Blog

Building the Glassboard API

We here at Sepia Labs love 37signals!  Their company blog is always a great read.  Yesterday they wrote a post entitled “API design for humans“.  Go read it.  Now.  Really.

OK.

Being admirers of their work, I was pretty excited to see how the API we designed for Glassboard measured up to their standards.  By the end of the article I was blown away!  I joked that the writer must have been sitting in the 360iDev Session we did.

The Glassboard API hit pretty much every point (we’re a bit weak on documentation but we’re a private API).

The last point he makes in the post was more or less what I learned the hard way over the last 9 months as we’ve built Glassboard.  It’s what inspired our 360iDev session.

“Use abstraction where it’s helpful.”

I envisioned the Glassboard API as a system of small 1-1 lightweight calls that mimicked the object types on the server side.  If a “Status” had “Likes” then it should be a separate GET on Status/{id}/Likes to get them.

This quickly fell apart as the client developers started using the API to build real world apps.  It was too slow and impractical.

We were expecting a mobile device with limited bandwidth, let alone memory and computing resources, to piece back together a puzzle we already had in one piece on the server.  It made no sense.

It’s the wrong way to design a Web Service API.  I did it.  Learn from my fail.

“If you think there’s some common action that people will go to the API for, you should make that action easy, even if it means compromising on ideology.”

Luckily we’re a team that’s been working on client and server API’s together for half a decade, so we reached this exact conclusion and changed directions.  It took re-architecting our Azure Table Storage to get the right performance, but once we had it implemented we were all taken aback by how much more responsive and useful the entire system became.

Instead of a series of calls to get the basic info the app needed to be useful at launch, we combined those all into one, gave it a new URI that meant something (/newsfeed) and told the clients to GET that at startup.  It gave us a new view of (and in) the apps.

His last sentence is the best advice I could ever give someone building an API, so I’ll end this post the same…

“Maybe try building something small using your own API – it can be an eye opening experience.”

Facebook fixes one issue, but “read” articles still show in your news feed (follow up)

Today I posted two reasons you should be worried about using Facebook. Not too long after publishing, @mattew_og reached out to inform me that the first issue has been resolved, and the second one only occurs if you authorize an app to do so.

Here is Nic Cubrilovic’s blog post explaining what Facebook has done to clear up the issue with tracking cookies.

Regarding the second issue, where Facebook posts what links you’ve clicked, I was mistaken. The apps that do this will indeed inform you of such, but I didn’t even notice it when I added some to my Facebook page. I added the Washington Post Social Reader app to my page, and there is a note that says “See the news your friends are reading and share each article you read with your friends. Click Add to Timeline to start or Cancel to bypass.” Ok, well, that sounds fine. But shouldn’t I be able to choose which articles will show in my timeline?

I’m still troubled by this. Read Write Web has a piece that goes into great detail on this new form of “frictionless sharing.” They keep reiterating that anything you click will show up in your news feed. It’s as if these apps have been designed to be intentionally misleading. Sepia Labs CEO Walker Fenton found out first hand:

He didn’t intend for this to appear in his news feed. He thought the link would be an embedded video, but it was just a page of more links. If this was any other news app, he would not have marked the item as read because he did not in fact read it.

You can’t control what does and doesn’t show up as read. The lack of curation on the part of these apps is going to contribute a lot of noise to your news feed. If I have subscribers (who I may not even know), they’ll get to see it too. So if I want to click on an article titled “Top 10 ways to combat excessive B.O.”, I’d really rather not share that fact with others (side note: I don’t really have B.O., ok?!).

I’m glad Facebook remedied the issue with tracking cookies. But we can’t forget that they are in the business to make money, so the more you can access news and music without leaving their site the more they have to gain. I only hope I can read articles with weird titles without the world knowing.

