I like the idea of disclosing just as much about myself as I want and no more; of proving membership of a class rather than having my personal membership of the class validated, of proving I'm over 21 rather than giving my exact age. I'm certainly getting enough experience of providing identity claims as part of dealing with my mother's estate. I'm already very interested in the various Identity 2.0 systems that are coming through and the Identity Mixer is the first thing IBM has contributed to the new wave. Higgins and CardSpace are often perceived as competition and there are tensions between IBM and Microsoft that make them different directions, but for the developer and for the end user they're going to be pieces that sit side by side and get mixed up. Roll on the abstraction of identity functionality for the Internet.

Age, shoe size: IBM thinks you should only disclose as much of your identity as you want; read the rest of my piece on Developer Register

Well, it is an identity metasystem...

Confused about how the emerging identity standards and systems fit together and which to work with? You're not alone. There's a lot of talk – and quite a few demos – of interoperable identity systems, but how do you know how well they really fit together? That's what the ITU focus group on identity management was set up to thrash out: read what the chairman told me about the group at Dev Reg

My piece for the Developer Register on the Windows Sideshow kits from Eleksen (put a Windows Sideshow module on your own bags, clothes and so on) very nearly went up as 'Put the button on your trousers'. One editor promised me the pearls of his wisdom as long as I left him the plums...

He really likes Eclipse. He really really really likes Eclipse. But then, they did use Eclipse to build Flex from scratch in 18 months on his team at Macromedia. We had a chance to chat with Mark the other week and you can tell he used to work at Microsoft; even with both of us nattering away as well, my notes from what he said come out at nearly 4,000 words. The part of the conversation that concentrated on development is now over at the Developer Register... written down it doesn't quite convey his energy and enthusiasm or the very shrewd look on his face or the rants we shared about the pain of installing a new version of Windows. Put three geeks in a room...

I've written a lot about developments in identity systems this year; this time I've been writing not about new features but about old problems and whether the new approaches will make a difference. It turns out that some of the old systems provide good principles. If someone changes the address on your credit card but not the address you've set with an online identity provider, the credit card company can cross-check with your preferred address - or they can just choose to trust you. The less information a company keeps, the fewer liability issues. Small pieces, widely distributed; stealing all of my identity would be like a treasure hunt. Plus, why Dale Olds from Novell thinks identity might be the wrong word to use for all of this: read on at Developer Register...

A roundup of some recent writing, not counting pieces for print that will take it a while to make it online (PC Plus) or may not be available online (Windows XP).

Another identity piece for the Developer Register, this time on an interesting project that combines Novell's directory experience with open source and the identity metasystem that Kim Cameron has been championing. I had some fun with the name too (Bandit).
Unmasking Novell's identity plans

Last week's Digital Business section of the FT had three of my pieces, all on the same page:
Finding room for photos and songs
Digital photos, MP3 and iTunes music, video clips, e-mail, downloaded bank statements. You might already have a terabyte (1,024 gigabytes) of data at home, scattered across different hard drives, DVD backups and memory cards – and you’ll have more soon.
Read more about 1TB NAS
A little (robotic) help from your friend
Ageing populations, rising healthcare costs, an increasing number of people who refuse to retire – and the robot vacuum cleaner that might help.
Read more about iRobot
Audio files: no longer too big to store nor too hard to search
We talk far more than we type. Podcasts, online video, internet radio, recordings of meetings and phone conversations – so much information today is contained in audio files. But how to index it, search it and access it?
Read more about audio searching

I expected my first piece for Tom's Hardware to be for the new UK site, where I'll be writing about home entertainment, MP3 players, media centres and other fun topics. As it happened, it was a review of the Nokia 770 Internet tablet with the new version of the OS that I collaborated on with sbisson, commissioned by the US parent site, though it's appearing on both so I'm boosting the local traffic in my link!

PDAs and smartphones can browse the Web, but small screens and poor support for JavaScript and plug-ins can make browsing a cramped and unsatisfying experience. UMPCs give you a standard browser but they're still too big (and expensive) to carry all the time. Nokia's 770 Internet tablet fits - not necessarily neatly - in the middle, in terms of size, price and features.

Read the rest.


Rather sadly, PC Advisor will not be having an Office Advisor column for me to write any more, due to some changes in the title. I shall miss writing these pieces as I've found such a lot of useful tips and tools myself, but I count Office (both Microsoft and more generally office software) as one of my key areas so I'm sure I'll carry on covering similar topics elsewher, including possibly some more specific tutorials in PC Advisor's workshop section.

Another identity piece on DevReg: Secure identity begins at home (it will have my name as the author soon, honest). This time I'm looking at Intel's ideas for security identity at the PC level, building into the platform - which for Intel means the CPU+chipset+services, like VIIV or vPro rather than PC+OS. I think it's interesting that we're more comfortable with Intel adding secure partitions to the PC than we were with the idea of Microsoft doing it.

I did a piece for DevReg on the iRobot Roomba interface that you can use to turn your vacuum into a frog(ger) or something a little more useful (new inventions are always used for military, adult entertainment or gaming - as iRobot has the military covered already, let's be thankful the hackers chose gaming rather than anything else to do with sucking). In the piece I mentioned what iRobot CEO Colin Angle thinks a dishwasher robot should do that a robot dishwasher can't. And someone at the Reg has come up with a rather fabulous illustration of the robot, washing away.

