Evernote Screencast
If any of you are wondering what I've been doing at Evernote these past few months, we're officially above the radar now!
YouTube quality is a little poor, so there's a high-rez version at www.evernote.com/video/ . The line to get into the closed beta is already pretty long, but if you write in and say that you one of the six or seven people that reads this blog, I'll see if I can bump you up a bit.
Wish us luck!
February 21, 2008 | Permalink | Comments (2) | TrackBack
Stanford GTS 2008
I just spent two days at the 2008 Global Technology Symposium at Stanford, a worldwide investment and emerging technologies conference, with an emphasis on Russia and other developing markets. I don't think I've ever written this about a conference before: it was great.
Useful content, a chance to meet many of Silicon Valley's founders, and all around excellent coordination. What's really amazing, especially for an international event, is that every single person who got up on the stage knew how to speak and present. The audience is usually comatose ten minutes into a talk at any of these events and I came prepared to nap; it never happened. The caviar reception at the end was a nice touch.
Has anyone that knows me ever heard me gush about a conference before? Alexandra Johnson, the principal orchestrator of GTS, should be immediately put in charge of every other industry conference on the planet. She might even make CES bearable. If they have a GTS next year, I'm bringing more of the Evernote crew.
Don't try to run, Sasha.
February 4, 2008 | Permalink | Comments (1) | TrackBack
I cancelled my Kindle order, twice.
Hemingway's six words? Mine are nonfiction.
December 22, 2007 | Permalink | Comments (0) | TrackBack
Quick Book Review: How to Become CEO
Some of the people involved in the production of this book clearly understand that they are engaged with a work of high satire. Emphatically not among those people is Jeffrey Fox, the author. Tragicomedic dissonance ensues.
March 10, 2007 | Permalink | Comments (0) | TrackBack
Empty box update
The recent unpleasantness with Dean & Deluca has ended happily. I can now brew tea with a proper double-walled glass tea press, not the single-walled one I had been previously using, like some debased hobo.
March 2, 2007 | Permalink | Comments (0)
An alternative to yelling on the phone
Jason Terk has pointed me to a nice post by Seth Godin on how to get customer service right. It basically boils down to avoiding real-time calls in all but emergencies and using the efficiencies afforded by asymmetric processing to substantially improve the experience for companies and customers alike.
I just so happen to be in a position to try this out on the customer side first hand. Here's an email I just sent to the support address at Dean & Deluca:
Hi,
I ducked into your 560 Broadway store in New York today and purchased (among other things) a Bodum Bora Bora Thermo Tea Press for $80. Then I got on the train for Boston and spent the next four and a half hours thinking about how I was going to make tea with it. Unfortunately, when I came home and opened the tea press box, it was empty. Doh! I guess I should have double checked before leaving the store, but I just figured that it was customary for the boxes on the shelves to be already filled with their respective products. Luckily the hard salami package actually did contain a hard salami, so there was some solace.
Can you help me obtain my tea press? Unfortunately, I won't be back in New York for some time. If you need some magic numbers from my receipt, I still have it.
Thanks much,
Phil Libin
Ok, so I'm an rtard. Let's see how it goes.
February 26, 2007 | Permalink | Comments (0) | TrackBack
What I don't know about privacy
A post on Steve Hunt's blog has me thinking about privacy again.
A couple of years ago, I was speaking on an international identity and security panel in Rome. At the end of my remarks, a French journalist asked me a long question that seemed to have something to do with privacy but a lot more to do with trying to bait me to agree or disagree with his stated distaste for some aspect of Bush's foreign policy. I say "seemed to" because neither my French nor his English were up to the task at hand. Unfortunately, this kind of game has become routine for traveling Americans and I almost always choose not to play. So instead of answering directly or, the horror, asking him to clarify his question, I decided to use up my time with an impromptu digression on the nature of privacy. I wasn't sure what I was going to say and, when it was said, I wasn't sure if I actually agreed with it. I'm still not sure. It sounded good at the time though and sent the audience a-nodding. Here's more or less what I said, [with my simultaneous inner monologue in brackets].
---
When our founding fathers wrote the Declaration of Independence [good, always start with the Founding Fathers when talking to a French reporter], they put in a curious sentence, "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights," [Uh oh, is that in the Declaration or the Preamble to the Constitution? Crap! Ok, just act confident and the audience won't know.] "...that among these are Life, Liberty and the pursuit of Happiness."
