FireEagle Developer Event


I discovered at last minute a developer event on Yahoo! FireEagle at Covent Garden tonight and decided to rush down there. FireEagle is pretty intriguing as the first serious attempt at an OAuth API (though Google Contacts now qualifies too). For me, that was the main draw; but the actual service it offers is also compelling.

What’s FireEagle?

Location based services have been hyped for years. By now, you should be walking around and receiving reviews of local restaurants on your phone, browsing nearby tourist attractions, and seeing which of your friends is in your vicinity. However, it hasn’t caught on. The main reason is stovepipes and walled gardens. Your mobile provider might have an API available, but probably restricted access to a very limited set of developers. A mix of privacy and commercial concerns have rendered this whole area practically useless.

Enter the eagle. FireEagle completely opens up this area, by offering a model that is flexible and open, but without compromising user privacy. It’s an API that essentially tracks one thing: Where in the world are all FireEagle users?

In other words, the FireEagle API allows any client to update a user’s location and any client to retrieve a user’s location. Of course, the user must consent to all this activity, and that’s where OAuth comes in – as a way for users to say, for example, “I trust app abc to update my location and app xyz to read my location”. So FireEagle detaches location providers from location consumers, opening up an entire ecosystem.

What kind of clients act as location updaters? You might think it’s all automated stuff, like mobile devices and IP numbers, but actually many updaters are manual. Here’s a sample:

  • Mobile phone app. Anyone with the right access details could write a mobile phone app to use cell tower information, built-in GPS, or any other cues, to update location as the user moves around. This is the no-brainer example of an automatic mobile updater.
  • Twitter. When you tweet with “L: london”, a twitter monitor app could notice that and notify FireEagle. (As with all cases below, you must have authorised the monitor app to do that.) This example illustrates that users aren’t always passive lemmings walking around with a mobile updater app in their pocket. It may be that location data is only ever updated when a user proactively tweets their location.
  • A client that watches you adding geotagged photos to Flickr, and assumes you are in the last location you uploaded.
  • Specialised tracker device. Devices based on GPS (e.g. SPOT) could easily be made to update FireEagle with their location.
  • Car app. Based on GPS, a car’s location could be tracked using FireEagle. (The car, not the driver.)
  • Travel card. (My example.) Theoretically, your travel card could update FireEagle location as you move around. Same for transponder devices in cars.
  • Many, many, more examples.

What kind of clients act as location consumers?

  • Find nearby friends, tourist attractions, pubs, etc.
  • Find currency rate (since you know what country they’re in)
  • Phrases in the local lingo or an online dictionary
  • Location based games
  • Many, many, more examples

Some clients may act as both updater and consumer.


The other thing FireEagle gets right is great concern for privacy – users can give out as much or as little data as they like, and they can stop the service at any time. The first way this happens is with OAuth, which lets you manage which services can perform what actions. You can start and stop this at any time. In the future, there will be a simple client to let you log in from your mobile and control all this. In particular, you will probably be able to suspend all tracking at any time.

Additionally, you can apparently set granularity, so you could expose just a general area, e.g. whiiich city or country you’re in, instead of a particular co-ordinate.

In the future, you will probably be able to authorise a client just for a certain time, e.g. during a conference, after which it can no longer access your data.

At some point, historical data may become available. The team said if this happens, they will allow users to delete and edit their past data.

In summary, the team has been very careful to ensure users have complete control over their own data,

Very Raw Notes from Presentation

Tom Coates is talking about FireEagle.

FireEagle is the old CS classic: a layer of intermediation – between location identification systems and location consumer systems. As a user, I can tell FireEagle where I am and any permissioned app can make use of that data.

London is about the most frequent location for fireeagle

What would your existing/past apps look like if they had location services available?

e.g. Navizon

e.g. ZoneTag

e.g. Firebot – Make it your twitter friend and direct message your location to it.

e.g. BrightKite – cf dodgeball

e.g. Rummble

e.g. Plazes – determines your location via wifi. Then shows where you are on map, people around you, etc etc. And updates FireEagle

WikiNear – ~1M geo-tagged articles in wikipedia. Wikinear exploits that data – as you’re walking around, shows you the closest POIs that are in wikipedia.



