27 Nov 2015

feedPlanet Identity

Julian Bond: Meet the UK's "Committee on Climate Change", A balanced response to the risks of dangerous climate change...

Meet the UK's "Committee on Climate Change", A balanced response to the risks of dangerous climate change, Independent, evidence-based advice to the UK Government and Parliament

Yes, Minister? It's one of those delightfully dry UK civil service productions. Some entertaining reading in there. Especially the last entry in the FAQ. Can you see the fnords?Â

12) Despite reports of falling UK emissions, hasn’t our real carbon footprint actually risen?
The fall in emissions within the UK is real, reflecting- for example â€" reductions in emissions from power generation. But if we look at consumption emissions, then yes, our analysis suggests that our carbon footprint has increased since 1993, as growth in imported emissions has more than offset the reduction in emissions produced within the UK.
This increase in imported emissions is largely a result of rising incomes, with associated increased demand for consumer goods, many of them imported. This emphasises the need for policies globally to reduce emissions. It is very encouraging in this respect that countries, including China and the US*, have made ambitious commitments to reduce emissions. There is now widespread coverage by low-carbon policies of major emitting sectors around the world. The UK is not acting alone.
*China and US together made up about 45% of world CO2 emissions in 2011.

They're recommending to the Government to target 57% reduction in carbon emmissions by 2030

Meanwhile the BBC is reporting that global public support for any action at all is falling.
And the UN thinks that all the pledges so far should only result in a warming of 2.7C in 2100 down from 3.1C. Which is not enough.Â

Although, really, the scientists are lying to themselves and us by being publicly overly optimistic even while in private they are deeply pessimistic. Here's a meta analysis of what they're saying and an aggregation of how their models look.

Anderson’s case, in summary, is that most of us, whether scientists, policy makers or citizens, are suffering from cognitive dissonance. We acknowledge the mathematics of carbon budgets compatible with the 2°C target, yet are unable to face the revolutionary implications of what we need to do to get there. Put simply, our entire way of life for most of us in rich countriesâ€"and for an increasing number of rich people in poor countriesâ€"has to change radically, starting now.

There's that 1000Gt figure again, except this time it's 1000GtCO2 to stay under 2C of which 300GtCO2 is probably already gone. That's 0.3TtC. Much more likely is that mankind blows the full 1TtC  #terafart  of accessible fossil fuels over the next 100 years.


Thre was no pause. And warming is accelerating again.

Support your local artists

Go on the March on Sunday. It'll make you feel better.
 Committee on Climate Change | Independent, evidence-based advice to the UK Government and Parliament »
A balanced response to the risks of dangerous climate change. Independent, evidence-based advice to the UK Government and Parliament. Search for: Skip to content. Home · About us · News · Tackling climate change · Publications · Blog · FAQs · Charts & data · Contacts ...

[from: Google+ Posts]

27 Nov 2015 7:47am GMT

26 Nov 2015

feedPlanet Identity

Julian Bond: Stanford and MIT reckon we can ditch fossil fuels globally and go 100% renewable by 2050.

Stanford and MIT reckon we can ditch fossil fuels globally and go 100% renewable by 2050.

What can I say, except that this needs fact checking.

Note that 2050 is the new 30 years out, again.

You've got to love those techno-optimists.

Stanford study says world could be fully powered by renewables by 2050 »
A mix of wind, solar and hydro power could replace fossil fuels in every country in the world.

[from: Google+ Posts]

26 Nov 2015 9:54am GMT

Julian Bond: Instead of using humans to colonise and terraform Mars into Planet B, I think we should use Tardigrade...

Instead of using humans to colonise and terraform Mars into Planet B, I think we should use Tardigrade water bears. They can go on the generation ships to the nearest star system with a goldilocks planet as well. With some mushroom spores. It shouldn't take more than half a billion years or so to result in some intelligent life that can talk back.Â

 The tardigrade genome has been sequenced, and it has the most foreign DNA of any animal »
Scientists have sequenced the entire genome of the tardigrade , AKA the water bear, for the first time. And it turns out that this weird little creature has the most foreign genes of any animal studied so far â€" or to put it another way, roughly...

