decomposing google strong authentication

With the maturing of the internet applications, dual factor authentication becomes a more used approach for protecting identities. traditionally more concerned with identity theft, mail accounts for spamming, now breaking into your cloud accounts to find photo’s seem to be more of a driver. Many (public) saas providers are offering a form of dual factor, like github.com/facebook/twitter/evernote. There is even a website to track progress (https://twofactorauth.org/). One approach I find most advanced is Google, because it is very rich in its self service, configuration and detection. Here is my deconstruction of its features.

Google strong authentication, google calls it 2-Step Verification, can be configured by the user itself. As soon as you have an account, you will be offered additional features to protect your account. To setup up configuration, a wizard is offered to guide you through the process. Next to setting your personal info, there is a separate option security. Besides ways to enable dual factor, google already offers guide some additional features. Obviously there is management of connected apps for oauth/openids.
It also offers settings specifically for security alerts, and overviews of connected devices and listing of security related events. You can view high profile security related actions and access events from devices seperately. I find these features very strong compared to other sites. For google, the Chrome browser is an access point to the universe and in that way devices, like mobiles and tables are similar to your desktop. Your desktop/chrome browser combination is just another device.

The pattern, comparing to some other sites, here is fourfold:

  1. Allow self service to enable protection of your account
  2. Allow easier access from apps and services by registration (through oauth)
  3. Show the different devices, treating desktop/laptop’s similar to mobile devices
  4. Provide clear overview access events

You can however tell the maturity of a service by the clear separation off access between devices and apps. Preferably treating your browser/laptop combination as just another app/device. It truly has became two dimensions. You see this for google and also evernote. For the latter, there is no browser, but a browser extension (the evernote clipper). Consider for example github.com, also having strong security features, still talks about ‘sessions’. It is considering access still one dimensional, in the traditional “I can login from the webcafe or from home” way.

The authentication itself
This is about various forms of stronger login and means of recovery in case something get lost. Google offers four forms of strong authentication. The wizard is guiding you through the process and you can select either the app based OTP generator mode or the SMS/voice mode. For the app you can download google’s or use alternatives like Authy. Seeding the app is as simple as holding your camera against the QR code, and the app is seeded. The mechanism is such that if you initialize another app, you will render the previous inactive. You could also choose SMS, in that case you will receive the OTP at moment of logging in. If that is not sufficient for you, you can rely on an even stronger form using a Yubikey, a usb based device that needs to be plugged into you laptop or desktop. This serves as a stronger something you own.

Screen Shot 2014-11-28 at 06.55.18Trusted applications are registered once. So first time authentication is strong and after that the app is registered, like for example the Chrome setup with the toolbar. After that only on high risk areas the password is requested once the user enters a high risk are. The OTP based dual factor works on all Google apps and devices. However you might run into situations were your application cannot use the strong authentication setup. For example using Calendars and Contacts in Mail or on your iPhone. For that it offers specific 16 character passwords. Screen Shot 2014-11-28 at 06.47.16These are generated once and should only be used in one use case. Interestingly the web login recognizes these types of passwords, and does not allow you to use those to login on the web. It is therefore a true API token. From the portal these tokens can be managed and revoked.

After setting up strong authentication Google offers, in total, three ways of authentication:

  1. General two factor login, with authenticator of your liking (SMS/Voice, App or YubiKey) and password
  2. Trusted devices, password only, you can pull back current, or all at once
  3. App tokens, passwords generated once for specific use cases

recovery
Unless you are running something like Authy you will run into situations were your phone gets lost or were you might accidently wipe your token application (guilty). Not being able to recieve an SMS token or generate one is kinda hard in a strong authentication setup. Obviously it has the well accepted form of printed one time passwords, basically a list of 10 next OTPs. A very strong addition is the fallback to (secondary) SMS in case your primary gets lost. Next to that it allows you to switch methods and re-enroll at any time. Google makes a very strong case for self service, offering as much features as possible.

