Posted by theharmonyguy in General | 3 comments
Some Clarification
I wanted to take a moment to clarify some issues I’ve seen several people raise…
First, when I say I’m an amateur, I’m not simply being modest. I do have a good bit of programming experience (though more in network administration), but these recent adventures have involved some skills that are less developed. I appreciate the kind words and offers people have sent my way, but I’m probably not as great a hacker as they think I am. Also, I’ve already started to show some of my ignorance in some misunderstandings of Ning – this is a learning process for me, and I’m sure for other less-experienced developers too.
Second, the “hacks” thus far have been consequently quite simple – they can hardly be called hacks. I’ve never claimed that they were advanced, so don’t be disappointed when you find out details. :) I do plan to continue digging through code and looking for more sophisticated loopholes, but this is more of a hobby for me, and these initial issues were very straightforward.
Third, by pointing out these problems, I’m not saying that OpenSocial can’t work. OpenSocial is a fine idea that will probably be very successful. But as Dan Farber pointed out, the platform is still in its early stages and there are still details being worked out. And as a developer, I’m still working out various details as well. Personally, I had expected more initially from the way things were marketed, but a more “open” development process is a fair approach, so long as people understand things are not finalized.
Finally, I’ve been trying to keep current on many of the recent social networking and web development trends, so I may share some thoughts on here from my perspective, for what they’re worth. But I probably won’t post too often, as other responsibilities keep me fairly busy these days. Still, I thought this blog would be a convenient way to post more adventures in code experimentation – it’s been fun for me to learn more about OpenSocial and the Facebook Platform the last few months, and I hope my experiences can at least help a few other developers.
Anyway, I didn’t want anyone to be mislead by any recent reports. :) Shout out to the companies I’ve mentioned here, who have all done a good job of responding to my concerns and handled the situations well. And thanks to TechCrunch for getting the word out.
Regardless of your (in)experience, you’ve made quite a bit of noise and brought light to possible issues in OpenSocial applications.
I’d like to see any future developments. Keep us posted!
Nice job on finding the early vulnerabilities. Also, I appreciate the humble way that you speak of your hobbies and background.
Hello, i’m an argentine developer, and i’m exploring opensocial and facebook platforms… the thing is that i would like to know if there is a way to search people through the social net by the name of the user… i congratulates you for the posts!… sorry for my pour english.