Older blog entries for dmarti (starting at number 513)

More on Persona

The big Mozilla Persona News is that Persona now has a gateway for Gmail users. If you have GMail and use Persona to sign in to a site, then Google can see that you're using the gateway, but not which site you're connecting to.

Privacy win. With BrowserID, by design, your identity providers are not involved in the login transaction. This means they need not be aware of your entire Web activity, a significant privacy advantage. With OpenID, your identity provider is, unfortunately, a necessary participant in the login flow.

If your email address is on a domain that doesn't have a gateway or full Persona support, you can still use Persona, just with an extra step of filling out a form and getting an email confirmation. Try it.

Now for the fun part. If you're interested in adding first-class Persona Identity Provider support to your own site, so that people who have an email adddres on your domain can use it to log in at other places, read one webmaster's experience. After a few days of hacking, "rfk.id.au" now acts as an Identity Provider for the BrowserID protocol, a.k.a Mozilla Persona. This means I can now log in as ryan@rfk.id.au on any persona-enabled website while retaining complete control over my identity. I do not have to delegate my details or my credentials to a third party, even one that I would trust as much as Mozilla.

Bonus links follow.

How BrowserID works

Persona is a complete implementation of a new, distributed login system from Mozilla. BrowserID is the open protocol that governs how Persona works.

Persona is distributed. Today.

Persona on Firefox OS phones

Adding Persona authentication to richard

New Persona Beta: Millions of Users Ready to Log In using Any Browser

Persona and Surveillance

Fixing Sign-in

Mozilla Continues to Build the Web as a Platform for Security

Users don't like social login.

getting web sites to adopt a new identity system

Syndicated 2013-08-09 13:26:15 from Don Marti

Automatically run make when a file changes

Hey, kids! makewatch script!

Really simple: do a makewatch [target] to re-run make with the supplied [target] when any files relevant to that target change.

This is something originally discussed in a thread on the linux-elitists mailing list.

Andrew Cowie has written something similar. The main thing that this one does differently is to ask make which files matter to it, instead of doing an inotifywatch on the whole directory. Comments and suggestions welcome.

Syndicated 2013-08-08 13:49:12 from Don Marti

Listening to Podcasts on Android

Here's how behind on native apps I was: I was still running Google Listen even after it died last year. (The thing kept working since it was synchronized to Google Reader somehow, but then Google Reader went away, too.)

Anyway, I have finally moved to the current decade (If the Internet works on dog years, a decade is 17 months) and installed AntennaPod. Works for me. Nice clean look with easy-to-hit controls, and starts up quickly.

Two music podcast recommendations: The Casbah and Rathole Radio.

Syndicated 2013-08-07 13:09:38 from Don Marti

QoTD: Bruce Sterling

Even US Senators are decorative objects for the NSA. An American Senator knows as much about PRISM and XKeyScore as a troll-doll on the dashboard knows about internal combustion.

Bruce Sterling

Syndicated 2013-08-04 11:41:30 from Don Marti

Point of order: web site login

This started out as a comment over at the Doc Searls Weblog but IMHO it's worth repeating and expanding. Because someone actually made a working solution to a large-scale problem.

Mozilla Persona is full of win.

Especially compared to “social login.”

Mozilla Persona is not just "log in with [big web company]" with a better logo. It's different, and way, way, better. If you're still complaining about the web login problem, you probably just don't understand Mozilla Persona well enough.


The BrowserID protocol never leaks tracking information back to the Identity Provider.

So you can use your @example.com email addres to log in to whatever sites you like, and example.com never knows which ones.

If your site login method is based on “let’s make users remember complex strings of text, which we know people are really bad at” or “let’s depend on having our users tracked by big companies, which we know people hate” you need to take a short hacking break. Make a simple web application that uses Mozilla Persona, learn how excellent it is, and then never go back.

Bonus link: OAuth of Fealty by Ian Bogost. The short truth is this: Facebook doesn't care if developers can use the platform easily or at all.

