A standard way of serializing RDF in YAML would be an interesting exercise.

BTW. Any thoughts that ReST + YAML could be a replacement for XMLRPC or that RSS and Atom could be reworked via s/XML/YAML/ should be banished the moment they arise. They are much too disruptive and likely to cause a complete melt down of certain sections of the interweb during the ensuing flame war.

emotion : LOL

The Social Software Weblog is one of the first of Jason Calacanis' commercial weblogs from Weblogs Inc. Which is all well and good, but where's the RSS, Comments, Trackback, FOAF and all that other Movable Type goodness? Can anyone work out what platform they're using? And the posts are from someone hiding behind "Weblogs, Inc. Staff". Having said all that the content is quite good.

Incidentally, there's what looks suspiciously like a job advert for journalists who want to blog for money on the sites. [from: JB Ecademy]

Smart Mobs points at Jon Stahl pointing at a thread on Howard Dean's campaign blog where they're brainstorming tools for political activism (phew). Jon (or was it Howard) has summarised the 173 posts so far into at least 23 (fnord) key suggestions.

The one I really like is to run a copy of Bugzilla to track issues. This is something that should actually be done at every level of politics. Of course, we (the electorate) should be able to post bugs in the social fabric. Discuss them, categorise them, allocate responsibility and check them off when they are fixed and tested. It's the perfect geek solution to open government.

But also of course, it would never work.I mean "Society" is not an open source development project, now is it. You can't check the local school out of CVS, fix it and then check it back in. You can't run the benchmark test suite against version 1.02 of the Health system after the nightly build.

There's something happening here and what it is ain't exactly clear. And it may even herald a radical change in political process where we finally get some real participation. Or is it just the shift of power from the genuinely wealthy power class to the moderately wealthy middle class while still leaving two thirds of the population dis-enfranchised. And maybe it's still encouraging politicians to play their power games without actually changing anything. [from: JB Ecademy]

That asshole, Chris Locke never called me an asshole. And that asshole, Dave Winer has never called me an asshole in public. For that, that asshole, Julian Bond says he's truly thankful.

We may not do Burning Man in the UK, but we can do The Big Green Gathering. And one star attraction there this year was the iTrike: The World's First Solar-Powered Internet Rickshaw! which provided WiFi connected Internet access to a satellite base station, streaming video and music all while sitting in a sofa and being gently pedaled round the campsite. Yes. That is a giant pantomime Zebra next to the giant fluffy sheep. [from: JB Wifi]

OhMyGod! Like gag me wth a spoon! It's the official George Dubya Bush Campaign Blog!

You've got to admire a website that has menu options for both "Compassion" and "Homeland Security"

Come on Tony Blur. Get with the program. It's time you had one too. [from: JB Ecademy]

Quick and dirty solution to putting your Skype account on your profile. People can then click on it to call you.

Cut and paste this into your profile notes.



and change your_skype_id to your Skype ID.

eg



If enough people want this I'll add it as a field on the database. [from: JB Ecademy]

Most cable and ADSL modems these days have a USB port rather than ethernet. You typically have to pay extra for an ethernet connection. This makes sense as it means that the connected PC can use it's typical one ethernet port to share the connection with a LAN without having to install an extra port.

So why do none of the consumer grade WiFi Router/AP/Hub combination boxes have a USB port for the WAN side of the box? Surely direct connection to an ADSL or Cable modem is their primary market?

If you have this setup of a USB modem and Ethernet Wifi box, how are you supposed to rig everything up? ADSL - Modem - PC - WiFI - LAN ? In which case, the router functions are unused. Or do you have to buy a USB-Ethernet adapter to go ADSL - Modem - Adapter - Wifi. [from: JB Wifi]

SEA - Simple External Authentication or Simple Single Sign On for the rest of us now has a mailing list and a wiki.

Mailing list

Wiki

I'd meant to post this earlier but have had a little time out. Anyway here's some thoughts on the WiFi event.

1) The panel seemed to be perfectly OK with a private individual using whatever open access point they found. This is a real position that I mostly agree with from a pragmatic point of view. However I really wonder whether the guy from SUN understood what he was suggesting. If someone in SUN put in a rogue Access point inside their firewall would they really be OK with me using it from outside the building?

I know that this is a grey area where the law clearly says that un-authorised access is illegal. But I'm puzzled about the real world implication. It's not hard to configure Win XP to auto-associate with open access points. Now if an AP is unencrypted, responds to DHCP, provides an internet gateway and my laptop uses it and then downloads email with no interaction from me, It's pretty hard to see what harm I'm causing, or what bad intent I have. And again in the real world, it's pretty unlikely that anyone will notice or prosecute me. So without saying whether it's right or wrong, legally or morally, you have to end up going "who cares".

2) The advice from several panel members about securing your use of a public (or private) access point was to use a VPN. And I and others sat there listening to this and thought "Hmm? VPN? to where exactly?" Now if I was an employee from a large corporate wth a large IT department, and I was using internal systems then I'd agree absolutely and I'd expect the IT dept to sort it all out so that my access was secure. But for the rest of us as private individuals, or employees of SMEs, or BigCo employees who aren't using internal apps, all we really want to do is surf the web and deal with email. For the web surfing, security is either irrelevant, or should be secured with https in the normal way.

