npe – Bredemarket

The Human Metronome

One advantage of moving from analog to digital instrumentation was in creating perfect production. While there are obvious disadvantages to non-human identity musical performances, at least MIDI pre-programming ensures that every note is played at precisely the right moment. As is every drumbeat.

Because no drummer is that perfect.

With one exception.

Alan Myers, from the video for “Time Out For Fun.”

Devo has had several drummers over the years (including the other Mothersbaugh brother Jim), but their drummer during their most renowned period was Alan Myers. He’s the one wearing glasses who is NOT Mark. This is what Jerry said:

“When you see and/or hear Alan perform live in DEVO performance videos or on our records from our heyday it’s somewhat mind-boggling to think that Alan drummed the way he did, when he did. I have flippantly referred to him in interviews as “the human metronome.” It was a comment meant to bequeath giant praise. Clearly his precision and power eclipsed whatever advantages that soulless drum machines can ever offer.”

During his years with DEVO, the band evolved from a live mostly-guitar band to one in which an entire album centered around the Fairlight CMI. And this, um, evolution affected Myers.

“The man who was considered the human drum machine had been pretty much replaced by actual drum machines on Devo’s 1984 album Shout, leaving him creatively disillusioned.”

So he left the band, presaging events nearly 40 years later when humans were replaced by non-humans.

Yeah, I knew I could shove this square peg into Bredemarket’s round hole.

Whoops, MTV won’t allow that.

“The cable channel had a problem with the animated crinkle cut french fry entering the doughnut hole….They really had a problem with the following shot of the woman with an ecstatic look on her face.”

Anyway, here’s a fun video…not a good video. And not “Peek-A-Boo”; that one freaked me out.

Wallets for Non-Human Identities?

Let me start this post by stating that I am human. Well, so far. I might be changing into a wildebeest.

But assuming that I remain human, I have multiple digital wallets—two of which support decentralized storage of my California driver’s license.

But the California Department of Motor Vehicles (DMV) doesn’t just issue driver’s licenses. It also issues car registrations.

As does the Arizona Department of Transportation, which brings me to this Identity Week story.

“Arizona is among the first states in the country to transition beyond the digital driver licence (mDL) into full-fledged mobile vehicle documentation, officially updating its proprietary Arizona Wallet app. They have allowed residents to upload and store their official vehicle registration, title information, and insurance details directly onto their smartphones.”

But there’s a philosophical problem here.

As I’ve noted previously, title (and registration) are primarily associated with a non-person entity (the vehicle), not a person.
Yes, a person may hold the title to a vehicle. Or the title may be held by two people, in the case of spouses.
But the title belongs to the vehicle.
Yet the aforementioned Arizona Wallet app is held by people.

Shouldn’t a vehicle have its own wallet, and then grant access to elements in the wallet to one or more person wallets?

And how would the vehicle manage its own attributed-based access controls?

And what if the car gets mad at its human owner(s) for boring driving habits and not taking it to the car wash every week, and therefore decides to change its registered owner to someone else who is more exciting and car-loving?

I’ll admit that this is a flight of fancy, but it raises governance issues about maintaining non-human identities.

Even Jedis Can Face Ephemeral Challenges

From a recent Identity Jedi post.

“NHI visibility and AI agent visibility feel like the same problem. They’re not. A service account is relatively static. It was created for a purpose, it has credentials, it authenticates to something. You can find it, document it, rotate its credentials, put it in a vault. That’s a solvable problem with existing tooling.

“An AI agent is different in almost every dimension that matters. It’s dynamic. It’s often ephemeral. It doesn’t have a fixed identity. It borrows one, or several. It makes decisions at runtime about what it needs to access. And it operates at machine speed, which means by the time your SIEM fires an alert, the transaction is already done.”

A Heart Of Bone (Non-Human Identity Verification)

One more from Lyria.

“I have created a slow, atmospheric blues and folk track reflecting on the ideas of non-human identity verification.”

A Heart Of Bone.

Non-Human Identity Verification Via Humans

Another way to verify non-human identities is to link them to human ones. This NotebookLM explainer (not by me) offers the details.

From NextgenID.

Non-Human Identity Verification

How do you verify non-human identities?

One of the reasons that I titled my ebook “Proving Humanity” is because the six (yes, six) factors of identity verification and authentication that I discuss only apply to identifying humans, and do not apply to non-human identities.

Again, so how do you verify non-human identities?

