–> Dictionary.com <– drag to toolbar

Dictionary.com provide an ‘official’ bookmarklet, here:
http://dictionary.reference.com/tools/bookmarklets.html

I’ve improved it a bit

• Selected text uses window.getSelection(), not document.getSelection()
• Trims junk out of current selection
• Opens a new window so you don’t lose the current page
• Uses encodeURIComponent(), not escape()

Here’s the uncompressed source on Github

I’ve been having fun playing with node.js over the past year, but have had little, or no excuse to use it in any production work, so I thought I’d set myself a challenge and build a module. That challenge was firstly to create a simple AMF gateway for Flash remoting, and secondarily to see if an RTMP socket server was achievable in node.

If you don’t know about “node” – It’s a JavaScript runtime that allows you to write socket servers. I like it a lot – it brings asynchronous, event-driven programming to the server side and provides a truly global variable scope across all connections. I’ll blog about it in more detail later, perhaps.

At Public we do a lot of Flash work, and regularly implement Flash remoting using a PHP AMF gateway. I wasn’t necessarily looking to replace this stock approach with node, but node offers proper socket connections that PHP can’t, so I was imagining the possibilities of using node as a free, and more flexible alternative to Flash Media Server. Not for streaming media, but for real-time messaging, for example in multi-player games. If I’m honest though, I did this mostly for fun, an academic exercise and as an excuse to work with node.

node-amf

node-amf is on GitHub as a public repository: http://github.com/timwhitlock/node-amf

The first step was to write a pure JavaScript AMF implementation. i.e. a library for serializing and deserializing AMF packets. If you’re not familiar with AMF (Action Message Format) – it’s a binary serialization and messaging format invented by Adobe for passing data back and forth between Flash and a remote server. I am not the only person to implement this in JavaScript: mid-way through my project I noticed amf.js appear – just a little too late for me. This library is probably much better than my own, but mine is designed specifically for node, so I shall stick with it for now.

With a working AMF library all that remained was to create a HTTP gateway. There are many examples of AMF gateways in other languages, including PHP. The general approach is that a single request/response exchange carries one or more messages, each one calling a web service on the server and returning the result. AMF also has the ability to invoke methods in the Flash client on response – an underused feature.

Node makes it incredibly easy to implement an HTTP server, all that I had to do was decide how to expose the web services to the gateway. I decided to do this by passing a user-defined JavaScript object when initializing the server – each property of the object is a function callable by name – example AMF gateway here. This suitably sandboxes the method calls, and ensures the client cannot execute arbitrary JavaScript functions – that would be bad.

This part of the project is largely complete and working. It has not been used in production yet, so if you’re brave enough to use it, please let me know how it’s going!

node-rtmp

node-rtmp is currently under the same project as node-amf because it’s dependant upon the AMF library. This incomplete, highly unstable, and experimental work is under the node-rtmp subdirectory with examples here.

If you’re not familiar with RTMP (Real Time Messaging Protocol) it provides bi-directional streaming media and messaging over persistent socket connections. It’s the messaging I’m interested in. Flash talks to Flash Media Server over RTMP sockets and can securely call methods in both directions.

As it turns out the RTMP specification is very badly written. (The AMF specs were quite easy to read, although possibly much simpler). If I was a cynic, I may even suggest that Adobe has purposefully written them badly to avoid third party developers being able to adhere to the usage license which insists in adequate conformance to the spec. However, it doesn’t seem to have stopped numerous projects such as librtmp from gluing the pieces together.

This is the point where I realised I might be out of my depth. I am currently in the process of glueing the pieces together myself. Armed with the dodgy specification, Wireshark, and the fragmented information dotted around the Internet, I am making some slow progress. At the time of writing I have the RTMP handshake working correctly, and have just about deciphered the command messaging packets.

