Strixy
Is this you? Claim Profile »
5 months ago
in Facebook Has Problems With Latest Release on AllFacebook
"Another person contacted me to alert me to cross-site-scripting vulnerabilities in the current version of their code."
I would like to know more about this from a technical standpoint. I may be wrong here, but aren't most FB apps hosted on 3rd party servers? (I'm just starting to study FB myself, so I am new to the conversation) ie. servers owned by the developers of the app? Wouldn't it be prudent to allow certain amounts of cross site scripting in the first place and then limit access to the server to such scripts via the servers own configuration files?
If users are complaining about scripting vulnerabilities shouldn't they first look at their server configuration? Well, that depends on the nature of the bug. Who are these people and can you provide a reference for their concern? I would love to check this out in more technical detail.
I would like to know more about this from a technical standpoint. I may be wrong here, but aren't most FB apps hosted on 3rd party servers? (I'm just starting to study FB myself, so I am new to the conversation) ie. servers owned by the developers of the app? Wouldn't it be prudent to allow certain amounts of cross site scripting in the first place and then limit access to the server to such scripts via the servers own configuration files?
If users are complaining about scripting vulnerabilities shouldn't they first look at their server configuration? Well, that depends on the nature of the bug. Who are these people and can you provide a reference for their concern? I would love to check this out in more technical detail.
5 months ago
in Will You Quit Your Job for Facebook? on AllFacebook
Limiting my access to the web is like limiting my access to the phone for personal calls. We all know that personal calls should be kept to a minimum. So should Internet use. If you have an employee who is constantly on the phone talking to their friends etc... how do you handle that? Put restrictions on the phones as to the numbers they can dial out and block unrecognized incoming calls? Take away their cell phone? I don't think so. You let the employee know that their behavior is unacceptable and ask them to limit their own access. If it continues, you let them go. Just like you would if they were making an unacceptable amount of personal phone calls.
Besides, there are ways to circumvent the blocks and restrictions.
Besides, there are ways to circumvent the blocks and restrictions.
6 months ago
in Were Facebook’s Loose Limits Self-Destructive? on AllFacebook
Applications on FB are no different than any other website out there. When you sign up for a web forum or blog or what have you, you are giving the operators of the site your email address. If a site becomes large enough they will eventually be scraped / harvested for email addresses by spam bots. Whenever and wherever you post personal information, especially your email address, to any website you are asking for spam.
Not to mention the number of websites that actively sell their email contact lists from the site to 'approved 3rd party vendors'.
FB applications are no different.
How many people actually take the time to read about the application before they 'install' it? I would say that it's about the same number of people who actually take the time to read through the Terms of Service of a web site before they apply for an account - slightly more than 0.
Applications on FB are no different than any other web site out there. You don't know what you're getting into unless your friends recommend it.
Jeremy @ 1 says he has, "been told that I need to invite X of my friends to see the results... Now I ignore application invitations - they are likely to have come from applications that want me to do that".
What he doesn't expand on is the scenario where his friends communicate with him their delight with a FB application through other means, eg. email, chat, phone, IRL, etc.
If you received an email in your inbox requesting that you sign up for a website you would filter it as spam. If your friend told you about some cool new website while out for a couple of wobbly pops after work, you would be much more inclined to check it out.
FB's initial loose limits policy opened them up to the world wide web. It was one of the reasons they made it so big so fast. When you do that, you open yourself up to all the pitfalls and dangers that go along with it. The web is no different in that respect.
Other websites pop up much faster than FB applications and with more ferocity / advertising.
Applications on FB are not without their advertising. As Jeremy pointed out above, "More than once I’ve installed an application, completed some information, and then been told that I need to invite X of my friends to see the results." This is advertising. You can liken it to spam if you like, but it is a little different.
Viral advertising strategies are not new. They have been around since the 70's. Sure, we call it something else now that it is on the web, but really, it's advertising.
How do you advertise your FB application if inviting your friends isn't a requirement?
Look at it a little differently. The advertising has a strange interaction with the user. It requires you to advertise their application to your friends in order to use it. So the developers of the application get free advertising and you get to use their application.
Compare that to a normal web site. You use their website while they advertise some other 3rd party product to you via banner ads, media inclusions, text ads, etc...
A FB application serves advertising in the traditional sense as well as in this strange, invite a friend, viral advertising sense.
Nobody ever complains about the amount of 'traditional' advertising in a FB application. They only object to having to invite their friends. Emphasis on 'having to'.
If you weren't required to advertise the application to your friends, you could use the application for free as much as you wanted to. Which is, lets be honest here, highly likely.
But what about those applications you seriously appreciate? Wouldn't you tell your friends about it using some other method like a phone call, chat, email, etc? If you love the application that much, you would advertise for free it anyway.
Facebooks' continued loose limits prove this time and again. People get to the point where they are required to invite friends and decline to continue. Well... unless the application is absolutely stellar and they don't mind inviting 10 of their friends.
