Home

Drupal

My DrupalCon San Fransciso session: Grok Drupal (7) Theming

19 February 2010 - 8:50am | Laura Scott
Drupal theming is incredibly powerful, flexible, dynamic and granular, but it can be a bit of a challenge to understand without knowing the fundamentals.

The Way Drupal Theming Was

When I started Drupal theming in 2004, it was all a bit overwhelming. Back then, the core theme engine was something called Xtemplate, and it gave the impression to the n00b themer of being a great big mess. When you looked at the page template, it was one big blob of markup and logic, and it was very hard to figure out to change just about anything. What's more, it seemed to be very brittle: change something and you got the white screen of death.

And thus life was for the themer through Drupal 4.5 and the beginnings of 4.6.

New Drupal Theming Power

Then, in 2005, came the PHPTemplate theme engine, thanks to Adrian Rossouw (now with Development Seed), and the heavens opened up.

Suddenly (well, not suddenly, as it took a lot of work) Drupal templating had a structural logic: a nested system that simplified the clutter, gave us defined variables to work with, and provided the basis for extending the system. This was really really cool — so cool that it immediately became the theme engine of choise, and, with Drupal 4.7, it became the theme engine for Drupal core.

I was so excited about it, I did my first Drupal conference presentation on it, at OSCMS 2007 at the Yahoo! campus in Sunnyvale. (It was part of a larger topic of overriding display upon which I collaborated with Greg Knaddison and Ezra Barnett Gildesgame, now of Growing Venture Solutions. The PDF of my slides are available here, though they're pretty outdated now.)

Since then the Drupal theming system has evolved and improved. There are a lot of nifty techniques, tricks, best practices that are available to the themer. What's essential is having a good understanding of the underlying architecture, because that's how you can figure out where to look, how to go about making the changes you want to make the theme yours.

No PHP knowledge is required ... beyond knowing not to muck with what's between the <?PHP ... ?> tags. Of course, knowing some PHP can help. But you can also pick up the basics as you go, if you want to delve into the coded bits.

Learning Drupal Theming in 2010

My session proposed for DrupalCon SF on Drupal theming basics brings a comprehensive look at the Drupal theming system and how the front-end developer new to Drupal can take charge of the output by taking advantage of what Drupal gives you.

You won't come out an expert — that would be a ridiculous promise — but you will come out able to start rocking your own themes. You will have a solid understanding how the Drupal theme is structured, how the various templates work together, how to define regions, how to add your own targeted CSS files and scripts, use of subthemes, some good base themes to work from, how to do custom overrides of obscure, quirky or persnickety output using preprocess ... and you'll grok theming in such a way that even if you don't know how to do something, you'll know how to go about figuring it out, where to look, what to change, etc.

And because we're about to enter the age of Drupal 7, this presentation will be about these things for Drupal 7 (with some notes on how things have changed from Drupal 6). So this session could also be of interest to the experienced Drupal themer who hasn't had a chance to delve much into Drupal 7 yet.

Session voting is now open for DrupalCon SF, so if you think this session sounds helpful to you, or would be of use to the several hundred people new to Drupal who are expected to attend, please vote for my session, "Grok Drupal (7) Theming".

Thanks!

Related: 
OSCMS theming presentation: request for input
Tags:
| Permalink

Say hello to the Open Source Decade

27 December 2009 - 7:14pm | Laura Scott
XKCD

Comic: XKCD #225.

Open Source has been around for quite some time, but odds are most people you ask won't know what "open source" is. This isn't because open source is obscure, but rather it has slipped into the mainstream, and unless you're already in the know, there's no real reason you will have noticed it.

But open source is here, and it's growing.

Linux maximus

Linux was written by Linus Torvalds in 1991. Linux itself was based on earlier incomplete kernels that themselves were available for reworking and building upon. When Torvalds licensed Linux under the GNU public license, there was mostly scoffing in the media, with a small minority of voices predicting widespread growth in the future. Now a majority of web servers worldwide are running Linux (see Wikipedia, above), and Linux dominates the supercomputer market and adoption in high-end special effects houses in Hollywood. Linux also powers auto electronics, weapons systems, and an increasing number of desktop, laptop and netbook computers.

My prediction: Linux distros will continue to gain desktop and laptop popularity as they develop more usability and visual style improvements. Ultimately, though, it will take hardware driver maker support (or replacement) to create the happy turn-on-and-use experience most non-geeks want out of a computer. Usability is a hard thing to design by committee, but once it starts kicking in, I don't see much of anything holding Linux back. (And no, I don't see computers going away altogether. The cloud is nice, but with all that local processing power there is a great opportunity for cooler, better apps that can leverage that cloud far better than a generic browser. [Not to mention privacy and security concerns that will always hound an open network.] I may be way off on this one, but I don't think so.)

Firefox burns

Last week Firefox 3.5 became the world's #1 browser release, edging out Internet Explorer 7. Of course, when you add in Internet Explorer 8 and the dead-but-not-buried Internet Explorer 6, Microsoft still holds the largest market share. Still, as ZDNet's Paula Rooney notes, open source has been putting the squeeze on IE.

The days of Internet Explorer’s dominance appear to be waning. Of course, Microsoft’s Windows operating system monopoly still owns the market, but we’re not sure how long that will matter, especially as software-as-a-service models take off and Google’s web-focused operating system is prepped for release.

