Recently in Internet Category

Recently, Google’s CEO Eric Schmidt made the all to common claim that the only people who need to worry about privacy, are those who are doing something wrong. This is something I’ve heard all to often, and I’ve made it a point to have people who do say it to me read Cory Doctorow’s novel, Little Brother.

So, to Mr. Eric Schmidt: Fuck you. Privacy is immensely important to anyone who has anything to lose, and we all have something to lose.

Admittedly, we sacrifice privacy all the time for convenience. Every time we make a web search, our IP is stored with that search for some (usually undisclosed) amount of time. When we store our e-mail on an external server (Yahoo! Mail or GMail), we let the provider scan the e-mail for all sorts of purposes, from spam filtering to advertising.

And, by entrusting this information to third parties, we empower them to turn over our information when required, say by a subpeona or a PATRIOT Act request. Ultimately, it’s hard for me to blame Google, since their hoarding of this information is covered in their terms of service (which most people don’t read), and some of that information is necessary for them to do their jobs, and to provide the level of service that they do.

The problems with Google’s statements however, the fact that they don’t view being the stewards of our data as a responsibility (not just not to lose it, but to keep it safe). The fact that they don’t even address that users should be aware of the implications of putting all this information online.

And it’s not just Google. Facebook is another huge offender in this respect. The Huffington Post this week had a story cataloging amazing Facebook faux pas, from kids finding out about parent’s divorces by a Facebook status update, to complaining about and insulting their boss (who happened to be a Facebook friend). And yes, recently Facebook took some steps to revise their Privacy settings, but in many ways they’ve made things worse for their users, making the defaults such that user’s are likely to reveal more not less.

While the biggest threat to personal privacy is the ignorance of the users, who often don’t think about how much information they’re providing, these major service companies that try to integrate into nearly every aspect of a user’s life need a more enlightened attitude toward protecting that data. If you want to support a group working to push these sorts of issues forward, consider joining the EFF. I made my first donation this year, and I plan to make it annual.

Mattt Thompson recently released this really cool jQuery script called Chroma-Hash, which visualizes a user’s password as they type it as a series of colored bars. The idea is that this will allow a user to see when their password is wrong, rather than simply submitting the form, and hoping for the best.

In light of recent discussions on the internet, which Bruce Schneier covers very well on his blog. Keeping track of passwords is hard, and typing in strong password, and knowing you’ve done it correctly, is difficult when masking in enabled. But, there are good security reasons.

Read Schneier’s posts, and the source material. The basics of the issue is that, if password masking does nothing else, it reminds the user that, “Hey! This is secure information!!!” But, also, typing is passwords is hard, and it’s really frustrating when you get it wrong. Chroma-Hash is an interesting experiment at solving this problem, by keeping the password hidden, while still providing visual feedback about what it is.

Mattt posted an example on his github page, and shared the source, but his blog post above talks the most about the current implementations limitations. That it uses MD5 (known to be weak to certain classes of crypto-attacks), and theoretically, someone watching someone put in their password could try to reverse engineer a password based on the characters that are being entered. These attacks are, in my opinion, extremely unlikely, but it is something to keep in mind.

Thompson mentions some potential improvements to the method, such as using SHA-1 instead of MD5 (given that the MD5 code is about 7k of the 9k of JavaScript, I don’t think it’s worth it, at least not without being able to include the hashing algorithm externally), or salting the input, or a few other things. My plan, as it stands, is to keep pace with Mattt’s repository, so that the YUI3 version will be functionally identical to the jQuery version.

The YUI3 version is up on github now, and I put up a YUI3 example page as well.

As an aside, while my YUI3 implementation is a tiny bit tighter than Mattt’s jQuery one, the difference in library size is really impressive. It looks like YUI3’s loader is able to load about 25k less worth of library script than jQuery. I’ve really got to commend the YUI team on how well they’ve been able to keep file weight down, as well how great the loader does at loading no more than is strictly needed.

As I work on refreshing our primary suite of web-applications on top of modern web-technology, I’m trying to replace our existing table-based form layouts with a more descriptive layout based on fieldsets. However, I’m having a hell of a time with Internet Explorer (I’ve been testing in 7 and 8, though I’m sure 6 has these issues, but luckily, most of our users are on at least IE7 by now).

