Things that made me happy this morning

• Arriving in Denver in time to deliver my talk at WDN - only 7 hours in the lounge made it possible
• New York Lego bricks I love the pepper mill
• Accessify offers an easy youtube caption creator and asks for feedback
• The Opera Web Standards Curriculum now has a JavaScript section – yeah I’ll finish the missing article soon
• An interesting blog post on how to blog when you got nothing to talk about

Things that made me happy this morning:

• Getting a new flight booking to Web Directions North after all flights had been canceled yesterday
• Knowing that we are safe as there are Real Super Heroes amongst us – I think the most useful is red arrow although pointing at your crotch is not decent – then again this is what ties do.
• WaSP reporting on the findings or WebAim Screen Reader Survey
• An interesting video of John Resig explaining just how broken DOM support in browsers really is on the YDN theater.
• Obviously having done a great job styling TweetEffect – why else would the newer TweetActive looks ever so slightly similar?
• Some good info by the lovely (Mother) Henny of Opera on Nintendo Wii as a rehab device
• An archive of all the vanity cards at the end of The Big Bang Theory episodes

I believe that inherent within the God-given right to the pursuit of happiness, is the equally God-given right to the pursuit of unhappiness. That is why I support gay marriage.

I am right now rather devastated that I will miss (at least) the first day of the Web Directions North conference as London is simply shut down for the day.

I arrived yesterday from India and got back in time to fly out to Denver from the shiny Terminal 5. I was amazed that I was not jetlagged at all and that I could keep my large suitcase in storage at the airport. What I wasn’t planning for was the snow that crippled London down to a halt. A single snow flake in London is cause for gasps and concerns, this amount however really had the city by the proverbial balls: one tube line was running without any delays, no buses were running, the roads were blocked by cars trying to go uphill in first gear when there’s a slippery road, none of the trains were running and then of course (when I arrived in time) the whole airport got shot down.

Funnily enough the web was no help either: the Transport for London web site was down, checking in at the BA.com web site was impossible and my favourite was the helpline telling you afterwards that they are overworked and you should use the web site instead…

Anyways, maybe the idea of online conferences with video presentations is really the future as a lot of aggravation can be avoided.

I will try again tomorrow to get to the airport in time to get to WDN, as it’d be such a waste not to be able to go and meet all those lovely people.

Things that made me happy this morning

• not being too jetlagged (in India at the moment)
• LaidOffCamp a barcamp for people in the IT business having been laid off lately helping each other – cool idea!
• A new group discussing what server side JavaScript should have promises some good collaboration of clever people for consistent APIs. Kevin Dangoor has the inside scoop
• Delivering a hacking 101 talk at the University in Delhi
• Getting my flight to Atlanta, Georgia in March £1300 cheaper by flying one day later!
• Calming down a very ticked off lady who accused me of publishing her protected Tweets via TweetEffect – I do not, they are only available to her and her friends. That is how Twitter rolls.

I just got a very concerned email (60 pixel font) telling me off for displaying protected updates in TweetEffect. The person was to say the least, very ticked off at seeing their protected updates in my application and threatened to do “something” about it.

TWEETEFFECT.COM MAKES MY PROTECTED UPDATES PUBLICLY ACCESSIBLE.
THIS IS ABSOLUTELY UNACCEPTABLE TO ME AND OTHER TWITTER USERS!
HOW WOULD YOU LIKE FOR ME TO MAKE YOUR LAST 200 E-MAILS PUBLICLY AVAILABLE?
YOU WOULDN’T I ASSUME.
STOP IT, STOP IT NOW!
I WILL TALK TO BIZ STONE ABOUT THIS TOO, SINCE THE TWITTER API SHOULDN’T LET YOU DO THIS IN FIRST PLACE.
THOUGHT THE DAYS OF WARRANT-LESS WIRE TAPPING WERE OVER.
DO NOT ANSWER THIS WITH ANY KIND OF MARKETING/PR FLUFF, SPARE ME.
IRATELY YOURS {censored}
p.s.: your answer might get published in one form or the other, fair warning.

I was pretty confused as to me there was no way to reach the updates and I wondered what all the hoohah was about. Then it came to me: when either you yourself or any of your friends (followers that are allowed to see your protected updates) are logged in to twitter, the protected updates are visible in the API. This is perfectly logical but it is also rather flaky in terms of privacy.

The security of the updates is dubious to say the least. In order to get to protected updates all I’d need to do is either lure you or any of your followers into following a link listing your updates from the user_timeline, populate a DOM element or hidden form field with it and send it to my server via Ajax or even with a dynamic script (in case of JSON output). There is simply no way to deny that as that would break every twitter client that supports protected updates – even the more secure Adobe Air ones. I can get the list of your followers even if you protect your updates – changing this would make the intrusion harder.

Personally I don’t get protecting your updates. If you want to keep things out of the public, use a direct message. Twitter is there to tell the world what you do and this is what it does damn well. I like the simplicity of Twitter and its various channels in and out – it is a tool to spread information – however mundane. The protected updates feature is a bit of a glass shield, better would be to offer a new Twitter feature and API that allows you to group contacts – much like any IM client does.

Now the question is: shall I stop supporting update analysis for users with protected updates in TweetEffect? Technically there is nothing that I do that you don’t allow Twitter themselves to do and if you allow your followers to see your updates why not the analysis of your updates. The only problematic part is that your followers can be phished to give people access to your updates, otherwise this wouldn’t be much more scary than the old “display C drive in IFRAME” trick.