As Microsoft’s grip on the browser market loosens, opportunities for open source rivals are blossoming. It will be interesting to see which of the two top open source browsers benefits most in 2009 [sic].

My prediction: Indeed, 2010 will be interesting for the browser market. Firefox will continue to grow, but Google Chrome, especially with Google's banner ad-driven marketing push, could be #1 by 2011, pushing IE8 and IE9 out of any hope for the #1 release spot. And this will be huge as webapps and software-as-a-service continue to take up more of the usage market from desktop apps. In fact, this latter development will push Microsoft hard to fall in line with web standards and fight to keep up with the far larger open source development communities of its browser competitors.

Android joy

Android is the open source (Linux-based) operating system for handhelds that is powering a small but growing number of smart phones, including the Motorola Droid and the new Google Phone that was given to Google employees as a holiday gift. Forrester predicts Android smartphones will have 10% market share by end of 2010. I would be surprised if it's not more. (Want a Droid? I do!)

Katherine Noyes of LinuxInsider writes:

As for Linux Girl's hopes and predictions? Her eyes are on netbooks, Android and other portable devices as the area where Linux will continue to gain major ground.

The masses are getting used to Linux whether they realize it or not, even as the desktop begins to slowly fade away. Forget the Year of Linux on the Desktop, and get ready for the Year of Linux in Consumers' Hands! Can't ask for much more than that.

My prediction: Android phones will have the buzz at end of 2010. By 2020, Android will be around in some form, morphed to suit whatever devices people are using then, but I have no idea if Apple will be still rocking then. Maybe the iPhone will be seen only in museums?

Open but less known

Drupal drops up

Drupal has been around for almost 10 years, but this past year saw increasing adoption by high profile sites and government agencies including WhiteHouse.gov.

And Drupal is not alone in the open source CMS market. See Dee-Ann Leblanc on what's coming for Open Source CMSs in 2010.

My prediction: With the new Drupal 7 coming just around the corner, expect to see another spike in Drupal buzz and Drupal usage. And with the new features and structures in place, also expect the Drupal market to change in very interesting ways. (N.B.: [BlogHer.com, where I first posted this] has been running Drupal since 2006.)

MySQL is your SQL

This database that powers so many apps you can't even begin to count
CIO's Nancy Weil predicts that Oracle will make the open source MySQL database system a core part of its Unbreakable Linux package.

My prediction: If Oracle tries to clamp down on MySQL, one or two other open source database projects — including a new or existing fork of MySQL — will emerge and come to a rising market share within a year.

Inscape and Blender and GIMP (oh my!)

Open source design programs are just getting better. Inkscape does a lot what Adobe Illustrator does. GIMP is an open source photo manipulation program that will do what most people use Adobe Photoshop for. Blender is a respectable open source 3D animation program. These applications are not new, but I expect their use to only increase as they continue to evolve.

My prediction: Expect the predicted Adobe CS5 release in 2010, and its predictable (high) pricing, to drive more buzz and market to these open source alternatives. But Blender will need a high profile adopter to get similar buzz.

Open Office market not so micro

Open Office is the open source desktop software suite that comes close to replacing Microsoft Word, Excel and Powerpoint. It's not perfect, but can fit the bill if you're finding Microsoft Office's pricing a bit too dear.

My prediction: Open Office will continue to eek out minor gains in the private user market, but will struggle to convince conservative and under-budgeted IT managers in corporations and government agencies to adopt a new, unfamiliar product. However, 10 years from now....? A lot can happen in 10 years.

Why oh why is open source so popular?

While open source software — or at least the most successful examples of open source software — is free, I don't think that's why this will be the open source decade. Rather, it's that open source is open.

Cost does come into play, but indirectly ... on the supplier side. Open source is disrupting many markets where scarcity enforced by proprietary software licenses drove up costs. With the commons competing in development, that scarcity is challenged, effectively driving down those nice profit margins that made people like Bill Gates rich.

And if there's interest to take it into a new direction, there's nothing to stop them. Forks happen.

So as long as there's community interest (read: demand) for the product, it's not going to die. This software is not going to disappear unless people stop being interested in using it.

For example, just because Android was primarily developed by Google, it doesn't mean Android is dependent upon Google to continue to evolve. On the contrary. Just because Drupal was created by Dries Buytaert doesn't mean that, if Dries decides to quit software and go do pottery in Bali, Drupal will crumble. The Linux industry has grown way beyond the origination by Linus Torvalds or its corporate distribution by Red Hat.

What does this mean to you? Nothing, if you want to ignore it. But if you are paying attention, it could mean opportunities.

As a consumer, it might influence your buying decisions. For example, I would be much more comfortable buying an Android phone than a phone powered by Windows. I had lived for over a year with a Palm 700P, which ran the proprietary Palm OS, which was outmoded and little supported. I have no idea whether Palm will be around much longer, so I don't know if I would consider a Palm anything unless it was at least running an open sourced (and well supported) OS. Buy an Android phone and odds are you will be able to continue to buy phones in the future running Android, with the same familiar interface (albeit always improving). No company is going to EOL Android. No company can.

