The Rob blog

Did you know that there is a universal password that works for any account on Facebook? Also that FB staff have been fired for abusing that password?

Rumors say that Facebook have 200 to 220 million active users spread around four datacenters around the world, hosted on 8.000 servers.

FB is also the largest photo distributor in the world with roughly SIX TRILLION images.

All this and more comes from an anonymous insider at Facebook.

You might argue if this is fake or not, but read the full story at: The Rumpus

Kevin Mitnick, the world famous Hacker, has the greatest business card. A Lock Picking set! :)

Read more at flickr

David Heinemeier Hansson is the creator of the Ruby on Rails framework and Partner at 37Signals gives insight into creating a profitable startup company. "There is too little talk among startups about making money"

Everybody is chasing the big buyout lottery. He talks about having a price on your product, which is the obvious solutions to create a profitable company, but yet easily forgotten in the web startup scene.

Marc Andreessen, a true legend, Founder of Ning, Netscape and the Creator of Mosaic, provides his good advice for startups.

He's talking about, among other things, the biography of Steve Martin where he describes how to be successful, and says, "be so good that they can't ignore you", which Marc translates to "have an idea that is so good that they can't ignore you".

Marc also explains how to attract a great team, and how the "law of crappy people" works. Great video.

Norm Meyrowitz of NKM Advisors talks about 20 questions for startup success. "It's easier than you think to get VC money. It's much harder to create a successful company" He is not the best talker, but it's definitely worth to watch!

I just installed Chrome for Mac to try it out for my websites. When I launched browser it could not import settings from FireFox. After it opened it showed this screen:

First it's quite annoying showing the Swedish Google Search, since I have English OS and always use English Search. And whats up with the Google Chrome Install button? Can't it tell that I have Chrome?!

Live streaming from Le Web 2009

Video:

Wish I could be there IRL :)

Here are three really good viral campaigns going on right now. The videos are measured on a True Reach basis, which includes viewership of both brand-syndicated video clips and viewer-driven social video placements. 

By the way, the rollin' babies are cool but also a bit scary :P

1. Sexy Pilgrim

2. Tony Hawk Ride

3. Live Young

Go to Visible Measures for top 10

Hi, I just updated my Lazy Loading script to also handle Style Sheets, so why not publish it to the public? I got the original script (written by: Bob Matsuoka) a while back from this Ajaxian article. It did not work 100% for my needs so  I did some changes:

First I created a callback function so that it adds the loaded script only after it's done (i.e. the callback)

Then I added support for lazy loading of stylesheet files.

How to use it:

var file = "myscript.js";
var callback = function(){
 alert("Done loading "+file);
};

LazyLoader.load(file, callback);

The code:

var LazyLoader = {}; //namespace
LazyLoader.timer = {};  // contains timers for scripts
LazyLoader.scripts = [];  // contains called script references
LazyLoader.load = function(url, callback) {
    // handle object or path
    var classname = null;
    var properties = null;

    var executeCallback = function() {
        LazyLoader.scripts.push(url);
        callback();
    };

    //  try {
    // make sure we only load once
    if ($A(LazyLoader.scripts).indexOf(url) == -1) {
        // note that we loaded already
        var script;
        if (url.indexOf('.js') != -1) {
            script = document.createElement("script");
            script.src = url;
            script.type = "text/javascript";
        } else if (url.indexOf('.css') != -1) {
            script = new Element('link', { rel: 'stylesheet', media: 'screen', type: 'text/css', href: url });
        } else {
            alert('unsupported lazy loading');
        }
        $$("head")[0].appendChild(script);  // add script tag to head element
        // was a callback requested

        if (callback) {
            // test for onreadystatechange to trigger callback
            script.onreadystatechange = function() {
                if (script.readyState == 'loaded' || script.readyState == 'complete') {
                    executeCallback();
                }
            }
            // test for onload to trigger callback
            script.onload = function() {
                executeCallback();
                return;
            }
            // safari doesn't support either onload or readystate, create a timer
            // only way to do this in safari
            if (Prototype.Browser.WebKit || Prototype.Browser.Opera) { // sniff

                new PeriodicalExecuter(function(pe) {
                    if (/loaded|complete/.test(document.readyState)) {
                        pe.stop();
                        executeCallback(); // call the callback handler
                    }
                }, 1);


            }
        }
    } else {
        if (callback) {
            executeCallback();
        }
    }

 Please note that you need to reference the prototype.js framework for DOM lookups. The code above can easily be modified to use jQuery or another instead.

