Phil Windley's Technometria

« April 2007 | Main | June 2007 »

May 31, 2007

Phil Wolff on Technometria

I've known Phil Wolff for years. Not in any particular context, he was just a fellow blogger I'd talk to at conferences we both showed up at. I enjoyed what he wrote. Then a while back, I noticed that my friend Phil had put himself front and center of all things Skype with Skype Journal, a blog that provides news, opinion, and tips about Skype.

I ran into Phil at Internet Identity Workshop, where he was proposing something he calls "OpenCallerID." I thought it was high time we talked to him about Skype and other things that are interesting him on Technometria.

This week's podcast is a conversation with Phil Wolff about Skype, OpenCallerID, and even some political issues like Skype censorship in China. I hope you enjoy it.

3:48 PM | Comments () | Recommend This | Print This

New Features on Utah.gov

Dave Fletcher, Utah's Deputy CIO, points out some new features for Utah.gov, Utah's eGovernment portal including many expanded search options, a multimedia portal, and sub-portals for travel and state parks. The state parks site contains a very useful mashup of state park data with Google Maps. Nice.

2:08 PM | Comments (1) | Recommend This | Print This

Using XRDS

Back when people were trying to bring OpenID, LID, and i-names together, something called Yadis was born. At the time, it was all pretty abstract to me, but over time I've come to understand more of the details. Yadis was a discovery protocol for identifiers that was based on XRDS, or eXtensible Resource DescriptorS.

The basic idea was that when you resolved an identifier, you'd get back an XRDS document that would tell you which authentication service the identifier was associated with. I'll talk about the details of how this happens in a minute. First, let's talk about why and what.

One of the things an XRDS document can contain is a pointer to an authentication service. IN fact, that's the most common usage pattern at present. So, when you enter an i-name or a URL into an application that understands Yadis, it will retrieve the XRDS document, look for an authentication service type and endpoint and then use that authentication service. So, the same URL could be an OpenID or a LID identifier depending on what the XRDS document contains that is at that URL.

Yadis has been folded into OpenID 2.0, so from now on, I'll not mention Yadis specifically--any OpenID 2.0 relying party or identity provider will understand XRDS.

XRDS documents are just XML. So, they're mostly human readabe and editable. But, like most complicated XML, you can get confused pretty fast. The XRI resolution specification is the document that describes how XRDS works. An XRDS document is a collection of services. For example, here's the OpenID service descriptor on my i-name:

<xrd:Service>

    <xrd:Type xrd:select='true'>
      http://openid.net/signon/1.0
    </xrd:Type>

    <xrd:URI xrd:priority='1' xrd:append='qxri'>
      https://2idi.com/openid/
    </xrd:URI>

    <xrd:URI xrd:priority='2' xrd:append='qxri'>
      http://2idi.com/openid/
    </xrd:URI>

</xrd:Service>

This says that if I enter my i-name (=windley) at a place that understands OpenID 2.0, that I want to use 2idi's OpenID identity provider as my authentication service. If I changed this XRDS document, I could use MyOpenID.com or any other authentication service transparently to the relying party.

XRDS is more than just a way of pointing to authentication services, however. Andy Dale left a comment about XRDS in response to my post on Sun's support of OpenID and their linking it to employment. He points out that XRDS could be used, in this case, to point to an attribute exchange service that would have attributes giving employment status or even a more general reputation service. He points out that:

The trick is having OpenID providers expose the XRDS to end users in a way that is useful to them. By that I mean a) They have the ability to 'change' their own XRDS. b) Providers support an automatic provisioning protocol so that end users can easily adopt new services without having to craft XML and manually edit their XRDS.

He expanded on his comment in blog post on using XRDS and then expanded on that in a follow up. He points out, that a user had their Flickr feed listed as a http://photo.feed/1.0 type service in their XRDS wouldn't have to tell applications that need that info anything about it--just entering their identifier would allow another application to find out which service providers that person used.

So, how do you return an XRDS document from an identifier? The simplest way is to sign up for an OpenID or an i-name and let the identity provider do it for you. The problem is that most IdPs don't currently allow you to change the contents of your XRDS doc easily. 2idi, the i-name broker I use does. So, as long as I'm happy just using my i-name, that works.

If I want to return an XRDS document that I control from a URL I'm using as an identifier, I probably need to serve it up myself. If you're running your own Web server, that's not to hard. This write up by Josh Hoyt shows how to configure a URL that returns an XRDS document using Apache and some modules (no code).

The basic idea is that I want a URL, say http://phil.windley.org to return it's normal content (from index.shtml in my case) for anything that's not asking for xml+xrds content. That can be accomplished using mod_negotiation to do content negotiation, mod_headers to add the right headers to the response, and mod_rewrite to redirect to the appropriate location (the XRDS doc or the index.shtml document.

This gives you a way of configuring XRDS-style services on whatever URL you want to use as an identifier. You still need to edit the XML by hand, but at least you can.

As an aside, it strikes me that you could use this same trick to put a WADL discovery document for a RESTful API at the API URL and return it when the request specifically set the content type to xml+wadl. A nice way of overloading the URL so that it's the service endpoint and the discovery endpoint all at the same time. Of course, some are bound to object that this isn't very RESTful.

So, that's basically everything I know about XRDS. I plan to XRDS enable on of my identifying URLs and play with it some more. I'll let you know how the experiment goes.

11:26 AM | Comments (6) | Recommend This | Print This

May 29, 2007

Facebook As Platform

Paul Allen is all over Facebook's f8 announcement in this post from last week. I know Paul well enough to know that when he gets this excited, something must be cooking. I even went and signed up for a Facebook account--something I've been loathe to do for some time (I'm tired of joining and typing every detail of my life into one app after another).

9:30 PM | Comments (1) | Recommend This | Print This

Picotux

This picotux server is pretty cool. It's no bigger than an RJ45 jack. With power over Ethernet, you could deploy these anywhere you can run Cat 5 cable. I'm not sure why I love things like this, but I do.

8:36 PM | Comments (4) | Recommend This | Print This

Technorati Wins and Losses

Technorati is one of the tools I use everyday. One of the most important parts of blogging is participating in conversations that are going on the 'Net. Technorati helps me find out when people are responding to something I've written.

The good folks at Technorati are a busy bunch. It seems like the site is different almost everyday. Sometimes radically. Recently the layout for what Technorati now calls "reactions" changed. I like the new look and think that much of the important the information easier to find. It's also not as "busy" with ads. Frankly some of the ads that Technorati has had in the past made me uncomfortable putting forth it forth as a professional tool.

Something I don't like about the new layout is site lock-in. Technorati has removed the links to me from the snippets they put in the site, making it more difficult to find out which responses are meaningful and which are not. I spend more time now deciphering the results--not good for a tool whose value is presenting information.

Lately, they've also removed the links to the blog that's reacting to mine as well. The only link is to the blog's page on Technorati. I'm sure their increasing the page views on Technorati, but they've significantly decreased the value of the tool to me--and others, I suspect.

Technorati is one of the key landmarks of the blogosphere. I recommend it to new bloggers all the time. I hope they'll soon restore some of the things that made it so valuable to me.

Update: I found with some further exploration that it's only some blogs that don't have a link bak to the article from the post title in Technorati. I've concluded that must be a problem with the feed Technorati is getting, not something Technorati is doing on purpose. I coincidentally just had a page of those all at once. Still, I'd like the links restored inside the summary text.

3:03 PM | Comments (1) | Recommend This | Print This

Saying Yes to Paper Ballots

An editorial in last Thursday's Deseret News got a little hot under the collar over the current debate over what to do with electronic voting. It said, in part:

The concern is understandable, of course. New inventions make nervous Nellies of us all. People once feared that microwave ovens would make them sterile or that garage door openers might lead to cancer. Humorist James Thurber recalled that his mother would never leave light sockets open in the house because she was convinced electricity would leak out, costing her money and threatening her health.

Such things are often the source of urban folk legends. Trepidation before the unknown is a natural human reaction.

Overcoming that trepidation, however, is the mark of education and understanding.

Right now, some people are worried there are gremlins in the current voting machines --- that electronic voting is unreliable and open to tampering. They spout anecdotal evidence of irregularities here and there to fuel their fear and want paper ballot backups to fend off any conspirators. It's the same kind of itchy-witchy thinking that leads people to hide bags of money under their mattresses.

And dare we say that almost all of those those skittish souls are likely older than 40? The younger generation sees the outcry for the tangible comfort of paper ballots as a hallmark of the fuddy-duddy. The notion sounds, to young ears, like people demanding election results be chiseled into granite for security.

From deseretnews.com | Vote 'no' on paper ballots
Referenced Tue May 29 2007 08:44:57 GMT-0600 (MDT)

The Deseret News would do well to check their facts before they fly off the handle on this one. The fact is that the people most worried are computer scientists--the people least likely to be afraid of computers merely because they're new.

Jay Lepreau of the CS department at the University of Utah and I published an Op-Ed piece on eVoting in the Salt Lake Tribune in 2004. In that piece we noted "The consensus of computer and security experts is overwhelming: In a poll of members of the ACM, the premier organization for computing professionals, over 95 percent of the respondents felt that voting systems should provide a recountable physical record, e.g., paper." In other words, the people most educated in this area are the ones most concerned.

Congress forced the hands of states in dumping their old voting systems and buying new ones. Most went with so-called DRE touch screen systems like the State of Utah. Utah was smart enough to pass a law requiring a paper audit trail, but apparently the equipment Utah bought won't comply with new Federal regulations in this area.