As an entrepreneur, open source might present a business opportunity. What? Without proprietary software? How is that possible? Well, let's look at other industries. Plumbing is essentially open source. There are no big secrets, just acquired know-how that comes from doing the work. And yet plumbers have businesses in every town with plumbing. Law is open source. The law is there for all to see. But if you learn it sufficiently, you can build a practice into a lucrative career.

In other words, business does not require secrets.

This doesn't mean that all proprietary softwares are going away. Not at all. But I do expect that in 10 years most people will have a pretty good idea what open source means to them, or at least will be pretty big consumers of open source products.

Mark my words.

This was posted on BlogHer.

Tags:
| Permalink

Web designers and developers, take the A List Apart survey

15 December 2009 - 11:54am | Laura Scott
A List Apart Survey

The more the merrier (or at least more accurate). Take a few moments to fill out the A List Apart Survey. This isn't just for designers.

Tags:
| Permalink

Somewhere over Garland's rainbow

14 December 2009 - 2:56pm | Laura Scott
screenshot of new site
Garland theme administration, which was introduced in Drupal 5
design from 2006
design from 2006

Garland has been a good thing for Drupal, overall, mainly for the color module. Anyone remember what it replaced in Drupal core? Yeah, it was pretty ugly. Context is important. So even though Garland is something of a front-end developer's nightmare, it has its purpose for the new Drupal user wanting to do at least a modicum of customization to the site's look, without resorting to coding.

And it has served its purpose here. I leaned on Garland (or actually her fixed-width daughter, Minelli) for my blog here for many months ... maybe more than a year. I honestly don't recall. It was since I upgraded to Drupal 6, when I didn't have time to work up a new theme. Garland gave me something so at least I could present the content here (such as it is).

But thanks to the fabulous NineSixty theme, I was able to whip something together yesterday afternoon — the theme you are seeing right here on rarepattern.com. That's right, it took me just one afternoon, even though I was hand-coding a few templates. NineSixty made it all so easy!

I had been designing using the 960 grid for quite some time now, but I had never employed the Ninesixty Drupal theme for implementation before. After hearing all the buzz at Design 4 Drupal Boston 2009, I was definitely curious to try it out. Now was my chance.

My own prior themes for rarepattern had been pretty hacky — quick throw-togethers with plenty of shortcuts. With NineSixty, I spent less time and resorted to fewer hacks. I still have some extraneous styles lurking, and of course there's the usual mark-up excess of some Drupal modules like CCK, but this was about quick implementation, with the emphasis on quick.

One of the beauties of NineSixty is that your page layout mark-up and CSS are pretty much already done. You actually accomplish most of your own layout adjustments directly in your page.tpl.php template. Just copy NineSixty's own into your own theme folder — the folder you created to make a child theme of NineSixty — and edit the classes on the various regions.

grid-8 means 8 grid columns wide

prefix-1 means 1 empty grid column before

suffix-2 means 1 empty grid column after

And there's more — push-x and pull-x, for example — to give you all kinds of power. Just change the classes assigned to each region, and your page falls into place.

The rest is just "skinning."

Tags:
| Permalink

Drupal 7 freeze means time for a new tag: #D7DX

19 October 2009 - 4:08pm | Laura Scott

Yeah? Maybe?

[update: maybe not. see comments.]

#D7UX [Tweeted] is about Drupal 7 user experience work.

#D7CX [Tweeted] is about upgrading Drupal contrib modules to stable Drupal 7 releases when Drupal 7 itself is released. Over 100 contributed projects now bear this commitment, which is just awesome!

To me, that leaves #D7DX – a focused effort to get some rockin' Drupal 7 design themes going.

Yes, we have #D4D. And beautiful Drupal 7 themes are part of #D4D. But #D4D is also about Design 4 Drupal events, broader #d4d efforts on Drupal.org, and other design efforts that are happening. But why not a more focused tag, not on making Drupal pretty in general, not on improving the designer's experience in Drupal, but focused just on creating beautiful, semantic, exciting, eye candilicious themes for Drupal 7? For core themes, yes, but also for contrib. All ready and stable by Drupal 7 official release. Now is the time!

I'm writing to myself, here, since for someone who's been working with and designing for Drupal since 2004, I'm very late to the contributed theme party. That has to change.

At any rate, it's an occasion to finally get this blog here out of the Minelli realm. That's a long overdue effort. All I need is a little free time.

Yes.

Tweet Tweet!

Tags:
| Permalink

12 ways how not to "do" a conference

7 September 2009 - 11:02am | Laura Scott
This was the garden outside of DrupalCon Paris
Montparnasse
DrupalCon main room
DrupalCon before Dries' presentation
DrupalCon Paris 2009
Gathering for the DrupalCon Paris photo

Having just returned from DrupalCon Paris 2009 with mixed feelings as to how I forged my own experience there, I thought I'd put down some thoughts on conference attendance and participation — what (not) to do.

  1. Don't minimize the jet lag factor.

    I had an 8-hour shift in going to Paris, and my first day there after touching down around 7am was pretty much lost in the fog. The second day was really my first day, and that would have been better spent having to myself to just settle in, check out my hotel neighborhood, find decent food, orient myself as to where the conference venue was, etc. As it was, I had to run off to the conference for my first day of meetings and such. I should have arrived a day earlier.

