Quoderat

During my university studies, I first encountered the idea of the Myth of Progress — in 19th and 20th centuries a lot of people assumed that the world generally gets better each generation (aside from occasional blips like depressions or world wars), with less bigotry, better medicine, new technology, etc., but there’s no guarantee that any next generation will build on and improve the accomplishments of the previous one, and history’s movement may be more akin to a random walk.

Case in point: in the information technology world, the greatest accomplishment of the most talented coders and business people in GenX was replacing the Baby Boomers’ nasty old platform-dependent shrink-wrapped computer applications with open web applications that could run anywhere, from a Windows desktop to a Linux cell phone. Write once, run all over the place on any hardware/OS you want. GMail instead of Eudora. Wikipedia instead of Encarta. Cool, eh?

So GenY comes along and says “hey: instead of encouraging people to browse the web with open standards, let’s build proprietary applications that run on only one type of mobile phone. And we’ll allow only one store to sell those applications for each type of phone, and every proprietary, platform-specific app will have to be preapproved and precensored by the phone manufacturer, who will extort^H^H^H^H^H^H be gladly offered a cut of sales.” Even Microsoft in its monopolistic hey-day — before it became the toothless lion it is today — never had the balls to try anything like that with Windows apps.

Who, ten years ago, would have predicted an IT catastrophe like this after so much progress and hope? It’s enough to make a person cry. Let’s encourage those GenY’ers who taken up the torch and continue to work on the dream of an open web.

In Canada, people who have served time for a wrongful murder conviction become famous — very famous — and stay that way for years and decades. Steven Truscott, Donald Marshall Jr., David Milgaard, and Guy Paul Morin are arguably household names, better known than many celebrities (including most medal-winning Canadian Olympic athletes, award-winning musicians, etc.)

Truscott’s initial wrongful conviction took place 40 years ago, but if anything, he’s better known now than any time before. Three men with more recentky-overturned convictions — Robert Baltovich, Bill Mullins-Johnson, and James Driskell — are also getting on-going press coverage, TV documentaries, etc.

I had never thought anything unusual about this phenomenon, until the Mullins-Johnson article was suddenly deleted from Wikipedia, with no debate — the Wikipedia editor had assumed that a wrongful conviction was so obviously unnotable that no discussion was required, but when I objected, he did restore the article and start a proper RFD debate.

When Wikipedia has articles about minor, imaginary videogame characters, it seemed unimaginable to me at first that editors would try to delete an article about a real, famous person, but so far, there seems little support for keeping the article. Thinking about it, I suddenly realized that the wrongfully-convicted aren’t famous in the U.S. Sure, I could Google around and find a few names, but in the U.S., serving 10 years for a murder you didn’t commit does not automatically make you a household name — in fact, it might not even result in a national news story.

Perhaps there’s a strong feeling of discomfort around the issue in a country that still executes so many of its citizens. Or perhaps, because the wrongly-convicted often have prior criminal records, Americans don’t feel that their convictions were such a serious injustice. Many U.S. jurisdictions (all?) have very small limits on the compensation you can receive for a wrongful conviction, while in Canada, someone who has been in jail for years could receive well over $1M — a big news story in itself.

I have a conflict of interest with the RFD for the Bill Mullins-Johnson article because I was the original author (though many others have since contributed), but if the article is going to be deleted, I’d hate it to be simply from lack of debate. So, Wikipedia users, whether you agree or disagree with me, please visit the RFD page and have your say.

OurAirports lets members tag airports to create different kinds of maps. I’ve created two maps that show very vividly where the intersections of people, money, and land occur in the world.

Welcome to the club …

The first tag, top150, shows the world’s 150 busiest airports by passenger traffic (as of 2007). Central Africa has lots of people, but not much money, so it’s empty. Australia and Canada have high per-capita incomes but a low population density, so they also appear mostly empty in the map, with only a handful of top-150 airports each. The U.S. has a lot of land but also a lot of money and a lot of people, so it’s very full. India and the Persian Gulf countries are starting to fill up, as incomes rise and more people travel.