Now there's an interesting thing here: the three rights specified are mentioned in order of decreasing specificity and ease of measurement. The first one, Life, is pretty easy to measure; most people will agree on whether someone is alive or dead. Well, not right now in Washington, but most of the time. [Polite laughter, good, they've heard about the Schiavo thing over here.] The second one, Liberty, is a bit harder to define but still pretty good. You can usually get a pretty good consensus on whether someone is free or a slave.
Now the third one is tough. Happiness? How can you really define it? Or measure it? It seems like a really personal quality that's really hard to pin down. Some people don't even seem to want to be happy. I mean I've seen French movies. [Better laugh line, but have I actually ever seen a French movie? I must have.] Aren't standards of happiness based heavily on the ideas of the time? Plus what if my happiness makes you unhappy? Or vice versa? Don't the Germans even have a word for this? Schadenschnitzel or something? [Big laugh, Europeans love the 'dumb American tries to say something important but gets comically confused with a food item' bit. JFK knew this as well.]
That's why the Declaration doesn't give you a right to happiness, only to the pursuit of happiness. We can't guarantee you happiness, but we can make sure that you can do whatever you think may make you happy - as long as you don't get in the way of the other two rights for others. And this is the real genius of the document: you have a right to pursue. You may never get there, or I may beat you to it, but you can pursue happiness if you want and we won't stand in your way.
[Now here's the part that I'm really not sure about, but it's such a smooth transition.]
So what about Privacy? Is it like Life? Is it like Liberty? [Yes, come to think of it, it probably is like liberty, should have thought this through better before starting.] Or is it more like Happiness? I think privacy is a personal thing. Some people want to be very private, other people post pictures of their vasectomy on their blog. Don't google for this! [Really, don't.] Some people want to hide every step they make on the web, others don't care at all. And is there a corresponding right to know? If I really want to know how much my customers earn, is it really wrong for me to try to find out? What if I want to find out who's giving money to a politician? Does your right to privacy trump my right to happiness?
I think maybe privacy is like happiness, and the "right to privacy" should really be "the right to the pursuit of privacy". If you want to keep certain information private, you should have access to all the tools you need to make that happen. If you choose not to use those tools, either because you don't care or because you agree to some kind of business or social proposition in return, then I have the right to get whatever information about you that I want. And the default setting on your web browser shouldn't be "private" any more than the default setting on your life should be "happy". If you want privacy or happiness, you have the absolute right to work at it, but it's not our responsibility as representatives of government or industry to hand you either one. [Big applause line from the audience, but it's a very business- and government- centric crowd.] Companies should be free to track their customers' actions and people should be free to hide whichever of those actions they want. Each person gets to choose where they want to stand in that marketplace.
---
This got a good very good reaction at the conference, but the "privacy" guys were pretty severely outnumbered so it wasn't a balanced field. I'm still not sure how I feel about this analogy. The biggest danger seems to be the potential arms-race between privacy seeking individuals and information seeking businesses or governments. For instance, is it OK for Google's default search behavior to be set to log your search history? (Nelson Minar and my brother had an interesting discussion about this a couple of weeks ago). If so, would it be OK for Google to change the opt-out settings randomly every few months to force people to "really" care about their privacy? Would it be OK for Google to just lie to you and keep records even you've opted out, claiming that you should be using some third-party anonymizer if you really cared? (I think the answers are "yes", "no" and "no", but where do you draw the line?) Also, are the implications significantly different for government/citizen interactions?
I'm not sure about any of this. I told myself that I'd sort it out before posting, but my little talk was almost two years ago and I still haven't decided. Is "privacy" like "happiness"? Maybe it's not a very useful question. What do you think?
Oh, the picture at the top of this post is a still from "Fireworks", the School House Rock episode on the Declaration of Independence. It's how they chose to illustrate "pursuit of happiness". Note that this kind of pursuit, deemed appropriate educational programming for children in the 1970s, would now land you in jail.
February 23, 2007 | Permalink | Comments (1) | TrackBack
Split the difference
I have a suggestion for how Google can atone for their free speech sin of agreeing to censor results in their Chinese version to comply with Chinese government web rules. Since they'll have to implement algorithms to automatically determine which results to omit in the Chinese version, they can also make a version of the search engine that displays ONLY the stuff censored in China. Of course this version will only be accessible outside of the PRC but, meh, it's a start.
Note to my Chinese business associates: Joke!
January 25, 2006 | Permalink | Comments (2)
The Pros and Cons of Biometrics
I wrote this simple article for a new publication - the ASSA ABLOY Future Lab - about biometrics. If you want to read it for some reason, please do so.