First big issue, is that IE doesn’t render the CSS for Legends correctly. This has been documented before, but I have a few extra takes on it. One of the things I’m trying to do with my fieldsets, is have one large banner along the top, but no other borders. The CSS looks like this:

fieldset.ronetForm { border: none; border-top: solid 30px #d9e1e8; width: 99%; }</p> <p>fieldset.ronetForm legend { background-color: #d9e1e8; font-weight: bold; text-align: left; vertical-align: middle; line-height: 30px; padding: 0px 5px 0px 5px; border: solid 0px #d9e1e8; }

This will result in a 30 pixel medium gray border along the top that the legend (fieldset title) will sit in cleanly. Here is what it renders like:

• Firefox -
• IE 7 -
• IE 8 -

My favorite part is that the code renders better in IE7 mode than IE8 mode. In order to get the fieldset to render the same in IE7 and IE8, I had to modify the CSS for this:

fieldset.ronetForm { border: none; border-top: solid 30px #d9e1e8; width: 99%; }</p> <p>fieldset.ronetForm legend { background-color: #d9e1e8; font-weight: bold; text-align: left; vertical-align: middle; line-height: 30px; margin: -30px 0px 0px 0px; *margin-top: 0px; padding: 0px 5px 0px 5px; border: solid 0px #d9e1e8; }</p> <p>html:not([dummy]) fieldset.ronetForm legend { margin-top: 0px; }

First, I move the top-margin on the legend up 30 pixels, then reset it using the ‘star’ hack for IE7 and below, and then use the html:not hack (which works for all non-IE browsers I’ve tested) to reset the margin for non IE browsers. One-hundred and twenty bytes added because of a rendering bug. Awesome. What’s worse, there is no way to get rid of the white border between the fieldset’s border and the legend. At least, not that I can find. If anyone has a solution to this, I’d really appreciate it. For now, I’m probably going to have to do special styling for IE, because those white margins are really distracting.

There is, however, another issue I’ve run into with IE and how it handles fieldsets. In my JavaScript, I periodically want to put a paragraph at the top of a fieldset. For fieldsets, the W3C standard does require that the legend be the first non-text dom child of the fieldset. This is a little silly, because this is valid HTML 4.01 Strict:

<fieldset> Text in Fieldset <legend>Title of Fieldset</legend> <p>Content of fieldset</p> </fieldset>

But this is not:

<fieldset> <p>Text in Fieldset</p> <legend>Title of Fieldset</legend> <p>Content of fieldset</p> </fieldset>

I’m pretty sure this is to allow for the whitespace text elements that the DOM insists on adding between nodes if you have any formatting in your document, which incidentally is one place where I completely agree with IE breaking away from the standard. I don’t need whitespace only DOM nodes all over my DOM.

But! How is this rendered?

• Firefox -
• IE 7/8 -

So, since it occurs before the Legend, IE puts it outside the legend, and Firefox (and WebKit and Opera) all put it inside the legend. Now, this is non-compliant HTML. So, the browser is entering a failure mode to render it, so it’s hard to say that what Internet Explorer is doing here is wrong. However, when the browser enters a failure mode, I would generally expect the browser to try to do what I intended, even if I was doing the wrong thing, so I would say that IE does the incorrect thing here. Honestly, I think that HTML 5 should be relaxed to allow the legend tag to occur later in the DOM, but currently the spec calls for the legend before any flow content.

As I said, I ran into this problem while working on JavaScript. I was trying to use YUI3’s Node utility to prepend my newly created paragaph to the fieldset in question. A more complete version of this can be viewed in this gist.

Y.get(‘#test_element’).prepend(‘<p>This is new content.</p>’);

As demonstrated above, in IE, this is going to render outside the fieldset, not what I intended. So, I had to use the insert command. Incidentally, the insert call does not work quite as documented. I’m reporting it as a bug, and will likely hack together the support, but anyway, I can do exactly what I want as the tool stands.

Y.get(‘#test_element legend’).insert(‘<p>This is new content.</p>’, ‘after’);

Fieldsets are a tricky situation. Their use is more semantic, and they can create some nice form layouts when used and styled correctly, but Internet Explorer’s rendering of them has so many problems, which IE8 either failed to fix or actually made worse. I still recommend using fieldsets, though what you’re capable of doing stylistically is a lot more limited than it should be. With any luck, this issue will be addressed by Microsoft before the next release of Internet Explorer.

