Is it possible for an open-source project to use private keys without disclosing them? Maybe I am misunderstanding something about how authentication works.
Yes, I’ve done this with several projects that needed to interface with things like Dropbox and whatnot. (They also require you to keep these keys secret).
Namely you just have to make sure you don’t check these keys into source control.
Okay, so it is still “open source” because the source is available, but an anonymous user can not clone the repo and test it out because he will not have the keys to talk to the server?
An anonymous user can clone the repo, but would need to provide keys during the build process.
In any case, we’d start with the ReST API and correspondence games, just because it’s simpler.
They would just need their own keys and wouldn’t/shouldn’t use the production keys. This actually goes for the REST api keys also. It’s just good policy to not give out your own keys.
We perform throttling based on the user making the request AND the oauth2 client making the requests and If someone took your key and started making malicious requests against the server we would ban/block that key from being used. If it’s the same one that you use for your production application with lots of users they are going to be pretty unhappy.
Btw,
Websockets do support CORS stuff. Wouldn’t adding more domains to Access-Control-Allow-Origin header allow for easier access control without having to gamble with private keys?
// edit: well, i suppose it wouldn’t actually restrict communication at all, just prevent some cross site scripting from other domains. Forget about it
No programming skills here. But count me in for translating and /or betatesting.
Could also help if someone is willing to lead this project. We should probably just start now and see if it’s going.
I’ve already started
I’m doing a bunch of prototypes to see how various frameworks fit together. I’m currently thinking about building the whole thing in C++using Marmalade SDK. What kind of development experience do you have @royjac ?
Cue very boring screenshot:
remember … has to be android, or things will turn ugly. Riots and the like
Android is target #1, followed by iOS, followed by win mobile, followed by … oh god, I dunno… Smart TV applications or something.
For those who are keeping track, I’ve done a few experiments and think Marmalade SDK will do everything I need it to do. I’ve hacked out a quick and dirty event-driven MVC framework, and I’m trying to cajole libcurl into playing ball.
Either I’ve got a build issue, or I’m an idiot - either is equally likely right now.
I did get board renderings working with json data, though, but I think I’m going to throw it away and re-do it in OpenGL because anti-aliasing.
Cue ugly screenshot with bounding boxes and ting, the game positions are real, the other data are lies.
I’m famous! It’s all downhill from here.
Hi Bob,
I am coming from the iOS side (only having done a couple, couple being 2 here , Android Apps) but I would say if cross platform is your main drive: pick a cross platform development environment. I have to say though that I am no longer up to date on those …
I could help on the iOS side though, throw in Objective-C- or Swift-knowhow or do beta-testing, localization stuff.
Thanks for the kick-off,
Bart-Jan.
Hey Bart,
I’ve gone with Marmalade SDK and C++, there’s a thread here OGS mobile: Dev diary detailing my slow and painful progress.
Currently I’m spending my evenings cramming OpenGL. I’ve got the go rules, capture, ko, etc. working, and I’ve spiked the web-based stuff,so I’m in good shape once I can get my head around graphics programming.
Hey Bob,
sounds interesting (meaning I’ve never used a Marmalade SDK), their website claims Xcode 6 and iOS 8 compatibility though …
Did you try recompiling your state of things for iOS?
If not would you want me to give a try and provide feedback?
Seem to recall you where planning on “open sourcing” things, does that mean a version is available somewhere where I can pull?
Keep up the good work!
Bart-Jan.
sounds exciting! … I’m interested … is there still an open-request for programmers?
I’d love to take a look and see if this is something I can handle. ( I can do C & C++ … usually gcc style … but very little experience with XCode / iOS ). Not really sure where that gets me …
Any links yet to code-repository we can work on? I’d love to take a look & see if I can be helpful for iOS.
Hi xanatax,
far as I can tell there is no repository yet …
I’ll try and chase pathogenix and figure out what’s happening
Starting with C++ is something I did to (although a long time ago), should get you going. Objective-C (or Swift for that mater) is “just a bit more object oriented”. Think of it as C++ with bit of SmallTalk mixed in. The biggest hurdle is not the actual syntax of either, but the frameworks to tackle. If you like I can send you a couple of links to get you started. Feel free to PM me …
Bart-Jan.
so, I’ll see if I can get Marmalade SDK running? that’s the framework we’re talking about right? downloaded… installed… but it looks like they want money for registration keys. so, figuring that out will be my first challenge. free-demo mode should be okay to start with I hope!
I don’t have any programming skills - but, in my household, I own many Android devices including a smartphone and 2 tablets. I’d be happy to be a beta tester when that stage rolls around!