my.info.card: my Infocard Identity Selector Plugin Development Blog

Self issued information cards support only a select number of claims. Each of these claims is associated with an URI that one could use to look up the claim inside the token.

The claims that are supported are:

1. Given Name = "http://schemas.microsoft.com/ws/2005/05/identity/claims/givenname";
2. Email Address = "http://schemas.microsoft.com/ws/2005/05/identity/claims/emailaddress";
3. Surname = "http://schemas.microsoft.com/ws/2005/05/identity/claims/surname";
4. Street Address = "http://schemas.microsoft.com/ws/2005/05/identity/claims/streetaddress";
5. Locality = "http://schemas.microsoft.com/ws/2005/05/identity/claims/locality";
6. State/Province = "http://schemas.microsoft.com/ws/2005/05/identity/claims/stateorprovince";
7. Postal Code = "http://schemas.microsoft.com/ws/2005/05/identity/claims/postalcode";
8. Country = "http://schemas.microsoft.com/ws/2005/05/identity/claims/country";
9. Home Phone = "http://schemas.microsoft.com/ws/2005/05/identity/claims/homephone";
10. Other Phone = "http://schemas.microsoft.com/ws/2005/05/identity/claims/otherphone";
11. Mobile Phone = "http://schemas.microsoft.com/ws/2005/05/identity/claims/mobilephone";
12. Date of Birth = "http://schemas.microsoft.com/ws/2005/05/identity/claims/dateofbirth";
13. Gender = "http://schemas.microsoft.com/ws/2005/05/identity/claims/gender";
14. PPID = "http://schemas.microsoft.com/ws/2005/05/identity/claims/privatepersonalidentifier";

One could use the URIs with the TokenHelper class to extract out the values for the claims.

..... more later.....

Here are a few thoughts on "authentication" and "authorization" in my own words.... (I hope you can understand what I am trying to say or imply). Please read this if you know how to differentiate between jokes and serious stuff....

I am Rohan Pinto, also known as "rohan" to some, by an "employee ID number" to my employer (you wish I published that number, didnt you ?), "ldapguru" according to folks who use my website, "Mr. Pinto" to those who look up to me (no kidding.. there are a few... a very few...), "Sir" (to the world, If I ever get to do better in life than Sir, Richard Branson), "baby" to my wife, "daddy" to my kids, "thengdi" to some, "ron" according to a few, "kramer" to some, "attacker" according to Kim, "hey you" to others who just dont care...

Anyway, the point is, I have several identites, each for a "specific" use-case blogs.sun.com/images/smileys/wink.gif" class="smiley" alt=";-)" title=";-)" />
Now, my wife would never accept the credential "daddy", nor would my kids accept anything other than "daddy". Similarly, others too have their own criteria for whats accepted and whats not.

The "criteria" is NOT something set or asserted by me. It's something that the "Relying Party" sets for themselves.

I probably do have the ability of presenting another credential to my "Relying Party", But would the "Relying Party" BUY THAT ?

Nothing stops me from presenting my "self asserted identity" to any of the "Relying Parties". I being a "human-component" have the ability to understand and know the (sometimes partially, and sometimes everything: based on how much info I have about the "Relying Party") criteria for acceptance by these "relying parties". Based on that info, I could establish an identity that closely matches the "acceptance criteria" of my "Relying Party", and probably get my "Relying Party" to open doors and welcome me in.

Hey, this whole exercise about "identity management" is to make the world a better/safer/secure place, aint it ?. I think that providing a platform whereby "identities" can be spoofed, and "created" is just silly. Who are we really helping? "ourselves" or "somebody else" ?

The way I look at it is, that the "Relying Party" has this box of treasure. I would like to see that treasure and claim my share.... In order to do so, the "Relying Party" has their own set of criteria of acceptance. If "my authenticated & authroized identity credentials match their criteria, I am given a key. I can use that key and open the treasure box anytime, however many times I want to". The point is, that the key is "GIVEN" to me after the fact that I have "successfully" authenticated and also "authorized" myself in a one step or a multi step process. (usually a multi step process). However even If I have a "pre-authenticated/pre-authorized" "key", I still need to present it to the "keeper" of the treasure and authenticate myself again every time I need to gain access. Even after authenticating myself all over, the "keeper" would still need to "authorize" me every single time.

