Archive for the ‘Facebook’ Category

How Facebook checks your account is not fake (and keeps legitimate users out)

Thursday, May 13th, 2010

Facebook has been boasting not only the most users for a social networking site, but also the most “quality” users (ie less fake users).

How can Facebook achieve that?

First they’ve been actively purging fake accounts.
More recently they started testing your knowledge of your own friends.
Because everybody knows you know well all your friends on Facebook right?

This feature is disguised as a way to check that your account is not being accessed by an unauthorized person logging from a unrecognized computer.
It happens if you try accessing your account while traveling, and logging from a location you never logged from before.

Not only you will be asked for a Captcha, but Facebook will present you a set of 7 photos where your friends have been tagged, and you will have to recognize them.

You can only skip 2 questions so you better know your friends well, and be lucky enough to be shown photos with an actual face on it.

Especially when they start asking you questions on tagged pictures like those ones:

Try it yourself by logging from a friend’s computer or from a computer abroad and test your knowledge of your friends.
It’s fun, especially when you get yourself locked out of your own account and have to wait one hour to try it again.

Detailed flow

First you’re being asked to enter a Captcha:

Facebook login verification using photo tagging

Then you are tested on your knowledge of your friends’ pictures:

Facebook login verification using photo tagging

It reads:

In order to proceed, Facebook needs to verify that you are the owner of this account. To do this, please identify the people tagged in the following series of photos.
To pass, you cannot get any answers wrong. If you aren’t sure about a question, please skip it. You can only skip two questions.

If you fail, you get this:

Facebook login verification using photo tagging

Please come back in a little while
Your answers were not accurate enough.
For security reasons, you are only allowed to authenticate your identity once every hour. Please come back then to try again. Sorry for the inconvenience.

If you succeed after having failed previously, you will be shown the recent login attempts to review.

Facebook login verification using photo tagging

Please review recent activity on your Facebook account
Your account was recently accessed from a location we’re not familiar with. Please review the activity details below.
If anything looks unfamiliar, we’ll help you change your password (this will help prevent people in the future from accessing you account without permission).
Do you recognize the account activity listed above?

Note the funny wording about preventing people from the future to access your account. Ambiguous. What if I want my future self to access it?

Is it too much?

Although these extensive security measures really do their job of keeping unauthorized persons to access your Facebook account, aren’t they a bit too much?

Wouldn’t a more classical method combining a Captcha and an email with a link to confirm you identity be enough?
Here you have a Captcha, plus a series of 7 pictures with friends tagged.
You cannot make any mistake, you can only skip two questions.
It is overkill for user identification.
Hence the underlying reason behind this flow is more for fake user account determent than really protecting your account from unauthorized logins.

Maybe at some point the only way you will be able to add a friend on Facebook will be to go through 7 random pictures with and without your candidate friend on it and you would have to tell if he is in the picture or not.

This will certainly upset spammers using fake accounts using friends they know nothing about.
But it will also upset those real people having lots of friends because they are just over eager to add more.

We all have one of those friends, don’t we?
You know, those with more than 1,000 friends you always wondered how they know so many people (and they probably don’t).

I’m curious to know how well they would do at the photo tag test.

————————
UPDATE Sept. 09 2010:
It seems we were right as Facebook filed to patent social Captcha. See the patent application.
————————

Facebook rivaling Google by building its own Web Crawler powered by… You!

Saturday, May 1st, 2010

Update April 14th 2012: Sergey Brin warns of the threat Facebook poses to the Internet and open web by building its inaccessible content. But is Facebook a threat for the Internet itself? Or just for Google?
——————–

With Facebook giving the publishers easy ways to mirror their external pages on Facebook, it means it is effectively building the most relevant search engine, the semantic search engine.

And it’s doing that using free labor: viewers of pages who “Like” or “Recommend” a page using the new Like button.

