No visible indication that the Graber Olive House property truly is for sale.
Maybe it’s not.
But if it is, what will become of the historical artifacts?
Category Archives: Uncategorized
On Attribute-Based Access Control
In this post I’m going to delve more into attribute-based access control (ABAC), comparing it to role-based access control (RBAC, or what Printrak BIS used), and directing you to a separate source that examines ABAC’s implementation.
(Delve. Yes, I said it. I told you I was temperamental. I may say more about the “d” word in a subsequent post.)
But first I’m going to back up a bit.
Role-based access control
As I noted in a LinkedIn post yesterday:
Back when I managed the Omnitrak and Printrak BIS products (now part of IDEMIA‘s MBIS), the cool kids used role-based access control.
My product management responsibilities included the data and application tours, so user permissions fell upon me. Printrak BIS included hundreds of specific permissions that governed its use by latent, tenprint, IT, and other staff. But when a government law enforcement agency onboarded a new employee, it would take forever to assign the hundreds of necessary permissions to the new hire.
Enter roles, as a part of role-based access control (RBAC).
If we know, for example, that the person is a latent trainee, we can assign the necessary permissions to a “latent trainee” role.
- The latent trainee would have permission to view records and perform primary latent verification.
- The latent trainee would NOT have permission to delete records or perform secondary latent verification.
As the trainee advanced, their role could change from “latent trainee” to “latent examiner” and perhaps to “latent supervisor” some day. One simple change, and all the proper permissions are assigned.
But what of the tenprint examiner who expresses a desire to do latent work? That person can have two roles: “tenprint examiner” and “latent trainee.”
Role-based access control certainly eased the management process for Printrak BIS’ government customers.
But something new was brewing…
Attribute-based access control
As I noted in my LinkedIn post, the National Institute of Standards and Technology released guidance in 2014 (since revised). The document is NIST Special Publication 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations, and is available at https://doi.org/10.6028/NIST.SP.800-162.
Compared to role-based access control, attribute-based access control is a teeny bit more granular.
Attributes are characteristics of the subject, object, or environment conditions. Attributes contain information given by a name-value pair.
A subject is a human user or NPE, such as a device that issues access requests to perform operations on objects. Subjects are assigned one or more attributes. For the purpose of this document, assume that subject and user are synonymous.
An object is a system resource for which access is managed by the ABAC system, such as devices, files, records, tables, processes, programs, networks, or domains containing or receiving information. It can be the resource or requested entity, as well as anything upon which an operation may be performed by a subject including data, applications, services, devices, and networks.
An operation is the execution of a function at the request of a subject upon an object. Operations include read, write, edit, delete, copy, execute, and modify.
Policy is the representation of rules or relationships that makes it possible to determine if a requested access should be allowed, given the values of the attributes of the subject, object, and possibly environment conditions.
So before you can even start to use ABAC, you need to define your subjects and objects and everything else.
Frontegg provides some excellent examples of how ABAC is used in practical terms. Here’s a government example:
For example, a military officer may access classified documents only if they possess the necessary clearance, are currently assigned to a relevant project, and are accessing the information from a secure location.
While (in my completely biased opinion) Printrak BIS was the greatest automated fingerprint identification system of its era, it couldn’t do anything like THAT. A Printrak BIS user could have a “clearance” role, but Printrak BIS had no way of knowing whether a person is assigned to an appropriate project or case, and Printrak BIS’ location capabilities were rudimentary at best. (If I recall correctly, we had some capability to restrict operations to particular computer terminals.)
As you can see, ABAC goes far beyond whether a PERSON is allowed to do things. It recognizes that people may be allowed to do things, but only under certain circumstances.
Implementing attribute-based access control
As I noted, it takes a lot of front-end work to define an ABAC implementation. I’m not going to delve into that complexity, but Gabriel L. Manor did, touching upon topics such as:
- Policy as Code
- Unstructured vs. Structured Rules
- Policy configuration using the Open Policy Administration Layer (OPAL)
You can read Manor’s thoughts here (“How to Implement Attribute-Based Access Control (ABAC) Authorization?“).
And there are probably ways to simplify some of this.
AI Articles in Ten (Not Five) Minutes—But I Can’t Tell You Why
More on the “human vs. AI vs. both” debate on content generation, and another alternative—the Scalenut tool.