… but not this club

The second tag, top30, shows a much more exclusive club, the world’s 30 busiest airports by passenger traffic. These are the absolute busiest hubs, and it takes a rich and populous city or country to support one. Not by accident, fully half of these airports (15) are in the United States, and 8 more are in Western Europe, leaving only 7 for the rest of the world to share.

In this club, the 1.3 billion citizens of China are represented by only two airports (including Hong Kong), and the 1.2 billion citizens of India are not represented at all. Canada and Australia also don’t make the cut (too few people).

Of course, there are other considerations: aside from its money, land, and people, the heavy air passenger traffic in the U.S. may also reflect its horrendous rail system.

See the update below. I was right: Google’s new bot detection is overly naive, and I’m not the only one having problems.

See also John Cowan’s comment below, for a different (personal) interpretation of Google’s terms of service.

Google Maps won’t show me satellite imagery this morning.

Google has recently set up a system to try to autodetect and block bots scraping their system, and it isn’t working very well — people are getting blocked even from Google Search simply because they have too many (human-generated) queries passing through the same proxy.

This morning, I suddenly discovered a different problem: the satellite view in Google Maps has stopped working for me — I get the “don’t have imagery at this zoom level for this region” error everywhere, at every zoom level. I can still see maps and terrain, but not satellite pics, and I noticed the host sorry.google.com setting a lot of cookies.

Is Google’s satellite imagery down for everyone else this morning, or has their software decided that I’m a bot trying to scrape satellite imagery?

Update

I was right — Google’s software had decided that I was a bot. They have a test link directly to a satellite to see if you’re being blocked:

http://khm0.google.com/kh?v=31&hl=en&x=0&y=0&z=1&s=

It took me to this page. I was able to renable access simply by entering a CAPTCHA.

What happened?

I wrote a couple of months ago about how to detect overzoom in Google Maps. My guess is that the overzoom protection in OurAirports — automatically zooming out every 4 seconds until there were actual satellite tiles available — triggered to bot alert, and I’ve disabled the feature for now.

That’s very bad news for any mashup that uses JavaScript to do more sophisticated things with Google Maps, like, say, panning at regular intervals. Google’s bot detection seems to be extremely naive, and any repeated action at regular intervals will fire it off.

Widgets are web pages embedded in larger web pages, generally using iFrames — the content comes via a separate HTTP connection and has its own CSS stylesheet, cookies, etc. Final composition takes place in the user’s browser.

Portlets are software modules that produce fragments of HTML markup that are assembled into a single HTML page, sharing common CSS stylesheet, cookies, etc. Final composition takes place on a portal server, and a single page is delivered to the client browser.

Features

Portlets have a lot of features that iFrames don’t: they require fewer HTTP connections, they allow for common styling (one CSS stylesheet can style all the portlets on a page), and they can communicate with each other and take advantage of common authentication/authorization, etc. (so that a user doesn’t have to sign on to each portlet separately).

Portlets use a window-manager metaphor, allowing the portlet server to resize them, expand them etc. They also have modes, like edit and view, all of which can be accessed through a common interface. All of this happens on the server side.

iFrame-based widgets don’t normally do any of that, but they don’t require special portal servers, they can be embedded in more creative ways, and they offload the processing from the server to the client. They also introduce potential security holes, but only if they’re hosted somewhere that’s not under the original company’s control (the same applies to remote portlets using WSRP).

Users

Portlets are used mainly in intranets, to provide a collection of enterprise apps on a single web page for employees (e.g. a news feed, calendar, expense forms, bug reports, etc.).

