In a box on the left, you'll find a small form that launches a hotspot search on )(JiWire. I've been pretty impressed with the depth and accuracy of this system. Hope you like it. Though right now the UK Postcode search seems a little flaky. [from: JB Wifi]

This article Habits of Online Adults - InfoSeeker News - Microdoc News is mainly about what people do on line. But it ends up being a description of how email is no longer used. Such has email become a black-hole of disuse that we could not conduct our survey through email this year. ... Eveyone has their "hotmail", "yahoo" or other email address, but more than 58% of our respondents no longer check their email address. Of the 450 respondents who use the Internet more than five times a week, 53% of them no longer remember their email address.

If this is generally true, then we may have to seriously re-consider how we go about communicating with people online. When we build websites we routinely (as in Ecademy) use email to verify that there's a real person on the end of the request and not a bot. I should check to see how many people we're losing because they never get their password.

I'm still absolutely convinced that the killer app of the Internet is one-to-one communication. If that's not going to happen via email then how is it going to happen? And as someone who is fairly addicted to email and has been using it since before the web, I find this really sad that we've collectively managed to destroy it's usefulness. [from: JB Ecademy]

Next time you're reading or commenting on a weblog entry, click on the [G] and [F] below it, just after the number of [comments].

G does a Google search for the blog title. F does a search on Feedster for the same thing. You might need to adjust the search a little on Feedster but it's a useful resource if you're looking for recent web entries somewhat similar to this one. [from: JB Ecademy]

Take a look at this. Before you ask, it's a bit of harmless fun that doesn't mean anything much.

From a privacy angle, we do store your votes, but I won't ever show your vote to the person you're rating.

And do give me some feedback. Maybe there's some real value hidden in there? [from: JB Ecademy]

The Buttafly Guide to Interpreting (network site) Photos Actually about Friendster of course, but works equally well for other network sites such as Ecademy, Ryze or Yafro. [from: JB Ecademy]

My particular interest in SSO is mainly with Drupal and Drupal based systems. I've been puzzling over how to extend Drupal's existing Distributed Auth[1] to make it more general and available in other systems.

I believe there are two or three approaches here.
1) Top down, BigCo, Industrial strength. Passport, Liberty, SAML, WS-*, PingID
2) Federated signon, profile sharing between known websites. PingID(maybe), Universal.
3) Bottom up distributed auth between unknown websites. Drupal, SEA.

I have a real problem with 1) I can't understand the specs. Even though it's supposed to be open standards it keeps drifting into proprietary land. Ref implementations are typically Java and DotNet ignoring LAMP. Some (possibly all) of the standards are encumbered by Patents. The possible saving grace is that
Jabber and Andre Durand are involved in PingID and SourceId is at least open source.

2) and 3) Look like good starting points. I prefer the philosophy of 3) because it doesn't require prior agreement between participating websites. Which then opens up the possibility of people running their own authentication server (like running their own Movable type install). However both Universal and Drupal/SEA need to do some major work on the authentication process. Passing plain text ID+Password around is too primitive. it should be possible to use some of the patterns from 1) in architecting this.

So I'm up for helping to build a bottom up solution and getting it implemented in lots of different broadly social networking software. Things like Drupal, Nuke, phpBB, MT, etc.

[1]http://drupal.org/node/view/312 Note that Drupal already has code to authenticate and use an ID+Password pair located on Blogger, Delphi, Drupal, Jabber, LDAP, Livejournal, Manila, Yahoo. There are patches for returning a User Profile and creating a local user record from some of these. There's some good
starting points in there.

Another one for the blogroll and RSS aggregator. Telepocalypse Some very interesting discussions going on here. [from: JB Ecademy]

Wow! No cigarettes for 6 weeks and I'm still more or less sane.

Just saw that SourceID supports SAML 1.1 (via Jeremy Allaire, via Marc Canter). I wrote a rant today about this whole area. The gist is that I'm sure this announcement is significant, but I can't work out why or how I can play too. I would absolutely love to see some support for LAMP instead of just Java and DotNet. And I'd love to see someone explain SAML (Liberty, PingId etc etc) in words of one syllable.

Then I read this. RSA Security has identified four patents which they believe could be relevant to implementing certain operational modes of the OASIS Security Assertion Markup Language (“SAML”) specifications. To obtain a royalty-free license to the RSA Patents to make, use and sell products conforming to the SAML specifications, a customer or partner must sign RSA's Patent License Agreement. Well I guess that's that. I cannot and will not support this sort of bollox! So if Passport is out because it's proprietary. And SAML (and hence Liberty and PingId) is out because RSA think they might have some patent hold over it, where does that leave us?

We really can't let a bunch of scary corporates have control over something as important as Mydentity.

