Google Ads
By Claire on February 6, 2014
Filed under Software

Quite a few years ago now, a large open-source project called Pidgin fell prey to one of the bigger pitfalls of OSS – developer-user relations. With commercial software development, a company has resources available to do things like usability testing, analysis of interface design, and most importantly – interact with customers through company representatives whose primary role is to address customer concerns and issues. Software developers are famously stubborn and, for lack of a better word, assholes about their work. Customer liaisons protect users from the rough-around-edges aspects of the developers’ personalities and tendencies, and the end result is that the customers are happy, the software satisfies the customers’ needs, and the developers don’t end up in really sticky situations.

Open source software isn’t so fortunate, even with large projects. Back in 2008, a popular multi-protocol chat client called Pidgin (known as GAIM in the late 90s and early 2000s) released a major update that overhauled the user interface. Many advanced settings and features were removed, but one of the most contentious was the removal of a manually-sized input area in chat windows. Instead, the text area expanded automatically and, when empty, was only a couple lines high. A bug report was quickly filed. Functionality that had been present since the inception of the project had been arbitrarily removed, and legions of users wanted to know why it happened and when it would be fixed. The primary developer who handled customer comments on the ticket, Sean Egan, repeatedly harassed the many users who complained about the change and requested that it be fixed. Rather than listening to what the users requested and understanding that options (particularly in open-source software that had previously been designed to serve power users as well as regular folk) are better than none, the developer opted to insist that the change was good and would not be changed.

Particularly troubling was the response of another developer, deryni, who had this to say in one of his comments:

The key here is that you don’t manage us, a fact you are keenly aware of and even reference farther down. Another fact is that we have no requirements for any of this beyond what we feel like creating, which is a freedom your managed developers do not have. Both of these factors are central to our claim that it is more work than we care to put in and why we ask for people who do want it to write it (at which point we will happily accept it).

Unfortunately for the folks at the Pidgin project, when your open-source software creates a large enough user base, your requirements must extend past what you “feel like creating”. Your project has evolved past a tiny for-fun application that you hope people will consider using into something much larger, and an inability to accept that is one of the biggest reasons why businesses still reject OSS as an option. The end result of the Pidgin fiasco was twofold – a fork was created to put back the feature (the developers claimed it was “too much work to fix”, even though the feature had previously been there and was deliberately removed), and Pidgin lost quite a longtime users, including myself. While the dent in the user base wasn’t big enough for the developers to fix the bug, the fact remains that this attitude is what prevents OSS from gaining legitimacy in the larger world of technology and end-user applications.

We are now seeing the same attitude from the developers of Firefox, one of the biggest web browsers in the world. A bug was filed in 2008 due to what appeared to be an accidental or arbitrary change in Firefox’s functionality. In OS X, Firefox had consistently prompted the user with an “Are you sure?” dialog when the user attempted to close the application using the system-wide Command+Q keyboard shortcut. This was very useful for Mac users, since the Command+W shortcut to close a tab was easily mistyped on a standard QWERTY keyboard. The Firefox development team saw fit to remove this behavior. Bug reports were quickly filed, since the functionality had previously been there and was very much expected behavior – in fact, other browsers for OS X, including Safari, Opera, and Chrome, prompted on quit.

Rather than listening to the users, the developers took the bug report as an opportunity to launch a moralistic crusade against changing anything they didn’t feel like changing. Six years later, this bug report has been reopened by users who simply do not understand why the developers would (a) remove consistent, expected functionality and (b) stubbornly refuse to consider reverting the change. My inbox has been blowing up the last few days because of how heated this discussion has become. The developers have simply refused to fix this, with reasoning varying from “the people complaining here don’t represent anyone else in the user base, so it doesn’t matter” to “we want it to behave like this regardless of what you say”. There is no objective, logical reasoning behind why the functionality was removed. It just was, and now that enough people are up in arms about the change, the development team is unwilling to swallow their pride in their product (which is a very good product, to say the least!) and fix something that users have been complaining about for six years.

