So, this morning I got my invitation1 for an universal check in app. It can check you in at Brightkite, Foursquare and Gowalla, the latter being marked experimental.
I really like the idea and the concept behind it, even though it would be completely unnecessary if only those services would be willing and able to read and write from and to Fire Eagle. I do have a few little problems with it, though:

  • To add the three services, I have to hand over my credentials from each of them. No OAuth. And that in 2010, especially since two of the three services – Brightkite and Gowalla – offer OAuth APIs. And as far as I am concerned, the fact that it doesn’t offer a good mobile experience is not an excuse. I could maybe accept it if had a native app and the flow would jump between the app and the browser. But is a mobile web app, it should work out just fine.
  • Just a small, personal complaint: There is no way to reset your password. I keep forgetting my password. That could have been avoided by using OpenID, by the way.
  • There is no https. That is very unfortunate – a lot of mobile data goes through not very well secured WiFi and it’s not that hard to listen in.2
  • It doesn’t quite have the feedback that a native app would have – when I press a “button” it doesn’t really change the color, so I am often confused if I actually tapped it or not. I tapped again and the iPhone browser registered that on the next screen already, resulting in some wrong stuff.

Yepp, I’m complaining, but not much. As I said, the idea is nice and I really like the fact that it is a web app and not a “native” app. It’s worth checking out if you use more than one location-based social network.

  1. I refuse to use the word “invite” []
  2. On a related note: Neither Foursquare nor Gowalla seem to have it. In the case of Gowalla that seems to be the way how the folks from got the “undocumented API calls” – by listening in on what the official Gowalla app is sending over WiFi. But I’m just guessing. []

What’s going on with OAuth?

What’s going on with OAuth?

I didn't quite follow what has happened the last few weeks – but this is important. "nine times out of ten you should continue deploying OAuth 1.0a"

Bookmarks for December 18th through December 21st

These are my links for December 18th through December 21st:

Bookmarks for December 2nd through December 4th

These are my links for December 2nd through December 4th:

Photography Groups, Floats and OAuth

These are my links for May 22nd through June 1st:

Bookmarks for April 6th through April 16th

These are my links for April 6th through April 16th:

Zend oAuth and a Space Shuttle launch

These are my links for March 17th through March 18th:

Twitter oAuth and a Reverse Network Effect

These are my links for March 16th through March 17th:



As more details become available, it seems what happened is that a Twitter administrator (i.e., employee) gave their password to a 3rd party site because their API requires it, which was then used to compromise Twitter’s admin interface.

Aus der sehr interessanten OAuth/Twitter-Diskussion bei Simon Willison.

OAuth bei Twitter

Es ist eine der Schwachstellen von Twitter: Das Fehlen von OAuth bei der API. Das soll sich jetzt bald ändern.


XMPP-Microblogging beim Open-Birdcage Project. Ganz großartig. Grundsätzlich (und in längerer Form immer noch ein ToDo) bin ich ja der Meinung, daß es ganz wunderbar wäre, eine Spezifikation (und eine Handvoll von Implementationen) zu haben, die sowohl XMPP als auch HTTP (inkl. OAuth und ähnlichem) beinhaltet und auch beides kann.

Denn letztendlich wird verteiltes Microblogging mit lauter kleinen einzenen Installationen erst dann richtig abgehen, wenn es so einfach wie ein WordPress auf einem 2-Euro-im-Monat-Shared-Host zu installieren ist. Und da ist deutlich näher dran als sämtliche Ideen mit XMPP-Servern – es sei denn, man findet einen Weg, die ganze Logik in den Client zu legen und über öffentlich zugängliche Server – sei das nun mabber oder oder Google Talk – laufen zu lassen.

Find your friends

So macht man das richtig: Find your friends – es wird schön die API genutzt und keinerlei Passwörter werden an Flickr/Yahoo gegeben. Sehr schön. [via]


Sehr cool: Wikinear. Gleich auch mal auf dem Handy gebookmarked. [via]

Verteilt Euch

Interessante Einblicke in den aktuellen Stand der Entwicklung was verteile Social Networks angeht, bietet diese Mail von Dirk Olbertz auf der NoseRub-Mailingliste.