Widgets are used everywhere else (e.g. embedding Google maps, Facebook applications, etc.). While widget authors/consumers don’t tend to know (or care) much about portlets, the portlet people haven’t failed to notice the popularity of widgets — most (if not all) portal servers now have an iFrame portlet that does little more than wrap an iFrame and allow it to be resized, etc.

Future?

Are the extra features of portlets compelling enough to justify the extra cost and hassle of running a portlet server? Now that we have browser tabs, AJAX, etc., do enterprises really need to continue to squish all their apps into a single web page that looks like a 1995 Mac desktop gone bad?

My guess is that the only portlet feature with compelling benefits is common authentication/authorization — once the web community gets behind a solution to that problem (OpenID or something similar), widgets will probably push portlets out completely, even in the enterprise.

About 10 months after launching my OurAirports site for air travelers and pilots, I’ve finished the basic infrastructure to allow community authoring. Unlike Wikipedia, OurAirports contains information that is specialized, structured and finite (there are only so many airports in the world), and I’m interested to see the technical and social differences from the Wikipedia world.

More details are available in the announcement on my flying blog. Note, also, that all of the data collected is free for download (public domain).

Late in summer 2007, I set up a dedicated Linux Ubuntu server at a site in San Diego to host OurAirports and my consulting site, megginson.com. The ISP has had some net outages, but the Ubuntu server itself has kept on chugging through. Here’s the uptime:

 11:18:31 up 335 days,  7:12,  1 user,  load average: 0.05, 0.06, 0.01

Since the ISP set the computer up with a minimal Ubuntu install and gave me the access info, it has run continuously — I know I should install an updated kernel some day, but it’s hard to bring myself to do that.

In the search logs for OurAirports, I noticed a series of searches for URLs:

http://www.feliciano.de/Webgalerie/bilder/Italy/une/yiwul/
http://www.unduetretoccaate.it/codice/aseje/wocobo/
http://www.altaiseer-eg.com/ar/articles/jed/umut/

At first, I thought they might be a kind of link spam — some sites display recent searches — but when I checked one of the URLs, I found something totally unexpected:

<?php echo md5("just_a_test");?>

They’re all the same. This is almost certainly related to passwords: is there a known flaw in a PHP content-management system like Drupal, or in the PHP API for a search engine like Lucene, where this would do some damage, or is it just a test probing for weaknesses? Is the PHP code supposed to be served up literally like that, or should I be seeing the MD5 instead?

The Wikipedia article about me was vandalized yesterday (vandalized version) by someone from the IP address 24.225.66.95, which seems to be in or near Raleigh, North Carolina.

What should I do?

1. Edit the article myself to remove the vandalism? — OK, that’s a really bad idea
2. Go in anonymously and edit the article? — also a bad idea
3. Rejoice in the fact that my article is important enough to be vandalized?
4. Despair in the fact that my article is not important enough for anyone else to have noticed and fixed it?
5. Reconcile myself to the idea that the edits are not vandalism at all, and I am, in truth, “a freaking looser who knows nothing” and “a noob”

I’m leaning towards #5, though I’m disappointed that kids these days seem to have forgotten how to swear properly: “a freaking loser”???

I forgot that I’d enabled Google analytics for the XML 2007 web site. Even though the conference is long over, I though it would be interesting to look and see what some of the trends were from September 2007 to January 2008 (keeping in mind that these stats apply to the kind of web users interested in a tech conference, not to the web at large).

I’m using a single dedicated server to host ourairports.com, megginson.com, and a couple of minor domains. OurAirports is a database-heavy application using (currently) a MySQL v.5 database hosted on the same server. I’ll offload the database to a separate server if traffic keeps increasing, but as long as I’m getting compliments from tech people for my fast response times (mainly thanks to MySQL’s built-in query caching), there’s no point paying for extra hardware.

