Category Archives: facebook

BBC iPlayer goes social

I’m just back from the BBC’s press briefing on the new iPlayer. This is a public beta. The press release is here.

The big story is that social media features are now integrated. The idea is that you can post recommendations (or otherwise) to Twitter and Facebook about programmes you are viewing, or participate in real-time chat via Microsoft Live Messenger. The Messenger feature will be delivered later than the other features; a beta is promised “later this summer.”

I was interested to see these features delivered, as I spoke to the BBC’s Anthony Rose about them at Adobe MAX in 2008 and wrote it up for The Guardian. I talked to Rose again today and asked why Twitter, Facebook and Live Messenger had been favoured above other social media services?

There are only so many hours in the day, you’ve got to start somewhere. We picked the major ones. In the case of the chat, the technical requirements are actually really high, you need presence detection, there needs to be user to user chat, and it turns out that Facebook doesn’t have that kind of presence detection. So very few platforms have the technical bits that are necessary. But absolutely we’re looking to get the others on board, we know that people are going to want it. We had a choice of ship nothing, or try and dip the toes in the water

This is in line with a theme we heard a lot about today: that the BBC will go where the users are. Devices will be supported only if they succeed in attracting a large user base. We also heard that BBC Online is narrowing its focus, and will not needlessly duplicate what third parties already do. For example, the BBC has no intention of creating its own social network, even though over a million individuals have registered a BBC ID. Rather, it will link that identity to existing social networks, initially Twitter and Facebook. At least, that’s the current strategy. The BBC is a public broadcasting service financed by a licence fee, and its strategy is partly set from above; it has changed recently and will no doubt change again.

Still, iPlayer is a superb service and one reason I am personally happy to keep paying the fee.

Future of Web Apps cheers the independent Web

The Future of Web Applications conference in London is always a thought-provoking event, thanks to its diversity, independence and character. That said, it is a frustrating creature at times. The frustration on day 1 was the barely functional wi-fi, which ruined a promising interactive application called HelloApp, built with ASP.NET MVC. HelloApp would have told us who we were sitting next to, what their interests were, their twitter ID and so on. Microsoft must be disappointed since the developers, some of them more used to technologies like PHP and Ruby, said how impressed they were with the framework and Visual Studio. The poor connectivity was a shame, and a bad slip-up for a web application conference. Even the speakers had to work mostly offline – cloud devotees beware.

Ryan Carson at the Future of Web Apps London, 2009

FOWA has been at London Excel recently, but this event was back to its earlier venue of Kensington Town Hall, more crowded but a better atmosphere and easier to get to. I suspect a little downsizing, but much prefer it. Organizer Ryan Carson has his heart set on enabling start-ups, proffering business advice and uniting developers, designers and money folk, though many attendees are not in the start-up category at all. When revealing the results of a survey showing that many web app hopefuls had less then 1000 site visitors a month he shook his head despairingly “you’re never gonna build a business on that kind of traffic”.

Carson has excellent contacts and the day kicked off with Digg’s Kevin Rose on how to get those visitor numbers up – he should know if anyone does. Rose exceeded my expectations with tips on massaging your visitor egos, avoiding analysis paralysis, hanging round event parties to meet influencers even when you can’t afford to attend the event, and even how to hack the press.

After that the day was disappointingly low-key, at least until midday. Then we got Francisco Tolmasky from 280 North and it all changed. Tolmasky’s line is that we should use pure web technology but with the richness of desktop applications, and to enable this he’s put forward cappuccino, a JavaScript framework inspired by Apple’s Objective C and Cocoa – Cappuccino uses Objective-J. This now has a visual development tool (web-based of course) called Atlas, and in Tolmasky’s demo it looked superb. See here for more details.

The surprising twist is that after developers told Tolmasky that they (or their companies) were not willing to trust code to the web, 280 North came up with a desktop version of Atlas with the added ability to create desktop applications as well. I am not clear about all the runtime details, though it no doubt involves webkit, but Tolmasky’s differentiator versus alternatives like Java or Adobe AIR is that Atlas uses only web APIs.

