Using Live ID to authenticate to WordPress

Yesterday I've been hacking a bit with the Windows Live ID SDK and I wrote a very small and simple plugin for WordPress that enables you to login in to WordPress with your passport Live ID.
I had read in various places that such a plugin would be welcome… I looked around and found none yet (if anyone has instead already written something like this and I missed it I will happily waste the simple stuff I did for something more advanced/well written… just let me know :-)).
I took a look at a similar experiment, and eventually even found that there is some conceptually similar plugin written to work with OpenID. The wordpress openid plugin is much more complex and much more advanced than what I did, tough. It will let you log in with just ANY OpenID user, it will automatically create a user for you on that wordpress installation and associate it with your ID, even just for the purpose of commenting, etc.

But in my blog I don't require or need people to actually log in to do anything. I actually like anonymous/free comment. A CAPTCHA takes care of spammers and I am fine with it so far. Probably for a big site with a lot of users it might make sense, but for my blog so far it doesn't. But there's one thing for which this is instead useful: I have always been worried, when logging in through HTTP (thus, without SSL) to my blog from networks I don't manage or completely trust, that my password could be sniffed over the wire and stolen. Live ID solves my problem by letting Microsoft validate my identity: I have associated my Live ID to the blog's main user account(=myself), the one writing this post. So the plugin in its current form is used as a replacement of the login form (the standard wp-login.php wordpress form CAN still be used if you like, of course, you just don't HAVE to. Also the use of xmlrpc will still require local user/pwd combination.). Anyway, this new form will authenticate you thorugh Live ID and then check if your Live ID is associated to any local user. If it is, it will log you on to wordpress with that account. Otherwise it will inform you that you are successfully logged on to passport Live, but unfortunately there is no corresponding local account for you, and that it would need to be set up. Setting it up is as difficult as adding a line to the database… probably adding a form or a property page would be nice, but in my case I just did it with a query:

INSERT INTO `wordpress`.`wp-usermeta` (
`umeta_id` ,
`user_id` ,
`meta_key` ,
`meta_value`
)
VALUES (
NULL , '1', 'LiveID', 'f11fa1d3e82c68776f94a3a5c459b70b'
);

which adds an extra "property" for the first user (admin) called 'LiveID' which contains your Live ID (the one above is not my real one, in case you were wondering). When you are authenticated by LiveID and you get back this value, the plugin checks in this table which WordPress userid in the database has been associated with this Live ID and – if it finds one – it authenticates you as that user. Of course you should not have duplicates.

My code is mostly based on the SDK PHP Sample, with some modification to integrate it in WordPress as a plugin. Of course I removed the file that is used as "user database" and used wordpress DB instead.

There's a ton of things that could be improved. I just did not put any more effort and time in it. As you might know if you read this blog, I am not a full time developer. Actually I shouldn't write code at all for work and I am mainly considered an "infrastructure" guy. Anyway, I would like to code more and even if I am not supposed to, I always try to find stimulating situations that require a bit of integration, thinking out of the box, some scripting, etc…

[updated: november 3rd 2007] You can download the sample plugin "AS-IS" here: liveauth.zip . This has only been tested and only works with WordPress 2.3.x serie (but should also work with earlier versions – not tested)

[updated: march 30th 2008] WordPress 2.5 has changed the way the authentication cookie is generated, therefore here is an updated version of the plugin that works with the new secure cookies: liveauth02.zip
I should really invest some more time in this and clear up the code. I should also make an interface to make the configuration easier, and maybe make a version that works on both 2.3 and 2.5 branches. I am not sure when I will have time for that, though…

[updated: april 20th 2008] I have released version 0.3c of the plugin which now finally includes a simple configuration page, and should work on both WordPress 2.3 (and older) and on the 2.5 brach. Please visit the new Windows Live ID Authentication WordPress Plugin Page.

Disclaimer:
The information in this weblog is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my own personal opinion. All code samples are provided "AS IS" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
THIS WORK IS NOT ENDORSED AND NOT EVEN CHECKED, AUTHORIZED, SCRUTINIZED NOR APPROVED BY MY EMPLOYER, AND IT ONLY REPRESENT SOMETHING WHICH I'VE DONE IN MY FREE TIME. NO GUARANTEE WHATSOEVER IS GIVEN ON THIS. THE AUTHOR SHALL NOT BE MADE RESPONSIBLE FOR ANY DAMAGE YOU MIGHT INCUR WHEN USING THIS PROGRAM.

