| LiveJournal to Supermatty: OpenID, Schmopen ID |
[19 Feb 2007|02:16am] |
| [ |
mood |
| |
 tired |
] |
I have only quite recently looked into OpenID but so far, I think I like what I see. Everybody must be getting sick of having 200 different logins for all the stupid stuff you have to sign up for online (along with the cool stuff too!).
I am smart enough to know that re-using passwords for different accounts is pretty weak on the security front, but with this explosion of funky little "Web 2.0" (starting to hate that term) sites that I want to try out, I feel like I'm signing up for some crazy new thing every week.
Every damn time, I've gotta come up with a unique user name and if I'm conscientious, ANOTHER password. Hot damn, I got passwords coming out of my ears and if there's one thing worse than using the same password for 10 different accounts, it's having 10 different passwords for 10 accounts you dont actually use very often.
A memory as bad as mine doesn't help either, and you find yourself slowly waking up to the reality that you will either have to:
1) Keep hitting the "forgot my password" link every time you make an infrequent visit to the site in question, and subsequently go through the annoying rigmarole (yay, cool word!) of verification emails and making up ANOTHER password. "THIS time I'll make up one that i'll be sure to remember!" - yeah right. I'll have forgotten it again by the time I return in 3 weeks ... OR
2) WRITE YOUR PASSWORDS DOWN, which is absolutely an unthinkable cardinal sin. I would admit to crapping my own pants before I admitted to writing passwords down.
So if you're like me (a proud wearer of at least 97% crap-free pants), you end up jerry-rigging your own crazy systems of changing passwords based on themes, etc etc...
You may even end up with a kind of 'hash' text file of your passwords using some arbitrarily secret method of decyphering the cryptic codes in your head so you can figure out what your password REALLY was, just so you can sign in to your OWN *$#&$ ACCOUNTS. Yes, I know this is pretty weak too.
Feel free to try bustin' into my profiles and messing my stuff up, but be warned that in real life I am a ninja and if you mess my stuff up, I will MESS YOUR FACE UP INTO YOUR ASS without even BLINKING. It's not even personal, it's an honour thing. Think on that for a moment.
Aside note: I HATE HATE HATE sites that, once I sign up for an account with them, send me a "helpful" email saying "hi, thanks for signing up to weak-security-R-us. Your username is blah and your password is blah" IN PLAIN TEXT.
Anybody sending account passwords in PLAIN TEXT, through email, should be eviscerated. I will help with the first few executions just to show I'm serious about this. Email, for heaven's sake - can you think of a less secure medium? OK maybe you can, but still. Email!
I have now taken to using a simple, pointless password when I initially sign up to dodgy-looking sites and then congratulating myself when the accursed plaintext "welcome" message timebomb arrives in my inbox - just as I go back to the site and change my password to something a little bit smarter.
F*ckers.
Phew, nice to get that off my chest. On with my essay!
OpenID seems a clever solution to me.
You can essentially use whatever method you feel appropriate to actually authenticate yourself and you can set things up so that you don't actually have to tie your authentication down to one provider. It's really tied to your ownership of a URL, so all you have to do is own a domain name in order to enjoy the independence of choosing to switch your actual OpenID validation provider whenever you feel like it.
In fact, if you are really paranoid you could put in a little extra effort and be a provider to yourself and implement all the crazy security you feel like - a geek's gotta love that concept!
Biometrics, anyone? (Not mentioning any names.... ;) )
I like the idea of having the option of controlling just how secure your online identity is.
Some sites provide OpenIDs that ALWAYS authenticate... thus you can use online services anonymously if you so choose! This guy doesn't seem to like the idea, but I think that anything supporting OpenID for sign-in should still have a reasonably traditional account-creation process in the first place, including old faithful methods like "type the letters you see in the image into the little box" and confirmation emails and pacts concerning your first-born son and so on.
I think some people are confusing OpenID with being responsible for more than it actually is. It doesn't pretend to deal with CREATING an account with an online web service. All it's supposed to do is let you have the same login and password for many different sites. How those sites choose to screen new-user creation is still up to their individual requirements and standards. It's just that OpenID allows them to simplify the login process for their users - all that stuff is now done by somebody else that the user already trusts!
