Posted by: quetwo | July 20, 2010

OAuth and Flex/AIR — Making Twitter work again.

Quite a while ago I posted an entry on how to make a quick Twitter Client.  Over the past few months, Twitter decided that basic authentication was no longer the best way to go, and they needed some way to help users protec their accounts.  Their solution is the OAuth protocol, which is now required for any functions that require authentication. 

I never really paid attention to this new authentication scheme until I went to create my VW “App My Ride” app that interacted with Twitter.  That app made me re-engineer my APIs and classes to meet the new authentication scheme.

What does this mean for the Flex or AIR developer?  Well, it means that you now have to incorporate the OAuth mechanism into your app, and if you were planning on using Twitter in a way that removed it from a web-browser completely — well, you rethink your authentication schemes.  Like so many of the authentication schemes that I have to deal with on a daily basis like Shibbloth, the authentication method forces you to open a trusted website to give your credentials to, which then pass back some sort of token to the application you are using.  This means the application must be well known to the authenticator, and it no longer directly holds the login and password information (but rather a revokble key). 

So, where does that leave you?  First, you have to head over to the OAuth enabled service that you wish to authenticate to, and register your application.  For example, for twitter, you will want to login to twitter, and head to http://dev.twitter.com.  There is a link to “Register your application”.  Once you have your two magic tokens (called the “Consumer Secret” and “Consumer Key”), you are ready to go.

From here you have two choices — you can either implement your own OAuth module yourself, or you can grab Dan Petitt’s (@coderanger) library and get a leg up.  His blog post where he introduces the module is available here : http://www.coderanger.com/blog/?p=59

In my case, I first imported the OAuth source code as downloaded from the blog above.  They should end up in the /src/com/coderanger folder (giving a package of com.coderanger).  Next, we will want to instantiate the OAuthManager class, passing in our Consumer Key and Consumer Secret that we got from Twitter.  You would do this like:


var oauth:OAuthManager = new OAuthManager();
oauth.usePinWorkflow = true;
oauth.oauthDomain = "twitter.com";
oauth.consumerKey = "insert your consumer key here";
oauth.consumerSecret = "insert your consumer secret here";
oauth.requestToken();

After the OAuth component returns, it will be populated with a few key pieces of data, and will fire the “OAuthEvent.ON_ACCESS_TOKEN_RECEIVED” event.  With this, you will get the AccessToken and the AccessTokenSecret, which, when combined with the PIN (this is not sent back, but will be supplied by the end-user), will allow authentication.  In order to call your OAuth enabled site, you will need the following bits of information for each call:

  • The OAuth Domain
  • The Consumer Key (Specific to your app)
  • The Consumer Secret (Specific to your app)
  • The PIN (Provided by User, after they get the OAuth website from the requestToken() call)
  • The Access Token (Returned by a successful RequestToken() call, and is specific to the user, and their PIN)
  • The Access Token Secret (Returned by a successful RequestToken() call, and is specific to the user and their PIN)

You will need to populate the OAuthManager instance with each of the above for it to work.  To actually make an authenticated call to Twitter at this point, you need to build an HTTP request that contains the above information encrypted. My code looks like this (the HTTP request will come back and return the data as XML) :


http = new HTTPService();
http.useProxy = false;
http.contentType = "application/x-www-form-urlencoded";
http.addEventListener(FaultEvent.FAULT, gotTwitterFail);
http.addEventListener(ResultEvent.RESULT, gotTwitterResult);
var postData:String = oauth.getSignedURI("GET", "http://api.twitter.com/1/statuses/home_timeline.xml");

http.url = "http://api.twitter.com/1/statuses/home_timeline.xml";
http.method = "GET";
http.send( new QueryString(postData).toPostObject() );

It is really not too hard, but it is different. I’ve also been able to authenticate to additional services since writting this particular Twitter app, such as some of the MSN and WordPress services.

Leave a Comment

Posted in Adobe, Flex, Personal | Tags: , , , , , , , , ,

Posted by: quetwo | April 9, 2010

Three strikes, and your out Apple!