Fireball – where your friends are

Fire Widgets – weather where you are, nearby Flickr photos

Moveable Type

Facebook “friends on fire” app – shows where your friends are and updates your Facebook status

Could be great…

Spot – specialised comms/phone device for backpackers, aid workers, etc. ~100pound for device, 100pound a year and keeps updating your location every� ten minutes. Doesn’t integrate yet but great example if it did

Ambient Orb – e.g. changes colour as you move away


Geotagging all user generated content – cinema listings, local traffic, local TV stations, nearby friends, weather forecast, local exchange rates, public holidays, windspeed. A lot of this is on wikipedia thanks to geotagging.

Friends and family widgets. e.g. where they are in the world, what time it is, weather, etc. (A gadget for each person.)

Last.FM – On cracked iphone, can get mobile scrobbler on iphone. What if it recorded where you were, then you could see which songs people play in particular areas. Cool!

Pacmanhattan – Lots and lots of game ideas (idea: scavenger hunt! reminds me of geocaching)

(later mention: geocoding animals, e.g. track migration)

Later on, expecting it to track historical data. (and since it will be user-modifiable which means you could back-track your entire life! (or someone elses eg fake shaekspeare))

Building an APP


1 – Get API key 2 – User authorises your app 3 – Make API calls to Fire Eagle Outside.In -�

Who’s within an area

Each consumer key and secret identifies an application using Fire Eagle.

User Authorises ….

There are three models and the difference is purely to do with differences in (app triggering web page) and (web page triggering app). Web: Can trigger in both directions Mobile: Can’t trigger in either direction (maybe, but can’t assume it) Desktop: App can trigger web page, web page can’t trigger app

Web App model: Request token

I asked which model was used for widgets. Answer: Desktop. (Makes sense, with current technology. Web model would cause redirection from container. Later on, Opensocial will have oauth built in.)

Core Concepts

Note: social graph (user and friends) is beyond scope

location – point or bounding box location hierarchy – set of locations

Exposed RESTfully:

  • user() – duh
  • lookup() – provide location string and choose from list of resolutions (which “london”??)
  • update() – duh. call it and it “moves you”
  • within() – ?
  • recent() – “map of soho and everyone in there” OR “last 100 updates from my users”

walking through

Will probably support xmpp/Jabber too – more appropriate than HTTP for this

Hoorah for Aptana Cloud

Aptana Cloud has now been announced. This is exciting news and a step closer to server-side Javascript world domination. You don’t have to use Javascript, as the platform offers several engines, but from my perspective, the most exciting thing is the inclusion of Jaxer. So it should be easy to deploy server-side Javascript to a completely scaleable platform.

As for the more headline feature, it is a general cloud play. It will target the existing Amazon/Google/Joyent/others clouds (a “designed to go meta” as Dion puts it) rather than being a YAC (yet another cloud). My personal experience with the much-hyped Amazon EC2 has been nothing but pain, pain, pain. It might be fine for your run-of-the-mill Web 2.0 startup, but casual use? Forget it. Give me bog-standard ssh any day. If Aptana can solve that problem, and I have no idea if they can, but if they can, I’m sold. Key to the strategy will be integration with the Aptana IDE. That said, I find the Heroku idea of Cloudies (cloud IDEs) fascinating, so it would be nice if a product like this also offered some rudimentary cloud editing support in the future. (Enough to at least fix a critical bug from the comfort of an internet cafe.)

Kevin Hakman got in contact with me after the Javascript Grid article and kindly offered to let me review the beta, which is still on the cards, so I’ll let you know how it goes once I get access. I’ll also be interested to see how much more expensive it is to hit a Jaxer script versus a PHP script.

Today, Aptana unveiled its vision for Aptana Cloud, the next (but not last) aspect in Aptana’s strategy for providing an “End to End Ajax” suite of open-source based solutions for Web developers that use scripting languages. See Open for Deployment
  • The “engines” in Aptana Cloud are comprised of some of the most widely used and popular open source infrastructure: PHP, Apache, MySQL
  • Aptana Jaxer, the open source Ajax server based on the Mozilla browser engine, is also provided.
  • Ruby on Rails support is next in line. Complimentary to existing cloud suppliers
  • Architected to compliment leading Cloud providers like Amazon, Google, Joyent and others. Integrated right into your application life-cycle
  • The Aptana Cloud IDE plug-in will connect your Cloud instances right into your Aptana Studio/Eclipse application development, deployment and management life-cycles featuring:
    • On demand instant deployment to the Cloud
    • One click sync between your projects and the Cloud
    • Subversion source control
    • Remote DB Explorer and admin
    • Operational monitoring and notifications
    • System dashboards, logs and stats
    • Google Analytics integration
    • … and lots more as described at
    Early Access Program
  • Those interested in the early access program can request such at
  • Unix History: It is an offensive meme, but I cannot look away

    Dion is to blame 😉 for the trivia that follows…

    The new rage seems to be piping this to your blog:

    history | awk ‘{a[$2]++}END{for(i in a){print a[i] ” ” i}}’ | sort -rn | head

    It reminds me of history class at school. Always painfully boring, which is such a crying shame, as history itself is fascinating. How school managed to take the subject that could be so enjoyable, and such a tie in to all other subjects, and instead make it incredibly boring is a crying shame.

