Category: Technology

37 Signals’ next app Highrise will support OpenID

Highrise will support OpenID

I got an email today from 37 Signals today about their forthcoming CRM tool called Highrise (formerly known as Sunrise). Curious to see where the project was at, I went and snooped around, trying out some common beta URLs to see if I could get a sneak peak… (naughty naughty) and, finding nothing, it dawned on me that Jason Fried was probably using his standard domain prefix for his account… just as he’s done with the Backpack reviews.

Sure enough, there was a welcome page at jf.highrisehq.com but what else did I discover? None other than a link to “Login with OpenID”. I tried logging in and it went through all the proper steps — so it does look like this is a functioning feature.

So it appears that the 37 Signals guys have finally drunk the Koolaid and will be supporting OpenID… I asked for this awhile ago but now, with DHH on the case and writing code, it seems that it’s actually going to happen.

And I couldn’t be more excited about it. Finally, one login for all my Basecamps, Backpacks, Campfires, Tada Lists… and now, Highrise. This is exactly the way it’s supposed to work.

WordPress.com adds support for OpenID

Trust this site with your identity? -- WordPress.com

I think I might have jumped the gun on this one. Ok, I did. It seems that for now, WordPress.com is only an identity provider and not a consumer, meaning that you can use your WordPress.com blog address as an OpenID but you can’t yet log into WordPress.com with your OpenID. My bad.

In talking to Matt last Friday at the Adaptive Path party, I asked him when OpenID was coming to WordPress.com — the hosted blogging service — and he replied “Monday”.

Well, a day late but hardly a dollar short, WordPress.com has added bi-directional support for OpenID.

What this means is that you can both sign in to WordPress.com using your existing OpenIDs (making WordPress.com a “consumer”) as well as use your WordPress.com URL (for example, https://factoryjoe.wordpress.com) as an OpenID elsewhere, making WordPress.com an iDP or “identity provider”.

The FAQ entry is pretty descriptive and I’d recommend you take a look at it. WordPress.com now joins a growing array of service providers offering support for this grassroots-driven authentication protocol.

No word on when OpenID will hit core of the WordPress project, but there are already two great efforts driven first by Alan Castonguay and more recently Will Norris — which point to a positive future between the two open source initiatives.

Customizing the QuickSilver Cube Interface

Custom QuickSilver pimpage

Update: 4/14/2007: I’ve recreated the NIB file to use the latest version of the Cube Interface source.

Update: Oops! I wasn’t very specific about that .nib file. I’ve updated the instructions to make it more clear now. As for HEX colors in the Color Picker, try the HexColorPicker. Thanks Frank!

There was a trend awhile back to tout your custom QuickSilver interface. At the time I resisted doing anything hardcore, content to enjoy other people’s works.

Well, without any QuickSilver updates lately, I finally gave in and copied a style I found in the forums created by Axlin by following the instructions provided by Hawk Wings.

To save folks the hassle, I’ll make this really easy for you.

First, make sure you’re running the latest version of QuickSilver (β51). Next, install the Cube interface if you don’t have it already. Third, launch the Cube customization interface.

Ok, once there, make your settings look like this:

Cube Interface Preferences

Now, here’s where it gets a little dicey. You’ll need to first download the replacement QSCubeInterface.nib from my server. Navigate to ~/Library/Application Support/Quicksilver/Plugins in the Finder and make a backup of the existing QSCubeInterface.nib file in that directory. Now, right click on QSCubeInterface.nib and select “Show Package Contents”. Drill into Contents/Resources and unzip the QSCubeInterface.nib.zip file in this directory, overwriting the existing .nib (you should have already made a backup).

Now, quit and restart QuickSilver and you should be good to go. Lemme know if it works for you and if you come up with any other interesting examples of customization, post them to the QuickSilver Flickr group.

A design pattern for image and figure alignment

Figure design

Dan Cederholm proposed the idea of a figure microformat some time ago and I followed up with a post the microformats discuss list. I’ve continued thinking about it and after throwing down with Tantek over IM, realized that K2‘s presentational approach of using alignleft, alignright and center classnames on images just didn’t hold up over time and, as Tantek asserted, was worse than being semanticly neutral.