The last couple of weeks have featured some really excellent videos from Yahoo!’s Nate Koechley on Semantic HTML and Unobtrusive JavaScript. One was at MIX in Vegas, a Microsoft conference, but the other was at Yahoo!, and has been put on YUI Theater. I’ve gone ahead and embedded the video below.

Utlimately, I’ve always been a fan of semantic HTML. Was I not simply using default templates for this blog, I’d have strived to do them in a semantic fashion. I am working on this upgrade, but other things have taken their priority. However, in the code that I design, I strive for a meaningful layout and semantic accuracy. It probably helps that with my recent return to MUDding, and therefore to hanging out online with Blind-folks, the ability of the Semantic Web to aid Screen Readers is more apparent to me.

This video was nothing I’d never seen from Yahoo!, but it underscores part of why I’m so in love with Yahoo!’s attitude toward the web. The feeling that you always need to offer some experience, even if it’s not the prettiest experience, is a powerful one particular when paired with the principle of Progressive Enhancement. Now, admittedly, there are other companies that also follow this tenet, but I know of plenty of websites, including those I use regularly, that simply won’t function without JavaScript (and fairly modern JavaScript at that), and I’m unsure how they function for the blind.

It’s an interesting choice, to choose not to support a given demographic for whatever reason, and while I fully support people’s ability to do so, I also believe it’s not terribly difficult to simply do things in a standards compliant and semantic fashion, which can certainly ease the process of offering more universal support.

There is one place where my benevolence doesn’t extend however. Recently, Washington State University re-did their homepage, which I think is a major improvement. The flash-object in the center of the screen is dynamically loaded at runtime using the swfobject library to detect flash, and provide good content even if Flash isn’t available. I’ve been working on a JavaScript widget that would support my video embeds more cleanly on this blog using swfobject, but again, other things…

This did raise the ire of a web developer or two on campus who had installed flash-blocking add-ons into Firefox. The issue is that SwfObject detected that Flash was available, but the Extension stepped in and prevented the flash from loading, replacing the nice noscript/noflash version of the page with ugly ‘click here to play flash’ mechanisms. My argument, and the opinion held by the head of the team that designed the site, is that people who’ve chosen to handicap their web browsers in this sort of way (which isn’t to say there aren’t reasons you’d want to), can deal with the consequences of such decisions. Ideally, these extensions would provide some mechanism to detect their presence, and if they’d object to Flash being loaded (given that most of these extensions allow whitelisting), but until such a time as that happens, I believe the implementation we have is the best we can. However, I am open to suggestions.

As I no doubt suspect a few people other than myself noted last week, my site was basically completely down for the last week. This was, to say the least, incredibly inconvenient, since I was without e-mail, unable to post to this blog, among other things.

My hosting is currently through MJZ Hosting, a very small company with pretty amazingly low rates. I’m paying less than a dollar a week for 1 GiB of storage and 30 GiB of traffic every month. An extra five dollars a year, grants me SSH access. I have as many Databases as I want. As many subdomains as I want. And as many e-mail addresses I want. It’s an amazing deal. And it works.

Most of the time.

Apparently, the story is that Matthew, the owner of MJZ Hosting, has been in the hospital for a few weeks (I share this, because he did). While he had people who should have been able to reboot the server, they were apparently completely incommunicado all last week, costing Matt several customers. Now, I’ve not left MJZ Hosting yet. But, I did have a potential client that had tried to contact me last week. While I don’t expect that bridge to have been burnt, it was still a bit of a wake-up call.

My website has been up somewhere around 99.9% of the time since I started hosting it with MJZ back around 2004. This is more than acceptable to me, when the downtime is spread out, but this last week has left me questioning whether I’m going to be continuing with MJZ when my contract is up in a few months. On the one hand, reliability is important, particularly when I’m beholden to someone else (even if they have been really good to me over the years), so I’m going to at least be considering other options.

In the meantime, I’m going to pick up where I left off. With roughly four posts a week, of things that I hope my readership finds useful and interesting. With any luck, we won’t see any more substantial downtime.

After installing the very first IE8 beta, and having it completely hose my Vista box at work, I was a bit wary about installing the latest releases of this as-yet-unofficial web browser. When IE8 was first announced, I thought there was a lot to be excited about. Microsoft appeared to finally be taking standard’s compliance seriously. They seemed to be a lot more open to what the problems with their browser were.

However, as things have progressed, I have less and less faith in Microsoft to finally put out a reasonable browser, let alone a good one.

