The problem with Oauth/OpenID

Posted on May 16, 2010 by Errant

There is an underlying problem with Oauth and OpenID – and it has nothing to do with the idea itself. The specs for both projects are impressive (marred by a few flaws I admit) and most implementations sound. The problem is that no one seems to be using it in the way intended.

Google offer OpenID as a service to account holders. That’s excellent, millions of people use Google and can now access OpenID supporting sites. But it’s not possible to sign in to Google using OpenID.

Twitter support Oauth – and allow you to use a Twitter account to authorise with other websites. But you can’t log into Twitter using another Oauth provider.

Facebook are going entirely their own way.

The eco system is entirely unbalanced.

So long as you wish to sign into a “smaller” site using Oauth or OpenID you’re fine. But what if you want to run a Google and Twitter account (something not uncommon I imagine)? One can’t provide “auth” for the other and the end result is having two separate accounts. When you add in the fact that Oauth and OpenID are competing and that Google et al are making their own tweaks on top of the standard a huge mess arises.

Even the smaller sites, who should benefit from  being able to support logins from lots of big name providers, are stuck with how to best support the varying implementations. The end result – “sign in with Google” or “sign in with Twitter” – seems to defeat the object.

I’m not sure I can see a reason for resisting this. Admittedly it is currently a little work for no gain – but just a couple of big providers making the effort would quickly turn it into a worthwhile pursuit. Till that happens Oauth/OpenID are going to “languish” as services provided by the big sites for occasional consumption by the smaller.

Posted in technology | Tagged , , , , | Leave a comment

Some simple, but commercially solid, Startup ideas

Posted on May 14, 2010 by Errant

Lots of people seem to be throwing out new Startup ideas to inspire others. Sadly most are just complete bunk because there is no real commercial value to them. So here are a few that I guarantee are worth at least 6-7 figures a year in revenue (with the right marketing). I’ve also put in a “what I would pay” section – which is what you might expect from a medium to large business in terms of revenue.

Appointment/Booking System

After recently trying to find a simple, extensible booking system for a local firm I had to hack together the basic functionality myself – not pretty. What’s needed is a simple calendar based booking back end with abilities to:

  • Set up different sorts of bookings
  • A full API (so you can integrate it into you’re custom front ends)
  • Schedule various reminders for you and your customer (i.e. reminders prior to the event)
  • Allow bookings to have different “states” (i.e. provisional, booked, deposit paid etc.)
  • Simple but stable Javascript date picker widget integrated with the API

I would pay: $15 – $20 a month for up to 200 bookings per month. More if you did SMS notifications too.

Proper Document Management

Every document (in a corporate environment anyway) has to be versioned and tracked now; stuff from company policy to the notice pasted to the wall about washing coffee mugs after use (seriously, I’ve seen a company fail an ISO accreditation for that).

But is there a simple, no brained, automatic document tracking server? No fear :(

What it would need to do:

  • Handle at least Word and Excel documents
  • Allow documents to be uploaded, created or edited (along with organisation folders)
  • Track the “version” of documents and automatically place it into them when downloaded/printed
  • Have user/auth login to allow restriction of documents and auditing of edits.
  • “Firewall Install” so documents wouldn’t leave site

What I would pay: $10/month for off site service  - $250-$500 for a years “Firewall Install” license

WordPress Alternative

The space is opening up (note: I’m busy working in this area :) ) for a WordPress competitor. WP basically has the self-install blogging market sewn up. But the fact is that the codebase is a real mess (not through bad programming, but from age) and writing plugins or themes can be a real pain.

Most of the competitors are not as popular because they try to be a “kitchen sink” solution to your website needs. WordPress is stepping slowly that way as well – so the arena is quickly opening for a fast, simple, PHP based blogging tool.

What I would pay: $0, obviously. But there are ways to make money off of this model

Version Control / Bugtracking combo

This is an idea I had a little while ago. Basically the idea is to integrate bug tracking functionality with a version control tool. The idea is that the bug database could be passed around with a distributed VCS so you could check and manage bugs on the go – it would consist of an “open standards” database of bugs (so any tools could display/manage it) plus a portable UI to interact with it.

You would make money by hosting a really good web repository.

What I would pay: $15/mo for several private repositories

Steamworks for web games

If you’ve not heard of Steamworks it is a developer option as part of the Steam package; put simply you get access to the steam community features, achievements and micropayments to use within your game.

