Faruk At.eş

Archive for 2009

  1. January 6
  2. February 11
  3. March 5
  4. April 9
  5. May 4
  6. June 2
  7. July 6
  8. August 29
  9. September 10
  10. October 14
  11. November 11
  12. December 15

Showing 9 posts from

OAuth Redeux

J. Adam Moore with a smart solution to the problem of session fixation attacks in the OAuth flow.

Most importantly, this solution does not add additional steps for the User or unduly burden either the Provider or Consumer. By placing the generation of a request token between two automatic redirects to secure pages on both sites we eliminate poisoning the stream while still allowing optional secure dynamic callbacks with the final authorization token.

Simon Willison on Using rev=canonical To Help Solve The Short URL Problem

I was going to write a post about short URLs over the weekend and share my view on some possible solutions, but Simon beat me to the punch. Since his knowledge of web technologies is far greater than mine, I highly recommend reading his post.

What I'll add is my own plan for FarukAt.es, which I'll be upgrading to WordPress 2.7 for as this link shortener plugin (which is 2.7 and above, only) is capable of implementing the solution I had in the works for when I can turn this website into a custom-made Django one.

So here's what I've been planning ever since I discovered how Newsvine handles their URLs:

  1. Canonical URLs on my site follow this format: http://farukat.es/journal/<YYYY>/<MM>/<ID>-<slug>, for example:
  2. Short URLs for each of them will exist at the following address, each of which will perform a 301 Redirect to their Canonical version. The example above would have this Short URL:
  3. Each post will also come with a visible text field (readonly) with the Short URL in it for easier sharing, and/or I'll have a "Share on Twitter" button that will use the Short URL.

Pages elsewhere on my site will most likely not require a Short URL, but if they do, my choice of using the prefix "p" for my blog posts allows me to specify them using a different letter or short-code.

Again, I highly recommend reading Simon's post about this matter and following suit to make your own site provide accessible Short URLs for your own pages and/or blog posts. The more sites that do this, the better we'll all be off in the long run.

Some More Thoughts On The DoucheBarDeathBarDiggBar

After posting my friendly JavaScript DiggBar killer yesterday, I mulled over some additional thoughts on the issue. I suspect that the DiggBar controversy will go on for about another week or two and result in Digg pulling the feature entirely in lieu of actual browser toolbars; longer if they refuse to do so.

There are various reasons I only foresee the eventual outcome of this situation to be the removal of the DiggBar entirely. First I want to list five (out of many) fundamental problems inherent to the current DiggBar:

  1. The DiggBar is in effect whether you're a member of Digg or not. Not a member? Tough luck, you're being forced to deal with it anyway.
  2. The DiggBar is an all-or-nothing solution to a problem that wasn't (just) Digg's to solve, i.e. if a DiggBar URL would simply 301 Redirect to the original source if you're a) not a Digg member or b) a Digg member who disabled the DiggBar in their preferences, it wouldn't be all-or-nothing.
  3. The DiggBar is opt-out instead of opt-in. In today's online world that's a fundamental flaw. One of the reasons Twitter is so successful is because it's opt-in by design.
  4. The DiggBar stays around when you navigate beyond just the original source's page. Click to another article, page or even website, and you'll still have that bar at the top, now referring to something you no longer have on screen.
  5. Less interesting to most people, but the DiggBar and the resulting cross-domain page viewing process creates security concerns for JavaScript. Digg's own Analytics code for example, included on each DiggBar page, will raise several errors.

Worth noting is that all five gripes above can be nullified with an actual browser toolbar.

Now, taking those five reasons into account, there is really just one two-tiered scenario in which the DiggBar can exist:

  1. It must be an opt-in choice which, if not opted into, makes the short URL perform a 301 Redirect to the original page. This would then also be the behavior for non-members.
  2. Clicking anywhere in the original page would have to kill the DiggBar so as not to confuse the reader's site navigation.

This obviously reduces the appeal for Digg to even have the DiggBar at all, which, paired with this massive cry of foul we're seeing happening right now, leads me to believe that Digg should (will?) remove the DiggBar.

They can replace it with a real browser toolbar if they really want.

As for my JavaScript DiggBar killer of yesterday, something struck me when I read John Gruber's comment in his link post about it:

This is far friendlier to Digg users than my solution, but I’m not trying to be friendly about this.

