A daily collection of linky goodness.
orkut – oauth
This is a community dedicated for the oauth authentication protocol developers !
Bookmarks for Jul 07
A daily collection of linky goodness.
Web Worker Daily » Archive Design Patterns for Coworking «
“Recently a member of the global coworking mailing list, Joseph Holsten) recently created what’s essentially a recipe book of ‘how to’ guides for those seeking to setup a coworking community, coworking space or simply better operate the communities and spaces they’re already running.”
Vaga | Ten by Twenty ™
This set of 60, semi-transparent .png icons (16 x 16) ready to use and available for free download.
TrackThis: Track FedEx/UPS/USPS/DHL Packages using Twitter (or Email, IM or SMS)
Track Your Packages Over Twitter
Bookmarks for Jul 06
A daily collection of linky goodness.
Feed Store :: Fail Whale
“We love Twitter. We even love it when it’s down. Twitter gives you lots of opportunities to love it.
“This shirt will ship mid-July. We’ll notify you via Twitter, unless it’s down. Yeah… just come back here and check.
“…and if you’re looking for the ACTUAL Fail Whale stuff, there’s an Official Fan Club Store. You make enough with your Etsy craft store to buy from both of us.”
TweetDeck
TweetDeck is an Adobe Air desktop application that is currently in private beta. It aims to evolve the existing functionality of Twitter by taking an abundance of information i.e twitter feeds, and breaking it down into more manageable bite sized pieces.
Technology Review: Who Owns Your Friends?
“The incident brought to a head a debate that had been raging for months behind the scenes at social-networking sites: who controls the data users post on their profiles? Advocates of so-called data portability, including Scoble and Smarr, say people should be able to transfer information easily in and out of any Web services they use. Facebook, on the other hand, says it needs to safeguard the information it stores so that it isn’t misused, and that means keeping tight control over users’ information. At stake is not simply the ease and security with which people move between social-networking sites but control of the currency that gives those sites their value: personal information.”
MUSEO :: a Free Quality Font from exljbris
A beautiful, free font.
Diavlo :: a Free Quality Font from exljbris
Diavlo is a free font that contains 5 weights: Light, Book, SemiBold Medium, Bold and Black.
Bookmarks for Jul 04
A daily collection of linky goodness.
Twitter: User Co-Creating or User Co-Opting? – O’Reilly Radar
“Whatever is actually going on at Twitter, allowing your user community to engage in a conversation regarding your product development can be incredibly valuable, and ignoring their behavior can lead you to miss a key new feature. However, if you embrace every use of your service, and avoid every complaint about a feature you don’t support, eventually the conversation will become dysfunctional, and could prove disastrous, undermining your credibility and service.”
Bookmarks for Jul 03
A daily collection of linky goodness.
“This’ll be the day that whales fly.”
LOL — a song for the Fail Whale!
The Fail Whale Fan Club
FailWhale.com is the groupie | PR | Fan Club for one of coolest whales we know… you know… the handsome whale and his birdie entourage who show up occasionally on Twitter to let you know that it’s time to push back from your keyboard and to go take a break. Yup! that one.
#fwh – Summize
Search for the Twitter Fail Whale hashtag #fwh.
Twitter / yiyinglu
Creator of FailWhale and so on.
Yiying Lu
The SOURCE of the Fail Whale!!
The FAIL SNAIL on Flickr – Photo Sharing!
Inspired by the availability of Twitter’s Fail Whale as a T-shirt and Tantek’s “Note to Self” comment ( http://www.flickr.com/photos/factoryjoe/2631644440/#comment72157… ) I made teh Fail Snail, and he’s coughing up some “goddamn leaky HTML” hex.
I am releasing this as public domain, anyone may use it as their error message or whatever else you want, including Flickr geo tagging it with Twitter’s office address.
sassholes: Museum Piece, Circa 2025
Visitors to the Museum of Modern Art were fascinated to learn that in the year 2008 it was not uncommon for popular Internet services to experience something called “downtime,” often represented by cute avatars that are now considered works of art…
House Industries – Neutraface
I fucking love Neutraface!
Twitter, What Are You Doing? Co-Founder Tells All : NPR
“The latter prognosis stems from users who are growing frustrated by repeat sightings of the “fail whale,” the whimsical image Twitter posts when it goes off service. “Why doesn’t Twitter stay up and running for more than a few hours at a time?” writes Twitter user @cscan. “Why isn’t it stable? Is it simply scale, or is something else going on?””
Facebook | FailWhale
Welcome to the official Facebook Page of FailWhale. Get exclusive content and interact with FailWhale right from Facebook. Join Facebook to create your own Page or to start connecting with friends.
