Everyone loves conspiracy theories, so I thought I would share the latest. Some of the developers who entered Google’s Android Developer Challenge (ADC) are accusing Google of giving MIT favorable treatment and an unfair advantage. Claims include extending the contest around MIT’s class schedule, providing students with devices (their not available to other contestants) and Google employees hand holding students.
SourceForge.net shipped support for OpenID this morning followed by an official announcement on their community forums. In just a few seconds I had my OpenID tied to my existing SF account. Their implementation seems very solid and straight forward.
This certainly makes them one of the largest, most prominent OpenID Relying parties to date.
I sure hope this leads to all of OSTG websites ( Slashdot, Thinkgeek, Freshmeat, etc…) following suit.
Their front page now advertises: 1,840,049 Users + 250,000,000 OpenIDs 
Their OpenID management screen is really hot; It allows you to add additional OpenIDs to your account, decide which one you want to make public (if any) and choose one to delegate your SourceForge.net endpoint to. So developers can use http://sourceforge.net/users/username as their OpenID endpoint.
Normally I would abstain from pointing out security issues on other’s websites, but since this bit of code provides absolutely no security at all I can do so with a clear conscience. The bit of code below is from my former banks personal account login. I quickly changed banks after realizing how much they understand/care about security.
function encryptString(strPlain) { // Convert to lower case var strCipher; // Run the reflection cipher on each letter in the string var strCipher = ""; for (i=0; i<strPlain.length; i++) { strCipher = strCipher + flipLetter(strPlain.charAt(i)); } return strCipher; } function flipLetter(chrLetter) { // Executes a reflection cipher, // substituting one letter for its alphabetic inverse switch(chrLetter) { case "a": chrLetter = "z"; break; case "b": chrLetter = "y"; break; case "c": chrLetter = "x"; break; //etc, etc... case "X": chrLetter = "C"; break; case "Y": chrLetter = "B"; break; case "Z": chrLetter = "A"; break; default: chrLetter = chrLetter; break; } return chrLetter; }
No, your eyes don’t deceive you. They really did think a letter-substitution cypher written in Javascript was ok.
Luke Crouch, one of SourceForge’s developers left a subtle message today in their community forums hinting at what OpenID features they’ve been working on recently.
It looks like they will be shipping a full on RP implementation along with delegation support for their developer profile pages.
“dedicated Identity Providers can focus on delivering comprehensive digital online identity services for web users, while we need to focus on those users’ needs as OSS community participants.” — Luke Crouch
I’m really excited to see SF leading the pack in the OpenID world. Their RP offerings will certainly be a valuable contribution to the community.
To allow for custom error pages (404,500) in Django/Google App Engine all you need is this bit of middle-ware that stubs out the request class for you so that it doesn’t blow up.
Add your custom templates to your template directory and name them 404.html, 500.html etc.
Paste the following into middleware/errorpages.py
1 2 3 4 5 6 7 8 9 | class DummyUser(object): def get_and_delete_messages(self): pass class NeedsUserObject(object): def process_request(self, request): request.user = DummyUser() |
In your settings.py add the NeedsUserObject middleware
MIDDLEWARE_CLASSES = ( ... 'middleware.errorpages.NeedsUserObject', )
I’m used to running mange.py in my Django apps and I kept forgetting the name of the Google App Engine equivalents. My script only knows how to do two things at the moment, “runserver” and “publish” but now I can manage everything the way I’m accustomed to.