The first step is gonna be to ensure that the "identity" is who he/she or even an "it" really is. There's no way that the "Relying Party" is gonna take the "presented secure identity token" and rely on it. One may say that the "secure token presented" can be validated against a specific set of criteria, But hey thats "authorization". Why would the "Relying Party" take the pain of "authorizing" a fake to begin with... If the "Relying Party" has assurance that the "identity" is valid, then the "authorization" step begins....

One not only needs to ensure that the "identity" is not a "fake" but also needs to ensure that the "identity" is stepping in from the front door, and then also have the ability to validate the "identities" other unique "characteristics" prior to even cross checking if the acceptance criteria matches the "identities" profile.

Am I selling something her... maybe... maybe I am....
Have you heard of nFactor Authentication yet ?? Well, if not, you will... soon... (I'm in the process of patenting and trademarking it) Trust me. you will hear from me.....

Anyway, back to the topic on hand... USER-CONTROLLED-IDENTITES.
I personally think that it's not a good thing. But I cannot force everybody to agree with my views. Like I have a right to my own view, you have your rights too. So all said and done, I see that the industry is making this huge "noise" about user-controlled-identities. Why fight it, I'll flow with it....

But in the process...., instead of just accepting the fact, I thought of making user controlled identites a wee bit more secure... and easier to implement and use. So I've comeup with my own "ANTI Laws of Identites" explanations...(No Offense Kim, I'm having fun with terminology. It's been a long hard day today...)

1. User Control and Consent: The user sure can consent, but control NO !!!. I meet my wife, she recognizes my "pre-authenticated" characteristics and "identity" and says, Hi "baby". I only consent my saying "yes love".
   LOL... I'm having fun today.. aint I ??
   
2. Minimal Disclosure for a Constrained Use: Minimal Disclosure NO !!!. With my wife there's no "minimal disclosure". I'm not sure if your's does.
3. Justifiable Parties: True Very Very True. I Concur. Both me and my wife need to constantly justify our commitment to each other. Trust me. We really really do. no kidding honest.... Dont you ? It's not because we distrust each other, it's reassurance. Just like folks like to reassure themselves about how good they look by repeatedly asking for opinions...
4. Directed Identity: In my case (example) the "identity" assertion is a two-way street. Not only would the "identity" need to assure itself of the authenticity of the "Relying Party", but the "Relying pArty" also needs assurance that the "identity" is a "trustWORTHY" "Identity".
5. Pluralism of Operators and Technologies: If I see myself as the "Relying Party" I need to not only recognize an identity called a "wife" but also recognize and know the difference in characteristics between identites like "daughter", "son" "employer", "mom", "dad", "friend" etc...
6. Human Integration: I Disagree than human Intervention needs to be a Law. Human intervention is necessary but not always. My coffee maker can brew only coffee and not make chicken soup. If I try to add chicken strips and water, I do not get coffee. My coffee maker is intelligent enough to know the difference between coffe beans/powder (the 2 characteristics of a presented identity that it can relate to, and is in it's list of criteriea to brew good coffee).
7. Consistent Experience Across Contexts: emmm.. how do I go about this one.. This is a hard one... Lets see.... How usable would today’s computers be had we not invented icons and lists that consistently represent folders and documents. Hey I really do not care about icons. I live in a "shell". Even though i'm not "Born Again" I live in a shell, a "Bourne shell". In my world, there are no "icons". However I am classified as an "attacker". How could you relate to me, and prevent me from doing what I (probably) could do, If I didnt care about "icons". You need to relate to me... the "threat". And if you succeed in doing so, that would be a HUGE step forward in making the world a better/safer/secure place.

that was fun... I just hope and pray that Kim takes this as a joke in good stride... This is plain old "food for thought" with a humourous twist. (it's sounds humorous to me at least. If it's not; maybe my taste in jokes is real bad...)

Next topic is "Secure User Controlled Digital Identities" and my version of enabling it's usage without having to implement or assert the adoption of a new "proprietary" standard or protocol. (if not the immediate next blog post, it would be a topic that I would soon post something on)

Kim said that I was wrong on the cookie phenomena when "infocard" authentication was used...

well, I'm not too sure about that.. Here's my exercise details to crosscheck if I really was wrong.

