It’s true. I love technology. There’s something about a new gadget or computer that gets me all giddy inside, so I was actually pretty excited when my significant other told me he bought me an HP Chromebook 14-q039wm on Woot last month. It’s a pretty interesting device. I’ve been using it fairly regularly since I got it, so let’s see how it stacks up against my myriad other portable computers (including but not limited to a Surface Pro 2, Dell Latitude E6410, ASUS VivoTab Note 8, and an Acer Aspire Switch 10).
You’ve probably heard about Chrome OS by now. Based on the Linux kernel and Google’s Chrome browser, it’s a browser-only operating system. When I say browser-only, I mean browser-only. If it’s not online, you probably can’t do it with Chrome OS. The same extensions you use with Chrome in Windows or OS X can be used in Chrome OS, and more recently, Chrome OS has introduced the ability to run Android apps (provided that the app supports this feature, and those are few and far between so far).
Chrome OS has gotten a lot of media coverage, and there are plenty of journalists and tech pundits who have started (or at least tried) using Chromebooks as their daily driver. I’ve been taking mine to work lately, and while I can do some stuff with Chrome OS, it isn’t going to replace Windows any time soon.
I’d go so far as to say that Chrome OS isn’t a real operating system. Sure it runs on a computer and has a graphical interface, but the similarities end there. Chrome OS does have the ability to offer some basic functionality – text editing, an SSH terminal, a limited file browser (local storage and Google Drive only!), a calculator, and a web browser. However, unless you’re well-entrenched in the Google services ecosystem, Chrome OS doesn’t cut it.
My primary email address is through Outlook.com, I use OneDrive for my cloud storage, and I have no interest in Google’s sorry excuse for online document editing with Docs, Slides, and Sheets. I also use Reddit and Facebook pretty frequently. Chrome OS support for all of the above is weak at best. Although there are rumblings of other cloud storage services working with Chrome OS’s File System Provider API, the lack of access to my OneDrive is a serious flaw for me. I’ve started using Google Drive out of necessity, because face it – manually downloading from and uploading to OneDrive via the website is just a pain. What’s worse is that I can’t access local network shares over SMB or WebDAV – or even SFTP! My file server is rendered useless thanks to Chrome OS completely missing support for mapping network shares.
The other big flaw that I’ve found is the total lack of Facebook support. All I’ve found are a few so-called “apps” in the Chrome store that do nothing beyond load the mobile Facebook chat interface in a separate window. There’s no support for notifications. The same goes for Reddit – the Reditr app is passable, but unless it’s running, there are no notifications. I’ve been able to get a couple Android mail apps running, which gives me email notifications for my Outlook.com account, but the native Android mail app is unstable and CloudMagic (which is in the Chrome web store but is really just the Android app ported to run on the ARchon runtime) has a long list of bugs and problems in its current form.
Chrome OS is fast. It boots and reboots almost instantaneously. Because there’s virtually no data stored on the device itself, wiping and starting over is incredibly painless. Battery life is pretty great, and my model has a 4G SIM card slot complete with a T-Mobile SIM card and 200MB monthly data access for free – for life! The hardware is pretty nice for a $200 laptop, with 4GB DDR3 RAM and an Intel Celeron CPU. I already have plans to replace the 16GB M.2 SSD with a 128GB module so I can dual-boot Chrome OS and either Ubuntu or Windows 10.
On the fit-and-finish side of the hardware, I love the color. The trackpad is really great, and the keyboard feels pretty solid. I’ve read that the HP Chromebook 11 has an IPS display while my Chromebook 14 has a cheaper TN display, but I don’t really have any complaints about the screen quality or viewing angles.
I won’t lie – compared to HP’s Windows 8.1 competitor, the Stream 14, the Chromebook 14 is a better product (and cheaper, if you get the model with 4GB RAM and 4G data at the $209 Woot price), but with Chrome OS on it, it’s just too limited. As noted in many articles about both Chromebooks and Chrome OS, most of what your average user does is online. However, most of that online stuff is centered around communication of some kind – and that’s where notifications are critical. I don’t want to keep tabs open for Facebook and Twitter and Outlook.com and Reddit and LinkedIn just so that I can get notifications about account activity.
