Introducing Softwear by Microsoft - Classic Collection

I love this video ...

Updating Cookies for Facebook Connect

One of the amazing things about Facebook Connect is that it allows developers to incorporate social-content from Facebook into their own sites, break the user free from the confines of the facebook.com site, and offer a more 'seamless' experience from the end-user's perspective.

For those that don't know, the magic of Facebook Connect is largely driven using cross-domain communication within a browser session to pass information back and forth between Facebook and the end-user. State information like the user's login credentials and session information are stored within the user's cookies and a large library of javascript code mediates the transfer of information between facebook, the user's browser session, and the user's cookie stores.

One of the primary challenges facing engineers who use web develpment frameworks like Ruby on Rails is that the heavy reliance on browser-based javascript and cookies is that it breaks the Model-View-Controller (MVC) architecture, leading to all sorts of development headaches. Since the session keys that the server requires to make queries to Facebook's API are stored in cookies and not passed to the controller in a HTTP request, this can lead to strange situations where the session state stored on the server-side does not match the session state stored in the cookies.

The standard solution seems to be simply to force the user to reload the page, which will refresh the cookies, which the server-side controller code can then grab on the next reload. However, this often leads to a poor end-user experiences where the user is forced to reload pages several times in order to syncrhonize the information stored in cookies with the information stored in the server. Even worse, the web site may simply cease to work in certain cases (e.g., if the user logs out of facebook while logged into the current site). For an interesting discussion on this, I found this nice post.

In this post, I'll be discussing an easy way to get around this problem for a simple case that popped up during development of a feature here at Posterous: prompting the user for the "offline_access" permission. I'll run through the situation, the naive solution using page reloads, and the "more elegant" solution (no doubt there are more elegant solutions, but I found this works fine).

The situation

This seems to be a very common scenario. Say your application would like to push content to a user's profile without the user being actively engaged in your site. To do so, the user needs grant your site the "offline_access" permission. This changes the session key from a temporary key (valid for a short amount of time) to a persistent key, which your site will need to capture and store in a database. I'm assuming that you're using Ruby on Rails using the Facebooker gem (though the solution will be more or less general for any MVC architecture).

Naive Solution

The problem with the simple scenario outlined above is that the session keys are stored as cookies which are not passed to your site until the next reload. The native solution would be to have to user reload several times:

1) User visits the site and is presented with a "grant offline access" link. Facebook sends a temporary session_key, which is stored in the user's cookies.

2) User clicks on link and grants the offline_access permission via the pop-up window. Cookies ARE NOT updated at this point. Page is refreshed by some javascript.

3) Server-side controller code grabs a copy of the session_key stored in cookies, which is still temporary, since the javascript code that lives in the HTML hasn't had a chance to update the cookies.

4) Server renders the view, which includes the javascript that refreshes the cookies and stores a permanent session_key. User clicks another link to reload the page.

5) Server-side controller code grabs a copy of the correct, persistent session_key and stores it in the database.

My Solution

1) User visits page, clicks on a 'grant access link'. User automatically redirected another page (call it refresh_cookies) which refreshes cookies automatically, which then sends the user automatically to the original page.

2) Controller code grabs the updated session_key on the next page.

The key to this code is using a bit of Facebook's javascript to ensure that the user is redirected only after cookies have been refreshed. Without this, we can't be sure that the cookies have been updated on the next view. The code for the rails view that accomplishes this is:

<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>

<script type="text/javascript">

window.onload = function() { 
    FB_RequireFeatures(["XFBML"], function() { 
        FB.Facebook.init('YOURAPIKEY','/xd_receiver.html'); 

        FB.XFBML.Host.get_areElementsReady().waitUntilReady(function() { 
            //alert('All XFBML elements loaded'); 
            window.location.href='DESTINATION';
        }); 
    }); 

}; 
</script>

<h4>Updating Facebook settings for <%= fb_name(@fb_user, {:useyou => "false"}) %> <%=image_tag('loading.gif')%></h4>

By sticking a bit of FBML (rendered using the "fb_name" helper method in Facebooker) into the view and waiting for it to render, you've ensured that the cookies stored in the browser are the most recent ones, which will be captured and saved by the controller after the redirect. The 'loading.gif' is simply a dynamic image that will hopefully prevent your user from thinking nothing is happening. In practice, the simple XFBML on this page takes about 1-2 seconds to load -- a long time, but necessary to ensure that we have correct session_keys.

Thanks for reading -- see you guys on facebooker-talk!

Learning and Scientific Reasoning: Chinese Students Compared Against American Ones

Ever since I was a kid, my parents have told me how rotten and lazy
American students were and how Chinese students, with their diligence
and work ethic, would inherit the world due to their superior
education. If that weren't enough, there's the constant drumbeat of
our own media decrying the crisis in our schools, the poor conditions,
and the lack of accountability.
 
