Fortnightly Mailing

Updated and republished with link to a review of Yubikey security issues, 9/3/2009, with further updates and fixes to broken links on 23/1/2013.

[Added 9/3/2009. Here, with thanks to Positive Internet, is a friendly but quite critical assessment of Yubikey and some of its security flaws by Dr. Fredrik Björck, a security consultant, along with (added 23/1/2013) an update showing the fixes that Yubico was already making back in 2009.]

Yubico is a Swedish start-up that has come up with a clever and economical way of providing three-factor* authentication. The two normal factors are your user name and password, but what if someone or some software system has acquired these? Three-factor authentication involves a device owned by you needing to be part of the process, thereby making it more difficult for someone to access your web-based services. The problem with three-factor systems is their expense, and the YubiKey is cheap enough even in small quantities for it to be realistic to deploy on a mass basis, provided there is cheap enough access to the necessary validation service.  It is also designed to work with OpenID, and would reduce the risks of phishing that are associated with using OpenID for higher-value services.

What if you lose your key? The effect of this would depend on how the service is configured. You could, for example, be allowed "n" two-factor accesses without your key, or, once you've used your credit card to order a new key, or phoned your service provider to be issued with a new key, then be allowed two-factor access until, with your replacement key, you can switch three-factor authentication back on.

Yubico looks to be pitching to be put into use by Google as an add-on for users of Gmail and Google Apps; and you would imagine that Banks must be interested in this kind of service as well (I believe some already provide it).

* Yubico describes its system as a two-factor service, in the sense of something you know (your user name and password), and something you have (e.g. the YubiKey).

With thanks to Ufi's Dick Moore for highlighting this. (23/1/2013 - that was then, this is now.)

Nice live report by David Weinberger from a talk at Harvard University on 26 February by Peter Suber on the future of Open Access. Useful, though it is US flavoured, for people wanting to get to grips with Open Access in its several variants: "Green Open Access (= open access through a repository) and Gold OA (= OA through a journal). There’s also Gratis OA (free of charge but may be licensing restrictions), and Libre OA (free of charge and free of licensing restrictions)".

There is an interesting and slightly tongue in cheek piece in the 3 March 2009 New York Times - Google’s Digitized Book Project Hinges on a Retro Kind of Search - about the lengths that Google is going to to reach authors of scanned books to tell them about the rights that flow to them from the recently settled class action.

Thanks to Dick Moore for pointing this out.

Ofsted's rather damning report, published today, is "based on evidence from inspections of information and communication technology (ICT) between September 2005 and July 2008 in 177 maintained schools in England, as well as other visits to schools where good practice was identified". Alex's review. Download the report.

I do not use Twitter, other than occasionally coming across other people's use of it when searching the Web.  Just as blogging used to leave me cold, so does Twitter.......

This longish piece by Richard Waters, Chris Nuttall and David Gelles, in the Financial Times, follows the US start-up's recent success in raising £24m in venture capital. The article gives a coherent description of the service and the underlying reasons for its success, and provides non-users with an overview of the Twitter "lingo". [I've included a chart from the article despite its the lack of any scale for the y axis.) The piece also manages to include a sidebar picking up on Baroness Professor Susan Greenfield's views - which are everywhere - about being active online causing brain damage.

Over the last few days there have been protests in New Zealand against a newly amended Copyright Act (Section 92A) which establishes a guilt upon accusation principle that can, according to this report, "see anyone accused of copyright infringement getting his or her Internet connection severed". There have been extensive protests in New Zealand against these unworkable changes, and Richard Elliot dropped me a note today reporting that the National Party yesterday decided to "delay and review section 92A of the Amended NZ copyright Act".

The Government is looking for a Director of Digital Engagement. Here is an excerpt from the advertisement.

"Within six months the Head of Digital Engagement will have developed a strategy and implementation plan and be able to show concrete signs of momentum in executing the plan.

Within a year the Head of Digital engagement should be able to point to two departments whose use of digital engagement are recognised in the digital community as being world class.

Within two years the use of world class digital engagement techniques should be embedded in the normal work of Government."

A challenging role. Closing date 4/3/2009.

Source: txteagle

"The total amount of idle time literate, English speaking mobile phone subscribers have within the developing world is estimated to be more than 250,000,000 hours every day. Given high rates of unemployment and marginal income sources, much of this population would greatly benefit from even an extra dollar per day."

Interesting article in the 14 February 2009 New Scientist by Anil Ananthaswamy. The article is partly about Nathan Eagle's txteagle, a service that "allows rural Kenyans to earn airtime and money by performing small tasks such as translation and transcription using their mobile phones" (from whose site the above excerpt is taken), but it develops into a more general discussion about mobile phones, and the credit they hold, as payment-transaction devices in less developed countries, using Safaricom (a mobile-phone based banking system) as an example.

Nathan Eagle is a research scientist at MIT and his Nokia-funded work on "reality mining" is also of interest.

Last year I was involved in project that used, to good effect, the social bookmarking service Ma.gnolia. The nice thing about Magnolia was its support for OpenID and the way that small groups could form around narrowly focused bookmarking endeavours, without the clutter of "mass" services like Delicious. Thankfully the project is long finished. Otherwise the data-loss described in this rueful message from the founder on the Magnolia web site would now be causing problems.....

My friend David Jennings wrote an interesting piece for the ALT Newsletter about "Web 2.0-style" resource discovery in libraries. David's report summarises the discussion at a workshop ALT*organised last December for the JISC-funded TILE project. Excerpt:

The short answer seems to be "yes it very well might".

*I am employed part time by ALT.