A Rant about Openness

It is interesting to see that a bunch of open source projects written on and for the Microsoft platform grows and grows, and also nice to see that a lot of Microsoft employees are very active and aware of the open source ecosystem, rather than being stuck with only what the company makes. Phil Haack, in a post about an interview to Brad Wilson,  wisely writes:

"[…] What I particularly liked about this post was the insight Brad provides on the diverse views of open source outside and inside of Microsoft as well as his own personal experience contributing to many OSS projects. It's hard for some to believe, but there are developers internal to Microsoft who like and contribute to various open source projects. […]"

In fact, being made by Microsoft people or not, the list of open source software on CodePlex keeps growing too. Mentioning CodePlex and interviews, another interesting one is that of Sara Ford, Program Manager for CodePlex posted on Microspotting. But Microspotting is awesome in general. My favorite quote by her:

"[…] Hey. My name is Ariel and I'm the person you thought would never work at MSFT […]".

In fact, just as I do, she is running that blog on WordPress, posting her photos on Flickr, using a RSS feed on Feedburner and in general using a bunch of things that are out there that might be seen as "competing" with what Microsoft makes. In fact, this attitude towards other products and vendors on the market is what I am mainly interested in. Should we only use flagship products? Sure, when they help us, but not necessarily. Who cares? People's blogs are not, as someone would like them to be, a coordinated marketing effort. This is about real people, real geeks, who just want to share and communicate personal ideas and thoughts. I had a blog before being at Microsoft, after all. Obviously I had exposure to competing products. My server was running LAMP on Novell Netware in 2002 – after which I moved it to Linux. It is not a big deal. And if I try to put things in perspective, in fact, this is turning out to be an advantage. I am saying this, as the latest news about interoperability comes from MMS (Microsoft Management Summit): and that is the announcement that System Center Operations Manager will monitor Linux natively. I find this to be extremely exciting, and a step in the right direction… to say it all I am LOVING this!!! But at the same time I see some other colleagues in technical support that are worrying and being scared by this – "if we do monitor Linux and Unix, we are supposed to have at least some knowledge on those systems", they are asking. Right. We probably do. At the moment there are probably only a limited number of people that actually can do that, at least in my division. But this is because in the past they must have sacrificed their own curiosity to become "experts" in some very narrow and "specialized" thing. Here we go. On the opposite, I kept using Linux – even when other "old school" employees would call me names. All of a sudden, someone else realizes my advantage.  …but a lot of geeks already understood the power of exploration, and won't stop defining people by easy labels. Another cool quote I read the other day is what Jimmy Schementi has written in his Flickr profile:

"[…] I try to do everything, and sometimes I get lucky and get good at something […]".

Reading on his blog it looks like he also gave up on trying to write a Twitter plugin for MSNLive Messenger (or maybe he never tried, but at least I wanted to do that, instead) and wrote it for Pidgin instead.  Why did he do that ? I don't know, I suppose because it was quicker/easier – and there were API's and code samples to start from.

The bottom line, for me, is that geeks are interested in figuring out cool things (no matter what language or technology they use) and eventually communicating them. They tend to be pioneers of technologies. They try out new stuff. Open Source development is a lot about agility and "trying out" new things. Another passage of Brad's interview says:

"[…] That's true–the open source projects I contribute to tend to be the "by developer, for developer" kind, although I also consume things that are less about development […] Like one tool that I've used forever is the GIMP graphics editor, which I love a lot".

That holds true, when you consider that a lot of these things are not really mainstream. Tools made "by developer, for developer" are usually a sort of experimental ground. Like Twitter. Every geek is talking about Twitter these days, but you can't really say that it is mainstream. Twitter has quite a bunch of interesting aspects, though, and that's why geeks are on it. Twitter lets me keep up-to-date quicker and better (and with a personal, conversational touch) even better than RSS feeds and blogs do. Also, there are a lot of Microsofties on Twitter. And the cool thing is that yo can really talk to everybody, at any level. Not just everybody "gets" blogs, social networks, and microblogging. Of course you cannot expect everybody to be on top of the tech news, or use experimental technologies. So in a way stuff like Twitter is "by geeks, for geeks" (not really just for developers – there's a lot of "media" people on Twitter). Pretty much in the same way, a lot of people I work with (at direct contact, everyday) only found out about LinkedIN during this year (2008!). I joined Orkut and LinkedIN in 2004. Orkut was in private beta, back then. A lot of this stuff never becomes mainstream, some does. But it is cool to discover it when it gets born. How long did it take for Social Networking to become mainstream? So long that when it is mainstream for others, I have seen it for so long that I am even getting tired of it.

