Home >  Archive >  2010 >  January >  1

Previous / Next

Christmas Tree
This site contributes to the scripting.com community river.
About the author

A picture named daveTiny.jpgDave Winer, 56, is a visiting scholar at NYU's Arthur L. Carter Journalism Institute and editor of the Scripting News weblog. He pioneered the development of weblogs, syndication (RSS), podcasting, outlining, and web content management software; former contributing editor at Wired Magazine, research fellow at Harvard Law School, entrepreneur, and investor in web media companies. A native New Yorker, he received a Master's in Computer Science from the University of Wisconsin, a Bachelor's in Mathematics from Tulane University and currently lives in New York City.

"The protoblogger." - NY Times.

"The father of modern-day content distribution." - PC World.

"Dave was in a hurry. He had big ideas." -- Harvard.

"Dave Winer is one of the most important figures in the evolution of online media." -- Nieman Journalism Lab.

10 inventors of Internet technologies you may not have heard of. -- Royal Pingdom.

One of BusinessWeek's 25 Most Influential People on the Web.

"Helped popularize blogging, podcasting and RSS." - Time.

"The father of blogging and RSS." - BBC.

"RSS was born in 1997 out of the confluence of Dave Winer's 'Really Simple Syndication' technology, used to push out blog updates, and Netscape's 'Rich Site Summary', which allowed users to create custom Netscape home pages with regularly updated data flows." - Tim O'Reilly.

8/2/11: Who I Am.

Contact me

scriptingnews1mail at gmail dot com.




My sites
Recent stories

Recent links

My 40 most-recent links, ranked by number of clicks.

My bike

People are always asking about my bike.

A picture named bikesmall.jpg

Here's a picture.


January 2010

Dec   Feb


A picture named warning.gif

FYI: You're soaking in it. :-)

A picture named xmlMini.gif
Dave Winer's weblog, started in April 1997, bootstrapped the blogging revolution.

OAuth is becoming a cautionary tale Permalink.

If you want to get smart about open standards, you have to watch how these things play out in another open thing -- the market. Because it's the market that just as often shapes a standard as it is a standard that shapes the market.

And to understand it, you have to understand the often-submerged motives of tech people who work at big companies.

For example, why are there so many iconic representations for a feed? Is it because we didn't anticipate in advance that there would be a need for one? Hardly. It's because the big companies, when they came in, ignored prior art and created their own way to do it. Once there were two, why not have twenty-two? Of course that's exactly what happened.

Last year (the one that just ended) it seemed that OAuth had finally gotten to a point where it was frozen. It was deploying in Twitter, and they were making sounds as if they would at sometime not too far down the road turn off the username-password way of authenticating users. So I rolled up my sleeves and implemented OAuth in the OPML Editor so my apps could use it. Turns out I was mistaken in believing that it was frozen, because, due to a security issue, they had to change OAuth, and I haven't revisited my code yet to adopt the change, so it doesn't work with the Twitter implementation of OAuth, which honestly, is the only one I care about.

A picture named ouija1.gifBut wait -- it's even worse than it appears (one of my favorite mottos, a persistent disclaimer for all things technical, an adjunct to Murphy's Law). Turns out the creators of OAuth have changed their mind and think it should be stripped to the metal and rebuilt around HTTPS. So not only do I have to throw out all the work I've done, but so does Twitter, and even better worse, my environment doesn't have glue for HTTPS so I'll have to get that together. When will all this happen? Heh. That's the rub. My guess is that, based on past experience with the tech biz, it'll never happen. The people pushing this stuff are young, they haven't been around the loop before. Doesn't matter. Big companies are like Ouija boards. The people don't control them, the psychology does. In the BigCo mindset it's always Day Zero, and the value of all the implementations so far is $0.

The entrepreneurs and the developing platforms are left with nothing to do. The old way of doing things is "deprecated" and the new way is a moving target, never finished, always subject to second-guessing. No one wins this game, but eventually a new thing comes along, and the problems of the last generation seem old.

If OAuth is to have a chance at being a foundation to build on, it would need founders who say to those who want to completely redefine it that they should do it in a new playground, and let OAuth develop without interference. That, unfortunately for OAuth, and the people who have already invested, is not happening.

PS: The argument that OAuth is too hard to implement is moot. Imho, everyone who had to implement it had already implemented it. If I could get it working in a month in the OPML Editor, even though it was a grueling month, it may be hard, but it's not too hard. Moot. An excuse to rip up the pavement and delay deployment, it seems to me.

Update: After writing this post I decided to look into what it would take to unbreak the OPML Editor's support for Twitter's OAuth implementation, and was able to fix it in about 45 minutes. I released the parts and documented it on the Frontier news website.

© Copyright 1997-2011 Dave Winer. Last build: 12/12/2011; 1:48:21 PM. "It's even worse than it appears."

RSS feed for Scripting News

Previous / Next