What protocol does a Kindle 3 WiFi use to communicate with Amazon and download files on your kindle.com/free.kindle.com account?
I know I can use some network sniffing software to find it out, but I just need a quick answer.
It's a standard REST protocol that is not public and is hardened to prevent non-Kindles from using it. The actual HTTP traffic is encrypted and requires multiple forms of authentication to use. Only official Kindles can make calls; everyone else is prevented using multiple techniques.
Related
I'm creating an e-mail client for iOS and before the start of working on it, I want to select the best architecture for it.
For example, at the first stage, I want to connect Gmail. I searched and found that Google has a ready library for doing that, so I can just connect the library and fetch my emails.
Another way of doing that is fetching emails from the API in my web server and later to take these emails from my server.
The main purpose is not just to fetch emails, but to be able later to add some new filtrations to it or some other functionalities, maybe machine learning technologies for better personalisation, etc.
Also, I want to support multiple email servers(Gmail, Yahoo, Hotmail, etc.)
What do you advise me to choose, to fetch from my own server or directly from the email servers? I also understand the security issues in the case of using my own servers.
Your feedbacks will help me a lot! Thanks in advance!
You shouldn't use your own server for this task. You just don't need it. It's less secure and I'm pretty sure, that some of your clients will dislike the fact, that you can store their mails on your own server.
If you want to support multiple email server providers, then you should use IMAP protocol for receiving mails and SMTP for sending. Also, in some cases, you can use OAuth2 as authentication method, so you don't need to ask user to enter his credentials in your application.
I recommend you to use some open source libraries for working with IMAP and SMTP, because implementing this protocols by self can be complicated.
Sounds very similar to what I was doing. I was recently building PickedMail where the backend is heavy AI. For Google, you'll want to use Oauth2 and use the server_token to pass in to your server.
I created an iOS framework for this, hope that helps you. https://github.com/Thywis/MultiAccountOauth
For others like outlook, yahoo, iCloud, I'd suggest using IMAP for now.
I am trying to write a program (iPhone) to display some pictures (photos) from a linux server. I am investigating what protocol I should use. Should i just use HTTP? i.e. setting up a HTTP server on the linux server, and write a HTTP client on iPhone? Or, is there a better protocol existing for such application (i.e. focused on photos / pictures transfer / show) ?
or, should I write my own protocol (using TCP or UDP of course) ?
update: Or, is there already a well-known Bonjour service for the same?
thanks.
If you want allow to manipulate files, pay attention to the WebDAV protocol.
WebDAV is an extension of the Hypertext Transfer Protocol (HTTP) that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers.
Otherwise try to use SFTP (SSH File Transfer Protocol).
I'm at the beginning of trying to understand the requirements for developing a VoIP app. From what I've learned so far, frameworks that allow for communication using SIP/TCP are the best (I don't intend to implement SIP myself).
However, although SIP can be peer-to-peer, its recommended to use an SIP server service. But I'm finding it difficult to locate information about what SIP services are appropriate for an iOS application / what is required from me in terms of setup of the server so that I can concentrate on client-side development.
Any advice would be much appreciated.
You need to figure out your use-cases to decide. A SIP server is like an HTTP server, it will analyse the request URI, the request headers and whatever hints it can see to execute some resource at the backend. Think if you plan to have a user database and authentication. Do you want presence? Do you want voicemail, call transfers, pbx features? Do you want video, audio, IM? Do you want to support arbitrary endpoints? Encryption, NAT traversal, HA? Only then you can think about actual servers and hosting. Many "minimal" configurations will include at least one SIP/media front-end (for NAT/SBC), a SIP/media server (to act on requests), a database server (to store persistent state) and an HTTP server (for config/admin UIs). While there are products that combine some of these into single server, they are generally at least reasonably isolated modules.
I'm currently building a mobile application (iOS at first), which needs a backend web service to communicate with.
Since this service will be exposing data that I only want to be accessed by my mobile clients, I would like to restrict the access to the service.
However I'm in a bit of a doubt as to how this should be implemented. Since my app doesn't require authentication, I can't just authenticate against the service with these credentials. Somehow I need to be able to identify if the request is coming from a trusted client (i.e. my app), and this of course leads to the thought that one could just use certificates. But couldn't this certificate just be extracted from the app and hence misused?
Currently my app is based on iOS, but later on android and WP will come as well.
The web service I'm expecting to develop in nodejs, though this is not a final decision - it will however be a RESTful service.
Any advice on best practice is appreciated!
Simple answer: You cannot prevent just anybody from acecssing your web site from a non-mobile client. You can, however, make it harder.
Easy:
Send a nonstandard HTTP header
Set some unique query parameter
Send an interesting (or subtly non-interesting) User Agent string
(you can probably think of a few more)
Difficult:
Implement a challenge/response protocol to identify your client
(Ab)use HTTP as a transport for your own encrypted content
(you can probably think of a few more)
Of course anybody could extract the data, decompile your code, replay your HTTP requests, and whatnot. But at some point, being able to access a free Web application wouldn't be worth the effort that'd be required to reverse-engineer your app.
There's a more basic question here, however. What would be the harm of accessing your site with some other client? You haven't said; and without that information it's basically impossible to recommend an appropriate solution.
I have been coding against a Delphi EXE (win32 desktop app) to access twitter and do certain functions. It used to use Basic authentication with the api limitation. I know I have to convert this to OAuth. I have been reading over the documentation trying to determine the best approach. I understand the best method is the Web browser with a call back url. I also know that Twitter includes a Pin Based (oob) authentication method. I figured this was the route to go with this application, but I want to make sure since that is not seamless. It requires the user to go external to the application and get a pin number. It also is not as secure since the access token returned never expires.
I am using Indy v10 components to do the GET/POST operations, so I am wondering if there is a way to do this using them and being able to do a callback and not use the Pin authentication method.
Can anyone help me?
Also I've been trying to get Chuck Beasley's Twitter Class working in Delphi 7 with Indy v10 and I've been having trouble. IdObjs and Idsys don't exist anymore. Has anyone got this class to work with my scenario?
Thanks,
David
OAuth is a standard used for Web applications, its text is liberally littered with the word 'agent', meaning a browser. The best solution IMHO is, if possible, to actually have a callback URL, meaning you have your own site which provides the service to back your application functionality. There are services that make this possible for third parties already, like JanRain. If these options are not feasible (meaning you cannot provide a true WWW site for the callback URL) not feasible, then your only option is indeed the out-of-band authentication, oob. Don't even think about having the OAuth authentication call back the app listening on some port, that is completely unreliable for 1) the vast majority of apps will sit behind some sort of NAT device (router, outbound proxy) which makes them unreachable from the OAuth prvider and 2) the OS firewall will block your incoming calls.
In the mean time, Beasly's Twitter class has been expanded/updated; see the latest incarnation
I've started a library that uses Synapse to access twitter. It can use OOB/PIN authentication and predefined oauth token/secret. It can be extended to use browser based auth. Currently written using FPC but should be adaptable to Delphi quite easily. FPCTwit code
You may wanna try my take on twitter, supports unicode as well unlike the other delphi implementations:
http://eden.fm/2011/02/27/twitter-library-for-delphi/
I don't use Indy though, but ICS