peat dot org

RPX is a service from JanRain that makes it easy to accept OpenIDs for your web app.

Why is RPX useful?  Aren’t there a bunch of OpenID plugins out there for [favorite language] or [preferred web development framework]?

There are a lot of libraries and plugins for a lot of platforms, but most of them have three problems: complexity, incompatibility, and poor usability.

The Old Way

Complexity:  Most of the existing tools require you to build database tables and maintain extra libraries on your production systems. I like to avoid tools and libraries that step on my schema and cause extra maintenance work, and I expect you do too.

Incompatibility:  Most current tools don’t fully support OpenID 2.0, which is a deal buster when you’re trying to build a site for anyone who wants to accept i-names or directed identities.

Usability:  Existing plugins don’t usually provide a user friendly interface for the vast majority of people on the web. User experience matters, and it’s nice to get a helping hand when it’s available.

RPX solves these issues in one swoop — it’s mercifully simple, feature rich, and user friendly.

Did I mention free? That’s nice, too.

Seeking Simplicity

Here’s what it takes to get RPX running with your app:

• A free account on rpxnow.com (premium accounts are available if you need extra features).
• A dab of Javascript on your login page (provided by rpxnow.com, example below).
• A few lines of code on your server side application (example below).

It took me less than half an hour to get it running the first time.

Feature Rich

Full support for OpenID 2.0 is a great thing — and not having to worry about future OpenID enhancements is even better. But wait, there’s more: RPX provides authentication statistics, a testing tool, and a well documented API. It also lets users authenticate with their Facebook and MySpace profiles. It’s the gift that keeps on giving.

User Friendly

RPX provides your visitors with a an attractive dialog that ushers them through the OpenID authentication process. Even if they don’t know what OpenID is, there are big friendly buttons that will help them use their accounts at Yahoo, AOL, Google, Facebook, or MySpace. As more providers come online, RPX will update that interface on your behalf.

How Does It Work?

In a nutshell, RPX is a hosted service that handles the nitty gritty of the OpenID authentication process for you. The only work for you is fetching the authentication information from the RPX server.

The flow looks something like this:

• I come to your web app and click the link to login.
• The RPX interface pops up and prompts me for my OpenID.
• After I authenticate with my OpenID provider, the RPX server directs me back to your app with a unique token.
• Your app queries the RPX server with that token, and gets my authentication information in return.

Pretty straight forward. What’s that look like in code?

A specific example (with Rails) looks something like this:

The view (HTML + JS):

<a class="rpxnow" onclick="return false;" href="https://your-com.rpxnow.com/openid/v2/signin?token_url=http://your.com/rpx">Sign In</a>

<script src="https://rpxnow.com/openid/v2/widget" type="text/javascript"></script>
<script type="text/javascript">
  RPXNOW.token_url = 'http://your.com/rpx';
  RPXNOW.realm = "mysite.com";
  RPXNOW.overlay = true;
</script>

The token_url in the link and the javascript points to a URL on your site, and the RPXNOW.realm is your OpenID authentication realm (typically the root URL for your site).

Rails handler at http://your.com/rpx:

rpx_token = params[:token]

rpx = Net::HTTP.new('rpxnow.com', 443)
rpx.use_ssl = true
path = "/api/v2/auth_info"
args = "apiKey=#{RPX_API_KEY}&token=#{rpx_token}"
http_resp, response_data = rpx.post( path, args )

rpx_data = JSON.parse( response_data )

Briefly stated, this code:

• Collects the token parameter from the user’s request after they authenticate.
• Performs an HTTPS POST against the RPX server containing that token and a secret API key.
• Parses the JSON response into a usable format — in this case, a hash named rpx_data.

This isn’t limited to Rails, of course. Every major development language and web framework can set up an HTTPS connection and parse JSON … and if JSON isn’t your style, you can get an XML response instead.

Real World Use

This morning I converted the OpenID Foundation’s membership website to use RPX, and ditched the old plugin I hacked up to support the OpenID 2.0 features. If you’re interested in seeing it in action head on over to their site: https://openid.net/foundation/members

I also encourage anyone who’s interested in the future of OpenID to become a member. Individual memberships are cheap, and the pay off is big — you can participate directly in the election of board members, review and ratify specifications, and participate in working groups.

