Well, the prototol seems to already be a complex mess, why not just strip off the domain name at the end of the @ and ping that one using the whole crazy insane "use an HTTP library to parse hopefully valid HTML/XHTML to look for OpenID and then do other insane magic" ?
I mean hell, if you are doing to design a crazy protocol that depends on many other protocols to work right, what harm is a little regex hackjob added to spice up the mix? Might as well go all the way, right?
Now how does $RANDOMSITE know how to authenticate me, given just my email address? Send me an email and wait?
They use, you, a standard method to find out how. You know, the same way a server figures out which SMTP server to use. DNS records.
It's obvious that you're speaking over your head and don't understand what OpenID actually does.
And it is obvious the designers of OpenID didn't know squat about how any other protocol works. If they did, they might have used DNS to get some OpenID equivalent of an MX record! Hell, last I checked, most DNS libraries can look up things besides "A" records and it would be a hell of a lot easier to just get my webserver to use standard DNS libraries to look up a TXT record that has the info on how to get to a domains OpenID provider.
Of course it is, you'll have to trust that I will not disclose it to other people and instead let you pick a nickname.
Why does a blog that I'm commenting on need to know my e-mail address?
Quite frankly, if you aren't willing to at least offer a way to contact you, I'm not interested in letting you post a comment. Remember I have to trust you aren't gonna spam the bajesus out of my site too! A random OpenID URL offers me no assurance you aren't just some comment spammer.
You have to trust I wont leak your email, and I have to trust you are a real person, not a comment spammer. That whole trust think swings both ways, you know.
The page served up from that URL has a couple of Meta tags which points to my authentication provider and specifies my username with that provider.
So part of the spec requires my webserver to go *fetch and parse your personal web page* to see if it has a <link rel="openid.server"/> tag in it to meet the spec? Are you kidding me? No wonder people dont implement OpenID logins!
You are telling me to support OpenID, I now have to add an entire library to parse your no-doubt busted frontpage website to see if I should use you for openID or go redirect elseware!? What could possibly go wrong with that idea!?
Hah! What an *excellent* way to implement a DOS attack! Now I can get your website to hit my enemy's website by entering a FUCKING URL into your OpenID box!!!! Worse, I can get YOUR WEBSITE to eat up its resources hitting my slow, bloated page to see if I have a magic OpenID <link rel="openid.server"/> tag!
What a brilliant scheme! So many moving parts, so many points of failure, what could possibly go wrong!!!
Well, to add to the other guy who reponsed to you, you also have to remember some ugly looking URL too. That or use a "popular" OpenID provider and hope that every site you visit has a way to enter the "username" portion of the OpenID URL and have it convert into a real URL.
The whole thing is insane. Had they gone with email addresses, it would had more of a chance to catch on. That is, if it could also overcome the whole "trust" thing... that is why am I supposed to trust any random OpenID provider to to authenticate and identify people who use my website?
There is a reason why people provide OpenID's but very few take them... OpenID offers little in the way of trust--what if my system has different user levels, like some people are editors with magic powers not just regular comment posters? If my system was designed to use 100% OpenID, that means I have to trust my editors accounts are using secure OpenID providers because if their OpenID account gets hacked, the hacker now has keys to my website. That or I implement a different system of authentication for editors and other "trusted" users, in which case, why waste my time with OpenID in the first place?
Because for the average person, it's a lot easier to set up a blog than it is to get their ISP to set up custom DNS records.
There you go again. What the hell are you talking about? Now to log into some stupid site, I have to get a blog too? Huh?
Admit it, the URL thing sucks ass. Email addresses are something we all have, and many websites are using email addresses as your login already. If OpenID did email, even *if* there wasn't any DNS trickery like I suggest, life would have been 100% easier. But no, I'm sure there is some "valid" reason the purity trolls who wrote the spec had against something so simple and logical, so they decided URL's would be best, usability be damned.
Meanwhile, in reality, you know that ultimately the URL is the location of your OpenID server, right?
Huh? No seriously. Huh?
OpenID is just so damn unintuitive that nobody really gets it. It is a fucking login. Why can't it be an email address? Why can't it resolve the right place to conduct authentication business via DNS the same way SMTP gets it's MX record based on everything after the @domain.com?