And Mozilla would never do anything like that, right? (Seriously. Please don't. Mozilla Persona fanboy here—if you mess it up I'll look like the web authentication version of Zune Tattoo Guy.)

Syndicated 2013-08-03 12:52:27 from Don Marti

Learning from Second Amendment defenders

The IT industry in the USA depends on the First Amendment and Fourth Amendment just as much as the firearms and ammunition industry here depends on the Second. Today, though, Second Amendment rights in the USA are in much better shape than First or Fourth Amendment rights, and the collapse of the First and Fourth is now a high-profile problem for the nation's IT business. We're failing dangerously where so-called Gun Nuts have been succeeding for decades. What are Second Amendment-based companies getting right that First and Fourth Amendment-based companies are getting so terribly wrong?

When a First/Fourth-hostile regime comes into effect, companies have to comply, just as firearms manufacturers have to comply with Second-violating laws when those pass. But every industry in the USA basically writes the laws that apply to it. Petroleum products cannot be hazardous waste, by definition. The Pillsbury Doughboy collects a government paycheck. You don't need me to go on here. Lobbyists tell Congress, "If you could pass this set of laws to cover our industry, that would be super helpful, mmmkay?" and Congress says, Yes sir.

So why have we as an industry failed on First and Fourth Amendment protections? Because we're not doing some basic political tasks that the Second Amendment crew is doing right.

Model 1911
semiautomatic pistol, partly disassembled.

Fan-friendly vintage products Firearms sellers understand and use the endowment effect. For example, users are happily keeping and using M1911 pistols, based on a century-old design by John Browning. And even buying newly manufactured ones. When Grandpa goes to the store for a vintage product like he's used to, he can get one, not a forced upgrade to flat design.

Should IT companies devote valuable staff to maintaining vintage versions? Not necessarily. The largest producer of M1911 pistols is a company called Kimber, founded more than 50 years after Browning's death. It's hard to imagine a IT company throwing an old product over the wall instead of killing it. The conventional wisdom is to do everything possible to prevent competition with old versions. But now that the market is mature, we can reconsider that. Keep the fangirls and fanboys happy, and they'll be writing letters to Congress instead of THIS NEW VERSION SUX0RZ!!1! rants.

Stick together on the basics Ever see a revolver manufacturer come out for a ban on semiautomatics? Or a manufacturer of long-barrelled firearms come out for a ban on short-barrelled ones? Manufacturers treat policy debates as off limits when seeking competitive advantages. One exception, the case of a CEO who wrote one letter to Congress supporting a magazine capacity limit in 1989, was controversial at the time and provokes boycott discussions even today. The Second Amendment scene understands divide et impera pretty well by now. Meanwhile, IT vendors will throw each other, or users, under the bus for a short-term advantage over some other vendor. And incumbent vendors cheerfully support laws that lock out new startups.

The results of that quarter-to-quarter thinking are coming home to roost. Pursuit of lock-in can be great for sales, short-term, but locked-in users can't switch vendors as fast, which makes every vendor's OODA loop unnecessarily slow. Thanks to the decision to pursue lock-in, we've gone from innovation to stagnation and squabbling, and just making everyone rebuild their stuff over and over for different platforms. Meanwhile, the firearms business is letting users swap in independently developed parts while keeping their platform investments. It's news when an IT person makes noise about We do not break userspace! but mature markets take that for granted. <pullquote>The IT industry isn't a baby any more. So it's time to stop raising it on the steroids of forced upgrades and the crack of lock-in, and move it up to the whole-wheat goodness of sustained customer value.</pullquote> Worst pull quote ever. You're basically saying that you'd give steroids and crack to a baby. Also, gluten moms. —Ed.

Product-membership bundling The Second Amendment industries have the NRA, and we've got the EFF. Even accounting for the fact that the NRA is a century older, the EFF is relatively small compared to the user population it serves.

A key part of the NRA's success is vendor cooperation on membership drives. Just one example: REDRING Offers 5-Year NRA Membership & Redring Shotgun Sight Package at 2013 NRA Show.
I have also seen an NRA membership deal at a company that offers ammunition reloading supplies. Powder, add to cart, primers, add to cart, a year of NRA membership, add to cart. Simple.

