Tag Archives: microsoft

Stupid tech tricks: no permission to respond to calendar invites? (The UID:X trick)

I use two separate Google calendars: one for Bredemarket, and one for personal non-Bredemarket meetings. I receive meeting invitations on both of these calendars. This usually isn’t a problem.

Usually.

Over the last year, I have accepted a variety of calendar invites from external inviters, including invites to Zoom meetings, invites to Microsoft Teams meetings, invites to Google Meet meetings, and even old-fashioned invites for Plain Old Telephone Service (POTS) calls. (Yes, these still exist.) These have originated from Google-managed domains, Microsoft-managed domains, and other domains.

When you accept a calendar invite, you send a message to the inviter that contains your acceptance of the message, and this acceptance is recorded both on your calendar and on the inviter’s calendar.

Except for the invite that I received yesterday evening.

I was reading email on my mobile phone and received a calendar invite. When Gmail displays calendar invites, it displays them with “Yes,” “Maybe,” and “No” buttons.

Calendar invite, the expurgated version.

So I clicked “Yes” on the invite…and received a message that I didn’t have permission to access to the target calendar.

That seemed odd, but I noticed that there was an “invite.ics” file attached to the invitation. While ics files are designed for Microsoft calendars, they can be imported into Google calendars, so I figured that I’d just import the invite.ics file when I had access to my computer the following morning.

So this morning I imported the invite.ics file…and got the same error stating that I didn’t have permission to access the target calendar.

Curious, I researched and found a solution:

“The solution for this is to manually edit the .ics file prior to importing it and replace all occurrences of “UID:” with “UID:X” (without the quotes). After doing this and saving the file, proceed with the import and all should be fine.”

So I opened up the invite.ics file in Notepad, performed the manual edit, and successfully imported the calendar entry.

As it turns out, the inviter doesn’t usually schedule meetings with people outside of the inviter’s domain, which explains why I was the first person to mention the issue.

While the problem was solved, I had no idea WHY the UID:X trick worked. And I’m not the only one asking this question.

Most of the time when I receive a meeting request in my gmail account, Google Calendar understands exactly what is going on and handles the request pleasantly.

But for some zoom meeting requests originating from one particular client, Google Calendar refuses to admit that it’s a meeting request until I edit the ICS file and insert an “X” after the “UID:” prefix per the suggestion here.

Looking at RFC 5545, it doesn’t look like the “X” is required but it’s not terribly clear.

Does RFC 5545 in any way require that “X” to be there?

As of this morning, no one has answered the question, but I found a comment in a separate thread that appeared to be relevant.

After investigating for a while, it seems adding the “X” is not a permanent solution. The UID is a global identifier, if two events have the same UID in the same calendar there’s a collision. Some calendar services like Outlook (which I use) seem to handle this, while Google and probably many others don’t.

So the mystery continues.

P.S. If you happen across this post and find it helpful, also see my 2009 tip about the spurious “remove probe” error for KitchenAid ovens. (TL;DR: use a blow dryer to remove moisture from the probe hole where the temperature probe is inserted.)

In this post, “NGI” stands for Non-Governmental Identity

I admit to my biases.

As a former long-time employee of a company that provides finger and face technology for the Federal Bureau of Investigation’s Next Generation Identification (NGI) system, as well as driver’s license and passport technology in the United States and other countries, I am reflexively accustomed to thinking of a proven identity in governmental terms.

Because the government is always here to help.

From World War II. By Packer, poster artist, Artist (NARA record: 8467744) – U.S. National Archives and Records Administration, Public Domain, https://commons.wikimedia.org/w/index.php?curid=16929857

What this means in practice is that whenever I see a discussion of a proven identity, I reflexively assume that the identity was proven through means of some type of governmental action.

  • Perhaps the identity was tied to a driver’s license identity maintained by a state agency (and checked against other states via AAMVA’s “State to State” to ensure that there are no duplicate identities).
  • Or perhaps the identity was proven via the use of a database maintained by a government agency, such as the aforementioned NGI or perhaps a database such as the CODIS DNA database.

However, I constantly have to remind myself that not everyone thinks as I do, and that for some people an identity proven by governmental means is the worst possible scenario.

Use of DNA for humanitarian efforts

Take an example that I recently tweeted about.

I recently read an article from Thermo Fisher Scientific, which among other things provides a slew of DNA instruments, software, and services for both traditional DNA and rapid DNA.

One of the applications of DNA is to prove family relationships for migrants, especially after families were separated after border crossings. This can be done in a positive sense (to prove that a separated parent and child ARE related) or in a negative sense (to prove that a claimed parent and child are NOT related). However, as was noted in a webinar I once attended, DNA is unable to provide any verification of legitimate adoptions.

By Nofx221984 – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=7429871

Regardless of the purpose of using DNA for migrants, there is a certain level of distrust among the migrants when the government says (presumably in Spanish), “We’re the government. We’re here to help.” You don’t have to be a rabid conspiracy theorist to realize that once DNA data is captured, there is no technical way to prevent the data from being shared with every other government agency. Certain agencies can establish business rules to prevent such sharing, but those business rules can include wide exceptions or the rules can be ignored entirely.

Therefore, Thermo Fisher Scientific decided to discuss humanitarian DNA databases.

As a result of migration, human trafficking and war, humanitarian databases are a relatively new concept and are often completely separate from criminal databases. Research has shown that family members may distrust government databases and be reluctant to report the missing and provide reference samples (1). Humanitarian databases are repositories of DNA profiles from reported missing persons, relative reference samples, and unknown human remains and may be managed by non-governmental organizations (NGOs), though in some instances they may be managed by a governmental institution but kept separate from criminal databases. Examples of humanitarian databases can be found in the United States (NamUsUniversity of North Texas HDID), Canada (Royal Canadian Mounted Police), Australia (National DNA Program for unidentified and missing persons) and internationally via the International Commission on Missing Persons (ICMP).

As you can see from the list, some of these databases ARE managed by government police agencies such as the RCMP. But others are not. The hope, of course, is that migrants would be willing to approach the humanitarian folks precisely BECAUSE they are not the police. Reluctance to approach ANY agency may be dampened by a desire to be reunited with a missing child.

And these non-governmental efforts can work. The Colibri Center claims to have performed 142 identifications that would not have been made otherwise.

Reluctance to set national standards for mobile driver’s licenses

Because of my (biased) outlook, mobile driver’s licenses and other applications of government-proven digital identity seem like a wonderful thing. The example that I often bore you with is the example of buying a drink at a bar. If someone does this with a traditional driver’s license, the bartender not only learns the drinker’s birthdate, but also his/her address, (claimed) height and weight, and other material irrelevant to the “can the person buy a drink?” question. With a mobile driver’s license, the bartender doesn’t even learn the person’s birthdate; the bartender only learns the one important fact that the drinker is over 21 years of age.

Some people are not especially wowed with this use case.

The DHS Request for Comment has finally closed, and among the submissions is a joint response from the American Civil Liberties Union, Electronic Frontier Foundation (EFF), & Electronic Privacy Information Center (EPIC). The joint response not only warns about potential misuse of government digital identities, but also questions the rush of establishing them in the first place.

We believe that it is premature to adopt industry standards at this time as no set of standards has been completed that fully takes advantage of existing privacy-preserving techniques. In recent decades we have seen the emergence of an entire identity community that has been working on the problems of online identity and authorization. Some within the identity community have embraced centralized and/or proprietary systems…

You can imagine how the ACLU, EFF, and EPIC feel about required government-managed digital identities.

Is a Non-Governmental Identity (NGI) feasible and reliable?

Let’s return to the ACLU/EFF/EPIC response to the DHS Request for Comment, which mentions an alternative to centralized, proprietary maintenance of digital identities. This is the alternative that I’m referring to as NGI just to cause MAC (massive acronym confusion).

…others are animated by a vision of “self-sovereign
identity” that is decentralized, open source, privacy-preserving, and empowering of individuals. That movement has created a number of proposed systems, including an open standard created by the World Wide Web Consortium (W3C) called Verifiable Credentials (VCs)….

DHS should refuse to recognize IDs presented within centralized identity systems. If a standard digital identity system is to be accepted by the federal government, it must be created in an open, transparent manner, with the input of multiple stakeholders, and based upon the self-sovereign identity concept. Such a system can then be used by federal government agencies to view identity credentials issued by state departments of motor vehicles (DMVs) where doing so makes sense. If standards based on self-sovereign identity are not considered mature enough for adoption, efforts should be directed at rectifying that rather than at adopting other systems that raise privacy, security, and autonomy risks.