Here is an example of this search engine (using this very article), already available and directly integrated in Facebook, listing all the web pages external to Facebook that users “Liked” in the “Page” section of the results:

On the technical side, you can see Facebook’s crawler in the access log of your HTTP server.
It has the User Agent set to facebookexternalhit/*
Here is an example of Facebook pinging this very article in the access.log of the Apache server:

69.63.178.249 – - [05/May/2010:08:31:40 -0600] “GET /2010/05/facebook-rivaling-google-by-building-its-own-web-crawler-powered-by-you/ HTTP/1.1″ 200 18379 “-” “facebookexternalhit/1.0 (+http://www.facebook.com/externalhit_uatext.php)”

Complex Expensive Mathematical Proprietary Algorithms vs. You

What will the result be?

A search engine more powerful than Google as it will index only real pages that actual users like, and not fake pages.

Google and Bing and all serious search engines in the market must spend millions of dollars building complex automated Web Crawlers that keep surfing around the clock, retrieving pages, following links and crunch each page to extract relevant information based on keywords to index them.

So far, the ranking of your site depends on how this complex algorithm works and classify keywords, with inner workings so obscure and complex it gave birth to a totally new field of Internet technologies: Search Engine Optimization (aka SEO).

Facebook is moving the power from complex obscure and proprietary algorithms to the end users, the only persons who can really tell if a page is worth reading.
Not only Facebook can tell the page is worth indexing, but it can tell what its rank should be, just by looking at the number of people who shared the same page.

Every time you click on a “Like” button, you effectively tell Facebook: here is the address of a page I read and liked, and it’s worth sharing with others.

Facebook is actually building the first successful crowdsourced search engine, and it will be a powerful one with pages chosen by users, getting rid of all the fake websites out there like parked domains and parasite websites that are just exploiting the biggest weakness of search algorithms: they are not human.

Those parasite websites usually do their own web crawling and build pages (sometimes on the fly) using keyword stuffing to lure search engines into thinking their content is relevant in order to achieve higher ranking, then serve lots of ads on the pages to generate revenue from that traffic.
I personally move right away from those websites when I land on them, meaning I will never click a “Like” button if they had one because it’s too obvious they are just copy pasting content from somewhere else.

You can’t lure the human eye so easily and a smaller percentage of people who lands of the parasite pages will actually “Like” them, while a regular search engine would rank them high based on the keywords.

Not to mention the porn sites.
Who will “Like” or “Recommend” a porn webpage with the link being posted directly to their Facebook profile and broadcasted to all their friends in their News Feed?

The raise of Microsoft’s Bing (under the cover of Facebook)

In a way, the “Like” button is how Facebook added a Captcha to all websites so only content worth indexing is being saved for search.
Even more powerful than a Captcha on a webpage, it’s also a Captcha on your brain and morality as users will not reference questionable websites like porn.

Who will benefit from that?
Facebook of course, but also Microsoft’s own search engine, Bing, which so far has been struggling against Google even after Microsoft spent billions of dollars on it.
Don’t forget that Microsoft invested $240M in Facebook back in 2007 (see Facebook’s press release), and they could well be behind Facebook’s strategy to take over the web.

Bing is already omnipresent in Facebook search and it keeps growing.

Facebook Bing Search

At more than a billion clicks per day on the “Like” button, it’s happening really fast.

The consequences are as follow:
- Facebook is referencing a “cleaner” web: it will have an inventory of real pages with less parasite websites referenced and more general audience content
- Bing from Microsoft will benefit directly from this crowdsourced search engine.
- the SEO importance will diminish

Of course people will adapt:
- SEO guys will get on the Facebook bandwagon and their job will be to add a “Like” button to your site (and still charge you a lot for that)
- Parasite websites will have to make their content much nicer to the human eye to fool humans into thinking they have the original content. It probably means that a simple copy of the original content instead of keyword stuffing will do better than a pages belching lots of content gathered from multiples places.
- Google will be (certainly is already) restless and start spending billions to compete with the Microsoft+Facebook alliance.

But don’t forget Google also has its own social network: Orkut.

