@silogenixkry.org

Spam harvesters looking at that will see the following code:

<p style="padding-left: 5em"><span>@</span><span
 style="margin-left: -2.5em">sil</span><span
 style="margin-left: 3.5em">ogenix</span><span
 style="margin-left: -5.3em">kry</span><span
 style="margin-left: 4.1em">.org</span></p>

Or, with HTML stripped, @silogenixkry.org, which ain’t an email address. It does it by breaking up the address into bits, putting the bits into HTML in the wrong order, and reassembling the bits into a readable order with judicious use of CSS.* It requires a certain amount of fiddling to get the margins right such that (a) the address shows up in the right order and (b) changes in font-size don’t screw it up. I’d write a tiny web-service to do it to a supplied address if I could be bothered; lazyweb, go for it. Of course, if everyone uses this, harvesters will learn how to interpret CSS (and this is relatively trivial to do in this case). Might keep your name off the lists for a little while longer, though.

Obviously, the root certificate would only be installed in your browsers if you get them from your distro (because the distros would add them to their browser packages) — this means that people on Windows or who install their own copy of Firefox (or whatever) would still get the “this is a certificate I don’t recognise” warning. However, that’s no worse off than it is now, and I think it’s reasonable to assume that people who use bug-tracking sites for free software projects running on a free software OS are disproportionately people using that OS who will therefore have the certificate.

(Update: johnath says “StartSSL, in the Firefox 3 root store, offers [SSL certificates] for free“, which might have the same effect; I don’t know whether StartSSL’s root certificate is in other browsers, but that’s no worse than the idea that I propose above.)

Some suggestions:

• $HOME/.bashrc, $HOME/.bash_profile, $HOME/.profile — as far as I can tell, these aren’t run as part of the login process, so they’re no good. They get run when you start bash, which means when you first fire up a terminal.
• $HOME/.gnomerc — gets run by gdm. Might be a Debianism, and doesn’t work if I change away from gdm a few months from now
• $HOME/.xinitrc, $HOME/.xsession — get run if you’re in X but not if you’re running over SSH, and .xsession is a Debianism
• /etc/xdg/user-dirs.conf — this will change it for all users on the machine, not just me
• Something in PAM. Perhaps. It’s not clear what, though.
• A file of my choice, which I then source from all of the above places. This is doable but seems stupid to me, and I’m bound to miss something.
• Something else. This is where you come in; where am I meant to set the environment so that everything gets access to it?

Answers on a postcard…

I’ve just pinged the blip.tv people — since they already support Ogg Theora (via Fluendo’s Cortado Java applet), they should be able to add <video> support pretty easily. (Just wrap <video src=”/video/play/12345″>…</video> around the existing player, so browsers with HTML5 support will play the video inline and others will fall back to the current player.)

Nice one Opera and Firefox teams!

They’ve written about this gaming server, and they’re going to be running a set of gaming competitions on it over the course of the weekend. Those of you who are gamers are going to enjoy this.

1. Offers OpenID login
2. Has a remote API that allows you to log in using your OpenID rather than a username and password

How do you provide this, as a site owner? It’s not clear to me that OpenID works for machines to log into things (unless I go and set my OpenID to “always allow access” and then write a screen-scraper module for my OpenID provider).

This seems like something of a flaw in the OpenID concept. Hopefully I’m missing something.

Update: OAuth isn’t the answer here. My use-case for this is, say, a little script that allows me to post to Identi.ca. OAuth requires me (the “Consumer”) to request a “Consumer Secret” and a “Consumer Key” from Identi.ca. From my reading of the OAuth spec, that’s supposed to be specific to the script, not specific to the person running the script, which means that I can’t open-source the script (because then everyone will know my Consumer Secret). So in order for me to write an application that uses OAuth to authenticate to a site, either I can’t open source it, or everyone using the application has to apply for their own Consumer Secret and Consumer Key; at that point you might as well just set a password and not use OpenID! The OAuth spec says that “Service Providers should not use the Consumer Secret alone to verify the identity of the Consumer“, and goes on to “Where possible, other factors such as IP address should be used as well“, which as far as I can tell means “we like closed-source programs; if you want to open source something, then we don’t know how to solve that problem, so you lose”. Correct me if I’m wrong.

Go see the LRL UK schedule to see who’s speaking and when

I’m pretty damned proud of the list of people we’ve put together. There’s a good mixture of the same old faces (who speak a lot at conferences precisely because they have a lot to say and they say it well!) and people who’ve never spoken at LRL before. I can’t wait. Only 12 days to go.

Breaking news: we’re putting together a LAN gaming tournament as well as part of the event! If you like that sort of thing, come along and frag people* to your heart’s content. There are prizes.

Oh, and a brief reminder that it’s the last ever recording ever of LugRadio ever. See you there. July 19th and 20th, Wolverhampton, UK. No ticket sales in advance: just turn up on the day clutching your five pounds. You can’t afford to miss out.*

Of course, as with all things, Mark was there first and with greater gusto, but if that was enough of a reason to stop people doing stuff then there’d be no internet.

