Tag: OpenID

Self-reliance is nobody’s fault but my own

Just over a year ago I installed an OpenID provider on this site, and have been using the URL here ever since to harass and harangue other blogging types (mostly fishy ones).

Unfortunately, several months back I did some behind the scenes changes. They were merely back-office tweaks, since as you all know the theme/style here is already the most artistic, creative…heck downright gorgeous hunk of web design anywhere on the interwebs. Sadly my flair for technicolor wowza does not extend to my left-brain, and OpenID provision went bust.

At first I pointed fingers at Blogger, and took those I regularly denigrate there to task. But after significant amounts of research and tinkering, I now realize that it is the technology within causing the problems.

I make no apologies, primarily because I know certain denizens of the tubes have expressed sighs of relief during this otherwise difficult period. They are undoubtedly thanking me for my ineptitude. But someday near I will make reparations – I vow that the cynical, ill-humored, irritable commentary certain folks have previously accepted while cussing under their breath will resume.

MG signing off (while Alex, Kyle, Jean-Paul and others tremble in their boots)

Links for the Lazy – 1/15/09

Mixed bag


  • Google starts axing services, but Google Reader is safe for now. There might be something to all that attention data value, but it isn’t going to benefit you anyway. I’d be looking for a substitute reader (preferably desktop) just in case.
  • New Yahoo! CEO Carol Bartz on the [first] dotcom bubble“I’d go to investor conferences—with standing room only at presentations by Used-Fucking-Golfballs.com—and I’d get four shareholders listening to me.” I love it.
  • XRDS-Simple at home – I’ve added Will Norris & Company’s WordPress plug-in to the previous OpenID install. Now I do my OpenID logins here instead of at a third party. As expected, works nicely.
  • Finance

  • Ready to play The Bailout Game? Personally, no. Like Hasbro with Scrabble, Parker Brothers will probably sue the makers for the likeness to Monopoly, and when that doesn’t work out they’ll join the RIAA in suing the players.
  • TED spread shrinks, so the TARP is working – Greg Mankiw concludes as such, although Citigroup and B of A equity investors might want to hold on doubling down right now.
  • Do you know what the multiplier for government spending means for you? You might want to brush up, as with the amount of public cash being dumped into failing institutions to compensate for idiocy, Zimbabwe-style currency destruction could be in your future.
  • Fly Fishing

  • Cuba Releases Hemingway Archives – Fishing Jones has more.
  • Strike indicators find love – Call it a bobber if you like, but I always laugh when high-profile guides talk about how they always see the fish eat the nymph. While using indicators.
  • Winter sucks – But the Frying Pan makes it more than tolerable.


Taking this blog to new heights of petulance with WordPress 2.7

I’d barely gotten use to the 2.6 switch when a new version hit. The new automatic updating functionality kind of freaked me out (hence the delay), but since I’ve been tinkering with the code on this site since time immemorial I figured something was bound to break anyway. And much to my chagrin, nothing did (at least on upgrade), which means I’m forced to do real work, the lure of a winter fishing day notwithstanding.

The new WP dashboard is outstanding – everything is laid out much more intuitively, and the ability to reorganize said layout (along with the rest of the back end interface) only adds to the ease of use. I’ve enabled OpenID commenting too. I was hankering for OpenID some time ago (enough to even pay for it), and just hadn’t had the time to seek out the latest release.  I haven’t installed XRDS-Simple yet so I’m still using a third-party OpenID provider, but frankly I’m astounded that server functionality even exists – Will and Chris have done one hell of a job with the plug-in. Thanks guys.

Have a safe and happy new year.

Someone does OpenID right

Significant website now accepts OpenID! It just so happens to be Sourceforge, the bastion of open source software projects.

It’s about time someone big started accepting OpenID for authentication, instead of just dishing out OpenIDs and acting oh so cool about it.

A Pyrrhic Victory for OpenID

The blogosphere is abuzz this morning about the great news for OpenID – Yahoo! is now supporting the single user sign-on process. Kinda.

While you can read the grand headlines at CNet, Mashable, or TechCrunch, cutting to the chase is what’s happening here.

This is a pyrrhic victory for OpenID. Yahoo! is now allowing you to use your Yahoo! ID as an OpenID, but they aren’t ACCEPTING OpenID to log in to their site. Acceptance as a relaying party is where the bottleneck is – something Yahoo! themselves mistakenly aluded to on their own OpenID page:

OpenID is an open technology standard that solves all of these problems. The OpenID technology will allow you to use your Yahoo! account to sign in to hundreds of web sites! And this list is growing every day…

Nice. There were at least 120,000,000 million OpenIDs in existence, including those served up by AOL, MyOpenID, ClaimID etc., and now there are something like 370,000,000 with the inclusion of Yahoo! IDs. And there are hundreds of websites you can use it on? I’d hardly call this “finally reaching critical mass.”

Technical reasoning

I’ve heard a number of reasons why OpenID has had such a difficult time, but the biggest has surely been technical. It’s justified (coming from experience), and then not.

