Wednesday, September 23, 2009

Why Are My Photos Required To Beat Cancer?

I just ran across a Facebook app from Intel called “Progress through Processors”. It’s a new version of the distributed computing / grid computing apps we’ve had for a long time (I had lots of SETI@Home points), directed towards combating cancer, climate change, and malaria in Africa. That took about 10 seconds to decide, “Hell yeah I”ll do that!” (despite the economy hit – it isn’t free; when the processor is pegged it does use more juice). However…ahem…there’s the question of this little warning screen before you can install the app:

Allowing Progress Thru Processors access will let it pull your profile information, photos, your friends' info, and other content that it requires to work.

Excuse me?? Now I may not be the identity geek my friend Pam is, but I do know my way through Kim Cameron’s Seven Laws Of Identity. Law number 2 states:

The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.

In other words, assume a systems breach is always possible, and never ask for identity information you don’t directly and immediately need. Why on earth are my photos, my friend’s info, and “other content” required to use my spare processor cycles to combat cancer?

Equally scary, over 104,000 people are fans of this app. If they’ve all installed it, that’s a hell of a lot of identity gathering. I realize this is pretty standard procedure for Facebook apps (which is why I don’t use them), but I’d hoped that Intel would know better.

I posted a comment regarding this to my old home at the Intel blogs; we’ll see what comes of it.

Technorati Tags: ,,

Sunday, September 20, 2009

Useful Active Directory Delegation Links

Delegating rights in an AD forest so that everyone gets just the rights they need – and no more – is one of the most important acts an AD administrator can take to ensure the security of that forest. In writing up an AD disaster recovery presentation, I came across several links that summarize the basic delegation recommendations, and updated features in later AD releases that make delegation a little easier. Though not exhaustive, I thought I’d simply collect these in one place.