I like OpenID and use it wherever I can in preference to having to remember yet another stupid password. I was just prompted to move from del.icio.us to Ma.gnolia precisely because the redesigned delicious refused to stick my login into my keychain. Ma.gnolia supports OpenID as well as other goodies such as Microformats. Shame about delicious, I joined them June 2004 but kudos for providing such an easy migration path.

Where I currently wouldn’t use OpenID is to login to my bank account. That’s not so much due to the protocol being less secure than the mind boggling complex alternatives but because even if my bank accepted OpenID I’d have real trouble choosing a third party provider trustworthy enough to hold my banking details. I can imagine a bank or some other regulated body, cough, is best placed to provide such a service, because it ain’t Livejournal, Flickr or Google and sure as heck isn’t Microsoft.

That’s not to say I want a party to vouch that I am really me to the bank, just somebody I can trust with my password, cert, PIN, eyeball hash or whatever it is I choose to vouch that me meatspace is that thing, cyberspace.

As for Microsoft soon becoming an OpenID provider, it is great news, but surely no surprise given they already announced it. It’s also worth a small reality check. There are already lots of OpenID providers to chose from, probably because it’s a seen as low risk “quick win” to become one, and because being a provider is a great way to centrally track your users logging into other sites. What we actually need now are more OpenID relying parties

Or to put it another way: consumers, consumers, consumers

I’ve been asked by the parents of an enthusiastic 14 year old computer nut for some fun “ICT” reads. Resisting an urge to cry “oxymoron”, I morphed what sounded like a request to reinforce the current curriculum of government procurement writ large in today’s schools into a subversive introduction to old school free software and hacker culture:

Actually, I’m unhappy with the fifth choice so wondered about Eric S. Raymond’s The Cathedral and the Bazaar mainly for the How to be a Hacker essay, Fred Books‘ The Mythical Man Month as an entertaining glimpse into large scale computer development, chocked full of great adages such as There is no Silver Bullet, Paul Graham’s Hackers and Painters because it says, it’s OK to be a geek and encourages learning LISP, and the rather dense Beautiful Code, for once he’s actually smitten with programming.

So, dear LazyWeb, did I do wrong? What other gems did I miss?

Twitter Bio:

I never reveal my sources. I always give attribution. I never use absolutes. I am never conflicted.

vanity |ˈvanətē| noun:

1. excessive pride in or admiration of one’s own appearance or achievements
2. the quality of being worthless or futile : the vanity of human wishes

demanding |diˈmandi ng| verb:

1. ask authoritatively or brusquely
2. required to work hard, to meet high standards

As someone who has put too many photos on Flickr, made the odd mad poster, jammed together a bunch of slideshows, recorded one or two stupid videos and scratched out the odd rambling blog post, I’ve found great value publishing under a Creative Commons (CC) license. For me, Creative Commons has one important feature: people don’t need to ask before quoting, reproducing or otherwise reusing my stuff in their stuff, which in turn means I don’t have to be bothered by people asking for permission to use stuff. For whatever. Great!

For the most part this has worked extremely well, though I still receive half a dozen or so permission requests a week, often from people oblivious of the CC license, or who are sat behind automated services such as Schmap or Now Public which seem to blindly crank out request emails. Then there are old word print publishers and film makers who need a physical declaration the work is really mine. On more than one occasion I’ve answered the phone only to be asked to print out, sign and send back a release form just so they can use my thing. Puh-lease! I have helped a couple of people out in this way, but as time goes on, access to things like Word, printers, fax machines is getting harder and my tether, shorter.

With CC I can also choose to prohibit commercial use, I don’t. I can also demand attribution, which I do mainly because the Flickr License Preferences doesn’t include anything like the wonderful WTFPL which is a shame, because I think there is great value in a burgeoning Public Domain. You see, I maybe too cool for school, but I’m really not bothered about maintaining control. I’m just happy for people to use my stuff to make the Web a bigger, and hopefully, better place.

The antithesis of the commons idol I’m describing, is an unloving world of bizarre controls, in your face bouncing adverts, intrusive watermarks, copyright notices longer than the meanest of extracts, content hidden behind member and pay walls. Worrying about not being ripped off, whilst presumably enjoying the collective fruit of the commons strikes me a little like drinking from the village pump, processing it, then selling the results as mineral water. But these days are all numbered. I was tempted to Fisk the article Why Photographers Hate Creative Commons, until seeing how many commenters had already called “FUD“. Positions such as this, are a cry from the past for help to maintain yet another broken business model dependent on creating artificial scarcity, unable to compete with the commons and a world of “free”.

All of this hippy-happy talk of freedom is not to say I don’t like attribution. Like most proud people, I crave it, in particular links to my blog or the photo, because on the Web and with Pagerank, to link is to love. I also enjoy receiving notice, a short email which says, “you might like to know, we used your photo in this blog post”, or even an offer to donate to a good cause can really brighten up the day. Such acts are great for the personal pride, whilst helping build the commons. Making the world a better place is good enough reason for us all to exist, and we can do that whilst farting around. Don’t let anybody tell you any different.

If someone does find giving me attribution too demanding for them, or not appropriate to the form of their work, then so be it. Chances are my demanding it will be in vain, and if it’s someone who really should know better, chances are they’ll be found out. When a company copies a work or even an idea for an advert from Web culture, or infringes a Creative Commons License, they lose credibility, damaging what little good the original campaign may have done for them. Even without demanding, should you care enough about someone not giving attribution, you can enlist everybody’s help to embarrass a leech, and whilst a Creative Commons legal challenge is of great use under the current world order, simple embarrassment will often work better, especially as more people get a clue and understand the high value of politeness.