So that leaves us with email. Now just about the only security issues with email are exposing the password and being able to send email. The first can be solved with TLS/SSL encryption. The second can be solved with SMTP AUTH again secured with SSL. And if we're concerned about keeping the email contents secure then we should be using S/Mime or pgp. Now SSL and SMPT/AUTH are supported by almost all email readers and typically only require a couple of extra checkboxes to configure. So the only problem left is that our typical ISP's email or corporate email system don't yet support SSL and SMTP AUTH.

So we should be demanding that our ISPs support these standards, perhaps as a premium service. We should be demanding that our IT dept support them. And if they don't then we should be using "wires only" broadband with a boutique email only ISP that does all this as well as spam blocking and virus checking. And for the WISPs and Hotspot operators, there's a secondary business for you. [from: JB Wifi]

I've been trying various VoIP systems both at home and on Wed afternoon over the WiFi service at Cafe Grand Prix. Here's a quick summary.

MSN Messenger. I've never been able to get audio or video to work with full support going both ways. There always seems to be some firewall or NAT problem. MSN6 seems to be marginally easier than ealier versions and Netmeeting. Bu like I say I've never managed to get a full two way audio and video link. Attempts in the last week and over the WiFi failed as usual.

FWD. I've had success in the past using standard SIP systems along with FWD's SIP proxy to get through firwalls. However on the WiFi both my SIP clients failed to connect through the gateway. This was using SJPhone and XTen Xlite. Presumably some essential ports wer being blocked.

Skype. It just worked. No firewall problems. Good quality. No difference between home and wifi. One conversation was with a guy in Spain and the quality was at least as good as a cellphone. Another conversation was with someone using a laptop with the built in mic and speakers. Until he'd said, I couldn't tell. The one thing to be aware of is background noise such as music as this can increase the bandwidth needed and hence reduce quality if the bandwidth is limited.

So even though Skype is proprietary, the combination of hype, PR and code quality looks like winning out. And using it from a WiFi hotspot seems to be trivial.

Now this brings up the last issue. Most paid for Hotspots use a captive webpage for sign in. This is fine as long as your device has a browser. But if your device is a dedicated VoIP phone, you may be stuck. This probably means that the minimum device is a PDA. And it also means we're still a long way from VoIP over WiFi being anything like as easy as using a cellphone. [from: JB Wifi]

My VoIP over WiFi report is here. [from: JB Ecademy]

What are the news sources you regularly read for information about WiFi? Do you know of any others with an RSS feed? I'll start:-

802.11 Planet http://www.80211-planet.com/
80211b News http://wifinetnews.com/
Channel 'wifi' http://topicexchange.com/t/wifi/
CNET WiFi http://www.news.com/
Computerworld Mobile/Wireless News http://www.computerworld.com/
CYBERFROST.net http://www.cyberfrost.net/weblog.php
DailyWireless http://www.dailywireless.org/
E3 http://www.e3.com.au/
GoogleNews: WiFi WLAN 80211
http://news.google.com/news?num=15&scoring=d&q=wifi+OR+WLAN+OR+80211
InfoWorld: Wireless http://staging.infoworld.com/cgi/redesign/subjectindex.wbs?
year=&month=§ion=&startcount=1&topic=WIRELESS
Muniwireless http://www.muniwireless.com/reports/
net stumbler dot com http://www.netstumbler.com/
Network World on Wireless and Mobile http://www.nwfusion.com/topics/wireless.html
O'Reilly Wireless Dev Center http://meerkat.oreillynet.com/
Reiter's Wireless Data Web Log http://reiter.weblogger.com/
Sifry's Alerts http://www.sifry.com/alerts/
Techdirt Wireless News http://techdirt.com/news/wireless/
Voxilla http://www.voxilla.com/
Warchalking http://www.warchalking.org/
WiFi Tech http://www.wifitech.com/ [from: JB Wifi]

Websites within 100 miles of Ecademy

The localfeed from London weblogs. And in RSS.

Perhaps we should add this to DailEnews? [from: JB Ecademy]

Bruce Sterling's Ten Technologies That Deserve to Die

1. Nuclear Weapons
2. Coal-based power
3. The Internal-Combustion Engine
4. Incandescent Light Bulbs
5. Land Mines
6. Manned Spaceflight
7. Prisons
8. Cosmetic Implants
9. Lie Detectors
10. DVDs

Incidentally Bruce has a catalogue of all his online work here. Now where's the RSS file? [from: JB Ecademy]

I've now implemented half of Drupal's remote authentication. If you go to any Drupal site, you can log in and create a user record by using your ecademy ID and password. So for instance you can go to drupal.org and log in with id= your_ecademy_login@ecademy.com and password= your_ecademy_password.