What I don't understand is this. If a FB application is really that stellar that people are willing to invite their friends, making it a requirement to invite 10 of them really invites the user to ONLY invite 10 of them.
Isn't it somewhat obvious that these applications are only shooting themselves in the foot by making it a requirement to invite 10 friends? Don't like that idea? Look at it from a different perspective.
Imagine what the state of the world wide web would be today if every time you signed up for a web forum or a free email account you were required to invite 10 friends?
Like Jeremy said above and other have said before (and will say again), if "I need to invite X of my friends to see the results. I don’t want to, so I remove the application."
It's not Facebooks open policy that is screwing up Facebook, it's all the narrow minded application developers who simply don't understand advertising. Requiring people to invite friends to use their application is advertising their application as useless. Regardless of how good it is.
I love Facebooks' open policy. I love that all the really crappy applications require you to invite your friends. It let's me know that I don't want to use it.
I don't just decline to invite my friends or uninstall those crap applications, I block them. What I wish Facebook would do is add a way for me to invite my friends to block a particularly crappy application. Now that's an invitation I would send out with glee.
Keep the open philosophy. Keep the required invitations. Give me a link that says, "invite your friends to block this application too" and I will use it like a virus scanner - daily and with much vigor.
I'm sure they would too.
Not to mention the number of websites that actively sell their email contact lists from the site to 'approved 3rd party vendors'.
FB applications are no different.
How many people actually take the time to read about the application before they 'install' it? I would say that it's about the same number of people who actually take the time to read through the Terms of Service of a web site before they apply for an account - slightly more than 0.
Applications on FB are no different than any other web site out there. You don't know what you're getting into unless your friends recommend it.
Jeremy @ 1 says he has, "been told that I need to invite X of my friends to see the results... Now I ignore application invitations - they are likely to have come from applications that want me to do that".
What he doesn't expand on is the scenario where his friends communicate with him their delight with a FB application through other means, eg. email, chat, phone, IRL, etc.
If you received an email in your inbox requesting that you sign up for a website you would filter it as spam. If your friend told you about some cool new website while out for a couple of wobbly pops after work, you would be much more inclined to check it out.
FB's initial loose limits policy opened them up to the world wide web. It was one of the reasons they made it so big so fast. When you do that, you open yourself up to all the pitfalls and dangers that go along with it. The web is no different in that respect.
Other websites pop up much faster than FB applications and with more ferocity / advertising.
Applications on FB are not without their advertising. As Jeremy pointed out above, "More than once I’ve installed an application, completed some information, and then been told that I need to invite X of my friends to see the results." This is advertising. You can liken it to spam if you like, but it is a little different.
Viral advertising strategies are not new. They have been around since the 70's. Sure, we call it something else now that it is on the web, but really, it's advertising.
How do you advertise your FB application if inviting your friends isn't a requirement?
Look at it a little differently. The advertising has a strange interaction with the user. It requires you to advertise their application to your friends in order to use it. So the developers of the application get free advertising and you get to use their application.
Compare that to a normal web site. You use their website while they advertise some other 3rd party product to you via banner ads, media inclusions, text ads, etc...
A FB application serves advertising in the traditional sense as well as in this strange, invite a friend, viral advertising sense.
Nobody ever complains about the amount of 'traditional' advertising in a FB application. They only object to having to invite their friends. Emphasis on 'having to'.
If you weren't required to advertise the application to your friends, you could use the application for free as much as you wanted to. Which is, lets be honest here, highly likely.
But what about those applications you seriously appreciate? Wouldn't you tell your friends about it using some other method like a phone call, chat, email, etc? If you love the application that much, you would advertise for free it anyway.
Facebooks' continued loose limits prove this time and again. People get to the point where they are required to invite friends and decline to continue. Well... unless the application is absolutely stellar and they don't mind inviting 10 of their friends.
What I don't understand is this. If a FB application is really that stellar that people are willing to invite their friends, making it a requirement to invite 10 of them really invites the user to ONLY invite 10 of them.
Isn't it somewhat obvious that these applications are only shooting themselves in the foot by making it a requirement to invite 10 friends? Don't like that idea? Look at it from a different perspective.
Imagine what the state of the world wide web would be today if every time you signed up for a web forum or a free email account you were required to invite 10 friends?
Like Jeremy said above and other have said before (and will say again), if "I need to invite X of my friends to see the results. I don’t want to, so I remove the application."
It's not Facebooks open policy that is screwing up Facebook, it's all the narrow minded application developers who simply don't understand advertising. Requiring people to invite friends to use their application is advertising their application as useless. Regardless of how good it is.
I love Facebooks' open policy. I love that all the really crappy applications require you to invite your friends. It let's me know that I don't want to use it.
I don't just decline to invite my friends or uninstall those crap applications, I block them. What I wish Facebook would do is add a way for me to invite my friends to block a particularly crappy application. Now that's an invitation I would send out with glee.
Keep the open philosophy. Keep the required invitations. Give me a link that says, "invite your friends to block this application too" and I will use it like a virus scanner - daily and with much vigor.
I'm sure they would too.