Facebook implemented a user.setStatus API!

Finally, you CAN change your Facebook status programmatically in a way that is supported!

Some months ago Christian discovered a hack to change your Facebook status. Some other people also used it and extended it. I also ported it to C# and made a winform using its unofficial method.
Suddenly after, Facebook asked us to take down the code, as it violated their terms of service.

It has taken a while, some struggles, but now they finally recognized the need for federated status, and implemented a user.setStatus API.

Twitter is the first to pick it up, so now you can update twitter and have your status propagate in Facebook!

Well done, guys!

When I'll have some time I might think of rewriting my app using the SUPPORTED method, maybe finally writing that Live Messenger plugin… it would be nice ūüôā
When I'll have time…

ITPro vs. Dev: there is no such a thing.

Dave Winer wisely writes:

[…] I've been pushing the idea that every app should be a platform for a long time, that in addition to a user interface, every app should have a programmatic interface. For me the idea came from growing up using Unix in the 70s, where every app is a toolkit and the operating system is a scripting language. Wiring things together is an integral part of being a Unix user. It's why programmers like Unix so much […]

It is entirely true. The limits are blurry, IMHO. In the Unix world it is common to find full-fledged "applications" which have been written by the ground up by people that were doing SysAdmin tasks, and those "applications" are usually just… scripts. Simple shell scripts, or something more evolved (PERL, PHP, Python) it does not really matter.

I am so tired of the division traditionally made in the Microsoft world between "Developers" and "IT Professionals". We even¬†have separate sites for the two audiences: MSDN and Technet. There are separate "TechED" events: for"Devs" and for "IT Pros". There are blogs that are divided among the two "audiences"…

There aren't two different audiences, really. There are people, with various degrees of expertise. There is no such a thing as a "developer" if he doesn't know a bit how the underlying system works. His code is gonna suck. And there is not such a thing such a "IT Pro" that builds and integrates and manages systems if he does not have the palest idea of how things work "behind the GUI". He's gonna screw things up regardless of how many step-by-step (click-by-click ?) procedures you spoon feed him.

That's why automation and integration are best done by people who know how to write a bit code.

The PowerShell folk GET IT.

It's nice to see things called by their real name

Facebook Terms of Service state that it is forbidden to "[…] use automated scripts to collect information from or otherwise interact with the Service or the Site […]"

For this reason, I had to pull down the code of the small application I had previously released, which was "logging" into the mobile web application "pretending" to be a mobile browser and change your status. Big deal!!!

I am quite sure there are a lot of people writing "official" applications (that is using the "platform API" and so on) that are collecting A LOT of information about users who install their applications. They are being sent the info about the visitors by facebook, they are storing them, they might do whatever they please with (study it, sell it to spammers, to marketers, to making-money-assholes) and nobody will ever notice because it is on their servers and nobody can check that.

But a script that changes your status from remote – since this is not a functionality they CHOSE to expose in their API – then THAT is a big issue. Doh!
It's just plain ridiculous, but that's it.

Sure, the terms of service for app developers say a bit more in this regard:

[…] 4) Except as provided in Section 2.A.6 below, you may not continue to use, and must immediately remove from any Facebook Platform Application and any Data Repository in your possession or under your control, any Facebook Properties not explicitly identified as being storable indefinitely in the Facebook Platform Documentation within 24 hours after the time at which you obtained the data, or such other time as Facebook may specify to you from time to time;

5) You may store and use indefinitely any Facebook Properties that are explicitly identified as being storable indefinitely in the Facebook Platform Documentation; provided, however, that except as provided in Section 2.A.6 below, you may not continue to use, and must immediately remove from any Facebook Platform Application and any Data Repository in your possession or under your control, any such Facebook Properties: (a) if Facebook ceases to explicitly identify the same as being storable indefinitely in the Facebook Platform Documentation; (b) upon notice from Facebook (including if we notify you that a particular Facebook User has requested that their information be made inaccessible to that Facebook Platform Application); or (c) upon any termination of this Agreement or of your use of or participation in Facebook Platform;
[…] You will not directly or indirectly sell, export, re-export, transfer, divert, or otherwise dispose of any Facebook Properties to any country (or national thereof) without obtaining any required prior authorizations from the appropriate government authorities;
[…]

