Mark Zuckerberg better be excreting the proverbial brick right now

Posted on April 14th, 2008 in Myspace API, Facebook API, Geek Stuff by jason

Why you might ask? well while many may argue, as someone who had no idea really about facebook, before the platform/API launch, the only reason Facebook is widespread is all the hype about the apps and the platform. Not really the apps themselves, outside of scrabulous no one other than those using an app knows about it. Ask Joe on the street about slide or rock you and you will probably draw a blank, ask about the scrabble game for facebook that was on CNN, you will most likely get an “oh yeah i heard about that”. And in reality no one is joining a social network because of 3rd party apps, if it was slide and rock you would be the names in the media not myspace and facebook. But facebook wisely (luckily?) marketed the idea of the platform and what it could do and not the actual applications coming out of it, and the media jumped all over it. Of course if you want to throw on the tinfoil hats and turn on George Noory and coast to coast, the media hates fox news, who owns myspace? So any way to make fox news look bad or try and beat it let’s roll with it. And thus facebook was the media darling while at the same time frustrating and generally not paying attention to the devs of the apps they were using to skyrocket to the top. Even with skipping over the normal dev headaches of unannounced code breaking changes, the patented tuesday and wednesday everything goes to hell updates, the unwillingness to enforce their TOS to certain companies etc etc, just look at the error message displayed when an app fails, FB takes no blame and pushes it all on the app, when 99% of the time working code just doesn’t just stop and start working randomly. Take a look at the dev forum on fb, where most of the posts outside of the how do i’s are complaints, one recent thread showcased the unwillingness of facebook to enforce their TOS about porn with a large well know slideshow app, the same company has also probably caused the change of most if not all the social and viral features of the API thru abuse. Yet nothing is done, they are still the most installed apps, and VC’s keep pourng the money into those spam machines. In my opinion if Facebook wants to survive in the big time, they are going to have to ban that company or at least suspend them. If not a smart dev that has an app with a lot of users (with a good lawyer) is going to mimic tactics of said company and get banned. Then the lawyers get to play, while it is a walled garden and it’s facebook’s ball, a court case will bring out all the slimy spam tactics and schemes the company is question is using with Facebook’s approval to the rising number of Facebook users. Then they realize that their “protected” facebook life is only protected from those who don’t pay FB’s price and Facebook ==Friendster==enter in name of 1000 other social sites that rose and fell.

Now enter Myspace and their version of opensocial and their reviewing process. It’s unbeliveable the hoops i had to jump thru to get apps approved that weren’t even close to being shady. My amber alert app got rejected 3-4 times before it was accepted. I even had one app rejected because the reviewer didn’t think the formatting looked right. If your app isnt approved no one can add it but people who befriend the app, unlike facebook where approval is only needed to be listed in the directory. Myspace also has real people posting on the dev forum answering questions and asking for feedback. And from the posts that falsely accuse the above mentioned company of misdoings, myspace is bent on not giving them any advantage. In fact the last time i checked the most installed app was by an indie dev named Jeremey, who is also constantly answering questions from the community (including my stupid ones). So you have alot more dev friendly atmosphere at myspace in my opinion,but let’s move to the most important part of apps, the $$$. The past week has pretty much confirmed what i have been saying since i launched my first Facebook app, Myspace users earn dev’s alot more money thean FB users. Across exact same apps that are on Myspace and Facebook, Myspace apps are earning at least 3-4x the amount of revenue and 10x the amount of page views on apps that are maybe a week old, one even beat its facebook counterpart on installs within a few hours of being live. So as a dev i can spend my time working on a platform that involves 2 sites and any other that may pay, or one that is open to anyone for free. BTW the free platform is also more dev friendly, and earns a ton more money on its flagship site. Hmmmmmm where am I going to develop at?