Uptime

My ISP set up the server for me last summer with a bare-bones Ubuntu distro, then I installed the extra packages I needed using aptitude over ssh. Since then, I’ve done many Ubuntu in-place upgrades, rolled out hundreds of changes and upgrades to the web apps and dozens to the database schema (some very significant), and upgraded WordPress n-teen times. Check this out:

$ uptime
 13:08:31 up 175 days, 10:02,  1 user,  load average: 0.23, 0.06, 0.02

That’s right — since my ISP first set up the server with a basic Ubuntu system, I’ve never had to restart it. In fact, if Apache and mod_php (PHP5) had ‘uptime’ commands, they’d show almost the same amount of time, since I restarted them only to make configuration changes in the first few days of setting up the server (unless apt stopped them to install a newer version during one of my upgrades). I’ve restarted MySQL more recently, but again, only to experiment with configuration changes (especially for fulltext).

-1 for being cool, +10 for having a life

Using reliable old technologies like Linux, Apache, MySQL, and PHP doesn’t win any cool points, but it certainly makes maintaining a web server and its applications easy. I can go on vacation, for example, without worrying about being able to get online to fix or restart my server every couple of days. I don’t have to stay up until 3:00 am on Sunday night so that I can take the server offline to roll out new software versions or bug fixes (aptitude installs any security fixes in place). I spend lots of time with my family. I go to my kids’ school concerts. I learned banjo and mandolin (why not, since I have the free time?).

It’s the developer, not the language

And yes, my PHP web app is easy to maintain and extend, because I designed it to be that way (I can often implement, test and roll out new features in a matter of minutes, even when they require database schema changes) — it’s the developer, not the programming language, that determines the quality and maintainability of an app. A lot of newbies use PHP, so there’s a lot of bad PHP out there, but the same can be said for any language, even Ruby.

Image: Thomas Penn, second proprietor of Pennsylvania, not as nice as his dad William.

Almost a year ago, I wrote that Open data matters more than Open Source — it doesn’t matter (to you, the end user) whether a web site is using Open Source software or not, if they still keep your data locked up.

Here’s a nasty example: Robert Scoble has just had his Facebook account disabled for running a script to try to scrape his personal information off the site (since Facebook doesn’t provide him with any other way to get it).

I understand that Facebook needs to protect against malicious bots — and they might decide to restore his account once they know what Robert was actually trying to do (though for now all traces of him have vanished) — but do we really want to have hope for the good will of social sites and beg for our own data every time we want it? Are web site owners the new version of the Proprietors in the early American colonies, who can grant rights as favours when they see fit?

A bit over a year ago, I ran into an unusual problem — for several days, I stopped receiving messages from a customer (in the middle of an important project), then I discovered the messages all hidden deep in my (gmail-hosted) spam box. Everything from that domain was suddenly being flagged as spam.

What happened? This customer had a large mailing list that they used for announcements, etc. My guess is that they sent out an announcement, a lot of other gmail-users flagged it as spam, and whatever weighting algorithm gmail uses tipped it over so that the messages were no longer considered legit by default. I was able to train gmail not to treat those messages as spam (for me, specifically), but it took a week or two before I could trust that some of them weren’t being sent to the spam box.

Hard-core spammers have always had to deal with this kind of thing, and they spend a lot of time trying to figure out a way around it. What’s happening now, though, is that companies with legit (or semi-legit) e-mail lists are also starting to get into trouble, because web-mail makes it possible for hundreds or thousands of people to get together and all vote your e-mail to be undesirable.

This might be of interest:

Amazon SimpleDB

Update: the site shopping cart is broken, and doesn’t properly remove items from the total owing — too bad.

Here’s one easy way: via TechCrunch, Deutsche Grammophon, the gold standard in renaissance/ baroque/ classical/ romantic/ orchestral/ opera/ etc. music (often confusingly referred to collectively as “classical”, roughly equivalent calling all popular music since 1890 “rap”), will start selling their catalogue as unprotected MP3s at midnight German time tonight (6:00 pm in New York City) at their new site dgwebshop.com.