    Drum roll …

    150 ls
    115 cd
    60 vi
    29 fortune -ooo
    21 ssh
    10 maven
    10 cd..
    9 svn
    9 ping
    9 find
    7 rm

    There, I dunnit. Offensive meme, but easiest post. Ever.

    Testing OpenSocial Apps – Current Challenges

    At present, the OpenSocial containers are new and the whole process is still quite difficult from a developer’s perspective. These are unfortunate barriers to adoption which the containers could overcome with some redesign.

    The challenges at present are:

    • Manual signup and approval process required. Even to get onto the sandbox area, you have to go through a manual signup and approval process, which usually takes a day or two. A human is in the loop verifying your details. At that time, the developer may have lost interest, or the mail may never get to them.
    • Lack of test accounts. The sandbox accounts usually can’t interact with non-sandbox accounts – that’s what makes them “sandboxes” and this is a wise policy. However, what do you do, as a developer, when you want to test with a large group of friends? You could friend other developers, but testing is going to get a little tired if you have to keep asking them what happened. The problem is the manual signup process – you have to add new users with fake details for approval by the container – weird! On Orkut at least, you can also invite friends from your test account, so it’s possible. And, oh yeah, I hope you get a kick out of CAPTCHA. You’ll be filling in a *lot* of CAPTCHA forms as you build up your social network of imaginary friends! One to create the account, one to verify email, one for good luck here, one more just because why not. And that’s for each user on each container! If I was running these containers, I would make it even simpler and just create an initial block of 10 fake friends (some friends with each other…pick your favourite soap opera) and let the user seamlessly add new ones too.
    • Older versions and Missing Features. Ning and Plaxo are hosting OpenSocial 0.5, whereas 0.7 has been out for a while and 0.8 is about to come out. I can’t blame them for not upgrading all the time, but it still makes development more difficult. As for missing features, I noticed this with Hi5. It’s a good implementation, but still missing a critical feature – UserPrefs. This is just the multi-container nature of OpenSocial.
    • Slow code-test cycle. When testing with a container, you have to change the gadget on the server and the container will then reload it and render it. This reloading process will always take some time, but the container can do as much as possible to eliminate any other delays. Unfortunately, they don’t make it easy at present. I refer specifically to caching. You obviously don’t want your gadget to be cached during code-test cycles. Caching is usually enabled by default, even in the sandbox. That’s kind of dubious – you would think a sandbox should load the gadget each time. But okay, I can accept that decision as it’s useful when you’re testing the gadget 100 times not to be re-downloading it all the time. However, it’s usually not clear or documented how to suppress caching when you want to. Again, the containers should be making it dead simple if they want to encourage development…how about a caching on/off checkbox somewhere in the gadget chrome or settings menu?

    There is a lot the containers can learn from Facebook, and they will need to for OpenSocial to really take off and compete against it. For comparison, here is how Facebook deals with the issues above:

    • Manual signup and approval process required. Facebook makes this completely automated. You create a normal Facebook account and simply visit a special URL to make it a developer account.
    • Lack of test accounts. It’s easy to create test accounts in Facebook – you just keep creating normal accounts and flipping them to become developer accounts by visiting that special URL.
    • Older versions and Missing features. With Facebook, there is only one implementation, so only one definitive version of the API. There’s nothing OpenSocial can do about this directly. It’s simply a consequence of the “Write Once, Run Many” aspiration and the only way for the community to deal with it is to be better in other ways, and to at least be very explicit about what each container does and does not support.
    • Slow code-test cycle. This doesn’t arise in the same way because the model is either based on an iframe directly to your site, or FBML you enter into a form. The OpenSocial gadget model – an XML sitting on a server somewhere – is neater as there’s no form involved; everything’s encapsulated in the XML file. However, it does introduce the whole question of caching and the containers should be doing all they can to simplify the development process to that end.

    I’m a great believer in the OpenSocial vision; hence, I hope the containers will be working to minimise these obstacles. Right now, it’s okay for professionals, but there are enough hurdles there to hold back an army of potential hobbyist developers from uneashing their creativity on this platform.