It's unfortunate that State election officials had to make decisions and spend money before the paint was dry in this debate. The standards are still evolving and experience is showing that the electronic machines do have problems accurately recording votes. Even with paper audit trails, there are problems that are prohibitively expensive to find with audits.

It may seem that as the Feds change the rules, the states have no choice but to continue to change out their electronic voting machines over and over again to comply, but it turns out there is an alternative to the DRE voting machines. Florida recently scrapped it's touch screen machines with optical scan paper ballots. Florida was one of the states that had both--letting the counties decide. After using both, they went for the optical scan system.

That's a safe haven--one that was available to Utah officials in 2004 when they made their decision to go with the current system. Its still a safe haven and the most likely to be future proof as technology and standards continue to evolve. If we do end up scrapping our current machines and having to replace them, let's replace them with something that will stand the test of time.

9:07 AM | Comments (3) | Recommend This | Print This

May 25, 2007

Follow Up To Seth Godin's Visit

I posted my notes from Seth's visit yesterday. Some related happenings might interest you as well.

Phil Burns and Ash Buckles vowed that they'd let Seth shave their heads if enough money was raised to bring Seth to Salt Lake City. After Seth was finished speaking they made good on their pledge. I have a few photos, Phil has more and Ash posted a video. The video is worth watching. Seth was quite humorous when he was shaving heads.

Phil also had a harrowing experience getting Seth to the airport. Phil, I'm laughing. Let me know when you can laugh about it too. :-)

Jason Alba, NewspaperGrl, Startup Princess, and Chris Knudsen all have notes or analysis.

10:11 AM | Comments () | Recommend This | Print This

May 24, 2007

Seth Godin: The Dip

I'm sitting in the Salt Palace in Salt Lake, waiting for Seth Godin to show up. He's reportedly in the car, driving from the airport. That's OK, the wait time has been a great time for talking to friends I don't see all the time. There's probably 350 people here as we get started.

The premise for this event is interesting. Seth is promoting his new book, The Dip. I wrote about it back in April. He will come anywhere people agree to buy 2500 copies of his book. This is just the sort of fascinating Internet marketing that Seth Godin is famous for. An amazing way to sell some books and, more importantly, get his message out. I probably wouldn't have blogged about his book otherwise.

Phil Burns welcomes Seth (click to enlarge)

This month Seth will go to 15 cities, each of which bought at least 2500 books. That's at least 37500 books! What does it take to get on the NY Times Best Seller list? Of course he also has his base. The buzz this marketing method has generated is what's important.

Seth doesn't use slides. He starts out talking about quitting. That's the topic of The Dip. People quit all the time. No one's ever written a book about quitting. He wants to start a conversation about quitting. That's why he makes people buy 5 copies of the book, so we'll give him away and start a conversation.

"Quitters never win and winners never quit" is not true. Winners quit all the time. And quitters win.

What made the Mona Lisa the most famous painting in the world? It got stoeln in 1912 and was missing for eight years. This was coincident with the rise of a paper in France that has 2 million subscribers. The Mona Lisa was in the news almost every day for eight years. He gives other examples of "superstars."

Seth Godin (click to enlarge)

There's a superstar shortage. A world wide shortage. There are plenty in pop music and other area, but not in areas that everyone cares about. There are plenty of niches. The Internet makes it possible for niches to be smaller and this leads to more slots for superstars.

What does "best" mean when Seth says "best in the world?" It's not a hard metric. We know what's not the best. Don't try to be more average than the average guy. Netflix is the best--not because a dozen guys in this room couldn't build something better. Because they fill the niche and do it well.

Best doesn't mean "the most expensive." The market decides who the best is.

Variety is the key to success. More varieties of ice cream is better than two. But vanilla ice cream outsells all other flavors combined. The number one draft pick adds $6 million to the bottom line of the team that gets him compared to the team that gets the number two.

This message is the opposite of the long tail. If you've got to have one blog, it's better to have the fat juicy head, not something on the tail.

The Dip is the place where people quit. Organic chemistry is the dip for doctors. The bar exam is the dip for lawyers. If it weren't for the dip, there'd be no scarcity.

Cumulative advantage is powerful. You get a little momentum and it starts to build. We're interested in what other people are interested in. Best seller lists are all about this. Google compounds this.

For one hundred years, we've organized around making average stuff for average people. Brand is about driving the cycle of average. There's so many products with so many ads, that people have given up.

If you're on the other side of the dip, there are huge wins. But the way you get to the other side is by doing something remarkable--not be being average and buying ads. People talk about the experience.

Reasons for quitting:

1. You run out of time
2. You run out of money
3. You don't take your objective seriously enough
4. You get scared and quit
5. You're a switcher
6. You've been trained to be average. This is the big one. He mentions public schools. They're geared to turn out average people.
7. You don't have the talent. Seth doesn't agree with this one.

People who get through the dip put forth an unhealthy amount of effort and time at what they're doing because they are trying to be the best.

You can get "average" incredibly cheap (that's the whole outsourcing thing). You can't get "the best" cheap.

Companies are cluttering the world with products (19 versions of Oreos) because that's how you get mindshare in the world of "average." Lowering the price isn't the answer--that makes you more of a commodity.

Superstars don't have resumes. Superstars wait for the phone to ring. This sounds hard since first you have to be a superstar, but it's more reliable than trying to be the most average.

He cites The Chosen, a book that shows that going to the best school (Harvard) doesn't lead to people being richer, happier, etc.

The dip is the fence that keeps the competition out. Seek the dips out and work through them. When you're on a dead end, you have to quit immediately before you waste resources that you need to get through the dip somewhere else. He cites the space shuttle as an example of a dead end that keeps the US space program from pushing through the dip.

Mom and pop stores frequently hit a dip: you need professional management, advertising, investors, a line of credit, etc. They stop and don't push through the dip. They "do their best" without trying to become the best. They remain average and fail.

Wind surfing would be easy without the wind. Customer service would be easy without the customers. Mad customers help you push through the dip.

Life is a series of dips. Life is about finding and pushing through dips so that you can enjoy the benefits.

How do you tell the difference between the dip and the dead end? With measurements. PIP: Do you want to quit because you're panicing? Who are you trying to influence? What can I measure that proves I'm making progress?

Size your effort to the dip and pick the right dip. Don't spend $10 million on a $200 million dip. You just lose money. Focus your effort. Woody woodpecker can peck on 10 trees 3000 times or 1 tree 30,000 times. The latter gets him fed.

It's OK to quit when you realize that one of your efforts requires more of your time and effort to get through the dip. Don't be average in a portfolio of activities. Get away from being mediocre.

But The Dip's not really a book about quitting. It's a book about mastery. Once you give yourself permission to quit, you'll quit less. He cites the example of Toyota vs. Ford. Toyota allows their assembly lines to be stopped by any worker (they quit). That forces excellence.

Write one of two things on a post-it note: "I'll be the best I can under the circumstances" or "I'll be the best." People say the second, but they do the first. Call that bluff, find a dip that matches and embrace it.

Seth Godin shaves Phil Burns' head (click to enlarge)

Someone asked this question: "I'm a marketing teacher in a high school. If Seth Godin came to substitute for a day, what would he teach?"

• No one cares about you. Get over it.
• Learn to tell stories.

Someone asks him what books he'd recommend. He mentions Snow Crash, Crossing the Chasm, and Before and After Page Design.

2:07 PM | Comments (2) | Recommend This | Print This

At the May 2007 CTO Breakfast

We had the May CTO Breakfast today. There was a good group and some great discussion.

I started off by talking about the Utopia install at my house. No one else at the meeting has Utopia yet, so there was some interest in how the install went and how well the service works.

We also got into a discussion of Mozy. Of course, Tyler wasn't here this time, so we couldn't pump him for info. A general discussion of backup methods, drives, and programs ensued. I brought up Fuse, a cool way of building file systems in user space.

A subsequent discussion of Google Docs led back to Fuse. Amit Signh has a video showing a Fuse file system for Google Docs, as well as Picassa. This is a cool way to put networked services on the desktop.

We talked about Google's hiring process and the problem they have getting smart people to work for them when they have a strike price on their options of $500. Google's actually set up a unique internal market that allows employees to trade vested options to help solve this problem.

Nobody's really happy with their mail clients ecept Phil Burns who loves Outlook. This was part of a bigger discussion on Vista and how it's working. Lars Rasmussen mentioned a post where he talks about his migration.

We talked about a Web site called Weight Loss Wars. The idea and Web site are good, but the discussion was about how many "Web 2.0" features were in it. So, what are Web 2.0 features? Here's the list we worked out.

• Shared data architecture (RSS, blog widgets, etc.)
• Limited page refreshes
• Collaborative interaction
• APIs so that apps can be built on top of it.

And Phil Burns has a weird post about Blake Snow. Ask him about it.

9:58 AM | Comments () | Recommend This | Print This

May 23, 2007

Seth Godin Tomorrow

8:22 PM | Comments () | Recommend This | Print This

Google Goes Fishing

Jeff Barr has a humorous look at the approach junior Google recruiters are using on him. As Scoble said:

Anyone who does an hour's worth of research with a search engine, like, say, Google's, knows that Jeff is worth hiring and isn't worth treating with a bit of the usual filtering bulls##t. Either hire him, or leave him alone. I also wouldn't let newbie recruiters even get close to anyone who has a blog --- I'd make sure that bloggers get handled by a real pro, not the amateur hour kind of hiring folks that are pitching Jeff currently.

