July 2001 Archives
In this article, Nicholas Petreley claims that because American Express, eBay, and VeriSign will support Passport, you won’t be able to build an e-commerce app with Mono (unless you hook it to Passport):
Microsoft is already promoting Passport aggressively by making deals with the likes of American Express, eBay, and VeriSign, among dozens of other popular e-commerce sites. So for Mono to be of any use in developing open-source e-commerce applications, Mono will have to support Passport.
I don’t see how the one follows the other. Because some random companies start supporting Passport, will Mono (or .NET for that matter) suddenly become incapable of using strong cryptography?
You do not need Passport to develop .NET applications that work with the existing e-commerce infrastructure. For example, .NET’s System.Net.WebRequest is perfectly happy talking to an https server. .NET’s web forms can sit behind a web site that is protected with SSL. The System.Security.Cryptography namespace is full of support for strong crypto.
Strong crypto, including SSL, have been the cornerstones of e-commerce to date, and will continue to be for some time (in fact, Passport uses https during user authentication).
Passport is only necessary if you want to use it as a single sign-in solution for Hailstorm or your web site. It is not necessary for e-commerce (I think we should resist all efforts to make it the only authentication mechanism for e-commerce).
The .NET framework is a general-purpose development framework. Passport is a single sign-in solution that can be implemented on any web server, not just IIS. Passport is no more essential for .NET e-commerce applications than it is for Perl, J2EE, Python, or PHP e-commerce applications.
I appreciate Petreley’s concerns about whether Mono will help Passport take over the world. But I don’t agree that Mono is part of the problem. I think Mono will facilitate multiple solutions to the single sign-in problem. Read more here, in Mono’s Not Just a Vehicle for Passport.
When Kevin Lenzo took the Grand Ballroom stage Friday morning at the Open Source Convention, many in the audience knew nothing about the announcement he would soon make.
Kevin explained that even though the world might not need another society, the open source community could benefit from the nuturing of Yet Another Society. The purpose is to help fund developers working in Perl and other open source technologies.
According to Simon Cozens, the story is that YAS has merged with the Perl Mongers and Perlmonks. YAS has
already been active in the Perl community for around a year, organizing the YAPCs, and was the vehicle through which funding was obtained for Damian Conway’s indenture. (Thanks Simon for setting me straight)
After Kevin Lenzo made the announcement, Larry Wall then took the microphone and told the story about a letter he had received years ago. The letter contained $14 in cash with a note stating: “Please use this for Perl development.”
Larry never quite knew what to do with the $14 … that is until today when he handed it to Kevin Lenzo as the first donation to the Yet Another Society.
Larry Wall hands Kevin Lenzo $14 as a donation to Yet Another Society with Damian Conway looking on. Photo by Derrick Story
Craig Mundie knew he was walking into hostile territory when he came to explain Microsoft’s position on Open Source software and the GPL (General Public License) to a crowd of mostly hostile red-hat wearing Open Source hackers attending O’Reilly’s Open Source Conference. He tried to soften them up by opening his presentation with a doctored photo of him as Austin Powers’ nemesis, Dr. Evil, and Microsoft’s FreeBSD sympathizer and open .NET evangelizer David Stutz as mini-me. (In case you were wondering, Mundie later explained, they did get permission to doctor the image.)
It worked just a little. There were no thrown objects, even though Red Hat CTO Michael Tiemann really did compare Microsoft to oil and lumber companies (What? No big tobacco?) who will agree to protect the environment as long as they can continue to ravage it.
Microsoft’s position in the environment, or ecosystem, of software development was a central theme in the morning’s events, which included talks by Mundie and Tiemann, followed by a panel discussion that included Brian Behlendorf, Clay Shirky, and Mozilla’s chief lizard wrangler, Mitchell Baker.
Mundie said he was here to clarify Redmond’s position: they don’t have anything against Open Source software (honest, guys!). They’re just trying to clarify people’s misunderstandings about the GPL. Dan Gillmor pressed him on this at a press conference after the panel: how come Steve Ballmer has twice called it “a cancer.” Mundie waved it off: “I know Steve, I talk to Steve.” Steve gets a little hotheaded, I guess.
