Category Archives: Projects

Is Facebook Fingerprinting Chrome extensions?

This morning I noticed something new in my Chrome Console while working on a Chrome Extension. It looks like Facebook is now looking to see if you have a set of Chrome extensions installed in your browser. Most of the extensions I looked up on Google’s web store and via their search engine and they look like they are Malware of some sort, but a few of them look like they are much less harmless. It’s hard to see what the extensions actually do because they have been pulled from the Chrome Web Store, but some of these look like they modified the appearance of Facebook intentionally.

Some users don’t like being forced to see walmart colors all over the web and have used various tactics to customize the web to their liking. Some other users might do it for usability reasons or just plain augmentation of the web.

Does Facebook have the right to do this? It feels like an invasion of my privacy. I think the latest version of Chrome protects us from this sort of attack but that does not mean that Facebook won’t invest in other ways to discover this information or that they won’t lobby google to discover it. Some extensions also have the ability to open up channels to other extensions so if facebook had it’s own extension it might still try to fingerprint which extensions are there.

This isn’t all bad, in fact it really depends on how it’s being used. If it’s only used to defend our privacy and security then it seems fine, but if this little trick is being abused this could really sour things.

I guess I am mostly just surprised that Facebook is doing this.

Screen Shot 2012-09-05 at 10.30.49 AM

To get this to occur in your own browser you will need to be a bit sneaky and use a private session. Once Facebook runs the finger print they don’t do it all of the time, I think they only do it on auth and then they cache the result in some way. In fact since some extensions have access to the cookies I wonder if one could ‘skip’ the finger printing by setting the proper cookies or localstorage setting.

Finger Printed Extension IDs

kjafndplmofcedgddaoceenkcbfankem
kincjchfokkeneeofpeefomkikfkiedl
iejbljbhhoclgfiapmomcpkpkcmihfib
lkfhadffdnjnogmgjfihlcmmjhcfchaj
afnnkheojlgkipfabekmdkngocfhegck
hkpibllecmidllaojdmkcmfnoinmejco
gpllafflnmgjjcakjloknldkndnkmcpi
pkhidkonipdjidjglnkfcfhnkfnlefbk
kjafndplmofcedgddaoceenkcbfankem
kincjchfokkeneeofpeefomkikfkiedl
iejbljbhhoclgfiapmomcpkpkcmihfib
lkfhadffdnjnogmgjfihlcmmjhcfchaj
afnnkheojlgkipfabekmdkngocfhegck
hkpibllecmidllaojdmkcmfnoinmejco
gpllafflnmgjjcakjloknldkndnkmcpi

JSLint-Feature – Error Severity

Hi Douglas,
I have been to a good number of your talks, and I love the idea behind JSLint. I even don’t mind it when JSLint makes me cry every now and then, however, I feel like the priority of JSLint should be around launch successful code early and often.

Here at Kabam we build games that run as HMTL5 apps, and recently we have started to use JSLint as part of our build process. In a few cases it has caught some minor errors and we were later able to resolve them.

Our build process uses Jenkins, which is an open source version of Hanson. These continuous build automation tools make use of another wrapper library you might be familiar with. http://code.google.com/p/jslint4java/

So in this sense let’s say a develop wants to add a new piece of code, and this code causes a problem.

JSLint reacts in the following ways,
– it has a an error limit and stops reporting erros after a certain amount
– errors are not prioritized based on ‘newness’ – because that would be hard
– errors are not prioritized based on priority.

The end result is that a team must fix all errors to get the maximum value out of JSLint.

I propose a 2 part solution.
1. JSLint should not set error priority, unless it sets sensible defaults
2. JSLint should report an error code so that a wrapper like jslint4java could use a config file set an error priority.

This would allow teams to triage error types as part of their build/ development process.

On line 1326 you have a function warn() defined I propose it’s written something like so, including a new warning property, defining an error.type property using the bundle[] accessor name as the error code.

If you think of some other change that could get to the spirit of what I am looking for that would be great too. If I get the time I might try to implement a prototype. Hudson and Jenkins have 3 levels of errors, High, Medium, and Low.

Would you have some suggestions as to what would make good defaults for each of the error.types?

I feel like this change would better support agile development and continuous integration, and would allow teams to prioritize their development efforts.

Thank you for being a beacon and leader in the community.

function warn(message, offender, a, b, c, d) {

        var character, line, warning;

        offender  = offender || next_token;  // `~
        line      = offender.line || 0;
        character = offender.from || 0;

        warning = {
            id: '(error)',
            raw: bundle[message] || message,
            type: message,
            evidence: lines[line - 1] || '',
            line: line,
            character: character,
            a: a || (offender.id === '(number)'
                ? String(offender.number)
                : offender.string),
            b: b,
            c: c,
            d: d
        };

        warning.reason = warning.raw.supplant(warning);

        JSLINT.errors.push(warning);

        if (option.passfail) {
            quit(bundle.stopping, line, character);
        }

        warnings += 1;

        if (warnings >= option.maxerr) {
            quit(bundle.too_many, line, character);
        }

        return warning;
    }

New Babelfin logo and Site design coming.

