Friendster or No Friendster

I’d heard a bunch of buzz about the show Deal or No Deal on the Freakonomics blog so when I tuned into catch my first show I was slightly disappointed. I loved the 80s because there were three hours of game shows on three networks every morning (a highlight of staying home sick from school) and my favorite shows always had an element of quiz show in them. So I was surprised to find Deal or No Deal getting all this buzz and being on several nights a week when there’s no skill or knowledge in the game at all — it’s purely luck. I might as well be watching lottery balls drop. I suppose that’s why it’s on so much and advertised heavily — the show is not long for this world, so they have to milk it while they can.

I saw a couple contestants perform well. The goal of the show seems to be: guess on cases until you get a bank offer near $100k, then quit. But I saw one guy turn down a $91,000 offer and keep pressing on, until at the end he had almost nothing. He stayed in the luck game too long, let his greed surpass common sense and came away with almost nothing.

As I was reading danah’s post about Friendster and MySpace I was reminded that Friendster was exactly like that bad contestant. Friendster had something that was hot and now and was fielding buyout offers left and right, but decided to press on. They made a few missteps along the way (danah covers them well) and now Friendster’s like a lone case with $75 in it, not really worth anything to anyone.

Screencasts, not screenshots

I recall someone Jason Kottke a few years ago posting a call to arms for developers to post screenshots of their apps, because it was hard to judge what an application looked like or how it worked from a text description alone. Thankfully, in the years that have passed, most every developer has done this and it’s rare to see an application download site that doesn’t prominently feature multiple screenshots of it in action.

That’s all well and good, but last week I realized how screencasts or live demos are many times more useful.

The thing that is great about them is you not only see the application work in real time, but you also get to see how the application developer uses the product. I love nothing more than seeing an expert use a product I might take up, or even one I’ve used for years. I used to love working at a big university because I got to meet other people that used Photoshop for several years and I always picked something new up looking over their shoulders. I still recall a seminar in 1999 where an expert developer spent an hour showing exactly how he setup his IDE for coding (it was Homesite, back then) before diving into a three day tutorial on some server software. I remember immediately going home and picking up homesite, and setting up all the special keystrokes and shortcuts he taught me. I was a much faster coder after that.

Last week I watched the reBlog guys use their app in a demo and it totally changed my opinion of the application. I thought it was one thing that only did one thing (republish feeds) and it turns out it’s something completely different (an amazingly efficient feed reader). I realized then that you can get so much more out of a screencast than a simple screenshot.

I wrote a tutorial on installing and using reBlog for Lifehacker today, and in it, I did a quick demo of how I use the app, by recording an area of my screen while talking into the mic. It’s not a great screencast, but I hope it demonstrates the beauty of a nicely designed application much better than a few static screenshots (by the way, snapz pro x has a dumb name but it’s a great piece of software for this).

Lent 2.0

This year for Lent I’m giving up getting acquired by Google or Yahoo for 40 days.

That’s forty whole days and nights that I won’t be in talks with anyone about a buyout of any of my properties. That’s my promise to you, O Holy Lord.

Myutterconfusionspace

I always secretly hoped I’d never grow old and unhip, but every few months I’m reminded that the world is passing me by.

It all started with the askew hats. Two or three years ago I was walking down the street and saw some guys wearing baseball caps with the bills pointed off at crazy angles, like their hat was making a left turn but their head hadn’t caught up. Every time I see a kid with his hat all akimbo I want to grab his arms, smack him in the face, and straighten his hat out. It’s irrational, I know, but drives me crazy in a “get the hell off my lawn you crazy kids!” sort of way.

The online equivalent of this is of course, Myspace. Chalk me up as another early adopter design geek that thinks he knows users inside and out. I have almost a decade of experience running my own communities and Myspace baffles me completely.

I know there are millions of young people using it, but I can barely figure out what people use their profile pages for. Sometimes there is a blog, most often it’s blank. Most all of them look like 1997 guestbooks filled with pointless me too testimonials from people with equally baffling profiles. When you click from one to another to another, you are transported back to Geocities back before Yahoo bought it, flaming animated gifs and all.

I can see how Myspace looks more attractive than Friendster because you have so much more freedom with your space, but if we give users flexibility, is this really what they want?