Tim O’Reilly said he brought Mundie down to talk to the Open Source conference because he thinks both groups can learn from the other. “Microsoft knows something incredible about monetizing ideas.” The Open Souce community knows something incredible about making good software–things that Microsoft is trying to learn, according to both Mundie and Stutz.
But I was left wondering how these extremes could ever meet. Tiemann’s comparisons to big oil, as well as his suspicion of Microsoft’s motives, were to be expected, as were the cheers they drew from the audience. But I was a little surprised by the hisses and booes that greeted Mundie’s explanations that Microsoft is in business to make money, and that licensing intellectual property is part of that business. Even with Mundie’s graceful performance here, the level of suspicion among fringe players on both sides rises to a level of toxicity at times. Let’s hope cooler heads can keep talking.
I took in a panel on Wednesday morning at the Open Source Strategies Summit (one of the tracks at the Open Source Convention) about open source business models for the
In introducing the panel, Tim O’Reilly asked everyone to “think pretty hard about interoperability,” which depending on how you hear that, could be a gentle reminder of the need for standards, or could be an attack on proprietary systems that lock out competitors. “The war is not between open source and Microsoft,” Tim said. “It’s a war between an interoperable world, where there’s room for many players, and a winner-take-all world.”
So how about this room for many players business? Who could deny that the Internet-driven boom of the late ’90s was made possible by an open system with a low barrier of entry? And yet the last year or so has been something less than inspiring for the open source business model, with the failure of Eazel, and hard times for many Linux companies.
The panelists, whom along with Tim included economist Hal Varian from UC Berkeley’s School of Information Management Science, CollabNet CEO Brian Behlendorf, and Michael Olson, vice president of marketing for Sleepycat Software, offered advice that sounded … well, awfully familiar. Start with open source code, develop it, give it back to the community. Then make your money off of services, consulting, some small amount of shrink wrap.
Some think you should hold onto core enhancements (Behlendorf), others think you shouldn’t (Tim). Either way, there has to be a clear focus on some competitive angle that makes the effort of your labors something more than a commodity. Not because we’ve all become hard-nosed, ungenerous misers in the past year, but simply because the conditions for using other people’s money (that is, investment or venture capital) have changed (some would say “matured”). That mythical future, when we promised that the benefits of largesse would be returned tenfold, is upon us. And then some.
Linux Today has a link to Nicholas Petreley’s “GNOME gets Mono” article, in which he blasts Mono and GNOME. There has been a lively discussion.
Petreley turns the heat up in this weblog entry.
His concern about Passport being tied to the .NET Framework is certainly justified. Microsoft could (and probably will) integrate Passport authentication at the class loader level.
What would that mean? A software developer could integrate passport into an application as easily as a web developer could integrate passport into a web site. Even if Mono has the capability to authenticate and load Passport-enabled assemblies, it does not force every developer to adopt Passport.
I like the idea of a single sign-on, but I don’t think Microsoft should have sole control over it. It’s my hope that several compatible alternatives are available to Passport. AOL/Time Warner is already working on one, Magic Carpet. I’m not all that crazy about AOL/Time Warner and Microsoft being the two parties with control over identity and authentication. There should be open alternatives.
It’s probably only wishful thinking on my part that we can expect compatibility between Magic Carpet, Passport, and whatever else appears (such as the free and open DotGNU). I know one thing: having an open source implementation of .NET at least makes it possible to connect a Passport-bound class loader to a non-Microsoft implementation. Perhaps Mono will unify these authentication mechanisms in the same way that Jabber has unified incompatible instant messaging systems.
Related link: http://www.msnbc.com/news/604184.asp?0si=-
“America Online says it plans to test a system later this summer that would enable users of its popular instant messaging service to communicate with people who use other products, like Microsoft’s MSN Messenger.”
Related link: http://www.betanews.com/article.php3?sid=995975421
“America Online is quietly rolling out a new unified sign-in service, similar to Microsoft’s Passport, across its properties and partner sites. Codenamed “Magic Carpet” and currently promoted as the “Screen Name Service,” visitors will be able to sign in with a single click and seamlessly browse sites supporting the new technology.”
Related link: http://www.cooltown.com/dev/index.asp
“HP Labs has been working at the intersection of nomadicity, appliances, networking, and the web.” About equal parts vision and code, cooltown purports to bring e-services to Web-based personal devices. HP today announced CoolBase, an Open Source project focused on implementating a framework for its coolbase vision.
