Entries by Alan Langford

I've been hanging out in Twitter for a couple of weeks now. It's generally amusing, and in some ways I can see it as useful. In a way, it's simply the most interesting part of Facebook (status updates) without the lame and cloying attempts at "fun". But one thing that's irritating about it is the "social media experts" and the "u 2 cn get rich" crowd. I would go on about this, but Michael Pinto has done a great job already in his post Social Media “Experts” are the Cancer of Twitter (and Must Be Stopped).

Instead I want to focus on a subset of Twitter users, the "Friend Troll". These people post multiple tweets, encouraging everyone to connect with them on other social media sites, usually LinkedIn. Now the premise of LinkedIn is that people use it to build connections between people that they know and trust. Obviously someone who gets the bulk of his or her connections from random Twitter followers is not adhering to this principle, which debases the entire concept.

I'm pretty sure that LinkedIn introduced the "Recommendations" feature as a way to combat this, but there's nothing to stop a savvy user from trolling for those, so it's of limited usefulness.

So what's required is some way to measure the level of respect that someone has for the sites that they inhabit. I have decided that, at least for sites like Facebook and LinkedIn, that the friend count / number of connections is a good metric. Unfortunately, LinkedIn generalizes the connection count, so "500+" is the best we have to work with. Let's run with that for a moment. Assume the person is 40 years old, and has been working for 20 years. That's just over two friends per month, for every single month. Roughly two weeks per person.

Maybe I'm a poor judge of character, but two weeks of accumulated interaction with a person is, in my experience, not enough time to build a stable trust relationship. By contrast if I take as an example a very personable fellow who I have worked with, who I trust, and who is CEO of a publicly traded software company, I see just under 100 connections.

So after surveying my connections profiles, I have developed the "LinkedIn Connection Credibility Metric".

• 1-10 Connections: You are either antisocial, or don't "get" social media.
  
• 11-100 Connections: You're "regular folk" and consider your connections before making them.
  
• 101-250 Connections: Difficult. If you have a customer facing job, your connections could be credible. If you don't, then you probably include anyone you've met in business and thus your connections are questionable.
  
• 251-500 Connections: If making connections with people is your only full time job, then this is possible, but still your connections are met with scepticism. If there are solid, meaningful recommendations to back up your connections, then maybe.
  
• 500+ Connections: Give me a break. If I connected with you, either I knew you before you went over to the dark side, or for some reason I thought you might be useful as a portal to someone I want to work with. Yes, I'm using you. But then again, you probably think that's what social media is about.
  

One site I miss from years back is swoop.org. It was a compendium of "swoop" based logos, showing the design trend (or lack of originality if you're less generous) pioneered by the Nike logo.

Maybe it's time to do the same with four colour quadrant-based logos. I admit, I used this motif in a logo about four years ago. Maybe that's a sign. When part-time hacks like me start using a motif, it's time to put it to bed.

Yet this past week, Google introduced a new four-colour, quadrant based "favicon". And... and... and it just plain sucks. Not only is it a stunning example of trailing-edge design, it features limited readability. On my system, the outlined lowercase "g", which bleeds into the background, is lost in either the default brownish grey of the default theme, or completely obliterated by the black background of my alternative theme. If you can't control the background, don't use bleed. Isn't that Design 101?

Two revisions back, Google's icon was an elegant representation of the uppercase G on their full logo. I have no idea why they moved away from that, but each successive revision has been worse.

So here's some advice for aspiring designers: get past the four colour quadrant motif. Come up with something new and original, or at least rip off something that's less tired. Please.

A few days ago, YouTube began muting the audio tracks of videos that contained "unauthorized" copyright material. Some videos will now have the notice “This video contains an audio track that has not been authorized by all copyright holders. The audio has been disabled.” displayed beneath them.

This is a good move for YouTube. It will help absolve them from any liability for "broadcasting" content that the RIAA cabal deems worthy of protection.

It's not such a good move for the RIAA and similar groups. A music track is an essential part of many videos, and we can be pretty sure that not many people who produce them are going to go to the trouble of obtaining copyright clearance. Instead, they're going to seek unencumbered music. This is going to drive up the demand for "open" music, which will in turn cause more musicians to provide the same in exchange for some small promotional credit on the video.

Thus a win-win is born. Video creators will have access to more music they can use, musicians will have a showcase for their work with a potential for global profile that would otherwise be difficult to obtain. How long will it be before this exposure results in a musician who "makes it" in the mainstream? It will only be a matter of time.