Enjoy!

Terence Eden wrote in his blog post that Twitter has a gaping security hole and that changing the password won’t stop malicious users logging in as you.

Implementation error

I'd say that this is both Twitters fault and OAuth. If you suspect that someone has compromised your account and you change the password, the OAuth token should be deleted. Even though the documentation doesn't suggest it, the engineers that implemented it should make sure that if you change your credentials, the token is removed from all connecting sites.

Easy to use vs Security

Hijacking session tokens is a general design problem for a lot of social networking sites, because they want to ease the login procedure for members and still keep the sessions secure. There was a similar security threat reported for Facebook and MySpace, that malicious applications in Flash could read the member tokens to take over their account.

This is not a problem only for Facebook, Twitter or even OAuth, but a system design issue for websites in general that use these there technologies. You must always look at what data can be accessible by whom. Especially when you allow 3:rd party applications, or user generated content.

I hunger for information.

So should you.

I usually don’t buy a lot of books, and because of Google search and blogs you don’t really need to spend money when you just need a little bit of information in a whole book.

But there are exceptions to that and I’ll write what books I have read and find very important, especially to web companies.

I think there are four or five books that I have bought lately, which I tend to come back to and browse over and over. One book is called “Don’t make me think” by Steve Krug. The back says “A common sense approach to web usability”. This is a very interesting and utterly important part of web development. A cool site alone is not going to cut it. People need to understand how to use it (preferably without using too much brain).  As the book states it’s not rocket surgery! Most of the points in the book is just common sense but in all the hurry of producing, yet easy to forget.  One bad thing though, is that the examples are a bit old.

The other book is called “Programming Collective Intelligence”. I think one of the most important tasks of a modern web site is to utilize the collective intelligence and based on that form, filter and present information. The book covers topics such as Making recommendations, Discovering groups, Search and ranking, Building price models and other really interesting things.  In the end of the book it also have recommendations to third-party libraries and math formulas to all the covered topics.

These two books combined, is a killer when it comes to modern information and social websites.  You need to make use of the user base as well as making it look good and intuitive!
 

When building web apps it is often that you customize content depending on the geographical location of the visitors. The easiest way to achieve this information is that you ask them where they are from, by choosing a country from a long drop-list. The thing is that we developers always want to solve things automatically by code (even when it is not really necessary). I found a excellent free IP to GeoLocation service http://ipinfodb.com, and hacked together a small class that queries the API with the IP address from the visitor.

The code:

using System.Net;
using System.Xml;

namespace Portal.Web.API.Geo
{
    public class IPGeoLocation
    {
        private const string Service = "http://ipinfodb.com/ip_query.php?ip=";
        public string City = string.Empty;
        public string Country = string.Empty;
        public bool FoundGeoData;
        public string Ip = string.Empty;

        public IPGeoLocation(string ip)
        {
            var request = (HttpWebRequest) WebRequest.Create(Service + ip);
            request.SendChunked = true;
            request.Timeout = 5000;

            var response = (HttpWebResponse) request.GetResponse();
            var xd = new XmlDocument();
            xd.Load(response.GetResponseStream());
            if (xd.GetElementsByTagName("Status")[0].InnerText.ToLower() == "ok")
            {
                Country = GetTextValue(xd, "CountryName");
                City = GetTextValue(xd, "City");
                FoundGeoData = true;
            }
            else
            {
                FoundGeoData = false;
            }
        }

        private string GetTextValue(XmlDocument xd, string name)
        {
            return xd.GetElementsByTagName(name).Count > 0 ? xd.GetElementsByTagName(name)[0].InnerText : string.Empty;
        }
    }
}

How to use it:

IPGeoLocation ipGeo = new IPGeoLocation(Request.UserHostAddress);
            if(ipGeo.FoundGeoData)
            {
                Response.Write("Country: "+ipGeo.Country+", City: "+ipGeo.City);
            }

This example only take care of the city and country, but you can easily extend it to get the long/lat. coordinates to use with Google Maps or similar. Enjoy!