Author: Leon

Categories
News Programming

Facebook Apps Still Not Serving SSL

Almost two months ago, Facebook added a setting for browsing with an SSL connection. So far, most app developers have not yet caught up.

It’s simple. Go to Account->Account Settings->Account Security->Secure Browsing and click a checkbox.

 

Option for using https "whenever possible"

 

After saving, your Facebook experience will all flow over SSL, every byte encrypted with a 128-bit key. But fire up your favorite game, and you will probably see a request to turn this setting off.

Dialog displayed by apps that don't support SSL

If you click the continue button, you might expect that you’d be temporarily allowing an unencrypted connection. Instead, your setting is turned off. When you’re done with CityVille, you will have to switch it back on again. I’m sure Facebook will improve this user experience over time.

When Facebook rolled out this feature, they added a new setting for app developers that asks for the URL to the secure version of their app. It starts out blank, and when it is blank, the dialog above shows up. Naturally, I wanted to get things right, so I began experimenting. Unfortunately, once you have a valid value, you can’t return to having it be blank. Now I was forced to solve this somehow.

Time for a short diversion into how HTTPS works.

You know how you can have one server hosting multiple domains, each with their own site content? It’s called virtual hosting, and it’s a standard feature of Apache. The way it works in the HTTP protocol is that when your browser connects to the server, it uses the IP address (e.g.192.168.1.1) and in addition to asking for the document to view (e.g. GET /index.html) it also specifies the domain name (e.g. www.18int.com). Apache’s configuration knows where the files on the server are for that domain, and away we go.

In the case of a secure connection, your browser and Apache must exchange keys to be used for encrypting data. Your browser will also ask for proof of identity from the server. The proof is in a small file called a certificate. It’s only good for one IP address and one domain. You can make multiple certificates work if you have multiple IPs. A certificate signed by an authority is a few hundred dollars, but IPs are scarce. It’s a gigantic pain in the neck for a small developer.

If you have multiple apps running on Facebook, you could reorganize them on the server to use subdirectories instead of subdomains. For both canvas apps and iframe apps, the user is hardly exposed to your backend URLs anyway. In the short term, I’ve made a single page that says the following.

We’re sorry! This app does not function when requested via ssl. To access this app, please change your facebook settings under Account->Account Settings->Account Security->Secure Browsing.

Then I pointed all of my SSL URLs at it. Note that I this page is served up using a self-signed certificate. It’s interested that Facebook doesn’t care to enforce the identity check but they do care that the data is send via SSL end to end. That’s reasonable.

Instead of reorganizing all of my files on the backend, I plan to rebuild my apps so that they work outside of the Facebook canvas, using the Facebook Connect feature instead. Facebook seems to be doing what they can to push everyone off of the canvas, anyway.

It’s also interesting that most of the games I’ve tried still show the request to switch off SSL. The popular Zynga games do. I found that Golden Nugget Vegas Casino, run by one of my clients (AltEgo), does serve up with SSL. Smart.

Recently, Twitter added a similar feature to always use HTTPS, but I wouldn’t expect any issues like we have with Facebook because Twitter never got into the business of piping content from apps through their own servers.

Enhanced by Zemanta
Categories
News Parenting

Study Philosophy, Be Powerful

Cory Doctorow linked to a list of famously successful people who studied philosophy.

Bust of Aristotle. Marble, Roman copy after a ...
Image via Wikipedia

Here’s a giant list of famous and accomplished people with philosophy degrees, just the thing to show the parental units when you choose your major. I want the comparable list of successful underwater basket-weaving majors. (via JoHo)

Check out the list and you’ll find one of your heroes and perhaps a villain or two. That suggests to me that studying philosophy helps you become powerful. You will learn fundamental truths, levers to move the world. While I too studied philosophy in college, intensely but outside of university classes, I passionately wish I’d focussed on it earlier. Philosophy should be a core subject of education from the beginning.

Are you interested in learning about philosophy right now? Try Stefan Molyneux’s An Introduction to Philosophy videos.

Enhanced by Zemanta
Categories
News Programming

Facebook’s @Mentions Works in Comments Now

 

Screenshot of using the @mentions feature
Screenshot of using the @mentions feature

Do you use the @mentions feature in your status updates? If you type @ and immediately start typing a name, Facebook will suggest friends. Click on one and the name is inserted as a link. The friend will be notified and more likely to notice. Until now, this only worked in your own status updates. It now works in comments on anything posted to a news stream.

Unfortunately, the @mentions feature does not work when updating status via the Graph API. Apparently it did at first, but app makers immediately used it to spam everyone with notices. Facebook yanked it. I would have preferred that they limited notifications similarly to how they limit how many news stream updates can go out in a certain time period.

In addition to mentioning people, you can also mention pages and apps.  Many of the things you “like” in your profile have underlying pages. If you’re mentioning a band or a movie you enjoy, try using the @mentions feature to make it easy for readers to find out more.