For all practical purposes, the chances of the ACLU/EFF/EPIC convincing the Department of Homeland Security to reject government-proven identities are approximately zero. And since DHS controls airport access, you probably won’t see an airport security agent asking for your Verifiable Credentials any time soon. Self sovereign identities are just as attractive to government officials as sovereign citizens.

Who issues Verifiable Credentials?

As ACLU/EFF/EPIC noted, Verifiable Credentials are still under development, just as the centralized system standards are still under development. But enough advances have been made so that we have somewhat of an idea what they will look like. As Evernym notes, there is a trusted triangle of major players in the Verifiable Credentials ecosystem:

From https://www.evernym.com/blog/gentle-introduction-verifiable-credentials/. Fair use.

There are a number of directions in which we can go here, but for the moment I’m going to concentrate on the Issuer.

In the current centralized model being pursued in the United States, the issuers are state driver’s license agencies that have “voluntarily” consented to agree to REAL ID requirements. Several states have issued digital versions of their driver’s licenses which are recognized for various purposes at the state level, but are not yet recognized at the federal level. (The purpose of the DHS Request for Comment was to solicit thoughts on federal adoption of digital identities. Or, in the case of some respondents, federal NON-adoption of digital identities.)

Note that in the Verified Credentials model, the Issuer can be ANYBODY who has the need to issue some type of credential. Microsoft describes an example in which an educational institution is an Issuer that represents that a student completed particular courses.

Without going into detail, the triangle of trust between Issuers, Verifiers, and Holders is intended to ensure that a person is who they say they are. And to the delight of the ACLU et al, this is performed via Decentralized Identifiers (DIDs), rather than by centralized management by the FBI or the CIA, the BBC, B. B. King, Doris Day, or Matt Busby. (Dig it.)

But NGIs are not a cure-all

Despite the fact that they are not controlled by governments, and despite that fact that users (at least theoretically) control their own identities, no one should think that digital identities are the solution to all world problems…even when magic paradigm-shifting words like “blockchain” and “passwordless” are attached to them.

Here’s what McKinsey has said:

…even when digital ID is used with good intent, risks of two sorts must be addressed. First, digital ID is inherently exposed to risks already present in other digital technologies with large-scale population-level usage. Indeed, the connectivity and information sharing that create the value of digital ID also contribute to potential dangers. Whether it is data breaches and cyber-intrusions, failure of technical systems, or concerns over the control and misuse of personal data, policy makers around the world today are grappling with a host of potential new dangers related to the digital ecosystem.

Second, some risks associated with conventional ID programs also pertain in some measure to digital ID. They include human execution error, unauthorized credential use, and the exclusion of individuals. In addition, some risks associated with conventional IDs may manifest in new ways as individuals newly use digital interfaces. Digital ID could meaningfully reduce many such risks by minimizing opportunity for manual error or breaches of conduct.

In addition, many of these digital identity initiatives are being pursued by large firms such as IBM and Microsoft. While one hopes that these systems will be interoperable, there is always the danger that the separate digital identity systems from major firms such as IBM and Microsoft may NOT be interoperable, in the same way that the FBI and DHS biometric systems could NOT talk to each other for several years AFTER 9/11.

And it’s not only the large companies that are playing in the market. Shortly after I started writing this post, I ran across this LinkedIn article from the Chief Marketing Officer at 1Kosmos. The CMO makes this statement in passing:

At 1Kosmos, we’ve taken our FIDO2 certified platform one step further with a distributed identity based on W3C DID standards. This removes central administration of the database via a distributed ledger for true “privacy by design,” putting users in sole access and control of their identity.

1Kosmos, IBM, and Microsoft know what they’re talking about here. But sadly, some people only think these technologies are “cool” because they’re perceived as anti-government and anti-establishment. (As if these companies are going to call for the downfall of capitalism.)

Which identiy(ies) will prevail?

Back to governmental recognition of NGI.

Don’t count on it.

Anticipated DHS endorsement of government-issued digital identities doesn’t mean that NGI is dead forever, since private companies can adopt (and have adopted) any identity system that they wish.

So in truth we will probably end up with a number of digital identities like we have today (I, for example, have my WordPress identities, my Google identities, and countless others). The difference, of course, is that the new identities will be considered robust – or won’t be, when centralized identity proponents denigrate decentralized identities and vice versa.