Update: Aprill 11 - Added toggle_debug, automatically switches debug off when publishing and back on for development.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 | #!/usr/bin/env python # # Simple convience script for common publishing and develop tasks # This script expects dev_appserver.py to be in your $PATH import os, sys, re def main(argv): command = "" try: command = argv[1] except: usage() exit(2) if command == 'publish': publish() elif command == 'publish-debug': publish(True) elif command == 'runserver': runserver() elif command == "--help" or command == "-h": usage() exit(0) def usage(): print """ Usage: python manage.py [command] <options> Commands: publish - 'updates' Google App Engine with your current version publish-debug - 'updates' Goolge App Engine with debug turned on runserver - launches the development server on port 8080 Options: --help, -h - Prints this screen For more information on a particular command, run [command] --help """ def get_gae_dir(): """ Locate dev_appserver.py and return the directory is in. """ # There's probably a smarter way to do this... script = 'dev_appserver.py' stdin, stdout = os.popen2('which %s'%script) xpath = stdout.read().strip() stdout.close() stdin.close() # If the file is a symlink, find out where the actual file lives. try: tmpdir = os.readlink(xpath) except OSError: tmpdir = xpath return os.path.abspath(os.path.dirname(tmpdir)) def toggle_debug(status): st = 'False' if status: st = 'True' os.rename('settings.py','settings.py.bak') orig = open('settings.py.bak').read() p = re.compile('DEBUG\s=\s(True|False)') n = p.sub('DEBUG = %s'%st,orig) nw = open('settings.py','w') nw.write(n) nw.close() def gae_parent(script): DIR_PATH = get_gae_dir() DEV_APPSERVER_PATH = os.path.join(DIR_PATH,'google/appengine/tools/%s'%script) EXTRA_PATHS = [ DIR_PATH, os.path.join(DIR_PATH, 'lib', 'django'), os.path.join(DIR_PATH, 'lib', 'webob'), os.path.join(DIR_PATH, 'lib', 'yaml', 'lib'), ] sys.path = EXTRA_PATHS + sys.path execfile(DEV_APPSERVER_PATH, globals()) def publish(debug=False): if(debug): toggle_debug(True) else: toggle_debug(False) sys.argv[1] = "update" try: sys.argv[2] = os.path.abspath(os.path.dirname(os.path.realpath(__file__))) except IndexError: sys.argv.append(os.path.abspath(os.path.dirname(os.path.realpath(__file__)))) gae_parent('appcfg.py') def runserver(): toggle_debug(True) sys.argv[1] = os.path.abspath(os.path.dirname(os.path.realpath(__file__))) gae_parent('dev_appserver_main.py') if __name__ == '__main__': main(sys.argv) |
I’m really digging the concept that is Google App Engine, but I think they a little bit of work to do before I would be willing to put any effort into porting to their platform. Their marketing points for this include the fact that it allows you to build, deploy and iterate your application quickly, but the fact that I have to now port just about every Python library out there to use BigTable and URL fetcher is a serious productivity loss.
On the bright side, their publishing and versioning process is outstanding. The administration interface is pretty sexy so I’ve take quite a few screen shots for anyone who didn’t get an invite and would like to see it.
Shortly after Google released Google Web Engine last night, Ryan Barrett of Google released an application for the platform that essentially makes Google an OpenID Provider. Check it out here:
http://openid-provider.appspot.com/
(Thanks Sam for the scoop)
Update: Digg It!
I just learned about Google App Engine a couple of hours ago and I have to say I’m pretty excited about what their doing. I really like the fact that they didn’t go out and try to invent their own IDE and scripting language. I’m still really reluctant to move toward cloud computing services. I still want to cling on to my hardware and OS.
Some cool points:
I just want to start off by urging anyone who is writing open source applications for the Android mobile platform to release their applications under the GNU General Public License V3.
The Open Handset Alliance is about to wrap up the first round of the Android Developer Challenge and they’re ready to deliver tons of money in rewards for application development.
What OHA hasn’t delivered any source code for their Apache 2 licensed platform and even when they do they have made no guarantees that you’ll have the freedom to run modified versions of it on your devices. It is certainly possible and not highly unlikely that OHA could release Android’s core libraries under the Apache 2 license, but require a signed version of those libraries on devices shipped from manufactures.
So if you release your application under other open source licenses (including GPL V2), services providers and device manufactures have no legal obligation to allow unsigned/modified versions of you application to run on their devices. They can just take your application and your freedom along with it.
If you think that this couldn’t happen, take a look around. No other device around has created as much buzz as Apples iPhone and the way they are treating application developers is criminal. Even if OHA releases a truly open platform that is unlike anything before it, you have nothing to lose by choosing GPL V3 for your open source Android application. You’ll just be protecting and doing your part to ensure Android stays honest, open and free.