IE8 does manage to fix a lot of layout issues. I have code that required some weird futzing with styles to make work in IE6/7, that actually render correctly on IE8. It’s still noticeably off of what either Webkit or Gecko would do, but generally it felt a lot closer than IE7 did. However, it’s still off, and if you’re really working on getting your layouts ‘correct’, then you’re still going to have to work around IE being non-standard.

It’s JavaScript engine comes a lot closer to the W3C standard than IE7, but while it implements a lot of methods it didn’t used to implement, it doesn’t appear to be implementing a lot of it correctly. For this, I’m going to pick on a relatively new feature that is appearing in all the new browsers, querySelectorAll(). John Resig, of the Mozilla Foundation, has recently implemented a test suite to test the implementation of this feature. Most browsers (at least nightlies) are passing in the 99%+ range. IE8, fails 54% of the tests.

Now, IE8 might be performing better in the latest internal builds at Microsoft, but I find this to be another huge failure of Microsoft’s. With WebKit and Firefox, I can grab a new build of those browsers every single day. I don’t, generally speaking, but I could. That is awesome. Microsoft has already identified that IE isn’t a money-making proposition (at least not directly), in that they supply it free with the OS. And one consistent issue I’ve seen in the bug-reporting forums for IE8, is that often Microsoft comes back with a response as simple as “Oh, we’ve fixed that already in the latest build.” That statement isn’t always true, mind you, but how much time could Microsoft save themselves if they just released a new IE8 build every week?

It probably isn’t that simple, given how the fact that IE seems to be frighteningly tightly bound into Windows, but Microsoft needs to take things a step further in how tightly they work with their users. Right now, I’m finding bugs that are on a version at least a month old. I have no way of knowing if those are fixed, aside from Microsoft’s word, which may not be completely accurate.

IE8 is shaping up to be an improvement, but an immensely disappointing improvement compared to what many of us were expecting. Maybe that was unfair on our part, but I think we’d all be a lot happier if Microsoft just adopted an existing Open Source rendering engine and built IE around that (they could probably even keep their crappy ActiveX, too). Oh well, maybe for IE9…

As per both ScottGu and Phil HAACK, ASP.NET MVC has it’s first release candidate today, not to mention it’s first major bug disclosure. ACtually, I consider the bug to be more of an issue with ASP.NET in general, but c’est la vie.

I’ve been using ASP.NET MVC since the CTP 2 days, at least for a few projects, and I really want to congratulate Phil Haack’s teams for getting this out. I’ve really appreciated being able to write truly ‘webby’ applications using C#. While I’m still a fan of other MVC frameworks like Django and Catalyst, it’s great to have access to a solid MVC framework in .NET. Plus, even though Microsoft endorsed JQuery in this product, I can still use YUI with it cleanly.

Now, I haven’t looked much at the fubuMVC, which was created in response to what was seen as failing in ASP.NET MVC, but I’ve been really happy with it so far. Now, I do really want to see the MVC framework released in the MS-PL or something similar, but while the code is technically available today, I don’t expect to see it get any more open than it is. Which is unfortunate.

I’ve always hated ASP.NET because it tries way, way too hard to make the Web not behave like the web, and is a nightmare to debug. MVC is a great middle ground in this respect, because you have access to the ASP.NET controls, if you want, but it doesn’t abstract away the nature of the Web in a difficult or painful manner. If you’re looking to do a new web project, and you know you’re using .NET for it, I’d encourage you to consider ASP.NET MVC. Now, I just need to figure out if the Release Candidate will work on Mono…

I remember years ago when e-mail signatures were supposed to short, three or four lines short, and having a signature that approached (or God-forbid exceeded) the number of lines in the actual message was considered downright rude. These days, that seems to have changed, and partially that’s fine. Most people today have access to a lot more bandwidth, and so the few extra bytes necessary to put more useful information in an e-mail is worthwhile.

Today, I have two e-mail signatures at work, the ‘formal’ one, which I use when starting e-mail threads, and the default one which I use when responding to someone or adding my input to a going thread.

Formal:

Jeff Craig
Information Technology Specialist II
Office of the Registrar
Washington State University - Pullman
Ph: 509 335 5033

Reply:

Jeff Craig | ITS II
Office of the Registrar
Washington State University

And this is less than a lot of people. Hell, one page I’ve seen suggests putting your e-mail address in your e-mail signature. That’s just redundant right there. A website address isn’t a bad idea, and when I get my Consulting business’ website finished, my business e-mail will include that URL as well, but your e-mail address? Really?

