@madpilot makes

First off, thank to WA government for having the foresight for ignoring the actual birthday of the Queen and making today a public holiday – my couch has been-a callin’. So what has been happening over the past couple of days?

Day 0

After getting in early morning on the Wednesday, I toddled along to Stories for one of their famous egg and bacon rolls with Simon, Lachlan and Nick.  Oh how I’ve waited for that. I could have gone home at this point a happy man, but then there was work to do! Spending the day tweaking my presentation, next it was up to the Kirk for memories of last year (Yes, they still only have five pint glasses) and then on to Port80 Sydney: Wednesday edition. We had a fantastic turnout, with over 80 people – most of which were new faces. Big ups to Clever starfish, radharc and Saasu.com for throwing dollars on the bar. I’m seeing a definate pattern here in regards to free beer.

Day 1

Waking up slightly hung over, I was off to the registration desk, and then the games began. Highlights for me was Dmitry Baranovskiy’s web vector graphics  talk. I’m about to go download raphael and build some stuff – not only if the guy a genius, but his talks are hilarious. Unfortunately, I missed the JavaScript workshop, where I hear Cameron Adams wowed the crowds with a JavaScript drum machine – with visualizations. The final keynote from August de los Reyes tied software and psycology together, something that I think is the crux of what we do. It was also a great talk, although the ads were a little too much to take.

What I learnt:

• Seeing cool stuff is inspiring.
• When giving a presentation, find out about the audience – it’s better to pitch a bit to high than to low.
• Don’t try to squeeze in 2 hours of material into 55 minutes

Day 1.2

Next up was WebJam8. The one big disappointment of this trip is that I didn’t get something entered in WebJam, but having a Web Directions talk to do and a stupid amount of work took priority… Some really cool stuff was shown: Dmitry came third with a live code, that added reflections and animation to images on a web page, Diana came second with a crazy funny fast presentation about governments and bike helmets and the winners, Mr Speaker and Henry Tapia did a awesome YouTube remixer. In a moment of unlike-me-ness, I wentback to the hotel at a reasonable hour…

Day 2

…and for the first time EVER made it to the first session of the second day! So no one can joke that I missed the best talk of the conference (as happened the past couple of years) and I wasn’t dissapointed. Jeffrey Veen is a brilliant speaker, and I wanted to pull my laptop out right there and then and cut some code. This is the sort of stuff that makes these conferences. After lunch, I gave my presentation on OpenID, OAuth and webservices (Available on slideshare here), and I think it went pretty well. The backchannel was only positive, so I count that as a win. Next I headed over to Douglas Crockford for a good old fashioned Computer Science lecture, god that takes me back! Whilst a little dry, and technical (Who am I kidding – I wanted that) it generated some great discussion.

What I learnt:

• Great talks bring in personal experience
• You need to get the audience to think
• Dual monitor Powerpoint never works properly when you need it to

Closing night

With all of the festivities over, it was time to let the hair down at the Shellbourne, for a quick shandy.  Had a debate about designers vs UX experts (We were actually arguing the same point, it turns out), and had many an indepth conversation, including one with Charles from Opera, about webservice brokering. So much so, my plans to build one may now be possible (Huzzah!).

What I learnt:

• Finding random “locals” to go out with doesn’t mean they know where they are going
• Peanuts 2u is actually a brand of salted almonds
• There is a “No redheads” policy in NSW pubs
• Bats are weird and scary

So that was my Web Directions experience in a nutshell! Roll on Edge of the Web – only five weeks until we get to do it all over again!

Spurred on by Gary’s discussion on the number of micro-blogging sites around, the “Is it Distributed?” question made we wonder if we are going about this wrong. Cameron Adams was right when he said there is only one social network, so why are we flicking between a large number of them? Why aren’t we running out own?

Beyond a number of small superficial differences they all do the same thing – you add friends, post what your doing (usually in an arbitrary 140 characters or less) and read what others are doing. There really is no reason why this can’t be truly distributed, i.e. I can run my own micro-blogging site, and all my friends can run their own micro-blogging sites – all that is needed is some glue (a communication protocol) to bring it all together. The great thing about this, is we already have systems to make this happen – get your buzz-word bingo cards out people…

RESTful XML

The first part of this system is a RESTful API that allows friends to post information in your timeline and you to post to others. Everytime you post to your microblog, it will iterate through your list of friends and forward the message on to them. The same thing happens if you delete a post – if notifies all your friends to remove the post from their local database. To ensure that random people can’t spam our feeds, we can use OAuth to give “friends” permission to send us information.