Sadly, in the bucket marked “impoliteness”, we find the BBC. This is possibly surprisingly given the number of great people who work there, except when it comes to intellectual property, the BBC has been overly sensitive to the 20th century publishing world, and yet are empirically less loving when it comes to the commons. Take the experience of Cristiano, who has some great shots on Flickr, some of which he’s proud of appearing in Flickr Explore ¹. In an article about Girl Geek Dinners, the new site used a couple of Cristiano’s CC licensed pictures including one of Sarah Blow. Great! Unfortunately, Initially they put a text credit in the image alt tag, something only momentarily visible when hovering over the photo in some browsers and unlikely to show up in an ego search. Certainly that wasn’t in the spirit, if not the letter, of the clear CC guidelines for crediting material in your work ². Cristiano failed to see his credit and the BBC responding quickly, added a line beneath the pictures “(Credit: Cristiano Betta)”. The bare minimum one expects is a link from the image to the original photo page and politeness would demand a link to Cristiano himself, and given the content of the article, to Sarah. Badly Behaving Corporation.

Watching this unfold on Twitter prompted my snarky tweet:

Giving clear attribution is politeness. Demanding attribution, vanity.

to which Kevin, the Web man’s Web man, coined a fabulous snowclone of The Robustness Principle ³:

@psd postel’s law of attribution? “be liberal in what you attribute, conservative in attribution you demand?”

Here’s the nub: good things come to those who publish, share, relax, don’t care because ..

Notes:

1. For the record, and my own vanity, I also have some photos in Flickr Explore. Mostly they’re old and teh suck.
2. I notice Cristiano’s Profile now explains his preferred method of attribution, probably as a result of this experience.
3. As a sometime serial implementer of the FTP protocol, a grey-bearded face stared out from a photograph on my desk. I never had the pleasure of meeting him, but he is sorely missed, even after 10 years.

Credits: this blog post is in the Public Domain, and was brought to you from the crowded, lumpy seats of London Midland Trains, smooth goodness of a Monmouth Coffee and the apposite tunes of Texas and Carly Simon. No animals were harmed during the writing of the post, but if I get my hands on the cat that crapped on our lawn ..

Roy is on something of a crusade, pushing back on many publishers of HTTP interfaces who claim to be RESTful. I particularly like the latest: REST APIs Must be Hypertext Driven. Unfortunately the Word of Roy may be a little too divine for comprehension by many sinners, so at the risk of invoking the wrath of the posse, I’ll try and simplify.

If you insist on using the word “REST” in association with your API, ensure you:

• Use URIs to Identify Things, and ensure the URIs make sense independently of how those things may be accessed.
• Don’t bugger up standard protocols. You might think you have a better take on the authentication mouse trap, or an insight into how to make the Web transactional, but adding your own magic headers to HTTP and the chance is you’re adding state beyond the URI. Above all, don’t kill the bookmarking experience and testing with bog-standard, service-ignorant browsers.¹
• Expecting people to follow meta-data, instructions or documentation given out of band, in particular which URIs to GET, POST, PUT, DELETE, to or the content to POST isn’t RESTful. It’s much better to return links to other representations, or forms to update and otherwise interact with a resource ².
• A representation of a resource should contain links to other resources. Again, expecting people to follow instructions given out of band for templating URIs isn’t RESTful ^3.
• Use widely understood and agreed upon representations, e.g. HTML, JSON and simple XML, and don’t give different people different experiences of the same URI, that prevents exchanging bookmarks and kills many caching scenarios ⁴.
• You should be able to bookmark any page, exchange bookmarks and pickup where you left off. That is, the URIs should be cool, and shouldn’t depend on cookies or other states. You shouldn’t need a set of “click on this, then that, then the other” instructions to get to a page, a single bookmark must be enough.

Notes, or how The Web subverts REST:

1. It isn’t a knife-edge, but often what differentiates meta-data from a form is a form is a document with links to actual resources, served as part of an interaction with a Web site, close in time before the interaction. It’s a moot point if descriptions such WADL or WSDL are forms or meta-data, but most people would say the latter because they’re often abstract, baked into software and don’t give a human that click-through experience in a browser.
2. I suspect authentication tokens may be just about acceptable as external state, but only use a widely adopted scheme, usable in browsers such as OpenID and OAuth for delegation, though it’s arguable exactly how RESTful these schemes are.
3. It’s arguable that a HTML form with an action of GET is a way of templating URIs, and we all think that’s fine - see note ¹.
4. Practically speaking, my experience of my profile page isn’t always going to be your experience of my profile page. The state introduced by authentication changes that.

Of course some more puritanical souls like myself would question the use of the word “API”, after all, The Best Web APIs are just Web Sites.

Following on from The Web is Agreement, The URI Is The Thing is an attempt to explain the value of REST, in particular to the poor lost beleaguered souls sentenced to work in middleware hell.

There are several few visual allusions, that is I copied a lot of stuff including: Hieronymus Bosch, William Blake, Martin Wells Knapp, as well as the covers of Cosmographical Glasses and The Hobbit. For more influences, see my Scrapbook.

I was disappointed not to come up with a clear metaphor for separating representation from interaction. After publication, Phil suggested a vending machine with XML, HTML, JSON, etc radio buttons, which would have worked nicely. I also spent far too much energy exploring the dark side, in particular faux Web technologies and the dangers of outsourcing your strategy to purveyors of closed source lock-in. What I am proud of is the way progress comes from a series of places rather than actions, that is nouns, not verbs. Thus the drawing is itself quite RESTful!

This is published under a CC license, and is available as high resolution PDF on archive.org [Digg] [Reddit].