I think John is absolutely right in that we shouldn't be friendly to Digg about this at all, and Danny Sullivan says the same thing. But some nuance is warranted, in my eyes: big sites like Gruber's and Engadget should block DiggBar traffic entirely to really send a message; small sites like me have enough to gain from exposure—even if it's Digg—to not downright block but to simply kill the DiggBar and let the reader enjoy our content.

I firmly believe there is room for both approaches to co-exist and work together, because ultimately the goal is a shared one: to stop bad practices like framebars from taking place on the Web. Danny Sullivan's piece, however, made me consider not even limiting the frame-breaking code to the DiggBar but simply toall frames—including Google Images'!

What I realized, after reading that, is that I never use Google Images to see the entire page of context for the image I'm searching for. I instinctively just click on the thumbnail to get only the image itself.

I'm thinking I'll be spending some more time thinking about this whole thing over the weekend. For now, I'll leave you with an entirely different format to communicate this whole DiggBar message in:

Dear Digg,

If you wish to provide your users with a toolbar
for added functionality in browsing Digg,
give them a real toolbar as a browser plugin.

Don't fuck up the Web as a whole.

A web developer who cares

Perhaps we should all start emailing this to Kevin Rose?

JavaScript DiggBar killer (but not blocker)


Digg came up with the "DiggBar", a frame that keeps visitors on the digg.com domain while framing the destination website below it.


This event caused massive controversy and anger, and has led to the creation of many "DiggBar killer" plugins / script includes for a huge variety of website systems. See today's Daring Fireball linked list for a good sample. A lot has been said, but Gruber summed up some of the main problems with the DiggBar with:

Framing breaks bookmarking, it breaks copy-and-paste from the location field, it breaks your browser history, it breaks bookmarklets. There’s nothing OK about it.


I personally don't really care to block visitors coming from Digg — I've already killed comments here and moved them to Twitter anyway — but I do care about the problems inherent to "being framed" on my own domain. Now, I could've joined the masses and put the Wordpress DiggBar killer plugin in place, but what I really want is for the DiggBar to just die a horrible death, not unlike the failed Facebook Terms of Service from a few months ago that were an equally poorly thought-through mistake.

The frame killer that Gruber linked to at the bottom of his How to Block the DiggBar post, however, also kills frames that are a little more reasonable, such as Google Images' frame. I didn't want to be that zealous in my effort, so I've adjusted it slightly to make it pretty much just kill the DiggBar and direct the visitor straight to my own site, no frames or other nonsense, without having it effect other implementations of frames that aren't as problematic.

So, for those who want to do the same and simply kill the DiggBar and put those visitors directly to your content, no blocking, no messaging, no other stuff… just add these three lines of Javascript to the top of your page somewhere inside script blocks, or include it in whatever JS file include you have:

if (top !== self && document.referrer.match(/digg\.com\/\w{1,8}/)) {


That will just kill the DiggBar and restore Balance to the Force. You know, like the Internet was before the DiggBar came around.


  1. See the Digg page for this article or just click this DiggBar link: digg.com/d1oRq4, to see how my JavaScript solution just puts you straight back to this site.
  2. Ethan Marcotte had a great suggestion for a tiny improvement: using top.location.replace()instead of top.location.href prevents the Back button being broken (i.e. you'd have to hit the Back button twice with the old method, not with location.replace()).
  3. I've written down some additional thoughts to all of this that might be worth reading, too.

Out With The Old, In With The New

Sometimes when I think about the state of the world or some subset of it, like the economy, I try to draw parallels to movies or books or some other fictional simile. Fictional for the purpose of detaching myself from history's reality which gives my mind greater freedom to accept the seemingly unreal as possible.

Such was the case today as I read Clay Shirky's excellent Newspapers and Thinking the Unthinkable, a truly worthwhile read analyzing the state of the newspaper business and drawing parallels to the state of the world before, during and after the arrival of Gutenberg's printing press.

A couple of small excerpts that touch upon important concepts:

The old stuff gets broken faster than the new stuff is put in its place. The importance of any given experiment isn’t apparent at the moment it appears; big changes stall, small changes spread.

This ring true for the Internet in ways that go far above and beyond "just" the newspaper industry: in a matter of slightly over a decade, the Web has gone from first-world curiosity to a crucial component of many global businesses and organizations. In a similar amount of time, we've collectively gone from an information hunger to an information overload for the average person.

More tellingly, between 1996 and 2009, we've gone from relatively stable industries to a world turned upside down. Industry after industry has needed to adopt to the digital age and industry after industry is being reluctant and stubborn for as long as it can. Look at music. Look at movies. Look at news. Look at books.