Are we sure everybody is playing by these rules, when every facebook "application" really runs on the developer'server ? How do you know that they are really storing only what you want them to store, and deleting what you want them to delete ? Everybody knows how difficult it is to really "delete" digital content once it has come into existance… who knows how many copies of this database/social graph are floating around ?

Of course that is not an issue because people don't talk about it enough. But a script that changes your status – now, THAT is a very terrible thing.

I just don't get this "politically correctness". It must be me.

Oh, no… look! It's not only me!
I had read this post of Dare, but I problably had overlooked the last bit of it…. because he did point out this Hypocrisy going on:

[…] Or (5) the information returned by FQL about a user contains no contact information (no email address, no IM screen names, no telephone numbers, no street address) so it¬†is pretty useless as a way to utilize one‚Äôs friends list with applications besides Facebook since there is no way to cross-reference your friends using any personally identifiable association that would exist in another service.

When it comes to contact lists (i.e. the social graph), Facebook is a roach motel. Lots of information about user relationships goes in but there’s no way for users or applications to get it out easily. Whenever an application like FacebookSync comes along which helps users do this, it is quickly shut down for violating their Terms of Use. Hypocrisy? Indeed.
[…]

He then insists in a more recent post in calling things by their name:

[…] I will point out that 9 times out of 10 when you hear geeks talking about social network portability or similar buzzwords they are really talking about sending people spam because someone they know joined some social networking site. I also wonder how many people realize that these fly-by-night social networking sites that they happily hand over their log-in credentials to so they can spam their friends also share the list of email addresses thus obtained with services that resell to spammers?
[…] how do you prevent badly behaved applications like Quechup from taking control away from your users? At the end of the day your users might end up thinking you sold their email addresses to spammers when in truth it was the insecure practices of the people who they‚Äôd shared their email addresses with that got them in that mess. This is one of the few reasons I can understand why Facebook takes such a hypocritical approach. ūüôā
[…]

Thanks, Dare, for mentioning Hypocrisy. Thanks for calling things by their name. I do understand their approach, I just don't agree with it.

I did pull my small application off the Internet because I have a family to mantain and I don't want to have legal troubles with Facebook. Sorry to all those that found it handy. No, I cannot even give that to you per email. It's gone. I am sorry. For the freedom of speech, especially, I am sorry.

I will change my status more often on Twitter.

43things Facebook app

WOW I already have 13 (thirteen) users for my Facebook application showing your goals pulled from 43things!

Sure, gapingvoid has got 700+ users in 3 days, I know. But hey, he's famous, and I don't see the point of cluttering my already busy Facebook profile with a cartoon. I do read him and generally like his cartoons, and I am in the "friends of the blue monster" group (so to say I like him).

But I prefer reading him in my "normal" aggregator.

I think Facebook apps should rather "inject social objects" (where did I read this definition? sorry I cant recall it or I would appropiately link to you… I swear).

There are of course other similar applications that just pull comics in your profile¬†(like Dilbert, Garfield, etc) but again – I think this is all stuff that¬†YOU are interested in, and thus¬†should just go into your aggregator – so YOU can read it; on the opposite¬†your profile in Facebook should talk about YOU and things YOU are doing, for example. Occasionally they can be YOUR posts or they can even be someone else's posts that you read and want to share/let other people see (that's why I pull in¬†my Google Reader's shared items for example – things I read and want you too to see). If this includes importing other social objects/information from other social networks, like the music you are listening to on last.FM, or the photos you published on Flickr, then it is fine. That's why I wrote an app that shows the things you want to do, pulled in from 43things.com and one that shows the places you want to visit pulled in from 43places.com. Because I felt those social objects from another network¬†were missing. In fact a user commented "[…] Glad someone finally took a step forward to create this, though ūüôā […]".