Apple has made the iPod the most popular music player on earth, but it’s clean as a whistle. How could the same people love their super sleek music player and also love the gaudy oversaturated flashing/pulsating monstrosity of their Myspace profile?

I know I’m not alone in this, but it’s good to see people smarter than me are making sense of it because I’ve been thinking about Myspace for months and I’m still baffled as to its success (I know the social component is the biggest part, but as a designer I’m mostly focused on the membership’s design output).

Next time I see Clay Shirky, I want a hug and a story of how it all makes sense somehow.

Googlepages

From Search Engine Watch’s 2002 April Fool’s page: Google Quits Search, Focuses on Waste Management

Google To Become Portal
GoogleMail is to allow anyone to be myname@google.com. New GoogleStocks and GooglePages web building feature also unveiled. “Yeah, we said we’d never become a portal, but that was all part of our master plan,” said cofounder Larry Page. Google’s other cofounder Sergey Brin also confirmed that the company was launching a hostile takeover of Yahoo.

Funny how the truth is stranger than fiction.

So *that’s* how it works

When Jason posted the plane on a conveyer belt riddle earlier today, I was convinced that take-off was impossible if the belt could go infinitely fast and negate any forward movement. So no movement, no air passes over the wing, and then no lift.

But Michael ‘s explanation makes perfect sense to me, and now I see why the plane would take off.

I think the original riddle works because I don’t have a day-to-day familiarity with jet engines and watching planes take off, or giant conveyer belts for that matter, so I couldn’t really wrap my head around air speed vs. ground speed. But I know how a skateboard works, and a treadmill, and a rope and it makes perfect sense.

It’s the user experience, stupid

MailScreenSnapz001.pngI’ve often heard prominent computer scientists lament the low uptake of email encryption — that in the age of many gigahertz machines we still send plain text to each other (usually) over non-secure connections. Every couple years, just for the sake of my personal freedom and curiosity, I make an attempt to try and use encryption for a few days. Every time I do this, I am disappointed.

This shouldn’t come as a shock to anyone that has tried to enable email encryption. Encryption seems to lie somewhere between privacy, security, and a mountain of engineering acronyms and standards. Unfortunately for regular people, most of these systems are overbuilt and the process is so painful that I would argue it barely even functions.

Take for example this tutorial on using encryption and digital signatures in Mail. It looks simple and straightforward, but interacting with the Thawte site is a long, painful process. I eventually got a working signature, but only after the following steps were taken:

– Sign up for an account at thawte, which requires an email, strong password, and the use of web server level password logins, instead of in-page logins (in-page login forms can give you good feedback, remind you that usernames are email addresses and how they should be formatted, etc).

– Once the forms were filled out, I had to validate my address to finish the account creation, which required copying/pasting two long hashed character strings. Now my account worked.

– Login to thawte using new account, hit the “request an email certificate” button

– System offers the following options for a X.509 Format Certificate (sidenote: wtf does X.509 mean and why should I care?):

For an X.509 certificate, please choose your software from the list below:
Netscape Communicator or Messenger
Microsoft Internet Explorer, Outlook and Outlook Express
Lotus Notes R5
OperaSoftware Browser
C2Net SafePassage Web Proxy

I run none of those, but just went with the Netscape one, assuming it would be universal (I later tried outlook, which blocked me, saying I need to use IE/windows to get one).

– Complete the request according to the tutorial (oh, and guess on either 1024 or 2084 bit security of the cert), wait about 15 minutes watching my certificate status sit at “pending”

– Remember to opt out of all marketing spam from thawte, in case they want to make some dough off my email address.

– When the certificate is complete and ready, the only way to download it is to click “Navigator” the name of the certificate type, in my accepted certificates list. It’s totally non-obvious.

– On the certificate detail page, there is a button to fetch it. I click it in Firefox 1.5, and nothing seems to happen. I click again, and I see something gets loaded, but there is no download prompt.

– Since the tutorial is written for safari, I try that instead, and the fetch button asks me to download a windows EXE file, and for kicks, I do, which launches the mac’s keychain access app. The keychain app only lists one certificate in my general list of email certs fetched from other people. There is no sign that I have my own, and Apple’s Mail app doesn’t show that it knows about it.