You would have to work very fast to enter this arena successfully because Zynga et al are nearly there.

What you would offer:

  • Single sign on for games (so they don’t have to integrate Facebook, Twitter etc.)
  • Achievments (people love achievments)
  • Community features – particularly in-game chat
  • Ad network (this would come later)
  • Game recommendations based on what your friends are playing (there are a LOT of metrics to play with here)
  • Micropayments
  • Push alerts back to the origin site (Facebook, Twitter etc)
  • Proper metrics

The idea is to offer an alternative platform to Facebook (but which still draws in Facebook users) so the game publishers feel a bit safer :)

What I would pay: no idea, but I suspect there is a lot of money in this arena

QA/Audit

Anything that helps businesses manage QA and standards compliance. This is a multi-billion dollar industry still cornered by less than 10 companies.

I would pay: Well I wouldn’t… but companies will easily pay you $10,000 a pop and then thank their lucky stars you saved them 7  or 8 figure sums.

If someone makes the first four then drop me a line; I will be very interested.

(If you came from there – don’t forget to pop back to HN and comment/vote)

Posted in ideas | Tagged | Leave a comment

A nifty way to manage code

Posted on April 24, 2010 by Errant

Like any good programmer I make extensive use of an SCM to track code changes.

There is a limitation to version control though – it’s not automated. This is fine; commits, in my mind, are about tracking your additions/fixes/improvements to a project. I’ve been trying my best to get away from the “commiting todays work” kind of message.

But the lack of automation has a drawback. If, like myself, you work on multiple machines at multiple physical locations throughout a normal day it’s a ball ache to realise you forgot to commit before leaving work. Losing track is very easy.

It strikes me that, really, I was misusing SCM entirely. It’s not about syncing my code between home and work, it is about tracking code changes. We should be using a different tool to fix the sync problem.

Enter Dropbox

Dropbox is a perfect solution. Embarrassingly my brother (who is a musician) has already been using it for an age.

So now I have a Dropbox account with a mercurial folder that syncs every drop of code on the fly – I can now literally move to another room, sit at my netbook and instantly start coding again.

Such a simple solution but I reckon it has increased my productivity by at least a factor of two.

Posted in ideas | Tagged , , , | 5 Comments

WordPress Plugin: WP-Notifo

Posted on April 24, 2010 by Errant

Wp-Notifo

Notifo is a cool new service that lets websites send push notifications to your phone (currently iPhone only). They have a cool API which allows you to register an application and start pushing notifications to people who request it.

They’ve also launched per-account API keys as well – so you can send yourself notifications without needing to register a service.

Sending notifications is so trivial that I put together a quick WordPress/Notifo mashup in about half an hour.

Enter WP-Notifo. Currently it will notify you about:

  • New comments (author, post and link to the comment)
  • Password resets

Just download the plugin and add it to your plugin folder. Activate it, copy in your Notifo PI key and username and away you go.

Enjoy (and dont forget to rate it or request features!)

Posted in code | Tagged , , | 4 Comments

Harriton High, the shape of things to come?

Posted on April 17, 2010 by Errant

One of the commonest and strongest arguments against the idea of deep packet inspection by ISP’s is that it is a system with wide potential for abuse. This criticism is often acknowledged and then met with wide assurances of proper controls and oversight.

The problem is that there now appears to be a real world example of a monitoring system being abused. And it has happened exactly as predicted.

Harriton High, Pennsylvania. The school purchases laptops for their pupils to use in class – a modern move for a modern school supporting children in the digital age. And better yet the laptops can be taken home, indeed it is encouraged.

But there the story starts to go wrong. Because those laptops have security software installed. Software which, if activated, takes a picture using the webcam, a screen-shot and records the IP address before sending all of this information to the school servers. This occurs every 15 minutes.

The feature was, according to the school, to be used for “the limited purpose of locating a lost, stolen or missing laptop“.

But here’s the kicker; it appears that abuse of the system has occured. Imagine the surprise of Blake Robbins when he was suddenly disciplined for using illegal substances at home (apparently it was actually candy). How did the school know? The webcam images of course. It now turns out that hundreds of images may have been taken of Blake over a 2 week period of him using the laptop.

There is a lot of discussion over whether the software was activated deliberately. I believe this to be irrelevant. If the laptop was considered stolen by somebody then, fine, turning on the tracker is legitimate. But why were pictures still taken over the course of several weeks? It should have been immediately clear that one of the pupils had the laptop, the software could have been turned off and a phone call would have confirmed the situation.

