Alex Stamos : AppSec is Eating Security

I’m throwing this into the pile of arguments for “security and privacy are little but myths” discussions.  If top of the top companies, with multi-million budgets and hundreds or thousands of top security professionals get compromised, how realistic is it for the average Joe to protect his business?  I say – not very.

I think 80% of problems can be prevented with the 20% time and effort investment: minimize attack surface by removing and disabling everything you don’t need or use and limiting access to everything else, use layered defense where possible, use encryption where possible and strong passwords if you have to, don’t rely on security through obscurity, have log analyzers and/or intrusion detection system installed, etc.  But most importantly, make peace with the fact that being compromised is not the question of “if”, but “when”.  Prepare yourself.  Have an offsite backup and know how to restore your services in a completely new environment, if necessary.

And as far as your privacy goes, if you put anything private on the Internet, as well, prepare for it to be stolen and leaked.  If it never happens, consider yourself lucky.  Otherwise, just learn to deal with it.  It’s very unpleasant in a variety of ways, but seldom deadly.

Via EtherealMind.

1TB free Flickr storage

Gigaom reports:

“We want to make Flickr awesome again,” Yahoo CEO Marissa Mayer said.

Flickr is getting three big updates. All users will get 1 terabyte of photo storage for free. The site’s s interface is also being redesigned to focus on full-resolution photos — both in photo browsing and in search — rather than words and links. Users will be able to share the full-resolution photos by email, Facebook, Twitter, Pinterest and Tumblr.

This sounds amazing!  Also:

Flickr Pro, which had allowed users to pay for more storage space, is going away. “There’s no such thing as Flickr Pro today because [with so many people taking photographs] there’s really no such thing as professional photographers anymore,” Mayer said (though she acknowledged that there are “different skill levels”). There are still a couple of paid options: Users can pay $49.99 a year for an ad-free interface, and can add a second terabyte of data for $499.99 per year. It’s unclear what will happen with existing Flickr Pro memberships that users have already paid for.

I’ve been a paying customer of Flickr for years.  It was worth every penny.  But, at the same time, it was difficult to convince my friends to use it as there were some severe limitations for free accounts.  It’s nice to see them gone now.

The only weird bit of the blog post is this:

And, in addition to the iOS app Flickr launched last December, Yahoo is launching an Android app.

Flickr already has an Android app.  So I’m assuming they will just revamp that as well.

Marissa Mayer Has a Secret Weapon

Marissa Mayer Has a Secret Weapon

Fascinating!

For the past decade, she has been the doyen of a collection of some of the most talented young engineers and product managers in all of technology. These are the hand-selected prime talents of an accelerated leadership program at Google called Associate Product Manager (APM).

Mayer invented this program, led it and never gave it up. It was a key part of her tenure at Google. And now she may reap some benefits.

Don’t be fooled by the modest title, prefixed by that timid word “associate.” The most coveted entry post at Google is spelled APM. This is an incubation system for tech rock stars. “The APM program is one of our core values — I’d like to think of one of them as the eventual CEO of the company,” Google’s Executive Chair Eric Schmidt once told me.

Consider the first APM, a fresh Stanford grad named Brian Rakowski. He became a key leader of the team that built the Chrome browser and now is the VP of the Chrome operation. The second was Wesley Chan, who made Google Toolbar a success, then launched Google Analytics and Google Voice. He’s now picking winners for Google Ventures. Another early APM was Bret Taylor, who earned his bones by launching Google Maps. He left Google and co-founded Friendfeed, then become the Chief Technical Officer of Facebook.

Though not all APMs achieve such glory, they are generally recognized as elite. At any given time at Google, there are over 40 APMs active in the two-year program. And since Google has been hiring them since the early 2000s there are over 300 who have been through the program.

And the glue to the whole shebang was Marissa Mayer, who was the APM boss, mentor, den mother and role model.

Mayer thought up the program in early 2002. Google had been struggling to find PMs who could work within the peculiar company culture — team leaders who would not be bosses but work consensually with the wizards who produce code. Ideally, a Google product manger would understand the technical issues and sway the team to his or her viewpoint by strong data-backed arguments, and more than a bit of canny psychology. But experienced PMs from places like Microsoft, or those with MBAs, didn’t understand the Google way, and tried to force their views on teams.