Meanwhile, let’s look at what happened with two products recently released by Microsoft – the Surface and Windows 8. The Surface RT was met with great ridicule at its launch, in part because its hardware specifications were somewhat lackluster for its initial price point of $500. Microsoft responded by keenly observing media and user criticism and, a year later, released the much-improved Surface 2. The biggest complaints – the screen resolution, the slower USB 2.0 port, the placement of the MicroSD reader, and the single-position kickstand – were addressed. Rather than saying “if you don’t like our product, you’re wrong!” Microsoft did what any business needs to do to keep its customers – they listened to feedback and did something about it. The result? The Surface 2 sold out and was impossible to find in most regions until after the holidays. Even now the updated Surface Pro 2 can be hard to get your hands on.

Windows 8.1 had the same impact. Customers had a hard time adjusting to Windows 8′s replacement of the start menu with a full-screen Start interface, so Microsoft added an option to boot directly to the desktop. Customers wanted more customization options for the Start screen, so Microsoft listened and added more options for changing the color scheme, menu background, and tile size. The search interface was unnecessarily complex and required extra clicks to find files or settings, so it was streamlined into a single results list, with the option to view expanded search results if needed.

It’s great to be proud of what you’ve accomplished when you create something. However, software development is not like modern art – you can’t create and respond to criticism with “you don’t understand the meaning of art”. Instead, it is paramount that developers learn how to handle criticism and customer pushback gracefully. Until that happens, even the largest open source projects will have a hard time finding acceptance in the business world, and those that do – like Linux – will continue to require real businesses behind them, like Suse and Red Hat.

Will I stop using Firefox? Of course not. I don’t find Chrome to be an adequate replacement for my needs, and I rarely use OS X. When I’m on a Mac, I found an addon to replace functionality that never should have been removed in the first place. However, retaining users should not be seen by the developers as a message that what they’re doing is working. It should instead be viewed as an unfortunate fact that their users don’t have a good alternative and are at the mercy of the developers’ stubbornness and arrogance.

By Jay on December 26, 2013
Filed under Hardware

About a week ago I received Google Glass. I’m very excited about the potential applications, and I can’t wait to see how this dawning era of wearable tech will change our lives. In time we’ll see concepts from companies like Apple, Samsung and Microsoft that will help make wearables an intrinsic part of the 21st century. This is the first of a series of articles on Google Glass and wearable technology, and offers my first impressions of Glass.

It seems everyone is giving their first impressions of the device, though these impressions are often geared towards an audience already familiar with the product. I’ve been wearing it in public, and over the past week I have had several people asking me about the thing on my face. Most people already recognize it as Google Glass, but few seem to know what it does or how it works. In fact, it seems many believe that once Glass goes on, it never comes off – it has become a part of me. I’ve changed from a human to some sort of social networking “spyborg” from the future, and I no longer require food or drink that doesn’t come in pill-form. Rest assured I still eat and drink. I hope to clear this up some more with this article. I’ll talk about what it is, what it isn’t (for now), as well as a summary of the features and some of the available apps. In future articles in this series, I’ll also talk about analytics, safety, privacy & spying and industrial applications.

What it is

This isn’t intended to be a comprehensive list of the capabilities of Google Glass so much as a summary of some of its primary functions. As more apps become available and other uses are identified, this list may start to seem archaic.

A camera. It’s used to take pictures or video, and can be used with some apps for barcode scanning, rudimentary augmented reality, and live-streaming video. The camera could theoretically also be used for video analytics in real-time such as object or face recognition, collision detection or hazard detection (more on this in a future article). The camera is intended to see what the wearer sees, and the live-streaming functionality could have important industrial, educational or medical applications. I’ll write a post in the future exploring the potential applications of live-streaming with Glass. Anyway, pictures are automatically uploaded to Google+, and can be uploaded to Facebook, emailed, sent via SMS or IM or other means of sharing. It’s up to the wearer to decide who to share the image with. In addition to the forward camera, there’s also a sensor on the inside of Glass that can detect the wearer’s eye position, winks and blinks. In a recent software update, Google added the ability to take a picture just by winking. So if you see someone wearing Google Glass and they wink at you, they’re probably taking your picture.

