I have vast amounts of respect for scientists and what they do. They have built an industry that pays them to do fun things like think up new things and argue about the futures of existing things.
Interestingly, though, their industry insulates them from some of the pressures that cause non-scientists to do imperfect things in the short term that might solve a problem well enough to create tremendous amounts of value for everyday people doing everyday things (even if the solution comes with its own new problems).
So Tim Berners-Lee built a hypertext that worked across the Internet. Lots of computer scientists had been chiseling away at the problem for years, but Tim Berners-Lee ignored the entire body of theory and pasted together the simplest possible version with one-way pointers carrying no guarantees of what (if anything) they pointed at. No computer scientist could have conceived of anything so tenuous and fragile.
And thus was born the World Wide Web as we know it today.
I’m sure I should be embarrassed to admit this, but when it comes to 21st century staple TV genres, my hands-down favorite is what I like to call “The Evil Psychology Experiment” sub-genre of reality TV.
I was just thinking back through my list of favorites, and was going to claim that “The Joe Schmo Show” is the earliest example that I can think of. Unfortunately, I thought of a show that certainly came before it, and even more unfortunately, it’s “Fear Factor”. I don’t know much about Fear Factor, other than that it’s famous for the gross-out eating challenge. I’m not at all interested in that sort of thing or anything else about that show, so we’ll pretend that Fear Factor doesn’t exist, or at least that there’s such a thing as “highbrow evil psychology experiments”.
Another exceptional example is called “Solitary“. Maybe someday I’ll spend some time talking about it. For now, let’s just say that my favorite episode involves thousands of those bouncy balls that you can get out of grocery store vending machines.
But what inspired me to post this in the first place is a truly ridiculous show that started airing just last month on FOX called “The Moment of Truth“. I’ve heard a little about it, and decided to catch the first episode or two on hulu.com, so I’m sitting here right now watching it. It’s not the kind of show that I’m going to manage to stick with for more than a couple of episodes, but the premise is very interesting. Once a person is cast for the show, they’re asked around 50 compromising personal questions on a polygraph, and the producers choose 21 of them. From that point, all they have to do is answer a series of progressively more personal questions truthfully on national television with 3 of their closest friends and relatives in the front row.
Here’s episode 1 on hulu for you to enjoy for yourself:
One thing I love about working with software is that no matter how much you know, you can still be surprised by tiny little quirks that lurk in every software system.
Two great examples from today:
Firefox is happy to follow HTTP redirects while trying to fetch an image. IE seems to not be so happy. It got a redirect instead of an image? Image doesn’t show up in the page.
ASP.net doesn’t send a session cookie to the client web browser if you haven’t set any session variables. This is fine under 99.9% of circumstances, but doesn’t work so well when you’re trying to do something with the session ID that ASP.net is never going to hear about. It causes you to get really confused when the session ID changes per page instead of per session.
I’ve noticed an ever-increasing trend on my favorite laptop that sometimes it just doesn’t feel like hearing every keypress. It’ll often leave some random letter out of a word if I’m typing at full speed.
Today, I finally spotted that it only happens in my web browser, and furthermore, I noticed that it only happens on web sites that have onkeypress events. It seems that the event queueing mechanism doesn’t hear all keypresses if the onkeypress event takes too long. Web developers, please don’t make onkeypress so slow that my keys get eaten.
One thing that concerns many people about OpenID is what happens if their provider goes out of business or if they want to switch to another provider for some other reason.
At Vidoop, we believe that users deserve to always be in control of their online identity, even if it means that they’d like to switch away. We’ll let them keep their URL and change to another provider.
We recently shipped a feature that allows a user to go to the Account/Advanced tab on our site and delegate their myVidoop.com OpenID URL to the OpenID provider of their choice. For example, right now, if you type sblom.myvidoop.com in to one of your favorite OpenID relying party’s web site, you’ll see that you’re redirected to openid.xmpp.za.net.
All OpenID users should expect their OpenID providers to do the same. Please ask them to do so–even if you’re happy with them now. What if they go out of business, or if you decide that you like another provider better?
I love some of the kookier OpenID authentication schemes that are out there.
Here’re a few examples of what I mean:
http://www.jkg.in/openid/ — Does not do authentication at all. Anyone can claim any URL as their own. I call it "OpenID with null authentication".
http://openid.xmpp.za.net/ — Sends a message to your Jabber (XMPP) account to confirm that it was you that made the OpenID request.
http://www.myvauthid.com/ — If it’s even real (can’t connect to it tonight), it’s apparently an OpenID provider that uses voice print to authenticate you. My cell phone isn’t consistent enough for this sort of thing to even work.
There are just short of 1.3 zillion OpenID concerns out there (no, seriosly–I counted), most of them well-intentioned but overblown. And most of them are just as applicable to username and password. The biggest difference is that everyone has experience with username and password and knows all of the best practices for dealing with them. Unfortunately, OpenID is still young, and so the best practices are still evolving.
I had the same thing happen to me (maybe even more than once)before I got the hang of the whole OpenID thing. Now that I have the hang, though, I’m far better off because I get to use the same username everywhere instead of discovering that “sblom” is already taken or that they require at least 6 letters and having to choose “sblomqui” or “sblom000″ or something else entirely.
However, there will always be new users on a site who don’t yet have the hang of OpenID, and who haven’t yet settled on a favorite OpenID URL to use everywhere. They’re bound to forget which OpenID they used to sign in from time to time. This is where best practices come in. The OpenID wiki has a good and growing collection of OpenID Relying Party Best Practices, where they mention, among other things, that the right thing to do is to allow users to use the email on file with the Relying Party to change which OpenID account is associated with the account in case the user lost access to their OpenID, or forgot which one was used.
Owen, I’d be happy to help you out by explaining to Zooomr how to behave appropriately as an OpenID RP.
I spent Friday and Saturday at the second annual Tulsa Tech Fest, a gathering of IT & software professionals from Tulsa and the surrounding area.
Overall, it was a good event. Friday’s attendance was incredible, coming in somewhere around 700 attendees according to some reports. I got a chance to meet and talk to a bunch of interesting people. It was great to see evidence of a vibrant tech community here in Tulsa.
