Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Friends

Mike Jones
Chuck Knutson
Kristen Knight

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« April 2007 | Main | June 2007 »

May 31, 2007

Phil Wolff on Technometria

I've known Phil Wolff for years. Not in any particular context, he was just a fellow blogger I'd talk to at conferences we both showed up at. I enjoyed what he wrote. Then a while back, I noticed that my friend Phil had put himself front and center of all things Skype with Skype Journal, a blog that provides news, opinion, and tips about Skype.

I ran into Phil at Internet Identity Workshop, where he was proposing something he calls "OpenCallerID." I thought it was high time we talked to him about Skype and other things that are interesting him on Technometria.

This week's podcast is a conversation with Phil Wolff about Skype, OpenCallerID, and even some political issues like Skype censorship in China. I hope you enjoy it.

3:48 PM | Comments () | Recommend This | Print This

New Features on Utah.gov

Utah.gov Logo

Dave Fletcher, Utah's Deputy CIO, points out some new features for Utah.gov, Utah's eGovernment portal including many expanded search options, a multimedia portal, and sub-portals for travel and state parks. The state parks site contains a very useful mashup of state park data with Google Maps. Nice.

2:08 PM | Comments (1) | Recommend This | Print This

Using XRDS

Back when people were trying to bring OpenID, LID, and i-names together, something called Yadis was born. At the time, it was all pretty abstract to me, but over time I've come to understand more of the details. Yadis was a discovery protocol for identifiers that was based on XRDS, or eXtensible Resource DescriptorS.

The basic idea was that when you resolved an identifier, you'd get back an XRDS document that would tell you which authentication service the identifier was associated with. I'll talk about the details of how this happens in a minute. First, let's talk about why and what.

One of the things an XRDS document can contain is a pointer to an authentication service. IN fact, that's the most common usage pattern at present. So, when you enter an i-name or a URL into an application that understands Yadis, it will retrieve the XRDS document, look for an authentication service type and endpoint and then use that authentication service. So, the same URL could be an OpenID or a LID identifier depending on what the XRDS document contains that is at that URL.

Yadis has been folded into OpenID 2.0, so from now on, I'll not mention Yadis specifically--any OpenID 2.0 relying party or identity provider will understand XRDS.

XRDS documents are just XML. So, they're mostly human readabe and editable. But, like most complicated XML, you can get confused pretty fast. The XRI resolution specification is the document that describes how XRDS works. An XRDS document is a collection of services. For example, here's the OpenID service descriptor on my i-name: 

<xrd:Service>

    <xrd:Type xrd:select='true'>
      http://openid.net/signon/1.0
    </xrd:Type>

    <xrd:URI xrd:priority='1' xrd:append='qxri'>
      https://2idi.com/openid/
    </xrd:URI>

    <xrd:URI xrd:priority='2' xrd:append='qxri'>
      http://2idi.com/openid/
    </xrd:URI>

</xrd:Service>

This says that if I enter my i-name (=windley) at a place that understands OpenID 2.0, that I want to use 2idi's OpenID identity provider as my authentication service. If I changed this XRDS document, I could use MyOpenID.com or any other authentication service transparently to the relying party.

XRDS is more than just a way of pointing to authentication services, however. Andy Dale left a comment about XRDS in response to my post on Sun's support of OpenID and their linking it to employment. He points out that XRDS could be used, in this case, to point to an attribute exchange service that would have attributes giving employment status or even a more general reputation service. He points out that:

The trick is having OpenID providers expose the XRDS to end users in a way that is useful to them. By that I mean a) They have the ability to 'change' their own XRDS. b) Providers support an automatic provisioning protocol so that end users can easily adopt new services without having to craft XML and manually edit their XRDS.

He expanded on his comment in blog post on using XRDS and then expanded on that in a follow up. He points out, that a user had their Flickr feed listed as a http://photo.feed/1.0 type service in their XRDS wouldn't have to tell applications that need that info anything about it--just entering their identifier would allow another application to find out which service providers that person used.

So, how do you return an XRDS document from an identifier? The simplest way is to sign up for an OpenID or an i-name and let the identity provider do it for you. The problem is that most IdPs don't currently allow you to change the contents of your XRDS doc easily. 2idi, the i-name broker I use does. So, as long as I'm happy just using my i-name, that works.

If I want to return an XRDS document that I control from a URL I'm using as an identifier, I probably need to serve it up myself. If you're running your own Web server, that's not to hard. This write up by Josh Hoyt shows how to configure a URL that returns an XRDS document using Apache and some modules (no code).

The basic idea is that I want a URL, say http://phil.windley.org to return it's normal content (from index.shtml in my case) for anything that's not asking for xml+xrds content. That can be accomplished using mod_negotiation to do content negotiation, mod_headers to add the right headers to the response, and mod_rewrite to redirect to the appropriate location (the XRDS doc or the index.shtml document.

This gives you a way of configuring XRDS-style services on whatever URL you want to use as an identifier. You still need to edit the XML by hand, but at least you can.

As an aside, it strikes me that you could use this same trick to put a WADL discovery document for a RESTful API at the API URL and return it when the request specifically set the content type to xml+wadl. A nice way of overloading the URL so that it's the service endpoint and the discovery endpoint all at the same time. Of course, some are bound to object that this isn't very RESTful.

So, that's basically everything I know about XRDS. I plan to XRDS enable on of my identifying URLs and play with it some more. I'll let you know how the experiment goes.

11:26 AM | Comments (6) | Recommend This | Print This

May 29, 2007

Facebook As Platform

Paul Allen is all over Facebook's f8 announcement in this post from last week. I know Paul well enough to know that when he gets this excited, something must be cooking. I even went and signed up for a Facebook account--something I've been loathe to do for some time (I'm tired of joining and typing every detail of my life into one app after another).

