Gumby

Thoughts from the clay guru.

Archive for the month “February, 2012”

“SIM Switcheroo”

Here is another Blog on how smart my kids are…and how we need to stay on top of things more than my parents do.

One of the rules around our house is that before the kids go to bed, their phone needs to be plugged in and dropped in a basket on the kitchen cupboard.  This rule is to prevent texting, phone calls, game playing, etc. when they should be sleeping.  When checking the phone bill for the paticular month, I noticed that just a few days earlier…my daughter had been texting around midnight.   Hmmm….that’s funny….I am sure she had her phone in the kitchen that night.  Well, she is in bed now, so let me see if her phone is downstairs……[me dragging my butt downstairs to check]…

Phone there…check.  Let me check something else….that’s funny…no bars.  Wait….let me pull the back off…WHAT!?!?!…..no SIM card in.  [sound of me stomping up the stairs].  [Light on in bedroom]….daughter half asleep, or so she is pretending to sleep.  “Denise, where is your SIM card?”  She reluctantly hands over the “phone she hated just a year ago”, and inside is her SIM card.  DAMN, she is smart….pulled her SIM card out of her phone before she deposited in the basket for the night.  Score one for the kids…but the game is far from over…..now I check for a signal pretty much every night.  There is 10 seconds every day I will never get back.

Thanks to Dan W. for the title for this blog….after he bugged me that he did not know the story.

Authentication vs. Encryption vs. APIs/Communciation Protocols

Context is Learning Systems….

This is a quick primer on the differnces between Authentication, Encryption and APIs/Communciation Protocols.  I will try and explain each in simple terms, and the importance of all three.

Authentication

At its basic sense, authentication is simply a way for a web server to verify a user is who they say they are…and to keep “riff raff” out.  Most people know this as simple username/password prompts.  An LMS or content server with an authentication scheme employed will require an individual to identify (login) before they are allowed into the system.  Now some Authentication schemes, like Single-Sign-On (SSO), will be integrated with either your local Operating System or browser to store credentials that you have entered earlier, and share that with other SSO enabled sights.   From an end-user perspective, it appears they may not be authenticating on a particular site…but be assured…they are…it is just automatic.

If a site does not provide authentication…then by definition, the site is open to the general public.  You may have heard of the term, Security by Obscurity.  This simply means…if a person does not know it is there..then it is secure.  And this is false.  Would you bury your life savings in a forest preserve if I could guarantee that no one knows the location?  I would hope not.  You always run the risk that someone may accidentally run across your hiding spot…or an enterprising individual may try and discover this location by following you during one of your withdraw runs…or discovering through social engineering (maybe talking to a family member that discloses some information that might lead an invidual there).  You want your money in a secure location like a bank, that checks your identification and requires some additional information like an account number before you are allowed to withdraw the money.

Encryption

Encryption is simply protecting the information that travels from the server to the end-user’s browser, encrypting, or scrambling, the data so only the server and browser can understand it.  You should realize that computer networks are just a medium to transmit data, just like yelling across a room.  Next time you are at a Starbucks, imagine your Bank is next door.  Would you yell out loud to the bank teller, asking for a withdraw and then yelling your account number and maybe social security number for all to hear?  Of course not.  Well, sending this information across the internet, although not as blatent as yelling, still provides the same information…just slightly more difficult to listen into.  But going over a wireless network IS broadcasting that information in about a 300 ft. radius, and people could have listening devices picking up on this information.  Also, anyone with access to network connections anywhere between you and the destination server could tap into this information as well.  Pretty scary thought, isn’t it.

The standard encryption scheme used by Internet sites is Secure Sockets Layer or SSL.  You can tell if you are using a SSL site in general if the URL starts with HTTPS (that “S” means secure) instead of the more standard HTTP sites (no-secure).  With SSL sites, when the SSL server and your browser initially connect, they agree on a complex protocol to scramble all the data as it leaves your browser and travels to the server, only to be unscrambled at the other end…and this happens both ways.  So even if you are “yelling” your bank account information, it is in a language that only your browser and the bank’s servers can understand.  So any site that is SSL enabled, will safely communicate all information in a protected and safe way.

APIs/Communication Protocols

Within the context of learning environments or LMSs, there are two primary APIs or Communcation protocols used; AICC and SCORM.  SCORM is really just an extension, and really just version 3.0 and later of AICC.  The purpose of these standards is twofold.  First is to provide a standard mechanism to package up courses and configuration files in a way that LMSs can consume, load and configure the course on the LMS.  The second purpose is to provide an agreed upon communciation approach so the course can talk to the LMS to get basic student information, get previous progress data, and send completion information.  Nothing more.  There is nothing in the AICC or SCORM standards that deals specifically with protecting course data from prying eyes – no Encryption or Authentication is defined in these standards.

Encryption does not Equal Authentication

I can enable SSL on a site that is open to the general public, with no login.  In fact, go to HTTPS://www.google.com.  You will notice (although not physically see) that all your Google searches are encrypted and no one will be able to see that I executed a search on say ‘pink flamingos’, but ANYONE can get in and execute a secure search on Google.  Not much benefit in SSL securing a site that anyone can get to the information anyways.

There were a number of sites that used to require authentication, but did not provide encryption.  eBay I believe early on was this way.  You were required to enter your login information to bid on items, but if someone could view your traffic, the could have easily gotten your login information and/or seen what you were buying.  So you will notice now that on ebay, as soon as you go to the login screen, you are redirected to their secure SSL enabled site.

There is security in enabling both authentication AND encryption, and most (hopefully all) financial institutions will require both.  So if you care about protecting the information on your server, whether it be financial information or Intellectual Property for your company, you will want to secure your data with both encryption and authentication at a minimum.

Checking out an eBook on your tablet or Kindle

So, did you know that most libraries provide a number (although small…but hopefully growing) of electronic books available for checkout?

I have used this approach a few times and it is pretty easy.  This blog is a visual step-by-step process for getting the book Cryptonomicon by Neal Stephenson onto my iPad (and Windows Phone 7 if I want to later).  Click on any picture below for the full-size image.

Step 1:  Go to the Overdrive site (http://www.overdrive.com)

Step 2:  Enter your Zip code to the Library in your area.

Step 3:  Click on the library link provided in Step 2 to be taken to the collection of books available for download from your library system.

Step 4:  Search or browse for your book.  Once you locate an available book, clicking on that book will provide you some options to download.  I will select the Kindle format for this discussion.

Step 5:  After selecting the Kindle format, we will select the option to Proceed to Checkout

Steps 6, 7, and 8:  Select your Library, change Lending Period if you want, and then click on the Get for Kindle button

Step 9, 10, 11, 12, 13:  Head on over to Amazon (http://www.amazon.com) and accept your Public Library Loan and then Deliver it to the Kindle compatible device of your choice

Step 14, 15:  Go to your Kindle device (my iPad for this example), and select and read your book.

When the book has expired, you will see that the loan has ended (as in Snow Crash in the image above), and when you launch the book, you will be presented the option to buy it

Hope you found this guide helpful.  Please provide comments to this blog if you have anything to say… positive or negative.

Post Navigation