Orcmid's Lair  

Welcome to Orcmid's Lair, the playground for family connections, pastimes, and scholarly vocation -- the collected professional and recreational work of Dennis E. Hamilton

Click for Blog Feed
Blog Feed

Recent Items
Republishing before Silence
… And It Came to Pass
Amaze Your Friends: Datamine Unlimited Statistical...
Don’t You Just Hate It When …
Blog Template Unification: Template Trickiness
OOXML Implementation: Can Expectations Ever Trump ...
February Frights Redux: Unification for Creative D...
Worst Nightmare: OpenDocument Format Embraced-Exte...
Abstraction: Einstein on Mathematics+Theory+Realit...
Document-Security Theater: When the Key is More Va...

This page is powered by Blogger. Isn't yours?

Locations of visitors to this site
visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
Millennia Antica: The Kiln Sitter's Diary
nfoWorks: Pursuing Harmony
Numbering Peano
Orcmid's Lair
Orcmid's Live Hideout
Prof. von Clueless in the Blunder Dome
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
DMA: The Document Management Alliance
DMware: Document Management Interoperability Exchange
Millennia Antica Pottery
The Miser Project
nfoCentrale: the Anchor Site
nfoWare: Information Processing Technology
nfoWorks: Tools for Document Interoperability
NuovoDoc: Design for Document System Interoperability
ODMA Interoperability Exchange
Orcmid's Lair
TROST: Open-System Trustworthiness



On Facebook: Just a Little Bit Pregnant

Grudging and Limited Acceptance of Facebook

I still don't like Facebook. 

  • I don't like how it works.  For example, I just typed an 1883-character message that it didn’t tell me was over the 420-character limit until I had typed all of it and then attempted to “share” it.   Clearly, Windows LiveWriter, where I am now, is affordance for me, just as MediaWiki is my preferred vehicle for wiki-organized material.
  • I don't like the way the Facebook organization stumbles blissfully into iffy business practices and remains indifferent to the uproar each new excess provokes.
  • I don't like how I can't organize my attention very well.  I don’t want to keep my eye on Facebook.  I find the river incoherent and discordant.  (I am learning that Disqus comment streaming is more distracting but I solve that by shutting off e-mail tracking.  It is unfortunate that they make it an all-or-nothing choice.  OK, nothing it is.)

I first reactivated my account because I wanted to lock up “orcmid” as my name there.  Lately I have begun maintenance on the account because I have acquaintances who are devoted to Facebook as their social-connection point.  If I want to see their pictures, find a way to contact them, etc., I need to maintain a Facebook logon.  That is part of the viral nature of Facebook, of course.   I'm trying to stay just a little bit pregnant here and it is very awkward.

Having Presence Without Attention

Today I noticed that if I want to be social-network-visible the Facebook devotees among my acquaintances, I must maintain a Facebook presence by which folks can at least find where my attention really is.  I want to offer them Facebook presence and connection to where my attention and efforts are placed, without demanding that I also put much attention on Facebook itself.   Ideally, Facebook friends can see into my public world without leaving Facebook.

I started by figuring out how to disengage from Facebook applications and then look for ones that make my preferred locations available on Facebook too.  (That’s how I found out that I must de-authorize applications that I no longer care about, not just remove them from my Facebook page.  Another “there they go again” moment.)

My Twitter stream now appears on my Facebook stream.  My Pandora profile has been there all along.  Reviewing Pandora showed me how seldom I listen to Pandora these days: I didn’t realize the desktop Pandora fixture was an Adobe AIR application until it asked to update when I checked it just now.  It works better than my large random play list in Windows Media Player and I’m back.  Windows Media Player is still my favorite for album play and all of my AmazonMP3 downloads.

My Flickr Photostream, Photosets, and new Flickr Posts now show up on my Facebook profile page.  I used the My Flickr application because it works well enough with only read-access authorization to my Flickr account.  I had wanted to use Flickr Photosets but that one required authorization to updated Flickr; I am not prepared to risk so much.

I wanted to have my blogs appear on Facebook too.  I thought they had in the past, but I can’t find how I might have done it.  The most appealing application, NetworkedBlogs, has a complex authorization process requiring me to add a script to my blog-page template (just as Technorati does).  I wouldn’t mind updating the templates, but that immediately moved having blog presence to a back burner.