9:30 PM | Comments (1) | Recommend This | Print This

Picotux

This picotux server is pretty cool. It's no bigger than an RJ45 jack. With power over Ethernet, you could deploy these anywhere you can run Cat 5 cable. I'm not sure why I love things like this, but I do.

8:36 PM | Comments (4) | Recommend This | Print This

Technorati Wins and Losses

Technorati is one of the tools I use everyday. One of the most important parts of blogging is participating in conversations that are going on the 'Net. Technorati helps me find out when people are responding to something I've written.

The good folks at Technorati are a busy bunch. It seems like the site is different almost everyday. Sometimes radically. Recently the layout for what Technorati now calls "reactions" changed. I like the new look and think that much of the important the information easier to find. It's also not as "busy" with ads. Frankly some of the ads that Technorati has had in the past made me uncomfortable putting forth it forth as a professional tool.

Something I don't like about the new layout is site lock-in. Technorati has removed the links to me from the snippets they put in the site, making it more difficult to find out which responses are meaningful and which are not. I spend more time now deciphering the results--not good for a tool whose value is presenting information.

Lately, they've also removed the links to the blog that's reacting to mine as well. The only link is to the blog's page on Technorati. I'm sure their increasing the page views on Technorati, but they've significantly decreased the value of the tool to me--and others, I suspect.

Technorati is one of the key landmarks of the blogosphere. I recommend it to new bloggers all the time. I hope they'll soon restore some of the things that made it so valuable to me.

Update: I found with some further exploration that it's only some blogs that don't have a link bak to the article from the post title in Technorati. I've concluded that must be a problem with the feed Technorati is getting, not something Technorati is doing on purpose. I coincidentally just had a page of those all at once. Still, I'd like the links restored inside the summary text.

3:03 PM | Comments (1) | Recommend This | Print This

Saying Yes to Paper Ballots

An editorial in last Thursday's Deseret News got a little hot under the collar over the current debate over what to do with electronic voting. It said, in part:

The concern is understandable, of course. New inventions make nervous Nellies of us all. People once feared that microwave ovens would make them sterile or that garage door openers might lead to cancer. Humorist James Thurber recalled that his mother would never leave light sockets open in the house because she was convinced electricity would leak out, costing her money and threatening her health.

Such things are often the source of urban folk legends. Trepidation before the unknown is a natural human reaction.

Overcoming that trepidation, however, is the mark of education and understanding.

Right now, some people are worried there are gremlins in the current voting machines --- that electronic voting is unreliable and open to tampering. They spout anecdotal evidence of irregularities here and there to fuel their fear and want paper ballot backups to fend off any conspirators. It's the same kind of itchy-witchy thinking that leads people to hide bags of money under their mattresses.

And dare we say that almost all of those those skittish souls are likely older than 40? The younger generation sees the outcry for the tangible comfort of paper ballots as a hallmark of the fuddy-duddy. The notion sounds, to young ears, like people demanding election results be chiseled into granite for security.
From deseretnews.com | Vote 'no' on paper ballots
Referenced Tue May 29 2007 08:44:57 GMT-0600 (MDT)

The Deseret News would do well to check their facts before they fly off the handle on this one. The fact is that the people most worried are computer scientists--the people least likely to be afraid of computers merely because they're new.

Jay Lepreau of the CS department at the University of Utah and I published an Op-Ed piece on eVoting in the Salt Lake Tribune in 2004. In that piece we noted "The consensus of computer and security experts is overwhelming: In a poll of members of the ACM, the premier organization for computing professionals, over 95 percent of the respondents felt that voting systems should provide a recountable physical record, e.g., paper." In other words, the people most educated in this area are the ones most concerned.

Congress forced the hands of states in dumping their old voting systems and buying new ones. Most went with so-called DRE touch screen systems like the State of Utah. Utah was smart enough to pass a law requiring a paper audit trail, but apparently the equipment Utah bought won't comply with new Federal regulations in this area.

It's unfortunate that State election officials had to make decisions and spend money before the paint was dry in this debate. The standards are still evolving and experience is showing that the electronic machines do have problems accurately recording votes. Even with paper audit trails, there are problems that are prohibitively expensive to find with audits.

It may seem that as the Feds change the rules, the states have no choice but to continue to change out their electronic voting machines over and over again to comply, but it turns out there is an alternative to the DRE voting machines. Florida recently scrapped it's touch screen machines with optical scan paper ballots. Florida was one of the states that had both--letting the counties decide. After using both, they went for the optical scan system.

That's a safe haven--one that was available to Utah officials in 2004 when they made their decision to go with the current system. Its still a safe haven and the most likely to be future proof as technology and standards continue to evolve. If we do end up scrapping our current machines and having to replace them, let's replace them with something that will stand the test of time.

9:07 AM | Comments (3) | Recommend This | Print This

May 25, 2007

Follow Up To Seth Godin's Visit

I posted my notes from Seth's visit yesterday. Some related happenings might interest you as well.

Phil Burns and Ash Buckles vowed that they'd let Seth shave their heads if enough money was raised to bring Seth to Salt Lake City. After Seth was finished speaking they made good on their pledge. I have a few photos, Phil has more and Ash posted a video. The video is worth watching. Seth was quite humorous when he was shaving heads.

Phil also had a harrowing experience getting Seth to the airport. Phil, I'm laughing. Let me know when you can laugh about it too. :-)

Jason Alba, NewspaperGrl, Startup Princess, and Chris Knudsen all have notes or analysis.

10:11 AM | Comments () | Recommend This | Print This

May 24, 2007

Seth Godin: The Dip

I'm sitting in the Salt Palace in Salt Lake, waiting for Seth Godin to show up. He's reportedly in the car, driving from the airport. That's OK, the wait time has been a great time for talking to friends I don't see all the time. There's probably 350 people here as we get started.