Plenty of industries won't be replaced or revolutionized by the Internet, but even in the ones that are "safe" are likely to, at the very least, be significantly augmented by it. Amazon does not have any brick and mortar stores, yet nowadays they sell almost any product you can think of. Retailers still exist everywhere but they face strong competition from online stores such as Amazon, and have since started adopting additional means of drawing people to their stores (see Barnes & Nobles and Starbucks).

If you think your industry is completely safe from the powerful reach of the Internet, think again. You might give the example that the big three auto companies are failing for reasons that have nothing to do with the Web, but you'd be wrong: building inferior cars and having poor management are the root cause, to be sure, but the Web has made that information readily available to anyone, anywhere, who might be shopping for a new vehicle.

What the Web has done is make it incredibly easy for one to compare cars from manufacturer A to manufacturers B and C and beyond with just a few clicks online; when it's that easy, the flaws or limitations in a car become anti-selling points to all customers, not just the ones who happen to have competing car dealerships in close vicinity.

Information is power, and the Web brings all information, everywhere. Companies and industries alike will need to adjust to that; the information publishing industry is simply one that is affected by it in every conceivable way, and so the effects are far more noticeable (and solutions to deal with it more dire).

Another excerpt from Shirky's essay (emphasis added is mine):

Imagine, in 1996, asking some net-savvy soul to expound on the potential of craigslist, then a year old and not yet incorporated. The answer you’d almost certainly have gotten would be extrapolation: “Mailing lists can be powerful tools”, “Social effects are intertwining with digital networks”, blah blah blah. […]

In craigslist’s gradual shift from ‘interesting if minor’ to ‘essential and transformative’, there is one possible answer to the question “If the old model is broken, what will work in its place?” The answer is: Nothing will work, but everything might. Now is the time for experiments, lots and lots of experiments, […]

If there was but one sentence any CEO of a company in an ailing industry should keep in mind at all times, it is the highlighted one: nothing will work, but everything might.

The threat for companies, and newspapers in particular, is not so much the Internet itself, it's business models that are based on a pre-Internet age. The old models for business, for economy, for distribution of almost anything—they don't work anymore.

Here's how I interpret Shirky's "Now is the time for experiments": now is the time to start shedding ourselves of all the old ways of thinking about business, about how our economy works, about our existing models for everything, and instead to think in brand new ways that take the existence and power of the Internet into consideration from the get-go. Ask yourself not: "how does the Internet threaten me?" Instead, ask yourself: "how does the Internet fit into my ability to do business?"

The Web is here to stay, and it has upended many industries and redefined others. The old way of thinking is simply not compatible with the new age that we've already entered, and the more you cling to old models, the faster you'll discover that they no longer work.

Sprint: Anthem

This might be the first time I've ever seen a Sprint ad that comes close to communicating the right message. I still don't think this is as good as it could (or should?) be for every day customers to be really convinced, but it does one thing very successfully, and that's getting across that a lot of things are happening "NOW" on their network.

(via @cookiecrook)

Findings from the Web Design Survey, 2008

A List Apart publishes the findings of their Web Design Survey from last year. Always tons of good information in here for anyone who works on the web.

(This post links to a temporary URL for the findings so it will change (i.e. feeds may be updated) as soon as their permanent destination is ready)

Social Media's Greater Value

A week ago, Matt Haughey wrote about How Social Media Really Works; I personally found the post to leave an opportunity unused, so this is my attempt at complementing it.

Matt concludes his post with:

So maybe instead of getting your company on twitter, paying marketers to mention you are on twitter, and paying people to blog about your company, forget all that and just make awesome stuff that gets people excited about your products, hire people that represent the company well, and when your stuff is so awesome that friends share it with other friends, you may not even need "social media marketing" after all.

Here's where I feel Matt's entry is incomplete: it is absolutely true that making awesome products and letting Social Media users (bloggers et al) get excited about your products is much better than trying to do marketing on social network sites like Twitter, but it is a very passive stance towards Social Media.

Matt's presented causality flow is something like this:

Make great products -> people get excited about them -> people blog about them -> other people read those posts -> other people end up excitedly buying your products, too

Perfectly rational and accurate, but in this model the company basically sits on the sidelines after the initial "Make great products" step. I can't imagine many companies to be satisfied leaving it at that. I know Iwouldn't if I ran a company making great products. I'm not even happy to leave it at that simply working ata company making great products.

