Privacy Paradox
Facebook’s announcements the past few years are mostly the same: new features, less privacy by default, and more convoluted privacy controls. And for every one of these updates, the public outcry became a little louder. It finally reached a critical mass with Facebook’s latest update last month. Apparently, the average Facebook user really does care about privacy. Or do they? Here’s a quick chart I made plotting the rise of FB visitors vs. their privacy:
Here’s a summary: Facebook became ridiculously popular and crushed all competitors while systematically exposing more and more of their users information. The factual correctness of this chart is irrelevant. All that matters is that it mirrors public perception. So do users really care about privacy?
Of course, it isn’t that simple. Facebook has always had a difficult time with the dichotomy of privacy and sharing information, and it always will. In a previous post, I showed how Google is trusted because of the geeks who love them. Unfortunately for Facebook, they went slightly too far and pissed off two important groups: geeks and the media.
Back to the future
Let’s go back to the beginning of Facebook. Most people think that the above chart is correct and that privacy has been steadily declining. However, when Facebook was only open to students, and you were only a member of your school network, everything was open to that network by default. The scope of your shared data was much more limited than it is now, but it was completely open within that scope by default, and most people left it that way.
The underlying irony here is that by expanding the data that’s shared, and widening the scope of it, for the purpose of becoming more “social”, Facebook’s recent updates have had the opposite effect. More people than ever are completely locking down their data to non-friends diminishing the effectiveness of Facebook’s new features. Users are actually discovering the privacy settings in their profile, and despite how complex and confusing they may be, they are being set to the most private (least shared).
Putting the “social” in Social
Most of this is an overreaction by users who are being told they should care about privacy. Open data is inherent to a social network: it’s what makes it social. There are two reasons people join Facebook: to share information and to view shared information. Social networks need multiple tipping points before they are popular – more important than the tipping point of registered users, is the tipping point of shared information from them. Facebook’s early success was built on the innocence of Harvard students openly sharing everything.
There’s a growing opinion that Facebook may actually be in trouble with all the bad press recently but they have something which no one can compete with: an information monopoly. The average user has invested far too much information and time to simply walk away – especially when no real alternative exists.
OOCSS: Don’t forget about IDs
Day 1 of An Event Apart Boston is over and for any serious web developer, this event is more about thinking than learning specific skills or techniques. Nicole Sullivan, creator of OOCSS, got me thinking the most. Her goal is to write efficient, object-oriented CSS in order to increase performance. This platform is backed up by some impressive numbers done by companies such as Google and Bing which show that even just a few hundred more MS in load times leads to less users and less activity from them.
I personally like the theory behind OOCSS: abstraction and portability. Unfortunately, the quest to turn CSS object-oriented means that IDs should never be used. Nicole is correct when she says that classes should always be used since they’re re-usable. So to conclude: never use IDs; always use classes. Right?
As always, context means everything here. Nicole says never to use IDs in CSS. This doesn’t mean you shouldn’t use IDs at all. IDs can, and should, be used in HTML since they still serve a purpose.
That purpose is for Javascript. Elements with IDs can be directly selected with the native function document.getElementByID (which any framework uses too). Classes, however, are selected by traversing the entire DOM which can quickly add up to be costly on a JS-heavy site. With sites using JS more and more now, optimizing for speed and performance can’t solely be achieved through CSS. Javascript is even more important, especially when talking about Ajax.
Yes, classes are more flexible and efficient, but IDs aren’t going anywhere. Even if you don’t use Javascript on a site, there’s always good ‘ol anchor tags which need IDs to work. IDs make elements addressable which will always be needed.
Google’s Greatest Trick
What does AMC’s Mad Men have to do with Google? On the surface, not that much. But a connection led me down the path to this post. As I was reading over my last post from almost a year ago, marvelling over how prescient it was with the recent announcement of Google’s Chrome OS, it reminded me of a great quote from Mad Men:
“They don’t sell campaigns or ideas or jingles, they sell media, at a 15% mark-up. Creative is just window dressing, it is thrown in for free.”