From Google hiring funniness « Scobleizer
Referenced Wed May 23 2007 09:15:04 GMT-0600 (MDT)

Robert's right. The world of blogging has changed what you can know about a person and the sense you can get about them--for good or bad. At more senior levels, I think a company ought to be suspicious of anyone who doesn't have some kind of online trail. I'm not talking about a blog. But when you search on someone who's claiming to have a track record in business, that record ought to be peeking through at least a little.

9:15 AM | Comments (1) | Recommend This | Print This

May 22, 2007

Black Swans and the Impact of Improbable Events

Black Swans (click to enlarge)

Yesterday, Nassim Nicholas Taleb was on Talk of the Nation talking about his book Black Swan. Of course, we published Moira Gunn's interview with Taleb a few weeks ago on IT Conversations.

The name comes from the fact that for centuries Europeans used the term "black swan" as synonymous with something that was impossible--until they got to Australia where black swans are common. Taleb uses it as an allegory for an improbable event that changes some aspect of our world drastically.

It's funny how when you learn a new concept it becomes a way to think about the world (some might say a "lense" that filters the world according to some bias, but that's a different matter). After thinking about this for a few days, I ran across a post on Thomas Barnett's blog that said (in part):

The presumption of "good" or "bad" intell can't really be proven per se. Some always ends up being "amazingly prescient," the rest is a load of hyperbolic crap.

When things work out, no one cares about all the "bad" intell. But when it goes badly (always for a host of reasons and decisions, or simply because the decisionmakers prefer the sub-optimal outcome to no action at all), then the "amazingly prescient" intell is inevitably touted as "proof" of the intell "failure" (I made this argument first in PNM).

Also inevitably, there will be calls for "reform," none of which can possibly overcome this essentially political decisionmaking process, nor will it stop the very same politicians from declaring their pet defense programs "crucial" because "we live in a world of COMPLETE UNCERTAINTY!"

From That's not how intell works (Thomas P.M. Barnett :: Weblog)
Referenced Tue May 22 2007 16:42:46 GMT-0600 (MDT)

This is one of the key points in Taleb's work. In hindsight, we fool ourselves into thinking "we could have known, if only..." and this fallacy leads to wasted efforts and blindness that keeps us from real understanding.

Taleb proposes classifying activities into those belonging to "Mediocristan" and "Extremistan." Mediocristan activities are mundane, change very little, allow good planning, and, as a result, are not prone to "black swan events." Extremistan activities seem to go along a certain trajectory for a while, but a single event can change the outcome wildly. Startups live in Extremistan, as does foreign policy.

We can further classify Extremistan activities into those that are prone to good black swan events and those that are prone to bad black swan events. Startups are an example of the former. For relatively little risk overall, there can be a huge payout--that's why venture capital works. Foreign policy is an example of the latter. No news is good news, as they say. When something happens, its likely to be catastrophic.

All in all a useful idea and one we're not prone to think about often. We like to think we can be smart enough to predict the stock market, the outcome of a piece of legislation, or even the weather. But, alas, we cannot. Taleb's advice: don't trust the so-called expert in matters of black swans.

4:51 PM | Comments () | Recommend This | Print This

Utah Open Source Conference

The conference is looking for proposals for 90 minute classes on open source topics including:

• Business solutions (process, applications, infrastructure)
• IT management and implementation
• Web development
• Language skills (Perl, Python, PHP, Ruby)
• Emerging technologies

I'm thinking about putting in a proposal for a session on OpenID and user-centric identity issues. Lots of open source tie-ins there.

12:43 PM | Comments (3) | Recommend This | Print This

May 21, 2007

CTO Breakfast Reminder

Just a reminder that we'll hold the May CTO breakfast this coming Thursday at 8am. We're in the usual place--the Novell cafeteria. Some of you are still holding out because it seems so far away, but give it a chance. It's actually no further than the Canyon Park Technology Center meeting place from the freeway.

I've been traveling for two weeks: WWW2007 in Banff and IIW2007a in Mountain View and have some interesting ideas from those trips. I'd love to hear about your ideas and interests as well, so come and share. There's no charge to attend, but you'll have to buy your own breakfast, if you like.

Directions can be found on the CTO Breakfast page.

Here are the dates for the upcoming breakfasts:

• Jun 29 (Friday)
• Jul 20 (Friday)
• Aug 23 (Thursday)

Please put these on your calendar now.

See you there.

9:43 PM | Comments (1) | Recommend This | Print This

Stupid Web Design Tricks

I found this list of 19 things not to do when building a Web site.

The first, DO NOT resize the user's browser window, EVER resonated with me because I was reading a site last week that had some great information that I wanted to read, but every time I clicked on a link, my browser would blow up to full size. I finally gave up--it was just too annoying to go on.

I also liked number eight: If your website does not work in Firefox, welcome to 2007 DUMBASS. Even though on average, only 10% or so of users use Firefox, those users are influencers. Of course on some sites, the percentage is much higher. On Technometria, year to date, Firefox and IE users are dead even: 42.9% and 43.1% respectively.

8:39 AM | Comments (2) | Recommend This | Print This

May 18, 2007

Anyone Need a Pair of Netscalers?

Bungee Labs has two pair of Citrix Netscalers for sale. They're new, but out of the box and installed at a couple of data centers. I understand they'll give you a smoking deal. If you're interested, contact me.

2:26 PM | Comments () | Recommend This | Print This

Obfuscating Passwords in Forms

Most are familiar with password fields in Web forms. When you use a password field, anything the user types is obfuscated. This is, to my knowledge, to reduce the danger of shoulder surfers stealing the password by reading the screen as it's typed in. As long as I've used computers, this has been standard practice--the IBM Selectric terminals I used in 1976 would pre-print multiple characters on the paper before having you type your password so it couldn't be stolen from the printout.

What would you think of a social networking Web site that in the interest of reducing friction for people who aren't computer literate simply let passwords be typed into a normal input field, and visible on the screen? How dangerous is that? Is the danger small enough to trade off against the ease-of-use that would result? In short, is password obfuscation an idea that is simply perpetuated without thought now or is it still a vital part of security?

10:59 AM | Comments (12) | Recommend This | Print This

May 17, 2007

Schmedley

Paul Figgiani sent me a link to Schmedley. It's like the OS X dashboard inside the browser. The fact that you can do this kind of thing in a browser still amazes me.

Update: I wrote more about Schmedley at BTL this afternoon.

10:55 AM | Comments (2) | Recommend This | Print This

May 16, 2007

LunchMeet on IIW

Kaliya and I are on LunchMeet today talking about IIW. LunchMeet host Eddie Codel visited IIW yesterday and brought his camera.

1:54 PM | Comments () | Recommend This | Print This

Internet Identity Workshop 2007: Day Three

Tuesday dinner at the Monte Carlo in Mountain View (click to enlarge)

If you're interested in following blogs about IIW2007, you can look for the iiw2007 tag on Technorati.

First thing this morning (after picking up bagels) I went to a presentation on Sxipper, Sxip Identity's login and form filling plug-in for Firefox. I've been using Sxipper since the last IIW and have come to rely on it.

When I first started using it, it had some usability problems (at least for me) so I stopped using it for a while. When I switched to Firefox 2.0, however, with automatic plug-in updates, I found that it had radically improved and it very usable. When I was doing my demo for WWW2007 last week I turned it off since I didn't want it popping up during the demo and I found that I missed it enough to notice it was gone and turned it back on.

Sxip uses the local password store (inside Firefox) to store your data. What is shared are the form maps. When you go to a form that's already been mapped by something else the map is pulled down and the form is filled from your local store. If you find a form that hasn't been mapped, you have the opportunity to map it for your (and other's) future use.

Like I said, I've come to rely on it. It's especially useful on sites where I have more than one log in because it shows me the choices and I select which login I want to use. One click and I'm in, with whatever persona I'm interested in using.

Bryan and Devlin hatch a plan (click to enlarge)

Devlin, Bryant, and I did a session on reputation and our framework. I used a portion of my slides from WWW2007. Devlin gave a demo of the new system which includes tags for context semantics. The new system is language-based rather than having a form-based interface to a rules engine. Here's a PDF of our paper describing our reputation framework. This doesn't discuss the OpenID reputation work---that hasn't been written yet.

The report-out on the OSIS Interop session from yesterday happened at noon over lunch. Here are the statistics of participating components and features:

• five Information Card selectors
• eleven relying parties
• seven identity providers
• four token types
• two authentication mechanism

The bottom line was that for the most part, these systems all worked well together. There were a few problems and they were documented for more work. The results are documented on the wiki (at least they will be and I'll link to them as soon as they're up).

Paul describes Higgins in less than seven minutes (click to enlarge)

The last session I attended today was Paul Trevethick on "Understanding Higgins in Seven Minutes." The slides are one's that Paul uses to talk to people outside the user-centric identity community. Here are some things he tells them:

• Maximal decentralization of identity information leads to maximal security and privacy
• use of local identifiers (pseudonyms) where possible
• Linking across context allows us to "have our cake and eat it too" in the sense of privacy, security, and convenience.

He goes through the different kinds of identity information a person has to illustrate that we can't solve the problem by creating "one big silo."

Higgins defines "i-cards," a generalization of Microsoft's Information Card concept. For example, a relationship card might aggregate attributes with different authoritative asserters. They also define an "identity agent." A card selector is an example of an identity agent, but the concept goes further. The agent projects and protects identity attributes.