Two big reasons you should be worried about using Facebook

There are two things I read about Facebook this week that I found disturbing. As the Sepia Labs team devotes energy to keeping Glassboard private and safe for people who use our app, we are troubled by Facebook’s lackadaisical approach to privacy. Here’s why:

1. Facebook is still gathering information about you even if you log out. According to Nik Cubrilovic, Facebook creates a cookie in your browser that, even after logging out, can still gather information about the websites you visit.

Facebook defends this tracking cookie, stating that it is used to prevent improper logins and that they delete the information soon after. Do you really believe them? I sure as hell don’t. Why wouldn’t they use data about the kind of sites you visit to target ads to you? This is the business model they’ve pursued in the past. I don’t see how this scenario would be any different. After all, Mark Zuckerberg has said in the past that he doesn’t believe in privacy. Why would Facebook start now?

2. Facebook is keeping track of what you read. This was brought to my attention by this great post by Dave Winer. Before, if you liked or actively shared something it would show in your activity stream. Now if you just click a link it may show up for all to see. This can get very confusing since there are so many options on whom you would like to share things with. Our iOS dev, Brent Simmons, expresses how disturbing this is in this blog post.

Do you know who can see what you post to a Glassboard? Go to the members list for a specific board. That is all of the people who will see what you posted. There is no confusion. It’s unambiguous.

When designing Glassboard we wanted to empower people, not confuse them. There are numerous privacy settings in Facebook that you must be diligent about changing to protect yourself from exposure. Care to guess how many privacy settings exist in the Glassboard app? Zero. It is always private by default.

There is one positive outcome of this public-by-default approach to social networking: it is fascinating to see the influence Facebook has on society and what we share with others. Which do you think came first? An innate desire in people to overshare with the world? Or Facebook forcing us to?

How do you Glassboard? Micah Humphreys, professor

I recently had an exchange with Micah Humphreys about how he is using Glassboard with students in his class. Glassboard provides a place where Micah can make announcements to his students privately. He’s also found other ways to use Glassboard to engage with his students.

How are you using Glassboard with your class?

In our Agroecology course (which is a fancy word for crop and soil science), every student has an iPod Touch. I’ve got a website for all the class information like lectures, lab activities, calendars, syllabus, etc., but we didn’t have a way for the students to interact with one another, and for me to send out announcements other than email, which doesn’t provide the same sort of interactivity than a forum might. When Glassboard came out, it was exciting because of the ability to have privacy in a group setting. We’ve been using Glassboard as an announcement tool, an attendance tool, and a pop quiz distributor.

How is Glassboard being received by your class (i.e., what kind of feedback have you been getting)?

The feedback that I get is positive, because the students are already geared towards sharing information in forums, replying to posts, clicking “like” and that whole domain of knowledge through Facebook. And we’ve toyed with just making a private Facebook group for our class, but then if there were a group within the class that wasn’t on Facebook (and those people do exist!), they are more likely to be resistant to “getting a Facebook” as they like to say. So Glassboard gets a positive reaction and fast adoption from the students familiar with social networking, and at the same time *isn’t* Facebook for those who aren’t familiar with these kinds of skills and services. As one student said, “It’s like a private Facebook.” And that’s exactly what we want – privacy so that the class dynamic isn’t on display for the whole world, and the students are ready to share valuable information with the rest of the class.

What are some ways that you think Glassboard will enhance your students’ experience?

I think Glassboard has done a great job emphasizing the private nature of the app. In my experience, if students are hesitant to share or answer questions in class vocally, they probably don’t want to share it on the web, so why make them? Glassboard builds a wall around that information sharing that we do in class, which also encourages the student to ask questions and share their knowledge to a group of people they know, and no one else.

What are some things you think Glassboard could improve upon to be better for your students?

Push notifications is a great feature, because now I can hound them when an important date is coming up! Instructors like to distribute material in lots of forms – videos, pdfs, and spreadsheets to name a few – and it might be nice to have a repository of materials at hand on a certain board. But right now, the simplicity of setting a board up and inviting the students to join is key – they can do everything on their iOS device without touching a desktop or laptop.

