If we want free city wide WiFi in SF then we’ll have to do it ourselves

If you live in SF like me, then you’ve probably been waiting around for the Mayor, Google, and Earthlink to work out there differences so we can get city wide WiFi. WiFi provided by them will be great and I know my grand children will really enjoy it.

Fortunately there is a solution happening today in the community to bring WiFi to us all. A company from Mountain View called Meraki is providing bandwidth and sending SF people free repeaters to build a community free network. A friend was over the other day and connected to the “FREE THE NET” ssid by mistake and it worked perfectly.

I went to their site and signed up and now they’re sending me a repeater as well. So, if you live in SF lets keep this going.

Go here to get a repeater or find out more: http://sf.meraki.com/

Steven

No API? No Problem. The Pownce example with Actionscript

Pownce is currently in an Alpha State (very alpha) so publishing API information really doesn’t make sense when theres still potential to make large changes to the application. But what if you want to use it anyway? You have what i see to be 3 options.

1. Wait for Pownce to release information about a public API. (Smart Move)
2. Wait for someone else to figure out the API and publish information about it. (Saves time) Someone has just released a python api on googlecode.
3. Figure it out for yourself. Seemingly is a major pain figuring out an API you really can’t (shouldn’t) use in any application you would make public. However, if you have the time it can be fun. Like a puzzle.

Anyway, I chose option 3 and these are the basic steps i took in getting the API up in going in a Flex app.

1. The first hurdle. Got Invite?

Sign up for Pownce and install the AIR application. (if you need an invite let me know)

2. You talk’n to me? The Packet Trace.

In order to use the API we need to understand how the the AIR application is communicating with the server. In order to do this we’re going to watch the network traffic on our computer. There are several programs out there that can help with this, but I just use tcpdump on osX.

2.1 Open up the Terminal in osX
2.2 Run the following command:
sudo tcpdump -i en2 -vvv -n -s 0 -w ~/Desktop/PownceTrace.dmp
(for more information http://developer.apple.com/qa/qa2001/qa1176.html)
2.3 Launch Pownce.
2.4 Login to Pownce.
2.5 Close your Terminal
2.6 Open the PownceTrace.dmp file in a text editor and you will see something like the following:

GET /api/login/ HTTP/1.1
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate
Cookie: sessionid=96b063edc2713808a0b11440ec432691
Referer: app-resource:/PownceDesktop.swf
User-Agent: Pownce Alpha Desktop 0.5
Authorization: Basic aW5pdGssDfdafdafafafadfdfa==
X-Flash-Version: 9,0,28,0
Connection: keep-alive
Host: pownce.com

POST /api/notes/for/initapp/?auth=UsernameToken%20Username%3D%22initapp%22%2C%20PasswordDigest
%3D%fdafafsfdasfafdasfafdsafadfafda22%2C%20Nonce%3D%22MDQ1NzkzMjcxNzE2Njg0MTAz%22%2C%20
Created%3D%222007%2D07%2D05T14%3A16%3A44Z%22 HTTP/1.1

Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate
Cookie: sessionid=96b063edc2713808a0b11440ec432691
Referer: app-resource:/PownceDesktop.swf
User-Agent: Pownce Alpha Desktop 0.5
Content-Type: application/x-www-form-urlencoded
X-Flash-Version: 9,0,28,0
Content-Length: 202
Connection: keep-alive
Host: pownce.com

3. The Hill of Beans

So now what? Lets figure out the authentication.

Figuring out the authentication is the simple part. Seeing “Authorization: Basic aW5pdGssDfdafdafafafadfdfa==” is the tip off that we’re dealing with a simple Basic Authentication scheme (http://en.wikipedia.org/wiki/Basic_authentication_scheme). The twitter api also uses this. Basic authentication is Base64Encode(name:password).

ActionScript:
var urlRequestHeader:URLRequestHeader = new URLRequestHeader(“Authorization”, “Basic ” + base64Encode(userName + “:” + userPassword));

Next i took the GET /api/login/ HTTP/1.1 dropped http://www.pownce.com/api/login/ into firefox.

