Wednesday, June 16, 2010

Inventor Labs blog

We started a product design-oriented blog over at Inventor Labs. I will continue to blog here (sporadically, as always) but may put more technical or product-related posts over there.

Sunday, April 18, 2010

Design Renaissance conference

I spent much of today at a conference in Santa Cruz, CA, on an incredibly beautiful day. I was inside much more than a sane person would have been. Santa Cruz is a special place: people care more about more things, per square centimeter, than almost anywhere else except maybe Berkeley.

This was a good conference, though it had less to do with Design or Sustainability than I would have expected. There was some of that, of course. But it was Politics in equal measure.

The best part of the entire day was Eric Corey Freed, Organic Architect. I'm sure he actually is an architect, but that was decidedly beside the point. The man gives an amazing presentation, right up there with Steve Jobs, except the subject matter is far more compelling than merely the next shiny computing device. If nothing else, Freed is a walking example of why PowerPoint should just be deleted. I'm not sure what presentation software he was using, but it was alive!

Here are some of the things I learned today:
  • There were more wind turbines in 1920 than today.
  • You are 8 times more likely to be killed by a cop than by a terrorist.
  • The average price of a home in Detroit right now is about $5,700.
  • There are 103,000 empty lots in Detroit (where once stood buildings)
  • The 1908 Model T got better gas mileage than the average 2008 figures.
  • The Environment: "too big to fail!"
  • Exxon alone spent more money lobbying Congress last year ($14.9M) than all CleanTech concerns put together.
  • Four times as many people (580M) voted in the American Idol contest than voted in the 2008 presidential election (129M).
  • The U.S. is indeed #1 in some important areas: obesity, crime, military spending, oil consumption, energy use...
I want to try to book Eric Corey Freed at a local peninsula event, if possible. He's quite thought-provoking.

Wednesday, April 14, 2010

Customer Service in the "facebook era"

I have some feedback for facebook that I think would be valuable to their product managers and software people. I have no way to get it to them. Their "customer service" is almost impenetrable. It is clearly designed for idiot prevention, and I can sort of understand that, with 100's of millions of customers who use the site for free.

However, I think that this doesn't serve them well. Because there are people like me out there, who know how software like this works, who might want to report a bug, or a design flaw, and help them out a little bit. There is absolutely no way to get through their Customer Feedback Prevention mechanism. Other companies are like this, too.

What I think would fix it is a way to say, in effect, "I promise that you will be okay with what I have to say." For example, I could check a box that said, "I authorize you to delete my facebook account and add me to a Russian spam list if you think I'm abusing this privilege". In return, my message should go to a *real* person, in a reasonably high-placed position, who might actually want to hear what I have to say. I know those people exist, because I've worked at places like facebook and the product managers and engineers and marketing people want to know as much as possible about their products and how they are received. It's just that there's no way for someone like me to reach them.

Why iPad will kill Kindle

I have a new iPad. I'm not usually an early adopter, partly because I've worked in the technology industry a long time and I wait a revision or two with most things. But I bought an iPad, partly because they're [relatively] cheap.

But this blog post is about reading. I have not done much reading in the past 20 years. I'm not sure why. I read sometimes on airplanes and on vacations, when I don't have my usual infrastructure around me. I buy books, and I love books, but I don't really read that much. I think it's because I'm so interested in so many things that I do things, instead of reading. I have a huge stack of books I'm going to read really soon. Except, of course, I don't.

So I bought an iPad but didn't think I would read books on it. But I've done a lot of work in electronic publishing and I was curious to see how the experience was. I bought a copy of The Tipping Point, partly so Malcolm Gladwell would get a little more money—he's awesome. It's worth pointing out that I have a paperback copy of The Tipping Point sitting on my desk, as I intend to re-read it, since I only got about halfway through the last time I tried, many years ago.

So here's why the Kindle will lose, and the iPad will win....

I have the iPad with me because of all the things it does. I can read my email, do my online banking, or whatever I think needs doing. But I found myself clicking over to read a few pages of The Tipping Point now and then, when facebook was boring and I had no new email. And I've read about 100 pages of The Tipping Point now, to my surprise.