Could Google’s response rely on finally getting Orkut to take off?
I would start by renaming it to something I don’t have to Google every time for spelling and pronunciation…

While Google will not go away any time soon, the search engine wars is just starting and the key is to make is social.

Administer your ghost pages shared by the new Facebook Like button

Sunday, April 25th, 2010

——————
Note: Use this post to talk about the Wordpress Facebook Like button plugin
——————

If you’re using THE Facebook Like button plugin (the first one the market and most robust ;-) hosted on Wordpress, you want to be able to administer your pages.

It’s nice to have lots of people like your pages, but it’s even better if you can also send all those Facebook user a message too.
For instance you could post updates about your page, or offer products and services (or advertisement) in a pinpoint accuracy targeted way.

The main revolution Facebook announced at f8 on April 21st is that every legacy web page on the web can now be turned into a Facebook page.

Here is how it works in practice and how to administer your blog pages on Facebook.

You will be able to not only view all the Facebook users who Liked your page, but see statistics and also send all of them messages directly to their Facebook feeds.

Pretty powerful spammy viral tool here.

The First solution if you use Wordpress and the Facebook Like button plugin is to simply configure the plugin by entering your Facebook ID in the Settings page.

It will make an “Admin Page” link appear next to the number of shares you have so far for the page:

Like button with Admin link

And voilà! You’re done. The meta data will be added automatically to the header.

The Second solution, if you don’t use the plugin, or if you use another blogging software or even a standalone website is to add some meta tags in the html header.

Here are the steps to do it manually in Wordpress.

1/ Modify you Wordpress header

Edit your Wordpress header file…

bash# cd ~/wordpress/wp-content/themes/<THE DIRECTORY OF YOUR THEME>/
bash# vi header.php

… by adding HTML tag attributes (very top of the file):

<html xmlns="http://www.w3.org/1999/xhtml"
        xmlns:og="http://opengraphprotocol.org/schema/"
        xmlns:fb="http://www.facebook.com/2008/fbml" <?php language_attributes(); ?>>

… and by adding these meta tags in the header section of the header.php file:

<meta property="fb:admins" content="YOUR OWN FACEBOOK ID"/>
<meta property="og:title" content="<?php the_title_attribute( $args ); ?>" />
<meta property="og:type" content="blog" />
<meta property="og:url" content="<?php echo get_permalink($post->ID); ?> "/>
<meta property="og:image" content="http://blog.bottomlessinc.com/wp-content/uploads/2010/04/logo.jpg" />

Don’t forget to replace “YOUR OWN FACEBOOK ID” with your own numerical Facebook ID.
(example: “68310606562″ if you are Mark Zuckerberg)

Be careful to use the proper Facebook ID as once people start liking your post, you cannot change this ID anymore for security reasons.
You can only append new Facebook IDs (separate them with commas) and cannot replace the original Facebook ID which always has to appear first.
So in the previous example the first Facebook ID will always have to be 68310606562, otherwise Facebook will return this error when trying to like the page:

You previously specified 68310606562 as the leading admininstatory in the ‘fb_admins’ meta tag. The ‘fb_admins’ tag now specifies that 666 is the leading administrator. That needs to be changed back.

Also you can’t remove the Admin ID anymore once it’s been entered, or you will get this error:

Your page no longer includes any admininstrator IDs, even though you’ve specified one before. You must include 68310606562 in the ‘fb_admins’ meta tag, and it must be the very first one if there are many.
Facebook ©2010

Thanks to Tim at Hyperarts for the code.

2/ Administer your Facebook Ghost Pages

Now refresh your page, click on the “Like” button and notice the link to your newly created Facebook admin page as in this screen shot:

Facebook Like Admin Page

Clicking on the “Admin Page” link will redirect you to Facebook, which is only a regular Facebook Page automatically created with the picture specified in your header meta tag as profile picture.

It looks like this:

Facebook Like Admin Page on Facebook

Notice at the top the message in the yellow box confirming your are administrator of the page:

Administer Your Page.