One minor complaint I have is that the sparkly turquoise rubberized finish leaves something to be desired – there’s a nick in the surface already, and it seems to pick up marks and scuffs a little too easily. A bigger complaint is that Google has decided to keep to a very short-lived support timeline for each Chromebook that’s released. That part is pretty obnoxious – my Chromebook is only going to stay updated for five years. After that, Chrome OS updates won’t be available anymore. Google has a knack for doing that – they did it with Google TV, too. I understand not providing customer support after five years, but not allowing OS updates on specific hardware after five years is nothing more than forced obsolesence. I hate that Apple does it, and I definitely hate that Google does it. It’s kind of the opposite of their so-called “don’t be evil” mantra.
I’m a Microsoft fangirl. I can’t help it. I work for the company, I work with Windows 8 every day, and I love teaching people how to get the most out of Windows. On that alone, I can’t really recommend a Chromebook to anyone. It’s not a good student machine at all, because it can’t run anything a student might need outside of basic document editing. A lot of schools use web applications that require Java or ActiveX, neither of which will work in Chrome OS. Advanced applications like Visio, Matlab, and Visual Studio are just not an option. Beyond that, the total lack of social networking integration limits its use considerably, unfortunately.
The thing is, when you can run Chrome in Windows and access a Chrome OS-like interface simply by launching the Windows 8 Modern Chrome interface, Chromebooks don’t have a lot to offer over similarly-priced Windows computers. Most of the reasons Chrome OS was initially compelling have been negated thanks to significant improvements in Windows 8 and 8.1. The number of apps available for Windows 8 today mean you don’t necessarily need a web browser to access web-based services. In fact, apps are frequently a much better experience – fewer (if any!) ads, a more fluid interface, and customizability.
If you’re a big proponent of the Google ecosystem, you’ll probably get good use out of a Chromebook. If OneDrive integration happens with the new API Google is supposedly introducing, I’ll be able to do a lot more within the confines of Chrome OS. I’d also be thrilled to see a mail client released that’s Chrome native (not just a repackaged Android app) with support for multiple accounts and protocols like Exchange and EAS. I also haven’t found an offline text editor that can connect to my web server over SFTP. The developer of the best Chrome text editor available, Caret, refuses to build in any remote access support, unfortunately.
In the meantime, my Chromebook makes a good web browsing and SSH machine. It’s not going to replace a real computer for me, but the hardware is nice enough that it has earned a place in my computer collection.
Quite a few years ago now, a large open-source project called Pidgin fell prey to one of the bigger pitfalls of OSS – developer-user relations. With commercial software development, a company has resources available to do things like usability testing, analysis of interface design, and most importantly – interact with customers through company representatives whose primary role is to address customer concerns and issues. Software developers are famously stubborn and, for lack of a better word, assholes about their work. Customer liaisons protect users from the rough-around-edges aspects of the developers’ personalities and tendencies, and the end result is that the customers are happy, the software satisfies the customers’ needs, and the developers don’t end up in really sticky situations.
Open source software isn’t so fortunate, even with large projects. Back in 2008, a popular multi-protocol chat client called Pidgin (known as GAIM in the late 90s and early 2000s) released a major update that overhauled the user interface. Many advanced settings and features were removed, but one of the most contentious was the removal of a manually-sized input area in chat windows. Instead, the text area expanded automatically and, when empty, was only a couple lines high. A bug report was quickly filed. Functionality that had been present since the inception of the project had been arbitrarily removed, and legions of users wanted to know why it happened and when it would be fixed. The primary developer who handled customer comments on the ticket, Sean Egan, repeatedly harassed the many users who complained about the change and requested that it be fixed. Rather than listening to what the users requested and understanding that options (particularly in open-source software that had previously been designed to serve power users as well as regular folk) are better than none, the developer opted to insist that the change was good and would not be changed.
Particularly troubling was the response of another developer, deryni, who had this to say in one of his comments:
The key here is that you don’t manage us, a fact you are keenly aware of and even reference farther down. Another fact is that we have no requirements for any of this beyond what we feel like creating, which is a freedom your managed developers do not have. Both of these factors are central to our claim that it is more work than we care to put in and why we ask for people who do want it to write it (at which point we will happily accept it).