I'm working on the reverse of this. To be able to create a user record and login to Ecademy using credentials that are validated against other Drupal, jabber, blogger or whatever sites.

If anyone is interested in trying to extend this to a much more general (but low tech) single sign on system please get in touch. [from: JB Ecademy]

I want to try an experiment with VoIP (Voice over IP) to see just how effective it is. To that end I'm running as many clients as I can manage. eg

MSN Messenger with webcam
julian_bond@voidstar.com

Skype
julian.bond

FreeWorldDialup using SJPhone or Xten Xlite
sip:21125@fwd.pulver.com

I particularly want to try this over the WiFi link at Cafe Grand Prix tomorrow afternoon. If you can use any of these systems, please give me a call, but particularly give me a call around 4-6pm BST Wed Oct 1. [from: JB Ecademy]

Ecademy now has a semi-permanent IRC channel.

irc://irc.freenode.net/ecademy

You'll need an IRC client such as mIRC or Chatzilla to access it.

We probably won't be adding a Java web client unless someone can recommend a cheap/free tool that actually works ok. [from: JB Ecademy]

I want to try an experiment with VoIP (Voice over IP) to see just how effective it is. To that end I'm running as many clients as I can manage. eg

MSN Messenger with webcam
julian_bond@voidstar.com

Skype
julian.bond

FreeWorldDialup using SJPhone or Xten Xlite
sip:21125@fwd.pulver.com

I particularly want to try this over the WiFi link at Cafe Grand Prix tomorrow afternoon. If you can use any of these systems, please give me a call, but particularly give me a call around 4-6pm BST Wed Oct 1. [from: JB Wifi]

Kendra Wiki is thinking along similar lines.

There's a thread on the decentralization mailing list following it.

More thoughts:-

Ignore the actual protocol for a moment. Site alpha.com validates with Site bravo.com. Site Alpha knows that UserID="foo" + Password="bar" + URL="bravo.com/sea/" = True. The remaining security question is the reputation or authenticity of the web service at bravo.com/sea/ This is the added value that centralized single sign-on systems claim to provide. I guess my argument is that there are very large numbers of situations where that last layer of authentication is not needed. So if it's not needed, stop trying to solve that problem and come up with the simplest solution that is "good enough" to answer the layer below.

The real security question is whether the end user is comfortable giving ID+Password+URL to alpha.com. Arguably, alpha.com is building a database of these triples in the knowledge that they *might* be useful elsewhere.[2]

In terms of protocol, I'm probably getting it wrong and ignoring prior art. I'm sure there are challenge-response approaches where the password never goes down the wire (SPA? APOP?). And if necessary the whole authentication transaction can be hidden with TLS[1].

In terms of UI, the user would need to provide ID;Password;URL;Protocol Where protocol is one of SEA, Drupal, Blogger, Delphi Forums, Manila, Yahoo, Jabber and LDAP[2]. And URL may be part of ID for some protocols.

[1]Such a shame that there's a commercial lock on TLS certificates. [2]Several of these take advantage of an existing API that includes password. I suspect that a bit of screen scraping and cURL could extend this to Passport, AOL, and quite a few others. Clearly, ID+Password+Passport is worth quite a bit more than ID+Password+Manila but also has much more potential for abuse.

---

Jeffrey Kay wrote:
>The basic idea behind authentication are that you have to trust the
>authenticating authority. If you can't then the system fails.

Back in the real world, there's a reductio ad absurdam problem with this. Most "Authorities" (eg Passport) are only really warranting that this ID is associated with an email address which appeared to once have a human reading it. Even eCommerce SSL certificates only really warrant that a domain had a fax number associated with it at one time.

So let's try a use-case. I got it into my head that the Deanspace software could be used by the Liberal-Democrats in the UK. While doing the research, I signed up at geeks4dean.com and told them to validate against jbond:drupal.login:voidstar.co m/xmlrpc.php. When the password I gave them validated, they picked up my foaf file and thumbnail and auto-created a profile for me. There's an audit trail and if necessary someone could look at voidstar.com and find content going back a few years. They could check the pgp signature on the foaf file. The domain has some history. Email addresses that include @voidstar.com appear all over the web. There's a CV up there. So clearly voidstar.com is a pretty good authenticating authority for jbond. Now I go to expats4dean.co.uk and tell it to validate on jbond:drupal.login:geeks4dean.com/xmlrpc.php They create their own profile based on the one at geeks4dean.com which originally came from voidstar.com.

When I start posting extreme libertarian anarcho-capitalist tracts on expats4dean.co.uk and they decide to ban me, they can post all over their site, geeks4dean.com, this mailing list, bloggercon and anywhere else they choose that the entity that calls itself jbond and lives at voidstar.com is not to be trusted.

ISTM that this has proved at least as effective as the big centralized authenticating authorities. And we didn't have to involve them at all.

I feel sure that I'm re-inventing wheels here. And I've no doubt that I'm glossing over deep problems. But I refuse to accept that this problem needs either some BigCo in the middle, or incredibly complicated web services that are all spec and no implementation.

---