Related link: http://www.eff.org/
Electronic Frontier Foundation is calling on folks to hold off on protests against Adobe and its role in the arrest of programmer Dmitry Sklyarov. Sklyarov was nabbed by FBI agents last Monday, after he demonstrated software at DefCon that would remove encryption and printing restrictions, such as those used in Adobe’s eBook Reader and Acrobat Reader software. Read the latest on the protests at EFF’s site, and get the latest on the story from
The air of late is thick with talk of identity. The holy grail is a unified, decentralized, simple yet extensible user-centric identity, membership, and preferences fabric for the Internet.
The stone soup includes such ingredients as: Passport, Hailstorm, XNS, XML-RPC/SOAP, Instant Messaging, Single Sign-On, Authentication, Security, Access Control, User-Centric Services, and so on.
I invite you to join us for a spot of meme hacking and problem-space mapping at the Identity Birds-of-a-Feather session, the O’Reilly Open Source Convention in San Diego, July 23-27, 2001. The BoF will be held on Wednesday at 8pm in Marina II (East).
I’ve been assembling an evolving list of required reading on the subject:
- “Microsoft® Passport is an online user-authentication service. Passport lets a consumer create a single sign-in name and password for easy, secure access to all Passport-enabled Web sites and services. Passport-enabled sites (also called participating sites) rely on Passport to authenticate users rather than hosting and maintaining their own proprietary authentication systems. However, Passport does not authorize or deny a specific user’s access to individual participating sites; Web sites that implement Passport maintain control over permissions.” –Microsoft Passport Technical White Paper
- “America Online is quietly rolling out a new unified sign-in service, similar to Microsoft’s Passport, across its properties and partner sites. Codenamed “Magic Carpet” and currently promoted as the “Screen Name Service,” visitors will be able to sign in with a single click and seamlessly browse sites supporting the new technology.” –With HailStorm Brewing, AOL Readies ‘Magic Carpet’
“The Screen Name Service lets you create a single, consistent Screen Name, as your personal “ID”, which you can use to safely, securely and conveniently access and personalize sites across the Web.” –About the Screen Name Service
- “Developers are now faced with a choice — support Microsoft’s membership system, and thereby feed customers to them, or develop an open, clonable and decentralized system, so that membership is a competitive space, not owned by one or two large companies. ” –Dave Winer, Distributed membership and preferences
- “Microsoft will control a user’s identity, leasing it to them for use within HailStorm for a recurring fee. ” –Clay Shirky, Hailstorm: Open Web Services Controlled by Microsoft
- “Cyberspace does, however, afford the interesting option of pseudonymity. Were there Passport support on a useful number of sites, I would likely set up a number of different identities for myself. Ideally, there would be a variety of authentication services equivalent to Passport, so that I could distribute my identities — and thus spread the risk of compromise — among them.” –Jon Udell, A Storm Brewing
- “I have long believed that it’s more important to assert our own identities, and authenticate who and what we encounter in cyberspace, than to hide our identities.” –Jon Udell, E-Mail Virus Danger Is An Identity Crisis
- “Such a open source system could potentially eliminate the need for websites to require local accounts to be set up by the user that are often repetitive and cumbersome. The user could potentially use their one master account to access and manage all other services they use on the internet.” –Jabber Identity Project
- “XNS, or eXtensible Name Service, is a new Internet service that lets individuals and businesses establish a global online identity and address, exchange self-updating business cards, use a single sign-on name and password, automatically exchange and synchronize common types of data, and manage the use of shared data under XNS privacy contracts. XNS works through a globally distributed network of XNS agents and agencies. ” –XNS.org (See also OneName)
- “Identities exist in some “realm,” and we use that term in its usual sense. We often think of a realm as being a relatively large collection of users, like compuserve.com or aol.com, but it might well consist of a small set of users, e.g., user names and pass phrases associated with an individual Web server. We allow the service to specify a set of realms, to recognize an identity in any of the realms in which it participates.” –Gary Brown, Compuserve, Remote Passphrase Authentication
- “ICEPick is an Open Source peer to peer system designed to enable cross web site authentication and personalization services. It was inspired by the recent announcement of Hailstorm by a large company from the north west. ICEPick serves as a replacement for many of the services provided by Hailstorm without the central control of the users information. In the ICEPick system the user truly will own their information and can restrict access to those who they actually trust.” –Kimbro Staken, ICEPick
- “The DotGNU project will use good ideas from Microsoft as a source of inspiration, and Microsoft will probably also use good ideas from the DotGNU project as a source of inspiration. . . with DotGNU every Internet Service Provider (ISP) can offer the equivalent of Microsoft’s “Passport” service,and the ISP can customize and modify this service according to their customers’ needs. ” –The DotGNU Project
- “Sun Microsystems is quietly readying an alternative to Microsoft’s Passport, a linchpin of the Redmond company’s forthcoming Windows XP operating system.” –Heading MS Off at the Passport
- Lucas Gonze’s Yahoo! Groups Decentralization mailing list is always chock full of related high-level discussion.
