politics

Can’t we all just get along?

“I know there are people who do not love their fellow man, and I HATE people like that!” – Tom Lehrer

A
couple of weeks ago, I was at a toddler birthday teaparty (actually, I
was in the next room at the time, drinking a beer and watching college
basketball with the other parents). One of the moms who was there was
telling me, for one reason or another, how her outgoing and blunt
demeanor didn't usually yield a favorable first impression. “People
either love me or they hate me,” she said.

“I can't hate anybody,” I replied.  “It takes too much energy.”

It's
true. Generally speaking, I can't even stay angry at people for very
long, if I know them.  And I tend to give those I don't know the
benefit of the doubt when they run afoul of me; never mistake
incompetence for malice, I always say.  Odds are that, if I had a
non-alchoholic beer or two and some pretzels with George Bush, I'd
probably find something to like about him.

And there's the
rub.  America is full of people who hate other people right
now.    And for the most part, we can thank so-called
religious leaders for that; the lack of tolerance preached in Jesus'
name is such that, had he not risen from his tomb on Easter, he'd
certainly be spinning in it now.

There's the hate that comes
from dissonance–people learn one set of Truths for their whole lives,
and naturally they respond negatively when told those Truths are, in
fact, Lies.  There's no room for debate over fundamental
assumptions about the Underlying Truths of the Universe, especially
when one of those Truths is that all who believe otherwise are Evil.

Then
there's the backlash hate.  There's the hatred that comes from the
righteous anger that the gay community feels because of the intolerance
directed against them in the interest of political gain (thanks to
those Klansmen posing as prophets at CBN and elsewhere); there's the
hatred spawned by anger at the boldfaced lies told by political leaders
daily, which are taken by their followers as gospel.

The whole
tenor of political and religious hate-speech as discourse has spread
into so many other aspects of our lives, too. It seems that our default
response to anything that vaguely threatens our sense of infallibility
is the middle finger.

What ever happened to “Live and let live”?
To “Love thy neighbor”? Why is so much of our lives defined by who we
can't stand? Maybe it's because it's easier to hate people we don't
understand or agree with than it is to actually learn about them as
people and understand their point of view.

It's time for the
whole country to just step back for a moment, take a deep breath, and
get over itself. Get your nose out of Leviticus, and start looking
around at the human condition; judge not lest ye be judged. Agree to
disagree, but find common ground.  And if you can't be nice, as
Bill O'Reilly would say, “SHUT UP!”

Standard
politics

Can't we all just get along?

“I know there are people who do not love their fellow man, and I HATE people like that!” – Tom Lehrer

A
couple of weeks ago, I was at a toddler birthday teaparty (actually, I
was in the next room at the time, drinking a beer and watching college
basketball with the other parents). One of the moms who was there was
telling me, for one reason or another, how her outgoing and blunt
demeanor didn't usually yield a favorable first impression. “People
either love me or they hate me,” she said.

“I can't hate anybody,” I replied.  “It takes too much energy.”

It's
true. Generally speaking, I can't even stay angry at people for very
long, if I know them.  And I tend to give those I don't know the
benefit of the doubt when they run afoul of me; never mistake
incompetence for malice, I always say.  Odds are that, if I had a
non-alchoholic beer or two and some pretzels with George Bush, I'd
probably find something to like about him.

And there's the
rub.  America is full of people who hate other people right
now.    And for the most part, we can thank so-called
religious leaders for that; the lack of tolerance preached in Jesus'
name is such that, had he not risen from his tomb on Easter, he'd
certainly be spinning in it now.

There's the hate that comes
from dissonance–people learn one set of Truths for their whole lives,
and naturally they respond negatively when told those Truths are, in
fact, Lies.  There's no room for debate over fundamental
assumptions about the Underlying Truths of the Universe, especially
when one of those Truths is that all who believe otherwise are Evil.

Then
there's the backlash hate.  There's the hatred that comes from the
righteous anger that the gay community feels because of the intolerance
directed against them in the interest of political gain (thanks to
those Klansmen posing as prophets at CBN and elsewhere); there's the
hatred spawned by anger at the boldfaced lies told by political leaders
daily, which are taken by their followers as gospel.

The whole
tenor of political and religious hate-speech as discourse has spread
into so many other aspects of our lives, too. It seems that our default
response to anything that vaguely threatens our sense of infallibility
is the middle finger.

What ever happened to “Live and let live”?
To “Love thy neighbor”? Why is so much of our lives defined by who we
can't stand? Maybe it's because it's easier to hate people we don't
understand or agree with than it is to actually learn about them as
people and understand their point of view.

It's time for the
whole country to just step back for a moment, take a deep breath, and
get over itself. Get your nose out of Leviticus, and start looking
around at the human condition; judge not lest ye be judged. Agree to
disagree, but find common ground.  And if you can't be nice, as
Bill O'Reilly would say, “SHUT UP!”

