Archive for the 'web' Category
Posted: Wednesday, December 23rd, 2009 @ 2:48 pm in security, web | Comments
I’m having some interesting offline followup discussions with folks about oAuth WRAP and my relatively negative reaction to it. One of the comments seems to be that SSL will recreate exactly the security that HMAC signatures were trying to achieve, and it was really hard for developers to do oAuth right in the first place.
I [...]
Posted: Tuesday, December 22nd, 2009 @ 1:58 pm in security, web | Comments
I’m just finding out about oAuth WRAP, a new, simplified version of oAuth which some are calling the “valet key” approach to web data sharing: don’t give your Facebook password to a random web app, instead use oAuth to mint them a valet key that lets the app access only some specific portions of your [...]
Posted: Wednesday, November 11th, 2009 @ 1:17 am in security, web | Comments
So this evening my Facebook account was hacked and spam messages were posted to a few dozen friends on my behalf. Thankfully, since I’m friends with a number of security-savvy folks, I was notified almost instantly. Now I’ve never cared too much about my Facebook account, so I used one of my weak passwords. I’m [...]
Posted: Friday, September 25th, 2009 @ 1:16 pm in data, web | Comments
Stefano Mazzocchi is awesome and his thinking on Web-based data is incredibly nuanced and pragmatic, so it’s not often that I want to publicly disagree with him. But in his latest post, I think he’s off the mark.
Stefano argues:
The difference between RDFa and Microdata (syntactic differences aside) is basically the fact that the proponents of [...]
Posted: Sunday, September 13th, 2009 @ 6:30 pm in privacy, security, web | Comments
On Friday, I attended Social Network Security 2009 at Stanford. This was a fantastic get-together, with some very interesting info from Facebook, Google, Yahoo, Loopt, and the research front. I have some notes, mostly from the first half of the day, at which point my laptop battery ran out. Time to upgrade to the 7-hour [...]
Posted: Tuesday, August 25th, 2009 @ 4:09 pm in web | Comments
When people criticize RDFa without much experience really working with it, I tend to ignore the comments, because they’re usually out to prove some subjective point about what they think the Web should be like (“prefixes are ugly!” “Yahoo’s RDFa support was broken once so clearly RDFa sucks!”…). But when Jeni writes about RDFa, given [...]
Posted: Friday, July 17th, 2009 @ 1:32 pm in press, security, web | Comments
MIT Tech Review asked me for a general comment on web authentication for their article covering new technology by Delfigo. There wasn’t enough time to look in depth at Delfigo’s technology, so my comments were about multi-factor authentication in general, and whether the additional factors are easily phishable. In other words, it’s interesting if authentication [...]
Posted: Monday, July 6th, 2009 @ 1:00 pm in privacy, security, web | Comments
The Engaging Data Conference at MIT, which brings together a number of interesting folks around the management of personal electronic data, is happening in October. The deadline for papers is this week, so submit a paper now if you’ve got some good ideas to share.
Posted: Tuesday, June 23rd, 2009 @ 6:35 pm in data, privacy, web | Comments
Facebook is an impressive company, they’ve done and continue to do some very amazing things. And I admit I certainly didn’t see them coming 4 years ago. But okay, come on:
“No one wants to live in a surveillance society,” Zuckerberg adds, “which, if you take that to its extreme, could be where Google is going.”
Umm, [...]
Posted: Thursday, June 18th, 2009 @ 12:35 pm in health, web | Comments
My research group, Children’s Hospital Informatics Program, just released a statement of principles in designing the next generation of Health IT, and folks are picking it up. The key concept is substitutability, or what software/Internet architects have called loose coupling. The idea is to build modular rather than monolithic systems, and ensure that the modules [...]