Friday, September 24, 2010

Security Lessons Learned From The Diaspora Launch

Security Lessons Learned From The Diaspora Launch: MicroISV on a Shoestring
The team is manifestly out of their depth with regards to web application security, and it is almost certainly impossible for them to gather the required expertise and still hit their timetable for public release in a month. You might believe in the powers of OSS to gather experts (or at least folks who have shipped a Rails app, like myself) to Diaspora’s banner and ferret out all the issues. You might also believe in magic code-fixing fairies. Personally, I’d be praying for the fairies because if Diaspora is dependent on the OSS community their users are screwed. There are, almost certainly, exploits as severe as the above ones left in the app, and there almost certainly will be zero-day attacks by hackers who would like to make the headline news. “Facebook Competitor Diaspora Launches; All Users Data Compromised Immediately” makes for a smashing headline in the New York Times, wouldn’t you say?

Nice post. Although the programming language used in Diaspora is Ruby, the vulnerabilities can pop up in any web application targeted at a large end-user community.

The Biz School Chronicles :: On Enonomies of Scale and Invention vs Innovation

Today, a friend shared an interesting article. Titled "The Man Who Said No to Wal-Mart", its essence was the story how Jim Wier, CEO of the lawn-equipment company Simplicity stopped selling Snapper branded lawn mowers via Wal-Mart.

"In 2002, Jim Wier's company, Simplicity, was buying Snapper, a complementary company with a 50-year heritage of making high-quality residential and commercial lawn equipment. Wier had studied his new acquisition enough to conclude that continuing to sell Snapper mowers through Wal-Mart stores was, as he put it, "incompatible with our strategy. And I felt I owed them a visit to tell them why we weren't going to continue to sell to them."

Selling Snapper lawn mowers at Wal-Mart wasn't just incompatible with Snapper's future--Wier thought it was hazardous to Snapper's health. Snapper is known in the outdoor-equipment business not for huge volume but for quality, reliability, durability. A well-maintained Snapper lawn mower will last decades; many customers buy the mowers as adults because their fathers used them when they were kids. But Snapper lawn mowers are not cheap, any more than a Viking range is cheap. The value isn't in the price, it's in the performance and the longevity."

This looks like a case study for puritans, correct? Quality over quantity; "value isn't in the price, it's in the performance and longevity". Honestly, I think this is a bit naive in a business perspective. You see, the same article explains the prices of other lawn mowers as well. The ones who think value, in-fact, is in the price. When I read that part, I couldn't help but wonder whether Jim Wier (the apparent hero according to this article) was making a mistake.

"You can buy a lawn mower at Wal-Mart for $99.96, and depending on the size and location of the store, there are slightly better models for every additional $20 bill you're willing to put down--priced at $122, $138, $154, $163, and $188. That's six models of lawn mowers below $200. Mind you, in some Wal-Marts you literally cannot see what you are buying; there are no display models, just lawn mowers in huge cardboard boxes.

The least expensive Snapper lawn mower--a 19-inch push mower with a 5.5-horsepower engine--sells for $349.99 at full list price. Even finding it discounted to $299, you can buy two or three lawn mowers at Wal-Mart for the cost of a single Snapper.

If you know nothing about maintaining a mower, Wal-Mart has helped make that ignorance irrelevant: At even $138, the lawn mowers at Wal-Mart are cheap enough to be disposable. Use one for a season, and if you can't start it the next spring (Wal-Mart won't help you out with that), put it at the curb and buy another one. That kind of pricing changes not just the economics at the low end of the lawn-mower market, it changes expectations of customers throughout the market."

This is where economies of scale come into play. By manufacturing lawn mowers in large numbers, Jim Wier's competitors were able to bring prices significantly down. So cheap that a lawn mover is now a disposable item, with little perceived value in the eyes of customers. Where's "longevity" in this picture? The market will eventually move towards "Use one for a season, and if you can't start it the next spring, put it at the curb and buy another one". In this new market, how can Snapper lawn mowers survive? With diminishing revenues and shareholder value, they will eventually be vulnerable enough for a takeover. That was my initial thought while reading the article. Apparently that's exactly what has happened. When reading the comments section, I came across the following ...