Any must-read resources to add to the list? Please do suggest away! Planning on attending the BoF?
Adobe’s decision not to attend MacWorld NY is at first astonishing, but when you think about it, it really makes sense.
First, the astonishing part. Adobe applications have served as the core foundation for the Mac for many years. Sure, we need Microsoft Office in order to have our Macs in the corporate workplace, but we want Photoshop for our creative endeavors.
Mac computing without Adobe is like trying to paint a delicate watercolor with a 3-inch wide latex brush. I can’t imagine digital life without them.
Yet, if they were to go to MacWorld NY, what do they have to brag about? To date, their participation in the dawning of Mac OS X has been underwhelming at best.
We’ve yet to see a Carbon version of any of their applications except for Acrobat. And even worse, the only news they’ve managed to release has been the recent vague promise that Ilustrator and InDesign will be the next Carbonized apps.
I’ve heard all sorts of reasons why this might be. One is that the code base for Photoshop has become so tangled over the years that Carbonizing it is a horrific nightmare. Another explanation is that Adobe doesn’t like to say they’re going to do anything until it’s actually ready to go. So, no specific announcements of Fall releases until there’s light at the end of the programming tunnel.
Meanwhile, Adobe’s arch enemy, Macromedia has already Carbonized Freehand, and gosh knows what they’ll announce at MacWorld NY.
When you think about it, why would Adobe spend lots of money to attend a big party when they have nothing new to wear?
What a shame. A Mac party without them just doesn’t seem right.
Will Adobe suffer in the mind of Mac users as a result of their not attending MacWorld NY, or does it make any difference at all?
Related link: http://www.interesting-people.org/200107/0054.html
The State of Georgia University System has apparently levied felony charges and a $415,000 claim against a former IT worker for running a distributed computation application on their computers. They are claiming 59 cents per second for bandwidth use; “much of the claimed “misuse” occured
during xmas break where computers and network usage are close to zero.” OpenP2P.com Editor Richard Koman delves deeper in “Use P2P, Go to Jail. Any Questions?”
Related link: http://osx.macnn.com/news.php?id=7746
In “OS X’s Wiley Wireless Ways” I proclaimed, “Here’s where OS X and I go our separate wireless ways :-(,” due to lack of support for Lucent’s WaveLan 802.11b wireless cards. Now Open Source brings me back to my Powerbook G3 “Bronze” —
and, more importantly, my couch, back-yard, neighbor’s house, coffee shop, … As reported by MacNN, “Drivers for Wavelan cards (and possibly others) have finally arrived . . . Special thanks (and kisses ;-) to Ben Herrenschmidt, Louis Gerbarg and Rob McKeever.”
Related link: http://xmlhack.com/read.php?item=1290
pUDDIng is an Open Source implementation of a UDDI 2.0 registry — both client and server.
Related link: http://www.utm.edu/research/primes/curios/485…443.html
It all starts innocently enough with 4856507896573978293098418946942861377074420873513579240196520736… but this may very well be the first illegal prime number. “When written in base 16 (hexidecimal), this prime forms a gzip file of the original C-source code (sans tables) that decrypts the DVD Movie.” [via interesting-people.org]
A Melbourne man, testing and foiling a new Australian patent system, acquired a patent for a “circular transportation facilitation device” (read: wheel).
“But he has no immediate plans to patent fire, crop rotation or other fundamental advances in civilisation.”