The premise for this event is interesting. Seth is promoting his new book, The Dip. I wrote about it back in April. He will come anywhere people agree to buy 2500 copies of his book. This is just the sort of fascinating Internet marketing that Seth Godin is famous for. An amazing way to sell some books and, more importantly, get his message out. I probably wouldn't have blogged about his book otherwise.

Phil Burns welcomes Seth
Phil Burns welcomes Seth
(click to enlarge)

This month Seth will go to 15 cities, each of which bought at least 2500 books. That's at least 37500 books! What does it take to get on the NY Times Best Seller list? Of course he also has his base. The buzz this marketing method has generated is what's important.

Seth doesn't use slides. He starts out talking about quitting. That's the topic of The Dip. People quit all the time. No one's ever written a book about quitting. He wants to start a conversation about quitting. That's why he makes people buy 5 copies of the book, so we'll give him away and start a conversation.

"Quitters never win and winners never quit" is not true. Winners quit all the time. And quitters win.

What made the Mona Lisa the most famous painting in the world? It got stoeln in 1912 and was missing for eight years. This was coincident with the rise of a paper in France that has 2 million subscribers. The Mona Lisa was in the news almost every day for eight years. He gives other examples of "superstars."

Seth Godin
Seth Godin
(click to enlarge)

There's a superstar shortage. A world wide shortage. There are plenty in pop music and other area, but not in areas that everyone cares about. There are plenty of niches. The Internet makes it possible for niches to be smaller and this leads to more slots for superstars.

What does "best" mean when Seth says "best in the world?" It's not a hard metric. We know what's not the best. Don't try to be more average than the average guy. Netflix is the best--not because a dozen guys in this room couldn't build something better. Because they fill the niche and do it well.

Best doesn't mean "the most expensive." The market decides who the best is.

Variety is the key to success. More varieties of ice cream is better than two. But vanilla ice cream outsells all other flavors combined. The number one draft pick adds $6 million to the bottom line of the team that gets him compared to the team that gets the number two.

This message is the opposite of the long tail. If you've got to have one blog, it's better to have the fat juicy head, not something on the tail.

The Dip is the place where people quit. Organic chemistry is the dip for doctors. The bar exam is the dip for lawyers. If it weren't for the dip, there'd be no scarcity.

Cumulative advantage is powerful. You get a little momentum and it starts to build. We're interested in what other people are interested in. Best seller lists are all about this. Google compounds this.

For one hundred years, we've organized around making average stuff for average people. Brand is about driving the cycle of average. There's so many products with so many ads, that people have given up.

If you're on the other side of the dip, there are huge wins. But the way you get to the other side is by doing something remarkable--not be being average and buying ads. People talk about the experience.

Reasons for quitting:

  1. You run out of time
  2. You run out of money
  3. You don't take your objective seriously enough
  4. You get scared and quit
  5. You're a switcher
  6. You've been trained to be average. This is the big one. He mentions public schools. They're geared to turn out average people.
  7. You don't have the talent. Seth doesn't agree with this one.

People who get through the dip put forth an unhealthy amount of effort and time at what they're doing because they are trying to be the best.

You can get "average" incredibly cheap (that's the whole outsourcing thing). You can't get "the best" cheap.

Companies are cluttering the world with products (19 versions of Oreos) because that's how you get mindshare in the world of "average." Lowering the price isn't the answer--that makes you more of a commodity.

Superstars don't have resumes. Superstars wait for the phone to ring. This sounds hard since first you have to be a superstar, but it's more reliable than trying to be the most average.

He cites The Chosen, a book that shows that going to the best school (Harvard) doesn't lead to people being richer, happier, etc.

The dip is the fence that keeps the competition out. Seek the dips out and work through them. When you're on a dead end, you have to quit immediately before you waste resources that you need to get through the dip somewhere else. He cites the space shuttle as an example of a dead end that keeps the US space program from pushing through the dip.

Mom and pop stores frequently hit a dip: you need professional management, advertising, investors, a line of credit, etc. They stop and don't push through the dip. They "do their best" without trying to become the best. They remain average and fail.

Wind surfing would be easy without the wind. Customer service would be easy without the customers. Mad customers help you push through the dip.

Life is a series of dips. Life is about finding and pushing through dips so that you can enjoy the benefits.

How do you tell the difference between the dip and the dead end? With measurements. PIP: Do you want to quit because you're panicing? Who are you trying to influence? What can I measure that proves I'm making progress?

Size your effort to the dip and pick the right dip. Don't spend $10 million on a $200 million dip. You just lose money. Focus your effort. Woody woodpecker can peck on 10 trees 3000 times or 1 tree 30,000 times. The latter gets him fed.

It's OK to quit when you realize that one of your efforts requires more of your time and effort to get through the dip. Don't be average in a portfolio of activities. Get away from being mediocre.

But The Dip's not really a book about quitting. It's a book about mastery. Once you give yourself permission to quit, you'll quit less. He cites the example of Toyota vs. Ford. Toyota allows their assembly lines to be stopped by any worker (they quit). That forces excellence.

Write one of two things on a post-it note: "I'll be the best I can under the circumstances" or "I'll be the best." People say the second, but they do the first. Call that bluff, find a dip that matches and embrace it.

Seth Godin shaves Phil Burns' head
Seth Godin shaves Phil Burns' head
(click to enlarge)

Someone asked this question: "I'm a marketing teacher in a high school. If Seth Godin came to substitute for a day, what would he teach?"

  • No one cares about you. Get over it.
  • Learn to tell stories.

Someone asks him what books he'd recommend. He mentions Snow Crash, Crossing the Chasm, and Before and After Page Design.

