Tag internet

Entries 7 Total

Identity, SSO, and networked namespaces

Jul 13, ’11 9:54 PM

Jud Valeski had a notable observation about how potentially powerful an OS level namespace and single sign-on capability could be for internetworked applications:

Everyone’s talking about the power of Twitter and Apple’s native single sign-on model in iOS 5. While this is a phenomenal coup for both Twitter and Apple, it’s only the tip of the iceberg. Having a widespread, networked, account namespace (Twitter) baked in at the operating system level is one of the few things that can truly revolutionize the network again.

I am certainly not going to be one to criticize this desire at all. But (of course there’s a “but”), I have no real reason to believe that a big company team-up is going to actually enable this desire. The history of big software companies’ attempts at some kind of unified, distributable identity is littered with bungles, with everything from Passport to Apple’s own MobileMe.

There, is of course, the big advantage that there are already a lot of integrations and knowledge about Twitter auth and users, but is that enough?

I’ve always thought that “user-awareness” was incredibly key to making applications powerful and much more user-friendly, but I don’t write about it enough. So, here goes the following…

I still think the solution to this “who is the user/omfg passwords everywhere” nightmare has to be something that provides “connectedness” and an extra layer of security that is used pretty rarely at the moment.

What does that mean? Glad you asked. I think it looks something like this:

  1. A user connects to an Internet service (through a browser, mobile app, desktop app, anything).
  2. A hashed key is provided to the service along with that request. The hash initially blinds the service from the user’s identity.
  3. The service sends the hash off to a third party.
  4. The third party then contacts the user, most likely through a mobile app: “The service MyHotNewThing wants to connect with your information, do you want to share the following info?…”
  5. The user says Yes (or No and the process stops and the user gets a “not logged in” view of the service), makes any customizations to what info they want to share with the service, and the third party then provides a key to the service that allows them to access the user’s information.
  6. The user is logged in to the service and any approved content or other connections(!) are also now available to the service.

Boom. It’s a bit similar to OAuth, but not the same: No browser required, no bouncing through URLs, no confusion about who is asking for what.

A few additional key points:

  1. Those hashes have to include, behind the scenes, devices. In normal language this means something like “User X has approved access to Service Y from Device Z.” Now, implicitly, the user is probably approving this for all the user’s devices, but all of those keys are different. This lets a user completely disable access from a (stolen, lost, broken) device for everything in one action. It also lets the user disapprove access from an unknown (hacker) device.
  2. This also makes all the keys and hashes different for the triple combo of service/user/device as opposed to most current schemes, which are just service/user.
  3. By handing off the approval process to a third-party this opens the door to things like social authentication (my friends trust this, so I will too) and content-sharing without conflict of interest.

Getting back to the original post, I’m not saying that possibility isn’t there, but I don’t see the big players thinking about this problem in this way.

Thoughts?

Comments

Is the sorry state of American education actually good for software innovation?

Jul 12, ’11 11:22 PM

The following is a bit in the realm of pointless mind games and Devil’s Advocate, so grain of salt applies.

It struck me that America’s currently abhorrent state of education may, in an odd, counterproductive way actually be helping to fuel software innovation. Imagine you’re a smart student being put through the low-expectations, rote-memorization wringer that is America’s current state of public education. In other words, you’re bored senseless and completely unchallenged in school. Yet, you possess a curious mind and enjoy learning and figuring out how things work and making things that do things.

So what do you do? Well, you turn to the Internet of course. And sure, there’s Facebook and porn and sexting and reddit and political flamewars. But there’s also Wikipedia and open source software and entire datacenters of videos and blog posts about how to do things and how they work.

And you get curious and start fiddling with some of this stuff and then you start making things. And the things you make, do things. Maybe they even do useful things. And so you share them and discover that other people, even if its only one or two, find the stuff you made useful.

And suddenly you’re hooked. Now you want to make even more useful and complex and interesting things.

So, the question is: does this happen if you aren’t bored senseless at school? At some level, absolutely this question is completely irrelevant beyond the individual. But at the same time access to good programming education, fast Internet and computing equipment is no longer primarily an American or even Euro perk. We’re seeing good software and startups from all over the world.

Despite all this, there is a distinctly cultural “thing” to American software innovation. There’s a drive and passion that is more prevalent here. I’m not saying it doesn’t exist elsewhere, it absolutely does, I’m saying that this is at a critical mass in America that you don’t really see anywhere else and it irks me as to why.

I’m really not trying to be a rah rah American here (I’m attributing this on our crap education!), I think our country is a mess. But the one thing that’s undeniably working is our leadership in software innovation and I find it a curiosity that exists in spite of all our other problems.

And, of course, the easy counter to this entire argument is the volume of great stuff that comes out of Stanford, MIT and elsewhere. But there are also an awful lot of really good developers who never bothered with, or dropped out of school. And there are an awful lot of CS grads who are crap developers and even worse innovators.

Comments

My answer to What are some of the technology innovations we might see in online advertising in 2011?