So arguably Facebook rose to fame, by the media reports of them “stealing” the widget and tool devs from Myspace, so what’s going to happen to their market value when those same devs roll back to Myspace in search of greener pastures? Let me tell you, when it’s bill time, it’s nothing to delete a few bot friend requests from scantily clad “females” each day when the ole checking account is still in the black the 2nd week of the month ,all bills are current, and you aren’t getting those bright red disconnect notices. As i’ve said before and will say again Mark Zuckerberg will either go down as the biggest genius or biggest idiot in this chapter of internet history, and i’m leaning towards a Facebook == pets.com than a Facebook==amazon

Authenticate Users In an Iframe on Myspace Opensocial Using PHP

Posted on March 17th, 2008 in OpenSocial, Myspace API, PHP by jason

This code will get the viewer’s myspace id, authenticate them, and then open the results in an iframe, then it checks to make sure it is the same user in the iframe. This lets you safely and securely display user specific details inside your app surfaces, allowing for more complex and social based apps.

This code is written for php 5.2.3, so your results may very if you aren’t using it.

First up is the code you plug into the ”edit app source” section. you will need to change the auth.php and user.php urls to ones that correspond to your server. This code gets the viewers id, and opens up a user.php page into the iframe with a $_GET variable “id” that contains the user’s myspace id. the script also sends the myspace Oauth data to auth.php, which contains a security routine to make sure the user id in the $_GET variable is actually the real user.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

<iframe FRAMEBORDER="0" FRAMEBORDER="0" FRAMEBORDER="0" ID="frame" NAME="frame" WIDTH="790" HEIGHT="1000" FRAMEBORDER="0" FRAMEBORDER="0" FRAMEBORDER="0" FRAMEBORDER="0"></iframe>
<script TYPE="text/javascript">      
function init() {      
MYOS_TRACE = true;       
var os = opensocial.Container.get();      
var dataReqObj = os.newDataRequest();      
var viewerReq = os.newFetchPersonRequest(opensocial.DataRequest.PersonId.VIEWER);      
dataReqObj.add(viewerReq);      
dataReqObj.send(dataLoadCallback);      
}        
 
var serverURL='http://www.yourdomain.com/auth.php';  //change to your domain and page      
 
function dataLoadCallback(dataResponse) {      
var viewerData = dataResponse.get(opensocial.DataRequest.PersonId.VIEWER).getData();      
var viewerName = viewerData.getField(opensocial.Person.Field.ID);      
 
    var params = {};      
    params[opensocial.ContentRequestParameters.METHOD] = opensocial.ContentRequestParameters.MethodType.GET;      
    params[opensocial.ContentRequestParameters.CONTENT_TYPE] = opensocial.ContentRequestParameters.ContentType.HTML;      
    params[opensocial.ContentRequestParameters.AUTHENTICATION] = opensocial.ContentRequestParameters.AuthenticationType.SIGNED;      
    opensocial.Container.get().makeRequest(serverURL, loadiframe, params);      
//change to your user page and domain      
document.getElementById('frame').src="http://www.yourdomain.com/user.php?id=" mce_src="http://www.yourdomain.com/user.php?id="+ viewerName;      
 
function loadiframe() {      
//here if wanted but needed due to my crappy js skills      
}      
 
}      
 
init();      
 
</script>

Up next is the auth.php page, that actually  does the authentication process. You will need to change some of the vars to correspond to your app. the skeleton_key var is used to encrypt the data so only people who have that key can decrypt it. This key can be anything, a string of text, numbers, whatever you can think of, just don’t tell anyone.
The script takes all the vars sent by Myspace, and checks to make sure the user is valid using Oauth. If everything is kosher, a file is written, on your server named the same as the user id. This file contains the user id, the given Oauth sig, the checked Oauth sig, and an encrypted version of the user id. This file can then be read and parsed by the user.php page code below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

$this_url = strtolower('http://www.yourdomain.com/auth.php'); //the url to this page 
$myspace_secret="YOUR MYSPACE SECRET KEY"; //your myspace secret key 
$skeleton_key="xxxxxx"; //your encryption key can be changed to whatever 
$test_mode =0; //change to 1 if you want to print out ids to test script    
 
$opensocial_viewer_id=$_GET[opensocial_viewer_id]; 
$oauth_signature=$_GET[oauth_signature];    
 
