Hi all,

I'm excited to announce that MyPunchbowl.com now has Plaxo address book widget integration. For those of you who haven't used MyPunchbowl yet, http://www.mypunchbowl.com is a new web application for planning events and parties. We are creating a webapp that will give hosts and guests unique and useful tools for event and party planning. We have an early version live, and many more features to come.

One note for the technical team: I want to express to all of you the urgency of fixing the IE6 bug "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" I've searched through the forums and it looks like this issue has existed since at least Feb 06. This really needs to be addressed ASAP. Already we have lots of users who are confused by the message. At the minimum, please give us an ETA so that we can have a reasonable response for users that complain.

On a happier note...thank you guys very much for creating this Plaxo Address Book widget. It's exactly what our app needed, and most users are very very psyched to have this functionality. When you are inviting 30-40 guests to your party or event, there is nothing worse than having to type all of the email addresses!

Thanks again, and we look forward to working with you more in the future.

- Matt Douglas, Founder, MyPunchbowl.com

Hi Matt! I really like your site--you've got a number of really slick UI innovations (flickr integration, countdowns to parties, etc.) and I think that's the most important thing you need to be a success for quick/fun online invitations. Well done. I also like your implementation of the widget--very innovative, and it looks and feels very tightly integrated.

Sadly, the secure/insecure warning is not an easy fix--it happens because Plaxo's site runs over SSL/HTTPS and your site is HTTP, so when we pass the data back to you (by loading your callback page in our popup as an iframe), it's loading an insecure page inside a secure context, which makes the browser unhappy. The easiest fix (but not necessarily ideal for you) is to also have your host page over SSL. Note that the page that launches the widget and the hidden callback page MUST both be either HTTPS or HTTP (otherwise we can't pass the data back, again thanks to over-zealous browser security models).

The only other fix we can make is to not use SSL ourselves. The two problems with that are (a) we want to make sure our users' data is as safe as possible, and (b) our existing Plaxo users have a secure session cookie, which can't be read over HTTP, so we couldn't tell they were signed in if the widget loaded over HTTP. However, it seems that most large companies dealing with personal info (e.g. gmail, yahoo, etc.) are all using HTTP anyway, since it's so much faster and less finicky than HTTPS. So we may switch Plaxo over at some point, though we'd probably maintain an option to use HTTPS regardless.

Anyway sorry if that answer is a bit long-winded, but the net-net is I'm not sure what to do and if this were a quick-fix, I would have made it long ago. We've found that most users, while not thrilled to see the secure/insecure warning dialog, are used to browsers asking them dumb security questions they don't fully understand, and are trained to just dismiss the dialog and continue, so it hasn't been a big practical barrier to adoption. That being said, if it really bugs your users, the best thing you can do now is make that page use SSL.

Hope this helps. Best of luck with your site! js

Hi Joseph,

Thanks for the quick and useful reply.

At this point, we are not going to use HTTPS for our guest list page. I'd like to urge you guys to offer an option for HTTP. As you said, Yahoo/Gmail and many others use HTTP.

We're continuing to hear bad feedback from our users in regards to Plaxo-- one user wrote "I didn't know what to do when I saw the error message. I don't think I can trust Plaxo." Obviously, not the kind of feedback Plaxo or MyPunchbowl wants...

I hope you will elevate this issue on this list and offer an option for HTTP soon.

Thanks,
Matt