Piracy is always a big issue in the software industry.  It’s a global epidemic and everyone is guilty of it.  You are too, and you know it.  That doesn’t make you evil, it just means you are as morally flexible as everyone.  So taken this as a given, as a SME developing custom software, how do you protect your investment and ensure the success of your product?

First, we need to address some universal truths.

1. All software of any value will be pirated.
2. All copy protection mechanisms will be worked around by someone of sufficient intelligence.
3. If you have produced a good product for sale on the open market, it will be pirated.

Stealing software is VERY easy.  Once we, as professionals, are comfortable with the fact that our products WILL be stolen, we can start attempting to maximise the sales.  In order to sell just about anything, you need to know who your target audience is.  Who exactly are you selling to?  There are four types of user…

1. The Legitimate Customer

   If you have the pleasure of having a legitimate customer, make sure nothing stands between them and using your software.  Help them out at every turn and never obstruct their usage.  They pay your bills, remember that.  These people will pay for your software and upgrade and maintenance.  They may well all be corporate entities who under threat of inspection need to remain 100% above board (tip: Develop software for the legal industry, they’re pretty much not allowed to steal).  Home users may fall into this category simply because they don’t know they can steal software easily.

2. The Moral Pirate

   You probably fit into this category.  You pay for software, you like to think you’re a good software citizen.  You may occasionally go to the pirate bay to grab a cracked version of an application because the demo or cripple-ware version really gets in the way of you trying the software.  You probably wouldn’t think twice about installing one copy of Windows on two separate machines however.  People can end up accidentally becoming moral pirates simply due to a lack of understanding of (often confusing) software licenses.

3. The Immoral Pirate

   Immoral pirates use file sharing networks, Usenet, peer to peer or private FTP as their default method of software delivery.  They don’t want to pay for software.  They may believe they’re stealing, they may believe they’re in the moral clear as your product endorses evil / closed source mentalities / kills kittens.  You’ll only ever get a sale from the camp if your software is so incredibly hard to steal or find that it’s much more convenient to pay for it.  And even if that’s the case, they’re more likely to investigate an alternative first.

4. The Career Pirate

   You will never sell a copy to this person, except if they’re actively trying to produce a crack themselves.  Career pirates will produce cracks, publish 0-Day copies of your application, and they’ll do it for the challenge.  Intricate copy protection mechanisms act as encouragement to career pirates.  The harder the better.  It’s an arms race that they will *always* win.

Coming to Terms With Piracy

The first thing you have to realise is that software piracy isn’t actually a bad thing.  Software piracy often introduces people who will later become legitimate users of your software to your product.  If you find that a vast majority of your users are stealing your software, the first thing you need to do is find out why they’re stealing instead of paying…

• Is your software too expensive?
• Are you pricing for business but aiming at the individual user?
• Is the cracked version of your application actually better than the paid for edition?
• Is your “home” offering too basic and people prefer to steal an overpriced “Professional” edition?
• Worst of all, is your software crippled by draconian DRM?

If the answer to any of the above questions is yes, then you’re not dealing with a technical problem, you’re dealing with a social engineering and marketing issue.  It’s YOUR FAULT that your software is being stolen because you’re not selling it properly.  You have to be prepared to take responsibility for a misjudged business decision.  It’s not about blaming anyone, it’s about fixing the problem.

Targeting Your Audience

Out of the four groups of users listed above, ignore the fact that the third and fourth group exist.  You will never sell software to those people, they will steal it.  Get over it and move on.  You’re not going to stop them, don’t waste valuable time and money trying to.  Yes?  Good.

You need to protect your software in a way that it actively encourages the first and second groups of users to pay you for your hard work.  The legitimate customer is easy.  They’re going to pay.  Don’t make it hard for them.

The second group is slightly harder.  They’re probably going to pay you, but if they can steal your software really easily, they probably won’t bother.

What you need is some kind of authentication system that is reasonably simple, doesn’t hinder the users and offers some kind of advantage to the paying customer.  Now the funny thing is, this is a solved problem.  For the past decade companies have been experimenting in trying to squeeze the odd payment out of the immoral and career pirates who were not going to pay a penny to start with.  The answer is the serial number.

Serial numbers work.

If you take anything from reading this essay, please take this.

What Not To Do

The following authentication mechanisms are horrible ideas…

• Online authentication

  Do not presume your clients have always on internet access.  If they don’t and you implement this, they WILL pirate your software or go to a competitor.

• Products that Phone Home

  If you’ve been naive enough to saddle your software with online authentication and start thinking that products that phone home are a good idea, start thinking about what happens when that product no longer has internet access…

• Commercial Root-kits 

  There is nothing more immoral than saddling your users machine with software they don’t know about and can’t remove, especially when it is recording their usage and using up CPU cycles.