Twitter FailWhale Fan Club – FriendFeed
The FriendFeed Fail Whale room.
FriendFeed Comments WordPress Plugin – Development on a Shoestring
This plugin will allow you to display on your own site the comments that people make on FriendFeed about your post.
Feature request: OAuth in WordPress
In the past couple days, there’s been a bit of a dust-up about some changes coming to WordPress in 2.6 — namely disabling ATOM and XML-RPC APIs by default.
The argument is that this will make WordPress more secure out of the box — but the question is at what cost? And, is there a better solution to this problem rather than disabling features and functionality (even if only a small subset of users currently make use of these APIs) if the changes end up being short-sighted?
This topic hit the wp-xmlrpc mailing list where the conversation quickly devolved into spattering about SSL and other security related topics.
Allan Odgaard (creator TextMate, as far as I can tell!) even proposed inventing another authorization protocol.
Sigh.
There are a number of reasons why WordPress should adopt OAuth — and not just because we’re going to require it for DiSo.
Heck, Stephen Paul Weber already got OAuth + AtomPub working for WordPress, and has completed a basic OAuth plugin for WordPress. The pieces are nearly in place, not to mention the fact that OAuth will pretty much be essential if WordPress is going to adopt OpenID at some point down the road. It’s also going to be quite useful if folks want to post from, say, a Google Gadget or OpenSocial application (or similar) to a WordPress blog if the XML-RPC APIs are going to be off by default (given Google’s wholesale embrace of OAuth).
Now, fortunately, folks within Automattic are supportive of OAuth, including Matt and Lloyd.
There are plenty of benefits to going down this path, not to mention the ability to scope third party applications to certain permissions — like letting Facebook see your private posts but not edit or create new ones — or authorizing desktop applications to post new entries or upload photos or videos without having to remember your username and password (instead you’d type in your blog address — and it would discover the authorization endpoints using XRDS-Simple — Eran has more on discovery: Magic, People vs. Machines).
Anyway, WordPress and OAuth are natural complements, and with popular support and momentum behind the protocol, it’s tragic to see needless reinvention when so many modern applications have the same problem of delegated authorization.
I see this is a tremendous opportunity for both WordPress and OAuth and am looking forward to discussing this opportunity — at least consideration for WordPress 2.7 — and tonight’s meetup — for which I’m now late! Doh!
Bookmarks for Jul 01
A daily collection of linky goodness.
Highlight Author Comments
Highlight Author Comments automatically displays comments made by a post’s author in a distinctive style with no need to edit your template files, etc. All you do is provide a snippet of CSS styling to be applied to author posts.
Terrell Russell: This Old Network : Summer of ‘08 – Part II
“Within a week or so of the Hackfest, I found myself headed back up into the city for dinner at the DiSo / Drupal meetup. The conversations were not as directed as I’d hoped, but I met some interesting people. Chris Messina, Will Norris and Kieran Lal held court at one end of the table, and I talked with Andrius Kulikauskas, Neil Drumm and Dan Kurtz down on the other end. I think DiSo is poised to become as big as microformats are today – and eventually become the standard for how we’ll interact as individuals (I’d say “online” here, but I think it’s more than that). I cannot wait to have my people in my pocket – XMPP and OAuth enabled – making recommendations and filtering out the noise. Please get here soon.”
Life’s Work – A Shared Office Is a Great Escape From Working at Home – NYTimes.com
Co-working spaces are a cross between home, work and Internet-equipped cafe, and are based on the hard-won realization that while avoiding an office is liberating, it’s also energizing to have one to which you can go.
Bookmarks for Jun 30
A daily collection of linky goodness.
oohEmbed.com
oohEmbed is an oEmbed compatible provider of HTML embed codes for various web sites.
Yahoo! Design Stencil Kit v1.0 (Yahoo! Developer Network blog)
“Yahoo! this week released a design stencil kit to help designers quickly create mockups for specifications and user testing. Stencil objects have specific meaning and can be incorporated into a design to symbolize a specific kind of module, interaction, or even aesthetic.”
What to do on an OAuth Permission page – IIW
“Yahoo did some usability studies to find out how to best explain the OAuth process to regular users. Some of the Yahoo learnings are quite good, and I will incorporate them into Gaia’s OAuth flow.”
XRDS Simple | drupal.org
This module is a simple implementation of the XRDS-Simple spec.
XRDS-Simple is an important part of the DiSo project ( http://diso-project.org/) and used by OpenID and OAuth for service discovery.