But of course what I wrote about which kind of applications you should or shouldn't have in your profile, remember that this is just my personal opinion rant, and everybody is free to put¬†whatever stuff he/she likes onto his/her profile, in the end¬†ūüôā

New Photo Category Visualization

New Photo Category Page

Copying the advice by Small Potato, I made a different page for the 'Photos' category/tag on this blog. It has been a bit trickier than¬†I first thought, because he keeps his picture uploaded into wordpress itself, while I had to write a small plugin using a regular expression to extract the "IMG SRC" portion of the post content. This way I also experimented with WordPress templates, plugins and structure¬†a bit more than I had done before… and I am even more convinced than before that it can easily be used as a CMS rather than *just* a bloging software.

My lost Facebook Appz! doh!

I am just figuring out that on this post of the 26th of July I mentioned I was trying to write a simple facebook application. I am not realizing I never wrote anything about it anymore. I did not spend a lot of time figuring out all the possibilities, and indeed I have not looked into it anymore since then, but that very night I did write something. Not just one application, but TWO (copycat) very simple applications: my43places and my43things, that pull into your profile the data about the things you want to do you entered in 43things.com and the places you want to visit you entered in 43places.com, respectively.

They are very simple: you enter your user name and they connect to their REST web service, extract the information about your places and/or goals, and show them as a list in a box in your profile.

I don't know why I did not blog about them before… maybe I thought they were too simple ? Well, they are, but, seriously: who cares? ūüôā

Facebook Mobile is not working for Italy

Facebook Mobile is not working for Italy

Facebook mobile is not working from mobile operators not in the US, I suppose.
I can't even log on to m.facebook.com with my WIndows Mobile SmartPhone.
I can't send status updates through SMS.

I can't even send them by mail, or I get the following back:

Facebook Mobile is not working for Italy

So, now, I am updating Twitter.
Twitter can be updated with an SMS even from Europe. Or it can be updated with a bot running GTalk. Very easy, can do it from everywhere.

I then wrote a small command line application (based on the same "hack" as the one described before) that runs every five minutes from the scheduler on my server and keeps the two in sync.

I wrote it in C# as a Console application because that's usually what I do when I want it to run it both on my windows machines and/or on my Linux server (with MONO). I already used this approach in the past and I found it to be successful. As long as you keep the application simple enough and check out the documentation for the implemented classes on mono, it runs without modification both on windows on the "real" .Net framework and on Mono on Linux. i just copy the executable and I am ready to go.
Not this time, though.
I am hitting what seems to be a bug in mono. I might be able to find a workaround, but I haven't had the time to dig in the issue yet.
I posted some info about this on this forum.

Windows Live ID Web Authentication 1.0 SDK !

Check this out:

Windows Live ID Team has published on the web the SDK that lets you liveID (or "passport")-enable your applications!

http://msdn2.microsoft.com/en-us/library/bb676633.aspx

There are even code samples in six different languages: C#, Java, PHP, Python, Ruby e Perl! You can download them from http://go.microsoft.com/fwlink/?LinkId=91761

Wow! Having time, it would be cool to write a WordPress plugin using Passport authentication to authenticate/identify users that want to comment… mumble mumble….. ūüôā

Interoperability. Wow.

More info at the Live ID starting Page: http://dev.live.com/blogs/liveid/archive/2006/05/18/8.aspx

About Me

I am a husband and a father of three kids, and I have three cats. Me and my family have lived in 3 different countries so far. I compose music and I build guitars out of recycled materials. I take photographs and empowering portraits. In fact, someone once told me that he thought I could not take a bad photo even if I tried. I am also a Spiritual Life Coach and an Intuitive, and I read Tarot cards with my wife at the Sanctuary of Joy.

I also like Anthropology, Sociology, all sorts of Music, Theater, Arts, Literature. I read a lot. I write a lot (publicly and privately).

Most of all I am interested in the power of language, of sharing ideas, of telling stories.

