It seems that the Radio Web Bug system is not for public pinging (yet?) so I've taken it down again. Don't try this at home, kids.

Who needs banks anyway. : It is logically unnecessary, and very inefficient, to send all of our transactions through banks.

A couple of days ago I said I might code something up to get VoidStar to ping Userland's Radio Community Server Web Bug thing with the counts of new items on the feeds I'm collecting.

Well it's running.

So, Dave comes up with a new idea, publishes the interface and other people join in. Great!

That previous rant was of course me going off half cock as usual. A bit more digging turned up the Passport SDK documentation. In the appendix at the back is a section on installing Passport support on non microsoft servers. It appears that somewhere there is a set of code that ends up as Apache .so, CGI and NSAPI code for Solaris, Red Hat Linux, FreeBSD and HP-UX. The objects are accessed from C++ CGI or Perl ASP (whatever that is). And Passport support is to v1.1 not v2.1.

Now most of this is going to be pretty much impossible on hosted servers, so I'm not going to pursue this any further for the moment.

And I'm left with a nagging doubt about the protocol that's actually used between the Server Passport code and the Passport Nexus (MS term for the Passport centralized authority server). Was it too much to hope that this was a documented SOAP interface? Or can we speculate that MS wouldn't have been able to secure this interface sufficiently using SOAP in it's current state?

Now I'm definitely not saying that MS MUST do better than this in supporting non-MS environments. They're a commercial organization and must do what they see as best for their business interests. But let's call a spade, a spade. Passport may be a bit more open than previous functionality but it's not open in the sense of a documented and supported SOAP interface, callable from other platforms. And I suspect that this story will be repeated in many other areas of .NET MyServices.

So here's a question. How do you enable your website to use Passport for authentication? If it's built with Apache on *nix? Because after all Passport uses SOAP, right? and it's a standard that anyone can talk to, right? And MS want to encourage the other 60% of websites to support single sign in via Passport, right?

So you go to passport.com, which leads you to the Passport dev zone on MSDN, whch leads you back to passport.com dev zone, which says the docs are in the SDK available from the MSDN downloads site. So you download a couple of megabytes of SDK setup file. And run it. To be told that you need to install it on a copy of NT Server. So you dig a little deeper into MSDN and it becomes obvious that Passport support on a website actually requires a set of ISAPI DLLs and is consequently tied completely to NT, 2000 or XP Server.

Now why am I not surprised?

So I guess it's off to PingID and Liberty to see if they can do any better. Or maybe I should just implement the Drupal multiple authentication code which can already check your id from : Blogger, Delphi Forums, Drupal, Jabber, Manila, Yahoo. Because after all I want Code Now, not vague promises of Jam Tomorrow. Dammit!

I don't often read Spiked mostly because I'm too busy trying to keep up with all the technology. But every time I do I'm enormously impressed with the quality of writing and the level of research that goes into it. And because they frequently take a contrary line to the more immediate media. This one is excellent and poses some serious questions. America's axis-tential crisis President Bush's 'axis of evil' tells us far more about the USA than about Iraq, Iran or North Korea.

The one annoying thing about the website is the tiny font they use for the main body text, but that's easily dealt with.

Here we go again. "Dear Yahoo! Groups Members, The service is down for maintenance. During this time the web site will be unavailable and all email will be queued. All email sent during this time should be delivered once service has resumed, but further delays may occur due to backlog. Please do not resend email to your group. I apologize for any inconvenience this may cause. The Yahoo! Groups Plumber"

The O'Reilly Emerging Technology Conference promises to be one of the best conferences of the year. So how do I get myself to it?

I've been vaguely watching Userland's latest corner turn, the beginnings of the Radio Community Server. It looks like it's time to see if non-Userland clients can play too.   

So the latest version of War in Afghanistan is not over yet. Perhaps we should remember that the Russians were there for 10 years and eventually got their asses kicked out. Just like every other invader in the last Millenium. So how long will the US stay there?

With all the shenanigans around Morpheus, I thought it was about time I go and check out Gnutella again. One download and install of Bearshare later, I was up and running and collecting a Timo Maas track. I have to say that Gnutella still has this "not quite ready for primetime" feel about it. It does basically work, but in Bearshare there's still a bit too much weird parameter setting going on. I know plenty of people who would manage to screw this up due to lack of technical knowledge and some weird home firewall that someone else setup. Interesting that even Bearshare has a Heart of Iron as it's first point of call as it tries to find an entry point to the network is three Bearshare.com servers. Making a genuinely distributed starting point is a non trivial problem. And as long as there are persistent initial starting points, they will be attacked either legally or technically.

I haven't done a "what's playing" blog for ages. Well yesterday I had one of those marathon tech days where you reboot Windows endlessly trying to get networking to work. The scary moment is when everything's apparently up but you have no DNS, despite being able to ping both DNS servers. Lots of dead chicken waving going on, in fact I was right out of dead chickens and ended up waving a dead albotross. And all because NTL Cable has a DHCP server that ties a lease not to the cable modem but to the Ethernet card behind the modem. So if one setup works, swapping to another machine won't work until the lease expires in 4 hours.

Anyway, I digress. In the background, was an early Global Underground CD of Paul Oakenfold in NY, followed by the Carl Cox compilation on one of those Essential Mix sets, and finally Fila Brasilia "Another late night". I find this sort of Dance quite soothing on low, even though it's designed for playing at 11. 

Here's a completely unretouched (hah!) photo that's been discovered of Buzz Aldrin, on the moon wearing his Masonic apron and sash, thus proving once and for all that the Moon landings were faked by people manipulating us for their own dark eldritch purposes. When you realize that the word NASA contains two pyramids, all becomes clear.

The Austin Chronicle Screens: Information Wants to Be Worthless : The Net is becoming the planet's water cooler. It's all about the schmoozing and the gossip Great, great, great article by Bruce Sterling.

Metafilter | Comments on 15214 : Today with the release of Morpheus Preview Edition, now connected to the Gnutella network, you can witness its 345 trillion (sic) users put the Gnutella network to the test. In a little over a couple hours it has grown to roughly 3 times the size it was last week, and still going strong.. how much bigger can it get? A CNET comparison has Bearshare being the most effective at finding songs. Presumably Morpheus will now match it. The one issue I have with Gnutella is that in my experience, it expands to fill your bandwidth. That's not so good if you're on a cable modem or DSL where the small print says "no servers". Your're drawing attention to yourself.

Truly excellent analysis of the recent Dvorak kerfuffle.The Register : Even our favorite blogs are unapologetically self-referential. Dan links to Dave and Doc and Glen. Dave links to Dan and Doc and Glen. Doc links to "new">JoHo, and so do Dave and Dan. Yup, that's the old "Via Trail"

Need a Dead Man's Switch to blow the whistle electronically and encrypt the evidence, if you don't sign in periodically? Well here it is from ArsWare: (It ain't your mama's software). Dead handy for the corporate desktop. Just don't forget to turn it off for the two week break in the summer.

Meatball Wiki: ConflictResolution : Collected on this page are some techniques to resolve [online] conflict.

Especially AssumeGoodFaith.

There's a CERT Advisory about a potential exploit in PHP. If you don't have access to php.ini or are unable to get your hosting company to upgrade PHP, create a .htaccess file in the root of your htdocs area. Include in it these lines.  

<IfModule mod_php4.c>
   php_flag file_uploads             off
</IfModule>  

This will disable file uploading which is a key part of the vulnerability. It will of course also prevent you from using file uploads.

Scripting News reports Mike Gray found an even lighter Google. I really like the IE extension that converts the Search button into a link to Google. Check this page for other options.