2:07 PM | Comments (2) | Recommend This | Print This

At the May 2007 CTO Breakfast

We had the May CTO Breakfast today. There was a good group and some great discussion.

I started off by talking about the Utopia install at my house. No one else at the meeting has Utopia yet, so there was some interest in how the install went and how well the service works.

We also got into a discussion of Mozy. Of course, Tyler wasn't here this time, so we couldn't pump him for info. A general discussion of backup methods, drives, and programs ensued. I brought up Fuse, a cool way of building file systems in user space.

A subsequent discussion of Google Docs led back to Fuse. Amit Signh has a video showing a Fuse file system for Google Docs, as well as Picassa. This is a cool way to put networked services on the desktop.

We talked about Google's hiring process and the problem they have getting smart people to work for them when they have a strike price on their options of $500. Google's actually set up a unique internal market that allows employees to trade vested options to help solve this problem.

Nobody's really happy with their mail clients ecept Phil Burns who loves Outlook. This was part of a bigger discussion on Vista and how it's working. Lars Rasmussen mentioned a post where he talks about his migration.

We talked about a Web site called Weight Loss Wars. The idea and Web site are good, but the discussion was about how many "Web 2.0" features were in it. So, what are Web 2.0 features? Here's the list we worked out.

  • Shared data architecture (RSS, blog widgets, etc.)
  • Limited page refreshes
  • Collaborative interaction
  • APIs so that apps can be built on top of it.

And Phil Burns has a weird post about Blake Snow. Ask him about it.

9:58 AM | Comments () | Recommend This | Print This

May 23, 2007

Seth Godin Tomorrow

Seth Godin will be speaking on tomorrow at the Salt Palace. I have it on good authority that you can pay at the door, if you haven't pre-registered. The cost is $50, but you get to hear Seth speak, get some food, and also get five copies of his latest book. The doors open at 1pm and Seth starts speaking at 1:30.

8:22 PM | Comments () | Recommend This | Print This

Google Goes Fishing

Jeff Barr has a humorous look at the approach junior Google recruiters are using on him. As Scoble said:

Anyone who does an hour's worth of research with a search engine, like, say, Google's, knows that Jeff is worth hiring and isn't worth treating with a bit of the usual filtering bulls##t. Either hire him, or leave him alone. I also wouldn't let newbie recruiters even get close to anyone who has a blog --- I'd make sure that bloggers get handled by a real pro, not the amateur hour kind of hiring folks that are pitching Jeff currently.
From Google hiring funniness « Scobleizer
Referenced Wed May 23 2007 09:15:04 GMT-0600 (MDT)

Robert's right. The world of blogging has changed what you can know about a person and the sense you can get about them--for good or bad. At more senior levels, I think a company ought to be suspicious of anyone who doesn't have some kind of online trail. I'm not talking about a blog. But when you search on someone who's claiming to have a track record in business, that record ought to be peeking through at least a little.

9:15 AM | Comments (1) | Recommend This | Print This

May 22, 2007

Black Swans and the Impact of Improbable Events

Black Swans
Black Swans
(click to enlarge)

Yesterday, Nassim Nicholas Taleb was on Talk of the Nation talking about his book Black Swan. Of course, we published Moira Gunn's interview with Taleb a few weeks ago on IT Conversations.

The name comes from the fact that for centuries Europeans used the term "black swan" as synonymous with something that was impossible--until they got to Australia where black swans are common. Taleb uses it as an allegory for an improbable event that changes some aspect of our world drastically.

It's funny how when you learn a new concept it becomes a way to think about the world (some might say a "lense" that filters the world according to some bias, but that's a different matter). After thinking about this for a few days, I ran across a post on Thomas Barnett's blog that said (in part):

The presumption of "good" or "bad" intell can't really be proven per se. Some always ends up being "amazingly prescient," the rest is a load of hyperbolic crap.

When things work out, no one cares about all the "bad" intell. But when it goes badly (always for a host of reasons and decisions, or simply because the decisionmakers prefer the sub-optimal outcome to no action at all), then the "amazingly prescient" intell is inevitably touted as "proof" of the intell "failure" (I made this argument first in PNM).

Also inevitably, there will be calls for "reform," none of which can possibly overcome this essentially political decisionmaking process, nor will it stop the very same politicians from declaring their pet defense programs "crucial" because "we live in a world of COMPLETE UNCERTAINTY!"
From That's not how intell works (Thomas P.M. Barnett :: Weblog)
Referenced Tue May 22 2007 16:42:46 GMT-0600 (MDT)

This is one of the key points in Taleb's work. In hindsight, we fool ourselves into thinking "we could have known, if only..." and this fallacy leads to wasted efforts and blindness that keeps us from real understanding.

Taleb proposes classifying activities into those belonging to "Mediocristan" and "Extremistan." Mediocristan activities are mundane, change very little, allow good planning, and, as a result, are not prone to "black swan events." Extremistan activities seem to go along a certain trajectory for a while, but a single event can change the outcome wildly. Startups live in Extremistan, as does foreign policy.

We can further classify Extremistan activities into those that are prone to good black swan events and those that are prone to bad black swan events. Startups are an example of the former. For relatively little risk overall, there can be a huge payout--that's why venture capital works. Foreign policy is an example of the latter. No news is good news, as they say. When something happens, its likely to be catastrophic.

All in all a useful idea and one we're not prone to think about often. We like to think we can be smart enough to predict the stock market, the outcome of a piece of legislation, or even the weather. But, alas, we cannot. Taleb's advice: don't trust the so-called expert in matters of black swans.

4:51 PM | Comments () | Recommend This | Print This

Utah Open Source Conference

The Utah Open Source Conference will be held on September 6, 2007 through September 8, 2007 at the West Valley Cultural Celebration Center Open Source Technology Center (Novell).

