fallenpegasus: (Default)
I'm a big fan of OpenID. However, pretty much all of my past uses of it have been experiments, demonstrations, or because I sought out OpenID enabled sites.

A couple of days ago, I finally used it "for real".

A client of MySQL's uses a system called projectpath.com. And when I first went to it, I saw that it is OpenID enabled!

It's kind of a pity that MySQL.com isn't an OpenID provider for it's staff, like Sun.com does, so that I could have used something like "http://openid.mysql.com/mark.atwood" for it. Instead I just used my personal OpenID of "http://mark.atwood.name/".
fallenpegasus: (Default)
In response to [livejournal.com profile] brad's post and [livejournal.com profile] daveman692's post, about Thoughts on the Social Graph.

I have posted the following:

I came home from FOOcamp with my mind buzzing with something similar. It was in the zeitgeist, I guess.

Between being annoyed at some of 6As recent actions, and annoyed that if I left LJ, I would lose a lot of valuable social network information. And then the sessions on distributed social networks, openid, oauth. And playing with the CrowdVine social network software that had been set up for FOO.

And then I added in my own current hot interest, massive utility grid computing, and the attendant fall in price and ease of access for users to buy really cheap really transient processing.

And I had a vision.

  • The "next gen FOAF format/protocol", distributed federated social graph data, like you have just excellently described.
  • And social attribute claim data (X's name is, X's birthday is, X's interests are, etc)
  • And the concept of the small start-your-own social network app, like CrowdVine. Only cranked even farther up/down. Instead of for a small cluster of people, its just for one person.
  • And run it on the coming tide of uber-cheap, transient processing, with persistent storage.

Everyone could run their very own "social networking site", that would be all about just them. Sort of a "blog, squared". And that it could interop with the other "sites of one", and also interop with all/most/some/any of the current and future Big Systems.

A person could have something that will work and look and feel almost just like their current LJ / MySpace / Facebook / Vox / Friendster / Tribe / etc accounts. But it would be theirs, no longer subject to threat of deletion/distruction at corporate whim.

It could be easily hosted, either with the current model of renting a cheap hosting provider, like Linode or something. Or via the next generation of transient computing, like the successor or evolution of EC2. So if it's not doing much, it doesnt do much, and if it's suddenly called on to do a lot, it can burst up as needed.

Probably a good design for a "system of one" would have the basic core to handle the netgen-distributed-FOAF stuff, and the core of publish/subscribe (I'm thinking something like gdata, Atom over HTTP with TLS).

And then common modules for skins, blogging, images, presence, instant messaging, additional access (email from phones, SMS), "hot what" (Twitter / Dodgeball / etc).

And then a whole pile of more modules, which can barely be conceived of yet. Shopping agents. Wallets and value stores (maybe with a live network connection to a cryptoprocessor in the user's physical possession). Financial tracking/alerting/autotrade. Clipping service. Automatic secretary / personal assistant. etc etc etc.

There doesn't and wont be only one implementation, either. Many many can be written and deployed. As long as they mostly possess as sufficiently overlapping set of mutually understood protocols...

I think that this is more or less the way things are going to go.

The current silos are going to be as snowballs in boiling water. Their users are going to jump ship as fast as low-pain migration tools can be written.

There is going to be no more huge money in running a "basic" social network site at all. About the only good feature such will be able to offer will be hand holding, attempts at uptime guarantees, and resistance to DDOS / slashdot effect / instalanch.

The social graph will stop being something that people make money with, and become something that people make money because of. There will surely be lots of money to be made, via applications that haven't been realized yet and are not possible yet.

fallenpegasus: (Default)
I want to write a OpenID Provider. Initially with a very basic web "look". Add skinning, CSS, branding. Pluggable modules for user attributes and auth techniques.
fallenpegasus: (Default)
Sunday afternoon, I took the Amtrak from Seattle down to Portland. I think from now on, if I want to go to Portland, that will be the way I will go. It's about as fast as driving, a lot less stressful, it's cheaper (looking at the cost of gasoline), and I have a power outlet. And no damn TSA to deal with.

Portland is a lot like Seattle, only with trains and more hippies.

The O'Reilly folks are helpful and friendly.

Monday, I had wanted to do the morning session on Xen. But it had been cancelled. Foo!

So instead I went to the "Code Like a Pythonista: Idiomatic Python" by David Goodger. It was very cool, and I improved my Python skillz just from watching his examples.

