billso.com

From the New York Times: Spring announced another quarterly loss today of 18 cents a share or US$505 million. The news is bad, as it looks like the mobile telecom is losing some of its biggest customers:

In the first quarter, the company lost 1.1 million subscribers; the total number dropped to 52.8 million.

Analysts do not seem spooked, although Sprint’s CEO is considering a sale of Nextel. The recently announced Clearwire joint venture may help prospects in the near-term, but not right now.

Related posts on billso.com

• 8 May 2008: Google bets big on Sprint and Clearwire’s WiMAX venture
• 6 May 2008: T-Mobile’s parent may buy Sprint
• 22 February 2008: Customer lock-in
• 20 January 2008: Nokia, Sprint announce layoffs
• 27 August 2007: Wireless providers gird themselves for battle
• 14 June 2007: Clearwire signs WiMax deal with DirecTV, EchoStar
• 5 February 2007: Wireless from the inside out

From Reuters and today’s New York Times: financier Carl Icahn may start a proxy fight to force Yahoo into Microsoft’s arms.

Related posts on billso.com

• 5 May 2008: Microsoft gives up on Yahoo - for now
• 30 April 2008: Microsoft-Yahoo deal possible in the next few days
• 18 April 2008: Antitrust regulators would fight a Yahoo-Google combination
• 5 April 2008: Microsoft’s offer for Yahoo may disappear
• 17 February 2008: Shareholders may bring Microsoft and Yahoo together
• 4 February 2008: Microsoft acquistion of Yahoo faces roadblocks
• 1 February 2008: Microsoft makes offer for Yahoo
• 25 January 2008: Oracle, BEA and middleware

There are some great hotel deals available if you’re interested in visiting the state of Hawaii this summer. Check this article in Go Visit Hawaii for some details. Airfares are still high, and visitors should avoid the unlicensed condos and apartments that are advertised on the Internet. They don’t pay occupancy taxes, and there’s little recourse if something goes wrong during your stay - or if the county closes down your destination after you paid a deposit. BnBCoalition.com has some excellent information on how to find legal vacation rentals in Hawaii.

The mobile phone is an excellent device for two-factor authentication. Most Internet users already have a mobile phone. A user might not notice that they’ve lost a dongle. security token or smartcard. That’s one reason adoption has been difficult for multifactor authentication schemes.

JanRain announced on 9 May 2008 that it is launching a phone-based multifactor authentication service, CallVerifID, that works with its myOpenID service.

The phone verification service lets a user designate a specific phone number that JanRain’s partner, PhoneFactor, will call when their username requires verification. The user can press the pound (#) key on the phone to confirm the login, or use the incoming call to report that their username has been compromised.

Users can designate a mobile or landline number for their verification calls by setting up their myOpenID account preferences with the appropriate number.

The system isn’t perfect. Someone could still learn the users OpenID URL and passphrase, and arrange to intercept the confirmation phone call somehow. This might take a greater level of physical access than stealing a security key or snooping a keyboard. The call verification system could easily be improved by asking the user to enter or speak a second passphrase on the phone.

As Chris Messina pointed out in December 2007, several large Internet content companies have announced that they will support OpenID. Their implementation has been delayed. for several reasons, including branding, although ma.gnolia finally came through in March 2008.

CallVerifID is more evidence that OpenID can become a trusted authentication platform for content and blogging sites, and perhaps for e-commerce sites as well.

See CenterNetworks and Mashable and for more details.

Mobile phone image courtesy of besto-Baker on Flickr, through a Creative Commons license.

Related posts on billso.com

• 10 May 2008: Why use OpenID?
• 30 April 2008: Updating WP-OpenID to support ID Selector

There are plenty of great free software applications and services available on the Web.

In some cases, payment removes advertising and enables more features. Some require a subscription or a one-time payment.Sometimes the payment is merely a donation to a one-man operation that wrote the code.

Here’s a few quick lists of what I’m using, inspired by this discussion on Weblog Tools Collection:

Keep in mind that my recommendations are for the consumer or individual versions of each service. Some products are available in corporate or enterprise versions for a fee.