Jan 20, ’11 4:01 PM

I think the two huge things that technology is changing in online advertising are 1) targeting. And 2) what I am starting to think of as “applitisements”, which is to say: display and mobile ads are going to become more and more like mini web applications. Neither of these things is a singular, momentary “innovation” in its own right, nor do I think as trends that they started or will end in 2011, but I think 2011 is when they start really coming together beyond the clumsy first steps.

Targeting is a bit more obvious and already on more people’s radar. As users share and connect more of their data, advertisers are going to be able to hyper-target and personalize their ad buys (think “males 30-40 who follow @mybrand on twitter and live in australia”). I think most people in the advertising world are aware of this at a conceptual level, but 2011 is when you’re going to really start seeing more effective targeted ads.

Applitisements, in the strictest technical sense, have been with us since the first Flash banner, but as online identities become more cross-site pervasive and HTML5 and integration APIs grow (see iAd), online ads are going to become much, much more robust and – hopefully :) – better.

Just to take a really simple example off the top of my head: Imagine you’re watching a movie trailer online. At the end of the trailer, not only are you provided with the “theaters closest to you”, but the applitisement already knows which theaters you buy tickets to the most often and displays those first, it lets you invite other people to go with you and buy the tickets without having to login or enter your CC info (ideally, there’s an in-ad password entry or other auth “reverify”). No jumping between websites, pages or windows or copying and pasting. All within the ad. And it doesn’t matter if you’re viewing the ad on a phone or a desktop, it just works.

Now, I’m not saying you’ll see the above example “this” year, but 2011 is the first year where I can actually say to myself “Okay, if I were going to write that ad, I need X, Y, and Z to happen and I have to do A, B, and C” and none of those things feel like some nebulous far-off “someday.” The pieces are all starting to come together.

What are some of the technology innovations we might see in online advertising in 2011?

Comments

The Ass-Backwardness of Our Technology, Copyright Laws and Privacy

Oct 14, ’10 12:38 AM

Consider this current state of affairs…

We live in an age where large corporations or their associations (think RIAA) are suing individuals and file sharing services for millions of dollars, while not making it any easier to actually, ya know, buy their copyrighted material. There are millions more dollars being spent on developing ever more complex DRM to secure said copyrighted material. Joel Tenenbaum got hit with a $675,000 ruling (note: the judge later took a zero off of that) for illegally sharing 30 songs. RIAA unsucessfully sued the Russian allofmp3.com for $1.65 trillion – yes, with ‘T’.

I don’t want to even get into the fact that this state of affairs is a shaky business strategy, that ultimately technology makes it impossible, or that the value proposition of suing everyone in sight is dubious at best (and nevermind the fact that file sharing is a free distribution channel…). Instead, let’s compare it to the flipside…

Individuals are sharing their data like crazy. More than at any point in history, people are sharing their thoughts, photos, social graph, fiction, music, videos (yes, even their porn). While many people are choosing to take advantage of better privacy settings at sites like Facebook, a lot of people are taking full advantage of how easy it is to get material into the public space. However, when indviduals do want to control the distribution of some of our content, and something goes wrong, how does the reverse look? The people who sued Google over privacy issues with Buzz? They got $2500.00 each (that’s without a ‘T’… or a ‘B’ or and ‘M’). Granted, several million dollars in the Google ruling is going to privacy organizations, and that’s a good thing, but the point is that this disparity is so totally, absurdly out of whack.

Corporations are spending gobs of money on technology, lobbyists and legal proceedings to protect themselves from (I would argue perceived rather than actual) damages. Now, of course, there are a lot of people in the technology and speculative fiction world who just sort of “get” how retarded this is and that the sell-a-physical-thing-or-sue-the-world! business model is going to eventually die and move to some sort of whuffie-based economy (assuming, of course, we aren’t all thrown back the 18th century cause of an energy crash, in which case this is all academic and hopefully I remembered to print this blog post before the lights went out).

However, that doesn’t really help the individual out right now. Individuals need better, easier to use tools to protect themselves. They also need better recourse and education. Facebook’s updates to privacy controls and industry efforts like OAuth are steps in the right direction, but we still aren’t there. Think about this: the single best set of keys you have right now to protect your online identity? Your smartphone.

Now, what would happen, for me, if this blog post was stolen a million times? How would I sue all those – wait what? Are you crazy? It would be fantastic. Please, by all means share the shit out of this.

Comments

Google Wave Reminds Me of Microsoft

Oct 15, ’09 2:24 PM

I got a Google Wave invite (thanks nick) and I am remarkably unimpressed. Essentially it’s a threaded discussion system with the ability to insert different kinds of media and it works in realtime. For one thing, this is not actually new. Calling it “wave” and making it easier to include non-textual media does not make what you are doing new or radical. Sure, Wave is trying to get us to a better kind of email collaboration and email is certainly a technology that is overdue for either some much better client-side functionality or to be retired completely (but that’s a post for another day), but pushing email towards threaded discussion boards and adding Hype, meh. Secondly, Wave seems to do all of these things badly.

