Farewell to The German Component

I can’t tell the exact date it happened but one day I noticed I wasn’t writing letters anymore (and I used to write a lot of them). E-mail had taken over. About that time another incredible thing happened, I stopped having a landline telephone number, I’d only share a mobile number with my family and friends.

Something similar has happened to this blog. I can’t say the exact day it occurred but I realize I’m not blogging anymore.

I started doing it many years ago, before WordPress.com existed. Hell, it was before WordPress existed at all. It wasn’t even called blogging and people used some primitive tools like Movable Type. I didn’t like it, so I wrote my own (crappy) blogging software and hosted it in zugaldia.com. It was beautiful. Not only it’d force me to write more, but also I’d start getting comments from all over the globe—or part of it, as initially I’d only write in Spanish. It got me to meet incredible individuals I probably wouldn’t have met otherwise. I’m specially looking at you, “blogroll”.

However during the last couple of years I’ve experienced that 1) I barely write posts, and 2) when I do, they normally get more and better engagement in other places. In particular, with the arrival of Google+ I can pretty much do there what I used to do over here.

That’s why I’m stopping this blog today. It’ll remain open a few more weeks and then I’ll completely wipe it. I won’t close it for now, some people, or Googlebot, may still find some posts useful.

Heartfelt thanks to everybody who participated in this story, this is my new cellphone number: Google+, Twitter, and Facebook.

Review of Getting Started with OAuth 2.0

I’ve been looking for an OAuth 2.0 book for a while. The specification is still being developed while, at the same time, big Internet players like Google, Facebook, Yahoo, or Twitter are already using some flavor of it. Although as a developer you’ll eventually rely on a library to abstract most of the complexity, you still want to understand the big picture. And because OAuth 2.0 is still an ongoing process, the situation is a bit of a mess right now where each authorization server is implementing different revisions with subtle differences.

This is where this book comes in. In about 60-70 pages it clarifies the current situation. It starts providing a historical introduction to the protocol and how it’s related with initiatives pre-OAuth 1.0 and with OAuth 1.0 itself (removal of proprietary technologies, improved security). You’ll learn the rationale behind this revision (new client profiles in particular) and some of the key features still under discussion. In particular “signatures”, where Eran Hammer, the protocol editor, is openly opposed to not including them (and after reading his thoughts, I think he’s right).

One chapter I specially loved is the one dedicated to OpenID Connect, the next evolution of OpenId. I’ve seen developers confused about the differences between OAuth (authorization) and OpenID (authentication) and this book differentiates them well. Interestingly, although they still keep different purposes, the new OpenID Connect will now be developed on top of OAuth–which makes sense, as you’ll find out in the book.

The code accompanying the text is just fine. You’ll see some actual implementations of the workflow in PHP and JavaScript that are easy to read (even a Google App Engine Python at the end – which I appreciate). I especially liked that it includes JSON responses where you can actually see the typical parameters to better understand the information you’re exchanging (and prepare your data models). Chapter 6 is dedicated to the workflow in native apps for mobile devices. There is no code in this part, but it has enough information to point you on the right direction.

Where the book falls short in my opinion is in providing better guidance for developers willing to be authorization servers and not just clients of the protocol. OAuth 2.0 will only be successful if all API providers are able to implement it (big and small) and that’s where this book could have done a better job. For example, recommending some web frameworks capable of OAuth 2.0 in Chapter 8 (“Tools and Libraries”).

Getting Started with OAuth 2.0” by Ryan Boyd is an easy read that answers right questions (like what’s new in 2.0? which are the new client profiles? when should I use each one? what do I do if the access token expires or gets revoked?) and then can also be used as a simple reference of the workflows when you’re actually implementing your app.

Disclaimer: Like before, this blog post is part of O’Reilly’s Blogger Review Program.

Review of Programming HTML5 Applications

Disclaimer: this blog post is part of O’Reilly’s Blogger Review Program where you can get a free ebook or video to review in your blog or website. This doesn’t mean I’ll be less impartial on the content of the post, I’m just more serious about actually publishing it. I’d have bought the book and I’d have written this same text either way.

ImageHTML5 is probably the biggest update to HTML that I can remember. It merges the old SGML-based and XML-based representations of HTML into a consistent one. It brings MathML, SVG and accompanying CSS3; a new bunch of semantic tags improving form inputs, attributes, and document structure; and the APIs which make possible modern web apps (offline, local storage, web sockets, canvas…). However, the standard isn’t still closed.

Therefore, a book on HTML5 applications is a bit tricky to write. Not only there’s a large number of new components, they’re still a work in progress, and the range of web apps is now more diverse than before (remarkably, games).

“Programming HTML5 Applications” starts with a rather unique approach. It doesn’t give a lot of background on what brought HTML to this point. It doesn’t give a big overview of the main changes either. Instead, it goes straight into a technical introduction of Javascript programming and testing that lasts two full chapters (plus an extra appendix at the end). If you like this to the point approach you’ll like the book. If you were hopping for a higher-level introduction to the new standard you’ll be disappointed.

The rest of the book is dedicated to the main building blocks of HTML5. The content of each chapter is eminently practical, full of examples, and straightforward use of Javascript. I didn’t find problems reading and running the examples, they were simple enough and pretty self-contained (unlike other books where you build a huge monolithic app). As usual, if you find any errors there is an errata.

The parts I personally enjoyed more come right at the end where you get some examples of web workers and web sockets. The other components I was a bit more familiar with thanks to the now extinct Gears or other projects I’ve been involved. However getting a better understanding of workers (which it isn’t really multi-threading) and sockets (specially if you like the fancy Node.js) was definitely a plus. They’re gonna be an integral part of every new web app trying to mimic their desktop counterparts.

You may also wonder how complete the book is as compared to the current standard. I reviewed the W3C’s HTML5 differences from HTML4 and you can tell the book isn’t exhaustive, but I’d say the main components are there (local storage, off-line, IndexedDB, FileAPI, web workers, and web sockets) – it’ll depend on your specific needs. But the chapter on “new tags” (aka semantics) is left for the end and it’s too short (less than a page for SVG, Canvas, CSS, microdata, or geolocation isn’t enough).

Overall, I’m giving this book 4 out of 5 stars in Amazon. Please let me know if you have any questions or comments below, I’ll be happy to follow up.