Seriously, the more people try to explain it, the more it just makes peoples eyes glaze over. All they see, and all I see, is a fugly looking URL that is supposed to magically authenticate me, only as a web developer, I'm told I can't actually trust the authentication because the protocol wasn't designed for it. Or something. My head spins now.
If you take out the massive (and I mean massive) ground game.
If you take out his ability to leverage modern technology (do McCain supporters get text messages from their campaign reminding them of key dates?)
If you take out his ability to raise money from small donors and use it to drown out the competition (sounds like capitalism + democracy to me!)
If you take out his oratory skills
If you take out his sane policies
If you take out his levelheadedness.
If you take out all those things, yes, you are probably right, Obama is only brilliant because of these untalked about fear baiting strategy you talk of.
Okay, given how we've tried trickle down economics for a while now, how have things turned out? I'd say we tried it, and it failed. Maybe time for something new, eh?
You see, it is OPEN, right? I mean, it says so right in the name of the protocol *OPEN*ID right? And google is cool right? So OpenXyz + Google = Win, right? I mean, OpenID sucks, right? What is wrong with somebody embracing it and then fixing the problems by extending it to be better? Nothing. After all, it is OpenID.
I think if I ever start a company that publishes the most evil DRM spec on earth, I'd probably name it OpenDRM or FreeDRM just so I can win over the Slashdot crowd. As long as it has Open or Free in the name, you can pretty much get away with murder, especially when your Slashdot corporate karma is "excellent".
But seriously, OpenID needs more then a face lift. For starters, based on my experience with Stackoverflow, browsers need to auto-fill the OpenID box with my URL, er, login name (cough). Then they need to boot out any fool who things the "login" should be anything other then an email address. Whoever dreamed up using a URL for a login wanted the spec to fail. Oh, and then when they are done with that, how about moving it down the network stack so that the damn thing can be used to authenticate against protocols other then HTTP, like say, IMAP or something. Oh wait, except OpenID was never intended to be used to authentication... or was it? Nobody really knows because even OpenID proponents says you shouldn't use it for anything other then trivial accounts and if you use it for anything else, you are mis-using the spec!
I'll give you my closing argument. Who sets the "tone" of this nation? Is it the media? Is it the president? A combination?
The Republican party hates education. Educated people are elitist who live in anti-American big cities. They actually use this talking point, though excluding the "educated" part and letting you connect the dots. You think that sets a positive tone that encourages people to stay in school? I don't.
Government spending aside, I'd rather have a president who sets a positive tone for our nation and gives us all something to strive for. The past eight years, all we've gotten was "freedom fries", "homeland security", and all kinds of anti-intellectual hogwash.
Which is going to be easier to pass though the house and senate and get signed by the president? Is it more efficient to tack on a couple million for a library to the "Clean Water Act" or is it more efficient to have every single thing go through as a bill of it's own? I'm not actually sure!
Sadly, while I agree with you, I can't think of how we'd change the system so earmarks don't happen. It happens because the system pretty much makes it the easiest way to get "petty cash" from the federal government.
Fair enough but I have a question for you does this account for the "Iraq" earmark too or does this person forget that the entire budget for earmarks is probably like 3% of the total budget and is maybe no more then two weeks in Iraq.
Earmarks are a gimmick politicians like to play. How is "I'll cut earmarks" any different then "gas tax holiday"? Besides your local library might have been funded via an "earmark".
Fair enough. Would it be safe to assume that by subsidizing education via some government method, more people would be educated?
Do you benefit directly or indirectly from our ability to stay competitive in the global market? If less of our children are educated, will their generation have an easier or harder time finding quality work? Will the society they live in be better or worse because of taxpayer subsided education?
Further, add into the formula the requirement to receive any kind of government tax credit, the student would have to give back a certain amount of community service. Would you benefit directly or indirectly from that?
Well, create a talking point for position. Use only a few sentences that come out in a way that makes people happy and hopeful. Would you vote for somebody who said in a speech "got cancer? these things happen, sorry!". Well, you might:-) But I can't see the majority doing so.
So go ahead, run on the truth of your party and get back to me! I'll bookmark this comment and you can reply once you are in office:-)
But if Obama was president when you were in college, you'd have paid less for your tuition via a larger tax credit. Then you'd be paying less in student loans right now.