Now of course I'm not suggesting that our students can get away with
being lazy or that our schools don't face immense challenges preparing
the next generation of students. But I also think our schools have
many strengths and that such strengths are often under-appreciated.
For instance, consider this study just published in Science magazine
comparing Chinese and American students.
 
In China, students take a standardized national curriculum with 5
years of physics courses. America, on the other hand, contains a
greater diversity of approaches, and thus students have not had much
formal training in physics. So, in a test of physics knowledge and
scientific reasoning administered to freshman college students, who
would do better: the Chinese or the Americans?
 
Unsurprisingly, the Chinese outperform American students on tests of
physics knowledge --- things like mechanics, electricity and
magnetism. They killed us on all of those problems with balls, ramps,
pendulums, circuits, charges, etc. But the surprising thing was that
American students matched the Chinese on scientific knowledge! That's
right --- in the study, there were essentially no differences between
Chinese and American freshman students.
 
So what does this tell you? On one had, it should be sobering that our
students knew so little about physics, an essential topic that every
educated person should know something about (disclaimer: I'm a physics
student). On the other hand, we have much to be proud of -- our kids
have the right stuff when it comes to reasoning. Where did they get
this from? Probably from the way they were taught, which in America
means a diet of inquiry-based courses where thinking is emphasized
over rote memorization.
 
One could even see this result as an indictment against the Chinese
educational system; despite much more training, Chinese students seem
to have picked up only the facts, an conclusion that was also reached
in the study:

The results from this study are consistent with existing research, which suggests that current education and assessment in the STEM disciplines often emphasize factual recall over deep understanding of science reasoning

 
Of course, we shouldn't rest on our laurels -- American education is
still broken in many ways. Our schools are still failing them, but
perhaps not in the way you might think. But the results of this study
show that in our drive to improve our educational systems, we musn't
throw out the baby with the bath water and wholeheartedly embrace a
testing-only based curriculum. That is to say, we must not discard the
very things that make our educational system great.
 
Caption: Content knowledge and reasoning skills diverge. Comparisons
of U.S. and Chinese freshmen college students show differences on
tests of physics content knowledge but not on tests of scientific
reasoning.
 
Taken from "Learning and Scientific Reasoning", Science 30 January
2009: Vol. 323. no. 5914, pp. 586 - 587

Science and Democracy

If we are not practicing good science, we probably aren't
practicing good democracy. And vice versa.

 
Probably the best quote from Dennis Overbye's essay "Elevating
Science, Elevating Democracy" that appeared today in the New York
Times. One of the greatest misconceptions about science is that it is
a body of facts to be memorized. The persistence of this myth has
everything to do with science's presentation in our educational
system, from the primary level all the way into our universities. Of
course, nothing could be further from the truth. It is true that
science deals with facts; however, the true kernel of science comes
with the human thought that links those facts into ideas and a
coherent framework. The true kernel is the debate and argument and the
constant tension that is applied with each successive generation to
those facts.
 
http://www.nytimes.com/2009/01/27/science/27essa.html

Bhopal, Stanford University

 

My first bug report

One of the awesome things about open source software is that when you
have tons of eyes looking at everything, your code becomes much more
robust. Even though I'm not super-hardcore-open-source dude, I can
definitely appreciate finding little bugs and contributing in my own
way. It's sort of karmic -- since each bug discovery probably
represents hours of futile-banging-your-head-on-desk time of some poor
developer, other developers have probably collectively saved thousands
of hours of debugging time themselves.
 
So I was very happy to discover my own little bug in the Facebooker
ruby plugin. Within 45 minutes of my post to the facebooker-talk email
list, the fix had been pushed to GitHub, and balance was restored to
the universe. Unfortunately for me, discovering this bug entailed
plenty of futile head banging and wondering "where the hell did it all
go wrong!?!?!" Of course, in the end, the bug came down to one line of
code and the fix was super simple.
 
So here it is, buried deep in the Facebooker codebase, my little contribution:
 

 
return unless Time.at(parsed['expires'].to_f) > Time.now || 
(parsed['expires'] == "0") 

 
;)

Yes we can.

Even now, months after the election, thinking about Obama's victory
still gives the chills. I remember thinking that only in America are
all things possible, that this is still one of the rare places in the
world where things are made true through the collective force of human
will. I know that we as a nation face incredible obstacles, and that
Obama will not fix our problems. But I do believe that many years in
the future, I can look back and be proud that I, along with the rest
of my country, were on the right side of history.
 

80's Cinema Classic: Real Genius

Peace. Love. Biophysics.

Part of the schwag I received from the single molecule biophysics 2009 conference at the aspen center for physics.
 
Unfortunately I missed out on the sweetest gift of all: a "Mendel is my chrome-boy" stein glass. Maybe next time. Nevertheless, the mousepad does kick ass.