Response:
<login token=”4Ol+EZZZ8×518RRfdadfafdaoGW0IPu0E=”>
<user pro=”0″ maxuploadsizemb=”10″>
<atom:author>
<atom:name>Steven G.</atom:name>
<atom:uri>http://pownce.com/InitApp/</atom:uri>
<username>InitApp</username>
<image>http://pownce.com/profile_photos/I/n/i/InitApp/9440_medium.jpg</image>
</atom:author>
</user>
</login>

4. It can’t be this easy can it? Nope…

In order to send/receive messages we need to figure out the following:

/api/notes/for/initapp/?auth=UsernameToken%20Username%3D%22initapp%22%2C%20PasswordDigest
%3D%fdafafsfdasfafdasfafdsafadfafda22%2C%20Nonce%3D%22MDQ1NzkzMjcxNzE2Njg0MTAz%22%2C%20
Created%3D%222007%2D07%2D05T14%3A16%3A44Z%22 HTTP/1.1

With the login response and the “auth=UsernameToken” I was able to determine that we’re using what looks like the Atom API and WSSE. In order to get the PasswordDigest we’ll need to understand this. I read Atom Authentication at “http://www.xml.com/pub/a/2003/12/17/dive.html” and figured out that
PasswordDigest = Base64 \ (SHA1 (Nonce + CreationTimestamp + Password)).

To get the WSSE authentication in actionscript 3 we can turn to the as3corelib (http://as3corelib.googlecode.com/svn/trunk/docs/com/adobe/crypto/package-detail.html)

userAuth = com.adobe.crypto.WSSEUsernameToken.getUsernameToken(userName, password);

5. Step Five: Admit that you have no idea what you’re doing.

So now we have it all figured out. We can authenticate the user and generate the userAuth for each request. At this point, I’m beaming with excitement. But disappointment sets in quickly when after generating the request i would only receive invalid credentials. When I took the same Nonce and Date and used it to with my username token from username and password, I could never get a match. So I pulled out my hair for awhile and then just let it sit.

6. Research. The internet holds the secrets.

In searching the internet about information regarding WSSE I happen to run in to a blog post written by “Michal Migurski” who worked on the digg api:

Michal “This post is a run-down of various patterns we’ve encountered for authenticating applications and users, and has been greatly helped along by conversations with Shawn, Steve, Matt, and others.”

The Shawn he is refering to is “Shawn Allen” who has written the pownce API. Ok, now we’re getting somewhere.

The key parts of the post to me comes in these 2 sections:

Michal “WSSE has come under a great deal of criticism due to its requirement that the password be part of the hash. No sane application developer stores passwords in cleartext, but WSSE requires that this be the case in order for the server to re-create the hashed token for comparison.”

In the next paragraph

Michal “Amazon’s web services define their own authentication protocol… Second, instead of asking for an account password, Amazon assigns each API user a secret key for use in such hashes.”

Read it all:
http://foocamp.crowdvine.com/feeds/show/1226?type=blog&scope=profile

6. Oh thats the stuff!

1. They would never send the password with each request. (I’m assuming they’re sane)
2. Amazon uses “secret key” instead of the “password” in hashes.

The secret key reminded me of the <login token=”4Ol+EZZZ8×518RRfdadfafdaoGW0IPu0E=”> received after the login.

At this point I replaced :

com.adobe.crypto.WSSEUsernameToken.getUsernameToken(userName, password);

with

com.adobe.crypto.WSSEUsernameToken.getUsernameToken(userName, token);

The API is now open. There was some additional weirdness in the url encoding which I have working in the downloadable example. I plan on looking at the python version to see what they’ve done. I glanced at there googlecode site and it looks like a lot of good information is building up. http://code.google.com/p/python-pownce/

I guess the point of this post isn’t so much to hand out how to use pownce in your app as it was how much fun you can have in solving the puzzle.

You could say its a technical mystery and you’re the detective.

Code Disclaimer:
The code is rough. I started to create an API for pownce based on how the Digg api was done. Parsing the atom feed for the notes quickly made me realize that in order to be done correctly, it would be… you know, work. So I stopped and the code contained allows you to post a public note and retrieve your private notes. Do not use this code for any public applications.

