Referral links

Unlike other ads on this page, the two links below are to services I use - if you're looking for a new SIM or broadband connection I can personally recommend them, and these are specific referral links that I can get bonuses from if you sign up, so please use them :-)

Get a free giffgaff Sim Broadband from £5.99 a month with an included wireless router when you sign up to Plusnet - terms apply

Sunday, 28 October 2012

Facebook - in 2012 you've been pushing your luck

[Short link to this article if you need it - - or retweet me]

My previous post on Facebook may have seemed too harsh on some of it's users. To rebalance that I'm going to go into a bit more about what's REALLY wrong with the site to give those people some real things to complain about. Facebook has got a lot of stick over privacy concerns and other such things over time. In my opinion they've almost always responded and improved their security model to the point where I happen to believe it's now pretty good - they've got many things right, and that's why it's the only social site where I'm comfortable with not posting things publicly. The exception list for posts is something that isn't on any of the other major networks (e.g. share with "All friends except my children list")

But it's far from perfect, and recently it's finally started to irate me to the point where I have to wonder whether it really is worth sticking with the site at all. My current feeling is that the only thing keeping me there is the existing network, and that may not be enough to sustain it into the future. So what's gone wrong? Here's my personal list ...

Choosing what appears in your feed

You've probably already noticed this, but if you leave facebook with the default settings, then you won't get all posts from your friends and pages you've liked. I think this was a shocking decision (and along the lines of IE10's default of having "Do Not Track" enabled which Yahoo! is already ignoring, but I digress).

For some friends (i.e. those that are posting all the time and start seeming like spam) this change is a good one as it lets you filter out most of the rubbish and let you see other people's posts, but the filtering (Facebook's algorithms for this are called EdgeRank and are quite complex) should be something you opt into for certain friends, not have to opt out of. As per IE10, the default is wrong. Here's how to get back to having all of a particular friend's posts appear in your feed (at the time of writing, it may change):
  1. Go to the friend's page
  2. Click the 'Friends' button near the top
  3. Click "settings" under "Show in News Feed" on the drop down list
  4. Select "All updates" instead of the default which is "Most updates". Check the "Close Friends" option. Of course if you have an extra-spammy friend, you could decrease what you see of them by selecting "Only important" "Acquaintance" instead. (Edits made since Facebook changed it since I wrote it ... again)
For pages you've liked the same problem occurs, but it's harder to get around it. What you have to do is add the page to an "Interest list" that will show in the left panel of the facebook page. It will still only show you some posts from them in your main feed, but at least it will let you get all the posts if you want them. You could add all "companies" to a single list or separate them out into topics. Interest lists can also be shared with your friends as you build them up, so they can follow them too, although oddly you can't share a list with a custom subset of friends:
  1. Go to the page that you've liked
  2. Press the "Liked" button
  3. Select an existing list name or click "New list" to generate a new one
  4. Run through the panels to create the list
  5. Add more pages to the same list (you can actually add users as well, thus along with sharing lists they've actually brought back the friend group concept that disappeared a while back)
After doing this, by clicking the list name under "INTERESTS" on the left, you'll be able to see all posts by the pages in that list. To be honest, the whole mechanism is horrible, but as far as I can tell it's a way of allowing facebook to charge companies to get more exposure news feed. Having said that, here's an explanation of the concepts used for choosing which items are important enough to show.

But it also creates more work for the end-users to follow the brands and companies they want, and that's concerning. It actually encourages brands to create "user" accounts and become "friends" with you as that's the only way you can see all the posts from the companies you've chosen to "Like" short of them paying facebook. I don't like being "friends" with businesses, but I'd understand it with what facebook is doing...

Spammers playing the system

I mentioned this in my last blog post, but there are too many "chain posts". Almost exclusively full of nonsense, drivel, lies, or things just designed to be a nuisance. Two types in particular are starting to annoy me.
  • Pictures being shared just displaying a few short words of text. Superficially this just takes up more space, but actually Facebook's EdgeRank filter which filters out drivel and decide what to show you tends to prefer images, and it appears that it's more likely to appear in my stream than if you just clicked "share" on some text quote.
  • "Look at this picture than write some word/phrase in the comments". Serves no purpose other than the same as the last point. People believing something clever will happen. It won't. The only real such trick with coments I know if is the one where you can insert control codes to expand stuff into names, and that's got nothing to do with images. Please, if you do something like that - remove your comment so others don't get sucked in. You don't want to be a nuisance to your friends do you?
These are the sorts of things I covered in the last blog. Misinformation. If you want to spread a serious fact, quote the source, don't just blindly repost something which is probably nonsense or which you can't back up, and definitely don't let an app post it until you've verified it's doing what it says it is.

