Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Spotify's new Discover Weekly feature kind of killed it this week so I'd be keen to set up a script of some description to autosave the playlist every Tuesday. First, is this possible with either the AppleScript or the Web API? And second, what docs would get me started?
This is a great idea, and the Web API has the functionality you need to build this. (AppleScript doesn't.)
Firstly, you should read through the Authorization Guide since you'll need an access token when making your requests. You'll find that there are three flows, and which one you pick depends a bit on how your application is going to work.
How do you find a user's Discover Weekly playlist?
The Discover Weekly playlist's URI has the format spotify:user:spotifydiscover:playlist:{id}, and is saved by default at the top of the user's list of playlists. You can retrieve this list using the Get a List of a User's Playlists endpoint. However - There's absolutely no guarantee that this playlist is the user's Discover Weekly playlist. It may be that the user has followed another user's Discover Weekly playlist and might even have unfollowed their own Discover Weekly. Also - Note that the Discover Weekly playlists are private by default, meaning that you have to get the user's permission to have it included in the list of their playlists. Read more about permissions in the Using Scopes section on the Developer site.
The user gives your application their Discover Weekly playlist
The most simple case I can imagine is that you let the user tell your application which Playlist to start storing. You could do this by either allowing the user to input the Playlist's URI directly, or to again use the Get a List of User's Playlists endpoint to give the user some playlists to choose from. (Filter out all playlists that isn't called Discover Weekly and is owned by the user spotifydiscover).
I don't really want to get into the Terms of Use here, but please have a read through them to make sure your application doesn't break them.
Good luck!
On the Spotify Idea Exchange, it has been suggested to the Spotify team that they create a way for users to view / access previous Discover Weekly playlists. If that idea gets enough support ("kudos"), their dev team may consider it for inclusion into the official client's functionality.
In the meantime, a user on that same thread has created an IFTTT recipe which will "automatically add the new 30 tracks on the Discover Weekly playlist recommended by Spotify each Monday morning to a personal Discover Weekly Archive playlist, so they will not get lost." So, if you're willing to get an IFTTT account and give it access to your Spotify account, that should be a workable solution.
I created a small docker image which can be run every week. It will save your playlist to your playlists under the name 'DiscoverWeekly_[Year]_[CalendarWeek], e.g. 'DiscoverWeekly_2015_43'.
Repo and instructions on how to run it:
https://github.com/matlockx/spotify-playlist
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I am not a developer.
I host an easy iPhone application where users can choose between a registration through Facebook or Instagram. Almost 90% choose the Instagram way and I don't collect any special data. Only the Firstname and Lastname. Most of the things need to be filled out anyway (like the Instagram name because I do not get this from the token or the email address).
Now my developer team told me that Instagram will stop working and we need to remove this from the app. All users most login with Facebook from now on. I am using a Flutter App which works on Android and Apple.
My App is only for a specific kind of people and I felt better to use their Instagram token for a registration because it's like a "fake check" when people know, that their "real" Instagram is connected.
4 Questions:
is it really true that Instagram shuts down this "login with Instagram" functionality?
what happens to all the people who registered with the Instagram token? if they switch from Instagram to the Facebook login it would mean that there is no link to their profile any more and they do need to register almost from scratch.
the company offered me to create a own registration/user Form but I was quite happy with the Instagram way because I do not need to save a username and a password for my app.
I also received a mail from Apple that they want to use every iPhone app to use "login with apple" functionality. Will this also be mandatory in the future?
For me the situation is very bad because it will cost a lot of money to redo everything and I would appreciate to get some help or tips how I can handle the situation.
From the docs:
Q: Why should I migrate to the Instagram Graph API platform?
A: In January 2018, we publicly announced our plans to shut down the Instagram Legacy API platform through a sequenced approach. We plan to disable the final permission remaining on the Legacy API ("Basic Permission") on June 29, 2020 and any existing apps using the Legacy API will no longer have access. We encourage you to apply for permissions to Instagram Basic Display API and migrate Legacy API calls before June 29 to avoid interruption of service to your app and business. Note that App Review submissions can take up to a week or longer to process. Refer to the developer documentation to learn more.
