September 21st, 2007


"This editor has full permission to remove, without replying, any comments he feels are likely to inflame dispute."

Most everything that is wrong with Wikipedia can be summed up in the existance of this chucklehead, who claims This editor has full permission to remove, without replying, any comments he feels are likely to inflame dispute..

What this apparently means is that he gets carte blanche to go around ripping content out of Wikipedia that is true, useful, and interesting, and if anyone complains about it, he gets to delete their complaints as well.

F*ck Wikipedia. Until they pull their collective smallminded idiotic heads out of their overtight sphincters, I think I've made my last contribution to their database.

First public draft of OAuth spec

Something I've been working on is OAuth. We just released our first public draft of the spec.

Have you used a website that has asked for the passwords to your email and IM accounts, so it can find your friends who are also there? Or a site that asks for your Flickr password so it can print your private photos?

They shouldn't do that! You have to trust them that nobody is sniffing your password to them, nobody is sniffing your password from them, they aren't recording it accidentally or intentionally, recording it in logs, and that it's not being stolen by some wage slave working in a body shop in India. You have to trust them more than they should be trusted, even if they have the best of intentions.

Google's AuthSub, Yahoo's BBAuth, AOL's OpenAuth, and Flickr's FlickrAuth. OAuth works the same way, only better. It it surely more secure than asking people to trust with their email passwords. And it's no harder to use.

Now that the 1.0 spec is pretty much nailed down, software is starting to show up. We hope to soon have useful modules for clients and for servers, for libcurl and for Apache, for Python, Perl, Ruby, and PHP.

If you write mashups, you need this.

If you run a useful web service or any sort of web API, you need this. You can't avoid being built in a mashup. Your only choice is to use an auth protocol, or have your users compromise their passwords.

And if you're not an geek web developer, and just want to use the web to browse, work, play, and connect with people, all you need to do now is whenever some site asks for your password to some other site, utterly refuse, and instead send them a note asking them why they don't support OAuth instead.

Here are some blog posts about it from other people involved: (link) and (link) (link). They do pretty good jobs of explaining it as well.
  • Current Music
    random Starbucks muzak
  • Tags