Facebook's bleeding privacy settings

I mentioned facebook's good options for controlling privacy, but at some point over the last couple of months (I think) facebook has done something exceptionally stupid. If you share a post with a custom list of people you've created, it used to just say "custom" if one of your friends hovered over the permissions icon. Now it actually displays the full list of people who can see the post. I was utterly shocked when I discovered this. Previously, the exact list of people was hidden. Now it's not. The list name is, of course, still hidden (at the time of writing ... The screenshot on the right is an example from the first time I saw it. Note that if you use "Friends except ..." then it DOESN'T currently show the list like this)

Leaking your data to friends' applications

This is one that I'm including purely to highlight the option to fix it. It's something that shouldn't be necessary, but with all the scams and so on that people seem to click on (if you've ever seen a "free iPad" post or some outrageous video with a comment that your friend probably didn't write) it is, sadly, probably a good idea to tighten up on what your friends' dodgy apps have access to.

At present the options are under "Privacy Settings" - "How people bring your info to apps they use" - here is what it looks like by default:

Under there you can control what information from your profile is available to all your friends' dodgy apps - and given how many people click on the apps I suspect there's plenty of money to be made in building databases for identify theft. On that basis, I'd clear of the following checkboxes:

  • Bio
  • Birthday
  • Family+relationships
  • Current location
  • My status updates

Because if you keep them hidden from anyone who isn't a friend, you certainly don't want whoever put tog that ether some dodgy app to scam people getting access to that info.

Finding your friend's comments in the masses

There are a number of posts that go become very popular and get lots of likes and comments. While there's nothing wrong with things going viral, if you see a message that your friend has commented on such a post along with 334,410 others however, it isn't at all easy to find your friend's post. Facebook shows you the post they've cos too much to ask and all you see under the posmmented on, so why not include the friend's comment, and possibly the few before in case it's useful for context. No, apparently that's too much to ask and all you see under the post in your news feed is something like this:
And if you click the comments you just get the last few, not necessarily including your friend's one. By the time you've found it, you've likely lost interest entirely .

est making it available to opt-in?

Difficulty of sharing posts with links

Have you ever tried to hit 'Share' on a post with a web link? Unlike plain text status updates, if you share a link then it doesn't let you share the original post's text, which may in many cases be the useful part. Its no wonder people prefer to cut+paste bogus chain letters instead of using the share button (although, of course, such chain letters generally don't have reference links anyway)

The ticker - creating classes of users

Ahhh the ticker. The actual source of many of those rumours about facebook "leaking" information to your friends by making it more obvious to you when your friends comment on things etc. If you don't already know, the ticker is the "mini news feed" that appears in the top right of your page if you have it, and it can't be turned off. But get this - the ticker does not reveal anything you didn't have access to already - it just makes it easier to see. The same is, of course, true of the timeline which so many people complained about. It primarily just made the info that was already visible to people easier to get to.

But that's not what I have a problem with. I object to it not yet being available to everyone. For some inexplicable reason, unlike the timeline which has been rolled out to pretty much everyone now, the ticker is not. And facebook's FAQs just say something about usage amounts. Well I'm sorry, but the ticker would make the service more valuable to me. It's not on my account - I'm less likely to use your site without it. And what would be the disadvantage of just making it available to opt-in?

Recommendations on mobile

On mobile sites, speed is of the essence. You're usually on a low-bandwidth connection, and so getting the data to the device and rendered as quickly as possible is of utmost importance. I understand the need for adverts on a free site, and as I've said before I don't object to them so much. But what I don't want is to log into your site on my device and find the first screenful of data is filled with "recommended pages" and none of the content I want. Please facebook, put ONE advert on the screen, preferably at the top, not multiple "recommended" pages followed by a section of "recommended" friends. . That's not smart even if you ignore the fact I'm not sure I've added a recommended friend in years. That just makes me want to close the window and not scroll down to find out what my friends are doing.