"Not long after this article was written, Snapper was bought by Briggs and
Stratton Power Group. Briggs and Stratton also make Murray and Brute
lawn mowers, the two brands sold nationally in all wal-marts. hopes
this adds some perspective people. economoy's of scale, whether
walmarts or another companys like briggs and strattons will always win
out. thats capitalism for you...
Francis Manning01/31/2010 09:02 PM"

Another example that came to mind was Sun Microsystems vs Oracle. In addition to economies of scale, Sun's demise is a good example how innovation trumps invention always in the business world. So here's the story (I fondly recall this as I come closer to the final semester exams of b-school). One day a lecturer asked "What's the difference between Invention and Innovation?". Since no one else seemed to be volunteering, I gave an answer (I can't remember it today, which I consider as a good thing). The lecturer took a long hard look at me and replied "Now think like an MBA and try again". I couldn't at the time, and according to him, "Invention is the formulation of new ideas for products or processes, while Innovation is all about the practical application of new inventions into marketable products or services". That's exactly where Sun failed and Oracle keeps winning. Sun has(/had?) James Gosling the "inventor" of Java and a platoon of "Computer Scientists". But did they innovate? It seems not. Oracle doesn't seem to have superstar computer scientists (well.. other than Bob Miner of course). You know what they DO have? a leadership team with great business acumen and a sales force on steroids (If I remember correctly Larry Elison has a sales background). Apparently Oracle had generated more revenue by practically applying Java than Sun could ever dream of.

"The objective of a firm is to maximize its value to its shareholders. Value is represented by the market price of the company’s common stock, which, in turn, is a reflection of the firm’s investment, financing, and dividend decisions."

If you want to play the game, you better learn the rules. Otherwise you can always run a non-profit. But you won't be able to employ James Goslings of the world then. Because the pay cut, apparently, was one of the reasons he quit after the Oracle acquisition (read that story here). Oh the irony...

Saturday, September 18, 2010

Creating Shazam in Java


"Shazam is an application which you can use to analyse/match music. When you install it on your phone, and hold the microphone to some music for about 20 to 30 seconds, it will tell you which song it is.

When I first used it it gave me a magical feeling. “How did it do that!?”. And even today, after using it a lot, it still has a bit of magical feel to it.
Wouldn’t it be great if we can program something of our own that gives that same feeling? That was my goal for the past weekend." Read the complete post here

A nice experiment. The author got into trouble for patent infringement. But that's expected I guess :)

Thursday, September 09, 2010

Re-targeting Technology - "The Pants That Stalked Me on the Web"

The Pants That Stalked Me on the Web - Advertising Age - DigitalNext
"I surfed over to my favorite apparel website, Zappos, now a part of Amazon.

After a few clicks, Zappos' recommendation engine went to work and started offering me the selections that people who looked at the same shorts I did ultimately bought -- a cool idea and a feature that has been useful to me in the past.

Then, I abandoned the search and did something else. That's when the weirdness started.

In the five days since, those recommendations have been appearing just about everywhere I've been on the web, including MSNBC, Salon, and The Guardian. The ad scrolls through my Zappos recommendations: Hurley, Converse by John Varvatos, Quicksilver, Rip Curl, Volcom. Whatever. At this point I've started to actually think I never really have to go back to Zappos to buy the shorts -- no need, they're following me."

That story might sound creepy at first. But I find the technology both fascinating and a great tool for marketers. Have a look at Criteo, who are behind the technology. Here's how it works.

This is like AdWords on steroids... and marketers should definitely see better ROI. Because you already know the prospect has shown interest, as opposed to just randomly displaying ads based on the content he's currently browsing. And user stories such as the one above prove that the technology works in the real world ;)

Tuesday, September 07, 2010

What Big Brands Are Spending on Google

What Big Brands Are Spending on Google - Advertising Age - Digital
"The data obtained by Ad Age includes huge brands such as GM, Walt Disney, Eastman Kodak and BMW, which appear to have spent less than $500,000 in June. Tech rival Apple spent just under $1 million on search during the month, as did chip maker Intel.

Among Google's biggest spenders are businesses that depend on search traffic, including those that resell AdWords or simply buy Google traffic to resell to their own advertisers, including Hungry Machine, which does business under the name Living Social, which spent $2.4 million in June, and, which spent $1.2 million.

As a snapshot, it's also remarkable that Google's biggest advertisers, big monthly spenders like AT&T, Apollo Group and Amazon, individually accounted for less than 1% of Google's U.S. revenue in June. The top 10 advertisers in the document collectively accounted for just 5% of Google's U.S. revenue during the month."

According to AdAge, the data is from a leaked google document. The values in the graph are just for the month of June!

Sunday, September 05, 2010

An Oscar Winning Software?