How will these musicians feel when a big label comes along to offer them a contract that pays a fraction of the revenue they actually generate while insisting that they turn their backs on their roots by joining the copyright cartel? Some will buy in to the promises and sign up, but some won't. Instead they'll seek new methods and revenue models for distributing their work. Perhaps they will make the bulk of their money from live performance, or maybe they'll find other ways to do it, but they will eventually succeed at it.

Once a successful formula has been found, those who seek to maximize revenue by controlling distribution will have lost the final step in their battle. They will have successfully spawned a revitalized industry that makes them irrelevant. This has always been inevitable, but YouTube's move will certainly accelerate the process. To me it is amazing how, blind to reality, this industry continues to find ways to kill itself off with ever greater efficiency.

Kudos to YouTube; still yet another dunce cap to the established music distribution business.

[Note: this article is still on the Onion site but the video is broken there too. Leaving this post up in hopes that they fix it one day].

This is just too good to not post.


Apple Introduces Revolutionary New Laptop With No Keyboard

In Media Metrics: Hate to Burst Your Bubble, John Gerzema discusses the erosion of the power of branding. In the process he makes an interesting observation: many companies have capitalized their brands, and they carry them on their books at considerable values. If these brands are in fact not worth anything close to the value they've been assigned, then there's another financial crisis on the horizon.

Gerzema is writing from his perspective as "Chief Insights Officer" at Young & Rubicam. As soon as I stop chuckling at this utterly ludicrous title, the observation is that as a member of the industry that has created and perpetuated the myth of brand value, his take is bound to be somewhat biased. This is the industry that has for decades convinced otherwise rational executives to spend stupid amounts of money on an intangible concept while simultaneously convincing them that the result is a capital asset.

Now certainly it can be argued that a brand has some value. Awareness of a product is linked to the selection of a product for purchase, without question. But the brand itself is still intangible. The value of a brand should be measured as the cost of changing it. As an example, let's say Pepsi decided to rebrand itself as "Foo". There would be considerable cost and significant time involved in doing this, but it's possible. With some tired brands (Levis comes to mind), it might even be advisable. This cost of rebranding is the true value of the asset. My bet is that the actual cost is considerably less than the asset value on many balance sheets. In his article, Gerzma asserts that "brands account for 30 percent of the market capitalization of the S&P 500, or almost $4 trillion dollars" (without citation). That's one heck of a bubble.

In discussing the extent of the bubble, Gerzma writes "Further signs of this worrying disconnect emerged as we examined the extent of the gap between business and consumer perceptions of brand value". What's funniest there is the phrase "worrying disconnect". To me it seems like a "reconnect" between consumers and reality that can only be worrying to big advertising agencies and to CFO's with overvalued brands.

All that money companies have poured into ineffective marketing efforts — driven by "gut feel", and marked by a complete inability to measure performance in any truly analytical way — is money thrown away. It's lost, it's gone. We have tools that measure the effectiveness of most of these things now in hard numbers, and the brand game is up, it's done.

Still someone with a "CxO" title at a major agency has a responsibility to evangelize for his industry, be he right or wrong. He applauds the performance of brands who are "innovating beyond advertising", such as in product development, corporate social responsibility and sustainability". I hate to break it to him, but in these cases the brand is just an identifier that links a consumer to an enterprise that is doing these real, tangible things such as producing good products in a responsible way. Now there's an insight!

Gerzma wraps up his weak argument that big agencies somehow still have a purpose with "today, everything is marketing and only creativity matters if a brand is to hold its value in this rapidly transforming and unforgiving marketplace." This is a complete and utter contradiction of the reality that he has observed but still cannot accept: good products and good service are everything, and marketing is in large part the process of communicating the good things you do through various channels. Worse, some channels cannot be controlled, such as social media.

The days of managing a message through monolithic media are long gone. Now it's about doing a excellent job and getting people to talk about what your organization does in a genuine way. Social media can be influenced, but ham-handed attempts to "manage" it are almost certainly destined to end badly. If I was involved in a big advertising agency, that's the bubble I would be most worried about. That and keeping my resume up to date.

Almost everyone who looks at the history of North America through the lens of current times is appalled at the brutal decimation of native populations, at slavery, and at the complete absence of any concept of human rights.