Sponsored posts

As mentioned in the previous section, I don't have a problem with adverts. But it becomes a problem if you're tailoring adverts based on my friends' "Likes" and not my own ones. We know that facebook is using EdgeGraph to hide certain articles as I mentioned earlier , and that companies can pay to increase their chance of being displayed. But what I don't like is when I get objectionable injected into my feed, and there doesn't appear to be a way of blocking a certain page from appearing.

And more importantly, do the people who've "Liked" the pages know that they've triggered this? The sponsored stories include the name of the person who "Liked" the account, thus triggering the ad, above them, but they may not realise it. There appears to be no obvious indication on any of the pages with sponsored posts that they are using the feature, so you'd have to have a friend tell you that a page you'd liked is generating them (if you cared).

[2014 EDIT] In fairness to Facebook, you only have to go to that Settings-Adverts menu to see exactly what they're doing and an explanation. I don't subscribe to (i.e. "like") many corporate feeds such as Amazon, and I'm happy for the products or artists I endorse through a "Like" to tell my friends that info, so I don't have those options disabled, but the privacy (and potentially legal) implications around this have caused a lot of controversy.

And what I've listed are the examples of problems that facebook are making themselves. The scams and other nonsense referred to in my previous post are all things that make the site less fun to use, and if facebook isn't fun to use, then facebook is nothing.

Facebook, please, sort some of this out. I'm seeing more facebook users giving twitter a shot. MySpace is relaunching, Google+ isn't (so far) making the same mistakes, and you now have shareholders to answer to. The fact you're not giving me control of what's in my fed is inexcusable when competitors aren't doing the same filtering. And since you don't have too many other products to fall back on if you start hemorrhaging your user base by alienating them with the things I've just described.

Facebook security - hype, false rumours, and why the ads are fine

[Short link to this article if you need it - - or retweet me]

This may become a multi-part post about facebook and social media as I've got quite a lot to write.

This part is about setting the record straight on some of the fact-free nonsense that's regularly seen on the site and what you can do to avoid spreading what is little more than spam on the site. I'd like to think that everyone on facebook could read this and think twice when they see anything like this in the future. In various forums I've already commented about how many people don't seem to understand about online security and privacy generally. And I've also mentioned how many people are willing to spread misinformation based on apparently not bothering to check and fully understand the facts. Or "crying wolf" by spreading false information risks, which has the negative effect of desensitising people to the real issues, which can only make it harder to explain real risks and scams to people (Claim you're free £150 Tesco voucher here - only 75 left).

I'll delineate the case studies in this article with horizontal lines in case you get bored of reading about any particular one :)

Unsourced scaremongering information

In one recent example, someone in a comment thread on a friend's post said this:

"Worse still, if you have the mobile app on your phone, it will publish stuff willy-nilly to your Timeline when you don't have a say in it at all."

When I queried this, they tried to back it up with a couple of links - neither of which had anything to do with the claim. Worse still, when you query some people I've seen suggestions you just "google it" as though their ill-advised beliefs are common knowledge - and in many cases an attempt to do so is fruitless, thus the discussion has wasted everyone's time. Evangelism on security beliefs which aren't based on fact isn't any different than religion, and I'm not a fan of having either shoved in my face as fact rather than belief.

Scams, "view your stalkers" and "authorise this app first"

Survey scams and forcing you to authorise apps are another thing. The Tesco example I mentioned at the start is an example, as is "free iPad" or "click here to view something sensational" or arguably the most common one "See who views your profile". All are examples of the same things - scams. If you see any examples, walk away and clear up any apps you've authorized and remove any posts they've made, otherwise you're contributing to the problem. This is why they should be avoided:
  • You have no idea who's running the "offer" or video
  • The people running those offers are only interested in making money (fairly obviously) so you are not really going to get anything for free. In the case of being forced to take surveys, it's because - surprise, surprise - the scammers make money every time a survey is completed.
  • If you have to authorize an app on facebook to view a video, then something's wrong. Why should you give someone else access (who, as per point 1, you don't know) access to your account. The scams usually post to your account to try and spread themselves and drag in your friends my making them think it was you who have received the offer. If the video's truly gone viral in any sense, you'll almost certainly be able to find it on youtube or similar sites without giving anything away.
Here's an example of what can happen when you authorise such a rouge application on your account. The authorisation screen (left screenshot) clearly says it will be able to "post on your behalf" and it will - on your wall, and potentially the walls of your friends as in the example on the right:

Adverts - they're not all bad ...

