writing the application from Building Social Web Applications

Another chapter outline for you to comment upon. I'm writing a book for O'Reilly and I'd love your help and suggestions. I don't write code for a living, so I need your input to strengthen this chapter. See earlier post for more information on the book. Let me know what is missing and what examples you'd like to suggest for the book. Comment below or send me an email me at gavinbell dot com or zzgavin on twitter. How social applications differ

• Identity is bound in, other people’s identity and interests become the focus of your site
• Linking, tagging and content reuse are important
• Asymmetric follow makes for tricky scaling issues
• Privacy complicates implementation
• Polymorphic nature of relationships between people, content and metadata, even functionality
• Small is good, let your community shape what you build, rather than launching a big app
• Rapidly evolving protocols and standards

Agile methodologies

• Preference for agile development approaches,
• flexible development a month at a time is better than rigid multi-month plans, ie release early and often.

Deployment and version control

• Retaining flexibility
• Importance of source control and the shift to distributed models like git or hg
• Dev, test, staging and production machines, continuous integration and TDD
• Conditional releases - one site different versions depending on who you are, tags and flags
• Alpha users (set list, or tagged groups)
• Tagged features available to certain tagged users (dopplr model and others)
• Testing with high loads and real data is hard, apache bench etc
• Rolling restarts for no downtime eg haproxy and mongrels
• Puppet and capistrano, managing collections of machines and code deploys.

Implementing the design of social applications

• Design is how it works
• Use cases for developers, understanding the whole picture vs implementing a feature
• The app has a point of view, understanding what fits and what fails as a feature
• How code review helps
• Linking the designed for activities to implementation
• REST approaches compared to RPC / CGI approaches,
• better urls, relying on the verbs in HTTP properly, not everything is a GET
• Feeds and APIs from your app

User interfaces and prototyping

• Failing gracefully is a strong capability for your site
• What makes a website tick (good error recovery)
• Accessibility is important, unobtrusive javascript is a great approach. (Not a tick list)
• Using the console for code level prototyping of ideas
• Templates and CSS vs application code and database schemas

L10N and friends

• UTF-8 and not ascii for data storage everywhere.
• Understanding internationalization and when to do it

Security

• SQL injections, cross site scripting, escape everything, only unescape content you know you really want to display.
• Let them use html and filter approach is doomed, whitelisting is best approach, CSS has similar vulnerabilities
• Cross site request forgery
• Google web accelerator means every link can get processed
• Ensure that form interactions really do come from your own site, use a token to prove this, unique per user and tied to session, this token is now extremely valuable
• Invisible iframes and click jacking
• Flash and browser plugins complicate the whole situation and web browser javascript and quirks mode means they are black boxes

Scaling and messaging architectures

• Forget WS-* unless you really need it for integration
• http://www.37signals.com/svn/posts/1509-mr-moore-gets-to-punt-on-sharding
• http://www.new.facebook.com/notes.php?id=9445547199
• http://highscalability.com/amazon-architecture
• Not about optimisation, architecture more important
• Load balancers, proxies and caching
• Realtime vs non-realtime
• XMPP etc and see http://www.loiclemeur.com/english/2008/12/xmpp-pubsub-aka.html
• NOT just XMPP, the importance of caching
• The qualitative argument for asynchronous development.
• From the SXSW Scaling Boot camp 
• "Design for parallel steps and use queuing as much as possible
• http://www.slideshare.net/rabble/beyond-rest-building-data-services-with-xmpp-pubsub

URLS and IA

• URLS should be as far as possible
• Short, meaningful, canonical, permanent and hackable, plus opaque if needed eg amazon asins
• Pagination and url structures, what was on &page=3 is a recurring problem for aggregation pages, providing date based aggregation alongside simple pagination can help. Imagine Twitter with yyyy/mm/dd aggregation pages too.

Search

• Search is critical to your site, but often left to the end.
• Understand what needs to be searchable and under what context
• Searchable items can grow, eg photos by place on Flickr
• Search can be provided by a third party eg summize and twitter
• Build your search based on the content you store, it is not enough to return simple text matches.
• Finding a photo means returning the picture and metadata, similarly for an event.

IDENTITY and management of user data

• REGISTRATION patterns
• Standard email address, password and screen name approach
• Deleted accounts and how to handle them
• Need for separate admin accounts alongside normal user accounts
• Staff will have admin account and user accounts with different capabilities

OPENID and OAUTH - the open web standards

• Why do they exist
• How to implement them and what impact they will have
• Relative importance of OAuth, balance between identity and access to data, selective permissions
• Portable contacts POCO and what it solves
• OpenSocial, plus the various connect products
• OAuth address book access

Federation

• Distributed systems linked via common protocols and data formats
• Not yet mainstream, but an important direction
• Ma.gnolia M2
• Identi.ca (openmicroblogging)
• http://www.jaiku.com/blog/2009/01/15/were-going-open-source/
• http://www.zengestrom.com/blog/2008/12/foreign-friends-from-a-servicecentric-to-an-objectcentric-social-web.html
• Activity Streams and DISO work

Reputation systems

• What to build and how.
• Data to base reputation upon
• How to aggregation and modify raw data
• Avoiding being gamed
• Bryce Glass and Yahoo pattern library.
• Managing and understanding your community

Need for admin tools

• When to build them
• What to put inside them
• How to maintain them loosely tied to TDD (no admin, no feature)
• Balance with just enough admin to get job done

Statistics

• Will your community want stats
• How to build a personal stats tool
• Granularity, fine is expensive
• Simple overviews eg favouited content etc
• Stats for your own use
• Collect and timestamp everything
• Avoid monthly reporting focus, allow for real time reporting
• Think too monthly and you’ll just get monthly stats
• Good metrics are vital

Collective intelligence

• Recommendation systems
• Machine learning
• Classifiers and filtering tools
• Starting simple and figuring out what data to start with
• Person, location and content are all valid places to build upon

Making your code green

• Average costs per person
• Optimisation of HTML and CSS etc
• Server side optomisation, caching etc
• Flickr ops data graphs and notes
• YSlow and energy efficiency
• Speed = less energy used in general.