// check the sigs and make sure its  the real deal 
$remote_signature = $_GET['oauth_signature']; 
unset($_GET['oauth_signature']); 
ksort($_GET); 
$url=urlencode($this_url); 
$g_me=urlencode(http_build_query($_GET)); 
$base_string = "GET&amp;$url_me&amp;$g_me"; 
$secret = "$myspace_secret&amp;"; 
$local_signature = base64_encode(hash_hmac("sha1", $base_string, $secret, TRUE));    
 
//if its real do it 
if ($remote_signature == "$local_signature"){ 
$token=mcrypt_ecb(MCRYPT_3DES, $skeleton_key, $opensocial_viewer_id, MCRYPT_ENCRYPT); 
//if we are in testing mode 
if($test_mode =='1'){ 
$test=mcrypt_ecb(MCRYPT_3DES, $skeleton_key, $token, MCRYPT_DECRYPT); 
$feed=fopen($opensocial_viewer_id,"w"); 
fwrite($feed,"$opensocial_viewer_id|$oauth_signature|$local_signature|$token|$test"); 
fclose($feed); 
}else{ 
//now its live mode 
$feed=fopen($opensocial_viewer_id,"w"); 
fwrite($feed,"$opensocial_viewer_id|$oauth_signature|$local_signature|$token"); 
fclose($feed); 
} // end modes 
} // end if its the real deal

This is pretty simple, using the $_GET var id, we can read the user id file, into a string, explode it into an array, and decrypt the data, and check to make sure the user is who they say they are. Make sure your skeleton_key var is the same as in your auth.php.

1
2
3
4
5
6
7
8
9
10
11

//#################################search user##############################// 
$user=$_GET[id]; 
$skeleton_key="xxxxxx"; //your encryption key must be the same as on auth.php 
$file=file_get_contents($user); 
//echo $file; //uncomment to test output 
$user_info_array=explode("|",$file); 
//print_r($user_info_array); //uncomment to test output 
$token=mcrypt_ecb(MCRYPT_3DES, $skeleton_key, $user_info_array[3], MCRYPT_DECRYPT); 
//echo "$token - $user"; //uncomment to test output 
if($token != "$user"){die ("you are not authorized");} 
//#################################search user##############################//

I can’t take credit for all of this, the javascript code and Oauth codes were modified and mashed up from these
forum posts. http://developer.myspace.com/Community/forums/t/426.aspx and http://developer.myspace.com/Community/forums/t/538.aspx

Also keep in mind the security routine is very basic and you would want to be even more thorough in your checks, to ensure your user is who they are telling you they are. I know i do :)

OpenSocial on Myspace vs. Facebook API a Developers First Look

Posted on March 15th, 2008 in OpenSocial, Myspace API, PHP, Geek Stuff by jason

Well I’m probably going to make some FB purists mad with this, but in my opinion, the MySpace opensocial platform is probably going to “beat” the Facebook platform. Granted this is only after creating 1 and 3/4 apps for MySpace vs. 18 or 19 for FB and assuming MySpace gives devs signed iframes like they are promising. Also MySpace isn’t live yet, so who knows what will be their version of a FB timeout and their patented weekly app breakers, err I mean code updates, But like the title says it’s a first look….

1. Ease of creating apps
If you know the html code to create an iframe and a webpage, you can basically make an app. And the webpage can be your existing blog, website etc. no need to learn FBML. Yes I know fb:iframe exists and use it extensively, but by using it you lose all the good FBML tags that make the FB platform worthwhile, so you can only use them in certain places. Within an hour or two a company could create a semi-dynamic app (without API calls) to drive traffic to their main site. 3 webpages (or one using query strings) one for profiles, one for home pages, and one for the app “canvas” page is all that is needed. Within those 3 pages is where you make the app dynamic, filling them with data like you would any other dynamic webpage. Now this won’t be very effective for smaller brands, larger well known brands would be foolish not to spend the hour to set up a basic app. I spent about 2 hours porting over the Amber Alert system from FB to MySpace, and most of that was just spent “de-facebooking”.

2. 3 integration/touch points for apps
Your app has 3 different ways for users to interact with it instead of the 2 FB allows. There’s the profile box and a “canvas” page as usual, but there is also a homepage box, where you can display app data right on the first page a user sees after login, and arguably the page a user spends their most time at. While I still use the classic skin and the standard profile I think the app boxes look better on MySpace than on Facebook.