Why did that not happen? A mistake, poor school policy, a rogue sysadmin? I’m sure details will come out in the wash but for me there is a wider problem. Why was Blake disciplined for the supposed drugs indiscretion?

It’s an issue because he was in his own home and being spied on. Whether or not he is using drugs why is it the schools prerogative to discipline him? If the image had been noticed accidentally as part of the theft tracking process then why did the school not talk to his parents first?

There is a yet deeper issue. Parents and kids do not appear to have been notified of the tracking softwares existence. Indeed it appears they may even have been mislead when asking about the blinking of the camera light (which flashes when a screenshot is taken); told that it was a glitch and would be fixed.

This case is going to be focused, I suspect, on the actions of a few people. Im sure there will probably be a witch hunt to try and prosecute them for child pornography (hint: there is no need, plenty of other laws cover their actions). But what it really needs to be about is the abuse of a system put in place under the auspices of security and protection.

Deep Packets

So, we come back to the idea of web filtering and deep packet inspection. Much lauded by some as perfect for stopping child pornography (I’ve already contributed my views on that topic) and other illegal activity it’s an idea that governments are becoming more and more in favour of.

Fair enough;  there is logical basis to the argument. Some illegal activity would be affected (I don’t think the word stopped really applies for obvious reasons) but, conversely, the scope for abuse is massive.

What happens when a mistake (or otherwise) notices that I am Googling for drug related keywords. Do I get a visit from my MP to “discipline” me? Extreme example I know but once the system is in place it is, I feel, the kind of thing that would slowly become normal. Not for any malicious or “tyrannical” reason but because someone, somewhere, thinks he’s protecting me.

Or what happens if a rogue individual/organisation begins to store information on people. Unlikely to happen? Everyone would be vetted we are told. Sorry, that doesn’t make me feel safer when such checks are easy to subvert.

Don’t get me wrong: I am not an over-the-top conspiracy zealot. I don’t believe that governments (well, most governments) want to install these systems for malicious purposes.  Just like at Harriton High there are bureaucrats, somewhere, who honestly believe this is a Good ThingTM and will protect people. It’s a pipe dream.

We are slowly seeing more and more systems imposed under the auspices of security and protection. Systems installed by people driven mostly out of fear; the fear that on their watch something will happen that they could have prevented. Or by pride; the desire to implement a system that, for example, finally stops the paedophiles.

Ultimately, I think, it is too fine a line for us to walk safely along. Now is the time to stand up and say so – before it becomes normal.

Posted in opinion | Tagged , , , | Leave a comment

Election Debate

Posted on April 16, 2010 by Errant

I actually approve of the idea of a TV election debate – unfortunately they’ve turned it into more of a well vetted policy discussion. Not so good (put them all on News Night! :) ).

But who did well tonight?

Well I’m something of a Liberal so I obviously will say Nick Clegg; but I really do think he played the night well and made big gains against the others.

He was confident, that was what surprised me the most. The others were quite nervous and stumbled over a few of the “light hearted” moments (which felt very forced; “we have to be jolly m’kay”). I noticed that Clegg, on the other hand, faced the audience when he spoke and addressed them very clearly.

There was a lot of sucking up to the Lib Dems too. “I agree with Nick” was heard quite a bit. Labour particularly are cosying up  - it seems the main parties are actually planning for a hung parliament…

This is an extraordinary opportunity for the Liberals; they have clear policy, a great Chancellor, a non-offensive leader and a published budget (I encourage you to read it). And best of all the two main parties seem to be really recognising them as an opposition party and a potential ally.

It’s an opportunity they must sieze. Perhaps not to win this election but at the very least to steal a substantial vote.

Here is what I think the next moves should be. They are ballsy, sure, but I think that potentially it could even win the election for them

