Philip Turpin

What with all the hype on Google’s Buzz, just recently, my attention was drawn to my Facebook posts that seemed to have escaped into the public domain – uninvited.  Essentially my Facebook Notes and Links had been published onto FriendFeed and then aggregated again in Google Buzz.

Further investigation has revealed there is, what appears to be, a bug (oversight?) in the Facebook Notes and Links RSS feed option.

Firstly, let’s take a look at the offending URL in question:

http://www.facebook.com/feeds/share_posts.php?id=xxxxxxxxxx&viewer=yyyyyyyyyy&key=zzzzzzzzzz&format=rss20

In this example I’ve replaced the 10 digit alphameric codes with x, y and z for privacy reasons.

The X represents the ID of the person’s posts you want to view.  The Y represents the viewer of those posts and Z represents a unique key generated when you click on the Subscribe to Notes link on Facebook.

Their has to be a friend connection between X and Y in order for the Notes / Links RSS feed to display but you, yourself, don’t necessarily have to have a connection with either of them – what’s important is that THEY have the connection.

Z is a unique key that’s generated for the X Y relationship.  It can also be an X X relationship (as I found out on my FriendFeed settings) but the unique key is still generated.  This means that you can’t just find a profile, decipher the numerical user ID then inject that into the URL – you still need the Unique code which can only be obtained by clicking on that user’s ‘Notes Subscription’ link and if you’re not friends with them you can’t get to it.

I have tried other manipulation of various, other, URLs associated with Notes and Links and the security seems to be holding up.

Although there is little impact in terms of a security risk the implication of this is that someone could easily take the URL for a friend’s notes and publish it.  Then, regardless of the privacy settings of that user, their notes and links will always be publicly viewable in an RSS feed.

What can we do about it?  As yet, nothing.  I have been unable to find any security or privacy settings that address this issue.  It would seem that this is a piece of system architecture rather than a bug.  I’d, therefore, say it was more an oversight on Facebook’s part.  It has been reported to Facebook.

There’s a new Facebook group doing the rounds.  It’s called ‘Roll vs Cole’ and the aim is to see if the Sausage Roll group can get more followers than Cheryl Cole.

What interesting, though, about this particular group is that it’s made it onto the betting site, paddypower.com.

The deal is this:  The Sausage Roll group has to have more followers than Cheryl Cole by 8pm, Sunday 28th Feb.

Current odds are 1/4 yes and 5/2 no.  I think, based on the fact that the group has amassed an amazing 685,000 fans (at the time of writing) since it’s creation on 30th Jan 2010, it’s a fair bet (pun intended) that the Roll will beat Cole.

The facebook group can be found here: http://bit.ly/9jMhoI

Just in case you want to have a flutter, the Paddy Power page can be found here: http://bit.ly/9grRhM

I logged in to Facebook, the other day, and saw the User Interface (UI) change right before my eyes.  It seems that Facebook are rolling out a new and improved UI in stages (my other Facebook account is, as yet, untouched.

To start with, the navigation bar, across the top, has been re-designed.

As you can see it’s been changed relatively comprehensively.   For me the two most noticeable (and annoying features) are:  The search bar has been moved to just left of the centre and you can no longer hover over the links on the top to get extra options.

As an example, in the old Facebook UI, you would hover over the ‘Inbox’ link to display a rop down box with 2, further options, of ‘View Inbox’ and ‘Compose Message’.  Under the new UI hovering has no effect.  You have to click to display the drop down box where the further options as shown.

Clicking on the Messages link gives a nice overview of the most recent messages on your inbox, from place you can choose to click on a message, compose a message or ’see all’ messages which takes you to the Inbox page.

There are two new links that side beside the Messages links which are Notifications and Requests.

The Notifications link acts in exactly the same manner as the Messages link and requires a click in order to display the drop down box as show below:

Again, you can click on an individual status to be taken to a page to view it in it’s entirety or you can click the ’see all’ link to be taken to the main notifications page.

The last of the 3 links is to display Requests (such as friend requests).  Again, exactly the same format where a click is required to display the drop down box.