As a teenager in the late 1970s, I used to visit the House of Sound in Kingston (Canada), where they had thousands of DG records — probably most of the catalogue — packed in tight on on shelves lining a wall of the store. I couldn’t always afford them, but I loved being able just to pull them out and take a look at the covers of the different famous recordings. These days, the so-called classical music section of any but a couple of specialized stores in big cities like New York or London have maybe one or two rows of worthless classical-pop compilations hidden behind the DVDs of TV series nobody watched in the 1980s — no wonder people don’t shop at record stores any more.

We tech types have been claiming for a while that music companies could make more money selling unprotected digital music, so here’s the test. I plan to give them a lot of my own money if the site actually works, though I should note a couple of caveats:

1. Many current DG buyers are audiophiles who won’t be satisfied with the sound quality of MP3s (which are optimized more for boom-boom music), so this will probably open a new market for DG rather than leaching their current one.
2. DG’s market is mostly affulent people outside the intense social environment of high school or university, so people will be less likely to share these MP3s — and even if they do, it will probably just act as a promo for the higher quality recordings.

I hope the site can handle the traffic. Rock on, Deutsche Grammophon!

Earlier postings:

• First looks at OpenSocial: part 1 (URLs)
• First looks at OpenSocial: part 2 (content for members and friends)
• First looks at OpenSocial: part 3 (content for activities)

I didn’t have time to look at the OpenSocial API yesterday, so I’m continuing today looking at the data format for the last major area, persistence data.

<entry xmlns='http://www.w3.org/2005/Atom'>
<title type="text">somekey</title>
<content type="text">somevalue</content>
</entry>

$globals{'somekey'} = 'somevalue'

<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns='http://www.w3.org/2005/Atom'>
<id>http://sandbox.orkut.com:80/feeds/apps/02864641990088926753/persistence/global</id>
<updated>2007-10-30T20:53:20.086Z</updated>
<title>Persistence</title>
<link rel='http://schemas.google.com/g/2005#feed' type='application/atom+xml'
  href='http://sandbox.orkut.com:80/feeds/apps/02864641990088926753/persistence/global'/>
<link rel='http://schemas.google.com/g/2005#post' type='application/atom+xml'
  href='http://sandbox.orkut.com:80/feeds/apps/02864641990088926753/persistence/global'/>
<link rel='self' type='application/atom+xml'
  href='http://sandbox.orkut.com:80/feeds/apps/02864641990088926753/persistence/global'/>
<generator version='1.0' uri='/feeds'>Orkut</generator>
<entry>
  <id>http://sandbox.orkut.com:80/feeds/apps/02864641990088926753/persistence/global/somekey</id>
  <title>somekey</title>
  <content>somevalue</content>
  <link rel='self' type='application/atom+xml'
    href='http://sandbox.orkut.com:80/feeds/apps/02864641990088926753/persistence/global/somekey'/>
  <link rel='edit' type='application/atom+xml'
    href='http://sandbox.orkut.com:80/feeds/apps/02864641990088926753/persistence/global/somekey'/>
</entry>
</feed>

$globals = { 'somekey' => 'somevalue' }

Earlier postings:

• First looks at OpenSocial: part 1 (URLs)
• First looks at OpenSocial: part 2 (content for members and friends)

This is the third part of a series where I’m working through the OpenSocial specs as I write — that means that I haven’t preread and predigested this stuff, but am creating a record of how I approach a new set of specifications and try to understand them. First, I looked at the basic URLs for data access, since they provide the best high-level description of the OpenSocial capabilities (read-only info on members and their friends, read/write info on a member’s activity notifications, and a simple data-storage API). Next, I looked at the data format for the most important content, the member profile and friends lists. This time, I’ll look at the format for activity notifications, which is also based on the Atom syndication format.

