Facebook acknowledges testers exist!

Yesterday, Facebook made a pretty significant announcement for developers of Facebook applications. The announcement involved assigning roles for people on the application development team, and defining what they can and cannot do. As far as I know, it’s the first real acknowledgement by Facebook that Platform application development has moved mainstream and is no longer solely being done by guys in their basements (or lofts – this is Facebook after all). Traditional development teams building Facebook apps using traditional software lifecycle concepts are popping up everywhere. I’ve even see teams build apps on the .NET platform, as unlikely as that seems.

Facebook application development teams have always needed to register who was on the team with Facebook, so that those people could access, build, and test the application before it was released to the greater public. The problem was that belonging to the team was binary – you were either in or out, and only those that were in could access the pre-released app. However, all of the team members could view and modify the Application Secret, change the app’s URL, or throw everyone else on the team off. It didn’t matter what your actual job was, if you were on the list you had absolute authority.

The new Developer's Role dialog

Facebook has now changed that by allowing you to define the roles for the people on your dev team, and thereby limit what they can and can’t do. Here’s a list of the roles you can assign:

• Administrator – complete access to the application and all its settings
• Developer – can modify all technical settings and access Insights but cannot reset secret key, delete application, or add additional users
• Tester – can test the application in sandbox mode but cannot modify the application
• Insights User – can access Insights but cannot modify the application

This is great news, and is a step in the right direction to show that Facebook application development is growing up. I’ve done some consulting on testing Facebook apps, and have always been uneasy when I’ve been added as an applications “Developer”. I always felt uneasy about getting exposure and access to a company’s crown jewels, and asked to be taken off the list as soon as the gig was up. Now, I can be added as a “Tester” and gain access to only those priveleges that I need.

So let’s hope Facebook continues along this thread and provides more tools and services that acknowledge that Facebook application development is being done by teams that have real needs. For example, a real development team will want to stage any code changes before making them live (just like what Facebook does with the Beta Tier). Unfortunately, the only way to test this beta code is to register another application with Facebook so that the production and beta code can run in parallel. But registering a new application will cause a new Application ID/Secret to be created. This means that once the beta code is proven to be good it will have to be modified in order to be run as production. Bad bad idea, but it’s the only way that Facebook will let you do it. It would be nice if Facebook would provide some easy ways to deal with things like this, as well as other difficulties that large dev teams certainly encounter. Facebook – give me a call, I have lots of other ideas.

So what would you change to help your development team interact with the Facebook Platform more easily. Leave a comment to let us know.

Big changes coming to Facebook Platform

Today’s Developer Roadmap post by Facebook has outlined some big changes coming down the pike for Facebook Platform. Here are the big 3 changes (well, as far as we see them):

No new FBML apps

Facebook will no longer accept new FBML Canvas applications by the end of the year. These are the types of applications that launched the Facebook Platform way back in 2007 (the same year that saw the iPhone and The Simpsons Movie). FBML apps have a lot going against them, most importantly is the fact that there’s really no good reason to write them anymore. It used to be that developers who wanted to write Canvas applications had to choose between FBML and the simpler but not-as-powerful IFrame method.

But IFrame has now caught up and surpassed FBML in terms of power, so there’s really no reason why a developer building a new application in 2010 should even consider using FBML. There’s also another issue at stake here. FBML Canvas apps require all of the data traveling between a user’s browser and the application itself to be routed through the Facebook servers. This is a legacy design from 2007 that was done to give Facebook more control, and allow for user authentication, but it’s costing Facebook a lot of money to run these servers that do very little but act as proxies.

Since new FBML Canvas apps no longer provide any real value, and they cost Facebook a lot of money to support, Mr. Zuckerberg et. al. would like to just sweep them under the carpet. Looks like that’s what they’re doing.

Parts of the Classic REST API are being deprecated

Whatever we said about FBML apps is doubly true of the Facebook “Classic” REST API. Born in 2007, it now looks like patches upon patches with no coherent vision. It’s been so far surpassed by the Graph API that Facebook never even bothered to mention any non-Graph API support for their very important location updates yesterday. It’s been clear for a long time that this API needs to be put to rest, and deprecating parts of it is definitely the beginning. We can all say Amen.

