Simon Willison’s Weblog

76 items tagged “facebook”

Upgrades to Facebook’s link security (via) Facebook have started scanning links shared on the site for HSTS headers, which are used to indicate that an HTTP page is also available over HTTPS and are intended to be cached by browsers such that future HTTP access is automatically retrieved over HTTPS instead. Facebook will now obey those headers itself and link directly to the HTTPS version. What a great idea: all sites with sophisticated link sharing (where links are fetched to retrieve extracts and images for example) should do this as well. # 5th March 2018, 3:32 pm

The whole story is basically that Facebook gets so much traffic that they started convincing publishers to post things on Facebook. For a long time, that was fine. People posted things on Facebook, then you would click those links and go to their websites. But then, gradually, Facebook started exerting more and more control of what was being seen, to the point that they, not our website, essentially became the main publishers of everyone’s content. Today, there’s no reason to go to a comedy website that has a video if that video is just right on Facebook. And that would be fine if Facebook compensated those companies for the ad revenue that was generated from those videos, but because Facebook does not pay publishers, there quickly became no money in making high-quality content for the internet.

Matt Klinman # 7th February 2018, 3:51 pm

Whatever weird thing you imagine might happen, something weirder probably did happen. Reporters tried to keep up, but it was too strange. As Max Read put it in New York Magazine, Facebook is “like a four-dimensional object, we catch slices of it when it passes through the three-dimensional world we recognize.” No one can quite wrap their heads around what this thing has become, or all the things this thing has become.

Alexis C. Madrigal # 13th October 2017, 1:09 pm

How do I receive automatic updates from a Facebook group by email?

Facebook’s API does provide a feed of recent posts to a group:

[... 85 words]

What is the best way one can expand his or her professional network?

Go to events—local meetups, conferences, tradeshows... there’s no better way of expanding your professional network than to attend events and build in-person relationships with people.

[... 46 words]

Calendars: When posting a facebook event page for an event that is repeated on two dates, should you use one page or two? (The events are games that are identical and should not have overlapping players)

I would use separate pages. The most valuable part of a Facebook event page is being able to see who is going to that event (and hence which of your friends will be there). If there are two events on two separate days you want to be able to maintain two separate lists of attendees.

[... 97 words]

Does Facebook fly you to London when you apply for this office or are the interviews done remotely?

If they are anything like Google (which I expect they are) they will do the initial interviews remotely and then fly promising candidates to the London office (or even to California) for in-person interviews.

[... 58 words]

Why doesn’t xkcd site have social media share options?

My guess: he probably thinks they are a bit tacky.

[... 45 words]

Is there any way to generate thumbnails of web links like Facebook generates when we paste a link in status or comment?

There are a bunch of services that can do this. I’ve successfully used for this in the past.

[... 48 words]

Did Mark Zuckerberg have any knowledge on building scalable social networks prior to starting work on Facebook?

I’m going to bet he didn’t have this knowledge, simply because back when he launched Facebook in 2004 almost NO ONE had this knowledge—there simply weren’t enough “web scale” products around for the patterns needed to run them to be widely discussed.

[... 143 words]

Why does Facebook Comments Box only support two levels of hierarchy?

I’ve heard in the past that regular (i.e. non-geek) users often have enormous trouble understanding hierarchical comments—they don’t understand tree based file systems either.

[... 65 words]

If you missed out on joining to work at Google and Facebook, what should you do?

Remind yourself that there will always be more opportunities, and obsessing over what might have been is a huge waste of your time.

[... 45 words]

Does Facebook’s iPhone app use a proprietary web rendering engine instead of UIWebView?

I did my first bit of iPhone development recently (building the first version of the Lanyrd iPhone app) and there was one thing that came as a huge surprise: the principle reason that people think native apps are “snappier” or “more responsive” than native ones has nothing to do with the rendering performance of a webview vs a native view (especially on the iPhone 4S which is extremely fast).

[... 274 words]

Why Facebook open-sourced its datacenters. Jon Stokes speculates that Facebook plan to use open source hardware to compete with Google at datacenter efficiency . This isn’t a new pattern. Years ago when I worked at Yahoo! I was furiously jealous of the secret sauce technologies that allowed Google to build big applications faster than anyone else, such as BigTable and map/reduce. Today, the open source world has created better, free alternatives—sponsored in part by Facebook, Yahoo! and other Google competitors. # 9th April 2011, 7:54 am

The Inside Story of How Facebook Responded to Tunisian Hacks (via) “By January 5, it was clear that an entire country’s worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades.”—which is why you shouldn’t serve your login form over HTTP even though it POSTs over HTTPS. # 24th January 2011, 6:06 pm

What are some good social media events that will take place in 2011 in Middle East and North Africa region?