I may give up before this is at all useful.

librtmp and node add-ons

As you may have noticed, I’m talking about implementing all of this in pure JavaScript, and you may be thinking that’s nuts. You are probably right. As libraries, these don’t really need to be written in JavaScript. In addition to pure JavaScript modules, node supports add-ons – compiled libraries which can be built against C and C++ system libraries. A good example of this is node-memcache.

C and C++ is unfortunately outside my skill set, but I imagine it may be possible to build an RTMP node add-on using librtmp. Anyone fancy a crack at that?

There is so much to discuss around this and it’s not even out of the lab yet. In a rare display of focus, I’ll devote my first post on the topic to one of the more obvious questions – Can they (or do they need to) get 400 million people to migrate away from Facebook?

The idea of a decentralized, open source social network where you truly own your data appeals to many a privacy-concerned geek, but I think perhaps the announcement of Diaspora and their rapid public funding is timely more than anything. After the F8 conference Facebook are predictably under the spotlight again – this time there’s even infoporn - See: Mat McKeon and the New York Times.

So we’re all ‘concerned’ about our privacy, and maybe even what Facebook are up to in general, but as Fernando Rizo muses on his blog today, are you going to quit? No, of course not. Well, not without a decent alternative, because you don’t want to miss out. (See FOMO). Well let’s assume for a moment that Diaspora becomes that alternative – what then?

Tipping the other way

In theory I don’t see a reason the Network Effect can’t work in reverse. It takes early adopters to populate a site like Facebook in the first place – perhaps a trend in rejection could result in a tipping point in the opposite direction. If you joined Facebook because your friends did, and they went somewhere else – you’d eventually go too. Somebody has to go first of course.

I grumble about Facebook all the time, but I use it as much as the next guy – in fact more than most of my friends. I don’t want to shut my account down. Going cold turkey would be a serious commitment. I think for this to happen for me there would have to be some kind of transitional phase.

If Diaspora allowed me to view and publish content to and from Facebook, that would surely defeat its primary function. You could argue that it depends what the content was, but it would still mean keeping my Facebook account active. It might however be a way to soften the blow, and at the same time entice my peers into migrating too.

I don’t have the solution, (and I probably don’t understand the problem), but many of us are far too attached to our digital homes for this to be a clean break. As Fernando points out we’ve seen mass migration before (away from MySpace) but I’d say it’s a bigger deal this time. I remember quitting MySpace (~2007) and I really didn’t miss it. I had a handful of photos and about 30 friends. It was also incredibly annoying. Despite my moaning, I really like Facebook, it’s a very usable site and there’s vastly more content than I had access to three years ago.

Would an exodus be necessary?

Diaspora are proposing a hosted, turn-key option for their software (a la WordPress) and perhaps, as is common with open source products, providers will be permitted to package up and sell the product themselves in a healthy, competitive fashion. To move 400 million people over to Diaspora, this would surely be essential – how many Facebook users know what a GPG key is?

I joked earlier (complete with typo) that if Diaspora took off, perhaps Facebook could move to a hosted-Diaspora revenue model. Perhaps this wasn’t such a joke. Facebook need your data to profit, if you’re going to abscond and not give them any more data and not look at any more ads, then a premium service where you can interact with your friends without getting ‘graphed’ seems reasonable to me. The privacy concerned few could pay, while the complacent masses continue to trade their personal lives for a free ticket.

I’m thinking out loud and probably sound like an idiot, but I’m hungry and need to go home…. just gotta check my Facebook.

You didn’t expect me to have only nice things to say, did you? There are a couple of things I have to question.

It’s only a draft

Despite this spec being a draft, Facebook (who are represented in the working group) have gone ahead and implemented it anyway. Although this is a step up from the non-standard methods they’ve employed to date, it does make me wonder. Will the spec be finalised according to their implementation? Will they change their implementation if the spec changes? Or will they end up going in separate directions? (think ECMAScript 4/ActionScript). As with my gripes about the Open Graph, how “open” are standards when we have self-interested corporations in the driving seat.

