From the press release entitled Microsoft Unites Xbox and PC Gamers With Debut of Games for Windows — LIVE we learn

REDMOND, Wash. — March 14, 2007 — Microsoft Corp. today announced the extension of the Xbox LIVE^® games and entertainment network to the Windows^® platform, bringing together the most popular online console game service with the most popular games platform in the world. Debuting on May 8, 2007, with the launch of the Windows Vista™ version of the Xbox^® blockbuster “Halo^® 2,” Games for Windows — LIVE will connect Windows gamers to over six million gamers already in the Xbox LIVE community. Then, launching in June, “Shadowrun™” will for the first time connect Windows gamers with Xbox 360™ players in cross-platform matches using a single service. “UNO^®,” releasing later in 2007, will also support cross-platform play between Windows and Xbox 360.

This is pretty cool and I saw some of the demos when I was at CES in January. The funny thing is that one of my coworkers told me that we were announcing this soon but I thought he said "Games for Windows Live" so I thought he meant we were rebranding MSN Games. I didn't realize it was actually "Games for Windows — LIVE". This might get a tad confusing.

Brendan Eich has a post on the Mozilla roadmap blog entitled The Open Web and Its Adversaries which references one of my posts on whether AJAX will remain as the technology of choice for building Rich Internet Applications. He writes

open standards and open source both empower user-driven innovation. This is old news to the Mozilla user community, who have been building and feeding back innovations for the life of the project, increasing over time to include Firefox add-ons and GreaseMonkey user scripts. (BTW, I am pushing to make add-on installation not require a restart in Firefox 3, and I intend to help improve and promote GreaseMonkey security in the Firefox 3 timeframe too.) Without forking, even to make private-label Firefoxes or FlashPlayers, users can innovate ahead of the vendor's ability to understand, codify, and ship the needed innovations.

Consider just the open standards that make up the major web content languages: HTML, CSS, DOM, JS. These mix in powerful ways that do not have correspondences in something like a Flash SWF. There is no DOM built inside the FlashPlayer for a SWF; there's just a display list. There's no eval in ActionScript, and ActionScript features a strict mode that implements a static type checker (with a few big loopholes for explicit dynamic typing). You can't override default methods or mutate state as freely as you can in the browser content model. Making a SWF is more like making an ASIC -- it's "hardware", as Steve Yegge argues.

This is not necessarily a bad thing; it's certainly different from the Open Web.
...
Dare Obasanjo argues that developers crave single-vendor control because it yields interoperation and compatibility, even forced single-version support. Yet this is obviously not the case for anyone who has wasted time getting a moderately complex .ppt or .doc file working on both Mac and Windows. It's true for some Adobe and Microsoft products, but not all, so something else is going on. And HTML, CSS, DOM and JS interoperation is better over time, not worse. TCP/IP, NFS, and SMB interoperation is great by now. The assertion fails, and the question becomes: why are some single-vendor solutions more attractive to some developers? The answers are particular, not general and implied simply by the single-vendor condition.

I'm surprised to see Brendan Eich conflating "openness" with the features of a particular technology. I'll start with Brendan's assertion that open standards and open source enable user-driven innovation. Open source allows people to modify the software they've been distributed however they like. Open standards like HTTP, FTP and NNTP allow people to build applications that utilize these technologies without being beholden to any corporate or government entity. It's hard for me to see how open standards enable user-driven innovation in the same way that open source does. I guess the argument could be made that open source applications built on proprietary technologies aren't as "free" as open source applications that implement open standards. I can buy that. I guess.

The examples of Firefox add-ons and GreaseMonkey user scripts don't seem to be an example of open source and open standards enabling user-driven innovation. They seem to be examples of why building an application as a platform with a well-designed plugin model works. After all, we have plugins for Internet Explorer, Gadgets for Google Personalized Homepage and Add-ins for Visual Studio which are all examples of user-driven innovation as plugins for an application which are built on a proprietary platform often using proprietary technologies. My point is  

open_source + open_standards != user_driven_innovations;

Being open helps, but it doesn't necessary lead to user driven innovations or vice versa. The rest of Brendan's post is even weirder because he presents the features of Flash's ActionScript versus AJAX (i.e. [X]HTML/CSS/Javascript/DOM/XML/XmlHttpRequest) as the conflict between properietary versus open technologies. Separating content from presentation, dynamic programming languages and rich object models are not exclusively the purvey of "open" technologies and it is disingenious for Brendan to suggest that. 

