coding
I grew up coding. From about the ages of 10-25 that's how I spent a
lot of my time. While other kids were playing baseball I was trying
to create computer baseball games. I was never a great programmer. I
was mostly just a hacker in the original sense of the word. I didn't
like to plan out my code and the code I produced was rarely commented
or elegant. I did a fair amount of object oriented programming later
on (C++ & Java) but was always suspicious of objects and basically
anything except C, assembly, text files, and ever using code in my
programs I didn't write myself. I was really turned off my the
Microsoft programming model which felt more like shopping than
creating. I mostly quit programming after doing some initial coding
on my last company, SiteAdvisor. I guess I was burnt out. This past Thursday night after a long day of business meetings (seems
like that's all I've done for the past few years) I thought I'd try
coding again - partly for fun and partly because my company (Hunch)
has an API that is central to our strategy and I felt like I needed to
use the API first hand to truly understand it. So Thurs night I made
a simple Youtube + Hunch mashup and put it on a domain I've been
sitting on for a while - Forage.com. It's a very simple program but
taught me a lot about our API. The Hunch API is much more powerful
when you require the user to oauth (login to Hunch) but I wanted to
avoid that in the first hack. So the recommendations aren't as good
but there is very little friction for the user - just put in a twitter
name and press go (plus you can "cross dress" as other users which is
fun). (Personally I've been really digging mixes when you type in
twitter name = cdixon, genre = hip hop, version = experimental). This weekend I wanted to try some authenticated (oauth) hacks so built
two more little demos. One of them suggests people you should do
things with (http://forage.com/u.php). It really only works if your
Hunch account is linked to Twitter or FB and there is no error
handling so if you want to try it, login to Hunch, connect to
Twitter/FB (go to your profile, edit, services) and then try it. The
other one I wrote uses Yipit's API (Yipit is a daily deal aggregator -
great company and founders) to find daily deals. It then cross
references the venues with your predicted hunch preferences and finds
the daily deal that day you'll like the most. (I'm also working on
adding a feature that will suggest 5-10 friends who would also like
the deal so you could invite them along but it isn't working yet). In the process I had to learn about "signing" you URLs (apparently to
defend against man-in-middle attacks - not sure how common those
really are). Kind of a poor man's SSL. See
http://hunch.com/developers/v1/docs/auth/. Turns out we had Python
code samples on Hunch but no PHP code samples (yes, I prefer PHP - I'm
old school). So I had to figure out my own code signing function in
PHP. Here it is : function signUrl($url, $secret_key)
{
$original_url = $url; $urlparts = parse_url($url); // Build $params with each name/value pair
foreach (split('&', $urlparts['query']) as $part) {
if (strpos($part, '=')) {
list($name, $value) = split('=', $part, 2);
} else {
$name = $part;
$value = '';
}
$params[$name] = $value;
}
// Sort the array by key
ksort($params); // Build the canonical query string
$canonical = '';
foreach ($params as $key => $val) {
$canonical .= "$key=".enc(utf8_encode($val))."&";
} // Remove the trailing ampersand
$canonical = preg_replace("/&$/", '', $canonical); // Build the sign
$string_to_sign = enc($canonical) . $secret_key; //print $string_to_sign . "
"; // Calculate our actual signature and base64 encode it
$signature = bin2hex(hash('sha1', $string_to_sign, $secret_key)); // Finally re-build the URL with the proper string and include the Signature
$url = "{$urlparts['scheme']}://{$urlparts['host']}{$urlparts['path']}?$canonical&auth_sig=".rawurlencode($signature);
return $url;
}
?> We are going to add this code (most likely a prettier version) to the
Hunch API docs for PHP programmers (also need to add Ruby code). I
think we'll also make URL signing optional as only some apps really
need it and it seems like a barrier to development. One thing I noticed is how much more fun it is programming these days
with so many great APIs out there. YouTube's API was a joy to use, as
was Yipit's. Because of all these great APIs, someone with minimal
programming skills (like me) can hack together interesting stuff
really quickly. I do wish the APIs were more standardized. Having a
SQL interface for every API would be awesome. But still now that
everyone is using similar authentication, JSON, etc it is pretty easy. People in the startup world say it's a good practice to "dogfood" -
use your own software - and if one of your products is an API you
should use that too, which means doing some simple programming. The
stuff I hacked together over the past few days are not meant to be
real products. This is no "pivot" in Hunch's strategy. Hunch has two
official and I think really great products coming out soon - one
web-based and one mobile. And if you think Forage.com is good or bad,
just wait until you see the music recommendations we are developing
with a major music provider. Their data + our data + our algorithms =
truly incredible results. In the meantime it's fun and informative to hack on APIs.
