Here's a key point a lot of people don't get about OAuth.

When you grant an application access with OAuth, you are giving them the same power you would with your username and password.

The main difference is that instead of a password that was chosen by you, a secret key generated by Twitter gives them access to your account. They can still add or remove followers, send DMs on your behalf, or post tweets, or replies. When you give an app permission with OAuth they get to be you on Twitter, exactly as if you had given them your password.

True, each app gets a different secret key, so you can de-authorize one app without de-authorizing all. That's the advantage that OAuth gives users. Sure, it has some value. But it's a convenience, it doesn't add security.

There have been a lot of vague promises made that have led people to believe they are safer but that is not true.

See also: Jon Udell on a cost of OAuth.

 9/11/2010; 6:01:51 PM.   .

The kind folks at Tonido sent me a plug to play with, and I am doing so.

Here's what I've done so far:

1. Unboxed.

2. Connected it to power.

3. Connected it to my router.

Now I'm waiting for the blue LED to turn green, per the instruction sheet that comes with the product.

The problem is this: There are two LEDs on the unit, and one is yellow and the other is red.

I went to the website, but it's white text on a black background, and even worse the links are blue. The whole page reverberates. Really hard on the eyes.

The instructions on the sheet look good, but I can't do anything until I can access the plug on my LAN.

After navigating through the website a bit, I found the documentation. It's black on white, thankfully. But so far there's no clue what a yellow light means (the second one has now turned red).

However, even though the lights are the wrong color, I was able to connect to the plug through their website. Go figure!

I got through and was able to configure it. Still not sure what it is.

I think first and foremost these devices should just show up as shared disks on my desktop. From there, the web interface might be useful for certain maintenence tasks (restoring files that are accidentally deleted, for example).

The user interfaces of this and Pogo are quirky and unfamiliar, which would be okay if they provided unique value, but I already get what I want from Dropbox. True, with my own hardware I am not dependent on a UGC business model that could turn around at any point. That's good. But there should be zero cost from a user interface standpoint.

Now it could be that I can mount this as a drive, I have tried (and found I didn't have access to most of the folders). But then my criticism would be that that should be the first thing I see, and the easiest thing to configure.

Update: It offered to install an update to the software on the Tonido and I said yes. Now I get 503 Service Unavailable. Yes, I recycled the power, twice, and waited 1/2 hour.

 9/11/2010; 5:26:51 PM.   .