Web 2.1

Always the punctual adopter, I joined Facebook around the end of 2007. Since then I've observed many tweaks to Facebook's features, but not until recently when I set up a second account for work, did I really take notice of certain changes, especially those that relate to privacy and sharing of data.

If you don't already know that I'm a huge cynic, then you will do shortly. I'm going to lay out my observations as factually as I can, but they will be tainted with my usual dose of suspicion, fear and resentment. Below is a list of feature creep that I've observed, but there is an underlying point. If you don't want to read the list, just skip to the bit at the end.

(more…)

I've noticed a lot of Facebook privacy creep recently. I intend to go into more detail in my next post, but this week saw a new Facebook feature worth a special mention because some are commenting that it breaks Facebook's privacy model. I ran my own test to see for myself that [-Spoiler warning-] it does a bit, but not as much as you might have feared. Read on and decide for yourself whether they are breaking their privacy assurances.

(more…)

Well I did buy it in 1992, or rather I bought the album; but in 2009 I did not buy it as part of the ratm4xmas campaign to keep Joe McElderry (read: Simon Cowell) from the UK Christmas No.1 spot. Here's why …

(more…)

I woke up this morning to the apparent viral spread of the TweetCloud app that unoriginally, but very nicely displays your most tweeted words of the year, or month, or .. you get the idea. Here's mine ->

(more…)

After nearly two years I've finally gotten around to releasing my PHP JavaScript parser, although documentation is still thin on the ground.

• Download jParser 1.0.0 (recommended)
  
• Download jParser devel package (Full source and build scripts)
• See the library examples running at timwhitlock.info/jparser

The library has been split in two:

1. jTokenizer – A JavaScript tokenizer designed to mimic the PHP tokenizer.
2. jParser - The fully blown JavaScript syntactical parser which generates a parse tree.

(more…)

- or – "Confessions of a Google Wave N00b"

After scrounging myself a B-list Google Wave preview, I've been playing around with it for a week or so. Rather than read more and think deeply about it, I thought I'd blurt out my half-formed opinions now. In fact, this is one of those posts I'll probably regret in a year's time. It might look as naive as some of my early thoughts on Twitter when I didn't quite get it, but that's blogging for you… so here goes.

(more…)

Two things happened today that inspired me to write this post tonight.

1. A brief back-and-forth on Twitter with @kaigani where I outlandishly claimed that Facebook Connect is a phishing scam waiting to happen
2. The warning of another Twitter scam that typically exploits the layman's inability to spot a fake URL.

Facebook and Twitter both offer authentication services arguably known as "single sign-on". Facebook Connect is a proprietary system, and Twitter offers a system based on the OAuth standard. These services do something quite marvellous – They allow you to authenticate with a another website without the third party ever seeing your password. What's makes it even more handy is that you're probably already signed in to these popular services, so you may not need to enter your password at all. The problem is when you do.

(more…)

Last week a another change to Twitter caused me problems with my personal project TwitBlock. For the impatient, see my Google groups post about it. (It didn't go down very well).

If you're a Twitter user, you're probably familiar with this image:

It is/was the default profile image for users that have not uploaded a custom avatar. You may also have noticed last week that Twitter has introduced a new version. Actually they they made seven of them in different colours:

At least I think they made seven; I can't find any more, but I can't find any official document stating how many are out there either.

(more…)

There is a kind of spambot that I call a Sleeper. It poses as a legitimate account by "stealing" arbitrary tweets from the public timeline and tweeting them as its own. As it follows people, a proportion will follow back. Eventually this account will have built a mature  following and can "wake up". i.e. it can start tweeting its cargo and even send DMs.

These bots are usually easy to spot because their tweets all show as being "From API", meaning that the update wasn't sent by a registered app using OAuth. If I was a spammer, I'd be wanting to fix that because it's a dead give away. I've also seen other services such as HelloTxt being used by these bots, but just now I spotted something new. – Tweets from Tweetie.

(more…)

I just installed the WPTouch WordPress plugin which gives iPhone and Android visitors a tailored mobile UI.

It' s great, here's a pic of the iPhone interface (courtesy of @pepijndevos)

(more…)