The module exposes a single hook_xrds() that can be used by other modules to announce services via XRDS.
Embracing OpenID – PaulStamatiou.com
“I first heard about OpenID in 2005 and have kept hearing about it more and more since then. I never actually jumped on the bandwagon and started using it though – until now.”
Shift
The Shift project was started in May 2008 as a fork of the apparently defunct CocoaMySQL project. The goal of Shift is to enhance upon the CocoaMySQL project and provide Mac OS X users with a completely free and elegant way to handle their MySQL databases.
beSpacific: Secure web browsing with the OP web browser
“Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern browsers is fundamentally flawed. To enable more secure web browsing, we design and implement a new browser, called
the OP web browser, that attempts to improve the state-of-the-art in browser security. Our overall design approach is to combine operating system design principles with formal methods to design
a more secure web browser by drawing on the expertise of both communities. Our overall design philosophy is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce
our new browser security features.”
the OP web browser, that attempts to improve the state-of-the-art in browser security. Our overall design approach is to combine operating system design principles with formal methods to design
a more secure web browser by drawing on the expertise of both communities. Our overall design philosophy is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce
our new browser security features.”
Coding Horror: Please Give Us Your Email Password
“If even a fraction of the coding effort that regularly goes into convincing people to cough up their email or website login credentials went into finding other, more reasonable solutions to this problem — perhaps we could have arrived at a saner solution by now. And we can start by taking obnoxious, utterly inappropriate credential requests completely off the table.”
DESKTOPOGRAPHY
DESKTOPOGRAPHY wallpapers
In the wild snapshot#3: DiSo profile plugin « Ungeek DaPo
Good interview with Weber about his work on the DiSo Profile plugin.
Finding Freedom at Work – TIME
“Each person is free to do whatever they want, whenever they want, as long as the work gets done.”
XEN 1.0 profile
XEN is an extension of XFN. Negative relationship terms have been omitted from XFN by design. The authors of XFN think that such values would not serve a positive ends and thus made the deliberate decision to leave them out. Please see the XFN home page for more information about XFN.
Make OpenID go away. | nathanpbell.com
“There seems to be broad consensus among both OpenID supporters and detractors: OpenID is confusing to use and that for it to have any hope of success OpenID needs to find ways to fade to the background.”
InfoQ: OAuth Gaining Momentum
OAuth, an open standard for access delegation, is gaining momentum with a number of implementations including one for Spring Security.
Aza’s Thoughts » Blog Archive » Firefox Mobile Concept Video
A concept video for the Firefox Mobile Platform.
SproutCore » home
The Official Website of SproutCore, a javascript framework. This website contains information on how to create desktop like apps for the web.
At the Forge – Integrating OpenID
Integrate OpenID into any Rails application, using off-the-shelf libraries and a bit of custom code.
Anivers :: a Free Quality Font from exljbris
exljbris is Jos Buivenga’s Free Quality Font Foundry.
OAuth – devdefined-tools – Google Code
DevDefined.OAuth – an OAuth consumer and provider implementation for .Net
Twitter Hashtags – Userscripts.org
Auto-Links Twitter Hashtags
Hueniverse: Explaining Discovery
Great write up of how discovery fits into this generation of distributed web technologies.
SourceForge.net: SupraBrowser
This is the “Eclipse of Web Browsers”, a secure social web browsing environment that runs off of your own highly personal and private data store. Written primarily in Java, it uses Gecko as its web runtime, and has a back-end driven by MySQL and Lucene
SproutCore + Fluid = Wonderful Synergy | /dev/random
“Write your application in SproutCore, deploy it on your web site, and build a Fluid desktop app that your users can double-click from their desktop to run your web-based application just as if it actually was a desktop app.”
blog.reddit — what’s new on reddit: reddit goes open source
reddit goes open source!
Don Park’s Daily Habit – Visual Security: 9-block IP Identification
A neat trick for identifying people by visualizing IP addresses.
Augmented Information Assimilation: Social and Algorithmic Web Aids for the Information Long Tail
This study examines how users integrate new World Wide Webservices, such as social bookmarking, with everyday information assimilation practices.
The Adventures of Cindy Li | OAuth
Cindy Li’s story of designing the OAuth tshirt.
Google data-sharing gets authentication option | Tech news blog – CNET News.com
“Google now supports the open OAuth standard for sharing data through its Google Data interface, a move that could make it easier to tap into information stored at Google property.”
SmugMug loves OAuth
SmugMug announces support for OAuth!