An interoperability framework allows the various protocols, tokens, attribute schemas, and data access methods to come together in a way that is abstracted for the user. Higgins provides a common data model for all of these things and then defines plug-ins for mapping various systems into the common data model. The Higgins data model allows linking from one context to another (i.e. me in my family, in Second Life, in the Dept. of Motor Vehicles, etc.) The action is all in the links.

Higgins is the "Linux of identity" or a kind of glue.

The closing (click to enlarge)

The closing was fun with the usual reporting out, chatter, thank-yous and so on. Lisa Heft, a friend of Kaliya's who facilitates open space events had created a group poem from things people said to her yesterday when she talked to them. She had them say their own words and interspersed her words between then. There were over twenty people and it turned out pretty well. I was impressed.

Overall, another great IIW. There was a lot of energy. The barista said "These folks drink a lot of coffee! I feel responsible for some of the chatter I heard." I don't know which is cause and which is effect, but there was a lot of activity. I liked it.

1:32 PM | Comments () | Recommend This | Print This

May 15, 2007

Internet Identity Workshop 2007: Day Two

IIW2007A Agenda Wall (click to enlarge)

The second day at IIW started in the traditional way: building the agenda. I was surprised that almost half to rooms stood up to propose a session. The wall is pretty full and there are lots of interesting sessions. If you click through on the thumbnail at the right (two clicks), you should be able to read the details.

One of the sessions I attended this morning was on the OpenID 2.0 spec and what's left to be done. There seems to be some feeling among potential users that there is an opportunity lost here and momentum could drop if the new spec isn't available soon. On the other hand, there are a few issues that people would like to address.

I think this is a maturity problem in the OpenID community more than anything else. Not that the people in it are immature, but the community hasn't developed the governance yet that will allow these decisions to be made systematically. My own feeling is that getting things solidified is more important than any problems that aren't regressions (i.e. worse than in OpenID 1.0) or will require significant retrenchment on the part of IdPs or RPs.

Doc Searls and Mike Jones (click to enlarge)

A couple of identity related announcements today. First, via Mike Jones, Microsoft has completed the process of putting the Identity Selector Interoperability Profile V1.0 under the Open Specification Promise.

Similarly, Sun announced a "non-assertion convenant" for OpenID. From Gerald Beuchelt's blog:

[T]he NAC is a short (three paragraphs) legally binding document that licenses all of Sun's patents (and not only necessary claims) to anybody implementing OpenID 1.1 Auth and Simple Reg 1.0 ... in perpetuity ... royalty-free. This license will only be withdrawn, if someone decides to sue Sun over this technology.As far as I know, this is the first covenant like this around OpenID.

From Web Services Contraptions - Pre-Announcement: OpenID Non Assertion Covenant
Referenced Tue May 15 2007 13:30:52 GMT-0700 (PDT)

The Barrista (click to enlarge)

Speaking of governance, over lunch, we had a discussion about Identity Commons. This is the Identity Commons purpose (from the wiki):

The purpose of Identity Commons is to support, facilitate, and promote the creation of an open identity layer for the Internet, one that maximizes control, convenience, and privacy for the individual while encouraging the development of healthy, interoperable communities.

Does that speak to you? Do you feel included in that? Are those ideals your ideals? That's a critical question for Identity Commons as we try to move people's feelings about from Identity Commons from "they" to "we."

Bryant Cutler and Devlin Daley, two of my students, gave a presentation on their SimplePermissions project. SimplePermissions is a delegation scheme (in the classic, not the OpenID sense) for OpenID that allows a user to authorize another user to act for them for specific activities. They gave a demo of SimplePermissions and discussed the idea. Full delegation requires no changes to OpenID, but doing permission-based delegation would require an extension. Further relying parties would need to specify the delegatable actions on their site using that extension.

There is some controversy whether delegation (in this sense) is a good idea or not, but the fact is that people "delegate" all the time by giving someone else their password. This idea would eliminate the need for password sharing. With OpenID, that's especially useful since an OpenID password is more valuable than a site-specific password since it can be used anywhere the OpenID is accepted.

Some use cases: delegating an eCommerce account to a subordinate. Mashups are another. You might even want to self-delegate to create one-time or short time accounts for use in low-security environments.

The OSIS interop code session seemed to go well. I'm anxious to get a report from some of the people involved. We had a problem with the wireless (go figure) that caused some headaches at first, but we worked around that eventually.

OSIS Interop Event	More interop testing
Presenting at IIW	Chatting in the reading are

I spent some time in Doc's VRM session. I think people were finally getting to some real idea about how vendor relationship management might work. I heard a few sentences that started with "once...then we'll..." where the assumption that followed the "once" were not necessarily something I thought was realistic, but that's true in many sessions, not just this one.

1:29 PM | Comments (1) | Recommend This | Print This

May 14, 2007

IIW2007 Has Begun: Day One Activities

After months of preparation, IIW2007 has begun. Whew! I always feel a big relief when the "train leaves the station" as Mike Jones said.

During the introductory presentation Eugene Kim asked how many people were here for the first time and probably one-half two-thirds of the audience stood up. That's great. He also asked how many people had been at the first IIW in Berkeley and there were a dozen or so people in that group.

We're starting off differently this year. We broke the group into smaller groups of 7 or 8 and asked them to discuss the "key questions" they brought to the workshop. The goal was to get people introduced to each other as well as to some of the issues, and maybe even some of the answers--at least the current thinking.

This is the concept map that came from the group discussion. To read it, you'll need to click through to the highest resolution, probably.

Concept map from introductory session of IIW (click to enlarge)

I'll be putting my pictures of IIW2007 online as well. Others will be using the iiw2007 tag at Flickr.

Speed Geeking (click to enlarge)

The middle part of the afternoon is a series of lightening talks from about some of the projects in the user-centric identity area. Dale Olds spoke about OSIS. Eve Maler spoke about Liberty Alliance and SAML. Mike Jones spoke about CardSpace. Mary Ruddy spoke on Higgins. David Recordon and Bill Washburn spoke on OpenID and OpenID Foundation.

Speed Geeking (click to enlarge)

After project introductions, we held speed geeking. This is a reprise of an event that debutted at last December's IIW. We moved it to Monday to get people interacting early and to leave time for tomorrow afternoon's OSIS working sessions. Here's a list of the demos:

• Higgins and idemix
• Sxipper
• Vidoop
• CardSpace
• bandit
• OpenID Token Exchange Extension
• Schemat Consumer
• PIBB
• OpenDS
• Community Portal with SAML2, & CardSpace
• Simple Identity for the Web
• WSO2 Identity Solution

The afternoon finished up with the traditional address by Doc. Doc has had a powerful vision of what user-centric identity can achieve, probably going back to the Clue Train days. I love to hear him preach the gospel of user-centric identity.

3:23 PM | Comments () | Recommend This | Print This

May 13, 2007

William James: In the Maelstrom of American Modernism

A while back, during a recording for the Technometria podcast, Matt Asay mentioned he was reading a biography of William James. I'm not sure what intrigued me about what he said, but right after the broadcast I ordered a copy. It took me a while for it to get to the top of my reading list, but it finally did and I read it during my trip to Banff for WWW2007.

William James was one of the members of the polymath James family, his brother was the famous novelist Henry James and his sister Alice was famous for her posthumously published diary. He came of age during the Civil War and died in 1910. He had profound influence on the development of modern American philosophy and the field of psychology. He lived a fascinating life.

William James (click to enlarge)

This was a book well worth reading and one I couldn't put down at times. I love biographies in any event and this was about a period, subject, and person I was not well acquainted with. There is much to recommend this book, including the fact that it's well researched, well written, and engaging. Here are some of my favorite quotations from the book:

That is "the element of Faith" which [James] adroitly defines as "belief in something concerning which doubt is still theoretically possible: and as the test of belief is willingness to act, one may say that faith is the readiness to act in a cause the prosperous issue of which is not certified to us in advance." (p. 202)

James's mood, in the fall of 1880 and in general now, was not skeptical or contradictory. "I am tired," he wrote to Davidson, "of the position of a dried-up critic and doubter. The believer is the true full man." (pp. 210-211)

"To anyone who has looked on the face of a dead child or parent," he wrote in 1907, "the mere fact that matter could have taken for a time that precious form, ought to make matter sacred for ever after. It makes no difference what the principle of life may be, material or immaterial, matter at any rate co-operates, lends itself to all life's purposes. That beloved incarnation was among matter's possibilities." (p. 257)

"Whenever a desired result is achieved by the cooperation of many independent persons, its existence as a fact is a pure consequence of the precursive faith in one another of those immediately concerned...A whole train of passengers (individually brave enough) will be looted by a few highwaymen, simple because the latter can count on one another, while each passenger fears that if he makes a movement of resistance, he will be shot before anyone else backs him up. If we believed that the whole car-full would rise at once with us, we should each severally rise, and train robbing would never even be attempted...There are, then cases where a fact cannot come at all unless a preliminary faith exists in its coming." (pp. 362-363)

"In the mater of conversion," James wrote, "I am quite willing to believe that a new truth may be supernaturally revealed to a subject when he really asks. But I am sure that in many cases of conversion it is less a new truth than a new power gained over life by a truth always known." (p. 365)

James dives in by declaring simply that "the best fruits of religious experience are the best things that history has to show." Put in personal, psychological terms, "the man who lives in his religious center of personal energy, and s actuated by spiritual enthusiasm differs from his previous carnal self in perfectly definite ways." The saintly character, then, is "the character for which spiritual emotions are the habitual center of the personal energy," and such a person seems to James to possess, on the whole, four fundamental inner conditions. First is "a feeling of being in a wider life than this world's selfish little interests." Second is "a sense of the friendly continuity of the ideal power with our own life, and a willing self-surrender to its control." This is "an immense elation and freedom, as the outlines of the confining, self-hood melt down." Fourth is "a shifting of the emotional center towards loving and harmonious affections," a shifting toward the yes! yes! of emotional impulses and away from the no! No! of our inhibitions. (p. 410)

The book is full of such thoughts--especially after you get through James's early years. One of the things that's fascinating to me is the route James took to his greatness. He spent much of his twenties undecided about his life and searching for what he wanted to become.