Unfortunately for the folks at the Pidgin project, when your open-source software creates a large enough user base, your requirements must extend past what you “feel like creating”. Your project has evolved past a tiny for-fun application that you hope people will consider using into something much larger, and an inability to accept that is one of the biggest reasons why businesses still reject OSS as an option. The end result of the Pidgin fiasco was twofold – a fork was created to put back the feature (the developers claimed it was “too much work to fix”, even though the feature had previously been there and was deliberately removed), and Pidgin lost quite a longtime users, including myself. While the dent in the user base wasn’t big enough for the developers to fix the bug, the fact remains that this attitude is what prevents OSS from gaining legitimacy in the larger world of technology and end-user applications.
We are now seeing the same attitude from the developers of Firefox, one of the biggest web browsers in the world. A bug was filed in 2008 due to what appeared to be an accidental or arbitrary change in Firefox’s functionality. In OS X, Firefox had consistently prompted the user with an “Are you sure?” dialog when the user attempted to close the application using the system-wide Command+Q keyboard shortcut. This was very useful for Mac users, since the Command+W shortcut to close a tab was easily mistyped on a standard QWERTY keyboard. The Firefox development team saw fit to remove this behavior. Bug reports were quickly filed, since the functionality had previously been there and was very much expected behavior – in fact, other browsers for OS X, including Safari, Opera, and Chrome, prompted on quit.
Rather than listening to the users, the developers took the bug report as an opportunity to launch a moralistic crusade against changing anything they didn’t feel like changing. Six years later, this bug report has been reopened by users who simply do not understand why the developers would (a) remove consistent, expected functionality and (b) stubbornly refuse to consider reverting the change. My inbox has been blowing up the last few days because of how heated this discussion has become. The developers have simply refused to fix this, with reasoning varying from “the people complaining here don’t represent anyone else in the user base, so it doesn’t matter” to “we want it to behave like this regardless of what you say”. There is no objective, logical reasoning behind why the functionality was removed. It just was, and now that enough people are up in arms about the change, the development team is unwilling to swallow their pride in their product (which is a very good product, to say the least!) and fix something that users have been complaining about for six years.
Meanwhile, let’s look at what happened with two products recently released by Microsoft – the Surface and Windows 8. The Surface RT was met with great ridicule at its launch, in part because its hardware specifications were somewhat lackluster for its initial price point of $500. Microsoft responded by keenly observing media and user criticism and, a year later, released the much-improved Surface 2. The biggest complaints – the screen resolution, the slower USB 2.0 port, the placement of the MicroSD reader, and the single-position kickstand – were addressed. Rather than saying “if you don’t like our product, you’re wrong!” Microsoft did what any business needs to do to keep its customers – they listened to feedback and did something about it. The result? The Surface 2 sold out and was impossible to find in most regions until after the holidays. Even now the updated Surface Pro 2 can be hard to get your hands on.
Windows 8.1 had the same impact. Customers had a hard time adjusting to Windows 8’s replacement of the start menu with a full-screen Start interface, so Microsoft added an option to boot directly to the desktop. Customers wanted more customization options for the Start screen, so Microsoft listened and added more options for changing the color scheme, menu background, and tile size. The search interface was unnecessarily complex and required extra clicks to find files or settings, so it was streamlined into a single results list, with the option to view expanded search results if needed.
It’s great to be proud of what you’ve accomplished when you create something. However, software development is not like modern art – you can’t create and respond to criticism with “you don’t understand the meaning of art”. Instead, it is paramount that developers learn how to handle criticism and customer pushback gracefully. Until that happens, even the largest open source projects will have a hard time finding acceptance in the business world, and those that do – like Linux – will continue to require real businesses behind them, like Suse and Red Hat.
Will I stop using Firefox? Of course not. I don’t find Chrome to be an adequate replacement for my needs, and I rarely use OS X. When I’m on a Mac, I found an addon to replace functionality that never should have been removed in the first place. However, retaining users should not be seen by the developers as a message that what they’re doing is working. It should instead be viewed as an unfortunate fact that their users don’t have a good alternative and are at the mercy of the developers’ stubbornness and arrogance.
About a week ago I received Google Glass. I’m very excited about the potential applications, and I can’t wait to see how this dawning era of wearable tech will change our lives. In time we’ll see concepts from companies like Apple, Samsung and Microsoft that will help make wearables an intrinsic part of the 21st century. This is the first of a series of articles on Google Glass and wearable technology, and offers my first impressions of Glass.
