MudLog

I know I’m a little behind, but here is the new web application for the month of May. It’s a start of a system I implemented as a final project for a class I took this semester (6.870.) This is a pen based CAPTCHA system, where you trace over shapes to conduct the Turing test. I also have an associated paper that talks about it in more detail, I will fix it up a bit and upload it here when it is done.

Here’s a simple tool called MITPTyper. Any phrase you type into the text box will render it as Muriel Cooper’s MIT Press logo. I know this is a small project, but it’s going to count as my April project.

I’m going to try and release a new web app every month this year. So far for the month of January and February, there was RunLog and OpenLocker. The web app for the month of March is FakeID.

FakeID is an OpenID server that gives you control over your online identity. With your existing OpenID account, you can use FakeID to create unique online identities. Think of it as an OpenID proxy. Anyway, I just finished it, which means it may be a bit buggy, but so far everything seems to work.

Finally, OpenLocker (formerly PLW Locker) is ready after some months in development. OpenLocker is a multi-functional web application that serves as an OpenID server, and a personal homepage. As an OpenID server, OpenLocker differs from other OpenID authentication servers and attempts to preserve user privacy by using a locker metaphor. The OpenID specs specify only that an OpenID URI be unique to a specific user, but does not specify any authentication method. Usually, an OpenID server manages user accounts like any other web application: with a username (which corresponds to a unique URI) and an alpha-numeric password. Because of this, this method of using OpenID still suffers from security/privacy issues that exist in other username/password systems. OpenLocker uses a geographic locker location (which is unique) as the username and an emulated combination lock as the password.

Beyond its use as an OpenID server, user’s identity URL (connected as HTTPS, once logged in) will provide them with draggable modules, which are individual RSS aggregators. Users can pick from a collection of feeds (like OpenStudio and OpenCode) or enter any valid RSS/Atom URL to display content. This provides a page that can act as a user’s identity page as well as their homepage, where they can begin their daily Internet browsing.

Just a note that OpenCode is now OpenID enabled. You can either use the Login/pass or use your OpenID url to authenticate.

I didn’t go home for the holidays. Instead, I stayed and worked at the Lab. This meant I had a lot of time to get stuff done, and I just launched a brand new web application, called RunLog. RunLog is an application that you can use to log how much you run. If your new year’s resolution is running, this is an application for you!

RunLog uses OpenID for user authentication, and all applications I build this year will use it. Hopefully this means it will be easier on everybody, no more remembering username and password for every different site you use. RunLog is also a social network. Hopefully, by support (or pressure you feel) from other users, it will influence people to keep on going.

I think using OpenID is important. The Locker project I’ve been working on has turned into an OpenID authentication server, and it is fully functional as an OpenID server now. I just need to smooth up some rough edges and it will finally be available for use.

Oh, for anyone interested in using OpenID with Ruby on Rails, I modified the generator that ships with the ruby-openid library which can be downloaded here.

Finally, at the end of term comes the pre-alpha, public release of OpenCode. What does it mean when we say pre-alpha? It means it’s not done, but we wanted to get people playing with it rather than letting it sit on my computer collecting dust. When we say public, it means anyone can sign up and start using it. So…try it out. Let me or Kyle know what you think.

PLW Locker is almost done, I’ll have it ready to go by the end of the year. OpenCode will be the first site to support logging in from the Locker. Everybody, go get yourself a PowerMate and get ready.

I spent the Thanksgiving break being sick. I got sick a couple days earlier, not because the Lions got their ass kicked by none other than Joey Harrington, the Quarterback (who was drafted as a first round pick) they traded to the Dolphins for a future sixth-round pick. I love the Lions, but every year they manage to fuck up worse than the year before. Last week Michigan lost to Ohio State, which was a real heartbreak, but Yale killed Harvard, so in a way that made the loss less painful (especially with the MIT streakers and all. No it wasn’t me.) But enough with the football…

The past few mornings, I’ve been coughing up some funky stuff. It’s disgusting. No need to describe it except to say it’s amazing how something so unnatural can be produced by my own body. I say it’s unnatural because its color is highlighter green. I haven’t taken biology since high school, but how can some natural process create such artificial color? Maybe this is because my body no longer consists of natural things. Everything I eat is artificial. I don’t really know what is in the stuff I eat. I eat student food, under a student budget. This means I eat things I wouldn’t normally, just because it’s fast and cheap. This is the only place where the don’t ask, don’t tell policy works. Mmm…don’t you just love the burrito of mystery?

Where am I going with this? I wanted to tell this story, because I thought it would be a clever way to come up with another reason for why computers and digital work is important to art and design, but I don’t think I’ll be doing a good job. Remember I’m still sick. Thinking makes my head spin.

Over the years, I’ve met many artists and designers who resist the use of computers and technology to influence work. They bitch and moan every time they have to use a computer. Normally, I would ignore them and not waste my time, but the problem is, most of these people are stubborn professors who are in the position to influence students excited about computers and technology. I don’t understand why they are so critical. I can only assume it’s because they fear the unknown, and this thing called the computer and the internet confuses them to no end. This is why I think future artists and designers need to skip art school and come to MIT instead.

Now the analogy. Computers and technologies are much like the artificial products we eat. Whether you like it or not, it is already within us. It’s okay if you don’t like it, but resisting and rejecting computers and technologies is like being an organic preaching hippie. But these days organic food isn’t even organic. It’s what hipster Williamsburg girls eat at Whole Foods at Union Square.

We’re currently developing an authentication system that would enable single login to all the web applications we make in the PLW. But the idea of developing a central login system isn’t new: Microsoft’s Passport has been around for years and Google uses a similar system (also, see Google Account Authentication). We’re not really after that. We just want to have a system in place so that we don’t have to maintain individual login systems nor user information every time we build a new application. Since we’re thinking about implementing an authentication system, it’s good to think about authentication systems in general.

It’s crazy how many accounts we have. It’s even crazier to see how often we share common usernames and passwords. Traditionally, authentication is done through matching unique usernames to some alpha-numeric password. I’m no security expert, but this seems secure enough. However, many websites select users’ email addresses as their unique username, and since users are allowed to choose their own passwords, many end up setting the same password.

What happens when one of these sites compromises your information. They essentially have access to all other accounts that share the same username and password. Using an email address as a username is also a bad idea, since it’s a unique identifier that is attached to one name. It’s just as bad as schools using social security numbers as student numbers.

With our system, we go back to the old fashion way of using physical metaphors. Our metaphor is the locker. Usernames are mapped to a locker number (which also has a location) and the password is a combination lock. Usernames no longer have personal identifiers attached to it, and the combination lock gives the user the understanding that if you forget your combination, you’re sort of screwed. You have to ask someone with a master key or get a locksmith to cut it off.

Here’s the combination lock, using canvas and written in JavaScript. Works best if you use a PowerMate; mapping rotate right to right arrow key, rotate left to left arrow key and button press to the enter key.

Finally, I finished what once was called PLWicense. It is now renamed to something a little more descriptive, called MadLicense. MadLicense is a Mad Libs-style license creator. Users are given a license template based on popular open source licenses (for now the MIT and Apache Licenses, but more to be added) with only specific modifiable words. In a way, it makes license creation easy, but also challenging since only certain words are modifiable. With this restriction, it forces users to creatively place words to come up with an applicable license for themselves.