Feedback

Still confused? Know of a better solution? Leave a comment, let me know!

I came up for a gasp of recreational Internet surfing this afternoon, and found myself on the Criterion Collection site. Criterion puts a ton of money and effort into restoring and releasing classic films on DVD (and Blu-Ray soon enough) — including two of my favorites, Seven Samurai and Hard Boiled. Basically, if you’re a film nerd, you should buy everything Criterion produces, and if you know a film nerd, Christmas is right around the corner.

Two things got me excited on their site. First, they’re opening an online cinema. For $5 you can watch a movie as often as you like over the course of a week, and those greenbacks get credited to your account if you want to purchase the real deal to play on your home entertainment system. I’m a little skeptical of the quality of the streamed video — if it’s anything like Netflix, it’ll be chunky and pause to rebuffer right when you wish it really wouldn’t — but bandwidth keeps getting better so I’m sure it’ll be fast and fluid in the near future.

Which gets me to Netflix. I think I pay $9/mo. for the basic unlimited package, but I still get to stream as many movies as I like. Great for casual movie nights. I’m looking forward to when The Sopranos become available. The only downside is the above mentioned streaming quality. When it’s running, it’s pretty darned good … but after 15 minutes the network will crap out and I’ll have to grab a drink while the buffers refill. My inside man at Netflix swears up and down it’s a problem with Comcast and their throttling policies. Boo.

Anyhow, back to my original story of clicking around on the Criterion site. I’m super excited to see them working with The Auteurs, a social networking site for film aficionados that has been in the works for over a year. Hats off to Efe Cakarel for seeing it through. The world desperately needs an alternative to the eye-gougingly terrible IMDB forums.

Alright. Back to work for me. Gotta tie up some loose ends before Turkeyfest 2008.

Last month I (finally) switched from NetNewsWire to Google Reader. It works great from the desktop or the phone, but the feature that really motivated me to switch is sharing articles that are particularly entertaining or enlightening.

Here’s Peat’s shared items. You’ll probably notice I’m a fan of Boing Boing, Make Magazine, and a heap of odd nerdly things.

Feedburner says most of the people who read my blog are also using Google Reader, so if you’re sharing articles, I’d love to read ‘em!

If you’re interested in listening to some really fascinating lectures, check out the Long Now Foundation podcast. The goal of the Long Now Foundation is to promote long term thinking — where long term is on the order of 10,000 years. They’ve rounded up some really fascinating people, including Peter Diamandis (the X-Prize founder), Brian Eno, the Dyson siblings, Bruce Sterling, Ray Kurzweil, and dozens of others.

There’s around 50 lectures currently available. Definitely worth checking out.

I’m starting to think that that the greedy assholes who got us into this financial crisis are the same ones who are saying “trust us, we know how to fix this, all you have to do is give us your money.”

I’ve been trying to sort out a pretty simple question:  when the government starts cutting fat checks to financial institutions … who is getting the money, and why?

Seriously.  I don’t want to hear “it protects the integrity of the financial system” because that explains nothing.  I haven’t seen any clear explanations of how this bail out works.  The media is worthless on the topic.  Every time I read an “analysis” I end up with the same question:  who’s getting my money, and why?

The only concrete facts I’ve found are in the bailout proposal. Simply put, it authorizes the Secretary of the Treasury to buy mortgages with no strings attached and no oversight, while protecting him against any legal or administrative review. Not particularly confidence inspiring. [update: thankfully, the proposal has been amended to provide some teeth and oversight]

Following the dollars doesn’t get me anywhere either. First, I pay my taxes. Second, a guy who demonstrably sucks at at fiscal policy uses his best judgement to buy bad debt from a herd of banks. Then what?

I really hope I’m missing something here, because it looks like the people who caused this entire crisis are still in the pilot’s seat, are still making a grip of cash, and are being relieved of the problems they created, all at my expense. I don’t see any incentive for reform in the private sector, and I don’t see any incentive for the government decision makers to behave responsibly.