  2. Don't stay at a hotel beyond walking distance of the venue, if possible.

    My hotel was about 2 miles from the conference venue, which turned out to be a manageable walking distance. I'm not sure I would want to have more than a 40 minute walk every day, so I peg the limit at 2 miles. But walking is great!! What did I gain from walking? I got to see and experience Paris during my "commute" to and from the conference. I had no tourism time, so this turned out to be a daily pleasure, even when it was raining. And on the 2 or 3 occasions where I needed to cab it for time, it was a short jaunt. (On the other hand, when I stayed in Barcelona, I was 40 minutes away by train, and that was a royal pain. It worked out because I had plenty of food and drink in my hotel area, and the conference was in a rather barrenly industrial part of town.)

  3. Don't upgrade critical laptop software the day before leaving.

    I upgraded to Snow Leopard the day before, and I thought I was all set. Testing revealed no apparent problems that were critical. However, once in Paris I discovered that the slideshow I created in Keynote for looping on the pingVision sponsor's monitor at the venue would not export properly to Quicktime. (See related post, linked below.) I spent an entire day struggling with this. A day lost. Big #fail on my part. Never again.

  4. Don't eat the hotel food.

    Look, do you eat at any hotel restaurants where you live? Enough said.

  5. Don't bring the 17" laptop, no matter how much you love it.

    My back is killing me from carrying not one full-sized MacBoo Pro, but two — one to play the looping slideshow. Today I'm practically paralyzed with back pain. Next time, it's a netbook (or the rumored Apple touchpad) or just a smartphone.

  6. Don't figure you'll be able to meet up with someone later.

    When you see someone you want to talk to, stop and talk. Right then. Don't wait. Of the half dozen or so people I ran into when I was intending to do something else and we promised to talk later, I talked with none of them later. The event may be a week long, but that is over quite suddenly. Talk to your friends, acquaintances, colleagues and other people you want to meet up with whenever you can. Be spontaneous!

  7. Don't blow off the parties, no matter how tired you are.

    Some of the best conversations I had last week were at the "brown bag" party that just kind of happened on the Left Bank. The restaurant designated for meeting was too expensive, but that didn't prevent a fun party in the plaza right there. You couldn't know that in advance, either. In the past, I've been one to choose rest or work over socializing in the evenings of conferences, but that's been my loss. I don't particularly like loud bars and despise crowded meet markets, but there's nothing like conversation over coffees or beers or wine or a fabulous meal!

  8. Don't forget about global data roaming.

    I bought a 50MB plan that more than covered my email and Twitter needs for the week on my iPhone. However, I noticed that when you sync your iPhone to iTunes, your global data gets turned on, even if you had it turned off. And if you had not planned ahead with a global data plan for the month, you could find yourself in for some surprising and onerous charges.

  9. Don't get too wrapped up in your own shit.

    I don't know about you, but there's always stuff going on that demands my attention. Scores of "real" emails every day. Text messages. Phone messages. Project management issues. I let myself spend too much office-style time on those things, which prevented me from seeing far too many sessions. This is the biggest #fail on my part. You're there at the conference to meet up with people, connect with friends, learn what they're up to and discover new things. Your own stuff will be there after the session. Go to the effing session already!

  10. Don't leave too early.

    Some may consider leaving early to be fashionable, like leaving a party. Some may consider leaving early to be expedient, figuring there's little of interest at the end of a conference. I left too early because I got my dates mixed up. I ended up missing the code sprint on the last day. If you've never been to a Drupal sprint, then you're missing out. At DrupalCon DC, it was my favorite day where I finally got to interact with others and even work on some templating code. Missing out on all that in Paris was a major bummer for me.

  11. Don't neglect learning which is your airline's terminal.

    United's website did not tell me which terminal their flights departed from. United's reminder emails did not tell me either. So when I got to Charles De Gaulle Airport, I did not know where to go. The taxi driver either did not know or took my ignorance as an opportunity to inconvenience another foreigner, and dropped me at Terminal 2. Apparently the managers of that airport did not feel that identifying airlines on their maps was necessary. That airport is pretty confusing when you don't know what you're looking for. A helpful person at an information counter explained to me that my taxi driver had dropped me at the opposite end of the airport from where I needed to be. 30 minutes later I finally got to the check-in counter. Next time, I will not be so complacent.

  12. Don't forget about the post-con blues.

    It happens to me every time. I get down after the event, after riding a week on all that energy and excitement. And when I get down, I run through my regrets -- the people I didn't meet, the dumb things I said, the food I shouldn't have eaten.... The blues are blue enough without all that extra baggage. Which is why I'm writing this blog post. I want to savor the joys, and not get distracted by regrets. Therefore: these notes, mostly to myself, for next time.

I'm glad I didn't manage to fail on all these counts this past week, but I really need to work on my conference attendance planning and not just my conference presentation planning. I will do better at DrupalCon San Francisco!

Do you have any other conference attendance suggestions?

Related: 
Snow Leopard problems with Quicktime and Keynote
Tags:
| Permalink

My wordle cloud

12 June 2008 - 3:27pm | Laura Scott

What I apparently have been bookmarking on del.icio.us:

Now that's a pretty tag cloud! I guess I bookmark Drupal-related stuff a lot.

Tags:
| Permalink

Damm America!

16 May 2008 - 3:33pm | Laura Scott
Estrella-Damm.jpg
Voll-Damm.jpg

--Or should I say: Damm in America!