    Music As She’s Developed

    I made a little music mashup you might enjoy using.

    A Little Music

    As I was playing around with the new layout of this blog, I added a Last.FM widget to the sidebar. It looks like this:

    (May not render if you’re reading this from a feed reader.)

    Great. Now I can listen to trance from the blog. Trance is good for coding. So that’s ace. But I couldn’t stop there, could I?

    Widgets, Widgets, Everywhere!

    I made this page with 30+ gadgets in all sorts of genres. This is good for those times when I’m not coding and want to listen to something else. Being in the cloud, it means I can easily listen to whatever I feel like when I’m in an internet cafe or the such like. So even more ace.

    Make Your Own Jukebox

    In the spirit of sharing, you can easily make a page containing your own favourite music. The URL for the default music page resolves to something with a ridiculously long list of genres:

    … which means you can hack the URL and make your own jukebox with your own genres and bookmark it and it will work and live on in the cloud and you too will be able to listen to your favourite music anywhere you go.

    For example, you might be a more passionate fan of contemporary Japanese music than myself, in which case you would concoct the following URL and save it to your delicious bookmark manager to enjoy many years of musical gratification:,j-pop,j-punk,j-hop,j-rap,anime

    Add A Player on the Fly

    One other feature is that you can add a new player on the fly. This again is great for travelling around as it will let me easily listen to any genre I care for without even having to edit the URL.

    (Unamusing trivia: I actually caused a bug at first by using “gray” as the colour name here. I’m used to working with American spelling for programming of course, but then is a UK company and the name you want is actually British spelling, i.e. “grey”.)

    Obligatory Wishlist I’ll Not Really Get Around to Implementing But it’s Cathartic to Braindump it Anyway

    If I was going to do more work on this, I would:

    • Make it into a widget-like portal which lets you add/remove/layout etc and save settings within a hackable URL (using Unique URL. You could argue the whole thing is useless as you could achieve the same thing in iGoogle/Shindig, but sometimes a specialised interface, tucked neatly inside a separate tab, works best.
    • Provide more flexibility on layout
    • Add support for bands, not just tags
    • Run it on a separate page without the blog layout
    • Keep the loldog

    This Blog – FIXED

    From the dubiously-related-to-the-topic-of-this-blog department, I finally devoted a lazy few hours to getting this blog sorted! It was previously crawling, with pages loading at around 40 seconds. (According to WebWait, the premium website benchmarking tool, of course ;)).

    • Upgraded to WP 2.5.
    • Removed WP-Cache. Installed Super WP-Cache and set up htaccess correctly. At this point, caching starts working whereas it previously did not. Still, uncached pages remain dog-slow.
    • Changed to default WP theme and pages load fast. This test tells me that my theme is wonky.
    • Try to fix theme. Nothing works.
    • Instead of going back to default theme, I switch to the pretty cutline theme. Fortunately, it works.
    • Re-incorporate the old stuff.
    • Remove a ton of sidebar links from 2004. While WP 2.5 admin interface is pretty and more usable, editing links still sucks as much as it did 4 years ago. I wish I could find a plugin that just gives me a data grid of links to maintain.
    • The blog has a cleaner look, pages are generated faster, and caching is serving them faster. Plus it’s easier to maintain and admin. Happiness and world peace reign supreme in the land of plentiful chocolate.

    The Javascript Grid

    Google App Engine launched this week and one controversial aspect was that it only works for Python. It wasn’t a big deal to me. Firstly, it’s a good way for Google to limit the initial market. Secondly, Google specialises in Python and not Ruby – quoth Yegge: “One of the fences in this big playground is your choice of programming language. You have to play inside the fence defined by C++, Java, Python, and JavaScript.” After all, Google has Guido but not Matz or DHH. (I wonder how many times someone has asked that guy if he’d consider a position at Google!) Thirdly, who cares? Do you really think it will stay Python-only for long? Heavens to Murgatroyd!!!

    Dion’s take (read his post for the full detail):

    Anyway, I have a dream and surprisingly it doesn’t involve Ruby and unsurprisingly it does involve the magic bullet that is server-side Javascript.

    How cool would it be if Google bought Aptana or AppJet – or did their own work with Jaxer or Rhino – and made a robust, elastic, server-side Javascript platform? Then roll in Rhino and Rails, hopefully reworked from Rails considerably to take into account the synergies delivered by dual-side Javascript. Backed by BigTable of course!

    That’s the tipping point right there!