Mindless endorsement sharing

Google’s new Shared Endorsement is ridiculous, and it’s wrong too. I’ve immediately opted out.

Last time I wrote an entry like this, it was in response to Facebook Seemless Mindless Sharing. Now it’s Google’s turn to take that mantle in the form of endorsement. Google’s is actually worse, because an endorsement by definition is an explicit act. LinkedIn endorsement feature is clearly a play on peer pressure, once someone endorses you you feel indebted to endorsing them back, dead simple viral effect but at least it requires user clicking a button. Google’s new toy doesn’t seem to require any action on the user’s part, in that it is very similar to Facebook’s frictionless feature at launch. It’s just nonsense.

Sorry Google, your Shared Endorsement as is currently presented is ridiculous at best, and it’s wrong. I won’t have any of it.

Web App Development still mainly reduced to publishing and consuming HTML.

Web standards focus more closely on moving forward publishing concepts, and much less on application foundations. Web as a place for publishing is reductive, in my opinion, it plays up visualisation and plays down other aspects such as exchange, translation, communication. We may still be at the cusp of a revolution that has yet to take its definite shape.

Every week I see some articles discussing web app development, and 99% of those only talk about manipulating HTML. It is as though web applications were only about publishing, whereas the way the web serves people today has largely evolved beyond publishing. As popularity would have it, most people involved in web development, the publishing side of it that is, have no formal background in publishing.

As far as I can see, there are lots of W3C and other open initiatives that strive to move forward web standards. W3C HTML groups seem particularly focused on publishing, as in the modern day version of what used to be print publishing (Gutenberg like). When I see talks about semantic HTML, I only see document oriented standards, but nothing seriously useful from an application architecture perspective. OWL doesn’t appear often in the popular architect and developer forums that I frequently visit, the more I look into OWL, the more it reminds me of the way CORBA went. OASIS is very heavily XML focused, which to me is one extra indirection from the basic concepts we manipulate when discussing applications. I tend to think of OASIS as the corporate web world, large companies trying to find common grounds, a bit less about pure and lean application architecture. I don’t see much else popular W3C efforts pushing application standards forward.

Numerous communities have thrived on the many shortcomings of web app development, and that’s a blessing. On the data presentation side, you have some thriving JavaScript frameworks such as jQuery, Emberjs, Angularjs Backbonejs, D3, and many others. These aren’t standards, but I wonder if W3C should just extend itself an bring in these communities somehow (I’m thinking of HTTP 2.0 for example, the way it relates to Google’s SPDY). Beyond this three’s not much else happening with any significant momentum.

If web browsers are only good at manipulating HTML assets, then it would probably be useful to have a new platform for web powered applications in general with HTML manipulation as just a subset of its functionality. There’s been a couple of products, Flock was one, but they didn’t really catch on. I don’t see much else happening in the way of truly facilitating web-enabled applications. This is leaving the field to only publishing oriented experiences. Ubuntu has taken an interesting approach that, at least fits in the way I’ve long envisioned web powered applications. The Web of Things could have been such next-gen platform, if only it didn’t brand itself as hackers’ and tinkerers’ Toy?

For the time being, only web publishing seem to get most attention, that’s where the money goes. We might as well learn a bit about publishing, the blending of apps thinking and publishing concepts may yield new kind of experiences that would enrich the web.

Tetris point is where everybody is making the same claims

I read a huge amount about information technology, of which I see a lot of open source code. The more you do that, the more you see something of a pop culture across the board. It’s just like fashion, everybody talks about the same thing. Everybody is (seemingly) doing the same thing. It should perhaps work a bit like the game of Tetris:

  • Our technology is built with performance and simplicity: strike!
  • My open source library is fast and lightweight: ka-t’ching!

If you never see anything else, it may be time to move on to something new.

Virtualisation should have helped to reduce Internet security risks by now

Virtualisation could have helped (and still can help) reduce the security threats people are facing using their computers on the Internet. I am not sure why the industry is not yet exploring this, at least they’re not appearing to be publicly doing this so far.