Sometimes I pick up a biography and find it nothing more than a dry recitation of the facts, but this is not one of those books. Richardson reaches into the mind of the man and brings William James alive again.

7:59 AM | Comments (2) | Recommend This | Print This

Andy Griffith

I listened to Scott Simon interview Andy Griffith yesterday on Weedend Edition. What a funny, interesting, and just plain nice man.

6:45 AM | Comments () | Recommend This | Print This

May 11, 2007

Everything Is Miscellaneous

Dave Weinberger's new book, Everything Is Miscellaneous, is out. I saw it in the bookstore at the airport in Calgary, but Canadian book prices are outrageous. It's like booksellers fixed the exchange rate years ago and haven't taken changes since then into account. It was $35 CAN. Yikes. So, I just ordered in from Amazon. Only regret is I won't have it for my trip next week.

8:27 PM | Comments (1) | Recommend This | Print This

WWW2007 Wrap-Up

Today I'm on my way home from Banff. The conference goes until Saturday, but with IIW starting Monday of next week and Sunday being Mother's Day, I didn't feel like I could hold out until the end. My feelings on WWW2007 are mixed.

This is one of the few conferences I'm aware of in this space that mixes academic and commercial interest. I think that's a worthy goal. What's more, I attended many good presentations that led me to new lines of thought. That's the ultimate measure of a presentation or conference, I think.

And yet, I was also disappointed. Somehow the WWW conference series seems to be able to take something as exciting as the Web and wring all the life out of it. The conference, at least to me, has none of the excitement that you find in the best of other venues that bring practitioners together to show their latest innovations. The innovations are here as well, to be sure, but they're couched in clinical terms and shown in harsh light so as to make them seem more like dead specimens under a jar than the hopeful blood, sweat, and tears of real, passionate people.

Still, I'll continue to come to these, I think. On balance the experience is worthwhile. Besides, next year it will be in Beijing and I've been looking for an excuse to get to China for 20 years.

Here are all my articles with the tag WWW2007 and here are my photos of Banff and WWW2007.

11:33 AM | Comments () | Recommend This | Print This

May 10, 2007

Marc Hadley on WADL: a RESTful API Description Language

Marc Hadley (from Sun Microsystems) is giving a talk called "Describing Web Applications - WADLing with Java." WADL is a RESTful description language for Web APIs. WADL comprises resource, method, request, and response descriptions.

Marc gives an example using the Yahoo News Search API. Resources are specified relative to a base URI and can describe parameters that are common to all methods. Methods are the standard HTTP methods and can specify a request and response set for that method. Responses have representations that describe the type of the response. The language can also describe faults as responses.

There are tools for turning WADL into Java. wadl2java can be run from the command line or from Ant. He originally used XSLT to generate code, but that didn't work very well. Now he uses the JAXB CodeModel.

He shows some examples of using the resulting Java code. Pretty clean.

The Sun Web Developer Pack is a collection of tools for "Ajax, Scripting and REST-based services development supported by a NetBeans plugin."

Thomas Steiner has created REST Describe, a tool for creating WADL from an API. REST Compile, also from Thomas Steiner, will, I think, generate code besides Java, although figuring out what is pretty hard from the site.

Personally, I believe that the lack of a description language has held back the use of RESTful APIs. WADL is a good step in the direction of rectifying that.

4:53 PM | Comments () | Recommend This | Print This

Theodore Bullock: HTTPerf is New and Improved

HTTPPerf is a tool for measuring Web service performance. The problem is it hadn't been updated since 2000, even though there had been numerous bug reports in the intervening seven years. Theodore Bullock, recently of the University of Calgary, reported on a project to fix reported bugs and redo the build system, making it more portable that a Software Engineering class carried out last year. The result is version 0.9 is is freely available.

There are plugins that do sessions and Web log playback. Others could be written. For example, I'd like to see a plugin that incorporates Rhino and does Javascript evaluation as part of the testing.

Theodore is working on future versions. Version 1.0 will include support for loading multiple servers, IPv6, providing structured data output via XML, and HTTP Basic Authentication support. Plans for version 1.1 include a GUI interface to manage experiments, server statistical load measurement, support for multiple sessions and cookies, and XML descriptions of workload. (Theodore's slides)

4:16 PM | Comments (1) | Recommend This | Print This

Olivier Thereaux on the Unicorn Validator

I'm in a talk in the Developer's Track where Olivier Thereaux is discussing the Unicorn project, which is building a new, opensource, generation of Web content validation.

3:53 PM | Comments () | Recommend This | Print This

Hunting Down Spammers

The last talk reminds me that on my way into Canada, as I was passing through customs, the customs officer asked me my business. I reported I was going to give a tutorial at a Web conference. Here's the conversation:

Customs Officer: On what?

Me: Digital identity.

Customs Officer: What's that?

Me: Ways to identify people on the Web.

Customs Officer: Will it help with Spam?

Me: Not directly.

Customs Officer: Will you ask the people at the conference if there's any way we can hunt them [spammers] down and kill them?

N.B. I think by "we" he meant society in general, not Customs

Me: I'll let them know

Customs Officer: Thanks.

When the frustration level of the general public is getting to the point that you get comments like that going through customs, you know people are just plain sick and tired of it.

3:00 PM | Comments () | Recommend This | Print This

Understanding Splogs

Have you ever wondered exactly how splogging (spam blogs) work? What's the structure of that industry (and it is an industry)? Yi-Min Wang and Ming Ma (of Microsoft Research) and Yuan Niu and Hao Chen (of UC Davis) have studied the problem and found that there's a bottleneck in the economy of splogging at what they call the "aggregator level." This is the place to fight splogs. Here's the PDF version of the paper and here's a NY Times article on the results.

2:46 PM | Comments (3) | Recommend This | Print This

Finding Quality Blogs

This talk entitled "Exploring in the Weblog Space by Detecting Informative and Affective Articles" by researchers from Shanghai Jiao-Tong University (see full paper) describes the use of machine learning techniques to classify blogs and blog articles according to the amount of "informative" and "affective" information in the blog. Affective here is a fancy word for "touchy-feely."

The authors use various discrimination techniques and give results on which are the best for their purposes. The propose that being able to find blogs and blog articles they classify as "informative" leads to information, usually by experts, and is the kind of blog most people are interested in reading. They show how that data can be used to search for blogs that are informative, excluding affective information. Blogs could be ranked (in blog searches, for example) according to the ratio of informative to affective content.

2:22 PM | Comments () | Recommend This | Print This

Fast, Interpreted XML Parsing

I'm in a presentation on a paper called A High-Performance Interpretive Approach to Schema-Directed Parsing (here's the PDF for the paper). Last year these authors presented a fast, validating XML parser (called Screamer) that outperforms Xerces (validating) and Expat (non-validating) by considerable amounts.

The problem was that it compiled a custom parser for each XML schema. The fact that it required compiling code made it undeployable with products like DB2 (they work for IBM). This paper presents an interpreted version of Screamer, called iScreamer that is still fast, but doesn't require using a compiler. Instead it produces a parse plan (think bytecode) that a single interpreter can use to efficiently parse XML for a given schema.

The performance numbers show that iScreamer is about 20% slower than Screamer overall, but is still faster (40-50%) than Expat and it's validating. It's much faster than Xerces, the most popular validating parser.

I don't think you can get your hands on this parser without buying something else, but at least the techniques have been elucidated so that others can benefit from them.

12:11 PM | Comments () | Recommend This | Print This

Compact and Fast XML Processing

I went to a talk on a paper called "Querying and Maintaining a Compact XML Storage" by Raymond Wong, Franky Lam, and William Shui. Here's the abstract and here's the paper (PDF). The authors created a clever encoding of XML that not only takes much less storage, but is also much faster. For example, here's some data he shows for a 100Mb XML document (compared to MS Vista's native XML libraries):

The results are sufficient that you could imagine doing this on a mobile phone, for example.

11:02 AM | Comments () | Recommend This | Print This

Prabhakar Raghavan on Science for Engaging and Monetizing Audience

Prabhakar Raghavan from Yahoo! Research (click to enlarge)

Prabhakar Raghavan is giving the morning keynote. He's the head of Yahoo! Research. The title of the talk was "What sciences will Web N.0 take?" But, more accurately, I'd call it "Science for Engaging and Monetizing Audience."

Yahoo! takes in editorial, free (including blogs, twitter, pictures, etc.) and commercial content "content." The audience "consumes the content" but also enriches the content. Finally the audience transacts (commerce) with the content. Yahoo! isn't the only one in this business. Google, AOL, MSN, and even NewsCorp are in the business of matching content to audience (see this Bear Sterns presentation for a detailed look at that (note that Raghavan didn't reference this).