One of the great discoveries during DrupalCon Barcelona 2007 was the fabulous Damm label of brews. The local Barcelona beer was everywhere, in every establishment. And it is delicious!

Back here in America, I looked around but could not find it anywhere. It did have a distributor, apparently.

But now it does. Last week I found Estrella Damm six-packs in the big-box liquor store here in Boulder. It's a fine lager. The only disappointment is that, at least so far, they aren't carrying the exceptional Voll-Damm (beware the Flashy web interface), which became one of my favorites in Barcelona.

If you like beer, and see a Damm beer available, be sure to try it!

Tags:
| Permalink

How free is "free"?

27 April 2008 - 5:44pm | Laura Scott

Is the future really free?

It seems we've entered an age where there's a land-grab happening for personal data and attention time. Look at all the web start-ups backed by venture capital. They aren't investing out of philanthropy. There's value there. YouTube is "free" but Google paid over a billion dollars for it. Why?

Here's a hint: It's not about the Tube.

Chris Anderson's Wired article was quite bold in its proclamations:

You know this freaky land of free as the Web. A decade and a half into the great online experiment, the last debates over free versus pay online are ending. In 2007 The New York Times went free; this year, so will much of The Wall Street Journal. (The remaining fee-based parts, new owner Rupert Murdoch announced, will be "really special ... and, sorry to tell you, probably more expensive." This calls to mind one version of Stewart Brand's original aphorism from 1984: "Information wants to be free. Information also wants to be expensive ... That tension will not go away.")

Once a marketing gimmick, free has emerged as a full-fledged economy. Offering free music proved successful for Radiohead, Trent Reznor of Nine Inch Nails, and a swarm of other bands on MySpace that grasped the audience-building merits of zero. The fastest-growing parts of the gaming industry are ad-supported casual games online and free-to-try massively multiplayer online games. Virtually everything Google does is free to consumers, from Gmail to Picasa to GOOG-411.

The rise of "freeconomics" is being driven by the underlying technologies that power the Web. Just as Moore's law dictates that a unit of processing power halves in price every 18 months, the price of bandwidth and storage is dropping even faster. Which is to say, the trend lines that determine the cost of doing business online all point the same way: to zero.

One of the old jokes from the late-'90s bubble was that there are only two numbers on the Internet: infinity and zero. The first, at least as it applied to stock market valuations, proved false. But the second is alive and well. The Web has become the land of the free.

Has it?

TANSTAAFL

There ain't no such thing as a free lunch.

The idea behind this is that there's always some sort of exchange happening, even if it's not in cash. If I buy you lunch, I'm getting something out of it -- the pleasure of your company, a chance to boast or commiserate, an opportunity to share a new restaurant discovery, freedom from an otherwise mundane meal, relief from a spiritual debt acquired when you bought me lunch last week, whatever.

And yet when I buy you lunch, it does not imply that you now are entitled to inspect my purse, or peruse the messages in my iPhone, or rummage through my dresser. Those things are considered private to most of us, right?

Chris Anderson's entire perception of the "free" present and future seems to depend upon the assumption that not only our time and attention have no value, but that our privacy has no value ... that is, no value to us.

Those things certainly have value to the companies offering the "free" services.

Last year, Yahoo announced that Yahoo Mail, its free webmail service, would provide unlimited storage. Just in case that wasn't totally clear, that's "unlimited" as in "infinite." So the market price of online storage, at least for email, has now fallen to zero....

That's zero in cash. But just because you aren't forking over cash doesn't mean something is really free. With 'free' email, it may not cost you cash, what are you handing over otherwise? It may seem trivial enough, but you are paying for that mail in terms of having advertising rolled in front of your eyes, and in terms of handing over personally identifiable information that can then be leveraged, quantified and sold to others or leveraged in other ways.

It's now clear that practically everything Web technology touches starts down the path to gratis, at least as far as we consumers are concerned. Storage now joins bandwidth (YouTube: free) and processing power (Google: free) in the race to the bottom....

...Basic economics tells us that in a competitive market, price falls to the marginal cost. There's never been a more competitive market than the Internet, and every day the marginal cost of digital information comes closer to nothing.

This brings us back to the question, Why did Google pay 1.7 billion dollars for YouTube? Answer: It's not about the Tube, it's about You.

YouTube gets your information, your attention for advertising ... and all-media licensing rights to your video in perpetuity. Hardly free. And Google gives away search results information, but sells your attention to advertisers who get to hawk their wares on our search results. If you're like me, you consider this a fair trade-off to access the quality search results Google offers.

It may seem fair and trivial, but it's not free. And maybe that's an important thing to remember.

'Who' is on first

Consider that, for decades, television has been giving you "free" programming by selling a huge percentage of your time and attention watching it to advertisers. It's no secret that television advertisers pay big bucks for your attention. (And sometimes we may even appreciate it. Heck, for me the fun of the Super Bowl comes from the new, often very creative ad spots.)

YouTube also has your attention ... and much much more: If you are registered, YouTube also has your email address, your ISP info, your rough geographical location, a record of your viewing habits, and a fair sense of your tastes and how they match up with other YouTube members. That's a lot more information than your local television channel ever had.

Google bought Doubleclick for much the same reason: Data on your attention, and a structure to monetize it.

And so on down the line.

Obviously your privacy, your time and your attention have value -- big money value.