For a while now I’ve held the view that virtualisation was (and still is) an effective way of reducing some of the Internet security threats people are facing all the time. Imagine that the most enticing computer uses would be completely sandboxed. For example, if you start internet banking, the browser would run on a sandbox that only communicates with your bank and potentially the token hardware in your possession, anything outside of that would simply stop working: no other network connection, the sandboxed browsers’ access to hardware is completely isolated from the rest of your computer, except for printing perhaps. The sandboxed browser does not support any plugins or extensions, its only features are those of a dumbed down banking terminal. The protection could go as far as vendors creating special device memory regions that get automatically reserved and wiped out for secure computing purposes, no third party programs allowed to touch it. Conversely, the banks would only accept terminals that had previously been registered, much the same way that they issue hardware tokens to their clients. Such virtual machines would not be patched the usual ineffective way, instead they could be less frequently updated and each update would be coordinated by the VM issuers.

Something like this might not totally eliminate Internet security risks, but it could rid us of many of the most common threats in a very simple way. This is achievable with virtualisation and it should be cheap to realise.

We know that Security and Convenience are often at odds, by pushing out security patches all the time software vendors are causing user fatigue, just look over the shoulder of every other user to see the number of updates pending their approval. So, the current security patching practice is clearly ineffective. With BYOD gaining traction, the situation is likely to worsen. I think a new radical approach may be a better answer to the growing pain that we are experiencing at the moment.

Thank you for 2012

I have a few words of thank you for you, the visitor of this blog, because you are also motivating me to write what little content I am able to offer so far. I learned that you came from 90 countries around the world, that is huge for such a basic site that really could do with more care if I could afford to. This blog is more like a scratchpad I let others see, but it has no specific mission other than capturing unfinished thoughts.

I have a few words of thank you for you, the visitor of this blog, because you are also motivating me to write what little content I am able to offer so far. I learned that you came from 90 countries around the world, that is huge for such a basic site that really could do with more care if I could afford it. A large number of you were interested in the posts about upgrading an ageing Macbook Pro, that was a surprise for me, I hope you found what you were looking for. I would like to add a couple observations that might not be obvious to you but may help you understand this blog a bit better:

  • When I started this blog  I knew I wouldn’t have much time to make it rich and keep it lively, for that reason I kept it low profile as I also didn’t expect any large following. So far so good, though I get more visitors than I thought would be the case.
  • This blog is really one of two media I use as a place to capture snippets of thoughts, the other is Twitter. It’s not a true diary, it’s more like a scratchpad that I keep in an open space.
  • Very early on I was swamped by spams. In order to stem the flow of spam, given the low resource commitment, the easiest method I found was to require that people register before they can submit comments. I actually deactivated comments for a while but put it back on. Besides this I have no interest in collecting contacts on this blog, you also see no advertisement for the same reason. So when I come across a simpler solution that require little to no work I will implement it and get rid of the registration box.

I hope this helps a bit. I wish you a fantastic year 2013. I will make it more interesting in the new year, stay tuned.

The price of FREE service. Of course.

It’s simple, if someone offers a ‘free service’ just ask then what their price is? If you get no answer then you are the price, clearly. The only thing worse is that you don’t even know when and how you will be redeemed.

This article title says it all: “You’re Officially For Sale On Instagram” http://on.digg.com/U7MLvx

Social media with love, when a promotion demotes itself

This hilarious tweet showed up in my timeline today: “Do not click this tweet, because it is promoted and cost us money. Copy/paste the URL instead”. If it’s genuine, this is something to save for posterity.

I saw this today, found it hilarious. There’s every chance it will be taken down, so I thought I’d immortalise it here. Enjoy it.

 

do not click this tweet

Scalability is basic hygiene for Internet Services, trade it off at your own risk

Scaling can mean a lot of things, the way companies address it and make trade-off decisions have a large impact on the user experience. I am tempted to believe that Apple may be making many software trade-off decisions by sacrificing scalability, and that is a bad idea for Internet services. Apple talks a lot about creating the best possible user experience, and it is believable judging by their success: haven’t they been at the forefront if IT consumerisation? However, many of their Internet based services just don’t seem to scale up to good user experience. With Apple’s clout and the abundant supply of talent for a company like that, I don’t understand why they’re still not plugging gaps in these Internet services. That was the reasoning behind my tweet around mid-October, where I speculated that an acqui-hire was in order for Apple.