A heads-up display (HUD). One of the most interesting features of Google Glass is its potential to support reality augmentation by providing a hands-free heads-up display. It’s important to understand that this display does not occupy a large portion of your field of vision, and therefore isn’t intended to provide an altered reality where you see things that aren’t exactly how they appear. Instead think of it like the heads-up data you might see in a video game. A compass, a mini-map with directions laid out for you, or a clock. In fact, these are all apps that come standard and are provided by Google. There are also fitness apps that provide tracking and show your mile time and other running or cycling stats in the HUD. The nice thing about the HUD is that it’s transparent, so you still have full use of your field of vision, especially when the display isn’t active. There’s even a golf app that allows you to see GPS distances to targets, hazards, satellite imagery, keep score as well as course data in real time.

An extension of your smartphone. Google Glass can allow you to make and receive phone calls hands-free, functioning in the capacity of a blue-tooth headset with voice recognition. You can also use it to send and read text messages, emails and IMs all through voice-input. If you can’t take the time to focus your eyes on the display, it even does text-to-speech. You can use it to search the internet, visit web pages and view data on businesses through Google+. It comes with a mono ear-bud with an optional stereo ear-buds upgrade, but it also has a built-in bone-conduction transducer that sits behind your ear and relays sound to you by vibrating your skull if you don’t wish to put anything in your ear. It’s not as frightening as it sounds, but it does take some getting used to.

An instant pipeline to social media. You can literally use Google Glass to share exactly what you’re doing and where you’re doing it with all of your friends, circles, followers and even the world in near-real- to real-time. You can post pictures and video to Google+, Facebook, Twitter, YouTube and others as things are happening through winking, head tilts and voice commands. You can live-stream your life via Google+ Hangouts if you so desire. You can write captions and descriptions on any media you upload through speech recognition. Be warned, though: like most things, it’s best to exercise moderation in this regard, unless you truly are that interesting.

What it isn’t (at least not yet, maybe not ever)

X-ray specs. When I’m wearing Google Glass, I’m not using it to see you naked. It can’t do that. I probably don’t even want to do that. That’s what the TSA is for.

Video archive of everything I see. The day after I got Google Glass, I went to dinner with a friend of mine who also has Google Glass. Our waiter did his best to stay in our peripheral vision and out of view of the camera. He was visibly concerned, and if I looked in his direction he immediately walked away. Whatever he was afraid of, I would like him or anyone else I encounter in public to know that I am most likely not recording video or taking pictures of you. Most other people I interacted with were very positive and had a lot of questions about it, but it’s apparent that some people just weren’t comfortable with it. As wearable tech becomes more ubiquitous, the negative perception will subside. In the meantime, take my word that I’m not using it to spy on you, record you or disrupt your life in any way.

Fully-active, immersive reality augmentation. Google Glass doesn’t beam a stereoscopic 3D image into your retina. Furthermore, the camera is a wide-angle view of everything in front of you while the display occupies a very small portion of your field of vision. It won’t be able to highlight objects in your field of vision, help you see farther or better, make you better at sports or hunting, or make you into a soldier or a super hero. Don’t expect to see an overlay of the constellations and celestial bodies superimposed into your full field of vision when you look up at the night sky (though it’s more than capable of displaying that in the corner of your vision on the display, it won’t sync up perfectly with the rest of what you see). The HUD is better suited to providing statistics, contextual analysis or metadata-based (or partial) reality augmentation.