The five-minute turnaround
I’ve been concerned about my own obsolescence for over a year now.
I haven’t seen a lot of discussion of one aspect of #generativeai:
Its ability to write something in about a minute.
(OK, maybe five minutes if you try a few prompts,)
Now I consider myself capable of cranking out a draft relatively quickly, but even my fastest work takes a lot longer than five minutes to write.
“Who cares, John? No one is demanding a five minute turnaround.”
Not yet.
Because it was never possible before (unless you had proposal automation software, but even that couldn’t create NEW text).
What happens to us writers when a five-minute turnaround becomes the norm?
The five-minute requirement
I returned to the topic in January, with a comment on the quality of generative AI text.
Never mind that the resulting generative AI content was wordy, crappy, and possibly incorrect. For some people the fact that the content was THERE was good enough.
OK, Writer.com (with a private dataset) claims to do a better job, but much of the publicly-available free generative AI tools are substandard.
Then I noted that sometimes I will HAVE to get that content out without proper reflection. I outlined two measures to do this:
- Don’t sleep on the content.
- Let full-grown ideas spring out of your head.
But I still prefer to take my time brewing my content. I’ve spent way more than five minutes on this post alone, and I don’t even know how I’m going to end it yet. And I still haven’t selected the critically important image to accompany the post.
Am I a nut for doing things manually?
You’ve gone from idea to 2500+ word articles in 10 minutes.
Now that I’ve set the context, let’s see what Kieran MacRae (quoted above) has to say about Scalenut. But first, let’s see Kieran’s comments about the state of the industry:
Sure, once upon a time, AI writing tools would write about as well as a 4-year-old.
So what does Scalenut do?
With Scalenut, you will reduce your content creation time by 75% and become a content machine.
The content gets written in your tone of voice, and the only changes I made were adding personal anecdotes and a little Kieran charm.
But…why?
Why is Scalenut better?
Kieran doesn’t say.
And if Scalenut explains WHY its technology is so great, the description is hidden behind an array of features, benefits, and statistics.
Maybe it’s me, but Scalenut could improve its differentiation here, as outlined in my video.
What Scalenut does…and doesn’t do
I should clarify that copyrighting is but one part of Scalenut’s arsenal.
Scalenut is a one-stop-shop AI-powered SEO writing tool that will see you through keyword selection, research, and content production. Plus, you get full access to their copywriting tool, which can create more specific short-form content like product descriptions.
You optimize SEO content by adding NLP keywords, which are the words that Google uses to decide what an article is about.
MacRae cautions that it’s not for “individuals whose writing is their brand,” and Scalenut’s price point means that it’s not for people who only need a few pieces a month.
But if you need a lot of content, and you’re not Stephen King or Dave Barry or John Bredehoft (not in terms of popularity, but of distinctness), then perhaps Scalenut may help you.
I can’t tell you why, though.
(And an apology for those who watch the video; like “The Long Run” album itself, it takes forever to get to the song.)
Bredemarket’s Five Secrets to Hosting a Successful LinkedIn Audio Event
Bredemarket, the curious wildebeest, wanted to learn more about LinkedIn Audio Events. So I hosted my own. Based upon my now-extensive experience in this medium, I can share my five secrets to hosting a successful LinkedIn Audio Event.
Don’t start early
Um…I failed to do this. The event was supposed to start at 8:00 am Pacific Daylight Time, and I started at 7:58.
Meticulously plan
I didn’t do this either. I scheduled the event at 7:41, 19 minutes before it was supposed to start, and only 17 minutes before it actually started.
Use the best audio equipment for stellar sound
Um…this was on my phone, with no headset.
Host from a quiet place with no distractions
I definitely failed here. I started the event outside the (former) Yangtze Reataurant on very busy Euclid Avenue in Ontario, California. If anyone had joined the last-minute event, they would have heard all sorts of traffic noises.
Have a purpose for the event
This is the only thing I did right. My purpose? To learn the mechanics behind LinkedIn Audio Events. I didn’t learn everything—since I was the only attendee, I couldn’t channel my inner Anna Morgan and invite another speaker to the stage. But I figured out some of the mechanics.
Lessons learned
(Personal preference: I don’t refer to this as a “post mortem.” No one died.)
