about

who
what
where
when
why
how
comments

feeds

ATOM

RSS

categories

identity
jabber
language
literature
music
personal
philosophy
politics
public domain
society
technology

archive

current
2007-04
2007-03
2007-02
2007-01
2006-12
2006-11
2006-10
2006-09
2006-08
2006-07
2006-06
2006-05
2006-04
2006-03
2006-02
2006-01
2005-12
2005-11
2005-10
2005-09
2005-08
2005-07
2005-06
2005-05
2005-04
2005-03
2005-02
2005-01
2004-12
2004-11
2004-10
2004-09
2004-08
2004-07
2004-06
2004-05
2004-04
2004-03
2004-02
2004-01
2003-12
2003-11
2003-10
2003-09
2003-08
2003-07
2003-06
2003-05
2003-04
2003-03
2003-02
2003-01
2002-12
2002-11
2002-10
2002-09
2002-08
2002-07
2002-06
2002-05
2002-04
2002-03
2002-02
2002-01
2001-12
2001-11
2001-10
2001-09

ATOM

Be Open

Is interoperability enough?

Principle Six of the Mozilla Manifesto reads as follows:

The effectiveness of the Internet as a public resource depends upon interoperability (protocols, data formats, content), innovation and decentralized participation worldwide.

That's great as far as it goes, but interoperability is not enough. AbiWord is interoperable with MS Word, email is interoperable with SMS through suitable gateways, Ghostscript is interoperable with Adobe Acrobat Reader, OpenOffice is interoperable with PowerPoint, Ogg Vorbis is interoperable with MP3 through various audio converters, and Pidgin is interoperable with AOL Instant Messenger.

But the underlying protocols, data formats, and content are closed, proprietary, probably patent-encumbered, and under the control of large corporations and industry consortiums like Microsoft, Adobe, and AOL. The result? Text, music, video, and communications that are less free than they deserve to be, and an Internet that is less open than it needs to be for the continued viability of our open society.

When we talk about protocols and data formats, we are talking about standards. Standards needs to be open. Sure, MS Word and PDF and PowerPoint and MP3 and AIM or MSN are de-facto "standards", but they are closed. By contrast, HTML and email and OpenData and Atom and Ogg Vorbis and Jabber are truly open technologies and open standards.

The Mozilla Foundation can be a great force for good in the world by consistently adopting open standards in its projects, creating new Mozilla-based projects (or working with existing projects, such as Songbird and SamePlace) that use open standards, and working with groups like the Electronic Frontier Foundation, the W3C, the IETF, XIPH, and the XMPP Standards Foundation to develop and extend the range of open standards.

The long-term health of the Internet is at stake.

(HT: Nÿco.)

Posted on 2007-05-30 at 15:53. File under technology.

~ link ~

Pressing?

Contemplating a blog upgrade...

Joe Hildebrand has moved to WordPress now that it has support for Atom 1.0. Maybe it's time for me to switch from the homegrown XML format I use. But given that I've been blogging quite actively since September 13, 2001, this would be a big migration!

Posted on 2007-05-30 at 15:23. File under technology.

~ link ~

Songbird

Open-source media player in action...

After a few months' hiatus, I've started using Songbird again to play music on my Mac. It's still a memory hog and a bit on the slow side, but I assume the 'birders are working on that. Plus the Audioscrobbler plugin does a mostly reliable job of uploading my listens to last.fm. Hey it's not perfect, but neither was Firefox (in fact the old Mozilla browser starting around the M8 release) or Thunderbird or OpenOffice when I began using them. Better, methinks, to support open-source projects early on, when they need it most.

Posted on 2007-05-15 at 20:53. File under technology.

~ link ~

The oPhone

Telephony for edglings.

Doc saith:

The market points to a clear and wide opening both for product differentiation and for giving customers what they want.

Which is an open phone.

It is time for an equipment maker to not only make an open phone that is open to all kinds of development, but to turn their carriers into "dumb pipes" for their own good.

I would be far more likely, as a customer, to choose Cingular over Verizon if I knew Cingular supported open application development, "end-to-end" standards and the growth of intelligence and fresh new markets at the edges.

Amen, Doc. Telephony for edglings!

Posted on 2007-01-17 at 21:29. File under technology.

~ link ~

MicroID Spec

Forward motion at last.

For a while now, I've been threatening to write a real spec for the MicroID technology that Jer cooked up last spring. Today I finally got around to making version 0.1. Expect further revisions soon. Send nits directly to me and substantive feedback to the MicroID discussion list.

Posted on 2007-01-01 at 19:59. File under technology.

~ link ~

The Slum

Email delenda est.

For a while there I was on a crusade to rid myself of email, but it's easier said than done. I've been fighting the battle of the email bulge for weeks now -- I finally got down below 700 messages in my inbox but I need to go a lot farther. Plus it seems that I'm now receiving upwards of 3000 or more spam messages a day (and lord knows how many spams "stpeter@jabber.org" is sending). Truly, email is a slum.

Posted on 2006-11-21 at 09:03. File under technology.

~ link ~

The Music is the Message

Social music in real time?

So I've been using both Songbird (a Mozilla-based music player) and me.dium (a social browsing plugin for Firefox). How about a mashup? I envision a Songbird plugin that enables you to find and chat with people who are listening to the same music as you are, in real time. That'd be way cool...

Posted on 2006-11-08 at 09:37. File under technology.

~ link ~

The Me.dium is the Me.ssage?

Social browsing in action.

I've been playing around with me.dium, the latest and greatest in social browsing technology. GigaOM has already reported on it (see also here and here) so I won't bore y'all with the gory details. I do wonder how well it will scale, though, especially if you're eventually able to import or integrate with your existing buddy list instead of setting up Yet Another Buddy List (YABL!) in me.dium. Heck, I have 1300 people in my Jabber roster and I don't know that I want to co-browse with them all... :-) I'm sure the good folks at me.dium are thinking hard about the problem.

BTW, if you're really interested in playing with me.dium, Jabber me with your email address and I'll see if I can send you an invite (don't email me, I still have 1500 messages in my inbox and I don't need more!).

Posted on 2006-11-07 at 11:23. File under technology.

~ link ~

TBird

Contributions good.

As a mostly happy Thunderbird user I'm delighted to see that Qualcomm will be migrating Eudora to Thunderbird. Maybe some of the bugs and usability issues that have been bothering me will get fixed faster now. :-)

Posted on 2006-10-11 at 10:46. File under technology.

~ link ~

Kudos, Rimu!

A service to rave about.

(Note: updated with corrected Jabber info!)

A while back, Dizzy and I decided to split a virtual private server (running Debian) from RimuHosting. While setting up yet another domain just now, I realized that I've forgotten to post about them, so herewith I correct the oversight. In short, they are great! Rock solid hosting, timely and knowledgeable service, datacenters around the Anglosphere, and great prices made even better by discounts for folks who contribute to open-source projects. My only complaint is that you can't IM them via Jabber, only AIM, MSN, and Yahoo (c'mon guys, get with open source and open standards!). And you can contact them via Jabber, too! (Their JabberIDs are of the form <friendlyrimupersonsfirstname@jabber.rimuhosting.com>.) If you are a looking for a hosting service, I cannot recommend RimuHosting highly enough. Kudos, Rimu!

Posted on 2006-09-12 at 19:59. File under technology.

~ link ~

New Cert

X.509 again.

In my continuing experiments with security technologies, I've obtained a new X.509 certificate, this time from the StartCom Free SSL Certification Authority. So I may be signing my emails with this new cert for a while, or switching back and forth between this cert and the one I received from CAcert a while back. Forewarned is forearmed. :-)

(Oh, and by the way, this page has helpful information about exporting certificates for publishing on a website.)

Posted on 2006-07-07 at 11:41. File under technology.

~ link ~

ClaimID

Claiming what's yours.

Thanks to a blog entry from Fred Stutzman, I just discovered ClaimID, "a service that lets you manage your online identity". The cool thing is that it uses the MicroID technology that Jeremie announced a few months back (this blog was probably the first website in the world to use MicroIDs). So naturally I had to sign up for a ClaimID page. Not only is this a cool service, but the website is simple, intuitive, and beautiful. Well done! But I wonder if ClaimID will mind that this blog now has two MicroIDs in the meta tags...

Posted on 2006-06-27 at 14:44. File under technology.

~ link ~

DCLXVI

666 revisited.

Heh. 666 in Roman numerals is DCLXVI. And wouldn't you know, DCLXVI.com is for sale. The price? $666.00. :-)

Posted on 2006-06-08 at 20:31. File under technology.

~ link ~

Tor

Anonymity and identity.