The conference is looking for proposals for 90 minute classes on open source topics including:

  • Business solutions (process, applications, infrastructure)
  • IT management and implementation
  • Web development
  • Language skills (Perl, Python, PHP, Ruby)
  • Emerging technologies

I'm thinking about putting in a proposal for a session on OpenID and user-centric identity issues. Lots of open source tie-ins there.

12:43 PM | Comments (3) | Recommend This | Print This

May 21, 2007

CTO Breakfast Reminder

Just a reminder that we'll hold the May CTO breakfast this coming Thursday at 8am. We're in the usual place--the Novell cafeteria. Some of you are still holding out because it seems so far away, but give it a chance. It's actually no further than the Canyon Park Technology Center meeting place from the freeway.

I've been traveling for two weeks: WWW2007 in Banff and IIW2007a in Mountain View and have some interesting ideas from those trips. I'd love to hear about your ideas and interests as well, so come and share. There's no charge to attend, but you'll have to buy your own breakfast, if you like.

Directions can be found on the CTO Breakfast page.

Here are the dates for the upcoming breakfasts:

  • Jun 29 (Friday)
  • Jul 20 (Friday)
  • Aug 23 (Thursday)

Please put these on your calendar now.

See you there.

9:43 PM | Comments (1) | Recommend This | Print This

Stupid Web Design Tricks

I found this list of 19 things not to do when building a Web site.

The first, DO NOT resize the user's browser window, EVER resonated with me because I was reading a site last week that had some great information that I wanted to read, but every time I clicked on a link, my browser would blow up to full size. I finally gave up--it was just too annoying to go on.

I also liked number eight: If your website does not work in Firefox, welcome to 2007 DUMBASS. Even though on average, only 10% or so of users use Firefox, those users are influencers. Of course on some sites, the percentage is much higher. On Technometria, year to date, Firefox and IE users are dead even: 42.9% and 43.1% respectively.

8:39 AM | Comments (2) | Recommend This | Print This

May 18, 2007

Anyone Need a Pair of Netscalers?

Bungee Labs has two pair of Citrix Netscalers for sale. They're new, but out of the box and installed at a couple of data centers. I understand they'll give you a smoking deal. If you're interested, contact me.

2:26 PM | Comments () | Recommend This | Print This

Obfuscating Passwords in Forms

Most are familiar with password fields in Web forms. When you use a password field, anything the user types is obfuscated. This is, to my knowledge, to reduce the danger of shoulder surfers stealing the password by reading the screen as it's typed in. As long as I've used computers, this has been standard practice--the IBM Selectric terminals I used in 1976 would pre-print multiple characters on the paper before having you type your password so it couldn't be stolen from the printout.

What would you think of a social networking Web site that in the interest of reducing friction for people who aren't computer literate simply let passwords be typed into a normal input field, and visible on the screen? How dangerous is that? Is the danger small enough to trade off against the ease-of-use that would result? In short, is password obfuscation an idea that is simply perpetuated without thought now or is it still a vital part of security?

10:59 AM | Comments (12) | Recommend This | Print This

May 17, 2007

Schmedley

Paul Figgiani sent me a link to Schmedley. It's like the OS X dashboard inside the browser. The fact that you can do this kind of thing in a browser still amazes me.

Update: I wrote more about Schmedley at BTL this afternoon.

10:55 AM | Comments (2) | Recommend This | Print This

May 16, 2007

LunchMeet on IIW

Kaliya and I are on LunchMeet today talking about IIW. LunchMeet host Eddie Codel visited IIW yesterday and brought his camera.

1:54 PM | Comments () | Recommend This | Print This

Internet Identity Workshop 2007: Day Three

Tuesday dinner at the Monte Carlo in Mountain View
Tuesday dinner at the Monte Carlo in Mountain View
(click to enlarge)

If you're interested in following blogs about IIW2007, you can look for the iiw2007 tag on Technorati.

First thing this morning (after picking up bagels) I went to a presentation on Sxipper, Sxip Identity's login and form filling plug-in for Firefox. I've been using Sxipper since the last IIW and have come to rely on it.

When I first started using it, it had some usability problems (at least for me) so I stopped using it for a while. When I switched to Firefox 2.0, however, with automatic plug-in updates, I found that it had radically improved and it very usable. When I was doing my demo for WWW2007 last week I turned it off since I didn't want it popping up during the demo and I found that I missed it enough to notice it was gone and turned it back on.

Sxip uses the local password store (inside Firefox) to store your data. What is shared are the form maps. When you go to a form that's already been mapped by something else the map is pulled down and the form is filled from your local store. If you find a form that hasn't been mapped, you have the opportunity to map it for your (and other's) future use.

Like I said, I've come to rely on it. It's especially useful on sites where I have more than one log in because it shows me the choices and I select which login I want to use. One click and I'm in, with whatever persona I'm interested in using.

Bryan and Devlin hatch a plan
Bryan and Devlin hatch a plan
(click to enlarge)

Devlin, Bryant, and I did a session on reputation and our framework. I used a portion of my slides from WWW2007. Devlin gave a demo of the new system which includes tags for context semantics. The new system is language-based rather than having a form-based interface to a rules engine. Here's a PDF of our paper describing our reputation framework. This doesn't discuss the OpenID reputation work---that hasn't been written yet.

The report-out on the OSIS Interop session from yesterday happened at noon over lunch. Here are the statistics of participating components and features:

  • five Information Card selectors
  • eleven relying parties
  • seven identity providers
  • four token types
  • two authentication mechanism

The bottom line was that for the most part, these systems all worked well together. There were a few problems and they were documented for more work. The results are documented on the wiki (at least they will be and I'll link to them as soon as they're up).