To be clear, I’m not trying to be a negative nelly, and I really don’t have a problem with paying the money.  If my share of the $700B helps prevent us from returning to a financial stone age and a banking monopoly, I’m all for it.  I just want to have some confidence that there are sound economic principals behind the actions, that there is a reasonable system of checks and balances to help protect against further abuse, and that the dickheads who got us into this mess aren’t buying new yachts.

I hope my economic angst can be soothed by the collective intelligence of the Internet. Or, more likely, one of my friends who works in the financial sector and has an educated opinion on the matter.

Who’s getting the money, and why?

Yesterday, a quarter million people in Africa joined the global communication network when they bought their first mobile phone.

The number of new mobile phone accounts has been growing at a rock solid 10% per quarter for the last five years — an exponential growth curve. If the trend continues, 80% of Africans could have a mobile phone within the next three years. That’s half a billion new people gaining the ability to instantly communicate beyond their immediate surroundings, to share news, to conduct businesses, to connect with people anywhere in the world — not just through voice, but also through data: SMS, e-mail, and the web.

Of course there are political, cultural, and technical issues to be overcome to maintain this phenomenal growth rate. The curve will inevitably flatten and slow as the market saturates.

Never the less, another quarter million people will become connected today.

And tomorrow.

And the day after.

What is this leading to?

These are the thoughts that keep me up at night.

Imagine that every village in Africa had a small box. Each day, the people in the village would tell the box what they had to sell, and what they needed: food, tools, livestock, and services. Some days, the box would travel with one of the village children to the local school. Other days, it would travel with an adult to the local market.

When the little boxes come close to each other at the school, or in the market, they exchange information. While the children are learning, and while the adults are working, the boxes are finding opportunities — discovering who has corn to sell, who can service a tractor, who wants to buy a chicken. In the blink of an eye, in the casual passing of strangers on the road, the boxes are silently comparing and discovering the inventory of entire villages.

A match is found, and the boxes chime. The strangers greet each other and negotiate the exchange.

Now, imagine that a school teacher is trusted to carry information from all of the villages her school serves. At a small monthly gathering of educators, the inventory of hundreds of villages is compared, and the network grows beyond the local community.

At a regional market, a vendor sells mobile telephone time.

Through the mobile phone network, the little box connects to a central market. In an instant, the inventory of the whole nation is available to the village, and the village is available to the nation.

Through the network, the little box connects to a bank. The little box understands different currencies, and can conduct transactions around the world.

Today, that little box can be mass produced for under $200 — it’s roughly equivalent to an iPhone. In ten years, it could be made, distributed, and sold for under $10, a price point that makes it accessible to billions of people and millions of villages around the world.

What keeps me from sleeping is the knowledge that everything described above is possible, with today’s technology. That’s exciting. It gets my blood pumping.

It makes me want to do something.

This morning I listened to a presentation about how mobile phones are a significant catalyst for economic and political change in the developing world. The case is compelling: mobile phones are productivity tools that allow people to more efficiently buy and sell goods, share important news, and coordinate activities across greater distances. Political change precipitates from this process, because mass communication and economic empowerment give disenfranchised people a voice in the political process.

That’s the first wave of technology driven change that most people in the world will experience. It’s happening right now, and it’s changing the lives of millions.

Which gets me thinking — in ten years it could cost under $10 to build a mobile device equivalent to the iPhone, thanks to Moore’s Law. With an open source operating system (like Google’s Android), and an open hardware platform (like the Neo FreeRunner), a remarkable new level of capability and opportunity will be available to the people and communities who can only afford bare bones mobile phones today.

What happens when a village gets e-mail? What happens when an individual can pre-buy and pre-sell their goods in a much larger market? When complex personal and business interactions can be documented and time shifted? When microloans, expert advice, and education is just a tap away, and literacy becomes a critical part of every day life?

I suspect the answers are good. Economic empowerment. Social enlightenment. Political reform.

I think mobile phones are the fastest and most obvious way for these tools to get to the people who need them most. I’m interested in connecting with people who are similarly inclined. Who should I talk with?

Banksy spends some quality time in New Orleans. Article and photos at Juxtapoz.