IT vendors could easily add EFF membership to product and service bundles. Yes, the EFF does call out some vendors on problematic programs, but see stick together on the basics above. As the industry grows up, we'll be putting less and less importance on infighting, and more on staying in business for the long term.

Conclusion With the Second Amendment safe for the foreseeable future, and firearms vendors sitting on more orders than they can fill, (thanks largely to NRA publicity—that product-membership bundling was worth it, wasn't it?) a lot of Marketing and Public Policy people there are probably getting a little bored. Time for the IT business to hire some.

(photo: Jan Hrdonka for Wikimedia Commons.)

Syndicated 2013-07-20 15:06:23 from Don Marti

Deluxe file sync setup for $300

Here's an opportunity you don't see every day. Send Joey Hess $300 and he'll work with you to set up the best possible git-annex system to meet your needs. Git-annex is software to sync your files to multiple devices, including computers and phones, along with keeping your stuff up to date on your backup drives and cloud services.

Git-annex gives you a lot of options. Just as Dropbox isn't tied to one platform, git-annex isn't tied to one platform or to one service. You can sync your files to dropbox.com or to a long list of other services. Or use your own server, or use external hard drives. Here's an opportunity to get help figuring out how to make it work for your own projects.

(previously: The most important $11,123 in the software business?)

Syndicated 2013-07-15 11:40:23 from Don Marti

QoTD: Avdi Grimm

No, [Linux] doesn’t have an official reference platform, not even whatever PC Linus happens to be using these days. But for developer workstations, there’s a de-facto reference platform, and it’s called a ThinkPad. If you’ve been using Linux for any length of time you know that if you want a linux desktop machine to Just Work, you buy a ThinkPad. There is a self-reinforcing cycle that perpetuates this phenomenon. Linux developers tend to use ThinkPads, so they tend to make sure that the hardware is well supported, so Linux developers tend to buy more ThinkPads, and so on. I don’t know where it started, but that’s how it works.

Avdi Grimm

Syndicated 2013-07-10 13:48:58 from Don Marti

QoTD: Ron Paul

My understanding is that espionage means giving secret or classified information to the enemy. Since Snowden shared information with the American people, his indictment for espionage could reveal (or confirm) that the US Government views you and me as the enemy.

—Dr. Ron Paul

Syndicated 2013-06-29 15:36:37 from Don Marti

Believing Bullshit

Why do people believe bullshit? The problem of producing it is covered in Harry G. Frankfurt's On Bullshit, but why believe it?

It looks as if believing an organization's bullshit is an inexpensive way to signal loyalty to the organization. Signaling through contribution requires skill×effort. Believing bullshit requires little effort and there's no multiplier for skill.

Although signaling loyalty through bullshit-belief can be a good strategy for a member, there are clearly adverse consequences for the organization. The organization fails to capture extra, potentially useful, work done as a by-product of loyalty signaling through contribution. Ineffective managers within the organization can manage based on loyalty as shown through bullshit-belief rather than having to evaluate results. And members make incorrect decisions based on bullshit, not reality.

The obvious answer is for the organization to produce less bullshit. Most of the time, the decision to believe something isn't based on what belief is correct, but on what belief shows loyalty. If the bullshit isn't there, the opportunity to believe it is gone. However, much as it would help to have fewer opportunities for members to signal loyalty by bullshit-belief, the organization may need to continue to produce bullshit for other reasons.

A more realistic answer is to give members opportunities for showing loyalty that do not require either effort, which is costly, or bullshit-belief, which is harmful. For example, provide silly-looking clothing for members—anything that people would choose to wear only to show loyalty, and not for other reasons. Or invite members to participate in rituals, as in agile software development methodologies.

(Bonus link: Michael O. Church on the MacLeod Model of organizational sociology.)

Syndicated 2013-06-27 13:32:53 from Don Marti

504 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!