I also have 18 years of experience in the IT world and a former successful career in that space: I've got extensive knowledge of design, project and product management, community engagement, operations and security management for Internet software systems and cloud services, and I have learned to navigate and drive the business aspects of IT, DevOps and Development teams working for many famous corporations: Microsoft, Symantec (and their respective large customers), and more. I have worked at Microsoft as a Senior Manager on enterprise/cloud products and services, till I resigned in 2015. I am not an engineer. I didn't follow any particular school or college to get into the IT world. I had actually started the first year of Sociology at the university, but quickly decided to drop out: it was 1997, everybody in Europe was getting onto the internet, and I seized the opportunity to start working in IT, starting from a very humble role that gave me economic independence from my parents, and eventually made my way up in the IT business by continuing to work hard in that field for over 18 years and gaining real experience of real companies and real projects from the 'bottom up' (my favorite way of learning: experience is better than theory).

I do like technology, but most of all I like the potential of interconnecting people and sharing information. I am also painfully aware of issues the over-use and pervasiveness of technology is creating – damages we are doing to the environment, psychological and physiological issues to individuals/societies, issues related to privacy and security, etc.
I think technology should be the mean to achieve something useful, but 'innovation' for the sake of it (and just for making more money) should not be the purpose driving it all.

The future of our planet and our children should be the most important driver for society, but we know there are issues: over-production (and waste) while poverty exists elsewhere, wars, inequality, pollution, global warming, extinction of flora and fauna while we get fed genetically modified food and get all sort of new 'diseases' due to stress and the insane speed we are trying to live at… these are hardly ever taken into account in the 'cost' of capitalist 'growth' that often screams 'innovation' for the sake of it, while making a desert of our home earth and emptying our souls. I am tired of that, and that's why I left the big corporate world.

I am currently running my own company that produces musical instruments (mainly guitars at the moment) out of recycled materials and I also read Tarot cards and take empowering portrait photos at Sanctuary of Joy, a holistic healing organization I run with my wife. I also like to lend my more 'modern' skills and work part time or consult for organizations or individuals who contribute to a good cause and want make the world a better place; I am not interested in the 'next cool thing' built just for making more money.

My thoughts and opinions often change. This weblog is intended to provide a semi-permanent point in time snapshot but you should not consider out of date posts to necessarily reflect my current thoughts and opinions (nor those of my former employers).

Why do developers tend to forget about people behind proxy servers ?

I know this is a very common issue.

I keep finding way too many software that claim to interact with Web 2.0 sites or services, and connect here or there…. still forgetting one basic simple rule, that is: letting people use a proxy.

Most programmers for some reasons just assume that since they are directly connected to the internet, everybody is. Which isn't always the case. Most companies have proxies and will only let you out to port 80 – by using their proxy.

…which in turn is one of the reasons why most applications now "talk" and tunnel whatever application protocol on top of HTTP… still a lot of softwares simply "forget" or don't care proving a simple checkbox "use proxy", which will translate in two or three extra lines of code… three lines which I personally usually include in my projects,¬†when I am not even a *developer*!! (but that might explain why I *think* of it… I come from a security and networking background :-))

I thought of writing this post after having read this post by Saqib Ullah.

Anyway. I keep finding this thing over and over again. Both in simple, hobbyist, sample and/or in complex, big, expensive enterprise software. Last time I got pissed off about a piece of code missing this feature was some days ago when testing http://www.codeplex.com/FacebookToolkit. The previous time was during Windows Vista beta-testing (I had found a similar issue in beta2, and had it fixed for RC1.)

Actually, I am being polite saying it is "missing a feature". To be honest I think missing this "feature" would have to be considered a bug: every piece of software using HTTP *should* include the possibility to pass thorugh proxy (also, don't forget about  AUTHENTICATED proxies), or the purpose of using HTTP in the first place is defeated!!

Developers!!! You have to remember people ARE behind proxies !!!!!

Powershell and RegExp: a "match" made my day.

Today I was working with a customer and friend (Claudio Latini, who I thank for the permission to post this, which is also work of his brain Рespecially the regular expression you'll see reading on!).

We are running several projects and activities together and, among several other things, he's in the process of migrating his users from Exchange 2003 to Exchange 2007. In this infrastructure, he has some ISA Server that publish both the Exchange2003 and the Exchange2007 frontends.