But!  What if these authentication mechanisms can actually net me a few more sales!  Forget it.  They won’t.

The pirates will still steal, and most importantly…?

You’ll have just spent a small fortune in R&D, infrastructure and development creating a bypass-able authentication system that you then have to keep operational forever.  Unless you manage to con your users into what is essentially a software rental model, those servers of yours have to be available until the end of time, with databases of all your registered users, the level of access they’re allowed to your application and all manner of other data.

Running these oppressive registration mechanisms is expensive, and can potentially introduce defects into your pristine code.  What’s more, they can get in the way of legitimate users and paying customers, driving them to become moral pirates.  As was stated at the start of this piece, you must never put obstacles between legitimate users and paying for your software.  That is commercial suicide.

This is not to say that you should give your product away.

Protecting Your Software

Now that we’ve looked at what not to do, how on earth can we protect our software?  I really do believe in the serial number.  But a few sane coding practices can help you protect your software fairly easily.

At the simplest level, a serial key can be achieved using common Public-Private key encryption techniques.  Take some key data regarding your application (commonly something like registered user / organisation name, number of licenses granted, perhaps an email address) and encrypt it with a private key.  Your application has the public key embedded within it.  If that information decodes correctly, then the application is registered.  Simple.

But not fool proof.  I’d rather not mislead you by implying that that solution would just work perfectly.  If a cracker could isolate the portion of your code where you load the public key into memory, he could produce a cracked executable with a different public key encoded inside, and thus sign his own keys that would unlock the modified application.

The good news is that depending on your target audience, it’s almost certainly more work than your average user would bother with to steal your program (just don’t load a file from “approot\publicKey.key” and think you’re being diligent!)

The benefits of a simple solution?  Easy.

1. It’s really really easy for users to register your software.  They pay you, they get a serial key.
2. You need not store lots of user information for registered users, the key can be regenerated given the same inputs.  Therefore, low overhead on authentication servers as the user technically only need perform this operation once.
3. Relatively secure, uses known cryptographic techniques.  Certainly beats some traditional “just multiply the username as bytes by some random number”.
4. Low impact on the application as a whole.
5. Authentication data can be changed between minor versions, breaking any key generators in the wild and making the software more inconvenient to crack a second time.

There are a few other tricks you can use.

1. If your software is lucky enough to print out user data in some output, then you’re home free, people won’t share a serial number if their name is stamped on all the documents that the counterfeit copies produce.
2. Don’t externalise your serial number checks in to an easily replaceable DLL / assembly.  It’s just too easy to isolate and replace.
3. Don’t call the authentication method just once returning a boolean representing “is registered” or not, this is also easy to isolate and replace.
4. If you use an interpreted language, user code obfuscating tools to stop simple decompilation.

Conclusion

Hopefully the above outlines have made the issue of small software piracy a little easier to understand along with explaining why obstructive software registration techniques won’t win you sales and instead often cost you both sales and development money.

Don’t fear software piracy, just attempt to give your legitimate users an experience that’ll make them want to act as your agents to their friends and associates.

You can’t pay for any marketing as effective as genuine goodwill.

What happened to “don’t be evil”? 

Why do you insist that people “posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services”?

What made you think that the world needed another browser?

When you decided you wanted a browser, was the design brief “Opera, but use WebKit, and a new JavaScript implementation”?  That’s really all you produced.

JavaScript needs fixing, you’re right about that.  But if for a second you think the “correct” way to fix JavaScript is to ignore significant inroads made by other corporations and organisations in a massive “not invented here” haemorrhage then you’re very, very mistaken.

But most of all, what made you think that people won’t see this as the transparent attempt to force the hand of web standards that it is?  Seriously, let me get this straight;  When Microsoft do ActiveX and invent things like the XML RPC object, that’s evil and against standards and trying to lock everyone to Windows.  But when you create a browser and re-implement JavaScript in an attempt to force the other browsers to follow your lead in an further attempt to give Google Apps a stranglehold on the majority of “online applications” that’s just fine?

JavaScript really really needs fixing, and yes, a lot of people use GMail, but to try and suppose that the entire web is so dominated by Google Apps that a browser need be created to drive market share towards them is pure egotism, especially for a company with at most (and I’m being generous) four successful projects under it’s belt (Search, the killer app.  AdWords, the money.  Google Maps for a slick implementation and debatable GMail due to market share).  It’s lunacy to think that you’re fixing anything, rather just adding an extra layer of development and complexity on to the already arduous battle for web compatibility.