Although I prefer to sign my electronic communications with a digital signature, I also value anonymity when I surf the web (and I'm not the only one). In the past I've sporadically used services like Anonymizer, but recently I discovered something better: Tor. Tor grew out of Navy research on onion routing (though it now uses incremental path-building) and, based on my research so far, I think it's a pretty solid approach to anonymous browsing. It does slow down the web experience, but then I'm not particularly in a big hurry.

Posted on 2006-05-19 at 20:57. File under technology.

~ link ~

StartCom

Another provider of free certificates.

Although I'm still a fan of CAcert (I like the whole web of trust idea), I will note that I recently discovered an alternative provider of free certificates: StartCom. It looks as if they will be included in Mozilla soon, too. The more the merrier! I've started talking with StartCom about supporting the right bits for XMPP server certificates, so stay tuned...

Posted on 2006-05-19 at 14:59. File under technology.

~ link ~

Freewares

A note to self.

I find the following freeware packages helpful just about every day and I need to send the developers some Paypal love:

• UnicodeChecker
• QuickText

Just a quick note to self. ;-)

Posted on 2006-05-11 at 10:17. File under technology.

~ link ~

Ranking Links

Microformats for reputation?

I've been doing some reading on reputation systems. (I don't know that we want or need a reputation system in the Jabber world, but I'm doing that reading as background to thinking through the question.) On the web we have things like XFN to specify meta-data about links, but those do not explicitly provide appraisals of reputation. How does reputation emerge? PageRank and similar systems represent a kind of reputation. When I link to a page or a person or any other resource, is there a way to more explicitly tag the fact that I think that resource is valuable? I don't see quite such a mechanism in the semi-official microformats list or in a quick survey of various blog posts on the subject (such as this one). How about rel-whuffie, folks?

Posted on 2006-05-10 at 19:54. File under technology.

~ link ~

Greatness

50 to 1 in programming and other jobs.

Tom Evslin explains why a great programmer is worth fifty good ones, and Anthony Presley extends the argument to all job functions. The hard part is discovering your core competencies and thereby figuring out the job at which you're not merely good, but great.

Posted on 2006-05-06 at 21:21. File under technology.

~ link ~

Freenet

More conceptual convergence.

The folks at Freenet have released 0.7 alpha. From their release we find out that:

Freenet 0.7 represents a major new approach to peer-to-peer network design. To protect the network, and the user's anonymity, Freenet users will now have the ability to connect directly to other people that they know and trust, together forming a "global darknet" making it extremely difficult for any third party, whether a government or another powerful organisation, to determine that a user is participating in Freenet, let alone what they are doing with it.

And:

The new Freenet employs a simpler and more flexible routing model than previous versions, which in the future may allow diverse applications ranging from efficient search, to near-real time instant messaging and chat between anonymous participants.

So it seems that Freenet has absorbed the meme of "the buddy list is the center of the universe" (connect only to those you know and trust) and are looking into IM as well. Interesting...

Posted on 2006-04-04 at 16:25. File under technology.

~ link ~

Going Mobile

The implications of ubiquitous wireless networking.

I spoke at a telco-heavy event last week. Really I do not see what their future is, other than to provide fat pipes. Once WiFi (or WiMAX) is prevalent in the cities and people start using IP phones (Skype has announced one and rumors are that Apple is readying one for the market), the combination of fast 'net access and open standards will drive innovation to really take off at the edges in radical new ways. And the telcos are not known for innovation, so they will, I think, more and more be left behind.

Another challenging idea: the average time to pay off investments in the older generation of switching equipment was 30 years (according to one speaker at the conference I attended). The time to payoff is now 3 to 5 years but technology generations (read: software-driven innovations) are on the order of 18 months, and accelerating. So anyone who is deploying expensive infrastructure and expecting to reap the profits from their investments is deluded. What happens when technology generations occur every 6 months or less? (Yes, the time is coming.) Forget about all that centralized telco stuff -- only small, decentralized technologies will thrive.

Final thought: once IP phones take off, presence will indeed become the new dial tone (why call someone if they're not available?). So the buddy list will become the center of the universe, even more than it is today.

May you live in interesting times. :-)

Posted on 2006-04-04 at 15:09. File under technology.

~ link ~

Got WiFi?

Clocks and networks.

I'm sitting here at DIA waiting for a flight to Dallas (thence to London), thinking about medieval tower clocks -- you know, those huge old clocks you see on central squares in places like Prague, Salzburg, and Munich. At the time, those huge clocks were hugely expensive, and in many towns the citizens agreed to special taxes to fund their construction. If there had been libertarians and advocates for the poor back then, I'm sure they both would have complained. After all, the clocks were municipal projects that benefited primarily those who needed to know the time of day before inexpensive pocket watches had been invented -- the burghers, tradespeople, and merchants who were at the forefront of economic and technological change in the 1300s and 1400s.

We could see free municipal wifi as a similar kind of investment. Sure, it benefits primarily those at the forefront of economic and technological change today -- the laptop-toting computer geeks, the PDA-wielding deal makers, the Blackberry-addicted business men and women who are out there making things happen. It doesn't benefit people the poor people who don't have laptops, PDAs, Blackberries, and other kinds of modern gadgetry. But you know what? Poor people don't pay taxes. So at this moment -- as I see a rapacious, aging monopolist called AT&T hit me up for $7.95 for 24 hours of access to the 'net via a hotspot named "Freedomlink" (!) while I'm waiting for my plane to load -- I don't feel like giving a lot of credence to the arguments about municipal wifi taking business away from the long-suffering network operators and not benefiting the poorest Americans.

Naturally there are many arguments against municipal wifi (not least that the cities would probably botch the job). But at least open up the field so that community groups, local businesses, and perhaps consortia of airlines can offer the service themselves. Government-enforced wifi monopolies in public spaces are simply highway robbery.

Posted on 2006-03-27 at 13:27. File under technology.

~ link ~

MicroIDs

An identity microformat.

Jer is exploring a concept he's calling MicroIDs: "small, decentralized, verifiable identity". I think my blog may be the first site in the world to use the microid meta tag (view source to see), since I added it experimentally when Jer and I were chatting about this a few days ago. :-)

Posted on 2006-03-26 at 15:09. File under technology.

~ link ~

Tag This

More on microformats.

A chat with Jer today has gotten me interested again in microformats such as XFN and (the point of this blog entry) rel=tag. Since we last blogged about open or decentralized tagging (not centralized services like Technorati), the tag: URI scheme has been published as RFC 4151 and perhaps folks have gotten a chance to think more about how tag: URIs can be useful. I now see that tag: URIs are not hyperlinks to places; instead, they provide unique identifiers. So perhaps my old example was misleading:

<a href="tag:saint-andre.com,2005-08-05:open+tags" rel="tag">open tagging</a>

Well, I don't think so. We're not linking to anything here, we're identifying something. So you might think that <a name='tag:...'/> would make sense, but the 'name' attribute is used to identify page fragments, so that's not right, either. How about the XHMTL 'id' attribute? Well, that must be unique within a page, so we have the same issue I raised before: you can't use the same tag: URI in the same document multiple times (e.g., to tag multiple blog entries posted on the same day); besides which, URIs don't match the name datatype.

So how about the 'cite' attribute?

<cite cite='tag:saint-andre.com,2006-03-22:open+tags'>open tagging</cite>

Perhaps. We may have lost the rel='tag' semantics (though just about any XHTML element may possess the 'rel' attribute, so maybe not). Yet the meaning of the cite attribute seems more appropriate:

The value of this attribute is a URI that designates a source document or message. This attribute is intended to give further information about the element's contents...

If you twist your head just right and squint your eyes a bit, a tag: URI could be seen as a source document or message -- the tag identifies the context for the citation.

However, few if any browsers currently provide a way for users to actuate 'cite' URIs (even though they are supposed to). But perhaps that is to the good, since the point of open tagging (there, I did it!) is quite possibly automated processing rather than user clicking.

If folks don't like the presentational implications of the cite element, they can add the 'cite' attribute to non-presentational elements like span element. The result? A kind of invisible yet open tagging that smart browsers could render in intelligent ways, but that would be hidden from less savvy users.

And yes, the last paragraph included an example:

<span rel='tag' cite='tag:saint-andre.com,2006-03-22:open+tags'>open tagging</span>

It's worth considering...

Posted on 2006-03-22 at 21:47. File under technology.

~ link ~

DTM

Denver techies IRL.

Had a great time with Joe Hildebrand last night at the Denver Tech Meetup, hosted by Steve O'Grady of RedMonk. Although I didn't get to talk much with Steve, I did enjoy chatting with Mike Hostetler, Michael Coté (also of RedMonk, in from Austin), Danny Newman, and a bunch of other folks (sorry, didn't catch all their blogs). Looking forward to the next meetup already!

Posted on 2006-03-10 at 11:59. File under technology.

~ link ~

iLiad

E-reader, e-ink, egads!

The new iLiad electronic reading device is just way cool.

