UPDATE, 26 September, 2019 - The FTC is suing Match.com for just the situation I describe in this blog post! 

https://www.nytimes.com/2019/09/25/us/match-com-lawsuit-ftc.html

Match.com has a fake problem. That is, they have a problem with fake accounts and there is a clear reason why they have, for years, refused to do a single thing about it.

I’m going to start off with a story, which, I promise, is relevant. I am a proponent of marriage equality. I can be flippant about it and note that I feel that everyone should get to experience the pain of marriage, but that’s not fair to my wife, who is one of the greatest people I know. I actually have my reasons for being in favor, which I will get to shortly. But first the story.

By now you're aware that there's yet another security bug, this time in "bash," a "shell" used on many servers. For the non-geeks, the gist of the issue is that a very common and absolutely necessary part of the operating system could, in some reasonable circumstances, allow a malicious user to run any code they want on a server to which they should not have access. This is, of course, a bad thing. The bug, now identified, has been fixed and system operators are rushing to patch their systems with newer versions that don't exhibit the flaw.

It's been over 25 years, so I think I can come clean. I knew of such a bug when I was in college that gave me 100% read access to any file on any system. I couldn't modify them, and this bug didn't let me execute arbitrary code, but if I noticed that you had a file in your home directory called "ChrisIsADoodyHead.txt," I could read it. Even if it was in a closed-off directory and locked down, itself. While I never had a need to, I could have looked at all of your code for the computer science class we shared and cheat on my homework. And I mean every file on the file system.

I could read all of your email.

After about a year, the bug was discovered, and I was actually beta testing a version of UNIX (SCO - remember SCO?) that had it and I reported it. It took about another year to move through production and be deployed. Remember, these were the days before automatic patching. Most installs were done from a stack of floppy disks and new versions came out yearly. Maybe quarterly, at best.

The point I'm making is twofold. First, these bugs are everywhere and will always be around. Don't be shocked when they're reported. They happen, they get fixed, and the next one comes along. You're going to get burned by them. And yes, evil douchebags are going to exploit them to, say, illegally download nude pictures of celebrities. There's no victim-blaming when I say that you should acknowledge this reality and do what you can to protect yourself.

And my second point, which is the takeaway here, and the reason I've "come clean" after 25 years to make the point: These bugs are in the wild and known right now. Please stop and think about that. Someone, somewhere, is almost surely reading or copying your stuff if it's online. These bugs don't live in obscurity until someone discovers them and immediately fixes them. Someone finds them and uses them for years until someone else discovers them in a more public way. Remember the speculation and then confirmation that the NSA was exploiting a bug for years before it was ever discovered in public? You don't need to take my word for this.

And please don't shoot the messenger.

Full disclosure: I never shared this bug with anyone else in college as far as I remember. I never found anything illegal, and only once found something that, if disclosed, could have caused problems (someone was cheating something seriously in a number of classes). I never said anything. I honestly can't remember ever seeing anything on anyone that was even remotely bad. Email, back then, also was only something shared among geeks, for the most part. There was pretty-much no private social online usage. I mostly poked around administrative stuff. This being a time before digital photography, I never even saw any nude selfies :-) Some people may not believe this disclosure, and I'm okay with that.

As will happen once or twice a year, we have a new social site that many are prematurely calling the death of Facebook. And as happens even more rarely, it appears to be getting traction towards overcoming the network effect. For those unaware, the "network effect," simply put, states that nobody will use a thing until enough people are using a thing. To overcome this seemingly catch-22 circumstance, you need a degree of interest and virality in a short period of time. It doesn't matter how good something is, if it relies on a critical mass of users, you'll have most people standing around waiting to see if anyone else jumps first, and nobody jumps.

In the case of a very few sites, if you get enough people to jump at the same time, you overcome the initial barrier. Chemistry geeks can consider this the activation energy threshold. Physics geeks can consider this the coefficient of static friction.

LiveJournal did it. Heck, Facebook did it to MySpace.

And yes, there are "tricks" to help. Artificial scarcity, for example - you need an invite to join, and you can ask for one, but you'll have to wait. Never mind that once you're in, you get 10 invites. The laws of simple math will make it clear that getting an invite from a friend should be no problem at all if you're even remotely connected. And this makes total sense to the site's owners, as it biases new signups to people who are connected. Using an invite code also gives you an initial social graph connection (to the person who invited you), thus bootstrapping the graph of the site.

In short, Ello is doing everything right.