Google’s creative, their window dressing, are free web apps and services. Of course, I am no where near the first person to realize this. It’s no secret that Google’s business model is advertising: it accounts for 99% of their revenue. Mike Elgan’s excellent article about how we are Google’s product got me thinking even more. Elgan goes on to envision how all of Google’s services will converge to eventually know more about yourself than you do and sell that information to advertisers.
But this realization isn’t new either; almost everyone knows how much information Google collects about them but they still line up to use their newest service. What’s interesting to me is the psychology behind this phenomenon. It isn’t just a straight up trade between privacy for email, maps, or searching either. People actually trust Google and that’s why they are willing to forgo their privacy. If Google wasn’t trusted, it wouldn’t matter how good their free apps were. So why do people trust the world’s largest advertising company?
“The greatest trick the Devil ever pulled was convincing the world he didn’t exist.”
There’s something that can never be taken away from Google: its humble beginnings as an academic research project by two geeks at Stanford. Replace Larry Page or Sergey Brin with a slick ad man like Don Draper and everything changes. Larry and Sergey represent the Modern American Dream for geeks – turn a research project into billions.
Instead of seeing a giant advertising company invading their privacy, the geeks view Google as a software company. That is the key distinction that everything else follows from. It’s hard to hate a company when it’s your dream employer with their academic like “campus”, 20% of time devoted to personal projects, and free food. Along with all their ever increasing number of free and open source services, it’s like giving candy to a kid.
Technology, and even more so, the internet and the web, are the great equalizers. Ordinarily, geeks aren’t the most influential group, but that all changes with the internet. I’m a big fan of Malcolm Gladwell, and his book The Tipping Point helps explain the rise of Google. Gladwell says that any successful social epidemic is the work of a few special type of people. The two that apply here are Connectors (“link us up with the world … people with a special gift for bringing the world together.”) and Mavens (“information specialists”, or “people we rely upon to connect us with new information.”), who in this case, both happen to be geeks.
Paradoxically, geeks are also the most aware and vocal about privacy. The early-adopters to each new service Google releases are always going to be the geeks. It’s obvious they don’t care about the privacy implications when they are the ones sending out invites to beta apps, writing blog posts about new features, and convincing everyone they know to switch to Google’s newest offering. If the Connectors and Mavens ignore the privacy concerns, why would anybody else listen? Once Google captured the geeks, everyone else followed.
Despite all of this, Google is still walking a fine line. When the company’s unofficial moto is “Don’t be evil”, there’s a good chance it’s inevitable – if not actually being evil, then being perceived that way.
What was Google’s greatest trick? Convincing geeks it’s a software company.
Google Chrome: The OS that’s a web browser
Google’s new browser, dubbed Chrome (for now at least), comes out today and there’s already enough blogs talking about the features and technical aspects of it. I have seen some talk about how this fits into Google’s strategy and long term plan of global domination but I think most people aren’t fully grasping the impact of Chrome.
There have been endless rumours for years now that Google was developing its own OS. This seemed backwards to me because an OS itself isn’t online, and everything Google does is online. Why would they want to compete with the Windows juggernaut (and even OS X)? A web browser is arguably the most used piece of software on an OS today. More and more web apps are being made every day (led by Google of course) which expands the domain of the browser.
So what would allow Google to increase their already massive web-presence? By building a browser that would then allow them to create even better web apps. And what would make better apps? You would have to address the 2 biggest problems of them: offline integration and stability/performance. Google Chrome addresses both of these problems with built-in Gears and their completely new Javascript Virtual Machine “V8″.
Google didn’t make Chrome so it could win the browser wars. They don’t care about their browser market share. For them, it’s all about getting more people using more Google web apps (which increases their advertising revenue). There are hints about this littered all over the Chrome comic they released. They are using open source technologies because they want other browsers to adopt these features which once again would allow more people to use Google web apps.
Google Chrome is the Google OS that has been rumoured for years. Tabs are separate processes. Web apps are the software: you can detach tabs from Chrome and via Gears and use it as a standalone application offline. There’s even a task manager!