These are *investments* in the future of our country. They might not have immediate benefit right now, but you have to examine if we'll all be better off after making them. If we all had less student loan debt, we'd be spending that money else ware *and* more people would be going to college thus making us more competitive in the global market. Win, win!
But your $250k person got to the position they are in now *because* of federal programs! Their schools were probably taxpayer funded, their college education was probably taxpayer subsidized and their tuition was tax credited. They were able to exploit the public highway system, use public transit, ship their cargo through public airports and seaports. They used public sewers and water. They got their energy from the public grid.
In short, they owe their wealth to the investments we taxpayers made years ago.
You can either pay for it as you climb up the ladder and then enjoy not paying for it at the top. It won't be as easy to climb this ladder, but there is a nice carrot to chew on when you get to the top.
Or, You can climb up the ladder for free and then start paying for it once you get close to the top. It is easy for anybody to try climbing, but once they get to the top they'll have to pay for the trip.
If you like the first option, vote McCain. If you like the second, vote Obama.
However, I hate to tell you that you'll have a hard time getting elected by saying that. Really, what you just said is the essence of libertarian and fiscal-conservative former-republicans. They all dance around it or distract voters with magic wands of "abortion", "dirty hippies", or "anti-American" cultural divisions, but ultimately you just summed up the Republican party in a nutshell.
There is a reason fiscal conservative republicans got married to the Palin social conservative base; it was the only way they could get enough votes to win. Every talking point, lie, or clever distraction a republican makes is just a dance to avoid what you just said. I think they all know if they were ever intellectually honest about their core values, they'd never get elected.
Suddenly, we don't have to sue other people/doctors to live well and the price of health care can come back down
Do you really think the cost would go down that much by reforming our mal-practice laws? It might be a component of the cost, but I doubt all that much. I think a second component is just that people expect "all you can eat" insurance that doesn't expose them to even a fractional cost difference between two medical treatments... without being exposed to some of the cost, we'll always pick the more expensive treatment.
The solution if to let people pay for it themselves.
I assume you mean pay "out of pocket", right? This is fine to an extent (as long as I can deduct more of it on my 1040 then allowed now), but what if I get really sick? Who then pays? Especially when I'm presently un-insured and thus will no longer be able to purchase insurance?
No matter what, I dont think you can significantly reduce the cost it might take to treat something like breast cancer. You might knock the price from $50k to $40k, but $40k is a lot for somebody with no insurance. That person will be effectively screwed, and indirectly will raise your costs.
Actually, what do you think the percentage of your health care costs are a result of hospitals treating those who cannot pay? More or less then the costs from mal-practice and "all you can eat" insurance?
As a former libertarian, now democrat, I believe the smart libertarians and the fiscal conservative former-republicans will push for more regulation. The regulation they will push for is the type that ensures more transparency in corporations and the markets. How can you invest in a free market economy when you can't be sure the CEO's aren't cooking the books (i.e. enron), or the banks aren't making shady mortgage deals in the backroom?
Regulation and the free-market libertarian ideals are not incompatible. The trick is to pass the *right* kinds of regulation--those that make things as transparent as possible.
"Poor Sick Bastard" has cancer and currently has no health insurance. Please find him an insurance company that will cover him.
Wait, you can't? What now does "Poor Sick Bastard" do? If you said "go to the ER when he has complications", you'd be correct.
Now "Poor Sick Bastard" has $10k in medical expenses. Who pays for those?
If you said "Poor Sick Bastard", what if he cannot pay and goes bankrupt, as many do? Who then pays? Well, the hospital gets the shaft, right?
Now the hospital is stuck with the bad debt from hundreds of "Poor Sick Bastards". What do they do? That's right, raise their prices!
The hospital just raised their prices. Guess what, now it costs your insurance company more money. What does the insurance company do? Thats right, raise their premiums!!
So you just, abit indirectly, paid for Poor Sick Bastard. In the process, "Poor Sick Bastard" not only cost your insurer and everybody else the original $10k but he also probably racked up like $5k in legal fees too.