Posted on 2006-02-27 at 21:29. File under technology.

~ link ~

RFC 4417

IAB Messaging Report.

Today the IETF published RFC 4417: Report of the 2004 IAB Messaging Workshop. Thanks to Lisa Dusseault I was shoehorned, er, volunteered, er, willingly convinced to co-edit it with the ever-gracious Pete Resnick.

(Note to self: update the XML source and submit it to xml.resource.org.)

Posted on 2006-02-27 at 20:29. File under technology.

~ link ~

Big Ears

Opening up the music marketplace.

The jazz musicians used to say that people who really listen have "big ears". Unfortunately, in the world of digital music today, the various different audio players and social music sites don't listen to each other. Example: I recently signed up at last.fm (which is now dutifully keeping track of what I listen to in iTunes), but there's no easy way to share what I've listened to with anyone outside the last.fm silo. It needs to be much easier for me to publicize my musical favorites so that people who like the same kind of music can find me, so that smart people can build recommendation services, so that Google can spider the web for music favorites, and in general so that innovation can happen where it happens best: on the edges, not in walled-off little gardens. Thankfully, the good folks at Songbird are aiming to change that. I had a longish chat with chief nestminder Rob Lord today and he really gets it.

So I'm thinking: what can we do in the Jabber community to help out? As befits the real-time nature of Jabber/XMPP technologies, we already have a protocol extension for publishing your current tune -- the data format looks like this:

<tune>
  <artist>Yes</artist>
  <title>Heart of the Sunrise</title>
  <source>Yessongs</source>
  <track>3</track>
  <length>686</length>
</tune>

As far as I can see, there's some information missing there. It would probably be helpful to include <composer/> (where "artist" is the person or group that performs the piece and "composer" is the songwriter or composer). More important is <playcount/> so that you can know how popular this tune is with me (wow, you've listened to "Heart of the Sunrise" 53 times? cool, that's one of my favorites, too!). Another possible field is <rating/> (e.g., on a simple 1 to 10 or 1 to 5 scale).

We also need a way to aggregate tunes into bundles -- either to publish my complete library of tunes (or parts thereof, e.g. by genre, artist, composer, or last listen time) or to publish a specific playlist. That may not be a task for Jabber technologies, because we're all about real-time communication whereas libraries and playlists are probably best retrieved as files since they could get quite big. But some standards here would really help facilitate communication about musical preferences.

Posted on 2006-02-24 at 20:37. File under technology.

~ link ~

Good Luck

TrackBack standardization?

The folks at SixApart have decided to pursue standardization of TrackBack through a TrackBack WG (see the proposed charter). It's a bad sign when attempting to view the proposed spec yields the message "You must be logged into use this page." It's another bad sign when the mailing list archives are private. If they're going to work on this through the IETF, they'll need to be open, open, open. As author of the XMPP RFCs, all I can say is: good luck!

Posted on 2006-02-22 at 09:23. File under technology.

~ link ~

I, Spammer

Fragile identity in the slum that is email.

I send a lot of spam. Or at least "stpeter@jabber.org" does -- just like "support@paypal.com" and other popular instances of faked From addresses on the email network (no, I'm not that popular, but heck, even I get spam from myself sometimes). So let me make it clear that when I (Peter Saint-Andre, the real person behind the address) send email from my stpeter@jabber.org account, I do two things:

• I digitally sign the message with my X.509 certificate (issued by CAcert)
• I digitally sign the message with my OpenPGP key

(Don't get me started on why I sign my mail with both.)

So if you receive email ostensibly from "stpeter@jabber.org" but it is not digitally signed by yours truly, please do us all a favor and treat it with suspicion or, better yet, set up your procmail filters or other spam-fighting tools to throw it away, because it ain't legit!

Posted on 2006-02-09 at 22:29. File under technology.

~ link ~

STOP

The end of an era.

150 years ago it was the hot thing in communications technology, today it has reached the end of its useful life: yes, Western Union has delivered its last telegram.

Posted on 2006-02-02 at 14:52. File under technology.

~ link ~

More Assurances

CAcerting along.

Today I assured Ron Thamert and Mark Zimmerman of Patron Systems within the CAcert web of trust, and last month I assured Mark Troyer and Brian Noecker of Jabber Inc., bringing my total number of assurances to 27. I'm currently ranked as the #105 assurer -- somehow I've never been able to break into the top 100...

Speaking of CAcert, I also "registered" my new OpenPGP key with them, which they have signed for me.

Posted on 2006-01-27 at 16:19. File under technology.

~ link ~

A Comment

Wherein I disagree with Stowe Boyd.

Stowe Boyd saith:

It's not a blog without comments, it's not social media without dialog.

Stowe, I think you're wrong about the comments part. This here is a blog and has been since 2001, but I didn't host people's comments then and I don't now. I welcome dialog via blog, IM, email, phone, postal mail, or face-to-face at the conferences I attend. But I don't think dialog requires me to be a hosting service for your comments.

Posted on 2006-01-20 at 13:37. File under technology.

~ link ~

The /Message

Stowe Boyd on the move.

I read Stowe Boyd religiously, so I've been wondering why Mimir hasn't been pinging me with his blog entries. Now I have the answer: Stowe's blog has moved to <http://www.stoweboyd.com/message/>. It seems that Stowe, too, has just learned the importance of becoming a citizen of the Internet.

BTW, Stowe's essay The Individual is the New Group is absolute must reading.

Posted on 2006-01-18 at 16:13. File under technology.

~ link ~

Firewall Not So Great?

Wondering about a discrepancy.

The news media is agog over reports that the Chinese authorities routinely block access to restricted websites and chatrooms, filter out bad words like "freedom" and "democracy", and so on (with Microsoft, Yahoo, AOL, Cisco, Google, and other big American companies lending a helping hand). The funny thing is that I receive nice emails from people in China about how much they enjoy my blog, and you know that I am far, far from being politically correct (heck, I sometimes wonder if the U.S. government will censor me, let alone the Chinese government). So I have to wonder about the effectiveness of the great firewall of China...

Posted on 2006-01-18 at 14:41. File under technology.

~ link ~

Governments Should Ban Linux

When Linux is outlawed, only outlaws will run Linux!

The aptly-named Samizdata website is running a controversial think piece entitled Governments Should Ban Linux. Is it truly a satire? Only you can decide. And remember, when Linux is outlawed, only outlaws will run Linux!

Posted on 2006-01-16 at 15:03. File under technology.

~ link ~

Backdoor

Yet another reason to boycott Microsoft.

As if censorship were not enough, now it comes to light that Microsoft very probably installed a backdoor so that it could update your Windows 2000 or more recent computer without your permission, no matter how secure you thought your settings were. (Read the whole thing, it's chilling.) Yet another reason to boycott Microsoft.

Posted on 2006-01-13 at 13:19. File under technology.

~ link ~

Boycott Microsoft!

The reprobates of Redmond and the butchers of Beijing.

The New York Times is reporting that Microsoft has, at the behest of the Chinese Communist regime, removed the weblog of Zhao Jing (who blogged under the pen name "An Ti") from its MSN Spaces service, without even providing him with the deleted files. A while back Microsoft was keen on calling Linux and other open-source software a form of communism -- I guess now we see who the true communist sympathizers are (perhaps it's because both Microsoft and the Communist Party are dinosaurs). Does Microsoft think that its much-touted freedom to innovate implies the freedom to censor? Stowe Boyd is right: it's time to boycott Microsoft.

Posted on 2006-01-06 at 22:21. File under technology.

~ link ~

IP4IT

Many happy returns.

Over the last two days I attended the IP4IT conference in Las Vegas. The folks at Pulver (especially Carl Ford) did a great job of gathering interesting speakers for the conference -- for instance, earlier today I was on a panel with both Matt Mullenweg of WordPress and my old friend Jimmy Wales of Wikipedia. I also much enjoyed the challenging thoughts of Paul Strassmann as well as a lively session on the meaning of Skype. Here's hoping Pulver continues to hold these events in the future.

Posted on 2005-11-15 at 21:15. File under technology.

~ link ~

Some Aphorisms

Short takes on standardization and such.

Recently I came up with a few aphorisms, most related to protocol standardization, so I figured I'd write them down here:

• The law of standards (cf. Sowa): "Standardization efforts tend to succeed when they formalize simple, working technologies, but formal efforts at creating standards tend to result in complex, unworkable technologies."
• Idea for a tagline: "We put the example in example.com!"
• And a general observation: "It's much easier to question authority than it is to question your own assumptions."

Posted on 2005-10-28 at 14:33. File under technology.

~ link ~

CAcerting

New certificate.

For those who care, I just created a new CAcert certificate that includes my personal email address and revoked my old certificate that contains only my jabber.org email address, so if you sign/encrypt mail you may receive a notice about accepting the new cert...

