Ajax Girl

It didn’t take long for someone to hack the first OpenSocial application. In fact, it took just 45 minutes.

A developer who goes by the alias “theharmonyguy” and describes himself as “just an amateur” claims to have compromised the RockYou OpenSocial application called emote (see the Plaxo blog for details on the application). Specifically, he claims to have added a number of emoticons to Plaxo VP Marketing John McCrea’s profile within 45 minutes of it launching.

In an email, McCrea said he added all of the emoticons himself and his account doesn’t appear to be hacked. But when I asked theharmonyguy to hack my Plaxo account he did, within minutes, adding four quick emoticon messages such as “michael arrington is getting my bling on” and “michael arrington is w00t” (see image to left, none of those were added by me). theharmoneyguy then added one more to McCrea’s account, which will be difficult for him to deny:

theharmonyguy also pointed out specific problems with RockYou’s code, including some fairly humorous comments:

Some interesting code in there. For one, the app still doesn’t seem to be live for most of us (John McCrea from Plaxo has used it somehow) - it currently loads a “Please wait” iframe that never changes. But check out these code comments:

// TODO: no error checking - we’re bold…

// TODO: figure out why this is necessary???

Also, the code constantly branches between Plaxo and “default,” which appears to be Orkut. In fact, there are some hardcoded names that I bet showed up in some OpenSocial screenshots somewhere:

if (getContainerType() == “orkut”)
{
friendIds[iNumFriends] = “11285577331363942034″;
friendNames[iNumFriends] = “Raymond Chan”;
iNumFriends = iNumFriends + 1;

friendIds[iNumFriends] = “15479081059638046412″;
friendNames[iNumFriends] = “Jia Shen”;
iNumFriends = iNumFriends + 1;
}

theharmonyguy says he’s successfully hacked Facebook applications too, including the Superpoke app, but that it is more difficult:

Facebook apps are not quite this easy. The main issue I’ve found with Facebook apps is being able to access people’s app-related history; for instance, until recently, I could access the SuperPoke action feed for any user. (I could also SuperPoke any user; not sure if they’ve fixed that one. Finally, I can access all the SuperPoke actions - they haven’t fixed that one, but it’s more just for fun.) There are other apps where, last I checked, that was still an issue ( e.g. viewing anyone’s Graffiti posts).

But the way Facebook setup their platform, it’s tons harder to actually imitate a user and change profile info like this. I’m sure this kind of issue could be easily solved by some verification code on RockYou’s part, but it’s not inherent in the platform - unlike Facebook. I could do a lot more like this on FB if Facebook hadn’t set things up the way they did.

Oh, Facebook apps can also be prone to injection - I can insert any FBML I want onto the canvas pages of one popular app. But once again, I can’t really do anything, because to interface with the app requires me to have code related to that app, which isn’t generally available. Not sure if Google’s iframe implementation will be the same way.

Of course, the ability to change emoticons isn’t a particularly malicious hack; but the ease in which this was done suggests that Google has some work to do in getting its new platform stable. If they don’t, more damaging stuff may be on the way.

Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/179069684/

New service Twitter Poster from Spanish company Come and Click Networks provides a mashup of Twitter profile pictures that are sized relative to the influence of each Twitter user, based on the number of followers and the number of Tweets popular users make.

Influence posters are available for the United States, Japan, Brazil, United Kingdom, Spain, Germany, Australia, Italy, Mexico, Canada, France and Taiwan, in addition to a global poster on the front page.

It’s a pretty mashup, but the usefulness of it isn’t clear. I’ve already seen folks on Twitter talking about why some people have bigger profile pictures than others, and how they can change this, so it might have the potential of becoming a Technorati-style top list for Twitter users, but aside from this its just nice eye candy.

(thanks to Dave The Rooster for the tip)

Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/179032074/

Above is the latest Zune Social TV advert from Microsoft. I’ve watched it a couple of times now and I’m not sure whether I suppose to think that it’s clever, or it’s representative of a Lewis Carroll-esque fantasy of someone on an acid trip. I’m still more likely to buy a new iPod, but as TechCrunch commenter’s love to point out, I’m an Apple fanboy now anyway. What do you think?