Looser security for JavaScript clients

The so-called “user_agent” journey serves the needs of front-end applications that don’t have access to a web server. (i.e. JavaScript only apps). This support comes at a cost to security because request signing is not required. (More to the point, signing would be redundant). The risk is a limited one – the “bearer tokens” must only be sent over SSL, so the worst you can do is take control of an app under the authentication of your own account. Still, I imagine it would be possible to post content that the app did not intend. (use your imagination!) My main gripe here is in justifying the trade off. The loosening of security is in favour of making apps easier to implement for more people – i.e. a Facebook business interest. I don’t think that’s a good enough reason to weaken the specification.

I’ve been saying to people that I’m not too excited about the announcements from F8 last week. I suppose this is because I was expecting the announcement that many were – that Facebook would launch a geolocation service. I still expect they will (even if it’s by way of acquisition). With 400 times the user base of Foursquare, just imagine how much faster they could build their ‘places’ database than the numerous firms all racing to do so; and what a valuable chunk of data that would be too.

Well, we didn’t get that announcement, but it’s taken a few days to dawn on me that geolocation is only one part of a much bigger picture – and that announcement we did get. It’s the Open Graph.

The Open Graph

Graphing the social web was only the beginning. Connecting people to places may be an obvious next step, but a place is only one kind of ‘object’ and Facebook [it seems] want them all – Your dog, your favourite band, your kitchen sink. The location of all these objects will follow soon enough – the embryonic Open Graph protocol already has fields for geolocation and address information, it’s just that Facebook have been fairly quiet on the topic.

What’s most significant about the graphing of these objects is that it extends beyond Facebook’s walled garden to the wider web. Facebook has trained us like chimps to click ‘like’ buttons for [however long] and now these clicks are going to index the entire web for them. These humble little buttons can now be attached to anything, anywhere and the collected data will have real meaning as to what and where these things are.

The Semantic Web

As I tweeted from the F8 live stream, there are fairly obvious overlaps with Facebook’s Open Graph protocol and Twitter’s proposed annotations. Perhaps they have different goals, but they are both essentially an attempt to make sense of the vast amounts of data flowing through their networks. They in fact have similar goals to the elusive Semantic Web. If you tune out the marketing babble and social media pontification there are some huge issues here, privacy being an obvious one, but also we may ask: how ‘open’ is it?, why are they doing it? and who benefits?

Through open standards some very clever people have been trying to steer us toward the Semantic Web for years. Facebook could easily stroll along and “do a Microsoft” on the whole thing. Regardless of the word “open”, they are still a self-serving corporation and with their reach extending beyond the walls of facebook.com this can have a real impact on the future of the Internet.

I’m far from being an expert on the Semantic Web, but here’s what some real experts have to say about the Open Graph.

Who benefits?

Privacy and open standards aside, this was the first question that popped into my head when watching the F8 keynote. Before writing this post I Googled “who benefits from the open graph?” to see if anyone had already blogged it – it threw up a great post by Chris Messina, so I’ll try not to replicate what he has to say.

It was this brief twitter conversation that got me thinking about the parties involved and what they each have to gain from all of this. Take the new ‘like’ button process, which is equivalent now to opting in to a fan page. Of the three parties, the user appears to benefit the least.

• Facebook get tonnes of data. (cue links to articles on “the price of free”). More fan pages will also drive more ad sales.
• The advertiser (publisher/brand/whatever) gets to push more content to you and gets tonnes of stats into the bargain. Visit your favourite agency blog to read how brilliant for brands this is.
• We get the thrill of seeing that we like the same thing as our friends (or not) and if it’s something we really like, we might enjoy the content that is subsequently pushed into our news feed.

Regardless of my usual cynicism and choice of imagery – I’m not saying any of this is bad, as a developer it’s pretty exciting (contradicts self).  I just think these questions need to be asked, and I wish all 400 million Facebook users would do the same.