Which do you think costs less? Providing a "insurance company of default" that draws from a large, federal insurance pool using taxpayer money or having every insurance company raise their premium instead?
Slashdot Mirror
Well, the prototol seems to already be a complex mess, why not just strip off the domain name at the end of the @ and ping that one using the whole crazy insane "use an HTTP library to parse hopefully valid HTML/XHTML to look for OpenID and then do other insane magic" ?
I mean hell, if you are doing to design a crazy protocol that depends on many other protocols to work right, what harm is a little regex hackjob added to spice up the mix? Might as well go all the way, right?
Awesome
They use, you, a standard method to find out how. You know, the same way a server figures out which SMTP server to use. DNS records.
And it is obvious the designers of OpenID didn't know squat about how any other protocol works. If they did, they might have used DNS to get some OpenID equivalent of an MX record! Hell, last I checked, most DNS libraries can look up things besides "A" records and it would be a hell of a lot easier to just get my webserver to use standard DNS libraries to look up a TXT record that has the info on how to get to a domains OpenID provider.
Of course it is, you'll have to trust that I will not disclose it to other people and instead let you pick a nickname.
Quite frankly, if you aren't willing to at least offer a way to contact you, I'm not interested in letting you post a comment. Remember I have to trust you aren't gonna spam the bajesus out of my site too! A random OpenID URL offers me no assurance you aren't just some comment spammer.
You have to trust I wont leak your email, and I have to trust you are a real person, not a comment spammer. That whole trust think swings both ways, you know.
So part of the spec requires my webserver to go *fetch and parse your personal web page* to see if it has a <link rel="openid.server" /> tag in it to meet the spec? Are you kidding me? No wonder people dont implement OpenID logins!
You are telling me to support OpenID, I now have to add an entire library to parse your no-doubt busted frontpage website to see if I should use you for openID or go redirect elseware!? What could possibly go wrong with that idea!?
Hah! What an *excellent* way to implement a DOS attack! Now I can get your website to hit my enemy's website by entering a FUCKING URL into your OpenID box!!!! Worse, I can get YOUR WEBSITE to eat up its resources hitting my slow, bloated page to see if I have a magic OpenID <link rel="openid.server" /> tag!
What a brilliant scheme! So many moving parts, so many points of failure, what could possibly go wrong!!!
Lucky for you, most people aren't.
Here is a novel idea, why not just do what pretty much anybody who uses an email for an account login does--map it to a local nickname!
Now that that problem is solved, explain to me why we need a URL again?
Well, to add to the other guy who reponsed to you, you also have to remember some ugly looking URL too. That or use a "popular" OpenID provider and hope that every site you visit has a way to enter the "username" portion of the OpenID URL and have it convert into a real URL.
The whole thing is insane. Had they gone with email addresses, it would had more of a chance to catch on. That is, if it could also overcome the whole "trust" thing... that is why am I supposed to trust any random OpenID provider to to authenticate and identify people who use my website?
There is a reason why people provide OpenID's but very few take them... OpenID offers little in the way of trust--what if my system has different user levels, like some people are editors with magic powers not just regular comment posters? If my system was designed to use 100% OpenID, that means I have to trust my editors accounts are using secure OpenID providers because if their OpenID account gets hacked, the hacker now has keys to my website. That or I implement a different system of authentication for editors and other "trusted" users, in which case, why waste my time with OpenID in the first place?
Check out stackoverflow.com, it exclusively uses OpenID for account info.
There you go again. What the hell are you talking about? Now to log into some stupid site, I have to get a blog too? Huh?
Admit it, the URL thing sucks ass. Email addresses are something we all have, and many websites are using email addresses as your login already. If OpenID did email, even *if* there wasn't any DNS trickery like I suggest, life would have been 100% easier. But no, I'm sure there is some "valid" reason the purity trolls who wrote the spec had against something so simple and logical, so they decided URL's would be best, usability be damned.
I've got one word for you
Huh? No seriously. Huh?
OpenID is just so damn unintuitive that nobody really gets it. It is a fucking login. Why can't it be an email address? Why can't it resolve the right place to conduct authentication business via DNS the same way SMTP gets it's MX record based on everything after the @domain.com?