Now he wanted to know HOW MANY and WHICH ONES of his users actually have a PocketPC or other WIndows Mobile device and were actively connecting to the old FrontEnd. You give out mobile devices to people but those things are usually less "managed" – when compared to corporate PCs, at least. So you loose a bit control of the thing…¬†usually people with mobile devices using ActiveSync in companies are managers, and especially since some of them might be on holiday at the moment, it was important to know WHO were the people that had to be told to reconfigure¬†their device to point to the new name/server BEFORE he would start complaining about ActiveSync not working anymore…

So how do you figure out who's connecting ?

I am NO Exchange expert whatsoever… but a thing that came in handy was the thing that an ISA Server was reverse-publishing the frontend server. I know ISA (and firewalls/proxies in general) much better than Exchange, so I can help on that side.¬†In the log files, ActiveSync Connections looked like the following URL, passing most parameters in the POST request: http://www.company.com/exchange?User=Mario&DeviceID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla (and on an unrelated note: yes, if you try to crawl this link, you are a bot :-))

So we exported ISA logs (there are several tools for this, including "Extract logs", but we did not use a script, we just used a filter for the correct publishing rule in the "Monitoring – Logging" tag in ISA Server Console and then copied and pasted those log lines) and tried to see if PowerShell could help tackle the issue.

Here we load our sample log (in a real log you would have much more information – each single line wrapping several console rows; I cut it short to the URL to make it more readable.

PS> get-content log.txt    

http://www.company.com/exchange?User=Mario&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Gino&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Gino&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Mario&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Mario&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Mario&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Mario&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Mario&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Mario&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Mario&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Antonio&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla
http://www.company.com/exchange?User=Mario&DevideID=186hkjw6gjw76463uh2g5gi2j3h&Bla=bla

We know Get-Content does not just display the file, it loads the file into a string array.

So we can cycle through the file and try to extract (using a regexp) the string after "User=" and before the first ampersand ("&"), which translates in the following regular expression:

"User=(?<nome>.*?)&"

(the regexp has been the most difficult thing to figure out, but it is very worth the hassle once you've done it…)

PS> get-content log.txt | foreach {$_ -match "User=(?<nome>.*?)&" | out-null; $matches}
Name                           Value
----                           -----
nome                           Mario
0                              User=Mario& nome                           Gino
0                              User=Gino&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Gino
0                              User=Gino&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Mario
0                              User=Mario&
nome                           Mario
0                              User=Mario&
nome                           Mario
0                              User=Mario&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Mario
0                              User=Mario&

This seems to work. Now we only have to get the Named Captures called "nome" (containing the user name):

PS> get-content log.txt | foreach {$_ -match "User=(?<name>.*?)&" | out-null; $matches["name"]}
Mario
Gino
Antonio Antonio
Gino
Antonio
Antonio
Mario
Mario
Mario
Mario
Antonio
Antonio
Mario
Antonio
Antonio
Mario
Antonio
Antonio
Mario
Antonio
Antonio
Mario
Mario

Awesome. Now sort them and remove duplicates. Which is one more command in our pipeline:

get-content log.txt | foreach {$_ -match "User=(?<nome>.*?)&" | out-null; $matches["nome"]} | sort-object -uniq

P> get-content log.txt | foreach {$_ -match "User=(?<name>.*?)&" | out-null; $matches["name"]} | sort-object -uniq
Antonio
Gino
Mario     

PS>
PS>

Now you can call those three users and tell them to modify their ActiveSync configuration ūüôā

Facebook StateTray

Facebook StateTray

Facebook StateTray, uploaded by Daniele Muscetta on Flickr.

This is a Screenshot of the small application I first described in my previous blog post.

It is a simple Windows Form that lets you change your status on Facebook without having to browse to the site. It does not rely on Facebook's API (as they won't let you change your status, at least to date) but is really uses a hack on the Facebook mobile pages. It is based on PHP code posted by Christian Flickinger, ported to C# (.Net 2.0) by me.

When you pull down the form you get to see the settings:

Facebook State Tray

Those can be stored in an XML file, that gets loaded automatically every time the program starts.
Beware that password ARE displayed and stored in clear text.

The idea so far is that you run it on your PC and you just keep it resized so it does not show the "dangerous" bits.
You can keep it minimized on the tray in windows, pop it up when you need to update your status, write your new status and click "change" – it will freeze for a couple of seconds while updates your status, since it uses synchronous calls – then you can minimize it again.