"Hang on a minute!" you say. "I like watching YouTube, so what's the big deal?"

Perhaps that's the real point: It's not a big deal. The price you pay may be small most of the time -- small to the point of practically nothing. It's not a big deal, it's a little deal. And with millions of subscribers and bazillions of views, those little deals do add up to beaucoup bucks.

So can we at least admit that "free" is not really free, even if it is really really cheap most of the time?

Are you opting out as much as you think?

So you realize how you are making an exchange, trading elements of your privacy and attention for some "free" services. Great.

So now you can take charge of your "free" web usage, and move into the future with a full awareness. Wonderful.

So you can opt out of any exchange that crosses the line according to your own valuations and judgments. Terrific!

But what if the exchange of your privacy for "free" services is not so obvious?

Consider Facebook. AP's Martha Irvine reports that privacy-conscious users aren't as private as they might think:

People often think Facebook profiles and sometimes MySpace pages, if they're set as private, are only available to friends or specific groups, such as a university, workplace, or even a city.

But that's not true if they use applications. On Facebook, for instance, applications can only be downloaded if a user checks a box allowing its developers to "know who I am and access my information," which means everything on a profile, except contact info. Given little thought, agreeing to the terms has become a matter of routine for the nearly 70 million Facebook users worldwide who use applications to spruce up their pages and to flirt, play and bond with friends online....

...So what do these third-parties do with the information? Sometimes, they use it to connect users with similar interests. Sometimes, they use it to target ads, based on demographics such as gender and age (something Facebook and MySpace also do)....

...But experts who track online security issues think there's too much personal information flying around out there, with few guarantees that it's safe. They also think social networkers have little understanding where their information goes and how it's used — and as a result, have a false sense of security.

"I suspect that there's a whole lot of clicking without a lot of thinking," says Mary Madden, a senior research specialist at the Pew Internet & American Life Project who studies privacy issues. "So much of this sharing happens in a way that users don't see the consequences. It's kind of a big, black hole."

Part of the risk stems from Facebook applications being created by anyone, some of them tech-related companies and others individuals with know-how. And they could be anywhere in the world....

...Some would argue that it's much like trusting an online vendor with your credit card information.

And of course there's Beacon. Facebook gives us "free" social networking, but sells the "beacon" of our purchasing behavior data. How palatable that is to members is more questionable. Obviously some "free" things are preferable to others.

Facebook scaled back Beacon after a lot of outcry, but the applications system remains largely unnoticed.

[I]t's an honor system, says Adrienne Felt, a computer science major at the University of Virginia....But, in the end, Felt says there's really nothing stopping them from matching profile information with public records. It also could be sold or stolen. And all of that could lead to serious matters such as identity theft.

"People seem to have this idea that, when you put something on the Internet, there should be some privacy model out there — that there's somebody out there that's enforcing good manners. But that's not true," Felt says.

Don't Tread On Track Me

Diane Bartz of Reuters recently reported about a drive to create a "Do Not Track" list much akin to the "Do Not Call" list that was meant to prevent telemarketers from bothering people who don't want to be bothered.

In December, the FTC approved Google's purchase of advertising rival DoubleClick over the objections of some privacy groups.

At the same time, the agency urged advertisers to let computer users bar advertisers from collecting information on them, to provide "reasonable security" for any data and to collect data on health conditions or other sensitive issues only with the consumer's express consent.

In comments to the FTC on online behavioral advertising, advertisers made clear a strong preference for self-regulation rather than government dictates on how personal data are collected, what disclosures are made to computer users and how long the information is stored.

Consumer groups said on Tuesday they were skeptical of self-regulation.

"Self-policing schemes are not enough to protect consumers' privacy and offer no enforcement against improper behavior," said Chris Murray, senior counsel for Consumers Union, in a statement.

"While companies like Google are trying to put pretty good practices in place, we don't want to rely on the good graces of the companies because they might change their minds," he told Reuters in a telephone interview.

CNet's Anne Broache blogged about this:

Without a better way to get around those shortcomings, "we have...consumers and the FTC and industry agreeing on consumer choice and then no way to technically get there," said Peter Swire, an Ohio State University law professor and a former lead privacy counselor in the Clinton White House....

...A broad coalition of consumer and privacy advocates last fall called on the Federal Trade Commission to establish such a registry. The concept is this: Any advertising entity that sets a "persistent" cookie on a user's machine would be required to give the FTC the domain names of servers used to place it. Consumers would then be able to import that list of domain names and block them from tracking their Internet surfing behavior.

[AOL Chief Privacy Officer Jules] Polonetsky said that while he supports the concept, "I think the way to do it isn't a government place where your browser goes and gets stuff."

Instead, the former New York state legislator said, "the rule should be that whatever technology platform you're using should have no-brainer, easy-to-use labels that people know how to toggle to turn on or off the kinds of personalization, storing, whatever it is that that particular platform does."

Privacy advocates at Thursday's discussion weren't sold on the idea of self-regulation alone. Ultimately the responsibility to understand how their information is being used should not fall on consumers, but "on business to protect and safeguard consumers to whom they are providing these products," said Marc Rotenberg, director of the Electronic Privacy Information Center.

"The system is already in place, it's too late to turn it back," said Jeff Chester, director of the Center for Digital Democracy, which advocates for tighter privacy regulations on Internet companies. "We need real policy safeguards. The Congress and the FTC need to act."