Social Media is providing companies (and individuals!) with the opportunity to add value to products in many different ways, or more specifically, in many ways that were never-before possible or available. Now, instead of making a product, running some marketing for it and ensuring good customer support, there's a cavalcade of social networks upon which you can extend your brand identity, your support channels, your marketing potential, your customer participation and involvement rate, everything.

What Social Media really is, is a huge communication channel straight from you to your customers. And it is an all-purpose communication channel, so don't limit it to marketing messages from you to them. Instead, consider some of these additional venues:

  • Use Twitter to offer direct customer support by searching for your products' names onsearch.twitter.com to see if anyone is having trouble with a product. Twitter has become a collective support channel for pretty much every product in the world, all you need to do is look for the ones using yours;
  • If your product involves a hobby or a passion of sorts, have a presence on the related social networks, e.g. if you make products related to photography, be on Flickr and showcase how your product might be of value to people through real-world usage, not highly polished marketing ideas*;
  • Use social networks to pay attention to how customers feel about your products and, where possible, get them involved in the discussions over ways to improve them. Interacting with your customers directly through more than just your support or troubleshooting channel is of tremendous value;
  • Stimulate your customers through interact with each other — if they can be creative with your product(s) and possibly others, helping them come together to do so may create an entire subclass of customers that will evangelize your product simply through their creativity.

These are just four examples out of many possible ways you can extend your brand, your company's presence and your customer satisfaction by leveraging Social Media. The key is to take an active role in participating and using social networks for more than just additional marketing platforms. There is great value in Social Media, but it's not advertising.

Setting Your Product Apart in the Market

Yesterday, the guys at Tapbots released a new app for the iPhone and iPod Touch: Convertbot [iTunes link]. To accompany the release of the app, Mark Jardine, designer of the app, wrote a nice blog post detailing the process he went through and the reasons behind some of his decisions. The whole thing is worth a read, but I'm going to focus just on this one segment:

There is a slight learning curve in using Convertbot, but we don’t see that as a bad thing. Our apps are designed more like a game. Whenever you play a new video game, you need a little time to learn how the game works and how it controls. Even the most well-designed game interfaces require time to learn and get comfortable with.

What Mark touched upon is a true gem for any company—but especially startups—that are looking to make their product(s) stand out in the market. A good marketing campaign may do a fine job at putting your product in people's minds, perhaps you'll even succeed at convincing them it's somehow better anddifferent from all competing products. But that effect will last you only a little while past the campaign's expiration date.

Learning things; performing utilitarian tasks; keeping track of your medications; these are all things that are considered dry, boring, mundane chores, but they don't have to be. By borrowing concepts from games the User Interface on these tasks can be made more fun and playful, which is something that will resonate with people of all ages.

Users will unlikely be able to isolate what exactly it is that makes them enjoy your product over others, but even if only a small percentage is able to vocalize it to the rudimentary "it's just fun to use", you'll have achieved some significant success. Nintendo's Wii console wins no competitions in terms of graphics, processing power or typical game complexity, but since the console and the games on it are just so much fun, they can't quite sell enough of them.

Of course, that is a video game console example; it had better be all about the fun! Let's look at another example.

At this point I'm immediately reminded of the Brain Challenge [iTunes link] app on the AppStore: it may be designed, presented and marketed as a game, but it really is a training tool to keep your gray mass in shape. It's just so much fun to use that you'll be that much more inclined to send your brain to the gym each day, so to speak. Imagine the unmeasurable value coming from turning a helpful task into a fun game to play.

This philosophy does not limit itself to applications. In my opinion, anything that is a user interface of some sort can benefit from these principles, including a website UI. The site formerly known as I'm In Like With You had this figured out early on, but then went into the gaming direction entirely and got rid of the original idea that had brought it to life. They've now become an online arcade of sorts, which doesn't interest me personally, but back in the early days it was a highly fun site designed for making new online and real-life friends through a variety of gaming-inspired methods.

The unmeasurable value of how much fun something is, is a most crucial element in education. Linda Popolano wrote about this very thing in her recent column, Making Learning Fun Again: A Critical Element in Deschooling. In it, she tells of her son's disinterest in learning and how she used a large variety of ways that made the process of learning fun, and how that completely changed her son's attitude towards learning around.

Back to setting things apart in the market. Taking cues from video games to enrich your product is not enough by itself to make it great, but if your product is a lot of fun to use then you have yourself a recipe for more sustained success, even though it won't be easily measured by any normal metrics. You'll just know it from your happy customers.

After all: if your product is fun to use, then there is nothing that keeps a user from reaching for it when she needs it.

Upcoming talks

Here on My own website

Subscribe to this site