But one bit that we’ve been asked to include, which I do only because they’ve made it a requirement, is the privacy notice at the bottom of all our e-mails.

This communication may contain privileged, non-public or other confidential information. If you have received it in error, please advise the sender by reply email and immediately delete the message and any attachments without copying or disclosing the contents. Thank you.

This 274 character monstrosity bothers me a lot more than it probably should. It’s only 274 characters, the space to store and send it is fairly negligible. I mean, it takes nearly 4000 e-mail messages (encoded in ASCII or UTF-8) for that quantity of data to add up to even a single megabyte. However, for a decent sized institution, 4000 e-mail messages can be generated in a surprisingly short amount of time. And ours, is frankly short compared to this gem:

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.

That beast is 684 characters, and would take a mere 1500 messages to reach that 1 Megabyte limit I mentioned.

But while these things do waste a lot of bandwidth every year, that isn’t really what bothers me the most. What bothers me, is that they mean absolutely nothing. If you send an e-mail to me, or anything else for that matter, particularly if it’s unsolicited I can do whatever I want with it, and you can do nothing about it. If I order one thing, and you send me five, that’s your problem. If you mistype a client’s e-mail address, and I accidentally recieve something you didn’t want published, the only thing preventing me from publishing it is me.

The only way you can prohibit me from doing what I please with any communication I’ve recieved is through either a) a contract (which this bullshit notification at the bottom of an e-mail is not), or b) market pressures. You can obviously choose to alter the way you do business with me (or choose not to do business with me at all) if I’ve disseminated information you didn’t want me to, but the improper disclosure belongs to you, the person who sent the e-mail. Not me, the person who received it.

All I’m asking for is reasonableness. I know people don’t consider the value of bandwidth, and e-mail is such a tiny offender compared to many other internet uses today, but such things do add up quickly. And why waste the bandwidth, screen real estate, and thought on such a message that carries with it no meaning? 99% of people are not going to be sharing e-mails that they receive in error, and the rest, are going to do it whether you beg and plead or not.

I have become an enormous Google Reader addict. I’m currently working on a Google Reader widget that will publish my “Shared Items” on my sidebar, but until then, I figured I’d take this opportunity to share the blogs that I’m subscribed to that I really feel are worthwhile.

Sustainabilty/Food/Homesteading

• Holy Scrap Hot Springs is a homesteading group in Truth and Consequences, New Mexico. They are a group that works to grow their own food, and generate their own power, and building materials. A lot of cool stuff about Homesteading, and unlike a lot of homesteading material available today, these people don’t really push the idea of living without modern communcation and computers, just about using less and being more responsbile about it.
• Whittled Down is another homesteading blog, which I first went to for articles on cheesemaking, but I’m sticking around for articles on Chickens, and winter farming, and so on.
• Ethicurean has been a really good source for me on Organic food news, as well a window into the issues that people in that world find really important, some of which I agree with, some of which I don’t.

Android

I’ve been really excited about Google’s Android, and while I don’t have an Android phone (yet), and I haven’t done a ton of development for the platform yet, I’m still itchingly excited about it.

• Google Android Blog this is mostly a news Aggregator, but I’ve found that they collect the important news from the other community sites. Between this and Engadget, I get all my android consumer news I really need.
• Android Developers Blog is the official site from Google about developer related news for Android. If you’re even considering developing for Android, and you aren’t subscribed to this blog, you should be.

DIY

• MAKE Magazine is the best blog to follow for DIY stuff, lots of information from the Magazine, and plenty of cool projects to do, as well as collecting awesome news from other sites.

Financial

• The Simple Dollar has lots of good suggestions for cutting expensives and living cheaper. These run the gamut of DIY projects (like homemade soap), or how to negotiate cheaper bills. Good stuff.
• Get Rich Slowly is similar to the Simple Dollar, but it focuses more on the actual financial side of the equation.

Parenting

I don’t have kids, and I don’t plan to have kids for a while, but I am appalled by the way kids today are coddled, so I’ve begun following the other side of this debate.

• FreeRangeKids is written by “America’s Worst Mom” Lenore Skenazy, and chronicles some of the challenges she has from other people regarding the relative amount of freedom she chooses to give her son. It seems to me to be a really healthy perspective, and I am frankly appalled at some of the problems she has encountered.

