Thursday, July 05, 2007

Open Paedo APIs? (No, We Don't Know What He's Talking About)

Ajit of Open Gardens fame has recently received some top quality smokeable materials, it would seem, as in his latest blog post he has underlined the imminent threat to the world's morals posed by - can you guess? No? Uncontrolled APIs. To quote in full: "uncontrolled access to APIs is an invitation to scammers and paedophiles." Oh yes.

Scammers I can see. If you allow an AJAX script to initiate a phone call or send a text without user intervention, you could easily have any wap page - or advert - start racking up premium charges. You definitely want to make sure the user can prevent that. I would recommend a simple system where you ask the user what they want to do, but if you don't understand how code signing works it might seem that a laborious code signing exercise like the flawed Symbian Signed could maybe succeed.

Paedophilia though? Really? It's not my expert subject, but I do know a little about APIs and I don't really see the connection. If anyone can enlighten me please do so in the comments... Maybe this requires more thought. Perhaps there is also a terrorism angle that the pragmatic mind of Mr Jaokar has missed? Perhaps he could mention it to the European Parliament next time he drops by to brief them on what is happening in the real world?

Sorry to keep bringing the pragmatic thing up, but he started it ("but I have always been pragmatic") - and it's funny to see someone who really genuinely feels strongly about being pragmatic in his approach to people (quite rightly) without being able to see the utter lack of pragmatism in his view of the technology he is associated with.

The signature comment hilights his lack of understanding - you can code sign a single binary app because it's a single binary file and after every rebuild you can pay to submit it to code signing for a few weeks and maybe get it back approved. How do you sign a dynamically generated wap/web page which references a standard script library and maybe some other embedded custom scripts, a few external scripts, and some other server generated script and data? You can't. It simply doesn't work. Suggesting it does just shows how little Ajit understands that whichi he professes to be an expert in.

Apologies to Ajit and readers for getting worked up about this, I am certain he is a really nice bloke and he does a lot to raise the profile of mobile applications etc, but I strongly believe that if someone wants to create a massive soapbox and shout from it to everyone who will listen, that person really understand what they're talking about first and has a duty to communicate clearly and correctly. Suggesting this kind of thing is trivial and essential for the market to proceed implies some due diligence has been observed, but it clearly hasn't. Rant over.



Anonymous Anonymous said...

LOL! Ah man I'm completely disillusioned by that dude and his bandwagon hoping hucksterism. He knows nothing about the basic fundamentals of mobile technology and yet makes these ridiculous proclamations about the future of the industry. Talk about rampant opportunism! That ridiculous post about McDirtBag was a classic also, this dude doesn’t live in our universe, I think he’s an alien!

5:57 pm


Post a Comment

<< Home