Related articles
Enhanced by Zemanta
Categories
Business

Release Your Metaphors

Recently, Josh Ross noted how the metaphor of business as war is changing into a metaphor of voluntary cooperation. People are speaking about making their businesses more social. At the surface, this might seem like when the conversation was about making Web sites more interactive. This isn’t fashion. It isn’t the latest technique for improving retention. It’s a rip tide pulling us into the future and Facebook has been paddling madly in the same direction.

Sadaam Hussein

As Josh rattled off several business-as-war metaphors, I thought of the work of Lloyd deMause at The Institute for Psychohistory. In particular, I reflected on the powerful metaphor of the Killer Woman who appears in popular culture prior to cultures launching into war. These metaphors are gels filtering the light of truth. You may be aware that something’s not quite right, but the mood is certainly colored.

In business, it feels natural to slip into aggressive language towards our competitors and our clients. Some of us slip easily into the role of crusader, sacking the infidels at all costs. If we’re lucky, someone hasn’t paid attention from the beginning. They stumble into the bad movie unfolding and ask everyone, “why are you watching this terrible shit?”

I recall a year where the company I worked for was on a wonderful run for a client flush with cash. We were expanding into new departments and ready to please. Christmas approached and managers were eager to dispose of budgets. A request came to build something like a hit piece on the client’s competitor. The idea rolled along for a while. Usually, the engineering team was the last to hear of projects, sometimes not until creative was finished. My team was were the latecomers wandering into a bad movie. To the credit of the entire team, we regretfully refused to sacrifice our integrity.

Josh says our habit of discussing business as war obscures the truth, makes us complete the mission without regard for the greater value. The new social metaphor aligns with human needs. People need relationships. They need to cooperate. We need to trust each other. We need to know our authentic selves. Without an aggressive metaphor to get in the way, we gravitate towards this type of interaction.

"Making the world more open and connected"

I heard Mark Zuckerberg say the purpose of Facebook is to encourage greater connectedness and openness between everyone. This isn’t a strategy for ending war metaphors. It’s a strategy for ending war. I heard Stefan Molyneux say that the way we end violence is through multi-generational improvement of parenting. This is the corollary to deMause’s theory that war is a symptom of child abuse.

I knew I had to write this piece when an unsolicited ad for Guy Kawasaki‘s new book, Enchantment: The Art of Changing Hearts, Minds, and Actions, dropped into my inbox. He says his book “explains how to create delightful, voluntary, and mutually-beneficial relationships with people.” Ten years ago, Guy released a book called Rules For Revolutionaries.

Metaphors matter. The leading edge of our culture is using more life-affirming metaphors. I won’t ask you to execute the old metaphors. Release them. Free them to help us in other ways. Embrace the new metaphors. This is how we change the world.

Enhanced by Zemanta
Categories
Business Personal

How can I help you?

Back in September of last year, I decided I was spending entirely too much time doing things I wasn’t enjoying — commuting for an hour to Berkeley via BART to spend equal parts of my time

  • doing project management on tragically underfunded projects,
  • participating in marathon executive meetings, and
  • digging around a decade-old PHP/Oracle/ActionScript/Perl codebase that preferred to speak XML/XSLT to itself.
What was I doing? What should I be doing? How could I do it?

The following questions nagged at me. What was I doing? What should I be doing? And most importantly, how could I do it?

I also asked several of my close friends if they had work for me. Actually, I put it this way: find me a couple of months of work and I’ll quit my job. Two of the responded simultaneously; I suddenly had two full time gigs starting immediately. Oh boy, was I busy in Q4 2010. And one of those gigs kept going for the first two months of this year. It’s been thrilling.

Meanwhile, I took the advice of another friend to form a corporation (18INT) and build a real business. Why not? I’ve been doing the Internet consulting thing since 1997. Five years ago, I’d made it my aim to understand the operational part of the business. Having earned something like an MBA of hard knocks, I was ready to start something new.

The past five months have been relatively easy if I don’t think too hard about the intense weeks in November when I was working 10 hour days seven days a week. Now that the Facebook game I’ve been helping with is close to launch, I face perhaps my greatest challenge: signing the next big project.

This is a big challenge in a personal sense only. I’ve worked with plenty of people with a talent for selling. My personal style was to overachieve relentlessly and wait for people to ask me to work on something. I’ve learned that proactively asking how I can help works well, too. I just need to find the right part of me that delivers this request in a genuine and non-self-conscious way.

With less work in March than I prefer, I’m poised to ramp up my new business development skills. I hung out at GDC for half a day last week. I’ll be at Web 2.0 in a few weeks and at ad:tech after that. And I’ll continue to reconnect with my favorite colleagues of the past. Lastly, I hope to find the time to be more diligent in talking about what’s going on with me.

My goal is to sign enough work in 2011 that I must hire one or two full time employees. I know there’s more than enough work out there. So, how can I help you?