The good

  • The hardware provides plenty of room for growth and development, and lots of ways to interface for future applications. With 3-axis accelerometers, magnetometers and gyroscopes, a light sensor and a proximity sensor we may start to see more fitness, sport, health and safety applications alongside the countless social networking apps already available.
  • Google Glass comes with a removable sunglass shield that fits the device nicely. In the future, prescription lenses and shields will be available for Glass.
  • Smartphone integration with the MyGlass app is very good. You can tether your smartphone’s data connection using Bluetooth, screencast Glass’s display to your smartphone and add and configure Glassware (apps for Google Glass) directly from the MyGlass app or webpage.
  • Google Glass has Wi-Fi, so it’s capable of a high-speed data connection even if you don’t have an Android phone.
  • The 720p camera is decent. It takes good pictures and smooth video.
  • The device is lightweight and comfortable, and the display isn’t too invasive to your vision. It’s easy to forget you’re wearing it.
  • The bone-conduction transducer allows the wearer to hear, even if their ears are plugged.

The not-so-good

  • Google Glass is not great for people who have impaired vision, at least not yet. As Google Glass has its own frame, it doesn’t fit comfortably around the frame of your eyeglasses if you wear them. It can be hard to focus on the display, especially if you’re vision impaired. Prescription lenses may be available starting in the early part of 2014, so this may be resolved in the near future.
  • The display is fairly low resolution. Given the size of the display, this isn’t too big of a deal, but don’t expect to be able to scrutinize your photos on the device’s display.
  • The battery doesn’t last very long. This isn’t so much of a surprise if you consider how lightweight it is. It is possible to attach a third-party rechargeable battery via the device’s micro-USB port, but that’s not very convenient, and it prevents you from using ear-buds as the ear-buds would connect via the same micro-USB port.
  • It’s difficult and even impossible to hear using the bone-conduction transducer if you’re in a noisy area. The ear-bud solves this problem, though.
  • The web browser is very limited. There’s no way to input text into form-fields, and it’s difficult to get used to highlighting links. It’s still useful to be able to view a web page, though, even if your ability to interact with it is limited.
  • The trackpad allows you to control your timeline and cards through gestures. This is not bad by itself, but the gestures are sometimes misinterpreted. You may have meant to swipe down, but Glass detected a swipe forward.

The damnably annoying

  • There are at least 4 ways to take a photo, the least useful of which is the camera button on top of the arm of the Glass. Every time I put Google Glass on or take it off, I inadvertently take a picture.
  • Winking to take a picture is very cool, but again I inadvertently take pictures with wink even after calibrating the wink feature. Maybe I just have an expressive face, but I have ultimately decided to disable wink due to this annoyance.
  • Apps. Yes, I know the available Glassware is limited and will improve over time, but some of the apps do nothing more than inject spam into your eye. I haven’t called out any of the third-party apps by name in this article, but the Field Trip app is the most annoying one I’ve used yet. All it does is fill your timeline with ads for nearby businesses. The Evernote app is similarly useless. It is meant to allow you to sync photos and video as well as voice-dictated notes to your Evernote account. Unfortunately, it doesn’t allow you to edit notes, delete notes or even see notes you created elsewhere. I’ll need to see improvements from Evernote before I can consider this a useful app.
  • The timeline is the only way to view calls, messages, photos or videos, and it gets cluttered very quickly. Furthermore, there’s no way to manage your timeline outside of the device itself. If I get a message from a friend with an address where I’m supposed to meet them later, then over the ensuing hours I happen to make a few phone calls, take a few pictures and send some messages to other friends, I’m left wading through my whole timeline searching for the address my friend sent me. Likewise, there’s no simple way to recall a picture you took or view all of your photos in a gallery. You have to scroll through your timeline full of other content, messages and media in chronological order.