And it may or may not matter, because once you overcome the network effect barrier, you still need to keep the users. Just ask Google+. That said, Wil Wheaton is already there. Consider that the low-threshold gating function: his presence doesn't make the site, but his absence would be a statement.

So, for right now, Ello is clean, crisp, simple, and pretty-much no better than a somewhat expanded Twitter feed. Friends/Noise has an appeal, but it's pretty basic. Many people want basic, but many more have come to rely on features that Facebook provides. Ello needs to find a way to provide these features, but in a non-cluttering way.

And, of course, the policy - transparency. You own your content. There's no curation and filtering happening. And, in an interesting (and dare I say refreshing) twist, everything is public. Anyone can follow anyone else, and all of your posts are public. It's wide open, and intended to be so from the start.

Some people have a problem with that. This morning, a friend of mine had a post on Ello, "Dear @person, please unfollow me, I only want friends here." Now perhaps @person will comply, but @person is under no mandate to do so. There's nothing my friend can do. Again, there are no private posts on your feed.

From last April: http://betabeat.com/2014/04/would-you-like-your-social-network-to-share-your-content-or-just-monetize-the-bejeesus-out-of-it/

The open question now is what Ello does with the current rush of early adopters. Will they roll out features that everyone wants and loves and maintain the elegant simplicity? Will they stick to their philosophical guns and will the fickle crowd agree? Will there be an initial rush, only to have the novelty wear off like Google+? Only time will tell. I'm keen to wait, watch, and see.

So I'm @dogberry over on Ello. Feel free to follow me.

I've always wanted to say that ;)

Stephen Hawking is being quoted in the media as saying that the Higgs Field could wipe out the Universe. His point is that at a high enough energy, it could trigger what's called "vacuum decay," a state whereby a "bubble" of vacuum expands at the speed of light, destroying everything in its path. This could happen if the energy of the field is not constant and eventually changes or, as some media are reporting, if a sufficiently-advanced civilization were to experiment at such high energies.

To do this would require a linear accellerator, as we understand them, the size of the orbit of the Earth. Not something we're about to build any time soon.

Here's why everyone is wrong, at least about the second part: if it could have happened, it would have by now. Indeed, anything that any civilization could do to destroy the Universe would have resulted in such destruction long ago. The Universe is huge. If something could have happened, it would have. To think that in the 13.7 billion years that we think the Universe has been here NOTHING capable of destroying it has happened yet, but just might any day now is the pinnacle of self-importance. The odds just aren't there.

So relax. The Universe will be here tomorrow. I'm prepared to bet on it, in fact ;)

I spent the evening last night at an Irish Pub (yes, I know, this blog entry can just stop here) watching the Seahawks game. Remember, though I live in Silicon Valley, I'm a Seattle transplant. Go Hawks.

As I and the 50+ fans were enjoying a convincing victory, a commercial came on. It was entitled (and captioned), "The Call," and depicted a woman getting a phone call. She says hello, and her face drops as she listens, clearly being shocked at what she is hearing. I, the viewer, know only her shock - there is no indication of what's actually said.

And then the commercial ends with the call to action to go to a URL to find out what happens next.

No. Just no. Clickbait online is one thing. Doing it in a broadcast television commercial? Sorry, that's farther past a line that's already been crossed.

I encourage everyone to refuse to go to any URL presented in this manner. Please help send a message to advertisers that this simply won't work.

Oh, and get off my lawn.

Well, not really, but just as stupid. As reported by Ars Technica, Facebook is now placing a [SATIRE] tag next to links that go off to The Onion. Clearly, Facebook is ruining the fun for those of us with enough brain cells to recognize satire when we see it, and is making the presumption that most of you are idiots.

Rumor has it that next week they'll be threatening to disclose the true identity of Santa Claus to anyone under 13 who lied about their age to get an account.

Hey Facebook? You want to do a little editorializing? How about you flag all of those linkbait sites as [DOG CRAP] while you're at it? Now that would be a non-abusive use of your power.

The failure at the Oscars demonstrates a good point to remember: $#!& Happens. My take is that after much analysis, we will find that there were duplicate stacks of envelopes on both sides of the stage, and the wrong envelope was given to the presenters (Warren Beatty and Faye Dunaway). Clearly, Mr. Beatty was confused and hoping someone would notice the problem and correct it. Unfortunately, it took a little longer. 

I'm an Apple guy, and while I'm not religious about it, I like that all my devices work together now and are generally portable. The UX works for me and I like having a development platform that is, under the hood, UNIX-based.