For some reason, geeks love to be pioneers. This is well expressed in a digression by Chris Pratley:

"[…] some of them we will be putting out on officelabs.com for the general public (you folks!) to try so we can understand how "normal" people would use these tools. Now of course, as we bloggers and blog-readers know, we're not actually normal – you could even debate whether the blogosphere is more warped than the set of Microsoft employees, who comprise an interesting cross-section of job types, experiences, and cultures. But I digress. […]"

But I have been digressing, too, all along. As usual.

Using Live ID to authenticate to WordPress

Yesterday I've been hacking a bit with the Windows Live ID SDK and I wrote a very small and simple plugin for WordPress that enables you to login in to WordPress with your passport Live ID.
I had read in various places that such a plugin would be welcome… I looked around and found none yet (if anyone has instead already written something like this and I missed it I will happily waste the simple stuff I did for something more advanced/well written… just let me know :-)).
I took a look at a similar experiment, and eventually even found that there is some conceptually similar plugin written to work with OpenID. The wordpress openid plugin is much more complex and much more advanced than what I did, tough. It will let you log in with just ANY OpenID user, it will automatically create a user for you on that wordpress installation and associate it with your ID, even just for the purpose of commenting, etc.

But in my blog I don't require or need people to actually log in to do anything. I actually like anonymous/free comment. A CAPTCHA takes care of spammers and I am fine with it so far. Probably for a big site with a lot of users it might make sense, but for my blog so far it doesn't. But there's one thing for which this is instead useful: I have always been worried, when logging in through HTTP (thus, without SSL) to my blog from networks I don't manage or completely trust, that my password could be sniffed over the wire and stolen. Live ID solves my problem by letting Microsoft validate my identity: I have associated my Live ID to the blog's main user account(=myself), the one writing this post. So the plugin in its current form is used as a replacement of the login form (the standard wp-login.php wordpress form CAN still be used if you like, of course, you just don't HAVE to. Also the use of xmlrpc will still require local user/pwd combination.). Anyway, this new form will authenticate you thorugh Live ID and then check if your Live ID is associated to any local user. If it is, it will log you on to wordpress with that account. Otherwise it will inform you that you are successfully logged on to passport Live, but unfortunately there is no corresponding local account for you, and that it would need to be set up. Setting it up is as difficult as adding a line to the database… probably adding a form or a property page would be nice, but in my case I just did it with a query:

INSERT INTO `wordpress`.`wp-usermeta` (
`umeta_id` ,
`user_id` ,
`meta_key` ,
NULL , '1', 'LiveID', 'f11fa1d3e82c68776f94a3a5c459b70b'

which adds an extra "property" for the first user (admin) called 'LiveID' which contains your Live ID (the one above is not my real one, in case you were wondering). When you are authenticated by LiveID and you get back this value, the plugin checks in this table which WordPress userid in the database has been associated with this Live ID and – if it finds one – it authenticates you as that user. Of course you should not have duplicates.

My code is mostly based on the SDK PHP Sample, with some modification to integrate it in WordPress as a plugin. Of course I removed the file that is used as "user database" and used wordpress DB instead.

There's a ton of things that could be improved. I just did not put any more effort and time in it. As you might know if you read this blog, I am not a full time developer. Actually I shouldn't write code at all for work and I am mainly considered an "infrastructure" guy. Anyway, I would like to code more and even if I am not supposed to, I always try to find stimulating situations that require a bit of integration, thinking out of the box, some scripting, etc…

[updated: november 3rd 2007] You can download the sample plugin "AS-IS" here: liveauth.zip . This has only been tested and only works with WordPress 2.3.x serie (but should also work with earlier versions – not tested)

[updated: march 30th 2008] WordPress 2.5 has changed the way the authentication cookie is generated, therefore here is an updated version of the plugin that works with the new secure cookies: liveauth02.zip
I should really invest some more time in this and clear up the code. I should also make an interface to make the configuration easier, and maybe make a version that works on both 2.3 and 2.5 branches. I am not sure when I will have time for that, though…

[updated: april 20th 2008] I have released version 0.3c of the plugin which now finally includes a simple configuration page, and should work on both WordPress 2.3 (and older) and on the 2.5 brach. Please visit the new Windows Live ID Authentication WordPress Plugin Page.

The information in this weblog is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my own personal opinion. All code samples are provided "AS IS" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Windows Live ID Web Authentication 1.0 SDK !

Check this out:

Windows Live ID Team has published on the web the SDK that lets you liveID (or "passport")-enable your applications!


There are even code samples in six different languages: C#, Java, PHP, Python, Ruby e Perl! You can download them from http://go.microsoft.com/fwlink/?LinkId=91761

Wow! Having time, it would be cool to write a WordPress plugin using Passport authentication to authenticate/identify users that want to comment… mumble mumble….. 🙂

Interoperability. Wow.

More info at the Live ID starting Page: http://dev.live.com/blogs/liveid/archive/2006/05/18/8.aspx