HTTP Client Library for PHP

By Will Norris | Published: March 19, 2009

As I mentioned in my last post, I’m currently spending a lot of time thinking about and coding PHP libraries for the various Open Stack protocols. I’ve recently hit a common roadblock with a couple of the libraries, and wanted to solicit some feedback from the community. Ironically enough, I’m stuck with regards to the absolutely lowest level in the technology stack that most developers have to deal with: HTTP. We need good HTTP support in the Open Stack libraries to do basic things like fetching metadata documents, and sending OAuth and OpenID requests. Some things to think consider:

  • we don’t need to worry about PHP 4
  • we need to be able to attach custom headers in the request
  • we need to be able to view the headers from the response
  • SSL support is a must
  • gzip compression is highly desirable as well
  • we need to limit any external dependencies outside of a standard PHP 5 installation, or as few as possible. (this of course doesn’t include any code we ship as part of the library itself)
  • I’m not aware of any need for support of HTTP cookies
  • it might be nice if particular platforms could provide their own HTTP handler. eh, maybe?

  • if we’re going to redistribute code with the libraries, the license is very important

    Read More »

Possibly related posts:

Posted in technology | Tagged , , | 12 Comments

The Open Stack (in PHP)

By Will Norris | Published: March 19, 2009

A couple of months or so ago, I made a conscious shift in my focus with the DiSo Project. Instead of continuing to concentrate on some of the higher level deliverables like WordPress plugins, I decided it was time to step back and evaluate where the development community (specifically the PHP development community) is with the Open Stack. For the purposes of this discussion, I’m going to use Johannes Ernst’s redux of John McCrea’s Open Stack graphic. I’m also only going to concentrate on three of the middle components: Metadata Discovery, Authentication, and Access Control.

The Open Stack

Read More »

Possibly related posts:

Posted in identity, technology | Tagged , , , , , , , | 7 Comments

Authentication in WordPress 2.8

By Will Norris | Published: March 10, 2009

Use Case

I’ve spent a lot of time working with the WordPress authentication system. I took over the OpenID plugin for WordPress two years ago, and was hired by Vidoop last May to work on the DiSo Project full time. Last summer, Matt Mullenweg invited me to talk at WordCamp SF 2008 about OAuth. As you can see in my slidedeck, it was a lot of smoke and mirrors at that point… we didn’t have OAuth in WordPress, although it was on the roadmap for 2.7.

We’ve had an OAuth plugin for a little while that Stephen Paul Weber wrote, but it wasn’t until a couple of months ago that I finally sat down to polish it up. The first use-case we wanted to tackled was XML-RPC, so I got to work with Joseph Scott. Having OAuth authentication with XML-RPC would allow for blog clients like MarsEdit or the WordPress iPhone app to communicate with your blog without having to share your WordPress password.

Read More »

Possibly related posts:

Posted in identity, technology | Tagged , , , , | 48 Comments

git: Duplicate Signed-off-by lines

By Will Norris | Published: February 14, 2009

I’ve been playing around with git a lot as an alternative to subversion and am really loving it. However, I’m getting an error every time I try to commit:

Duplicate Signed-off-by lines.

I can see where this is being thrown inside .git/hooks/commit-msg, but it wasn’t immediately obvious what the problem was. I did a quick google search and found that others have had the same problem, but at least some members of the git community have been less than helpful. I did figure out the problem, and figured I’d share it here for others.

The commit-msg script is written using bash style shell expansions,

foo = $(bar)

while the shebang at the top of the file is set to /bin/sh. On many systems, this is not a bash shell. The solution is to simply modify the shebang to wherever bash is on your system (probably /usr/bin/bash or similar).

Possibly related posts:

Posted in technology | Tagged , | 4 Comments

Email Etiquette: Replying to Mailing Lists

By Will Norris | Published: December 25, 2008

Most email clients support the idea of “threaded messages”… that is, the client can group together individual email messages that are part of the same conversation, or “thread”. This is a particularly useful feature on mailing lists where multiple conversations are happening at the same time. For example, the following screenshot of the OpenID General Discussion list shows two distinct message threads in Apple’s Mail application:

Example of message threading

In order to match up messages that belong to the same conversation, email clients use two techniques. First, they match emails with the same subject line, which is mostly accurate. Occasionally this will result in “false positives” where unrelated emails are grouped together because the senders happened to use the same subject. The second method is far more accurate and makes use of a hidden portion of the email message which most people never see. Emails, just like web page requests include a number of hidden “headers” that carry extra information about the message.

Email Headers

This includes information about the email client the sender used, the message priority, and the different servers that handled the message along the way. Each email message also includes a unique identification string called the “Message-Id”. This string is unique for every email message in the world… no two are ever identical. In the screenshot above, the Message-Id is <49518270.7010405@degeneration.co.uk>. If someone were to reply to that message, the Message-Id of the original email would be included in the reply email as another hidden header aptly named In-Reply-To:

Email Reply

Any future replies would continue to include an In-Reply-To header with this value so that email clients can recognize that they all belong to together and group them accordingly. This method of conversation tracking is far more accurate, but has one problem. That problem occurs when some lazy person comes along and wants to send a message to the mailing list, but instead of clicking on “New Message” in their mail client, they pick a message at random from the list, click “Reply”, and then clear out the subject and body of the message. While this looks like a new message about a new topic, because the person “replied” to a previous email instead of starting a new message, the previous Message-Id got attached. Note the following reply to the same email above, but now the subject has been changed from talking about a Google sign-in button, to the BBC being an OpenID provider. These are completely different discussions!

Incorrect Reply

If we go back to our first screenshot of the two message threads, we can see the this new message (as well as any of its replies) get lumped right together with the original discussion.

Merged Discussions

So today’s lesson in email etiquette: If you’re not actually replying to a particular email, DON’T CLICK “REPLY”. Copy and paste the “To:” email address if you have to, but don’t click reply! There might be some grace here for emails between individuals, but not on mailing lists, especially not on technical mailing lists. (Not meaning to pick on Peter in the screenshots above… he is not the only offender on the OpenID mailing lists, that just happened to be the most recent occurrence).

Okay, that’s my rant for the day… I’m good now. Oh, and Merry Christmas. :)

Possibly related posts:

Posted in technology | Tagged , , | 6 Comments