The accompanying Zune Journey website is here and it’s just as trippy.

(via istartedsomething)

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/179026099/

Sometimes products are easy to sum up in single sentences, sometimes they are most definitely not. Whrrl, a new site by Pelago, is one of those that eludes definition. Hence, Pelago’s need to describe it unhelpfully as “a seamlessly integrated Web and mobile experience that is social, useful, and fun” (I admit, my headline’s not that much better).

Let’s start with the fundamentals and go from there. Whrrl is at heart a social network, as are many websites we see these days. But it’s a social network with a purpose (or, several related purposes, as we shall see). Members primarily use Whrrl to share their opinions and knowledge about local outfits, such as restaurants, bars, retail stores, and hotels. In the spirit of Yelp, users can find basic information about establishments and then, more importantly, share reviews of them (with brief descriptions and a star rating system). You can also write simple notes that correspond with particular locations, notes you can choose to share with all Whrrl members or just your friends.

Whrrl is also a mapping service of all the establishments that can be reviewed. After signing up for the site, half your screen will be dedicated to an interactive map provided by Google on top of which Pelago has dropped identifiers for your local establishments. Scan the map to find local outfits and click on their dots to pull up reviews and basic information about them. If a certain store or restaurant has been reviewed favorably or unfavorably overall, its dot on the map will indicate that fact. Opt to see indicators for establishments that have only been reviewed by your friends, or choose to view the map aggregating everyone’s contributions.

If you don’t want to find establishments using a map, you can use the Whrrl Sifter tool to perform a keyword search and then specify criteria (e.g, cheap, open now, baked goods, within 5 miles). No matter how you explore local destinations, Whrrl is intended primarily to help you share your experiences with friends. If you click on someone’s name anywhere that it is referenced, you’ll be shown on the map some of the places they have reviewed or rated.

Whrrl is also a mobile application for two main reasons: Pelago provides a full-featured version of the site for mobile devices, and soon you will be able to track your friends via GPS (if they let you). While most of the reviewing will take place on a computer (since many people don’t have mobile devices that make typing easy) you can access the site’s reviews on a map using your handheld. This makes it easier to figure out where to eat when you’re already out on the town. You can also post images and receive alerts about your friends activities from your phone. If your friend rates a place nearby, you can bookmark it for later.

As for the GPS, Whrll will be competing with other tracking services like Loopt to provide a way for your friends to find out where you are currently located. If you install the software on your phone and choose to share your location with friends on a white list, they will be able to see you real time on Whrrl’s map. Pelago says they have been working on a patented probablistic model to ensure that people’s locations are reported accurately. The system will report the actual establishments your friends are at, so you don’t even need to look at a map. The GPS functionality is all optional of course, and if you turn it on, the software on your phone will even ask you from time to time whether you still want it on. This is to prevent someone from tracking you without your knowledge.

As for the future of Whrrl, the company is adding more support for events. Currently you can use the system to tell your friends when you’ll be at a certain location. In the future, there will be more information in Whrrl associated with events (you’ll be able to add reviews of them, for instance). Pelago is also working on more ways to get information into the system. They contracted out to a team in the Philippines to manually collect all of the basic information about food and drink establishments currently in Whrrl. In the future, they will collect more information about non-restaurant establishments and eventually will turn the system into a wiki of sorts so users can edit most everything.

Pelago raised $7.4 million last November from Kleiner Perkins Caufield & Byers, Amazon founder Jeff Bezos, and Trilogy Equity Partners. They are currently running a promotion campaign with American Eagle to get the word out to Whrrl’s target demographic, 18 to late 20 year olds. Robert Scoble recently recorded an interview with Pelago CEO Jeff Holden.

Yelp

Loading information about Yelp…

cb_widget_report_widget(”cb_widget_1194050765″); cb_widget_report_element(”cb_widget_0_1194050765″,”yelp”);

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/178999345/

Satisfying UI design is often illogical

“Usability tests and theories about interaction are tools. Very useful tools, but still just tools — not purposes onto themselves. The real goal is user satisfaction, and some of that is really illogical and messy.”

