I haven’t seen anything that was so unstable before. I fired up my code again to start automating a few posts of my code to another blog and found that they changed the value within the “type” attribute in there feed list. The type used to be “application/x.atom+xml”. They got rid of that “x” so now the type is “application/atom+xml”.
Ok, that is just small pickings. My real problem is that I can’t post anything anymore. I’ve been trying all sorts of crazy stuff to get my client to start posting information to my blogs, but I haven’t come up with anything.
I hear that they are going to switch to SSL soon and that anyone using non SSL clients will need to use a special pin. The reason for this:
We’re not turning off the old API endpoints, but tools not using SSL won’t be able to send user names and passwords over the clear. Which pretty much means they will seem broken.
Now that is some incorrect information. They are actually sent with a digest known as WSSE (Web Services Security). The way that this is setup is just like how windows authenticates against other windows servers when talking across websites. The passwords can’t be hacked because the token changes constantly because nonce values keep changing. Sam Ruby talks more about nonce values and security.