The Blog
30 Jun 2005 29 Jun 2005 Mark Prisk MP, Hertford & Stortford (TheyWorkForYou.com)
My MP and his voting record [from: del.icio.us] Ben Hammersley's Dangerous Precedent - The curse of the missing clause : While developers in the US are being hamstrung by their courts, and their counterparts in Europe are about to have software patents kick the chair out from under them, the developers in the warm and cheap places are getting busy. If you really care that your software was written in the US, then the Grokster case is quite a big deal. If not, you just shrug and move on. The rest of the world's a big place. They make software there too.
Hear, Hear! 28 Jun 2005 27 Jun 2005 Notes on RIAA and MPAA Press Conference: Corante
9-0 Unanimous in favour of MGM. "We hold that one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties." Oh, fuck... That ruling opens the door to endless law suits because it will shift the burden of proof onto the technology company to prove that the technology does not foster infringement. And the liability for acts by third parties means a pretty much open ended upper limit on damages. The only winners will be the lawyers. No change there then. 26 Jun 2005 Following Johannes and Doc
We should be able to draw out stacks for Infocard using what we know about it so far. SP and IP Infocard SXIP-MIS LID-MIS A.N.Other-MIS MIS WS.* SOAP HTTP End-User MIS WS.* SOAP Browser Extension |- Browser HTTP----| SP = Service Provider IP = Identity Provider MIS= Meta Identity System SXIP-MIS = Future SXIP that uses MIS LID-MIS = Future LID that uses MIS A.N.Other-MIS = Future Liberty/SAML/PingID/whatever on MIS So what does this mean for implementing on non-MS platforms. Well for IP and SP, you'll need at a minimum, a full WS* stack implementation. Then you'll need to reverse engineer the MIS. Then you need to convince the Identity systems who have implmented on top of that to implement on your platform on top of *your* version of the MIS. For the End User, we're going to need the browser to offload to an ActiveX or DLL. And for non-MS operating systems we need to get the browser support extension built in a way that looks the same to the browser. So the big question for me is the extent to which MS help and support people building non-MS implementations. Because without their help I just can't see anyone doing the work. And even on the MS environment I question whether anyone else will build alternate identity systems on top of the MIS. So Kim, the gauntlet is on the floor. Are you going to pick it up? Let's take this line of thinking a bit further. First the End User. Let's assume that the MS implementation of the end user part gets very wide implementation, at least as wide as the dotnet framework. In taht case on an MS OS it's actually quite reasonable to imagine extensions in Firefox, Opera and Safari to get built. We've already got extensions that interact with DLLs and local aplications so it's not so hard to see. On a non-MS OS it's all a little harder but not impossible. On the server side, the critical issue is support for the Service Provider. There's really two approaches here. The first is a native language version. This means that the WS* stack, MIS and Identity service are built in PHP or perl. Given the current state of SOAP support and the difficulty in getting the community to build it, I don't think this is going to happen. The second approach is to have WS*, MIS and Identity service written as an operating system extension or as a web server extension and then to have language extensions that talk to it so that the humble web application programmer can then just make calls in the same way you might use Expat, MySQL or Frontpage. Now we've broken the problem in two. The first part is getting LAM versions of WS*, MIS, Identity service written and deployed. The second part is getting the language extensions written. I'm repeating myself but this is not that different from Passport. And I don't see it happening unless MS puts effort into helping a community to do it. The last part is the Identity Provider as a Server side process. I'd love to see this widely distributed and a whole class of low end IPs (like Typepad) appearing. But I think the barriers to entry are just too high within this environment. If all the SP server side parts get built, then just maybe, people will then do this. But I think all the other parts have to be in place first before anyone will try. Haven't Microsoft just re-invented the RDF:Bag and RDF:Seq tags as an RSS extension?
Apart from just re-inventing the wheel, I kind of wonder what the point is. Perhaps we'll find out when there are some real examples of data using this extension. 21 Jun 2005 This one's for GoogleGroups and Yahoogroups.