I suppose that I might want to find a connection between Facebook and LinkedIn as well, just to complete the picture.

FriendFeed is so far lost in my history that it’s of no interest whether I can have it visible on Facebook.  And now that not only I but Microsoft itself have abandoned Soapbox, I have some blog pages that deserve to be updated.  Orcmid’s Flying Kyte is still operating and available on my Facebook profile and I should make better use of it. 

I have nothing on Windows Live to connect to Facebook.  My Windows Live usage is entirely on the desktop applications.  I have abandoned Windows Live as a social presence and I should decommission Orcmid’s Live Hideout at some point.   The sharing of contacts is not something I want to do, probably because Microsoft Outlook remains my hub for connectivity with contacts and it is not a list I would share into the cloud.

That’s the status of my effort so far.

Oh yes, then there’s FishBowl client as an alternative interface (thanks to Wendy White).   Not sure I need an easier way to root around in Facebook, but I will check if it make my presence maintenance better.  Or is this indeed the road to perdition?  Stay tuned.

Dealing with Expectations of Facebook Friends

I have 11 friend requests and I don't want to connect them and establish an expectation that this is a place where my attention can be obtained.

I haven't found a good way to explain that, and I must remember to put whatever explanation I do use in a computer note that I can copy and paste instead of recreate each time.  For the form letter part.  Then I can add just whatever personal part I want.

In case you are wondering: If someone wants my attention or would like to be more connected, I recommend Twitter direct messages to orcmid.  Directs arrive in Twitter (if I'm online), in my e-mail (whether I am or not), and on my cellular phone (likewise).  E-mail is my preferred medium because of the asynchrony and absence of message-size limit.  Also, I am not paced by my inbox.  I check for new mail only when I am ready for it.

For folks who want to chat, Skype works best for me (and I am orcmid there too).  I can also do audio and video (see, I really am in my robe and pajamas) over Skype.  If you are the linked-in sort, you can find me there too.  I don’t multi-task all that well, and paying attention to open chat windows is not a strength for me.  I find asynchronous connectivity and the written word preferable, with Twitter being expedient, not immediate, for me.




Just a Little Bit Facebooked

Exulting in having "orcmid" in one more place

When I said “I will Facebook no more Forever” in December 2007, I meant it.  I really meant it.

On the other hand, I knew that Facebook actually maintained my account and all I needed to do was log back into it to have it operating again.  There is evidently a full nuclear destruction available, but I didn’t go that option.  I also didn’t discard my Facebook account password. 

I recall being given a similar reassurance by an AOL telephone representative as I was cancelling my long-standing CompuServe account, the first place “orcmid” was ever seen in public.  (The AOL-ized webified CompuServe was not the CompuServe that I devoted so much time to at the end of the 70s.  It seems I am constantly ending up in the demographic that is no longer the one of a long-time vendor’s keen interest.)

At 10:00 this morning, I was noticing all of the folks on Twitter going on about having gotten their user-friendly Facebook name, or about someone else getting it first. 

Oh oh, “What about Orcmid?” I say to myself at least ten hours after the name-claiming frenzy began.  Well of course “orcmid” was available.  I now have it

I am not back on Facebook.  Yes, my account is active again, but I am not back.

All this means is that when others talk about their Facebook page, or photos on Facebook, or anything-else Facebook, I can go look, because I have an account.

I am not attending to my Facebook page, I am not posting on folk’s walls, I am not friending anyone and I am ignoring mail that comes in saying so-and-so has friended me. 

This is entirely an account of convenience.  I am only a little bit Facebooked.  Honest.  I caught it from a toilet seat.

Labels: ,



Social-Grid Identity: Please Enter Your Twitter Credentials Here

[update 2009-03-06T20:43Z Hmm.  I just checked onto Twitter over lunch and the first update was from Ed Yourdon about Twitter being hacked in some way that allows accounts to be used or users impersonated in some way.  The instance on Yourdon’s update page suggest that these came in under the guise of posts using the web, so the exploit appears to be against the Twitter home page or the web site.  Ideally, Twitter has finer-grained detail about the path over which these tweets arrive and what the likely exploit is.  I had no knowledge or suspicions about this when I researched and created this post yesterday.]