The Sepia Labs team is happy to see people like Micah using Glassboard to share with small groups that they interact with regularly, in a way that is far more private that Google+ or Facebook. If you have a story you’d like to see featured on the Glassboard blog, please email support@sepialabs.com.

Talking about Glassboard at 360iDev

At this week’s 360iDev, the Sepia Labs team held a session entitled Building Web Services for Mobile Apps. The talk was led by Nick Harris, platform guy, with contributions from Brent Simmons, iPhone dev, and Nick Bradbury, Android dev. Brian Reischl, Walker Fenton and I were all in attendance as well for support.

Nick introduced the team and Glassboard. He then dove right into talking about what went into building the back-end for it. We use Microsoft Windows Azure for storage and there is a REST/JSON hybrid that is used for our API. Brent took over the time to discuss his building of the iPhone app, then it was on to Nick Bradbury to talk about the Android client.

Nick Harris then turned the session over to Q&A for the second half. Our goal going in was to give background on how we built the app and why we made certain decisions, then we wanted everyone to be able to quiz the developers on said decisions. At one point Bradbury asked if there were any Android developers in the crowd, and oddly enough they had all congregated into the back corner of the room. Hiding, perhaps?

The session went very well. Here are the slides for your perusal:

Using Glassboard at 360iDev

The Sepia Labs team wanted to use Glassboard with other attendees of 360iDev this week, so we created a “360iDev|After Hours” board to organize festivities after sessions had ended for the day.

Despite some flaws in the invitation process (which is a big priority for us to make easier), we put together a board with quite a number of thirsty comrades. On Wednesday I would post a picture and location of a bar, and everyone had to find me. This is far and away different from so many other conferences where on Twitter you would see a lot of “Where’s @brentsimmons?” By the end of the night we had a healthy congregation of board members who had made it to the final destination of Tarantula Billiards for some late night pool games.

This helped the Sepia Labs team spend quality time with a lot of close friends. With Glassboard we had an effective means of communicating with the people we wanted to, which in turn helped us avoid contributing a lot of noise to Twitter. We also could post photos of late night shenanigans without fear of them getting out on the internet.

Here’s a list of folks you should follow on Twitter if you don’t already: @360iDev, @360MacDev, @jwilker, @nwilker, @twenty3, @ejoep, @neror, @pbur, @mzarra, @atomicbird, @kylerichter, @dwiskus, @drance, @bmf, @judykitteh, @collindonnell, @benr75, @somegeekintn, @tmaes, @tehnoir, @kirbyt, @pushio, @rcw3, @skabber, @Sm_Ives, @janaboruta, @hernanp, @justinw@LordBron, @doubleencore, @blackpixel. If I left you out, you can harass me about it on Twitter.

And of course, the Sepia Labs team: @brentsimmons, @nbradbury, @nick_harris, @walkerfenton, @jennyblumberg

Did you use Glassboard at this conference? For what? I heard of a few boards floating around, but of course they were private so there was no way for me to find them!

Thanks for 360iDev. We’re looking forward to 360MacDev!

360iDev took place this week in Denver, CO. Folks are saying it was the best one yet, and I’d have to agree with them. For starters, a big thank you to John and Nicole Wilker for organizing this event, and thank you to all of the volunteers. You all made a memorable and informative week.

That being said, if you’ve never attended 360iDev, I encourage you to. All you need to do is show up and you’ll walk away with new knowledge, new contacts, and new friends. There is a event coming up in February called 360MacDev, which is also held in Denver, CO. As you can guess the focus is on Mac development. Brent Simmons and most of the Sepians will be in town for it.

Glassboard update fixes notifications

The new version of Glassboard we’re releasing today fixes the bug we were having with push notifications. By downloading the new version you will now see notifications (with sound!) coming through for new posts on your boards.

Download version 1.0.4 of Glassboard for iPhone.

Download version 1.1.28 of Glassboard for Android.

