Powered by glolg
Display Preferences Most Recent Entries Chatterbox Blog Links Site Statistics Category Tags About Me, Myself and Gilbert XML RSS Feed
Sunday, June 29, 2008 - 03:46 SGT
Posted By: Gilbert

- - -
Changing Pains

changelog v1.08c
---------------
* OpenID authentication incorporated in comments, with ID Selector support (can't let glolg competitors like Blogger/WordPress/LiveJournal/TypePad pull away too much, right?)

* Mollom spam checking incorporated in underused chatterbox (misses some rather obvious spams now, but can only improve I suppose)

* Some minor comments page UI upgrading and bugfixes.

* Obscure but very irritating Snap Shots BASEFONT compatibility bug fixed for Internet Explorer.

* Blog entry title now displayed in HTML page title on direct link standalone pages.



Note: Our loyal readers still may or may not have realised that my blog has shifted servers. The explanation is easy enough for those with a grounding in domain name resolution, but for those not versed in it here's a very brief summary:

Humans prefer to use meaningful domain names like http://www.glys.com, but the actual domain names recognized by computers are of the form http://203.211.149.111, which is probably slightly harder to remember. The translation (resolution) of readable to numerical domain names must occur whenever a website is requested by a browser, but given the massive amount of internet traffic it is infeasible for a single server to provide this service (which would also mean that the Internet would go down if that server crashes).

Hence the job of domain resolution is farmed out to a large number of DNS servers, but again it proved unwieldy to exchange information for each request. Thus, the resolution is commonly cached for a period of time, during which the DNS server does not appeal to a higher authority, but happily just returns the last valid value. Which of course, could thus be out-of-date (by days, even). Local caching may also take place within operating systems or even browsers. Therefore, there is no way to instantly reflect server address changes, and in my case it would likely take longer than usual as I switched from a huge domain registry to a smaller one. But eventually my old ip 64.227.0.226 will disappear completely, and normal service will resume.

This necessitates the inconvenience of merging visitor statistics from the two servers manually for a period, but I guess I can live with that.

Here, I cannot fail to give another airing to the business practices of my old hosting provider. While they are happy enough to allow new customers to sign up for their services through the Web, cancellation requires a personal call... to their United States office. This made completely no sense of course, since I could no better prove my identity through the phone than by being logged in to their system, which I helpfully pointed out to them through their support ticket system. Hours later they predictably replied that they could not help me out in this case, leaving me to expend a few unnecessary bucks in making a tolled international call to their toll-free US number (didn't feel like exploring VoIP solutions just for this). The actual cancellation was mercifully swift after the automated process, thankfully.



So what's up with the OpenID thingamajig that I integrated? Time to lift a paragraph from its Wikipedia article:

OpenID is a shared identity service, which allows Internet users to log on to many different web sites using a single digital identity, eliminating the need for a different user name and password for each site. OpenID is a decentralized, free and open standard that lets users control the amount of personal information they provide.

Thus, one can theoretically survive online with a single username and (strong) password, if OpenID gains widespread adoption (which it has a good chance to, with giants like Google, Microsoft and Yahoo throwing their weight behind it, though with some reservations discussed later). The idea is that an OpenID provider stores that username/password combination, and all sites which wish to have a user login supply a textbox for the user to enter his OpenID username. The user will then be taken to his OpenID provider's page, where he can choose whether to continue the login (and optionally set the login to automatically go through on future visits).

The obvious advantage here is that one no longer has to memorize (or worse, lug around) dozens of usernames and passwords, as currently it would be rare to be able to use the same username (especially a common one) on different sites; The same password can often be used for multiple sites, but then a global password change would be incredibly frustrating; OpenID thus saves user effort by consolidating their sign-in costs. A local program like Firefox's Password Manager could also do the job, but not when a user has to log on at different terminals, and does not address the torment of global updating.

There are criticisms too, and the best I've seen are from this warpspire post. They are not insurmountable, and here are my thoughts on the points raised:

  1. Naive Implementation - i.e. the possibility that a fly-by-night OpenID provider allows masses of people to park their IDs there, then closes down and leaves them in the lurch. The open (duh) nature of OpenID means that this cannot be avoided, but then I suppose almost everybody will end up with one of the big guys like Yahoo or Blogger, the same way that they flock to Gmail, Yahoo Mail or Hotmail. I mean, there's about the same chance that your user@fly-by-night.net email service dies on you.
  2. Mobile Web Inconvenience - Long OpenID urls are the gripe here. However, as some bright spark on another site pointed out, generally OpenIDs will not be much longer than an equivalent email address, and not many people are complaining about emails being used as usernames. To illustrate, for a username@user.com email, the corresponding OpenID would just be user.com/username.
  3. Phishing - Clearly, having one means of authentication for everything means that all one's accounts are compromised if that identity is stolen. The onus here is probably on the OpenID providers to provide some means of preventing it, and I can't see much wrong with the Sign-in Seal that Yahoo uses, for example.
  4. Multiplicity - Ironically, as OpenID's major selling point is the convenience of a single identity, people will find that they have quite a few OpenIDs automatically assigned to them. Yahoo and Blogger gives them out unasked, and surely more will follow if OpenID takes off. At least the solution is straightforward - pick one and stick to it.
  5. Less User Friendly - OpenID adds an additional step to the sign-in, as the provider's site has to be accessed to verify the identity (unless it is good enough to have an always-verify-for-this-site option). It could be argued that the sign-in might on average be faster after the first time in this case since the password is omitted, but the more serious concern would probably be - what if the provider's site goes down? This is a real concern, since it means the user is locked out of a ton of services at once. Having many many servers probably helps, and in the end it's back to signing up with one of the big boys.
OpenID 2.0 introduces Directed Identity which further simplifies usage, as one can initiate the sign-in by just typing in the provider's domain name (like yahoo.com for Yahoo).

