Wednesday, November 30, 2005

The Gigapxl Project

I just listened to a great podcast from ITConversations that was a presentation at Pop!Tech 2005. It was a wonderful talk by Graham Flint about the Gigapxl Project. This is some amazing work where they are now taking pictures at extreme resolutions - close to 4 Gigapixels! That is close to 4000 Megapixels ... a LOT more than the digital cameras that you can buy today. They are using some highly custom cameras to be able to take pictures with incredible resolutions, built out of old U2 spy plane parts. These are still "film" cameras, but he also discusses the work on fully digital versions of these cameras being built.

In his talk he mentions some interesting things that they find when they are able to zoom in on these extremely detailed images. He talks about this image of paragliders on the coast of California. When his wife was reviewing the image, she found people watching with binoculars and telescopes ... but they were looking down ... not up! When they followed the track of the people's vision, they found that below the paragliders was a nudist beach! When they put this particular image in a museum, the resolution was so good that they had to mask the faces and heads of the nudists! This opens a whole new conversation about privacy ... and continues to beg the question "Is there such thing as privacy?"

The site has got a lot of very cool images, and examples of the abilitty to zoom. They even had a cityscape of my hometown of Pittsburgh, Pennsylvania!

I'll have to check which podcast had the Q&A, however they did bring up the questions of privacy. In this image of PETCO Park he talks about the fact that they have detailed images of ~15,000 people ... and how would you ever get a release from all of these people? As a friend and I talked about this, it means that a single photo of a demonstration or rally might give details images of the people attending. Uh ... what are you doing in that hotel room on the 15th floor?

It is truly some amazing work, and the podcast was a great listen. I've attached the link to this post ... we'll see if it works for you!

You mean what I say publicly can't be used against me?

I love this article ... and I'm almost amused at the perspective presented in this article - Blogger Blocked at U.S. Border. A Canadian citizen was blocked from coming into the U.S. from Toronto when U.S. border guards found references in his blog to being based in New York. The blogger seems to be surprised that someone would hold him accountable for what he wrote!

"One of them, a very sharp guy in fact, started to read every single post on my blog. And it didn't take long until he shocked me: 'So you live in New York, right? That's what you've written in your [blog].'"

Derakhshan did, in fact, write that he was based out of New York—mostly because it sounded "sexier" than saying he was based out of Toronto, he said.

But between his offhand blog comment and the fact that he was carrying a Newsweek magazine sent to him at a New York address, the guards found grounds to refuse his entry into the United States, for at least the next six months.

According to U.S. policy, as a Canadian citizen Derakhshan may be legally entitled to stay in the United States for up to six months.

Canadian citizens entering the United States as visitors for business do not require either a passport or a visa, although visitors are required to satisfy border guards of their citizenship, according to the U.S. Customs and Border Protection's site.

"It was obvious the guy was trying to find an excuse not to let me in, and he found something," Derakhshan told Ziff Davis Internet News. "He found that I said in the blog that I said I'm based in New York now. He said being based in New York is illegal."

Uh ... excuse me, but it seems to me that Mr. Derakhshan made the choice to be irresponsible with his writing ... he publicly claimed to be in violation of the law. The "sharp guy" realized that not only was this Canadian carrying a magazine with an address to him in the U.S., but he outright claimed to be "based" in New York ... in direct violation of the law!

So what is the big deal? You got what you asked for. You were more interested in "looking good" ("Derakhshan did, in fact, write that he was based out of New York—mostly because it sounded "sexier" than saying he was based out of Toronto, he said.") and are now surprised at the consequences of your actions and words.

It is always amazing to me when people want to act surprised when they get caught in their inauthenticities. I remember being taught to be very careful what I say ... and to understand the consequences of telling lies. It appears that either he really was based in New York illegally, or that his claims to look good have simply caught up with him.

In either case, I love the idea of the border guards using Google!

Friday, November 25, 2005

The value of learning multiple languages

Last night I was talking with a 13 year old who is creating some impressive works in Photoshop. He created some very cool graphics for his Counter Strike clan web site. I have to admit that I was really blown away by what he created.

As we talked I asked him what he used to create the graphics, and that is when he told me about using Photoshop. I asked what else he was doing on the web and he replied "Some Javascipt ... and a little PHP." Wow ... I was surprised. We talked about Javascript, and although his knowledge was not incredibly deep, he had a good grasp of the basics of the language. I showed him some of the stuff that I have been working on lately and he asked some good questions. We then progressed to talking about PHP, and he explained some of the small things that he is learning there. Impressive.

