Monday, May 11, 2009

SMS Jinx

When you were waiting for bus, commuting in the LRT, snorkeling at Redang island(=.=), do you have the urge to share the joy/funny/sad/grief/pain moment with your friends on the spot?

That's why I try to write this application. Reuse some codes from my final year project, polish up my rusty python skill, playing with facebook API, experimenting with Google App Engine.. That's kind of conclude what I have been doing these days.

Go to SMS Jinx and try it out. And remember to give me comment/suggestion/problems etc. =)

SMS is the most basic communication method in GSM 2.0. All of the current mobile phones support SMS. And it is cheap. Problem? Most of the foreign website such as blogger, facebook and twitter do not provide SMS service to Malaysia users. Well, even if it is provided, I wouldn't want to spend 25sen to send an international SMS to update my twitter status...

Programming is fun, when I am trying to solve my own problems. Webpage designing still sucks to the max though. I doubt that I will be a good webpage designer, ever. Anyhow, I come up with a Step 1 -> Step 3 approach. Should be simple enough to follow. Idea came from Blogger welcome page.

Users management is a troublesome issue. I try to avoid having users to register before they can use the system. Anyway, it is not possible. I need to have a userid to store the phone number and other account information. Thanks to Google SDK, it's easy to outsource the user login system. I only have to get and store the userid and Google would manage the password, cookie and authentication for me. Great. I wonder whether people would hesitate to the Google account login prompt though. It's 100% safe, HTTPS and check the verified certificate if you know what you are doing.

I realize there are a lot of API(s) made available to developers. And there are countless things you can do from generate a random friend to post facebook status message as the user credential.

Another interesting problem come when I have to find a way to make sure the messages are coming from valid user instead of attacker. Researched for 1-2 days about this. What complicates the matter is that my system consists of Java client and Python server. Great! It's difficult to find a secure implementation of encryption or hashing algorithm on both platform. In the end I settled with HMAC hashing algorithm and both the server and client understand that.

I realize that facebook uses MD5 for authentication. Duh.. Then my application would be safer than facebook theoretically. I'm using SHA256 with HMAC algorithm to makes the secret key harder to be determined. Not to forget those nonce and random numbers. Uh huh..

I'm starting to see the beauty of python.
Case insensitive? abc.lower(). done!
Substring? cde(3:)

Never miss the brackets and messy complicated declarations in java and other languages.

Similar services at Malaysia (I've never try them):
Pacmee (look expensive.)
Twitter Malaysia gateway (018 though)