The crux of it is this: if you have to bring something extra with you in case you want to read, you just won't. Maybe you will for a while, but have you ever brought a book on an airplane, in your carry-on, and gotten back home having not even cracked it open, and wondered why you lugged all that weight around the whole trip? You tend not to do it the next time—you leave the book at home.

And that's precisely the point: the book is always with you, because it's not an extra thing to bring, it's just built right into something you'll probably have with you anyway—and it's just a click or two away, if you already have that device in your hand. Or 100 books, for that matter.

This is a game changer for reading, in my opinion. It is working on me, and I'm a tough audience.

Tuesday, March 16, 2010

Password Security

I have a new web hosting service on one of my web sites that insists that I use a password that they call STRONG. They forced me to change my existing password, and won't accept my ideas for a new password without passing their meter for STRONG passwords.

It irritates me that they think they know better than I, a 25-year computer industry veteran, what makes a good password. They are, in fact, wrong about that. I know better than they do.

First of all, there are really only three ways that your password can be "cracked":
  1. you are an idiot and post your password somewhere it can be read
  2. intuitive guessing by someone who knows something about you
  3. automated, algorithmic guessing by a hacker's computer
Let's assume that 1 won't happen.

Making a password safe against intuitive guessing is a very good idea. Don't use your pet's name, your name spelled backwards, or anything like that. There is a lot to say about this kind of password thinking, but let's just say this: the hacker's computer is not intuitive. That is, they can't really apply a lot of these tests to see if your password is good, like "hmmm, that is the name of Glenn's cat, spelled backward." I don't have a cat. Their computer doesn't know that. A hacker might know that, because they read your blog. Be very careful about what you think people don't know about you, because they just might. My old admin from many years ago, who embezzled from my company, had a cat named Soonie. I bet she didn't know that I knew that.

So assuming you are clever about avoiding intuitive guessing, this leaves essentially only the automated cracking approach. The idea here is that somebody writes a password cracking program that will repeatedly try, for example, all the words in the dictionary, spelled forwards and backwards and with random capitalization, to hack into your account.

Let's look at that for a moment. First of all, no way. I defy anyone to prove that anyone has ever had their account compromised like this. Most computers, and sites, in fact, only allow a few incorrect passwords before suspending your account and not even letting you guess your own password.

That's why everybody puts their elaborate, crack-proof passwords into a Word document, prints it out, and puts it on the wall of their cubicles, because if you forget your own STRONG password that some web site made you choose, you can't get into your own bank account!

But back to the main thread. Let's assume that your site does not have a limit on incorrect attempts, or an "exponential time decay", which is a better way to do the same thing (it allows more guessing, but waits for longer and longer intervals in between each incorrect guess). These techniques completely eliminate algorithmic password guessing, right? So why would you also insist that your users make a ridiculous password? My point exactly.

But there's more. The hosting service in question (okay, I'll name them: makes you use at least one number, at least one punctuation mark, at least one capital letter, more than 8 letters, etc. Why?

Remember the "tens place" and the "hundreds" place? If you just use digits from 0-9, then there are only ten possibilities for each digit. So a 4-digit number has 10,000 possibilities. If you include all of the ASCII character set, you have 256 possible "characters" in each location, so it's not 10*10*10*10, it's 256*256*256*256, which is 4,294,967,296 possibilities. That's a LOT, isn't it?

So why do I need at least an 8-digit password, if a 4-digit password has 4.2 billion possibilities?

And why do you insist that I use capital letters? That doesn't actually help. The possibility that I might use a capital letter, or punctuation, or a digit, is how we get to 256 possibilities for each letter. The automated guessing program doesn't know if I used capitals or not, so it has to guess them anyway. My password is not more secure just because my web site thinks that I need to use "at least one capital letter". I didn't try it, but I wonder if they also insist that I use "at least one lower-case letter". That should be equally important, if the goal is variety.

