LShift Developer Paul Crowley has redesigned the security for the OpenID system.
OpenID is a simple single-sign-on mechanism for attributing content such as comments on blogs and Wiki edits. Unlike Microsoft’s Passport, any site can publish and manage identities; no central provider is needed.
Version 0 of the OpenID protocol was designed by LiveJournal founder Brad Fitzpatrick. For version 1, he called on LShift senior developer Paul Crowley to provide a cryptographic review. The result is a protocol which is easier for small sites to deploy, and over a thousand times faster for larger sites to participate in.
Matthias and I were talking about website ‘templating’ — that is, making Web pages parameterised on the content.
We weren’t discussing the technical rationale behind it — constructive laziness is axiomatic — but how best to accomplish a separation of concerns between contributors. For example, frequently we co-operate with companies or individuals that specialise in design. Typically we want to impose a logical boundary so we can’t mess with their design and they can’t mess with our .. whatever bit we are doing.
Naturally, this is not a novel or uncommon goal and there are the soi disant standards XSLT and CSS that provide for just this thing. We’ve found that XSLT can be useful, but since it is a transformation language, it is too easy to cross the boundary of what appears versus how it appears. That leaves CSS.
So is CSS the right place to draw the line? If we provide the dynamic content and boilerplate as immutable HTML, can the designer do everything they want to?
As the CSS Zen Garden demonstrates, a great deal of a Web page’s appearance can be controlled with CSS — which is, after all, the idea; however, the Zen Garden creators concede that it requires some otherwise superfluous markup to get this range of control. There has to be some give and take between strictly semantic markup and markup that is amenable to styling. Plone‘s default templates do a decent job of this: without the CSS stylesheets the pages are still easy to follow. Modulo a few compromises with the form of the HTML, then, CSS can go a long way.
There are some things that CSS as it’s currently implemented won’t do. Briefly: it can’t reorder content, and in most cases it can’t replace or insert content (there’s also some kinds of layout it doesn’t provide for yet — multi-column flowed text, for example). For things like form design these are crucial.
On the other hand, form design really is part of the user interface, and not the content; so perhaps something like XForms can supplement CSS to cover all the bases.
LShift TD, Matthias Radestock, co-authored papers with Greg Meredith on a Reflective Higher Order Calculus, presented at various recent conferences.
The papers were presented at the Foundations of Interactive Computation Workshop (FInCo) as part of the European Joint Conferences on Theory and Practice of Software 2005 (ETAPS) in Edinburgh. Further results where presented at the Trustworthy Global Computing Workshop (TGC) at the same conference. The papers themselves, as well as slides for both presentations, can be viewed and downloaded from the links below.
We’ve started a blog on this site to capture some of the discussions and research that go on at LShift each day.
There’s no formal brief determining what should be recorded in the blog. Hopefully you will find it interesting and maybe, who knows, even useful.
I’ve started work on an adaption of TiddlyWiki. The things I want to improve:
- TiddlyWiki has a degree of reflection — editing the node ‘MainTitle’ changes the displayed title, for example. It does these inconsistently though, with bits of privileged markup. I’d rather it kept them as nodes and simply styled those nodes specially — ideally using CSS that is itself editable. A side effect of this will hopefully be to make the HTML more accessible (since it will closer to, if not thoroughly, semantic markup) .
- I’d like a Stickies-like interface, where nodes remember their position and can be moved around and resized. This gives the user an opportunity to use spatial reasoning to keep a mental map of the information, something that regular websites (and the Web at large) lack.
*UPDATE* There’s a [darcs repository](http://www.squaremobius.net/~mikeb/Darcs/sticky-wiki/)
I spent a good few hours trying to convince [Gnus](http://www.gnus.org) to search my IMAP folders, under XEmacs. Googling turned up quite a lot of stuff, but most of it is wrong/irrelevant. In the end all I needed to do was:
- stick `(require ‘nnir)` in my XEmacs init file
- add `(nnir-search-engine imap)` to my `.gnus` file, like so:
- re-byte-compile the `nnir.el` file in the XEmacs package directory for gnus – on my system that is `/usr/share/xemacs21/xemacs-packages/lisp/gnus`. For some reason the `nnir.elc` that comes with the XEmacs gnus package is broken, so unless it gets produced afresh the use of nnir results in mysterious errors.
After that, marking groups in the group buffer and hitting `G G` prompts for a search string and proceeds to carry out the search. Nice.
Avi mentioned that Seaside’s continuation-based model of web application development is in some sense the [old link: http://rest.blueoxen.net/cgi-bin/wiki.pl?ShortSummaryOfRest] anti-RESTful – there is a lot of state kept on the server. It occurred to me though that this doesn’t have to be the case. Implementation details aside, in most cases continuations can be quite compact and hence one should be able to to round-trip them between the client and server, thus removing the server-side state. That is, essentially, the approach taken by WASH/CGI.
What really makes Seaside interesting is the way it allows composition at the page level, and extends this seamlessly to AJAX -style web applications.
It seems like we are only a small step away from RESTful AJAX-style continuation-based web applications.
A few days ago, I mentioned the idea of building a Scheme machine atop the existing Squeak VM and image. I’ve started some work in that direction: I’ve built (yet another) S-expression reader for Squeak, with associated data types and a unit test suite, and I’ve started building an interpreter that I intend to use to explore different ways of overlaying a Scheme-like environment on the existing Smalltalk environment. Once something settles down, a compiler to Smalltalk bytecode can be built.
Apropos the bytecode, I installed VMMaker in my image to look for a tail-call bytecode. Sadly, there doesn’t seem to be any such feature implemented at the moment, although it may not be much work to implement it. I’ll be interested to see how the Squeak community reacts to a tail-call implementation: with luck, it will be accepted into mainstream VMs.
You are currently browsing the LShift Ltd. blog archives for July, 2005.