• Read more about QUP.TV

Last weekend I participated in the first Hack the Midwest, a 24-hour hackathon in Kansas City. I was very impressed by the event: nearly 100 developers from the Kansas City area participated with tons of API sponsors and great prizes. I decided to go it alone and throw my hat into the ring with an idea that I had been thinking of for a while: what if there were email alerts for Netflix Instant? 24 hours later, the result was Qup.tv.

I was fortunate enough to be awarded top honors at the competition and since then the response to Qup has been phenomenal! It's been covered in GigaOM, SlashGear, and Silicon Prairie News (and even tweeted about by Roku) and has already grown to more than 600 users in under a week!Qup is a simple application that links your Netflix account to your email address. You receive periodic emails when Netflix adds new titles to their streaming catalog, and you can queue titles, watch them, or visit their Netflix page with one click. You don't even have to be signed into Netflix to queue up titles so you can add them from your phone or from a public computer without the hassle of signing in. Qup also pulls in Rotten Tomatoes scores for movies and gives you the power to filter the titles you receive based on Netflix rating, Rotten Tomatoes rating, and more coming soon.

The best part about the success of Qup for me has been demonstrating that something real, polished, and useful can be developed in just one day by just one person. It's one of the reasons I'm so passionate about web development: one person really can make a dent in the world.

If you're a Netflix user, I hope you'll give Qup a spin and if you're a developer I hope you'll take a look around and find a local hackathon to participate in. It's a lot of fun, you will learn a lot, and you might just get something you want to keep building out of it!

• Read more about Signed Idempotent Action Links

If you're running any kind of service that uses e-mail as a communication method (which is just about everyone) and you want your users to be able to take some kind of action from the email (as just about everyone does) then you should be using Signed Idempotent Action Links. Now I know what you're thinking, "Signed Idempotent Action Links? But EVERYONE knows what those are!". I know, but here's a refresher anyway (ok so I made up the term, but it's descriptive!).

They are links that perform an action (such as "Delete this comment" or "Add this to my favorites") with an included signature (that associates the URL to a specific user and verifies parameters) and are idempotent (meaning that accessing them multiple times will end in the same result). In a nutshell, they are URLs that you can click through from an email and they perform a desired action:

• whether or not the user is signed in
• without any additional button presses or clickthroughs

So now that we've gone over what we're dealing with, why would you want to use them? Well, because not everyone is logged into your service when they're checking their email. In fact, if they're checking it from a smartphone or a public computer they most likely aren't logged into your service unless you're Facebook. It is the friendliest way to allow your users to perform simple actions through email.

Calm Down, Security People

Of course the reason not to use SIAL is that if a link can perform an action without requiring a login then, well, anyone can perform that action if they have the link. Very true! However, this problem is not enough to completely bar the use of SIAL because:

1. These links are being sent to people's email accounts. If your email account has been compromised, you're already in way more trouble than SIAL can give you.
2. Developers can counter this issue by making any SIAL action reversible. Have a "Delete" link? Make sure you have an "Undelete" function in your app somewhere.
3. Convenience trumps security for many applications. Sure, don't use SIAL to initiate wire transfers or for anything that costs money, but most applications have plenty of non-world-ending actions that can benefit from instant access.

How to Use SIAL

There are two important things to consider when using SIAL:

1. You MUST be able to verify any actionable content in the URL.
2. You SHOULD only allow the single action via the SIAL URL. Do not log the user in from a SIAL action.

So, how do we implement something like this? Well, it's really quite simple. Here's a method similar how it was implemented for Qup.tv. First, we create the means to sign an action in a User model:

require 'digest/sha1'  class User   # ...    def sign_action(action, *params)     Digest::SHA1.hexdigest(       "--signed--#{id}-#{action}-#{params.join('-')}-#{secret_token}"     )   end    def verify(signature, action, *params)     signature == sign_action(action, *params)   end end 

What we're doing here is creating a SHA1 hash of a string that is built using a known formula and includes all of the elements needed for the action:

• id is the id of the user
• action is the name of the action that we're taking. For Qup the action might be queue, watch, or view.
• params are any additional parameters that alter the outcome of the action. Again, for Qup this could be the id of the title to queue, watch, or view.
• secret_token is a unique token for the user that is not shared publicly anywhere. You can generate this using SecureRandom or find another way to implement a secret token. This should not be something like a user's password hash as it should not be determinable from any info a user would know.