If what you're trying to do is outwit automated guessing programs, a 2-digit password might be even more secure than an 8-digit password, because the programs might not bother guessing 2-digit passwords, figuring nobody would be that stupid. If they don't try it, then they won't succeed in guessing it, right? So maybe a 2-digit password is actually more secure!

And what's totally ironic about requiring that I use at least 8 letters is that it makes the cracking much easier. They just eliminated 1.8e+19 (more than 1 quintillion, or a billion billion) perfectly good passwords that now the cracking program doesn't even have to try, because they are disallowed.

My point is that all of these "safeguards" to make your password more secure against automated guessers is, first of all, a red herring, since I don't think there are really password guessers out there trying to hack into my web site, and second of all, they don't actually reduce the chances of them guessing my password correctly. The automated guesser is either going to methodically try all 4.2 billion possibilities, or it's not. If it does, it will eventually guess my password, no matter how STRONG it is. If it's not, then if I'm clever enough to keep my friends from guessing it -- it's secure!

I've had passwords on things for 30 years and nobody has guessed any of my passwords. They won't, either, unless I have to write down a "STRONG" password because there's no way I can actually remember it.

The most secure password is one that you don't have to write down, because it prevents people from just finding where you wrote it down. That's why people use their cat's names, spelled backwards. Forcing me to come up with some random sequence of improbable letters makes it much more likely that I'll write it down somewhere.

Give me a break. And let me choose my own passwords, please. You can give me feedback on what you think is "good", but don't force me to use your rules. It's not more secure, it really isn't!

Sunday, January 24, 2010

10 Years Ago...

A friend of mine sent a question to his network on New Year's Eve. He is 38, and I happen to be 48, and his question was this: "I wish I could ask my 48-year-old self for advice, so I know what might be coming in the next decade". So, being wiser than many of his peers, he tried to reach out to people who had just gone through that decade, to see if there was something to learn. I admire the attempt, and I have no idea whether or not one can truly learn from others' experiences. But we have to try, right?

So here is my answer to his question. I don't know if it's interesting, or helpful, either to him or to you, but I thought it might be, and I felt like posting it on my blog. And of course the one thing that's true of blogs is that it doesn't have to be interesting, or helpful. It's my blog, isn't it?


From: Glenn Reid
Re: 10 Years Ago...

>I'm 38, what do I need to know for the next 10 years?
>Answer this however you like (or not!)... use whatever color, examples,
>personal stories or judgments of me as you see fit. You may not even
>know what to say to 38 year old me... but what would you say to
>your own "mid-to-late 30s" self?

Hey Jon,

I'm not sure how many people you sent this question to, or how much response you've received. I have been kind of chewing on this in the back of my mind for a while -- wondering what to say, I guess. I am 48, which perhaps you knew :)

There is no really good answer to your question, I don't think, because experience is not universal. One of the weaknesses of human beings, I believe, is that we fundamentally don't "learn from experience". We think we do, but really we just keep doing the same stuff over and over.

At the core of how you view the world is your belief system. It is built up over years of experience, teachings, accidents, etc. It just represents what you believe to be true. As new information comes to you, in the form of seeing/hearing/experiencing things, the new data either reinforces your belief system or contradicts it. It is how you view contradictory information that defines how you interact with the world. Some people throw out their belief system easily (or large chunks of it) and adopt new theories about life all the time. They are vegan one year, Atkins diet the next. On the other end of the spectrum are those who vigorously defend their belief system against all contradictory information. Those people are generally Catholic, or Republican, or whatever :)

Here's an example of this concept at work, in seeing into the future. This has nothing to do with "you" per se, but I will use the word "you" to make it easier to express.

Your belief system tells you, perhaps, that you are good at what you do, at your chosen profession. You truly believe you're a pretty dang good carpenter. Yet the data may suggest otherwise. You've been laid off, have not gotten promoted, or otherwise fall into the middle to bottom of the pack. If you actually accept this "input" that you're really not doing so well, you might either (a) reject it, and buy a bigger truck, or (b) decide you're a failure and take up a new career. Yet (b) is difficult and perhaps foolhardy, at mid-life. If you're not a great carpenter, what makes you think you can suddenly start selling real estate successfully? So most people muddle along making small changes and justifying the rest.