Your browser isn’t bad, it’s quite clean, it’s likely another eternal beta, but in the end, it’s just a stripped back version of Opera.  I’m sure you’ll do a good job of it, but in the end, will yet another minority browser really be worth it?  You need another hit, I really appreciate that, but try remember not to be evil on the way.

I just wish you’d put all this effort into existing technology.  One of Mozilla’s millions of prototypes (you are the sugardaddy after all) or even Opera (seeing as you like it so much) would be ideal, lets not repeat history again and again.

There’s nothing more rewarding than programming on huge displays.  Say all you like about notebooks and pocket sized this and that, but if you really want to bed in and do some hardcore development, or graphics editing, or just a bit of browsing, whilst gaming, whilst listening to music, whilst watching videos, there’s nothing like masses of screen real estate.

For the past year and a half or so I’ve been enjoying two 19″ monitors (single monitor configurations feel very claustrophobic to me these days) and the experience has been “ok”.  However, finally the price points on reasonable 24″ monitors are right and I’ve invested in a little bit of an upgrade…

That’s 19″ (1280×1024) - 24″ (1920×1200) - 19″ (1280×1024).  I’ve not added the numbers together to get an accurate calculation of desktop real estate, nor have I attempted to work out how much more productive the lack of task switching and windowing has made me.  But I’ll tell you what… it’s incredibly cool.  And yes, it does take up the entire length of a dining room sized table.  And no I don’t have a problem with that.

The graphics card powering the configuration is pretty simple.  People rave about the Quadro FX cards but I went with a wholly more LO-FI setup of my current-ish generation 3d card 7900GT in PCI-E x16 mode powering the 24″ in “Single display” 3d rendering mode (for gaming), along with an old (as in, in a box somewhere) 7300GT in PCI-E 2x mode (same family, easy compatibility, same driver…) powering the two 19″ displays.  Works a treat.  Finally I found a use for the fact I needlessly bought an SLI motherboard.

I can’t begin to explain how much benefit you get from dual displays (and other people have explained it far better than I could), but the third is pure luxury.  The ability to have documentation, masses of source code and a running app a glance away is priceless.

The new display is a Benq 2400.  It’s a TN panel, so graphics “enthusiasts” will probably deride its colour reproduction (TN panels can’t quite produce the same depth of colour as other panel types), however it’s well reviewed, has decent contrast ratio and response times and no dead pixels.  Looks and feels fantastic to my heathen eyes and I’d definitely recommend it (£257 inc vat.).

I’ve got two or three things lined up and half written on technical subjects to finish up before they appear here (mostly surrounding good API design and how to achieve it, and myths about Exceptions in the .NET framework) but I’ve been exceptionally busy lately.

I’ve been enjoying the semi-private beta of Stackoverflow, Jeff Atwood and Joel Spolsky’s project to provide a “developer self help” community akin to Experts Exchange (just “without the suck”).  It’s pretty solid and appears to be playing out like a kind of Xbox live for programmers, at least in the beta, while people try to quickly answer things to get reputation and badges (think achievements).  I don’t know if the enthusiasm will hold out post release, but people do like shiny virtual awards, and people always have questions.

Attended the Bloodstock Open Air music festival at Catton Hall in Derby over this weekend.  Horrible horrible drive (whoever figured that not lighting roads where you’re expected to drive at 70mph was a good idea probably should be taken out the back and shot) but we stayed in a Hotel in the nearby Burton Upon Trent rather than camped.  The music was very much above par (if you like metal / extreme metal) across the three days.  In all honesty, I went to see Opeth headline the Friday and Soilwork play third slot on the Saturday but there was generally a lot of good material to fill the time.

Over the three days we managed to watch (earliest to latest):

A few of those are partial (as much Dimmu Borgir as I could handle until I got bored, only about half of Destruction, Mob Rules and Overkill).  We caught the first track Napalm Death played before I remembered that they’re a little special (and not in the good way), and I made a point of leaving before Nightwish on Sunday night (it was raining, and Nightwish make me feel ill!).

Highlights were Opeth headlining (shortened set, Fredrik Åkesson seems to fit in better on lead guitar than he did on the pre-Watershed tour), Soulfly playing a lot of Sepultura, Tyr and Alestorm for utter hilarity (battle metal and pirate metal respectively), Soilwork being as tight as ever, Swallow the Sun being very atmospheric and At The Gates being metal as hell.

Overall at the end of the weekend I was feeling somewhat burnt out watching live music.  Which means going to Leeds next weekend will be a bit of effort…  I suspect we’ll just go to watch the big headliners (Metallica, Slipknot, rage against the machine and Queens of the Stoneage) perhaps skipping the Sunday entirely as it’ll be a case of driving to and from Manchester each evening.