UPDATED Р September 1st 2007: I have been asked by Facebook to pull down the source code from the Net, as it violates their terms of service (I had not realized that). Apologies to all.

Facebook API and WinForm experiment

While testing with the Facebook API, I started creating a WinForm using the Facebook Toolkit.

What I had in mind was a simple program that would run on my PC, maybe minimized in the system tray, that would let me update my status in a click, thorugh the day, without having to log on to the website.¬†Most of the day I am busy working, and I don't really have time to go surf and check Facebook… but I like the possibility for people to hear how I am doing. Changing the status would keep them up to date, and would keep my profile current.

As I figured out afterwards, their API does not yet let you change your status yet.

There are other people asking for this possibility… but then I went further searching on the Internet, and I found this blog: http://www.nexdot.net/blog/2007/04/20/updating-facebook-status-using-php/.¬†

I just hacked together a small WinForm written in C# that reimplements this idea.

Facebook StateTray

I indeed would like to thank Christian for the idea, and my friend and colleague Pierluigi for¬†his precious help with the¬†regular expressions ūüôā

At the moment it has terrible things such as hardcoded passwords in it, but as soon as I will have time to polish the code a bit, I will post it.

One more thing I would like to do with it is turning it from a standalone application into a Live Messenger Add-In, so that it synchronizes my messenger status with the one of Facebook. When I will have time for that.

Facebook development

I have been quite hooked into Facebook for the last couple of days, figuring out what it can and cannot do. It can do a lot. The possibility to inject code and brand new application into it is absolutely awesome.

PopFly lets you create mashups and even custom blocks, and I liked that too. But you have to use fancy-shiny Silverlight (which is very cool indeed, but probably not *always* necesary) and you can only create blocks using Javascript. Sure, as someone as already written, the meaning of AJAX is "javascript now works". I can understand (even if I don't know them for sure) the reasons behind certain choices. But I find it limiting. Maybe it is because I don't like Javascript. It must be it. 

Facebook, instead,¬†empowers you to inject code into their social networking framework. Any code. In whatever language you like. They started it in PHP, but you can plug-in whatever you like: Java, Ruby, Perl…. you can even have¬†your application running on your own server, still providing a seamless experience inside of facebook.¬†This opens up to millions of possibilities, and I got fascinated by that.

At the same time, the paranoid part of myself has been thinking to the security implications of it. This open platform is cool, but it also sounds like¬†a framework for cross-site-scripting (XSS) attacks. Sure, you can "report" an application made by a third party that does something weird… but who will really notice if all¬†that happens under the hood is that¬†your cookies get stolen (and someone accesses your bank account) ? Will you figure it out it has happenend because you wanted to see the "dancing pigs" loaded in your profile ? Or will you figure it out at all ?

This said, I set aside my fear for a while and I delved into coding. What I did learn in the last couple of years, having slowly moved away from security engagements, is to relax. When I was working costantly with security I was a lot more paranoid. Now I case much less, and I live a lot more.

So I developed a couple of quick and simple apps running from this very server into Facebook, and I started using thePHP5 library they provide, so to be able to follow the examples first and figure out how it was working.

Now I also want to take a look at the .NET library for facebook when I have time. It sounds cool.

This blog in C#

I have been busy trying to write a new frontend for this blog that uses .Net. I already blogged about it here. In the last couple of weeks I have been adding stuff – permalinks using mod_rewrite, I finally show the comments properly, I have added categories and category archives (as in http://www.muscetta.net/dotnet/tag/coding). There is even an RSS Feed.

The layout is still crap, but I sort of like it being so light weight, so that is not on my priority list so far. Moreover, I am a crap designer.

Before that, tough, I still have to add important functionalities like the possibility to POST comments (which needs a new CAPTCHA, etc, so it will take me a while), and I am having issues with text encoding (it does not show the accented characters properly, yet).

But I am having fun doing it.

[Edit of December 2009 – I killed the above experiment. I had fun doing it, but there is not time for all, it needs a lot of work to keep it running/update it with every wordpress update, and mod_mono is wasting too many resources on the server.]