Posted on 2005-10-24 at 17:09. File under technology.

~ link ~

Iconic

Keys, locks, and other security icons in Thunderbird 1.5 beta.

The other day I upgraded to Thunderbird 1.5 Beta 2 and I noticed that the nice message security icons (key if message signed, lock and key if message signed and encrypted) were missing. A post to the MozillaZine forums yielded the information that this is bug #308451 and that it will be fixed in 1.5 final.

Open source rocks, and the Mozilla projects rock especially hard. (Now if only someone would write a kick-ass Jabber client on the Mozilla platform....)

Posted on 2005-10-10 at 14:39. File under technology.

~ link ~

FutureVision Redux

Technology trends in 2010 and beyond.

I've posted a PDF version of the slideware I presented last Friday at the FutureVision 2010 conference. I'm not sure how much the faculty, students, and industry specialists got out of my presentation, but I enjoyed giving it. One of these days I'll turn it into an essay with proper references and such, since the slides are a bit cryptic.

Posted on 2005-09-13 at 12:41. File under technology.

~ link ~

FutureVision

Technology trends in 2010 and beyond.

It seems I forgot to mention that I'm giving an invited talk this Friday at the FutureVision 2010 conference being held on the campus of Colorado State University. Check out the program for details. The talk is not about Jabber or any specific technology, more about technology trends caused by ubiquitous computing and always-on connectivity. But you can be sure that presence, identity, real-time communications, security, and intellectual property will be part of the mix... :-)

Posted on 2005-09-07 at 12:17. File under technology.

~ link ~

CAcert HOWTO

Getting started with the web of trust.

The CAcert website is confusing so here's a mini-HOWTO on getting started with the web of trust.

1. Go to www.cacert.org and click the "Join" link at the top right.
2. Fill out the form. It is very picky about passwords (you're supposed to enter something "strong" so include a combination of letters, numbers, and special characters). Also you need to make up five lost passphrase questions -- I suggest things like your first pet and/or teacher, favorite (or least favorite) song, author, novel, vacation spot, etc.
3. Once you're finished, you'll receive an email from CAcert. Click the link contained therein to complete the registration.
4. Install CAcert's root certificate (note: if you want to use CAcert with MS Outlook, make sure you install the root certificate using IE!).
5. Go back to www.cacert.org and log in. You can now generate a certificate (click "Client Certificates" in the website navigation) and sign your email messages (more on that in another blog entry), but the certificate won't include your name. If you want to include your name (it's a good thing!), you need to get points in the web of trust by meeting people called "assurers". An "assurer" is someone who verifies your identity by meeting you in person, inspecting your government-issued photo IDs (GIPIDs), and signing your web of trust form. You find assurers in your area by clicking the "Find an Assurer" link under "CAcert Web of Trust". So we begin round two...
6. Click "CAcert Web of Trust" in the right navigation and then click "A4 - WoT Form" or "US - WoT Form" depending on what paper size you prefer, then print out the form.
7. Take the form, along with two GIPIDs, to one of the CAcert assurers. (In some countries, you can show one GIPID and one non-photo ID like a birth certificate, but in general it is best to bring something like a driver's license and passport.)
8. If you can't find any assurers in your area (it happens!), you need to be verified through the "Trusted Third Party" route by printing the TTP Form, making copies of your GIPIDs, visting two notaries, lawyers, CPAs, or other trusted individuals, having them witness and sign your documents, then sending the TTP Form and GIPID copies in the physical mail to the CAcert offices in Australia. This takes longer but enables you to start with 150 points in the web of trust (it's what I did to get started).
9. Once you have at least 50 points in the web of trust, you can generate a certificate that enables you to include your real name in there, thus enabling people to know that the email really is from you. The 50-point level also enables you to get assured server certificates so that you can offer SSL encryption at your website or Jabber server. Once you have 100 points in the web of trust, you can sign code that you write, and you can also become an assurer to help spread the web of trust. (More about the different levels here.)

There are more details to explain about how exactly to sign your email (depends on what email client you use, but I found it was quite easy in Thunderbird) and how the web of trust points system works (some assurers can grant you only 10 points, some can grant up to 35), but I'll leave those for another blog entry.

Oh, and if you get stuck, don't depend on the CAcert website, because it's kind of confusing. The wiki is much more useful right now...

Posted on 2005-09-01 at 10:01. File under technology.

~ link ~

Assurances #20 and #21

CAcerting along.

Yesterday I initiated two more Jabber Inc. folks into the ways of CAcert: Danny Price and Chris Williams. The company is a real hotbed of CAcert activity these days!

Posted on 2005-09-01 at 09:03. File under technology.

~ link ~

Assurance #19

Yet another CAcert member has been verified.

This morning I initiated Bob Gilson into the ways of CAcert by assuring him (verifying his identity) in the web of trust. As of now I'm the #104 assurer. Gotta keep busy... :-)

Posted on 2005-08-30 at 10:47. File under technology.

~ link ~

Assurances #15 - 18

More CAcerting.

This week I assured four more people at Jabber Inc.: Joe Hildebrand, Constantin Nickonov, Walter Domes, and Chris Newton. We now have four CAcert assurers at 1899 Wynkoop Street: me, Andrew Diederich, Matt Miller, and Joe Hildebrand. Finally, one-stop shopping for assurances in Lower Downtown! If you're in Denver, stop by sometime and we can get you all set up.

Posted on 2005-08-26 at 19:17. File under technology.

~ link ~

Assurance #14

CAcerting along.

This morning I met with Carl Malamud in Denver (he's driving across the country to a new gig in DC as CTO of the Center for American Progress). He and I had a fascinating discussion with Joe Hildebrand about some projects Carl has cooking -- it's too early to say what they are, but I guarantee they are going to make waves! While we were at it, I assured Carl with CAcert. Perhaps he can spread the web of trust in the nation's capital. :-)

Posted on 2005-08-23 at 11:21. File under technology.

~ link ~

Assurance #13

Yet another CAcert assurance.

Earlier today I vouched for Andrew Diederich's identity with the web of trust at CAcert. It's still a goal of mine to recruit enough assurers in LoDo so that you can stop by a local landmark like The Tattered Cover or The Wynkoop and we can provide one-stop shopping for all your assurance needs. :-) Both dizzyd and pgmillard should have enough points to be assurers now -- anyone else interested?

Posted on 2005-08-22 at 17:07. File under technology.

~ link ~

Atomic Standard

Gentlemen, update your feeds!

The IESG has approved The Atom Syndication Format as a Proposed Standard. It's time to go forth and implement! (And yes, I now consider RSS to be a legacy format.) Once the Atom spec is published with a shiny new RFC number, we'll finalize the Atom-over-XMPP spec.

Posted on 2005-08-17 at 11:59. File under technology.

~ link ~

OSCON Photos

Some pictures from Portland.

Doc recently posted some photos from OSCON 2005, including one of me and Dizzy and one of me and Miguel.

Posted on 2005-08-12 at 20:06. File under technology.

~ link ~

Atomic

New feeds.

Last night I finally got a chance to upgrade my weblog feeds from Atom 0.3 to Atom 1.0. Special thanks to the FEED Validator and its downloadable version (open source rocks). Next I need to update the jabber.org feeds.

Posted on 2005-08-12 at 19:47. File under technology.

~ link ~

Tag Redux

More on open tagging.

Following up on my recent post, I've been emailing with Bob Wyman about open tagging. Bob suggests that it would make sense for individuals or organizations in particular domains to maintain tagsets for tags in their domains. For instance, the JSF might create and maintain tags related to the various JEPs that we publish. Consider:

<a href="tag:jabber.org,2002-11-19:JEP-0060" rel="tag">publish-subscribe</a>

Here the domain is that of the maintaining organization, the date is that of the 0.1 version of the JEP, and the tagname is the official number of the specification in the JEP series.

But I wonder: what advantage does such a tag: URI have over the following http: URI?

<a href="http://www.jabber.org/jeps/jep-0060.html" rel="tag">publish-subscribe</a>

Posted on 2005-08-08 at 12:51. File under technology.

~ link ~

tag: You're It

URIs for open tagging.

Stowe Boyd outlines the problem with tagging blog posts by pointing to closed services such as Technorati, and outlines a solution he calls open tagging. Drummond Reed responds with an alternative solution using XRIs. I'm not yet convinced by Drummond's argument that XRIs are better than URNs for this purpose (though I probably need to do further research on XRIs), and I wonder why folks don't just use the existing tag: URI scheme instead. As Bob Wyman has noted, tag: URIs provide a mechanism for uniquely identifying an entity, which can be used to identify Atom entries but, perhaps, also specify the tags used in an entry. For instance, let's say that in this blog entry I use the tags "technology", "blogs", and "tagging"; thus I could uniquely identify the entry as "tag:saint-andre.com,2005-08-05:technology;blogs;tagging" and when I tag the term "tagging" I would do so with the following link:

<a href="tag:saint-andre.com,2005-08-05:tagging" rel="tag">tagging</a>

There are several potential drawbacks to this approach:

1. Browsers don't support it. But they don't support XRIs, either.
2. What if I want to use the identical combination of tags in multiple entries on the same day? The tag: spec doesn't resolve any times smaller than a yyyy-mm-dd.

