Leah Culver

Leah Culver is a Python and iOS developer from San Francisco. She was formerly co-founder and lead developer of the social network and micro-blogging website Pownce, which was acquired by Six Apart in 2008. Leah has co-authored both the OAuth and the OEmbed open API specifications, on which pretty much the entire web relies in one way or another today. Leah promotes open source, meaningful APIs and the Django web framework on her blog at leahculver.com.

She has a Twitter account, too, @leahculver.

Published Thoughts

I love this time of year — between Christmas and New Year’s. It’s generally a quiet and productive time for me. I’m able to get lots of work done on projects while eating leftover Christmas cookies and candy.

I wish you all a productive holiday quiet-time and a happy new year!

After dropping and cracking the screen of my iPhone last month, I bought a new iPhone 5s.

I soon became obsessed with Touch ID.

Touch ID allows you to press your thumb to your device to unlock your phone. You can also purchase items from the App Store, iTunes, and iBooks. It’s a convenient way to quickly authenticate on the iPhone.

What if you could also use Touch ID as auth in other apps?

Imagine being able to sign up for a new app just by pressing your thumb to the phone. No more entering your email and password.

You could also log in to existing apps or provide additional auth for banking, stock, and credit card apps. Auth is one of the largest barriers to smoothly using apps on the iPhone.

Obviously, access to Touch ID would need to be supplied by Apple. I’m imagining it could be included as a framework for use by any developer. Apple (or the device itself) could store and supply the user’s credentials to 3rd party applications with the user’s permission.

Of course, Touch ID isn’t without security faults. Unlike a password, you can’t really change your fingerprint if someone happens to get a hold of a copy.

Currently Touch ID is used as a convenience rather than a primary form of authentication. When your iPhone is restarted, your 4-digit passcode (not just your thumbprint) is required.

I’ve been thinking through some ways that Touch ID could be used in conjunction with a second form of identification (device ID, confirmation email) for authentication. I’m not sure I’ve got it completely figured out yet, but it’s fun to speculate.

I’m still fascinated by authentication and new user registration in general. The whole signup, login, logout process is nothing new. However, it is something that can continually be improved and the results can be dramatic.


What’s the worst that could happen?

(Thanks to @sckain for suggesting the topic for this post.)

Trying out a new social appAugust 2013

Downloaded a new social app. I heard it was interesting and it seems easy enough to check it out. Went to the app store, downloaded the app and there it is on my iPhone home screen.

Okay, nice design. Have to sign up or login to continue. Full name, username, email address. Check. Need a photo of me? Okay I guess I can use this one that I took a couple months ago and still have on my phone.

I wish I had some better photos of myself on my phone. Who ever chooses that option to use the camera RIGHT NOW to take a photo of themselves? Good profile photos take some setup. Duh.

Now let’s find some friends. Connecting with Twitter or Facebook seems dicey. What if this app tweets or posts on my behalf? Facebook Connect ruined everything.

I can search for friends using my phone contacts. Cool. Sadly only a few of my phone contacts are using this app. Oh well, I’ll add them all. I wish I had more female friends to share with. It’s weird to have only early adopter dude friends on this app.

I wish I could invite some friends to use this app. Why can’t I send an email or SMS to invite people? I’m pretty sure Mail and Message functionality is built into iOS.

Okay, so now I have a few friends on this app. Are they good friends of mine or just casual acquaintances? I wonder how these relationships will affect how I use this app?

It would be great to be able to refresh my network at some point. Why doesn’t any app do that? Take me through the friend-finding process again after some period of time?

I’m done playing with the app for now. Closed it out and moved on.

I wonder if I’ll get a push notification soon so I remember that I have this new app?

When I write about my personal experiences I start to think about the reader.

Do my thoughts resonate with you right now? Is this a thought you’ve had in the past? Have you moved on to other thoughts or does this idea still linger?

Sometimes as I’m reading I know that I am not quite understanding the concept on the same level as the author. I credit some of this to inexperience — I’ve never been a parent so I can’t fully empathize with others’ parental sentiment.

Otherwise I’ll wonder if what I’m reading is simply a thought that hasn’t occurred to me yet. Or maybe I’ve been thinking about the idea in a completely different way.