In summary, it’s a great concept and positive entrant into the era of wearable tech. In time, competition will drive innovation, and we’ll start seeing even more capable or user-friendly devices and interfaces, as well as better applications for wearable computers. I’m still learning how to use Google Glass myself, and I can’t wait to see what’s to come as it reaches general availability.

By Claire on December 18, 2013

It’s been a long time – almost twenty years, in fact – since the Start button was introduced by Microsoft. A key feature of the all-new Windows 95, the Start button provided one-click access to all your programs in a simple, easy-to-use menu format. It was pretty straightforward. Clicking Start gave you options for programs, documents, settings, and even a file search tool.

image

The Start menu was great and all, but like everything in technology, there was plenty of room for improvement. Windows 98 included some new enhancements to the still-young Start menu. You could add custom shortcuts and folders above the standard Start menu entries, and you could now right-click on menu items to move, rename, copy, or delete them.

http://mozillaquest.com/Linux4Windows/Linux4Windows01/Win98_StartMenu-02.gif

These were very welcome improvements, but there was one pretty serious problem – normal users had no idea how to customize it, so it frequently would get cluttered with hundreds of entries automatically created by installed applications. Enter the next big consumer release of Windows – XP. (We’re just going to pretend like Windows ME never happened.)

Windows XP brought an all-new, candy-colored “Luna” interface, and with it came a new Start menu, designed to be easier to customize, easier to use, and easier to keep organized.

image

This change was not welcomed by many. It was too much of a change all at once, and the majority of power users – including yours truly – didn’t even bother trying to adjust to it. Instead, we just turned on the “Classic Start Menu” option so we could keep living in blissful ignorance of what the redesigned Start menu actually offered. It turns out that this new design was actually pretty dang useful. Software could still auto-create start menu entries, which would appear under “All Programs”. Meanwhile, the applications you actually cared about could be pinned to the main Start menu view, and frequently-used applications would automatically show up under those pinned favorites. The right side of the menu gave quick access to the user’s frequently-used media folders. Looking back on this major redesign, the original Start menu looks pretty archaic, doesn’t it?

Nobody’s going to deny that Windows XP was a raging success. The end of the 9x kernel introduced consumers to a significantly more stable operating system with native support for modern USB peripherals. Finally, we could plug in a thumb drive without having a floppy disk of drivers handy!

Pushing forward as they do, Microsoft released Windows Vista a few years after XP’s blockbuster launch. Vista was a miserable failure, and sadly, a lot of people gave up on it before it was given a fighting chance. If only they’d waited until Service Pack 1… Anyhow. Vista’s Start menu was yet another noticeable change from its predecessor. The All Programs menu was condensed into a multi-level tree view, rather than multiple columns of menus and submenus. The main Start menu itself was still split into two columns – frequently-used applications and frequently-accessed folders.

image

More importantly, a system-wide search was introduced as an integral function of the Start button. With one tap of the Windows key on your computer’s keyboard, you could start typing the name of an application or file, and the Start menu would populate with the results of your search. It wasn’t super fast yet – improvements to Windows’ native indexing engine would come with later versions of Windows – but it made light work of finding what you were looking for. Unfortunately, the widespread distaste for Vista prevented people from finding out how useful these improvements really were.

The Windows 7 Start menu barely changed from Vista, but because so few people were willing to try Vista, it seemed like a major improvement over most users’ previous OS of choice, Windows XP. The indexing engine in Windows saw some improvements, so using the built-in search box was a little faster than the performance seen in Vista.

http://upload.wikimedia.org/wikipedia/en/3/3a/Windows7StartMenu.png

Once you start using the Start menu’s one-click-wonder search feature, you’ll find it’s difficult to go back to an OS without it. On the other hand, a lot of users never really figured out what the search feature was capable of doing, which made the move to Windows 8’s modern Start screen much more difficult than it needed to be. I will readily admit that it took me several years of using Vista and 7 daily before I realized how incredibly useful the search box actually is.

I’m pretty sure you’re wondering at this point what the hell I’m rambling on about.

