Category Archives: Fluff

New Gig, New Rig, New digs

path at coyote point

About 18 months ago, Julie and I left family and friends and our long-time residence in Utah and move to California. It’s been a wild ride. We’re enjoying it now, but initially it was quite a shock. Here are some of the changes:

Old: Utah New: Norcal
gig 23 total years at Novell, last project: Novell Cloud Security Services (identity services) 1.5 years at VMware Cloud Foundry (identity services)
rig 4wd SUV sporty hybrid hatchback
digs big new house on a golf course in the foothills quaint rambler built in 1922 — 1/2 the space for 3x the cost
OS Linux, Windows, NetWare initially Mac OSX with Linux in a VM, but I rebelled back to Linux, where the user experience and package management are more consistent
code C/C++, C#, Java Ruby, Ruby, Ruby, Java, some Go and Scala
VCS Subversion, Continuus all git, all the time
release cycle once a year or two twice a week
team culture circle the wagons and defend turf from intruders (and management) aggressive and competitive internally and externally, very open to alliances with other groups
hallway banter child raising techniques, church activities, the impending doom of the company programming languages, startups, new tech, cycling, public transportation, wineries, kids, live music venues, vacation destinations, weekend festivals, sailing
politics Republican (Utah, duh) Democrat (bay area, duh)
climate very cold in winter, very hot in the summer mild all the time with some spectacular days, but mostly feels somewhat cold
yard intruders deer, mice raccoons (up to 6 at a time), rats
picnic supplies must be planned: wine purchased at rare state stores with limited hours, food must be purchased somewhere else a quick stop to any grocery store or corner mart and you’re set

Overall, change can be a very good thing. And We’re enjoying the adventures and cycling a lot. Now back to work.

bikes by the bay

My Daughter Appears in an Arrington Post on TechCrunch

I have referred to my children numerous times in this blog. For some reason, their adventures are often rather technology focused – but this post is not about technology. It’s about the sheer techie coolness of my daughter being seen in a post on TechCrunch.

My oldest son recently started working for a new company called Instructure. I’m not sure I agree with a company strategy that defines itself by it’s competition, but they have certainly made a splash by announcing that they are specifically attempting to dislodge Blackboard as the leader in learning management software. They’ve taken some interesting approaches to grab attention and market share such as releasing the core product as open source. There are a number of solid strategic reasons to do that – but (again) this post is not about technology.

Instructure’s recent emergence in the market, their intriguing strategic moves, and some significant early adopter accounts have brought them to the attention of some big name tech news outlets, with recent articles by Michael Arrington on TechCrunch and Herb Greenberg on CNBC.

To highlight their “change is good” perspective, they created a video reminiscent of the old Apple superbowl ad. Apparently, my son talked my daughter into helping out with the video. My daughter is one of the students walking down the tunnel in the first part of the video and can be seen in the audience. I’m glad she didn’t handle the flame thrower.

The video is shown in the TechCrunch article. My daughter on Techcrunch. Woot! How COOL IS THAT!

I declare success as a techie father – for this week anyway.

Now that’s funny

I know people have widely varying humor styles and many may not agree with me, but, man, I find this XKCD comic to be very funny. I just keep chuckling to myself. Oh, and don’t miss the text that pops up if you mouse over the panels — if you read XKCD in a feed reader, it’s worth a trip to the site to see the mouse-over text.

What I Missed While at the RSA Conference

The RSA Conference this year was outstanding from the perspective of identity technology, Higgins, Bandit, OSIS, industry connections, etc. I was overly worried all week about getting enough interop testing done for OSIS and about my presentation on user-centric identity validation experiences. Yet I survived.

Meanwhile, the reason I sometimes show up for work is so that I can feed my offspring — and they continued to have their own adventures while I was gone. They seem to have lives and minds of their own. My second son distinguishes himself in my household as a Mac user. Weird. Like my daughter, he seems to have some social skills. He certainly doesn’t get them from me. He even likes sports. Lately, it’s been soccer.

So this is what I missed…



I have been to some games and have seen something of how the photographer works, so when I looked at the referenced photo site I realize that these photos are from some guy — probably a dad of one of the players — taking photos and then using a service to sell them to sucker parents at outrageous prices.

Would I fall for such gouging?

DAMN RIGHT I WOULD. Getting out my credit card now.


UPDATE: Apparently the photo above sometimes is not available. That’s what I get for linking directly to their site. If you really want to see it, or even order an absurdly expensive copy, you can see the storefront here.

