Shelf and the Google Social API

The current trunk version of Shelf uses the Google Social Graph API to figure out who owns the web page you’re looking at. If it can’t find a person in the local address book who owns the URL, Shelf can now ask Google if there are any other pages on the internet that link to that page with a rel=”me” relation, and look for those pages in the local address book. So for instance, if I visit my linkedin profile page, Shelf will display context about me, as linkedin links to Likewise, any page that I link to from will be considered mine as well. This elevates Shelf’s context-finding ability to practically magical levels in some cases.

Alas, there are disadvantages. Most superficially, the context-deriving part of Shelf was never designed to make long-running network queries, and so lives in the GUI code. Calling the Google API blocks the GUI thread. This sucks. Fixable, of course, but it makes the current development version somewhat choppy.

More serious is that Shelf now sends the URL of every web page I visit, and the homepages of everyone who’s twitters I read, and the base URLs of every RSS feed I read, to Google. I want to look for context in the email signatures of people that send me mail too, so soon it’ll be sending the homepages of everyone who mails me as well. Some people would consider this creepy. Actually most people would consider it creepy. And I don’t blame them. I don’t really have a solution for this one either, other than a big clearly-labeled option to turn it on.

On the API

For this sort of use the Social Graph API is great. Although all this information is available through just fetching the source of the current page and looking for links myself, there’s no way I’d want Shelf as a local GUI app to be doing that sort of thing. Google aren’t exposing anything I couldn’t have found out myself, but they’re doing it in a simple and fast manner, and using the API is trivially easy. No API keys, dealing with XML, registering my app or anything. I love that they just went with JSON as the format, and hang everything else.

Where’s the next release?

On a related note, Shelf development has been a little slow recently. Partially I’ve been distracted by shipping important features for Dopplr, but mostly it’s because I’ve hit a sort of psychic barrier of progression. Shelf needs a decent caching layer. And a threaded context discovery layer. And a much better event-driven model for display stuff, so it makes a more controlled number of network requests to fetch RSS feeds. Basically, now I’ve explored the problem, I want to rewrite the whole thing to take advantage of my understanding. And that’s boring. So I’m not doing anything. I’ll get over it.

Facebook locks down the feed even more

Well, as of next month, Facebook developers can no longer put things in a feed unless it’s going in as a direct result of an action that the owner of that feed performed on a facebook page.

Now, this is clearly spun as trying to prevent ‘you’ve been given a beer’ / ‘you’ve been bitten by a zombie’, etc messages. Not letting apps belonging to another person put entries into my feed is a good thing. But the documentation page says

Note that you should not be using a session_key for a user who is not actively using your application when calling this method.

Now, I read this as, you now can’t use a background process to put entries into a user’s feed using a session_id. You can only put things into their feed if they’re looking at your app while you’re doing it. And this is irritating. It completely breaks all the apps I use that syndicate the outside world into my Facebook profile – Twitter, delicious, CPAN, Dopplr, etc.

It seems that this is an effort to stop users like me, who just want to use existing services, but centralize update notification for the friends I have that don’t want to obsessively subscribe to 20 RSS feeds. Naturally, facebook don’t like me, because I don’t see, and therefore click, their ads. Forcing me to visit the site to tell my friends anything ‘fixes’ this.

Maybe I’m paranoid. Maybe I’m mis-reading ‘actively’, and they’re ok with installed apps using session_ids of users who aren’t logged in and using that app at this precise moment. I hope so.