In the past few weeks, there have been disappointment after disappointment coming out from Apple for developers.  While the iPad seems to have made a big splash news-wise, its release has been lightly overshadowed by some other announcements from Apple — the iPad will not allow Flash, Java or Silverlight content within the browser. 

In the past, the world just ‘understood’ that the Flash player wouldn’t work on mobile devices — these are devices that are measured in inches, not GHz, and have to operate in very loosely connected environments (AT&T).  We accepted this, but of course wanted it so we could experience the entire web. 

With the introduction of the iPad, a “computer replacement” device, there really is no more excuse.  The technology works, and has been proven.  All of a sudden a press release goes out claiming Flash would shorten battery life, would make the device hot, and catch on fire, etc.  The list goes on as to why Flash shouldn’t be included.  As people started to get the devices in their homes, the reviews were consistently “this device would be much better if it had Flash”  or “I miss Flash.”

Earlier this week, Apple dropped another bomb — Applications submitted to the store to work on the iPhone / iPad / iTouch cannot utilize gestures designed for their own applications.  For example, the pinch to expand gesture is reserved for Apple created applications ONLY — new applications have been denied access to the store because they emulated these features.  This is a huge mis-step in the UX world.  In UX, there is a general feeling that gestures and human interactions should be consistant between applications.  This is why Windows became so wildly popular — if you figured out how to use one Windows application, you figured out how to interact with most of them.  Apple doesn’t want that the be the case — they want to have the “Apple” way, and the “other” way.

Finally, a draft copy of the new EULA that will be included with the iPhone OS 4 SDK was released.  This EULA has some provisions in it that make some very large and sweeping restrictions on HOW you create your applications. 

Up until now, the major restriction was that you could not execute any code that was not included and compiled in the inital application (for example, runtimes like AIR and .NET would not be possible).  The theory behind this was about security — they didn’t want malicious code to be downloaded and run on the iPhone.  This also is one of the blocks of having the Flash player on the iPhone.

However, the new SDK EULA now reads :

3.3.1 — Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs. Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs (e.g., Applications that link to Documented APIs through an intermediary translation or compatibility layer or tool are prohibited).

Essentially, what this boils down to is if you want to create iPhone, iPod Touch or iPad applications, you have to use Apple’s developer’s tools, on Apple’s operating system, which only runs on Apple’s hardware.  Oh, and you have to sign Apple’s NDA, pay for their certificate, and submit to only their store.  Although there are other tools, better integrations with workflows, etc., you CANNOT use them if you wish to deploy you app to anybody (including yourself).  Oh, and if you know another language really, well, you better learn THEIR language (from scratch) and kinda make the application work.

Apple has always been about their image, and Microsoft has always been about the developers.  Microsoft’s theory has been that if you make the developers happy, they will make cool apps that people will want to use.  Apple has taken the other approach — make a cool device which will drive the consumers to demand the applications and developers.  Now, for some odd reason, Apple thinks they can punish their developers AGAIN (remember the 90′s?) for trying to serve consumer demand.

One other final thought — Some of the biggest critics of Adobe in Apple’s camp say that Adobe is lazy.  They keep showing that the Apple versions of Adobe’s products are missing features, are clumsy or are less stable.  I need to throw out there that in the last 10 years (MacOS to Snow Leapord) Apple has forced all of their application developers to migrate first from Titanium, to Carbon then to Cocoa, which for larger applications results in complete gut-jobs.  For example, if you want your application to be able to address 64-bit memory space, you MUST re-write the app in Cocoa.   How can Adobe be expected to keep both Windows and OSX feature parity if Apple is making them rewrite the app every few years?  Microsoft has allowed us to keep writing to the same libraries since Windows 95 / NT, allowing the applications to grow and create NEW features.

Well, enough ranting — here is a video Adobe showed during their MAX convention this last year on their efforts to get the Flash Player to work on the iPhone :

5 Comments

Posted in Adobe, Flex, Personal | Tags: , , , , , , , , , , , , , ,

Posted by: quetwo | March 28, 2010

Hardware Hacking with Flex and the Arduino

This weekend I had a chance to play some more with the Arduino that I got at 360|Flex.  I’ve got so many ideas of things I want to build with it, which is probably a bad thing.  I’ve got $60 worth of parts coming from SparkFun just so I can play with more than a few LEDs :)

I made a 20 minute screencast on a little project I made this weekend.  It is a volume meter that reacts to MP3′s playing in a Flex app.  In its entirely, the entire project is very simple — 4 LEDS connected to the Arduino, and a 50 line Flex 4 application which controls them.  I’d like to say that there was a hard part to this, but thanks to Justin Mclean’s class, there really wasn’t one.  You can download the Flex source-code to the app here (but you will have to supply your own MP3 to play in the assets folder).

Hardware Hacking with the Arduino ScreenCast

Leave a Comment

Posted in Adobe, Flex, Personal | Tags: , , , , ,

Posted by: quetwo | March 23, 2010

An Intro to ColdFusion Builder

ColdFusion Builder was released yesterday, and in all honesty I’ve been using it for about 6 months now (public and private betas).  It’s been rock solid and chalk-full of features, even for a 1.0 release.  Adobe also realized that they can’t make every feature available for the 1.0 release, so they made the entire thing extremely extensible.  But they didn’t just make it extensible, they made it extensible with ColdFusion / CFML code!  Now anybody can enhance the IDE to their liking.

Check out my screencast on how to do the basic setup of ColdFusion Builder.  More screencasts to come shortly about some of the cool features, like how to use the extensions :

ColdFusion Builder Introduction

2 Comments

Posted in Adobe, ColdFusion | Tags: , , ,

Posted by: quetwo | March 22, 2010

Welcome to the family, Flash Builder 4!

This morning Adobe’s Flash Builder 4 and ColdFusion Builder 1.0 were released!  I feel like both have been in beta for ages and ages, but that’s most likely because they’ve been stable so long, and the world has been using it for at least the last six month.

So, what’s so great about Flash Builder 4? Lots and lots.  This 4th generation IDE really strives to make our (developers) lives better by making the work flows faster and better.   One of the biggest updates is the inclusion of the “DCD” or Data-Centric-Development work flow.  Flash Builder 4 abstracts all of the work that went into connecting Flex to database or back-end server like PHP or ColdFusion.  In mere seconds you can populate a datagrid from a web-service or AMF based PHP/ColdFusion code without worrying about all the connecting code that went into it.  And the code that is generated is not sloppy, template laden crud we would expect to find, but rather a best-practices implementation that is extendable to match how you are coding today.  DCD also allows for some of the features that were difficult to implent without the help of LCDS in the past like publishing the changes back to the database, data paging, etc.

Below is a quick screencast I made detailing the DCD workflow in Flash Builder 4:

Introduction to Data-Centric Development in Flash Builder 4

I will be posting more tutorials soon on some of my more favorite features of FB4, and ColdFusion Builder.  This is truly an epic release and I’m glad I was able to be able to work it in its final release :)

1 Comment

Posted in Adobe, ColdFusion, Flex | Tags: , , , , , , , , ,

Posted by: quetwo | February 18, 2010

Flash Builder Client-Side Data Management vs. LCDS

One question I am asked fairly regularly is this : “Now that Flash Builder will include what they call Client-Side Data Management, why would anybody need Adobe’s LiveCycle Data Services?” 

Until this latest version of Flash/Flex Builder and Flex, there was a very clear distinction for when you needed LiveCycle Data Services and when you could simply use BlazeDS.  If you wanted seemless interactions between your database and your client, you by default went to LCDS.  If all you cared about was sharing data between clients, then you could get away with BlazeDS.

With the upcoming version of Flash Builder there is a new set of wizards called the DCD or the Client-Side Data Management Wizards.  These wizards will emulate a lot of the functions and features that were previously only available to LCDS users.  Things like having changes to an ArrayCollection (via a DataGrid) auto-commit to the database are now available, as well as data pagination and some other time-saving features.  All of this work is done on the client-side with little work on the server.

You don’t get all the features of LCDS, however.  LCDS’s Data-Management features allow you to have the concept of ‘managed’ data on the server.  This means that you have a middle-ware application that stores a copy of your data in RAM and keeps track of which clients are accessing which parts of that data.  The concept allows you to do things like real-time conflict-resolution (client-side only supports last-in-wins) where both clients are notified if the data is changed in any connected client.  It also allows for real-time data updates — for example, if you have client-A update their data, client-B who is also viewing that data is instantly notified that their view is old and updated with the changed set.  This is immensely critical where you have data that is viewed and possibly updated in realtime by multiple people — and it is only available in LCDS.  LCDS also allows you to do lazy-loading out of the box, which is not available in the client-side version.

Adobe’s LiveCycle DS 3 also introduced the “Data Modeling” workflow in this past release.  This plugin to the Eclipse framework allows users to model their database (or pull in an existing database and have it modeled for them) and make changes to that database, regardless of what database server is in the backend.  This is using UML-like diagramming, and is extremely powerful.  LCDS Data Modeling View can then take that UML model and auto-create forms (with validation), data views, etc. with a few clicks of the mouse.  With this model, no server-side coding is required at all.

Flash Builder’s Client-Side Data Management emulates the form-building aspect of this, however it is not nearly as automated or point-and-click.  It will write some stub classes for you, and set you up with the basics, but things like validation have to be written by hand.  Furthermore, you have to customize your back-end server coding to match how DCD expects your classes/cfcs to work. 

Pretty much, to sum it up, if you need you plan on having your clients view and edit the same piece of data at the same time, you may still want to consider LCDS.  If you don’t want to write any back-end code, LCDS is also worth looking at as well.  Otherwise, see what Client-Side Data Management can do for you.  But remember, Adobe no longer offers their Community Edition / 1 CPU edition / Free Edition / Office Edition, so LCDS has become quite costly to get into.  I wish that wasn’t the case :(

2 Comments

Posted in Adobe, Flex | Tags: , , , , , , , ,

Posted by: quetwo | January 20, 2010

Introduction to Papervision3D

A few months ago I did a User Group meeting at the Michigan Flex Users Group on the Papervision3D framework available for the Adobe Flex framework.  The video below is about an hour and a half and hopefully gives a quick introduction on how to use it, along with some examples.  Enjoy!

Introduction to Papervision3D

1 Comment

Posted in Adobe, Flex | Tags: , , ,

Posted by: quetwo | December 31, 2009

The truth about avoiding the phone company with VoIP

VoIP, or Voice Over IP is seen as the future of telecommunications.  In the enterprise, it took hold about 5 years ago, and about 3 years ago it became the norm for any new phone system. In the highly controlled network environment of the office, the technology flourished and eventually became rock-solid by breakthroughs made by companies like Avaya, 3com and Cisco.

Around the same time consumer-based VoIP products like Vonage started hitting the market.  These use the consumer’s internet connection and provided a dialtone like replacement for a standard phone line.  Generally these types of connections were less expensive (and in some cases, they were MUCH less expensive), but at the same time they relied on the general internet (without any quality-of-service gaurentees).  Recently there has been a lot of fanfare over Google Voice being available on various mobile devices like Google’s Android and Apple’s iPhone.  This allows users to use their data plans and bypass the cell-phone companies. The funny thing is, even AT&T sees consumers bypassing their services as a viable threat – they filed paperwork to lift the requirements that they provide phone services in their entire claimed market.

There are a few problems with this mass migration from traditional telephony services to this “wild-wild-west” VoIP services.

First off, VoIP has no concept of location-based services.  With traditional PSTN “landline” or business services, the phone company delivers your services to a physical location (your home or business).  This information is tied to a database which is given to 911 and other emergency services when you need it. Because VoIP connects over the internet, there is no real way to track where a call is physically being placed from — and the problem is exaserbated by devices like firewalls, VPN tunnels and MPLS networks.

Next, there is no concept of Quality of Service for many of these consumer devices.  Companies like AT&T in my local market offer DSL service in most areas that has a 1MB download and 256kbps upload.  This allows for a descent speed for doing things like browsing the web or reading emails.  However, if you try to use a VoIP connection you most likely will saturate this connection — and if you try to browse the internet while being on the phone (something I do quite a bit), you run a huge risk of your connection breaking up or being disconnected completely. More advanced routers and internet service providers offer QoS for connections, but these are not universal, nor are they easy to setup.  I won’t go into the reliability of internet connections in storms, power outages, etc. where quality and resiliency is a needed in emergencies.

Compatibility is another issue that is becomming apparent. There are hundreds of different “VoIP” providers out there, each with their own software or hardware application.  Companies are all trying to write their own standard (like Skype), or if they use some of the open standards (like Google), they implement them in a way that makes it very difficult to interconnect with others.  This is very similar to the beginning of the telephone network where there were lots of different networks, and none of them connected with eachother.  The government finally stepped in and created some laws (known as Common Carriage Laws) that required anybody who wanted to be a telephone provider to interconnect with each other.  Currently many VoIP providers do connect via the PSTN, but often times they charge users additional fees to do this.

Finally, we need to take a step back at the PSTN system itself.  It has become a commodity item, and even further more, it has become a so universal it is considered a utility.  In many markets it is heavily regulated by the government and has lots of redudancy, backups and, well it’s a proven technology. As more users disconnect their traditional phone lines and go with VoIP providers, less work is being put into this system and eventually that glue that holds it, along with all the PSTN providers will begin to go away.  Not only that, but because it has become such a commidity, you can get land-lines for cheap, and unlimited minutes (both in cell and landline), it makes very little sence to use these technologies other than it’s the “next best thing”.  If you don’t believe me, take a look at your VoIP provider, and compare that to a $14 phone line (unlimited local calls, and up to $0.05 a minute for long distance).

Think twice about cheering on AT&T in cutting the cord with land-line service.  It’s something that is easy and well understood.  Also think about how you plan to get internet access — and how those who are in unprofitable areas can get basic services (like phone and internet services) if companies like AT&T and Verizon are not forced to provide them.

1 Comment

Posted in Avaya, Telecom | Tags: , , , , , , , ,

Posted by: quetwo | November 17, 2009

And we have…. AIR 2.0 (beta)

Tonight marks the release of the AIR 2.0 beta to the Adobe Labs!  This is truly a remarkable release that I’m sure will allow web developers to continue to build cutting-edge, multi-platform applications that we have come to expect from AIR. 

So, what’s new?  Well, you can check out some release notes here, or this Adobe TV session from MAX last month. 

What am I excited about?  Well, there is a whole lot packed into this release, but some of the things that I personally have been playing with are the new API’s that allow us to directly work with the audio we get from the Microphone (check out www.getmicrophone.com for more information about the back story).  This new API allows you to get the raw ByteArray data right from the microphone and save it to disk, interpret it, or manipulate it.  You can check out my ADC article here.

Another cool feature that AIR 2.0 is getting is IP Multicast support.  Yes kids, you heard me right — AIR 2.0 will be able to do peer-to-peer audio and video streaming in a way that allows you to save bandwidth and create highly-scalable video applications.  This is one of those things I have been waiting on for years. 

Oh, and did I mention that AIR 2.0′s memory and CPU use footprint is 100x better than before? Well, that may be an exaggeration, but lets put it this way.  An application that I used to run 24×7 on my server used to accumulate about 10MB an hour, filling up my RAM quickly and crashing out after about a day. The exact same app compiled with AIR 2.0 has been running for about 14 days now, and is still using nearly the same amount of memory as it did when it launched (about 20 MB).  Simply amazing!

So, download and enjoy TODAY!

1 Comment

Posted in Adobe, Flex | Tags: , ,

Posted by: quetwo | October 23, 2009

How to get hired : Resume Tricks

Resume image courtsy of ~brazilnut on DeviantArtI currently have three close friends that are all looking for jobs (thanks economy!), and are seeking my help with their resumes. Since I’ve been in the hiring position a lot in the past few years (both at small businesses and MSU, an enterprise), I’d like to share some of the tips that I’ve been sharing with my friends.  I encourage you to fill the comments with more suggestions and your experiences to share :)

Cover letters:

  • The cover letter is your chance to show your future employer your communication skills.  This usually trumps the checkbox you had on the job application of “Has good written or verbal skills.”  Make sure it is spit-shined!  Spell-checks, grammar checks and punctuation checks are all MUSTs before you print the letter.
  • Did you follow proper business etiquette in the formatting of the letter?  Do you even know what that is?  I am not a dear friend, but a future boss — your letter should act that way. (Pay attention to the opening).
  • Your cover letter should NEVER be generic. NEVER, NEVER, NEVER open the letter “Dear Potential Employer”.  If you are applying for a job and have direct communications with somebody at the company, put their name on it. Your cover letter should always have information you know about the company you are applying for — and this means do some research.  If you are applying at MSU, I want to see something about working at the largest single-campus university in America, or working for a Big Ten University. 
  • The cover letter should always include your full contact information, including name, email address, phone number and mailing address.  If you have a blog, twitter account or linked-in profile, it would be bonus points to include them too (especially for tech jobs).
  • You should never mention pay in your cover letter.  This is a huge turn-off for the people reading it, and it makes you feel like your only doing it for the money.
  • Your cover letter SHOULD highlight your objectives at working at the job (remember, getting paid, and simply holding a job are objectives, but those should be understood — don’t highlight them). 

Resumes:

  • When I am am first looking at potential candidates, I always start with the resume.  Your have 30 seconds to wow me.  Your better make those 30 seconds pleasing to the eye.  Have you thought about using color?
  • Make the size of the resume fit your content, not some golden rule.  If you can say everything in one page, use one page.  If you need three, than use three. Don’t ever make the size of the font too small to squeeze in that extra bit of info, or have lots of empty white space.
  • Your resume, like your cover-letter should have ALL of your contact information on it.  Again, postal address, email address, phone number (landline and cell), blog, twitter, etc. 
  • If your objectives section is one sentence, and very generic, don’t include it.  That is what the cover-letter is for.  Make it specific to the job you are applying for, and very descriptive of your goals in the job — but don’t include the “to make money,” “to have a job at…”, or simply “to learn and grow.”
  • You should not list more than 3 years, or your last three jobs (whichever has more), unless older jobs are relevant to the job you are applying for.  Having pages and pages of past jobs doesn’t add much to the mix.
  • Past jobs should always have : Company name, location, your position, your responsibilities, and the time you worked there. Make sure to put your real job title on there, and not something like “Maintenance Engineer” (instead of janitor).  We know not every job is glamorous, and sometimes we look for those types of positions to show a well-rounded individual.
  • You should always list any accreditations, certifications, or major honors you may have on your resume.  They don’t have to be relevant to the job, but they show you as an individual. 
  • Put your educational references on your resume. Make sure to include the name of your high school, location, and graduation date.  If your high-school changed names or no longer exists, find out where your records are.   The same goes for college / universities.  If you are older, only show the college (but only do this if you completed school). Many larger organizations use this information to verify you graduated, and in all honesty, use this space to catch liars.  Use this space to show involvement in relevant clubs, projects, or activities.  If I’m hiring you as a webmaster, I don’t care that you were homecoming king, but I do care that you were in the Communications Club, and an NHS scholar.  You don’t have to include your GPA if you don’t want to.
  • ALWAYS include references, unless you are in a position where you don’t want them to be contacted.  For example, if you currently are at a job and don’t want people to know you are applying for others, then it is permissible to have a “Ask for References.” Otherwise, put them in — it makes my job easier, and your chances better.

1 Comment

Posted in Personal | Tags: , , ,

Older Posts »

Categories