I'm trying to define a minimum viable product that I can *sell*.
Nothing I've seen in this thread so far has convinced me that a
desktop application accessing Twitter is viable, with or without
oAuth. "Without oAuth" isn't viable because it's deprecated by
Twitter, and "with oAuth" isn't viable because it's *easy* to
compromise. Sure, a server *can* be compromised, but it's a lot
harder. On a server, I can control the choice of the entire stack -
hardware, OS, application framework, DBMS, etc. I may not be able to
prevent a DOS attack, but I can keep that away from Twitter - I can't
control how users interact with Twitter using a compromised desktop

There must be some other developers on this list - does *anybody* who
develops Twitter apps for a living want to chime in and tell me I'm
full of hot air here - that there *is* a way to develop and deploy a
viable secure desktop Twitter app?

> You guys are all freaking out about this when this is how the internet
> works. Just look at email. With a single line of PHP I can send any of you
> an email from any email address.*
> Abraham
> *There technologies to stop this but very few mail servers use them.
> Currently Gmail refuses email from paypal.com unless it is signed by their
> key.

This is how the Internet works *now* - with 90 percent of the desktops
running Windows, many of those not up to date on Windows Updates or
virus scanner code and virus definitions, botnets controlling millions
of PCs, the government of China exploiting holes in IE 6, bloggers
calling openly for iPhone users to mount a DDOS against AT&T, GMail
peeking at the content of my emails to suggest commercial products
that I might happen to consider competitors, and Facebook selling your
private data to scammers and spammers. There may be a thousand and one
ways to get hurt on the Internet, but I'm not interested in deploying
the 1002nd.

That could all change with ChromeOS netbooks. I can dream. ;-)

M. Edward (Ed) Borasky

"A mathematician is a device for turning coffee into theorems." ~ Paul

Reply via email to