Paul describes Higgins in less than seven minutes
Paul describes Higgins in less than seven minutes
(click to enlarge)

The last session I attended today was Paul Trevethick on "Understanding Higgins in Seven Minutes." The slides are one's that Paul uses to talk to people outside the user-centric identity community. Here are some things he tells them:

  • Maximal decentralization of identity information leads to maximal security and privacy
  • use of local identifiers (pseudonyms) where possible
  • Linking across context allows us to "have our cake and eat it too" in the sense of privacy, security, and convenience.

He goes through the different kinds of identity information a person has to illustrate that we can't solve the problem by creating "one big silo."

Higgins defines "i-cards," a generalization of Microsoft's Information Card concept. For example, a relationship card might aggregate attributes with different authoritative asserters. They also define an "identity agent." A card selector is an example of an identity agent, but the concept goes further. The agent projects and protects identity attributes.

An interoperability framework allows the various protocols, tokens, attribute schemas, and data access methods to come together in a way that is abstracted for the user. Higgins provides a common data model for all of these things and then defines plug-ins for mapping various systems into the common data model. The Higgins data model allows linking from one context to another (i.e. me in my family, in Second Life, in the Dept. of Motor Vehicles, etc.) The action is all in the links.

Higgins is the "Linux of identity" or a kind of glue.

The closing
The closing
(click to enlarge)

The closing was fun with the usual reporting out, chatter, thank-yous and so on. Lisa Heft, a friend of Kaliya's who facilitates open space events had created a group poem from things people said to her yesterday when she talked to them. She had them say their own words and interspersed her words between then. There were over twenty people and it turned out pretty well. I was impressed.

Overall, another great IIW. There was a lot of energy. The barista said "These folks drink a lot of coffee! I feel responsible for some of the chatter I heard." I don't know which is cause and which is effect, but there was a lot of activity. I liked it.

1:32 PM | Comments () | Recommend This | Print This

May 15, 2007

Internet Identity Workshop 2007: Day Two

IIW2007A Agenda Wall
IIW2007A Agenda Wall
(click to enlarge)

The second day at IIW started in the traditional way: building the agenda. I was surprised that almost half to rooms stood up to propose a session. The wall is pretty full and there are lots of interesting sessions. If you click through on the thumbnail at the right (two clicks), you should be able to read the details.

One of the sessions I attended this morning was on the OpenID 2.0 spec and what's left to be done. There seems to be some feeling among potential users that there is an opportunity lost here and momentum could drop if the new spec isn't available soon. On the other hand, there are a few issues that people would like to address.

I think this is a maturity problem in the OpenID community more than anything else. Not that the people in it are immature, but the community hasn't developed the governance yet that will allow these decisions to be made systematically. My own feeling is that getting things solidified is more important than any problems that aren't regressions (i.e. worse than in OpenID 1.0) or will require significant retrenchment on the part of IdPs or RPs.

Doc Searls and Mike Jones
Doc Searls and Mike Jones
(click to enlarge)

A couple of identity related announcements today. First, via Mike Jones, Microsoft has completed the process of putting the Identity Selector Interoperability Profile V1.0 under the Open Specification Promise.

Similarly, Sun announced a "non-assertion convenant" for OpenID. From Gerald Beuchelt's blog:

[T]he NAC is a short (three paragraphs) legally binding document that licenses all of Sun's patents (and not only necessary claims) to anybody implementing OpenID 1.1 Auth and Simple Reg 1.0 ... in perpetuity ... royalty-free. This license will only be withdrawn, if someone decides to sue Sun over this technology.As far as I know, this is the first covenant like this around OpenID.
From Web Services Contraptions - Pre-Announcement: OpenID Non Assertion Covenant
Referenced Tue May 15 2007 13:30:52 GMT-0700 (PDT)
The Barrista
The Barrista
(click to enlarge)

Speaking of governance, over lunch, we had a discussion about Identity Commons. This is the Identity Commons purpose (from the wiki):

The purpose of Identity Commons is to support, facilitate, and promote the creation of an open identity layer for the Internet, one that maximizes control, convenience, and privacy for the individual while encouraging the development of healthy, interoperable communities.

Does that speak to you? Do you feel included in that? Are those ideals your ideals? That's a critical question for Identity Commons as we try to move people's feelings about from Identity Commons from "they" to "we."

Bryant Cutler and Devlin Daley, two of my students, gave a presentation on their SimplePermissions project. SimplePermissions is a delegation scheme (in the classic, not the OpenID sense) for OpenID that allows a user to authorize another user to act for them for specific activities. They gave a demo of SimplePermissions and discussed the idea. Full delegation requires no changes to OpenID, but doing permission-based delegation would require an extension. Further relying parties would need to specify the delegatable actions on their site using that extension.

There is some controversy whether delegation (in this sense) is a good idea or not, but the fact is that people "delegate" all the time by giving someone else their password. This idea would eliminate the need for password sharing. With OpenID, that's especially useful since an OpenID password is more valuable than a site-specific password since it can be used anywhere the OpenID is accepted.

Some use cases: delegating an eCommerce account to a subordinate. Mashups are another. You might even want to self-delegate to create one-time or short time accounts for use in low-security environments.

The OSIS interop code session seemed to go well. I'm anxious to get a report from some of the people involved. We had a problem with the wireless (go figure) that caused some headaches at first, but we worked around that eventually.

OSIS Interop Event
More interop testing
Presenting at IIW
Chatting in the reading are

I spent some time in Doc's VRM session. I think people were finally getting to some real idea about how vendor relationship management might work. I heard a few sentences that started with "once...then we'll..." where the assumption that followed the "once" were not necessarily something I thought was realistic, but that's true in many sessions, not just this one.