However, it would enable tag crawlers to look for properly-constructed tag: URIs, scrape off the tags from the end of each URI (keeping track of the publishing domain or email address), and begin to create collections of commonly-used tags as well as of those who are doing the tagging.

Posted on 2005-08-05 at 17:21. File under technology.

~ link ~

IP4IT

Las Vegas bound (eventually).

Speaking of conferences, it seems that I'm going to be on a panel discussion about grown-up community collaboration with my old e-pal Jimbo Wales at IP4IT this November in Las Vegas (as well as another panel about SPAM, SPIM, and friends). I've always sworn I'd never visit Las Vegas since I have zippo interest in gambling, but I suppose meeting up with Jimbo again is reason enough. :-)

Posted on 2005-08-02 at 16:27. File under technology.

~ link ~

OSCON 2005

Portland bound.

I'll be hopping on a plane to Portland, Oregon in a few hours to attend the O'Reilly Open-Source Convention (a.k.a. OSCON). If all goes well I'll be running BOFs on Jabber and CAcert (though they aren't listed on the BOF page yet), participating in Dizzy's session on Passel, chatting with folks from the Mozilla project, and so on. If you're going to be there, look me up (I'm easy to spot) and I'll assure your CAcert credentials.

Posted on 2005-08-02 at 14:33. File under technology.

~ link ~

Signing

CAcert + Tbird.

I never did solve the problem I was having with Mutt and S/MIME, so I've switched to Thunderbird (gasp, a GUI email client!), which is now happily signing my outbound email and reading the signatures on inbound mail (at least signatures of other folks who've received certificates from CAcert). A step in the right direction.

Posted on 2005-06-29 at 11:05. File under technology.

~ link ~

Closed Shut

The importance of openness for security.

Over at Financial Cryptography, Ian Grigg outs Mozilla for the closed nature of its security discussions. Not happy reading.

Posted on 2005-06-29 at 10:27. File under technology.

~ link ~

MIT Weblog Survey

Helping to advance the science of blogs.

(Hat tip: Stowe Boyd)

Posted on 2005-06-28 at 15:13. File under technology.

~ link ~

Hegemonists

IBM, Microsoft, Google...

I've been saying privately for a while that Google is going to be the next Microsoft -- or, at least, that they're going to be perceived that way. Adam Penenberg certainly thinks so. Personally I have my doubts, but just because you're paranoid doesn't mean they're not out to get you. ;-)

(Penenberg says that Google's name derives from "googol", but I still think it's a contraction of go ogle. ;-)

Posted on 2005-06-24 at 20:51. File under technology.

~ link ~

Puh-leeze

Drinking the MS Kool-Aid.

In one of the sessions at the CTC 2005 conference, Eugene Kim asked folks if they thought their company was especially good at collaboration. One person raised his hand -- a guy from Microsoft who said they were really focused on getting applications and people to work well together. What's hilarious is that this guy was an MBA intern who'd been with Microsoft for all of four days! How much Kool-Aid can you drink in four days? Or did they drop him in a vat of the stuff? Sheesh!

Also overheard at CTC: someone who said their company is so conservative, it puts the "no" in innovation! :-)

Posted on 2005-06-23 at 12:19. File under technology.

~ link ~

Patterns

How to collaborate without really trying.

In a good session yesterday, Eugene Eric Kim discussed some of the features of what I'd call peak collaborative experiences, in which we can discern several several patterns:

• They are natural. Eugene calls this "permission to laugh", but I generalize it to include any tool or experience that allows for informality. Any technology that is highly structured (even something as simple as the layout of a room) will discourage the kind of informality that makes positive collaboration possible.
• They are participative. This is closely related to naturality. A classic example is a circle layout rather than rows of seats with talking heads in front of the room. Another is the "Edit This Page" link on a wiki page.
• They enable shared display. Everyone who is collaborating needs to see the same thing. Physical whiteboards and pair programming are good examples. But even instant messaging chats enable the two (or more) parties to basically share the same collaboriative context.
• They have a visible pulse. A conversation has a rhythm, whether it be the flow of an IM chat, the calendric quality of a blog, or the regularity of RSS updates.

Language note: Eugene used "emerge" as a transitive verb, as in "Smart organizations emerge best practices" (or whatever), which I'd never heard before.

Posted on 2005-06-22 at 07:51. File under technology.

~ link ~

Premature

IM, blogs, and social networking.

In the latest installment of his critique of social networking applications, Stowe Boyd argues again for their integration into ways that people really work and communicate over the Internet, especially instant messaging and weblogs. He further observes:

MSN and AOL have fiddled around with integration of the most obvious social tools -- instant messaging and blogs -- but I am waiting expectantly to see something huge come out of Google and Yahoo in this area. Google is going to launch its own Firefox-based browser, and integrating instant messaging (from Picasa?), blogging, and son-of-Orkut friend of a friend stuff should follow. Ditto with Yahoo's integration of Flickr (which was an instant messaging tool before it was a social networking photo world), including it's blogging capablities, into the Yahoo Messenger and Groups world.

Well, that's all fine and I expect it to happen, but there are plenty of folks who don't necessarily want to get into bed with MSN, AOL, Yahoo, or Google. For them, decentralized solutions are needed -- and for that, we need integration of decentralized IM, blogging, and social networking technologies. My conclusion: we need a conversation between Jabber folks and WordPress folks (among others) to explore this space and build tools that are under the individual's control. I was chatting about this stuff the other day with one of the Google Summer of Code applicants and I think there are exciting possibilities here. Stay tuned...

Posted on 2005-06-13 at 10:55. File under technology.

~ link ~

Internet Epistemology

Wikipedia and the centralized construction of knowledge.

To me, Jon Udell's post on Wikipedia and the social construction of knowledge points up some problems with the centralized construction of knowledge. Yes, Wikipedia is cool, but attempting to build one true centralized repository of knowledge makes that repository a more desirable target for those who would manipulate your understanding of the world. Better, I think, to pursue a more decentralized approach -- not one community of knowledge, but many communities of knowledge. After all, decentralization is the Internet way, no?

Posted on 2005-06-13 at 10:49. File under technology.

~ link ~

Slip-Sliding Away

DocBook to Keynote to PowerPoint?

As mentioned, I'm participating in two panels at the upcoming Collaborative Technologies Conference. Unfortunately, it seems that the CTC folks will accept slides only in PowerPoint format (is PowerPoint the only recognized collaborative technology for presentations?). That poses a bit of a problem for someone like me, who uses only OS X and once in a while Debian GNU/Linux. Rumor has it that you can export Keynote files to PowerPoint format, and I have a trial version of Keynote that I haven't opened yet, so I think I'll compose my slides in DocBook Slides, transform them into Keynote's XML format using the stylesheet developed by Zveno, then export the Keynote slides to PowerPoint format. Wish me luck! ;-)

Posted on 2005-06-08 at 15:57. File under technology.

~ link ~

CC Meta

Automating copyright license discovery.

It'd be cool if smart search engines could automagically find web pages that are offered under one of the Creative Commons licenses (I prefer to place my works into the public domain, but CC makes that possible, too). For reasons unknown to mere mortals like me, CC recommends placing some RDF in an HTML comment as the proper way to "tag" a web page (Uche explains more here). Well, gosh, who thought that up? Are we not in possession of fine XHTML metadata technologies like the <meta/> tag? Some years ago, Simon Willison stated his preference for putting the following meta element in the HTML <head/> of your documents:

<link rel="copyright" href="some-license-url"/>

Makes eminent sense to me. I've added the relevant markup to all my blog pages, pointing (of course) to <http://creativecommons.org/licenses/publicdomain/>.

Posted on 2005-06-02 at 20:37. File under technology.

~ link ~

Gotham Bound

Talking tech in NYC.

It looks like I'm going to be on two panel discussions at the upcoming Collaborative Technologies Conference in NYC:

• The Standards Debate, And Why It Matters to You (June 21 @ 14:15) -- a discussion (debate?) between me and Henning Schulzrinne of my alma mater Columbia University regarding standards for real-time communications, moderated by Irwin Lazar of the Burton Group.
• Open Source Collaboration Solutions (June 22 @ 11:00) -- a relatively free-form discussion between me, Matt Mullenweg of WordPress, and Peter Theony of TWiki, moderated by Eugene Eric Kim of Blue Oxen.