So Mayer came up with an idea: Google would hire computer science majors who just graduated or had been in the workplace fewer than 18 months. The ideal applicants must have technical talent, but not be total programming geeks — APMs had to have social finesse and business sense. Essentially they would be in-house entrepreneurs. They would undergo a multi-interview hiring process that made the Harvard admissions regimen look like community college. The chosen ones were thrown into deep water, heading real, important product teams.

Delicious scare

During the last few days I’ve been asked by several people what I think about the scary bit of news regarding the shutdown of Delicious.   I’ve replied individually several times, but I feel that a blog post is in order.  So here it goes.

First of all, Delicious is not being shutdown.  Here is a quote from their blog:

Is Delicious being shut down? And should I be worried about my data?
– No, we are not shutting down Delicious. While we have determined that there is not a strategic fit at Yahoo!, we believe there is a ideal home for Delicious outside of the company where it can be resourced to the level where it can be competitive.
Secondly, if you are worried about your data, just make a backup of it.  Delicious had an export option for years.  Login to your account and you’ll be able to export your bookmarks from the Settings page.
Thirdly, I can understand that news like that could throw some people into a search for alternative mode.  And here are alternatives of them out there.  I haven’t tried any of them in years, since I’m a happy Delicious user.  But if I were forced to choose one day, Xmarks would be my first choice.  My reasons are:
  • All features that are vital for me are a part of the free subscription.  More features are available for premium subscribers.
  • Cross-browser support that covers all browsers that I care about.
  • Support for sharing of bookmarks.  That’s the main reason for me to actually use a social bookmarking service instead of a much simpler bookmark synchronization service.
  • Support for private bookmarks.  I want to share as much as possible, but not everything.
  • Easy integration with third-party tools and services.  For example, using an RSS feed.
  • Support for direct import from Delicious.

But with all that said, I want to stress it once again – Delicious is not shutting down.  So if you use and enjoy the service, simply continue doing just that.  No need to worry.

What is Yahoo?

I came across a somewhat old question by TechCrunch’s Michael Arrington: What is Yahoo?

For me personally, Yahoo is, first of all, the company that bought most of the web services that I was using – Flickr, Delicious, and Upcoming back in the days when I was using it.  Secondly, Yahoo for me is a company no here, no there.  I appreciate how old they are and all.  But it never seemed to be serving any specific purpose.  It used to be a bookmark website, which I used for a bit, until it got overly complicated with categories, and SPAM.  Then it became a web mail and a search engine.  Then it an instant messaging provider.  Then a purchaser of some cool web applications.  Then a web developer resource.  And then I don’t know anymore.

It’s been a long while since I went to Yahoo.com and something tells me that I won’t be visiting it any time soon.  What about you?

Follow-up on Yahoo and Microsoft

The other day I wrote a post about possible Yahoo acquisition by Microsoft. There have been some developments to the story. If you haven’t followed it elsewhere, here is a brief summary for you:

  • Microsoft decided to buy Yahoo (again)
  • Yahoo said “No” (again)
  • Microsoft insists in very aggressive ways

There are a couple of posts at Mashable (one and two) which tell how the story unfolds in more details.

What Microsoft does this time, is what they have always been doing. This time it’s just on a slighter bigger scale. And if you ever had any fantasies about how Microsoft cares about you as a customer or partner, take a closer look at what happens now. If they don’t give a flying fork about major players on the Web, who are creating an ecosystem, what do they care about you as an end user?

My extremism years are long over, but I still get to hear “Boycott Microsoft!” scream in my head once in a while. Whatever the case, I believe in natural balance and the equilibrium of all things. I think that Microsoft has been rocking the technology boat for far too long and that things are slowly turning to where they should be. It will take a few more years to make them more obvious to general public, but the trend is there.

In regard to this particular situation, there is a slight chance of Yahoo getting away from this acquisition through an alliance with Google. It’s not as good as if they could just be, but it’s by far better than if they get acquired by Microsoft.

Yahoo + Microsoft vs. Google et al

The big news of last week were of yet another attempt by Microsoft to buy Yahoo.  If you missed all the buzz, Web Worker Daily has a really nice round-up with separate links to facts (read: press releases) and opinions (read: speculations).  If that’s not enough for you, you can always find more with Google, Slashdot, and Digg.