Babelfin Logo - Icon

Babelfin Logo - Icon

In the near future I hope to push out a version of Babelfin that will work in Japanese. Soon after I will release one in French. As part of that release I thought I would iterate a bit on the logo and the site layout. The previous logo was a one color logo with grey text ( which in print is two colors anyways ), this one is a two color log and is high contrast. I think the new logo is readable and distinct. I also hope that the subtle abstract nature of a fish bone is present.

I found inspiration for this logo via the hit show Mad Men and my recent visit to the Picasso exhibit.

Let me know if you like the logo, or if you are feeling bold, I would love to see what you come up with. Take this as inspiration.

As for the site at large, I really just need to add a call to action to collect email addresses and to send people a link to the plugin/ chrome extension. I felt like an email list is the best option until I can afford to dedicate some time to really write some copy. At some point I expect to add at least two more pages, one for each language. Over time I will start to add the other typical pages like About, etc… But for now I only need a landing page.

What are your thoughts?

Using Cellular Atomata as a Design Principal for ‘Natural Design’

I read this really thought provoking article using Cellular Atomata, prime numbers, and layered images to create seemingly random backgrounds for web pages. Yes, backgrounds for web pages.

The problem is that on so many web pages, load time is an issue and so is screen size, so it’s really hard to avoid those lines or patterns that seem to repeat and distract from the content on a variety of devices.

It’s actually a great design principal to accommodate randomness, so the eye can focus on the structured content. It’s kinda like having a great forest in the background to an architectural monument. If done right the monument and surrounding garden will really pop against the scene.

In any case the author, Alex Walker, discusses how to uses geometric patterns based on prime numbers to create a sort of randomness in the background. The examples he gives are a much more understandable explanation than say Stephan Wolfram gives about the value of cellular automata in creating natural systems.

I think this better illustrates what Stephan Wolfram was talking about with cellular automata.

It’s clearly brilliant to use it as a graphic design principle.

Maybe Cellular Atomata (CA) rules could be used to generate layout width & height rather than typical asymmetrical patterns? An app like Flipbook could benefit from it, to keep the page layouts feeling designed and fresh.

I think Alex is on to something here using CA (Cellular Atomata) as a design pattern.

I would love to see it in designing UX and Architecture. I would love to see CA being used as a way to generate dynamic, but structured design.

It’s brilliant. Imagine what Santiago Calatrava could do with such a pattern.

Paypal IPN Validation Fails with Adaptive Payments and PHP query/ post parameters

If you are looking for a solution you can find it here.
Thank you Gleb ( http://www.memberwing.com/ )

https://www.x.com/message/158509#158509

The problem comes in how the API is designed, and it takes advantage of a little known feature of query parameters and their allowed characters. Paypal uses array’ed parameters like:

&transaction[0].status=value

The problem is that PHP does not know how to parse the query parameter and either skips it or stops processing the list. ( i can’t remember which ).

Paypal’s Adaptive Payments API is neat and freshens up their functionality, and additionally uses JSON as a communication layer, so I think it’s clearly their future, however, there are a number of little problems like this as you walk through getting up to speed on the API. I hope this helps anyone in the future by saving them an hour to day.

It kinda reminds me of some of the problems we had getting the MySpaceID API up and polished so I guess this is a nod to all of those APIs that do it right the first time.

Cheers.

Getting VerifyStatus API working in Sandbox

There are a few caviots to getting the API working.
I hope this saves someone a few hours/ days.

  • CallerServices.php has a small bug
  • Only Sandbox email accounts work in the sandbox. Thanks for confiming @ppalavilli
  • ALL Sandbox accounts have the First Name: Test Thanks @ppalavilli
  • ALL Sandbox accounts have the Last Name: User Thanks @ppalavilli

If you get a

PHP Warning: Missing argument 3 for CallerServices::callWebService()

On line 101 of CallerServices.php you have:

function callWebService($request,$serviceName,$simpleXML)

It should read: //(most of the calls that use callWebService are parent::callWebService( $request,$serviceName ) anyways.

function callWebService($request,$serviceName,$simpleXML=NULL)
{
$response = null;
try {
    $endpoint=API_BASE_ENDPOINT.$serviceName;
    $response = call($request, $endpoint, $this->sandBoxEmailAddress,$simpleXML);
}
catch(Exception $ex) {
throw new FatalException('Error occurred in call method');
}
   return $response;
}

