Blogspot and Tumblr

Well, for those of you sick of hearing the trivial minutiae about how nifty LightDesktop is, never fear! Your prayers have been answered. I made a Tumblr Blog thingee just for LightDesktop stuff, so I can yammer on endlessly about file system optimizations and other such crap.

So now when I talk about LD here – it will hopefully be coming from a more personal perspective. In that vein, a few things to mention – one is that LightDesktop got mentioned on DistroWatch. It was just a little teensy one-sentence blurb, but I wasn’t quite ready for this. Whoops! I did send an email to the distrowatch people saying, “Hey guys, probably a bit early to mention me anywhere on your site or anything, but just wanted to let you know I’m around…” and I expected they might ask me a question, send some generic message that was like, “Hey, sounds good, good luck, let us know when you’re ready” or anything like that.

And I was troubleshooting something the next day or two and tailing the server logs…strangely enough I kept finding new people hitting the informational web site. I looked into the referer tags, and lo and behold, they’re clicking over from the DW article. Awesome!

So I went from getting one hit a day, up to 60, up to 800 the next day. So I’ve had to go run around and make sure my Google Analytics tags and such are working, and I realized the worst thing – actual downloads weren’t being tracked at all. So I had to build a little downloader script so I could track that, too. Hopefully, I got it. We’ll see.

And there have been a couple of little tiny things I wanted to mention here or there about LD, but I felt like I might be spamming to put them here. So, the Tumblr thing. First off, I have to say – man, coming back here to Blogger feels like going back in time 10 years. Tumblr has their shit together. It has nice, big pretty fields, beautiful stuff everywhere, insanely easy. It feels a little sluggish here and there, and feels all railsey all over the place – even though it may or may not be built on that. So I pop back in here to my old Blogger thing to check out what’s up – and wow. It feels old.

So within half an hour of setting up on Tumblr, I found a theme just makes me happy every time I look at it. Gotta have it. Knocks it out of the park (well, for me). Gotta get comments going, so I’m signing up for a Disqus account and trying to hook that in. Generally it’s working pretty well. One thing I didn’t like was when you look at a list of posts, it didn’t show anything about comments – and I wanted a comment-count to be listed there – I’m hoping to have people comment all the time. So now I have to customize my theme. And I’ve gotta say, not all that hard. A little poking around, a little documentation, and I’m done.

I can definitely say that if I were starting up a new Blog or whatever, I would, 100%, do it on Tumblr. This Blogger thing has been pretty good to me, but it’s definitely got its problems. And they’ve been the same problems for years and years and years. If I could find a nice way of exporting/importing articles…who knows, I might do it?

Food. I have made a really concerted effort to make sure to eat my full three meals a day today – I’ve been busy lately so I’ve been skipping quite a few meals. And I’m embarassed at the improvement to my mood and my energy levels from this relatively simple source. I’ve been plowing through feeling hungry, and smashing over actually feeling down and slightly depressed from not having eaten enough. Man, if I just ate normally, imagine what I could accomplish? I’m going to make a real concerted effort.


So as my millions of fans have begun complaining about my infrequent posting as of late, I thought I would try and hook up with this Twitter thing. It also has to do with my desire to not grow up and try and get hip to all of what the young kids are doing. Quite frankly, I don’t yet get it. But, if nothing else, it will allow me to send little short text message blurbs about what I’m doing or thinking and allow them to show up somewhere where people can see ’em.

I only just hooked it up to my phone – I should’ve done that before, it’s far more…’immediate’ that way. We’ll see. Keep an eye out on my little twittery section on the upper right hand corner (or wherever else I may have put it) of my blog.

More On Identity

Well, I was very excited to see that some people have created some pretty reasonable protocols to define what your ‘identity’ is in this whacky, Web 2.0 world we live in. Unfortunately, they botched. The protocols they define are based upon identifying yourself with a URL – giving the protocols near-complete decentralization. Yay! Except people aren’t URL’s. The closest thing they are is email addresses. Boo! Furthermore, the protocol adds lots of complexity in terms of what information you share or don’t share, etc. Signing up for an identity being completely separated from using your (completely separate) identity somewhere else. And the most damning thing, is that sites that use openid still retain their old username/password boxes from before. Yuck. Why wouldn’t they migrate everyone over? Because it can’t be done. Ugh.