[from: Google+ Posts]

26 Nov 2015 8:09am GMT

Ludovic Poitou - ForgeRock: LDAPCon 2015

Time flies… LDAPCon 2015 has happened and we all have returned from Edinburgh to our daily lives. As for the previous editions, this year's conference was well attended, very friendly, with plenty of time to socialize around a (few) pint(s)…

Continue reading

26 Nov 2015 8:08am GMT

Julian Bond: What are these Paris Climate Change talks anyway?

What are these Paris Climate Change talks anyway?
Here's one of those fast talking youtube guys telling it like it is with the aid of plenty of nouns in a large font face. It's only 4 minutes. You can find 4 minutes, right.

As one commentator says, "And the better news is that even if Paris totally flops, and everyone is just hurling brie and baguette at one another, cities and private companies can take action to cut emissions and make a difference. In fact, they're the real key players here, because diplomacy isn't real climate action. How does any treaty matter if no one does what is says?"

Holy pea-huck, hipster man! That's the better news?

Via one of those essays about Uncharted Territory in FlatLand (where be dragon kings, and black swans).

- This year will undoubtedly be the hottest year on record
- Before the start of the Paris climate talks, negotiators working to craft an international agreement that will curb rising global greenhouse gas emissions are staring into a wide gulf between what countries are willing to do and what they need to do.
- Not only are we humans unable to verify INDC emissions pledges after the Paris talks conclude, but we are also unable to take into account all of the GHG emissions our global civilization creates and has already created. But we can measure the resulting CO2. And that's at an all time high.

Another facebook commentator said: "Are you people. For. Real. We're. On. The verge. Of ww3 and your On about. This. BOLLOX."
Hey ho. What's below the emergent behaviour? Oh, it's emergent behaviour all the way down. Thing is, we're all doing our best. Just because one aspect of modern life is rubbish doesn't mean we can't put effort into trying to deal with some other aspect that's rubbish.

[from: Google+ Posts]

26 Nov 2015 8:03am GMT

25 Nov 2015

feedPlanet Identity

Mike Jones - Microsoft: OAuth Discovery

I'm pleased to announce that Nat Sakimura, John Bradley, and I have created an OAuth 2.0 Discovery specification. This fills a hole in the current OAuth specification set that is necessary to achieve interoperability. Indeed, the Interoperability section of OAuth 2.0 states: In addition, this specification leaves a few required components partially or fully undefined […]

25 Nov 2015 11:32pm GMT

Julian Bond: There is no de-coupling between GDP growth, energy and resource usage. So how do we get to sustainability...

There is no de-coupling between GDP growth, energy and resource usage. So how do we get to sustainability?


From a comment earlier in the year. "Yes, we will have completely changed mankind's approach to global economics by turning the quest for endless growth into the quest for endless sustainability by 2115" #22C
 Consume more, conserve more: sorry, but we just can’t do both | George Monbiot »
Economic growth is tearing the planet apart, and new research suggests that it can’t be reconciled with sustainability

[from: Google+ Posts]

25 Nov 2015 8:48am GMT

Julian Bond: Because there's no Planet B.

Because there's no Planet B.
Sunday 29 Nov.
Global Climate March »
The police have just informed us that the tragic attacks in Paris have made the march there impossible. Now it's even more important for people everywhere to march on the weekend of November 29th on behalf of those who can't, and show that we are more determined than ever to meet the challenges ...