It occurs to me that 50 to 100 years on, survivors of the environmental apocalypse will look at us in a similar way. Sadly, we'll be even more culpable. We've known the planet was destined to become overpopulated with humanity for at least 30 years, and our response has been indistinguishable from nothing.

Polar ice caps are disappearing more quickly than even the most alarmist had expected. Climate change wreaks trillions of dollars of damage on our economies. Critical ecosystems collapse and even species we deem to find attractive border on extinction. Meanwhile, we worry about bailing out car manufacturers.

It looks to me like we'll just keep on trying to get by and maintain our "standard of living" until there's a real environmental crisis, until we pass the "tipping point". Then we get to try to put our lives back together in the face of huge population migrations, limited food resources, war, disease, and eventually feudalism. Then we'll "buy locally" — there won't be any other choice!

Our legacy will be that we're the ones who ushered in the Second Dark Ages. Our barbarism will make the early history of the continent look like innocence. The worst, the saddest, part is that it might be too late to change a thing.

There is no question that the Liberal Party of Canada needs to pick a new leader, and fast. Not only do they have to do it quickly, but they have to do it right.

While Michael Ignatieff might be the right choice, and might even be the winner at a convention, Bob Rae's observation that a process of installing him is "undemocratic" carries some weight. Simply installing Ignatieff based on polling results and some "consultation" with riding leadership may be prudent, but it's not smart.

I put "undemocratic" in quotes for two reasons. Firstly, the word has been horribly misused over the past few weeks. All the political drama we have just experienced has been nothing but democracy. Those who call it otherwise are merely uninformed. Anyone who says "I voted for Harper, not Dion" is in desperate need of education on the political system that this country uses. On the second count, the normal process that the Liberals use to pick a leader is anything but democratic. To anyone who wants to argue this, I merely observe that this was the process that got Dion the leadership in the first place.

The "transferable delegate" system might make for great television, but it has clearly been demonstrated that not only is it out of touch with the party grassroots, it doesn't pick the best leader. Time to chuck this tradition along with Mr. Dion. This time, let's lose the baby and the bath water.

This gives the Liberals an amazing opportunity to demonstrate that there is a fix for the problem. What they should do is quickly set up an online leadership voting system. They should mail cards with a security PIN code to every party member in good standing. Party members should then be required to combine this PIN with some piece of personal information that's on file, such as the member's phone number and year that they joined the party. There will need exception handling process for those who have problems, but I guarantee that they'll get a democratically elected leader in a short period of time and at a lot less cost than a convention.

The catch to all of this is that we're talking about a party that can't manage to get a critical video for a national address done on a reasonable schedule, and even then they can't do a job that wouldn't embarrass a grade seven student. It's painfully evident that the Liberal communications people are under siege at best, or woefully incompetent at worst.

Still, an online leader selection process would be relatively straightforward. I'd even be willing to help implement such a system, because I think real democracy is important. Then we can talk about moving federal elections to a Single Transferable Vote system (in particular, BC-STV) and then maybe we can get on to building governments that are formed from meaningful, relevant, and functional coalitions. It is possible.

I'm well aware of the value of site analytics. Most of my sites make extensive use of them. But at the same time I'm aware of a user's absolute right to not be tracked, be it anonymous or not. When it comes to my personal information, I'm usually happy to let most sites drop in a statistical tracking cookie, but I almost always set the lifetime of those cookies to "session only".

Basically, I'm happy to let someone know how I navigate their site, because that information is likely to result in improved usability. What I don't like is disclosing how many times I visit a site over a period of time, and what my multi-visit user patterns are like.

With browsers like Firefox and now even Internet Explorer providing easy tools to manage cookie acceptance and lifetime, more and more users who don't want to be tracked are limiting cookies. This is giving marketers a more challenging time and skewing their statistics. Poor babies.

Some marketers are fighting back. What's not commonly known is that Adobe's Flash Player lets sites store cookie-like information as well. Now Adobe hasn't quite caught up with the concept of individual liberties, so the default configuration of the Flash Player is to allow local storage without any explicit user permission. Adobe pretty much has a monopoly when it come to this sort of thing, so there's little incentive for them to change.

So now marketers who claim to seek to improve customer service have a method where they can gather data even if their customers have taken explicit steps to prevent it. News Flash: That is NOT good customer service! It's really rather offensive customer abuse.