November 9, 2005 | Permalink | Comments (1)
It beats working
Jeneane Sessum has written a great article for PR Blog Week 2.0 called, "Adding Your Voice to the Conversation. Why CEOs Should Blog." It makes me out to be much smarter than I really am! What fun.
September 20, 2005 | Permalink | Comments (0)
A note to my marketing team:
I just got back from ASIS, one of the biggest security trade shows of the year, where CoreStreet had a big presence. We worked pretty hard on our booth and I'm quite happy with the results. However, when walking the floor yesterday I noticed that one company (actually Indala, one our most important partners) was serving perfect pre-mixed screwdrivers at their booth. Indala's primary color is orange and, well, screwdrivers are orange so it all made sense. Another company (don't remember who, not one of our most important partners) had a live monkey. I'm not sure if it was some kind of security monkey, or just something high-concept. Needless to say, both of these gimmicks were quite successful at bringing people into the booth.
I want monkeys serving booze at our booth next year. So let it be written. So let it be done.
September 15, 2005 | Permalink | Comments (4)
9-11 brand laser toner
I found this box in the office. Apparently we were returning it to the manufacturer because it was defective. There is no indication of where this product was made, but I kind of hope that it was outside of the U.S. Click on the thumbnails for a bigger image so you can read the text. I don't really have anything else to say.
On second thought, horrible bad taste and shameless marketing aside, asking snarky questions about this kind of thing is my patriotic duty, so here goes:
1. The box claims that this is an "American Spirit Compatible Laser Toner Cartridge". Does this mean that it's compatible with the American spirit or with "American Spirit" brand printers? I've got an HP, so the latter would be a problem for me.
2. The globe cradled in the American flag on the front of the box is centered on the south pole. Why?
3. The back of the box has "9-11-01" written in a very large font, but the numbers are slightly grayed out. Is this a subliminal message or a problem with your box printer toner?
4. The text starts with, "We can never forget the tragedy of September 11, 2001, with the terrorist attacks upon our nation." Is that because we keep being reminded of it by our laser toner boxes? Also, does that sentence helpfully include the year and a brief synopsis of what actually happened on 9-11 just in case someone was beginning to forget?
5. The hyper-cursive text at the bottom says, "Box Design & Concept is an Inspiration and Tribute to all our heroes of 9-11." How many people do you feel were inspired to heroism by your box design? Also, how do you decide which words to capitalize?
6. The box has three direct mentions of 9-11, three American flags, two flag ribbons and one bald eagle. Did you forget to add more bald eagles?
7. The side panel points out that, "Every cartridge that is thrown
away adds more waste to our already overburdened landfills." Do you
think that this is part of the overall terrorist plan, or is
environmentalism a completely separate worthy cause that you aim to
inspire and trivial tributize?
August 24, 2005 | Permalink | Comments (14)
A better name
Microsoft announced today that it's new operating system, formerly known by the codename Longhorn, will officially be called "Windows Vista". Early reactions to the new name have been mixed. I'm not sure how I feel about the name, but I do like the fact that Microsoft is finally playing off the whole "windows" theme in their branding while giving users a subtle hint at what to expect from the future OS. Along those same lines, I might have suggested that they go with, "Windows Pane" instead. Maybe there's still time.
[Update: Thank you, I'll be here all week.]
July 22, 2005 | Permalink | Comments (3)
Betrayed by Styx
Like most American businessmen my age, my primary experience with the Japanese language comes from Mr. Roboto. Therefore, I naturally thought that "domo arigato" meant "thank you very much", as it was clearly written:
Domo Arigato
Mr. Roboto
Domo Arigato
Mr. Roboto
...
Thank you very much
Mr. Roboto
for doing the jobs
that nobody wants to
It wasn't until my third week in Japan that I learned that "domo arigato" means only "thank you", and to say "thank you very much" requires a "domo arigato gozaimasu". Gozaimasu? That wasn't in the song at all. Some crap about Killroy, but no gozaimasu whatsoever.
All that time that I thought I was being very polite to my hosts and/or colleagues, I was merely being casually polite. If this flagrant negligence on the part of Styx lyricists causes me to lose any business in Japan, I will sue the record label with persistent and ruthless determination.
Unless that record label turns out to be owned by Sony Music. In that case, Gomen nasai. I humbly apologize for my poor humor.
February 28, 2005 | Permalink | Comments (2)
411 is a joke in this town
Yesterday i experienced what must surely be one of the minor signs of the apocalypse.
