On the heels of Microsoft's announcement that it will support OpenID in CardSpace , AOL has become the latest major player to support OpenID . "Every AOL/AIM user now has at least one OpenID URI". This is big news. We made the decision to use OpenID as the sole authentication mechanism on a product we...
OpenID, which describes itself as "an open, decentralized, free framework for user-centric digital identity", has been gaining momentum and getting press in the Identity 2.0 space. The fundamental idea of OpenID is that a URI is necessarily unique and thus a good way to identify users. If you say you...
Raymond reminds us that there is no "Copy" access mask because copying is not a fundamental file operation . Copying a file is just reading it into memory and then writing it out. Once the bytes come off the disk, the file system has no control any more over what the user does with them. Something to...
Back at the PDC, I mentioned that Microsoft chose JSON over XML in Atlas, its AJAX framework. The debate has reared its head again recently, prompted largely by Tim Bray's post . Tim says that JSON is great for its single intended purpose, "to put structs on the wire." Dare, who used to work on the XML...
Michael Sutton looks at the prevalence of SQL injection vulnerabilities ( via Bruce Schneier ). He tested 708 different servers and found verbose SQL errors on 80 of them (11.3%) - numbers that are not, as Michael says, surprising but are certainly sobering. Michael acknowledges that his method is imperfect...