Here’s one: the ‘like’ button. This has become more than just a casual way to show your friends you think something is cool. It’s become more powerful for advertisers, more useful for Facebook, and for you … ? You’re going to start seeing ‘like’ buttons all over other websites, including this one; What you probably won’t realise straight away is what it means to click this. Clicking a ‘like’ button on anything, anywhere instantly creates a Facebook ‘page’ for that ‘thing‘ and makes you a ‘fan’. Being a fan of a page (as you probably know) means the owner of that page can publish content into your news feed. So, essentially, by clicking my ‘like’ button on this page is the same as you saying you want to be a fan of this article and you want to allow me to deliver content to you about it any time I like. All at the casual click of a button.

There, that’s it. I just thought you should know. Make up your own mind about whether you think this is sneaky or not. Personally, I think it is. Here’s a good article on the topic by Channel 4′s technology correspondent.

–
I’ll be writing more about the announcements from F8 and Chirp later on. This was just a quickie, because I think the ~400 million Facebook users that aren’t Internet professionals need to be kept in the loop.

If you want to zoom a map to fit a particular distance as tightly as possible, you need to know the scale of each of the 19 levels. In metres per pixel, I worked them out to be as follows:

zoom m/px
  19  0.19
  18  0.37
  17  0.74
  16  1.48
  15  3
  14  6
  13  12
  12  24
  11  48
  10  95
   9  190
   8  378
   7  752
   6  1,485
   5  2,909
   4  5,540
   3  10,064
   2  16,355
   1  21,282

So if you needed to calculate the zoom level to fit an area of a given radius you could use a function like this:

function radiusToZoom( r ){
    var w = myMapInstance.getSize().width;
    var d = r * 2;
    var zooms = [,21282,16355,10064,5540,2909,1485,752,378,190,95,48,24,12,6,3,1.48,0.74,0.37,0.19];
    var z = 20, m;
    while( zooms[--z] ){
        m = zooms[z] * w;
        if( d < m ){
            break;
        }
    }
    return z;
}

The Digital Economy Bill

Not only am I totally unqualified to write any real critique on this topic, but there’s so much debate online already that any post I could write would be but a drop in an already soaking wet ocean.

On a personal note though, as much as the rushing-through of the bill exemplifies the illusion that I’ve always imagined democracy to be, it at least makes politics relevant to me; something I can’t say I’ve ever really experienced. I don’t think I’m alone here either as the comments on this TechRadar post illustrate. My own comment was as follows:

For me this whole affair has highlighted that some of us Digital Natives (I speak for myself) live in a bubble, and assume that the big issues facing our country are taken care of by others more knowledgeable in politics and economics. I had never watched the Parliament Channel before either, but if I was a teacher or a nurse you can bet I would have done. My point, if there is one, is that I agree with Gary that it is “business as usual” we just don’t usually notice.

My best hope from all of this is that the DEBill debacle has made people like me that have little contact with the grown-up world and who struggle to keep up with current affairs, realise that the Internet is just as much of a political issue as healthcare, education and taxation, and hopefully it will give me better reason to choose how I vote from now on.

Apple getting evil

Apple alters the legal terms of their developer SDK as they roll out iPhone OS4. Another topic on which there are volumes of content superior to what you’ll find here. If you need somewhere to start, my particular favourites are as follows:

• Daring Fireball appears to have become the de-facto reaction and is a great read.
• Lee Brimlow on the Flash Blog (I’m curious how much legal clout the “opinions are my own” line really carries in the end)
• Level headed response from Unity 3D (it’s not all about  Adobe, you know!)
• Phone Gap appears unaffected as Webkit is a valid way to deploy an app. nothing on their blog yet.
• I enjoyed  this existential angle

On a personal note again (deeply cynical as usual) I have never been under any illusion that there is any such thing as a benevolent corporation. (There are such organisations – they are called charities). Obviously Apple want to control every aspect of deploying to their platform, they are going to continue to do so, as sure as Google are going to enter every market place they physically can until our lives are 100% reliant upon their existence. So, am I just gong to lie down and die, you ask? (Yes, probably). Seriously though, roll on W3C Widgets – I want to see the web go mobile, not see the mobile industry lock down our web.