Now to adverts - let's get one thing clear - adverts are an important part of keeping the internet free to use. How much do you think it costs to run a site like facebook with the massive of data they process? Far more than your internet connection, that's for sure. And for that reason I have no problem with relatively unobtrusive adverts on web pages which I'm not paying for. Many people use AdBlock, but I consider that morally wrong, If you really object to adverts, you should vote with your business and use somewhere else rather than block it, or pay if that's an option. It's the reason I've said before that I pay for We7 music streaming and it's the reason I refuse, completely, to pay for a pay TV subscription. I'm not going to pay and still endure adverts. If you object to social media sites showing you adverts then you can stop using it and use a service that you pay for, such as

As a case study, the most recent example I've seen was this thread which was a link to a specific article about how facebook would now target specific adverts to you based on telephone numbers/addresses supplied by advertisers to facebook, which would then look them up in their database, and display that companies ads if a match was found. So you get ads from companies you deal with as opposed to random ones.

Now if you sit back and think about it for a moment, if you're going to have adverts, why on earth is that a bad thing? Let's look at it this particular issue objectively with a few points:
  1. If you've allowed a company to share your number with "selected third parties" doing it with facebook isn't violating privacy in any way whatsoever
  2. Surely you'd rather have adverts from companies you're interested in instead of things you might not be, so why on earth would you use this as a reason to put a fake number on facebook if this is likely to enhance the advert quality?
  3. Unless you've blocked them, you already have this sort of things via cookies from sites you've visited, this approach is better as it's from companies you've ALREADY SIGNED UP WITH, not just the ones you've merely visited (As an example I wish I never clicked on Brennan as I'm sick of being bombarded with their ads, but at least it's something I'd shown an interest in)
  4. Frankly, the many people com who think that this specific topic means Facebook are giving away your phone numbers to anyone are idiots. (Whether they've done that for another reason isn't the point, but think about it. Would people playing Facebook games prevent authorisation if it got access to your phone number? Probably not.
  5. The may people who think this will result in extra spam/cold calling are also idiots. It's driven by the data  that company's already have - nothing extra can happen in this respect compared to what could have happened anyway.
And these are all the flaws in just that one one comment thread I saw. This nonsense and misinformation is all over the place. And I'm getting fed up of trying to educate people - it'd be a full time job fighting people who don't want to change their unfounded beliefs. I did get involved at the end of that thread but I usually don't bother unless it's showing up on a friend's feed. Sites like Facecrooks and AllFacebook have a lot of good information on them - the people running them must despair at this kind of thing.

Timeline exposing private messages

Another one recently is repeated posts about how private messages have been appearing on people's timelines - supposedly visible if you scroll your timeline back to 2009 or earlier. Now I've done a correlation between all private messages I've had at that time, and none of them are on the timeline. What does show up is any posts made on my wall at the time. And I've been unable to find any true evidence to suggest otherwise, but a bit of research shows plenty of articles like this one backing up what I've said - there simply isn't any evidence, other than anecdotal, that it's leaking private conversations.

Look at this ... then write a comment

The other one I think is strange is not a scam so much as an annoyance, but when someone sees a picture with a caption along the lines of "Look at this for a while, then write something in the comments". As though something is likely to happen. Needless to say it doesn't - you're just making a spam comment on a picture. And because that picture is "public", the fact that you've followed those silly instructions just has one effect - potentially spamming other people's news feed with a belief that something might happen. This is far more likely to turn me off facebook than the people pledging to leave every time Facebook's layout is changed (can you even remember, other than the timeline change, what any of the things people complained about were? Do you REALLY miss them?)

Honestly, if you do leave such a comment and nothing happens, DELETE YOUR COMMENT so it doesn't waste anyone else's time. It's often the users that are making me less enchanted with the service ...

"You do NOT have my permission"

The alarming thing is how many new examples have shown up since I originally started drafting this blog. The most recent one is the "chain post" saying "You do NOT have my permission to utilize any of my profile information nor any of the content" with a load of seemingly clever words suggesting that making a post along those lines nullifies any contradictory terms in the T&C which everyone's signed up to.

