Contemplating the brave new present
Jun 23rd, 2009 by James Murty
Amazon’s AWS Management Console now supports the company’s CloudFront service, a CDN-like extension for the Simple Storage Service (S3).
You can read about this new feature on the AWS Blog and watch an introductory video here.
Jun 16th, 2009 by James Murty
The great promise of the OpenID specification is that it can simplify identity management on the ‘net. At its best, OpenID provides three great features:
A single account (identity) with which you can log in to many sites, removing the need to create and remember a separate username/login for every web site you interact with.
A decentralized authentication system with multiple providers. This means that you can choose a provider (or even a few) from the many options available to vouch for your identity, and switch providers if you find a better one. Or you can even be your own provider.
I think Delegation is the most attractive feature of OpenID because it means your own web site can act as your identity, while delegating the authentication process to one (or more) OpenID providers.
In short, with delegation you can log in to sites using a URL you own like jamesmurty.com, while taking advantage of the strong authentication options offered by providers such as Verisign’s PIP. Although my Verisign PIP identity happens to be jmurty.pip.verisignlabs.com, I can use my own web site as an alias for this provider-specific identity.
By decoupling your identity from your OpenID provider you can take advantage of the fact there are many providers and easily switch providers later on without losing your identity, and without having to update your associated OpenID identity on every web site. After all, if you had to do that you might as well have created your own username/password on every site in the first place.
Unfortunately, the complexity of OpenID and the challenge ordinary people can have getting it to work properly is preventing widespread adoption of the system in general, and of the Openness and Delegation features in particular. Although big players like Google and Yahoo are supporting (parts of) the specification, they are understandably encouraging people to adopt their branded OpenID identities rather than extolling the advantages of controlling your own identity.
After all, every web company would love to take on the “burden” of managing your unified web identity. It’s the ultimate in vendor lock-in.
If you have your own web site or blog and are able to edit the HTML pages directly, you can set up delegation by adding special
tags to the
section of one of your site’s pages. You will most likely want to do this on the site’s home page so you can use a short URL like jamesmurty.com instead of jamesmurty.com/my-openid-page.html.
Below are the
tags I use on my site to delegate to my jmurty Verisign PIP identity. You will need to use your own provider-specific identity URL in your links, and the format could vary quite a lot depending on the OpenID provider you choose so check your provider’s documentation. Also, I’m not sure that all OpenID providers actually support delegation, so you should research this before you sign up with a provider.
It is important that these
tags be included inside a valid HTML
section in your web page, or many web sites will be unable to find your delegate settings.
You may have noticed that the OpenID information is provided twice, once for the original OpenID specification (
tags) and again for version 2 of the spec (
tags).
I don’t know why the second lot of settings is necessary, since presumably the spec is supposed to be backwards-compatible, but I have found that some sites won’t work properly unless the version 2 settings are provided.
One example of version incompatibility quirks is Google’s Blogger.com, which allows you to comment on blog posts after logging in with an OpenID. Prior to adding the
tags I found that although Blogger would allow me to authenticate and post comments, it would replace my delegating identity jamesmurty.com with the delegated version jmurty.pip.verisignlabs.com. This meant that the delegation was essentially useless, since anyone clicking on the nickname for my comment would end up at an empty Verisign PIP landing page instead of my own site.
I’m not sure if this is Google’s fault, or a fault in the OpenID spec. Either way it was annoying having to track down and fixing this issue. It just serves as yet another example where OpenID is not quite living up to the promise of simplifying identity management.
Jun 11th, 2009 by James Murty
I have updated my small java-xmlbuilder project with some nice new features.
First, here’s a reminder of what this project does:
XML Builder is a utility that creates simple XML documents using relatively sparse Java code.
It is intended to allow for quick and painless creation of XML documents where you might otherwise be tempted to use concatenated strings, and where you would rather not face the tedium and verbosity of coding with JAXP.
The new features include:
People familiar with the project may notice that I have changed the version numbering scheme. The latest version is 0.3, not 3. I think the “0.” prefix better indicates the maturity of this tool.
Jun 8th, 2009 by James Murty
An interesting post with some drawbacks of cloud computing and EC2, from those in the trenches: Real-world cloud computing.
There are some real gems here, such as:
- [They all] used Amazon services, and most if not all of them seemed to use RightScale to manage them.
- Cost: cloud is more expensive than real machines. Cloud is good for elastic computing, not for high constant demand.
- You need monitoring services external to your cloud!
Jun 5th, 2009 by James Murty
I recently installed the excellent IPython program, a beefed-up Python console that provides a raft of extra features over the default interpreter and makes it even more of a pleasure to work with this language.
When you install IPython on Mac OS X Leopard using the standard method, it only installs against the system’s default version of Python: 2.5.1. However, since I had previously installed Python version 2.6.1 on my system I wanted IPython to work with this newer release.
It was surprisingly difficult to find out how to achieve this, so in case anyone else wishes to do the same here’s the process that worked for me. Download the IPython tarball from the distributions directory (e.g. ipython-0.9.1.tar.gz), extract the archive, change into the extracted directory and run:
Notice that the command explicitly invokes the 2.6 version of python with the
alias: this simple step is enough to properly link your IPython installation with the newer Python. It is obvious in hindsight that this would work, but I wasted enough time pointlessly messing with environment variables and paths that I thought it was worth a blog post.
Don’t try this with the bleeding-edge Python 3K because IPython is not yet compatible with this version, but it seems to work fine with 2.6.1.
May 27th, 2009 by James Murty
A major barrier to moving your data to an online storage location like Amazon’s S3 can be the time it takes to push large numbers of bytes through your upstream Internet connection. While your connection may be fast enough to keep your data fresh and in-sync from day to day, it can be painful to do the initial data load if you have huge files, very many smaller files, a slow connection, or some combination of these factors.
I feel your pain. For the longest time I risked losing all my precious music files because I didn’t want to flood my home Internet bandwidth for the four whole days it would take to upload them all.
Amazon is aiming to address this issue with the new AWS Import/Export service, currently in limited beta in the United States.
Continue Reading »