I've got a number of applications in mind that involve Federated Digital ID. The problem is that the standard specs and toolkits are too damn hard. So I'm looking for some advice and help about how to approach this.

The basic requirements are that it should be possible to go to more websites, to be able to use a Single Sign On, have a single Profile under your control and preferably avoid having to login and be authenticated repeatedly. These websites range from simple community, news, bulletin board or social networking sites to full blown ecommerce.

So far I've discovered Passport, Liberty, LoginDog and Drupal working in this area but with very dfferent rationales. Then there's WS-Federation and a bunch of other SOAP based "Standards".

- Passport. With MS behind it and the links to MSN and Hotmail, this has considerable momentum. If you use MS technology on your web site and you're prepared to play with them at a corporate level then fine. But the support for non-MS technology is effectively dead. The wire protocols are proprietary. And while MS did pay lip service, the toolkits for non-MS (Linux, Solaris, Java) are broken and no longer for current Passport releases.
http://www.pcworld.com/news/article/0,aid,105972,00.asp

- Liberty. Liberty, SourceID, PingID are a bunch of initiatives to provide an open standards based alternatives to Passport. These revolve around XML standards like SAML. Now there are some reference implementations in Java and DotNet but nothing in Perl, PHP or Python so that pretty much cuts out the low end of the market. I had thought that toolkits in these languages would be a good thing to contribute. Then I started to look at the docs and I quickly gave up. It's full of words like "non-normative"! I still think there's something in here and this is the best bet but damn it's inaccessible.
http://www.sourceid.org/wiki/Wiki.jsp?page=Specs.Standards.Overview

- WS-Federation. Jamie Lewis at Digital ID world said "WS* is an example of a cartel in action.". If you thought Liberty was confusing you should see WS*. It certainly looks like the BigCos creating standards that are so complex that it's only possible to use them with the BigCos tools.
http://www-106.ibm.com/developerworks/library/ws-fed/

- LoginDog or Universal. This is an RFC for Universal, an authentication replication system for PHP4 and later. The rationale for Universal is web applications such as Phorum, phpBB, WebCalendar, PostNuke, Xaraya, Drupal are unable cooperate because there is no data sharing. Universal is an attempt at bridging these islands of data by providing means for PHP applications written by different people to work better together. As a PHP developer, you can help make PHP web applications interoperate by implementing a shared sign-on mechanism based on the specs described here. Great. Exactly the level of detail and capability I'm after. Except that the security approach is pretty primitive. Then the project appears to be dead and there are no reference implementations.
http://php.weblogs.com/universal

- Drupal Distributed authentication. Drupal has a working system that is in use at most Drupal sites. It's security is minimal. There's some obvious extensons that could be built. Thes are not criticisms but opportunities. If it wasnt for the other initiatives above, it might be worth pursuing as a basis of something that could be used outside Drupal. As it is there's a nagging doubt that perhaps it would be better to implement SAML in Drupal and then use that as a platform to evangelise SAML to things like phpBB, Nuke and so on.
http://drupal.org/node/view/312

This is all getting pretty frustrating! I can see some clear needs here, but I'm at a loss as to how to move forwards. Anyone got any ideas? Can anyone explain SAML to me? Does anyone want to help write code to implement some of this stuff? [from: JB Ecademy]

mySociety: a VoxPolitics project is an attempt to build more of sites like Stand and Faxyourmp.

"We think that sites like FaxYourMP, UpMyStreet.com and TacticalVoter.net are highly socially beneficial and, at base, extraordinarily cheap. However, there are very few of them. Surprisingly few, in fact. We are a project to build more of them."

So if you can code, have a little spare time and are politically inclined, why not get involved. [from: JB Ecademy]

Here's the Executive Summary of a study that shows that the total quantity of information in the world doubled between 1999 and 2002. This reminded me of the "Jumping Jesus theory" of Robert Anton Wilson and Terence McKenna.

Treat the total amount of information in the world at ADzero as 1J. It doubled by about 1500AD, doubled again at 1750AD, again at 1900AD, 1950AD, 1960AD, 1967AD. Wilson extrapolated this out to 1982 when there were approximately 512J. If we keep going and include this latest data as a data point we get these values for for date, doubling period and total information.

2002, 3, 32kJ
2005.15, 2.8, 64kJ
2007.85, 2.7, 128k
2010.43, 2.6, 256kJ
2012.89, 2.5, 512kJ

As technically aware people we'll recognise some key drivers for this. Gordon Moore's law predicted that the number of transistors on a chip would double every 18 months. Hence twice the power for half the cost. General concensus seems to be that Moore's law will keep going for at least another 10-15 years. There's no named equivalent to Moore's law for disk space, but it's going at around 3 times computer power. So that's doubling in capacity every 6-12 months. Gilder's law says bandwidth rises three times faster than computer power. So that's total bandwidth capacity tripling every 12 months.