You are seeing this page because you are an administator. All other users are directed to http://blog.bottomlessinc.com/2010/04/creating-a-wordpress-plugin-add-the-new-facebook-like-button-to-your-posts/, but you are being directed here so you can manage your fans and publish stories to your fans’ News Feeds.

(hum, looks like Facebook doesn’t know how to spell administrator).

Facebook provides a list of all the pages you administer in one convenient place.

Facebook is definitely mirroring the whole entire world wide web with these ghost pages that will blossom like mushrooms this spring.

From this Facebook page you can:
- see all Facebook users who Liked your page (formerly known as “Fans”)
- see statistics about the page (“insights”)
- post a message to your page wall

You will then start getting a weekly email update from Facebook listing the statistics of all your the different pages that were created.

For each page you will see:
- number of fans this week and number of total fans (hum, Facebook still calls them “Fans” here, I guess it didn’t sound right to call them “Likers”?)
- Wall Posts, Comments, and Likes this week (and last week)
- visits to your page this week (and visits last week)
- a direct link to Update your fans

Posting a message to your page wall will make your message appear in the Stream of every user who liked your page.

Virality is back (for external website that is, not Facebook applications)

Creating a Wordpress plugin: Add the new Facebook Like button to your posts

Thursday, April 22nd, 2010

——————
Note: Here is the latest version of the Facebook Like Wordpress Plugin for the impatient (and people not interested in the technical details but just looking for a solution working out of the box).

There is also the Official Wordpress page (from which you should rate the plugin and report it works, thanks).

This blog post is about the process of creating the plugin itself, so if you use the plugin directly you don’t have anything else to do than just installing it.
No coding necessary.
Otherwise you would add things manually and then the plugin would do the same again.
Jump to section 7/ Installation of the plugin if you just want to use the final product working out of the box.
Check also section 8/ Customize the plugin for help on configuring it when installed.
——————

Writing a Wordpress plugin is fairly simple provided you know PHP and follow the well documented process at wordpress.org.

If you’re in a hurry and just want a simple functionality, this guide is what you need.

Here’s a shortened version on how to create a Wordpress plugin that will add the new Facebook “Like” button announced yesterday at f8 to your posts and/or pages.

Facebook new Like button

Simple yet customizable as we’ll still provide a settings page for the plugin.

Facebook new Like button Wordpress plugin settings

1/ Optional Preparation

You can write a plugin and release it without submitting it to the official Wordpress directory.

Submitting your plugin to the Wordpress directory means your plugin must be release under GPLv2, so be aware of that before hand if it bothers you.

Some benefits of submitting to the directory are:
- faster distribution (users can find it easily)
- free SVN hosting
- packaging of the different versions
- access to analytics (number of downloads, …)

If you intend to submit your plugin to the directory, it may be a good idea to first look up which names are available as you may want to name your files and functions according to this name.
Check out the Wordpress plugin SVN to see what’s already taken.

2/ Create the plugin folder

bash# cd ~/wordpress/wp-content/plugins/
bash# mkdir like
bash# cd like/
bash# touch readme.txt
bash# touch tt_like_widget.php

We really need only two files:
- the readme file to describe the plugin,
- the actual code of the plugin in the php file (name it whatever you want).

3/ Write the Readme file

A basic Readme file looks like this:

=== Like ===
Contributors: bottomlessinc
Donate link: http://blog.bottomlessinc.com/
Tags: share, facebook, like, button, social, bookmark, sharing, bookmarking, widget
Requires at least: 2.3
Tested up to: 2.9.2
Stable tag: 1.0

The Facebook Like Button Widget adds a 'Like' button to your Wordpress blog posts.

== Description ==
Let your readers quickly share your content on Facebook with a simple click.

== Installation ==

1. Upload `tt_like_widget.php` to the `/wp-content/plugins/` directory
1. Activate the plugin through the 'Plugins' menu in WordPress
1. (Optional) Customize the plugin in the Settings > Like menu

== Frequently Asked Questions ==

= Is Like free? =

Yes

== PHP Version ==

PHP 5+ is preferred; PHP 4 is supported.