Needful of the phone number to a local pizza place and finding myself uncharacteristically removed from any networked device, I dialed 411 on my Verizon phone to get directory assistance. It had been years since I last dialed 411 and my hopes for an efficient transaction were low. James Earl Jones came on the line and artfully asked me for the city and state. So far, so good. I told him "Cambridge, Massachusetts" at which point he transferred me (busy man, I understand) to someone else who inquired about the name of the listing. I said, "Harvard House of Pizza." Then some hold music. Then a mechanical, "we are connecting your call..."
Then the horrible thing happened: I was subjected to a recorded advertisement before my call went through. I don't remember the exact nature or length of the ad because my eyes had caught on fire and started to boil at the sheer audacity of 411 charging me money, wasting my time and making me sit through an unwanted ad. To the best of my memory, it was a movie ad and it lasted for 18 minutes.
Oh, then it said, "We're sorry, your call cannot be connected as dialed" and hung up. Also, I probably paid $2.50 for this experience.
Questions:
1. When did 411 get this screwed up? I've heard bad things about the state of the industry, but never thought it'd come to this. I bet "outsourcing" is the standard excuse, but there's something more sinister going on.
2. Do advertisers really get their money's worth generating this much ill will with the public?
3. Since this is clearly the most evil thing James Earl Jones has headed up since that giant-snake worshiping death cult in Conan the Barbarian, and that movie ends with Arnold Schwarzenegger becoming a head of state (look it up) after defeating Earl's minions, wouldn't it be cool if - stay with me now - as the real-life governor of the largest state, Arnold did battle with the evil Earl-headed 411 cult and restored honor and decency to directory assistance? At least in California? I urge my west coast readers to start a ballot initiative. The witty campaign posters would Photoshop themselves!
December 13, 2004 | Permalink | Comments (0)
Jakob Nielsen's Alertbox
Jakob Nielsen has posted a new alert entitled "User Education Is Not the Answer to Security Problems" (amen). Among other recommendations, Jakob advocates that we:
Digitally sign all information to prevent tampering and develop a simple way to inform users whether something is from a trusted source. This might, say, replace current stupid security warnings that people don't understand because they expose the guts of the technology. ("The security certificate has expired or is not yet valid." Aha. And what does that mean to a normal person?)
I've been saying something like this for years. I'll even go a bit further: there is no good reason, today, that any legitimate email sent out by a serious company should not be digitally signed. A small number of consumers behind email-modifying proxies may get confusing error messages (companies can mitigate this by sending important mail without embedded HTML or JavaScript), but this can be quickly ironed out.
If you're a bank, hospital, or any other company that's worried about consumer confidence in your brand - you should be signing all of your outgoing email. Period.
Jakob's whole article is very good. Read it here.
October 25, 2004 | Permalink | Comments (0)
Common ID mandate
Last Friday, the White House issued a presidential directive calling for a “Policy for a Common Identification Standard for Federal Employees and Contractors”. The policy is mandated to be completed by March, 2005 and by November 2005:
“… the heads of executive departments and agencies shall, to the maximum extent practicable, require the use of identification by Federal employees and contractors that meets the Standard in gaining physical access to Federally controlled facilities and logical access to Federally controlled information systems.”
This is big news: a common standard for identification credentials to be used for both physical and logical access for the roughly 60 million US government employees and contractors. The contactors have a very important role to play. Once big contractors like Boeing, SAIC, Raytheon, etc. start giving smart cards to all their employees for use on government work, they’ll naturally want to leverage the investment on the commercial side as well. I’ve often said that real credentials and validation are the only ways to solve common problems such as phishing and identity theft. Just as with the development of the Internet, the federal government is once again the main initial catalyst for new technology that’s going to change the foundations of mainstream business transactions in the near future.
The big question: If this grows past government employees, can we do it without infringing on people’s rights? I think we can.
[The small question: Is the “near future” near enough for my investors to make a healthy return? I think it is.]
August 30, 2004 | Permalink | Comments (0)
Conference rooms contest winners
Voting for the CoreStreet conference room name contest is closed and the result is a tie. A [expletive deleted] tie. With 153 total people voting, “Superhero Secret Identities” and “Historically Important Fortifications” got exactly 60 votes each. It was a neck and neck race for the past three days. “Superheroes” did quite a bit of (legal) lobbying here, here and here. “Fortifications” was the hands-down office favorite and seemed to benefit from a grass-roots email campaign. To make matters worse, I’ve just realized that I mistakenly wrote “polls will close on 11:59pm on Sunday, July 31st”, when Sunday was, of course, really August 1st. We’ll never know what multitudes might have been disenfranchised by that somewhat confusing statement.
