log in to it with.

So I've been toying with the idea that authentication was a service we could outsource -- to Verisign or perhaps a two-factor supplier. In fact, I had that exactly wrong. Authentication is the one service we can always do better than anyone else because no-one can know better than we do, who works for us. This is true even if we don't know very well ourselves....

So we shouldn't outsource -- we should insource. We should provide an OpenID service as part of our infrastructure support for application outsourcing. Then we become the authority on who works for us, and what tests they have to pass to prove it:

  • Log on from inside, and you just need a logged-on Windows session; log on from the Internet and it'll ask for your RSA token.
  • The helpdesk can cease your OpenID when you leave, so terminating access to services they don't even know exist.
  • The authenticator could decline to recognise remote applications completely or on a per user basis.
  • Choices about access to the dodgier stuff like the password reset tool, or remote access can all be made here.
So it would all be fabulous. Just a couple of problems:
  • There doesn't seem to be OpenID software with the flexibility and convenience I need, and
  • The chances that application hosts can be persuaded to recognise their customers' OpenIDs seems close to zero.
So this frankly rather wonderful approach, which ought by rights be standard, is dead. But I think I'll put OpenID support on the qualification form just to watch them squirm.


Only a year old

First encounter with a Vista installation today -- a factory fresh Compaq.

  • Loved UAC -- it's definitely the future (that is, it's as good as sudo, so Windows has caught up with 1985 flavours of Unix.)
  • Loved how the compatibility with DOS3.3 is way better than W2K (don't ask.)
  • Hated the difficulty of finding where to give the Ethernet adapter a static IP address (got there in the end though)
  • Hated that the integrated Intel graphics with an experience index of 3.3 couldn't make Aero look like anything better than Ubuntu with a translucent theme on a mobile Pentium
  • Hated -- really hated -- having to wait for a dual-core 1GB laptop to pop up a printer property box or move some files. How sad. Maybe SP1 will sort it out.
In the meantime, the Dell I bought a few weeks ago turns out to be the ideal XP machine. So that's where it's staying.