Nearly forgot to mention UTweet

On Tuesday the Twittersphere (or at least the digital/media corner of it) erupted in massively over-the-top debate about Uniqlo’s UT campaign site, which I imagine was aimed firmly at aforementioned (ahem) influencers. For 24 hours the dialogue went like this:

• People tweeted the link and said they liked it. Some even said it was incredible

• In purposeful contrast to this hype, further commentators said it was nothing special and didn’t see what all the fuss was about.
• The protagonists then either backed off or defended their position, creating more fuss.
• The fuss was played down as being disproportionate to the event, creating more fuss.
• People  started blogging about it, and the fact that it was never intended to be anything more than a nice looking bit of fun in the first place. (oh, the irony)
• Those that waited a whole 24 hours before commenting had the hindsight to comment on the herd itself

Not a bad exercise in getting people to talk about your brand, really.

I think I’m done. I’ve got some coding to do.

If you don’t already know that I’m a huge cynic, then you will do shortly. I’m going to lay out my observations as factually as I can, but they will be tainted with my usual dose of suspicion, fear and resentment. Below is a list of feature creep that I’ve observed, but there is an underlying point. If you don’t want to read the list, just skip to the bit at the end.

Account verification via mobile phone

I thought I’d start with this one, because it erks me the most. My personal account has long since been verified. i.e. Facebook is satisfied that I am a real person, and not a robot.  If you aren’t verified you must pass a CAPTCHA test for any significant activity such as posting, or friend-adding. This isn’t new, but what seems to be new is that the only option for verifying that you are human now seems to be a SMS-based security check.

What erks me about this is that the CAPTCHA itself is the human/robot test – the mobile phone check is not proof of life; it is in fact little better than an email-based method which just proves an email address exists; it doesn’t prove that there’s a person at the end of it. I question Facebook’s motivation here. The upshot of this is that if you don’t give Facebook your mobile number you will be badgered with CAPTCHAs until you get so annoyed you verify. It also suggests they put a lower value on your email address. (Project Titan anyone?)

The “username” (vanity URL) feature is also denied to you if you do not verify. I particularly like the prompt to try another time.

iPhone address book feature

Continuing the mobile phone number theme: The superb Facebook iPhone app recently added a new feature which allows you to add your Facebook friends’ profile pictures to the corresponding entries in your phone’s address book. Before you enable this feature, you must make this fabulous clickwrap agreement (see image):

Now, don’t get me wrong – I’m not suggesting that Facebook are doing evil things with your friend’s numbers, I’m sure they really do need the phone numbers to automate this feature. I assume it’s the only unique identifier that could associate an address book entry with a Facebook profile and a manual process would ask too much of the user. But regardless of the technical reasons, this is still an example of the increasingly prevalent ‘features for data’ trade we are becoming more comfortable with. It can only make us more complacent about our own privacy.

“Tim W is no longer in a relationship”

This was actually the first of my recent observations. Facebook used to have user settings that allowed you to prevent certain events from being published as ‘news stories’. The example of relationship status is pertinent in that it is so personal. I actually went though a ‘Facebook breakup’ in 2008, but had the publishing of this story disabled. I also had the “X is now friends with Y” story disabled (for reasons I can’t be bothered to go into), but the point is that these options have disappeared. Why? Because Facebook want more activity not less, and that’s no secret.

The real-time shift accelerated by Twitter at al is to blame for this. Much of Facebook’s UX tweaks in 2009 were blatantly geared towards encouraging more chatter, more sharing, more data. Again we’re encouraged to publish more activity, but in this example it’s been achieved through denying us the right to keep it private. In my view, that’s sneaky.