After all, what happens when Adobe and Microsoft make their RIA platforms more "Web-like"? Will the debate devolve into the kind of semantic hairsplitting we've seen with the OpenXML vs. ODF debate where Microsoft detractors are now attacking Microsoft for opening up and standardizing its XML file formats when their original arguments against the file formats where that they weren't open?

Personally, I'd like to see technical discussions on the best way to move the Web forward instead of the red herring of "openness" being thrown into the discussion. For instance, what are the considerations Web developers should make when they come to the crossroads where Adobe is offering Flash/Flex, Microsoft is offering WPF/E and the Mozilla & co are offering their extensions to the AJAX model (i.e. HTML 5) as the one true way? I've already stated what I think in my post What Comes After AJAX? and so far Adobe looks like they have the most compelling offering for developers but it is still early in the game and neither Microsoft nor Mozilla have fully shown their hands.

Tim Bray has an excellent post entitled OpenID which attempts to separate hype from fact when it comes to the technorati's newest darling, OpenID. He writes

The buzz around OpenID is becoming impossible to ignore. If you don't know why, check out How To Use OpenID, a screencast by Simon Willison. As it's used now (unless I'm missing something) OpenID seems pretty useless, but with only a little work (unless I'm missing something) it could be very useful indeed.

Problem: TLS · The first problem is that OpenID doesn't require the use of TLS (what's behind URIs that begin with https:).
...
Problem: What's It Mean? · Another problem with OpenID is that, well, having one doesn't mean very much; just that you can verify that some server somewhere says it believes that the person operating the browser owns that ID.
...
Problem: Phishing · This is going to be a problem, but I don't think it's fair to hang it on OpenID, because it's going to be equally a problem with any browser-based authentication. Since browser-based authentication is What The People Want, we're just going to have to fight through this with a combination of browser engineering and (more important) educating the general public
...
The Real Problem · Of course, out there in the enterprise space where most of Sun's customers live, they think about identity problems at an entirely different level. Single-sign-on seems like a little and not terribly interesting piece of the problem. They lose sleep at night over "Attribute Exchange";once you have an identity, who is allowed to hold what pieces of information about you, and what are the right protocols by which they may be requested, authorized, and delivered? The technology is tough, but the policy issues are mind-boggling.
So at the moment I suspect that OpenID isn't that interesting to those people.

I've been thinking about OpenID from the context of authorization and sharing across multiple social networks. Until recently I worked on the authorization platform for a lot of MSN Windows Live properites (i.e. the platform that enables setting permissions on who can view your Windows Live Space, MSN Calendar, or Friends list from Windows Live Messenger). One of the problems I see us facing in the future is lack of interoperability across multiple social networks. This is a problem when your users have created their friend lists (i.e. virtual address books) on sites like Facebook, Flickr or MySpace. One of the things you notice about these services is that they all allow you to set permissions on who can view your profile or content.More importantly, if your profile/content is non-public then they all require that the people who can view your profile must have an account with their service. We do the same thing across Windows Live so it isn't a knock on them.

What I find interesting is this; what if on Flickr I could add http://mike.spaces.live.com as a contact then give Mike Torres permission to view my photos without him having to get a Yahoo! account? Sounds interesting doesn't it? Now let's go back to the issues with OpenID raised by Tim Bray.

The first thing to do is to make sure we all have the same general understanding of how OpenID works. It's basically the same model as Microsoft Passport Windows Live ID, Google Account Authentication for Web-Based Applications and Yahoo! Browser Based Authentication. A website redirects you to your identity provider, you authenticate yourself (i.e. login) on your identity providers site and then are redirected back to the referring site along with your authentication ticket. The ticket contains some information about you that can be used to uniquely identify you as well as some user data that may be of interest to the referring site (e.g. username). Now we have a high level understanding of how it all works, we can talk about Tim Bray's criticisms. 