1:29 PM | Comments (1) | Recommend This | Print This

May 14, 2007

IIW2007 Has Begun: Day One Activities

After months of preparation, IIW2007 has begun. Whew! I always feel a big relief when the "train leaves the station" as Mike Jones said.

During the introductory presentation Eugene Kim asked how many people were here for the first time and probably one-half two-thirds of the audience stood up. That's great. He also asked how many people had been at the first IIW in Berkeley and there were a dozen or so people in that group.

We're starting off differently this year. We broke the group into smaller groups of 7 or 8 and asked them to discuss the "key questions" they brought to the workshop. The goal was to get people introduced to each other as well as to some of the issues, and maybe even some of the answers--at least the current thinking.

This is the concept map that came from the group discussion. To read it, you'll need to click through to the highest resolution, probably.

Concept map from introductory session of IIW
Concept map from introductory session of IIW
(click to enlarge)

I'll be putting my pictures of IIW2007 online as well. Others will be using the iiw2007 tag at Flickr.

Speed Geeking
Speed Geeking
(click to enlarge)

The middle part of the afternoon is a series of lightening talks from about some of the projects in the user-centric identity area. Dale Olds spoke about OSIS. Eve Maler spoke about Liberty Alliance and SAML. Mike Jones spoke about CardSpace. Mary Ruddy spoke on Higgins. David Recordon and Bill Washburn spoke on OpenID and OpenID Foundation.

Speed Geeking
Speed Geeking
(click to enlarge)

After project introductions, we held speed geeking. This is a reprise of an event that debutted at last December's IIW. We moved it to Monday to get people interacting early and to leave time for tomorrow afternoon's OSIS working sessions. Here's a list of the demos:

  • Higgins and idemix
  • Sxipper
  • Vidoop
  • CardSpace
  • bandit
  • OpenID Token Exchange Extension
  • Schemat Consumer
  • PIBB
  • OpenDS
  • Community Portal with SAML2, & CardSpace
  • Simple Identity for the Web
  • WSO2 Identity Solution

The afternoon finished up with the traditional address by Doc. Doc has had a powerful vision of what user-centric identity can achieve, probably going back to the Clue Train days. I love to hear him preach the gospel of user-centric identity.

3:23 PM | Comments () | Recommend This | Print This

May 13, 2007

William James: In the Maelstrom of American Modernism

A while back, during a recording for the Technometria podcast, Matt Asay mentioned he was reading a biography of William James. I'm not sure what intrigued me about what he said, but right after the broadcast I ordered a copy. It took me a while for it to get to the top of my reading list, but it finally did and I read it during my trip to Banff for WWW2007.

William James was one of the members of the polymath James family, his brother was the famous novelist Henry James and his sister Alice was famous for her posthumously published diary. He came of age during the Civil War and died in 1910. He had profound influence on the development of modern American philosophy and the field of psychology. He lived a fascinating life.

William James
William James
(click to enlarge)

This was a book well worth reading and one I couldn't put down at times. I love biographies in any event and this was about a period, subject, and person I was not well acquainted with. There is much to recommend this book, including the fact that it's well researched, well written, and engaging. Here are some of my favorite quotations from the book:

That is "the element of Faith" which [James] adroitly defines as "belief in something concerning which doubt is still theoretically possible: and as the test of belief is willingness to act, one may say that faith is the readiness to act in a cause the prosperous issue of which is not certified to us in advance." (p. 202)

James's mood, in the fall of 1880 and in general now, was not skeptical or contradictory. "I am tired," he wrote to Davidson, "of the position of a dried-up critic and doubter. The believer is the true full man." (pp. 210-211)

"To anyone who has looked on the face of a dead child or parent," he wrote in 1907, "the mere fact that matter could have taken for a time that precious form, ought to make matter sacred for ever after. It makes no difference what the principle of life may be, material or immaterial, matter at any rate co-operates, lends itself to all life's purposes. That beloved incarnation was among matter's possibilities." (p. 257)

"Whenever a desired result is achieved by the cooperation of many independent persons, its existence as a fact is a pure consequence of the precursive faith in one another of those immediately concerned...A whole train of passengers (individually brave enough) will be looted by a few highwaymen, simple because the latter can count on one another, while each passenger fears that if he makes a movement of resistance, he will be shot before anyone else backs him up. If we believed that the whole car-full would rise at once with us, we should each severally rise, and train robbing would never even be attempted...There are, then cases where a fact cannot come at all unless a preliminary faith exists in its coming." (pp. 362-363)

"In the mater of conversion," James wrote, "I am quite willing to believe that a new truth may be supernaturally revealed to a subject when he really asks. But I am sure that in many cases of conversion it is less a new truth than a new power gained over life by a truth always known." (p. 365)

James dives in by declaring simply that "the best fruits of religious experience are the best things that history has to show." Put in personal, psychological terms, "the man who lives in his religious center of personal energy, and s actuated by spiritual enthusiasm differs from his previous carnal self in perfectly definite ways." The saintly character, then, is "the character for which spiritual emotions are the habitual center of the personal energy," and such a person seems to James to possess, on the whole, four fundamental inner conditions. First is "a feeling of being in a wider life than this world's selfish little interests." Second is "a sense of the friendly continuity of the ideal power with our own life, and a willing self-surrender to its control." This is "an immense elation and freedom, as the outlines of the confining, self-hood melt down." Fourth is "a shifting of the emotional center towards loving and harmonious affections," a shifting toward the yes! yes! of emotional impulses and away from the no! No! of our inhibitions. (p. 410)

The book is full of such thoughts--especially after you get through James's early years. One of the things that's fascinating to me is the route James took to his greatness. He spent much of his twenties undecided about his life and searching for what he wanted to become.