Ragahavan's premise: people don't want to search. People want to get tasks done. Search engines spend very little time servicing you compared to the time you spend doing queries, evaluating results, and so on. This is backwards. The machines should be working harder than we are.

Search engines need to extract and exploit information in the query. But extracting semantic structure isn't easy. It' easy to build a demo that shows the right hotels when you search on "hotel near leicester square," for example, but to do it in the general case, for query topics you don't know about a priori. For example, there is a town in Washington state named Cheney. So, when someone searches on "cheney pizza washington" do they want to order pizza in WA state or know about the vice president and pizza?

The grand challenge is to devise general platforms for semantic searches

There is no scale-based differentiation around web text content because the cost of storage is dropping. The price of storing everything everyone on the Internet will produce in 5 years is about the same as employing 10 people. Small companies can afford to store content at Web scale.

User-generated metadata is growing. Anchortext and tags are growing at the rate of 100 Mb/day. Pageviews are around 50-100 Gb/day. Reviews and ratings are small. All of these, are important, but only anchors are central to how people work on the Web.

START metadata:

• Star: I like this
• Tag: creating tags on pictures, etc.
• Access: you view a page (in a way I can see)
• Routing: forwarding thigns to friends
• Text: write a review, blog article, etc.

These are in order of increasing engagement. Flickr is an example of tagging providing real value. The effort of millions of people is used to give better results. The principle isn't too different from using anchor text to determine the relevant keywords for what's linked to.

Challenges: How do we use tags better? How do we cope with Spam? What the ratings and reputation system? More important, how can this be used better. He mentions the ESP Game. I heard about this a few weeks ago at Jeanette Wing's lecture. The game uses game result to contribute tags to image search.

He mentions Yahoo! Answers. People are intrinsically motivated to help other people, show off, and contribute. It helps if you have a game attached. For example Yahoo! Answers has a "leader board" that allows people to show off their acumen. Part of the design of a community system is determining what assignment of incentives leads to good user behavior? Whom do you trust and why?

Incentivized chaos retains and enriches participation. What is the science behind online community? Not just about human-computer interaction, but people-to-people interaction mediated by the computer. This can be an intrinsicly data-driven society. We don't have to get 200 people to fill out surveys. We can watch what 200 million people do and study that.

Some questions:

• Why do people lurk or participate?
• Why do people create new online personae?
• Why are YouTube, Flickr, and MySpace successful and others not?
• What new genres of audience experience are emerging and what can we provoke?

Some dimensions:

• Duration (short/long)
• Ephermerality (forgotten/remembered)
• Social context (alone/with others)

How do we measure audience engagement? Page views, hours? Who cares besides advertisers? Investors certainly (but mostly because advertisers do). He mentions the redesign of Yahoo! Finance pages to not require refreshes to see updates stock prices. The audience was happy and still engaged, but advertisers were NOT happy because they couldn't see that the audience was engaged and their ads were being seen.

Raghavan shows a formula that takes into account not only repetition and time spent, but also a measure of influence (log(user_neighborhood)). The grand challenges: devise standardized, defensible metrics of online engagement. Use these to predictively devise online experiences. Not a substitute for creativity, but provides a scientific basis that informs design.

Ragahavan gave an in-depth discussion of sponsored search as a combination of information retrieval and microeconomics. He calls this "computational microeconomics." This includes reputation and incentive mechanisms, and marketplace matching (references the stable marriage problem). People talk about "network effects" but what does this mean, from a value standpoint? Are 500 million users 500 times as valuable as a million users? Or 5000 times more valuable? What of Metcalfe's Law?

Monetization and economics should be an afterthought in design. They should be intrinsic.

This was a good talk and it lead to several new lines of thought for me. In particular, I'm reminded of Britt Blaser's theory of "stepping stones" in bringing people into more and more interaction with a site and, more importantly, with each other. Britt's OrgWare (disclosure: I'm an advisor) is a systematic attempt to build infrastructure that supports and encourages audience engagement.

9:55 AM | Comments (1) | Recommend This | Print This

May 9, 2007

Would You Let IT Conversations See Your Podcast Ratings in iTunes?

Not too long ago, Richard Miller suggested using the iTunes XML file that iTunes creates for use by other applications as a way of getting feedback for podcasts. Here's Apple's description of the XML file and what it can be used for.

If you rate a few things in your collection and then go look at the XML file, you'll see it would be a relatively simple task to grab whether something had been played or not, it's rating, and how many times it was played (usually once for a podcast) from the file. An application that lived in the system tray on Windows or in the menu bar on OS X could forward any changes in that data back to the podcaster.

The question is, would you be willing to do that if you got something back: better recommendations on podcasts you'd like? As the number of podcasts on a site like IT Conversations grows, I think recommendations are going to play a more and more important role. The problem is getting data about what people like to make the recommendations work. This might provide a semi-automated way to get feedback from the player to IT Conversations.

3:59 PM | Comments (6) | Recommend This | Print This

Web Science: Do We Need a New Discipline?

Web Science panel (click to enlarge)

I'm in a panel at WWW2007 on Web Science, essentially a proposal for a new discipline. The field would be interdisciplinary, taking things from areas as diverse as sociology, physics, biology, law, and psychology, as well as the areas you might immediately think of like computer science or math.

What is Web Science? Here's a quote from a Science paper on Web Science:

When we discuss an agenda for a science of the Web, we use the term "science" in two ways. Physical and biological science analyzes the natural world, and tries to find microscopic laws that, extrapolated to the macroscopic realm, would generate the behavior observed. Computer science, by contrast, though partly analytic, is principally synthetic: It is concerned with the construction of new languages and algorithms in order to produce novel desired computer behaviors. Web science is a combination of these two features. The Web is an engineered space created through formally specified languages and protocols. However, because humans are the creators of Web pages and links between them, their interactions form emergent patterns in the Web at a macroscopic scale. These human interactions are, in turn, governed by social conventions and laws. Web science, therefore, must be inherently interdisciplinary; its goal is to both understand the growth of the Web and to create approaches that allow new powerful and more beneficial patterns to occur.

From Creating a Science of the Web -- Berners-Lee et al. 313 (5788): 769 -- Science
Referenced Wed May 09 2007 10:46:08 GMT-0600 (MDT)

The Web Science Method, is a cycle, which Tim Berners-Lee used as an underlying framework for his talk this morning. Interestingly I can't find an example of it online. So, I drew one from a slide Danny showed:

So what makes Web Science worthy of being a new discipline? That's what the panel is debating to some extent. Nigel Shadbolt from University of Southampton and Daniel Weitzner from MIT are proponents. Peter Patel-Schneider from Bell Labs is the naysayer.

Peter makes the point that if Web Science is merely a collection of informaticians with a common application area, that's not a new discipline. He is also concerned that splitting it off will fragment it from the very people who it needs most to participate.

Danny responds that the Web is more than an interesting application. It's a thing that can be studied independently of the fact that it's based on computers. Things that have worked well in computers systems in general (like PKI) have failed on the Web. It has it's own security requirements.

Nigel makes the point that names and slogans can have real force. A name can unify and give structure to a formerly unstructured activity.

The moderator, Phillip Hallam-Baker (Verisign) asks "give me an example of a falsifiable proposition from Web Science," a hallmark of a scientific inquiry. Danny responds with "P3P will solve the privacy problem," a matter with which he has some familiarity.

Nigel points out the striking difference between what students experience in the social world versus what they see in their university courses, where the Web is merely a delivery vehicle for text and, occasionally, rich media. Why isn't it part of their disciplinary study?

Someone in the audience made the remark that when you have a system used by billions of people, it's not really about technology, it's about sociology, politics, economics and law. Nigel responds that while that's true, it would be a shame if al of this developed without understanding and analyzing the technological underpinning that makes it work. That's the science.

Another audience member says that the Web isn't about computation, it's about knowledge and it's organization. That's what makes it so interdisciplinary.

Danny makes a clarification regarding fields and disciplines. He's not thinking of this as a new discipline in the sense that there's not new way of doing "law" related to the Web. The discipline of the law is unchanged. But that doesn't mean there isn't a new field here.

My own feeling, after listening to the presentations and discussion is that this is how interdisciplinary work happens--at least it's one way. We all talk about the need and desire to do interdisciplinary work, but the fact is that without some organizing principle and motivation, it doesn't happen. That organization and motivation may happen within the academy on an ad hoc basis through chance or friendship, but sometimes it happens because we choose to give it form with money, space, and organization.

To the extent we desire more interdisciplinary work to happen surround the study of the Web, identifying and, more importantly, funding it as such is important.

11:54 AM | Comments (2) | Recommend This | Print This

May 8, 2007

Fungus and Stink Ants

Rohit Khare shared this bizarre piece about fungus and stink ants with me last night at dinner. Fascinating stuff.

8:11 PM | Comments () | Recommend This | Print This

User-Centric Identity Tutorial Resources

Banff Springs resort. (click to enlarge)

I gave my tutorial on user-centric identity today. There were around 40 people there--a good crowd and very interested in identity. I promised that I'd post a list of resources, so here we go.