“friends-of-friends”

This relatively new privacy option took me by surprise. Certain rather innocuous settings, such as showing the “Add as a friend” button have had their tightest option reduced to friends-of-friends. This seems reasonable, but with 300 friends each having 300 of their own, we’re talking about 90,000 people. The chance of a colleague, employer, or client being amongst that is high – In my case it’s guaranteed. Fortunately the most sensitive settings, such as photo albums, still have much tighter options, but the option itself is still a nudge toward publishing more data to more people.

The bit at the end

I must point out that I’m not accusing Facebook of any evil-doing, or breaking any laws. These examples are here to illustrate what I think is a clear direction in our use of the free (as in beer) web, and our relationships with companies like Facebook and Google where our activity has become both product and payment.

The greatest threat to our privacy is our own complacency over it. We want features, we want them for free, and we’re increasing willing to hand over whatever data is required to access them. What worries me is not what companies are doing with this data now, and not even what they might do with it in future; what worries me is how this creep is discreetly changing our behaviour such that we [as a society] no longer even care about our privacy.

We need to keep an eye on the direction in which we’re being nudged and keep an eye on the organisations that are doing the nudging. Geolocation is clearly the next thing for us to get complacent about, and personal data doesn’t get much more personal than your physical location. The recent Please Rob Me site, however tongue-in-cheek, should be enough for even the least educated to sit up and pay attention to the potential dangers of publishing your location.

What’s the new feature?

Essentially it’s Facebook’s version of forwarding content through the network, as retweeting is to Twitter. I can’t find an official announcement of this feature. Mashable and All Facebook have referred to it as the “via” feature, or the “Facebook retweet”. Both ugly terms. I prefer “repost”, although “reshare” would be more inline with the Facebook lexicon. To cut a long story short, it lets you share with your friends something that a friend of yours has shared with you. At first glance this may seem like it circumvents the walled garden of your friend network. i.e. people you don’t want seeing your content seeing your content. gasp.

The repost privacy test

From my personal account (where I am simply known as Tim W and have every privacy feature locked down its strictest setting) I posted a link with appropriately alarming status update, as follows:

Then from my professional account (which is 100% public having the loosest privacy settings) I temporarily befriended myself and naturally saw the post from the elusive Tim W in its full glory. Nothing unexpected so far. I clicked the “share” button and reposted this link for all my friends on this profile to see.

Now I needed a third account that wasn’t friends with Tim W, but as a Facebook member could access the second profile in full. So I set up a Facebook account in the imaginative name of Mit Kcoltihw (Polish I imagine) and accessed the page of my public, professional profile. Lo and behold there was the reposted link, as below:

( ignore, if you can, the fact that my profile photos are the same. The repost doesn’t show the original poster as it does in Twitter)

What we see is that the posted link, and its meta data are visible, but my status update is missing. A non-friend seeing your link even if you set “Posts by me” to “Only friends” looks rather like a breach. It seems Facebook doesn’t consider this content as being “by you” as it came from a public source. However, if you change the link description text to your own text when posting the original link, this is also visible, and that’s definitely a loophole.

Links are one thing, but photos are a bit more serious. I tried the same test with a wall photo post, and you’ll be relieved to hear that the repost was completely invisible to third parties. Good.

So in conclusion – not so black and white. Your privacy settings are maintained to an extent, and you don’t need to worry about status updates and photos getting into the wrong hands, but there is definitely creep here. I think the  “posts by me” privacy setting is now misleading and needs addressing, and the reposting of custom link descriptions is highly questionable. I won’t lose any sleep over this one, but I won’t be getting complacent any time soon either. If you’ve spotted a loop hole let me know by commenting below, but double check your privacy settings first.

More in my next post about Facebook privacy creep.