<atom:feed xmlns:atom='http://www.w3.org/2005/Atom'
    xmlns:openSearch='http://a9.com/-/spec/opensearchrss/1.0/'
    xmlns:gact='http://schemas.google.com/activities/2007'>
  <atom:id>http://www.google.com/activities/feeds/activities/user/userID/source/sourceID</atom:id>
  <atom:updated>1970-01-01T00:00:00.000Z</atom:updated>
  <atom:category scheme='http://schemas.google.com/g/2005#kind'
    term='http://schemas.google.com/activities/2007#activity'/>
  <atom:title>Feed title</atom:title>
  <atom:link rel='alternate' type='text/html' href='http://sourceID.com/123'/>
  <atom:link rel='http://schemas.google.com/g/2005#feed'
    type='application/atom+xml'
    href='http://www.google.com/activities/feeds/activities/user/userID/source/sourceID'/>
  <atom:link rel='http://schemas.google.com/g/2005#post'
    type='application/atom+xml'
    href='http://www.google.com/activities/feeds/activities/user/userID/source/sourceID'/>
  <atom:link rel='self' type='application/atom+xml'
    href='http://www.google.com/activities/feeds/activities/user/userID/source/sourceID'/>
  <atom:author>
    <atom:name>unknown</atom:name>
  </atom:author>
  <openSearch:totalResults>1</openSearch:totalResults>
  <openSearch:startIndex>1</openSearch:startIndex>
  <openSearch:itemsPerPage>25</openSearch:itemsPerPage>
  <atom:entry>
    <atom:id>http://www.google.com/activities/feeds/activities/user/userID/source/sourceID/a1</atom:id>
    <atom:updated>2007-10-27T19:41:51.574Z</atom:updated>
    <atom:category scheme='http://schemas.google.com/g/2005#kind'
      term='http://schemas.google.com/activities/2007#activity'/>
    <atom:title>Activity title</atom:title>
    <atom:link rel='self' type='application/atom+xml'
      href='http://www.google.com/activities/feeds/activities/user/userID/source/sourceID/a1'/>
    <atom:link rel='edit' type='application/atom+xml'
      href='http://www.google.com/activities/feeds/activities/user/userID/source/sourceID/a1'/>
    <gact:received>2007-10-27T19:41:51.478Z</gact:received>
  </atom:entry>
</atom:feed>

See also First looks at OpenSocial: part 1 (URLs)

This is the second part of a series of postings describing how I’m trying to understand the technical specs for the new Google-led OpenSocial initiative. In the first part, I cut down through all the text in the specs to get at the basic URLs, which represent the raw skeleton of services defined by the spec. This time, I’m going to look at the data formats, starting with the real bread and butter of social networking, people and their friends.

<entry xmlns='http://www.w3.org/2005/Atom'
  xmlns:georss='http://www.georss.org/georss'
  xmlns:gd='http://schemas.google.com/g/2005'>
  <id>http://sandbox.orkut.com:80/feeds/people/14358878523263729569</id>
  <updated>2007-10-28T14:01:29.948-07:00</updated>
  <title>Elizabeth Bennet</title>
  <link rel='thumbnail' type='image/*'
    href='http://img1.orkut.com/images/small/1193601584/115566312.jpg'/>
  <link rel='alternate' type='text/html'
    href='http://orkut.com/Profile.aspx?uid=17583631990196664929'/>
  <link rel='self' type='application/atom+xml'
    href='http://sandbox.orkut.com:80/feeds/people/14358878523263729569'/>
  <georss:where>
    <gml:Point xmlns:gml='http://www.opengis.net/gml'>
      <gml:pos>51.668674 -0.066235</gml:pos>
    </gml:Point>
  </georss:where>
  <gd:extendedProperty name='lang' value='en-US'/>
  <gd:postalAddress/>
</entry>