Seriously, the more people try to explain it, the more it just makes peoples eyes glaze over. All they see, and all I see, is a fugly looking URL that is supposed to magically authenticate me, only as a web developer, I'm told I can't actually trust the authentication because the protocol wasn't designed for it. Or something. My head spins now.
If you take out the massive (and I mean massive) ground game.
If you take out his ability to leverage modern technology (do McCain supporters get text messages from their campaign reminding them of key dates?)
If you take out his ability to raise money from small donors and use it to drown out the competition (sounds like capitalism + democracy to me!)
If you take out his oratory skills
If you take out his sane policies
If you take out his levelheadedness.
If you take out all those things, yes, you are probably right, Obama is only brilliant because of these untalked about fear baiting strategy you talk of.
Okay, given how we've tried trickle down economics for a while now, how have things turned out? I'd say we tried it, and it failed. Maybe time for something new, eh?
You see, it is OPEN, right? I mean, it says so right in the name of the protocol *OPEN*ID right? And google is cool right? So OpenXyz + Google = Win, right? I mean, OpenID sucks, right? What is wrong with somebody embracing it and then fixing the problems by extending it to be better? Nothing. After all, it is OpenID.
I think if I ever start a company that publishes the most evil DRM spec on earth, I'd probably name it OpenDRM or FreeDRM just so I can win over the Slashdot crowd. As long as it has Open or Free in the name, you can pretty much get away with murder, especially when your Slashdot corporate karma is "excellent".
But seriously, OpenID needs more then a face lift. For starters, based on my experience with Stackoverflow, browsers need to auto-fill the OpenID box with my URL, er, login name (cough). Then they need to boot out any fool who things the "login" should be anything other then an email address. Whoever dreamed up using a URL for a login wanted the spec to fail. Oh, and then when they are done with that, how about moving it down the network stack so that the damn thing can be used to authenticate against protocols other then HTTP, like say, IMAP or something. Oh wait, except OpenID was never intended to be used to authentication... or was it? Nobody really knows because even OpenID proponents says you shouldn't use it for anything other then trivial accounts and if you use it for anything else, you are mis-using the spec!
All fair arguments.
I'll give you my closing argument. Who sets the "tone" of this nation? Is it the media? Is it the president? A combination?
The Republican party hates education. Educated people are elitist who live in anti-American big cities. They actually use this talking point, though excluding the "educated" part and letting you connect the dots. You think that sets a positive tone that encourages people to stay in school? I don't.
Government spending aside, I'd rather have a president who sets a positive tone for our nation and gives us all something to strive for. The past eight years, all we've gotten was "freedom fries", "homeland security", and all kinds of anti-intellectual hogwash.
Which is going to be easier to pass though the house and senate and get signed by the president? Is it more efficient to tack on a couple million for a library to the "Clean Water Act" or is it more efficient to have every single thing go through as a bill of it's own? I'm not actually sure!
Sadly, while I agree with you, I can't think of how we'd change the system so earmarks don't happen. It happens because the system pretty much makes it the easiest way to get "petty cash" from the federal government.
That is all well in theory until your DNS gets hijacked too and "www.myopenid.com" points to the phishing site instead.
Fair enough but I have a question for you does this account for the "Iraq" earmark too or does this person forget that the entire budget for earmarks is probably like 3% of the total budget and is maybe no more then two weeks in Iraq.
Earmarks are a gimmick politicians like to play. How is "I'll cut earmarks" any different then "gas tax holiday"? Besides your local library might have been funded via an "earmark".
Fair enough. Would it be safe to assume that by subsidizing education via some government method, more people would be educated?
Do you benefit directly or indirectly from our ability to stay competitive in the global market? If less of our children are educated, will their generation have an easier or harder time finding quality work? Will the society they live in be better or worse because of taxpayer subsided education?
Further, add into the formula the requirement to receive any kind of government tax credit, the student would have to give back a certain amount of community service. Would you benefit directly or indirectly from that?
Well, create a talking point for position. Use only a few sentences that come out in a way that makes people happy and hopeful. Would you vote for somebody who said in a speech "got cancer? these things happen, sorry!". Well, you might :-) But I can't see the majority doing so.