But frankly, I’m still not sure that I want Facebook to know how much I weigh.

(Although, now that I think about it, Apple already knows.)

By Apple Inc. – http://www.apple.com, Fair use, https://en.wikipedia.org/w/index.php?curid=43953320

How and why a company should use LinkedIn showcase pages

This post explains what LinkedIn showcase pages are, how Bredemarket uses LinkedIn showcase pages, and (a little more importantly) how YOUR company can use LinkedIn showcase pages.

What are LinkedIn showcase pages?

LinkedIn offers a variety of ways to share information. Two of those ways are as follows:

  • A personal LinkedIn page. This allows an individual to share their job history and other information. Here’s an example.
  • A company LinkedIn page, which contains information about a company, including “about” details, jobs, employees, and other facts. Here’s another example.

A third method is a LinkedIn showcase page. This is tied to a company page, but rather than telling EVERYTHING about the company, a showcase page allows the company to zero in on a PARTICULAR aspect of the company’s product/service offering.

From https://business.linkedin.com/marketing-solutions/linkedin-pages/showcase-pages.

How Bredemarket uses LinkedIn showcase pages

Most companies, even very small ones like Bredemarket, can segment their products and services in various ways. In Bredemarket’s case, the company offers some prepackaged services, such as a “short writing service” and a “medium writing service.”

However, it didn’t make sense for me to segment my services in this way. The people who are interested in 400 word written content are not dramatically different from the people who are interested in 2800 word written content. So instead of segmenting by service, I chose to segment by market.

I started by addressing one of my potential markets, the identity market (biometrics, secure documents, and other identity modalities). Back in November, I created a Bredemarket Identity Firm Services showcase page on LinkedIn, which eventually became a place for me to share information about the identity industry, both content generated by me and content generated by others.

Bredemarket Identity Firm Services on LinkedIn. https://www.linkedin.com/showcase/bredemarket-identity-firm-services/

Since then I’ve expanded my offerings. On LinkedIn, I presently have TWO showcase pages, one concentrated on the identity market, and one concentrated on the more general technology market.

Bredemarket Technology Firm Services on LinkedIn. https://www.linkedin.com/showcase/bredemarket-technology-firm-services/

These concentrations made the most sense to me, although I could segment even further if I chose to do so (separate showcase pages for fingers and palms, anyone?).

An aside for Facebook users

Incidentally, you can perform similar segmentation in Facebook. In Facebook terms, you can have a page associated with a particular company, and then (rather than showcase pages) you can have groups that link to the company page and delve into topics in more detail.

So Bredemarket (which is committed to disseminating information via multiple communication streams; see my goal number 3 here) has Facebook groups that are somewhat similar to the Bredemarket LinkedIn showcase pages. One difference is that I have three groups on Facebook. In addition to the identity and technology groups, I also have a general business group. At this point it didn’t make sense to create a LinkedIn showcase page for general business, but it did make sense for Bredemarket to have such a group on Facebook.

Enough about me. What about you?

Obviously Bredemarket is an unusual case, although for some of you it may make sense to segment based on markets.

Most companies, however, will choose to segment based upon products or product lines. This especially makes sense for multinational companies that offer a slew of products. However, even smaller companies with multiple product lines may benefit from showcase page segmentation. If a potential customer is only interested in your square blue widgets, but doesn’t care about your other widgets, a showcase page allows the customer to read about blue widgets without having to wade through everything else.

Some of you may have received a pitch from me suggesting how a showcase page can help you highlight one product or product line in this way.

Perhaps it’s best to show an example. I’ve previously highlighted Adobe as an example of a company with showcase pages, but for now I’d like to highlight another company with a similar issue.

Let’s look at Microsoft, which has an obvious interest in using LinkedIn to its fullest potential. Microsoft’s product and service lines have expanded over the years, and while some Microsoft entities (such as LinkedIn itself) have their own regular LinkedIn pages, Microsoft uses showcase pages for other entities, products, and services.

For example, Microsoft has a showcase page for Microsoft Dynamics 365.

About Microsoft Dynamics 365. https://www.linkedin.com/showcase/microsoft-dynamics/about/

But here’s a showcase page that has nothing to do with a product, service, or market: “Microsoft On the Issues.”