It seems everyone is giving their first impressions of the device, though these impressions are often geared towards an audience already familiar with the product. I’ve been wearing it in public, and over the past week I have had several people asking me about the thing on my face. Most people already recognize it as Google Glass, but few seem to know what it does or how it works. In fact, it seems many believe that once Glass goes on, it never comes off – it has become a part of me. I’ve changed from a human to some sort of social networking “spyborg” from the future, and I no longer require food or drink that doesn’t come in pill-form. Rest assured I still eat and drink. I hope to clear this up some more with this article. I’ll talk about what it is, what it isn’t (for now), as well as a summary of the features and some of the available apps. In future articles in this series, I’ll also talk about analytics, safety, privacy & spying and industrial applications.
This isn’t intended to be a comprehensive list of the capabilities of Google Glass so much as a summary of some of its primary functions. As more apps become available and other uses are identified, this list may start to seem archaic.
A camera. It’s used to take pictures or video, and can be used with some apps for barcode scanning, rudimentary augmented reality, and live-streaming video. The camera could theoretically also be used for video analytics in real-time such as object or face recognition, collision detection or hazard detection (more on this in a future article). The camera is intended to see what the wearer sees, and the live-streaming functionality could have important industrial, educational or medical applications. I’ll write a post in the future exploring the potential applications of live-streaming with Glass. Anyway, pictures are automatically uploaded to Google+, and can be uploaded to Facebook, emailed, sent via SMS or IM or other means of sharing. It’s up to the wearer to decide who to share the image with. In addition to the forward camera, there’s also a sensor on the inside of Glass that can detect the wearer’s eye position, winks and blinks. In a recent software update, Google added the ability to take a picture just by winking. So if you see someone wearing Google Glass and they wink at you, they’re probably taking your picture.
A heads-up display (HUD). One of the most interesting features of Google Glass is its potential to support reality augmentation by providing a hands-free heads-up display. It’s important to understand that this display does not occupy a large portion of your field of vision, and therefore isn’t intended to provide an altered reality where you see things that aren’t exactly how they appear. Instead think of it like the heads-up data you might see in a video game. A compass, a mini-map with directions laid out for you, or a clock. In fact, these are all apps that come standard and are provided by Google. There are also fitness apps that provide tracking and show your mile time and other running or cycling stats in the HUD. The nice thing about the HUD is that it’s transparent, so you still have full use of your field of vision, especially when the display isn’t active. There’s even a golf app that allows you to see GPS distances to targets, hazards, satellite imagery, keep score as well as course data in real time.
An extension of your smartphone. Google Glass can allow you to make and receive phone calls hands-free, functioning in the capacity of a blue-tooth headset with voice recognition. You can also use it to send and read text messages, emails and IMs all through voice-input. If you can’t take the time to focus your eyes on the display, it even does text-to-speech. You can use it to search the internet, visit web pages and view data on businesses through Google+. It comes with a mono ear-bud with an optional stereo ear-buds upgrade, but it also has a built-in bone-conduction transducer that sits behind your ear and relays sound to you by vibrating your skull if you don’t wish to put anything in your ear. It’s not as frightening as it sounds, but it does take some getting used to.
An instant pipeline to social media. You can literally use Google Glass to share exactly what you’re doing and where you’re doing it with all of your friends, circles, followers and even the world in near-real- to real-time. You can post pictures and video to Google+, Facebook, Twitter, YouTube and others as things are happening through winking, head tilts and voice commands. You can live-stream your life via Google+ Hangouts if you so desire. You can write captions and descriptions on any media you upload through speech recognition. Be warned, though: like most things, it’s best to exercise moderation in this regard, unless you truly are that interesting.
X-ray specs. When I’m wearing Google Glass, I’m not using it to see you naked. It can’t do that. I probably don’t even want to do that. That’s what the TSA is for.
Video archive of everything I see. The day after I got Google Glass, I went to dinner with a friend of mine who also has Google Glass. Our waiter did his best to stay in our peripheral vision and out of view of the camera. He was visibly concerned, and if I looked in his direction he immediately walked away. Whatever he was afraid of, I would like him or anyone else I encounter in public to know that I am most likely not recording video or taking pictures of you. Most other people I interacted with were very positive and had a lot of questions about it, but it’s apparent that some people just weren’t comfortable with it. As wearable tech becomes more ubiquitous, the negative perception will subside. In the meantime, take my word that I’m not using it to spy on you, record you or disrupt your life in any way.
