Bruce has an excellent post about the data you’re voluntarilly giving to corporations. While he takes a consumerist view, and makes excuses for you frittering away your privacy (which I’m sure you’ll appreciate), the meat of this article is that if you trust corporations to do the Right Thing with your information, you need to reassess why you trust profit-motivated entities.  All that “community governance” crap is just a facade to get you to trust them with more information, so they can make more profit.

A CAPTCHA That "can't" be cracked

Everyone is in this arms-race. Those who make CAPTCHAs, and those who want to crack them.

The solution for the former is simple: Animate them. I’m not talking about making a 6-frame looping GIF, whereby the cracker can steal a frame and crack at THAT, I’m talking about an animation where any one frame doesn’t have all of the information- Even each of the frames looked at on their own doesn’t have all of the information, but the sum of viewing them makes it obvious.

There are 6 frames to the CAPTCHA on the right. The number “4″ and letter “K” are normal – if a cracking algorithm ripped these frames apart, they could trivially determine those. But the 8 is made of two frames- both of the letter “O”… The “X” is made up of two frames- one a “foreslash” the other a “backslash”. I’m not going to claim that this exact CAPTCHA is uncrackable, but the concept – spending more than 45 seconds in the Gimp- will yield a product that cannot be beaten by non-morphing algorithms, and I don’t see the CAPTCHA-cracking-clique getting that sophisticated for a few more years at least.

Go Forth And Code.

UPDATE 5/11: A colleague challenged that this could be beaten by a simple “flattening” algorithm, thus looking at all the frames at the same time. Again, the simple animation I made wasn’t meant has a true example, merely the gist. Introducing multi-color backgrounds, “erasing” parts of previous frames with future frames, among other techniques, would nullify the “flattening bypass”.

Spent most of the morning networking and people-watching. The sessions today are… fluffy. A couple interesting things this afternoon, possibly. We’ll be going over to the Atrium mid-afternoon and scoping out the new NYSERNet Colocation facility that we’re going to be leasing space in.

Dunkin Donuts breakfast sandwiches do not suck.

Pretentious, self-love-centric conferences do, however.

Attended a pair of session describing how SunGuard and SUNY, thereafter, are finally getting with 1990’s technology, treating federated credentials and identity management like they’re new. Referring to Shibboleth, for example, as “bleeding-edge” is akin to calling the Internet “newfangled”.

Other sessions were even less noteworthy.

Dinner was excellent.

Why I Dislike This Conference

Point 1: Fraud

Allegedly, “SUNY Wizard Conferences are geared toward the technical community in SUNY”. That’s from their website. In reality, it’s geared for two groups: Banner aficionados  and CIO’s. The former is indeed technical, but narrowly scoped. The latter is very non-technical. Because the CIO’s can’t stay in their own track, the “technical” presentations have to be dumbed down, and are little more than brochure session with some buzzwords thrown in here and there to perk up the techs. No meat. No gravy. Just potatoes. Uncooked at that.

If you don’t care about Banner, or wear a tie to work, this isn’t the conference for you (or me). This is one of the least technical conferences I attend.

UPDATE:  It has been alleged that I exaggerated with this segment. I did. And I’m sorry. There is 1 one-hour session worthy of Helpdesk Management and 1 two-hour session on iTunes University. Please excuse me for embellishing, as 2 sessions out of 60 aren’t Banner/Oracle or CIO -focused.

Point 2: Nostalgic Pretension

“Wizard”. Hmmm. Named back in the day when pompous mathematicians reigned superiorly over the world, and the magics of making technology work were out-of-grasp for the common man. Today, any High School sophomore can be a decent IT technician; any college freshman with cash or equipment can run a decent webserver; and anyone who has set up their own Wiki or Blog from scratch is on the right track to be a DBA. Calling this conference “Wizard”, in 2007 is laughable at best. Especially as it is one of the least technical conferences I attend.

Overheard “Wizards”:

“Since moving to [brand] blade servers, our Internet connection has maintained an almost 100% uptime.” For those who aren’t dying of laughter, that’s like saying “Since buying a GM car, the power hasn’t gone out at my house.”

“Linux probably isn’t an option for us, we can’t get the mouse working on our development system.”

“We were going to implement Shibboleth, but the vendor was asking way too much for it.” (Shibboleth is free, open-source software)

“Our mainframe is being de-supported by [company] in April. We have no migration plan yet. I was hoping someone here would have some ideas.” For those who aren’t aghast, this is comparable to saying “I’m 10 months pregnant and haven’t seen a doctor yet… Are you a doctor?”

“Did you hear that loser in the last session call Java a protocol? Java is a language, not a protocol. What an idiot.” (Languages are a subset of protocols, thus every language is a protocol (but not ever protocol is a language), idiot)

“Oracle is too clumsy.”