A familiar hacker visits my home network

My oldest son is away at college. He’s finishing his senior year and deciding what to do next. I’m very proud of him, but sometimes I can’t help compare his life to mine. To earn money for living expenses during college, I had jobs washing dishes, changing oil, stocking shelves and eventually moving all the way up to cashier at Smith’s Food King. Good times. My son has had summer jobs programming for Berkeley Data Systems (Mozy) and this little Internet startup named Google. During the school year, he works on Linux boxes for the astronomy department at his school. His jobs sound like a huge amount of fun to me, and I think he has enjoyed them, but he takes things so seriously sometimes. Sigh. At that age, I did too.

I keep expecting to get traditional letters (or at least emails) from him asking for money, but instead I received this email last week:

so, sorry i haven't called recently, as i miss talking to you.

nevertheless, i thought it would be a good idea to let you know that
your server machines are all completely rootable

on bub, the code /home/jtolds/vmsplice-exploit will give you root on
nearly every 2.6 kernel machine
/home/jtolds/disable-vmsplice-if-exploitable will disable the vmsplice
code in memory by overwriting the first line of the vmsplice function
calls with the RET assembly command
I ran that on bub since it's network accessible

you may want to install new kernels or recompile or something.

if you don't and do reboot bub, you should run the exploit disabler again

love you! talk to you soon

I would have used the phrase “RET assembly instruction” instead of “RET assembly command”. Assembly ain’t no scripting language. I’m not sure what they are teaching kids in school these days.

I have, of course, upgraded my Linux kernels on the machines in question.

The personality of projects

I don’t think I’ve ever met Paul Madsen in person. I have often found his blog posts to be humorous and insightful, and I enjoy it when he makes a good jab at a misunderstanding or weak spot of various identity systems. It appears to me the he really wants to find the most useful answers and is having a good time doing it. My favorite post from Paul (that I can think of right now) is about a taxonomy of Internet identity projects and groups. I don’t always agree with the specifics (e.g. I don’t think the Identity Commons is a Spec Definition Body) but the approach is very cool. We need it. I’m just going to refer people to that post every time they ask “why do you make this so complicated — do we really need [Specification] A and [OpenSource Software] B?”

On the other hand, I have met Ashish Jain. You can’t find a more pleasant, approachable, and engaging guy. It appears to me that the only time Ashish detaches from a collaborative conversation is when the hype to implementation ratio is too high — a valuable trait. Ashish likes to make things work. Like And he also publishes very funny things, like the baby covered with logos before the first Burton/OSIS interop event.

The recent exchanges between Ashish and Paul about current identity system working groups and acronyms are hilarious and also make some valid points about the personality of various projects.

Over a year ago the OSIS working group followed a time-honored tradition of changing a word in its name while maintaining the same acronym. It was originally the “Open Source Identity Selector” but became the “Open Source Identity System”. And it has been made fun of incessantly for that change. If we are ever foolhardy enough to change the name again, I definitely vote for “Open Source Invitation for Singles”.

Fashions in information card beachware

beachware sunsetIt’s the end of summer. It tends to make me feel a little nostalgic even though I always enjoy the change in the feel of the light and air as autumn hints. Or maybe it’s just the pollen from that damn Russian Thistle that makes me feel different.

It’s also back-to-school time at my house. Mechanical pencils, 3-ring binders, and new clothes. My youngest two children each moved up a school. They always seem to get a cold in the first weeks of school and this year is no exception.

digitalme shirt backdigitalme shirt frontMeanwhile I’m getting excited about the progress and next steps for the Bandit project. There has been a lot of vacation time for the Bandit team this summer, but a surprising amount of work got done as well. This Fall is time to show it and put it into real use.

information card shirt frontinformation card shirt backMaybe it’s the thoughts of vacation and next steps for the Bandit project that caused these photos to catch my eye. They are from a trip to Cabo San Lucas in July. They show something of what was on my mind then: sun, beer, beach, identity systems, and Lessig’s Code 2.0 (very highly recommended). Thanks to Mike for the information card shirt. I try to wear it in compliance with the logo usage guidelines, but I think I probably sometimes stand too close to other images and I spilled some salsa on it. I’ll keep working on it. The DigitalMe shirt is an old one from 1999 that I kept because I liked the logo. It’s amazing how some things come back into fashion.

summer readingNow back to real work. Stay tuned. Some Really Good Stuff is coming due to collaboration of many projects in building the Internet identity fabric.

My part in the five things blogwave

I have been tagged by Pam and Gerry in the “five little known things about me” blogwave. Thanks to both of you, I think. I’m going to reply because I know there are those out there that are anxious to read what I write (hi mom!).