Clearly it doesn't require much thought to realise that this is false - so I do wonder if people are doing it ironically or something, but I'm not sure I understand why.

It it isn't obvious, then the reason it's pointless is because YOU agreed to the T&C when you signed up for your account. Facebook did not agree to modify those T&C by agreeing to the post you made. It's not that hard to see why it's unenforcable nonsense giving people, as with most of the other things I've talked about, false information.

If you're affected by the issues in this article ...

Of course it can be hard to know what to do when you see any of these examples on your feed. You could ignore it, but ideally explaining why it's false is the best approach, as by doing so anyone seeing the post will hopefully read the comment. Although I think some people get upset when you point out such things, so it can be hard to make the point in an effective way.


Honestly, there have been plenty of valid security concerns on the internet, especially with Facebook. How about we start focusing our attention on checking the SSL certificates when buying things online instead? Do the people worried about adverts also worry about that? Focus on the real ones, and don't spread misinformation. It's easy to accept and believe scaremongering "chain posts" that seem genuine because they're from your friends, but it's no different from pyramid chain letters in terms of authenticity.

Think about it for a moment. Why do people encourage sharing this information by cut & pasting a message rather than providing a link to a relevant article? Partly because by sharing (often false) information that way, they can make scams seem more authentic because it seems to come from your friends, yet not provide a source or any evidence. If you don't know enough about security to understand what you're posting, please refrain from scaremongering under your own name.

There, I feel better now.

(Despite what I've just said, all comments are welcome of course, even if you disagree with me!)

Tuesday, 23 October 2012

Eben Upton Raspberry Pi Visit

[Short link to this article if you need it - - or retweet me]

An introduction for those not familiar with the Pi ...

Yesterday Eben Upton (the guy behind the Raspberry Pi foundation) took time out of his very busy schedule to give a talk in Hursley. For those who are not familiar with it, the Raspberry Pi (here is the FAQ) is basically a small credit-card sized computer circuit board with a Broadcom BCM2835 chipset and a 700MHz ARM CPU powered via a microUSB socket, HDMI+composite video output, stereo audio output, ethernet port, 2 USB ports, an SD slot used for booting the device, and another proprietary expansion port, and a high performance graphics subsystem that can decode video at full HD resolution with h.264 (MPEG-2 available at extra cost) hardware playback support in XBMC/OpenElec - all for $35 for the "model B" version. They were initially built in China, but much of the manufacturing is now in the UK and is therefore supporting the UK economy! Keyboard/mouse/power/screen/SD card are not included in that price, but many people will have suitable ones lying around to connect to it, which certainly suited me as the last thing I need is more of them cluttering the place up.

As someone who was interested in the project from some time prior to the launch it was great to see Eben in person, particularly as I'm someone who owned a BBC Micro and lost many hours to Elite (co-written by David Braben, who is also involved in the project). If that thought is making any of you feel nostalgic, why not try the ZX Spectrum port of Elite running in a java applet!) The Pi as a project is trying to bring back a bit of that sense of "playing" that the BBC Micro probably did better than any other machine of its time.
(Quick disclaimer: This article is a mix of things that Eben spoke about from the notes I took, plus a few extra pieces of background information and external links that I have added myself)
The detailed background to the original idea was something I had not heard in detail before. A director of studies at St.John's college in Cambridge, he was concerned by the declining numbers of applicants for computing university positions, as well as a drop in the quality of those applicants (basically changing from getting many people of the type who could likely already code in assembler for two different architectures to a smaller number who's experience predominantly "I know HTML" - people who would need more time spent educating them to get to a suitable standard to teach them further) This meant that it would take longer to get them to an adequate standard on the low level aspects of computing - or by throwing them at Standard ML programming for 6 weeks to make them depressed (I remember going through that!)