TLS/SSL
On the surface it makes sense that identity providers should use SSL when you login to your account after being redirected there by a service that supports OpenID. However as papers like TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks, SSL/TLS does little to prevent the real security problems on the Web today, namely Web page spoofing (i.e. Phishing) and the large amount of malware on user PCs which could be running key loggers. This isn't to say that using SSL/TLS isn't important, just that it's like putting bars on your windows and leaving the front door open. Thus I can understand why it isn't currently required that identity providers support SSL/TLS. However a little security is better than no security at all. 

What Does It Mean?
I agree with Tim Bray that since OpenID is completely decentralized, websites that support it will likely end up creating whitelists of sites they want to talk to otherwise they risk their systems being polluted by malicious or inconsiderate OpenID providers. See Tim Bray's example of creating http://www.tbray.org/silly-id/ which when queried about any OpenID beginning with that URI instantly provides a positive response without authenticating the user. This allows multiple people to claim http://www.tbray.org/silly-id/BillGates for example. Although this may be valid if one was creating the OpenID version of BugMeNot, it is mostly a nuisance to service providers that want to accept OpenID.

Phishing
Using susceptibility to phishing as an argument not to use OpenID seems like shutting the barn door when the horse has already bolted. The problem is that security conscious folks don't want users getting used to the idea of providing their username and password for one service whenever prompted by another service. After all, the main lesson we've been trying to teach users about preventing phishing is to only enter their username and password to their primary sites when they type them in themselves not when they follow links. OpenID runs counter to this teaching. However the problem with that teaching is that users are already used to doing this several times a day. Here are three situations from this morning where I've been asked to enter  my username and password from one site on another

1. Connected Desktop Apps: Google Toolbar prompts me for my Gmail username and password when I try to view my bookmarks. The goal of the Google Account Authentication is to create a world where random apps asking me for my Gmail username and password by redirecting me to the Google login page is commonplace. The same goes for the the various Flickr uploader tools and Yahoo! Browser Based Authentication
2. Importing Contacts: On Facebook, there is an option to import contacts from Yahoo! Mail, Hotmail, AOL and Gmail which requires me to enter my username and password from these services into their site. Every time I login to Yahoo! Mail there is a notice that asks me to import my contacts from other email services which requires me to give them my credentials from these services as well.
3. Single Sign-On: Whenever I go to the Expedia sign-in page I'm given the option of signing in with my .NET Passport which happens to be the same username and password I use for all Windows Live and MSN services as well as company health site that has information about any medical conditions I may have.
   

Given the proliferation of this technique in various contexts on the Web today, it seems partisan to single out OpenID as having problems with phishing. If anything, THE WEB has a problem with phishing which needs to be solved by the browser vendors and the W3C who got us in this mess in the first place.

Attribute Exchange
This usually goes hand in hand with any sort of decentralized/federated identity play. So let's say I can now use my Windows Live ID to login to Flickr. What information should Flickr be able to find out about me from talking to Windows Live besides my username? Should I be able to control that or should it be something that Flickr and Windows Live agree on as part of their policies? How is the user educated that the information they entered in one context (i.e. in Windows Live) may be used in a totally different context on another site. As Tim Bray mentioned in his post, this is less of a technology issue and more a policy thing that will likely differ for enterprises versus "Web 2.0" sites. That said, I'm glad to see that Dick Hardt of Sxip Identity has submitted a proposal for OpenID Attribute Exchange 1.0 which should handle the technology aspect of the problem.

Disclaimer: This is not an endorsement of OpenID by Microsoft or an indication of the future direction of authentication and authorization in Windows Live. This is me brainstorming some ideas in my blog and seeing whether the smart folks in my reader base think these ideas make sense or not. 

One of the links referenced in my recent posting about Wikipedia led me to reread the Wikipedia entry for "Dare Obasanjo". It seems there is still an outstanding issue with my entry according to folks on the Talk page because there isn't a non-blog source (i.e. mainstream media) that verifies that my dad is Olusegun Obasanjo.