That afternoon, I to went to "A Taste of Haskell" by Simon Peyton-Jones. I picked it because I knew almost nothing about it, except that it's something very different from the CS research world that had made the jump to actual use. It make my head hurt, and I want to learn more about it.

Afterwards, at the end of the session, Nathan Torkington said hello, because I had asked a Perl related question. ("Is there anything like CPAN for Haskell?") Behind him was Larry Wall. I had to tell them that while I used to be a heavy Perl user and worked in a very heavy Perl-only shop, now my language of choice is Python.

That evening, I went to a keysigning BOF, and increased my meshing into the GPG web of trust, and also picked up id points from Thawte and from CAcert.

That night I went to dinner with Brian Aker of MySQL, Rasmus Lerdorf of Yahoo, and Rob Lanphier of Linden Lab.

Tuesday, I attended the morning session "OpenID Bootcamp" by Simon Willison and David Recordon. I didn't learn much new about OpenID itself, but I did learn about Jyte.com and more about ClaimID.com

I had lunch with the OpenID guys. David gave me a "Verisign Identity Protection" fob. PayPal sells them for $5, Verisign sells them for $30. They probably cost a quarter each in quantity from the manufacturer. I then set up my PayPal account and eBay account to use it. I am annoyed that my bank and my credit card web accounts dont use it, and am annoyed that Verisign makes it difficult and expensive to be a VIP RP, when they should be making it cheap and easy.

That afternoon, I went to "Simple Ways To Be a Better Programmer" by Michael G. Schwern. There wasn't much new there for me, but it was interesting to see it all together in one place. Part of it was about code, part was about increasing your own productivity, part was how to "to be an asshole", and part was about peopleware.

After that, I went to the AWS S3/EC2 BOF. Interestingly, most people where there to learn about it, and I was the only one with both experience and opinions and advice. So I ended up being an impromptu speaker/moderator. I got a lot of business cards, and had productive exchanges with Renat Khasansyn of Apatar, who I had met at MySQLCon, and with Kimbro Staken of JumpBox.

That evening, I went to the MySQL party. Several people from O'Reilly helped me navigate the train system. At the party I met Kaj Arnö, which was productive and hopefully profitable. Then Kaj and Monty treated me to a particular Finnish drink called Salmiakki Koskenkorva. I liked it, but then I got a taste for dark black licorice from my mother.

After that, I went back to the convention center, and hung out with Julian Cash, Rob Lanphier, and Robert Kaye of MusicBrainz. Fifteen years I was annoyed when CDDB took all the data that I and many other people had shared together, and basically stole it to start GraceNote. Robert Kaye was so annoyed, that he started MusicBrainz with the goal of smashing them. It's apparently been a threadbare task until recently, when Google started buying his datafeed.


Jul. 24th, 2007 11:11 am
fallenpegasus: (Default)
I just signed up on Jyte. Anyone else use it?
fallenpegasus: (Default)
FOOcamp 2007 had/has a bespoke social network site, based on CrowdVine.

While using it, I sent in a handful of suggestions to the developer/maintainer, Tony Stubblebine. I asked for OpenID, for vCard, and for OPML. OpenID to avoid "yet another password". vCard so I could import all my neat FOOcamp contacts into my address book. OPML so I could easily import and read my contacts' blogs in my own reader.

He welcomed the suggestions, and then implemented two of them. OpenID support is "real soon now".

One of the Nice Things about the cycle of creation and destruction in technology is that when you can find something early enough in it's lifecycle, suggestions can actually be heard, understood, and implemented. What are the odds that one of the Great Big Social Network Sites would, or even could field suggested features this rapidly?

If you ever consider setting up a geek con, or anything inspired by the "unconference" ideal, talk to CrowdVine and Pathable.
fallenpegasus: (Default)
One of the people I met last weekend was Simon Willison. We spent some time talking about OpenID. Like me, he's been trying to convence various sites and projects to hire him to OpenID-enable them.

One objection was "we don't want to outsource the security of our users to some unknown OpenID provider". His response is: "Do you have a 'I forgot my password, email me a new one' link? Then you're outsourcing the security of your users to some unknown email provider."

Until he said that, I had not really seen it that way. But he's right. "Email me a new password" has exactly the same data flow and security model as OpenID, only with a crappy and slow user experience.

While browing the OpenID wiki a bit, I discovered that there is now an HTTP Auth mode for OpenID. I've added patching that feature into cURL on my todo list. Have to make user there is also a matching Apache module mod_auth_openid to test against.

Someone has hacked together a quick and dirty translator portal between OpenID and XMPP (aka Jabber aka GTalk). It would be nice if the various Jabber providers added this to their respective web presences.