Trouble stems from the implementation, however. Some large sites (again, like Yahoo) currently set themselves up to provide OpenIDs (and gain user data), but do not allow OpenIDs provided by others to be used to sign-in to their services (probably since they would then be providing the service but not have the user data). Which kinda defeats the whole purpose, then again since when have high-minded principles triumphed over hard-headed pragmatism in business?

On my side, setting up OpenID authentication on the blog wasn't exactly a breeze. I didn't feel like coding my own library from the specs this time, so I decided to partake of the libraries kindly written by other developers. Felt like trying a Perl->PHP->Perl interface now that I have PHP enabled, and thus downloaded most of the PHP libraries listed to play around with. The Simple OpenID PHP Class was promising, and appealing since it was just a few scripts without tons of dependencies, but unfortunately was hopelessly outdated.

In the end I went with JanRain and the EasyOpenID frontend. Early on there was an issue with XML parsing, which was resolved by switching to PHP5 from the PHP4 default. The combination then worked - but not for HTTPS servers or Directed Identity cases, which was quite unsatisfying.

After contemplating fixing that up myself, I Googled the issue and strayed off onto the wrong track when I came across some other guy with a similar problem who posted on the developers' Trac that it had to do with Certificate Authorities, which was not the case for me. Finding little else pertaining to this in my opinion rather large hole, I took a punt and uploaded the latest development snapshot of the code instead of the stable release, which was just out three weeks ago. I had initially resisted this, since development code is often buggy, and how much could have changed in such a short time?

Quite a bit, apparently, as everything magically worked (And the stable release seems to have been updated yesterday). So, I now have a leg up on Blogger it seems, as their OpenID implementation does not seem to support Directed Identity yet, hohoho.

Took the opportunity to fix a some more code, like localtime() now being true Singapore time (as the server is now hosted in Jurong East, it seems). No more Daylight Savings compensation!

Alright, I guess that's enough technical stuff to last a long time.

(Minor) Public Service Announcement: I like Google to bits, but recently a couple of their services haven't been up to par. Gmail is lagging for one, and Google Web Accelerator conflicts with most YouTube videos, causing them not to play - even they are not perfect either, it seems.


Definition of flaky

Life recently has centered around the usual stuff and the holiday job, though I found the time to indulge in a bit of badminton. It would have been nice if the (free) weekend slots at NUS weren't snapped up almost instantaneously, and as it was we had to go to Clementi Sports Hall, not that slots there were easy to get either. After another serving of Blue-Hand syndrome from my antique grip, I finally got around to getting a nice new grey wrap for next time. Can't wait to try it out.



comments (0) - email - share - print - direct link
trackbacks (3) - trackback url


Next: Sorry More Boring Technical Stuff


Related Posts:
Beatup but Upbeat
My First Portable
Smack Those $p4m20r2
Takeoff Imminent
Red Flag Flying

Back to top




3 trackbacks


Linkback by Pingback test 2 « Glys&8217;s Weblog

... eget risus. Praesent vulputate, nibh eget auctor congue, velit est fermentum pede, eu suscipit pede ligula cursus tortor. Praesent elit. Nunc sit amet sem ut nisi tempor tempor. Sed congue dolor quis metus. Ut ligula. Duis congue interdum elit. Vivamus magna mi, malesuada et, dapibus at, convallis eu, ipsum. In condimentum sem a lacus mollis adipiscing. Integer urna. Cras mi. Aliquam laoreet, leo quis mattis ullamcorper, j...


March 26, 2009 - 14:11 SGT     

Linkback by Pingback test 3 « Glys&8217;s Weblog

... eget risus. Praesent vulputate, nibh eget auctor congue, velit est fermentum pede, eu suscipit pede ligula cursus tortor. Praesent elit. Nunc sit amet sem ut nisi tempor tempor. Sed congue dolor quis metus. Ut ligula. Duis congue interdum elit. Vivamus magna mi, malesuada et, dapibus at, convallis eu, ipsum. In condimentum sem a lacus mollis adipiscing. Integer urna. Cras mi. Aliquam laoreet, leo quis mattis ullamcorper, j...


May 25, 2009 - 18:55 SGT     

Linkback by Pingback test « Glys&8217;s Weblog

... eget risus. Praesent vulputate, nibh eget auctor congue, velit est fermentum pede, eu suscipit pede ligula cursus tortor. Praesent elit. Nunc sit amet sem ut nisi tempor tempor. Sed congue dolor quis metus. Ut ligula. Duis congue interdum elit. Vivamus magna mi, malesuada et, dapibus at, convallis eu, ipsum. In condimentum sem a lacus mollis adipiscing. Integer urna. Cras mi. Aliquam laoreet, leo quis mattis ullamcorper, j...


August 29, 2009 - 11:46 SGT     


Copyright © 2006-2025 GLYS. All Rights Reserved.