Facebook Fatigue?

Wherever I look, the papers, my RSS feeds, Twitter, … Facebook: it’s people complaining about Facebook. But to me it seems a bit like people that binge-drink every night complaining about beer.

There are many problems with Facebook currently, particularly when used the way most of us seem to use it. And apparently using it the way most people do, causes them to take leaves of their senses and yield autonomous control over how they use it altogether.

So, here’s my tips on how to get control of your life back, without having to go full on attention prossie and drama royalty and threaten to leave your mates:

You don’t want to be notified

The primary vector for addiction on Facebook are the reactions, but the real kicker is the fact that you keep getting buzzed for each reaction posted.

You’re probably someone who says they’re on Facebook to know what their friends and family have been up to and maybe to find fun events or kill some time when you have nothing better to do, right? You don’t need your phone or your web browser to remind you to come back every couple of minutes.

So go into your phone’s settings, and turn off all notifications for the Facebook app. Don’t leave it up to the app itself, just shut it out altogether – you have literally no need for those notifications and you can catch up in your own time.

This slideshow requires JavaScript.

And tell your web browser the same, no notifications – if you don’t know how, an easy way to double check all the stuff you told Facebook not to bother you with comes up if you get rid of your Facebook cookie (see below) and then this:

This slideshow requires JavaScript.


‘Block’, surely.

You can use a password manager

Unless the basic concept of using a computer is still quite daunting to you, you can use a password manager like everyone else. Lastpass, Keepass, you name it.

What does this have to do with Facebook? Just go on Facebook and check Settings – Apps and see how many applications you’ve authorised to get (some of) your info from Facebook. In many cases, you will have authorised them because you wanted to use Facebook to log you in automatically. It’s convenient, sure, but it also requires that you are always logged in for it to work smoothly.

(note that many will be apps on your phone, others will be websites – I’m only talking about the websites here, because some apps may even require you to log in using Facebook. Check them carefully though. Do you even use those apps?)

I cannot stress enough how important and frankly ridiculous this is. We complain about Facebook threatening our privacy, but most of its users are always logged in to it from our web browsers. You’re willingly giving your information to Facebook with every site you visit. Do you just close the Facebook tabs when you’re done, or do you log out first? Do you even know where the link to log out is? (It’s at the bottom of the menu with the little arrow, all the way in the top right)

With a password manager installed, this is what I’m greeted with when visiting facebook.com:

This slideshow requires JavaScript.

Always being logged in on your browser means Facebook can see where you’re browsing, what sites you visit and depending on how deeply they are integrated with sites you’re not even logged in to, even what you’re buying or looking at. And the only reason you’re logged in is because you’re either too lazy to set up a password manager once, or to click the ‘log out’ link on your way out.

If you don’t have two-factor authentication on your Facebook, you can also choose to install a browser plugin that just deletes the cookie for a website you’re on (like this one https://goo.gl/7Arruy) – having one of those is a good idea anyway. If you’re on Facebook and you hit the button, it logs you off and forgets all about you and that site.

But doing this also causes your browser to forget that you told Facebook you don’t want two-factor authentication every single time. So, you have a choice to make. But please don’t disable two-factor over this – I’d recommend you keep using it and either enter it every time you want to get on Facebook (if you don’t want it bad enough to enter the number, why are you even going there?) or just use the menu ‘log out’ option.

A reality check

You don’t just have to believe me either. Your paranoia alone isn’t the best adviser, so why not go and check for yourself? Let’s say you’re reading the NY Times. Who’s reading along. If you use Chrome, like I do, you can just click the lock icon (with ‘secure’ next to it in friendly, glowing green letters):

This slideshow requires JavaScript.

Whoa, 160+ cookies huh? (and that’s after a few reloads, I started out with over 300) And sure enough, if you open the long list, Facebook is in there. You’ll find that Facebook stays in there, even if you removed your cookie, but if you look at the information that’s on that specific cookie, your personal information will no longer be there. Now you’re just a part of the faceless masses – still getting tracked, but at least you have some anonymity back, for what it’s worth.

Try this on sites you visit regularly while logged in to Facebook and you’ll start to get a sense of exactly when Facebook is hitching a ride and looking over your shoulder.

You probably don’t have to use it

Many apps present you with an easy Facebook login button. It’s tempting, I know, but frequently there will be an option to just sign up for the app using your e-mail address instead. Go through your list of apps (Facebook web page, down arrow at top right, Settings, Apps on the left) and just check them. Do they really require Facebook as a login?