Sometimes I pick up a biography and find it nothing more than a dry recitation of the facts, but this is not one of those books. Richardson reaches into the mind of the man and brings William James alive again.

7:59 AM | Comments (2) | Recommend This | Print This

Andy Griffith

I listened to Scott Simon interview Andy Griffith yesterday on Weedend Edition. What a funny, interesting, and just plain nice man.

6:45 AM | Comments () | Recommend This | Print This

May 11, 2007

Everything Is Miscellaneous

Dave Weinberger's new book, Everything Is Miscellaneous, is out. I saw it in the bookstore at the airport in Calgary, but Canadian book prices are outrageous. It's like booksellers fixed the exchange rate years ago and haven't taken changes since then into account. It was $35 CAN. Yikes. So, I just ordered in from Amazon. Only regret is I won't have it for my trip next week.

8:27 PM | Comments (1) | Recommend This | Print This

WWW2007 Wrap-Up

Today I'm on my way home from Banff. The conference goes until Saturday, but with IIW starting Monday of next week and Sunday being Mother's Day, I didn't feel like I could hold out until the end. My feelings on WWW2007 are mixed.

This is one of the few conferences I'm aware of in this space that mixes academic and commercial interest. I think that's a worthy goal. What's more, I attended many good presentations that led me to new lines of thought. That's the ultimate measure of a presentation or conference, I think.

And yet, I was also disappointed. Somehow the WWW conference series seems to be able to take something as exciting as the Web and wring all the life out of it. The conference, at least to me, has none of the excitement that you find in the best of other venues that bring practitioners together to show their latest innovations. The innovations are here as well, to be sure, but they're couched in clinical terms and shown in harsh light so as to make them seem more like dead specimens under a jar than the hopeful blood, sweat, and tears of real, passionate people.

Still, I'll continue to come to these, I think. On balance the experience is worthwhile. Besides, next year it will be in Beijing and I've been looking for an excuse to get to China for 20 years.

Here are all my articles with the tag WWW2007 and here are my photos of Banff and WWW2007.

11:33 AM | Comments () | Recommend This | Print This

May 10, 2007

Marc Hadley on WADL: a RESTful API Description Language

Marc Hadley (from Sun Microsystems) is giving a talk called "Describing Web Applications - WADLing with Java." WADL is a RESTful description language for Web APIs. WADL comprises resource, method, request, and response descriptions.

Marc gives an example using the Yahoo News Search API. Resources are specified relative to a base URI and can describe parameters that are common to all methods. Methods are the standard HTTP methods and can specify a request and response set for that method. Responses have representations that describe the type of the response. The language can also describe faults as responses.

There are tools for turning WADL into Java. wadl2java can be run from the command line or from Ant. He originally used XSLT to generate code, but that didn't work very well. Now he uses the JAXB CodeModel.

He shows some examples of using the resulting Java code. Pretty clean.

The Sun Web Developer Pack is a collection of tools for "Ajax, Scripting and REST-based services development supported by a NetBeans plugin."

Thomas Steiner has created REST Describe, a tool for creating WADL from an API. REST Compile, also from Thomas Steiner, will, I think, generate code besides Java, although figuring out what is pretty hard from the site.

Personally, I believe that the lack of a description language has held back the use of RESTful APIs. WADL is a good step in the direction of rectifying that.

4:53 PM | Comments () | Recommend This | Print This

Theodore Bullock: HTTPerf is New and Improved

HTTPPerf is a tool for measuring Web service performance. The problem is it hadn't been updated since 2000, even though there had been numerous bug reports in the intervening seven years. Theodore Bullock, recently of the University of Calgary, reported on a project to fix reported bugs and redo the build system, making it more portable that a Software Engineering class carried out last year. The result is version 0.9 is is freely available.

There are plugins that do sessions and Web log playback. Others could be written. For example, I'd like to see a plugin that incorporates Rhino and does Javascript evaluation as part of the testing.

Theodore is working on future versions. Version 1.0 will include support for loading multiple servers, IPv6, providing structured data output via XML, and HTTP Basic Authentication support. Plans for version 1.1 include a GUI interface to manage experiments, server statistical load measurement, support for multiple sessions and cookies, and XML descriptions of workload. (Theodore's slides)

4:16 PM | Comments (1) | Recommend This | Print This

Olivier Thereaux on the Unicorn Validator

I'm in a talk in the Developer's Track where Olivier Thereaux is discussing the Unicorn project, which is building a new, opensource, generation of Web content validation.

3:53 PM | Comments () | Recommend This | Print This

Hunting Down Spammers

The last talk reminds me that on my way into Canada, as I was passing through customs, the customs officer asked me my business. I reported I was going to give a tutorial at a Web conference. Here's the conversation:

Customs Officer: On what?

Me: Digital identity.

Customs Officer: What's that?

Me: Ways to identify people on the Web.

Customs Officer: Will it help with Spam?

Me: Not directly.

Customs Officer: Will you ask the people at the conference if there's any way we can hunt them [spammers] down and kill them?

N.B. I think by "we" he meant society in general, not Customs

Me: I'll let them know

Customs Officer: Thanks.

When the frustration level of the general public is getting to the point that you get comments like that going through customs, you know people are just plain sick and tired of it.

3:00 PM | Comments () | Recommend This | Print This

Understanding Splogs

Have you ever wondered exactly how splogging (spam blogs) work? What's the structure of that industry (and it is an industry)? Yi-Min Wang and Ming Ma (of Microsoft Research) and Yuan Niu and Hao Chen (of UC Davis) have studied the problem and found that there's a bottleneck in the economy of splogging at what they call the "aggregator level." This is the place to fight splogs. Here's the PDF version of the paper and here's a NY Times article on the results.

2:46 PM | Comments (3) | Recommend This | Print This

Finding Quality Blogs

This