== Changelog ==

= 1.0 =
Stable version

You can get more information on the readme file with this more elaborated example.
Wordpress also provides a readme validator the way W3C does for XHTML validation.

4/ Write the PHP file

Only one function will be called in the file, the init function:

tt_like_init();

It does three main things:
- register and retrieve the parameters of your plugin if you have any (you will be able to set those in the settings page)
- register your own function to be called when an event happens, here an event called ‘the_content’ called every time the content of the post is rendered. Our plugin here will just append some content at the end of the post content.
- register your own function to be called to render the settings page in your Wordpress admin panel so you can customize your plugin.

function tt_like_init()
{
    add_option('tt_like_width', '450');
    add_option('tt_like_layout', 'standard');
    add_option('tt_like_showfaces', 'true');

    $tt_like_settings['width'] = get_option('tt_like_width');
    $tt_like_settings['layout'] = get_option('tt_like_layout');
    $tt_like_settings['showfaces'] = get_option('tt_like_showfaces') === 'true';

    add_filter('the_content', 'tt_like_widget');
    add_filter('admin_menu', 'tt_like_admin_menu');
}

The add_option function is provided by the Wordpress API and registers the default values of your options.
The previously saved setting are retrieved using get_option() and stored in our global variable we named ‘tt_like_settings’.
Our function tt_like_widget() will get called every time the content of the post needs to be rendered as we registered it with the add_filter() function.
In a similar manner, tt_like_admin_menu() will get called to render the settings page in the Wordpress admin interface.

The tt_like_widget() function is pretty straight forward: just append whatever you want to append to the $content variable.

function tt_like_widget($content)
{
     $showfaces = ($tt_like_settings['showfaces']=='true')?"true":"false";
     $url = urlencode(get_permalink()) . "&amp;layout="  . $tt_like_settings['layout']
                                . "&amp;show_faces=" . $showfaces
                                . "&amp;width=" . $tt_like_settings['width'];
     $button = '<iframe src="http://www.facebook.com/plugins/like.php?href='.$url.'" scrolling="no" frameborder="0" allowTransparency="true" style="border:none; overflow:hidden; width:'.$tt_like_settings['width'].'px; height: 50px"></iframe>';
     $content .= $button;
     return $content;
}

Here we build a Facebook Like button which is just an iframe pointing to a Facebook URL having the URL of the current post as parameter.
It means we need to retrieve the URL of the current post dynamically, this is done using get_permalink()
This is also the place we use our settings to produce a Facebook Like button customized according to the settings on the admin page.

And now for the settings on the admin page. We basically build an html form that will record the user preferences.

function tt_plugin_options()
{
    $tt_like_layouts = array('standard', 'button_count');

    <div class="wrap">
    <h2>Facebook Like Button</h2>

    <form method="post" action="options.php">
    <?php
        if (tt_get_wp_version() < 2.7) {
            wp_nonce_field('update-options');
        } else {
            settings_fields('tt_like');
        }
    ?>

    <table class="form-table">
        <tr valign="top">
            <th scope="row"><?php _e("Width:", 'tt_like_trans_domain' ); ?></th>
            <td><input type="text" name="tt_like_width" value="<?php echo get_option('tt_like_width'); ?>" /></td>
        </tr>
        <tr>
            <th scope="row"><?php _e("Layout:", 'tt_like_trans_domain' ); ?></th>
            <td>
                <select name="tt_like_layout">
                <?php
                    $curmenutype = get_option('tt_like_layout');
                    foreach ($tt_like_layouts as $type)
                    {
                        echo "<option value=\"$type\"". ($type == $curmenutype ? " selected":""). ">$type</option>";
                    }
                ?>
                </select>
        </tr>
        <tr>
            <th scope="row"><?php _e("Show faces:", 'tt_like_trans_domain' ); ?></th>
            <td><input type="checkbox" name="tt_like_showfaces" value="true" <?php echo (get_option('tt_like_showfaces') == 'true' ? 'checked' : ''); ?>/></td>
        </tr>
    </table>