I also went to check out the Star Wars: The Clone Wars animated feature length this evening.  As a huge extended universe Star Wars fan I pretty much feel indifferent about it.

It looked nice, was fluid, the voice acting was decent enough, the battle sequences were pretty cool, the light saber fights were decent looking if soullessly put together. 

Unfortunately they wrote an average main story (instead of one of a million better clone wars related tales they could have filmed) added a very annoying seemingly cross dressing English talking Hutt, and then went through the dialogue of the script adding pet names for minor characters to make the dialogue feel a little awkward and kiddie.

It wasn’t bad, I did enjoy it.  I’ve always left Star Wars cinema experiences (usually on opening night, they somehow slipped this under the radar) feeling elated, and this time I came out feeling pretty indifferent.  It was reasonable, a great kids film I guess, but whereas they previously made Star Wars kid suitable, this time it feels like they didn’t quite make the directly kid orientated release adult friendly enough and somehow made a few Star Wars characters say things they shouldn’t ever have had to say (Jedi calling a Hutt lave “Stinky” is just plain wrong).  I guess I just hope they make the animated series a little more adult friendly.

Hopefully I’ll get a few technical posts finished up in the next few days.  In the meantime, checkout Stackoverflow.com, see the Clone Wars if you can silence your inner adult and go listen to some Swallow The Sun.

I’ve just picked up on the fact that The Brainy Gamer blog is doing a gaming club (a-la ye old book clubs / reading circles) and the focus for the next session is Grim Fandango.

http://www.brainygamer.com/the_brainy_gamer/2008/07/vintage-game–1.html?cid=122321778#comment-122321778

If you have time to participate, I’d really recommend it.  Not because I have any idea how it’ll go (I obviously hope it goes well), but more because Grim Fandango is possibly the greatest adventure game ever written.  Easily in my top 10 games of all time (if I were fearless enough to make a list) and a game that holds storytelling and good game play in the utmost regard.

If you’ve played it, play again, if you haven’t, play it for the first time.  It’s a classic, and scarily it’s probably turning ten this year.  If I recall, the original tag-line was “An epic tale of crime and corruption in the land of the dead” and that holds.  An art-deco masterpiece of good storytelling, humour, and your first (and probably only chance) to play a travel agent for the department of the dead.

Buy it here:

http://www.play.com/Games/PC/4-/2555356/Grim-Fandango/Product.html?source=5003&kwmid=4481214&kmcid=1664184991&match_type=

http://www.amazon.com/gp/offer-listing/B00004WGW1/ref=dp_olp_2

Demo here:

http://www.fileplanet.com/32113/30000/fileinfo/Grim-Fandango

Read the Escapist feature on it here:

http://www.escapistmagazine.com/articles/view/issues/issue_139/2994-Walk-Don-t-Run

The word cloud has been thrown around for years to describe the internet, but there’s a growing trend at the moment to launch services that seem to embody actual “cloud / grid computing”.  This movement to some extent is just the logical extension of the rich web applications that have gained popularity as part of the “web 2.0″ epidemic of increasing bandwidth and remote server horsepower.

The two obviously notable solutions in this area are Microsoft’s Live Mesh, which was announced and put into a public beta / technical preview a few months ago (Ray Ozzie’s second attempt to solve the problem of distributed device synchronisation after the canned “.NET My Services”) and Apples Mobile Me.  I’m normally a somewhat critical Microsoft supporter (not an apologist), I’ll put that on the table now, however I suspect that Apples service is likely to get more traction due to iPhone 2.0 support and it’s forthcoming lower price point (at the very least in the UK, possibly elsewhere).

Both of these services effectively offer the same thing, centralised data storage and device synchronisation, Apple offer what they call the “me.com suite of web applications” and Microsoft offer the “Live Desktop” as the online interface to this storage pool, both offer mobile clients, both offer desktop clients for both computing platforms.  They’re effectively the same service, it’s Exchange Home Edition with Outlook Web Access enabled, for want of a better example.  It’s Microsoft and Apple desperately trying to get between the desktop and Google Apps.

But that’s really what I have a problem with.  The great benefit of grid computing is the utilisation of large amounts of CPU resource to accomplish large tasks very quickly, not data warehousing your users personal data.  It’s seemingly something that both of these “cloud computing” solutions have entirely missed and in reality, they’ve supplied Active Sync and Exchange for the home user combined with the three million iDrive, YourDrive, MyDrive, HisDrive services that became popular before the Web 2.0 bubble in about 2001-2002 and effectively managed to shut themselves down after being used solely for piracy.