1. I take tuba pictures. As a teenager I found a broken sousaphone (often referred to as a tuba) in a neighbor’s garbage. Since I was odd and enjoyed photography, it immediately became one of my favorite subjects. I have photographs of the tuba in trees, mountains, wrecked cars, vacant houses, and college bathrooms. I was once ejected with it from Temple Square in Salt Lake City. You probably have to have a sense of humor warped in roughly the same curvature as mine to think it’s as funny as I do, but here are a few examples.

2. In the late 1980’s I believe I was hugged by Craig Burton. It was part of a Novell new employee ritual. I remember standing in a line that ended with Craig or Judith and thinking “please let me get Judith”. I  have no memory of what happened next. Perhaps I’ve blocked it from memory.

3. As a high school student in a very small town in northern Utah, I was a member of a comedy troupe called The Lumberjacks. The school administration thought it was wholesome humor. If any of them had actually seen the namesake Monty Python skit, it would have been scandolous.

4. Much of my current career path is due to a father-son project. About 1998 I made a deal with my oldest son (then 12) that we would try this new Linux stuff together. He was to buy the OS (I think it was Redhat 5.2) and I was to buy the machine. He came through. I did not. So he built a machine from spare parts sitting around the house. I did help him install Linux. That Linux machine was reliable, stable, and we learned a lot. In fact, that machine was later used as the basis of a demo that showed Novell’s directory service integrated with DNS and providing rudimentary federation between directory instances across the Internet. The demo was shown, with great success, to Novell’s CEO (then Eric Schmidt). I left the company for a while, the project was cancelled, management changed, etc., but, last I heard from my son, that machine is still running.

5. I find it more productive to mix work and play. When I was a university student I worked as a childcare counselor for the United Way. One of the activities that I did with the children was to send them out into the fields to pick dandelion blossoms. They enjoyed it and it got them to run outside for a while. I took the blossoms home and made many gallons of rather good dandelion wine.

So now I get to tag five: Pete, Paul, Mary, Dave, Lyndon

User-centric Tedium and Modulated Identity Signals

A few months ago I was filling out some forms for my children’s school. It’s a long and tedious process and I had a lot of time to think. I hate filling out forms. I really hate it. My great preference would be to have someone else do it. One of the advantages of having a wife was that she would usually fill out school forms. For many years now it’s been just me and my kids. And I really hate it filling out those damn forms.

My kids have some severe food allergies, asthma, and assorted other industrial diseases (as Mark Knopfler would say). Their school requires one form for each medication with name, address, dosage, and contact information for allergist, pediatrician, parent, and backup responsible adult. There are consent forms each for the doctor and the parent, per medication. Then there is a separate consent form for each child to give to the bus company for field trips — with name, address, medications, emergency and doctor contact information. With all the permutations, I filled out more than 20 pages, mostly redundant.

So what does all this whining have to do with online identity information?

It’s a rather long, round about answer, but I’ll get there…

I found that, as I filled out the forms, I wanted to introduce variations. For example, refer to a child by their nickname here, full name there. Say “Dr J. Jones” on this form and “Allergist Jack Jones” on that form. It broke up the boredom and allowed me a pathetically small vent for my displeasure. Of course, planning to go buy a cool all-in-one printer and copy machine would have been better, but that’s another issue.

I started to think about how I could encode information in the forms and yet still give accurate information. It’s like making up email addresses when registering for something online. I do this and I know many other folks do too. I have some domain names that I own that are configured so that any email address in that domain dumps into a single account, like So when I register for something at XYZ company, I can use an email address that encodes where I registered. I make up an email address like If I suddenly start getting spam addressed to xyz-registration, I know that XYZ company did not handle my registration information properly. I have, in a sense, modulated my identity information so that, while it still works for it’s intended purpose, I can also identify the initial recipient.

Maybe we could automate this technique with online identity information.

Many user centric identity systems deal with personas. I was recently playing with my openid account and saw that it supports personas to group attributes and selectively give out identity information. But I wonder if we could also encode extra information in the attributes associated with each persona when that information is given out, so that, if I see information about me used inappropriately, I might determine the source. Like my spam source detector system, I do not think of it as a rigorous system, just something that might be useful on occasion.

I think implementing such a system would be preferable to filling out forms. I hate forms.

Obligatory introductory post

I occasionally develop strong opinions that I would like be available on the web. This is so that I can point to them rather than always having to paste them into an email. This web log is an intended to be a repository for such opinions. Hopefully it will at least be entertaining to a few.

Also, I am unsure about whether the blog title should include “olds'” or “olds’s”. I find differing rules from authoritative sources on the web. Comments welcome.