SourceForge has a discussion going asking for community interest in adding support for OpenID. I, of course, weighed in that they should.

It's kind of ironic that the Mailman servers that the OpenID project uses, don't use OpenID. Mailman should be one of the primary targets in having people write and submit a patch to add the feature. (Next should be BugZilla.)

OAuth is a related technology to OpenID. It's just barely getting off the ground, but I think that it will get traction and acceptance much faster.

To get OpenID spread, we need to get lots of small site operators to start supporting it, and most of them are just running their site with a precanned CMS. Getting each one to change is a slow retail one-at-a-time slog.

But OAuth isnt for small sites. It's for bigger system that provide online APIs to their service. Right now, most of the web-service providers that realize that this is important, have their own hand-rolled solution. Flickr Client Service registration, AOL OpenAuth, etc. All the sorts of things were you have to get a an application key so that some client will work with some web service, or so that you can allow some web service A to do something with some other web service B on your behalf, without having to actually give web service A your password to B.

Many of the people who designed/wrote/support the existing per-service protocols were at the BOF, and everyone wants to stop supporting their own custom stuff. There is not likely to be much if any pushback from management or marketing depts either, because maintaining one's own client client auth protocol gives no competative advantage, no "customer lockin", and makes it less likely that people will write clients or foreign service interfaces to your own service.

I'm having a vision of a convergence of OpenID, OAuth, and Atom. Once you can say "This is who I am", "You are allowed to do this for me", and "Here is what I want you to to send/post/do", and nearly every browser, cellphone, PDA, and display client understand the protocols to do so...
fallenpegasus: (Default)
At the Ignite Seattle a few days ago, a very hyperactive guys, Mark Novak of Microsoft, "broke" OpenID in a dizzying flickering of slides. As best I can tell, the basis of the "break" is that if your OpenID provider becomes evil, they can start impersonating you.

That seemed pretty obvious to me when I first had OpenID described to me. And thus, while I've signed up with over a half dozen providers, when I do use OpenID, I use myself. You can install a PHP that acts as a single person OpenID provider.

If I have to worry about me stealing my own online identity, and going around pretending to me, I have bigger problems than just data security protocols...
fallenpegasus: (Default)
I've just used OpenID for the second time "for real", using it to login to DZone.
fallenpegasus: (Default)
After chasing [livejournal.com profile] malixe's photos of SEAF, I have finally done a real OpenID login, for the first time. To Zooomr. Here's hoping it's the first of many.

If any of my readers administer or have technical input into any web sites that have registrations or accounts, wikis, blog comments, web services, etc, whatever, please start pushing to implement OpenID. Please.
fallenpegasus: (Default)
At the Vancouver PHP Conference this past weekend, and then again last night at Ignite Seattle, there were presentations on OpenID.

OpenID is probably the coolest pieces of net "infrastructure" tech I've seen in a year. I'm really excited. I'm looking at places I can help advance the tech, projects I can plug it into.

I've started burbling it to everyone I know who has the geek chops to understand it.

For you non-tech folks, here is what it means. For every site that is OpenID enabled, you don't set up a password there. Ever. You just plug in your OpenID, and go. First thing each morning you will have to login to your OpenID provider.

A neat part of the tech is that some big company can't just be the central "Big Brother", anybody can be your authorizer, and it just works. One of the biggest authorizors right now is LiveJournal. So any OpenID enabled site, I can put "fallenpegasus.livejournal.com" in as my id, and go. Or I can install MyOpenId on a webserver somewhere, and use it. And because I've put a couple of "magic text" in the <head> of my homepage, I can just use "http://mark.atwood.name" as my id. There is a proposal to use something that looks more like a username.

Moz, FF, and IE will magically it even easier in their new versions. They will notice OpenID login boxes, and pop open a widget that will just let you select one, to save typing.

An excellent detailed howto on how to setup your own pages is here, at OpenID for non-SuperUsers. If you have your own HTML "homepage", and/or have access to a PHP enabled "home webserver", I recommend it to you highly.

The only real problem right now with OpenID is that there are actually more sites that will provide an id than will use one. But that will change. Work is underway to plug this into MediaWiki/Wikipedia, into WordPress and the other OSS blog systems, into things like bbPHP and Gallery2, and into Slash.

I'm looking myself at plugging it into Jabber and into PAM.


fallenpegasus: (Default)
Mark Atwood

November 2016

202122 23242526


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 19th, 2017 11:30 pm
Powered by Dreamwidth Studios