Let’s start with other media types. You can put images, videos, and “gadgets” (essentially mini apps) – all sorts of stuff in a “blip” (one particular message in a “wave”). Okay… I see that this might be mind-blowing to someone who has only ever used email and commented on one or two web sites. But there are a lot of different sites and infrastructures that allow this functionality now. There are blog plugins, help guides, all sorts of things… Facebook Apps are probably the most used example of this sort of thing. Okay, so not being “new” doesn’t make “bad.” Fair enough. It’s bad cause it’s confusing to use and abysmally buggy and slow. Sometimes you click on things and nothing happens. Since there’s no UI feedback I don’t know if something is broken or just slow. The rendering is pretty sluggish even when things do work. Also, since they’ve tried to pack so much functionality and slickness into a web-based app, more than once I found myself in focus hell. I was clicking around trying to move my cursor and I ended up opening three new blips (ugh, that just made me sound like a professor in college I saw trying to use a mouse for the first time).

Realtime updates. Waves update in page (as opposed to say, a thread on a blog post where you have to refresh). This seems like wasted effort to me. I know the software industry has been pining to provide the realtime digital equivalent of a whiteboard for years and tons of time and money have been spent on such systems (Gotomeeting has a whole mess of these kinds of features that I’ve never actually seen anyone use in a meeting). I’ve never understood the intensity with which people clamor for this functionality. At any rate, the aforementioned sluggish-ness of wave renders this an ironic feature and has probably made the code and API a gazillion times more complex. I sound like a broken record, but the the HTTP protocol was not designed to do this sort of realtime, stateful stuff. Also, the level of realtime-ness is overkill. Watching someone else fix their typos is about as productive as watching a Roomba and is, actually, far less interesting.

And then there is the threading, which might be the piece that bugs me the most. Wave essentially does the same sort of indenting seen in many threaded systems, with one really notable exception: It’s nightmarish to find new posts. Your Inbox tells you that there are new Wavelets, but there’s no way to jump to them. You just have to scroll around until you see the green bars or outlines. Really? REALLY? Tell me I’m missing something Google. There are so many sites that figured out this problem ages ago that it’s king of stunning that it works so badly in Wave. Also, you can’t mark a single Blip as Read (or if you can I haven’t figured out how, it’s not on the drop-down menu). So, all you can do is mark the current state of your Wave as read, even though it’s synchronizing in realtime. So if there’s a new Blip or Wavelet and I hit Read, does that mark that one as read too or is it smart enough to figure that out? Again, it’s such a bad user experience that I just don’t care.

All of this gave me deja vu of sitting through product demos where a tech evangelist would be explaining some “great new functionality” and I would just be sitting there going “that’s just X re-written to work with Office” and then, of course, it would crash. I’m really struck by how much Wave reminds me of something Microsoft would do: take existing concepts, rename them (the descriptions of Waves, Wavelets and Blips even describe them as “conversations,” “threads” and “messages” in the documentation, so why not just call them that?) and re-write them from scratch to work within its own ecosphere. Granted you will be able to host Wave robots externally to Wave and you can embed Waves on sites external to Google, but the embed API does not appear to be a data API. It looks like you’re literally dropping the Wave into a webpage, which is disappointing. Essentially you’re using Wave whole hog or not at all. Wave Aid.

Finally, if the Terms of Service are anything like the Google Apps ToS then Wave is dead in the water for the corporate world.

Comments

Where Jesse tries a new way of explaining DNS

Jul 23, ’09 3:12 PM

Summary of a conversation at work…

Me: “Okay, you know how in the real world every building has an address?”

PersonNotGettingDNS: “Yea”

Me: “Okay, the internet is like that, but on the internet you only need to know the name of a place to get to the address. So, DNS is like a cabbie. All you have to say is ‘Empire State Building’ and the Empire State Building could have moved to Brooklyn and the cabbie would still get you to the Empire State Building. And it doesn’t matter at all that it has a whole new address. So when we say ‘point the DNS…’ we mean we’re telling the cabbie the new address…Make sense?”

PersonNotGettingDNS: “But you can see the Empire State Building”

Comments

RMAD: Recoverable Mutually Assured Destruction, as seen first in Iran

Jun 19, ’09 5:26 PM

Assuming reasonably equal resources and knowledge: two parties attempting to knock each other off the internet can result in only two outcomes: either they both get knocked off or neither does. The possibility of either party “winning” is essentially impossible. The Internet’s combination of network redundancy and ability to communicate with, and garner assistance from, sympathetic parties from around makes it nearly impossible to for one party to squash another. The only thing they can do is cut themselves off completely. I think of this is RMAD “Recoverable Mutually Assured Destruction” since they can turn it back on afterwards (unlike the nuclear MAD).

We are seeing this now in Iran. The government controls the connections, but can’t cut off the opposition without cutting themselves off. So we are seeing outside parties providing proxies and passing along messages (see http://twitter.com/#search?q=%23Iranelection).

This is all intuitively clear and long predicted, but I think this is the first time we are really seeing it in action.

Comments