Call me "Ed"

A favorite pastime of my wife and I is to watch funny videos in bed on the iPad. Last night I was browsing Facebook and saw a link to some wacky video in my news feed. I clicked it (something about a giant snake eating a human) and it launched a video on SocialCam. 

The video was neither funny or compelling–but, hey, you can't win 'em all. What I noticed later alarmed me, however. SocialCam posted on my behalf that I watched the video. No sharing dialog, permission request (that I'm aware of), or other prompt. My best guess is that they used the permissions I granted them to the actual camera app–but I could be wrong. 

This behavior by SocialCam is terrible and I hope Facebook revokes their developer privileges. I also can't see why YCombinator would want to be associated with a company like this (yeah, I get the experienced founder part). 

Two things really stand out for me: 

I thought SocialCam was "Instragram for Video"

I thought SocialCam was trying to be the mobile video sharing service of record–appears that's what their investors think too. That's funny because if you look at their trending videos, most are just re-posted funy/fail/stupid videos–the kind you'd find on YouTube, Break.com, etc.

It makes me wonder–is all this spammy behavior just a giant user-grab in the hopes people will download their camera app and eventually use it for sharing personal videos. If that's the case, seems like a terrible way to find true product-market fit. 

Contrast that with Viddy's feed, which actually appears to be people sharing personal videos. Personally, I'm not sure an "Instagram for Video" will really take off (I think photography and video are very different beasts), but at least they're trying. 

No one likes spammy, surprising behavior in their social networks ... including Facebook

I do a good amount of Facebook API development, so I'm fairly familiar with it's capabilities and their policies. 

Here's a couple of snippets from their platform policies: 

• Don't mislead, confuse, defraud, or surprise users
• Don't spam - encourage authentic communications
• If a user grants you a publishing permission, actions you take on the user's behalf must be expected by the user and consistent with the user's actions within your app.

That last one is important if SocialCam is indeed using their camera app's permissions to also auto-post about videos I watched through Facebook.com. Those 2 things are completely different and there's no way permitting the former should imply the latter. 

You can see on Hacker News here and here that I'm not the only one who feels this way.

Panic

Adobe

Being a big photography guy, I've recently become a fan of web apps that use edge-to-edge photographs in the background of their login page. One of my favorites is over at Jetsetter: 

This look is also becoming popular on "coming soon" pages for yet-to-launch web apps. Launchrock seems to like this look as well: 

After launching my MVP of Cilantro a couple weeks ago, one of my many to-dos was "Make the login page less ugly". I thought I'd try my hand at implementing such a page. Below is a quick rundown of how I did it. First, here's what I came up with for the Cilantro login page: 

Choosing an Image

For Cilantro, I've been using a handful of images I purchased from iStockPhoto. I'd simply suggest using an image with a narrow depth of field (not everything in focus) and something interesting around the edges (since the sign in box will be centered). 

In terms of size, I like my backgrounds to be around 1400 pixels wide. 

CSS3's background-size Property

When doing something similar to this in the past, I always had to use jQuery/javascript to fill a container and proportionally scale the image when the browser window is resized. 

Now, CSS3 includes a background-size property which allows you to adjust the size of the background image. Even better, the syntax has a couple of special values: container and cover. The cover value happens to be the one we care about: it stretches the background image so that both edges are larger than the background area (in essencse, filling the container). 

Natually, this property isn't supported on every browser your app will encounter. Namely, IE8 and below, Firefox 3.0 & 3.5, and Safari 4.

Modernizr to the Rescue

If you've never used Modernizr, you're missing out–and this is a simple way to learn. Modernizr is a javascript library that does "feature detection" on your web page(s). Among other things, Modernizr detects CSS3 capabilities, including our new friend background-size. 

It works like this: 

1. Add the Modernizr script to your page (I put it in the head)
2. Modernizr will detect various CSS features each visiting browser supports
3. It will then add classes to the <html> element of your page
4. You can then write CSS that will only apply to elements under html.somefeature, allowing you to gracefully support older browsers.

In our case, Modernizr adds a backgroundsize class (all one word) to the html element when the browser supports it. 

CSS

Now we can write some simple CSS to make our page have a pretty, edge-to-edge background at any window size: 

So, you can see our background image with the background-size property will only be applied to the correct browsers. 

If we wanted, we could include another CSS block that would style older browsers–say, with some sort of basic tiled background. 

Centered Sign-in Box

Our sign-in box is centered using some absolute positioning, fixed width and height, and some negative margins. Take a look at the source of the Cilantro login page (I left the styles inline for you).

A Note for Rails Apps

If you're using Rails like me, you're likely using Devise for authentication. Because I only wanted this look for my sign-in page, I had to create a unique layout file and use subclass Devise's session controller. Here are (roughly) the steps you need to take: 

1. Created a SessionsController that is a subclass of Devise::SessionsController
2. Create a layout file just for sessions (sessions.html.erb)
3. Tell the SessionsController to use the new sessions layout file
4. Adjust the devise_for line in your routes.rb file to use SessionsController

Well, I hope that's helpful for someone. Give it a try and get creative with your login page's background, sign-in box, etc. 