Standard
General Chaos

Weblog comments, and the $900 toilet seat meets Bill O’Reilly

A few years back, there was a huge scandal over wasteful military spending when someone looked at the line item for
the toilet seat for the head on a P-3 Orion patrol plane, and saw it was $900. “NINE HUNDRED DOLLARS for a toilet seat?” the
scandalized cried. Of course, it was never pointed out that the toilet seat was, in fact, the enclosure for the whole toilet system,
in addition to being the toilet seat, and it had to pass MilSpec. And it certainly wasn't the kind of seat you'd want to bolt to
your household toilet–it was a bit too, er, robust.

The software world is full of $900 toilet seats–things that we build to be mission-critical and bullet-proof that become too
complicated for any sort of general application. And it appears, as I continue to review the specs from Liberty Alliance, that they
have turned federated identity management into a $900 toilet seat.

Dave Winer responded to
my earlier line of reasoning on identity systems
, and his comments were pretty much in line to what I got from other people–and with my underlying
suspicions. In the aggregate, the comments regarding an identity framework like Liberty Alliance clustered around three points:

  • It's scarily complex, in ways that it just doesn't need to be
  • It uses SSL communications, which is overkill for lightweight applications like comment authentication
  • It's only implemented in .Net and Java–where's the Python/Perl implementation?

In short, it would be like using a
MOAB bomb
to kill a cockroach: theoretically effective, but not necessarily optimized for the task.

But is any level of authentication appropriate to the task? And if you've got enough comment traffic to justify putting
authentication on top of comments, why the hell are you using a weblog to host them–when a discussion board
with user authentication would be more appropriate?

Unless your're Presidential timber, odds are that your comment stream
averages under 6 per post. If you run a tumbleweed-infested blog like mine, you're lucky to get one comment a
month. Sometimes, it's even a relief to get comment spam, because you know that your site is actually visible to
someone in the outside world.

Let's face it–the problem isn't really comment spam. The problem is that, as one friend of mine says, “Comments suck.” Moveable Type's
implementation of comments is to be commended in that it allows you to turn off comments after a while, or delete
undesired comments; but it puts comments under a well-known CGI script called mt-comments that is just aching for
robots to exploit it. Don't believe me? Google it. There are 1.8 million
instances of URLs with mt-comments out there for a comment spammer to exploit, and the format of the POST is pretty generic
across all of them.

The easiest solution to comment spam? I call it the Bill O'Reilly Memorial Three Step “Shut Up!” solution:

  • Send the editor an e-mail notifying him or her about a new post, with
    its comments.
  • Within the e-mail, include a link that, if clicked upon, automatically deletes the post.
  • Add a setting to the weblog configuration that shuts comments for a post off after a user-selectable period of time.

Those features would reduce the work of catching and eliminating comment spam by 80%. And they don't require authentication.

So, does that mean there's no call for cross-site authentication in the blogging world? No. But
there's no need for most people to implement TypeKey (or “You Know Me”, or whatever) on their weblog.

Standard
General Chaos

Weblog comments, and the $900 toilet seat meets Bill O'Reilly

A few years back, there was a huge scandal over wasteful military spending when someone looked at the line item for
the toilet seat for the head on a P-3 Orion patrol plane, and saw it was $900. “NINE HUNDRED DOLLARS for a toilet seat?” the
scandalized cried. Of course, it was never pointed out that the toilet seat was, in fact, the enclosure for the whole toilet system,
in addition to being the toilet seat, and it had to pass MilSpec. And it certainly wasn't the kind of seat you'd want to bolt to
your household toilet–it was a bit too, er, robust.

The software world is full of $900 toilet seats–things that we build to be mission-critical and bullet-proof that become too
complicated for any sort of general application. And it appears, as I continue to review the specs from Liberty Alliance, that they
have turned federated identity management into a $900 toilet seat.

Dave Winer responded to
my earlier line of reasoning on identity systems
, and his comments were pretty much in line to what I got from other people–and with my underlying
suspicions. In the aggregate, the comments regarding an identity framework like Liberty Alliance clustered around three points:

  • It's scarily complex, in ways that it just doesn't need to be
  • It uses SSL communications, which is overkill for lightweight applications like comment authentication
  • It's only implemented in .Net and Java–where's the Python/Perl implementation?

In short, it would be like using a
MOAB bomb
to kill a cockroach: theoretically effective, but not necessarily optimized for the task.

But is any level of authentication appropriate to the task? And if you've got enough comment traffic to justify putting
authentication on top of comments, why the hell are you using a weblog to host them–when a discussion board
with user authentication would be more appropriate?

Unless your're Presidential timber, odds are that your comment stream
averages under 6 per post. If you run a tumbleweed-infested blog like mine, you're lucky to get one comment a
month. Sometimes, it's even a relief to get comment spam, because you know that your site is actually visible to
someone in the outside world.