In addition to the lessons implied above (plan, ensure a superior audio experience, etc.), I learned that you will never get to listen to this morning’s event. LinkedIn doesn’t post recordings of the event after the fact. So I can lie and say that I shared the most scintillating details, even though I didn’t.
But I achieved my purpose, and maybe I will host a real audio event some day.
I did some more experimentation this morning, but my other experiments were live video tests on Facebook, on the Bredemarket page (not the groups; another lesson learned).
Were You Affected by the National Public Data Breach?
(Part of the biometric product marketing expert series)
Fiona Jackson of TechRepublic shared this two days ago.
In August, a hacker dumped 2.7 billion data records, including social security numbers, on a dark web forum, in one of the biggest breaches in history.
The data may have been stolen from background-checking service National Public Data at least four months ago. Each record has a person’s name, mailing address, and SSN, but some also contain other sensitive information, such as names of relatives…
Note that 2.7 billion data records does not equal 2.7 billion people, since a person may have multiple data records.
Was your data leaked?
Rich DeMuro posted a link to see if your data was leaked. If you want to check, go to https://npd.pentester.com/, enter the requested information (you will NOT be asked for your Social Security Number), and the site will display a masked list of the matching information in the breach.
One lesson from the National Public Data breach should have been obvious long ago: anyone who relies on a Social Security Number as a form of positive identification is a fool.
If You Don’t Want Generic Content For Your Identity/Biometrics Firm
For better or worse, I write my own content. If I’m going to write yours, then I should write mine.
So I’m always amused when I receive pitches to write for the Bredemarket blog. Invariably these pitches do NOT mention:
- Biometrics. If they’re going to write identity/biometrics content, I want to know their credentials.
- The seven questions. Or any details of how they work.
- Wildebeests. Enough said.
By Danijel Mihajlovic – https://thenextcrossing.com/wildebeest-migration-kenya, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=96024366
But a recent pitch excelled in its, um, genericism. Here’s the relevant part:
I run a white-label marketing company and am reaching out to ask if you need help with content creation? I work with several other marketing agencies on campaigns like Airbnb’s.
I’m not sure how Bredemarket relates to Airbnb, but it really doesn’t matter because they have worked on campaigns LIKE Airbnb. So I do not know what they’ve done. (Although ghostwriters have this problem.)
I recently sent out a mailing that was hopefully much more targeted. I knew my hungry people (target audience), so even though it was a mass mailing (OK, not “mass”), it was relevant.
If you didn’t receive the mailing, you can view the repurposed version here.
Contact Bredemarket if you need content that benefits from my 29+ years of identity/biometrics experience.
Identity/Biometric Professionals, Does Your Company Need the Right Words?
Identity/biometric professionals require the right words to raise product awareness, influence consideration, or drive conversions.
Bredemarket helps you create the words your prospects and customers must hear now:
- Short-length text such as blog posts.
- Medium-length text such as white papers.
- Longer text such as analyses and proposals.
- Retainer arrangements.
With over 29 years of identity/biometric experience, John Bredehoft of Bredemarket is the biometric product marketing expert that can move your company forward.
If I can help you, book a free 30 minute meeting with me on Calendly.
If you’re not sure about using Bredemarket, here is more information.
Winners and Losers, But Even Olympic Losers Can Become Winners
A single loss does not define your entire life. As the sporting world teaches us, Olympic losers and other competitive losers can become winners—if not in sports, then elsewhere.
The human drama of athletic competition
When I was young, the best variety show on television didn’t involve Bob Mackie dresses. It instead featured Jim McKay, introducing the show as follows.
Spanning the globe to bring you the constant variety of sport…the thrill of victory…and the agony of defeat…the human drama of athletic competition…This is ABC’s Wide World of Sports!
A technological marvel when originally introduced, this variety show brought sporting events to American viewers from all over the world.
And these viewers learned that in competitions, there are winners and losers.
But since Wide World of Sports focused on the immediate (well, with a bit of tape delay), viewers never learned about the losers who became winners.
Jim McKay and his colleagues were not retrospective, but were known for the moment. In one instance that was NOT on tape delay, Jim McKay spoke his most consequential words, “They’re all gone.”
Vinko Bogataj
(Note: some of this content is repurposed because repurposing is cool.)
Turning to less lethal sporting events, remember Jim McKay’s phrase “the agony of defeat”?
For American TV watchers, this phrase was personified by Vinko Bogataj.
