Sean Middleditch » 2008 » February
So, I’ve tried toying around with OpenID a bit, and I’ve come back feeling a little unimpressed.
There are two problems. First, it is still a super pain in the ass to setup an OpenID server. None of the servers I could find were installable with a simple tarball unpack and config script - they all required source modifications and even then didn’t really work. There are toolkits for building OpenID servers, but no ready-to-run servers.
The biggest problem though is just the user-experience as a whole. Having to type in anything at all is still kind of clunky. I want single sign-on - if I am online, any site I go to should be able to verify I am the entity I was last time (with the ability to easily allow/deny sites from doing so). I shouldn’t need to type anything in. The amount of information available to the system should be more than enough for any site, be it a simple blog comment form, a forum, or an online store.
I’m all for having a server to centralize this, but I don’t think the technology should be built around users interacting with this server. The server should be a storage medium at most, not the actual UI. Instead, I am imagining a browser extension (which should be possible for Gecko, IE, WebKit, and Opera) that exposes a new JavaScript object, something like window.AuthService. This object allows the site to query information about the current user, including name, email, contact information, etc. It will also be able to retrieve a user ID (which would probably be an email address, or something else guaranteed to be unique per-user) as well as a site token. This token would be a completely unique and cryptographically strong random identifier that is associated with the user ID and the site domain. In particular, each user/site combo gets a different token.
So, I connect to google.com, and it wants to know who I am. It queries window.AuthService.userId and window.AuthService.siteToken and gets ’sean@mojodo’ and ‘F583AC9…4AC’ back. It then uses these to log the user in, or create a new account (which in many cases could be completely silent).
The first time a site attempts to access the AuthService object, the browser can display a popup (or one of those notice bars that are becoming popular) informing the user that the site wishes to identify him, and allow him to accept the authorization (possibly selecting between multiple profiles), permanently accept it, deny it, or select the access level (id and token only, id token and contact info, etc.).
The central server comes into play by allowing the browser to configure such a server (which could easily just be an LDAP server) to grab identifies from. Browsers set up in public terminals could be configured to ask for the server login information when the user first accepts an AuthService request (and not store this information past the end of the browser session). This allows users to keep their authentication information somewhere central, but keeps the UI solely in the browser allowing for a far better user experience.
Obviously a lot of details need to be worked out, including the exact interface (would it be better to use HTTP headers rather than or in addition to JavaScript?), the UI needs to be nailed down, etc.
I’ve considered writing a Mozilla extension for this (as well as extensions for WHAT-WG Connection class and Server-Sent DOM Events), but writing extensions for Mozilla is such a byzantine process and the documentation on how one might register new objects in windows (and do so securely - the docs just say it’s insecure if not done right, warning you not to do it, which is fucking useless compared to just explaining how to do it correctly and securely) that I haven’t been able to get anywhere on any of those ideas.
In the end though, I think OpenID is pretty much dead technology. At most it might become very slightly popular with blogs for posting comments, but it’s usefulness pretty much ends there. The UI sucks and the ease of user control and information handling is too lacking.
I finally got my hands on the domain I’ve been drooling over for over a year now, and am currently in the process of converting AwesomePlay Productions, Inc. into Mojodo Inc.
I’ve kind of hated the name awesomeplay for a long time. I came up with it back when I was, oh, 11. I think it was a direct rip of Interplay Productions, my favorite computer game company at the time (they published Dungeon Master II and Stonekeep). The name is pretty lame, dated, and unprofessional. Mojodo on the other hand is totally Web 2.0, which is also kind of lame in its own way, but what else is expected when every other reasonably intelligent domain name is taken. :)
The actual company site, once I get it developed, will be hosted at mojodoinc.com, and a new Service (oh crap) will be hosted at mojodo.com once I have the time to invest in that.
In slightly unrelated news, it’s kind of surreal that I’ve found articles written about PHP-Sugar already. Hopefully soon the new domain will be the top hit for Google searches, and the online reference manual should be ready in a week or so. 1.0 isn’t far away.
Several bugs were found in the 0.72 release of PHP-Sugar, so I’ve released 0.73 with fixes.
The two main fixes are a correction to the Sugar::isCached() method to always return false in debug mode and fixes to avoid warnings and errors in E_STRICT mode.
I also fixed up some of the tests to work properly again, and added a new test for comments.