Want to know more about notifications in Glassboard? Visit our FAQs page.

We apologize for any inconvenience this caused anyone. If you have questions send a message to support@sepialabs.com.

Privacy is Important

“You have zero privacy anyway. Get over it.” - Scott McNealy, former CEO of Sun Microsystems.

When I was invited to join Sepia Labs and create the Android version of Glassboard, I stressed that privacy was the key to our success. Companies like Facebook and Google are trying to convince millions of us that we can trust them with our privacy, but millions of us remain unconvinced.

These companies make the majority of their revenue from advertising, and advertisers are willing to pay more when they know exactly who their ads will be shown to. We’re expected to trust our private conversations with companies that don’t benefit from keeping our conversations private. Red flag, anyone?

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” - Eric Schmidt, Google’s executive chairman and former CEO.

It’s not that we fear saying things that we don’t want anyone to know, it’s that we fear saying something without knowing who will hear it.

We want to be able to say something online without fearing that a future employer may see it and count it against us. We want to complain about the country we live in without fear of reprisal. We want to share pictures of our kids without wondering who else will see them. We want to share with only the people we choose to share with.

When we know a conversation is private, we’re more willing to share ourselves. It feels good to share who we are, to open up to the people we trust. When we don’t know who will hear us, we censor ourselves and hide the rough edges of who we are. But those rough edges help define us. It’s impossible to feel truly loved if you have to hide parts of who you are.

It’s time for us to say, “No, I won’t get over it. Privacy is important, and I won’t give it up.” Today’s software developers need to look at privacy the same way they’ve learned to look at security: it’s not an add-on or a feature that customers have to turn on, it’s something built-in that shouldn’t be turned off.

I hope more companies follow our lead and take the same approach to privacy that Glassboard does. I think the web is headed in the wrong direction, and the more that participate in trying to change that direction, the more likely it is to change.

Cross-posted from Nick Bradbury’s blog.

Location vs. Privacy

There is an interesting tradeoff between location data and privacy today. On one hand, location delivers fantastic benefits in the form of connections with friends, or (to some) coupons for nearby businesses. On the other hand, your location is hugely sensitive and personal, and can be easily abused. Location not only tells people where you are, but almost more importantly, also tells people where you aren’t.

In the social app world, location data is a relative newcomer; social app developers and their users are still learning what it means to expose and exploit this data online in a social context. There are lots of ways to play with location data, including: knowing where your friends are (google latitude, loopt); getting mayorships for frequent checkins (foursquare, gowalla); or simply telling people where you are when you share something new (twitter, G+, Facebook). In almost all of these cases, the presumption is that users want others to be able to discover where they are. Location is being used in a very public context, and that’s not always in the best interest of the user.

What hasn’t been tested broadly is the point where your location service stops being a clever, helpful piece of information and turns into a creepy, big-brother-esque stalking service. Will location be included in our credit card transactions as a fraud prevention measure? Will we ever get so numb that we allow companies to aggregate our positions & our social graph and sell that data to marketers? I shudder to think of a text message on my phone, “Hey, get 20% off at the sub shoppe you’re walking by right now! Its lunchtime, right? Aren’t you hungry? Your friend Brian ate here yesterday and gave the BLT 4 stars”.

I hope it doesn’t come to that. When we were putting together the location services for Glassboard, we were extremely sensitive to the end user and their choice to include their location. We appreciate the need to use location only when its appropriate, and to make it easy to not use it when its not.

As a result, we’ve put a location switch on the compose screen for each message or comment, so the user will have full control in its use, message by message. And when you add your location, its not only private to that board, but its specific to that moment in time. Glassboard does not track your position over time, and no one else will have access to this information.

Here’s a video that shows specifically how we’ve integrated location into Glassboard. We feel like this is the right balance – allowing people to chose whether to add location to a message or not, so they can maintain tight controls over such a sensitive piece of information.

Share location in Glassboard from Glassboard on Vimeo.