I don’t actually believe that the world internet infrastructure is ready for these types of services yet because of the data ownership implications and I feel that these services have been designed almost inside out in nature.  Data synchronisation is nice, I’m sure everyone would agree with that, but by forcing these solutions to market before we’re in an ecosystem where users can host their own file-identity-synchronisation services out of the home in a process as simple as signing up to something like Mobile Me or Live Mesh, we’re setting a precedent.  That precedent says that it’s ok to surrender your personal data to a giant third party data store in the sky, and honestly this is not ok. 

This is a choice the vendors are making, and in my single honest opinion, an exceptionally bad one.  Apple could just as easy focus their energy into making a Mac Mini derived small home device that provides the same functionality as Mobile Me, that plugs in to a home router.  I don’t mind them offering a Mobile Me like service for people that don’t want to be responsible for the keys to their home, but I sure as hell have a problem with both them and Microsoft forcing people to give up their homes in the name of data synchronisation.

This is another case of a good idea that people will enjoy, poorly implemented and pushed out to market, when the effort should be in enabling a permanently connected high speed internet for the masses, and the engineering of devices that allow the user to control their own resources.  I know I sure as hell don’t want to loose all of my data because of some sloppy code and an exploit or two.  I’m sure companies of the size of the big players in this market can secure data, but walking around with a target on your back is never a good idea.  Cloud computing should be about applications and not data, do not be told otherwise.  They bring the technology and knowledge and you bring your data to that party, not the other way around.

As a footnote, I think both implementations look pretty slick and offer good functionality, albeit nothing above and beyond synchronising to a mobile device with a HDSD card in it (my current solution involves a large memory card, a HTC Touch and ActiveSync to effectively reproduce this functionality).  Online identity, sharing and data stores are the future, lets just not let people lock us in to a poor aggressive implementation.  Vote with your wallet people.

Now Playing: Between The Buried And Me - The Decade Of Statues

I commute to and from London very frequently and the trains, whilst high tech and reasonably pleasant, can lead to very long journeys (especially in times of maintenance).  Because of this frequent travelling I’m practically forced to carry a laptop around with me for the sake of my sanity.  I tend to enjoy watching DVDs, playing late 90s and early 2000s PC games, and spiking and prototyping software ideas to pass the time on these train rides (which can stretch up to 4 1/2 hours some Sunday evenings).

Now, my laptop is a Dell Inspiron 5160, picked up in 2004 when the phrase “desktop replacement” in a laptop made my mind think of good things.  It has a desktop Pentium 4 processor (with hyper threading, for all the good that did) clocked at 2.8Ghz, 1.25Gb RAM running XP Pro and a 15.4″ screen (to give a sense of scale).

At the time, those were very respectable (desktop replacing!) specs.  The downside is that it weighs as much as the desktop it pretends to replace.  9.7lbs to be precise, which if I recall is something like 5Kg give or take.  Add to that the power of a chunky laptop power supply and most weekends I feel as though I’m carrying a small child from the north to the south of London.  Not fun.

I came to the conclusion (prompted by back ache) that I should probably look into replacing my monolith with something designed to, dare say, be portable.  Anyone that watches PC hardware will be aware of the waves that the current range of sub-notebooks have been making in the IT press so I figured I’d take a closer look.

The options seemed to be the much publicised Asus EeePC, the forthcoming HP Mininote and the HTC Shift (and other similar large smart-devices) as far as ultra portables went.  These devices are really, really cool.  Eight to nine inch displays, 700Mhz to 1.2Ghz VIA processors and chipsets and weighing just over 1Kg.  They really are tiny little devices and perfect in the cheep connected device market, but unfortunately the ability to run Visual Studio and to watch DVDs that I’ve just bought (ripping isn’t really relevant as I tend to buy things at train stations) were deal breakers.  I toyed with the idea of buying an external DVDRW drive to keep alongside a tiny sub-notebook, but at that point the rice would be approaching about £400-£450 and it was starting to feel like I’d really be ending up at the wrong end of the price-performance curve.

I’d definitely recommend anyone that just needs a really portable Internet / office device to check out reviews of the HP Mininote, it should be out this month and I was very very tempted by it, it’ looks fantastic and seems exceptionally powerful for it’s form factor.

