Facebook hCard Microformat Application

Being a big fan of Microformats as well as a relatively new Facebook user, I find it odd that Facebook has no Microformats support (at least non that I know of).

I’ve decided to remedy the situation a bit and created a small Facebook application which adds hCard support to your profile as a profile box. It is called the hCard application.

It features your Contact information (as much of it as it can) which include:

  • You profile photo (thumb version)
  • Your full name
  • Link to your Facebook profile
  • City, state and country (any combination of these 3)

Up until now (~8am Israel time) there are 38 users (and only 6 of them are my friends, so it’s quite nice ;-) ).

As far as I could see from my friends’ profile, most of them didn’t add much information, and Facebook are doing a good job saving the privacy of their users by not exposing too much information. This means that the information exposes using the hCard only shows their profile photo and name. In some cases it shows their country and/or state.

All in all, its a good experiment so far, but you can make it better by adding it to your profile and invite your friends to add it as well :-)

If you have suggestion, comments or anything else about the application feel free to drop me something on my contact page here on this blog, or comment in the application’s discussion board on Facebook.

Yedda Twitter – Oh the joy!

I just wanted to let all of you know that we just released a new feature on Yedda which integrates nicely with your Twitter account.

You can read the official blog post here.

In a nut shell, upon giving Yedda your twitter username and password, you will be able to share your Yedda expecrience with your Twitter friends.

We will twitt on behalf of you about questions you ask, answers you give, questions you add to your watch list, thumbs up you give to other answers and questions you are being invited to answer by Yedda (all configurable through the settings screen).

Share the Yedda love through Twitter. It’s fun! (and I’m not just saying that because I am a part of Yedda ;-) really!)

Just beware: it’s addictive.

Google Apps for your Domain, DNS, CNAME and Security

I’ve recently started to use Google Apps for Your domain to host my private emails on the sandler.co.il domain.

Google Apps for your domain is quite cool and was very easy to configure. I mainly moved to it due to the unbelievable amounts of SPAM and I didn’t have the power or time to configure SpamAssassin in a reasonable way that would actually work.

When I moved, one of the things I did was to change the “default” URL in which me and other members of my family use to access the web mail of the domain. Google Apps for your Domain allows you to do just that by configuring it in its configuration screen and settings a CNAME record that points to ghs.google.com.

After configuring everything I tested it out and noticed something disturbing.

It seems that CNAME (by design/default/whatever) does not support HTTPS, only HTTP. This means that the CNAME alias I configured will be resolved to mail.google.com/a/YourDomain.XXX (replace YourDomain.XXX with your domain ;-) ). If you are not authenticated you’ll be redirected to authenticate on an SSL protected address (https) and upon successful authentication you will be directed to http://mail.google.com/a/YourDomain.XXX (not https – not SSL).

This means that now, when you read or write Emails they are not protected. If you are sitting in an open WIFI network (passwordless network) people can easily sniff out your Emails and correspondence (I know that not using WPA will make you prune to man in the middle attacks, but that’s not the issue here). This is just one of the scenarios that you will be vulnerable (there are a few more).

It’s not that accessing https://mail.google.com/a/YourDOMAIN.XXX will not work. On the contrary, it will work fine and all the communication will be secured using SSL (https).

It seems Google is encouraging recklessness with their current configuration, instead of redirecting authenticated users to the secured version (https/SSL) of their web mail specifically because of the DNS CNAME limitations.

It is a simple fix on Google’s behalf which will increase the security dramatically.