Facebook security compromised?

Is it just me or is Facebook’s security not working as it should this morning? On logging in today the login screen presented me with another person’s login email (but not password) and seems to be doing this on a regular basis. What’s more, when logging in as myself I’m taken to the News feed page of another person entirely. I can see their notifications, and access their friend’s profiles (who are not friends of mine). Sometimes when I click on Profile to go to my profile page I’m taken to somebody else’s profile entirely (but in read only mode)

As I write this it seems to have started behaving itself. However there was definitely something wrong there for a while. I don’t know if it was with Facebook itself or some intermediate proxy issue (but then surely FB are setting no-cache on their pages?)

Nope, It logs me in ok, and shows my news feed, but when I click on the 1 notification it tells me I have it goes off to somebody elses notifications. Oops. Now I can access their inbox 🙁

I think somebody needs to page a Facebooker out of bed!

20,000 views on flickr

Just noticed that my flickr account has gone through 20,000 views, just under 5 months since making 10,000. As with my lack of blogging, I’ve not been in a position to get the DSLR out much over the past month. What photos I have taken have been with my Nokia N80 and have appeared on Facebook. I’ve settled into a nice split between the two whereby the more creative photography goes up on Flickr where I seek peer recognition and comment. The more social/snappy stuff appears on Facebook where the majority of my social network are connected with me and where it is subject (i.e. people who can be tagged) rather than composition or other technical aspects that are interesting.

Lack of blogging

Apologies for the lack of updates to this blog in recent weeks. This due to a combination of being too busy in my new job, not having broadband at home yet, and the fact that my weekends have been taken up with wedding planning, football, stag do and this coming one with my parents coming over.

Normal service will probably be resumed just as soon as we get our phone line sorted out and can get broadband connected. I don’t care about being able to make calls, just give me an IP address!!

Debit card annoyances

Naturally as I now live and work in Ireland I have an Irish bank account, and an Irish debit card. My nice new card is stuffed with logos. On the front it has a Laser logo, and on the back are Maestro and Cirrus logos.

Laser is the debit card system in Ireland. If you are unfamiliar with the concept of a debit card, it is a card for which you can pay for goods and services directly from your bank account, unlike a credit card which as the name suggests operates on a credit system. If you don’t have enough money in your account then your debit card transaction may be declined.

Maestro is the de-facto European standard for debit cards. Cirrus is the de-facto European/World system for ATM withdrawl cards. In the UK I happily had a card from my bank which carried both the Maestro and Cirrus logos. I could use it to withdraw cash anywhere in the world (well, anywhere I tried to) and I could pay for goods and services in many countries and over the ‘net using Maestro.

Naturally I was happy that my new Irish card carried these logos, though I was intrigued about the Laser one. It turns out that Laser is a debit card system solely for use within Ireland. It works in exactly the same way as Maestro in most senses. This is great for buying my Starbucks, but leaves me stumped when trying to buy stuff over the ‘net from the UK.

No problem I thought as my card also carries a Maestro symbol. The problem however is that it appears that Irish Maestro cards (at least from AIB and Bank of Ireland) don’t actually fully confirm to the Maestro standards. The most obvious omission is an issue number. This leaves you ok for point of sale transactions abroad where the card is physically swiped and a PIN entered, but means that the card cannot be used for ‘net or phone based (i.e. customer not present) transactions. This is a major annoyance meaning I am currently reliant on my existing UK debit or credit card for such stuff. Seen as I don’t get paid any money in the UK anymore, this is bothersome.

What makes it worse is that even some Irish services are rendered unusable due to this problem. For instance I tried to book tickets to see Shrek The Third at our local Vue cinema last week. I popped onto their web site and got through to the payment section. I happily selected Maestro (no Laser option), entered my card number, my CCV number, but wait a minute – it’s asking for an issue number. Putting the transaction through without it failed. It turns out that online payments for the Dublin Vue cinema are handled by Vue’s UK based payments system.

I’ve seen one reference online to the fact that the Irish clearing banks are not linked up to the rest of Europe in the way that other countries are, hence online funds verification can’t take place and the Maestro facilities the Irish banks can provide are subsequently restricted. I don’t know how true this is.

Time to get an Irish credit card. Good old Visa, accepted everywhere 😉

Project Zero and why community driven commercial development is good.

Whilst many colleagues have already blogged about it, I thought I’d just do a quick post about Project Zero. The aim of going public with the site is to provide a community based development aspect around some work that IBM has been tinkering with for a little while now. The goal of Project Zero is to define a revolution in dynamic web application development by bringing together scripting from Groovy and PHP along with RESTful web services, Atom feeds and (say it quietly) even Java.

The interesting thing about the who project is the approach it is taking towards community driven commercial development. Project Zero is not going to be open-source software, so the immediate question is what value does making it’s development community driven have? I think the best example of why socialising the Zero technology core at this stage is a good thing is to make a comparison with another IBM technology vision which started in a similar way, namely Service Component Architecture (SCA)

As I’ve written about before, SCA started life within IBM as the brainchild of a couple of people. From there it grew and a lot of work was done by some talented people (and me) to prototype it, define the programming model and turn it into a technology which we could build a product on. It became the basis of WebSphere Process Server (and thus WebSphere ESB) and really lies at the core of those products. Along the way IBM started to work with BEA and then other vendors to open the spec up, to the point where it is now going through OASIS.

So, we’ve had products in the market built on top of a lot of internal work to define SCA. The problem is however that SCA has evolved much quicker in the open than it probably would have done if it remained entirely within IBM. Had it been kept internal then we would be able to easily manage the trade off between feature and function versus other considerations such as API compatibility from release to release. Problems such as the latter are likely to be more significant as the openly evolved SCA diverts more quickly away from the original IBM implementation (Note, that’s not to suggest that customers with WPS/WESB will suddenly break as and when those products adopt the openly developed SCA spec!)

Now compare this with the community driven approach being taken by Zero. Once again the initial core ideas have come from a small number of people within IBM. They have been socialised a bit within the company (indeed, there’s was and still is a significant amount of input into Project Zero from my old stamping ground in Hursley, some of which I was lucky enough to be involved with when I was there) The difference is that there was no IBM product deliverable driving the creation of Zero. It’s whole raison d’etre is to radically simplify the process of web application development, and the early and hopefully significant input of the wider community can only help those working on it to better understand the problems, issues and their solutions. By getting this input much earlier than ever before in the way these type of projects are incubated within IBM then hopefully the result will be a technology which is more feature rich, stable, performant and documented then ever before, which future IBM products can utilise, and which will help our customers be more successful. As a customer (or even a prospective one) you get to have much more input into what we do as a development organization as well.