It's a brief visit and I've already got a few other meetings scheduled, so if you want to get together let me know soon.

Posted on 2005-06-01 at 13:39. File under technology.

~ link ~

Assurance #12

CAcerting along.

The twelfth person I've assured for CAcert is Peter Millard. That makes me the #117 assurer as of today. I do think I can crack the top 100 at this pace. ;-)

Posted on 2005-05-20 at 13:11. File under technology.

~ link ~

Assurances #10 and #11

PingIDers get with the program.

Over lunch, I assured Dave Smith and Mark Stang of Ping Identity -- that makes 11 assurances, and CAcert says I am now the #122 assurer out of 2000+ assurers. But I know I can do better. ;-)

Posted on 2005-05-19 at 13:17. File under technology.

~ link ~

Assurance #9

Yet another CAcert assuree.

Number nine, number nine, number nine... (Is that the worst Beatles song ever, or what?)

This morning I initiated Travis Shirk into the ways of CAcert certificates. And I might assure some more folks later today when I visit the worldwide headquarters of the Ping Identity Corporation.

Posted on 2005-05-19 at 09:44. File under technology.

~ link ~

Temporary Powers

Jumpstarting the assurance process.

For reasons known only to the good folks at CAcert, I've been temporarily bumped up to some kind of super-user status, which means I can grant 100 (or even 150) points at a time right now. Thus I can wave my magic wand and automatically grant you enough points to assure others, sign code, or get domain certs. But order by midnight tonight, because my special powers lapse on May 22!

Posted on 2005-05-18 at 10:44. File under technology.

~ link ~

Muttering

S/MIME and Mutt.

I've been trying to teach an old dog new tricks by getting mutt to use the certificate I've received from CAcert. Following the notes gets me to the point where I can accept signed emails (even CAcert-signed emails after having added the CAcert root certificate to ca-bundle.crt), but I can't yet sign my own emails -- I get the following cryptic message:

unable to load signing key file

15905:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:450:

15905:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:423:

Press any key to continue...

No output from OpenSSL...

As far as I can see, my signing key is in the right place, permissions are fine, and all the pieces are in place to sign my email messages, but it ain't happening. Further research required, I guess...

Posted on 2005-05-17 at 20:29. File under technology.

~ link ~

ASK and Ye Shall Receive

Email delenda est, yet again.

Last month I admitted defeat in my personal war against email. A few helpful folks like Hal Rottenberg suggested alternative approaches such as SpamBayes, but for now I've settled on Active Spam Killer, which my friend Dizzy uses. Unfortunately, it's not very user-friendly for those who send email to <stpeter@jabber.org> or <peter@saint-andre.com>, but I'm working to update the whitelist as fast as possible so that most folks won't be hit with those automated "please confirm" messages. With my spam volume at 300+ messages a day and rising, I'm not sure what else to do. At least I'm not yet to the Jer level -- he was up to 4 spams a second on his old jeremie.com address before he simply had to pull the plug!

Posted on 2005-05-16 at 16:11. File under technology.

~ link ~

Assurances #4-8

CAcert mini-party.

This evening half a dozen folks got together at SoftPro Books in Centennial, Colorado for a CAcert assurance party. I assured five people: Steve Senator (who was up from Colorado Springs), Jeff Falgout and Jeff Brown (both of whom work for Jefferson County), Michael Shimniok, and Dirk Huizenga of Business Technology Associates. Good times (and lots of assurance points) were had by all.

Posted on 2005-05-12 at 20:35. File under technology.

~ link ~

Assurance #3

CAcerting along.

The third person I've assured for the CAcert project is the great Matthew Miller, author of the JSO code library for XMPP development in Java, member of the Jabber Council, and all around nice guy. One thing that's cool about CAcert is the ability to use your certificate for code-signing, which I'll bet Matt will use for JSO. So many reasons to get involved with CAcert. ;-)

Posted on 2005-05-04 at 09:49. File under technology.

~ link ~

What Is This Thing Called Blog?

A rose by any other name...

All sorts of folks are getting their shorts in a knot over what we should call bloggers. Are we journalists, writers, content providers, or something else? I think of myself primarily as a writer, but I remain unconvinced that the nomenclature is all that important -- although folks who worry about government regulation think it's best to call ourselves journalists (as Dave Winer said back in 2001, "journalism is a person writing a journal"). Why can't we just call it blogging and leave it at that? Heck, even to call myself a writer sounds a bit pretentious -- I'm just a person who writes -- and writing is just about as natural to me as breathing. As the sixties psychologists used to say, labeling is disabling. My philosophy is, just keep on writing. If everyone has a blog, how's anyone going to shut us down? Rights are meant to be exercised...

Posted on 2005-05-02 at 15:24. File under technology.

~ link ~

WoT's Happening

CAcert as a reputation system.

Over at the Financial Cryptography blog, Ian Grigg has posted some thoughts on CAcert as a reputation system. Although he says that in general reputation systems don't work, he argues that CAcert provides a benefit (free certificates) to those who participate in its Web of Trust (WoT), thus avoiding the incentive problems with existing reputation systems (i.e., what's in it for me?). Granted, the universe of people who think that a free certificate is a wonderful thing is small, but they are the people who matter as far as I'm concerned. (As previously noted, I'm working to assure more folks in Denver so that we can build a critical mass of local assurers.)

Posted on 2005-05-02 at 14:26. File under technology.

~ link ~

Assurance #2

More CAcerting.

Today I assured my second "assuree" for the CAcert project -- George Hill of Cardboard Networks, who is based in lovely Crestone, Colorado but who was up in the big city of Denver today, so he stopped in. As I've said before, CAcert is a fun way to meet people (people who care about security, anyway), so try it out!

Posted on 2005-04-27 at 20:01. File under technology.

~ link ~

Assurance #1

CAcerting.

Today I assured my very first person for the CAcert project -- Mark Stuemky of High Plains Technologies. Not only is CAcert a cool project, but it's a fun way to meet people, so get involved today!

Posted on 2005-04-20 at 19:53. File under technology.

~ link ~

Email Delenda Est?

Can email be destroyed?

A few months back I made a concerted effort to wean myself off email. Unfortunately, I have admitted defeat. I don't think this beast can be killed -- or, at least, someone in my position can't avoid the necessity of email (after all, I'm no Donald Knuth). These days I get more email than ever, I struggle to keep my inbox at less than 400 messages, I have to delete 100+ spams a day even after SpamAssassin culls out at least 200 more, and I spend more time than I'd like to admit exchanging email messages (mostly with folks in the Jabber community). Call me a grumpy old-timer, but I fondly remember those days in 1992 or whatever when email was a new and fun way to explore the noosphere with like-minded others. Now it's just a chore that every day feels more and more like the punishment of Sisyphus.

Posted on 2005-04-20 at 16:01. File under technology.

~ link ~

Very Assuring

Get your certs assured here.

Today I received notice from CAcert that they have received and validated my "trusted third party" documents, so that I am now an assurer for CAcert. If you're in the vicinity of Denver, Colorado, let me know if you need your cert assured. :-)

Posted on 2005-04-18 at 12:13. File under technology.

~ link ~

alt.search

Other than Google.

I've started trying out search engines other than the 800-pound gorilla. So far the one I like best is Clusty -- those subject-based "clusters" on the side of the results page can be quite useful.

Posted on 2005-03-29 at 13:49. File under technology.

~ link ~

Scary

ChoicePoint and more.

This is enough to make one pine for the good old days of a cash economy. It's a scary world out there. We need technologies that enable individuals to have control over their information, not for the information-keepers to have control over the individual.

Posted on 2005-03-29 at 13:47. File under technology.

~ link ~

Not ASIN

Standards-based book quoting and links.

This article in Wired magazine has finally pushed me to stop linking to Amazon.com when I refer to books in my blog. Sure, it's nice to get a small credit once in a while for referrals (which I invariably use to buy gifts for people I know), but I'm simply not comfortable linking to Amazon any longer. Instead, I'm now going to link to isbn.nu, which provides a really cool price comparison service based on a book's ISBN number. An extra benefit is that URIs at isbn.nu are really easy to construct and remember (and, I hope, more stable): they are just http://isbn.nu/foo as opposed to those Amazon URLs of the form http://amazon.com/exec/obidos/ASIN/foo/ (which they probably won't change, but how do I know that, and what the heck is an ASIN anyway?). The structure of ISBN numbers has been standardized, as has a URN scheme for ISBNs, so I'm also going to follow Ben Meadowcroft's lead by including the 'cite' attribute whenever I quote at length from a book, where the value of that attribute will point to the URN for that book (i.e., "urn:isbn:isbn-number").

Standards good.

Posted on 2005-03-28 at 20:07. File under technology.

~ link ~

BlandNet

The coming self-censorship?