Also, some biggies like AOL and Microsoft are either already supporting it or have recently announced that they will. (Would you like to know more?)
Now I've set the scene, here comes the point to my article...
MY POINT:
* LiveJournal supports OpenID - Yay!
* OpenID on LiveJournal is broken. Boo!
Assertion:
It was a good move to create an OpenID for every existing LJ account. This could get more people using OpenID.
The part that sux:
I, however, have my own OpenID from another location and I cannot use it to log into my LJ account, which totally defeats the purpose of what OpenID was designed for in the first place!
Corollary:
This is a very good suggestion.
I think corollary was the word I was searching for. Oh dear - shoulda paid more attention in my numerous maths classes.
(haha, just noticed the "numerous" pun. Oh, I'm sad.)
Anyway, I completely agree with the dude's assertion that LJ's "OpenID" support is essentially only halfway there and it is quite surprising to me that this is the case, correct me if I'm wrong but I was under the impression that OpenID was essentially developed by the same people who work on LJ!
Please note: Totally defeating things can be fun, I do it all the time just to stay in shape, but in the case of defeating purposes (and porpoises too), it's usually not as cool. This is one of those not-so-cool times.
Until they allow users to link non-LJ OpenIDs to their existing accounts, the whole "OpenID on LJ" thing is extremely limited in usefulness for many of us. By "many of us", I am mostly talking about myself and if anybody else has this same problem, then that is a bonus (in the contradictory sense that this bonus is actually a negative thing).
For general web stuff, people really will NOT want to have to use more than one OpenID account - what would be the point? We might as well just sign up for everything the old-fashioned way and give all our hundreds of different accounts the same password. Back to square one.
I understand and appreciate people's concerns about security. The potential exists for slightly less-than-optimally-secure OpenID providers. In practice, however, I think it's far more likely for the users themselves to compromise their own accounts by carelessness with passwords etc, just as they always have done in the past. Users are lazy fools. I am a user, so I know this.
I would imagine that the bulk of the less security-conscious OpenID users will probably be getting their ID's from one of the "big" companies that is handing them out freely (LJ, AOL) inside packs of cornflakes, and accompanying these with their already-existing subscriptions to other services. If these guys aren't already running adequate security, well.... you can only take your paranoia so far.
I really think it unlikely that we will ever have a situation where there are people out there who have:
a) somehow gained unauthorized access to a bunch of OpenID accounts, and
b) logged into LJ using these stolen identities and proceeded to read and/or republish people's "private" LiveJournal entries, write nasty comments etc.
Honestly, who would be bothered? If you feel like causing a little mayhem on the internet there are plenty of other ways to do it.
Besides, as soon as a breach of that nature is discovered, website administrators should instantly be able to suspend action for all OpenIDs coming from the compromised provider (blacklisting, if you will). Not sure if this capability is actually implemented, but it just seems like common sense to me. "Commonsensical", if you will. I like that word.
Commonsensical.
Commonsensical. Hmmmmm, italics are better.
Italics, mmm... Italians. Mmm... Italian food. mmmmmmmmm.
OK it's getting late, I better finish up before I lose my audience of (maybe) 2.5 people.
Back to the future (of OpenID).
Thought: You could almost look on this as potentially a MORE secure system, because the failure of one OpenID provider does not mean that the entire user base is compromised.
Seems like at least one guy actually wants to treat OpenID users differently to 'regular' LJ ones. Security concerns over the 'unknown' of OpenID. "Who might be reading my private posts" type of thing.
Frankly, I think that if you REALLY want to post information that is extremely private to you, then it's probably not a good idea do it somewhere like LJ anyway. Simply relying on making all your posts readable by "friends-only" is unwise, regardless of OpenID concerns. Use PGP or something - that's what it's for!
In closing, what Tailen is suggesting is essentially to "complete" the implementation of OpenID support on LJ. I agree with this suggestion. LJ's OpenID solution cannot be considered complete as it is. Please fix!