What struck me today is the shift in learning to "speak" different "languages". Decades ago, or even hundreds of years ago, it was seen as important to learn to speak other languages from around the globe. People in non-English speaking countries learned English. Most of the schools here in the USA taught middle and high-school students Spanish, French, German, and other languages. (I actually spent years learning Spanish ... although it is very rusty at this point!) It always seemed to me that the intent was to give me a leg up on interacting with people of other countries and origins. I have, from time to time, found value in my Spanish learning.

Today it now appears that the future is more in "talking" to computers and the Internet. And so now it seems there is more value in learning "computer" languages ... then "foriegn" langauges. As I thought about this today, I realized that this is probably true. More and more people from around the globe are learning English, and much of the Internet - and computer technology in general - is based on English. So where do children turn? To "interacting" with computers. And so understanding the languages used by computers is becoming more and more important.

Its fun to think about the evolution of computer langauges, and to see the various roots of the popular langauges. In addition, most of the scripting languages are becoming so high-level, and the component libraries so rich, that even a beginner at programming can create powerful applications. With the Internet as a platform, Web Services, XML, RSS, and many other standards are emerging as the APIs independent of operating system ... or programming "langauge". I can only imagine what a 13 year old, who today is learning Javascript and PHP, might be developing in 5 or 10 years. I know that it will be fun to see!

Thursday, November 24, 2005

New version of the RadioAtomBridge tool - v3.2!

Tonight I posted the lastest version (v3.2) of my RadioAtomBridge tool for Radio Userland . This tool is a way to mirror blog posts from Radio Userland to blogs that are hosted at The tool has been working great over the last year, but recently changed their API (wisely!) to require the use of SSL. I discovered this when my tool failed and stopped working.

I spent the last several weeks making a number of changes, and cleaning up the tool in general. There were several fixes that I wanted to get in place, and I think that I have covered the majority of them. The primary change was to allow you to specify using SSL/TLS for the ATOM posts. This does require a download from Userland of the Radio Userland TLS module ... but it's a free download.

I've done a good bit of testing, and have actually posted this article with the tool. I believe that I have things working well enough to release a build as v3.2 ... so go and grab a copy and give it a try! If you have problems, please post comments on the RadioAtomBridge blog ... I'll look for them there!

Sunday, November 20, 2005

Mother, Father ... and other mother?

So as the world evolves, so will the requirements for tracking identity and digital identity. It's no longer enough to have attributes for "mother" and "father" ... now we have to account for the possibility of multiple parents! This article talks about some research going on where an embryo will be created with genes from two mothers. So a child born of this type of research will have to be able to list their mother and father ... and other mother. As we continue to explore digital identity, I hope that people realize that the old ways of thinking about identity are long gone.

This reminds be of some foresight used by the authors of HumanML ... the Human Markup Language. When I was reading through their schema I was surprised to see that they have already accounted for the possibility that someone has had a gender-change operation! They already define the attributes for 'gender', along with 'gender at birth'! Yep ... they might not be the same.

The ironic issue is that this might not be enough ... what if they change their gender numerous times? May we live in interesting times. The world of identity is going to be rocked.
The cloned baby with two mothers. Daily Mail Sep 9 2005 8:10AM GMT [Moreover Technologies - moreover...]

Friday, November 18, 2005

What hacks and trojans are really about

Few people seem to understand what all of these viruses and malware are really about. Yes, there is a certain amount of spam that you get that is designed to then barrage you with pop-up ads ... as though you would say "Wow, what a great ad! I'm glad I get these pop-ups ... I'll have to go and spend money with these folks!"

One of the real business models behind all of this - the real people doing business in this space - are the ones that use large numbers of compromised computers at business and homes to launch DDOS (Distributed Denial Of Service) Attacks. These attacks are used for good ol' conventional extortion. It becomes a very simple case of "Pay me, or your Internet presence will be shut down!" The person who controls the compromised machines can easily "task" them to attack various web sites, at various times, and for various amounts of time. Reading this article, you can begin to get the idea that large scale "Internet vandelism" can quickly grow into a profitable - yet illegal - business. I recently read another article where a California 20-year-old had over 400,000 machines under his control as a massively distributed "botnet" that he could divide up and control as a virtual military force. Yes ... 400,000 machines!

A while back I had one of my Linux boxes compromised through a hole in a Open Source PHP application. The attackers were able to install and execute a small script that pulled down and ran a larger script. That one actually attached to an IRC server and waited for additional commands. I found that they then sent a command to download a DDOS script, and would then begin to run it from time to time attacking various sites. I discovered this whole scenario when I noticed that my DSL line would get swamped from time to time and isolated the traffic to that Linux box. I actually had some fun before cleaning everything up. I did patch the hole, but I modified the DDOS script to simply log information about the command and the target, but not actually generate the traffic. It was fun to review the log and see that my box was being controlled by a compromised machine in South America, and that I was being to used - at one point - to attack an on-line gambling site.