I cleared by browser cache, cookies..... everything to start with a clean slate...
The following screenshot shows the existing cookie list from my browser.. (note: no identityblog.com cookies)

Then I logged into identityblog using my "infocard" ID, And tried to post a comment. The screenshot below shows that the comment form was not filled out with my info.... However after the comment posted, it showed that the comment was posted by me... using the info that my "infocard" had...

The following screenshot shows the cookie list in my browser AFTER infocard auth. Notice that the cookie name is wordpressuser_MYSESSIONID & wordpresspass_MYSESSIONID

Then I logged out and the cookies disappeared... Neat stuff. Kim was right, the cookies get established when one logs in and then destroyed when one logs out.... or closes the browser, which is a nice thing because it was session based... usually the cookies exist for a period of time till the session timeout value exceeds the set limit. But in this case the session was immediately destroyed regardless of whetherI logged out or closed my browser... nice... really nice... IMPRESSIVE....

Then I posted a comment without authentication, and by filling out info in the comment form. The following screenshot shows what I did.

Actually I made a small error at this point.. I had posted a comment without logging out. I simply forgot to hit the "logout" button in the process of ALT-TABBing between this blog post and his blog. So I Hit the logout button and THEN posted the following comment:

As soon as I did that, I noticed that Kim's blog server set 3 cookies as the following screenshot depicts: (note the cookie names, they start with comment_author_MYSESSIONID, comment_author_email_MYSESSIONID, comment_author_url_MYSESSIONID.

Now I login with infocard again... and post a comment as the following screenshot shows:

I checked my cookie list and saw that in addition to the cookies priorly set without infocard auth, there were 2 more cookies... The following screenchot shows that....

...In short, Once a user uses the forms to post comments, the regardless of the "infocard" auth, the cookies persist in the browser....
However the form gets posted by the "authenticated user" regardless of the info one fills in the comment form.... But after the user logs out, he still can post comments without authentication and the persistent cookies take precedence....

INFERENCE: Kim's wrong 50%, I am wrong 50%. We are both 50% wrong.... ROTFL...

AH! with these screenshots, I do not think I need to explain more, You dear readers of my blog/s, can be better judges of what works and what does not

Cheers for now. That was a fun exercise...

update/note : Please refrain from sending me emails that the cookie list screenshots were not from using ie7, but were from Firefox. Do not ask me how I did it (not right now), I shall announce how to use Firefox to authenticate using infocards in due time... when the time is right...

With the infocard buzz going around..., and the possible opensourcing of it's components and code that enable users to easily deploy infocard, I thought that it would be nice if there could be more folks from the community who could actually try it out from a "deployment" perspective rather than from a "user's" to better understand how the whole thing works. But unlike me, not everybody has access to servers, and other necessary resources to deploy such a solution.

I thought of making it easier for those who do not have servers but just a desktop and/or a laptop to install a webserver (ie: Apache), php, perl, sendmail, mysql DB, a FTP server (ie: filezilla), a mail server (ie: mercurymail), webdav, a mysql DB administrator (ie: phpmyadmin), a weblog analyzer (ie: webalizer), OpenSSL, etc.. at the click of a button..

No, No, I didnt develop anything new, but am pointing you to something that exists out there that would enable you to do ALL OF THE ABOVE.

introducing: XAAMP from Apache Friends.

The philosophy behind XAMPP is to build an easy to install distribution for developers to get into the world of Apache. To make it convenient for developers XAMPP is configured with all features turned on.

The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment : please don't use XAMPP in such environment.

Since LAMPP 0.9.5 you can make your XAMPP installation secure by calling »/opt/lampp/lampp security«

XAMPP for Linux
The distribution for Linux systems (tested for SuSE, RedHat, Mandrake and Debian) contains: Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMyAdmin, OpenSSL, GD, Freetype2, libjpeg, libpng, gdbm, zlib, expat, Sablotron, libxml, Ming, Webalizer, pdf class, ncurses, mod_perl, FreeTDS, gettext, mcrypt, mhash, eAccelerator, SQLite and IMAP C-Client.

XAMPP for Windows
The distribution for Windows 98, NT, 2000 and XP. This version contains: Apache, MySQL, PHP & PEAR, Perl, mod_php, mod_perl, mod_ssl, OpenSSL, phpMyAdmin, Webalizer, Mercury Mail Transport System for Win32 and NetWare Systems v3.32, JpGraph, FileZilla FTP Server, mcrypt, eAccelerator, SQLite, and WEB DAV & mod_auth_mysql.