     <?php if (tt_get_wp_version() < 2.7) : ?>
       <input type="hidden" name="action" value="update" />
       <input type="hidden" name="page_options" value="tt_like_width, tt_like_layout, tt_like_verb, tt_like_colorscheme, tt_like_showfaces"/>
    <?php endif; ?>

    <p class="submit">
    <input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
    </p>

    </form>
    </div>
}

Here we have some code for an input box, a dropdown menu and a checkbox as example.
There is some handling for earlier version of Wordpress.
Refer to the options page help for further information.
The _e() function is here for internationalization.

5/ Submit your plugin to the Wordpress directory

Submit your new plugin to the directory by providing a unique name for it.

You will then be able to upload it to the SVN repository.

6/ Check in your code in the SVN repository

After Wordpress approves your plugin (it took 3 days for this one), you can check your code in the provided SVN link.

bash# mkdir ~/my_wp_plugin
bash# cd ~/my_wp_plugin
bash# svn co http://svn.wp-plugins.org/like
A    like/trunk
A    like/branches
A    like/tags
Checked out revision 233010.
bash# cp ~/wordpress/wp-content/plugins/like/readme.txt trunk/
bash# cp ~/wordpress/wp-content/plugins/like/tt_like_widget.php trunk/
bash# svn add trunk/*
A         trunk/readme.txt
A         trunk/tt_like_widget.php
bash# svn ci -m "First stable version"
Authentication realm: <http://svn.wp-plugins.org:80> WordPress.org Subversion
Username: bottomlessinc
Password for 'bottomlessinc': ****
Adding         trunk/readme.txt
Adding         trunk/tt_like_widget.php
Transmitting file data ..
Committed revision 233012.
bash#

Now you can tag the revision of the plugin as your first version.

bash# svn cp trunk tags/1.0
A         tags/1.0
bash# svn ci -m "Tagging v1.0"
Adding         tags/1.0
Adding         tags/1.0/readme.txt
Adding         tags/1.0/tt_like_widget.php
Committed revision 233013.
bash#

Now that your code is checked in with the mandatory readme.txt file and you tagged the version 1.0 of your SVN to match the Stable tag: 1.0 in readme.txt, Wordpress will do all the rest and package it for you.

It will be available to a URL resembling http://wordpress.org/extend/plugins/like making it accessible to all Wordpress user and providing you download statistics and feedbacks from users.

You can also promote your plugin further by submitting it to wp-plugins.

7/ Installation of the plugin

Here is the complete code for the widget:

Facebook Like Wordpress Plugin (Latest Version)

Unzip it in your plugin directory.

bash# cd ~/wordpress/wp-content/plugins/
bash# wget http://blog.bottomlessinc.com/wp-content/uploads/2010/04/like.zip
bash# unzip like.zip

Then go to the Wordpress admin dashboard, activate it, and optionally customize it in the settings page.

8/ Customize the plugin

The plugin works out of the box without configuration as it uses the IFRAME version of the button.

Optionally you can use the XFBML version but it requires more setup and a better knowledge of the Facebook platform as you will need to create a Facebook Application and enter its App ID in the settings page of the plugin.

Which one to choose, IFRAME or XFBML?

It really depends on how technical you are.
If you are not, stick with the default settings using the IFRAME version.
If you are technical you can venture in the XFBML version, but even there you will hit snags as Facebook is notorious for producing unstable Javascript and not getting things to work the first time (a daily struggle when you develop Facebook applications).

With XFBML, the user who clicked the Like button can add a comment that will be attached to the post on his profile.

Facebook XFBML Like button comment

The benefit of using XFBML is purely real estate: provided the user not only clicks the button but adds a comment, the profile post will now include the image you entered in the Settings of the plugin along with an excerpt of the article.

For comparison here is the one liner you will see if using IFRAME or if using XFBML when the user did not add a comment…:
Facebook Like button wallpost IFRAME

… and here is the profile post the user will generate when adding a comment with the XFBML version of the button:
Facebook Like button wallpost XFBML

Even though Facebook provides a simplified interface to generate a new Application, it doesn’t work right away.