OAuth 2.0 will be required for authentication

Another nail in the Classic REST API coffin. OAuth 2.0 goes hand in hand with the Graph API that Facebook would like to push everyone towards. Enough said.

Facebook has historically moved very quickly, which contributes to a good part of their success. Moving quickly means getting things out to customers quickly rather than perfectly and dealing with the consequences later. Today’s Developer Roadmapupdate is a good example of how to deal with those consequences, and will ensure that Facebook developers will continue to have loads of things to do as Facebook continues to innovate.

K&R and thoughts on the Graph API

With this post I’m going to do something I promised myself I wouldn’t do while writing this blog - kvetch like an old grumpy man. But there’s a point:

While I was in San Francisco for f8, I had the good fortune to attend an informal meeting of Facebook developers to discuss the changes to the Platform that were announced at f8. It was graciously hosted at the offices of one of the leading Facebook development companies in the city. They were beautiful offices high up in an historical building with great views, and more Red Bull than a developer could drink.

While there, I noticed a copy of the iconic Kernighan and Ritchie (K&R) book on the C language sitting on a desk. What transpired was a short conversation between myself and one of the employees of the company:

Me  : Very impressive, someone still reads K&R.
Him : <Blank Stare>
Me  : The Kernighan and Ritchie book on C – it’s a classic
Him : <Blank Stare>
Me  : You should read this book, it’s so beautifully written. Look how thin it is, and the whole language is thoroughly described with examples and exercises.
Him : Yeah, the Rails documentation is much thicker
Me  : <Blank Stare>
Him : That’s our CTO’s desk – it’s probably his book

Okay, so the point here is that I’m realizing that you can actually get a degree in Computer Science without ever reading K&R. Without learning C. Without really understanding what goes on at all levels inside the computer without it all getting abstracted away. I was starting to feel bad that this whole drag-and-drop Rubyization of the world was creating developers who weren’t grounded in the basics. Who didn’t deeply understand how to properly analyze an algorithm. And who probably didn’t read stuff from guys like Joel Spolsky who kvetched about it all.

But then something else crossed my mind. The reason I love C and K&R so much is because it works on so many levels. You can use it to develop (practically) on the bare metal. You can use it to write customer-facing applications. You can use it to build a server. However, it’s becoming true that the higher off the metal you get, the harder it is to use C (or even C++). Web apps, Application Servers, Multi-tiered architectures, virtualization – all of these things are so much easier to do with more “modern” languages. And you know what, I’m okay with that.

So here’s my wish: Go get a copy of K&R and read it. I used to own 3 copies: one for work, one for home, and one for lending out. Even if you never plan to use C, please read it. It’s the best technical documentation you’ll ever read, and something you should aspire to. And the reason this is true is that the language is robust and, most importantly, simple.

Which brings me to the new Facebook Graph API and the way it simplifies everything. I think we should all say Hurray. K&R reminds us that simple does not have to mean not powerful. And what the Facebook guys did with this API reminds me of what Dr. Kernighan and Dr. Ritchie had done previously. Go read the book so you too can be inspired to continue building things that are both powerful and simple.

Postscript

For sheer entertainment value, you can’t beat the first version of the Java Language spec. In particular, check out the index entry for index entries to see all of the great references they included, and see how many you can understand. Their description of multiple inheritance (Section 20.3.5) is inspired, obscure, and absolutely brilliant.

The new Facebook Graph API

I’ve been listening very closely to the sessions at f8, and you know what? No location API. I’m not sure why, perhaps it will get released later. So what did we get instead?

The Graph API.

Very very cool. You need to read up on this, it changes the way that Facebook development happens from here on in. You no longer need to read a whole PHP API. You don’t even need PHP! Everything is based around RESTful APIs, so your favorite language + curl (or just use Java where everything is already included!) is all you’ll need to be a Facebook developer.

The old API will still work, as will FBML, FQL, etc. However any new development should be done in the new style API, it will be much easier.

Check it out – you’ll like it.