This slideshow requires JavaScript.

You may not mind for some apps and services, but don’t assume you have to use it if you’d rather Facebook didn’t know about your use of the app. And if you switch from using a Facebook login to using an account specifically for that app, remember your password manager (don’t reuse passwords, reusing passwords is bad, m’kay?) and remember to remove the app’s permissions from Facebook – they sure won’t do it for you.

Logging out on the phone?

If you want to use the Facebook app on your phone (have you considered just getting rid of it and only browsing Facebook on your tablet or PC?), logging off every time is likely too much trouble – it is for me, and I do use the app. But at least you can limit how intrusive the app is.

And if you do use the app, consider getting rid of other Facebook apps, like Facebook Messenger. Signal is good. Or maybe Whatsapp (also owned by Facebook, but at least it’s somewhat properly encrypted and doesn’t track the content of what you’re saying) are good alternatives. Just compare the level of access the Facebook Messenger demands from your phone to what these apps require and decide for yourself. And ask yourself: do you really want this company reading along with everything you’re saying and everything that’s said to you?

Permission denied

And speaking of permission: does Facebook really need that permission to read your location or listen to your microphone? Of course, if you specifically use features like checking in or recording audio fragments, it will – but the problem with almost all smartphones is you grant this permission either not at all, or completely. So, you have no way of telling easily when Facebook is keeping tabs on where you are (or, according to some, what sounds are around you, although I’d take any stories like that with a grain of salt).

The point is: if you don’t need Facebook to have these permissions, take them away. You can always grant them later. See the slides under ‘You don’t want to be notified’ for the location of the setting.


Please do ask, I’d happily update this page if something is unclear about it, or if you feel I’ve missed an important option or setting.


A handy solution to a disarming problem

The puns may get me some w(r)istful looks, but after Simone took a 9-year old kamikaze pilot to the pedal bike, we’re in dire need of some light-hearted humour to lift our spirits…


That ‘sprained’ wrist turned out to be broken. In two places, in fact, the radius and the tricky scaphoid. So that cast will stay on for six weeks minimum, and hopefully no more than that.

Of course, typing is a real pain with this whole situation, even though she’s lucky that it’s her left hand and not her right (mouse) hand. We immediately scoured the net for some easy solutions for one-handed typing, but most relied on dodgy software or text-prediction with half-assed dictionaries.

Luckily, Max Baker, back in 2008, had the same idea and scrounged up a super-useful AutoHotKey script for one-handed typing by a forum user known as ‘mbirth’. I have found AutoHotKey to be one of the most generally useful pieces of utility-software on the planet anyway, and it did not disappoint on this account either.

The script causes keys on the keyboard to be mirrored onto the same position on the other hand (if you’re a standard blind-typist).

Max needed something for the left hand (a nice solution if you don’t want to let go of your mouse), but of course Simone needed a right-handed solution. The script is well-written though, so it was as easy as flipping the original and mirrored key definitions around. I then figured a one-size-fits-all solution would include both left and right hand and would just flip the whole keyboard.

I like Max’ suggestion of flipping the key caps, but it’s less practical on a laptop, so a few dollars spent at a news agent and a Sharpie-scribbling session later, we managed to get around the problem of remembering key positions as well.

This slideshow requires JavaScript.

Problem. Solved.

(whole solution for download here, if you need it – get AutoHotKey from their own site)

QR codes rock, strictly personal tablets don’t

Although I am aware of (and use) wonderful services like Read It Later, Springpad, Evernote and the ability to send myself links through various means such as mail, Twitter, Facebook updates or the old “typing what I read”, I find that shooting a QR code beats all of the above for ease of use and speed. Here’s the situation: I like to read ezines (web magazines, whatever you like to call them) on a tablet. In my case, I read them using Pulse on the Xoom. Sometimes I find something worth sharing, but here’s the problem: my wife and I share the tablet, so it’s not configured to use either of our social network logins.
Continue reading QR codes rock, strictly personal tablets don’t

Virtualbox running PostgreSQL

If like to keep the PC I use for development as clean as possible, to reduce the odds of “other installed stuff” influencing whatever I’m writing. Whenever I need to install some kind of server-type software on it, I prefer to use small virtual machines to install them in. Like a sandbox running the server, which I can just start and access from the host machine whenever I need it. Another big advantage of this approach is that it allows me to just copy the entire virtual machine to another machine and run the server there, for example on a colleague’s machine. Below are some tips on getting the open source database server PostgreSQL running on a virtual machine, accessible from the host (or any other machine on your network).
Continue reading Virtualbox running PostgreSQL

Rant: welcome to 2011, not unlike 2001

Remember how mediaplayers were really primitive back in the day? How they always had trouble keeping your music properly sorted and display the right metadata for whatever format you preferred? I bet you do because nothing changed, really. (Yes, I know, “RAEG” right?)