When I first set it up I had this message when clicking the button:

The application ID specified within the “fb:app_id” meta tag is not allowed on this domain. You must setup the Connect Base Domains for your application to include this domain.
Facebook ©2010

When editing the settings of the Application itself, I couldn’t see anything wrong, and hit the “Save Changes” button without modifying anything.
Surprisingly it raised this error, refusing to save the (non existing) changes:

Validation failed.

Connect URL must point to a directory (i.e., end with a “/”) or a dynamic page (i.e., have a “?” somewhere).

In this case just edit the Application, go to the “Connect” tab and in the first field called “Connect URL”, make sure your website ends with a forward slash.
For instance I had to manually change my Facebook Connect URL from “http://bottomlessinc.com” to “http://bottomlessinc.com/” to make things work.

And even after that, when using the XFBML version the button doesn’t show up in around 20% of the page refresh.
That’s why sticking with the default IFRAME version is more reliable.

There is also a chance that adding a slash to your Connect URL will solve the problem of the Like button blinking (showing up as pressed then right away as unpressed).
During this blinking of the button you can see the message “You like http://example.com” which disappears also right away.

If you use the XFBML version of the plugin, you must provide the numerical Facebook ID of the Facebook user you will use to manage the pages.
Otherwise people clicking on the Like button will receive this error:

You failed to provide a valid list of administators. You need to supply the administors using either a “fb:app_id” meta tag, or using a “fb:admins” meta tag to specify a comma-delimited list of Facebook users.

Did you find this post useful? Like it on Facebook :-) and Spare a few cents:

Facebook throttling the last viral channel

Wednesday, March 24th, 2010

Up until today, there was still one viral channel left on Facebook that allowed your applications to grow organically: the wall posts.

Today Facebook cracked down on it as explained in their developer blog.

The consequences are amazing as you can see the overnight 50% drop in DAUs for quiz applications that relied heavily on wall posts like Social Interview (graphs courtesy of developeranalytics.com):
Social Interview DAUs down 50 percent

So from a canvas application you can still publish stories to walls, but you now have to ask the user each and every time to confirm with the “Publish this story to your friend’s Facebook Wall?” popup like this one:

Before you could let the user choose not to have this popup every time they want to post something on a wall by using the Facebook.showPermissionDialog() javascript call…:

Facebook.showPermissionDialog('publish_stream', callback);

function callback (perms) {
  if (!perms) {
    message('You did not grant the special permission to post to friends wall without being prompted.');
  } else {
    message('You can now publish to walls without being prompted.');
  }
}

… that would prompt for your permission to, hem, not be prompted when publishing a story to a wall (“Allow {Application X} to publish posts or comments without prompting me.”):

Once you had this permission granted by your user, you could just call streamPublish() with the auto_publish parameter set to true to avoid the popup:

Facebook.streamPublish(null, attachment, actionLinks, target_id, "Add a personal message", callback, true);

In practice it didn’t quite work because even though the language in the permission dialog is clear that you would not see any popup anymore, you would still either:
- get the popup all the time (and that was a Facebook bug)
- or reach a throttling limit (streamPublish() would return “Feed action request limit reached”) and would not be able to post anymore.

Facebook is very obscure on what the limits are, contrary to the requests limits which you can see from the Statistics of your application in the Developer app (tab “Allocations”).

So you had to use a trick to circumvent this throttling by asking for a totally unrelated permission: the Offline permission.

Facebook.showPermissionDialog('offline_access', callback);

That would ask the user for yet another permission using the “Allow Constant Authorization.” popup:

This workaround worked well until today, as you now get a lot more “Feed action request limit reached” errors.
So much more that Facebook added an extra tab in the Statistics of your application called “API Errors”:

What’s remaining now for virality on Facebook?
- the notifications are gone
- the invites are throttled in an obscure way so you never see your allocation of invites per user per day go up
- the wallposts are throttled
- … but you now have access to users emails!

