22 November 2009

No Longer One, Yet Still a Mentor

I guess I should have seen this coming ages ago after Linden Lab first suspended hirings, then kept holding off on the resumption of intakes...

On Dec 11 this year, LL is shuttering three Second Life Volunteer groups: Second Life Mentors, Second Life Mentors Q&A, and the Instructors team. With this, the volunteer programs that Linden Lab originally put in place back at the beginning of Second Life are all gone, officially.

This is kind of upsetting in a way - I've been on SL Mentors nonstop since December 2006, and the fact that it's going away (albeit for good reasons of scalability) makes this the second time this has happened - I was on Live Help when it went away too. It's certainly a sign of the times when things that worked back in 2003/2004 no longer work in this day and age - like keeping 3.5k folks in one group. ^^;

I haven't posted in a long time despite this news being available because I've been busy trying to ignore this happening: trying out Torchlight, playing with the new OpenGL shift/zoom effects on Photoshop CS4, attending the Anime Festival Asia this weekend.

No longer one, yet still a mentor... I guess that sums up the peculiar state I'll be in very shortly. I'll still be in-world of course, just spending more time building up other things...

See you guys in world... or better yet, throw me a notecard - I'm getting my IMs capped a lot of late despite notices trickling down to a dribble in my most important places...

30 April 2009

Open Letter - Piss Off, Adwords.

So apparently blogger Tateru Nino makes a serious effort to revamp her website to improve its readability and entertainment value...

And then scores a scoop with revelations that "Fallout" may possibly become a television or movie property in the future.

This scoop gets picked up on by a lot of people in the know, and cited. very. very. much. which in turn leads to a lot of people picking up and discovering Dwell On It's blend of awesome and funneh.

In the process, a lot of people are viewing Google AdWords and clicking through partly as thanks and partly because Google is supposed to be serving very relevant ads.

So what does Google AdWords do? They cut her off, citing a lame reason like "You pose a risk to our advertisers". Simply because the place abruptly explodes from one moment of good reporting.

Google seems to be misdefining "risk". She provides content that everyone wants a load of for the first time in ages, and that should be rewarded, right? right?

I'm closing ranks with Tat on this - you won't ever see AdWords on this blog ever again as long as it's not in the same sentence with at least two obscenities, a sledgehammer-wielding dwarven horde, a industrial concrete vibrator used like the usual sort of vibrator, and the Prince Of Eternal Darkness.

Oh, and "manure lagoon".

Nino probably would choose less hurtful words, but I'm a passionate person, and the one thing I cannot accept is unjustified shafting based on resounding success.

Thank you for listening to what little blogging I've managed in recent weeks. This has shaken me up enough as well to consider my own little revamp ":D

02 March 2009

OpenID: a reply to Prok

This article is a copy of a reply to a blogpost on Second Thoughts crucifying OpenID as found here. To read it without this in context will probably be like attacking George W. Bush with only one shoe, so I think, yes, you should read the original post first. As always, constructive positive/negative comments will be welcomed, trolls will be shot out of a cannon containing the contents of my piggy bank. (Look how it jingles.)

1. OpenID is hard to use and misleading in its claims.

I'll be the first to admit that until recently, OpenID was a closed book to me, but they have done a reasonable job in recent weeks of remedying these issues. In fact, if you log right into http://openid.net, the homepage has reconcentrated more on blogged news about the system, as well as the three main issues: What and why OpenID, Where to get OpenIDed and Where it can be used. The main issue is poor design that doesn't draw attention to these three places:

Externally, both Google and Yahoo! have also thrown their weight behind providing OpenIDs linked to people's accounts with them, although their efforts to reduce confusion by renaming them as "Yahoo! IDs" or "Google Accounts" could just as easily worsen matters.

But if nobody cares, and nobody does anything, nothing changes. Or worse.

2. OpenID is decentralized and therefore not the same everywhere.

OpenID is merely an identity and authentication scheme. You'll find that in actual fact, a lot of accounts in many places use a lot of other data besides just your login data and passwords.

Forums need to track your timezone to help you keep a perspective of when other people post and comment in relation to your local time, as well as what posts you haven't read and might want to read. - Your OpenID provider shouldn't need to keep that info that unless it's the same service.
To-do lists need to track your specified chores and how you're doing with them, whether you're early, whether you're late, what you need to do them et al. Your OpenID provider shouldn't need to keep that info unless it's the same service in question.
Blogging services may want to link the comments you've made to date together to allow you a clearer view of how you've said things previously. Your OpenID provider shouldn't blah blah blah ditto.
The only thing they seriously need to keep is enough info to identify you if subpoenaed for legally valid reasons. They should not be handing it to anyone else, and their policies should reflect that. the only thing a OpenID provider should say is "yes/no, the guy who claims to be this OpenID is indeed/not the person he claims to be."