This got me thinking a lot about what we don't know that we don't know about the whole world of the Internet, spam, viruses, and malware. In addition, it reinforces the levels of indirection that can easily be created to hide the identity of the controller. But not forever!

Hackers Admit to Wave of Attacks. With their ringleader on the run, two cybervandals own up to using an army of compromised PCs to take down sites for commercial gain. By Kevin Poulsen. [Wired News]
[tags: ]

Outsourced Identity Theft

I know that this type of identity theft is why so many people are working on identity solutions. I believe that these types of incidents are going to be on the raise for a while. What is interesting to me is that I am not sure that this can prevented except through the use of harsh penalties.

What we have is a company who specializes in outsourcing various work, and number of companies who have entrusted their customers - and their identity data - to this outsourcing entity. Within the outsourcing entity, there are employees - or this one employee - who saw the opportunity to compromise the system from the inside!

While I was working at Novell, we often saw the hacker/security breach reports that floated around, and in almost all of the cases that I could remember the biggest breaches were from the inside! We can do everything that we want to protect the identities of others, however when we have someone within our company - within our community or context - that is committed to exploiting our identity for their own purposes, there is little we can do. This becomes a fundamental breakdown within that community ... and for significant violations in the past there were severe punishments. This truly gets at the roots of the meaning of being fired!

Indian call center worker arrested. In a new case of alleged data theft, Indian police have arrested a call center employee in the outsourcing hub of Gurgaon. [CNET]
[tags: ]

Tuesday, November 15, 2005

Your Identity on Pluto!

It's actually too late to sign up ... but you could have had your name included on a disc being sent via a spacecraft to Pluto! Be the first one on your block to have your identity known to Plutonians? Click here to read more.
Send your name to Pluto. Want your name to be included on a list in a spacecraft headed to Pluto, and be returned to earth in 50,000 years? Click Here [The Hawker Squawker]
[tags: ]

Friday, November 11, 2005

Public Distributed Sensor Networks

I remember talking with Phil Windley about one of his ideas to leverage OnStar as a distributed sensor network. He posited that all of these cars tend to have temperature sensors, some form of GPS, and the wireless communications ... they could be used to create a nationwide temperature map.

Now here is another article about taking this further to use cell phones as the source of distributed sensor information. Very cool idea. Everyone carrying the right kind of cell phone could opt-in to providing sensor data to one or more servers. A huge variation on SETI@Home!

Let's see ... what would someone pay me to participate in this? And protect my identity ...
Saving the World With Cell Phones. Scientists work to turn mobile phones into a distributed network capable of measuring pollution levels -- and possibly detecting biological weapons before they can be launched. By Rachel Metz. [Wired News]

Thursday, November 03, 2005

InfoCard Insights

While at Internet Identity Workshop 2005 I really enjoyed meeting Kim Cameron in person, along with Mike Jones ... both from Microsoft. They seem to be the current human-side of InfoCards.

I was really waiting to see a good demo of what they are up to, and I have to say that I like the overall solution. It's a very well thought through solution, and I can see why Microsoft is going to move forward with it. I'm not going to get into the good vs. bad debates ... and I'm not going to argue about the evil empire wanting to own all of our identities. Its not about that, and I can see all sorts of places where my companies can participate, and where even those in the Open Source world could jump in if they felt like doing so.

There was one interesting place where I felt that InfoCards is lacking ... and that is removing the tedious re-typing of identity information from the user. I hate entering data into forms. This is why I really like the possible Firefox/IE enhanced form-fill solution. The browser can start to enter information for me ... and only require my approval before posting.

Why I believe that InfoCards is lacking here is the example that I asked Kim about during his demonstration. I wanted to write about it here, hoping that he might offer a different perspective, or explain how I missed something.

Kim explained how I can create new "self issued" identity cards, or can have a card issued to me by a web site or other entity. What was interesting to me was that if the site wanted to issue a card to me, InfoCards would not provide any assistance in providing my information to the issuer about my identity. I understand the security choices here, however this is what I see coming ...

I go to Domino's web site ... they offer to issue me a card. I get a form and hand enter all of my information: my name, phone number, address, favorite toppings, favorite drink. I get a InfoCard from Dominos.

I then go to Wells Fargo's web site ... they offer to issue me a card. I get a form and hand enter all of my information ... again: my name, phone number, address, employment info, etc.

