Posts Tagged ElmDentica
Twitter is wrong: should not drop httpS basic auth
Posted by Rui Seabra in Uncategorized on 11 de Junho de 2010
As some of you might know, I write a µ-blogging tool called elmdentica. It is a client side application developed with Elementary, an EFL library oriented towards small touchscreen interfaces. I only recently learned that Twitter is dropping Basic Authentication support coming next June 30th. They claim it’s insecure because:
- with http credentials go in the clear (no problem here)
- with https, some people may think it’s too expensive (only complete idiots)
- applications have to store user credentials locally
As an alternative, they are making oauth mandatory for APIs that need authentication. While their reasoning may make sense in the context of massively concentrated web applications (think Twitpic and similars) this is absurd for client application like those running in your cell phones or computers.
Let’s take a look at the problem…
oauth gives you a consumer key and a consumer secret that authenticate your application. They don’t authenticate the user, they prove Twitter that you’re a legitimate and registered application.
If both key and secret became public, anyone could make an application pretending to be yours. While someone making a clone of your program isn’t a real problem, if someone writes a trojan horse… then there could be a problem, no?
Well, with oauth, both key and secret need to be known by the application during run time. So at any given moment, the computer running your application will have these two important assets. Either because they are embedded in your code, or because you download them live from a site. The fact remains: they are for all practical effects no longer secrets.
In web applications, no user accesses the only running copy of the software holding both key and secret, so oauth works there.
What about xauth?
I haven’t read much about xauth but after reading this page explaining what xauth is, I’m absolutely convinced the problem remains and wasn’t even tackled. The only issue that was solved, by requesting an user’s login and password only once, without need of local storage or visiting a web page, was an usability issue for client applications.
The real problem is still there, so Twitter is wrong and should not drop Basic Authentication from the https interface.
If they do, elmdentica will very likely not work on Twitter anymore. I don’t care much about that, but the users of elmdentica may care. That pisses me off.
What now?
Fortunately, there is a better alternative to Twitter if you value software freedom called identi.ca. More than just using, you can have your own “Twitter” by installing the Free Software that makes identi.ca, which is StatusNet.
At least they have no plans of dropping Basic Authentication. Hurra!
So elmdentica works with https!
Posted by Rui Seabra in Uncategorized on 14 de Fevereiro de 2010
It seems the problem with those weird libcurl errors when you enabled the secure option (basically https) is that the ca certificate bundle is missing in SHR’s OE build (perhaps it’s on all OE builds, don’t know).
There is, fortunately, an easy way to fix it (as mentioned in the openmoko communiy list).
All you need to do is copy your own ca certificate bundle (in Fedora it’s /etc/pki/tls/certs/ca-bundle.crt ) into the proper place for OE’s path: /etc/ssl/certs/ca-certificates.crt
So now you can enable secure, rather than faster 
ElmDentica 0.8.0 is out!
Posted by admin in Software Livre on 27 de Dezembro de 2009
Screenshot of account editor at the settings window.
Hi,
I’ve just release ElmDentica 0.8.0 with a bit more polished screens and exciting new features:
- you can have more than one account, and if you have many accounts, only a few of them enabled or disabled quickly.
- you have a messages and posts cache (albeit the last one is still incomplete)
So there you go, download if you’re too impatient to wait for SHR-unstable to update
ElmDentica 0.7.0 is out!
Posted by Rui Seabra in Software Livre on 10 de Outubro de 2009
Screenshot of release 0.7.0
Press a bubble for about 1s and magic action possibilities will show up.
Hi everyone! ElmDentica hasn’t had a new release for a while (*cough*cough* proving it works so well *cough*cough*), so I though I should share with you the new stuff in the development of this release.
The news are:
- Replacement of the side buttons by hover’s fired up by pressing for about 1s over the bubble
- Usage of inwins for entering user and domain data in the settings window
- Usage of hoversel to gain a few more space on the toolbar, specially for future features
So that’s about it… you can get the package from the usual places, the project’s web-site, by upgrading shr-unstable as it upgrades elmdentica on next autobuild, building it yourself, etc…
Elmdentica release 0.6.0
Posted by Rui Seabra in Software Livre on 12 de Julho de 2009
ElmDentica (the Tuga release), is now translatable and the first included localization is Portuguese (hence Tuga)
Elmdentica 0.6.0 in action (in portuguese)
It will also now launch a browser if you confirm after pressing on a link. Right now, the following browser choice is made:
- this version of woosh (sig), which I hacked to load urls passed with the -u flag
- or midori
- or dillo
- or xdg-open
Download and enjoy:
Elmdentica release 0.5.1
Posted by Rui Seabra in Software Livre on 9 de Julho de 2009
Fixed some bugs, added a domain editor so you can add your own Laconi.ca installations or other µ-blog sites with a twitter like API, and now supports links in status messages (but does nothing at all with them, yet, my favorite browser, woosh, doesn’t get URLs from command line, I wonder if it has a way to do it).
Domains toolbar button
- elmdentica-0.5.1.tar.gz (elmdentica-0.5.1.tar.gz.asc)
- elmdentica_0.5.1-r4_armv4t.ipk (elmdentica_0.5.1-r4_armv4t.ipk.asc)
Have fun!
Elmdentica release 0.5.0
Posted by Rui Seabra in Software Livre on 3 de Julho de 2009
New release of elmdentica, major advance! 0.5.0 adds multiple account support, even though only one active at each moment.
0.5.0 in action…
Elmdentica release 0.4.0
Posted by Rui Seabra in Software Livre on 29 de Junho de 2009
Hi! A release a day! 0.4.0 doesn’t add THAT much, unless you like to, you know… repeat (or retweet) what other say and reply to others, or maybe proudly show you’re using Elmdentica! Oh… and a counter (but it lets you type more than 140… just warns…)
0.4.0 in action...
Elmdentica release 0.3.0
Posted by Rui Seabra in Software Livre on 28 de Junho de 2009
Elmdentica is getting better all the time
- the toolbar is no longer out of the screen
- the timeline now displays (cacheable) icons in the nice bubbles
- libcurl is being called with object reuse, which optimizes downloads a bit
So here’s the complementary screenshot, followed by the download links:
Release 0.3.0 in action...
Elmdentica release 0.2.0
Posted by admin in Software Livre on 25 de Junho de 2009
Wow, again you say? Well, early stages of development are like that Its starting to shape up a little better (even if still a bit too memory hungry – 15% WTF). As usual, available at Elmdentica’s google code page, or the links below:
- elmdentica-0.2.0.tar.gz (elmdentica-0.2.0.tar.gz.asc)
- elmdentica_0.2.0-r1_armv4t.ipk (elmdentica_0.2.0-r1_armv4t.ipk.asc)
Release 0.2.0 in action...