I consider Google’s authentication to be one of the most advanced authentication mechanisms, truly focussed on usability in a multi device, app centric world. The main theme of the breakdown is self service: in enrolling, recovery, detection and obviously switching. The big difference however between enterprise provisioning and consumer authentication is that the enterprise wants to enroll securely and with certainty that the account arrives safely at the person and remains there. While in the consumer business the account is provided and after that the user wants means that the account remains with the user safely. It trusts users completely to handle this tasks. There is so much to learn for enterprise from the consumerized world.

it is called identity relationship management

Soon after we started developing Connect at Schuberg Philis, we also renewed our queste into the land of Identity. For that we found our partner Everett. On of the main topics was a better way to open up and develop a rock solid way to protect the borders of the Connect applications while providing a great Single Sign On experience. It was an short and brief search, as we found ForgeRock OpenAM to fulfill our needs. And we are very, very enthousiastic about the product: we have several applications exposed in a secure and scalable way. We have various means of logging in (single factor, otp in soft/hard/sms, pki and software certificates), even nicer we can switch means between devices.
A while later we were invited to speak at a IDC IT Security Conference in Utrecht. It was there were I saw a glimpse of the future. We were discussing our implementation when Johan van Hove from ForgeRock mentioned this example of a University that asked students to link their LinkedIn profile to the student accounts. This was an Ivy League university, high fees and a tough enlisting process. Why going through the trouble of linking Social IDs? The answer was that, next to the benefits of deferring the dreaded password handling problem, it also gave access to some viable public and self maintained information: once the students have done their track, they become professionals and start their careers. During their careers they update their profiles and those changes are of interest to the University. A great way to stay in touch and provide info at the right time. All with student consent of course, since the student accepts and can pull the link at the moment they want. I saw the future and it is now already….
I learned that it is not Identity and Access anymore, it is not protecting the company border for company employees anymore. It is now open, in the world out there, for customers and social. They call it Identity Relationship Management and as it turned out, Forgerock, Salesforce and the open Kantara Initiative are exploring this space. I got lots if insight during the IRM summit 2014 in Dubin and saw the space is rapidly expanding. It is rapidly expanding because of the so called perfect storm of four hypes: Cloud, Social, Mobile and Big Data. Those four, also called a Nexus of Forces by Gartner are rocking our IT world like a Supernova. Big Data actually because of the Little Data. The data points produced by all of our connecting devices and wearables. Weigh yourself and you get one metric. Weigh yourself frequently on an internet connected scale and all of a sudden you have your own big data problem with security concerns. The Internet of Things is nothing without Identity.
Kuppinger Cole, a leading IRM/IAM analyst bureau, calls it the Computing Troika and this image says it all:

Computing Troika, Image from KuppingerCole

Computing Troika, Image from KuppingerCole

We are not discussing company X with Y employees anymore, since we are bringing our own devices are working from home, want spiffy experiences. We want to login like so many social sites, like we do for example with Spotify and Kickstarter, with our Social IDs (See the post of our security officer, Frank Breedijk). We are discussing at lead Y times 4 devices, for employees. Plus W times 4 devices for partners, which are changing constantly, working on applications hosted everywhere.
We cannot see the world as companies with hard shells, like medieval castles with high walls. We are now living in a world were information is everywhere and the information layer becomes the primary focal point. Identity is the new primary information component like a computing component is in cloud. Future is bright, the future is now. Love to jump into this exciting new place.

See also:

Istanbul running from asia to europe

IMG_1854

I once had a skiteacher who explained me that the advantage of skiing over snowboarding was that he had four sides (kanten) to express himself. That is how I actually feel about endurance sports as well. You have you main events to train towards, Sunday easy sets, crowded tradition runs, local village runs for all out performance and city events.

Screen Shot 2014-11-17 at 21.26.56

You can go faster, you can go longer, you can go for a personal best, you can go for sightseeing, or you could just go to enjoy yourself and have a great time. The other day Helen came home with an invitation for an organised trip to the Istanbul Marathon, the only marathon that starts in Asia and ends in Europe. Not really into marathoning she dismissed it initially, but somehow it got our interest. She had been to Istanbul before and knew what a great city it is. We checked the site and to our surprise a shorter distance was organised as well, with the same Asia to Europe Challenge.

Looking for great weekend out together we decided to go for it, and what a great little trip it turned out to be. Just knowing too little about Turkey other than the recent troubles I had no clue what to expect. Well, on the international business level the world is kinda flat and you do know. But other than that… Istanbul is just amazing.