Therefore, I decided and have been using the following approach to laying out images in my blog posts:

.code { border: 1px solid #eee; list-style-type: decimal-leading-zero; padding: 5px; margin: 0; }
.code code { display: block; padding: 3px; margin-bottom: 0; }
.code li { background: #fff; border: 1px solid #ccc; margin: 0 0 2px 2.2em; }

  2. a img {
  3. border:0;
  4. }
  6. img.figure {
  7. max-width:460px;
  8. border:2px solid #f7f7f7;
  9. }
  11. img.figure-a {
  12. margin-left:auto;
  13. margin-right:auto;
  14. display:block;
  15. }
  17. img.figure-b {
  18. float:right;
  19. border:0;
  20. margin:0 0 6px 6px;
  21. }
  23. img.figure-c {
  24. float:left;
  25. border:0;
  26. margin:0 6px 6px 0;
  27. }

Thus, if you apply the figure class to an image on its own line, it can’t be larger than a setting of your choosing (i.e. to not overlap columns, at least in Firefox) and will have a nice border outlining it. Adding figure-a will center it on the line, figure-b will align it to the right and figure-c will align it to the left.

I chose these names after consulting with Tantek, reading Dan’s piece and thinking about the multiple uses these classes might have beyond images (i.e. for formatting tables or graphs). Figures are often cited in textbooks and newspapers and currently don’t conflict with any other microformat.

I’d like to see the next versions of and K2 support this and deprecate the alignleft, alignright and center image classes in subsequent versions. I’d also like NetNewsWire, Bloglines and other feed readers to support these basic alignment styles. But until then, feel free to use this markup in your own projects and spread the pattern!

MarsEdit blog editor sold to Red Sweater software

I’m a bit late with this news, but since is my blogging tool of choice, I thought that I’d note that Newsgator has decided to sell MarsEdit to Red Sweater Software (Brent Simmons has more, as does Gus Mueller (former MarsEdit developer) ), makers of FlexTime. Here’s to a 2.0 release sooner than later!

Microformatting the Future of Web Apps

Update: I’ve updated my schedule corrections to include hcards for all the speakers, so besides adding the entire schedule to your calendar, you can now import all the speakers to your address book.

Lisa from FoWA notified me that she’s since incorporated my hcalendar changes into the official schedule. Nice!

FoWA Banner

I wanted to draw attention to the effort put into the schedule for the upcoming Future of Web Apps (which we’re in London for). One the surface, it’s a great looking schedule — under the hood, you’ll find microformats marking up the times of the sessions. A nice effort, to be sure, except that their effort lacks a certain… accuracy.

I point this out for two reasons: one, I’d love to see the schedule fixed so that you can download it into your calendar. Second, it serves as a good example of why the Microformats community has been wise to minimize the use of both hidden microformatted content as well as invisible meta data as much as possible.

To illustrate the problem, let me point out two important elements of the microformat. These elements specify when an event begins and ends respectively. From the icalendar standard, these values are indicated by the and attributes. For example, this code would indicate that an event starts on Feb 20th at 6pm in London:

<abbr class="dtstart" title="20070220T1800Z">6pm</abbr>

However, when viewed in a browser, it looks like this: 6pm, and taken out of context, that 6pm could happen on any day of any year in any timezone. By marking up that time with an ISO datetime in the context of an hcalendar object, we know exactly what time and in what timezone we’re talking about.

So, looking at the FoWA schedule, you don’t know it, but even though it looks like it’s offering all the right times and correct information in the human-facing data, delving into the microformatted data will reveal a very different agenda, specifically one that takes place in 2006 and goes backwards in time, with some events ending on the day before they started.

Again, they’re certainly to be commended for their efforts to microformat their schedule to make it easy to import and subscribe to, but they seem to have missed an opportunity in actually providing a computer-readable schedule.

Here are some things that need to be fixed on the schedule:

  1. All times need to be contained in <abbr> tags, not <span>s. This is a common error in marking up hcalendar, so watch for this one first.
  2. Second, the dates specified in the title attributes need to be 100% accurate; it’s better to have no data than incorrect data.
  3. Third, all start times should begin before the end times, unless you’re marking up the schedule for a time machine.
  4. I should point out that it would be useful if all people and organization were marked up as , but that’s a separate matter.
  5. Lastly, it always helps to validate your basic XHTML and run your microformatted content through consuming applications like Operator, X2V or Tails to see if the existing tools can make sense of your data. If not, it won’t work for anyone else either.