For some reason it irritates me that I have a Wikipedia entry with a giant banner that claims I'm lying about my parenthood.Given that I'll be back home in a few weeks to belatedly celebrate my dad's seventieth birthday, I wonder if any Wikipedia savvy folks can point out what kind of "evidence" usually satisfies the bureaucrats on that site. Will a photograph of us together do the trick (if so I already have a few at home I can scan and upload to Flickr)? Will it have to be a photograph printed in a newspaper? Or is the only way that banner comes off is if there is a Nigerian newspaper webpage on the Internet that says he's my dad.

I need to see what strings I have to pull to get my name cleared.

Yesterday I went shopping and every store had reminders that daylight saving time begins today. Every year before "springing forward" or "falling back" I always double check the current time at time.gov and the US Naval Observatory Master Clock Time . However neither clock has sprung forward. Now I'm not sure if who I can trust to tell me the right time. :(

Update: Looks like I spoke too soon. It seems most of the clocks in the house actually figured out that today was the day to "spring forward" and I had the wrong time. :)

Every once in a while someone asks me about software companies to work for in the Seattle area that aren't Microsoft, Amazon or Google. This is the third in a series of weekly posts about startups in the Seattle area that I often mention to people when they ask me this question.

AgileDelta builds XML platforms for mobile devices that are optimized for low power, low bandwidth devices. They have two main products; Efficient XML and Mobile Information Client. I'm more familiar with the Efficient XML since it has been selected as the basis for the W3C's binary XML format and has been a lynch pin for a lot of the debate around binary XML.  The Efficient XML product is basically a codec which allows you to create and consume XML in their [soon to be formerly] proprietary binary format that makes it more efficient for use in mobile device scenarios. A quick look at their current customer lists indicates that their customer base is mostly military and/or defence contractors. I hadn't realized how popular XML was in military circles.  

AgileDelta was founded by John Schneider and Rich Rollman who are formerly of Crossgain, a company founded by Adam Bosworth which was acquired by BEA. Before that Rich Rollman was at Microsoft and he was one of the key folks behind MSXML and SQLXML. Another familiar XML geek who works there is Derek Denny-Brown who spent over half a decade working as a key developer on the XML parsers at Microsoft.

Press: AgileDelta in PR Newswire

Location: Bellevue, WA

Jobs: careers@agiledelta.com, current open positions are for a Software Engineer, Sales Professional, Technical Writer and Quality Assurance Engineer.

Today I was taking a look at my referer logs and stumbled upon a post entitled TechCrunch Resolution on Wikipedia by Jonathan Stokes which contains the following anecdote

A Brief History

The edit war was prompted by the now famous scandal in which Microsoft paid a Wikipedian to favorably edit Microsoft articles on Wikipedia. Michael Arrington of TechCrunch covered the Microsoft story in a post that was largely sympathetic.

Perceiving unfairness in the issue, Microsoft employee Dare Obasanjo, aka Carnage4Life, retaliated against TechCrunch by adding an extensive criticism section to Wikipedia’s TechCrunch article. He then wrote about his “experiment” on his blog, 25HoursaDay.com.

Ensuing Uproar

Michael Arrington was not happy to be slandered by a Microsoft employee, in response to Microsoft coverage. Obasanjo expressed surprise at Arrington’s response, but did not apologize. I blogged this chapter of the Microsoft controversy.

Judging from his blog comments, Dare does not seem to have a high respect for Wikipedia. He has previously violated Wikipedia rules by anonymously writing his own Dare Obasanjo article on Wikipedia. Humorously, it appears to include inside jokes with other Microsoft employees, such as:

Dare has lunch once a month with Don Box to rinse the SOAP off of Don while Don simultaneously attempts to lather up Dare.

Edit War

With traffic pouring into Wikipeda through TechCrunch and Digg, an all-out edit war ensued between long-time Wikipedians and anonymous vandals. The vandals began attacking the userpages of Wikipedians trying to protect the TechCrunch article. It finally escalated to a point where this anti-TechCrunch user was banned for repeatedly blocking out user pages with disturbing death threats.