I admit to being totally unprepared for a dead-even poll result. This is especially embarrassing since I’m supposed to be some sort of expert on electronic voting. I suppose there are ways to resolve this sort of thing: we could have a run-off, or I can extend the polling for another day or I can sift through the logs and disqualify a vote or two. Perhaps voting should be extended for exactly one more year because in 2005 the last Sunday in July really will be the 31st. The problem is, all of these options entail more work for me and frankly… see my first real post on this blog.
So we have two claimants for the prize. Wasn’t there something about this kind of situation in the Bible? Some wise way to decide who is more deserving? Oh, I remember: make two babies!
So my post-solomonic determination is to award two first place prizes. Both “superheroes” and “forts” will receive a $150 Amazon gift certificate along with whatever CoreStreet schwag I can dig out of the supply closet. There will be no second-place winner. Since “forts” got the most votes from CoreStreet employees, we’re going to use that as the conference room naming scheme. We’ll use “superheroes” for something else – perhaps development project codenames.
I already have contact info for “forts” (my friend, the famous rodeo cowboy Lee Wright). “Superheroes” should contact me by email. Congratulations to both!
So let it be written. So let it be done.
August 2, 2004 | Permalink | Comments (1)
Conference room name battle
[Update 8/02/04: Voting is closed – see the results.]
We’ve received dozens of good suggestions in the Name My Conference Rooms contest. Here are the five six finalists:
Please vote for your favorite. Vote early, but only vote once. If I see suspicious IP address voting patterns, I reserve the right to throw away votes. So as not to upstage our upcoming national election, there will be no verifiable paper trail. The winner will receive random CoreStreet goodies and a $150 gift certificate from Amazon.com. The runner-up will just get the goodies.
Voting will close at 11:59 PM (eastern US time), Sunday, July 31st August 1st. Winners will be announced on Monday.
Fight!
[Nepotism alert: the “planetary mnemonics” entry was submitted by my brother, or someone pretending to be him.]
[Update: Sunday is the 1st, not the 31st.]
July 28, 2004 | Permalink | Comments (13)
Name my conference rooms contest
CoreStreet reached an important milestone today, and I need your help to, um, get to the next plateau. Or something.
Our main office finally got crowded enough that it’s not always possible to find an empty conference room, so we have to add the conference rooms as schedulable resources to Outlook/Exchange. This means we need to name them. This means we need a naming scheme. This is where you come in.
We currently have eight rooms to name, but the scheme should scale to more as we grow. Send me your idea for a conference room naming scheme as well as eight sample names. For example, you might submit the naming scheme, “Diseases of the Foot” and the room names, “Arthritis, Freiberg’s Disease, Gout, Kohler’s Disease, Ollier's Disease, Club Foot, Maffucci’s Syndrome and Seiver’s Disease.” This example would be syntactically correct, but would not win.
You can enter via the comments section on this post or by email to: phil*AT*corestreet*DOT*com. The names should be one part clever, two parts topical and office appropriate to taste. Winners will be chosen on Wednesday, July 28th by a committee of judges consisting of myself and whoever else is hanging around my desk at the time. The second-place winner will receive one each of whatever CoreStreet schwag (shirt, mug, exploding pen, etc.) happens to be in the marketing closet that day. The first-place winner will receive a $150 Amazon.com gift certificate plus the schwag.
I hope the blogosphere doesn’t let me down on this one.
July 19, 2004 | Permalink | Comments (29)
Don’t [expletive deleted] where you eat, my friend
You’d think with corporate email becoming virtually useless as a customer communication medium due to spamming and phishing, serious companies would be a little more careful to preserve the customer-trust level of written letters.
You'd be wrong.
Here’s an important looking envelope from United (airlines) with one of those telegraph-delivery stickers attached to the outside. Open it and... Oho! It’s just a trick to get you to subscribe to another unwanted credit card. The telegraph sticker is a printed-on fake.
How exceedingly clever of United! Now I’ll be extra-certain to give their next piece of communication all the critical attention it deserves. I’ll especially treasure their emails. After all, if they’re so fastidious about keeping costly paper mailings honest just imagine the care they must put into their bulk email.
If anyone from the United marketing team is in the audience, I recommend two additional pieces of reading: One and two.
