Present Perfect

With the right amount of suspension of disbelief, Metal Gear Solid 4 is - again - totally awesome.

I finished the first section, and the game is telling me "It's past 1:00 AM, isn't it time to take a break ?"

This game, as usual, nails all the details - though the dialogue is still annoyingly out of flow. But it didn't take me long to invest in my favourite shooting weapon - a sniper rifle with a laser scope.

With the right amount of suspension of disbelief, Metal Gear Solid 4 is - again - totally awesome. I finished the first section, and the game is telling me "It's...

I remember being really enthusiastic about OpenID when I first learnt about it. I remember trying it out and, as many, being disappointed at the practical use (nobody was supporting it) but hopeful about the idea. I tried it out a bunch of times later, but today I'm still not really using it. I saw an excellent presentation by Simon Willison at Europython last year, but I'm still not using it.

And the reason, at least for the past year, is that I do not know whether the basic model is secure or not. I've read lots of pro and con posts, and it's gone so technical I don't know who to trust.

If I think about it logically myself, I'd say that I don't see the difference between the OpenID phishing scenario and the Paypal/bank phishing scenario:

• Some site uses OpenID and I want to log in
• said site redirects me instead to a fake site, that looks the same as my real site (either because I use a popular one, or because it actually connects to my real site and presents the same page)
• Any authentication information I enter on this phishing site is thus known to the phisher

I seem to extract from all I've read before that there is a general consensus that this is a real threat, and that OpenID people feel this is not the problem they should be solving - that it is up to OpenID providers to solve this.

But if I were to put online a website that uses OpenID and handwaves phishing problems away to the providers, while simultaneously allowing all OpenID providers, I'd feel bad about teaching my users that it's fine to follow OpenID links and type in passwords.

So, homework for today - can someone tell me in simple terms:

1. if there is something wrong with my simple interpretation of the phishing problem, or if it is in fact real ?
2. What I should be doing if I were to create a website that wants to use OpenID, and I actually care about my users ?

Too much of all of this discussion around OpenID focuses around whether or not it's OpenID's job to solve this problem, whether it is insecure, whether it promotes phishing, and so on. But none of the discussion focuses on what you should actually *do* when you care about making it easy for people to use your site while keeping security good enough.

Someone smart on the topic care to tell me what I should be doing as a website maker, and as a potential OpenID user on other websites ?

I remember being really enthusiastic about OpenID when I first learnt about it. I remember trying it out and, as many, being disappointed at the practical use (nobody was supporting...

I don't ask enough programming questions, so here goes one.

I have a glade file with a vtable with 3 rows, and each row contains another table, with 2 columns and a bunch of rows. It shows key-value pairs. I've put them in a table so that I can hide table #2 or table #3 in certain conditions.

Now, the second column of each of these tables is not aligned with the other second columns of these tables. Instead, I would like to follow the HIG and "Minimize the number of alignment points in your window" the way is done in this example with "General" and "Action" lining up, or the top 4 dropdown/entry boxes and the icon entry box.

Anyone know how to do this while still allowing me to have 3 separate tables to group my key/values ?

Update: somehow I forgot about GtkSizeGroup (shows me right for hacking at 7 in the morning) and people put me in my place. So, it doesn't look like glade-2 supports this. Anyone know why ? Do I need to write code to read my glade file and put each label in the size group ?

I don't ask enough programming questions, so here goes one. I have a glade file with a vtable with 3 rows, and each row contains another table, with 2 columns...

Once in a while I add a new comic of sorts to my BlogLines. It has the huge (dis)advantage of having a big backlog of fun stuff to read through - case in point, a letter to Apple. I'm lucky my lack of drunkenness in general has saved me from being able to relate to this particular post.

Update: or this. Joey Cameau is going to be my new hero.

Update 2: or this one, a more effective anti-RIAA post than anything I've ever seen. 3 in a row - I have to stop reading.

Once in a while I add a new comic of sorts to my BlogLines. It has the huge (dis)advantage of having a big backlog of fun stuff to read through...

on some old slashdot headlines - I never make any more time for this these days.

But this snippet (from this article) was awesome to read:

Marlin says that that CoreCodec has established a new internal process for handling intellectual property issues so that they won't improperly use the DMCA again in the future. CoreCodec will also be assisting Nisota with his ongoing development efforts to ensure that coreavc-for-linux users can continue buying and using the CoreAVC codec. In the long-term CoreCodec also hopes to release a GStreamer-based CoreAVC codec so that they can officially support Linux users.

Or to put it in Catherine Wheel terms - I've finally arrived. It's awesome to see codec companies equate "officially supporting Linux users" with "release a GStreamer codec".

on some old slashdot headlines - I never make any more time for this these days. But this snippet (from this article) was awesome to read: Marlin says that that...