Is Facebook saying I don’t care?

Today, FB says to me “Notifications from unnamed person are now off because you haven’t used them recently.” (I’m keeping the name private in case it might hurt this person’s feelings.)

First of all, the grammar of that sentence suggests I use my friends. That’s not very nice of Facebook to suggest. I think they mean that it’s been some some since I clicked on a notification item to read the whole story. This might be because I don’t care so much about this person any more. Or it might be that they’ve been writing boring status updates recently. Or it might be that everything I need to know is there in the notification.

What is Facebook trying to do, anyway? Optimize my notification list by weeding out people? Make me feel bad that I’m not engaging with this person enough? If I had the choice, I’d rather this happen only if I specifically clicked a button. I don’t like how they did it and then gave me a link to re-activate the person.

Enhanced by Zemanta
Philosophy Psychology

Angry with Facebook but OK with Washington?

Perhaps you are so angry with Facebook and not the government because, as Molyneux has argued, the government is the  parent who can do no wrong and Facebook is the sibling you’re trained to hate.

Why Are People More Scared of Facebook Violating Their Privacy than Washington? – Hit & Run :

This grasp of managing outrage is what makes our government’s lack of transparency so insidious. Even though the government has admitted that it has violated the Fourth Amendment at least once in its warrantless wiretapping, the outrage is limited to privacy and civil liberties circles precisely because the secrecy keeps the public from even knowing what these violations actually mean.

Enhanced by Zemanta


Last week, I built a little widget for that generates random quotes as if from Ayn Rand characters.

The generator uses pretty CSS3 styles in modern browsers.

My good friend, Rick Marazzani, put together the phrases and the template for combining them. I built the framework that allows anyone to embed the quotes in any Web site. Rick explained the philosophical ideas behind the RAND-o-matic. I want to discuss the technology.

To place the widget in an HTML document, you make a div element and you fetch a remote javascript file.

<div id="randomatic"></div>
<script type="text/javascript">//<![CDATA[
//Set width in pixels to 150-600
var randomaticWidth = 300;
(function() {
  var rom = document.createElement('script');
  rom.type = 'text/javascript';
  rom.async = true;
  rom.src = '';
  var s = document.getElementsByTagName('script')[0];
  s.parentNode.insertBefore(rom, s);

Rather than include the javascript straight away, I used javascript to generate a script tag. This ensures that rendering of the page does not block while the remote file is fetched. The remote script in turn creates new DOM elements and pulls in styles. This makes it easy for anyone wanting to use the widget, while also saving all of the control of functionality and design for me.

Look at the bottom of the right navbar to see the widget in action. It will generate a new quote every 20 seconds, or you can click the box to make a new one. In addition to the CSS3 styles I used for rounded corners and shadows, I also added little icons for posting the current quote to Facebook or Twitter. There really isn’t much magic to that–only making the right URL and sending the browser there.

One interesting hurdle was getting Facebook to take the recommended title text for wall posts. When you post a link to your news stream, Facebook pulls the remote URL and looks for Open Graph tags. The quotes are made in javascript, so I pass the whole quote back to the home page of the widget so that the PHP script there can set tags to match. I can even tell Facebook which icon to use along with the news item.

With the new Atlas Shrugged film opening in a couple of weeks, this can be a whimsical way to celebrate Rand’s greatest work. I also hope it generates attention for MindPosts and 18INT.

Enhanced by Zemanta
News Programming

Facebook Apps Still Not Serving SSL

Almost two months ago, Facebook added a setting for browsing with an SSL connection. So far, most app developers have not yet caught up.

It’s simple. Go to Account->Account Settings->Account Security->Secure Browsing and click a checkbox.


Option for using https "whenever possible"


After saving, your Facebook experience will all flow over SSL, every byte encrypted with a 128-bit key. But fire up your favorite game, and you will probably see a request to turn this setting off.

Dialog displayed by apps that don't support SSL

If you click the continue button, you might expect that you’d be temporarily allowing an unencrypted connection. Instead, your setting is turned off. When you’re done with CityVille, you will have to switch it back on again. I’m sure Facebook will improve this user experience over time.

When Facebook rolled out this feature, they added a new setting for app developers that asks for the URL to the secure version of their app. It starts out blank, and when it is blank, the dialog above shows up. Naturally, I wanted to get things right, so I began experimenting. Unfortunately, once you have a valid value, you can’t return to having it be blank. Now I was forced to solve this somehow.

Time for a short diversion into how HTTPS works.

You know how you can have one server hosting multiple domains, each with their own site content? It’s called virtual hosting, and it’s a standard feature of Apache. The way it works in the HTTP protocol is that when your browser connects to the server, it uses the IP address (e.g. and in addition to asking for the document to view (e.g. GET /index.html) it also specifies the domain name (e.g. Apache’s configuration knows where the files on the server are for that domain, and away we go.

In the case of a secure connection, your browser and Apache must exchange keys to be used for encrypting data. Your browser will also ask for proof of identity from the server. The proof is in a small file called a certificate. It’s only good for one IP address and one domain. You can make multiple certificates work if you have multiple IPs. A certificate signed by an authority is a few hundred dollars, but IPs are scarce. It’s a gigantic pain in the neck for a small developer.

If you have multiple apps running on Facebook, you could reorganize them on the server to use subdirectories instead of subdomains. For both canvas apps and iframe apps, the user is hardly exposed to your backend URLs anyway. In the short term, I’ve made a single page that says the following.

We’re sorry! This app does not function when requested via ssl. To access this app, please change your facebook settings under Account->Account Settings->Account Security->Secure Browsing.

Then I pointed all of my SSL URLs at it. Note that I this page is served up using a self-signed certificate. It’s interested that Facebook doesn’t care to enforce the identity check but they do care that the data is send via SSL end to end. That’s reasonable.

Instead of reorganizing all of my files on the backend, I plan to rebuild my apps so that they work outside of the Facebook canvas, using the Facebook Connect feature instead. Facebook seems to be doing what they can to push everyone off of the canvas, anyway.

It’s also interesting that most of the games I’ve tried still show the request to switch off SSL. The popular Zynga games do. I found that Golden Nugget Vegas Casino, run by one of my clients (AltEgo), does serve up with SSL. Smart.

Recently, Twitter added a similar feature to always use HTTPS, but I wouldn’t expect any issues like we have with Facebook because Twitter never got into the business of piping content from apps through their own servers.

Enhanced by Zemanta
News Programming

Facebook’s @Mentions Works in Comments Now


Screenshot of using the @mentions feature
Screenshot of using the @mentions feature

Do you use the @mentions feature in your status updates? If you type @ and immediately start typing a name, Facebook will suggest friends. Click on one and the name is inserted as a link. The friend will be notified and more likely to notice. Until now, this only worked in your own status updates. It now works in comments on anything posted to a news stream.

Unfortunately, the @mentions feature does not work when updating status via the Graph API. Apparently it did at first, but app makers immediately used it to spam everyone with notices. Facebook yanked it. I would have preferred that they limited notifications similarly to how they limit how many news stream updates can go out in a certain time period.

In addition to mentioning people, you can also mention pages and apps.  Many of the things you “like” in your profile have underlying pages. If you’re mentioning a band or a movie you enjoy, try using the @mentions feature to make it easy for readers to find out more.

Enhanced by Zemanta