The new Tumblr looks impressive

“It’s been six months since we launched Tumblr 2.0. We’ve spent a lot of time looking at the ways you’ve been using Tumblr, want to be using it, and could be using it. Today, we’re delighted to show you the culmination of all your feedback and support. The most powerful and simple application we’ve ever built.”

More on email vs. RSS

“As much as I’d like to see RSS replace email, it’s just not going to happen overnight. RSS has to become brain dead simple to use. When the soccer moms, myspace kids, construction workers, and grandmothers can use RSS, commercial email will give way to RSS. Because RSS is a lot better.”

Book: “The Architecture of Happiness”

“It’s the architect’s task to design buildings that contribute to happiness by embodying ennobling values. While he makes no claim to be able to define true beauty in architecture, he suggests some of the virtues a building should have (illustrated by pictures on almost every spread): order combined with complexity; balance between contrasting elements; elegance that appears effortless; a coherent relationship among the parts; and self-knowledge, which entails an understanding of human psychology, something that architects all too often overlook.”

Dean Kamen previews new prosthetic arm

“Inventor Dean Kamen gives a 5-minute talk about the extraordinary prosthetic arm he’s developing at the request of the US Department of Defense, to help the 1,600 “kids” who’ve come back from Iraq without an arm (and the two dozen who’ve lost both arms). Kamen’s commitment to using technology to solve problems, and his respect for the human spirit, have never been more clear than in this deeply moving clip.”

Send photos straight from your camera to Flickr

“First your phone went wireless, then your laptop, now finally, your camera! Never scrounge around for a USB cable again! Eye-fi is a magical orange SD memory card that will not only store 2GB worth of pictures, it’ll upload them to your computer, and to Flickr, Facebook, Picasa (or 14 others) wirelessly, invisibly, automatically!”

The best/worst logo remakes of the century

“When it comes to re-branding a corporate identity, you would imagine that the CEO would take great care in making such a decision. In some cases, this is not true. In fact, there are many cases where you begin to question the sobriety of those in charge when they decided to remake their brand.”

What a spec can’t reveal

“A spec can’t reveal everything. Clients can’t use the spec for their real work, and they’ll never notice just how many keystrokes it takes to do basic operations until you get, at least, a UI prototype working. A good way to defend yourself against this is to deliver lots and lots of interim versions to the client: real, working interim versions, and get them using it so you can build feedback into future iterations. Rather than going off in a cave and building something for a year, only to find out that 9 months of that work is wasted, you show the client something every month, say, and get instant feedback and then you adjust directions if needed.”

Review of Leopard

“It’s a cornucopia of Obviously Bad Ideas, again addressed more thoroughly by others. This is like the folder icon situation all over again, but even worse. It’s an example of sacrificing usability for the sake of purely aesthetic changes that are far from universally loved (to put it mildly) in isolation, and inexcusable given the price paid for them.”

Motorhead Messiah

“Johnathan Goodwin can get 100 mpg out of a Lincoln Continental, cut emissions by 80%, and double the horsepower. Does the car business have the guts to follow him?”

Source: Signal vs. Noise
Original Article: http://www.37signals.com/svn/posts/688-sunspots-the-horsepower-edition

There has been endless speculation around the new advertising network that Facebook will be launching next Tuesday at ad:tech in New York.

There are at least two pieces to the network. One is getting more data in about what users do when they aren’t at Facebook, allowing for far more targeted advertising. The second is running those ads, perhaps even off the Facebook network itself. And then there is the Microsoft angle - since they have some rights to serve advertising on Facebook, it’s unclear how they fit into it all.

Many of the details are still vague, but a leaked Facebook document makes at least one part of the network clear. Facebook is going to be gunning hard to get lots and lots of third party data about its users into its database.

Project Beacon

Beacon is the internal project name at Facebook around an effort to work with third parties and gain access to very specific user data. An example may be a purchase of a book or DVD from Amazon. Under Beacon, the fact of that purchase will be sent to Facebook and automatically included in the user’s News Feed.