This is a clear move from Facebook to capture more revenues by forcing developers to buy ads from them.

The true organic virality is gone, unless developers become spammers and start hammering the email addresses of Facebook users.
This will happen unfortunately, and users will just opt-out, so it’s a short lived solution.

Is it time to move back to MySpace?

The Madoff Experiment

Tuesday, March 9th, 2010

The Madoff Experiment is currently in progress, check back later for the results…

Working ‘Become a fan’ button directly in Facebook apps

Saturday, February 6th, 2010

Until recently you could only put up a link to the application page and hope people would find the ‘Become a fan’ at the top button themselves.

Facebook was not providing a working button the way the ‘Add Bookmark’ button works.

Here’s the indirect way to do it, using Facebook Connect:

<fb:iframe scrolling="no" frameborder="0"
   src="http://www.facebook.com/connect/connect.php?id=4563146243&connections=0&stream=0&css=http://example.com/fan.css"
   allowtransparency="true" style="border: 0px solid #cccccc; width: 113px; height: 25px; ">
</fb:iframe>

And your fan.css file should look like this:

.profileimage {
    display: none !important;
}

.name_block {
    display: none !important;
}

div {
    margin: 0px !important;
    padding: 0px !important;
}

The CSS is here to hide the app profile picture. If you want the picture to be displayed then just don’t use the CSS.

Source

Getting your friend names: use users_getinfo() not FBML

Wednesday, January 27th, 2010

To get the names of the user’s friend, you can go two ways:
1/ make a Facebook API call on the server side using users_getinfo()
2/ let Facebook render the names in FBML using the fb:name tag and passing it the user id

While it’s tempting to speed up your application by removing the users_getinfo() call and going for solution 2/, in practice 2/ will turn out slower.

You won’t notice the difference when the users doesn’t have a lot of friends, and in this case 2/ may be faster.

But past 200 friends, and 2/ is extremely slow.

An extra goodie with 1/ is that you also get access to the friends names on the server side, so you can do more processing.

Facebook Ajax call hitting your URL 3 times in a row

Thursday, January 21st, 2010

Did you notice Ajax calls hitting your url three times in a row?

This will happen if the URL ajax.post() is hitting doesn’t return anything at all.

var ajax = new Ajax();
ajax.responseType = Ajax.RAW;
ajax.requireLogin = false;
ajax.ondone = null;
ajax.onerror = function() {}

var params={
    'title':'Nice title',
    'comment': 'Nice comment'
};
ajax.post('http://example.com/my_ajax_handler.php',params);

If your my_ajax_handler.php script doesn’t return a single string, ajax.post will hit you 3 times.

Just return something like ‘1′ for instance at the end of your my_ajax_handler.php script and you will be hit only once:

<?php
 if(count($_POST)) {
     $title = $_POST['title'];
     // process your data...
 }
?>
1

Notice the ‘1′ outside of the PHP block at the end.

Increasing PHP limits

Tuesday, September 2nd, 2008

When doing statistical computations on a DB, you can easily reach the default memory and execution time limits of PHP.

You could change those settings directly in your php.ini file, but it would make the changes server-wide, meaning that even those scripts that should never eat that much memory can potentially hog the system if they start running wild.
It’s better to enable it on a file basis, if not on a compute-heavy function basis using ini_set.

For instance if your script reaches the default 16M of memory usage, this message will appear:

PHP error: Fatal error: Allowed memory size of 16777216 bytes exhausted

To change the default value:

ini_set('memory_limit', '20M');

When reaching the maximum execution time of a script you’ll get this message:

Maximum execution time of 30 seconds exceeded

To change the default value:

ini_set('max_execution_time', 90);

When dealing with extremely long processes, like for instance sending millions of notifications to your app users on Facebook, you might even want to use as much memory and time as possible:

ini_set('memory_limit','900M');
ini_set('max_execution_time', 90000);
ini_set('display_errors', 1);