When I drop my properly standardized ID3-ed MP3’s and FLACs into my player, I get all sorts of interesting effects. And before you start, we’re talking about my own CD’s here. Ripped to FLAC for playback on my media center and MP3-encoded for convenient use on my smartphone and other devices. Depending on where you live, that may be illegal or borderline illegal, but where I live, it’s legal – at least at the time of writing. At the worst, we could be having a discussion about the legality of mp3-encoding.
Continue reading Rant: welcome to 2011, not unlike 2001

Two admins and a security hole

If you’re like me and you trust your wife to be the other admin on your desktop PC running Windows, you may have a serious security hole. I didn’t realize until recently, but if you’re logged in to Windows 7, or Windows Vista for that matter, and you’re an administrator, you get to change all users passwords, including the passwords of other admins without exception.

Now, if you try to change the password for your own account, you have to enter the old password before you can change it into a new one. But here’s the thing: for other users, even admins, there’s no such requirement. Of course it makes sense that you don’t have to enter their old password, how would you even know? But it doesn’t require you to enter your own either.
Continue reading Two admins and a security hole

Fight flames with Unix and Firefox

Thanks to my colleague, who went tripping around Andalusia in the south of Spain and spotted several of these fire extinguishers. Finding the Firefox alone would have been awesome, but the Unix one takes the cake. Between these and the ubiquitous “Bimbo”-brand bread (which is originally Mexican), the Spanish seem to have a knack for branding that raises some eyebrows and lifts some corners of mouths in Anglophone countries.

Firefox fire extinguisher Unix fire extinguisher

Geordi and Picard prefer Android

If you’re still on the fence on which smartphone OS you prefer, maybe this will swing you towards Google’s Android:

Geordi Laforge and Jean-Luc Picard prefer smart Android

Geordi Laforge and Jean-Luc Picard are talking on a phone, conveniently housed in the innards of the popular android Data. (Note how I didn’t mention their respective ranks, to avoid coming across as too much of a geek – or worse: a Trekkie)

The shot is from “Phantasms“, an episode (#158) of the TV-series “Star Trek: The Next Generation”. And in case you’re wondering: no, I did not shop the phone in myself, it’s the actual shot from the series. And yes, the lousy shopwork with the mismatched placement of the phone is in the series as well. In the scene itself it doesn’t show as much, since there’s another shot of Picard talking inbetween.

Getting out of Redirect Hell

Recently, many redirect services have been popping up. From my perspective, it seemed to start out with the success of TinyURL.com which saw a lot of use in newsgroups, instant messaging and e-mail. The main advantage at the time was the prevention of problems with clients and servers adding linebreaks to long URLs posted verbatim, breaking the links in the process. With the advent of microblogging and Twitter in particular, TinyURL got more popular and other services started popping up like the popular Bit.ly.

Now, people are voicing concern about Redirect Hell, since services have started creating redirections to redirection services. How does this work? Well, a service like Bit.ly is fairly simple. It allows you to enter an arbitrary URL. It quickly checks if it has seen it before and tells you its short version for it, if it has. If it hasn’t, it generates a new and unique short URL – often a random arrangement of characters like http://bit.ly/d30KsT, which happens to link to this page. Whenever anyone clicks a shortened link, their browser tries to get them that page (starting with bit.ly) and the Bit.ly service just tells the browser the original address, sending the browser there instead (this is called redirection).

If this ‘original address’ is yet another service like Bit.ly – say TinyURL – it will tell the browser what it thinks the original address was and send it there, i.e. redirect it again. Try this one http://bit.ly/cST1h0; did you enjoy the confusing page inbetween? Now Twitter plans on adding another service on top, changing all links to links starting with t.co. So, you could end up clicking a t.co link, getting sent to a bit.ly address, then getting sent to a tinyurl.com address and finally ending up at the lolcats.com address you were interested in.

Now I am wondering: what is stopping a service like t.co from resolving all known redirectors like bit.ly themselves and directly redirecting the user to the non-redirecting result page?