Last Friday, Greg Yardley posted some provocative thoughts on the future of the Internet, positing that the desire to fit into the conversation of all with all will induce a kind of self-censorship among bloggers and other online writers, leading to a vast wasteland of bland me-too-ism. Perhaps (after all, most media and technologies become somewhat conservative over time). At that point, the regular Internet will be perceived as that boring place where people have to observe correct etiquette and polish their images for fear of offending someone somewhere. If that bland net comes to pass, I think Yardley is right that interesting people will tune out the net and turn on to something new. But that something new might just be a kind of alternet, where people don personas in which they can say what they really think. So I'm not going to worry over much about the emergence of the BlandNet quite yet, even though Yardley's piece does force a blogger to think clearly about the topics he does not speak about. How do you self-censor?

Posted on 2005-03-15 at 22:21. File under technology.

~ link ~

Singularly Good

Telco responsiveness.

During our recent encounter with people running automated processes on the jabber.org XMPP service, I emailed the abuse address at a number of large mobile telephony providers about the inappropriate traffic coming from IP addresses under their control. It turns out the fault was not theirs, but still I found it instructive that of all the companies I contacted, only Cingular replied to the email messages I sent to abuse@bigcompany.com. To my mind, that's one reason to choose Cingular the next time I'm looking for a new mobile service.

Posted on 2005-03-15 at 17:09. File under technology.

~ link ~

Honey

Here, spammer spammer!

On a happier note, yesterday I was informed by Project Honey Pot that the saint-andre.com domain recently helped identify the IP address of a previously unknown spam harvester. Die, spammers, die!

Posted on 2005-03-08 at 17:01. File under technology.

~ link ~

Princely

XML + CSS again.

I just received a friendly email from Håkon Wium Lie about my post FEE FI -FO FUD, asking whether I had tried Prince for transforming XML+CSS to PDF. Unfortunately, I had to sheepishly admit that I have not yet tried Prince, but I think some experimenting is in order soon. I'll report my results here, so watch this space. ;-)

Posted on 2005-03-02 at 15:43. File under technology.

~ link ~

Social Circles

Visualizing discussion list communities.

Last week, Stowe Boyd linked to a cool application called Social Circles, which enables you to graph out the relationships between people on discussion lists based on how often they post, who replies to whom, etc. Unfortunately I don't see an easy way to feed in an existing list archive, but I've contacted Marcos Weskamp about that since it would be fun to graph out a long-running list like JDEV. It'd also be interesting to graph the list over time, since contributors come and go over the years.

Posted on 2005-02-10 at 13:57. File under technology.

~ link ~

FEE FI -FO FUD

From XML to print...

It's been almost three years since I last played around with XSL Formatting Objects (a.k.a. XSL-FO) and other technologies for going from XML to PDF. Thanks to an article by Håkon Wium Lie and Michael Day, I recently got interested again, so I started looking into available software, on the assumption that surely the Apache FOP project had come a long way since the spring of 2002. Not! It seems that the FOP code I used in those days was shunted off into maintenance mode back on October 22, 2001, in preference for the more modern development branch. The development branch promises a total re-write, awesome architecture, and so on. Unfortunately, no code has yet to emerge, which has resulted in several forks of the maintenance branch, including FOray and Folio (there's also a separate implementation written in C, but it does not appear to be far along yet). There are a few commercial XSL-FO rendering engines (such as RenderX and XSL Formatter), which produce more accurate output, but they cost money. XML + CSS is a possible solution (as touted in the article), but there's only one open-source rendering engine. Wow, this is even worse than the much-lamented state of the Jabber community, methinks! (Not that it's bad for there to exist multiple, competing projects.) Now, I grant you that generating typesetting-quality layout is hard work (harder, I'm sure, than building real-time XML streaming servers), but after three years I was hoping for more progress. I guess I need to help out by writing some test cases or filing some bug reports and feature requests.

Update: Joe has cued me in to ReportLab. Who needs XSLT when you can soak in the goodness of Python? ;-)

Posted on 2005-02-07 at 14:11. File under technology.

~ link ~

IDN-O-Matic

More on the phishing exploit.

In commenting on the IDN phishing exploit, Joe Hildebrand says that the substitution of Cyrillic а for Latin a violates one of his fundamental assumptions about stringprep, namely "that two codepoints that look alike will normalize to the same bytes". Peter Millard and I were chatting about it over lunch, and I think Peter's right that the browsers are doing the right thing in rendering the Cyrllic а character (all except Internet Explorer, which doesn't support internationalized domain names at all), but that they should probably warn the user if a domain name contains one or more glyphs that are outside the user's default character set. Consider the following domain name:

ᎫᎪᏴᏴᎬᏒ.org

If you have Cherokee fonts installed, that should look an awful lot like this:

JABBER.org

But it ain't. ;-) Now, probably not that many people have Cherokee fonts installed, but they might have Cyrllic fonts installed (or some default Unicode glyph renderer). What's violating Joe's sense of Unicode rightness is that St. Cyril borrowed characters from the Latin alphabet while constructing the Cyrllic alphabet (in fact he did the same thing with Greek characters -- compare Cyrllic Ф against Greek ϕ). But is it accurate to say that Cyrllic а should properly decompose to Latin a or that Cyrllic Ф should decompose to Greek ϕ? That's not obvious to me, so I am not convinced that this is a Unicode bug.

Posted on 2005-02-07 at 13:21. File under technology.

~ link ~

The Bees' Knees

Fighting spam with Project Honeypot.

This article provides a good overview of Project Honeypot and why it's a good weapon in the war on spam. I'm now participating.

Posted on 2005-01-17 at 10:19. File under technology.

~ link ~

Spread Firefox

New frontiers in guerilla marketing.

NewsForge is running a cool article about the Spread Firefox website. Maybe we need a "Spread Jabber" site? ;-)

Here's what's most impressive (from the NewsForge article):

Firefox has been downloaded more than 11 million times since November 9. And those aren't the only impressive statistics surrounding the only browser that is shaping up to provide some real competition for Microsoft's Internet Explorer. According to statistics published by w3schools.com, the browser is the only one in recent years other than IE to enjoy a double-digit share of the market, increasing from 8.2% of total browser usage in January 2004 to a current high of 21.2%. Internet Explorer's share has dipped from 84.9% in December 2003 to 71.7% after a year of monthly decreases in usage.

Posted on 2005-01-11 at 11:51. File under technology.

~ link ~

The No Year Plan

Linus on planning.

One of my favorite quotes from Linus Torvalds is this:

My own personal goal has pretty much always just been to live a nice life. That has many facets to it -- Linux obviously being one. Technical interest mixed in with a ton of joy in interacting with people even if only electronically. I certainly see that as a continual part of my life, but I'm not making any five-year plans. Look at what happened to countries that tried that -- I think they are equally destructive in personal life.

Today CNET published an interview with Linus in which he expanded on his approach to project management:

One myth that I find interesting, but which has nothing to do with Linux or even the IT sector in particular, is the myth of how a single person or even a single company makes a huge difference in the market. It's the belief that things happen because somebody was visionary and "planned" it that way. Sometimes the people themselves seem to believe it, and then the myth becomes hubris.

I have to continually try to explain to people that no, I don't "control" what happens in Linux. It's about having an environment that is conducive to development, not so much about any particular leader. And I think that is true in most cases, be it the "great sport coach" or the "great spiritual leader."

...

And I'm not trying to say that individuals don't matter. Individuals do matter, and I'm a huge believer in the theory that a motivated and smart person can do more than a thousand people who aren't. But what matters more than any individual is the kind of environment that brings in the people who shine. One of the things I think Linux has succeeded really well at is to let people shine.

...

I really can't plan my way out of a cardboard box. All my long-term stuff is very fuzzy "intuitive" stuff, not something I could really put into words. I try to avoid having very specific goals in the long term, and instead have more of a general feel for what kinds of things I like and don't like. Some people may see that as undirected, and hell yes, it is. On the other hand, it's pretty flexible, and exactly because I'm not focusing on some specific goal five years from now I'm also not losing track of the problems people experience today, or ignoring somebody else's vision.

Read the whole thing.

Posted on 2004-12-21 at 17:03. File under technology.

~ link ~

Mail 2005

Further predictions of the demise of email.

Ian Grigg points to some predictions from email security company Postini about email usage in 2005:

1. Legitimate email will drop from 12% to 8% of all email.
2. Directory harvest attacks will increase 25% while most victims won't realize they've been attacked.
3. "Phishing" -- fraudulent email used to steal the recipient's identity information -- will rise significantly as well, recasting spam as a damaging activity rather than a nuisance.
4. Connection blocking technology will play an increasingly important role in protecting users from email threats of all types.
5. Corporations will continue to switch to managed perimeter defense services to protect employees from email-borne attacks.