So now that we have these methods for our user, how do we go about creating the actual URLs that we'll be using? Well, if we have a simple Sinatra application we can do it like so:

helpers do   def authenticate_action!(signature, user_id, action, *params)     @current_user = User.find(user_id)     unless current_user.verify(signature, action, *params)       halt 401, erb(:unauthorized)     end   end    def action_path(user, action, *params)     "/users/#{user.id}/#{action}/#{user.sign_action(action, *params)}/#{params.join('/')}"   end end  get "/users/:user_id/favorite/:signature/:item_id" do   authenticate_action!(params[:signature], params[:user_id], 'favorite', params[:item_id])   @item = Item.find(params[:item_id])   current_user.favorites << @item unless current_user.favorites.include?(@item)   erb :favorite_added end 

As you can see, all we're really doing here is:

1. Creating a helper that will display a 401 unauthorized message if the signature provided in the URL does not match the proper signature for the provided user.
2. Creating a helper that will help us to generate URLs for our actions.
3. Showing an example of how one such action could be built.

Notice that in this example I am making no use of session variables or any kind of persistent state. In fact, you should make sure that you ignore all such variables. If another user is signed in at the moment, the link should still work for the signed user.

One other thing to notice is that the item is only added to favorites if it isn't already there. This gives the action idempotence: whether you run it once or 100 times the result is the same, making sure that the item is in the user's favorites.

SIAL is not a technique that you will use in every instance, but the benefits for the user can be big in terms of convenience, and it's often the small conveniences that make a big difference when developing software that people love.

If you liked this post (or didn't) and you use Netflix Instant, go check out Qup and get email alerts (with Signed Idempotent Action Links) when new titles are added.

• Read more about ABCs of Apple iPhone 4 and iOS 4: 25 Details and Features

If you've been off the planet for the past month or so, you can be forgiven for not knowing there's a new iPhone, and much of its feature set was confirmed today by Apple CEO Steve Jobs in his keynote address for WWDC in San Francisco. This 4th-generation iPhone is packed with new features -- some of them catching up to competing phones, some surpassing competitors. Here's a  quick list of what's new, hopefully ending much of the speculation that's been going on.