Mashups: Google’s Adoption Makes oAuth a Must Have for All Apps – ReadWriteWeb
“We’re very excited that Google has taken this step to un-silo our data and support the mutually beneficial ecosystem of mashup developers and users. We’re very happy too for the community of oAuth supporters, who have done a great job building and spreading something so needed around the web. Today is a good day for the future of the web.”
The Social Web TV pilot episode
http://www.viddler.com/player/2cf46be8/
My buddies John McCrea, Joseph Smarr have started up a show called The Social Web and have released the pilot episode, featuring David Recordon on the hubbub between Google and Facebook following last week’s Supernova Conference.
As they point out, things are changing and happening so fast in the industry that a show like this, that cuts through the FUD and marketing hype is really necessary. I hope to participate in future episodes — and would love to hear suggestions or recommendations for topics or guests for upcoming episodes.
Here’s the FriendFeed room Dave mentioned.
Announcing Emailtoid: mapping email addresses to OpenIDs
The other night at Beer and Blog in Portland, fellow Vidooper Michael T Richardson announced and launched a new service that I’m both excited and a little apprehensive about.
The service is called Emailtoid, and while I prefer to pronounce is “email-toyed”, others might pronounce it “email two eye-dee”. And depending on your pronunciation, you might realize that this service is about using an email address as an ID — specifically an OpenID.
This is not a new idea, and it’s one that been debated and discussed in the OpenID community an awful lot, which culminated in a rough outline of how it might work by Brad Fitzpatrick following the Social Graph FOO Camp this past spring, and that David Fuelling turned into an early draft spec.
Well, we looked at this work and this discussion and felt that sooner or later, in spite of all the benefits of using actual URLs for identity, that someone needed to take a lead and actually build out this concept so we have something real to banter about.
The pragmatic reality is that many people are comfortable using email addresses as their identity online for signing up to new services; furthermore, many, many more people have email addresses who don’t also have URLs or homepages that they call their own (or can readily identify). And forcing people to learn yet another form of identifier for the web to satisfy the design of a protocol for arguably marginal value with a lesser user experience also doesn’t make sense. Put another way: the limitations of the technology should not be forced on end users, especially when it doesn’t need to be. And that’s why Emailtoid is a necessary experiment towards advancing identity on the web.
How it works
Emailtoid is a very simple service, and in fact is designed for obsolescence. It’s meant as a fallback for now, enabling relying parties to accept email addresses as identifiers without requiring the generation of a new local password and without requiring the address owner to give up or reveal their existing email credentials (otherwise known as the “password anti-pattern“).
The flow works like this:
- Users enter either an OpenID or email address into a typical OpenID input field. For the purpose of this flow, we’ll presume an email address is used.
- The relying party splits email addresses at the ‘@’ symbol into the username and the domain, generating a directed identity request to the email domain. If an XRDS, YADIS or XRDS-Simple document is discovered at the domain, the typical OpenID flow is invoked.
- If no discovery document is found, the service falls back to Emailtoid (sending a request like http://emailtoid.net/mapper?email=jane@example.com), where users verify that they own the supplied email addresses by providing their one-time access token that Emailtoid mailed to them.
- At this point, users may optionally associate an existing OpenID with their email address, or use the OpenID auto-generated by Emailtoid. Emailtoid is not intended to serve as a full-featured OpenID provider, and we encourage using an OpenID from a third-party OpenID provider.
- In the case where users supply and verify their own OpenID, Emailtoid will create a 302 HTTP redirect removing Emailtoid from future interactions completely.
Should an email provider supply a discovery document after an Emailtoid mapping has been made, the new mapping will take precedence.
Opportunities and issues
The drive behind Emailtoid, again, is to reduce the friction of OpenID by reusing familiar identifiers (i.e. email addresses). Clearly the challenges of achieving OpenID adoption are not simply technological, and to a great degree rely on how the user experience needs to become more streamlined and deliver on the promise of greater security and convenience.
Therefore, if a service advertises that they support signing in with an email address, they must keep that promise.
Unfortunately, until all email providers do some kind of local resolution and OpenID authentication, we will need a centralized mapper such as Emailtoid to provide the fallback mapping. And therein lies the rub, defeating some of the distributed design of OpenID.
If anything, Emailtoid is intended to drive forward a conversation about the experience of OpenID, and about how we can make the protocol compatible with, or complementary to, existing and well-known means of identifying oneself on the web. Is it a final solution? Probably not — but it’s up, it’s running, it works and it forces us now to look critically at the question of emails as OpenIDs, now that we can actually experience the flow, and the feeling, of entering an email address into an OpenID box without ever having to enter, or create, another unnecessary password.
Factory Joe 