1) An RSS feed of the title and first few words of anything posted to the public groups and mailing lists I belong to. 2) An RSS feed of the title and first few words of anything I post to any public group or mailing lists. Then I could aggregate them into my Digital Lifestyle Aggregator. Which prompts a thought. Does or could Typepad have any knowledge of what you post in a comments field that is Typepad authorised? 20 Jun 2005 Just posted this to a mailing list.
OK. I'll have one more go at where I'm coming from because we are agreeing. But I still don't think MS and Liberty/SAML are addressing what I think of as the low end for very wide implementation (of digital identity). In the key early identity functions there are three players. 1) End user (EU) 2) Service provider (SP) 3) Identity provider (IP) End User - These days, the early adopters are all using Firefox and Safari. An IE only strategy is going to alienate these people and you need them on side to drive EU adoption. So that means plain old HTTP, XHTML, Javascript and no ActiveX. Or a different strategy with Browser checking that uses different techniques depending on the browser being used. Service Provider - There is a very large population of potential SPs that are using LAMP based applications such as Movable Type, Wordpress, Drupal, phpBB, OSCommerce, Nuke, etc etc. These could really benefit from a common single signon, and account creation identity system. Either for authentication prior to comments or authentication before joining the community. Or for authentication before buying something. A high proportion of these sites are running on minimal hosting. Which means that we're looking at lowest common denominator technology (today). eg http redirect, http auth, http Get/Post, and scripting language native tools like XML parsing, XML-RPC, SOAP-RPC. And finally toolkits that are written in the native scripting language. Requiring extensions to Apache or PHP probably isn't going to be possible for most of these sites. Identity Provider - IPs have more flexibility because it's reasonable to assume that any commercial IP is going to have complete control over the server. So then we break the market into two. One is in the LAM part of LAMP probably plus Java and C extensions. The other is the MS camp. Now I want to push the system requirements for IPs downwards because ultimately I think there are a large number of the SPs that could and should provide *some* identity function with *some* level of trust. For instance, I can easily imagine a Civicspace site providing identity checking to a Movable Type site when the EU wanted to leave a comment. And there's a somewhat utopian ideal that we can push the IP even further down to personal websites which provide some *more limited* identity function with some *more limited* level of trust. But early on I can understand why the complexity of an IP may mean that we can't or shouldn't attempt to include this. So in a nutshell we have, EUs needing at least IE6 and/or Firefox. SPs need plain vanilla LAMP support as found on cheap web hosting. DPs can require full server control from the owner, but we would like to reduce the system requirements to the same as SPs. This is the market that LID and SXIP (and others) are aimed at. I'm not convinced that Liberty/SAML can address it. And the reasoning is that even if it's possible to implement the underlying design patterns as above, the current implementations all assume more technology than is available at the typical SP level. I'm not convinced that MS InfoCard can address it, because I think it will be too complex to implement at these levels of technology and because MS will feel unable to help due to commercial considerations. 19 Jun 2005 The end? Or the beginning?
Jon Newton has written an amazing screed about the MGM vs Grokster ruling which is due to be released tomorrow. It's subtitled "You and I against them". Yup, we could do with a "Them Spray". ps. I always thought there should be a can spray called "MuzakOff". It would be a nasty congealing goo that you would spray into loudspeakers playing Muzak and render them mute. 17 Jun 2005 I've just been talking to someone who wanted to sell me contextual advertising. After going round that, I suggested an idea that turns this on it's head.