1. Availability: The release plan seems a little different than for the iPad, with five countries given first crack: US, UK, France, Germany and Japan being allowed online pre-orders on Jun 15th, and availability on Jun 24th online, at Apple and AT&T retail stores, and Best Buy and Wal-Mart. The rest of the release plan calls for 24 more countries in August, after the first five, then the remaining countries for a total of 88. According to the press release, the phone will be available in numerous countries by the end of July, including: Australia, Austria, Belgium, Canada, Denmark, Finland, Hong Kong, Ireland, Italy, Luxembourg, Netherlands, Norway, New Zealand, Singapore, South Korea, Spain, Sweden and Switzerland.
2. Battery: Larger battery, 40% more talk time. Specifically, 7 hours talk time on 3G; 10 hrs Web browsing on WiFi and 6 on 3G; 10 hrs of video playback; 40 hours of audio playback. Standby mode: 300 hours (nearly two weeks).
3. Bing search. While Google is still the default search engine for mobile Safari, the new iOS allows for you to switch over to Bing if you want.
4. Cameras: 5MP camera with 5x digital zoom and LED flash for low light conditions. Front-facing and rear-facing cameras.
5. Color: Black and white models.
6. Developer support: Over 1500 new APIs for developers to access 100 new features.
7. Display. The predictions were right: the iPhone 4 has 4x the pixels, for a whopping 960x640 screen resolution, at 326 ppi (pixels per inch). The new "Retina" display gives it a much higher contrast than 3GS -- apparently 800:1 contrast ratio, giving it an almost paper-like quality for display text. (Print magazines often have a resolution of 300 or 600 dpi -- dots per inch.) The 3.5 inch screen has a resolution that is almost 80% the size of the iPad.
8. Email, enhanced: Unified email inbox. Attachment support.
9. Form factor: It has a more squared-off form factor than before -- but you probably knew that from all the photos of "leaked" prototypes. It's supposedly 24% thinner than before and claims to be the thinnest (9.3 mm) smartphone on the planet. Overall, it's 4.5 inches tall, 2.31 inches, and just under 5 ounces. Unfortunately, the new form factor means the iPhone 4 has to have a new dock. The iPhone 4's alloyed metal rim is not only strong (5x stronger than steel), it acts as the the phone's antennae (plural), to improve reception.
10. Gyroscope. The iPhone 4 has a 3-axis gyroscope that can more accurately detect phone motion in 6 axes -- a plus for video gaming.
11. iAd ad network. Apple says that they have advertising commitments through their new iAd ad network for $60M in 2010 alone. Steve Jobs claimed this morning that iAds will steal 48% of the mobile advertising market.
12. iBooks. iPhone will get its own iBooks, which will allow for bookmarks and user sticky notes to be added to digital books.
13. iOS iPhone OS. Despite some talk about the name "iOS" being owned by Cisco, iOS is what iPhone OS 4.0 is being called. It'll be available for download on older 3G and 3GS phones on Jun 21st, and (probably) preloaded onto iPhone 4. (However, some new OS 4 features will not be available for 3G phones.) The iPad will get an upgrade this fall.
14. Keyboard support, Bluetooth. Just as with the iPad, the iPhone 4 will allow you to add a Bluetooth keyboard.
15. Memory: 2x128 = 256 MB RAM. 16GB and 32GB models. Looks as if they did not manage to use the new 64GB flash drives made recently available -- meaning predictions of storage capacities of 64GB and 128GB were unfortunately incorrect.
16. MicroSIM. Uses the new microSIM.
17. Microphones: Two, for noise-cancelling.
18. Netflix: Netflix is coming to the iPhone App Store free of charge, and it'll allow starting a movie on the iPad and finishing viewing on the iPhone, or vice versa.
19. Networks: 802.11n WiFi, with added quad-band HSUPA.
20. Pricing: The phones are $199 for 16GB and $299 for 32GB. Wonder what they're saving the $399 price slot for. The new 8GB 3GS model will be available on Jun 24 for $99.
21. Processor: A4 processor, just like the iPad.
22. UI features, enhanced. Multitasking, Folders, enhanced Mail, "deeper" enterprise support.
23. Upgrades: If your AT&T contract is up any time in 2010, you are apparently eligible to upgrade to a 4th-gen iPhone immediately (as in Jun 24th or whatever date depending where you live). You have to extend your contract for two more years. If you're merely eligible for a phone upgrade, you probably don't qualify. However, I called AT&T and the very helpful CSR concluded that while my non-iPhone line's contract, and that of my wife's, ends Mar 2011, our LG Vu phones qualify for upgrades in Aug and Nov of 2010. We are eligible for a partial discount immediately. Meaning, we might have to pay $200 extra per phone over the new prices to change the LG Vu phones into iPhone 4, as well as get new iPhone data plans. However, according to what Engadget says that AT&T told them, if you already have an iPhone and want to upgrade it, you are eligibility immediately if your contract allows an upgrade any time in 2010. So please check your online account or talk to an AT&T CSR for verification. You can also dial *639# from your AT&T phone, but the resulting text message is not all that detailed. Ultimately, you might just have to walk into your nearby AT&T store and on Jun 24th and find out for sure.
24. Video chatting: It's called FaceTime, and it allows two 4th-gen iPhones to video chat, but only over WiFi for now, with 3G support coming in the future. Given AT&T's cellular data pricing plan changes, maybe that's a good thing. Either camera can be used for FaceTime chats, in both portrait and landscape modes.
25. Video editing. Not only will the phone have HD video recording (720p@30fps), you'll be able to edit video with a built in app, or with the upcoming iMovie for iPhone ($4.99).

So there you have it. There are all sorts of other features and details that are not listed here, but these are amongst the most important. The FaceTime commercial by director Sam Mendes (American Beauty, Revolutionary Road, Jarhead) is below.