IMG_1852

What great fun it is to see the city as a runner. Instead of packing your weekend with the great landmarks and other tourist places, just center your trip around a run. Your weekend has a different rhythm because we you arrive you need to pickup your bib and startnumber. Definitely with a Marathon which has fast quantities of people visit. Needless to say all Marathon expo’s are alike, a large stadium with lots of running info and off course the place to pick up your stuff. This stadium is in the outskirts of the city, unfortunately close to the airport, so we had to travel all the way back. Luckely with a railway through the streets of Sultanahmet, so a change to see the wonderful monuments already. Going back just mesmerized by the exotic colors, sounds and smells of the markets, bazars and the great fish places near the Galata bridge

We stayed near the square and Istiklal Caddesi in Beyoglu, which is like a main, western, shoping street, only LARGER. On time to bed, we had to get up early to take the bus at 7:00 from the Taxim square to the start of the race. western To notice that Istanbul organises its streets about themes: shoe sellers in one street, tool in another, clothing in a third and so forth, like medival cities Try to see that from your hop-on, hop-off bus…. The start was exotic, chaotic, with all the local people helping out and trying to make a Lira. Somehow it feels like everybody is working hard to make some money. We got there early, so we soaked it all in and suddenly it was quiet and people started singing

A bang and off they went, Marathoners for their epic event. We had to wait half an hour longer for our start of the 10k. Running is universal and people are all alike. It just felt like any other event, only we could not understand people. Although everybody in Turkey speak English very, very well.

IMG_1858

Half an hour later it was our time. And we started of. How funny to see that most people take the opportunity to see the bridge, walking, in opposite direction. So this was the slowest start ever. Passing it we made it from Asia to Europe, not changing our religion, btw … Only to make it worse by a steep climb the second kilometer.
IMG_1873
But over the hill it was all down, steep and fast….. Half way we passed the Dolmabahçe Palace, the place Ataturk died and it was already time to finish the race. Over the Galata bridge near the spice market. Time doesn’t matter, we did well and it is not even a fast race with loads of walkers. We ran together and had great fun. We crossed two continents, it was time for beer.

What a great way to learn new places and see them in a different way. Next year we will be doing the same on a different run. A short distance during the Athene Marathon sounds interesting, or do you have another suggestion? And Istanbul, do not worry, we will definitly be back and spend more time on your classical attraction this time.

IMG_1891

microsoft is open-sourcing .net

History was made today. Not only did humanity land on an astroid for the very first time, but also Microsoft re-invent (sic) itself today. Right about the moment Rosetta Philae lander touched upon 67P, news came out that Microsoft released the .Net framework into open source. This will allow it to run on Linux and OSX as well.

All the news about the great engineering feat in which a man-made object lands for the very first time, after a trip of 10 years and traveling more than 4 billion miles, was dwarfed by the news that this powerhouse of Enterprise software is moving into the 21st century. My guess is they had to do it. The days of closed end-2-end stacks is over. Teams want to be fully in control of their own stacks from hypervisor all the way up to the programming libraries.

A true confirmation of the small revolution going on in enterprise software and a great day for the world.

r_17-15-00_jx7ENjy6ac

IRM Summit Nov 2014 Writeup

About
Monday 3-Nov till Wednesday 5-Nov, (Second European) Identity Relationship Management Summit (www.irmsummit.com) organised by Forgerock in Dublin. Because Identity is the most important topic in the connected years to come. Forgerock invented this term, all relevant thinkers and practitioners were at the summit. I am fairly new to the topic, I found what I was looking for, amazing summit, great venue BTW. Great minds, I even so a slide with Hegel I think. Here a small writeup of what I learned.

Check the guy at second 41!

Summary
With IRM Forgerock, your 21st century startup (Series B, going solo, not for big vendor exit), moved from enterprise world (IAM:Identity and Access Management) to a consumerized world. Redefining the field while it is jumping on the Internet of Things bandwagon (I of IoT is about Identity).
In the Connected world there will be no Thing or device without a person (=identity) behind it. We will move from protecting the company wall (dmz, firewall = Hard perimeter) to protecting our data in the Cloud (think: Flickr per picture you define who can view or print your pictures = pervasive security). “the concept of Identity Management will be redefined through IoT what to own, share and use”.
First day was Partnerday and Kantara (the open initiative to propel Identity into the IRM age) workshop, Second day was customer talks, Third day was product demo day.
I did a panel discussion (together with Paul from PortBase) and a customer talk.