• First, my slides in PDF format. Warning: the upload from the hotel is going very slowly, so this probably won't be available until later tonight.
• Here's the tarball for the demonstration code I did with OpenID. I add authentication to a simple Web application using a separate, general login controller. There are pictures in the slides. It's in Perl.
• My book, Digital Identity. They make great gifts, but be sure to pick up a copy for yourself too.
• Here's a paper (PDF) describing our reputation framework. This doesn't discuss the OpenID reputation work--that hasn't been written yet.
• The digital identity lexicon.
• I mentioned David Brin's Transparent Society
• Some OpenID libraries in various languages.
• MyOpenID.com, a place to get an OpenID. Also, remember AOL offers OpenIDs for anyone with an AOL account (including AIM).
• I interview Drummond Reed about XRI.
• An explanation of i-names.
• Kim Cameron's blog.
• The seven laws of identity.
• The .Net 3 Framework. Install this on XP and you'll have an InfoCard selector. I'm not sure what else you'll have. Be sure to update Windows after the download to get the latest patches.
• Jyte, one of many places that accept OpenID.
• Simon Willison's Six Cool Things You Can Build with OpenID.
• The OSIS project.
• A bibliography of papers on reputation. Here's the BibTeX file. In particular, I talked about A Computational Model of Trust and Reputation by L. Mui and M. Mohtashemi and A. Halberstadt (2002) and The Social Cost of Cheap Pseudonyms by E. Friedman and P. Resnick (2001)
• A set of example digital identity policies from my book.

If I forgot to mention something I promised to post, contact me and I'll add it.

2:16 PM | Comments () | Recommend This | Print This

May 7, 2007

v|100 Selection

I was chosen, for the fourth year, in a row, as a member of the v|100. The v|100 recognizes entrepreneurs with Utah ties and is sponsored by vSpring Capital, an early stage venture firm. From the announcement:

Each year, vSpring asks members of the Utah business community to nominate individuals who are most likely to lead a successful startup venture in the next five to seven years in the IT (information technology) or biotech industries in a chief executive or chief technical officer role. Those nominees who garner the most votes from their peers in this second step of the annual voting process are then elected into the v|100.

"The v|100 community of entrepreneurs continues to be an indication of the abundance of one of the most important factors of production in our region; human capital," said Ed Ekstrom, managing director of vSpring Capital. "This year's results are especially interesting with the creation of an audit committee consisting of David Jolley at Ernst & Young, Mark Bonham at Wilson Sonsini and Professor Scott Schaefer at the University of Utah. Their oversight of the nomination and voting process brings a level of credibility which highly validates this v|100 class for their accomplishments."

"The v|100 process is unique in that members are selected not by a committee or a panel of judges, but by their peers," said Professor Scott Schaefer from the University of Utah and member of the audit committee who oversees the selection process. "This gives the results a unique and compelling validity."

From ::: Digital IQ Magazine :::
Referenced Mon May 07 2007 16:44:58 GMT-0600 (MDT)

This is a great group to be associated with and vSpring takes care to ensure it's not just a list. The v|100 get together for a lunch and some smaller gatherings throughout the year. I've found it to be a very useful tool for getting to know other entrepreneurs in Utah.

4:46 PM | Comments () | Recommend This | Print This

Sun Supports OpenID and Opens the Question of Reputation

Sun announced (or at least Tim did) that Sun's supporting OpenID at openid.sun.com. Sun has taken the additional step of stating that only Sun employees will have IDs there. So, if someone presents an OpenID with a base domain of openid.sun.com, you can be assured that Sun is vouching that they are an employee of Sun.

The biggest problem with this set up, of course, is that the attributes of an identifier ought to be transfered orthogonally to the identifier itself. The fact that the URL has a certain form should encode data like whether someone's an employee or not. What if Sun decides to open it up to everyone next year and in the meantime, systems have been deployed assuming that only Sun employees are entitled to these identifiers?

Still, I like that Sun's taking OpenID seriously. Ignore the employee status as URL issue and just concentrate on the asserted strength of the authentication process, if you like. Even so, there are still some flies in the ointment.

• First, how do we know this is true, except that Tim says it?
• More importantly, how does a machine know it's true?
• How do we avoid huge whitelists of machines who's OpenIDs we trust (or blacklists of machines we don't)?

The first problem is that there's no metadata exchange for OpenID that can point to machine readable policies. Brad Fitzpatrick probably wants to shoot me right now, but I think it's a problem. OpenID 2.0 will help with some of this, but I don't think it's the whole solution. I'm sure there's something from XDI we could steal, couldn't we Andy?

The second problem is that there's no reliable way to get the reputation of an OpenID or the provider. It's possible you could get away without a significant metadata exchange protocol if you had a reputation system for OpenIDs. My students and I worked on one this winter. We haven't written it up yet, but will be demoing it at IIW next week.

Update: Drummond Reed, Paul Madsen, and Eve Maler weigh in on this issue:

• Drummond's post making the point that XRI is all about semantics.
• Paul's post with a humorous look at the development.
• Eve’s post on the idea of trust.

3:47 PM | Comments (3) | Recommend This | Print This

Launching Book IT!

We've launched a new series at IT Conversations: Book IT!, a series of interviews with authors about their books. The series will ultimately have multiple hosts, but our first host is Jeff Parks, an information architect. His first interview, with Mike Moran is on search engine marketing. I enjoyed it very much. Jeff has a good style.

I'm looking for one more host for this series. I can't promise you any renumeration, but you'll get a certain amount of exposure and some free books. We do most of the hard stuff: you need to be able to produce high quality recordings of your phone interview, but we do all the editing and Web site production. If you're interested contact me and let me know what areas of IT you're interested in and what experience you have interviewing. I'd expect you to produce one show per month.

3:26 PM | Comments (1) | Recommend This | Print This

Overdoing Security

I was registering for the FAA Medxpress program today. This program allows pilots to submit their flight physicals online. Once you've registered, the FAA requires that you change your password. Here's the requirements for the new password:

You have accessed the FAA MedXPress site using a temporary password. You must change your password in order to continue.

Passwords must contain between 8 and 12 characters and include at least three of the following four character groups: English upper case characters (A through Z); English lower case characters (a through z); Numerals (0 through 9); Non-alphabetic characters (such as !, $, #, %). Passwords are case sensitive.

From FAA MedXPress Change Password
Referenced Mon May 07 2007 15:14:16 GMT-0600 (MDT)

This seems a little heavy. To be sure, there's some very personal data stored on that form, but should I be allowed to know how secure I make it. I know...most people can't make that determination well. But Google and others seem to have hit on a strategy to rate a password and tell you how good a password you've chosen. I'm curious how often people change bad passwords based on that feedback.

The problem with overdoing it here is that I'm not able to choose a password I'll remember or even use the password generator bookmarklet. So, I'll write it down and that makes it less secure.

3:19 PM | Comments (3) | Recommend This | Print This

May 5, 2007

Off to Banff for WWW2007

I'm headed to Banff next week for WWW2007. If you're going to be there too, I arrive Monday afternoon and I'm looking for a group to go dinner with on Monday night. Let me know.

I'm doing a tutorial on user-centric identity on Tuesday morning. Not quite ready, but getting there. The demos are working and the slides are mostly done. Just need a little polish.

In any event, I'll be writing about the conference throughout the week, and tagging the coverage with www2007. If you're curious, here's what I wrote about www2006 last year in Edinburgh.

7:33 PM | Comments () | Recommend This | Print This

Prefetching Considered Harmful?

Yesterday I tried to access a page at Wolfram MathWorld and got this message instead of the material I was looking for:

This was puzzling since as far as I know, Firefox should only prefetch pages that the site specifically gives hints for. Apparently not.

What's more curious, however, is why Wolfram blocks the entire session rather than just using a rewrite rule that's triggered on the prefetch header to deny the prefetching itself. This would solve Wolfram's problem and not be so obnoxious for their users. Like so:

RewriteEngine On
SetEnvIf X-moz prefetch HAS_X-moz
RewriteCond %{ENV:HAS_X-moz} prefetch
RewriteRule .* /prefetch-attempt [L]

Today, it's not doing it. Maybe I just saw a transient problem.

7:25 PM | Comments (2) | Recommend This | Print This

May 4, 2007

Ken Knaptop's Blog

I've known Ken Knapton for years. I think we met in a job interview. He's currently the CTO for ContentWatch (I'm on the advisory board). Ken is the latest addition to the growing list of Utah Tech bloggers. Ken's blog focuses on his thoughts about software development with an occasional foray into Internet filtering. I look forward to reading what he writes.

3:54 PM | Comments () | Recommend This | Print This

May 3, 2007

I've Got Fiber to My House

Utopia truck ready for install (click to enlarge)

Utopia is Utah's large-scale municipal-broadband project. My city, Lindon, was one of the first supporters of the project and all winter I've watched in anticipation as crews dug up the lawns in my neighborhood laying fiber.

I first heard about Utopia when I was Utah's CIO and Utopia was just a dream Paul Morris had. I've supported it, written about it, testified about it to city councils, and, mostly, waited for it. Yesterday was the day that I had service installed in my house.

To understand the overall situation, it's important to realize that Utah law doesn't allow municipal broadband projects to compete in the retail space. So Utopia is an interlocal agency (i.e. government agency) that provides wholesale FTTH (fiber to the home) services. Retail service provides compete to provide the actual service. So getting set up involved signing up with a retail company, but getting the service involves having Utopia and the retail provider both install things in the house.

There are currently four retail service providers on Utopia. MStar, Nuvont, and Veracity Communications offer full triple-play bundles (Internet, TV, and phone). XMission (Pete Ashdown's company) offers Internet service only, I believe. I chose MStar for a very pragmatic reason: they gave it to me free. So this is my disclosure: I'm getting free service and writing about it.