We heard a lot at FOWA about social media, how to use it for marketing, and how to integrate it into applications. Cat Lee from Facebook gave us a breathless presentation on how simple it is to hook into Facebook Connect. It was OK but it was a sales pitch, and that never goes down well at FOWA. 

The later afternoon sessions were excellent. Bruce Lawson of Opera gave us an entertaining overview of how HTML 5 would make life easier for developers. There was nothing new here, but nevertheless a revealing moment. He showed some rich media working in HTML 5 and made the comment, jabbing at Adobe Flash and Microsoft Silverlight, that the web was too important to place control in the hands of any one vendor. A loud and spontaneous cheer went up.

This was echoed later when Aza Raskin of Mozilla gave us a browser-centric view of social media, suggesting that the browser could broker our “social graph” by integrating with multiple identity providers. Raskin’s line: social media is too important to be in the hands of any one vendor.

The Guardian’s Chris Thorpe gave a bold presentation about how the Guardian wants to embed itself in the web through its open platform. Like most print media, the Guardian has many challenges around its future business model (disclaimer: I write for the Guardian from time to time); but Thorpe’s presentation shows that his newspaper is coming up with an intelligent response, promoting interaction and building out into the wider web rather than erecting paywalls. Having said that, maybe the Guardian will try other business models too; it is a journey into the unknown.

Overall a day for social media and the open web, and a good antidote to the more vendor-centric conferences at which I often find myself. Next week, for example, it is the Flash-centric Adobe MAX; and having heard very little about Flash at FOWA that will make an interesting contrast.

O2 router attack shows danger of staying logged in

Concerned about web security? One thing that may prove more valuable than any amount of supposed security software (anti-virus and the like) is the simple good practice of logging out of web sites at the end of each session.

Here’s the reason. Let’s say you are logged into some site – could be Facebook, or Google, or the admin screen on your router, and you’ve left checked the option that says “keep me logged in”. Then you visit some other site. The vast majority of web pages today run JavaScript code in the background, and these scripts execute on your computer, not on the web server. What if one of those scripts sends a request to a site where you are logged in? The request comes from your computer, so it looks like you to the web site. If you are unlucky, the script will be able to perform any action you could perform, but without your awareness – such as changing your password, or reading confidential information.

For this hack to work, a couple of things need to have gone wrong:

1. You are running a malicious script. This implies that the site you are visiting has been hacked, or has a vulnerability such as forum software which allows users to post content that might trigger a script. Even a link to an image in a forum post might be sufficient.

2. The site where you are logged in doesn’t make any additional checks on the source of the script. Although it is running on your computer, the HTTP request generally includes referrer data, revealing the URL of the page from which the script came. By checking this value, the site can figure out that there is something wrong. Another idea is to have unpredictable URLs for sensitive data.

Still, you’ll notice that neither of these things are under your control, whereas generally the option to log out of a site is under your control. Even that might not always be true – a developer could code a site without an option to log out – but that is unusual.

The O2 attack referenced above exploits this flaw to get into your router admin, if you are running an O2-supplied broadband router. It is a huge vulnerability, since if the router is re-configured a wide range of further attacks are possible. One example is DNS poisoning, where familiar URLs might take you to malicious destinations. It could also disable firewall protection and redirect external requests to one of your home or small business PCs – very nasty.

Here’s a couple of things that will improve security:

1. Don’t use the broadband supplier’s equipment, if it is not entirely under your control. Use your own; turn off universal pnp, change the admin password, don’t stay logged into the admin.

2. Don’t stay logged into any site which matters. Even sites which don’t appear to matter can be a security risk, if they expose passwords or security questions that you use elsewhere, for example. Personally I always log out of Facebook, Google and Twitter, for example, even though sites like these should be aware of the risks and be coded appropriately – they mostly are, but mistakes happen.