User StartupDigestME on Lanyrd follows entrepreneurship events in the region which may also cover social media topics:

[... 45 words]

Are there any well-known websites that use Facebook connect or Twitter OAuth as the only sign-in solution without its own sign-in password?

Our site only accepts Twitter OAuth logins (at least for the moment).

[... 42 words]

Why doesn’t Facebook use nicer URLs?

Just noticed this link:—so it looks like things are beginning to improve.

[... 28 words]

Facebook’s Instant Personalization: An Analysis of Fundamental Privacy Flaws (via) Oh FFS. “Instant Personalization” means you visit one of Facebook’s “partner websites” and Facebook instantly tells them your full identity and gives them access to full Facebook connect functionality—without you performing any action other than visiting the site. This will not end well. # 2nd October 2010, 11:53 pm

“Likejacking” Takes Off on Facebook. The Facebook Like button is vulnerable to Clickjacking, and is being widely exploited. Since Likes show up in your Facebook stream, it’s an easy attack to make viral. The button is implemented on third party sites as an iframe, which would seem to me to be exploitable by design (just make the iframe transparent in the parent document and trick the user in to clicking in the right place). I can’t think of any way they could support the embedded Like button without being vulnerable to clickjacking, since clickjacking prevention relies on not allowing your UI elements to be embedded in a hostile site while the Like button’s functionality depends on exactly that. # 3rd June 2010, 10:01 am

The Evolution of Privacy on Facebook. Brilliant infographic showing exactly how the visibility of different aspects of your Facebook profile has changed in increments since 2005. Also a nice example of Processing.js in action. # 9th May 2010, 11:53 am

Facebook’s Open Graph Protocol from a Web Developer’s Perspective. Best explanation I’ve seen yet of what the Open Graph protocol actually does. Add the RDFa-inspired metadata and a Like button to a standard web page representing a place, group, product, website or one of another limited set of object types and people can “Like” it just like they might join a fan page within Facebook itself. You can then send news feed updates to all of that page’s subscribers. The bootstrapped metadata can then benefit other services as well. # 26th April 2010, 1:21 pm

The new Facebook API exposes the events you attend to anyone on the Internet. I’m generally impressed by the new set of Facebook APIs—they’re a whole lot easier to work with than the older stuff—but they’re also clearly a bit half-baked and the privacy model needs some urgent work. The Graph API allows to to see all “open” events that any user has attended or is attending, which can exposes things like their friend’s home addresses. Yes, this means you can stalk Mark Zuckerberg. # 26th April 2010, 12:08 pm

Fear and Loathing in Farmville. “At multiple times during the conference, [Daniel] James expressed his serious ethical qualms over the path social gaming was laying for the industry. So many of the methods for making money are thinly-veiled scams that simply exploit psychological flaws in the human brain.” # 21st March 2010, 10:13 am

Facebook Adds Code for Clickjacking Prevention. Clever technique: Facebook pages check to see if they are being framed (using and, if they are, add a div covering the whole page which causes a top level reload should anything be clicked on. They also log framing attempts using an image bug. # 13th March 2010, 10:42 am

Some People Can’t Read URLs. Commentary on the recent “facebook login” incident from Jono at Mozilla Labs. I’d guess that most people can’t read URLs, and it worries me more than any other aspect of today’s web. If you want to stay safe from phishing and other forms of online fraud you need at least a basic understanding of a bewildering array of technologies—URLs, paths, domains, subdomains, ports, DNS, SSL as well as fundamental concepts like browsers, web sites and web servers. Misunderstand any of those concepts and you’ll be an easy target for even the most basic phishing attempts. It almost makes me uncomfortable encouraging regular people to use the web because I know they’ll be at massive risk to online fraud. # 2nd March 2010, 10:16 am

Making Facebook 2x Faster. Facebook have a system called BigPipe which allows them to progressively send their pages to the browser as the server-side processing completes to optimise client loading time. Anyone reverse engineered this yet to figure out how they actually do it? # 19th February 2010, 9:14 am

HipHop for PHP: Move Fast. Facebook have open-sourced their internally developed PHP to C++ compiler. They serve 400 billion PHP pages a month (that’s more than 150,000 a second) so any performance improvement dramatically reduces their hardware costs, and HipHop drops the CPU usage on their web servers by an average of 50%. “We are serving over 90% of our Web traffic using HipHop, all only six months after deployment”. # 2nd February 2010, 6:59 pm

tipsy. Simple Facebook-style tooltip plugin for jQuery. # 30th December 2009, 6:21 pm

The Dangers of Clickjacking with Facebook. theharmonyguy compiled a list of actions that can be triggered on Facebook by a single click, and hence are vulnerable to clickjacking attacks. The list includes authorising malicious applications, posting links to profiles, sending friend requests and sending messages to other users. Why don’t Facebook include frame busting JavaScript on every page? # 23rd December 2009, 10:20 am