Facebook Apps Not HTTPS Enabled?

I much prefer to use sites with the encrypted HyperText Transfer Protocol (https) because it is a more secure connection. It is not just for banks or shopping. So I jumped on the chance to use https for my use of Facebook on more than just the login. Only now I am annoyed by the message I have to turn off https to use apps.

Switch to regular connection (http)?

Sorry! We can’t display this content while you’re viewing Facebook over a secure connection (https).

To use this app, you’ll need to switch to a regular connection (http).

First, the main Facebook address is www.facebook.com. This message occurs when going to apps.facebook.com with https. AIt means one should go to Account > Account Settings and click the “change” link next Account Security. Finally, uncheck “Secure Browsing (https): Browse Facebook on a secure connection (https) whenever possible”. better design for this message would to give a button where people could turn off this setting. Clicking the continue button turns off https. What this page does not make clear is apps users have to make a choice: 1) be more secure and not use any apps or 2) be less secure and use apps or 3) remember to switch back and forth. I suspect many people will go with the less secure option.

Second, I suspect the reason why apps.facebook.com is not protected is because the https protocol does not allow for two parties on to provide items in some elements on the same page even if both are secure. This is because one party cannot ensure another is not doing something illegitimate.

Still, there should be a handover from https to http for apps.facebook.com. A warning to users who want to have secure browsing they are no longer so would be nice. Really they should be clued in by their browser address bar, but most people would not notice that, I think.

Supported

(This is an post I wrote back in November but didn’t publish…. Until now. Have fun!)

Mitigated speech gets a lot of use by people trying not to offend. All too often, people who have been hurt because of mitigated speech question what isn’t being told as though the omission or gaps are intentionally deceptive.

What are or are not supported browsers came up again. The trick here is the mitigated speech used with the levels of support. I assume the intent is clarity.

  • Certified – supported with complete testing done.
  • Compatible – supported with some testing done.
  • Provisional – supported with some testing done before official release.

Certified is taken as supported by all parties. Compatible and Provisional are interpreted as not supported because the complete testing has yet to be done. I think Blackboard’s intent was to mark them as supported but qualify how customers might encounter issues due to not fully testing. This means Blackboard is interested in learning about the problems encountered in order to address them.

At least that is my interpolation. Mmmmmm the Kool-Aid is good.

Name Collisions

Blackboard has a conference they call BbWorld. I noticed there are some odd tweets with the same #bbworld hashtag lately. These appear to be about a Blackberry conference to be held next month.

Collisions on names are common enough. For example, here are a couple names our clients use to brand their sites which other places also use.

My own project, GeorgiaVIEW is not immune. Some time ago I noticed the GeorgiaView Consortium (geological remote sensing) at the University of West Georgia.

I guess it is a good thing one Bbworld is in July and the other is in September.

For now I’ll just drop my RSS feed for the hashtag.

No Hiding From Blackboard

Some former WebCT (bought by Blackboard) customers switched to ANGEL rather than move to Blackboard products. PDF Apr 14, 2009 Today, Blackboard announced it is buying ANGEL. You can run, but you cannot hide from Blackboard.

Some light reading for you…

  1. Learning, Together ANGEL Learning and Blackboard® have decided to join forces.
  2. Blackboard Plans to Buy Another Rival, Angel Learning | Chronicle.com
  3. Why HigherEd is rejecting Blackboard … | Laura Gekeler
  4. Open Thread on Blackboard/ANGEL Merger | mfeldstein.com

So the options left are…

  1. Blackboard-WebCT-ANGEL
  2. Moodle
  3. Desire2Learn (currently in patent troubles with Bb)
  4. Pearson eCollege
  5. Sakai

How Not To Break a Frame

Correct:

<script language=”Javascript” type=”text/javascript”>
if (top != self)
{
top.location = window.location;
}
</script>

Incorrect:

<script language=”Javascript” type=”text/javascript”>
if (top != self)
{
top.location = “/webct/urw/lc18361011.tp0/logonDisplay.dowebct”;
}
</script>

The problem with incorrect is the address used here is not the address in the location bar.  The one in the location bar has the values required to login. Instead I get something which causes users to be unable to login. Example: So we send someone to http://westga.view.usg.edu. They get redirected to another address in which we provide the glicid, insId, and insName. Correct breaks the frame and gives the browser back the same address. Incorrect breaks the frame and gives the browser back a different, non-functional address. Bad. Bad. Bad.

WebCT Vista 3 used the Correct JavaScript which just passes back the address used. Blackbord Vista 8 for some reason changes what worked to Incorrect.

Yay for first day of classes.
🙁

UPDATE 1:

It gets better… Bb Vista’s Custom Login and Institution List pages are unaffected (aka use the Vista 3 style JS). Only going to the generated logon page, loginDisplay.dowebct, has the issue.

Protocol Change?

I have a habit of not typing the protocol (http:// or https://) when typing an URL. Except, when I enter a port in the address line. I hit the Home key and add the protocol then. I am pretty sure I picked up this habit to work around a problem.

I just tried not supplying the protocol for a URL using a port and did not encounter a problem. Maybe I was neurotic and just imagine I needed to do it. Still, I feel relieved to drop a habit.

We Need a 4th Vista DBA / Technical Support

Work for OIIT!

Become our 4th DBA / technical support person for our team.

  • Located in Athens, GA (college town, UGA football)
  • $, benefits, generous leave, rare snow
  • we love open source
PDF of GeorgiaVIEW DBA position

Check out the PDF (right) for more information.

Sorry for the convoluted route to the application…

  • Click this link to go to our HR site.
  • Click the “View Job Postings / Apply for Job” link.
  • Check the “Information Instructional Tech” box.
  • Enter “learning” for the keyword and click search.
  • Systems Support Specialist 3” is our DBA position. We also have a Business Systems Analyst position for a less technical position.

We’d love to have you.

Who Are You?

I’m so vain…. I probably think this post is about me….

Probably only people who do vanity searches notice this, but there are spiders pulling names off web sites. They link the names to companies, blogs, and other web content. Supposedly, these sites allow online reputation control. Rather than you claiming your identity as others in this market, they list you in their database with the hopes you claim it.

See, you probably have accounts on several web sites. The idea is to both aggregate the accounts and prove ownership. If your name is John Smith, then you probably are getting confused with other John Smiths. You’ll provide where you work, contact info, which sites belong to you. The site will provide a feed showing your activity in each of these.

My name is pretty unique. If you saw my full name on a site, then would you doubt that its me. Okay, let’s forget the guy who masqueraded with my name a few years ago. Lots of people say I have the best names. He took it too far. By contrast, there are others with my first name who pop up higher in Google. So, you’d need the whole thing. I notice people arrive at this site by putting that name in search engines, so I am pretty sure it works. Naturally, all the sites where I wish to stay under the radar don’t have my name on them.
🙂

See… I knew I’d make this post about me.

Am I the only one who remembers fascination with the Deep Web (aka Invisible Web)? The idea of these online reputation services, I think, is to bring positive content up in rankings up to the more shallow areas. Trick is, the users need to be aware of what is and is not positive. Linking your name to your Facebook (used to be Deep Web but less and less of late) profile and giving the world access to pictures of you passed out drunk probably isn’t positive online reputation control.

links for 2007-07-18

.