Fully-active, immersive reality augmentation. Google Glass doesn’t beam a stereoscopic 3D image into your retina. Furthermore, the camera is a wide-angle view of everything in front of you while the display occupies a very small portion of your field of vision. It won’t be able to highlight objects in your field of vision, help you see farther or better, make you better at sports or hunting, or make you into a soldier or a super hero. Don’t expect to see an overlay of the constellations and celestial bodies superimposed into your full field of vision when you look up at the night sky (though it’s more than capable of displaying that in the corner of your vision on the display, it won’t sync up perfectly with the rest of what you see). The HUD is better suited to providing statistics, contextual analysis or metadata-based (or partial) reality augmentation.
In summary, it’s a great concept and positive entrant into the era of wearable tech. In time, competition will drive innovation, and we’ll start seeing even more capable or user-friendly devices and interfaces, as well as better applications for wearable computers. I’m still learning how to use Google Glass myself, and I can’t wait to see what’s to come as it reaches general availability.
It’s been a long time – almost twenty years, in fact – since the Start button was introduced by Microsoft. A key feature of the all-new Windows 95, the Start button provided one-click access to all your programs in a simple, easy-to-use menu format. It was pretty straightforward. Clicking Start gave you options for programs, documents, settings, and even a file search tool.
The Start menu was great and all, but like everything in technology, there was plenty of room for improvement. Windows 98 included some new enhancements to the still-young Start menu. You could add custom shortcuts and folders above the standard Start menu entries, and you could now right-click on menu items to move, rename, copy, or delete them.
These were very welcome improvements, but there was one pretty serious problem – normal users had no idea how to customize it, so it frequently would get cluttered with hundreds of entries automatically created by installed applications. Enter the next big consumer release of Windows – XP. (We’re just going to pretend like Windows ME never happened.)
Windows XP brought an all-new, candy-colored “Luna” interface, and with it came a new Start menu, designed to be easier to customize, easier to use, and easier to keep organized.
This change was not welcomed by many. It was too much of a change all at once, and the majority of power users – including yours truly – didn’t even bother trying to adjust to it. Instead, we just turned on the “Classic Start Menu” option so we could keep living in blissful ignorance of what the redesigned Start menu actually offered. It turns out that this new design was actually pretty dang useful. Software could still auto-create start menu entries, which would appear under “All Programs”. Meanwhile, the applications you actually cared about could be pinned to the main Start menu view, and frequently-used applications would automatically show up under those pinned favorites. The right side of the menu gave quick access to the user’s frequently-used media folders. Looking back on this major redesign, the original Start menu looks pretty archaic, doesn’t it?
Nobody’s going to deny that Windows XP was a raging success. The end of the 9x kernel introduced consumers to a significantly more stable operating system with native support for modern USB peripherals. Finally, we could plug in a thumb drive without having a floppy disk of drivers handy!
Pushing forward as they do, Microsoft released Windows Vista a few years after XP’s blockbuster launch. Vista was a miserable failure, and sadly, a lot of people gave up on it before it was given a fighting chance. If only they’d waited until Service Pack 1… Anyhow. Vista’s Start menu was yet another noticeable change from its predecessor. The All Programs menu was condensed into a multi-level tree view, rather than multiple columns of menus and submenus. The main Start menu itself was still split into two columns – frequently-used applications and frequently-accessed folders.
More importantly, a system-wide search was introduced as an integral function of the Start button. With one tap of the Windows key on your computer’s keyboard, you could start typing the name of an application or file, and the Start menu would populate with the results of your search. It wasn’t super fast yet – improvements to Windows’ native indexing engine would come with later versions of Windows – but it made light work of finding what you were looking for. Unfortunately, the widespread distaste for Vista prevented people from finding out how useful these improvements really were.
The Windows 7 Start menu barely changed from Vista, but because so few people were willing to try Vista, it seemed like a major improvement over most users’ previous OS of choice, Windows XP. The indexing engine in Windows saw some improvements, so using the built-in search box was a little faster than the performance seen in Vista.