XAMPP for Mac OS X
The distribution for Mac OS X contains: Apache, MySQL, PHP & PEAR, SQLite, Perl, ProFTPD, phpMyAdmin, OpenSSL, GD, Freetype2, libjpeg, libpng, zlib, Ming, Webalizer, mod_perl, eAccelerator, phpSQLiteAdmin.
WARNING: This version of XAMPPis still in the first steps of development. Use at you own risk!

XAMPP for Solaris
The distribution for Solaris (developed and tested with Solaris 8, tested with Solaris 9) contains: Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMyAdmin, OpenSSL, Freetype2, libjpeg, libpng, zlib, expat, Ming, Webalizer, pdf class.
WARNING: This version of XAMPP is still in the first steps of development. Use at you own risk!

XAMPP is free of charge
We don't like overpriced commercial software and XAMPP is our attempt to do something that shows free software doesn't have to be bad.

Easy installation and deinstallation
To install XAMPP you only need to download and extract XAMPP, that's all. There are no changes to the Windows registry (not true if you use the Windows installer version of XAMPP ) and it's not necessary to edit any configuration files. It couldn't be easier!
To check that XAMPP is working some sample programs are included, there is a small CD collection program (written in PHP using MySQL) and a small guest book software (written in Perl) and several other demonstration utilities.

If you decide that XAMPP isn't needed any more just delete the XAMPP directory and it's completely removed from your system.

If you use the Windows installer version of XAMPP it's recommended to use the uninstall feature. As every installer do the installer will make registry entries to remember the install.

The license
XAMPP is a compilation of free software (comparable to a Linux distribution), it's free of charge and it's free to copy under the terms of the GNU General Public License. But it is only the compilation of XAMPP that is published under GPL. Please check every single license of the contained products to get an overview of what is, and what isn't, allowed.

In the case of commercial use please take a look at the product licenses (especially MySQL), from the XAMPP point of view commercial use is also free.

Happy LAMP... oops... XAMPPing.

Hi Everybody. Here's a request. I'm trying to decipher a file with the header a follows:

The body of this XML file has a tag block as follows:

If anybody knows anything about this, please let me know... by either posting a comnent here ( which obviously is as good as telling the world blogs.sun.com/images/smileys/wink.gif" class="smiley" alt=";-)" title=";-)" /> ) or by emailing me -AT- myFIRSTname.myLASTname@sun-DOT-com

Anybody ???

pursuant to my prior post on Kim's php code release, I predicted that the php code would be no magic. The real "magic" is in the browsers capability of invoking the "identity Selector" and passing data packets back and forth between the infocard enabled website using the OBJECT tag and the "Identity Selector". More on the browser side later. This post is about what Kim's php code "may" look like.

Please Read Update 2 at the bottom of this post

First and foremost, infocard requires SSL. So What Kim may have done on the serverside is force SSL usage on his admin pages. This "probably" is accomplished by seting up Rewrite Rules on the "insecure" host.

In the .htaccess or virtual host stanza in httpd.conf www.identityblog.com, Kim may have the rewrite rule to automatically go to the secure host when you browse to http://www.identityblog.com/wp-admin/. It's pretty evident because it does just that.

RewriteRule ^wp-admin/(.*) https://www.identityblog.com/wp-admin/$1 [C]

If Kim is using permalink rewrite rules, this line would probably appear before RewriteRule ^.*$ - [S=40]

I also noticed that Kim does not restrict access to the "public" www.identityblog.com over SSL. But if he chooses, he could restrict access to the secure site only to administrators, and force the public site to be served over non SSL.

Well, his httpd.conf file may look something like the following:

It is probably a good idea to utilize SSL for user logins and registrations apart from administration. I hope Kim consider's the following substitute RewriteRules. He currently does not do that.

Insecure
RewriteRule ^wp-(admin|login|register)(.*) https://www.identityblog.com/wp-$1$2 [C]
Secure
RewriteRule !^/wp-(admin|login|register)(.*) - [C]

Now as far as the php code goes: Here's what I believe has been done.