At the point of sale on the third party site, the user will see a “toast” popup asking them if they approve the sale information being included in their Facebook News Feed:

The feed information includes the user name, what they did (bought something), what they bought, and where.

Users have a number of privacy options - opt in to always including this data in their news feed, opt out to never include it, or opt in to include it with a secondary confirmation via the toast above. Users can also opt in/out for specific third parties:

From what we hear, third parties supply this data to Facebook without compensation; what they get in return is a link back in the News Feed. Facebook, of course, gets incredibly valuable data about the user. This data can be used to serve targeted (highly, highly targeted) ads back to them.

Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/178851381/

That was the subtext of the message the Federal Trade Commission delivered to Web advertisers, in particular with relation to ads that track consumer behavior. According to Reuters:

FTC Commissioner Jon Leibowitz said Internet advertisers should tell consumers that information was being gathered, give them a choice to opt out, and protect any data collected.

While there is nothing particularly new about the advertising technologies the FTC is worried about, Washington seems to be just waking up to the privacy implications of how ads are served to consumers across the Web. As election year approaches, expect to hear a lot more sabre-rattling on this issue.

AOL’s announcement on Wednesday to let people opt out of having its advertising systems place cookies on their browsers was conveniently timed for the day before the hearing. Calls for an industry-wide do-not-track list are also picking up. A do-not-track list is a good idea. Not that it would ever be enforceable. But opt-out systems are preferable to someone at the FTC deciding which advertising tactics are acceptable and which ones are not. Ultimately, the market should reward the advertising platforms that produce the most relevant ads, which are good for both advertisers and consumers. And if people want to opt out of these system altogether, well that is a market signal also.

Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/178939655/

In the rush to develop entirely new Web 2.0 systems based on Ajax, it is often easy to lose sight of how it can be used to improve the so-called “legacy” enterprise systems. Over at the Ext JS blog, there’s a post about German developer who put together a reporting/BI application to front-end RPG code running on an AS400.

The backend serves up JSON data (together with this old article about reskinning a Spring MVC application with Tibco GI, it makes for a solid approach for refactoring existing webapps) to the Ext JS/Flash front-end. Slick. You can view a demo (unfortunately in German for you non-German speakers) here.

Source: Ajaxian
Original Article: http://feeds.feedburner.com/~r/ajaxian/~3/178817512/new-ajax-for-old-iron

Natural-language search startup Powerset is going through some growing pains. Barney Pell is stepping down from the CEO spot. He will now become the CTO, and he and Powerset’s board will conduct a search for a new CEO. Powerset’s other founder and COO, Steve Newcomb, is not in the running for the top job. He has left the company.

At the Web 2.0 conference, Pell gave an impressive demonstration of Powerset’s search technology, although it was restricted to a limited data set. How the search engine will do against the entire Web, which is a much bigger technical challenge, has yet to be seen.

But this shakeup does raise a big question. Why step down as CEO and leave a huge leadership gap (with no COO either) before you find a new CEO to take things over? Perhaps this was done more for internal reasons. Announcing everything all at once sends a signal to employees about the direction of the company, and minimizes future surprises. The CEO search also indicates that Powerset may finally be ready to open up its search engine to the general public sometime next year. You can read Pell’s explanation about the transition here. (You can read our previous coverage here).

Powerset

Loading information about Powerset…

cb_widget_report_widget(”cb_widget_1194019797″); cb_widget_report_element(”cb_widget_0_1194019797″,”powerset”);

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/178807465/

The debate on ECMAScript Edition 4 / JavaScript 2 continues with Brendan Eich, CTO of Mozilla, posting an open letter to Chris Wilson, Lead Architect for Internet Explorer. This is largely a restatement of the mailing list posting we covered earlier, but contains a more organized and formal rebuttal to some of the ES4 / JS2 critics that have been flying around recently.

Here’s hoping engineering concerns triumph over politics. The parties concerned read stories and comments on Ajaxian, so post comments on this story to make your voice heard.

Source: Ajaxian
Original Article: http://feeds.feedburner.com/~r/ajaxian/~3/178798991/brendan-eichs-open-letter-to-chris-wilson