Free software and services that I would pay for, along with links to each service’s “about” or home page:

• Craigslist, if only to get the spam and junk postings off the classified portion of the service.
• del.icio.us, my second favorite social bookmarking service. I’m waiting to see what happens to Yahoo, the company that owns del.icio.us and also owns my next choice..
• Flickr, for the Pro account features.
• Google Earth, to get enhanced features on the Mac application.
• MacUpdate, for enhanced features on this Mac software update service.
• PayPal, so I could have a business account.
• Skype, for unlimited calling.
• StumbleUpon, my favorite social bookmarking service, to get some extra features as a sponsor.
• TextEdit, my favorite text editor for Windows.

Here’s a list of free software and services that I wouldn’t pay to use, because the ROI just isn’t that great:

• avast, my favorite virus scanner for Windows and Mac.
• Firefox, the best web browser for the Mac and Windows.
• Gmail, because the keep adding more storage space to my free accounts anyway.
• Twitter, a microblogging service that supports SMS and a variety of web and software clients
• Twitterific, a Mac twitter client. I can live with the occasional ad.
• WinZip and other file compression programs.
• WordPress, the software I use to run the billso.com web site. It’s fabulous, free, and there’s no real reason to pay for it. Many WordPress developers earn consulting income from clients who need

Universal Music Group has announced its deal with Qtrax for free music downloads. See these reports from the Associated Press and Engadget. UMG is the first of the major recording labels to reach such an accord.

Back on 27 January 2008, I published a billso.com story about the Qtrax free music download service. Qtrax intends to earn advertising revenue from its P2P web site and software.

Of course, Qtrax hasn’t released any Mac software yet. There’s a beta version available for Windows users. The Qtrax browser is based on Mozilla, and it sounds vaguely like Flock.

Sometimes it takes a few months to work out all the pesky details.

I recently implemented OpenID on billso.com. OpenID is a single sign-on (SSO) system that lets web users log on to multiple sites with the same username and password. SSO support is becoming a key success factor for social networking and social media web sites, as new users struggle to manage a growing number of passwords.

With OpenID, no one needs to apply for a user account on billso.com. They can use their username and credentials from another site to join billso.com, or to post a comment on a billso.com article.

Kyle Neath posted a long rant about OpenID yesterday. He won’t be implementing OpenID on his site because he thinks the system too confusing for users. I don’t think OpenID is that difficult to understand - here are two brief explanations from OpenID.net and Wikipedia.

Phishing phears

Kyle’s concerned that phishers might target OpenID users, and he uses PayPal as an example. That site has become a primary target for phishing attacks.

OpenID does have an identity system that lets an authorized user revoke their OpenID as a last resort. Anyone who uses an OpenID should select a strong passphrase, as I described in this billso.com article from 24 Aprill 2008. OpenID can also add multifactor authentication to their service. Checking a user’s location, or asking for a token or passphrase that only the user should have, in addition to the regular passphrase, would provide a strong defense against phishers. Virtual keyboards and other systems could also be used, as I described in this billso.com article from 17 April 2008.

The provider’s burden

I understand some of Kyle’s points. Any web site that implements OpenID for SSO could also become a provider of OpenIDs. I decided not to do this right from the start. I don’t want to provide perpetual support users who request a billso.com OpenID username. There is a system that lets departing OpenID providers delegate their users to another provider.

On 30 April 2008, I posted some programming code that lets a popular WordPress OpenID plugin use JanRain’s ID Selector tool. There are several providers of OpenIDs that can carry the long-term burden of maintaining these accounts, including VeriSign, AOL, Google, Flickr, and WordPress.com.

Universities could become OpenID providers. It makes sense to give students and employees access to a global SSO system, as long as schools are willing to provide stable, permanent usernames for their stakeholders.

Users can also purchase a personal identity domain for around US$10 a year and get a personalized OpenID URL.

Related posts from billso.com

• 30 April 2008: Updating WP-OpenID to support ID Selector
• 24 April 2008: Change that password into a passphrase
• 17 April 2008: Virtual keyboards and monitoring software foil keystroke loggers
• 12 April 2008: Finding business contacts and passwords on the Internet
• 14 March 2008: Social media in action
• 2 July 2007: CXOs face malware email attacks
• 11 January 2007: How to create a secure password