Here is the code I used. Replace {email} with one of your sandbox email addresses.

public function verify_email($params){
$VstatusRequest = new GetVerifiedStatusRequest();
 
$VstatusRequest->emailAddress = '{email}';
$VstatusRequest->matchCriteria = 'NAME';
$VstatusRequest->firstName = 'Test';
$VstatusRequest->lastName = 'User';
 
$rEnvelope = new RequestEnvelope();
$rEnvelope->errorLanguage = "en_US";
$VstatusRequest->requestEnvelope = $rEnvelope ;
 
$aa = new AdaptiveAccounts();
$response = $aa->GetVerifiedStatus($VstatusRequest);
 
echo json_encode($response);
  }

The JSON encoded object looks like such:

{"responseEnvelope":{
    "timestamp":"2011-03-25T15:37:32.44307:00",
    "ack":"Success",
    "correlationId":"42bce847aebc9",
    "build":"1772158"
},
"accountStatus":"VERIFIED"
}

@jdavid

Paypal X Adaptive Pay FundingConstraint for PHP

The following code is an example of adding the FundingConstraint objects for a payRequest with Paypals new Adaptive Payments. I hope this helps.

$payRequest->fundingConstraint = new FundingConstraint();

//$payRequest
//    ->fundingConstraint
//    ->allowedFundingType
//    ->fundingTypeInfo
//    ->fundingType = "BALANCE";

$payRequest
    ->fundingConstraint
    ->allowedFundingType
    ->fundingTypeInfo
    ->fundingType = "ECHECK";

Vid.ly Beta IE size bug work around

        var n = document.getElementById('vidly-wrapper');
        if( n != null && vidjs.prototype.isIe() ){
            vidjs.prototype.flashMarkup =
                        '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="{width}" height="{height}">' +
                        '<param name="movie" value="http://vidly.dev.jentek.net/templates/js/player.swf"/>' +
                        '<param name="FlashVars" value="src={file}&skin=http://vidly.dev.jentek.net/skin.xml&scaleMode=none"><param name="AllowFullscreen" value="true"/>' +
                        '<param name="allowscriptaccess" value="always"></param>'+
                            '</object>';
           vidjs.prototype.flashMarkup = vidjs.prototype.flashMarkup.replace("{width}", '610');
           vidjs.prototype.flashMarkup = vidjs.prototype.flashMarkup.replace("{height}", '360');
       
           n.parentNode.removeChild(n);
           new vidjs();
       }
       

Opening social networks/ graphs up to Researcher Collaboration Tools, a UCSF Harvard Profiles collaboration project

For the past few months I have been consulting part time with UCSF and the department of Clinical and Translational Sciences. You might think that has something to do with my browser plugin Babelfin, but Translational Sciences really has nothing to do with language learning, but rather taking exciting patterns in other fields and translating the processes between them. In this case UCSF is focusing on how Social Media and Social Networking can be used in an academic sense for collaboration and messaging rather than games, photo sharing, or virtual resumes.

The UCSF OpenSocial project (http://code.google.com/p/ucsf-opensocial–shindig-apps/ ) started as a Harvard project called Catalyst PROFILES ( http://connects.catalyst.harvard.edu/profiles/about/opensource ). Profiles (as we call it), is a simple social networking server that manages the graph relationships between colleagues, co-authors, and research interests. Profiles looks at relationships differently than Facebook, Linkedin, or event MySpace, but it’s pretty bare bones and limited in what it can do.

The innovative part comes in where UCSF thought it would be neat to extend Profiles without altering it’s code. So, Eric Meeks at UCSF bolted on an Opensocial container named Shindig to Harvard’s Profiles project which allows external apps to run on top of Profiles. This makes for an interesting mix of code, as Profiles is a Microsoft C# ASPX project, and Shindig comes in PHP and Java flavors. Eric rightly choose to implement the Java flavor of Shindig as it’s the most current.

So, this is where I come in, as, I am building the applications that run on the Shindig server accessing the Profiles social graph. In many cases it’s just like building an application that runs on Linkedin, Bebo or MySpace, however, there is no friend graph, but, there are 3 other graphs I can use, co-author, colleague, and interest graphs.

Initially we are keeping it simple, but we plan to extend Opensocial in a standard way so that other universities and research institutions can apply Opensocial to their graph servers. UCSF and Harvard are hoping that their work will make it easier to use Profiles as the graph server, but they are both very excited about creating an open platform that can develop a rich ecosystem of applications that extend their work, and are able to run on other platforms with small tweaks. In the end we want researchers to be able to better collaborate using social tools.