These sorts of exponential curves have some unsettling properties. Half of all the information currently around was created during the last doubling period. And 90% in the last 3 periods which right now means that 90% of all human knowledge was created in the last 10 years.

The problem with that is that as humans we have a hard time coping with this mentally. We tend to think that the future will be more or less like the past but plus a bit. Actually the future after one doubling will be significantly different and after 3 doublings 90% different.

So let's take a really scarey view. Vernor Vinge speculated in 1993 that "Within thirty years, we will have the technological means to create superhuman intelligence. Shortly after, the human era will be ended." Given the accelerated rate of change in the first 10 years of his prediction and the expected change in the next 10 years, that doesn't look so unlikely. Which maybe brings us back to Terence McKenna who predicted a singularity in 2012 to coincide with, among other things, the end of the Mayan calendar.


[from: JB Ecademy]

Some of you know that Ecademy was originally based on Drupal. What you may not know is that you can log into and create an account on any site that uses Drupal using your Ecademy ID and password. Just go to one of the sites, and for id use my_ecademy_userid@ecademy.com with your ecademy password. The site will magically log you in and create a user record for you. [from: JB Ecademy]

Magnatune: try before you buy MP3 music.. infoAnarchy says it better than I can.

They call it "try before you buy." It's the shareware model applied to music. Listen to hundreds of MP3'd albums from their artists. Or try their genre-based radio stations. If you like what you hear, you can buy their music online for as little as $5 an album or license their music for commercial use. Artists get a full 50% of the purchase price. And unlike most record labels, their artists keep the rights to their music.

This has been tried a couple of times before but never quite like this. I happen to think this and not iTunes is the future of record companies. But what do I know? I'm not looking for the next S Club 23 to pay for my posh habit. [from: JB Ecademy]

I've just uploaded a foaf export module for Drupal V4. You can find it in the contribs CVS. It works stand alone but it depends on the buddylist and profile modules to work at it's best.

Techdirt:Free Hotspots Have A Better Return Than Paid is a report that quantifies the ROI for a venue offering free WFi internet access. The example is the Schlotzsky's Delis chain in the USA. What's interesting here is that the cost of installing a free WiFi hotspot is much, much less than a paid one, because there's a whole load of baggage you don't need. As a venue you can then concentrate on selling your primary business line to the extra customers that the WiFi brought in.

On a much smaller scale, it would be interesting to know how many Ecademists are spending money in cafe Grand Prix because there's WiFI available. I certainly know I've spent money in the Media Centre because I could get bandwidth there. [from: JB Wifi]

Silicon Valley - Dan Gillmor's eJournal - London Bloggers' Gathering Friday Evening

Meet the London Blogerati and a Superstar Journalist.

When: Friday at 18:30.
Where: Red Lion, Westminster, 48 Parliament St.
Who: Whoever wants to show up.
Why: You have to ask? [from: JB Ecademy]

BBC - iCan seems to be a group community news site. Keep an eye on this one. It appears that Matt Jones had a big hand in it. [from: JB Ecademy]

Somehow I've got myself on a mailing list for New Media Knowledge. They're courses actually look quite interesting and relatively cheap. Is anyone familiar with them?

+ Internet Research Methods *only 2 places left
+ Spam Laws: New Electronic Communications Regulations
+ Managing Online Communities + Better, Faster, Smarter: Online Advertising Returns
+ Finance for Non-Financial Managers
+ Selling Social Software
+ Measuring Website Effectiveness
+ Christmas Lecture: Kosovo 2.0
+ Cyber Curricula: The Future of the e-Learning Market
+ IVCA Perfect Pitch -- closing date 24 October
[from: JB Ecademy]

Marc points at this, Federated identity, PingID and standards cartels - TechUpdate - ZDNet : Speaking at Digital ID World General Motors chief technology officer Tony Scott detailed the difficult path to delivering a federated identity solution. Federated identity management, which supports multiple entities connected within a circle of trust, is one of the major initiatives growing out of Web services that will provide substantial benefits to corporations and consumers.

Bing! I just realized why I have a problem with this. I want to do the same thing but without the "circle of trust" bit. Or at least build the circle of trust on the fly or have it appear as emergent behaviour. As long as the circle of trust is a pre-existing requirement before we can share and move Digital Identity, we'll have big gorillas controlling who is in the circle and who isn't. And you can be sure that you and me won't be allowed in.

Just as right now you can't really use SSL unless you're CA is one of a handful of commercial entities. In that case it's because the circle of trust is effectively hard coded in the browser.

Even if it's not as good or bad as that, we'll still have to build the circle before we can use it. So how long will it take for new website Foo.com to get included in the circle managed by bar.com?