Instead of the user going down the t.co >> bit.ly >> tinyurl.com >> lolcats chain, Twitter could do that in it’s own spare time and update the initial t.co >> bit.ly link to t.co >> lolcats. They would still get all the information they want (i.e. “how many people link to what” and “how many people clicked this link”) and their users get snappy performance. As a bonus, the full redirect chain only happens once. Everyone we care about wins.

I can see how bit.ly c.s. wouldn’t be amused about getting cut out of the loop, but there’s really no stopping it. Unless of course they fight back and block any requests from known t.co ip ranges, but there’s ways around that too…

Settings in the hash part of a URL

The use of Javascript to add interactive components to websites has become commonplace. Whether you use jQuery, Mootools, Yahoo UI or any of the other popular JS libraries to enhance the user interface, AJAX really helps to add fluid interaction driven by server side data, without requiring the entire page to reload. (or AJAJ if you like JSON like I do, let’s just say the ‘X’ stands for ‘any structured data format’)

If you’re serious about accessibility, you’ll also keep the WCAG in mind. One of  its requirements is that you should never hide content behind a technology with limited availability. So, no information presented in a Flash application if you don’t offer a non-Flash alternative. Strict supporters of such guidelines take it one step further and demand that all functionality, even the features you add for convenience or plain bling, is essentially available if most of the supporting technology is turned off.

The reasoning goes a little like this: a website is there to perform a function or provide information. If people want it to look nice, they can have CSS. If they want interaction and save time on page reloads, they can have Javascript. If there is something that absolutely requires more than a webbrowser has to offers (at the time), you can consider writing a Flash application. Video used to be such an application, but HTML 5 promises to change that

The Problem

One part of the interface that’s commonly forgotten in all this is the URL. Of course the WCAG give you some guidelines on how URLs should be formatted, but compared to web pages, that’s like only covering HTML and CSS and forgetting about scripting.

The URL is an important part of the user interface. Some people use it to identify what it is they are looking at. Some of those may even modify the URL as a shortcut to reaching a specific place on the website. The URL is also what all browsers use to create bookmarks and what some add-ons and plug-ins use to get information about what the user is looking at.

But for (very good) security reasons, you have little or no control over the URL from JavaScript, at least not without a round-trip to the server, reloadig the entire webpage. An example of a security reason is that a user should not be fooled into thinking they are looking at ‘paypal.com’ when they are actually looking at ‘iscamyou.net’.

Still, having no control over the URL means that the user is limited to bookmarking the page that they originally visited. Any changes you make to the page through JavaScript interaction won’t be reflected in the URL.

The Solution?

You could notify the server of change on the client using AJAX. But this will only work if the user returns using the same browser, or when they are logged in somehow. Since many people use multiple computers or browsers sharing bookmarks using applications like Xmarks, this doesn’t really work. It’s also no good if you want to share a bookmark with a friend, since the saved information won’t be available to them.

There is one part of a URL that you are allowed to modify using JavaScript, the hash. This the very last part of a URL: protocol://user:password@domain/path?query#hash. For example ‘#/two/four’ in http://grismar.net/hashjs/#/two/four. The problem with this approach is that the hash string is not sent to the server when the browser sends a request.

So, although you can save some information in the URL, allowing you to bookmark it and allowing plug-ins and add-ons to detect a change, it still won’t allow the server to determine what to send you.

The Clincher

The final piece her is to use JavaScript to read the hash right after loading the page and making needed updates (including getting any needed information from the server through AJAX) based on the hash.

Of course you should limit any information in the hash to changes you’re willing to limit to JavaScript-enabled users only. So, for anyone taking the WCAG seriously, this means cosmetic changes or changes in usability that simply require the use of JavaScript to work (animation, dynamic changes, etc.)

I ran into a good use case where I needed this when helping design a search interface for the Nationaal Archief (National Archives) of the Netherlands. Here, the need arose to search in many collections of information at once, while presenting the results in separate areas of the user interface. Some users prefer not to see specific collections and closing one of the results will allow more space for the rest of the results.

From a usability perspective, users might expect to ‘bookmark’ the state of the application as well as the query they had just run. But users also wanted to be able to change the configuration without having to reload the page after every change.

You can see a simplified example of that result here and just view the source (XHTML+CSS+JavaScript) and feel free to use it. The example uses jQuery, but of course this is not required to employ the technique. You can download a copy of jQuery from http://jquery.com.