  • Nick Clegg should go on Question Time. He has nothing like as much to lose as the other leaders and I think he can take the heat. Going on QT would give him credibility with a lot of people – and show he has guts.
  • Vince Cable should be paraded in front of every TV camera possible. He should be asked difficult questions on the budget; he’s smart and has a good budget proposal (because he’s actually, you know, an economist) so can handle it.
  • Exploit the sucking up. Court the main parties then show them up for it. Show that you are, essentially, the deciders of the next Government. Let the parties fall over trying to win your support while you focus on a real election campaign.
  • Nail the youth vote, hard. Obama won in part because of his ability to push a liberal youth agenda. Get in on the technology – in a genuine way – and get the kids voting. Pretty much everyone under 25 that I know is thinking Yellow at the moment
  • Also push the “working mans” vote. I think there is a lot of disgruntlement there – with many now voting BNP because they dislike the main parties and others only sticking with their votes because they cannot support a racist party. These should be easy votes to win; with honesty and integrity.
  • Announce a sweeping reform of the Parliamentary system. Extreme reform. This one is a pipe dream but I think if they pitched it hard enough then there might even be an election win on the cards… :D
Posted in opinion | Tagged , | 1 Comment

A Mobile Browser feature Desktop versions should adopt…

Posted on April 12, 2010 by Errant

There is one feature of mobile Safari on my iPhone that I love a lot; it is the one where, when you tap the top of the screen it scrolls straight up to the top of the web page. This is amazingly useful on a mobile browser (I’ve no idea if others do the same – I would be surprised if they don’t).

But more and more I find myself clicking the top bar in Google Chrome (my desktop browser of choice) to “scroll to the top” to, obviously, no avail. So there you go: a great usability feature all browsers should adopt!

Posted in ideas | Tagged , | Leave a comment

An Educational Startup/App idea

Posted on April 10, 2010 by Errant

I was reading an article the other day about a lecturer who has scrapped traditional grading from his classes and substituted a RPG-style levelling system (sadly the link has disappeared from my history, if anyone knows where it’s located drop me a line). The premise was simple; as you completed assignments and attended lessons your earned “skill points” and levelled up you character. At the end of the course your grade was the level you attained.

Ok, so the idea has a few flaws (like; you’re not necessarily encouraging learning but attendance), but I love this kind of off-the-wall education reform.

There is, I feel, scope to take this out of the classroom and onto the web. Facebook, Twitter et al are a massive ecosystem for social games – people love to compete (look at things like Farmville) and there is no reason education can’t enter the fray.

So here’s the idea: a set of educational social games which let you level and customise your public character

I would do it like this:

  • Put together a couple of key-skill area games (Maths, Science, English). The games would have to be trivial but educational
  • Link them using a social network (probably Facebook) and have a central ‘character’ who has various skill traits which, on completing game challenges, can be levelled.
  • Let it run for a while (probably you could make some tide-you-over cash with in game purchases upgrades) gaining users and skills
  • THEN pitch it to the schools and educators, produce some more serious games/challenges in line with local curriculum and try to get teachers sold on setting it as, say, homework.
  • The games might not meet the trivial “it’s simple so it’s fun” rule but they are a) set as homework and b) contribute lots more points to your character
  • I believe this benefits everyone; teachers get a free and easy resource for setting homework and the kids are playing an RPG (always fun).

Feel free to build this idea; I’m not going to get a chance :)

Posted in ideas | Tagged , | Leave a comment

How many words have you actually written?

Posted on April 4, 2010 by Errant

Here’s an interesting thought. Im working myself up to write a book of about 70,000 words. Right now that seems a silly amount get through and I find myself procrastinating rather a lot.

So as a motivational tool I figured out how much I write online… it’s a fun exercise.

Since 2005 I’ve hung out on several places, this is a rough (conservative [1]) estimate of the amount written:

  • Forum One: 7,000 posts, around 30 words a post = 120,000
  • Forum Two:  3,000 posts, around 40 words a post = 120,000
  • Hacker News: 2,436 comments, conservatively around 50 words per comment = 121800
  • Blog(s):  somewhere in the region of 90 posts, about 500 words each = 45000

It’s about 400,000 words over 5 years, most of those in the last 3. About 219 words per day.

So that means at this rate it should only take a year to write my book. Maybe not the positive feeling I was aiming for. :???:

1. I feel this is really conservative, my “best guess” figure puts it at nearly 750,000+

Posted in life | Tagged , | 1 Comment

The trouble with Meritocracys

Posted on March 20, 2010 by Errant

A Hacker News post tonight reminded me about Meritocracy; which I’ve always found to be a wonderful theory (it’s a great form of governance).

Unfortunately the few times I tried to be part of a such a community they crashed and burned, badly. It seems there is a problem – a crucial and fundamental flaw – in meritocratic societies…..

…eventually (usually sooner rather than later) someone asks the question:

Exactly how do we define merit?

Thence the arguments begin :)

Posted in opinion | Tagged , , | Leave a comment