I’ve gone head and corrected the schedule. I’d love the for the FoWA team to take these basic changes and incorporate them into their schedule, but I know they’re busy, so in the meantime, feel free download the schedule in ICS format using Brian Suda‘s X2V transform script.

Who’s who on Twitter

Twitter Styles

Jeff Barr posted a lazy web request for a better view of Twitter contacts and Wes Maldonado responded with a slick Greasemonkey script.

Well, not to be outdone by the scripting folks, I made two similar scripts for , a Firefox plugin that allows you to apply custom CSS on certain webpages (see what I did for Tangler a couple days ago).

To apply these styles, install the extension and then add either of these styles to Twitter.com:

.code { border: 1px solid #ccc; list-style-type: decimal-leading-zero; padding: 5px; margin: 0; }
.code code { display: block; padding: 3px; margin-bottom: 0; }
.code li { background: #ddd; border: 1px solid #ccc; margin: 0 0 2px 2.2em; }

No avatars

  1. @-moz-document domain("twitter.com") {
  2. #friends {margin-top: 12px;}
  3. #friends a[rel=contact] {display:block;text-decoration: none !important;margin-bottom:3px;}
  4. #friends a[rel=contact] img {display:none;}
  5. #friends a[rel=contact]:after {content: attr(title);}
  6. }

With avatars

  1. @-moz-document domain("twitter.com") {
  2. #friends a[rel=contact] {display:block;text-decoration: none !important;margin-bottom:3px;}
  3. #friends a[rel=contact] img {margin-right: 3px; text-decoration: none !important;}
  4. #friends a[rel=contact]:after {content: attr(title);}
  5. }

OpenID creates a foundation as Microsoft pledges support

You can read it around the web, but, hot on the heels of the creation of the OpenID Foundation, the news from the RSA Security conference is that Bill Gates has announced Microsoft’s intention to support OpenID 2.0.

Scott Kveton, our advisor at JanRain, has a summary and text of the announcement:

Microsoft to Work With the OpenID Community, Collaborating With JanRain, Sxip, and VeriSign

JanRain, Microsoft, Sxip, and VeriSign will collaborate on interoperability between OpenID and Windows CardSpace™ to make the Internet safer and easier to use. Specifically:

As part of OpenID’s security architecture, OpenID will be extended to allow relying parties to explicitly request and be informed of the use of phishing-resistant credentials.

Microsoft recognizes the growth of the OpenID community and believes OpenID plays a significant role in the Internet identity infrastructure. Kim Cameron, Chief Architect of Identity at Microsoft, will work with the OpenID community on authentication and anti-phishing.

JanRain, Sxip, and VeriSign recognize that Information Cards provide significant anti-phishing, privacy, and convenience benefits to users. Information Cards, based on the open WS-Trust standard, are available though Windows CardSpace™.

JanRain and Sxip, leading providers of open source code libraries for blogging and web sites, are announcing they will add support for the Information Cards to their OpenID code bases.

JanRain, Sxip and VeriSign plan to add Information Card support to future identity solutions.

Microsoft plans to support OpenID in future Identity server products.

The four companies have agreed to work together on a “Using Information Cards with OpenID” profile that will make it possible for other developers and service providers to take advantage of these technology advancements.

There’s no shortage of coverage, so I’ll just give you a run down of the players involved: Kim Cameron of Microsoft, Dick Hardt of SXIP, Michael Grave and David Recordon of VeriSign, Johannes Ernst of Netmesh, and Brad Fitzpatrick of LiveJournal.

What this means will be seen over time, but it does mean that a major player has shown their support for the protocol and for the community, making way for other, more reluctant parties, to step up and enter the arena.

It also means that Microsoft will be answering a major question about interface for the OpenID effort with their CardSpace work — and, if that work complies with their Open Specifications Promise, it will be advancing the anti-phishing efforts of the OpenID community years forward by bringing to the table a deployed, open specification for handling authentication in the browser.

While there will certainly be much work to be done to offer choice, this seems like a great opportunity to accelerate the user-centric identity efforts that have recently come to fruition.

Bating the mousetrap with chunky peanut butter

Flickr peanut butter
Original by starpause kid and shared under a Creative Commons License.
When it comes to mousetraps, it’s fairly common knowledge that an effective cheese alternative for trapping mice is peanut butter.