So to get to the point (if in fact I have one)...

The next decade you're facing, if I were to try to sum it up across most of the people I know, and based on personal experience, is the decade of letting go of some of your dreams.

You know how everybody tells you how fast your kids grow up, and you just kind of listen to them, but increasingly you see glimpses of that yourself? "Wow, that was *three years ago*". Or you see a niece or nephew going off to college and you remember when they were born.

Time really does go faster as you get older, or seems to. I think the reason is that you start to accept something deep and fundamental, that you really don't want to accept. It is best summed up like this: "you may never pass this way again."

I have thought that explicitly, and more and more often. I was in Hutchinson, Kansas, for the first (and last) time, a year and half ago. It was for an antique truck show, but the reason is unimportant. I looked around and thought, "Wow, I will never come here again in my life. That's kind of weird."

It's not that it's true, or not true. It's that you think it at all. When you're 20, you simply don't have thoughts like that. You assume that you can, and will, go everywhere, do everything, and kick all available butt. There is endless time, you are strong and hungry and ready to rock (usually). You go to Alaska, and you think, "hell, the next time I come here I'm going to rent a plane and fly up to that lake" or whatever. If you go to Alaska when you're 48, you very likely will not think that. You will think, "Wow, I will probably never see this place again in my lifetime."

The reason is subtle: it's not that you couldn't go back to Alaska every year if you wanted to. But you won't really want to, and you know it. You've "been there, done that". And you know that you'd rather do something else with what time you have left. Go to Egypt, maybe.

And therein lies the heart of it. You only have "so much time" left, and you want to spend it more and more wisely. That is old age, when you get down to it. You aren't entering old age, exactly, but your experiences will start to show you that you really aren't going to "get around to" a lot of stuff that you thought you were. And you will subtly, but permanently, let go of a dream or two, in the coming decade. And you will think, at least occasionally, that you are entering the second and final half of your life.

Make that a good thing, not a bad thing. Don't let dreams slip away -- shoot them in the head, and take on new, attainable ones. Having kids is an incredible dream for your own future that you probably didn't really have on your Most Important list when you were 28. But now you know how cool and important it is, so it's not really such a bad thing to let go of some other dream, like having Andalusia open for Ringo Starr. Not that that was ever your dream, of course :)

As a tangentential, but related thought, I think that the reason that "old people" don't take easily to new technology has nothing to do with their ability to deal with it, or any kind of cognitive issues of complexity. And it's not Fear, which is often cited. It's more simple than that. It's because "old people" value their time more and more, and they understand that learning the user interface on a BlackBerry will be useless knowledge in 10 years (or 5, or 3) and that it's simply not worth investing their time. It's a variation on the reason that high school kids don't want to learn Trigonometry: "when will I EVER need this in real life?"

The benefit-to-time ratio is calculated more frequently, and more easily, as you get older, and you just know when something is worth it and when something is not. I am starting to realize that now about myself, and it surprises me. I don't bother to learn all the things my iPhone can do, or install apps on it, or whatever. Not because I "can't handle it". I can develop software for the iPhone if I want to. But I don't. Because the iPhone will also be on the scrap heap of history in 5 years, and I don't want to waste time installing apps that won't work in a few years, or the company will have disappeared. It's like investing in video formats, or audio formats. When MP3 is slightly improved upon by AAC, do you really go back and rip all 1,000 of your CD's into the newer format. I didn't think so. When you bought some of those CD's, 10 years ago, did it ever cross your mind that some day they will be obsolete, and wonder if it was worth investing in them? I didn't think so. 10 years from now, when you're 48, I'm pretty sure you will do that calculation in your head when you're considering buying music in some format or other. I know, I know: "what, buy music, are you kidding?!"

Have fun with your new kid, and your "old" one. Say hi to Kirsten for me. And have a good decade :)