That’s not the end of it though. This summer was the start of the “netbook” craze: small, cheap, and truly portable computers. The interesting part of netbooks is that most of them come with a simple, bare bones, customized linux OS. More importantly, all of them come with Mozilla Firefox pre-installed. Web browsing is the primary use of netbooks and if you had a browser that allowed you to run more complete web apps, would you really need a more expensive OS with expensive software installed?
Another new trend is motherboards with linux embedded in flash memory for almost instant boot-up. The main benefit of this feature is quickly being able to browse the web. Do you see where this is going?
Users with cheap, mobile computers booting into linux almost instantly, completely bypassing Windows or OS X, going straight into Google Chrome and finally, using Google web apps. Oh, and don’t forget Android.
Running Apache2 with PHP4 and PHP5 concurrently without CGI
Note: There are many tutorials already out there about setting up multiple versions of PHP but they either involve compiling PHP from source, or setting up one version of PHP as cgi in Apache.
This tutorial will allow you to use both PHP4 and PHP5 concurrently with one install of Apache 2 on a Debian etch system (including other Debian and Ubuntu versions). Both PHP versions will be installed using aptitude which, in my opinion, is the ideal setup since you can install any PHP modules through apt-get afterwards.
Suggestion: Install Debian etch on a virtual machine using VMware or Virtual Box . Etch includes PHP4 in its repositories unlike newer versions of Ubuntu. These instructions assume you have PHP4 and Apache 2 installed (apt-get install apache2 libapache2-mod-php4 ).
Overview
Before we begin, download this file which contains any script, conf, or package I used in this tutorial: tutorial-package.tar.gz
1 – Install PHP4 and PHP5
Unfortunately, getting both versions of PHP installed isn’t nearly as easy as it should be (apt-get install libapache2-mod-php5 libapache2-mod-php4). PHP4 and PHP5 have no conflicting files yet the package for PHP5 has a needless conflict for PHP4. To remove this conflict, we’ll need to get the source of the package, edit the control file, then rebuild the package. The good news is that I’ve already done this work and all the .deb packages are in the tutorial package.
1.1 – The Easy Way
Simply install the package:
dpkg -i libapache2-mod-php5_5.2.0-8+etch11_i386.deb
If you want to go through the process yourself, follow the section below.
1.2 – The Hard Way
Either do this in your home folder, or in /usr/src to keep things organized.
apt-get source libapache2-mod-php5
The following folders and files should be created. The one we’re interested in is php5-5.2.0.
debian:/usr/src/php# ls
php5-5.2.0
php5_5.2.0-8+etch11_all.deb
php5_5.2.0-8+etch11.diff.gz
php5_5.2.0-8+etch11.dsc
php5_5.2.0-8+etch11_i386.build
php5_5.2.0-8+etch11_i386.changes
php5_5.2.0.orig.tar.gz
Now we need to edit the file that controls conflicts:
cd php5-5.2.0/
vim debian/control
Just search PHP4 under conflicts and remove any mention of it.
Before we rebuild the package, we need to install some dependencies and other tools. Using apt-get build-dep will install a lot of packages and this is why I suggested using a virtual machine.
apt-get build-dep libapache2-mod-php5
apt-get install autoconf autotools-dev build-essential debhelper
Building the package will take a long time so be patient:
debuild -us -uc
This will create a lot of .deb files but we only care about 1 right now:
dpkg -i libapache2-mod-php5_5.2.0-8+etch11_i386.deb
Done! Both versions are now installed.
2 – Configure 2 instances of Apache
Note: This section is heavily borrowed from http://blog.adaniels.nl/articles/running-multiple-instances-of-apache/ whose tutorial really helped me out.
The easiest way to have both versions of PHP running concurrently on only one install of Apache (and only one version) is to use 2 instances of it running on different IPs (or ports if you wanted).
2.1 – Install mod-macro
We need to install mod-macro which allows us to define and use macros in Apache configuration files. More info can be found at the mod’s homepage.
apt-get install libapache2-mod-macro
a2enmod macro
Before we define the macros, clear the contents of /etc/apache2/ports.conf and delete any symlinks in /etc/apache2/mods-enabled that shouldn’t be enabled in both instances of Apache (PHP4 and PHP5 in our case at least).