Programming

I’m not going to do big descriptions here. I follow the blogs of the tech I use. Monologue, ScottGu, GitHub, John Resig, YUI, Phil Haack. However, for more general purpose disucssion, I’ve started reading Elegant Code because I’ve met several of the guys who write for it, but it’s a bit too centered around Microsoft Tech (admittedly, I do use a lot of Microsoft tech at my current job), and Coding Horror but I’m starting to get over Jeff Atwood’s opinion of himself.

Gadgets

• Engadget is my source for gadget news. I’m not the gadget guy I used to be, but Engadget gets all the news I need in this respect.

Life

• The Art of Manliness seeks to update what it means to be a Gentleman in the modern world. And their stance is that it’s not much different than it used to be. A lot of good articles.

There are a lot of other blogs in my Reader, including quite a bit of security stuff, but these are some of the shining stars, that I think would have some of the most universal appeal. I’ve become a major news-hound, so I’m always looking for new feeds, though I will admit I’ve become more selective over the last few months, as I found several feeds that were simply giving me the same information I already had elsewhere. If you’re interested in news at all, I’d definitely suggest Google Reader, it’s still the best RSS reader on the market that I’ve found.

OpenID is one of those technologies that I, and many others, truly believe is important and necessary, but has completely failed to gain traction with most users.Sort of like Public-Key Encryption. Hell, even on this site, which allows users to authenticate via OpenID to leave comments which will be posted immediately without me having to approve them, I don’t get anyone using OpenID.

There are plenty of reasons for this, I think. Quite a few sites don’t offer OpenID logins, and while Yahoo!, Microsoft, Google allow their logins to be used as OpenIDs, not a single one of them will honor OpenIDs from other providers. And Facebook’s new Federated Login system is even worse, as it won’t interoperate with anything.

Now, the argument for many is that OpenID is confusing. Google suggests using a “Login with you Google ID” form, which is a pain in the ass because you get their Google E-mail address, then have to request their OpenID URL from Google (a move which is far from standards compliant), and then go about the standard OpenID 2.0 login. Yahoo! at least allows their users to use “yahoo.com” as their URL, but then, even they suggest offering a “Login with your Yahoo! Account” button.

Currently, OpenID is clearly the realm of the geeks. But, is it worth promoting these alternative methods of using OpenID? While I think it’s great that Google and Microsoft and Yahoo are all embracing the standard, I believe the better strategy is to educate the users on what OpenID is, and how to use it. OpenID is pretty easy to use (provided you don’t need API access), and I believe one of the key aspects of the upcoming information economy must be that we have the control over our own idenity. OpenID enables that.

But it’s this control over our own identity that is the core of why Google, Microsoft, Yahoo!, Amazon, Facebook and many others aren’t taking OpenID authentication. These are companies that have built their empires on Data Mining. They take your information in order to better figure out how to market stuff to you. Now, this isn’t necessarily a wholly bad thing, and frankly OpenID doesn’t really negate their ability to do this (or even make it harder really), but what OpenID is enabling them to do, is track your activity outside of their normal sphere of influence.

If you log in to leave of comment here using Yahoo! OpenID, Yahoo! is going to know you’re a user of my site, and that’s information they can use. But, if Yahoo! accepts OpenID, and you log into Yahoo! with a Google Account, well, then Google now knows you’re looking to use Yahoo! services ,and that may change things for those companies and their relationship with you.

I don’t want to sound all doom and gloom. A lot of good can come from more directed methods of marketing. I don’t really care about ads for Barbie dolls, and I’m perfectly fine not seeing them. I hope someone is taking notice of my tendency to quickly leave sites that have “talkie” ads. These metrics can all be good, but what is importance is thinking about what giving your online Identity to another entity means. Personally, I do use Yahoo!’s OpenID, but I do try to remain aware of what that potentially entails.

I think at this time, OpenID has enough traction that it can succeed against upstarts like Facebook Connect, but we do need to develop a mechanism to make it easier for most users to use. Perhaps some sort of DNS record to go alongside MX records, like say “IX” records (for Identity exchange) which can provide a service to change an e-mail address into the basis for an OpenID transaction, and do so in a standard way. Or perhaps a standard JavaScript login form which allows you to select your provider and give your login in an easily extensible manner (something like this exists, I don’t remember where, though).

OpenID needs to be made easier, and I think there should be a way to do that without obfuscating the system further. The standard will likely need updating, but I believe that it can succeed. That it will succeed, and that it needs to succeed.