WhereYouAre

From Bitpost wiki
Revision as of 01:42, 21 February 2010 by M (talk | contribs)

I'm going to take an "Open-Design Software" approach to this project, please feel free to send me your two cents if you have an opinion.

Analysis

It would be nice, and should be easy, to provide an app that shows where your friends are. Many of these apps exit, but they all break down when it comes to reaching critical mass - it's just too much trouble to get all your friends registered and receive their locations when you need them. Everyone is not going to run the app at the same time. Can we solve this problem well enough to make an app worth having?

Requirements

  • Free and easy to configure
  • Quickly start to track existing friends
  • Make fast privacy and priority adjustments
  • Obtain best-in-class location information

Design

Implementation

(round4)

   ----
   <  >
     >
   [less][more][include_me(only on map)]
   [off][stlth]
   ----
   click screen to get half-width menu (on opposite side of click) (start with closest friend)
     Group [All] (dropdown)(dont show if no groups are defined?)
     < showing top 5 users >
     < USERNAME >
     toggle "only this user"
     meetup
     stealth
     ignore
     plan route
     < priority 7 >
   ---


(round3)

Use cases
-------------
1 user starts app
  User gets updated friend locations
  User closes app
2 user goes offline (in app, prevents notifications)
3 user goes stealthmode
4 user changes friends priority (make this easy to do!)
5 user changes # tracked friends
6 user sets friend to ignore on/off
7 user sets friend to meetup on/off
8 user sets friend to stealth on/off
9 user pings friend
10 user adds friend
11 user deletes friend
12 import friends?

(round2)

   REST summary
   ------------
   every resource has to be discoverable via links
       basically a developer can learn the API with a browser
       also, with links, you can mingle resources from any REST api
   verbs
       GET - retrieve a specific resource
       DELETE - delete a specific resource
       PUT - update a specific resource
       POST - create a new resource and return the ID - neither safe nor idempotent
       you can repeat calls to GET/DELETE/PUT all day long if they fail
   complex functions (eg query and result) as resources
       create a query resource with a TTL
       add to it
       execute it (and auto-release?)
       release it (or let this happen automatically with server-side TTL cleanup)
   how do we handle huge lists?  like this?
       wya/users
           returns the first 10 users with a link to next 10
       wya/users/range/11-20
           a link to users 11-20
   {resource}/edit should return an edit form (cool) - I think recess already does this?
   authentication - use SSL with HTTP Basic Authentication, or SHA1 signature (ala Amazon S3)
   wya API requirements
   ------------------------------------------
   https put "my friends subscription" (on startup)
   https put "my location" every 15 seconds (may be "stealthmode") \ 
   https get "my friends' locations" with ages (may be "stealthed")/ combine?
   https post "my new friend" with phone number and stealthstatus
   https put "my friend" with phone number and updated stealthstatus
   https delete "my friend" with phone number
   https put "ping this friend" with phone number
   https put "logoff"
   NOT needed...
   -------------
   put "i am running the app" (implied by [put my location])
   put "my friend" (the server only tracks phone number, no editing available)
   any meetup or ignore state
       ignore is done by deleting friend
       meetup is done by client requesting pings
   wya server requirements
   -------------------
   track activeuser {phone,stealthmode,friendarray{phone,stealthed}} array
   collect nonstealthed friend locations "by any means necessary"
       priority: active app users, inactive app users, nonusers
   reply to API requests
       only report locations if not stealthed
       only report locations if under a day old?
   ping app users for meetups (if not ignored or stealthmoded)
   use TTL of 6 heartbeats, kill activeuser after that
   wya client requirements
   -------------------
   maintain complete friends list (even ignored) with prioritization
   ping server with location every 15 seconds
   adjust tracking to include "top n" friends
   "ignore all" mode (similar to "logoff server")

(round1)

   all f's of all users running app need constant location ping
       f's must be shared with phone# as key
       server must track users' flist
       server must constantly work on getting f updates
   user starts up app
       user logs in to server and sends friendlist
       server adds user to userlist, merges friendlist into totalfriendlist (w/refcount?)
       server should do its best to get all friends' locations
           ** this is a separate task from communicating with user **
       user pings server with location, gets f updates
           ping every 15 seconds?
           only send updates if they have not been received by user?  (how to get best performance?)
       user shuts down app (or times out)
       user is logged out of server
   server f location collector
       use external services to poll for location for all f that are not running app	
           ping every 15 seconds?
           users that are running app are all sending locations, no need to collect them
       include occasional push check:
           if f owns app
               if f is not running app
                   if f is in meetup
                       push request to f1


   <iph>			<tdm_rest>		<tdm_pusher>		<apl>			<loc_server>
   -----			-----			-----			-----			-----
   

REST Examples

  1. The best example I have to follow is the Twitter API. It *obviously* scales. It uses Basic Authentication, which sucks (everything is plaintext, holy shit). BETTER force it to use SSL.
  2. The other excellent example is the Amazon S3 API. Authentication is brilliant - it uses a SHA1 signature of the request, which MUST include a timestamp within the last 15 minutes. There is a set of rules for turning the request URL into the request string that is signed.
Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( YourSecretAccessKeyID, StringToSign ) ) );