Shannon Whitley

Twitter is shooting for a mid-2010 shutdown of Basic Auth for its API.  That means that all the little scripts that we threw together over the years, just for fun, will no longer work.  It also means that you will no longer be able to test an API call by simply pulling up your browser.  Honestly, I’ll miss Basic Auth.  I think the easy approach encouraged a lot of innovation, but it’s time to move on.  Some folks have been dragging their feet, understandably, because there wasn’t a good oAuth solution for the desktop.  With the release of the xAuth standard, however, there aren’t going to be any more excuses.

xAuth is a compromise.  The user must provide a Twitter username and password to the desktop application.  The desktop app will then contact Twitter and exchange the username and password for an oAuth token.  All subsequent calls to the API should use the oAuth token, and the app must never store the user’s username and password. 

You might be saying to yourself, “But a bad app can still grab the username and password” — and you’d be absolutely right, but that type of discussion is beyond this post, I just want to show you how to use xAuth.

 

Download the code here

 

I modified the code from my previous PIN-based desktop application example. Make sure you keep track of the token and secret that Twitter returns and save that in a datastore.  A user should only need to provide their username and password in two scenarios, when they first begin using your app, or if they later revoke access for your app.

The xAuth access_token method is described here:  http://apiwiki.twitter.com/Twitter-REST-API-Method:-oauth-access_token-for-xAuth

Please note the following requirement: “In order to get access to this method, you must apply by sending an email to api@twitter.com.”

Twitter is serious about ensuring that this method is only used for desktop apps.  They will reject your application if it looks like it could possibly use standard oAuth.

Good luck with your conversions.  Feel free to leave any xAuth issues you run into in the comments section.

Reference Lookup: Dictionary, Thesaurus, Encyclopedia, & More
powered by PostRef

If I ever had dreams of raising funds through a VC, maybe I’ll be able to kiss those dreams goodbye after this post.  After all, over 100 venture capitalists are backing the new “Startup Visa.”  I just finished reading the very skimpy text of the bill (pdf), introduced by John Kerry and Richard Luger this week, and I can’t see how this will have a substantial impact on America’s ailing economy.

The bill would make it possible for a qualified VC to bring in any number of entrepreneurs at the paltry sum of $250,000 for a period of two years.  The entrepreneur is required to create at least five new jobs, and there’s an additional requirement for $1,000,000 in revenue and $1,000,000 in funding (at some point).  The Secretary of Homeland Security is given the job to oversee this program and send people home after three years if the requirements aren’t met.  (I’m not sure why this falls under Homeland Security.  Don’t they have more important things to worry about?) 

“Wait?  New Jobs?  That sounds great!”  At least that seems to be the reaction of many people when they first hear about the bill.  I’ll give the bill some credit in that it eliminates wives and children from being counted toward the five new jobs.  It doesn’t mention cousins, uncles, or parents, but I don’t think that’s really the main concern.  The big concern for me is that it doesn’t mention any restrictions on existing visa holders.  This means that these new startups could become a haven for H1-B workers who may have lost their jobs (like so many other people) and would otherwise be forced to go home.  Instead of creating jobs for out-of-work Americans, more foreign workers might have the ability to stay in America and continue to compete against American citizens for the now-smaller job pool.

Another thing I don’t like about this bill is the message that it sends to American entrepreneurs:  “We’re all out of hard-working, creative people in America.  We need people from other countries to jump-start this economy.”  If the venture capitalists are ready to fund startups, why can’t these funds go to Americans so that we can build companies and create our own jobs?

I also think that we’re missing a huge opportunity to fund these entrepreneurs in their own countries.  If we’re truly committed to a global economy, then it’s not helpful to drain resources away from other countries.  They need to foster entrepreneurship locally and provide jobs to their own people.

Why should the American people support this bill?  It seems to be saying one of two things: either there aren’t any good Americans out there to fund, or we just want the cheap labor.  Either way, I don’t think this is going to help America, and I don’t support this bill.

————————-

I can probably anticipate at least a couple of reactions to a post like this:

You’re being an elitist. – That’s probably true, but isn’t that how teams work?  I’m a member of Team USA. [insert sports metaphor here]

The market should decide who gets funding, not immigration law. – If we’ve learned anything from our recent banking debacle, we should know that the market is imperfect at best.  If we rely solely on the market to determine the outcome, why have any immigration restrictions at all?

But this will create jobs for Americans! – Again, why not create them through American entrepreneurs?

You’re just a right-wing wingnut. – I strongly believe in the Spirit of the American people.  If that makes me a nut, so be it.

Reference Lookup: Dictionary, Thesaurus, Encyclopedia, & More
powered by PostRef