Feel free to let me know if anything doesn’t work in Firefox or Opera or Safari. (It’s tested in FF3, Opera 9.5, and Midori, but only pretty briefly.) I can’t test in IE7 because IEs4Linux doesn’t properly run it yet* and it looked sort of OK in IE6, and that’ll do me, I think. This is graded browser support in the real world, meaning that my browser is Grade A and everything else is some letter in the Greek alphabet like omicron.

Actually, that should be “such as omicron”, there. Tom once told me that he didn’t like the TV programme “People Like Us” because it should have been called People Such As Us. Grammar is important, especially if you’re running an anti-child abuse campaign.

Speaking of such esoteric matters, it seems that Firefox supports the soft hyphen ­ these days. Which­is­really­great­if­it­actually­works­and­well­done­the­Mozilla­team­only­five­years­later.

Typography is important, too, but I don’t understand that, Richard Rutter notwithstanding. On the other hand, I have now used line-height for the first time ever. Eric Meyer, watch out.

It’s Friday night. Time for a pint.

I’ve been playing with Identi.ca, a Twitter clone written in PHP. Lots of Twitter people are becoming frustrated with seeing the famous Fail Whale on Twitter’s “we are currently down” page, and people are starting to look elsewhere. There are lots (and lots and lots) of alterni-Twitters (which is a problem I’ll come back to in a moment), but identi.ca is attracting one of the communities I operate in, open source people. This is because identi.ca is entirely open source: the codebase is called Laconica. This is a nice idea.

First things first, though: I don’t want to update two places at once. Identica* doesn’t have an API (yet), but I wanted to post things to Twitter and have them appear on Identica too. So, I present the Twitter Identi.ca Reflector. Download as a tarball or check it out from Subversion or browse the source. The README tells you how to set it up. It uses Jabber to post to Identica, which isn’t ideal, but (as mentioned) there’s no API. So now you can send Twitter posts to Identi.ca, which is helpful.

Now, why Twitter is good, why Identi.ca is good, and why everything else isn’t. If you just wanted to post Twitter comments to Identi.ca then you can stop reading now.

Twitter looks like it ought to be easy to clone, and it isn’t. This is why there are lots of Twitter clones, and why none of them have taken off. The basic principle of microblogging is indeed an easy one, I agree. But all the other Twitter-alikes are missing something. They don’t have SMS sending, or SMS following, or they don’t have an API, or they don’t have lots of desktop clients, or they have one desktop client that doesn’t run on everyone’s machine, or they don’t do IM. What makes Twitter good is two things: the first is that you can get at it in so many ways. And because there are so many ways, people can build lots of things on top of it. For example, if you want to do the reverse of what the above reflector does (post your messages to Identi.ca and have them show up on Twitter) then you don’t need an extra program, because it already exists: Twitterfeed. Simply sign up at Twitterfeed, and use it to send posts from your Identica feed to Twitter, and it’s all done. That’s the power of having an expressive and complete set of APIs. It can’t be underestimated.

The second reason Twitter is good is that everyone’s already there. They got first-mover advantage. There’s no point going to an alternative because none of your friends are there. This is also the reason that Twitter has fifty desktop clients and that things like Twitterfeed exist; it’s worth the investment. It does mean that if people leave Twitter they’ll all leave together and the bottom drops out of their market, but that’s the way the internet cookie crumbles. Photo sharing sites have the same issue — it’s difficult to build a Flickr competitor because everyone’s already at Flickr, so none of the “social” stuff happens elsewhere because you never hit a critical mass of people.

So, what’s good about Identi.ca then? Well, for me, the big things are open-sourceness and federation. The underlying codebase being open source is a huge win, from my perspective. It means people other than the Identi.ca team can work on adding new features, it means that we can see what’s going on, and it means that there are more open source programs in the world. I like this. Other people may not, but what the hell.

The other advantage is federation. This is all about the OpenMicroBlogging specification; it basically blows away the “all my friends are at Twitter so I must be too” point. It means that you can subscribe on one microblogging service to people on other microblogging services. I could be at Identi.ca, you could be at Twitter, someone else could be at Jaiku or Pownce or wherever else, and we all read one another’s messages, happy as Larry. It levels the playing field. I can subscribe Identi.ca to Twitter without problems. This is a great idea which is rather hampered by the fact that basically no-one has implemented it yet. It’s in Laconica, though, so Identica has it. It helps get around the scaling problems that Twitter are having, too: you don’t need one centralised Twitter service any more. There can be lots of little islands, all of which talk to one another. No more scaling problems. No more Fail Whale. People who need the extras that Twitter provides can use Twitter quite happily (as I’m doing; I like SMS!), people who don’t need that but do need other services can use something else that provides those other services.

The basic concept of microblogging has been commoditised thanks to OpenMicroBlogging — it’s become a simple thing to implement anywhere. Microblogging services can now compete on which extras they offer.

That’s why I like Identi.ca. Oh, and they let you create your account with OpenID, which I did. It’s a win all round. Development’s going on at a fast pace on the Laconica codebase, so expect to see more and more appear over there. Blizzard’s already added identi.ca support to Whoisi, so things are moving quickly. I don’t know whether the trickle of Twitterites in Identi.ca’s direction will continue, but thanks to the reflector code above, I’m now on Identi.ca without putting in any extra effort. That’s identi.ca/sil for those of you who want to track it.