So I was thinking about a radically simpler solution.

Here’s what I came up with:

#1) Guy gets to website he’s never been to before. He’s never used our system before either. He wants to do something that would require some kind of ‘identify yourself!’ thing. Maybe posting to a blog, maybe editing a Wiki article.
#2) The login thingee says ’email:’ and our guy puts in his email and clicks a button or something.
#3) The system emails him a big long ugly URL. Or maybe a short-and-sweet case-sensitive one. He clicks it.
#4) New window pops up saying, “OK, your info thingee has been validated or whatever. You may close this window”.
#5) He is done. He may even stay validated for another 30 minutes (hour? 2 hour?) or so so he can repeat this several times. On several different sites.

Let’s see what happens if he does go to another site –
#1) Guy now goes to somewhere else. He tries to do something else which requires identification.
#2) Login thingee says ’email’ which he puts in – or his browser auto-fills.
#3) A window pops up saying, “OK, you’ve already been authenticated as bobo@agladsfhlkyewiutykxjcnkjwheriwuehf.fromple, click here to use that identity on this site”
#4) User clicks. Is done.

Now if our user finds that this type of thing is happening to him all the time, he may get encouraged to ‘register’ so he can just has to put in a password to be identified. This encouragement might happen around step #3 above, once the dude has used this system a few times. There, instead of the email going out, a login screen would show up. He could log in, and be so identified for so long.

There! How’s that? Simple enough for ya!? OK, that’s how it acts, here’s how it should work.

When the user clicks the Login button it gets posted to my server. If his email address has never been seen before, it just sends him an email. Maybe after asking him questions like name or something. Maybe you can choose to make a password there too. When the user clicks on the URL he was emailed, he’s proven ownership of the email address, and a cookie is set on his machine, pointing to my domain. Probably set with a time limit or something. The page somehow gets magically redirected to where he was going.

The second time this happens the system has seen your email address before – it should consider asking you, “Hey, this keeps happening to you, do you want to set a password and use that instead?” If you’ve set a password, then you get a password prompt instead. Success implies cookie and redirection to wherever you were going.

Subsequent authentication attempts will still post to my site, but then your cookie will be detected, and you’ll just get a “OK, you want to auth to this site?” thing.

At some point something complicated will have to happen to inform the original site that you are, indeed, who you say you are. Ah! When you get redirected back, the original site gets URL parameters appended saying – here’s the dude, here’s a crypto hashey thing. Ah! You specify a ‘nonce’ thingee in your form which posts to me, upon return I hash the nonce, the date/time, your site URL, and your mother’s maiden name together into a big ugly base-64 thing which you are obligated to decipher. Hell, with the date/time, you can skip the noncery I think. Oh, no, you need it so people can’t just hash up gibberish and have you believe it.

You want the system to be super-duper simple, but not start forking over the dude’s identity willy-nilly.

So – I guess when you’re signing up, you can put in things like Full Name, city, etc – and maybe set certain things as private or public…?

Anyways, this version has these advantages –

#1) No differentiation is made between a ‘consumer’ and a ‘server’ – any site which uses this auth method can implicitly sign people on.

#2) People are E-Mail addresses.

#3) Minimal to nearly no commitment required on the user’s part – you don’t have to make much of an account, or anything.

#4) Easy(ish) to implement.

With the obvious disadvantage –

#1) No longer decentralized. But we’re not talking about lots of data here, it would be possible to scale a centralized identity service up.

#2) Phishing attacks – no more or less so than openid, but you still could find yourself a victim of a phishing attack with this system.

Edit – I found the idea for this stupid thing so simple and compelling that I just built it. It’s still in the conceptual/prototype stages right now, and I wouldn’t use it to secure anything I really deeply cared about just yet, but it’s there so you can look at it. It’s very early yet. Just look and think and stuff, don’t whine yet: – Your new…desk…to be…uh…working on. Or something.