Scaling can mean a lot of things, the way companies address it and make trade-off decisions have a large impact on the user experience. In these days of dwindling attention span, users expect snappy experience regardless of the amount of data or people interacting on any platform. I am tempted to think that Apple may have made many software trade-off decisions by sacrificing service scalability, and that is a bad idea for Internet services.

Here are some examples of what I mean:

  • Safari Reading List feature: it works well when you have just a few of items bookmarked. Since it’s easy to use, my reading list grew quite fast and this is causing Safari to become less responsive whenever I try to view the list from one of my devices.
  • iTunes Match: this is quite handy, all your music on iCloud and you can listen to them on up to 5 iOS device. However, if you have a large music library and that your Internet connection quality fluctuates, you quickly get an non responsive music playing experience. So, it appears that the Music App isn’t able to gracefully degrade iTunes Match service.
  • Using documents from iCloud: this works well with a good Internet connection, but Pages or Numbers tend to get stuck whenever something isn’t smooth in the network connection. Furthermore, iCloud documents created with a Mac are not fully supported by iOS versions, it converts them or duplicate them, it’s a pity that it works that way.
  • I can’t directly share my purchased books and PDFs between iBooks on iPhone and iPad, these need to be manually copied around and sync’ed with iTunes.
  • Apple’s App Store is getting slower and slower all the time. In the early days, it used to be fast. But nowadays, with everybody putting up App Stores, Apple AppStore service or its client applications don’t appear to be coping very well.
  • Server Manager is now a stand alone app that can be installed on Mountain Lion on any Mac and turn it into a server. That’s great, but I discovered a couple of annoying issues with it. First, if you ever touch the embedded RubyGems package then you could be in for a ride. When you dig deep into it, you see that Server Manager ships with its own PostgeSQL and Ruby on Rails distributions, so why not completely sandbox these? The second issue I found is that, as I move my laptop around it gets assigned new IP addresses that cause problems with the embedded DNS Service. Sleep/wake cause Server Manager to start up really slowly and become non-responsive for a while. I know how to work around these but not before hitting a problem.

These are different types of shortcomings that all relate to scaling trade-offs, sometimes the volume of data is causing problems, other times it’s just the way of sharing objects that doesn’t scale out across devices. If a service has an upper-bound scaling threshold, why not either advertise it or adapt the user experience to reflect that? None of the examples above could have escaped Apple’s legendary experience design and iterative refinement crafting. These have to be happening because someone thought them good trade-offs, but I can’t find a good justification for trading these off for anything else. The use cases that are covered in my examples are all too simple, predictable if not obvious for a large scale product usage.

Apple talks a lot about creating the best possible user experience, and it is mostly believable when you use their devices and also judging by their success so far: haven’t they been at the forefront if the current consumerisation? However, several Apple Internet based services just don’t seem to scale up to good user experience. This is surprising to me, because it’s impossible to imagine Apple not knowing the consequences of the trade-offs they made in this area. Yes sure, it’s hard to excel everywhere, but with Apple’s clout and the abundant supply of talent for a company like that, I don’t understand why they’re still not plugging gaps in these Internet services. That was the reasoning behind my tweet around mid-October, where I speculated that an acqui-hire was in order for Apple.

I am basing my examples here on Apple, because I experience many of their products every day. But, in fact, these observations apply to any organisation putting out Internet based services. For Internet services, designing for Scale isn’t luxury, it certainly must not be a second thought, it is fundamental to any ambitious endeavour.

Scalability is difficult to get right. Inexperienced teams would typically cry foul, the catch phrase “premature optimisation” is bandied about by people who are not sure how to go about it. That’s fair, if you don’t know how to address scaling it’s best not to try. But large companies that ship products to hundreds of millions of people cannot trade-off scalability without paying a heavy price for it. Competition is heating up, Microsoft and Google are getting better at responding to Apple’s dominance, and this will force all three to ship products that scale smoothly.