Numbers, Numbers, Numbers

  • “78% of consumers think it is hard to trust companies when it comes to use of their data, and 70% think there are few or no trusted ways to find out about personal data use.”
  • IAM market $6.6B in 2017 (IDC) (behind the firewall employee problem), $86B Security 2016, $8.9T internet of things 2020, $241B cloud computing 2020
    by 2020
  • 70% off all business will use of attribute based access control  (ABAC) mechanisms instead of role based access control (RBAC) (<5% today)
  • About 95% of CPU’s in mobile is from ARM (yeah Intel….)
  • Only 33% of intrusion victims are notified internally, the average attacker spends 229 days IN the network
  • Banks are still trusted 51%, Social Networks only 21% by consumers with their data (orange)

Four Topics

1. Standards

  • Identity moves to identity authorities (who is the person) and attribute (what do you know about the person) providers
  • “The password antipattern from the dark ages”, Killing passwords is IAMs new black
  • The unlisted view (youtube) is an expensive and proprietary solution and not true IRM (= define on a person to person level what to see and do)
  • Digital business changes the scope of IAM, right access for the right reasons
  • The new holy trinity: OpenID Connect, OAuth 2.0 and UMA (Unified Managed Account), old venn here
    • OAuth is about availability
    • OpenID is about single sign and federations
    • UMA, individuals and sharing Identity is about providing
  • Consent on what to do with your data
  • We will move from Role Based Access Control (RBAC) to Attribute Based Access Control (ABAC)
  • API move from CRUD to CRUDPAQ (Create, Read, Update, Delete, Patch, Action, Query)
  • is LDAP still relevant? world is moving from hierarchical to relational, path, graph, directed graph
  • Ian Glazer, the Round wheels of IAM/IRM
    • Authentication can be solved
    • Authorization not yet solved,
      • XACML is not there yet (REST/JSON is one step)
      • UMA still needs more miles on the road
    • Attributes nearly solved
      • Webscale attribute access (UserInfo, ADAP)
    • User provisioning almost solved
      • SCIM needs more supporters,it is time to adopt it

2. Scale

  • Mark Weiser 1991, The computer for the 21st century, Kevin Ashton, 1999 proposed the term IoT, http://kevinjashton.com/
  • Functional  (mechanical scale) becomes Little data (wired scale), protect the Little data (your daily body weight figure needs your identity) before it becomes Big Data
  • CRM does think about the customer relationally not hierarchical (LDAP)
  • must be solved for all domains: web and mobile
  • Trustworthy IoT at Internet/Web scale
  • The median of size of countries is 5 million, which is not even a large Internet roll out anymore
  • The big questions:
    • “How do I roll out new services for any device or thing?”
    • “How do I scale to support hundreds of millions of users and devices?”
    • “How do I roll out identiy serviers in weeks no months?”
    • “How do I roll out services taking context into account?”

3. privacy and security

  • rights to be forgotten, eraser law california
  • Tug of War: personalized and recognized versus secure
  • In the early days your Mom picked up the phone before screaming for you: We don’t know what our kids are doing, but someone does with all the big data
  • Digital Transformation is about Digital Identity
  • Consent and Consent Receipts
  • The identity system should be able to identify threads, integrate your thread management with Identity management
  • Security will be contextual: you never login from China, but if your device (=ipad) logs in from China it is probably you
  • Protection moves from the shell (firewall, ip/port/protocol) to context and device (the ipad from person X has malware, let’s block the device and not the person)
  • bank infrastructure is (being) used for providing identity services
  • privacy and national security are like opposite of a slider (ian goldberg, nymity slider)

4. value, marketing

  • Context, context, context, context
  • personalize through context, they know more about their customer and how they interact
  • point of contact between person and thing, second point of contact between thing and service, context
  • Your coffeemachine will have an identity and you will have to authenticate yourself
    In the Digital Transformation you need one combined view of the user over all systems, on unified Identity
  • Lots of discussion about the Digital Citizen, context
  • selective/constraint person-to-person datasharing, flickr: viewing versus printing, context
  • “IRM requires the right architecture!”. We do not need more applications, but an infrastructure.
  • context, context, context, context, context. it is about you.

Demo’s

  • Integrated door handling combined with Identity management
  • Authenticated Coffee machine, making coffee drinking social
  • Wristbands authentication, handling and protocols
  • Connected Stethoscopes in the Internet of Things
  • OpenAM version 12 (with out of the box Google/Facebook etc integration)
  • Guardian analytics, integrated Identity and Threadmanagement
  • ENCAP, next level Online, Softtoken based 2nd factor authentication

Speakers/People to watch

Friends

  • Henk Marsman, Deloitte, Identity practise
  • Paul Saraber, Portbase Rotterdam
  • And of course, the good company of Everett!

Links:

That’s a wrap 2014

10647098_378985108919552_6588383945505144209_nIt is already 4 years ago that I started my late age sports career. Having grown to a fully sized 91kg and lot’s of complaints about my energy, it was finally time to do something about it late 2010. With great pleasure I still remember my first running training in the Flevopark, this year I finished my Half Marathon (of Amsterdam) with a IMG_1475decent 1:44:30. It was a good thing to not go farther but only faster last year. The greatest most thrilling event of the year was to finish th Kids Amsterdam City Swim with Mila!!