Source
In short, it looks like you need to migrate to the Graph API. If your developer believes there is a reason why you cannot use Instagram at all, perhaps he/she could ask a specific question about that, indicating what specific problem is being encountered.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
We're creating a new web app based in Node. As many apps do, we would like to restrict the number of users who sign up, so we can test and scale up smoothly. So, people would sign up (with an email address), and then when a batch of users are released (either manually or automatically), that batch would receive an email that would allow them to sign up.
I've seen this process a number of times on the user side, but have never been involved with building a beta queue system, so I'm not sure the best way to approach this from a architecture / code perspective. Some specific questions might be:
What would be the flow for signup from a Node perspective?
What might be the underlying data model?
For "time-released" or batch releases of users, what might be the best way to manage that or trigger it?
Are there are node modules that might help with this?
Any help appreciated.
I implemented something like this in a .Net / SQL Server setup.
Basically, the user table had a flag indicating that that user was a beta user and allowed access.
Then I modified the user authentication module to return a different error message indicating that the were signed up but they couldn't access the application yet. This would only show if they successfully authenticated like normal. You could also send them to a different landing page so it doesn't look like they used the wrong credentials.
Next you can provide an admin interface to kick off a script to set the beta flag on a batch of users. This should also trigger some type of notification to let the user know they have access.
For time released options, you could have something else trigger the batch script to set the flags, or have a monitor service that finds any users without access that signed up over X days ago.
I think a lot of this would need to be customized based on your application and when you want to release beta users. There are also some services out there that allow single sign-on and gather analytics about your beta users if you want to see more information without having to roll your own.
Hope this helps. It would be nice to see an actual module you could drop in and configure with your specific database, user model, and authentication / signup process.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Tumblr allows users to edit the HTML and CSS of their blogs through a Templating system. In fact, it even allows users to include their own external scripts into their pages. Doing this obviously opens a lot of security holes for Tumblr; however, it's obviously doing fine. What's even more interesting is how Tumblr's team managed to do all these through a LAMP Stack before.
One thing that I found out through pinging different Tumblr sites is that the blog sites are dispersed through multiple servers.
Nonetheless, hacking the root of just one of those servers could compromise a ton of data. Furthermore, while some could argue that Tumblr may just be doing manual checks on each of its blogging sites, it still seems pretty risky and unpractical for Tumblr's team to do so because of the amount of data that Tumblr has. Because of this, I think there are still some aspects that checking manually hasn't covered yet, especially in terms of how Tumblr's team filters their user input before it enters their database.
My main question: How does Tumblr (or any other similar site) filter its user input and thereby, prevent hacking and exploits from happening?
What is Tumblr.
Tumblr is a microbloggin service, which lets its users to post multimedia and short text blogs on their website.
Formating and styling blog
Every blog service lets its user to edit and share the content. At the same time they also let their users to style their blog depending on what type of service they are providing.
For instance, A company blog can never have a garden image as its background and at the same time a shopkeeper can never show a beach image; unless they are present at that place or include such objects in their work.
What Tumblr. does
Well, they just keep checking the files for any error!
As a general bloggin platform. It is necessary to allow the users to upload and style them blogs. And at the same time it is a job for the company to keep the control of how their service is used!
So Tumblr. keeps a great note on these things. They also donot allow to upload files that infect the system, and are well-known to delete such accounts if anything fishy is caught!
Tumblr. allows the users to upload files and multimedia that is used to style the blog. They used a seperate platform where to save all such files! So when you upload it, it does not get executed on their system. They access it from the server or from the hard drive which these files are saved on and then provide you with the blog that includes those files.
What would I do
I would do the same, I would first upload and save the files on a seperate place, where if executed they donot harm my system if are infected by a virus. Not all the users upload virus. But once they do, you should use an antivirus system to detect and remove the virus and at the same time block that account.
I would have let the users to use my service, now its user's job to upload content and its my job to prevent hacking.
All this stuff (HTML/CSS/External scripts) does not run on Tumblr machines. So to them it does not matter. One is responsible for the stuff that runs on your own PC. As to Javascript it lives in a sandpit
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I have an issue at work where we have just started using scrum as a development team. I am having some trouble with the user stories we are provided with in that they don't seem to fit what my interpretation of what a user story is.