Microsoft On the Issues on LinkedIn. https://www.linkedin.com/showcase/microsoft-on-the-issues/

So there are a variety of ways that a company can slice and dice its communications, and LinkedIn showcase pages provide an ideal way to do that.

Does this interest you?

Of course, setting up a LinkedIn showcase page is only the beginning of the battle. If you set up a showcase page and don’t publish anything to it, your efforts are wasted. Potential customers look at your company’s online presence, after all.

If your company has established a showcase page, has set goals for how the showcase page will benefit the company, and now needs to generate content at a regular clip, Bredemarket can assist with the creation of the content, working with internal company subject matter experts as needed. If this service interests you, contact me. We will collaborate to ensure that your LinkedIn showcase page includes the best possible content.

Even Apple is moving to a service model. Biometric identity vendors are moving also.

Remember when you bought a big old hunk of hardware…and you owned it?

With cloud computing, significant portions of hardware were no longer owned by companies and people, but were instead provided as a service. And the companies moved from getting revenue from selling physical items to getting revenue from selling services.

From Apple Computer to Apple

Apple is one of those companies, as its formal name change from “Apple Computer” signifies.

Then “Apple Computer” circa 1978. From https://www.macrumors.com/2020/03/23/apple-computer-retail-sign/. Fair use.

Yet even as iTunes and “the” App Store become more prominent, Apple still made a mint out of selling new smartphone hardware to users as frequently as possible.

But Apple is making a change later in 2021, and Adrian Kingsley-Hughes noted the significance of that change.

The change?

So, it turns out that come the release of iOS 15 (and iPadOS 15) later this year, users will get a choice.

Quite an important choice.

iPhone users can choose to hit the update button and go down the iOS 15 route, or play it safe and stick with iOS 14.

Why is Apple supporting older hardware?

So Apple is no longer encouraging users to dump their old phones to keep up with new operating systems like the forthcoming iOS 15?

There’s a reason.

By sticking with iOS 14, iPhone users will continue to get security updates, which keeps their devices safe, and Apple gets to keep those users in the ecosystem.

They can continue to buy content and apps and pay for services such as iCloud.

Although Kingsley-Hughes doesn’t explicitly say it, there is a real danger when you force users to abandon your current product and choose another. (Trust me; I know this can happen.)

In Apple’s case, the danger is that the users could instead adopt a SAMSUNG product.

And these days, that not only means that you lose the sale of the hardware, but you also lose the sale of the services.

It’s important for Apple to support old hardware and retain the service revenue, because not only is its services business growing, but services are more profitable than hardware.

In the fiscal year 2019, Apple’s services business posted gross margins of 63.7%, approaching double the 32.2% gross margin of the company’s product sector. 

If current trends continue, Apple’s services (iCloud, Apple Music, AppleCare, Apple Card, Apple TV+, etc.) will continue to become relatively more important to the company.

The biometric identity industry is moving to a service model also

Incidentally, we’re seeing this in other industries, for example as the biometric identity industry also moves from an on-premise model to a software as a service (SaaS) model. One benefit of cloud-based hosting of biometric identity services is that both software and the underlying hardware can be easily upgraded without having to go to a site, deploying a brand new set of hardware, transferring the data from one set of hardware to the other, and hauling away the old hardware. Instead, all of those activities take place at Amazon, Microsoft, or other data centers with little or no on-premise fuss.

(And, as an added benefit, it’s easier for biometric vendors to keep their current customers because obsolescence becomes less of an issue.)

Is your biometric identity company ready to sell SaaS solutions?

But perhaps your company is just beginning to navigate from on-premise to SaaS. I’ve been through that myself, and can contract with you to provide advice and content. I can wear my biometric content marketing expert hat, or my biometric proposal writing expert hat as needed.

The “T” stands for technology. Or something. By Elred at English Wikipedia – Transferred from en.wikipedia to Commons by Moe_Epsilon., Public Domain, https://commons.wikimedia.org/w/index.php?curid=3812206

Obviously this involves more than just saying “we’re cloud-ready.” Customers don’t care if you’re cloud-ready. Customers only care about the benefits that being cloud-ready provides. And I can help communicate those benefits.

If I can help you communicate the benefits of a cloud-ready biometric identity system, contact me (email, phone message, online form, appointment for a content needs assessment, even snail mail).