Unfortunately many sites encourage you to stay logged in, because it reduces the friction of using the site. Still, there are compromises which work. I notice with Amazon for example, that it uses cookies to give you personalized information even when not logged in, but displays password prompts with boring regularity for actions that spend money – though Amazon also advises you to log out completely if using a public or shared computer.

Flash library for Facebook, Silverlight library for MySpace

Adobe and Facebook have announced that ActionScript 3, the language of Flash 9 and higher, is now officially supported by FaceBook along with JavaScript and PHP. Information about coding for Facebook with Flash is here, and the library itself is on Google Code.

MySpace has announced the MySpace Silverlight SDK which will be hosted on Microsoft’s CodePlex open source site. The focus of the Microsoft Silverlight work seems to be on wrapping the Open Social API used by MySpace in a C# library.

Note that there is already documentation on creating Flash applications for MySpace. On the Facebook side, here’s an intriguing fact: there’s also an Fb:silverlight tag, though the documentation remarks: “For now this feature has no functionality.” Fb:swf is better supported. David Justice has been working on a Facebook library for Silverlight. It’s clear though that Flash is more widely accepted and supported on both platforms, reflecting its maturity and broader acceptance.

Smart developers can already devise code to access the public APIs of platforms like Facebook and MySpace from a variety of clients; this is about making that easier. It benefits the social networking sites if a wider group of developers has access to its platform, and with the advantages of multimedia features; equally it benefits the plug-in vendors if their runtime works smoothly with the broadest possible range of services. Therefore we should expect more of this type of announcement.

It is interesting to see technology partnerships bridging political divides. Microsoft has a stake in Facebook, for example, while Google has a partnership with MySpace.

Perhaps the most interesting outcome may be more Facebook applications based on AIR, Adobe’s Flash platform for the desktop. The existence of AIR applications like Twhirl and Tweetdeck has significantly boosted Twitter; maybe it is now Facebook’s turn.

Cloud computing means exporting your IT infrastructure to the Internet

I’ve just attended my first cloudcamp unconference, held during QCon London. We ended up debating how you would explain cloud computing to a non-technical audience. The problem is that different people mean different things by the term.

The consumer perspective is to do with running applications and storing your stuff on the Internet. Gmail, Google Docs, Skydrive, are all examples of doing cloud-based computing from a consumer perspective. Somehow we brought BBC iPlayer, Facebook and YouTube into the mix as well. Some think that the home computer will disappear, replaced by Internet-connected appliances and devices.

The small business and entrepreneur’s perspective is to do with low start-up costs and low barriers to entry. Anyone can run a web site, take payments with PayPal or Amazon Payment Services or Google Checkout, and use cloud services for email and collaboration.

The larger business or enterprise perspective is do with exporting IT infrastructure to the Internet. Close your data centre, sell your servers, move your computing to virtual servers running on Amazon’s elastic compute cloud or some such. There is not much of this happening as far as I can see, though we are seeing virtualization (which might be a first step), and some take-up for software-as-a-service (SAAS) applications like

I suppose it is appropriate that the cloud term is fluffy. To some it is synonymous with the Internet; to others it means SAAS applications; to others it means virtual servers running who knows what; to others it means a hosted application platform (platform-as-a-service or PAAS).

The problem with vague terms is that they make discussion difficult.

My favourite usage: cloud computing means exporting IT infrastructure to the Internet.

Facebook as groupware

There was a brief interview with Joe Gilder, a student at Bristol University, on the BBC Today programme this morning – why does he use Facebook, which is 5 years old today?

For me it’s the most important thing around. I know exactly what’s going on everywhere through what’s on my Facebook profile. Societies, clubs, departmental stuff from my departmental societies, anything from my student’s union, anything from my friends, it all goes through Facebook. 

I found this interesting because it is pragmatic; it’s not just about socializing, but about organizing. I open Outlook to see what’s on today and tomorrow; he opens Facebook.

If Facebook wants to remain essential to someone like Gilder when he moves into the business world, perhaps its management should be considering how Facebook could be an Enterprise portal rather than merely a social network.