The Start menu has, since its inception, maintained a simple goal: provide easy access to installed applications and user data. When the Windows 95 Start menu was introduced, people were so used to the kludgy Program Manager from Windows 3.1 that a lot of users refused to even try the new Start menu. When XP added the ability to pin your favorite programs to the Start menu, users missed out on this key feature because of a stubborn desire to stick with what was familiar. Vista and 7’s search functionality was ignored because it was too different.

Windows 8’s Start screen isn’t all that different, when it comes down to it. It still gives you one-click access to your most-used software. It still has an integrated search feature that looks at application names, file names, file contents, and even the Internet to find what you’re looking for. It even gives you access to the old way of doing things, with its All Apps view that replicates the applications menu first seen in Windows 95. It has all the functionality of every previous iteration of the Start menu, plus all kinds of really cool new stuff, like full-screen apps and live tiles. Instead of having to install extra apps that run in your system tray or your sidebar, Windows 8 comes with built-in applications that can instantly display realtime information like weather, sports scores, stock updates, breaking news, and more.

Before you start installing third-party applications that attempt to bring back the old Start menu, do yourself a favor and give the new Start screen a fighting chance. With the 8.1 update, you can boot directly to the desktop, and you can relegate the Start screen to use with live tiles and file search and nothing more. The numerous under-the-hood changes that make Windows 8 faster, more efficient, smaller, and overall better are worth adjusting to the changes that come with the Start screen.

By Claire on September 25, 2013
Filed under Personal Stuff

I’m pretty sick of having to filter through spam here (especially since 90% of the comments I get are spam), so I’ve added a plugin to let you log in using any of a number of OpenID and OAuth2 providers to comment. You only have to register once, and you can use whichever supported account you prefer. Hopefully this will help mitigate some of the spambots who tell me they love my articles but really just want me to buy knockoff Chanel bags.

By Claire on September 16, 2013

For anyone who stayed with me through my first article series, I wanted to follow up today with a one-stop reference for everything we discussed.

The three articles in this series are available here:

  • Part One: Getting Started – An overview of Google’s OAuth2 implementation and the logical process that your application should follow.
  • Part Two: Logging In – A detailed description of requesting authorization from the user and getting the user’s data once that authorization is granted.
  • Part Three: Validating Integrity – using C#’s RSA PKCS #1 support to validate Google’s digital signature in order to ensure the data hasn’t been corrupted.

I’ve made a downloadable Visual Studio solution that contains all the code you need to implement Google OAuth2 in your own ASP.NET C# applications. I designed this as a demo application to get you started right away. If you have any questions about it or problems with it, please leave a comment!

You can download the solution here: GoogleLogin

Please do not distribute this – instead, link to this article. If any bugs or problems come up with this solution, I’ll make sure that this download is kept updated.

Additionally, below is a list of the different nonstandard C# classes that are needed for this solution to work, along with a link to the relevant MSDN article. I’ve also included links to the documentation for the JWT spec and Google’s OAuth2 information.

References

C# Classes

Members of System.IO

  • File: Facilitates working with files (creating, deleting, etc.). This is used to write Google’s public certificates to your server’s local disk.
  • StreamReader: An implementation of TextReader for reading text from a byte stream. This is used to read Google’s JSON-formatted response.
  • StreamWriter: An implementation of TextWriter for writing text to a byte stream. This is used to send the contents of the POST request to Google.

Members of System.Net

  • HTTPWebRequest: An implementation of WebRequest that uses HTTP. This is used to send a POST request to Google to obtain authorization to use the user’s credentials.
  • HTTPWebResponse: An implementation of WebResponse that uses HTTP. This is uses to download Google’s response once the user authorizes the application.
  • WebRequest: Used to send data streams through the Internet. This is used to request Google’s public certificates for caching locally.
  • WebResponse: Used to receive data streams through the Internet. This is used to download Google’s public certificates.