And you wonder where the scammers learned their tricks.
[Update: Where do I send the bailout check?]
June 23, 2004 | Permalink | Comments (1)
Vastly important origins
Marketing Sherpa has published a brief case study on the hows and whys behind your humble narrator’s fine Internet publication. This is the first article ever written that’s entirely about this blog. I’m naturally very pleased and looking forward to seeing a second story so I can proclaim an important trend and maybe issue a press release.
It’s all true, except for the bit about SpoofStick only taking a few hours to program. It took a few hours to hash out the details, but programming was a longer and not-altogether painless process.
June 20, 2004 | Permalink | Comments (0)
The law won
Looking out for the disadvantaged is a longstanding, if somewhat unevenly applied, veneer on the American legal tradition. Even our symbol of justice is a blind lady (I know she's only pretending - just go with it). While much of the time, this outlook is a welcome assurance that we live in a civilized society, sometimes it’s a bit too earnest and silly. While doing some research into European commercial office regulations (as a service to my readers, I will not provide the link), I was reminded of an interesting run-in with the corresponding U.S. rules.
About two years ago, when CoreStreet was just over a dozen people, our offices were two adjacent rooms in a (not very recently) renovated 19th century commercial horse stable. It was an inconvenient setup because even though the two rooms shared an interior wall, to walk from one to the other required going out one door, down the long hallway and in through the other door. This added a couple of hundred feet to the walk and required fumbling with keys two times per trip. Among our neighbors on the floor was some sort of “training” center. We never figured out what they taught, but judging by the condition of the single common bathroom, it may well have been toilet training. We kept our doors locked at all times.
When I finally got tired of the constant locking and unlocking, I asked the landlord if we could just punch an opening through the interior wall and connect the two rooms. We would even be willing to prolong our lease. The landlord agreed.
A few days later, we ran into a snag. The floor layout permitted only a single place where an opening could be constructed, and the space would be a tad too narrow to comply with ADA (Americans with Disabilities Act) standards. The landlord couldn’t put in the door because it would not be wheelchair accessible. I proposed that we leave off the door and just make it a hole. That wasn’t good enough. I pointed out that the new plan would actually improve wheelchair accessibility because it’s easier to drive a wheelchair though a narrow doorframe than through the current configuration which, I reminded the landlord, was a SOLID WALL. Plus, anyone who couldn’t get through the new opening could always use the existing hallway doors. The landlord agreed that this was plausible, but upon consulting with the experts decided that it was still not legal to punch a hole through an interior wall of his own building.
In the end, everything worked out for the best. We were forced to relocate to our current and much swankier digs. Now, in addition to wide open spaces, big doors and spotless bathrooms, we actually pay less rent per square foot due to the drop in prices from when we signed our first lease to when we signed our second.
Who says that government regulation hurts small business? Well, our first landlord does, but what does he know?
May 31, 2004 | Permalink | Comments (1)
Deceptive Software ISLAND
Last week, the Google Blog started soliciting comments on Google’s “Proposal to help fight deceptive Internet software.” The proposal is directed against spyware, adware and other annoying and/or dangerous practices often found in “free” programs. Google’s recommendations consist of basic standards of notification and behavior that vendors ought to implement when distributing software over the internet. I wholeheartedly agree.
I’d like to propose a rating system to help users identify dirty software. It works like this:
Each program is given a score of “0” to “5” in six categories of annoying or deceptive practices. A score of “0” in any category means that the program does not engage in the practice at all, a score of “1” indicates fairly benign activity, while “5” connotes significant perfidy. To help you remember the six categories, I consulted the Internet Anagram Server and realized that they spell ISLAND. Here are the six categories along with what installers would say in an honest world:
In the Walls
This software installs uninvited guests which will scurry around your system's innards to be only occasionally glimpsed when a program crashes or you move a window suddenly out of the way.
(1 = Installs a discreet shortcut for a helpful utility or company catalog in the main software's program menu. 5 = Installs multiple, unrelated programs that hook into the registry, run in the background, and are difficult to uninstall.)
Spy
This program watches your actions and sends them back to the mother ship. It's just our way of looking out for you.
(1 = Actions directly related to software operations are anonymized, kept in aggregate form only and never shared with third parties. 5 = Wide ranging data, including personal information, is collected, linked to your identity and sold to third parties.)
Limited
We've removed some features from this free version of the software, so you won't get to where you want to go without buying the full version. Don't think about this until you've already put in half the driving time.