Thank you, and good night.
|
|
| Ring ring |
[18 Feb 2007|11:29am] |
| [ |
mood |
| |
 awake |
] |
Text message I recently received:
"sick you up in about 20 minutes".
Strange and unusual threat, or just another case of predictive text rearing its ugly head?
You be the judge.
|
|
| Stereotypes and Semen |
[17 Feb 2007|02:18pm] |
| [ |
mood |
| |
 contemplative |
] |
A post from a friend of mine drew my attention to this article and it got me thinking about these stories that float around concerning women using dudes' sperm to conceive a child that the hapless dude never wanted. (Poor dude.)
Believe it or not, I don't think about this stuff every day. Just as my friend somehow got wrapped up in the comments accompanying the story, so did I. I'm feeling vocal today, so here goes:
1) - Helpfully topical true story: A school friend of mine's girlfriend is due to have a baby in the next couple of weeks. She was on the pill during the period (har har) of conception. Yikes! This is the kind of thing that scares the crap out of people. When I say people, yes I mean both men AND women. Plenty of chicks - even smart ones! - have no interest in having kids "right now". A lot of fellas seem to forget this.
Which brings me to point
2) - As evidenced by Digg comments (and forum posts pretty much all over the net), people are still stereotyping men and women all the time: "Those biatches just want to have relationships and babies", "dudes just want meaningless sex", etc etc.
The more people I meet, the more I realise that most stereotypes are rubbish and their only use is to broadly classify things when you're feeling lazy or making jokes - or both (like me!).
I have met women who don't want to have kids, women who have meaningless sex with dudes (and probably hurt a few feelings along the way), and I have EVEN met women who I suspect are smarter than me! Gasp... is NO stereotype sacred?!
Likewise, I have met dudes whose behaviour is contrary to all kinds of traditional stereotypy dudeish things. I just can't think of any of them right now, because my thoughts went wandering and I started thinking about sex. ;)
It's pretty obvious that when it comes to people, stereotypes can be awfully harmful and are often the basis for all kinds of nasty sh!t like racism and negative discrimination.
Question: is using stereotypes for humour a bad thing? As far as I can tell, it's probably one of the few legitimate uses, but I can see how you could argue against it... y'know, reinforcing falsehoods, encouraging slightly less canny people to use them in real life, blah blah.... Please discuss. (Assuming anybody is actually reading this).
I am reminded of something in a Scott Adams book where he was briefly running through a few pros and cons of some historical events, and although I'll probably get it wrong because I haven't looked at the book in years, there was a part that basically went:
GOOD THING: Women were allowed to vote / go into politics (can't remember which it was?)
BAD THING: Women turned out to be just as stupid as men.
I think this a good example of using a stereotype-like device for humourous purposes. Well, it made me laugh anyway.
2) Everybody has something to say on the topic of "women who want babies" because it deals with such basic human instincts ("basic instinct", ha-ha).... People will probably be talking about this stuff for as long as we still, ummm, have the ability to talk.
3) My points system is clearly not working very well so I will now abandon it.
6) There is no point six.
Going back to point 1, you may be interested to know my friends are keeping the child but not getting married. In this case of accidental conception I have no reason to suspect any kind of foul play. I DO have a feeling that the sorts of stories typical of some of the comments in that Digg article tend to become urban legends and get retold over and over in various guises until everybody thinks that kind of thing happens all the time, when in fact it is the rare exception to the rule. Basically, people love to gossip and they love a good scandal even when it ain't 100% true. We already knew that.
I assert the above with a complete lack of research, reliable sources or facts to back up my case. Then again, most of these stories in question are coming from exactly the same position, which is why we gotta take em all with a very large grain of salt, no matter how entertaining/true-sounding/fascinating they may be.
Having voiced my skepticism, I will now proceed to provide evidence AGAINST my argument because I just thought of a few things (damn!):
Point that undermines my argument: I met a chick fairly randomly at a club one night a couple months back, and I was instantly fascinated when I found out she worked in one of those "give us your eggs and sperm and we will jumpstart a baby for you" clinics. I can't remember what those places are actually called - give me a break, it's not like I visit them often.