Cryptographics

One way is via cryptographics. As I discussed previously, the Secure Production Identity Framework For Everyone (SPIFFE) and the SPIFFE Runtime Environment (SPIRE) provide non-person entities with “strongly attested, cryptographic identities.”

Problem solved, right?

As any human who has used a password knows, a single factor can be stolen. And that includes cryptographic factors.

Provenance

Which means that we have to look at provenance. But instead of looking at the provenance of an AI-generated image or video, we are looking at the provenance of an agent that performs actions. The network origin. The environment. The associated attributes. Is the agent running on a specific, authorized, and known virtual machine or container at a specific network address, or is it running…somewhere else?

Behavior

And if you’ve read my book, you know that human identities can be evaluated based upon their behavior (either tendencies or intent). You can also look at the behavior of agents. Is the agent acting at an unexpected time of day? Is it executing an unusually high volume of requests? Is it “scoping out the joint”?

Multi-factor authentication

Again, it’s possible to spoof one factor, but much harder to spoof multiple factors. And that applies to both humans and non-human agents.

Be safe out there.

Clifford Stoll Was Wrong AND Right

A former coworker reshared the story of Clifford Stoll investigating an accounting error and discovering a Cold War spy network. But a few years later, Stoll was wrong about the emerging Internet…and also right.

Stoll shared his views in a 1995 Newsweek article that was an amusing read after the fact.

Replacing your daily newspaper?

For example:

“The truth is no online database will replace your daily newspaper…”

Stoll lived long enough to see the decline of printed newspapers in the early 21st century.

Electronic books?

Another one:

“How about electronic publishing? Try reading a book on disc. At best, it’s an unpleasant chore: the myopic glow of a clunky computer replaces the friendly pages of a book. And you can’t tote that laptop to the beach. Yet Nicholas Negroponte, director of the MIT Media Lab, predicts that we’ll soon buy books and newspapers straight over the Internet. Uh, sure.”

Let’s pick this one apart piece by piece.

A book on disc? What’s a disc?

Yes, to some the myopic glow of an electronic book isn’t the best experience, whether on light or dark mode. But a traditional printed book cannot be read at all when you turn the lights off.
Stoll assumed that you would always need a laptop to read an electronic book. He did not envision dedicated electronic reading devices that were smaller than a laptop…to say nothing of “smart” phones with an “app” called “Kindle.”

Speaking of Amazon Kindles, you CAN buy books straight over the Internet. And music also, from a company that is no longer called Apple Computer.

So Stoll was not perfect. But he anticipated some things that we still struggle with today.

Unedited data!

“What the Internet hucksters won’t tell you is tht the Internet is one big ocean of unedited data, without any pretense of completeness. Lacking editors, reviewers or critics, the Internet has become a wasteland of unfiltered data. You don’t know what to ignore and what’s worth reading.”

While many companies from Yahoo to Altavista to Google to Wikipedia to OpenAI have tried to solve this problem, it is not fully solved.

And then there’s the biggie.

Isolation!

“What’s missing from this electronic wonderland? Human contact. Discount the fawning techno-burble about virtual communities. Computers and networks isolate us from one another. A network chat line is a limp substitute for meeting friends over coffee. No interactive multimedia display comes close to the excitement of a live concert. And who’d prefer cybersex to the real thing?”

Today’s world is actually worse than the one Stoll envisioned. Not only have I conducted most of my interactions with people over chat boxes and screens. But in 2026 we are now interacting with “HAL 9000” non-person entities…and we may not even know that they aren’t human, but synthetic or deepfake identities.

Despite the benefits of remote interactions—they’ve kept me (and my former coworker) employed—Stoll’s warnings about this new world remain valid.

Wrong but right

So I wouldn’t laugh at Stoll’s derision over the emerging Internet. If you were alive in 1995, be honest: did you anticipate THIS?

Proving Humanity

Does it sometimes seem like humanity is obsolete?

There are seemingly more non-human identities than human ones. Bots are selling, and bots are buying.

And we are preparing for this.

We are currently in the phase where human influencers tell human listeners how AI will change everything.
But this phase is only transitional, because the human influencers and human listeners are no longer needed.
Why does Satya Nadella have to criticize references to “slop” when a bot can issue those criticisms much more quickly…without the nearly $100 million price tag?

So humanity is no longer necessary.

Or is it?

There are pockets where people value humanity and think that a human brings something that a bot never could.

But before we stop relying on bots and start relying on humans, we need to know whether those humans are real, or if they are bots themselves.

