Author Archives: Ian McKellar

A Different Model For Web Services Authorization

In my last post I set out to describe how easy it is to extract private keys from desktop software. As I was concluding I stumbled on an alternative approach that might be more secure in some circumstances. I didn’t really go into details, so here’s an expansion of the idea.
Current API authentication mechanisms including [...]

Posted in Default | Tagged , , , | 1 Comment

No More Secrets

Using secret keys to identify applications communicating across the internet has become popular as people have copied the very successful Flickr authentication API. Unfortunately people trust that they can keep these keys secret from attackers, even as they distribute applications that contain the secret keys to other people. I decided to see how hard it [...]

Posted in Default | Tagged , , | 5 Comments

Closed Source

So now that I’m working on something that’s proprietary, closed source and in stealth mode, I’m finally doing stuff and learning how to do things that are really cool! Typical. Perhaps I should just start queuing up blog posts about the stuff I’ve discovered to push out live once we launch something other people could [...]

Posted in Default | Tagged | 3 Comments

Flash Development with Flex Builder

Dear Lazyweb, I’ve started doing Flash and Flex development. For me the Flex Builder IDE is significantly better than the Flash CS4 IDE, but when you build a SWF in Flex Builder it includes all of the MX widgetry. That’s too heavyweight for building simple Flash applets. Is it possible to get around that so [...]

Posted in Default | Tagged , , | 3 Comments

New challenges

So I’ve been at a new job for a couple of weeks now. I left Songbird around when we shipped 1.0 to seek some new challenges. I’ve been doing Mozilla browser development for seven and a half years and I’m sick of it. I still think building browsers is one of the most interesting fields [...]

Posted in Default | Tagged , , , , | Leave a comment

Free Technical Books, Online

(Inspired by James Tauber, I’m going to try to write a blog post every day for November. Some of them will be here but others will be over on my personal blog.)
When Oreilly originally launched their Safari Books Online service in 2001 I was really excited. I love technical books but they’re expensive to buy [...]

Posted in Default | Tagged , | Leave a comment

Meanwhile, in the day job

A couple of months ago my role at Songbird shifted a little. Up till then I was working on the core product, fixing bugs and adding features across the whole product as part of the bird engineering team. Since we started working on 0.7 (aka Fugazi) I moved into a group initially called strategic development [...]

Posted in Default | Tagged , , | Leave a comment

Tracking WordPress using Git

I publish this blog through WordPress, for reasons I’ve outlined before. I run it with a custom theme and a bunch of plugins though, and I wanted a convenient way to keep my WordPress install up to date without having to reinstall everything all the time. I wanted source control for my blog install.
My first [...]

Posted in Default | Tagged , , , | 2 Comments

OpenID Usability Non-solutions

At work we’re building our new centralized authentication solution. Allowing OpenID logins is not part of our first release, but it’ll follow at some point in the future, at least if Rob has any say in it. Even though I’ve had an OpenID identity for as long as anyone, use mine extensively and have even [...]

Posted in Default | Tagged , | 3 Comments

Source Control for your Operating System

I think that I’ve realised why I feel so uncomfortable using MacOS X and Windows for “Real Work”. They’re fine for playing MP3s or browsing the web, but when it comes to developing software I get scared.
For me, developing my own software usually involves installing other software and upgrading existing software on my computer and [...]

Posted in Default | Tagged , , , | 11 Comments