Members of System.Security.Cryptography

  • RSACryptoServiceProvider: Utilizes the RSA algorithm for asymmetric encryption and decryption. This is used to decrypt the JWT signature using Google’s public key.
  • RSAPKCS1SignatureDeformatter: Verifies an RSA PKCS #1 signature. This is used to verify that the JWT signature matches the signed data.
  • SHA256: Generates the SHA256 hash for a given input. This is used to generate the hash of the JWT segments signed by Google.

Members of System.Security.Cryptography.X509Certificates

  • X509Certificate: Provides a simple set of methods for working with X509 Certificates. This is used to convert the locally-cached Google public certificate into an X509 Certificate object for programmatic use.
  • X509Certificate2: An extension of X509Certificate that provides more methods for working with certificates. This is used to extract the public key from the locally-cached Google certificate.

Members of System.Text

  • Decoder: Decodes a byte array into a string. This is used with UTF8Encoding (described below).
  • UTF8Encoding: Represents UTF-8 encoding of text. This is used with Decoder to convert a byte array into a string in our Base64Decode function.

Members of System.Web.Script.Serialization

  • JavaScriptSerializer: Provides serialization and deserialization functionality for AJAX-enabled applications. This is used to serialize Google’s JSON-formatted responses into key-value pairs.
By Claire on September 13, 2013

For those just tuning in, here’s a quick recap of what we’ve done so far:

Part One explains why I’m not using DotNetOpenAuth and why you should reconsider blindly using it for your own web-based applications. We also went over the Google API console and examined the initial code used to send the user off to Google’s user authentication service. Part Two covered the actual process of getting permission from Google to view the user’s data (their email address) and using that permission to make a call back to Google to actually get the necessary information.

Here’s the thing. Google makes it clear in their “Using OAuth2″ guide that there are serious security implications with accessing a user’s Google account information, and if you don’t know what you’re doing and don’t take the appropriate security measures, you could accidentally make it really easy for anyone – including someone from 4chan – to pose as one of your users.

This isn’t a lie. When I was originally trying to figure out how to handle this whole OAuth2 beast for my project, every article I found about it either used DotNetOpenAuth or did nothing to verify the integrity of the user’s data. The first step we took to mitigate this was to use a unique session ID that was passed to Google, passed back to our application, and checked against the ID in the user’s web session.

There’s something even more special we can do, though, and it uses fancy cryptography and certificates and stuff! Wow! If you want to go on this adventure with me, just click the jump. Otherwise, it might be easier if you leave now and judge the cuteness of others’ kittens instead.

Read the rest of this entry »

By Claire on September 12, 2013

Previously, I covered an overview of how Google’s OAuth2 API works, as well as the initial URL and session data used to direct the user to Google’s login service. Google has documentation on the next steps of the login process, but I found it difficult to follow and somewhat unclear from a development perspective. However, for reference, Google’s own documentation used for this article can be found here. The steps I’m going to cover in this article are as follows:

  • Verify the data received from Google via the login URL
  • Send the authorization token to Google’s authentication service
  • Parse the response data

The validation portion of the process is going to be in the third article in this series, particularly because the cryptography aspect of it is somewhat complex (but not scary!). Hit the jump to get started.

Read the rest of this entry »

By Claire on September 11, 2013

This is the start of an article series, provided that I don’t get distracted and forget to continue the series.

I’ve been working on what is going to ultimately be a large-scale web project. The details of the application are under wraps right now, but the first thing I started working on was authentication. I knew I didn’t want to deal with user account registration and securing user credentials. It’s just not worth the security risk – the security fiasco LinkedIn dealt with last year shows that even big companies can be susceptible to security holes. So, with that in mind, we decided to first implement Google authentication.