So I came up with all kinds of crazy questions for this poor girl and some of the answers were pretty interesting, assuming I heard them correctly over the noise of the nightclub. One thing I do remember her saying was that sometimes women come in with semen samples AND NO DUDE FROM WHENCE THE SEMEN CAME. Haha, "came". In any case, they're not allowed to accept the goods in that situation because apparently sometimes the dude doesn't even know what's going down. So I guess it DOES happen sometimes.
Other argument-undermining point: I do know that some hospitals have a code "pink" alert (I think it's pink?) which basically means some intruder has, err, intruded and subsequently nicked off with a baby that may or may not be theirs. The fact that they even need to make up a special code for this means that it happens way too often. Interestingly (to me), they don't have this code in all hospitals... my mum was taught about it when she was working at Swedish (in Seattle), but they don't have it at the Royal Hobart down here in Tassie. Less baby snatching in Hobart? I would like to think so. Perhaps this is an opportunity to reinforce the stereotype that Americans are stupider than Australians. I know I was trashing stereotypes earlier on, but I like this one so I'll run with it. Also, it means I'm contradicting myself and everybody knows that contradiction is hilarious!
Anyway, it's pretty clear that people go completely mental when babies are involved, even if the baby in question hasn't even been conceived yet. That is some crazy stuff when you think about it. Babies pretty much cause mayhem and I'm thinking perhaps we can solve the problem by waging a war on babies. Evidence of their guilt can be viewed here. (A Trustworthy Source!)
Good posting etiquette would have me pick one topic, stick to it, and keep it short and sweet. I've completely failed to do any of that, so I guess it's time to wrap it all up with a summary that does not really summarize anything:
Summary that isn't a summary
Although I've opined that it probably doesn't happen all THAT often, MAN WOULD I BE PISSED OFF if some chick stole my jeans for her own selfish purposes.
I'd be annoyed about her stealing my genes too - I've only got one good pair.
|
|
| Open Letter To My Washington Crew |
[17 Sep 2006|09:40pm] |
| [ |
mood |
| |
 excited |
] |
Good evening friends (and more)....
At least it's evening for me, and it's basically pointless for me to try and guess when you ACTUALLY will read this, so I'll leave it at that.
I have for you all an ACTUAL post, about REAL goings-on. Please accept my apologies in advance!
For some of you, it's been quite some time since we've spoken / hugged / shook hands / got drunk / sang along to car stereos together. For still others, perhaps it hasn't been long enough.
In any case, I'm not really giving you the option to get out of this one: you may have heard rumours that I'm coming to town and if so, let this email be the confirmation! I am indeed returning to sunny (sic) Seattle and for those still living in the state of Washington, know that I WILL track you down - attempts to hide from my all-encompassing Australian-ness will be in vain, so don't waste your energy. Resistance is useless!
I originally planned on making a low-key entrance and just showing up unannounced like some globe-trotting international superhero (all James Bond-style), but then I realised that some people might want to actually be told of my visit so that they can spray themselves with Aussie repellent, restock the beer fridge, etc.... so consider yourselves forewarned!
Currently my itinerary states that I'll be in Washington from October the 15th till the morning of the 25th - long enough to make another dent in the place, anyway. The tickets are flexible so I may be in for a longer or (hopefully not) shorter stay. As a concession to the fact that I actually don't have enough "holiday days" saved up for this trip, I'll actually be working remotely for my employer here in Tassie so daytimes are mostly (and sadly) spoken for. Evenings, however, are a different story!
Look forward to catching up again - be sure to relay the news to all those individuals whose contact details I may not have!
Cheers
-Matt
PS: Better make a few reservations at Shari's too.
|
|
| navigation |
| [ |
viewing |
| |
most recent entries |
] |
|
|
|
|
![[info]](http://l-stat.livejournal.com/img/userinfo.gif?v=92.1){kind=small}
supermatty's journal