For about 7 years I've been doing startups that help small businesses build and manage web sites. This includes my newest venture aimed at restaurants. It's fun, challenging, and (usually) profitable. 

Want to build a startup? Do this and I'll be your first customer. 

Watch this Founder Stories clip with Chris Dixon and the founders of Eventbrite.

We deal with the same thing here at our small, niche service for professional photographers. We are what's known as a third party payment aggregator. Meaning, we process credit cards on behalf of photographers, take a transaction fee, then transfer the money to the photographer via ACH. 

From what I can tell, TPPA-type web startups are growing like crazy. We see the big ones like Square, AirBnB, Eventbrite, etc. in the news. But I also get emails from small, niche ones often (asking for advice). 

Of course, the Eventbrites of the world can afford to put a team of engineers on this because they're processing hundred of millions of dollars a year and/or are kneck-deep in venture capital money. The niche players and the bootstrappers? Not so much. We count our employees on one hand and our revenues are in the low 7 figures. 

Nonetheless, we've lost a few thousand dollars in the last year due to chargebacks. So, while I can't afford a full-time engineer, I'd be more than willing to pay for a service that could alert me before I pay out money to Mr. Shady. 

How the fraud happens

Basically, (a) some guy/gal sets up a store/account with a TPPA service like ours. They then (b) create some fake events/products/invoices and (c) run stolen credit cards through the system (I have no idea where they get the cards from). Then, we (d) ACH the money to them via an automated job that runs nightly. 

Sometimes we're lucky enough to catch the transactions before disbursing the money. Usually not though. 

Oh, and in case you're thinking "hey, this is a serious crime! Since you have the thief's banking (ACH) information, surely, you can get the banks to cooperate and catch this person," I laugh at you. 

What I want

In theory, what I want isn't that difficult. We have an automated job that transfers money to our users nightly. Ideally, I'd like to: 

• Interface with your web service for any disbursement over (say) $250
• Pass you names, addresses, dates, amount owed, and individual transaction amounts, IPs, and (if allowed) the user's bank name or routing number 
• You come back with a "score", letting me know (say, on a scale of 1 to 100) how legitimate this user/disbursement appears to be
• I'll decide what to do with the score. For example, I would simply hold disbursements below a certain score for manual review. 

What I'll pay

I'd pay $100 a month for this service, without hesitation. Probably more. 

I think AirBnB has a ton of potential and a great team. People in the startup/VC world love them too–and for good reason. They've also got one of the best executed iOS apps I've ever used.

That being said, I've always been a little wary of their ability to grow once cities and states start losing tax revenue because of them. 

I've also never attempted to use the service personally–until this week. Now, I'm not sure I'll try again. 

I was planning on taking my 2 youngest daughters to [REDACTED] this weekend while my wife hosts a baby shower at our house. I found a nice place there at a good rate. The host said it was available and asked me to PayPal or wire her a $50 deposit on top of the booking fee (I have no idea if this is standard or allowed on AirBnB). The host also mentioned that my AirBnB profile was "hidden"–but, as best I can tell, there's no such setting in AirBnB. 

After working out details with the host on Tuesday, I spent most of Wednesday and today working and getting my taxes done (and watching some opening day baseball). I hadn't yet booked the place on AirBnB–but I still planned to (today or Friday). Apparently, that wasn't soon enough for this potential host. Here's the AirBnB message thread (with names removed):

I get that AirBnB wants to be the "eBay of spaces"–but using eBay doesn't involve me and my kids sleeping in a potentially unstable person's house. 

Do shady people use eBay? Sure. Could this be an isolated incident? I hope so. This incident simply left a bad taste in my mouth and it will be a while before I attempt to use AirBnB again. 

UPDATE (3pm)

This potential host wont quit. Additional comments so far (I've decided to contact AirBnB and not reply): 

The "Good luck with that" line is in reference to one of my (rather successful) companies which I'm assuming they found via Google or Facebook. 

UPDATE 2 (4:22pm)

Less than 2 hours after submitting a ticket to AirBnB, one of their staff members called me on the phone. That alone is quite impressive and shows that they care about these issues.

She gave me some good tips (which most of you have already mentioned): (1) use people with good review, (2) use people with high response rates, etc.

You started using MailChimp recently, but you've got existing users in your Rails app (via devise, clearance, etc.). Here's a quick and dirty way to add your users to a MailChimp list. 

EDIT: Before the ink was dry on this post I made some changes. After some research I decided to stick with BrainTree as my gateway/merchant provider–mainly because of their great service and data portability. This choice also forced me to change my billing system from Chargify to Recurly as Chargify doesn't yet support BrainTree's latest software version. 

So, I recently decided to pursue some SaaS ideas on the side this year. Since they are completely outside what I'm doing at BIG Folio, I needed my own corporation and new accounts for all the financial stuff. I'm calling it my CMBB stack–feel free to suggest an acronym that rolls off the tongue a little better.