10590695_378004482350948_8110906014649746667_n

All in all it was a good year:

  • Running 10K – 44:45 Dorpsloop Baambrugge (was: 51:00)
  • Running 21K – 1:44:30 Half Marathon of Amsterdam (was 1:54)
  • Running 10Mi – 1:16:14 Damloop 2014 (2011 – 1:27, 2012 – 1:25, 2013 – 1:23)
  • Swimming 3 times Pampus (never mind the time, we made it ;)
  • 1/8 Triathlon – 1:10 Ter Aar (was 1:21)
  • 1/4 Triathlon – 2:26 Spijkenisse (was 2:50)
  • Weight – 71KG (was 80KG last year)

So it is time to recover and do some other stuff with the family. Some big plans and training for 2015 starts in december again.

Willy explaining planning poker

The day we visited Ashram, we had the pleasure of experiencing what goes on in the classroom. One of the classes got introduced to estimating backlog and doing planning poker. It was just the second class in the morning, first class had left the room. And we were discussing what we observed in the first class while we were waiting.

IMG_1354Some moments later a new class entered the room. Willy was a little more firm on this class, no bags on the table, but same setting, all groups joining together. This time we got some more insight; this class went through the first two lessons. This, we learned, was basically about:

  • having a short introduction in eduScrum, the basics and principles
  • dividing in groups of four based on qualities
  • breaking down their first assignment, some chapters in their class book with an end assignment

Willy continued and explained they now had to estimate the backlog, they work they had broken down the previous class into tasks with post-its. Willy distributed planning poker cards and said the first tasks, the first page of a book was 2, they had to estimate accordingly. Class looked puzzled, so he continued: “I am going to explain you something about relative comparison. I am 50 Kg,” (which I have to tell you is a little off reality), “no I am 50 Apples, no I am 50 A, how much are you?” looking at one of the girls sitting in front of the class. A little hesitant she admitted she wouldn’t know, so he asked again: “I am 50 A, how much are you?”, “40 A?”, she said. “Thank you for the compliment! but accepted, so how about you?” looking at another student. “30 A?”, she replied. “Excellent, you get the idea. Just throw away the dimensions, but if I am 50 A, you are perfectly able to estimate your are less, and you are even lesser. So let’s continue,” and he walked to a group handing them cards, taking two activities, one he declared 2 and the other was obviously more complex. “Now,” he said, “take your cards, give your estimate, and on the count of three give me your number, 1, 2, 3,…. Too slow guys, once more and all at the same moment, 1, 2, 3 ….” We saw 8,2,5, 8, 2.”Can’t be, they cannot be same as the previous task do it again, 1,2,3 ..” and 8,8,8,5,8 popped up. He declared it eight and you say some students in the other groups making sound they start to understand. He told once again the relevance of the relevant comparison, waiving away the need to be exact and stressing the importance of coming to understanding in a double blind proposal.

Some few moments later he had the impression students in all groups would understand and invited them to start estimating the complete backlog of the previous lesson. Some half hour passed, few questions, but most of all we just had time to watch and observe. And in the final minutes Willy invited everybody to add all numbers and call out the total: 250, 178, 320, 380, 290. 356, some were a little reluctant, but that would stop him.

“Now I take one of these numbers, 380, forget if it is right or not, it is the number of this group. If this is your estimation I just plot it here. We have ten lessons to go, forget about this and the previous lessons. We just take the 380, according to your estimation based on 2 for reading the first page, you need to do 380 points in 10 lessons. So 38 points per lesson (writing 38 p/l, introducing dimensional calculation at the same time again). We take the graph putting 380 on x=0 and drawing a straight line down to 0 at x=10″, basically drawing the burndown chart.

“Now next lesson you will come. It will be lesson zero and you do work. The next lesson you will come and put work from todo to done and count the numbers. It is expected you do 38 points work. That your will write done here. The next lesson you will come again doing the same. We will have two points and we know what your velocity, meaning points per lesson is.” he continued, “Now I do not care what your are doing, when you are doing it, where you are doing it. But you are expected to do 38 per lesson. If you are doing more, you are ok, having free time the last lessons. doing some french exam or something. It is up to you. If you do less however, I will ask and we will have to find a way together to go faster, ” he said, “However I do not expect you to do, since nobody ever did less”. “My experience is, ” he continued, “that first and second graders are right on the spot, eager as they are. Sixed graders however are like this, doing nothing the first two lessons and then catching on, but you will all make it on time, maybe even earlier if you just follow your own planning.”