Once you start using the Start menu’s one-click-wonder search feature, you’ll find it’s difficult to go back to an OS without it. On the other hand, a lot of users never really figured out what the search feature was capable of doing, which made the move to Windows 8’s modern Start screen much more difficult than it needed to be. I will readily admit that it took me several years of using Vista and 7 daily before I realized how incredibly useful the search box actually is.
I’m pretty sure you’re wondering at this point what the hell I’m rambling on about.
The Start menu has, since its inception, maintained a simple goal: provide easy access to installed applications and user data. When the Windows 95 Start menu was introduced, people were so used to the kludgy Program Manager from Windows 3.1 that a lot of users refused to even try the new Start menu. When XP added the ability to pin your favorite programs to the Start menu, users missed out on this key feature because of a stubborn desire to stick with what was familiar. Vista and 7’s search functionality was ignored because it was too different.
Windows 8’s Start screen isn’t all that different, when it comes down to it. It still gives you one-click access to your most-used software. It still has an integrated search feature that looks at application names, file names, file contents, and even the Internet to find what you’re looking for. It even gives you access to the old way of doing things, with its All Apps view that replicates the applications menu first seen in Windows 95. It has all the functionality of every previous iteration of the Start menu, plus all kinds of really cool new stuff, like full-screen apps and live tiles. Instead of having to install extra apps that run in your system tray or your sidebar, Windows 8 comes with built-in applications that can instantly display realtime information like weather, sports scores, stock updates, breaking news, and more.
Before you start installing third-party applications that attempt to bring back the old Start menu, do yourself a favor and give the new Start screen a fighting chance. With the 8.1 update, you can boot directly to the desktop, and you can relegate the Start screen to use with live tiles and file search and nothing more. The numerous under-the-hood changes that make Windows 8 faster, more efficient, smaller, and overall better are worth adjusting to the changes that come with the Start screen.
I’m pretty sick of having to filter through spam here (especially since 90% of the comments I get are spam), so I’ve added a plugin to let you log in using any of a number of OpenID and OAuth2 providers to comment. You only have to register once, and you can use whichever supported account you prefer. Hopefully this will help mitigate some of the spambots who tell me they love my articles but really just want me to buy knockoff Chanel bags.
For anyone who stayed with me through my first article series, I wanted to follow up today with a one-stop reference for everything we discussed.
The three articles in this series are available here:
I’ve made a downloadable Visual Studio solution that contains all the code you need to implement Google OAuth2 in your own ASP.NET C# applications. I designed this as a demo application to get you started right away. If you have any questions about it or problems with it, please leave a comment!
You can download the solution here: GoogleLogin
Please do not distribute this – instead, link to this article. If any bugs or problems come up with this solution, I’ll make sure that this download is kept updated.
Additionally, below is a list of the different nonstandard C# classes that are needed for this solution to work, along with a link to the relevant MSDN article. I’ve also included links to the documentation for the JWT spec and Google’s OAuth2 information.
For those just tuning in, here’s a quick recap of what we’ve done so far:
Part One explains why I’m not using DotNetOpenAuth and why you should reconsider blindly using it for your own web-based applications. We also went over the Google API console and examined the initial code used to send the user off to Google’s user authentication service. Part Two covered the actual process of getting permission from Google to view the user’s data (their email address) and using that permission to make a call back to Google to actually get the necessary information.
Here’s the thing. Google makes it clear in their “Using OAuth2″ guide that there are serious security implications with accessing a user’s Google account information, and if you don’t know what you’re doing and don’t take the appropriate security measures, you could accidentally make it really easy for anyone – including someone from 4chan – to pose as one of your users.
This isn’t a lie. When I was originally trying to figure out how to handle this whole OAuth2 beast for my project, every article I found about it either used DotNetOpenAuth or did nothing to verify the integrity of the user’s data. The first step we took to mitigate this was to use a unique session ID that was passed to Google, passed back to our application, and checked against the ID in the user’s web session.
There’s something even more special we can do, though, and it uses fancy cryptography and certificates and stuff! Wow! If you want to go on this adventure with me, just click the jump. Otherwise, it might be easier if you leave now and judge the cuteness of others’ kittens instead.