Hailing from a country then known as Yugoslavia (now Slovenia), Bogataj was competing in the 1970 World Ski Flying Championships in Oberstdorf, in a country then known as West Germany (now Germany). His daughter described what happened:
It was bad weather, and he had to wait around 20 minutes before he got permission to start. He remembers that he couldn’t see very good. The track was very bad, and just before he could jump, the snow or something grabbed his skis and he fell. From that moment, he doesn’t remember anything.
While Bogataj suffered a concussion and a broken ankle, the accident was captured by the Wide World of Sports film crew, and Bogataj became famous on the “capitalist” side of the Cold War.
And he had no idea.
“He didn’t have a clue he was famous,” (his daughter) Sandra said. That changed when ABC tracked him down in Slovenia and asked him to attend a ceremony in New York to celebrate the 20th anniversary of “Wide World of Sports” in 1981.
At the gala, Bogataj received the loudest ovation among a group that included some of the best-known athletes in the world. The moment became truly surreal for Bogataj when Muhammad Ali asked for his autograph.
Bogataj is now a painter, but his 1970 performance still follows him.
Over 20 years after the infamous ski jump, Terry Gannon interviewed Bogataj for ABC. As Gannon recounted it on X (then Twitter), Bogataj “got in a fender bender on the way. His first line..’every time I’m on ABC I crash.'”
Some guy at the Athens Olympics in 2004
Since the Paris Olympics is taking place as I write this, people are paying a lot of attention to present and past Olympics.
The 2004 Olympics in Athens was a notable one, taking place in the country where the original Olympics were held.
But during that year, people may have missed some of the important stories that took place. We pay attention to winners, not losers.
Take the men’s 200 meter competition. It began with 7 heats, with the top competitors from the heats advancing.
Within the 7 heats, Heat 4 was a run-of-the-mill race, with the top four sprinters advancing to the next round. If I were to read their names to you you’d probably reward me with a blank stare.
But if I were to read the 5th place finisher to you, the guy who failed to advance to the next round, you’d recognize the name.
Usain Bolt.
He did a little better at subsequent Olympics.
Some other guy at the Athens Olympics in 2004
KBWEB Consult tells the story of another competitor in the same 200 meter event in Athens. Chris Lambert participated in Heat 3, but didn’t place in the first four positions and therefore didn’t advance.
Nor did he place in the fifth position like Usain Bolt did in Heat 4.
Actually, he technically didn’t place at all. His performance is marked with a “DNF,” or “did not finish.”
You see, at about the 50 meter point of the 200 meter event, Lambert pulled a hamstring.
And that ended his Olympic competition dreams forever. By the time the Olympics were held in Lambert’s home country of the United Kingdom in 2012, he was not a competitor, but a volunteer for the London Olympics.
But Lambert learned much from his competitive days, and now works for Adobe.
KBWEB Consult (who consults on Adobe Experience Manager implementations) tells the full story of Chris Lambert and what he learned in its post “Expert Coaching From KBWEB Consult.”
A final thought
I haven’t done one of these in a while, but it’s important to remember that just because you lost a particular competition doesn’t mean that all is lost. We need to remember this whether we are a 200 meter runner who didn’t advance from their heat, or whether we are a job applicant receiving yet another “we are moving in a different direction” form letter.
In the meantime, take care of yourself, and each other.
$865 Fees Will Not Destroy Upland’s Economy
Expect heavy large business lobbying against this proposed ballot measure in Upland. Because if they have to pay a debilitating $865 in fees, they’ll shutter their business and join Elon and Chevron in Texas.
According to the Daily Bulletin:
“Under the existing system, each $20,000 a business makes is taxed in $54 increments. Businesses reach the $864 cap when they have roughly $320,000 in gross sales….
“If approved by voters, the Nov. 5 measure would mean businesses would pay $50 for every $100,000 they generate in revenue….Meanwhile, the measure would increase the cap on business license taxes to $29,500.”
For the record, Bredemarket is based in Ontario, and I’m glad I’m not subject to Upland’s current licensing fees.
Much more detail:
Bredemarket’s First Eight Second Video
See this post to understand why the video is only eight seconds long.
As for how I will use this to promote the Bredemarket Identity Firm Services LinkedIn page and Facebook group…I have no words.
Bredemarket 