Technorati tags: , ,

BBC looking at OpenID for iPlayer social network

At Adobe’s MAX conference in Milan last week I spoke to the BBC’s Anthony Rose, who runs iPlayer at the BBC, and wrote this up for today’s Guardian. One of the things we discussed is social networking planned for iPlayer, where you will be able to see comments, ratings and recommendations from your friends. I asked Rose how user identities will be managed:

“We’ll make sure you never have to log in to use our services. But if you want to post comments and create a profile then you’ll need to log in. We’re going to start by using a BBC one, then we’re going to look at OpenID and see if we can synch to others. OpenID is very cool but is a challenging user experience, and some people will get it, and some will go, why have you made it more difficult?”

Right now there are multiple competing “networks of friends”: Facebook, MySpace, Microsoft Live Messenger, Twitter and so on. Facebook is trying to extend its reach with Facebook Connect; Google is evangelising OpenSocial which “defines a common API for social applications across multiple websites”, along with an implementation called Friend Connect. It will be interesting to see to what extent the BBC creates yet another social network, and to what extent it hooks into existing ones. linking with Facebook, Amazon

I’m at the Dreamforce conference in San Francisco, where Marc Benioff, CEO of, and co-founder Parker Harris, are presenting new features in the platform.

The first is a built-in ability to publish your data as a public web site. The service is currently in “developer preview” and set for full release in 2009. Even in preview, it’s priced per page view on your site. For example, if you have the low-end Group Edition, you get 50,000 page views free; but if you exceed that limit, you pay $1000 per month for up to 1,000,000 further page views. It would be unfortunate if you had 50,001 page views one month.

The second announcement relates to Facebook integration. This is a set of tools and services that lets you use Facebook APIs within a application, and create Facebook applications that use data. Sheryl Sandberg, Facebook COO, says this is “Enterprise meets social”. The problem: Facebook is consumer-focused, more play than work. Sandberg says this deal will launch Facebook into the Enterprise. This will be an interesting one to watch.

Third, there are new tools linking with Amazon’s S3 and EC2. Tools for S3 wrap Amazon’s API with Apex code (Apex is the language of so you can easily add unlimited storage to your application. Tools for EC2 delivers pre-built Amazon Virtual Machines (AMIs) that have libraries for accessing data and applications. The first AMI is for PHP, and simplifies the business of building a PHP application that extends a solution.

Interesting that is providing two new ways to build public web sites that link to – one on its own platform, the other using PHP and in future Ruby, Java (I presume) etc.

It’s worth noting that you could already do this by using the SOAP API for, and there are already wrappers for languages including PHP. This is mainly about simplifying what you could already do.

More information is at

Amazon, eBay, FaceBook: the risk of building your business on a third-party platform

We are seeing web giants flex their muscles. Here’s three instances.

FaceBook’s frequent platform changes make it tough for small developers to keep up – I blogged about this recently.

Amazon declares that Print on Demand sales on its site must use its own printing system, causing consternation for rivals like Lightning Source.

Ebay changes its terms for sellers, removing the option to give negative feedback to scam buyers and increasing final value fees from 5.25% to 8.75% (a 67% increase).

In each case, the losers can fume and complain; but there’s little else they can do, other than withdraw their business. Ebay, FaceBook and Amazon have the right to as they want, within the law, with their web sites. Unfortunately, withdrawing your business from the dominant platform in each field (social networking, web retailing, auction sales) is likely to be even more expensive than gritting your teeth and putting up with it – at least, that’s what the big guys are counting on.

The problem: it’s high risk to have a third-party control your platform. This is something the music industry has belatedly recognized in respect of Apple’s iTunes.

I expect to see more of this, as the biggest players change focus from buying market share with low prices and free services, to trying to monetize their existing share more effectively.

PS: I realise that FaceBook is in nothing like the same position of strength within its market as Amazon or Ebay; nevertheless there seems to be a parallel to do with lack of control over your destiny.

Technorati tags: , , , ,