My initial impression of this new layout technology is that it didn’t work.  The notifications don’t seem to be very responsive anymore.  Quite a lot of the time I have to manually check for new notifications and only then do I find out there are some.  The old style of notification, bottom right of the screen, worked much better and was more responsive.  Since drafting this post I have found that, in order to get a true notification (a little red number) you have to hit F5 refresh in the browser as clicking on ‘home’ to refresh the page is simply not enough.  Is that deliberate or an oversight I wonder?

It’s taking me some time to get used to the positioning of the new search bar.  There must be a reason why it’s been put there but I fail to see what.  Once could argue that it’s more inline with where you’d normally expect to find a search bar but, having been used to the Facebook search bar being on the top right, for so long I find it’s merely an annoyance while I get used to it.

I like the format of the new drop down boxes for Messages, Notifications and Requests but I don’t like the fact I have to click on them – a simple hover would be better and would be far more helpful when learning the new system.

The main feed has now been bordered by two vertical, thin, lines.  This helps improve visibility and concentrates the eye better.

Whereas, before, we had links for the applications on the bottom of our screen, we now have what are called ‘bookmarks’ on the left hand side as a navigation bar.  Apart from a couple of attributes I’ve yet to figure out (such as why do I have ‘1′ next the the groups?) I prefer this format and the corresponding format, when clicking on a link, is also better and kept inline with the new UI.  There is also an “App Directory” link that will take you to a dedicated apps page (although this doesn’t seem to show me my installed apps, just apps to install – something else to hunt around for).

The new UI for Facebook does look different to the old UI and it takes a bit of getting used to but the new features are, mainly, well thought through (as you’d expect from such a large site) although slightly slow.

I was all set to say “I don’t like this new layout” but, in actual fact, when researching it for this post I found that I actually do like it.  It’ll be interesting to see the overall reaction when it’s rolled out further.

Incidentally, I have removed certain information from the screen shots, such as last names and message content, purely for privacy reasons.

The screenshots and testing was performed on Safari for Windows V4.0.4.

OK, for starters, I just tried to update my status on Facebook voicing my displeasure at how atrocious Facebook has become only to be given the following message:

Here is the original status…

…is disappointed that Facebook is becoming such a challenge to use.

I don’t wish to have to constantly worry about Privacy settings, who sees what, what info is publicly available vs. what isn’t and what is being indexed by BBG (Big Bad Google).

Not only are Facebook insistent with constantly, unnecessarily, updating the UI, they have to mess around with other ’stuff’ that just really doesn’t need it.

With the web having evolved into what it is, things are supposed to be easier, not harder.  Patience and tolerance get considerably shorter and yet FB make it harder?  I wonder how long before FB user numbers start to drop (‘when’ not ‘if’)?

I, for one, have already deactivated one FB account and I’m seriously considering deactivating this account too.  I’m definitely using it less already.

My feeling on this is that it’s going to be easier to break out and use different services for different functions.

• Status updates?  Twitter / philipturpin.com
• Photos?  Flickr.
• Videos?  Youtube / 12 seconds.
• Content (links, posts etc)?  philipturpin.com

At least I know that anything I post here is publicly viewable, there is no confusion, and I can simply RSS the content into Facebook, thus still maintaining a presence, without being directly involved.

At least this way I’m not reliant on solutions by somebody else – I’m totally in control.

Incidentally, I can be found here:  http://facebook.com/philipturpin

When using Facebook tonight I noticed what appears to be another ‘Facebook Feature’ in the form of anonymous comments.  It appears that certain people, when commenting, have no avatars or names against the comments.  But this only appears to affect the normal Facebook site.  If you browse to http://touch.facebook.com you’ll see that the avatars and names exist next to the comments.

Take the example below, from the full Facebook site, of a Mashable post.  You can see, clearly, the names and avatars are missing.

The example below is from the Facebook ‘touch’ interface (http://touch.facebook.com) for the same Mashable post and you can see the names and avatars of the commenters.

Although this doesn’t appear to be a security issue it is a little inconvenient.