Getting your website to accept OpenID can be a bit of a chore. If you’re a blogger, your primarily reliant on the work of smart developers in the open source community. They produce the plug-in for, say WordPress, and you download and install. If you are running a platform that isn’t getting much attention, you have to pull source from the libraries and try implementing it yourself – the same goes for any website you are running not using some “preferred platform.” And there are always associated problems to deal with – even though I prodded one outstanding developer to update a plug-in so I could accept OpenID comments on this blog, I’ve got database problems which I’m too busy (aka lazy) to fix so I can.

Conversely, putting up a simple OpenID provider is not too difficult a task. You can install a copy of WordPress MU and add the OpenID plugin. You can grab a copy of Drupal which has most of the components built into the core. Or you can just pick up some free standalone server code and spend a few more hours tweaking it yourself. You don’t yet have a critical mass of users, but you do have a functioning system.

Boiling down misaligned incentives

  • If I take the time to fix some issues and accept OpenID here, I’ve now got an additional way for people to comment. Unfortunately, they can comment right now and just as easily – I’ve therefore decided to do it next time I break a collarbone while snowboarding – I’ll have plenty of free time to fix my database since I won’t be able to ride (or cast a fly rod).
  • If I build a nifty new service and accept unmitigated OpenID-based sign-up/sign-in, I could potential gather many techno-elites as clients. This isn’t a bad proposition, but I’ll have to maintain the awareness that I’m also giving up valuable data on my users to whomever their OpenID provider is – if the providers are few and large, I run the risk that one of them is going to replicate my service and inform my new-found user base of said fact.
  • If I launch an OpenID server to provide IDs and gain significant traction, I can then gather a plethora of data on my users. I’ll know their site visitation habits, who’s blogs they comment on, and what times of the day they are active on the internet. If I’m creative, while maintaining their trust, that data could become quite valuable. If I’m already a 10,000 pound gorilla and I integrate a provider, I may not even bother with the “trust” bit.
  • It seems there is little or no incentive to accept OpenID, or I’m going to have to weigh some risks – and it is difficult to execute. Meanwhile, there are plenty of reasons to hand out IDs, and I can have a server up within hours.

    Bottom line

    Why aren’t the megaliths tripping over themselves to integrate relaying agents? The answer is simple – data. Offering OpenID on a provider-only basis could be a boon for sites – they have all the information associated with your use of their service, and can grab tidbits on your use of other websites. It presents the perfect opportunity for someone like Yahoo! to gather “social graph” information on its users without the cost associated with building (or buying) another Facebook. If you were allowed to use your third-party (or self-managed) OpenID on their site, you’d have no incentive to maintain your Yahoo! ID and Yahoo! would potentially lose two sources of information.

    What’s needed

    Acceptance is still the big issue. If millions of sites allowed OpenID, the authentication process could solve a lot of problems – it isn’t happening because there are few if any incentives to accept it. There has to be a tangible benefit for those allowing OpenIDs in (and please don’t say “but you’ll get more comments” – that’s like saying you’ll get more spam). I’m now beginning to believe that OpenID is also going to need choice, in the form of millions of OpenID providers. A dozen or so significant providers controlling hundreds of millions of accounts isn’t going to cut it. Unless of course it’s renamed OligarchyID.

    UPDATE: Marshall Kirkpatrick says don’t throw a party just yet. Pay attention to the points about extension of provider brands versus extension of the OpenID brand.

    UPDATE 2: Information Week yawns, and a press release confirms what Marshall Kirkpatrick inferred: this is about Yahoo! ID, not OpenID.

    UPDATE 3: Yahoo! could have done much better here for sure. Maybe they should break themselves up before they bring their partners down with them?

    OpenID 2.0…Final(ly)!

    I wouldn’t have used “finally” here. Rome wasn’t built in a day.

    On a side note, ye ole WP-OpenID+ plug-in bounty was closed a while back. Despite the enormous interest (less most of the interest), Will Norris completed the project himself. You can find the WordPress plug-in here – Will has provided a link to fixed repositories, in case you are part of the “can I smoke SVN?” crowd.

    Changing the world: one app, one bubble, one ID, and one margin call at a time

    Having 2,000 feed items stuffed in one’s reader when returning from even the shortest vacation has me thinking about how to put said reader on vacation as well.