• He's enabled External Auth. (ie: not MYSQL, but infocard auth)
• Modified the following Files:
  1. infocard/* : Contains all the infocard functionality
  2. wp-login.php : Contains the infocard authentication code and modified cookie content
  3. wp-admin/auth.php : This is modified to take account of the infocard cookie marker
  4. wp-config.php : Contains some infocard definitions
• wp-includes/functions.php:wp_login() : modified to do infocard authentication and check for the infocard marker in the cookie
• wp-includes/functions.php:wp_setcookie() : modified to set the infocard marker instead of the password in the cookie
  

NOTE: The directory /infocard is not really called infocard. I have no idea what the directory name is. I assume that it's infocard. I cannot crosscheck it because He probably has a .htaccess file there that does not allow directory listing. So for all you know the directory may be called "unknowndirectory".

The file wp-config.php probably contains an "infocard" switch define(’INFOCARD_ENABLED’, true);. Setting INFOCARD_ENABLED to TRUE turns on "infocard" authentication. Setting it to FALSE turns it off and normal WordPress authentication takes over.

NOTE : I'm trying this on my own test box and not directly on www.identityblog.com. And since I have my own private network, and am doing this on my own boxes (offline). I edited the file contents to "identityblog" to relate to what kim's doing on his site.

Thats all for now. I gotto run, My daughter (my everything) just had a fall and is bleeding... I'll follow up on this later...

I shall post PHP code itself shortly. Please note: I am not stealing Kim's code; nor have I obtained it from him in any form so far. I am doing something similar to what Kim "may" have done. and am posting that code here.

Since the code's distributed across several files and directories I shall post a link to a tar file download and installation instructions. If you would like to "infocard" enable YOUR "wordpress" installation you could just follow the instructions in the tar file and use it.

Also Note that This is not generic php. It's specific to wordpress.

The reason i'm doing this, is because the market coverage for this php code is so so much that it suprises me that folks do not realize that php aint magic. The code release I would like to really see is the "browser" bit.

releasing php code for wordpress does not make infocard opensource.

UPDATE: I'd be very curious to find out how closely my code would resemble Kim's actual code. Kim: If youre reading this could you give me an indication if i'm going down the wrong path ?

UPDATE 2: I tested this approach over and over... The php code DOES HAVE "some" magic in it. It needs to understand the MetaData and obtain the xml token that the "Identity Selector" sends across... more investigations underway... Will keep you posted..SORRY Kim, Sorry for saying there's no magic

Just an FYI discovery of the moment.. Infocard authentication (as I had blogged about earlier this week) currently works on Windows XP with WinFX CTP installed and with Internet Explorer 7 Beta 2 Preview only. I tried to install ie7 Beta 2 Preview on Windows Server 2003. But got an "installation" error as ie7 Beta 2 Preview is currently not supported on Windows Server 2003.

ie7 Beta 2 Preview release notes can be found here.

If anybody out there has been successful in installing ie7 Beta 2 Preview on Windows Server 2003, please let me know how you did it or if it was possible.

I have just completed a basic infocard plugin for firefox. Currently with my plugin, you can create infocards and save them. yeah... A hellava lot of work has gotten into it already...

Please remember, I have a day job too and this is my effort on a "time restrained" basis...

Some folks mentioned to me just yesterday that I am burning myself with "infocard". I want to put on record that this effort of mine is outside the boundaries of my day job. Well, if you think that I'm lagging in my "official work", your DEAD wrong. My utilization is in excess of 100% and hey !! I'm a revenue engine for my employer. (I just hope that they are aware of it and appreciate it) ~just kidding...

There are folks who go clubing, skiing, surfing, sailing, etc... for recreation. Well, I code for recreation... So.. All's good... I hope..

Well, the next step is to enable the HTML-OBJECT (enable the browser to recognize the application type "infocard") tag to invoke my "plugin" to enable the user to select an infocard (identity) and pass the security token representing the digital identity from the Security Token Service (STS) onto the requesting site using the HTTP(s)/POST operation.

I am not sure how the website would validate the token, but however I guess I shall find out shortly..

Screenshots of my Firefox Plugin are shown below:

Firefox Extension Installer/Update:

Firefox Infocard Options:

Firefox Infocard Editor:

PS: The plugin is in "alpha" right now. I shall keep you posted developments from my end.