All Apps are bad: ‘scarenomic’ may be just as harmful as privacy scourging

Yes, please do educate the public on the privacy issues that current social media services are raising. But do so in a measure way, don’t squarely blame every app for trying to steal user information. That is simply not the case.

Can the media tackle any important issue without resorting to hyperboles?

The WSJ piece on Selling You on Facebook, makes an interesting read on privacy issues for the non-initiated, clearly their main target audience. I was going to agree with it wholesale until I realised that the article sweeps too large and makes every app look bad – I mean mobile apps, not Facebook apps which clearly are something else in my opinion.

Yes, it’s true that the general public doesn’t realise the privacy implications of social media. Yes, it’s true that some apps and some companies are abusing the trust implicitly placed in them and taking more than they should. But I disagree with the way the WSJ article seems to be pointing to every app out there, the notion of app itself. That’s not a realistic ways of painting the true picture of what is going on. If that were to be allowed, then you could say the same thing of every human creation that may possibly be put to bad uses. The list would be long, folks wouldn’t feel safe anywhere or at any moment.

I agree that people need to be educated on the privacy issues surrounding social media in general. I disagree with trying to scare people into, perhaps, reading your article. If you try to scare people about every possible thing that could go wrong, then you blur your message and may defeat its purpose. What really helps is giving people self-help clues on what may be happening, and the implications of the specific actions they may be taking online. This should be measured, paced and kept up-to-date. But not a broad sweep because then people are no better off than when they weren’t told anything at all.

Sense of security and privacy: Who’s Zoomin who?

I can hardly believe that only one company, Path in this case, were downloading user’s address book. I’m sure others are, were, or will be doing so too The reality we live in is that we often have a false sense of security and privacy. It’s not like the bad guys would be waiting to hear about some security vulnerability before attempting to discover and exploit them. Likewise, the talk is on address book download today, tomorrow another company be found using your mobile location or device’s camera for some unpublished uses.

I find it ironic that while one company gets shouted at for leaking its mobile users address book, lots of others might be routinely doing it without anybody saying a word. It doesn’t take a scientist to figure out what is going on.

Developers are tinkerers by nature, they seldom stick to written procedures – otherwise they may not be very good. From the moment a platform software development kit is made available, people will poke around to see what they can do with it. As you poke around, you are bound to find undocumented features, wholes and what-not, and depending on your inclination you may make some unconventional moves. If word gets out and people like your moves then you are a genius, if people don’t like what you did then you get named names. That’s how it goes.

I can hardly believe that only one company, Path in this case, were downloading user’s address book. I’m sure others are, were, or will be doing so too. What happens is that something pops up, a big howl ensues. Then a few words of apology are issued, the noise dies down, people go back to their businesses, some quietly continuing whatever-may-be-questionable.

This is a bit like what goes on with IT security. When a paper is published on some software vulnerability, some debates follow and drum rolls for vendor patches coming to the rescue. Once such holes are deemed patched by the software vendor, the focus shifts away from the issue and not much is said about it. But even then, a lot of people can’t actually be bothered with software updates so they remain exposed.

The reality we live in is that we often have a false sense of security and privacy. It’s not like the bad guys would be waiting to hear about some security vulnerability before attempting to discover and exploit them, it’s likely that by the time a vulnerability is public it’s already old news for serious hackers. Likewise, the talk is on unauthorised address book download today, tomorrow another company may be found using your mobile location or device’s camera for some unpublished uses.

The tittle of this post is borrowed from an Aretha Franklin’s hit song from the 80’s.

UPDATE:

Seeing the headlines and some of the blogs out there, there is apparent outrage about Apple (only them?) having allowed this to happen. I am very curious if anyone checked that this problem doesn’t exist on Android, Windows Phone, BlackBerry, or other connected systems. I guess it’s much easier to cry ‘Haro sur le baudet’.