2.2 – Setup Conf files
Create a file called /etc/apache2/apache2-instance.macro and enter your per instance configuration (settings that vary between instances). Here’s an example:
LockFile /var/lock/apache2/$instance.accept.lock
PidFile /var/run/apache2/$instance.pid
ErrorLog /var/log/apache2/$instance/error.log
Listen $ip:80
Create apache2-php4.conf which will contain PHP4 specific settings:
Include /etc/apache2/apache2.conf
Include /etc/apache2/apache2-instance.macro
Use SetupInstance “apache2-php4″ “192.168.1.1″LoadModule php4_module /usr/lib/apache2/modules/libphp4.so
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
The “Use” statement is part of mod-macro. It tells the mod to use a previously defined macro. It is passing 2 parameters, instance and IP, which are used in apache2-instance.macro in place of $instance and $ip.
Create a similar apache2-php5.conf and replace any mention of php4 with php5 and make sure to set a different IP as well. The last thing to do is create the log directories for each instance:
mkdir var/log/apache2/apache2-php4
mkdir var/log/apache2/apache2-php5
You can name the instances or conf files anything you want, just make to update any reference to them.
Note: Since this setup uses two IPs for the Apache instances, you obviously need two IPs. Setting that up is beyond the scope of this guide so just Google it.
2.3 – Change apache2ctl and init scripts
We have to modify a few scripts now since we’re changing the location of the PID file, apache2ctl and /etc/init.d/apache2 no longer work as they should. First, we’re going to change apache2ctl:
cp /usr/sbin/apache2ctl /usr/sbin/apache2-php4ctl
cp /usr/sbin/apache2ctl /usr/sbin/apache2-php5ctl
Modify the HTTPD variable so it looks like this:
HTTPD=’/usr/sbin/apache2 -f /etc/apache2/apache2-php4/apache2.conf’
And do the same for the php5 file. Since we have 2 instances of Apache running, each one can be controlled separately through these scripts.
Up until now, all of this Apache configuration came from the link in the note for this section and it worked fine. But with my default Debian and Apache installs, /etc/init.d/apache2 wouldn’t work. I had to modify the scripts even more to get them working so you can just download mine and hope they work. But first:
cp /etc/init.d/apache2 /etc/init.d/apache2.orig
cp /etc/init.d/apache2 /etc/init.d/apache2-php4
cp /etc/init.d/apache2 /etc/init.d/apache2-php5
chmod 744 /etc/init.d/apache2
Edit /etc/init.d/apache2 to look like this:
#!/bin/sh
/etc/init.d/apache2-php4 $@
/etc/init.d/apache2-php5 $@
Get /etc/init.d/apache2-php4 and /etc/init.d/apache2-php5 from the tutorial package linked above.
The changes I made involved setting APACHE2CTL to the appropriate script we created before, changing PIDFILE to the new location and changing references to the /etc/init.d/apache2 script to instead use apache2ctl.
3 – Set up Apache virtual hosts
Now that we have 2 instances of Apache running, one for PHP4 and one for PHP5, we need a way to easily set up sites and organize them. We’re going to use mod-macro once again since it makes it a lot easier. Using the default apache2 setup, edit /etc/apache2/sites-enabled/000-default to look like this:
### VHost Macro definition
<Macro VHost $host $dir>
<VirtualHost *:80>ServerName $host
DocumentRoot $dir<Directory $dir>
Options Indexes
# do something here…
</Directory></VirtualHost>
</Macro>### The following generates the configuration Apache will use
NameVirtualHost *:80
Use VHost vhost1.local /var/www/apache2-default/php4
Use VHost vhost2.local /var/www/apache2-default/php5
Now we only have to define one macro that contains the VirtualHost directive and after that we can simply issue the “Use” command with a host and directory for arguments. In that example, I set up two FQDNs in /etc/hosts to test out the configuration.
In your two test directories, create info.php files with the following in them:
<?php php_info(); ?>
Now you can easily test if your setup is working by seeing the output. I get the following from each:
PHP Version 4.4.4-8+etch6
PHP Version 5.2.0-8+etch11
If you are setting up real websites, now all you have to do is set the A record for the DNS entry to whatever IP matches the PHP version the website needs.