Earlier today I registered php-sugar.net, and installed the site code from sourcemud.org. The site code isn’t quite complete (the bug tracker, for example, doesn’t let me edit bug statuses yet, nor search for closed bugs), but otherwise I’ve got a complete project hosting solution ready. Things are even better when using git, since I have a very functional git browser built in to the sourcemud.org code; too bad php-sugar uses Subversion.
Even more interesting than the new site, however, is the release of PHP-Sugar 0.72. This release contains the last of the major feature additions before I’m ready to move towards a 1.0 release. The new feature is that HTML caches now store the list of all template files used to create the cache, and these files are checked on cache load to see if the cache is out-dated.
There are certainly some more cleanups and very minor feature additions I’d like to do (mostly new functions for template authors), but php-sugar is for the most part feature complete at this point. Hopefully I can get a 1.0 release out in the next month or two.
So I decided it was finally time to pop my Inkscape cherry and give vector graphics a try.
I needed a logo for Source MUD. I used one of those Flash-based logo designers to come up with some ideas, but naturally I couldn’t use anything I created due to licensing issues. I took one of the designs and decided to go with that, albeit created from scratch and using a font I had legal access to.
The result is this:
Yeah, it’s not exactly the world’s most complicated design. It’s made up of three paths and some text. It took some time to get that done, though, since I needed to learn exactly how one does graphics with Inkscape.
First was the creation of the blue squiggle shape thingy. I created the center line, then the left and right lines. Then I tried to figure out how the hell to get the color fill. After a lot of playing around, I eventually discovered that I’d have to merge the paths into a single object. I cloned the center line, and created an object of the center line and the left, and a second of the cloned center line and the right. Filling these produced some… weird results. I needed to merge the end control points of the two paths that each object was made of, but I was having trouble getting this to actually work consistently. I found that I needed to get the points very close together (_very_ close) before merging. Then on the right-hand side I kept getting a weird line segment pointing out into the middle of nowhere every time I merged. I played around a bit more and finally got that to work.
Then it was just a matter of lining things up, adjusting line widths, sizing things, etc.
Exporting to the PNG was the most difficult part. I’m really not happy with Inkscape’s export facilities. First, the default was to export the “drawing,” not the whole image, so the output was cropped down from the image size I had originally requested (web banner). That seemed a goofy default given that I had asked to make a web banner image. Second, the background was always transparent, which I really didn’t want - IE6 is still way too common to rely on transparent backgrounds in PNGs. The only options in image export though were basically canvas size options. I ended up making a large white rectangle, moving it to the bottom of the object stack, and then exporting the page to get the final PNG.
And there we have it.
The last year and a half at the old apartment has watched me get really out of shape. One of the niceties of the new apartment is that I am on a concrete slab, so I can actually get my workout equipment here. Unfortunately, I’m not sure my 500 lbs. treadmill can be moved down the stairs and through the doorways realistically. However, the main office does have a gym.
I just tried doing my first set of situps (my new couch gives me something to prop my feet under), and I managed to barely do 44 before my knees and back gave out. 44. Pathetic. I tried to do pushups, and managed to get through 3 before my arms gave out. That’s really pathetic. I only hope that my performance is degraded a bit due to my current severe cold, and that once it’s shaken off I’ll be at least relatively close to what I used to be able to do.
The current plan is to get the Bowflex in my bedroom after I figure out what to do with the piles of books, and then give thought to getting the treadmill in here. If that doesn’t work out, I’ll start using the one at the gym, although I’ll need to figure out what to do about music in that case. I’m also not particularly fond of walking to the office in gym clothes in this weather, so I’d really prefer to get my treadmill in here.
I seriously need to get back in shape. For the first time in 4 years I’ve actually gained weight, and my waist size increased. Most of my super sexy muscles are all but gone, too, so I need to work those back into shape.
I’m in turn going to have to increase my protein intake. The whole “going organic” thing makes that slightly more difficult, as getting my hands on affordable all organic beef is not particularly easy, and I’m not a huge fan of most other sources of protein. (Peanut butter is an exception, but as I said in my last post, I need to seriously cut back my peanut butter consumption, not increase it.)
I’d like to be in “not embarrassed to go to the beach” shape by July. Hopefully between my more reserved diet and working out again, I can get there by then. I don’t have a ton of time, but I’ve once already lost more than twice this amount of weight in less than half the time I have until July, so I’m confident I can do it again.