I want to get an RSS feed of the latest ads that have been placed for a particular Keyword. The example we used was "Wifi". If I'm tracking Wifi by taking a whole set of RSS feeds both from single sites and from news aggregators like Google News, Topix, del.icio.us and flickr I'd really like to also take a feed of latest Ads in that area. Because that will give me an additional view of the market and should lead me to information about new products and services in the area. From the advertiser's point of view, I'm a high value customer who's shown specific interest in that keyword and so I'm actually much more likely to click through to find out more information. What was interesting was that the guy on the phone had a really hard time getting his head round that because he was so concerned about the impact and how it would work around their current business model. Now as well as getting higher quality impressions in front of a customer who has self selected for interest in that keyword, you've also cut out having to pay the site publisher who displays them. Somewhere in there, he said that Overture (and possibly others) provide a (possibly private) XML feed of the highest value ads for a particular keyword. Which means that they are very close to being able to offer this already. The XML just needs reformatting into RSS format. So when is an advertising company going to think outside the box and start offering this? I'm sure there's some problems around click through fraud, and republishing bu they don't feel insurmountable given that Overture, Google and others are already providing ads for RSS that end up being displayed in RSS readers rather than on websites. » InfoCard and Web Services | Between the Lines | ZDNet.com : Even so, I'm convinced that if Microsoft does what they say they will, the open source community will build components if for no other reason than the fact that they will have to to participate in the identity environment that will grow up around the standard Microsoft creates.
IMHO, Passport is an existence proof that this is wrong. My take is exactly the opposite. If Microsoft does what they say they will, the open source community will simply ignore them. And the MS identity environment will become Microsoft only. At which point it will only be of interest to people running MS Servers or who can afford to bolt MS servers into their rack for this purpose. The 2nd reading of the UK ID card bill is coming up in ten days time on June 28.
Whether you're for or against the bill, you can write to your MP and let them know your feelings here. If you're against the bill, please sign the pedge here. 3381 people have already signed for "I will refuse to register for an ID card and will donate £10 to a legal defence fund but only if 10,000 other people will also make this same pledge." [from: JB Ecademy] [ 17-Jun-05 1:25pm ] Corante has a post about the RIAA attempting to stamp out "Casual Piracy" and make criminals of us all. I'm reminded yet again of Zappa predicting a time when music is made illegal.
Two posts from me in the comments. A little vignette from last year. I decide I want to buy Zero7's latest album. I walk down to the record store and notice the "Copy Protection", "This is not a CD" label on the CD and decide not to buy it (£14 saved). I walk back home and a quick search shows that AllofMp3.com have the album available in MP3 192Kb VBR so I buy it from there instead (£0.80 spent). This year, the store closed down. I'm not condoning this but merely reporting it. A DVD-RW holds what? 5Gb? I know people who have burnt their collection of MP3s to 3 or 4 of these and take them round to their friends to copy onto their computers. An 80Gb 2.5" disk and a USB2 case is what? $150? I know people who have filled one up and keep it in their shoulder bag. Dumping the whole lot onto somebody else's computer and dumping their files onto the disk takes an hour at most. Who needs P2P when you can share with friends and family by the 10s of Gb? And with no risk of being chased by the RIAA via their ISP. So here's two aphorisms. "Why is it my fault if your business model is screwed?" and "Just Say No To DRM". If the current content business disappeared you think people would stop making music or being paid to do it? 16 Jun 2005 Vitalsecurity.org - We're Calm like a Bomb: Aurora install source revealed, and 175 Megabytes of televisual terror
When BitTorrents go bad. Download a .RAR of Family guy, and get 175Mb of self installing adware. [from: del.icio.us] eclectech : the very model of a modern labour minister : a tribute to charles clarke and his id cards
No2ID - The GB version. Awesome! [from: del.icio.us] 'I will refuse to register for an ID card and will donate £10 to a legal defence fund' - PledgeBank - Tell the world "I'll do it, but only if you'll help"
Do it now! [from: del.icio.us] 14 Jun 2005 A music lover's lament : You smiled when you first got away with selling a Billy Joel LP for $8.98, and you can damn well smile again now when we fold the worthless thing into jagged thirds and ram it up your ass.
  1 to 20 of 3860 |