I abandoned the idea of picking up a sub-notebook and decided to take a look into the very small regular notebooks on the market.  I’d had a very positive experience with he 11″ T-Series Sony Vaios‘ in the past  Their build quality is second to none, specs are brilliant and they weigh just 1.25Kg.  Unfortunately you also pay £1500+ for the privilege of a tiny notebook of comparable spec to a £400 15″ notebook.  If you’ve got the budget then I’d recommend one in a second, but they’re a far cry from the £200 EeePCs.  I figured I could stretch up to 12″ and still manage to pick up a very light, fully featured laptop and to be honest was quite surprised at the lack of products on the market.  I suspect this could partly be due to the recently (as in yesterday) announced new reference designs for sub notebooks , or perhaps companies are waiting on the Intel Atom CPU announced late last month, but either way the range of notebooks on the market at that size and weight point is remarkably sparse.

That said, there are some options.  Acer have a 12″ offering in the shape of the Aspire 2929.  an Intel Core Duo based machine with 1-2Gb RAM, Vista and about 100-200Gb of disk space, depending, it seems, on who you buy it from.  It’s part of their clamshell range apparently co-designed with Ferrari.  I’m guessing that’s their excuse for the laptop looking like utter shit, but on paper, the specs read ok, for about £500-600, vendor dependant.

I was still unsure, so I’d decided to go to PC World to see if I could just get a feel for the notebooks available,  It’s pretty hard to get a handle on the weight and size of something from raw specifications and websites so I figured it’d be time well spent.  I walked in the door, and on the second display stand as I entered the store was a tiny 12″ notebook branded “Advent”, which the smart or unlucky amongst us recognise as one of PC Worlds own brand product lines.  Looked good though, visually.  The build quality is no Vaio, but the price tag isn’t either, at only £450.  Core 2 Due 1.83Ghz, 2Gb RAM, 160Gb Hdd.  On paper, the specs were actually excellent for the price point.  Figured I’d ask for a full spec and pulled out my phone to start googling.

Interestingly there were very few mentions of the machine online.  Meaning it’s either very very new, or that the people that buy PC World own brand laptops don’t have too much to say about them online, none the less the spec sheet was quite revealing.  It appears that this laptop, almost £200 cheaper than the Acer Aspire 2929, and light years better looking, is practically the same machine underneath.  It uses exactly the same Intel chipsets, exactly the same onboard graphics, has exactly the same set of features (3 Usb and a Firewire port, onboard card reader, identical audio chipsets) and is to all intents and purposes just a nicer looking and cheaper version of the 2929.  Oh, and it weighs only 1.8Kg

I still don’t trust PC World hardware, so I went home to do a bit of extensive googling and slept on it, returned the next day and picked up one of the notebooks with Vista Premium.  That was two days ago.  I’ve spent the following few evenings tuning up Vista and installing software, and in all honesty, the machine really seems to fly, and at this point I’d go as far as recommending it.

I guess the moral of the story is that you never know what you might find lying about PC World.  But moreover, if you’re looking for a nice portable notebook on a reasonable budget without sacrificing power, PC World appear to have them in stock in the form of the Avent 4401, filling a curious hole in the market that other manufacturers appear to not want to compete in.

As a quick tip, due to PC World being… somewhat strange, if you’re interested in buying one of these machines, purchace it online and select “Collect @ Store” and you’ll save about £50 on the store price of the notebook.

Do with this information what you will.

It appears that Ubisoft just announced Beyond Good and Evil 2 with an in engine trailer at their UbiDays press event.  This is fantastic, fantastic news.

If you didn’t play the original (XBOX/PS2/PC) you missed out on a well written compelling action adventure that always ends up on those lists of “under appreciated classics”.  Thankfully it seems enough people did appreciate it.

You can probably pick up the original for pennies these days, and I *think* it’s one of the few titles on the Xbox Originals download service on the 360.  No excuses.  (If it isn’t, just get Fahrenheit instead!).

There’s a trailer over here, lovingly stolen from the ever excellent kotaku.

Since I wrote my previous entry on data ownership and web 3.0 I’ve put a significant amount of thought in to how to crawl out of this restrictive data warehousing hole.  As a result of this I’ve started planning a project tentatively called MyIdentityPortal which I hope will succeed in providing an out of the box (initially .NET) implementation of a personal data silo for the web.

A few months ago I started looking in to contributing to the .NET OpenId project, I downloaded an old release, did a bunch of work around it, then realised I’d GITted the wrong version, updated and saw something remarkably accomplished; at this point I felt that really the project didn’t need my assistance, but instead I was interested in producing something derived from it - a central profile and data controlling application.  This is effectively what I intend MyIdentityPortal to be.

The implementation should be fundamentally simple.  I’d like to implement an attractive web application that’s installable at the very least on a Win 2003 webserver (hopefully with a PHP or Ruby port down the road) which helps define the interactions of social networking as protocols.  Effectively, what I want to build is a sort of reverse proxy for RSS feeds.

