Category: Development

todo: todo

Ever since Corey posted about it, I’ve been playing with voo2do. It’s pretty much what I’ve been looking for in a TODO list, which isn’t all that much, I just need to be able to:

a) access it from anywhere
b) group tasks into projects

That’s some pretty tough criteria admittedly, but voo2do covers that and more.

The most appealing thing to me though, is that they offer an API, for which I’ve started implementing a .NET wrapper library. It’s about 60% complete, covering the fetching of tasks and projects, but not saving tasks or fetching by views yet. I’ll post it as soon as my hosting company sorts themselves out.

I’ve also started working on a GNOME client for voo2do, which fulfills my hidden requirement (c), have a native interface for it, but still be accessible from anywhere.

gecko-sharp, ipod, servers

I finally got around to verifying my gecko-sharp/https bug with latexer and reporting it upstream. Basically, the gecko WebControl widget crashes when accessing SSL/https, while epiphany/mozilla handle things fine. This’ll be a showstopper for the new Glimmr, thanks to the whole new Yahoo/Flickr authentication system.

I received my 60G iPod yesterday, so there went a whole night of ripping my CD collection. Yet to play with it under linux, as soon as I get the newest rhythmbox into portage I’ll play with it and GtkPod. I’m also looking forward to having a go at Calendar/Contact sync’ing which was worked on as part of a Gnome.org bounty.

Finally, I’ll be working the weekend tomorrow and reinstalling our file server at work. It’s currently running some ancient Mandrake version, installed by the tech guy before me. I’ve got to be a bit careful as it’s holding about 500G of graphics work for the “pretty pictures department” that I really don’t want to lose.

flickr api changes

Flickr has recently been acquired by Yahoo. This isn’t news, but as a result, they’ve changed the authentication mechanisms in the Flickr API. Previously, there was a simple API call with a username and password that would authenticate your session. This was simple, and great for application developers – we could manage user profiles and store usernames and passwords for the user.

This has all changed with the new API.

Now, there is no API call to authenticate. Instead, you need to call one method to get a session key, called a “frob”, giving your application’s unique identifier (an API Key), and password (the shared secret). Then you need to create a URL that the user must access (through a browser), which allows them to login through a web form. The status of their “frob” will then be updated so that they’re authenticated, and then API calls from the application will work using that “frob”.

This sucks for application developers. It’s no longer to store profiles, usernames and passwords for users. And it obviously requires delegation to a web browser before the application is usable. Now thanks to Gtk.Html and Gecko, this isn’t going to be horrible for Glimmr. Either way, it’s not particularly pleasant though.

This also sucks for users. They can’t use profiles, and they’re going to have an application popping up a browser window when they try to do something. Any application I used that did this, I’d be extremely wary of. Why? well that brings me to my next point – is this more or less secure?

If the aim of this is to increase security by removing the application from the loop, ie it never sees the user’s username or password, then it’s not entirely successful. It would be trivial to still obtain the username and password – just by spoofing the web page that’s popped up, displaying a “sorry, your password is incorrect, please try again” and forwarding that to the real log in page.

I don’t think that’s one of the considerations – more likely it’s because due to Yahoo’s recent acquiring of Flickr. Now, new users must sign up to Yahoo before they get a Flickr account. It looks like there’s no Yahoo API to authenticate, and so we’re left visiting a web page and relying on server side sessions for authentication.

Of course, I’m blaming all of this on Yahoo because they’re not in the room.

Either way it’s not going to affect Glimmr that much. I can embed a Gtk.Html or Gecko widget in the application and use that, rather than using a seperate window (or still allow the user to choose that option), so it’s mostly just a pain in the neck. Of course the Glimmr code is, and will be open sourced, so any malicious code would be found – not that I’d even consider writing it.

Wise up Yahoo!

drivel

I liked the look of drivel-2, especially when I found out it wasn’t limited to LiveJournal any longer, and I could post to an old blog at blogspot.com with it. But lo and behold Blogging Standards – it supports Atom/BloggerAPI blogs, of which b2evolution is one. Looking forward to using (and maintaining) it.

the return of glimmr

So I’ve returned to the fold of open source lately, and I’ve missed it over the busy past few months. I’ve also returned to my favourite online services – blogging, flickr and del.icio.us. Flickr is especially one of my favourites, even though I don’t take a lot of photos with my cheap Canon C-150, I like browsing around following tags like currents.

I’ve been thinking hard about starting work on a rewrite of Glimmr, an open source, C#/Mono application for uploading photos to Flickr. I can’t remember exactly why I started writing Glimmr. At the time it filled a hole in both the Linux Flickr tools (which were mostly one big hole), and in my expansive free time, but the code was never meant to last. It was one of those projects that most people write to learn something. In my case – GTK#.

So I’ve wanted something a bit more lasting, something a bit cooler and I was actually looking forward to a bit of a rewrite, something that could be structured from the ground up.

So it will be started – glimmr2? oh, how about – glimmr-ng *all together now – cringe*.