test Byron’s Blog » software development

Archive for the ‘software development’ Category

More with GeoRSS and Yahoo! Pipes

Sunday, December 2nd, 2007

Since my initial experiments with pipes, the Pipes manager, Jonathan Trevor was good enough to leave me a comment pointing out that they were about to release a feature that would help with the username/password problem. The feature he was talking about was private field support and has since been released. It is now possible to publish pipes that contain sensitive information without making that information public. Also since then at Ublip, we have released an online demo which provides a good source of data that I can publish without any privacy concerns.

First, I published a very simple pipe consuming the demo feed and publishing the results to a map. As you can see, the username and password are visible as part of the URL in this pipe.

demopipe.png

Next, I used the new private field support to hide the username and password. I could have simply hidden the entire URL in a private string and used the URL builder to convert it into an URL. But to make it a little easier to modify, I moved the username and password into separate fields and a string replace module to insert them into the URL. I imaging that there is a more elegant way to do this, but I haven’t found one yet. Here is the resulting pipe:

privatefields.png

The only thing missing is the ability to use https, which still does not seem to work. I am still not quite sure if it is supposed to be supported or not. Some forum posts discuss ways to work around it while others seem to indicate success using it.

Posted in software development, GPS | 2 Comments »

Experiments with GeoRSS

Wednesday, November 14th, 2007

As you may know, I work at Ublip, Inc., a GPS tracking provider. One of our goals at Ublip is to incorporate Web 2.0 principals into our product offering. Most GPS tracking services have a walled garden so that you have no way of getting your data out if you want to use it elsewhere.

One of the technologies we are experimenting with to this end is GeoRSS which is a way of adding location information to RSS feeds. However, one of the issues that we have to deal with is security and privacy. Most customers would not want to make the real-time location of their vehicles publicly available, although there are some cases where that does make sense. I recently implemented a GeoRSS feed with Basic HTTP authentication over HTTPS. This is reasonably secure and supported by most RSS readers. However, when I went looking for a GeoRSS client that supported it, I came up empty.

Mapufacture has expressed an interest in supporting it in the future. We are discussing how this might be accomplished.

I had some success with Yahoo! Pipes. After some digging, I figured out that Pipes will support http authentication if you encode the URL as http://username:password@feed.url. However, I ran into two problems here. First, our usernames are email addresses and the @ caused a problem, however this was easily solved by escaping it as %40. The second problem is that https doesn’t seem to work. I have yet to figure out if this is just a limitation of Pipes or not.

Here is what the pipe looked like first in the editor, and then while running. You’ll need to click on them to be able to read anything.

Pipes editor

Running PipeOf course, the big problem here is that my username and password are encoded in the pipe. If I publish the pipe, everyone can see them. If I don’t publish the pipe, Yahoo guarantees a level of security through obscurity. The URL for the pipe is secret and not indexed. This level of security is not good enough for an application, but it was an interesting experiment.

Posted in software development | 2 Comments »