I’m sitting at the computer with a glass of Chardonnay (used it with fish last night, can’t let the rest of the bottle go bad!) and writing to stave off a SERIOUS craving for frosting. I’ve looked up at least a dozen different recipes in the last 24 hours, and can almost recite the differences between Swiss, Italian, and French buttercream. If a recipe ever calls for vast quantities of Crisco or other shortening for frosting and does not use butter, please, do us all a favor. Rip the recipe out of the book, throw away the recipe, and burn the book. Yuck.

However, to set up for an easy dinner tomorrow and keep away from the sugar, butter, and eggs (that’s it! well, and a bit of vanilla…) I picked up a pizza dough recipe I looked at recently. I’ve talked before about Rouxbe, the online resource for cooking tips, recipes, and lessons. They’re star people, and Dawn and Joe have both been supporters of my food adventures, answering questions and giving plenty of advice along the way. I’ve been a member for a long time now. Funny enough, Joe remembers me for starting the conversation about how even trained chefs eat Costco hot dogs – I’ve got to work my way up from that!

To give you a taste of what they have to offer, I’ll let them show you the recipe preview (Flash required):

They offer this high quality video detailing step-by-step all parts of a recipe, with tips sprinkled throughout (see "Related Techniques" above) that boost your knowledge. The dough slow-rises in the refrigerator overnight, so I’ve done the first part tonight and will do the rest tomorrow – plus, I now have dough in the freezer ready for another day.

That’s not the best part. Last week, they (finally!!) launched the Rouxbe Cooking School, a partnership with the Northwest Culinary Academy of Vancouver. This is something I wanted to see years ago – this is the sort of instruction and comprehensive learning facility that is missing without actually leaving my career and changing worlds. I’ve read all sorts of instruction on technique and skills, and consider myself reasonably capable in a kitchen, but actually seeing it and going through all the details is a wonderful experience. It’s high quality, and perfect for the enthusiastic cook like me with a day job.

Here’s a taste of the cooking school lessons:

I really can’t say enough good things about what these folks have done, both in growing an online community, providing good video recipes that are easy to follow, and now especially to publish a curriculum like this.

Ding! Laundry’s done. Off to bed now – I’ll let you know how the pizza turned out tomorrow.

Still getting some of the home computing resources back into place after Operation: Nachos (the escape from Rita). The Linux server, drteeth, is in place but not powered on – haven’t put time into working on any of the projects on that machine yet. The Windows PC, floyd, is limping along. The CPU cooling fan failed shortly before the hurricane, so at the moment, the system case is opened and is ghetto-cooled by a desk fan.

In other news, Opera is free. Opera was one of the early “alternative” browsers, dating back to the Netscape/MSIE fights. It has some nice eye candy, but the feature I’m enjoying most now is the voice feature. It provides text-to-speech capabilities, which means I can have my browser reading web pages to me while I’m following up on emails. It also allows for voice control of the browser, but I don’t have a headset for the laptop yet.

Almost done with the setup of WiKID – have put all the components in place, now just need to do some last configuration. Christine has her first round of exams this week, so I’ve put some of that on hold.

In other news, I’ve been cooking in earnest again. We made some great dips and such for Christine’s birthday party last weekend, and I’ve made some outstanding vegetable soup and sausages en papillote this week. I love my kitchen.

The WiKID thread continues at Thinking WiKID Thoughts, the blog of the CEO of WiKID systems. Awesome stuff.

WiKID Systems Open Source Strong Authentication System – their commercial site can be found at wikidsystems.com

Let me break down some terms before I jump in here:

• Identification vs. authorization – Identification is asserting your identity (“My name is Mike”). Authentication is proving your identity (“Here’s my driver’s license that says I’m Mike”).
• Strong authentication – Authentication that is considered relatively secure and definitive. Generally equates to two-factor authentication.
• Two-factor Authentication – You can prove your identity in one of three ways: something you know, something you have, and something you are. The first one, something you know, could be a password, passphrase, or the answer to a secret question. The second one, something you have, is a token, such as a smart card, key fob, dongle, passport, birth certificate – it’s a unique physical thing that only you possess. The last one, something you are, is a biometric – your fingerprint, retinal scan, voiceprint, et cetera. Two-factor authentication means using two of these three things to prove identity.

With that in mind, I can explain why WiKID caught my eye. Usernames and passwords, in almost any real-world setting, are fairly insecure. They can be guessed, sniffed, or brute forced. We often use easy to remember passwords (mydogskip) instead of more secure passwords (b!ouFroap*lus1le). We don’t change them often enough, and we use the same password for many systems. There are some good uses of passwords, and they aren’t all bad, but there is a need for stronger authentication.

I have a smart card for work. That card is how I log on in the morning, how I open a connection to the office from home, how I authenticate myself to many of our internal systems. I plug it in to a special card reader, enter in my PIN, and it sends off the digital certificate that validates I am who I say I am. This is two-factor authentication, combining something I have (the smart card) with something I know (the PIN).

This is great for the corporate environment, where there are people whose job is to maintain all the digital certificates (granting, expiring, revoking, etc.) and to handle the cases where somebody forgot their card at home, or lost it, or what not. It’s also worth it to a corporation to tie in their systems to this single source of authentication. This is a fairly expensive proposition, however, for the home user.

WiKID aims to solve this by providing a software-based token. Essentially, there are three components:

1. WiKID server – This is the heart of the authentication. Basically, this is the part that maintains the list of registered users.
2. Device client – This is the software-based token I mentioned. This is what you use to authenticate yourself.
3. Network client – This is the agent that runs in the target system. This agent replaces the old authentication scheme, like usernames/passwords, that your web site formerly used.

Basically, it works like this (based on http://www.wikidsystems.com/technology/overview):
You need to authenticate yourself to your web site (for example). You open up the Device client on your computer and feed it your PIN code. The device client encrypts the PIN so only the WiKID server can read it and “phones home” to the WiKID server that manages your user directory and verifies your name and PIN. The WiKID server checks this, and issues you a one-time password (OTP), a magic code that is only valid for a short period of time. You feed that code to your web site, which asks the WiKID server if this is a valid OTP for you. The WiKID server answers yes, and presto, you’re authenticated.

This is more secure than a username and password for a few reasons:

I haven’t done a deep dive into this yet, but on the surface, it’s a pretty good thing. It would be possible to capture and spoof the encrypted PIN transmission to the WiKID server, but traditional hardware token-based authentication suffers from the same. There’s an initial set-up step with each Device client to give it the WiKID server keys and add the user to the directory, similar to going to the Department of Motor Vehicles to get your driver’s license. Overall, though, it appears to be nicely secure. Time permitting, I’ll look at adding it to my SSH server at home and for my WordPress installation.

The one problem I have with this solution is the software token, the Device client. In a traditional scenario, not only is my PIN secret but my token is unique – somebody has to have my token in order to impersonate me. With WiKID, I can authenticate using anybody’s device client that has my server’s key. Every device that has registered with my WiKID server could be used by me to authenticate – or by anybody else that happened to discover my PIN. It’s not wide open to the world, but it is an opening not shared with smart card-based two-factor authentication. The security of this system then essentially revolves around keeping the PIN secret and safe.

In short, I like it for home or perhaps small office use. It’s stronger than passwords and easier to manage than certificates (my current SSH solution). It’s reasonably secure and it’s open source. I’ll report back later on the ease of installation.