BBC Micro comparisons

I mentioned the BBC Micro in the opening paragraphs - earlier this year there was a "Beeb@30" event to celebrate 30 years of that machine, and here is a BBC article looking back on it. It hass been well documented that they did try to get the BBC branding on the device, but the "unique way the BBC is funded" means that it was nowhere near as easy for the BBC to support such a commercially available device as happened in the 1980s. Having said that, the ARM-designed processor used in the Pi (and probably, your mobile/cell phone) had is roots in Acorn (here is a brief history of ARM) who built the BBC Micro. And there is a - possibly somewhat indulgent - project to port RISCOS (the OS designed for the BBC Micro's successor - the Archimedes) to the Pi.
The other thing of note on the Pi is the GPIO port. Now one of the things that made the BBC Micro special was the inclusion of easy I/O on the device, through the "user port" and "parallel port". In fact even the "joystick" port was marked as an "analogue in" to plant the suggestion it's use could extend far beyond games. This allowed a good quality of control of external devices and responding to inputs, something that allows many more interesting control projects to be done with it. At school I did a prototype satellite tracking system using it! But I digress, the GPIO port on the Pi even looks superficially very similar to the user port on the BBC Micro. The most popular interface using it so far is the Gertboard. (I wish a could remember the name of the blue boards we used on the BBC Micro - anyone know?)

A squashed marketplace

Another good point raised by Eben was about where the previous marketplace for the BBC Micro and comparable machine has now in modern times. With the home computers of the 80s you powered them on and you got a command prompt for a programming language interpreter that almost begged you to start programming straight away - almost as though, as Eben said, you had to actively choose not to program! It was easy for anyone to go into their local computer store and make them display scrolling rude messages up the screen, and anyone owning one of those computers would have almost certainly had the knowledge to do so!
Nowadays it is less easy. Games consoles have taken over the high performance graphics market, with high barriers to development entry. It a similar story for the consumer tablets on the market at present - from a practical perspective the development needs to be done in another environment rather than on the device itself. Even most consumer PCs do not ship with any reasonable programming language out of the box. While that is less of an issue in the high download speed internet of today, during the 90s it took real will and effort to be able to program. The concept of having to choose not to program got completely lost. And that is some of the spirit that the Raspberry Pi is now trying to recreate. It does appear to be a bit of a gap in the market, even ignoring the Cambridge admission quality problem. There are real low-level boards around, but not so much of an all-in-one device like the Pi. And one interesting thought was that the aforementioned relatively simple bloat-free non-content-enriched RISCOS with the ease of switching to a traditional command line from the desktop, could rekindle some of the mentality from the 80s home computers.

Interest and getting to market

The amount of early interest in the Pi took the foundation by surprise - 600,000 views on Rory Cellan-Jones (BBC Tech correspondent) brief video with Braben - could that really be an indication of how big the market was for such a device? And could they deliver that many at the target price point, which was pretty much set at $25 from the start (At the time of writing only the $35 model B mentioned in the first paragraph - which includes a 100Mbit ethernet port, 2 USB ports instead of one and the 512Mb upgrade recently announced - is shipping). But the foundation has kept to the target price point for the units, and the 512Mb upgrade for the model B has not resulted in a price change. The other remarkable thing was the number of downloads - in the tens of thousands - of the SD-card operating system image for the Pi that was released some time before the device was even on sale, so no-one could use it!
The vendor partnerships with Farnell/Element14 and RS were important as it allowed them to move from being a risk-averse charity to more of an IP licensing company to get the number of units they were going to need. And it was a good decision. The first day on sale, as those like me who were up at 6am to order will be aware, was a bit of a disaster (and I blogged to vent my frustration at the time, questioning the motives of many of those buying and how it was pitched by some parts of the media). 100,000 orders were placed by the lucky people who even managed to get to the manufacturing partners (Farnell/Element14 and RS) websites. Both crashed badly under the load, preventing people from buying their resistors or other electronics from those suppliers, not just Pis! A lesson in robust scalable web sites for those two companies.
Another interesting point for those who have been interested in the Pi is that although most of them used in relatively rich countries such as the UK and will therefore make use of the on-board HDMI output (HDMI-DVI-D adapters can be had for under £2 on ebay if needed - make sure you get male/female as required for your setup!), the Pi also has a composite analogue video output. For me, this is convenient as it allows me to attach it to my in-car screen, but as Eben pointed out it also allows it to be sold in much poorer/emerging countries in the world, where second hand analogue TVs are still in use, and the Pi can give them a new lease of life for a price point far less than, for example, a tablet.
So it was good to have the talk from Eben, and I chatted to him about some other things afterwards. Fantastic to get his time, and of course this blog has been written in a browser running on one of my Pis :-)