“So it is up to you,” he said. And the buzzer went of, kids picking their bags, running of, “you just do whatever you like, but remember, ” as they went out the door, ” you listen to me and do as I tell you” and he showed a big smile because he just knows after two year, they all get it. Do their work, spent less on homework, hardly ever has to interrupt himself and they would all have higher grades.

Jeff meets Ashram

The eduScrum team is making some remarkable progress. Lot’s of classes are fully running eduScrum at the Ashram college, the first teachers are trained and applying it outside the team and even some first schools outside the Ashram are implementing eduScrum. Gradually it is growing.
So we welcomed the request from Jeff and JJ to visit the Ashram and see the results for themselves. It was a little early (school had just started for one week after the summerholidays), and the team was even a bit worried they could not show the energy and excitement that is going on in the classroom. But what a wonderful day it was. Willy and Jan prepared a great little program for Jeff and JJ to show them what they are doing.

IMG_0656

picture copyright Ashram college, do not reprint without permission.

We arrived early in Alphen, some time before first lessons, and, boy we were allowed to visit the teachersroom, now finally we know what is going on overthere (obviously being incrowd now, we will not tell you). We stepped into the Chemistry class of Willy, with Havo 3 (15 year olds) about to start.
First thing I noticed was the classroom had the studentdesks organised in little islands of 2 by 2. So half of them with the backs against the whiteboard in front of classroom, with the back against the teacher! Furthermore everywhere there seem to be examples of scrumboards in A0 paper flaps hanging in the classroom.
The students entered classroom quietly, taking their A0 paper flaps in groups and putting them on the wall with magnets. They sat down and waited for their fellow team members to join and started discussing-working with eachother, immediately……
All that time Jeff, JJ, Jan, Willy and myself were chatting with eachother, drinking our coffee. At some point for all groups, kids stood up and shared around the A0 paper flaps, obviously starting a standup meeting. We were all flabbergasted. At some moment Willy put us out of our total confusion: he did something special, knowing that Jeff would be coming he and the class did their utmost best to do the eduScrum planning in 2 lessons, instead of three. All making sure that they would be ready before the visit, and obviously succeeded. The Scrumboards all showed backlog with broken down tasks, estimated and prioritized, a burndown chart and remarks on Definition of Done and Definition of Fun! Everybody knew what to do and just did it!
Willy had the students standup if they had previous eduScum experience and half of the class stood up. We all joined, Jeff made a little introduction and explained some of the history of Scrum. We learned that most kids really found class more enjoyable, having less need of doing homework.
Class continued and kids continued to work by themselves, not being hindered at all by five adults just standing their in the classroom. Sometimes one of the kids would standup and ask a question to Willy, but they all seem to have an excellent idea of what to do next. Just before the end of the 45 minute lesson, Willy all made them aware of the end of the class. The kids stood up moved tasks around from open to in progress or done, making pictures with their phones. Jan told me that is the way they share what to do for homework. And off they were for the next class.

We saw another class going through planning poker, which I will describe later. It was in this class that Jeff wispered to me: “This is amazing. I have seen some Scrum in schools, but that was all about having students understanding Scrum and doing some project. This is all about changing the way one teaches” and I concluded he just realized what the board of the eduScrum foundation and friends of eduScrum have noticed that something new is going on. That Jan, Willy and Ellen are really inventing some new way of teaching, together with the other teachers of the Ashram College something special is happening.

Founded!

It is done! The eduScrum foundation has been founded. During the first friends meeting in March it was suggested by Rini van Solingen that it was probably best to setup a charitable foundation to support the development of eduScrum. Especially Ellen was quite keen on having this setup. Now I am proud to introduce the board:

Combined we expect to bring in loads of energy, scrum experience, do our utmost best to take away any impediment the team has in developing and sharing eduScrum, and combined we have a strong will to change the world!

IBM makes “world’s smallest” movie by filming atoms

Some mad-scientists at IBM have created the “smallest movie” in the world by moving atoms. This might seem a small feat, but just look at the first computer to sing or first computer game and you can just imagine that great things are just about to happen.

See for yourself:

Read more in the IBM http://www.research.ibm.com/articles/madewithatoms.shtml (found it thru gigaom)

If you are not convinced see the first computer sing daisy (kubric fans will recognize the dying HAL scene)