    • MySpace and Facebook apps suck. That’s not what they really said, but The Silicon Alley Insider did point out how little they might really be worth. I’ve got no experience with MySpace apps, and my only brush with Facebook apps was getting some notification that a friend had installed one and I should do the same. My first impression – I’m getting spammed (and others share that feeling). I would never react to such a notice again, even if I was an active Facebook user. Hence, they are worthless to me too (or maybe I’m just worthless to marketers). Also of note: based on their numbers Facebook should be worth something in the neighborhood of $850 million.
    • The New York Times infers that things are getting overheated in Silicon Valley. I disagree – I think a lot more bets are being placed on a lot more companies, and I suspect those bets are generally a lot smaller than post-Bubble 1.0. There may be a lot of duplication of effort going on, but the best execution in each category is going to turn out a winner. The money is just trying to find each of those winners. Meanwhile, TechDirt had its take on the Dallas Cowboys backing out of a domain purchase, but I says its a simple matter of the rest of the world not paying much attention to the chaos.
    • Commodities traders are in short supply. As a general rule, the commodities business also retains far fewer numbers than its big sister on the securities end. I think the actual registered headcount via the CFTC is less than 200K, while the NASD numbers hover around 800K. Someone throw me a bone on those numbers (and if anyone needs a Series 3/30, drop me a line).
    • OpenID gets a victory in the fight against phishing, as well as some competition. I think the first part is great – now the challenge is getting anyone and everyone to embrace Information Cards. On the latter, I’m going to bet it’s a non-starter – too little, too late. Despite being widely embraced, even OpenID is having slow goings regarding consumption (both in systems and people). More power to SlashID if they can be more effective on that end, but I’m skeptical.
    • After consuming this, I dropped TechMeme from my reading list. I guess I can just read each of these every morning from here on out. That, by the way, is a joke.
    • Seems that debt problems extend beyond the government, those bought out, and even mortgagees. I thought much of the last year’s rally was purely cash-driven, but I guess I was wrong. Personally, I only use my margin account for short selling.

    I think that covers last week.

    Bloglines Announces (Some) OpenID Support

    Couldn’t have said it any better myself:

    As of today Bloglines users can use their Bloglines login info to sign in to other sites that support OpenID login. This is good news, but more than a bit underwhelming at the same time. Big companies can announce all day long that they will now let you log in to other sites with their ID – it’s time for them to support OpenID login on their own site using credentials from other vendors.

    Now, ask yourself why this seems so often the case.

    Google versus Facebook versus the Free (and Open) World

    Now if we can figure out where the user fits in.

    Who, What, Why

    After Facebook’s spring pronouncement that applications “get in but they don’t get out,” chatter about ubiquitous usernames and friends lists in a brown paper sack took on new meaning. Almost immediately, the talk on the web (including here) was OpenID this, social network portability that. The fight to pick vine ripe tomatoes from the walled garden was taking shape. But Google just showed up with a wrecking ball and a reaper. They’ve decided to chase the social graph (or social network…whatever). Maybe “chase” is too mild a term – according to some, they already have the components – all they are doing now is providing tools to release the information into the wild.

    There was a lot of chatter over the weekend about this. I’ll highlight…

  • Michael Arrington says Google will “out open” Facebook with the announcement of a new set of APIs on November 5th. This information was garnered from talking to several attendees to a “secret meeting” of which a signature on a non-disclosure agreement was required for admittance.

    It doesn’t seem all that tough to do, “out open” Facebook, particularly considering every time anyone links to something in Facebook I’m forced to log in to see it. Hence, I don’t see much, and if a widget that allows me to customize the “message” of some recording artist’s album promotion is any indication of what’s behind those links, I won’t be making many attempts in the future either.

  • Open door networks, closed door meetings. NDAs? The competition was not amused.
  • Kristen Nicole of Mashable noted:

    This also brings up questions regarding Google’s plans for rolling out premium Google Apps packages through companies like Capgemini.

    I concur. And I suspect there will be a lot more NDAs being signed in the near future – the parties involved need to figure out what to tell those sought after corporate clients once they lift the lid off of consumer data.

  • Marshall Kirkpatrick steered towards gloom and doom:

    Google holds our search histories, our email, our calendars, the view of earth…

    STOP! Who the hell is “our” here…you and the mice in your pockets? I rarely search when I’m logged in, my search history is set to off, I delete all cookies when I close my browser, etc. etc. I don’t use Gmail for anything remotely important, and I don’t use Calendar. We’ll just chalk that up to foresight (and I know a lot of people that behave the same way). But, Marshall did hit this on the head…

    I think what’s needed is a federated ID system like OpenID to tie everything together, not one corporate body that can already claim near omniscience.

    Bravo. Mr. Kirkpatrick gets it very well indeed.

  • Yes, the winds of change are upon us, and even they were talking:

    But I’d be a helluva lot happier of they had started with the basic principles and mechanisms for ensuring privacy and announced those first – before releasing working code modules.

  • Conclusions? No.

    It’s obvious there’s going to be a lot more talk about this. Anyone drawing conclusions now is drawing them prematurely. I suggest waiting (and listening) before you decide to export all your Gmail.

    Trusted Authentication Specification 1.0 Draft 5

    The title is a complex way of saying: give me the power to transfer data between sites I use, with the help of OpenID. There are other initiatives being worked on along the same lines, including OAuth.

    OpenID, TAS, OAuth…FOAF, SNAP, etc. etc. Fun times.

    PS: As data portability goes, the Social Network Portability Google Group may also be of interest to some.