[from: Google+ Posts]

25 Nov 2015 7:48am GMT

Mike Jones - Microsoft: Proof-of-Possession Key Semantics for JWTs spec addressing Area Director comments

Proof-of-Possession Key Semantics for JWTs draft -07 addresses review comments by our Area Director, Kathleen Moriarty, as well as comments by Hannes Tschofenig and Justin Richer. This should hopefully enable IETF last call. The specification is available at: http://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-07 An HTML formatted version is also available at: http://self-issued.info/docs/draft-ietf-oauth-proof-of-possession-07.html

25 Nov 2015 2:07am GMT

24 Nov 2015

feedPlanet Identity

Mike Jones - Microsoft: JWS Unencoded Payload Option spec addressing Area Director comments

Draft -06 of the JWS Unencoded Payload Option specification addresses review comments by our Area Director, Kathleen Moriarty. This should hopefully enable IETF last call. The specification is available at: http://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-06 An HTML formatted version is also available at: http://self-issued.info/docs/draft-ietf-jose-jws-signing-input-options-06.html

24 Nov 2015 11:32pm GMT

Kantara Initiative: Kantara Initiative and CCICADA Announce Partnership

Kantara Initiative and CCICADA Announce Partnership They Will Use Applied Research to Develop Real-World Solutions Addressing Cyber Identity Management Challenges CCICADA and Kantara to launch trusted services research pilot program Piscataway, NJ (November 24, 2015) - Kantara Initiative (Kantara) and the Rutgers University Command, Control, and Interoperability Center for Advanced Data Analysis (CCICADA), a US Department of Homeland Security […]

24 Nov 2015 4:32pm GMT

Julian Bond: A short excerpt from some comments at http://www.declineoftheempire.com/2015/11/the-unforgivable-sin.html...

24 Nov 2015 8:12am GMT

Katasoft: Recipe: The Best Darn HTTP Cookies

Stormpath HTTP Cookies

As we planned our burn-down to the holidays, our head of Marketing made some pretty big commitments to our growth plan. But what is a good growth plan without some technical fussery? So, here's what I came up with as a response:

All new API calls to Stormpath Thanksgiving week will result in a shipment of free, freshly home-baked cookies to the holder of the Stormpath tenant!

So, In the spirit of the holidays and web developers everywhere, we've decided to put cookies at the center of your Thanksgiving week. I'll cover how to use http cookies securely in your web application, and if you try out the Stormpath API for the first time this week, you'll get some free Stormpath cookies, straight from Claire's kitchen. Woot!

Cookies Are Delicious

No doubt about that, right? They taste good, they allow you to store useful information in the user's browser, and they allow the browser to automatically send that information back to your server, on every request. These features are too tasty to turn away. So go ahead, have a few cookies! It is the holidays, after all!

Unfortunately, cookies have gotten a bad rap. They typically contain gluten, and are often poorly baked, exposing your users to bad taste and poor web design.

In this recipe, we will show you how to make cookies that are delicious, responsible, and guilt-free.

Recipe: The Best Darn HTTP Cookies

  • 1 Part Secure flag

  • 1 Part HttpOnly flag

  • 2 parts responsibility (client AND server)

  • 1 Part highly unique identifier (if using cookie for session lookup)

  • Hold the PII (personally identifiable information)

  • Unique cookie name, to taste

  • One medium-sized, CSRF and XSS-safe baking sheet

  • HTTPS (for delivery)

Step 1: Inspect Your Ingredients

For best flavor, ensure that your ingredients are fresh but not too raw.

  • No PII - Your cookies will be sitting in plain sight on the table. As such they should not contain burnt edges, real names, email addresses, social security numbers, etc. A cookie is not a mirror, or your filing cabinet.

  • Highly Unique Identifiers - If you are whipping up some session cookies (the ones that link the browser session to a session database), then the contents of the cookie should be highly random. If an attacker can guess the ingredients of your cookie, they can pose as your user. Oatmeal-Raisin is about as bland as you can get, so you should absolutely avoid that entropy source.

Step 2: Prepare Your Baking Sheet

How your cookies are formed are just as important as their contents. Nobody likes a sloppy cookie. You want to form your cookies with some protection from crumbly edge cases.