(1 = Some advanced features, which only power-users would need have been eliminated. 5 = Fundamental features, such as the ability to save your work, are missing.)
Advertising
This software will display advertisements on your screen. It may be "free", but you'll pay with your eyeballs and your attention span.
(1 = Displays a single, small, not-animated ad as part of the program UI.
5 = Pops up ads disguised to look like error messages in new windows all over the place with no indication of what's causing them.)
Nag
This free software will periodically nag you to spend money on the full commercial version. If you were a good person, you'd send us money.
(1 = Discreet button in the UI that accepts a voluntary donation. 5 = Modal dialog box with an increasing delay that demands payment before you can continue with the program, eventually totally disabling all use.)
All Your Default Are Belong To Us
We know that you've been too busy to get around to changing your homepage, media player and download manager settings. We'll take care of that for you. You're welcome!
(1 = Program makes itself the default viewer for only the type of file its primarily meant to handle. 5 = Any settings that can be changed to make you see more of the vendor's products, will be changed.)
After scoring each category, the total points are added up, multiplied by three and subtracted from 100. So the best possible score is 100 and a program that commits egregious acts in all ISLAND categories will score a 10.
For example, SpoofStick, which doesn’t have any ISLAND misfeatures, scores 100.
I’d guess that a fairly clean piece of shareware would come in at 94, and scores below 82 are pretty lousy. Now all we need is for somebody to rate every single piece of Internet software and establish a trusted registry.
Who's got free time next weekend?
[My friend Igor Rivilis recently wrote about his experience with software annoyances here. I think there’s plenty of great free software out there, but the bad stuff seems to be getting out of hand.]
May 25, 2004 | Permalink | Comments (0)
Wireless Access Pointless
Mark Ayzenshtat has written about his adventures leeching wireless internet connectivity while driving through the pre-apocalyptic landscape of suburban California. I'm not sure if this is a good or bad thing.
Setting up Wireless Access Point (WAP) security is pretty cumbersome and the results are brittle. Wireless devices randomly stop working and need to have their encryption keys re-entered. What's worse, different manufacturers seem to use different passphrase hashing algorithms, so you pretty much always wind up manually typing in hex strings. To make the process extra-tragic, some confused product designers have tried to "add security" to the process by making the GUI key entry boxes display only blanks (like most password fields) and/or disabling cut-n-paste functionality. This guarantees that you'll have to type in a long string of numbers and letters several times, and still never be exactly sure of why your WiFi doodad isn't working. Whenever I see such design, I am tempted to violence.
Not only is securing a wireless LAN difficult for most mortals, but there's very little motivation to actually make the attempt. You probably won't notice the bandwidth drain of someone leeching from you, and virus and worms are best combated at the firewall and PC level. You and your neighbor might actually be better off sharing the same access point and not having two separately encrypted networks fighting for the radio spectrum.
When something is both difficult and unrewarding, the masses will eschew it. That’s why most people don't read the fine print on medical forms and why they don't secure their wireless networks. My own 802.11b access point recently gave up the ghost host, and I haven’t bothered to replace it because I can usually see three or four unprotected wireless networks just sitting in my living room.
Of course, if you keep your wireless network unsecured, you never know who might get on it. That’s a little disconcerting, but the physical network has always been a weak security link because it’s hard to know who’s listening in; and that goes double for wireless. You need to secure each computer and the important data regardless of whether you turn on encryption on your WAP or not.
Who suffers from this furtive air sharing? I suppose the WAP manufacturers would sell more hardware if everyone had to buy their own access point, but that doesn’t seem like a good enough reason. After all, the pump lobby doesn’t get to force all of us to dig our own water wells. Internet Service Providers (ISPs) suffer some economic damage, because they typically charge a flat monthly fee for unlimited data usage and freeloaders, err, cause more load. For free. ISPs can try switching to a metered rate, but that approach hasn’t worked well in the U.S. market. A couple of years ago most service providers solved this problem by restricting access to just one or two specific computers registered to each account. That cost too much money in tech support calls when stymied customers tried to hook up new computers, so the practice has been mostly dropped. Either way, economic damage to the ISPs is a business issue, not a security problem. The companies should figure out how to fairly charge for their services, not lecture consumers on sloppy prevention. There are enough real security issues vying for consumer attention as is.
I’m looking forward to the day where I can reliably get wireless data service everywhere, without having to build my own private piece of infrastructure. A crisper understanding of who we’re trying to protect, better adherence to standards and some smart new technology will get us there. A chicken in every pot, not a mini broadcast tower under every desk.
