l.m.orchard

"After playing with it a tiny bit, I'd rather see 2 line breaks after each outline node - so that each is treated like a paragraph. Feels a bit awkward to me to have blank outline nodes to induce paragraph breaks. That said... Outlining, Dropbox, and now Markdown? Fargo's snatching up all my favorite things with its little t-rex arms." - l.m.orchard

"Er.. yes? He cites Shakespeare in the book for that exact quote, later paraphrased a few times if I recall. Not seeing the plagarism" - l.m.orchard

"Still digesting all the above, nodding my head regularly. While the rest sinks in, one thought did occur to me around the "technology" part: I think the dumb-feed-smart-poller model of RSS/Atom has some economic niceties built in. A feed reader is only as good as the volume of input feeds out there, so it pays to make sure providing the input is cheap & easy. You don't get much easier & cheaper than grabbing an hourly snapshot from a stream of items and offering it an URL for a simple HTTP GET. I can publish for micro-pennies by PUT'ing a statically-generated feed onto Amazon S3. As soon as we demand that publishers offer some sort of active API to negotiate deltas, the barrier to entry will cull the herd dramatically. In fact, I'd say the only reason there are any feeds at all out there is because providing them is all but an afterthought. Of course, this goes back to aaronsw's "Bake, Don't Fry", circa 2002. So, that leaves building smarter polling. And, maybe doubling down on tech..." - l.m.orchard

"I've had something exactly like this lingering at the bottom of my side project TODO list for years now. Day job and other things keep intervening. Maybe I'll finally get around do doing it this weekend. I want to build a tiny little node.js critter that eats OPML, crawls feeds, produces summary formats like river.js, etc. I have most of the parts, and had a proof of concept that ripped through a list of 600 feeds in like 2 minutes thanks to node's event-driven networking. It could be deployed to desktop, heroku, EC2, wherever. You're totally right: some kind of tight feed scanning engine like this is on my wishlist every time I sit down and think about playing with feeds" - l.m.orchard

"Dip it in some bronze paint. STEAMPUNK" - l.m.orchard

"Wanting to work on a dozen things all at once is why I haven't written a Dropbox-connected outliner myself yet :)" - l.m.orchard

"Oh, and also: I've been experimenting for a few years with writing back to an S3 bucket from a static web app hosted in another S3 bucket. It works, but it's really awkward: You generally have to type in the key & secret on devices and stash it in localStorage, which is painful all around. I played around with a scheme that jumped through hoops to simplify the process, but I'm still not very happy with it: https://github.com/lmorchard/s..." - l.m.orchard

"In case you guys haven't thought about it yet, it might be interesting to add Dropbox support to Little Outliner. They offer a JavaScript API that works from normal web pages: https://tech.dropbox.com/2012/... I started playing around with it to make my own notepad app, but an outliner would be so much more interesting: http://notational-vapor.apps.l..." - l.m.orchard

"Hey, don't pick on Disqus - they're not that big, and they do so many things right. For instance, I use Disqus for comments on blog.lmorchard.com, a self-hosted Wordpress site. The official Disqus plugin does something I find very compelling: Every comment made through Disqus gets mirrored into my database, automatically. All I have to do to seamlessly switch back to my own self-hosted Wordpress comments is to disable their plugin. I tried it, it works. I also ran a Jekyll-based blog for awhile at decafbad.com. They have an API, and with that I was easily able to write a script that periodically archived comments into my old blog posts. A little harder than the Wordpress plugin, because I had to DIY, but possible and encouraged nonetheless. So, I'll leave Disqus enabled until they either close up shop or somehow go rogue. I think Disqus gets it." - l.m.orchard

"I found it on GitHub, since the site itself is under stampede - https://github.com/gothfox/Tin... Honestly, I haven't done much code review of the thing, and only dove in here or there to tweak a few things that annoyed me. I'm kind of all Dread Pirate Roberts about the thing, as I keep meaning to get back to writing my own aggregator again: "Good night, TT-RSS. Good job. Sleep well, I'll most likely delete you in the morning."" - l.m.orchard

"I'm not talking about a downloadable app - I'm talking about a plain old server-side web app. You never expose the key & credentials, because they never leave your internal network. So, sure, there's still a way, but that involves cracking into your network or using a robot to scrape & automate against your site" - l.m.orchard

"Sure there's a way to protect a client - like I said, keep it and the keys on a server :) Otherwise, no, I can't think of a better scheme to protect credentials like this for a downloaded client running on end-user owned hardware. That's why I call it a "flaw", because I can't think of a better solution" - l.m.orchard

"The keys are how apps identify themselves to Twitter. So, not really. I mean, they could do some traffic analysis and try to detect apps that behave differently than their own - but the API key/secret *are* app identification. Getting your hands on them lets you impersonate another app." - l.m.orchard

"The writing's basically been on the wall for awhile now, with regards to 3rd party apps. They've quite clearly said "Thanks, but we've got it from here" and aren't looking for innovation from 3rd parties in most areas. As for anyone who's built a business on previous assumptions of access... well, thems the breaks, especially if no explicit contracts or deals were signed." - l.m.orchard

"Bing didn't "plan" or fund the Robocop statue, residents & suburbanites did." - l.m.orchard

"As far as I understand it, this has been a bit of a flaw in the OAuth scheme, all the way back to the Flickr auth scheme that inspired it: The key & secret have to be shipped along with, in some form eventually usable by the app. When the app uses them, a clever person can extract the key & secret. They might not even be obscured in the binary, so a clever person could just scan for them without even running the app. An API designer can't really trust the key & secret as anything more than a speed bump, unless the key & secret are used by a server-side web app with binaries or configuration files that never fall into the hands of its users" - l.m.orchard