<feed xmlns='http://www.w3.org/2005/Atom'
  xmlns:openSearch='http://a9.com/-/spec/opensearchrss/1.0/'
  xmlns:georss='http://www.georss.org/georss'
  xmlns:gd='http://schemas.google.com/g/2005'>
  <id>http://sandbox.orkut.com:80/feeds/people/14358878523263729569/friends</id>
  <updated>2007-10-28T21:01:03.690Z</updated>
  <title>Friends</title>
  <link rel='http://schemas.google.com/g/2005#feed' type='application/atom+xml'
    href='http://sandbox.orkut.com:80/feeds/people/14358878523263729569/friends'/>
  <link rel='self' type='application/atom+xml' href='http://sandbox.orkut.com:80/feeds/people/14358878523263729569/friends'/>
  <author><name>Elizabeth Bennet</name></author>
  <entry>
    <id>http://sandbox.orkut.com:80/feeds/people/02938391851054991972</id>
    <updated>2007-10-28T14:01:03.690-07:00</updated>
    <title>Jane Bennet</title>
    <link rel='thumbnail' type='image/*' href='http://img1.orkut.com/images/small/null'/>
    <link rel='alternate' type='text/html' href='http://sandbox.orkut.com:80/Profile.aspx?uid=574036770800045389'/>
    <link rel='self' type='application/atom+xml' href='http://sandbox.orkut.com:80/feeds/people/02938391851054991972'/>
    <georss:where>
    <gml:Point xmlns:gml='http://www.opengis.net/gml'>
    <gml:pos>51.668674 -0.066235</gml:pos></gml:Point></georss:where>
    <gd:extendedProperty name='lang' value='en-US'/>
    <gd:postalAddress/>
  </entry>
  <entry>
    <id>http://sandbox.orkut.com:80/feeds/people/12490088926525765025</id>
    <updated>2007-10-28T14:01:03.691-07:00</updated>
    <title>Charlotte Lucas</title>
    <link rel='thumbnail' type='image/*' href='http://img2.orkut.com/images/small/null'/>
    <link rel='alternate' type='text/html' href='http://sandbox.orkut.com:80/Profile.aspx?uid=5799256900854924919'/>
    <link rel='self' type='application/atom+xml' href='http://sandbox.orkut.com:80/feeds/people/12490088926525765025'/>
    <georss:where>
    <gml:Point xmlns:gml='http://www.opengis.net/gml'>
    <gml:pos>0.0 0.0</gml:pos></gml:Point></georss:where>
    <gd:extendedProperty name='lang' value='en-US'/>
    <gd:postalAddress/>
  </entry>
  <entry>
    <id>http://sandbox.orkut.com:80/feeds/people/15827776984733875930</id>
    <updated>2007-10-28T14:01:03.692-07:00</updated>
    <title>Fitzwilliam Darcy</title>
    <link rel='thumbnail' type='image/*' href='http://img3.orkut.com/images/small/1193603277/115555466.jpg'/>
    <link rel='alternate' type='text/html' href='http://sandbox.orkut.com:80/Profile.aspx?uid=14256507824223085777'/>
    <link rel='self' type='application/atom+xml' href='http://sandbox.orkut.com:80/feeds/people/15827776984733875930'/>
    <georss:where>
    <gml:Point xmlns:gml='http://www.opengis.net/gml'>
    <gml:pos>53.017016 -1.424363</gml:pos></gml:Point>
    </georss:where>
    <gd:extendedProperty name='lang' value='en-US'/>
    <gd:postalAddress/>
  </entry>
</feed>

In a year or two, we’ll know whether the Google-lead OpenSocial initiative was a turning point in the social web or just a weak shot fired across Facebook’s bow. In the meantime, I think it’s worth taking some time to digest the API docs, which are still pretty rough.

I don’t know what I’m talking about…

Instead of reading and understanding everything first and then posting from a (virtual) podium, I’m going to try to work out my own understanding of the APIs right here on the web. That means that I’ll be asking questions that I’ll find the answers for later, that I’ll be making incorrect assumptions, and that I’ll be deferring hard stuff (like authorization/authentication) until I understand the basics. This is not, then, an OpenSocial primer by any stretch, since I don’t actually know what I’m talking about, but it might be useful as a snapshot of how a developer approaches a new API.