I then go to E*Trade's web site ... they offer to issue me a card. I get a form and hand enter all of my information ... again: my name, phone number, address, SS#, employment info, etc.

I then go to Delta Airlines web site ... they offer to issue me a card. I get a form and hand enter all of my information ... again: my name, phone number, address, seat preferences, etc.

I then go to JetBlue Airlines web site ... they offer to issue me a card. I get a form and hand enter all of my information ... again: my name, phone number, address, seat preferences, etc.

Great ... I get all these cards that are later useful ... but I have had to enter my info over and over and over again. Yes ... I hear the Liberty Alliance folks out there yelling "But we'll federate all of these companies behind the scenes so that they'll all know you!" But I DON'T WANT THAT!

Maybe it's going to take the full combination of technologies to solve this ... I use the Firefox solution (Mike ... hurry up and write that thing!) which actually fetches the form-fill values from a LID or SXIP Identity Store, and then auto-fills the form that gives me an InfoCard. Uh ... it's sounding complex ... but maybe that's it.

Oh ... sorry Drummond ... I'll have to think about where I used the i-Name in there. ;-)

Wednesday, November 02, 2005

Internet Infrastructure Ignorance

While at Internet Identity Workshop 2005 this past week, one of the interesting issues that came up several times related to name spaces. Specifically, there were numerous times where people voiced their opinions about how name spaces "should" map onto the Internet, and they used DNS as an example of how things "should" be. The problem is that they demonstrated, by their words and arguments, that they were ignorant of how DNS works. The infrastructure of the Internet has become so transparent, that it seems to me people have begun to make gross assumptions about it's architecture, and this is what is the root of many of the security and privacy issues that we are seeing today.

I was looking forward to the presentation by Drummond Reed about XRI/XDI. One of my concerns in any solid digital identity solution is the freedom to choose. I am not a big believer in compulsory community membership, but instead believe that true freedom is represented by our ability to move in and out of various communities at will, and to create new communities as we want. I really like this thought from "The Meaning of Life - Part II":

There are millions of different social groups in the world, political, economic, religious, philosophical, and cultural. These groups are all trying to bring their particular vision into focus and build a life that is related to the central principles of the group. Each of these groups is an experiment in progress. As time passes, the ideas that are developed within these groups either spread to the society as a whole or are abandoned as unworkable. This is a Darwinian process that develops better ideas in the same way that evolution is supposed to develop better animals. You can find more information about this notion of “idea evolution” at the Memes: Introduction site. Even groups that you personally dislike are working in your behalf, attempting to build visions of the world that might allow you to interact with the world more creatively and successfully.

Groups also serve as symbols in the social world. Groups with different beliefs than your group provide you with viewpoints you wouldn't have otherwise considered. They also represent parts of your own mind that you are not focusing on. However, if you fear those parts of your mind, this representation can degenerate into projection, which is a bad thing.

What does this have to do with DNS and digital identity? It is that I want the freedom to NOT have one name, one identity, or one reference across all communities. Yes, there might be some places where I would benefit from some level of federation. At Internet Identity Workshop 2005 I actually saw where OpenID is intended to not only provide Single Sign-On, but also is specifically designed to cause a level of federation across web sites. I DO NOT want this to be a requirement. I am ok with it being an option. It is this flexibility that I believe will allow a particular solution to become successful and ubiquitous.

So ... I really wanted to hear more about XRI/XDI and i-Names because I specifically wanted to learn if they were going to try to "root" the entire name space into one fixed community. My real question was: "Is XRI/XDI yet another Internet 'tax' like Domain Names (DNS), where you have to pay some entity on an annual basis to use the value of the technology?" Or, was XRI/XDI simply one solution that could be "rooted" anywhere, and allow for the emergence of various communites to use the technology, and have the naming relative to the community. To my relief, the latter was true. XRI/XDI is based on specified root servers, and so naming resolution is based on what root servers you choose. In the end, what this means is that my i-Name is only relative to the community. It is not necessarily a globally unique identifier for me. It also means that any community can set up their own root servers, and create name spaces of their own. In the end this means that =drummond.reed only refers to Drummond within the context of a particular community! Bingo! I like it!

What shocked me was the almost immediate upset expressed by numerous people at the conference. They wanted these names to be absolutely globally unique . .. so that no one would ever be able to get "my" name, and there would never be any ambiguity about who was being referred to by an i-Name. I fully understand the desire, however what shocked me was the references to DNS as having this characteristic! People actually believe that DNS provides an absolute unique identifier in any context! The DNS system has become so transparent, and ubiquitous that people no longer realize that it is simply one community for naming on the Internet ... and there is nothing locking people into using it. These people do not seem to realize that I can set up my own root servers, and resolve and DNS name to any IP address that I like! In fact, I'm quite surprised that the Open Source community has not stepped up to revolt against the "Intenet tax" imposed by ICANN and re-ignited the efforts of OpenNIC, AlterNIC, and many of the other early pioneers in creating a truly free naming system on the Internet.