The portal should provide four key services:

• Providing your OpenId
• Providing an RSS/Atom feed of data
• Providing an XML-RPC endpoint (not web-services, soap seems a little overweight for the task) which expose microformatted data dependant upon the query parameters
• Acting as a reverse proxy for RSS/Atom/XML-RPC data to allow the delegation of responsibility

Traditionally, modern websites tend to allow you to export data or access data externally using RSS feeds and I want to try and stick to this existing paradigm for the portal.  I want to try and turn this flow of data around, allowing you to set up a portal which you elect as your trusted “master” data source and your OpenId provider.

Using this portal (your own personal data silo), you set up various types of feeds (blog posts, micro-blogging ala twitter, iCal events, friends feeds/interpersonal connections, profile information, photo feeds, etc, etc) in a user customisable manner and supply these feed URLs to third party applications (facebook, myspace, etc) as the master source of data for each distinct data type they require.

These applications then take your data and add value to it in the form of their networking services.

The other thing the portal should allow you to do is to delegate responsibility, effectively proxy and transform an RSS feed or XML-RPC call.  Say, for example, that you really love the way that your WordPress blogging platform works, you love the interface, you love the presentation and you love the host.  Why change that?  The portal should allow you to define an external resource (RSS/Atom/XML-RPC) as the owner of that data, then transparently proxy it to a third party when the request that information from the portal.

The benefit of this type of data silo is fantastic and offers tangible benefits right now: 

• You have the ability to withhold or withdraw feed data.
• You have the ability to disconnect or shut down your feeds in one location.
• You can always define the master source of data transparently, be it through a portal plug in that produces that content or a delegate that proxies it.
• You can control access rights to your data based on OpenIds and requesting domains.
• It absolutely enforces interoperability between third party sites- they all syndicate the same feeds and data, no more missing out on parties because you don’t have a facebook profile to receive the invite on.

In addition to this as you elect your own provider (in this case by installing the FOSS application) you can effectively associate yourself with the portal.  One of my predictions on the evolution of the web hinges on micro-payments being used for small content purchases alongside subscriptions, and this kind of portal could be instrumental in painless payments by joining it with a payment system or subscription management services which, again, is under your control, and contains your subscriptions that external websites could authenticate and validate with.

I really want to get to a position where I have a wonderful interface that keeps track of my online presence, the data feeds and requests that I expose as “related to me” and perhaps even a shared storage area, that contacts, both personal and professional, could use to access the information about me which I permit.

In the first implementation, I’d like to aim for things that are useful now.  An OpenId provider, aimed at the single user, which encompasses RSS and Atom feed delegation and transformation along with a nice interface to administer this delegation.  I’d like to be able to log in to the provider with the open id it hosts, and set up some Feed endpoints which relay, as the first example, the feed from my blog.  I’d later like to expand this to expose some simple query / response pairs using XML-RPC for accessing a photo gallery (some basic commands like list all, search and retrieve) or perhaps calendar events using with any luck an existing standard (I hear iCal is reasonable though I have no experience with it).  Perhaps after that, expand to some more trivial functionality, perhaps a “recent play list” feed which mirrors the functionality of Last.FM to round of a few example use cases and just see where the product and implementation evolves from there.

It’ll be both free and open source.

I’ve already started cooking the first implementation on train rides, thankfully technically it shouldn’t be too complex, hinging off existing technology and using standard protocols.  I’m working on the feed delegation first, in case anyone’s curious.  I’ve got my good friend Chris Bird on board to thrash ideas out and hopefully work alongside when we have time.  If you’re interested in helping with the project don’t hesitate to get in touch (you can find contact information here).

Adoption will be a horrible sticking point.  None of the networking sites will appreciate losing control of your data, but really, that’s not the sort of control they should have had in the first place.  With any luck, there’ll be enough pressure to adopt an open standard that forces interoperability that they’ll have to change or die.

Now Playing: Textures - Silhouettes - 02 - The Sun’s Architect

If I were to write down a list of things I really really don’t like about the “web 2.0″ ecosystem it’d be exhaustive and consist of all of the current fads, go-to websites like facebook, twitter, flickr et al, and would really be summarised by the phrase “low signal to noise ratio”.  However, I think the concepts behind all of the mentioned sites and the fictional huge list are compelling, fantastic ideas, just implemented in a horribly disparate way.

I went to see Richard Stallman talk on the ethics of the free software movement (not the open source movement, he spent a long time explaining the difference, and rightly so) last Thursday.  It was a very interesting talk, Stallman has a reputation of being quite the… extreme evangelist, and he definitely has earned that reputation.  I don’t agree with some of his viewpoints for several unrelated reasons, but I respect his integrity and his pure black and white belief in The Four Freedoms of Free Software.  It’s with a similar initially terrified mind that I really believe that the current trend towards extreme social interaction (micro-blogging, regular blogging, friends lists, updates and feeds) should be free and open.