However, we already know that Yahoo isn’t too fond of peanut butter. At least the smooth kind spread thin.

So it’s interesting to note that, perhaps as part of the strategy to outlaw renegade peanut butter within the organization, the formerly independent outpost known as Flickr will be forcing users to either merge or create a new Yahoo account to login after March 15:

On March 15th, 2007 we’ll be discontinuing the old email-based Flickr sign in system. From that point on, everyone will have to use a Yahoo! ID to sign in to Flickr.

We’re making this change now to simplify the sign in process in advance of several large projects launching this year, but some Flickr features and tools already require Yahoo! IDs for sign in — like the mobile site at m.flickr.com or the new Yahoo! Go program for mobiles, available at http://go.yahoo.com.

If you still sign in using the email-based Flickr system (here), you can make the switch at any time in the next few months, from today till the 15th. (After that day, you’ll be required to merge before you continue using your account.) To switch, start at this page: http://flickr.com/account/associate/

Complete details and answers to most common questions are available here: http://flickr.com/help/signin/

If you have questions or comments about signing in with a Yahoo! ID, speak up!

You can imagine that not everyone is happy about this, especially after the reaction the first time around:
Jimbo doesn't like it

Now, I’m not interested in opening old wounds. The Flickr folks have given plenty of notice about the coming changes (figure at least a month and a half if not the full 18 months since they were acquired) and of course are available for consolation, hand-holding and so forth.

Oh, and contrary to my tendency towards conspiracy theories, I’ll let Stewart debunk them outright:

And that’s it: there’s no secret agenda here, no desire to come to your homes and steal your TV. Over time, it just gets more expensive to maintain independent means of authentication and we could “spend” those efforts on other things which make Flickr more useful, more fun, more versatile, etc. And the smaller the ratio of old skool to Y!ID-based gets, the harder it is to justify not spending that effort on improvements.

I will, however, take this opportunity to rise up on my soapbox again and point out something worth reflecting on…

Look, Google’s already done the same thing with Dodgeball; it’s a sure bet that they’re going to do the same thing with their YouTube acquisition. We know that Yahoo logins are going to show up on MyBlogLog and eventually, probably Upcoming too — and, for that matter, any other user-centered acquisition that comes down the pipe. Microsoft is no different. Let’s face it: the future of the web is in identity-based services. And this is a good thing, if you’re ready for it.

My buddies Brian Oberkirch and Aldo Castañeda talked about the potential for this new economy recently. It’s coming and it’s scary (for some) and it’s unclear what it looks like. But the more that this happens under authoritarian login regimes, the more concern I feel for the effect these consolidation efforts will have on true democratic choice in where and how you spend your attention.

Realistically, it’s not terribly surprising that Yahoo! and the rest are going this direction. Hell, from a systems perspective, you’re just two entries in a grand database in the sky whereas you could be one. From a service perspective, unifying “you” across systems allows convenience and synergies to emerge. The problem is that these actions belie the sophisticated relationships that some people have with their online accounts and how their personas are represented. Though not everyone cares a whole lot about their screennames, others absolutely do. And beyond that, for whatever reasons they have, some people simply do not want to go near Yahoo! — something they never thought would be a concern of theirs when they originally joined Flickr.

But there’s a curious reality to look at here.

While I call Flickr home (NIPSA’d and all), just as there is a vehicle to vent my individual frustrations to Flickr, those same vehicles and mechanisms are available to me to splinter off and build my own peanut-butter-rich outpost anew. The missing piece of the puzzle, however, is my identity. I can’t just pack up my digital self and move on… whichever login system Flickr uses — Yahoo’s, Google’s, their own — I can’t “take it with me”. Even with their API, which is one of the most generous in the biz, it still doesn’t give me the ability to fully reincarnate myself somewhere else.

Now, I could and would like to turn this into a pitch for OpenID, but I won’t, at least directly. The Yahoo! folks have already expressed their distaste for creating Just Another Identity Silo and I keep waiting for them to prove it. I don’t mind waiting a bit longer. The wheels of the OpenID community are already in motion and I don’t have to plead for acknowledgment from the powers that be. The truth is, there are only a few more sites that will fall. The truth is, we are only now beginning to realize the degree to which we are all exposed and what the reality of our transparent society looks like. And the truth is, we are only just beginning to wake up to the idea that we should and can have dominion over our online lives, just as we believe is our right offline.