Some time in the past few months, TD Bank decided to join the ranks of companies who have elected to bypass their customer's wishes. I recently connected to my online banking site, and got asked for permission to allocate local storage to an invisible bit of Flash. So I cranked open the page and found this link: https://easyweb46w.tdcanadatrust.com/dojo111/dojox/storage/Storage.swf?baseUrl=/dojo111/dojo/. At least its name reflects its purpose.

Anyone familiar with the big Canadian banks has become accustomed to dealing with these arrogant behemoths, protected from significant international competition by legislation, and reading from some version of a dictionary where the meaning of "service" is very different from the commonly accepted definition. Really the only surprising thing is that they haven't found a way to charge me 25 cents per byte of information that they want to store on my computer.

But you don't have to be subject to corporate whims. These things are configurable. Don't go looking through your browser, plugins or program settings for the control panel, though. Follow this link to your Flash Player control panel. This looks like a screen shot of what a control panel might look like, but don't be confused: it's a live presentation of your current settings. Click on the second tab, "Global Storage Settings". There's a reasonably good explanation of the settings below the panel, but if you move the slider to the left until it reads "None", then every site that tries to save data in flash will have to get your approval first. If you don't want to be asked, set the "Never Ask Again" check box. Then go to the last tab, "Website Storage Settings" to take a look at which sites have left tracking codes on your computer. Delete all the ones you don't trust.

Now you have control of your information again.

Bob Rae announced that he will be seeking the leadership of the Liberal Party today. "I'm running because I believe I have the judgement, the character, the values and the experience to lead at a very difficult time in the life of our country," said Mr. Rae.

It's not exactly clear which leadership he's talking about. If he had said "a very difficult time in the life of our party," I would probably be in agreement. He and Michael Ignatieff are both pretty strong candidates, but I think Mr. Rae stands a better chance in a federal election. I find Ignatieff to be a little distant... he might very well make the best Prime Minister, but that's no good if you can't win an election. I also don't think Mr. Rae's much-discussed stint as Ontario premier is anywhere near the liability that it's been made out to be.

But watching today's press conference, I got the distinct impression that Rae is saying that he's got what it takes to be PM during hard economic times. So he's got some magic plan to win the leadership race and topple Harper's government in the next nine months or so — that would be quite a feat — or he expects the recession to last a good three to four years, the most likely time we'll be called to the polls again.

Now this downturn may very well last that long, but it sure doesn't look good to come out looking like that's your expectation. Looks like poor judgement, which makes the statement self-contradictory.

"Joomla!" had an extremely serious security issue arise earlier in the week. I'm pretty deeply involved in the project, and I happened to be on the Bug Squad chat when the news broke. The issue was not a SQL injection problem, as many sources have assumed but reported as fact. Ironically, it had to do with defeating a session security feature. The security problem was a programming error. "Joomla!" goes through extensive procedures to defend against SQL injection, and from version 1.5 onward, such a vulnerability in the core code is highly unlikely. [Extensions are another matter. I strongly recommend that users only install open source extensions that have either been audited or that have broad community support.]

Even though this problem caused a fair bit of damage, I'm very proud of how the "Joomla!" team responded to the problem. This was a worst-case scenario: the exploit was published with no advance notification, and it was dead simple to implement.

The first we heard of it was a post on the Dutch "Joomla!" forums. One of the Bug Squad team mentioned this in chat on August 12th at 15:50 EST. We immediately took steps to verify the issue, and then once confirmed, to remove the details from the forum post. A patch was made available for testing at 16:10. A full package release was made available for testing at 18:19. Announcement of the release was made on joomla.org at 18:57, and by 19:40 update packages were also available. That's three hours and 50 minutes from report to full public release. If that's not a record I'll be surprised.

What is distressing is that a large number of security focused sites reported this as a SQL injection vulnerability, along with a variety of other erroneous or misleading information. Almost a week later, many have corrected their errors, but several have not. Considering that the "Joomla!" team responded so quickly, and that complete information was posted as the first item on the joomla.org web site before the exploit became widely known, this suggests that many of these sites simply repeated each other's misinformation, rather than taking even the smallest steps to verify the report.

Granted a sample size of one event is not sufficient to draw conclusions, but if this is any indication of how "trusted" security information sources behave, then it is no wonder that whole security field has a serious credibility issue. These kinds of reports are extremely serious matters, with a lot of potential for damage. Certainly the timeliness of information is critical, but hopefully not at the expense of accuracy. The security community has a deep obligation to perform the simplest verification of facts before rushing to publication.