The major Dutch newssite Nu.nl (translated Now.nl) has started a social newswebsite much like Digg.coml. The new site Nujij.nl (translated Nowyou.nl) allows people to upload their own articles and links. Obviously people can “digg” a story. I wonder how much time it takes before this site runs into the same trouble as Digg.com has.

I am wondering if the following procedure allows people to login with other people’s OpenID. The idea came to me when I heard about someone who made an OpenID server that would return as if the user was logged in no matter what user. Obviously this technique would only be annoying to the person who uses it, but this next one might affect others.

Let me paint you a picture of what I think could be done. I know Alper’s OpenID is http://alper.nl because I can see this on multiple sites and he even told me. Now let’s say I want to log in to his account at some site, without being logged in to his OpenID server. Obviously, when I try to login to that site with his OpenID, it would redirect to his OpenID server, which would not recognize me as a valid user.

Now let’s try something else: What if I would change my Hosts file (/etc/hosts on linux and mac) and make an entry for alper.nl, and have that direct to let’s say localhost? I could probably spoof the website I want to login to that I am redirecting to http://alper.nl while I’m actually not. Now that I have this I could run a server on my localhost that would return a valid response no matter who I am, or I could even delegate to my own OpenID server.

I haven’t tried this out, but I am very interested if there is any protection against these kind of measures. I hope, and expect, there is but I couldn’t find the answer anywhere. I even mailed Simon Willison for his advice, but I haven’t heard anything yet.

We walked from our house, through Portobello Road and Kensington Gardens, to the Science Museum in South Kensington. The main goal was to try out my camera but it also was a very enjoyable afternoon. I ended up with 343 RAW photos, from which 162 came through my “Quality Filter”. I really like my new camera. Just the speed only was worth the money.

Today I finally picked up my Nikon D40 camera. Though a bit more expensive than hoped for I am very delighted with the camera. Shooting Raw pictures in continuous mode directly to my 4GB SDHC card is just brilliant. Hoping to post some nice pictures on my flickr anyday now.

Since yesterday I noticed that the Personalized Google Homepage now supports style. It looks funny but I do miss some manly themes.