That said, Cortana kicks Siri's ass. It's not even a fair fight. What Lisa's Windows phone can do, in terms of an intelligent AI assistant is incredibly compelling.

Apple, your user experience is second to none. Now it's time to kick up the actual heft behind it. Microsoft is eating your lunch in this one, specific area. Step it up.

I think the higher-ups at Facebook are just now realizing that they're facing their first real crisis. Diaspora likely gave them about a half-day of indigestion and then some good laughs. But Ello is the real deal when it comes to a threat.

That said, I predict it will not succeed as a Facebook replacement. Indeed, their founder insists that it's not intended to be such. Is that hipsterism? Probably. But he's probably also right. While they're getting 30k+ signups per hour, people are going to react like they did to Google+ - that is, they'll sign up, play a little, find that it has nothing that Facebook doesn't already have, and usage will drop off. Ello has significantly fewer features that people want. If Google+ didn't get traction, Ello won't, either.

Yes, people want to migrate from Facebook because of their policies, but this threat is likely going to be the catalyst that forces Facebook to back down on the real name issue.

For this reason, I think Facebook will weather this storm.

http://betabeat.com/2014/09/ellos-traffic-deluge-almost-caused-a-total-new-user-freeze-out-crisis-averted/

Now... want to know the issue that Ello could press that just might win it for them? Your feed. You don't want "top stories," you want everything, in order, without someone telling you what they think is relevant. You want to see it all and make that decision for yourself. That's Ello's concept of Friends/Noise and it makes sense. It's the one thing that Facebook won't back down about, and Ello could press this point.

Then again, Google+ didn't win that argument with "Circles." So maybe that won't work after all. But I think Circles were before the relevance issue came to a head.

Time will tell. But at least I'm on record so I can say I called it ;)

Business is no place for stream of consciousness babbling, no matter how colorful you might think you're being. You will discover that you can be an effective editor by cutting out everything that isn't absolutely necessary. Knowing where you're going in your conversation by being concise is a big step toward leadership and respect. People appreciate brevity in today's world.

-- Donald Trump (Think Like a Champion)

 

Generally, I tend to agree with this position, but with a specific exemption - sometimes there is need and value in putting completeness over brevity. Yes, in most cases it's beneficial to refrain from wandering all over the map. On occasion, however, a presentation needs to not only be complete but redundantly complete. Some things are so important that making sure all aspects are covered, and all participants are fully understanding all the angles and options is critical. If that means an extra half hour of "yeah, I got this," I argue that sometimes it's okay.

Bring snacks.

Now, all that said, I find it ironic that this advice, like much in his short book, Mr. Trump can't seem to heed, himself. Just his twitter feed alone puts the lie to the suggestion that he takes his own advice. And if you tuned in to any of his speeches where he goes off-script, well... enough said.

Mr. Trump seems to revel in personifying the Dunning-Kruger effect.

Donald Trump speaks highly of being a team player. He's right, even if he doesn't heed his own advice.

I'm going to take a random quote from a book written by our current President, Donald Trump and give my opinion on it. Call it ChrisSplaining if you will. And I'll try to do one per day, or at least once per weekday (since I do like my weekends).

There are many roads to wisdom and many wonderful books to educate us on our way, but the first step is to take the time to read and learn. Wisdom will come provided you give it a chance to develop.

 

From "Think Like a Champion" by Donald Trump

 

This quote, and I swear it was picked randomly (someone else picked the page number) is particularly interesting in that it demonstrates the top problem I believe our President has when it comes to knowledge and wisdom: he suffers from the Dunning-Kruger effect. In short, DK states that those who know very little about a topic tend to think they know the most. They simply don't know what they don't know and presume that their limited knowledge is close to complete.

Mr. Trump seems to feel that true wisdom can come from simply learning an amount of raw knowledge and waiting for it to magically develop. He makes no mention of validating that your learning is complete or covers the full breadth of a topic. And he most notably fails to realize that wisdom comes more from experience than knowledge. Knowing a thing is not the same as understanding a thing.

Or, as a wise person once said, "Knowledge is knowing that a tomato is a fruit, but wisdom is knowing not to put it in a fruit salad."

The danger here is in thinking you have wisdom when you do not. In a President, this danger is of the highest order.

I'll come right out and say it - password security questions are not only insecure, they're a blatant security hole. They're worse than not being there at all, and for any of a number of reasons.