lot of my time. While other kids were playing baseball I was trying
to create computer baseball games. I was never a great programmer. I
was mostly just a hacker in the original sense of the word. I didn't
like to plan out my code and the code I produced was rarely commented
or elegant. I did a fair amount of object oriented programming later
on (C++ & Java) but was always suspicious of objects and basically
anything except C, assembly, text files, and ever using code in my
programs I didn't write myself. I was really turned off my the
Microsoft programming model which felt more like shopping than
creating. I mostly quit programming after doing some initial coding
on my last company, SiteAdvisor. I guess I was burnt out. This past Thursday night after a long day of business meetings (seems
like that's all I've done for the past few years) I thought I'd try
coding again - partly for fun and partly because my company (Hunch)
has an API that is central to our strategy and I felt like I needed to
use the API first hand to truly understand it. So Thurs night I made
a simple Youtube + Hunch mashup and put it on a domain I've been
sitting on for a while - Forage.com. It's a very simple program but
taught me a lot about our API. The Hunch API is much more powerful
when you require the user to oauth (login to Hunch) but I wanted to
avoid that in the first hack. So the recommendations aren't as good
but there is very little friction for the user - just put in a twitter
name and press go (plus you can "cross dress" as other users which is
fun). (Personally I've been really digging mixes when you type in
twitter name = cdixon, genre = hip hop, version = experimental). This weekend I wanted to try some authenticated (oauth) hacks so built
two more little demos. One of them suggests people you should do
things with (http://forage.com/u.php). It really only works if your
Hunch account is linked to Twitter or FB and there is no error
handling so if you want to try it, login to Hunch, connect to
Twitter/FB (go to your profile, edit, services) and then try it. The
other one I wrote uses Yipit's API (Yipit is a daily deal aggregator -
great company and founders) to find daily deals. It then cross
references the venues with your predicted hunch preferences and finds
the daily deal that day you'll like the most. (I'm also working on
adding a feature that will suggest 5-10 friends who would also like
the deal so you could invite them along but it isn't working yet). In the process I had to learn about "signing" you URLs (apparently to
defend against man-in-middle attacks - not sure how common those
really are). Kind of a poor man's SSL. See
http://hunch.com/developers/v1/docs/auth/. Turns out we had Python
code samples on Hunch but no PHP code samples (yes, I prefer PHP - I'm
old school). So I had to figure out my own code signing function in
PHP. Here it is : function signUrl($url, $secret_key)
{
$original_url = $url; $urlparts = parse_url($url); // Build $params with each name/value pair
foreach (split('&', $urlparts['query']) as $part) {
if (strpos($part, '=')) {
list($name, $value) = split('=', $part, 2);
} else {
$name = $part;
$value = '';
}
$params[$name] = $value;
}
// Sort the array by key
ksort($params); // Build the canonical query string
$canonical = '';
foreach ($params as $key => $val) {
$canonical .= "$key=".enc(utf8_encode($val))."&";
} // Remove the trailing ampersand
$canonical = preg_replace("/&$/", '', $canonical); // Build the sign
$string_to_sign = enc($canonical) . $secret_key; //print $string_to_sign . "
"; // Calculate our actual signature and base64 encode it
$signature = bin2hex(hash('sha1', $string_to_sign, $secret_key)); // Finally re-build the URL with the proper string and include the Signature
$url = "{$urlparts['scheme']}://{$urlparts['host']}{$urlparts['path']}?$canonical&auth_sig=".rawurlencode($signature);
return $url;
}
?> We are going to add this code (most likely a prettier version) to the
Hunch API docs for PHP programmers (also need to add Ruby code). I
think we'll also make URL signing optional as only some apps really
need it and it seems like a barrier to development. One thing I noticed is how much more fun it is programming these days
with so many great APIs out there. YouTube's API was a joy to use, as
was Yipit's. Because of all these great APIs, someone with minimal
programming skills (like me) can hack together interesting stuff
really quickly. I do wish the APIs were more standardized. Having a
SQL interface for every API would be awesome. But still now that
everyone is using similar authentication, JSON, etc it is pretty easy. People in the startup world say it's a good practice to "dogfood" -
use your own software - and if one of your products is an API you
should use that too, which means doing some simple programming. The
stuff I hacked together over the past few days are not meant to be
real products. This is no "pivot" in Hunch's strategy. Hunch has two
official and I think really great products coming out soon - one
web-based and one mobile. And if you think Forage.com is good or bad,
just wait until you see the music recommendations we are developing
with a major music provider. Their data + our data + our algorithms =
truly incredible results. In the meantime it's fun and informative to hack on APIs.