Download Example Code

The Flex, Cairngorm, and .Net Cocktail

So what do i mean by cocktail? For .net developers, adding Flex to the mix can seem like an extremely daunting task. Many of us have had to fight internal battles to use flex because it is still perceived by many as being unproven. With that in mind how much new technology needs to be added to the mix to get a Flex and DotNet environment up and going. Do we need to add some webORB, amf, magicDotNetFlexHookup.org, fluorine, arp, to make a scalable application? Adding all these ingredients in reminds me of the fountain pop machine at the roller rink when i was a kid. We used to mix all the various flavors together, root beer, coke, lemonade, etc… we called the drink a suicide.

The truth is we can make this drink with a simple mix.

Getting Started Mix (Flex with a Splash of .Net)
Flex 2 – Proven framework already being used by large dev companies, ebay, youtube, comcast, etc… (Also known as “The Thirst Mutilator”)
Cairngorm Framework – Tons of documentation and examples. Complex flavorings, no aftertaste.
Webservices - Done in .Net, simple effective
.Net – Its the rum and coke of the development world.

Now you have all the basics you need to get started. I’ve mixed the first drink together so you can try it.

*The example shows how to retrieve a strongly typed object from .net through Flex and Cairngorm. *

Quick Video Overview View
Flex Project: Download
.Net Project: Download

Related Links:
http://www.flex.org/dotnet/
http://labs.adobe.com/wiki/index.php/Cairngorm

Quicktip: Flex Form Validation – Sometimes tapping the user on the shoulder just isn’t enough

Since Flex 360 I’ve been completely engulfed in a large project in which a large portion of it is in yes, Flex. Flex and I have been getting along pretty well but from time to time we rumble a bit. In the case of form validation flex seems to be perfect in almost every way… except that after the validation happens the only signal to the user that something needs to be done is the hightlight around the control. This is the validation equivalent of a tap on the shoulder to the user.

What i wanted was to show was the rollover popup for the first form element the user had to alter in order to have a valid form immediately upon hitting submit. Unfortunately I couldn’t find any method to raise the popup so I wrote a quick little hack that does the job. Its not perfect, but one of the best things I learned from the flex 360 conference was when Jessie Warden said “sometimes you just throw stuff out there and its hot!”. Essentially, what I think he meant was what you do may not always be the best way, but if it does the trick… go with it.

private function setValidationFocus(formObject:Object):void{
formObject.setFocus();
formObject.dispatchEvent(new MouseEvent(MouseEvent.MOUSE_OVER));
}

If anyone knows of a better way to accomplish this task, please send it my way.

thanks -s

Your Flex app into Apollo in 5 minutes

In his keynote Kevin Lynch said it would take 5 minutes to get your flex app into Apollo. He wasn’t kidding. I had my cairngorm based flex app into apollo in under 5 minutes.. great job flex/apollo team. Way to come through and I was told to give a special thanks to Mike Chambers for tonights events…. This really is as cool as i thought it would be.. See my app in apollo below

Click image to enlarge

Is the Apollo team run by the kid that lived next door that never let me play his video games?

So I’m off to ApolloCamp tonight and I’m hearing a lot of “maybe” we’ll let people get Apollo and it got me thinking. When I was a kid I lived next door to a kid named Barry. Barry had an intellivision. He would always call me to come over and check out his video games with the enticement of “maybe” he would let me play.  So I would go over and get all excited about playing and inevitably end up just watching him play for hours. Lets just say I found it slightly Frustrating.

For the last year now I’ve been hearing about Apollo, watching other people make applications with Apollo(mxna, http://video.onflex.org/, Flex 360), and what i want to know is, when is it going to be my turn? If you see someone having a temper tantrum tonight at ApolloCamp then you know you’ve found me. On the other side of it, its been a long time since I’ve been this excited about a new technology (like a kid again) and for that I’m thankful. Without the flex team/flex community keeping me filled with cool new things almost daily, I think the anticipation of Apollo would have driven me crazy a long time ago.

See you all tonight!

-Steve

Also, thanks to my Mom for getting me an Apple IIc which made me forget all about Barry and his Intellivision. Your the Best Mom.