So go ahead, run on the truth of your party and get back to me! I'll bookmark this comment and you can reply once you are in office :-)
But if Obama was president when you were in college, you'd have paid less for your tuition via a larger tax credit. Then you'd be paying less in student loans right now.
These are *investments* in the future of our country. They might not have immediate benefit right now, but you have to examine if we'll all be better off after making them. If we all had less student loan debt, we'd be spending that money else ware *and* more people would be going to college thus making us more competitive in the global market. Win, win!
But your $250k person got to the position they are in now *because* of federal programs! Their schools were probably taxpayer funded, their college education was probably taxpayer subsidized and their tuition was tax credited. They were able to exploit the public highway system, use public transit, ship their cargo through public airports and seaports. They used public sewers and water. They got their energy from the public grid.
In short, they owe their wealth to the investments we taxpayers made years ago.
You can either pay for it as you climb up the ladder and then enjoy not paying for it at the top. It won't be as easy to climb this ladder, but there is a nice carrot to chew on when you get to the top.
Or, You can climb up the ladder for free and then start paying for it once you get close to the top. It is easy for anybody to try climbing, but once they get to the top they'll have to pay for the trip.
If you like the first option, vote McCain. If you like the second, vote Obama.
However, I hate to tell you that you'll have a hard time getting elected by saying that. Really, what you just said is the essence of libertarian and fiscal-conservative former-republicans. They all dance around it or distract voters with magic wands of "abortion", "dirty hippies", or "anti-American" cultural divisions, but ultimately you just summed up the Republican party in a nutshell.
There is a reason fiscal conservative republicans got married to the Palin social conservative base; it was the only way they could get enough votes to win. Every talking point, lie, or clever distraction a republican makes is just a dance to avoid what you just said. I think they all know if they were ever intellectually honest about their core values, they'd never get elected.
Do you really think the cost would go down that much by reforming our mal-practice laws? It might be a component of the cost, but I doubt all that much. I think a second component is just that people expect "all you can eat" insurance that doesn't expose them to even a fractional cost difference between two medical treatments... without being exposed to some of the cost, we'll always pick the more expensive treatment.
I assume you mean pay "out of pocket", right? This is fine to an extent (as long as I can deduct more of it on my 1040 then allowed now), but what if I get really sick? Who then pays? Especially when I'm presently un-insured and thus will no longer be able to purchase insurance?
No matter what, I dont think you can significantly reduce the cost it might take to treat something like breast cancer. You might knock the price from $50k to $40k, but $40k is a lot for somebody with no insurance. That person will be effectively screwed, and indirectly will raise your costs.
Actually, what do you think the percentage of your health care costs are a result of hospitals treating those who cannot pay? More or less then the costs from mal-practice and "all you can eat" insurance?
As a former libertarian, now democrat, I believe the smart libertarians and the fiscal conservative former-republicans will push for more regulation. The regulation they will push for is the type that ensures more transparency in corporations and the markets. How can you invest in a free market economy when you can't be sure the CEO's aren't cooking the books (i.e. enron), or the banks aren't making shady mortgage deals in the backroom?
Regulation and the free-market libertarian ideals are not incompatible. The trick is to pass the *right* kinds of regulation--those that make things as transparent as possible.
Fair enough, but answer me this.
"Poor Sick Bastard" has cancer and currently has no health insurance. Please find him an insurance company that will cover him.
Wait, you can't? What now does "Poor Sick Bastard" do? If you said "go to the ER when he has complications", you'd be correct.
Now "Poor Sick Bastard" has $10k in medical expenses. Who pays for those?
If you said "Poor Sick Bastard", what if he cannot pay and goes bankrupt, as many do? Who then pays? Well, the hospital gets the shaft, right?
Now the hospital is stuck with the bad debt from hundreds of "Poor Sick Bastards". What do they do? That's right, raise their prices!
The hospital just raised their prices. Guess what, now it costs your insurance company more money. What does the insurance company do? Thats right, raise their premiums!!
So you just, abit indirectly, paid for Poor Sick Bastard. In the process, "Poor Sick Bastard" not only cost your insurer and everybody else the original $10k but he also probably racked up like $5k in legal fees too.
Which do you think costs less? Providing a "insurance company of default" that draws from a large, federal insurance pool using taxpayer money or having every insurance company raise their premium instead?