When the privacy stakes are raised

It's one thing to weigh these issues in the domestic (which, in my case means American) context. There are complexities. As Americans, our two strongly held values of Fairness and Freedom (as in freedom of speech) come into conflict here. On the one hand, we don't want people to be abused by entities without accountability. On the other hand, we don't want Big Brother meddling with one of the sectors of our fragile economy that seems to still be going like gangbusters.

These same issues seem much clearer when it comes to other countries, other regimes, such as China, which as won cooperation from Yahoo, Google and others in censoring the internet to suit the Chinese government's policies. Rebecca McKinnon writes:

Many would agree that being a socially responsible Internet or telecommunications company requires respect for users’ rights to privacy and free expression, but there is great disagreement over how to accomplish this ideal.

She goes on about a case where Yahoo's cooperation led to the arrest of a dissident in China.

For two years after Yahoo’s role in Shi Tao’s case first came to light, the company’s public statements characterized the plight of Shi Tao and the three others as if they were acceptable collateral damage in the great task of bringing Internet information services to the Chinese people. Executives argued that the Chinese people were still better off in the long run thanks to Yahoo’s presence....

...Yahoo executives also argued that the company’s nose was legally clean on two fronts: Not only did employees respond to a legally binding written order; actions by Yahoo’s China-based employees were consistent with the user “terms of service” that Shi Tao and all other Yahoo email users agree to in order to create an account. In these terms the user promises not to use the email account to commit a list of actions, including “damaging public security, revealing state secrets, subverting state power, damaging national unity,” etc....

...But a legal victory would have been hollow because it would not have absolved Yahoo in the eyes of the human-rights community and socially responsible investors. They point out that Chinese law in this area contradicts international law–and that socially responsible companies have an obligation to do something more than participate in a “race to the bottom” as far as global practices on privacy and freedom of expression are concerned....

...With data privacy, things are much more clear cut: when user data is handed over a person can go to jail and his or her life is ruined or shortened. So what to do?

In the "freeconomy" picture Anderson paints, of course, there is no secret police ready to arrest you for buying that book about genital herpes or searching for websites about bankruptcy counseling.

But does that mean you have no interest at all in how that information about your supposedly private behavior is used and shared by other parties? Does that mean that your privacy has no value? Does that mean you can just "choose" not to use the Internet at all?

After all, do such uses of your private information really harm you in any way? How can you quantify it?

And if you can't quantify it, if you can't point to any real damages, then what can you do about it, anyway?

Judging the value of privacy

Lauren Gelman, Executive Director of Stanford Law School's Center for Internet and Society, writes of a recent DC Circuit court ruling:

holding that the federal Privacy Act's requirement that Plaintiffs show actual damages does not require pecuniary harm but can be met by a showing of emotional distress. Am. Fed'n of Gov't Employees v. Hawley, D.D.C., No. 07-00855, 3/31/08.

[T]he plaintiffs' alleged injury is not speculative nor dependent on any future event, such as a third party's misuse of the data, the court said. The court finds that plaintiffs have standing to bring their Privacy Act claim.

...I think this is a great decision that supports the belief that people's harm from a privacy loss is not just another's use of that information to cause financial loss (i.e. identity theft), but that emotional damages and embarrassment are cognizable harms of privacy violations.

Other lawsuits about privacy are hitting the courts. We seem to be reaching the point where companies' right to swing their information-gathering-and-sharing arms is starting to meet private citizens' right to not have their private elbows bumped.

And, last I checked, lawyers aren't free.

And this doesn't even get into cases relating to people's private information where the damages are much more apparent.

Back to McKinnon:

Meanwhile, the rest of us should not simply sit around and wait for our Internet and email service providers, Web-hosting services, and mobile-phone carriers to do the right thing on their own. Technology users around the world have an interest in joining together to insist that the products and services with which we increasingly entrust our careers, our beliefs and the most intimate parts of our lives, will not sell us out because they feel they have “no choice” since all their competitors are selling out their users too.

Who's identity is it, anyway?

The question I keep coming to is this: If the web is so distributed, why are people flocking to centralized management of their information (and in doing so trading away so much of their privacy)?

The answer, it seems to me, is that it's easy that way. GMail is easy. Google Calendar is easy. Connecting with friends via Facebook is easy.

But maybe the easy way is not always the best way. Maybe?

Adriana at Media Infuencer has written something of a manifesto on taking charge of one's own identity:

What I want is option (with set of tools) for individuals taking charge of their identities.* And on the web that starts with exercising sovereignty over my data. This alternative must be networked and not third party dependent or platform based....

...The key is in realising that authorisation and identity are related but separate.

Authentication is the act of establishing an identity - this is separate from the existing identity approach where the focus is on collection and disbursement of bits of data to do with someone. The cheap and cheerful explanation of this is that you can authenticate with a password (i.e. something that only you know). However, that password need not reveal anything about you/your identity. It just reveals that you are someone who knows the password. Therefore, authentication is free to be separate from identity. They are in separate but related domains. Have I mentioned that they are separate?

I owe this point to Alec who explains:

Traditionally authentication is one-or-more of three things.

