Search
Tweets
Blogroll
Powered by Squarespace
Tuesday
Jan192010

#hashtags #QLF? Charlie Foxtrot

Hashtags are cool… until they become so difficult that they ruin the text itself beyond immediate understanding.

It’s beginning to look a bit like the old Q codes, a system almost impossible to understand unless you knew all the emerging and de facto rules.

Which unfortunately isn’t possible in any open-ended system like Twitter.

No, please leave the 140 characters for human-readable text. Don’t ruin the legibility with weird syntax. Humans are not gadgets or machines.

Otherwise, we might as well just start base 64 encoding binary data.

Thursday
Dec312009

Simpler than OAuth WRAP

OAuth WRAP sprouted up because some of the original OAuth authors and initial implementors thought there were usability issues with OAuth. For example, David Recordon, one of the original OAuth authors commented that Facebook is “hearing strongly from other major implementors that OAuth has not been widely adopted by their developer communities because it is too difficult to correctly implement”.

Even though WRAP seems a step in the right direction. It’s good to make things simpler. But it still doesn’t address the common basic problems with protocols like OAuth:

It still seems too difficult. A cursory glance at the WRAP protocol shows it roughly the same length as the OAuth 1.0a spec. Granted, both protocols are in draft status, and this may be a silly comparison. I had expected a simpler version to be shorter than what it replaces.

The browser redirect anti pattern is still in full swing. WRAP fails to address this huge usability and security problem. We often talk about the password anti pattern, which boils down to: stop conditioning people to give out their passwords. Yes, this is pure evil. We need to stop this, and OAuth helps tremendously here.

The browser redirect anti pattern is scary. Like any anti pattern, this one conditions us to accept that the browser bounces us back and forth between sites. It conditions us to accept that the browser goes where it wants to, and that we are no longer the driver, but the passenger, of our web browsing.

This is dangerous and opens up phishing opportunities. The session fixation attack of the original Oauth 1.0 protocol could hardly been successful without this anti pattern.

So there has to be something simpler. At a meeting at Facebook December 8, 2009, people discussed the Netflix authorization flow, used to connect devices such as TV:s to a Netflix customer’s account. When connected, the TV can play the movies the customer adds to their queue. I think the people gathered missed that this flow can be used for all authorization, not just devices, but any web app.

The Netflix flow can be explained in a few sentences. Because the user is not connecting the TV to Netflix via the browser, a redirect less scheme was invented: The TV displays a short memorable text code to the customer, who enters this code at the Netflix website to give the device access. That’s it. Nothing more, nothing less.

The underlying protocol? Dead simple. In essence, the TV makes one call to Netflix to get a code, which it then displays to the user. Then it polls Netflix, say every 10 seconds, to see whether the code has been authorized, and if so, gets back some key to use for all future operations for that customers. If the key stops working, the customer has revoked authorization. 

This key can be used as secret tokens are used in WRAP: signature-less in the HTTP protocol header on top of SSL. Yes, the devil is in the details, but it seems this fits nicely into existing OAuth-enabled services with very little change. 

 

Thursday
Feb052009

GarageBand '09: not bad at all

I’ve been trying out the 2009 version of GarageBand for a few days and it feels tighter than last year’s. There is less lag when you switch between info and loop mode, the same hardware seems to be snappier in most operations, actually.

It seems that the lesson feature is pretty usable, too. The software comes with 16 free lessons for the piano and the guitar. If you have trouble getting into reading dry books, these lessons are well worth checking out.

The way you add effects on both software and real instrument tracks seems more intuitive. I haven’t tried out the “magic band” stuff, but if brings the joy of music to people, why not? (I could almost say the same about Microsoft’s Songsmith, but this is just too weird.)

A few snippets of GarageBand 09 music from my songs page: You make me. Pink butterfly.

Saturday
Jan312009

New song page

I added a new page with my songs, where the Yahoo! Media Player picks up my mp3s from Amazon S3.

Nice!

Friday
Jan302009

Week 12: You Didn't Want To Stay

Last week. Twelve grueling weeks were over just before Christmas. I learned a lot during this course and hope to build on it.

Week 12 saw us combine the verse/refrain form with a chorus. This form takes advantage of the strong points of both: the lyric focus and interesting music of verse/refrain, with the singalong, wider audience appeal of the verse chorus.

There are two types of combination song forms — the pop version and the country version. Mine is more of the former.

Title: “You didn’t want to stay”

Verse 1

D.................A......
I remember when I met you
Bmin....................G...
In your backyard by the tree
D.......................A......
You were smiling at the sunshine
Bmin.........................E...
But never once you smiled at me

G.............................D......
Could you tell me what you're thinking
A..................F#..
On such a summer's day
G......................Bmin.......
Was it that you had to leave girl
E..........................A....
And that you didn't want to stay

Verse 2

Stars shine through the cold wind
Backyard winds blow strong and fast
And I am standing in the moonshine
Trying hard to see our past

Clinging on to your memory
Cold night follows colder day
Was it that you had to hide girl
Or that you didn't want to stay

Bridge/Chorus

F#......................Bmin
After all I can't forget though
F#......................Bmin
that I never heard you say
E.........................D
that there was a cloud in your sky
E............................D....
and that you didn't want to (stay)
F..........
didn't want to, didn't want to
G.............................A
didn't want to, didn't want to stay

Verse 3

All the guests are all but gone now
Saying how they miss you so
And I am staring into nothing
I understand you had to go

I hope you find your peace now
Wishing I could hear you say
What I never understood girl
Why you didn't want to stay

Bridge/Chorus repeat