Would you rather open yourself to compromise by setting only one policy and openly sharing your personal data willy nilly after OpenID login, rather than offering only what you believe to be acceptable for public consumption whenever you log in?

I thought not.

3. OpenID accepts other services' log-ons, but would I give my email password to everybody?!

Best practice is already laid down on this matter: if a site gets a OpenID-based request, it should redirect to the OpenID provider you chose, allowing it to handle the authentication on its own side, and handling the matter of confirming your identity with the requesting server on its own.

Obviously, unless the OpenID provider is insane, it should be able to say this according to the schema laid out by OpenID WITHOUT involving your password in any manner, only confirming that your OpenID is being used legitimately.

This kind of makes OpenID provider servers the weakest link in the system, but OpenID also provides repudiation services to reject OpenIDs issued from select places where the server has clearly been compromised beyond the reasonable standards of the a server, and this is not system-wide, only based on the judgement of the administrator of each service relying on OpenIDs.

4. OpenID has a reputation system, with all the awfulness that implies.

Only to the extent that any form of id has a reputation built up around it. As a wag once put it to me - a troll under any userid and auth scheme, is just another guy to wield the banhammer on.

Also: remember what I mentioned about OpenID's ability to stop accepting an OpenID from a provider - it is enforced only on per-administrator level, and never on the entire network of logins and providers on OpenID. that means that if your OpenID gets turned down at the door and errors are not involved, you (or your choice of provider) are just not welcomed by the admins. Whether this is a good or bad thing really depends on circumstances beyond this discussion's bounds...

5. OpenID makes it impossible to make multiple accounts with similar names, or alts.

Far from it - I used three separate OpenIDs to date: one off of Edith Cowan University servers that certifies users as staff and students of the colleges it runs, one off of SLOpenID.net that confirms I am indeed THE blue wooly wildcat with THAT NAME, one off of gov.sg servers that confirms that I am indeed working on governmental issues on an irregular basis... but I only run that last one when I'm really working seriously.
OpenID does not preclude the use of multiple accounts or identities, Prok - in fact, it can just as easily be one way of clarifying the distinction about something said in mere jest, and something said in an official capacity.

Your current woes with your current OpenID provider are specific to provider, rather than the actual schema itself. Do NOT incinerate the entire flock simply because one sheep is black. (Though I understand the end result of doing so is that every sheep is equally black and charred to bits xD)

6. OpenID *is* centralized, in fact, really.

But of COURSE some aspects of it must be centralized, as a standard - the prompting and reply methods for authentication have to remain standard. The server requesting proof that an OpenID is indeed being used properly has to expect a certain reply back from the provider. Computers are dumb and only understand "yes" in the ways "yes" has been defined, and we have to unfortunately live with that limitation in terms of being less-than-ambiguous with computer-based replies.

But OpenID doesn't exactly conjure up nightmares of Python's benevolent dictator for life. far from it.


7. OpenID is impossible to troubleshoot.

There are three main points of failure: the user's browser, the requesting server, and the OpenID provider's server. (We're simplifying things by ignoring failures in network media or routers here, now). If you're getting the same failure to login across multiple sites, your OpenID provider may be experiencing issues. If you're getting it on only one specific or handful of sites, it means that they may most likely have out-of-date handling for OpenID or errors of some other sort... It also doesn't help that some sites seem to rely on browser-side Javascript for the redirects involved in a proper OpenID login request. (I'm looking at you, Google)

My suggestion? Email your OpenID provider first and note to them that your OpenID is not working properly, step with them through the possibilities. The unfortunate fact is that with all these extra moving parts, OpenID is inevitably more prone to disruptions than a system run entirely under one roof by one company - like Microsoft Live ID, anyone?

One thing I could suggest: your membership as a TypePad blogger entitles you to an OpenID as "http://(username).typepad.com" ( being the same username that brings up your personal profile). I would suggest trying to type it in as an OpenID in that form the next time you're logged into TypePad, and seeing if the server you're doing it at redirects to TypePad. If implemented properly, TypePad should prompt you at least once to confirm that you indeed want to confirm your identity, and then redirect back if all goes well.

Not everyone can implement an idea well. But it does not mean the idea itself sucks.

Looking forward to reasonable reply,

Patchouli Woollahra

Trinkets from Zazzle! (A sponsored Link)

Support the insanity, buy a mug! Or a pad. Or something.