But Colin Angle is used to robots that are form-follows-function; he built Ghengis, the 6-legged walking 'cockroach' robot and the 'behavior-controlled rovers' that became Sojourner.

Hacking your vacuum cleaner

Whenever I write about Microsoft, there are always reader questions about whether a technology is being used to achieve unfair competitive advantage (because it's usually acceptable to use technology for a fair competitive advantage; that is after all what capitalism thrives on). I've recently looked at the changes in CSS and security for the Developer section of The Register (Getting your site sorted for IE 7 The Register and Getting on the right side of IE 7 security)and I had one reader question in particular.
"I just read your piece on IE 7 security. One statement that I found interesting was:
'the filter will also look for sites incorporating content or scripts from another domain'
Since most ad placement systems use scripts that point to another site, like Googles AdSense does this mean Microsoft will effectively be able to block ads from all their competitors... "

Short answer: no. But they might be able to spot redirect ad fraud scripts…

For one thing they're not actually that stupid ;-) At MIX 06, I think the two things I heard most from the IE team were 'sorry' and 'balance'. Sorry we didn't work on the browser as a new release for five years and we want to get the balance between features and security, between ease of development and security - or between just about anything and security - right. And while some search providers don't think supporting OpenSearch and highlighting every OpenSearch compatible site you visit to add as a search provider is enough (question: should the Google toolbar let me add other search sites to the drop-down so I could repeat the image search on Flickr?), the browser team are talking to too many of the ecosystem of Web sites and services to do something so obviously, cluelessly stupid.

Cue the usual distinctions between restricting the dangerous use of a legitimate thing without stopping the everyday use. What you're looking for here is scripts, content and links that divert you from what looks like a real site to the fake one – cross-site scripting attacks, scraping real images from paypal to make your phishing site look legitimate, replacing legitimate HTTP content on a mixed HTTP/HTTPS site (why that's so deprecated) so the instructions tell you to type into the insecure box rather than click the secure button.

Two pieces published yesterday, one in the Developer Register, the other in the FT Digital Business section, one about Higgins and the attempt to simplify the way developers work with identity, the other about the horrible state of the average inbox and what Marc Smith, Microsoft's research sociologist, thinks software should do about it.

Higgins is one of the interesting individual developments in identity that will go to make up an identity metasystem; enough small pieces and I won't have to call it Kim Cameron's idea for an identity metasystem, or designate it in any way because it will be widespread enough to really be a metasystem. Breaking identity up into little pieces tightly managed is one of those ideas it's easy to dismiss because it's a big thing; everyone has to play if it's going to work because it has to work with everything. It's like my childhood reaction to learning about communism; 'what a nice idea, it's a shame people aren't actually like that' (a hardened cynic by the age of 11). TCP and printer drivers were big ideas; one of them won because it was obviously a better solution, one because it made things easier for users and developers. (Guess which I think is which!). There are enough people and pieces and players and financial penalties coming together that we might get Identity 2.0. I'll be writing more about this for DevReg, covering Intel Research's project and what PGP is up to these days.

SNARF is one of those nifty tools that can dig you out of a hole (I'll point it at the email I skimmed whilst travelling in case I missed anything crucial) but it's only a prototype done to find out what people need. The nice thing about that is that if baby steps are useful, bigger lessons might be another big shift. The principle I took from my AI degree was that we don’t know enough about why we work the way we do to emulate or simulate it usefully, but we do know enough to start making interfaces that make it easier to work the way we do.

Marc Smith is hugely fun to talk to and a joy to interview, because he comes out with lines like No one is giving me more heartbeats per day or more minutes; there is no Moore’s Law for humans. I am not becoming twice as intelligent and half as cheap; if anything the cost is going up and I’m slowing down."

In my DevReg piece about Implementing InfoCard and the identity metasystem, I said that IinfoCard is 'less a replacement and more of an antidote' to Passport. One reader rightly points out TRevin's post that InfoCard supplements rather than replaces Passport

Perhaps I should have said successor; it's a replacement in the sense that MSN et al will at least supplement their use of Passport with InfoCard logins that will be part of the identity metasystem if other sites choose to honour them - but it certainly doesn't work the same way or do the same thing and Pasport is adding infoCard to Passport rather than dropping the Passport system. I didn't have space to go into the claims handling and other basic functionality of InfoCard, which make it very different from Passport per se. The way I think of it - and the way Kim Cameron phrases it when people hail him as the slayer of Passport - is that that he was one in a long line of people to explain what was wrong with Passport and that acknowledgement led to a search for what would be right.

Incidentally, I wasn't able to read the MSN Spaces site from my BlackBerry the way I usually browse the Web on the go, because Vodafone marks it as potentailly adult content - and asks me to pay £1 to take the contnet block off my account. Admirable caution or nanny state? How many teenagers will have BlackBerry-capable SIMs? Surely the Sidekick is the teen BlackBerry?

My first piece for the Developer Register is online now, covering Implementing InfoCard. There have been plenty of pieces on the philosophy and the politics of InfoCard and the identity metasystem, but I wanted to concentrate on the technical and implementation details - all four will have to work for anything to succeed. MIX 06 was excellent timing because I was able to get the latest details from the InfoCard team and talk with Kim Cameron and Pault Trevithick together, explaining why InfoCard and Higgins actually complement rather than compete.