DNS naming only works because our servers, workstations and laptops all obey the rules, and the default configurations imposed on us by our Operating Systems, ISPs, and DHCP servers. Anyone who has installed a DNS server could easily find the default InterNIC root server list in one of the files on their system ... /var/named/ on my Fedora Core 4 install. I could go into my DNS server and define "" to be any IP address that I want. If you then happened to route through my DNS server (by being on my network) then you would get *my* name resolution ... not InterNICs. If I was an ISP, or even an Internet Cafe, there is little that you could do, and in fact you would most likely just trust that the DNS server you were using was trustworthy. Another common hack used by trojan horses on the net is to modify your local hosts file. Most all systems have a hosts file that will resolve naming on your local machine without requiring DNS at all! If I put an entry in your hosts file for "" then it will never even use DNS to attempt to resolve the name correctly.

There is nothing in DNS that stops me from adding other root servers, and creating my own free Top Level Domains (TLDs). It is only because people just fall in line with the DNS configuration that it works. It is only because we allow our machines to automatically join the ICANN community. It is only because of our ignorance and lack of education about how all of this works that we think that DNS names are globally unique in all situations. DNS names, and all naming, are the products of specific communities or contexts. Although these communities might grow to be so large that we can't seem to see anything else, there still is the something else. I actually like it that way.

Tuesday, November 01, 2005

Post-IIW2005 Client-side Identity Management

After getting home from Internet Identity Workshop 2005 there are a number of thoughts on my mind. Probably the best conversation that I had was with the group around Mike Shaver from He suggested a conversation about what client solutions could be developed to enhance digital identity ... and I love client solutions.

The value of a client solution, and the core of this conversation, is that client solutions can often be created without having to touch the server! Mike wanted to hear what might be done in the browser - Firefox - that could enhance digital identity, without any server integration. My suggestion was - enhance the form filling!

Today we are all familiar with the "form fill" capabilities in the browsers. They keep track of previous entries in text fields, and also in username/password fields, on the various web pages and web forms that we use. The browser is in a unique position to truly add value to everything that I do ... this is greasemonkey++ for digital identity. The browser could begin to keep a local or remote (e.g. LID, LDAP, etc.) store - that I can edit and alter - of all of the bits of my identity that are asked for by web sites. It could allow me to alter the values - on a per site basis - to custom tailor what I give out to anyone. It would keep track of what I gave to who. It could even incorporate functionality to automatically post to web sites when I change my local information ... like when I move to a new home, or job. Mike suggested that a repository of web forms could emerge as users develop and document the multitude of sites and their forms and how to interact with them. That is a grass-roots digital identity solution.

It seems to me that Firefox and Internet Explorer are best positioned to take on this challenge, and to begin to incorporate truly useful functionality that would remove much of the tedium of entering personal information. In addition, they could allow me to stay "in control" of what I am giving to web sites and automating much of what I do today when filling out forms. What is cool is that if Firefox did it, it would have a huge leg up even if IE failed to adopt and implement the capabilities. It could really become a killer app for Firefox.

The current implimentations are far too limited. Some of the issues that I have thought of so far are:
  1. There is no easy way to view the information that was stored, to edit these values, and to manage how they are used. I want to delete a mis-typed autofill value, or change a password.
  2. I am not prompted, on a per site basis, if I might want to use a previously entered value - even if the form uses a different field name. I want to associate a field named "phone" with the values that I have entered for "phone number"
  3. When filling in a value, I want to enter a "lie" for that particular site. Hey ... I'm just being honest that I lie to some sites!
  4. I want a full audit of where I have given out my information, when, what information, etc. This allows me to review what I have provided to which sites and when.
  5. I want to specify where the browser gets and stores the information used in form filling. I want to use LID! I want to use a LDAP directory!
  6. I want assistance in accumulating my digital identity over time. Bit by bit as I am asked for my identity I want it kept so that I don't have to keep typing the same info over and over again.
In my opinion, this type of enhancement could truly alter how we interact with web forms, and share our personal identity information. What is really cool is that this can be done today ... on the client ... without requiring any server changes, and without requiring sites to adopt new servers or technologies. Users benefit regardless of what the web sites and servers do ... imagine that!