Seth’s Blog: Validation is overrated.
“If you’re waiting for a boss or an editor or a college to tell you that you do good work, you’re handing over too much power to someone who doesn’t care nearly as much as you do.”
Just a bit of reminder that while feedback is great, getting it done is way better.
As of next Monday, I will officially be in the employ of 
Canonical as a member of the Ubuntu Server Team. Please come say hi if you’re going to the Ubuntu Developer Summit in Belgium, as I’ll be there all week (try the fish!).
I just happened upon a site that mentioned bubbl.us as a way to brainstorm. Cool tool. I played with it and decided I wanted to keep the data I had put in it to play with later, but was annoyed that I had to create yet another user id+email+password combination on yet another site that I probably won’t visit again for a long while. Plus, say I want to add it onto my facebook wall. Facebook might be able to extract the images, but they might now. How lame is that?
My current solution for the login problem is less than ideal. I use the java program Password Safe to save my accounts+passwords, which it generates randomly. The pass phrase for my password safe is pretty complex, and I change it on about an annual basis. The program re-locks the safe after 5 minutes of inactivity, so this is reasonably safe against casual compromise. Of course, keyboard shoulder surfing and a subsequent theft of my machine (or temporary control) could render it useless, but I’m willing to accept those risks and do what I can to maintain control of the laptop. If somebody steals my laptop, unless they can crack the encryption quickly, I feel pretty good that I’ll have enough time to restore from backup, change all the passwords, and set a new combination.
However, this is basically as good as our current “status quo” of online fractured identity can get. And I still don’t have anything to bring all of my online presence together.
I recall with fond memories watching Dick Hardt’s amazing Identity 2.0 presentation from the audience at OSCON 2005. I came away thinking to myself “oh good, somebody is on it.” I put it out of my mind as a systems administrator with a lot of things to think about on the backend, and no real concern for the frontend.
Fast forward 5 years, and I see that we’re not much better off now. Dick Hardt’s company Sxip produced Sxipper, which is pretty cool, but still puts it on the users to safeguard and manage their data. Oh and really, I never heard about it until I went looking for Sxip again, and I don’t know anybody using it, I think its just a cool curiosity, not a solution.
This really is an issue that affects people, but they may not know it. Look at the trouble this guy went through to make google accounts useful for people with multiple email addresses. As we start sharing and sending and moving data, our identities clearly can’t be defined as email addresses anymore. I have 3 that I use a lot, and a couple of others that just refuse to die for whatever reason. Changing them means trying to find every site on which I’ve used them. UGH.
OpenID was, and still is, a promising direction. There are some definite security pitfalls in the way its been done in the past, but I think they’ve solved most of them. It doesn’t really satisfy Dick’s Photo ID requirement where the issuer doesn’t get to know what you’re using it for. Still I love when I sign up for a site and I can use my OpenID login. I use my launchpad.net account for this, mostly because it was the first site that had a very clear “this is your open ID url” link.
FOAF-SSL or “WebID” also seems interesting as a way to promote social credibility and utilize existing technologies rather than try to invent the whole thing. Even twitter seems to have rudimentary support. But its still a long way off from being in control of our identity. Given the meager number of relying parties, I’d say it may not ever get there, which is too bad.
So now I’m just confused. How and when are we going to get this done? When can I say “this is me, here’s some proof that this is me, now lets get something done.”?
Social networks sort of try to do this with the social proof of many friends. But at issue there is how closed off those social relationships are. Facebook wants me *on Facebook*. They don’t want to enable me to also use myspace or my Ning community seamlessly.
Until we as users know why we’d want that, and somebody is able to provide it, I guess I’m just stuck with my password safe.
Seth Godin’s recent post about responding to discussions about things you don’t understand has got me thinking about hiring people.
When involved with a staffing decision, I look for one trait in particular above all others. If you don’t know how to say “I don’t know”, and ask for an explanation or help, then you’re not really smart. You don’t have a good process for learning. You may have a mountain of knowledge in your head, but it is surrounded by a huge, impenetrable ego shield, and so, cannot ever be added to. Its like you took the sum of what you knew, and stuffed it into a snow globe. When people shake you up.. sure.. its pretty, but thats all there is to it.
I’d rather work with people who are open to having their entire belief system about certain subjects shattered by a better idea. That doesn’t mean that you shouldn’t stick to your guns and assert your own ideas and beliefs. It just means, when challenged, be like the Zen Buddhist Aikido master and flow with the force of the attack, and when possible, use it to your advantage.
(No google will not help you with the “trans-doran complex”. I’m hoping that upon seeing it you were curious, and after googling for it and finding nothing of substance, considered asking what it is.. 