It’s the URLs, stupid

OpenSocial is designed so that any app can get information from any site as long as it has permission (I’ll figure out how that works later) — to accomplish that, it uses standard URL patterns on every site returning Atom entries and feeds. So after digging through a lot of crackerjack, I finally found the prize buried in the docs. Here are the URL patterns:

Information about a person

http://{DOMAIN}/feeds/people/{userId}

GET only.

List of a person’s friends

http://{DOMAIN}/feeds/people/{userId}/friends

GET only.

List of a person’s activities

(Wrong?) http://{DOMAIN}/activities/feeds/activities/user/{userId}

GET only

List of a person’s activities from a single source

(Wrong?) http://{DOMAIN}/activities/feeds/activities/user/{userId}/source/{sourceId}

GET, POST, PUT, DELETE

Application-global data

http://{DOMAIN}/feeds/apps/{appId}/persistence/global
http://{DOMAIN}/feeds/apps/{appId}/persistence/global/{partKey}

GET, POST, PUT, DELETE

Per-instance data

http://{DOMAIN}/feeds/apps/{appId}/persistence/{userId}/instance/{instanceId}/{partKey}

GET, POST, PUT, DELETE

Shared user data

http://{DOMAIN}/feeds/apps/{appID}/persistence/{userId}/shared/{partKey}

GET, POST, PUT, DELETE

Friends’ shared data

http://{DOMAIN}/feeds/apps/{appID}/persistence/{userId}/friends

GET, POST, PUT, DELETE

Did I miss anything?

Listing all the URLs together like this, instead of spreading them out over pages and pages of docs, is the best way to start with a REST API. For example, you can tell at a glance what what kind of information is available and what is and isn’t writable (you can’t add new friends for a user, but you can add a new activity). Sure, Javascript libraries, etc. are nice, but the class hierarchies can obscure how simple the underlying data actually is (or “are”, if you’ve studied Latin). You can also spot possible typos in the docs — for example, what are the odds that the activity URLs are really supposed to start with “/activities/feeds/” when everything else starts with “/feeds/”? It could be poor, inconsistent design, but I suspect cut-and-paste errors.

Next time: content

The next time I get around to looking at OpenSocial, I’ll try to figure out the formats — it shouldn’t be too hard, since they’re all Atom entries or feeds. Then I’ll get into messier stuff like auth/auth, and I may eventually try adding OpenSocial support to my OurAirports hobby site, though it doesn’t even support friends yet.

I love Google Maps and their API, and am using it extensively in my new web site OurAirports. However, there are two problems that keep coming up for using Google Maps with an aviation application:

1. Google Maps uses a Mercator Projection, grossly distorting the northern and southern parts of the world, and cutting off the area near the poles so that a few of the Antarctic airports don’t show up on my maps at all. I can understand the reasons for their choice, with simple panning and tile paging and a rectangular area, but it can make things look pretty silly sometimes (such as Greenland and Africa appearing the same size).

2. Google Maps does not provide an API call to draw a great-circle path. This seems to me to be almost a no-brainer, and it’s especially important in a Mercator projection, where the apparently straight paths drawn by the API are anything but (especially east-west). After messing with some out-of-date third-party libraries, I finally found some JavaScript at one site that does a good job on efficient, approximate great-circle paths, and am waiting to hear from the author about terms for reuse. Google might want to just go ahead and add this, though.

Aviation charts mostly use a Lambert conformal conic projection, which ensures that distances are preserved (any two points the same distance apart on the chart are the same distance apart in the real world); however, by definition this projection can’t show more than half the world at once, and generally shows much less than that, so it wouldn’t work for something like Google Maps.