Resolution

Wikidemo came to the rescue by establishing a Wikipedia Mediation. She invited all editors involved to the discussion, even going so far as to invite me on this blog, and Dare Obasanjo on his blog.

Anthony cfc handled the mediation. Notably, none of the controversial IP’s showed up to state their case. With help from Anthony cfcComputerjoe, we have now restored the Wikipedia TechCrunch article, and hopefully made a few minor improvements as well. and

In the process, I earned my first Wikipedia Barnstar for Civility from Anthony cfc. Kind of neat to see Wikipedia in action.

Some days the Daily Show just writes itself. I'm crapping myself in amusement at how seriously these people take this nonsense. I am especially amused by all the bits in red font since they are either borderline libel or just straight up hilarious. And I thought Mike Arrington emailing folks at Microsoft trying to get me in trouble after I apologized on his blog was the most absurd turn this story would take.

It's like Nick Carr wrote in his post Essjay's world, Wikipedia seems to be full of the kind of people who used to play Dungeons & Dragons back in the day and now have difficulty separating the real world from the fantasy world they've created in their heads.

My website is going to be down for a few days as I make some changes. While I'm gone you can check out some of these blogs instead

• Jeff Atwood - Programmer Geek
• Omar Shahine - Microsoft Geek
• Danah Boyd - Social Software Geek
• Scott Adams - Funny Geek
• Chris Kelly - Liberal Geek

I'll see y'all this weekend.

It seems just like yesterday when the tech blogosphere was abuzz with news that analyst Michael Gartenberg was leaving Jupiter Research for Microsoft. So you can imagine my surprise to fire up his blog today to find the post And Back to Analyst… where he writes

This is a difficult post to write. But after  much of thought, I have decided not to remain with Microsoft and I am returning to JupiterResearch as of Monday 3/12.

At my core, I am an analyst. It’s what I do and I do it well and after much thought, I realize I’m just not ready to stop doing that job just yet. I believe Jupiter itself is poised for some amazing things in the future and I’ve invested too much in the company to feel good about walking away at this point. Therefore I have decided to return and I am pleased that I have been welcomed back. My thanks to everyone I have worked with at Microsoft.

Wow, that was quick.

Marvel comics has been ticking me off for a few months now with their mediocre Avengers Disassembled, House of M and Civil War trilogy but it looks like they finally found a way to push me over the edge. According to MSNBC in Death to ‘America’: Comic-book hero killed off

Captain America has undertaken his last mission — at least for now. The venerable superhero is killed in the issue of his namesake comic that hit stands Wednesday, the Daily News reported.

On the new edition's pages, a sniper shoots down the shield-wielding hero as he leaves a courthouse, according to the newspaper.
...
In the comic-book universe, death is not always final. But even if Captain America turns out to have met his end in print, he may not disappear entirely: Marvel has said it is developing a Captain America movie.

This reminds me of a headline from the 1990s, Superman killed by falling comic book sales, when DC Comics tried a similar stunt back in the day. The overuse of cross over stories and super hero shockers (like radical changes to a character's history or killing them off) seem to be symptoms of the death of comic books as an entertainment genre. I buy comics from a local comic book store on a monthly basis and I don't think I've ever seen anyone under the age of 25 in the five and a half years that I've been using that store. Well, there was the one time that one of the guys who worked there brought his grandson into work. 

Even though super hero movies featuring A-list and B-list superheroes from Spider-Man to Ghost Rider are making hundreds of millions of dollars at the box office, they are pretty much milking a fan base that grew up with these heroes instead of introducing these characters to a new audience. This is similar to the way that George Lucas milked a fan base that grew up on Star Wars with his series of horrific prequels although in his case I suspect that there probably is a market for Star Wars pre-prequels in another 20 years.

Without a continuous influx of fans who are interested in the source material (i.e. comic books), there won't be a next generation of fans to buy all the overpriced merchandising and special effects laden movies. However I doubt that stunts like this are a good way to get people reading the comic books again, even though it did work when they killed Superman...I was one of the suckers who bought all the books. :)

Although Cap is dead, his memory will live on...on YouTube.