Previously, I covered an overview of how Google’s OAuth2 API works, as well as the initial URL and session data used to direct the user to Google’s login service. Google has documentation on the next steps of the login process, but I found it difficult to follow and somewhat unclear from a development perspective. However, for reference, Google’s own documentation used for this article can be found here. The steps I’m going to cover in this article are as follows:
The validation portion of the process is going to be in the third article in this series, particularly because the cryptography aspect of it is somewhat complex (but not scary!). Hit the jump to get started.
This is the start of an article series, provided that I don’t get distracted and forget to continue the series.
I’ve been working on what is going to ultimately be a large-scale web project. The details of the application are under wraps right now, but the first thing I started working on was authentication. I knew I didn’t want to deal with user account registration and securing user credentials. It’s just not worth the security risk – the security fiasco LinkedIn dealt with last year shows that even big companies can be susceptible to security holes. So, with that in mind, we decided to first implement Google authentication.
Google uses an extension of OpenID, called OAuth2, to provide user authentication and access to Google services and APIs. OAuth gives the user and the authentication provider more control over what happens once the user is logged in – Facebook uses the same technology. You see this whenever you grant access to a website or application to use your Facebook or Google account, and the authorization page tells you exactly what the service is going to do with your account (e.g. post to Facebook on your behalf, manage your Gmail contacts, etc.). Google only recently started supporting OAuth2, and as a result, existing third-party web application libraries still use Google’s older OpenID implementation.
Because of the scope of this project, we didn’t want to rely on any third-party libraries for anything – especially not a component as crucial as user authentication. I started investigating how to use Google’s implementation of OAuth2 using ASP.NET C#, completely from scratch. It took a bit of trial and error and a lot of research on both MSDN and Google’s reference information to figure it out. Unfortunately, most developers just use existing libraries like DotNetOpenAuth (which was recently dropped by its biggest contributor, doesn’t support OAuth2 for Google, and has a tenuous future at this point), so I didn’t get much help from others.
This article series is going to cover implementing Google OAuth2 in ASP.NET C# applications, from start to finish. Hit the jump to get started!
I hate to use a cliché, but you really can’t have your cake and eat it too.
I logged in to Flickr yesterday rather innocently – I was updating some information on my Facebook profile and couldn’t remember exactly when I moved out of my first apartment in Indianapolis, many moons ago. I opened a new tab in my browser, navigated to Flickr, and – holy crap! A new site design! And what’s this about Pro accounts? I have a Pro account and have for awhile now (it was cheap enough to justify the annual $25, and it was a great way to backup all my photos), so I clicked the little alert to see what had changed.
I figured that this was something that had been rolled out a few weeks ago, and I was just behind the curve. Turns out that no, I had walked smack into the middle of a huge user fallout only hours after Flickr had made their new design and account upgrades public.
Now, I have been around on social networking sites for awhile – I’ve been through at least three major Facebook upgrades, and before Mark Zuckerburg even started that site, I was using LiveJournal very actively (some might even say obsessively). Every time that a change was made to these social networking sites, people inevitably lost their minds. There would be cries of “I’m leaving and never coming back!” and “So this is how you treat your paying users?!” and “Why didn’t you let me opt-out?!” and on and on. Of course, once the brouhaha had passed, things went back to normal and users generally found that it wasn’t actually all that hard to adapt to a new environment on their favorite website(s).
What I find absolutely fascinating is that these changes to Flickr – both the UI changes and the major overhaul of the paid options – were long overdue. We as users on the Internet have become so accustomed to getting what we want that we generally feel very entitled to things. No services provider has any obligation to notify their users of a UI change. Likewise, there is no obligation to provide an “opt-out”. I mean, really. When did we become so needy? Did people inch to the brink of hysteria any time their favorite print magazine or newspaper made changes to the logo, the layout, or the position of the table of contents? In the 80s, did the publishers of Time and Newsweek and the Washington Post find themselves constantly inundated with angry letters from subscribers, demanding to be given the option to op-out of design and layout changes and threatening to cancel their subscriptions if their demands were not met?
Adapting is part of life. If you want everything to be exactly the same all the time, get off the Internet and move somewhere really boring, like North Dakota. Otherwise, perhaps its time that the high-maintenance babies of the Internet accept that things will change, and you either roll with it or you don’t – but regardless of your decision, it might be worth keeping your mouth shut for once.
Now that my social commentary is out of the way, let’s look at what Flickr’s changes are actually about.