3. More potential for monetizing with advertising
From my observations on having multiple apps on Facebook that also have MySpace counterparts that reside on “regular” webpages, Facebook users on the whole seem to have developed an ad blindness, their Myspace counterparts don’t have. I would think also with Google being the ad supplier for Myspace, Adsense targeting would improve, even for those not using the iframe option. There is also already a big ad market based on MySpace in Adwords, from products to widgets, and has been for 3-4 years, so devs won’t have to rely on selling installs or using unknown ad networks that come and go every other day. So even if targeting is off or your app isn’t targetable and all you get is run of network MySpace ads, there’s still millions of dollars in revenue up for grabs.

4. More open environment
MySpace’s more open environment should allow for apps to spread more widely and quickly than on FB. Since MySpace encourages finding new friends and usually strangers can look at each others profile’s, the chances of your app being seen are greatly increased. In fact I bet you will see users make money from selling application space on their profile, the first one? Probably tila tequila and slide lol. But even normal users that have high traffic profiles should be able to grab a few bucks. Of course all the fake profiles that spam, could end up with a steady income source and thus creating a funded spam machine.

5. Almost a year to learn from FB
Ever since FB launched their platform, MySpace has been able to sit back, watch and see what went wrong where and hopefully learn what not to do. They can also see what went right and use that as well. I expect them to have problems, but I also expect them to be different ones.

To show I’m not a Myspace or opensocial fanboy here are some issues I don’t like or don’t know about.

1. Fixed page size
Right now no matter what option you use, you are forced to use set page and box sizes. While the home and profile boxes limits are like FB with set widths, they also have a set height and scrollbars appear if you go past it. The main beef is with the “canvas” pages, while you get 800px width to work with instead of 645px, you are set at a maximum of 1000px height before the scrollbars appear. So you have to balance your page size and scrolling to fit in with the main browser window and it’s scrolling, kind of a pain.

2. Profiles displaying apps
I’m not sure how it’s going to look, or effect page load times when the normal MySpace user, piles on tons of apps on top of their already cluttered and slow-loading profiles. While it looks good on my default profile, with no other widgets, pictures, or applications, I’m probably the only MySpace user that has a profile like that. Also there doesn’t appear to be anyway to adjust the order of how the apps appear yet, nor switch sides of the profile, it’s going to be interesting to see how they deal with that.

3. API calls for users
With MySpace being so open, users have large number of friends, how will their API handle thousands of apps pulling thousands of friends and their associated data during peak traffic times? Especially in the beginning when everyone launches a top friends, entourage etc clones that will rely heavily on calls.

4. Spamming
With MySpace already infamous for spam, applications open up a whole new door to annoy their users. Each app has its own profile just like a user, separate logins, own home page with access to bulletins, images, etc. So an app appears to be able to act just like a normal user would add friends, posting bulletins. While this makes it easier to track abuse and kill an app and since the app is tied to your real user account they could kill it as well as any other apps you may have, you could still generate throwaway users and quiz apps and spam until you get banned, then rinse and repeat. Or most likely like I mentioned earlier, app devs will either take over the fake profile spam or hire it out. On the hot person’s profile instead or alongside of links to their “good pics”, you will see apps. You can’t ban the apps for it unless there’s obvious proof, spammers may just add them to make the profiles look more real, or get your competitor banned by spamming in their behalf.

5. App burn out
With there already being a ton of tools and widgets designed for MySpace already out there and being used, there really won’t really be a wow factor to cause a big rush like on FB, mostly apps will just make it easier for users, instead of copying and pasting a code for their image slideshow, they click a link. While there will be a newness factor that will cause users to shuffle thru and try as many apps as possible, it really won’t last long as all this stuff is old hat to MySpace users and the sheer volume of apps that will probably be available will make it hard for an app to stand out. Any app that has had a little success on FB, will be cloned(poorly) at least 5x and sitting there waiting for launch, with the thought that all you have to do is be the first one out, and you will be the next rockyou or slide.