Many online news sources continue to be completely dominated by discussion of Microsoft’s hostile bid to acquire Yahoo! And no wonder: a deal of this magnitude has the potential to touch the lives of pretty much everyone living and working online. It’s a rare web worker indeed who doesn’t use something from one or another of those two companies in their daily lives.

So, first, can it affect me personally?  Yes.  I don’t use any Microsoft/MSN/Live services, but I can’t live without Flickr and del.icio.us, both of which belong to Yahoo now.  Also, I do occasionally use Upcoming.

Now, what do I think about this whole thing?  Well, I think it shows how desperate Microsoft is.  The general trend is towards the web, not the desktop, where they still rule.  Most of their own web services turned out to be pretty lousy.  They want to get online, and they are willing to pay a lot of money to get their fast.  Mostly, of course, this is a war for a place under the advertising sun.

From the Microsoft view point (I think), Yahoo looks to be online.  More than so.  Yahoo is the second most important company online after Google.  And Google is giving Yahoo some rough time.  And Microsoft realizes it clearly, that Google is partially to blame for this whole trend towards the web.  And it also realizes that if it is serious about moving online, it’ll have to compete with Google in one area or another.  So it makes even more sense to acquire Yahoo.  From the Microsoft point of view (again, I think), Yahoo appears to know what they are doing.

And that’s where I see their biggest mistake.  Yahoo is indeed the second most important company on the web after Google.  But it struggles to be there, and it struggles even more to keep Google in sight.  Because it is falling pretty far behind.

A little side note: I think there is a war of concepts between Google and Yahoo. It’s bigger than just advertising space or anything else.

  • Yahoo started off with a directory of links, which was better than many at a time because it was moderated by humans.  Google started off with bringing huge improvements to machine based indexing and searching.  Yahoo:Google – 0:1.
  • Google brought this whole concept of clean user interfaces and simplicity for the end user.  Yahoo stayed and expanded on the old idea of portals, which bring all possible and impossible to the front page of the site.  Yahoo:Google – 0:2.
  • Google made a stake on the brilliance of its people – if the service is properly done, it’ll grow by itself and bring in more users.  Yahoo played it safe, trying to purchase web services that already have momentum.  Yahoo:Google – 1:2.

End of side note.

Overall, I think that this is a bad move on Microsoft part.  If the acquisition will happen, I think, it’ll damage both companies, and, maybe even, drive at least one of them into the ground (eventually, not immediately).  Yahoo, being at the position it is now, needs more flexibility.  The online space is getting more and more competitive.  That’s where you need to move fast.  Yahoo made some really good acquisitions before, and I’d say that they have some sense in this area, but they need more speed with integration of their acquisitions into their backbone.  With Microsoft on board, I’m afraid, everything will get a lot slower.

Also, I think that Yahoo won’t win much from this acquisition.  Surely, some money will come their way, but it’s not always a good thing.  And I don’t think that it’s good in this particular case and at this particular time.   I believe it would do much more good for Yahoo to get smaller, faster, and “hungrier”.  Hunger (think: limited resources) makes one’s mind sharper.  That’s exactly what they need now.  Not more “fat”.

As for Microsoft, I think there strategy should be more directed towards entertainment.  If they really want to buy something, they should buy some entertainment companies.  Those that produce content.  Disney studios maybe? Or some sort of a deal with AOL/Time Warner (they had a few frictions in the past, but they seem to managed to work out a solution together).  With more and easily accessible content they can reinforce end users interest in their Windows desktop, as well as their gaming platform (Xbox thing), and their mobile platform (Windows Mobile).  And, entertainment content by itself is a rather popular thing among the end users, which makes advertising much easier.  And rich advertising too – not just text-based relevant web ads, but audio and video media.

What do you think about all this?

The webmail observation

Interestingly, out of Gmail, Yahoo Mail! and Hotmail, only the first one does not append advertising messages to actual emails.  I am rather surprised by this, given we just started with the year 2008.

I remember back when Hotmail and other webmail services were just starting, it was a common practice to monetize on advertising banners shown to webmail users, while also embedding advertising messages into outgoing emails.  That was a really ugly situation, but a lot of people suddenly got free access to email, which was great, so we lived with it.