Pixar's RenderMan® | Showcase
"The challenge of shading food for Ratatouille was to work with a stylized look that fits into our world, yet is still readable and recognizable as something appealing to eat. We, as humans, have a built-in sensory system to know what looks edible to our eyes and stomach. Finding that acceptable (and tasty) appearence was the main focus. To achieve this, we used subtle illumination techniques that became a general approach for a variety of objects. Here we will study a brief technical overview, followed by descriptions of different concepts, techniques and systems to achieve the look."

I've been reading iCon Steve Jobs: The Greatest Second Act in the History of Business for a while now.  Well, with work, studies and other stuff, it's hard to finish reading a book in a single sitting these days, hence the "for-a-while". I'm almost at the end of Part Two of the book and kept coming across a software called RenderMan. RenderMan this, RenderMan that, then how Steve and his early team at Pixar negotiated with Disney to do the very first movie. It was getting too much and I googled it.

I'm glad I did. Read the case study above and you'll see how the software was used in the movie Ratatouille. Forgive me if you already knew about RenderMan. But this software has a historical value too. IMHO, there wouldn't have been a Second Act for Steve Jobs if it wasn't for RenderMan. Kudos to the creators who made it. Wow! an Oscar winning software.. who would've thought?

Empowered Employees, Self-service IT and the Future Enterprise

IT in the Age of the Empowered Employee - Ted Schadler - The Conversation - Harvard Business Review
"Incremental innovation and process improvements have always come from those closest to the problem. It's the basis of kaizen, a system where employees continually improve manufacturing processes. It's also a founding principle of Six Sigma tap employees' relentless, incremental quality improvements.

The same is true in the way employees are harnessing consumer technologies social, mobile, video, and cloud. They're improving how they do their jobs and solving your customer and business problems. And it's not just a few employees; it's a critical mass of employees. In a survey of more than 4,000 U.S. information workers, we found that 37% are using do-it-yourself technologies without IT's permission. LinkedIn, Google Docs,, Facebook, iPads, YouTube, Dropbox, Flipboard the list is long and growing. Many of these scenarios are do-it-yourself projects. For example, want to ask me business questions on Facebook? Piece of cake, I'll just friend you. Personal iPhones for email, apps, and Internet access outside my clients' door? Check. Google Sites and Docs to exchange documents with partners? Sure, I can spin up a free site or IT can spend the $50/user/year and make it secure. YouTube to post fix-it-yourself videos for tough service problems? My kid's good with a Flip camera. She can film me doing the fix myself."

The popularity of Social Media, Mashups and App Stores is a clear indication that business users of today are do-it-yourself types. Social communities such as LinkedIn, Facebook and Twitter in addition to devices like the iPhone and iPad appeal to this new enterprise user. The way I see it, in the near future, enterprise IT will have to implement technologies that empower business users the same way these technologies do. Enterprise applications need to have social functionality build in, while allowing users to pick and choose exactly the apps they need, as and when needed.

Use SOA, think about exposing data as APIs. Secure them where needed. Most importantly, keep service re-use and composition in mind. Because that's where your ROI would be. Re-using existing stuff to create new apps with the minimum time and effort. Use a social App Store within the enterprise to govern these new apps. Ensure that business users get a say via rating and commenting. Have activity streams so that users are aware what's going on in their enterprise social circle.

The list goes on... but do take a user-centric approach and build from there. That's why Google can't succeed in the social media space, they are technically brilliant but clueless about how the social web works. Look at Wave, an engineering masterpiece, but a miserable failure as far as user adoption is concerned. Now look at Twitter. Always in trouble with technology, fails consistently when too many users start tweeting. But the users love it. If you ask me, the problems faced by twitter are good problems to have. "So many users like us, we can't handle the love!". I remember YouTube going through a similar phase a few years back. Not any more. Because technical problems can be solved. But if users don't like what you have, how on earth are you going to justify the pay checks of all those engineers?

Wednesday, September 01, 2010

How (and what) reddit gained from digg revolt #5

Here's that analysis we promised of what happened yesterday traffic-wise (tldr: everything went better than expected). via

We had some interesting traffic yesterday. Usually that would mean it's time for a technobabbly post-mortem about which part of our infrastructure failed and caused the site to go down for three hours. However, something strange happened this time: the site didn't go down (knock on wood). So I guess we're going to have to set aside tradition and instead make a, um.. "postpartem" blog post about how things bent but did not break.

TL;DR: Money from reddit gold users went to defence against a massive attack of Digg users. And not only reddit managed to overcome the attack, it also converted them to the better religion! Plus, they have reandomly put games in their advertisement boxes, which makes users turn AdBlock off for reddit.

As those who follow me on Twitter know, I created an account at reddit too, joining the flood of digg refugees going there since digg revolt #5 started. As things stand at the moment, I might not return... ever.