Looking Out To Sea

I’ve recently been trying to add publishing support to ComicBake, so that comics can easily be uploaded to remote servers. I started looking at Flickr support because that’s where I would put my comics if I had any. Also it means I would be able to upload work-in-progress shots much quicker.

I spent some time reading over Flickr’s extensive but not very clear API documents. I registered my app with Flickr and received in return a “key” and a “secret”, which are used for signing in. Now I’m not quite sure how the key/secret pair work with open source software. There’s no way I can get round the fact that these two items will be stored in the source. I can obfuscate them in some way, but inevitably the obfuscation mechanism will be documented in the code, because I have to be able to undo it!

On top of that, if someone wants to get a Flickr key they can get one for free in two minutes like I did. The only real reason to secure the key is to prevent other people from writing apps with that key, thus masquerading as your app, and abusing the service. In that case the key would be revoked which would be a pain requiring a new key and new binaries to be distributed. But the chances of someone going to that effort are practically zero, I think.

Anyway, once you’ve got the key and secret to identify your app you need to authenticate yourself in order to change things on Flickr. The authentication process can be boiled down to three discrete steps:

1. Get a frob. Now I have no idea what a “frob” is, but it appears to be a nonce, which in security terms is a one-use random number. You log in with the key and secret and say, “gies a frob!” and you get a random number in return. This random number is stored by Flickr for an hour and then forgotten, so you have an hour to complete the next step.

2. With your new frob and your authentication details you construct a web address which is unique to this instance, since the frob is (probably) unique and so is the key/secret. The user then has to load the page up and authorise your app.

   http://api.flickr.com/services/auth/?api_key=1234&frob=6789&perms=write&api_sig=162738

3. Once that’s done you can request a token from the Flickr server. The token is only handed out once per login, so if it’s lost you need to start again at step one. The token can be saved to disk and re-used as many times as needed by this application, but the user may revoke access at any time from the Flickr website, so be ready to discard saved tokens.

The specification requires that you let users “log out” too. Since there is no way to revoke your own permissions remotely you can simply delete any local tokens you have, which is as good.

I managed all of the above fairly easily with the Haskell Flickr bindings put together by Sigbjorn Finne. The uploading stage is where I stalled and it seems to be a problem in the library since the included example programs give the same error message I’m getting:

toRequest: POST request contains 1 files; unable to represent as query string
Defaulting to multiform/form-data instead
Flickr error:
 
 Code: 96
 Type: Flickr API error
 Details: Invalid signature

I haven’t had a chance to capture what’s being sent yet and decipher where the problem lies. I’ve emailed the author to see if he knows any more but haven’t received a reply yet.

In 1953 when Crick and Watson announced their results on the structure of DNA, the following phrase was used to conclude the results:

It has not escaped our notice that the specific pairing we have postulated immediately suggests a possible copying mechanism for the genetic material.

I recently saw Tim Berners-Lee’s message revealing the work he’d been doing at CERN on something he called WorldWideWeb:

This project is experimental and of course comes without any warranty whatsoever. However, it could start a revolution in information access. We are currently using WWW for user support at CERN. We would be very interested in comments from anyone trying WWW, and especially those making other data available, as part of a truly world-wide web.

Any other interesting but understated announcements of revolutionary discoveries or inventions?

I feel like I’m just posting stupid screenshots at the moment, but this is the second time E-ON have done this to me so there’s no mercy.

Come on, form mail isn’t difficult! Get your act together, and check the damn things before you hit send.

Severely snowed out today so SICP study group was cancelled. I’m using the time in the house to make stock with the bag full of lamb bones and bits that have been sitting in the freezer for many months. I think I will make some kind of soup with it later, preferably one with lots of chunky vegetables and other interesting bits. I’ve also got a bunch of beetroot in the fridge which I intend to make into beetroot and chocolate cake, because it was so tasty last time I made it. (And I want to do it in a cooler oven since 190°C blackened the outside without cooking through when I made it before. That was the only occasion when the skewer test has been useful to me.)

Back to the topic of the study group. Reading SICP is deceptively easy at times. Each step is a simple progression from the last, such that each idea seems obvious and trivial. Then suddenly some trivial new concept makes no sense at all and you find yourself backtracking through pages of explanation to find some firm handhold from which to start moving forward again. Most of the time I feel that I’m not learning anything but I realised today that some things which were not intuitive in the past are now familiar and natural. I was reading The Arrow Calculus and realised that I could understand all of the notation and type rules for lambda calculus and arrows given. It was the environment stuff in particular that felt “obvious” in the way that it wouldn’t have in the past, and I’ve been doing a lot of interpreter writing and environment-jigging in recent weeks with SICP. It’s all coming together.