Your own timeline

The reason that your microblog would need to be notified of other peoples posts would be so you can cache these posts on your own microblog, which gives you a twitter style public timeline. The advantage of this is that there is basically no database load to display YOUR feed – the only information in your database are the posts that you want to read!

Adding friends

So how can you add friends and allow others to follow you? This is actually pretty easy using OAuth – by adding your microblog to your friends microblog authorised list, they know that you need to be notified on an add or delete command. This gives us the side effect that we can manage not only who we follow but who follows us – if you want to stop someone from following you, you just de-authorise them. So what happens if a new friend adds your microblog to their timeline? A simple GET command could be made to receive all of the posts by the new friend, effectively syncing up the two databases – all future posts will obviously push to the new friend (and vice-versa) so there is no expensive polling.

Other peoples timelines

If someone has a public timeline, this is a no-brainer. Each persons microblog would just be available and others can just read it. But what about private timelines? Enter OpenID. If each of your friends provide an OpenID URL, they would be able to login to your microblog to read your private feed – no password required, but is still totally private.

Discovery services

Many twitter users scour the public timeline waiting for people to post things that they are interesting in. This is actually quite easy to implement on a distributed system – have a read only super node that everyone posts to. Voila, instant public timeline. This also means that you can easily create “channels”. Instead of only having one public timeline, you can have many based on different topics.

Unlimited extensions

One of the value-adds for Pownce is the ability to share attachments and events. In reality, all it does is provide a link to a file on a remote service. If you wanted to add this function to your microblogging site, you can quite easily – as long as you post the link to others. This means you have complete control over what your microblog does, as long as it still talks the protocol.

Advantages

1. The obvious one is you aren’t at the mercy of servers doing a twitter (ie. being up and down like a yo-yo). If your friends server goes down you miss out on their posts, but no one elses.
2. You have control over your data – you don’t have to worry about a service disappearing overnight and you not being get at it. It all on your server
3. Distributed data – your server dies and your harddrive explodes, your data can be rebuilt from the data that is stored on one of your friends databases

Disadvantages

1. If someones site is down they may miss some updates, so you would need a method for re-syncing all friends posts from a certain date – no biggie.
2. It does make completely removing your account difficult as you can’t really ensure your friends are going to respond to delete commands correctly

So what do people how don’t have their own server to run this on? This is the kicker – you can still have hosted versions of the system. This works for blogs (I host my own, but some of my friends use systems like Blogger.com) and OpenID which makes it much more accessible.

If there is some interest in this, I’m sure we can start drafting some specifications. I’d be interested in your thought.s

Now that the OAuth standard has been finalised and the Rails plugin (as well as libraries for a number of other languages) has stablised, I thought it time to become an early adopter and add it to 88 Miles.

OAuth works like this:

1. A developer create a third-party application (a consumer). They login to the the provider website and add their application. The website will then given them a secret key and three URLs: one to get a request token, one to get an access token and one that users can use to authorize an application.
2. When another user decides to use the third-party application, they first need to authorize it’s use. So the application will request a Request Token by posting some data to the request token URL.
3. Once this returns, the application should redirect, or at least point to the authorization URL. On this page, the user is asked whether they really want to give access to the third party application.
4. If the user says yes, the provider will redirect the user back to the consumer website, or at least notify the user that the consumer has authorization (It’s a bit hard to redirect to a desktop application for example).
5. Once the consumer is notified that it has been given access, it will then swap it’s Request Token for an Access Token.
6. Now the consumer can freely access resources from the provider by using this Access Token.

Obviously, if a given instance of an application has a valid Access Token, it can skip steps 1-5, and just continue using the Access Token.

Although the Rails plugin is aimed at people using acts_as_authenticated, a little bit of hacking and code diving meant it was relatively easy to shoe-horn it into my custom login system. Because I wanted 88 Miles to drop-back to basic authentication if OAuth wasn’t available, I needed to work out what authentication system each request required. This can be done by:

request_proxy = OAuth::RequestProxy.proxy(request)

if(request_proxy.signature_method != nil)

  # It's an OAuth request

  if oauthenticate

    # They get access

  else

    # Denied!

  end

end

Nice and easy. I did go through and spruce up some of the authentications screens, but if you aren’t that anal, the boilerplate code from the plugin would suffice.