It’s amazing how reading can shift our perspective and give us a more complete view.

Does this resonate with you?

I tell people that I chose to work with Django and Python because of the great documentation. That’s not the whole truth.

I believe now that I chose Django because it is a well-documented convention for building web applications. Every Django app I’ve built looks like a stereotypical Django app. I didn’t have to make any difficult decisions about coding style, how code relates to other code, or where code resides in files.

I recently joined a team of iOS developers tasked with building a brand new app and was nearly blindsided by having to choose a coding style for the first time.

At first I went along with other team members’ decisions, deferring to their expertise. However, when team members disagreed I began to examine my own tastes and preferences.

I’ve probably thought more about code style in the past month than I have in my entire career.

For me it’s a nice hobby to think about code as a concept. I’m usually very focused on building applications and writing code is just a means to an end.

I’m not sure that I can force myself to care too deeply about code.

Why I Love iOS 7What’s your tintColor?

I love the new iOS 7.

I installed iOS 7 on my iPhone immediately after it was released to developers. My co-workers thought I was crazy.

“Your primary phone?!” they all asked.

Yup. I like to live on the edge.

But seriously, I have a few good reasons to love iOS 7. First, it fixes my number one gripe — that it’s such a hassle to update iPhone applications.

I wrote a whole post on the topic a couple months ago for the Pastry Box Project. I wasn’t too optimistic about ever seeing the problem fixed.

I think ideally your iPhone would download the latest versions of your apps (and iOS) in the background, maybe at times when you’re connected to wifi. However, I don’t see this happening any time soon.

Well, it happened!!

(If only I could wish features into existence more often…)

My iPhone now gets the latest versions of my apps automatically. John McCain seems pretty excited about this feature too.


Automatic updates seem like such a great idea… but then I worried about the consequences. What if an app updates at a really inconvenient time?

Today I was waiting in the subway tunnel for my Muni train. No Wi-Fi. I was all ready to start reading a book on my Kindle app when I noticed the Kindle app was stuck in the middle of an update. Oh no! Code red! Hypothetical situation has become reality!!

I checked the status of the update in the App Store app and noticed there was an option to “pause” the download. I clicked the button and my Kindle app returned to normal. Phew.

In addition to automatic updates, there are a couple other nice features of iOS 7 such as the Control Center and the camera improvements. However, the thing that’s got most people talking is the new design.

I’m not a designer so I’m not going to get into the layout of the icons or the lack of shadows and bevels. I just wanted to note that I think the design is a huge improvement for developers.

I downloaded Xcode 5 at the same time as iOS 7 so that I could start developing iOS 7 applications. I was really impressed by how much better all the default styling and components look.

I’m super happy to see those ugly blue navigations bars and rounded rect buttons bite the dust. I’m ready for change and I’m re-energized to build better looking iPhone apps with iOS 7.

It’s also just fun to ask, “so what’s your tintColor?”

When thinking about the future of OAuth it’s helpful to remember why OAuth was created.

I was lucky enough to be part of the original group of API providers who created OAuth so I know that OAuth was (mostly) intended to solve two common problems with API authentication:

  1. SSL/TLS was expensive and complicated.
  2. Websites shouldn’t be storing passwords of other websites.

Of course #1 is past-tense for a reason. SSL is now commonplace for web applications. APIs can simply do all their authentication over SSL, which is a really good thing. There’s no need to be swapping tokens around over SSL!

Password storage, #2, is still an issue. Websites shouldn’t be storing plaintext passwords for other websites. However… mobile! It’s kind of okay to store a user’s credentials on a mobile device.

There’s a third major purpose of OAuth which arose as an unintended consequence: one-click login.

One-click login has been OAuth’s greatest success. Users can log in to a new website using their Twitter or Facebook credentials. It’s much faster than having to enter a bunch of signup information.

So what’s the future of OAuth? I really love the one-click login feature but the other two issues seem much less relevant today.

For the future we need to consider the problems that plague API developers today.

What are best practices for mobile devices? How can we make OAuth as simple as possible for client developers now that SSL is commonplace? Can we make one-click login even faster and more trustworthy?

