“Rescinding that action, as the university’s chancellor did Tuesday, is an act of intellectual cowardice and self-destruction that brands the school as a haven for political correctness and threatens its academic integrity two years before it even opens its doors.”
But only conservative outrage when the same University of California rescinds a speaking engagement with former Harvard president Larry Summers?
“I was appalled and stunned that someone like Summers would even be invited to speak to the regents,” said UC Davis Professor Maureen Stanton, who helped put together the petition drive. “I think many of us who were involved in the protest believed that it wouldn’t reflect well on the university that he even received the invitation.”
PS- it’s a rhetorical question… I suspect if Che Guevara could be raised from the dead he would not only be invited to speak at UC but also appointed to a honorary department position, or perhaps be made a regent.
Which brings me on to the latest addition to the Freeform family. Against the above background, we are really chuffed to have one of the most well respected commentators and forward thinkers on the IT industry come to join us – David Tebbutt.
Freeform is lucky to get David, in my interactions with him I always found his insight, enthusiasm, constructive skepticism, and style most welcoming. This is further evidence that the analyst side of the business is once again getting interesting as the traditional barriers are breaking down and bloggers who rise to the top get picked off for their insight and expertise.
Congatulations to David!
This has been bothering me for a while. Have you noticed how many site have “features” that let you add you username/password for a third party site and they will access it for you? Have you ever thought about the semantics of what is going on here, in short, the site initiating the request is impersonating you to access your private data in a way that is not entirely clear. In the process, they are storing your username and password on their system for future use.
Lately I have been thinking twice before doing this, primarily because I’m not smart enough to have different passwords for all of my services, therefore, a security breach in one place would expose the entire portfolio of things I have usernames/passwords for.
It wasn’t until I read something in Jeff Atwood’s excellent post on the subject that I really figured out why it was bothering me so much.
This is a deplorable state of affairs. We’re teaching users that their credentials are of little value and should be freely handed out to any passing website that catches their fancy. It’s an incredibly dangerous habit to inculcate in users; it makes them far more vulnerable to phishing:
Like Jeff, I am not picking on one service provider and attempting to muddy their name. I am saying that identity is a massively exposed area for Web 2.0 and if we don’t get a handle on the technical aspects required to move away from usernames/passwords it is likely we will see a catastrophic breach of security that sets the clock back years in terms of what users will tolerate.
If you are a developer I would encourage you to read Jeff’s post on the subject, he provides some really simple suggestions that everyone building these systems can take advantage of today. More broadly, while I’m all for OpenID it is clear that there simply isn’t the momentum behind this open standard to suggest that it’s a game changer. Besides, OpenID has a similar problem, you would still have to provide a password and in the event your OpenID server was breached all of your services would be exposed.