  • something you KNOW, e.g, you KNOW the password
  • something you HAVE, e.g, you HAVE the door key,
  • something you ARE, e.g, you ARE a 4-star general on an army base

The latter tends to be a bit weak, as authentication goes, in my experience it is prone to social hacking. Good authentication might be combining something like: KNOWING the password that UNLOCKS the certificate that you HAVE on the laptop, that permits a remote website to challenge you and get the response it expects, since it KNOWS that you have your certificate on your laptop....

In short, let me have a go at my identity myself, on my own terms, the web way, without intermediaries, ‘trusted’ parties and hierarchical non-direct ways. Locking me into new ‘better’ platforms, offering ’services’ to manage my meta-identity is like putting a band-aid on a gaping wound. Instead, give me tools, flexible and modular, to reclaim my digital personae, help me piece together my fractured identity. And then allow me to drive it forward with all of the benefits that it can bring me and to those I interact and transact with. Learn to live with the unpredictability and emergent juicy goodness that comes from my independence and lack of your control over me.

Object-Oriented Identity?

One approach to protecting privacy in some way draws from a fundamental tenet of basic object-oriented programming: That the data and logic to accessing that data are combined into an object; any other object or entity wanting to access that data engages the object as a whole, and gets what the object is 'willing' to give, under its own logic. This is in contrast to function-based programming, where any procedure or function can access the data by its own means.

(Programmers reading this: please be kind. I'm trying to over-simplify to make a point.)

The same approach can be handled for identity, with systems such as OpenID: Rather than managing identity through multiple sites that parse your information through their own individual functions, according to their own rules, your identity and access to it are managed as a unit -- an object.

You can use a verifiable identity token instead of a password that you may be using on a few dozen other sites. You can keep your profile information in one place, and share it according to your own terms.

It's just an idea, and in its infancy at that, and while it's seeing in-roads with adoption by Wordpress, Drupal and others, it's something that so far has been met with a bit of resistance from some of the major players who have found big money in the identity stakes.

But it seems clear that the way things have been going so far is not how we things will be going in the future. Change is a constant on the web, and that's all the more true in how we treat privacy.

When privacy is protected...

...does this threaten the "free" world of which Anderson writes? I don't think so.

In a guest post on ReadWriteWeb, Rick Hangartner writes:

Fifteen or so years into the evolution of the web, we already have many of the key ideas and technologies in place to start describing and sharing personal preference information - or what we might colloquially call "taste" - in order to personalize web experiences. So, why haven't we yet seen widespread adoption of web personalization? Mostly because user expectations and online business models haven't yet evolved to the point that user-controlled, ‘open taste’ sharing is a viable option.

For the more pragmatic: each time we make choices, we generate data which empirically describes our preferences. This is data that can be encapsulated and shared just like any other picture, blog post, video, or other piece of online content that we create; and which the DataPortability project is focused on.

A few ideas for open taste sharing

As a DataPortability use case, open taste sharing embodies and embraces the culture shift that the Web 2.0 movement represents. With regard to data ownership, the DataPortability concept has even more succinct expression: our tastes should be ours to share, or not. This puts the user in control of their online experience, so they can set the boundaries of how much they want to share and with whom.

Meanwhile, two new companies are offering to ISPs the service of tracking everything the ISPs' customers do, every website they visit, while claiming, counterintuitively (they admit), that their services actually improve the privacy of the users:

Phorm has agreements to work with the three largest Internet providers in Britain and will start operations there in the next few weeks. NebuAd says it is working with several smaller Internet providers in the United States that collectively serve 10 percent of the nation’s Internet users. Both companies are working hard to convince the large cable and phone companies in this country to join their systems. To do so, they must convince the Internet providers that they will not be offending their customers.

“Consumer acceptance is key to our progress,” Mr. Dykes said.

Of course, this "service" is "free" to the consumers, so why should you complain, right?

[This is cross-posted on BlogHer.]

Tags:
| Permalink

The phone system question

20 April 2008 - 3:20pm | Laura Scott

It has come time to consider a phone system. While most of the company clan uses mobile phones for personal calls, we do have sales and support that do need real phones, with voicemail, multiple simultaneous dialtones, etc. We tried the Vonage thing, but that had too many "can you hear me now?" moments for a business to suffer, so we went to the multiple Qwest lines, which required little in equipment investment but is far too costly each month -- not to mention every time we move or want to add a line.

Last week we got a pitch from Qwest reps. The part that probably does make sense is doing a T1 with dynamic bandwidth allocation and integrated access, opening up some channels and handling all the phone switching from a box. (Not sure if Qwest is best choice for that, but I'll reserve judgment for now.)

The part I'm less sure of is the Oracle Cisco box they are bundling with the service package. They are going to put some numbers together but my hunch is that it's going to be just a tad more expensive than we are wanting (or even able) to spend.

It's also a closed-source solution, which gives me pause. Any time I'm plunking down a good chunk of change, I want to know I have ownership of the future. While I don't figure on Cisco going away anytime soon, past experience has shown that a company doesn't need to go under to EOL a product line.

There is Asterisk, which is open source. It even has a Drupal module for integration with Drupal (maintained by fellow Boulderite hunmonk). I plan on giving Chad a ping to see what kind of insights he may have. And Matthew has some measure of experience with it.

But just because it's open source doesn't mean it's enterprise-ready. This phone system realm is completely alien territory for me. Any recommendations? Warnings? Happy tales with flowers and dancing cats?

Tags:
| Permalink