While free webmail has always been useful, most web people prefer to have a mailbox under their own domain.  Or at least they preferred before Gmail came into play.   Nobody ever took you very serious if you were communicating using a well known free webmail service.

When the coolness of your own domain started to grow, many webmail services tried to meet the needs of their users and attempted to hide the obvious facts of them being free webmail services.  This was the time when webmail services registered tonnes and tonnes of domain names and offered their users a choice of any for their mailbox.  It was also the time when some stopped embedding advertising into outgoing emails.

For a few years, I stopped caring much about this issue, since I got a proper mailbox, as did many other people with who I communicated.  I knew of webmail existence, but it was mostly outside of my scope of interests.   Until Gmail came out.

With Gmail, Google changed the perception of webmail once again.  Two things that they did differently were AJAX interfaces, which provided for a much faster and more responsive user experience, than traditional web sites; and plenty of space.  If I remember correctly, Gmail offered something like 1 GB mailboxes.  That was in time when most other webmail services were giving out 10 or 15 MB.  “You will never have to delete an email message ever again“.

Google managed to make webmail popular again.   They implemented most of the good stuff, ignored mistakes, and came up with a few smart things of their own (conversation grouping, labels instead of folders, etc).  And, of course, one of the things that they did right was the advertising.  While reading mail, users see ads for related stuff – in clean, text, no blinking manner.  And no outgoing message is ever modified by Gmail to include advertising or to suggest that recipient should  give Gmail a try, or any of such nonsense.

I move all my mailboxes to Gmail.  This my only email interface these days.  And I’m pretty used to it now. And a lot of other people are back to webmail. And so it amazes me to no avail that some web services still don’t get it.  After all this time and all these lessons.  They still including their ads in outgoing messages.  This is really weird…

To all of you using Yahoo Mail, Hotmail, et al, – you should really give Gmail a try.  At least you’ll know for sure that your recipients will get messages exactly as you send them.  No more, no less.

Yahoo Life! anybody?

(Side note: punctuation in product names sure makes headlines confusing)

Mashable has a post about upcoming Yahoo Life!

The premise is this: take Yahoo Mail, and make it the hub of your daily online activities; turn e-mail addresses into social profiles; connect e-mail to other services, and use the info from the contacts in these services according to the context.

This sounds good.  This sounds like exactly what I need.  Of course, there is a “but”:

It sounds and looks great, but we can’t know how well it works until the product actually goes live.

OK, we have to wait and see.  But I see that this niche will get a bit crowded pretty soon.  With all those web services and social networks more and more people are coming online.  Social connections will be more and more important, and therefor we’ll see more and more tools that do this.  There are some specialized tools for these purposes already, but none of them have enough functionality and momentum to lead the way yet.  Hopefully it will change sooner than later.  And, hopefully, Google will play some major role in this too…

Keep it simple, stupid

It is sometimes amazing how people behave.  Especially when they buy something and they get a choice of what they can get for their money.  Given the freedom to “get anything they want”, they often won’t stick with what they need, they won’t usually know what they want, and so they’ll go for as much as they can carry.  This might be a worthy technique for a supermarket, but it’s a bit different with web sites.

Yes, we (at my job) build web sites.  We do design, programming, hosting, promotion, maintenance, and many other things. And, yes, we can stack a web site with pretty much any technology or interface there is – forms, dynamic menus, AJAX, you name it – we can do it.  Can’t name any?  Good!  Because practice shows that if you can name something, you want it on your web site no matter if it needed or not.

It’s amazing how difficult it is to convince people  to stick with the KISS principle or make them understand that “less is more”.  Make your web site functional.  Put only things that you’d want yourself to use.  Study your statistics and see what people use and what they don’t.  Remove things that they don’t use.  Improve things that they use.  Stay focused and specialized – your web site is not an endless trash bin which you can throw everything into…

One argument that I often use, is of Google vs. Yahoo. When asked which company is number 1, Google’s leadership is never questioned.  When I confirm that Google is the authority, I go for examples.  How do you want your web site to look and feel?

Like this:

Yahoo front page

or like this:

Google front page

If these examples don’t convince, they at least plant a seed of doubt.  After these, it’s much easier to bend the conversation.