To do this, we have to know who those humans are—proving humanity.

Six identity factors. One Bredemarket ebook. Total identity protection. Purchase “Proving Humanity: The Six Factors of Identity Verification and Authentication.”

Four pages from "Proving Humanity: The Six Factors of Identity Verification and Authentication" by John E. Bredehoft, Bredemarket., Click on the image to purchase.

Identifying Non-Human Identities with SPIFFE and SPIRE

I once tried to see if non-human identities could verify and authenticate with the six human factors. (Yeah, six. Watch for the book.)

Definitions

In reality, non-human identities use entirely different authentication methods…with their own acronyms. For example:

SPIFFE is the Secure Production Identity Framework For Everyone.
SPIRE is the SPIFFE Runtime Environment.

So what are SPIFFE and SPIRE?

“SPIFFE and SPIRE provide strongly attested, cryptographic identities to workloads across a wide variety of platforms”

That wide variety of platforms is distributed.

“SPIFFE and SPIRE provide a uniform identity control plane across modern and heterogeneous infrastructure. Since software and application architectures have grown substantially, they are spread across virtual machines in public clouds and private data centers.”

Distinguishing between the two, the SPIFFE Project “defines a framework and set of standards for identifying and securing communications between application services, while the runtime environment SPIRE “is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms.”

Benefits

Forget all that. Let’s get to the benefits.

Enable defense in depth: Provide strongly attested identities to reduce the likelihood of breach through credential comprise

Reduce operational complexity: Consistent, automated management of identity reduces the burden of devops teams

Interoperability: Simplifies the technical aspects of full interoperability across multiple stacks

Compliance and auditability: Enables mutually authenticated TLS and multiple roots of trust to meet regulatory requirements

Use at Uber

But does anyone use it? Yes. Take Uber:

“We use SPIRE at Uber to provide identity to workloads running in multiple clouds (GCP, OCI, AWS, on-premise) for a variety of jobs, including stateless services, stateful storage, batch and streaming jobs, CI jobs, workflow executions, infrastructure services, and more. We have worked with the open source community since the early stages of the project in mid-2018 to address production readiness and scalability concerns.”

More here.

Now this is admittedly a whole new world for me, far afield from the usual 12345 and gummy arguments where I usually reside. But since bots will soon outnumber people (if they don’t already), we had all better learn it.

WordPress and Claude: No, Yes, Maybe, No, No…and No

There is a difference between a writer and a content creator. It becomes obvious when you read WordPress’ recent post, “How to Slop Your Content in Five Steps.”

Actually, that’s not the title.

Claude the content creator

Whoever or whatever wrote WordPress’ post used a more AEO-friendly title: “How to Build an Endless Stream of Content Ideas with WordPress and Claude.”

And there are five steps.

Step 1: Connect Claude to your WordPress.com website.

Step 2: Ask Claude to review your website and find content gaps.

Step 3: Ask Claude to prioritize topics and create a content calendar.

Step 4: Create Claude-assisted outlines and articles.

Step 5: Ask Claude to add the article to WordPress.com.

Bredemarket the writer

Before I discuss these five steps, let me state two things specific to me that may not apply to you.

I never let a non-human write the first draft, much less the final piece. This has been my policy since 2023.

With one glaring exception, the Bredebot project. This is a highlighted experiment to see how far a well-prompted bot will go.

So my specific response to these steps is to consider the gap analysis in step 2. Bots are good at such analysis, but they have to be watched in case they don’t get their facts straight.

But I won’t give Claude the permission to write and post articles, or even any permissions on WordPress. This is a security issue, after all; how do YOU control site access for non-human identities?

In fact, I may not even use Claude for step 2, even if it’s the cool kid this week last I checked. I may use Gemini…or a thousand Bangladesh techies…or a million Pentiums…or Mika.

How you work with outside content creators

But what about you?

Before answering, take the five steps above and change the name “Claude” to Barney…or Bredemarket.

Would you give Barney or Bredemarket that power over your website?

Maybe…or maybe not.

How Bredemarket works with you

In the case of Bredemarket, I usually do NOT have direct access to my clients’ websites, sending them Word documents instead. And in the one instance where I did have website access, I left every one of my drafts in draft mode.

And when I perform a gap analysis, I present my client with choices and ask the client to choose the topic, or at least approve my suggested topic.

Because your website is not mine, or Mika’s…or Claude’s.

Stop losing prospects! Use Bredemarket content for tech marketers