I was looking in to twitter tonight, a concept I’ve dismissed as a low information high noise communication medium, but I’m always willing to be convinced.  As part of this I was looking into the competing services offered by a few other companies and I’m really quite worried at how exclusive these services are from each other, despite operating in practically the same field (the main two I was looking at were twitter and pownce, for sake of reference).  This lack of interoperability is the stuff Microsoft get lynched for and the “FOSS” world cries foul over, yet these same people who happily campaigned for open protocols for Instant Messaging five years ago will silently sign up to these locked-in services without thinking twice.  It’s quite telling that with these micro blogging services, there are several third party applications to post a message to all of them at once.

It seems to be a recurring theme, that whenever I see a nice “web 2.0″ website, the first thing I do is think “that’s really cool, how can I re-implement that, so I control the data, and can inter-operate with their website”.  That’s the first thing I thought about twitter, that’s the first thing I though about Livejournal as and when I slowly started wanting to migrate away from using it to keep in contact with people, and it was the first thing I though of when I saw the mother of all mash-ups that is Facebook.

The funny thing is, the platform for this, in the most primitive of senses, already exists.  Most of these websites export to RSS or Atom feeds, and nearly all of them syndicate in some way, they just never seem to offer the option to syndicate in a way that makes other services messages flow fluidly with their own.

What I really hope and dream for, is that the “web 2.0 feature set” becomes a set of protocols, the most simple implementation could even be an RSS feed or webservice combined with microformats.  I don’t Facebook to store a list of all the people that are my friends, or myspace for that matter, I want facebook or myspace to ask me for a feed or service URL which will present it with a list of my friends.  They can then write all the functionality in the world that deals with those friends, who sign up in the same way.  People would visit the site for the value the site added, not because it was holding their data hostage.  I don’t want a third party website to store upcoming events for me, I want to provide my calendar in feed format to them.  I don’t want my friends to send me to a “facebook event”, I want them to invite me to an “Event” that I can view using facebook.  Or whatever grows to take its place.

In the same way I believe that it’s really important that people control their own identities in the “digital future”, I really believe that it’s your own responsibility to make sure YOUR data is in good hands.  I don’t want some American corporate to have some laptops stolen with my data on them, because that data shouldn’t be there in the first place.

The first and foremost barrier to these data control issues is the service providers themselves and their financial bottom lines, they’d need to adapt to add value instead of retaining you for your data, the second barrier however is the ability to control your own data.  Most people are not technical, most people won’t have the first clue about who “owns” their data, let alone how to set up a data server, which supplies feeds and maintains profiles.  Informing the user is obviously the first step, but after that it’s down to providing for the user.

I really hope and believe (and will probably start spiking out some prototypes in the not so distant future) that there will be some significant development effort put in to a simple “host your own identity” platform.  In the same way that phpBB became synonymous with internet message boards post Usenet, some kind of “Open Identity Platform” would be a godsend.  A central place to maintain all your lists, post your updates, keep your calendar, your contacts, your email.  And most importantly, it’s YOUR central place.  Be that on your server, or a service provider that you trust and have explicitly given the permission, authority and potentially funds to control your Open Identity. 

I think there’s even a chance that the control of your online identity will become a physical thing in the coming decade, as IPv6 rolls out and more and more countries get high bandwidth in the home, I think we’ll see people hosting their own websites and identities in physical devices in the home that inter-operate with desktop applications and other household appliances.  Just like “home networking” as a concept was crazy fifteen years ago (I remember setting up a ring network in the early-mid 90s as an early teenager and feeling very very advanced) and home wireless was laughable at the turn of the century, we now have cheep Belkin wireless home network access points and anyone can VPN.  Maybe in ten years we’ll have home identity providers with a built in webserver to maintain your identity.  Plug and play.  When your grandma can do it, the consumer has officially “won”.

It’s a long road, and the major networking providers will need to start supporting the concept of feeding in the data externally as though it were part of their system, but the interoperability of the internet is effectively at stake if this doesn’t happen over the coming decade.  I’d hate to see the interactivity of this phase of the internets dubious “development” be lost to red tape and a lack of foresight.  A lot of the current ecosystem is a fad and will die, but the concepts of global communication are strong ones and deserve to mature.

I want to use global single sign on, I want to keep an online photo gallery, I want to micro blog, I want to instant message, I want to have a global calendar, I want to tell you who my friends are.  Network providers; I’ll provide you with the content, you provide me the added value.

Now Playing: nine inch nails - head down