Quick Tip for Developers using ASP.Net / osX / Parallels / Flash / Flex / Kitchen Sink

How to access and debug your ASP.net application when making calls from Flex/Flash when you’re developing in osX. Some kid on a forum was having issues with figuring this out. So heres the solution to how to access your ASP.net (Using studio 2005) application from osX.

Heres the setup:

osX: Flex or Flash

Windows: Visual Studio ASP.NET 2005 Project

The asp.net development server is only available on the local machine (for security reasons). So really all we need to do is switch to using your local IIS install.

1. Make sure IIS is running and the home directory of your web is set to your applications directory.

2. Change your windows firewall to allow port 80.

3. Open your studio asp.net project and right click on the project. Select “Property Pages”

4. Select “Start Options”. Change “Server” from “Use default web server” to “Use custom server” and enter a base URL of http://localhost

5. Get your xp installs current ip address. Go to start, run, enter “cmd”. Enter ipconfig. (Note: I’m not using parallels shared network) (also a good idea to use an internal static IP in XP)

6. Open Safari. Enter Http://{your windows ip address} (make sure your .net project has a default page)

7. I know what you’re thinking. Damn Jenny! Thats the sh*t!

8. Ok, probably not. But hey it works.

9. The only other problem with this whole setup? It kind of overloads my macbook(flex,flash,Studio,XP,osX,Fireworks,PS,etc) and makes it sad. Still waiting for final girlfriend approval on that Mac Pro.

There you go kid. Knock yourself out. -s

Meeting the Flex Team: I thought they’d be taller

First of all thanks to the Flex team for including the community in this soiree. It was slightly difficult for me jumping into the fray of conversations with my social skills being that of a… well of a programmer. But thats why I always drag my girl with me (She is awesome). Eventually towards the end I did get a chance to talk to Ted Patrick some about WPF/e and how Flex was a big step forward for making the flash platform excessible to .Net type developers. He was extremely candid and interesting. The whole team seemed to have a relaxed yet confident, attitude answering all questions honestly even if the answer had to be “we’re working on it”.

About Apollo. From talking with Ted, I did find out that an alpha/beta release of Apollo will be out in the near future. However, it will not be in the next couple of days or weeks. So everyone can just give the labs.adobe.com homepage a break.

Two applications were demonstrated. One Flex application for monitoring and controlling different aspects of a yacht which seemed to have features that went on and on and on and on. I call it the iYacht. They may want to see if that trademarked before they try to use it. For me it was good to see a large Flex application functioning that smoothly regardless of what it did. The second application was a word processing application that was cool but didn’t really float my boat as much.

Anyway, thanks again to the Flex team you’re doing fantastic work. You make development fun.

Oh yeah. Just one suggestion for the next get together. Music. Let me know if you need me to bring some.

-s

The new phone books are here! The new phone books are here! Added to MXNA, What it takes..

So my blog has been added to the MXNA aggregator. Does that make my blog special? I like to think so. I like to think that there is a huge series of tests that must be performed before they add your blog. Its a high standard of criteria that has to be met. I imagine them to be something along the lines of the following:

1. Is it funny? Is it “Ha Ha” funny or is it “Ha Ha” sad.

2. Is it explosive? What happens when you add mentos and diet coke to it?

3. Is the content original or should the blog just redirect people to Ted Patricks blog?

Just some random possiblities.

Does anyone know what this criteria really is?

I’m somebody now! -s

ActionScript Example: Creating a Static Function

So a developer I work with was going to use an include file and a prototype for a string altering method he wanted to use throughout his application. The only thing that came to mind was the Mr. Horses catch phrase from Ren & Stimpy.

“No sir I don’t like it”.

I offered the possibility that he might create a utilites class in our namespace with a static function to accomplish his goal. To that he asked “Can you give me an example of how to make a static function”. Well here it is:

First we have our class:

class com.imart.utilities.StringHelper{

function StringHelper(){

}
public static function returnString(passValue:String):String{
return “Here you go:” + passValue;
}
}

Then we can call the method:

import com.imart.utilities.*

example_txt.text = StringHelper.returnString(“Steve”);

Download the example project