Google uses an extension of OpenID, called OAuth2, to provide user authentication and access to Google services and APIs. OAuth gives the user and the authentication provider more control over what happens once the user is logged in – Facebook uses the same technology. You see this whenever you grant access to a website or application to use your Facebook or Google account, and the authorization page tells you exactly what the service is going to do with your account (e.g. post to Facebook on your behalf, manage your Gmail contacts, etc.). Google only recently started supporting OAuth2, and as a result, existing third-party web application libraries still use Google’s older OpenID implementation.

Because of the scope of this project, we didn’t want to rely on any third-party libraries for anything – especially not a component as crucial as user authentication. I started investigating how to use Google’s implementation of OAuth2 using ASP.NET C#, completely from scratch. It took a bit of trial and error and a lot of research on both MSDN and Google’s reference information to figure it out. Unfortunately, most developers just use existing libraries like DotNetOpenAuth (which was recently dropped by its biggest contributor, doesn’t support OAuth2 for Google, and has a tenuous future at this point), so I didn’t get much help from others.

This article series is going to cover implementing Google OAuth2 in ASP.NET C# applications, from start to finish. Hit the jump to get started!

Read the rest of this entry »

By Claire on May 21, 2013
Filed under Internet News

I hate to use a cliché, but you really can’t have your cake and eat it too.

I logged in to Flickr yesterday rather innocently – I was updating some information on my Facebook profile and couldn’t remember exactly when I moved out of my first apartment in Indianapolis, many moons ago. I opened a new tab in my browser, navigated to Flickr, and – holy crap! A new site design! And what’s this about Pro accounts? I have a Pro account and have for awhile now (it was cheap enough to justify the annual $25, and it was a great way to backup all my photos), so I clicked the little alert to see what had changed.

I figured that this was something that had been rolled out a few weeks ago, and I was just behind the curve. Turns out that no, I had walked smack into the middle of a huge user fallout only hours after Flickr had made their new design and account upgrades public.

Now, I have been around on social networking sites for awhile – I’ve been through at least three major Facebook upgrades, and before Mark Zuckerburg even started that site, I was using LiveJournal very actively (some might even say obsessively). Every time that a change was made to these social networking sites, people inevitably lost their minds. There would be cries of “I’m leaving and never coming back!” and “So this is how you treat your paying users?!” and “Why didn’t you let me opt-out?!” and on and on. Of course, once the brouhaha had passed, things went back to normal and users generally found that it wasn’t actually all that hard to adapt to a new environment on their favorite website(s).

What I find absolutely fascinating is that these changes to Flickr – both the UI changes and the major overhaul of the paid options – were long overdue. We as users on the Internet have become so accustomed to getting what we want that we generally feel very entitled to things. No services provider has any obligation to notify their users of a UI change. Likewise, there is no obligation to provide an “opt-out”. I mean, really. When did we become so needy? Did people inch to the brink of hysteria any time their favorite print magazine or newspaper made changes to the logo, the layout, or the position of the table of contents? In the 80s, did the publishers of Time and Newsweek and the Washington Post find themselves constantly inundated with angry letters from subscribers, demanding to be given the option to op-out of design and layout changes and threatening to cancel their subscriptions if their demands were not met?

Adapting is part of life. If you want everything to be exactly the same all the time, get off the Internet and move somewhere really boring, like North Dakota. Otherwise, perhaps its time that the high-maintenance babies of the Internet accept that things will change, and you either roll with it or you don’t – but regardless of your decision, it might be worth keeping your mouth shut for once.

Now that my social commentary is out of the way, let’s look at what Flickr’s changes are actually about.

Read the rest of this entry »

By Claire on April 3, 2013
Filed under Internet News, Windows

I recently found myself in need of a driver for Mac OS 9. Since the hardware I was using was ancient and from a now-defunct company and OS 9 is equally ancient, this task was much easier Googled than actually completed.

After a lot of searching, I had to admit defeat and use the much-maligned Driver Guide to get the driver.

Read the rest of this entry »

Google Ads