These are all questions we need to be talking about for OAuth 3.0.

One thing that really bugs me about iPhone apps is that users need to be constantly updating to get the latest version. By updating, I mean going to the App Store and clicking the “Update” or “Update All” button.

Users have a bunch of reasons not to update apps—they forget, too busy, don’t want to wait for the download, have an older phone or OS so that updates won’t work, or they just don’t know that they need to at all.

Of course web applications don’t have this problem. Every time you visit a site or refresh a page you’re getting the latest version. Some desktop applications are fairly forceful about upgrading as well. Chrome updates every time you open the app (by default). Many other desktop applications are aware that there’s a newer version and will prompt you to upgrade.

It seems like it’s still super rare to see any sort of upgrade messaging within iPhone apps. I only recall being forced to upgrade once and it was a Zynga game.

I think ideally your iPhone would download the latest versions of your apps (and iOS) in the background, maybe at times when you’re connected to wifi. However, I don’t see this happening any time soon.

In the meantime I’ve started to integrate upgrade messaging into the apps that I work on and would love to see more open source projects addressing this issue. iPhone app releases contain lots of bug fixes and new features and it would be great to get these out to users as soon as possible.

Developers hate interruptions. Of course everyone dislikes being interrupted, but being interrupted while writing code is particularly tough. Coding requires a lot of concentrated mental energy. We mentally untangle logical problems, seek to simply solutions, and cover all edge cases. Often we’re trying to mentally calculate several things at once.

Interruptions are frustrating because we may lose our train of thought or forget an edge case. It’s also really difficult to focus on a new task while our brain may still be working on the previous problem.

I recently returned to working in an office full-time after working from home for several years. By far what I miss most about working from home is that my home is relatively free of interruptions and therefore perfect for coding work.

However, I’ve realized that writing great code isn’t the only part of my job. Communicating with co-workers, planning and coordinating tasks, and exchanging feedback are also an important part of my job as a developer.

Currently I’m working on becoming more productive in an environment with interruptions. For example, I try to put aside my current task and really listen when someone needs my attention. I also try to carve out some time dedicated to responding to email, planning upcoming projects, and collaborating with co-workers.

In a perfect world we would all be working together and thinking about the same things at the same time and there would be no interruptions. Of course this is impossible (unless we become the Borg… but that’s a whole different blog post). So, (for now?!) I’m okay with learning to manage interruptions and figuring out how to become a better co-worker.

I don’t believe in talent. I believe that passion combined with hard work produces results. But how does one find what they’re passionate about?

Some people are lucky to find what they love to do when they’re young. I tried all kinds of activities when I was a teenager. I took piano lessons. I learned to sew and knit. I played soccer, softball, lacrosse, and ran track. I studied French and wrote short stories. However, none of these felt like my true passion.

I went to college to study design. I had always loved making things and I was excited to find the medium I would like best. Painting? Pottery? Photography?

I would have never guessed programming.

I took my first Computer Science class my freshman year. It quickly became my favorite class and I spent many hours building a game for my final project. I was hooked.

I’ve been writing code for eleven years now and I’ve probably long passed the 10,000 hours for mastery according to Malcolm Gladwell. By all accounts I’m a good programmer now.

Yet today I woke up early to work on a juicy programming problem. I still get excited to make things with code. I’ve found what I love to do.

I hope you don’t buy into the idea that people are naturally good at something or are born talented. Instead, I hope you will find what you love to do. I hope you find your passion.

It’s strange to think that I might not make another web app. I’ve been working on iPhone apps for the past year and have done very little web development.

If I were to make a new app today, it would be an iPhone app. It’s difficult for me to see a scenario where I would choose to build a website, or even a mobile website, over a native app. I use my iPhone for everything these days.

I feel nostalgic for the web as it was in 2007. It was great to be able to share links, follow blogs, and generally have websites that play nicely with each other.

I don’t think the web as it was then is coming back though. I think there will be something new. Something that encompasses the ideas of the interconnected web but exists on mobile.

I’m just a little sad that it might be a younger generation that gets to define this new paradigm instead of us, generation Web 2.0.