Think about that for a minute: legitimate email will drop below 10% of all email. Perhaps that's why IM, blogs, and other media are taking off so strongly. Heck, I've even gone back to Usenet for all my discussion lists (via Gmane) so that I don't have to use my email client.

Posted on 2004-12-16 at 11:41. File under technology.

~ link ~

Swimming in New Waters

More on blogging and money.

Apropos of my recent complaint about begging bloggers, Doc further explores the intersection of blogs and money. Although I continue to doubt that micropayments will ever take off, I do think that we're learning to swim in the new waters engendered by the electronic tsunami. I don't know how money fits in, but Doc is probably close to the mark when he says that (some) folks will make money because of their blogging activities, not directly from their blogging activities (the blogosphere seems similar in this way to the open-source community). What we're witnessing is Schumpeter's creative destruction at work -- a phenomenon well captured by Doc's phrase "re-industrialization". New connections are being made and old ones are being torn asunder. What ultimately results from this process is anybody's guess, but I doubt that traditional publishers of books, newspapers, and magazines will be playing a dominant role in the noosphere of the future. The same probably goes for the record companies, radio networks, and television studios.

May you live in interesting times...

Posted on 2004-12-14 at 19:43. File under technology.

~ link ~

Electrons Rule

The impending death of print media.

Two articles in Wired today make me wonder how much longer people will be putting ink to paper:

• Newspapers Should Really Worry describes how people in the 18-to-34 cohort do a lot of reading, but they read things online, not in printed books, magazines, or newspapers.
• The Library of Google describes how Google is working with some major libraries and publishers to put massive numbers of books online.

I'd say the writing is on the wall, but that sounds so second-millennium. ;-)

Posted on 2004-12-14 at 14:53. File under technology.

~ link ~

Chat is King

The death of email is spreading fast.

Ian Grigg has posted further evidence of the impending death of email. Chat is king!

Posted on 2004-12-08 at 10:43. File under technology.

~ link ~

More on the Death of Email

Simple demographics.

Stowe reports further on the impending death of email, quoting a Forbes article:

Kids are such heavy users of messaging technologies that it is likely today's killer Internet app -- e-mail -- is about to get pushed aside. "As these kids get older, we're going to see IM really take over as the preferred method of communication over e-mail," says Yahoo's Miller. "E-mail is really seen as skewed towards older demographics. Kids will use e-mail to communicate with their parents, but it's seen as very stodgy."

It's simple demographics: email will increasingly be relegated to what Stowe calls "a small amount of corporate/legal/official crap", leaving all other communications to real-time text, voice, or video (with text continuing to dominate since it enables a lot more multitasking -- voice and video are just too limiting).

Posted on 2004-12-01 at 15:37. File under technology.

~ link ~

Searching Forward

The other half of search.

Bob Wyman has posted some interesting thoughts on what he calls prospective search. Whereas Google lets you find out what is already known, PubSub.com helps you learn about what has just been discovered (thanks to the magic of content syndication and XMPP delivery). For instance, I have a standing search request at PubSub.com for any information related to Jabber or XMPP, and such information appears almost instantly in my Jabber client via the Mimir service (PubSub.com also has its own XMPP-based delivery engine, but it doesn't connect to other Jabber servers yet). It's all about the real-time Internet.

Posted on 2004-11-30 at 14:49. File under technology.

~ link ~

Email Is Dying

Korea leads the way.

The English edition of Digital Chosunilbo reports that email is dying in Korea, and that the combination of IM and weblogs is rendering email obsolete, especially among younger Koreans (for whom "email is an old and formal communication means"). I still use email for all the discussion lists to which I subscribe (which I read in a newsreader via Gmane), but other than that I rarely use email these days -- well, other than to get my daily 300+ spam messages. ;-)

Posted on 2004-11-30 at 14:37. File under technology.

~ link ~

Revolution Y

The coming of the IM tribe.

Stowe Boyd is just piling it on the days: his latest missive examines Generation Y and the coming communications revolution (hint: it's all about real-time communications). Jabber: the choice of a new generation? ;-)

Posted on 2004-11-10 at 14:07. File under technology.

~ link ~

New Key

More security considerations.

OK, I've created a new OpenGPG key to replace the one I revoked a while back. Now we just need to figure out a replacement for JEP-0027 and I'll be all set.

Posted on 2004-11-10 at 13:53. File under technology.

~ link ~

WoTs Going On

Using security technologies.

Hardly anyone uses security technologies. Part of the problem is a lack of critical mass. And part of that problem is that the webs of trust are small. So I've decided to do something about that by becoming a "Web of Trust Notary" for Thawte personal e-mail certificates and an "Assurer" for the CAcert.org web of trust. A few folks over at PingID are also psyched about getting involved. This seems like a cool, grassroots effort that really doesn't take much time and helps make the Internet more secure. Once I have notary/assurer status (it may take me a few weeks given the paucity of existing Thawte notaries, and especially CAcert assurers, in Colorado), I'm going to work to get more folks signed up locally. Blogger meetups and other such IRL gatherings seem like a great time to get people notarized/assured en masse. Let's get busy!

Posted on 2004-11-08 at 16:16. File under technology.

~ link ~

Service, Please

Variations on a theme by Graham.

Adam Bosworth's latest entry is a variation on a theme originated (as far as I know) by Paul Graham back in 2001: it's better to offer an application over the Net than to ship an old-style software bundle. Both essays are well worth (re-)reading. Bosworth's thoughts are also connected in my mind with what I like to call the need for speed and the real-time Internet, because life is getting faster and software needs to keep up. Evolution in action, indeed!

Posted on 2004-11-04 at 14:21. File under technology.

~ link ~

Sprechen Sie Erlang?

Languages and servers.

At the prodding of someone I was chatting with the other day, I spent a bit of time reading up on Erlang last night. It's quite fascinating! Erlang seems to be tailor-made for writing stable, robust servers. As the FAQ explains, "Erlang is a general-purpose programming language and runtime environment" and it "has built-in support for concurrency, distribution and fault tolerance" (the whitepaper provides more detail). It even includes something quite close to guaranteed delivery. Sure, no one knows Erlang so it's probably hard for people working on open-source Erlang projects to find contributors, but given how hard it is to find contributors even when a project's chosen language is well-known, I'm not sure that using Erlang makes all that much of a difference. So there may be a good reason why ejabberd gets such good reviews -- perhaps I need to look into it more seriously. (Heck, it might be easier for people to learn Erlang than to, say, port jabberd 1.4 to the Apache Portable Runtime or something like that.)

Posted on 2004-09-21 at 19:52. File under technology.

~ link ~

A Pyrrhic Victory

Why crypto doesn't matter.

Sadly, this seems to be true: we have the right to use cryptographic technology, but we don't do so. Part of the problem is that it's too darn hard. How many normal people (non-geeks) have PGP keys and use them? Technology developers are duty-bound, I think, to make this stuff much easier. Dizzy wants to make this a priority in the Jabber community and I agree. There was a good presentation about this at one of the IETF plenary sessions, updating the information in RFC 2316. The bottom line is that some security technologies are in wide use (SSH, SSL) because they are relatively easy to use, but most are not. We can do better.

Posted on 2004-08-12 at 10:47. File under technology.

~ link ~

A Limerick

In homage to the father of the Internet.

Last night after the IETF plenary session I happened to be part of a small gathering of geeks who among other things were speaking of how IPv6 will eventually supplant IPv4, so I spontaneously (well, after some coaxing) came up with the following limerick:

There once was a man named Al Gore,
Who thought that the phone could do more;
He invented the Net,
But we'll do better yet,
For he only developed 'v4.

To the universal deployment of IPv6!

Posted on 2004-08-06 at 07:21. File under technology.

~ link ~

Truckin'

Protecting my Mac.

I'm so hooked on my PowerBook that I am going to want to bring it to the office all the time. The only problem is that I really like to bike to work. Perhaps a MacTruck is the answer (thanks to DizzyD for the link).

Posted on 2004-08-01 at 15:11. File under technology.

~ link ~

IETF-ing

Arrived in San Diego.

I'm in San Diego this week for IETF 60. Joe Hildebrand and I just arrived without incident -- I'm sitting in the security tutorial whereas he's in the training session for new WG Chairs (since he got suckered into, er, helpfully volunteered for, being co-chair of the WebDAV WG).

Posted on 2004-08-01 at 15:01. File under technology.

~ link ~

Powering Ahead

Getting back up to speed.

It's taking me a little while to get everything I need set up on my new PowerBook. Thanks to Joe and Diz, I now have all the developer tools I need, including Fink (which provides the goodness of Debian's apt-get on OS X). I just installed a newsreader called MT-NewsWatcher so that I can start posting again to all the lists I follow through Gmane. And I've been adding lots of music to iTunes. :-) But I think I may need