Let's face it–the problem isn't really comment spam. The problem is that, as one friend of mine says, “Comments suck.” Moveable Type's
implementation of comments is to be commended in that it allows you to turn off comments after a while, or delete
undesired comments; but it puts comments under a well-known CGI script called mt-comments that is just aching for
robots to exploit it. Don't believe me? Google it. There are 1.8 million
instances of URLs with mt-comments out there for a comment spammer to exploit, and the format of the POST is pretty generic
across all of them.

The easiest solution to comment spam? I call it the Bill O'Reilly Memorial Three Step “Shut Up!” solution:

  • Send the editor an e-mail notifying him or her about a new post, with
    its comments.
  • Within the e-mail, include a link that, if clicked upon, automatically deletes the post.
  • Add a setting to the weblog configuration that shuts comments for a post off after a user-selectable period of time.

Those features would reduce the work of catching and eliminating comment spam by 80%. And they don't require authentication.

So, does that mean there's no call for cross-site authentication in the blogging world? No. But
there's no need for most people to implement TypeKey (or “You Know Me”, or whatever) on their weblog.

Standard
Administrivia

Liberty from Spam.

There's been some interesting debate recently
over how to handle one of the thornier issues
of the blogosphere: comment spam. What's puzzling is that the conversation is taking place in parallel
to the quest to deal with spam e-mail, while both problems hinge on the same basic issue: verifying someone's
identity, and determining whether they can be trusted.

Maybe it's just me, but it would seem the answer to these two problems would be the same–a way for someone wishing
to communicate to assert their identity without having to resort to a digital signature (the most, er, “robust” way to
verify identity, but not necessarily practical for weblog comments or quick e-mail missives). That sounds like a job for federated single-signon. This is the sort of
application Microsoft had in mind for its Passport identity system when it planned Hailstorm, and it's
the impetus behind the Liberty Alliance.

So, why is there this disconnect? There is an open-source
implementation of the Liberty Alliance spec,in Java and in .Net. But, erm, despite what the marketing people will
tell you, most websites (particularly weblog comment systems) do not run on .Net or Java. And why would SixApart or Userland
want to choke on the hairball of single-signon code that they'd have to create just so someone could assert their identity
with their, say, AOL account?

Well, because it might work, for one thing. It would save them the trouble of setting up and maintaining
their own identity systems, and ensure compatibility between their solutions. It would simplify their users' lives,
because they could globally assert trust levels for e-mail, instant messaging, and weblog commnents. While digital signatures are
bound to become more prevalent in corporate e-mail, it would make a ton of sense for identity systems based on Liberty
to be applied to consumer e-mail systems at least; enterprise-class users could serve up their own identity federation.

And it sure
beats the hell out of using digitally-signed FOAF files for user simplicity.

That, plus it will probably scale better. But considering the constant dickering over syndication standards,
it would be hard to imagine anyone in the blogware world (other than, say, Google, who could turn Orkut into
one giant identity assertion service) would try to follow someone else's standards. And aside from the sheer
intimidation factor that the Liberty spec has, I'm sure there are other reasons I'm missing that it doesn't
apply to the blog world.

I guess.

Standard
Administrivia

iSight: is the novelty gone? (Or do I have a face for text?). A few months ago, I got the Apple iSight
camera
for use with the Mac OS X iChat A/V instant messaging client.
Initially, it was great–I was able to have video chats with people
across the ocean and across the country.
But then something happened. After an initial flurry of video use,
everyone seemed to slide back toward text-only messaging, reserving
video for things like talking with the kids from a road trip, or for
conversations that they'd rather not have archived in text.
And now, I hardly ever iChat by video. Partially, that's because the

potential audience for video conferencing–there are only three people

on my “buddy list” who have video chat capabilities (four if you
count my wife, but I can walk downstairs and see her). Most of the
rest don't even have access to a PC video camera. And when I'm at
the corporate office, I can't chat with home because the firewall
blocks the protocol used by iChat A/V.
I suspect there's something else behind the flameout of video instant

messaging–people just don't want to see each other through video
cameras that much. Some of us look better, frankly, as text.
This is a phenomenon I've seen before. When I was using NetMeeting
to video conference with people who worked for me at FTP, it seemed like the only
other people using NetMeeting were playing “I'll show you mine if
you show me yours.” Yes, the cult of broadband was somewhat smaller

in 1999, but even then, there was something…impolite about PC video

conferencing.Then there's the issue of resolution. The iSight is

a far sight better than some earlier personal video conferencing
systems, but it's still a tight-cropped, somewhat slushy
experience–like looking at someone through a speakeasy window after
taking codeine on an empty stomach. While you get visual cues, many

people find they exaggerate their body language like Buster Keaton
when using video chat to make it translate through such a small
portal. Or maybe they do that because they're watching themselves on

camera at the same time as they're chatting out of
self-consciousness.
So, is it that people aren't ready to show themselves online? Or are

we just not ready to see them?

Standard