The install process was pretty interesting to watch. Since my home is relatively new, I have Cat-5 run throughout the house, so the in-house installation (MStar's job) was a breeze. Here's a picture of my patch panel in my basement.

Getting the fiber from the place where the install crews left it this winter into my house was a larger job. I took pictures. Of course, once this is done for a house, you'll never do it again unless the fiber gets damaged.

The FOSC, or fiber optic splice closure, is a watertight plastic container that lives in a ground box about 1000 feet from my house. The installers did a single fiber pull from the access point in my basement all the way to the FOSC. They spliced the fiber at the FOSC and again in my basement.

Slicing the fiber inside the FOSC (click to enlarge)

The access point is an Allied Telesyn Multiservice Gateway (AT-iMG606BD) that costs about $500 new on the Internet in single lot quantities. There are six RJ-45 jacks on the side: one for phone, one for network, and four for TV. After it was installed, I just plugged the network into it and it worked. Same for the TV and phone (MStar supplied a Linksys ATA and Minerva set-top boxes).

I'm not a big TV watcher, but I've enjoyed the HD programming, mostly for the wow factor and the other channels have been clear, like you'd expect. I haven't used the phone a lot, but it seems just as good as my Vonage line.

How fast is the network? It's fast. The package I have is advertised as 15Mb/s symmetric (i.e. the upload and download speeds are the same, unlike DSL and cable). The cost for just the Internet service from MStar is $40/month. Not too bad for that kind of speed.

I ran some speed tests. Here's the result from DSLReports to Megapath in San Francisco:

Note that I'm only seeing 12Mb/s down, but almost 15Mb/s up in this particular test. I also did some large file uploads and downloads. in real life, you don't see these kinds of speeds because of bottlenecks at the server and throughout the network. Still, I see noticeable improvements in downloading large files, like these videos of talks from Pop!Tech. Web pages also just seem to "pop." It's very cool.

Of course, if you want, you can order more bandwidth. Still, having the equivalent of 10 T1's to my house is something I wouldn't have dared dream about five years ago.

Overall the install process was smooth and professional. The service, at least for the day I've had it, seems good. One minor quibble: the MStar service techs didn't leave behind anything at all with any kind of account information. To be fair I was rushing them because we had to go somewhere. I'll let you know how things go.

10:09 PM | Comments (15) | Recommend This | Print This

What's That Odor?

If anyone notices a foul odor in the vicinity of Sheryl Crow, now we know why.

4:35 PM | Comments (2) | Recommend This | Print This

May 2, 2007

Simulated Mouse Brains

Researchers from IBM Almaden Research Lab and the University of Nevada ran a simulation of one half of a mouse brain on the BlueGene L supercomputer that had 8 million neurons and 6300 synapses. The simulation ran at one-tenth speed for ten seconds--so about 1 second of mouse brain activity.

On other smaller simulations the researchers said they had seen "biologically consistent dynamical properties" emerge as nerve impulses flowed through the virtual cortex.

In these other tests the team saw the groups of neurons form spontaneously into groups. They also saw nerves in the simulated synapses firing in a ways similar to the staggered, co-ordinated patterns seen in nature.

The researchers say that although the simulation shared some similarities with a mouse's mental make-up in terms of nerves and connections it lacked the structures seen in real mice brains.

Imposing such structures and getting the simulation to do useful work might be a much more difficult task than simply setting up the plumbing.

For future tests the team aims to speed up the simulation, make it more neurobiologically faithful, add structures seen in real mouse brains and make the responses of neurons and synapses more detailed.

From BBC NEWS | Technology | Mouse brain simulated on computer
Referenced Wed May 02 2007 16:14:31 GMT-0600 (MDT)

I'm not sure how this compares to lobsters.

4:18 PM | Comments (1) | Recommend This | Print This

Finite Simple Group of Order Two

If you're into math humor, parodies, and pretty good singing, you'll like this:

This is called "Finite Simple Group of Order Two" and is performed by the Klein Four Group. Here's the lyrics.

2:10 PM | Comments (2) | Recommend This | Print This

Fuse for OS X

A few months ago I posted a short article about using the SSH filesystem to mount an OS X directory from Ubuntu in Parallels. At the time, I had no idea what it was or how it worked.

Yesterday, however, I recorded an interview with Amit Signh, the author of the OS X Internals book. This interview will show up on my Technometria podcast on IT Conversations next week. We got into a discussion of the MacFUSE project, which Amit runs and something clicked.

FUSE is a specification for creating file systems in user space (i.e. not in the kernel). The hard parts are put in the kernel and then users can write file systems using those API commands to do interesting things--like build SSH-based filesystems.

I'd installed FUSE on Ubuntu for my little project without really realizing what it was and then just used sshfs. MacFUSE is FUSE for OS X. So, install the MacFUSE kernel extension and then you can write mountable file systems, for almost anything, as user-space programs in whatever language you like.

Finder showing an sshfs mounted remote directory (click to enlarge)

Why do you care? Simple: file systems are ubiquitous and so are the tools that work on them. Run sshfs to mount a remote directory via SSH and all of a sudden you can use local editors on remote files conveniently. I've used tramp in Emacs to do this for years, but this is much more universal. I can, for example, grep a set of files on the remote machine without starting up a shell on that machine. And so on.

To emphasize this point, the picture at the right shows an sshfs mounted remote directory in the OS X Finder.

Update: Watch this video of Amit demoing MacFUSE to get an idea of some of the things you can do. He has filesystems for Spotlight, Google Docs, Picassa, and RSS. I don't think any but the Spotlight filesystem are available at present.

11:51 AM | Comments (1) | Recommend This | Print This

HD-DVD Processing Keys Getting Some Late Play

A few months ago, I wrote a post on HD Processing Keys and the futility of DRM. I pointed to an article on Engadget that talked about the AACS processing keys being retrieved. As a quick aside, the processing keys are a little like the master keys that allow hundreds or thousands of discs created before April 23rd to be ripped.

Yesterday, the story exploded when someone posted the keys, it got lots of action on Digg, and then Digg pulled the story in response to a complaint from the AACS. My post happens to be the first hit on Google, at present, for HD-DVD Processing Key, so my post has been getting lots of play the last 24 hours.

The thing that's funny about this firestorm is that it's all about old news. As I mentioned, I wrote the article on February 13th, and it was several weeks old then. The AACS had already responded to the key break and issued new keys, so why'd they decide to go after Digg now? Just trying to play hardball, I'd guess.

Update: Here's a copy of the cease and desist letter that Google received back in April asking it to remove posts on Blogspot that had the key posted. What funny is until they went after Digg yesterday, most people didn't even know the processing key was available. Now they've created such a mess that everyone knows and it will always be available somewhere online and findable no matter how many cease and desist letters AACS sends out. There are almost 36,000 hits to the key on Google right now.

8:51 AM | Comments () | Recommend This | Print This

May 1, 2007

Bikely: Bike Routes on Google Maps

I found a cool little application that uses Google maps for bike routes called Bikely. Here's a route near my house that goes around Utah Lake.

7:56 PM | Comments () | Recommend This | Print This

Defrag Registration is Now Open

Registration for Defrag is now open. If you look at the agenda, I think you'll agree there are some really interesting speakers and topics. We'll be hosting the audio from Defrag on IT Conversations and doing some pre-conference interviews with keynoters.

7:23 PM | Comments () | Recommend This | Print This

Best Practices for Using Info Cards

Mike Jones is pointing to a newly released guideline for how to put InfoCards on your Web site: Patterns for Supporting Information Cards at Web Sites: Personal Cards for Sign up and Signing In.

3:01 PM | Comments () | Recommend This | Print This

John Newton, Open Source Convert

John Newton was one of the founders of Documentum and, as a result, one of the inventors of what we now call "content management." Whether you like that term, or not, the idea of specialized databases that keep track of things like documents, Web sites, photographs, and so on has had a huge impact on our world.

Now John is the CTO of Alfresco, an open source company building open source tools for managing content. John wasn't always an open source advocate, but now believe it's the right model for creating enterprise software.

Scott Lemon, Ben Galbraith, and I spoke with John last week for our Technometria podcast and I just posted our conversation with John on IT Conversations. Take a minute and listen. I'm sure you'll enjoy it.

10:27 AM | Comments () | Recommend This | Print This

Top Ten IT Conversations Programs for April 2007

Here is the list of the top ten shows on IT Conversations for April 2007 ranked by downloads. The ratings each of these show recieved is also shown.

1. Kevin Werbach - Tech Nation (Rating: 3.25)
2. David Platt - Why Software Sucks (Rating: 3.49)
3. Lou Carbone - Creating Customer Loyalty (Rating: 4.43)
4. Ian Wilmut - BioTech Nation (Rating: 3.38)
5. Bruce Perens - Technometria: Software Patents (Rating: 3.80)
6. Miguel de Icaza - Technometria: The Mono Project (Rating: 4.12)
7. Phil Libin - Jon Udell's Interviews With Innovators (Rating: 4.00)
8. Geoffrey Bilder - Jon Udell's Interviews With Innovators (Rating: 4.00)
9. Dave Evans - User Generated Content and Word of Mouth (Rating: 3.88)
10. Drummond Reed - Technometria: XRI (Rating: 3.90)

Jon Udell's new series, Interviews with Innovators makes a strong initial showing with two of his shows making the top ten in the first month on IT Conversations.

10:14 AM | Comments () | Recommend This | Print This