Mmmmmmm, potted chicken.
[Brant Chamberlain wins the impromptu, "Quick, i need a geeky euphemism for a piece of hardware dying" office contest. His first suggestion was even funnier but, alas, not suitable for general audiences.]
May 13, 2004 | Permalink | Comments (3)
Companies on the verge of losing contact
Gartner has just published a report about the scope and effects of “phishing” scams. The numbers are staggering. Up to 92 million adults in the U.S. have received phishing attacks – malicious email pretending to be from a real company – in the past twelve months. The real shocker is that out of the 57 million people who suspected that they had received such an email (the other 35 million in the 92 million total were not sure), 11 million followed a malicious link and 1.78 million self-reported giving the fake websites sensitive information such as credit card numbers.
Wow!
That's a “click through” rate of 19% and a “conversion” rate of 3%. Legitimate (ahem) direct marketers would chew off their own fingers to get that kind of performance. Whoever’s writing those emails has some serious social engineering skills. They know how to push all the right buttons; well constructed phishing scams are way more clever than “Nigerian” spam and email attachment viruses. It’s almost as if some cabal of unemployed psychology, literature and web-design majors is exacting their revenge on the post-bubble Internet industry that spurned them.
The potential impact of the phishing problem on consumer confidence, brand loyalty and identity security have been much discussed though not yet fully appreciated. Another consequence is a bit more subtle: companies are rapidly losing all means of communicating important information to customers.
Think about it, how is Citibank going to *really* tell me if there’s a medium to high importance issue that requires my attention? They can’t use email because I don’t trust it due to spoofing. They can’t use snail mail because that’s 90% likely to go straight into the shredder. Their web site can be spoofed. They can try to call, but that’s expensive, inconvenient, and only marginally more likely to get my attention.
Of course, this unsettling blackout of company to consumer communications is at least partly self-inflicted. If private industry hadn’t been so eager to deluge consumers with promotional junk at every opportunity for the past twenty years (I never really needed shampoo coupons in my phone bills), people might now hold corporate communications in higher esteem and be more willing to put in the effort to discriminate between the real and the fake. As it stands, there’s almost no incentive: an unsolicited email from American Airlines - or most other Big Brands - is pretty much either going to be phish or foul, so I may as well just delete it. One percent of the time, it’s actually going to be important. That’s the rub.
Let’s hope that once the worst of the current danger has passed (SpoofStick will help, as will accelerated adoption of digitally signed emails, mutual authentication, increased use of RSS for “real” announcements, etc), companies will use the temporary reprieve until the next malspelled crisis to reconsider how they maintain the attention-value of their customer communications. Otherwise…
Sow. Reap. Repeat.
May 5, 2004 | Permalink | Comments (0)
Patent Medicine
Apparently IBM has patented a method of paying programmers to work on open source software. This is a fantastic development for those of us under doctor’s orders to get more irony in our diet. The new patent is U.S. No. 6,658,642. Actually, I’m willing to give IBM the benefit of the doubt on this one. The idea itself seems reasonably novel. Maybe they intend to offer free licenses to this patent to all open source software workers as a way of protecting the community. That would be swell.
Now, I’m the last person on the planet who should be complaining about U.S. patent law, but sometimes an application gets through that seems - bear with me while I search for the right word… ah, here we go – unsound. As a service to my readers, I’d like to offer a guaranteed (“guarantee not guaranteed”) way of protecting yourself from being unreasonably sued for patent infringement in the future:
Step 1: Obtain a business process patent on the idea of “Making Money by Suing Other Companies and/or Individuals for Patent Infringement.” (You’re thinking this won’t work because only one person can own such a patent – you’re overestimating my audience.)
Step 2: Wait until someone sues you for patent infringement, then BAM! You got ‘em for violating your patent from step 1.
Legal scholars and fans of recursion may note that many currently litigious companies may claim “prior art” on your patent since they’ve been suing people for years before you filed your application. You’d probably settle out of court long before this comes up, but if you insist on even more devious protection…
Step 3 (advanced): After obtaining the patent from step 1, obtain another patent called, “Defending Against the Patent From Step 1 By Claiming to Have Prior Art Based On Having Sued People in the Past.” Aha! Now you've got ‘em coming and going.
NB: Before following any legal advice from me, please remember that I am not a licensed attorney and may not always place your best interests above having a good laugh.
January 27, 2004 | Permalink | Comments (0)