Here is an actual example of the user stories we have been given for this sprint:
As a website user I want to have a registration page so that I can register and supply my details.
As a merchant user I want have validation on the registration form so that I provide the correct information. (This relates to Form Validation)
As a merchant user I want support when registering so that any questions that i have about the required details are answered. (This relates to Tool tips on the form)
The first one in my mind is the user story. The second two seem to be traditional requirements of the first user story and I think they should probably be acceptance criteria of the first user story.
The other confusion I have is in the last sprint we had:
As a user I want to be able to login to the website.
As a user I want to be able to login to the website with a username.
The Product Owner says this is two different user stories which need to be tested separately.
My issue is that in creating test cases and acceptance criteria for the second two - it is difficult as they are so specific and so related to the first user story. It seems that we are just putting up traditional requirements on a card up on a board and calling it something else. I mainly just want to know if I am wrong about this / why?
It just seems to me that we are currently just letting the users create whatever they want as a user story and not helping them filter them from requirements into proper user stories. I am told we need to keep them all separate for reporting so we can keep a log of everything the user requests.
User stories focus on customer value. ... The actual work being done is fleshed
out via collaboration revolving around the user story as system
development progresses. ... In order to limit scope, user stories have
collaboratively developed acceptance criteria which define when the
user story meets the stakeholder’s expectations. Test cases are often
developed as code (with test driven development) or documented as the
code is developed.
[Emphasis mine.]
As a user I want to be able to login to the website.
As a user I want to be able to login to the website with a username.
Since neither provides any customer value, neither are user stories.
You use application software to manage information, make decisions and (ultimately) take an action. If the user story doesn't provide some hint as to what information, decision or action gets taken, there's no customer value, it's just technical folderol -- implementation details that a customer has to endure to get to the interesting part of the application.
Login, specifically, has zero customer value. It's a roadblock that IT erects between customers and the valuable information they need to make decisions and take actions. It's a security mechanism, and most people do not actually like security. Security is imposed on customer by IT. The most popular password (IIRC) is "aaaaaaaa". Why? Customers don't like security.
Detailed, microscopic login user stories may be a symptom of failing to see the real value to the customer.
It just seems to me that we are currently just letting the users create whatever they want as a user story
Good.
I am told we need to keep them all separate for reporting so we can keep a log of everything the user requests.
Not a bad plan, really.
The issue is to separate "crap the user happened to say" from "stuff that makes sense that we can build". It's very, very important to allow the users to say any crap they want to say. It's a good thing to let them ramble.
Periodically (before each sprint) you will prioritize crap the user said into a few things that (1) you might be able to build during the sprint, and (2) create the most significant and dramatic user value you can possibly create. Some stories will get ignored. Some will be low priority. Some will be combined and some will be split. Some things the user said will be contradictory. Some will be outright lies. Some will be incomplete. It's all good. It's just crap the user happened to say. Not divine directives from the mouths of the gods directly to you.
This revised set of user stories drives the sprint. Now you start collaborating with the users to get the details, write test cases, define acceptance, etc., etc.
As you're sprinting toward delivery, the users can continue to say crap that will get appended to the backlog of unimplemented user stories. It's very, very important to allow the users to say any crap they want to say. It's a good thing to let them ramble.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I am working on an online video training website and i want to make secure my videos so that no one can download the videos. Can any one help me how can i restrict video download, i have tried different HTML5 and javascript players but none of these are providing this feature.
You can store the video files outside of the web root or inside a restricted directory. A user logs into the web application normally. Then you have a server side script that checks the users permissions and opens the file for the user.
Alternatively if there is no login then the player can request a token from the web application. This token is then used to access the file only once. This is the best you can do, of course an attacker can still save the file. A user will always be able to do this until the end of time, because thats how the Internet works.
you can create the file name longest enough as permitted by server (applies to photos as well)...cannot be saved even from a smart phone...make sure the file name long enough. Then use this encrypter:
http://www.dynamicdrive.com/dynamicindex9/encrypter.htm
Blend in the new code into your html.
Finally use additional scripting to disable right click (search internet for this free script).
Stream the video.. Hide the root from the server there's many ways to do that. Encrypt the file do all the right clicks off when over the stream. And for the end choose a very rare format! A normal user will give up. An advanced user will get it no matter what!