It’s still happening.  First it was Facebook credentials.  Now it is the new hot: Twitter.

There’s an onslaught of web-based applications that integrate with Twitter and provide additional functions and services for you.  Sounds exciting, yes? 

But all of them want my Twitter credentials.  Like TwitPic, when I wanted to make a comment on this photographic complaint about someone taking a single bite out of the P-I newsroom’s fat-pill supply.  That stopped me short.  They wanted my Twitter credentials simply to comment on the photograph.  I passed.

WAIT!!  Have I already fallen for this?

This has me wonder who else I may have already given my Twitter credentials too. 

  • FriendFeed?  No, they just wanted to know my Twitter name in order to include my tweets in FriendFeed.
  • FriendFeed posting to Twitter?  Not sure.  I can’t tell what it took for those tweets to be forwarded.   I’ve turned it off, turned it on, and turned it off again.  No credential request, but I’m leaving it off anyhow.  I don’t remember providing my Twitter credentials though.  That sort of request usually triggers instant uh-oh on my part.  I know the Linked-in connection ceremony does not involve disclosure to FriendFeed, and expect that no other arrangements like this do either.
  • Twhirl.  Well, this is a desktop (Adobe AIR) application.  It does know my Twitter and my FriendFeed passwords.  It also will forget my passwords if I tell it to.   Apart from the prospect of the application simply stealing that information via my authorization to access the Internet through my firewall, there is no more exposure here than my entering the a password on the Twitter and Friendfeed pages.  Not perfect, but at least retained only on my machine and not someone else’s.

So there are mixed results. 

It doesn’t have to be that way.  When I configured Windows Live Photo Gallery to update to my Flickr account, I never divulged my Flickr (that is, Yahoo!) credentials to the program.  Instead, it worked more like a PayPal transaction, with Flickr arranging a unique credential for Photo Gallery to use that applies only to it, apparently.  I don’t know the details of that arrangement; I will find out more.  This sort of arrangement needs to be more widely understood.  (I’m pretty sure that I can use an Information Card to accomplish arrangements like this too.)

And Now, Some Security Theater

I have resisted two invitations to supply my Twitter credentials, not counting the one at TwitPic today.  On reflection, they are each instructive.

Mr. Tweet Sends Me a Message

Mr. Tweet sent me a direct message.  Well, that means I am following Mr. Tweet, doesn’t it?  Apparently not.  If I go to this page, it tells me I need to follow Mrtweet to start receiving the benefits.  And when I check MrTweet on Twitter, I am not shown as already following it.  Since my only contact with Mr. Tweet was 76 days ago, I have no recollection of anything I might have done that invited that original direct message to me, but I could have. 

On the other hand, this appears to be an interesting arms-length arrangement.  Mr. Tweet apparently provides support that does not require my credentials to access.  Furthermore, its communication with me is via Twitter direct messages.  My opting-in by direct-messaging Mr. Tweet does not require me disclosing my Twitter credentials. 

I would say I am safely intermediated by this clever use of existing Twitter provisions. 

Because I’m not interested in this service, especially not enough to receive direct messages, I am not following Mr. Tweet.  This personal choice has to do with my direct messages coming to my e-mail inbox and also my mobile phone.  I want to limit that traffic. 

Hmm, looking deeper while researching this post, I see that the Mr. Tweet page does have a (Twitter?) login panel at the very top.  Maybe this isn’t cool after all?   Worse yet, if I choose to follow any of those Mr. Tweet lists as interesting followers using buttons on the Mr. Tweet page, it requests my Twitter credentials.  Even though I can click through the links provided to the Twitter pages of those followers and follow them there.

FAIL!!  I did notice someone that I thought I should be following, but I went to the Twitter site to do it.

Mr. Tweet should stop being so helpful and take those follow links of their recommendation page, letting us use Twitter to do it.  Links to individual Twitter pages are all we need.