UPDATE: I should have said, PRE-alpha rather than alpha. The plugin is way from close to completion. Please remember I just started working on this and it would take me time to complete it. (especially when i'm doing this after hours) I shall post updates periodically as functional modules get added.. And as soon as i have a "working" instance, I shall make it available for download both from here and also the mozilla downloads directory.

I just wanted to share with you the "browser" requirements for "browsers" to have the ability to invoke the Infocard Identity Selector (WinFX CTP Component).

For now, I know what the "browsers" should do. Would they do it... is another story altogether...

1. The browser InfoCard support code invokes the InfoCard identity selector, passing it parameter values supplied by the InfoCard HTML tag supplied by the site.
2. The user then uses the identity selector to choose an InfoCard, which represents a digital identity that can be used to authenticate at that site.
3. The Identity Selector uses the Identity Metasystem protocols to retrieve a security token representing the digital identity selected by the user from the STS at the identity provider for that identity.
4. The browser should post the token obtained back to the web site using a HTTP(S)/POST.
5. The web site validates the token, completing the user’s InfoCard-based authentication to the web site.
6. Following authentication, the web site would typically then write a client-side browser cookie and redirect the browser back to the protected page.

AH!! authentication, see... Infocard addresses "authentication" and NOT "authorization". I believe that my assumption is true. Could someone correct me if i'm wrong?

Though Kim's placeholder for publishing the php code for wordpress integration is still "on hold" Kim has just blogged about the wordpress version differences betwen his "test" box and the "production" blog. He also mentioned that "a bunch" of people have been using the infocard client on his site... Well, I sure am one of them. However i'd like to meet the others... SO if there are others out there trying to use learn more about infocards, introduce yourself. Well, I did log into Kim's site with an infocard, but I informed Kim about my moves... I'm not doing anything behind his back... So I'd suggest you folks who are trying to log into identityblog, to introduce yourselves... Well, we can start a "support group".

I'm not too worried about the "php" part as the php code for WordPress I predict would be an extremely simple thing... Here's my prediction...

All the code would do is, "provision" the "authenticated" user info mysql, and establish a WordPress session. (Correct me if i'm wrong Kim, but infocard addresses a specific usecase. ie: Authentication and not Authorization). Additionally, the user may be associated with a "role" that would enable the "user" to comment on the blog... nothing more... The php stuff aint magic... The "REAL" magic is the browsers capability to invoke the "Identity Selector"... Now, Kim, if your'e reading this... could you share "THAT" code ?

Now, I may get a response in the form of ... Just embed an OBJECT tag in your HTML code and that would do it.. But hey !! that aint it. Embedding an OBJECT tag in HTML just does not do it. There's more to it than just an OBJECT tag. There's some relationship between the browsers capability of identifying the application type "infocard" and having the ability to invoke the Identity Selectior thats installed on the desktop. I know that ie7 Can do it as I blogged about that earlier. Kim mentioned that he "had" a plugin for ie6. Well, apart from me trying to develop a open source version of the "Identity Selector" in Java ( which has nothing to do with HIGGINS ), I also am trying to develop a plugin/addon for Firefox/Mozilla. And If Kim shares that "plugin" code for ie6, it would make life so simple.... (at least mine...)

PS: In order to get a "browser" to "invoke" the installed WCF Identity Selector, the browser needs to recognize "specific" HTML extenstions. I do have a doc that describes those extentions, but am currently unclear on it's workflow; as I got my local browser (firefox) to recognize "those" extentions, but was unable to invoke the WinFX Component from my HTML page with an embedded OBJECT tag.

I've got a lot more to learn..... and I shall share as I roll along... Will you ?

Reference Links :

1. A guide to Integrating with Infocard V 1.0
2. Infocard Godfathers :
   • Kim Cameron
   • Mike Jones
3. Design Rationale behind the Identity Metasystem infrastructure
4. Microsofts vision of a Identity Metasystem
5. The Law's of Identity ( microsofts version )
6. A technical reference for infocards 1.0
7. WinFX Developer Center

Pursuant to my post on my "non-infocard" blog, I would like to take this opportunity to welcome you to my "infocard-blog". I shall not be cross-posting information between the two blogs; nor will I be moving old posts from "a twisted world" to this blog. So If you want to read any of my old posts, head on over to my "other blog"

I hope to make this a group blog and would invite other folks to join me here. Hopefully in due time it would be more than just me blogging here....