shahine.com/omar/

I have to say, what an amazing world we live in. This post is the first time I’ve connected to the internet without my feet touching the earth.

It was less than 10 years ago that I surfed the web for the first time without a modem or Ethernet cable via Wifi.

It was less than 10 years ago that I surfed the web on my phone at broadband speeds.

Now I I am sitting on a plane with my laptop connected to the internet and powered via the supplied in-seat power.

Sometimes I have to pinch myself.

Thanks Virgin America.

A long time ago, when I started tinkering with coding in C#, I got to know Adam Sheppard. Adam was working on MSN Spaces at the time and was interested in finding a blogging solution he could use for an internal blog he was going to start. I got him set up with dasBlog and that’s when I learned about the Shep Report. The Shep Report was an internal newsletter that Adam wrote and sent around to a DL he created. I was pretty amazed with the membership of this DL (it has some pretty senior folks at Microsoft). So of course I subscribed.

The Shep Report was always packed with interesting things happening in social media and other web trends. I really looked forward to it even though it had a sporadic publication schedule.

Well Adam eventually left the MSN Spaces team to go on and become one of the founding members of Microsoft Live Labs and specifically Photosynth. I got to hang out with Adam at two different ETech conferences and I always enjoyed talking to him about technology and Microsoft.

Adam left Microsoft a few months ago, and started a new R&D lab in Seattle called 8ninths (which refers to the unexposed, hidden percentage of an iceberg). Clever name.

Anyway, I’m writing this because they started to put out a bi-monthly newsletter, which is very similar to the good old Shep Report I looked forward to receiving at Microsoft (it’s now called "Deep Dive”). They just sent out their second issue and as usual it’s a great read (they cover Qik, the Obama Campaign, MTV, Angels & Demons and more).

Click here to subscribe.

Over the past few months I’ve been thinking A LOT about passwords and how broken the Internet is right now with respect to authentication. Expect a number of posts over the next few weeks about my thoughts on the matter (timely since this NYT piece came out this past weekend).

For the record, I have over 266 unique passwords for websites and currently use RoboForm to manage them all (I actually ran RoboForm for over a year so that I could capture every site I entered credentials into). I would like a solution that roams with me, but Dual Factor authentication and strong password reset mechanisms are a requirement.

Why is VeriSign’s role here important? For one thing, they have a fairly important role in how the Internet runs and have a distinguished history with respect to Internet security technology.

I’ve been playing around with VeriSign Personal Identity Portal (PIP) the last few days. VeriSign PIP is an OpenID provider with a number of novel features that make it far and away the best OpenID provider out there.

They support:

1. OpenID 2.0
2. SSL Client Certificates for authentication
3. VeriSign Identity Protection (VIP) security key products for dual-factor authentication
4. Information Cards
5. OneClick Sign-in access for over 80 popular websites (like Facebook, Google, Windows Live)

Item #5 competes directly with PassPack, which is a cool web based service for storing your usernames and passwords (secured by a password and a “packing key”). I haven’t moved over to them yet because I’m taking my time to understand the options out there.

VeriSign takes a similar approach to PassPack in that to get to your data you:

1. Login using your username and password or Information Card
2. Optionally enter your Security Code (if you don’t have your FOB you can fallback to SMS)
3. Use your encryption key to “unlock” your OneClick passwords.

This all seems good. It's important to note that all your username and password credentials for OneClick are encrypted using a key that only you know. If you lose this key, or someone managed to get access to your account, they will NOT be able to get to your OneClick passwords unless they also know this key. There is no mechanism to "reset" this key. If you lose it, then you lose all your passwords and need to start over.

This is why I believe that in the long run OpenID is far better than anything that has been proposed. For one thing OpenID is flexible enough to support multiple authentication mechanisms like Information Cards, Dual factor authentication, SSL certificates and are now backed by a number of big players in technology (Google, Microsoft, etc).

IMHO one of the best features of OpenID is that you are not generating some random password (or worse giving the same password you use on every website) and handing over to a stranger who for all you know doesn’t encrypt or secure your identity.

While there is still a long ways to go, I consider this progress. VeriSign’s product is something my family can understand and use.

I spend a lot of time searching boutique web forums finding the answers to obscure questions.

It's a bit like searching the internet before there was Google (painful).

Enter Twing.

Pretty awesome.

[via lifehacker]

As I mentioned a few days ago Comcast said they would upgrade me to Blast by the 29th of Feb.

A Picture says a thousand words:

Before

After

note: at first I didn't see this upload speed. It turned out that the Gamerfuel setting on my D-Link DGL-4100 was restricting my upload speed. I fixed that by manually setting my upload speed: