Saturday, May 10, 2008

OpenID Patterns: The Good, The Bad, and The Ugly


In looking at how my blog does OpenID login and comments, I was really wishing that it did what I would expect: When someone wants to post a comment, all I care about is their identity (which is mostly just to show that they're not impersonating someone else), and whether or not they are a spammer.

The Good

OpenID and Captcha is all you need to comment
So ideally, my blog could just ask for a commenter's OpenID and have them answer a captcha. Unfortunately, Drupal's current OpenID implementation has the same problem as others I've seen, which is the obsession with people having an "account".

A site's OpenID implementation should not require an account, password, confirmation of email, and an OpenID. I was excited when I realized that Blogger has the right interface for commenting; an OpenID login, and a captcha (don't tell any spammers what it says!):

The Bad

I need your Google password to continue
I was all ready to give Blogger all kinds of props when I noticed that their login screen asks me for my Google password. Now, Blogger is actually owned by Google, but not everyone knows that, and so this looks like a phishing attack.

You should not give out your Google password to a third party web site. It's just a bad idea. One simple example why: Email can often be used to reset your password to another web site that has your private information in it. It's bad enough that sites like Twitter ask for your Google password when creating an account. Google shouldn't make people think it's OK to give third party sites your password by using a login screen like this. That's bad.

The Ugly

I have descended into a no-man's land on LiveJournal
I saw that LiveJournal supports OpenID and I thought I'd try it out. Their comment system looks fine, but then the integration with everything else is just a mess. I'm logged in, but I don't have an "account". The first thing I see when I log in is a link that says "Update your Journal" but when I click it, I get an error message saying that I don't have one. I can configure my account, and it says that it has emailed me instructions (I never got them) and gave me a helpfully random URL as my blog, which, when I click it, is just an error. LiveJournal makes OpenID look broken and hard to use :(

I admit, LJ gave me fair warning, "Our OpenID consumer support is very new. That is, external users logging in with their identity here will find some rough edges while we work on smoothing it all out."
This has been the state of affairs for months, though, and I'm surprised that they can't at least give me a link to somehow create the right kind of account.

If you know of any other really elegant uses of OpenID or OpenID design patterns, please email me, and I'll post whatever I collect later. You can also leave a comment on Reddit. You are welcome to leave a comment below, but you'll have to create an account and answer a captcha. Sorry about that ;)

Monday, May 5, 2008

feed-cli: A Really Simple way to generate RSS feeds


I've just released feed-cli: a Really Simple way to generate RSS feeds from the command line. This program is implemented in Haskell :)

feed-cli generates RSS 2.0 feeds based on command line arguments. Use it to create and update feeds from shell scripts, build scripts, cron jobs, CGIs, or other programs instead of using a library.

Some Examples
  • create an empty feed:
    ./feed-cli new-feed -tTitleOfFeed -d"Feed Description" \
      -o/tmp/feed.xml  -lhttp://www.syntaxpolice.org
    
  • add an item to that feed
    ./feed-cli new-item -t"entry of the day" -d"This is a description of this feed item." \
       -u/tmp/feed.xml  -lhttp://www.syntaxpolice.org
    
  • pipe a command into a feed item
    ls -l | ./feed-cli new-item --pre --pipe-mode -t"directory contents" \
      -u/tmp/feed.xml  -lhttp://www.syntaxpolice.org
    
    You can get feed-cli from Hackage, the Haskell Package system, along with it's dependencies, xml and feed. Or you can use my darcs repo. It also requires ghc 6.8, but that's not for any deep reason. If you have cabal-install installed, you should be able to "cabal install feed-cli".

    The idea is to make generating feeds as simple as possible, so feel free to package it for your favorite OS :)

    It should be pretty simple to support atom feeds as well, since the feed library already does that. I'd like to extend the feed library itself with more functionality along the lines that feed-cli implements - adding feed items, limiting the number of items in a feed, etc. Simple feed transformers. I think this is what Sigbjorn had in mind when he wrote the feed library.

    Thanks to my company, Galois for releasing xml & feed.

    Try it out and leave a comment or send an email and tell me about how you use it and whether there are more features that you need.