  • XSS Prevention. The JavaScript environment in the browser is hostile. Your cookies are not going to survive rummaging hands, curious snouts, and malicious JavaScript that made its way into your cookie jar. Protect your cookies from XSS by providing the HttpOnly flag when you send the cookie to the browser. This prevents the JavaScript environment from accessing the cookie. You should do this for any cookie that gives the user implicit access to sensitive resources.

  • CSRF Prevention. Your cookies can be used maliciously, by other domains that make requests to your website without your user's consent. If your server blindly authenticates a user, simply because they have a tasty, buttery, sugary cookie, then you've got more problems than your hard drive size. You're also allowing CSRF attacks, where other websites trigger state-changing actions on your server without your user's consent. This is possible because the browser will always send the user's cookies automatically, regardless of how the request was triggered. Use one of the many CSRF Prevention measures to reduce this risk.

Step 3: Delivery

Sliding your cookies onto some tableware and wrapping them with saran wrap may be fine or a birthday or make-up attempt, but it's the holidays! Let's get fancy, and secure, about this operation. Use red saran wrap.

And Always use Secure cookies. The secure flag tells the browser that the cookie should only be transmitted over secure, HTTPS connections. We want this because Santa is listening "on the wire", and we don't want him to steal your cookies.

And That's How The Cookie Crumbles

Having the best recipe in the world is great, but why do all that work when someone else is probably going to be bringing the same cookies to the party?

Save yourself some time and Sign Up for Stormpath - Not only will you get these security features out-of-the box with our full suite of SDKs and framework integrations, but we'll also send you some free cookies - really!

The easiest way to get started is with one of our quickstarts:

Happy Holidays from the Stormpath Team :)


Cookie Terms and Disclaimers from Claire

  • I make damn good cookies.

  • How this will work operationally: We will check the API logs on Monday. Anyone who has created a new Stormpath tenant and successfully made an API call between the timestamp when this post goes live and Sunday 11/29 at midnight PST will get an email asking for a mailing address where we can send your cookies.

  • Sadly, due to customs restrictions, we can't ship homemade baked goods outside the US. But we can in most cases send you some Swag.

  • Unfortunately, we can't honor special requests or dietary restrictions. I bake a lot, and nuts, gluten and other allergens are regularly flung around my kitchen.

  • Cookie delivery will probably happen in December.

24 Nov 2015 5:00am GMT

23 Nov 2015

feedPlanet Identity

Julian Bond: One week till the start of the COP21 Paris Climate talks (Nov 30). Less than one week till Sunday's ...

One week till the start of the COP21 Paris Climate talks (Nov 30). Less than one week till Sunday's worldwide (except in Paris) Climate marches (Nov 29).


Sadly though, I think the message Ed Miliband gives here is deluded. There are no zero emissions strategies that include business as usual.Â

 Yes, the Paris climate change conference can save the planet | Ed Miliband »
Earth’s temperature is heading towards its highest for three million years. We must move to zero emissions â€" and it can be done without closing down our economy

[from: Google+ Posts]

23 Nov 2015 8:35am GMT

22 Nov 2015

feedPlanet Identity

ForgeRock: 2015 Amsterdam Identity Summit

2015 ForgeRock Amsterdam Identity Summit Recap The second of the three European Identity Summits, hosted by ForgeRock, took place in Amsterdam, at the Conservatorium. A great event and our venue hosts went above and beyond to get everyone comfortable. The great success of this event wouldn't have been possible without our partners; CDO Summit, and our sponsor Accenture!…

The post 2015 Amsterdam Identity Summit appeared first on ForgeRock.com.

22 Nov 2015 7:30pm GMT

Julian Bond: A message from the recent past (2009),

A message from the recent past (2009),

President 'has four years to save Earth'. US must take the lead to avert eco-disaster. Crucially, that action will have to be taken within Obama's first administration.

So since that didn't happen, I guess that about wraps it up for Planet Earth.

Thanks, Obama!

President Obama 'has four years to save Earth' »
Barack Obama has only four years to save the world according to Nasa scientist Jim Hansen

[from: Google+ Posts]

22 Nov 2015 9:01am GMT