Now I wonder what the direct-message enablement is all about.  It should be a way to establish that I am the user of the account I would use Mr. Tweet for, but they don’t really need to establish that, it appears.

Mr. TweetSum has Data just for Me.  Not Really.

Tweetsum was being recommended in a Twitter update from Andrew Woods.  I still don’t know what a DBI is, but I saw immediately that I must use my Twitter credentials to get started.  That stopped me cold, as usual. 

On questioning Andrew about this, I was not inspired by his remark that he knew the developers and one was a security expert so he had no problems with providing his credentials.   What failed to inspire my confidence is that there does not seem to be any need for my twitter credentials for them to accomplish what they offer. 

I now see on the TweetSum blog that they know they don’t need the credentials too.  They promise not to keep them and “don't worry, we don't keep this info -- twitter merely tells us you are who you say and we believe twitter.”  

So, wait a minute.  They don’t need my Twitter credentials to do what they do, just as I thought. 

Yet they want to be sure it is me?  Why? 

Someone who asks for Tweetsum analysis for orcmid still can’t impersonate me to Twitter or any of my followers or anyone else.  They can’t do anything with information from TweetSum that they couldn’t do anyhow (like, stalk all my followers or something), with or without automated assistance.  So what’s the point? 

TweetSum having my credentials even for that one check is just security-theater ceremony.  There are a lot of those being passed around these days, but that is no reason to tolerate them. 

There is value in learning to spot security theater illusions, though.   When we encounter these charades it is also legitimate to wonder what else is not being understood about security on the behalf of a service’s users. 

Labels: , ,



Windows Live Profile Arrives

Dare Obasanjo has blogged his excitement about work he’s doing showing up in what’s called Windows Live Wave 3.  Dare has long discussed social graphs, the problems with walled gardens and difficulties of federating in ways that are safe.  That was enough to have me be curious, though not all that impatient.

Tonight, I see Dare’s excitement and I hop over to his Windows Live Profile page in the link to see what it is all about.   I’m thinking, wow it is like Facebook but out in the open.  Well, out in the open for me because I have a Windows Live ID.   So, do I have a Windows Live Profile too?   Yes I do.  And I immediately start customizing it.

The biggest difference, so far, is how open this feels.  It just feels open, even though it is reminiscent of my early Facebook experience, it is somehow more open than that.  Simpler too, I think:

 Orcmid's Windows Live Profile (click for larger image)

I could only add one custom blog (called, of all things, Custom Blog, on my Activities sidebar).  There are a limited number of Web activities that can be integrated.  Of those that I added, each offered a different integration experience.  For Pandora, the link is to my public profile page, so all they needed to know was the e-mail address that I use for my Pandora account.  For twitter, they just needed to know my twitter name (guess who) and they are able to grab my public feed, perhaps.  I haven’t seen any tweets show up yet, but the link is good.  For the Custom blog, they just needed the URL, and they found the feed automatically.  Flickr was as different as I expected it to be, after having configured Windows Live Photo Gallery to upload to Flickr directly.  There is an authorization process that goes on with Flickr that reminds me of a streamlined PayPal authorization.  I was already logged into Flickr, so it wasn’t necessary to do it again.  But I did have to give Flickr my permission to allow Windows Live Profile to access my images.  I like how easily that worked and how it does not involve disclosing my Flickr login information to Windows Live.

I think these are all good signs of useful activities to come along.

I also noticed that once again I have a number and not a name, my profile being identified with cid-33894f6489994ba7.  I have learned to be not surprised by that.

For some, needing a Windows Live ID will feel like yet-another silo.  For, I don’t think it is that, anymore than having a hotmail account puts one inside a silo.  For one thing, my Windows Live Profile is completely open on the Internet and anyone can come play with me or simply be nosy.   It is no small thing that suddenly everyone with a Windows Live ID (the ID formerly known as Passport) has one of these pages ready for their customization.

And I think this can evolve further.  I join in Dare’s excitement.  Nice job.

Labels: ,

Construction Structure (Hard Hat Area) You are navigating Orcmid's Lair.

template created 2002-10-28-07:25 -0800 (pst) by orcmid
$$Author: Orcmid $
$$Date: 10-04-30 19:00 $
$$Revision: 69 $