仅限会员使用HTTP身份验证的RSS源

Starting today, there’s a small change in the way this site’s members-only RSS feeds are handled: access to them now requires authenticationThere are two such feeds: one containing the full content of every regular article I publish, and one for myLinked Listlinklog。

(The regular (free) RSS feed for this site, which contains a brief summary of each article, is unaffected by these changes.)

Previously, the members-only status for these feeds was enforced by way of membership keys — 9-character tokens placed at the end of the feed URLFor example, if your key was “123456789”, the URL you could use to subscribe to the full-content RSS feed was:

http://www.gazogooz.com/feeds/rss/123456789

您的链接列表Feed的URL将是:

http://www.gazogooz.com/linked/rss/123456789

I implemented it this way for a few reasons, but mainly because it was easier than using HTTP authenticationEasier both for me, development-wise, and easier for members, in terms of actually subscribing to the feedsLast June when these feeds debuted, several popular RSS aggregators didn’t support HTTP authenticated feeds, or, if they did, it wasn’t obvious how to subscribe to such feeds.

The downside to this scheme, however, is that all of the information needed to access the feeds was available in the URL itselfAnd with public web-based aggregators such asBloglines的,它变成了不重要的for non-members to find and use these URLs using other people’s membership keys.

I noticed this months ago, and wrote to Bloglines to ask if there was anything I could do to keep these feeds truly privateMark Fletcher responded a short while later with the answer: “Currently the only way that a feed is marked private is if it contains a username/password used for HTTP authentication.”

所以,这就是我今后所使用的。

最流行的Mac RSS聚合器 - 包括NetNewsWire 2.0(technically still a public “beta”, but much more popular than NetNewsWire 1.x),低俗小说,和NewsFire— now support HTTP authentication easily, by prompting you for a username and password similar to how a web browser would(更新: This feature is only available in NetNewsWire 2.0b22 or later; older 2.0 betas will not prompt you with a dialog box for authentication.)

The old-style feed URLs will continue working for another week or so, but after that, authentication will be mandatoryThe new feed URLs are the same as the old ones, but without the keys at the end.

全内容Feed:

http://www.gazogooz.com/feeds/rss

链接列表提要:

http://www.gazogooz.com/linked/rss

The first time you refresh after changing your subscription URLs to the above, your aggregator should prompt you for a username and passwordYou only have to enter this info onceYour username is the email address you used when you signed up for your Daring Fireball membership(If you paid by PayPal, for example, it’s probably whatever email address you use for PayPal transactions.) Your password is your membership key.

而已。

重要:如果您正在使用聚合器prompt you for a username and password — which will be the case for any of you still using NetNewsWire 1.x, or if you’re using Bloglines — you can still subscribe to these feeds, but to do so, you need to put your authentication credentials in the URL, in the following format:

HTTP://用户名:[email protected]/路径

This embedding-your-credentials-in-the-URL technique works with any resource using HTTP authentication — it’s not specific to Daring Fireball.

However, and this is important, because the ‘@’ symbol is used to separate the username/password from the domain name in the URL, you can’t use the ‘@’ symbol as part of your usernameInstead, you’ll need to URL encode it as ‘%40”。

所以,如果您的电子邮件地址是“[email protected]”, and your membership key is “123456789”, you can subscribe to the Linked List feed using this URL:

HTTP://address%40example.com:[email protected]/链接/ RSS

同样对于全内容Feed:

HTTP://address%40example.com:[email protected]/供稿/ RSS

如果你感到困惑,我很抱歉This is why I tried to keep it simple last year by simply having members put their keys at the end of the feed URLs.

回顾:

  • If you’re using a modern RSS aggregator such as NetNewsWire 2.0, PulpFiction, or NewsFire, you can simply remove your key from the end of your subscription URL, and your aggregator will prompt you for your username and password with a nice dialog boxYou don’t need to worry about encoding the ‘@’ in your email address.

  • If you’re using NetNewsWire 1.0, or Bloglines, or any other aggregator for which the above doesn’t result in your being prompted for a username and password, then you need to subscribe using theHTTP://用户名:[email protected]/路径格式。

  • If you’ve lost / forgotten your key, you can retrieve it with the form这里

  • If you know your key, but don’t remember which email address you used to join, you can have a reminder sent using the form这里

  • 如果您需要进一步的帮助,可以发送电子邮件至support@www.gazogooz.com

对于这一切带来的不便,我深表歉意。

使用Bootlegged成员资格密钥给您的简要信息

I don’t think the bootlegging/swiping/filching of these members-only feeds is a big dealIf it hadn’t gotten out of hand, I would have been happy to tolerate it for the foreseeable future但是,它具有失控了。

There is no members-only content at 万博manbetx贴吧; these feeds are merely a members-only means of accessing the same content that everyone can access for free via the web siteThey’re a convenience I offer to members as a token of my thanks for supporting Daring Fireball.

If you’re determined to keep using these feeds for free, I’m sure you’ll find a way, and I won’t stop you但是一年membership to 万博manbetx贴吧 costs just $19, which gets you legitimate access to these feedsThat works out to less than $1.60 a month — which isn’t much to you, but, in the aggregate, means a lot to me.