– I go back to Firefox, and read the special instructions for fetching downloaded certificates that your browser didn’t tell you about.

– To “backup” your certificate from the browser to a desktop file, you have to enter a very high security password. Firefox won’t let you copy the file until your password contains enough capital/lowercase/numbers/symbols to pass muster. My password is a combination of four of my highest security passwords because three of them munged together wasn’t enough. I have to enter it twice to get the download. My bank doesn’t require this level of security and even thawte gave me the certificate with a simpler password.

– I double-click the downloaded file, am asked for my insane high security backup password (which isn’t my thawte login for the certificate itself) and I now successfully have my own certificates listed in the proper places according to the tutorial.

– I open Mail, and send a few emails to friends, the ones that also have a thawte certificate can get encrypted email from me by clicking a button. Only three friends of hundreds of people I interact with have a certificate that isn’t expired. The keychain app lists about 50 expired certificates.

I can recall trying to get standard PGP going with Eudora on windows several times in the past, and having similar issues. There are problems on several levels here. It’s a pain to get a certificate, it’s a pain to incorporate that into your clients, and then finally it’s a pain to actually send encrypted email to friends before asking first if they can receive it ok.

On the positive side, Apple’s Mail client has built in signing/encrypting functions which let me skip a painful step of adding various PGP or GPGP hacks to Mail. The interface to signing and encrypting is a nice friendly couple buttons, and the encryption one remains greyed out for most recipients, but for some reason the option is presented to me on all replies, even if they don’t have a cert and I’ll get an error.

The tutorial is pretty good if a bit outdated with regards to the current thawte site (redesigned since the tutorial’s screenshots were taken) and Mail in 10.4.4, and I would have never remotely figured out how to do this without it. Still, even with a nice friendly step-by-step tutorial, it was a bumpy road.

There are several places this process could have been streamlined. The Thawte site could deal with better explainations, support more email clients/browsers, and overall not make the process resemble pulling teeth. It would be nice if Firefox told you when it was downloading certificates, and it would be doubly nice if exporting them was a bit easier. The Mac OS level integration is good, but it would be nice if other OSes and email clients could work so smoothly once you finally get a certificate, and it would be nice if email clients were smart enough to only offer encryption options to people that can accept them.

Finally, I must admit that I don’t have an absolute need for email encryption, but it’d be nice to have in a “citizens of a free republic should be able to use it for everyday communication” sort of way. I don’t see the adoption of email encryption going up anytime soon, given the tedious process requried and I expect the same sort of users to continue using encrypted email (mostly CS geeks that can figure all this crap out and know what various levels of encryption mean and what the standards are). Still, it would be nice to someday see this being quite a bit easier to use. until that happens, there’s no way the general public will ever touch this.

ebay scams going international

Every once in a while I hear someone raving about a new gadget and my first instinct is to check amazon first for a price, then check ebay to see what kinds of discounts are available. I’ve been doing this for the past couple years.

What I’ve noticed lately though is my search results are filled with results from sellers in China, often selling something for 80% off or more. But if you dig into profiles of the sellers, they’ve either never sold anything (just bought 4 or 5 small things) or their only feedback is from unregistered users. It’s like an ebay scam from 1998 being repeated, only this time the scammers are based in China instead of the US or EU.

Here are some examples: a search for “garmin nuvi”, a ~$900 in-car GPS unit. If you look down the listings, the prices range from $650-900 but my results show a bunch of Chinese sellers offering it for about $150. Here is one. The feedback profile on the seller shows +12, with no negatives, but notice that none are from buyers. This account has never sold anything. The username looks like a random text string, and many of the names of people leaving comments have similar names. If you look at someone that left feedback, you’ll notice another account with around 10-12 positive feedback points, left by others with about 10-12 feedback points and similar bot-like names.

I didn’t know ebay was selling from China, but it seems like someone is creating vast quantities of zombie users that give each other good feedback on small items only to use the resulting users to sell big ticket items at 20% of the retail price, which I assume is when the scam is over and they just keep the money, ditch that user account, and move on.

What baffles me is why the past ten years of ebay’s fraud detection hasn’t prevented something like this from happening.