Follow

Info

All opinions on this site are solely those of the author unless specified otherwise. All affiliations and endorsements will be disclosed if present. If no disclosure, no affiliation exists.

August, and everyone is planning and packing for Burning Man!

My prediction (getting it down now)

My prediction (getting it down now)

I think the higher-ups at Facebook are just now realizing that they're facing their first real crisis. Diaspora likely gave them about a half-day of indigestion and then some good laughs. But Ello is the real deal when it comes to a threat.

That said, I predict it will not succeed as a Facebook replacement. Indeed, their founder insists that it's not intended to be such. Is that hipsterism? Probably. But he's probably also right. While they're getting 30k+ signups per hour, people are going to react like they did to Google+ - that is, they'll sign up, play a little, find that it has nothing that Facebook doesn't already have, and usage will drop off. Ello has significantly fewer features that people want. If Google+ didn't get traction, Ello won't, either.

Yes, people want to migrate from Facebook because of their policies, but this threat is likely going to be the catalyst that forces Facebook to back down on the real name issue.

For this reason, I think Facebook will weather this storm.

http://betabeat.com/2014/09/ellos-traffic-deluge-almost-caused-a-total-new-user-freeze-out-crisis-averted/

Now... want to know the issue that Ello could press that just might win it for them? Your feed. You don't want "top stories," you want everything, in order, without someone telling you what they think is relevant. You want to see it all and make that decision for yourself. That's Ello's concept of Friends/Noise and it makes sense. It's the one thing that Facebook won't back down about, and Ello could press this point.

Then again, Google+ didn't win that argument with "Circles." So maybe that won't work after all. But I think Circles were before the relevance issue came to a head.

Time will tell. But at least I'm on record so I can say I called it ;)

The move to SSL

The move to SSL

Some of you (okay, two of you) may have noticed that this blog is now 100% on SSL. If you try to get to any page here normally, you will find that you're redirected to the HTTPS version of the page.

No, this doesn't mean I'll be adding e-commerce any time soon (well, if the logo that my incredibly talented friend Shawn is working on for me is a hit, maybe I'll offer t-shirts :-)). What it means is that web sites being secure simply as a matter of course resonates with me. There's no compelling reason for this site to be SSL, but there's no reason not to.

And with Google's announcement that SSL sites will get more search engine love, there's a benefit. Google's plan is clear - offer some value for web site owners to go SSL and it will become more comfortable for everyone. Enacting social and technical change through positive reinforcement. I can get behind that.

Changing to HTTPS means a lot of the previous likes and shares won't track, but that's okay. With good change sometimes comes a little pain.

Ello? Ello? Anyone There?

Ello? Ello? Anyone There?

As will happen once or twice a year, we have a new social site that many are prematurely calling the death of Facebook. And as happens even more rarely, it appears to be getting traction towards overcoming the network effect. For those unaware, the "network effect," simply put, states that nobody will use a thing until enough people are using a thing. To overcome this seemingly catch-22 circumstance, you need a degree of interest and virality in a short period of time. It doesn't matter how good something is, if it relies on a critical mass of users, you'll have most people standing around waiting to see if anyone else jumps first, and nobody jumps.

In the case of a very few sites, if you get enough people to jump at the same time, you overcome the initial barrier. Chemistry geeks can consider this the activation energy threshold. Physics geeks can consider this the coefficient of static friction.

LiveJournal did it. Heck, Facebook did it to MySpace.

And yes, there are "tricks" to help. Artificial scarcity, for example - you need an invite to join, and you can ask for one, but you'll have to wait. Never mind that once you're in, you get 10 invites. The laws of simple math will make it clear that getting an invite from a friend should be no problem at all if you're even remotely connected. And this makes total sense to the site's owners, as it biases new signups to people who are connected. Using an invite code also gives you an initial social graph connection (to the person who invited you), thus bootstrapping the graph of the site.

In short, Ello is doing everything right.

And it may or may not matter, because once you overcome the network effect barrier, you still need to keep the users. Just ask Google+. That said, Wil Wheaton is already there. Consider that the low-threshold gating function: his presence doesn't make the site, but his absence would be a statement.

So, for right now, Ello is clean, crisp, simple, and pretty-much no better than a somewhat expanded Twitter feed. Friends/Noise has an appeal, but it's pretty basic. Many people want basic, but many more have come to rely on features that Facebook provides. Ello needs to find a way to provide these features, but in a non-cluttering way.

And, of course, the policy - transparency. You own your content. There's no curation and filtering happening. And, in an interesting (and dare I say refreshing) twist, everything is public. Anyone can follow anyone else, and all of your posts are public. It's wide open, and intended to be so from the start.

Some people have a problem with that. This morning, a friend of mine had a post on Ello, "Dear @person, please unfollow me, I only want friends here." Now perhaps @person will comply, but @person is under no mandate to do so. There's nothing my friend can do. Again, there are no private posts on your feed.

From last April: http://betabeat.com/2014/04/would-you-like-your-social-network-to-share-your-content-or-just-monetize-the-bejeesus-out-of-it/

The open question now is what Ello does with the current rush of early adopters. Will they roll out features that everyone wants and loves and maintain the elegant simplicity? Will they stick to their philosophical guns and will the fickle crowd agree? Will there be an initial rush, only to have the novelty wear off like Google+? Only time will tell. I'm keen to wait, watch, and see.

So I'm @dogberry over on Ello. Feel free to follow me.

Tags:

I Am Spartacus!

I Am Spartacus!

When I order coffee in the morning, the place is usually packed, and the odds of there being another order for "Chris" are pretty decent. So when they ask my name, I say, "Spartacus."

Every now and again, when my order is called, I'm not the only one who stands up and says, in a loud and clear voice, "I Am Spartacus!"

It sets the tone for a great day ;)

Anyone else have any usual morning silliness?

Tags:

It's time to nuke password security questions

It's time to nuke password security questions

I'll come right out and say it - password security questions are not only insecure, they're a blatant security hole. They're worse than not being there at all, and for any of a number of reasons.

First, they're all the same. How many times have you been asked your mother's maiden name, the make or model of your first car, what city you were born in, or the name of your first pet? These answers, if given truthfully, are easy to find out. You've likely blogged the answer at some time in the past.

If I know your Uncle's last name, odds are I also know your mother's maiden name (50/50 shot there, and if I know he's your maternal uncle, I've got it).

At this point, these security questions are no better than a second, easy-to-guess password. And in cases where they're used to recover a password, they become more of a risk than anything else.

The only thing to do here if these questions are mandated is to make up a unique and incorrect answer. Yet another password. Yet another password to remember, and many password managers don't realize that these question fields are password fields to store and protect.

The immediate solution is two-factor authentication. When you log in to a site, the site sends you a one-time code to your phone and you must enter that number. The password is simply to keep people from causing the code to be spammed to your phone and interrupting you while you're in the bathroom. Since everyone has a smart phone these days (a generalization I'm prepared to make), this requires someone who wishes to hack you to have access to your phone. Sure, if they get your phone they get everything, but they still need to know your password to cause the two-factor to fire. It's not perfect, but it's close.

The real solution is an un-replayable biometric solution. A fingerprint reader on every keyboard, implemented in such a way as to make storing and replaying of biometric data impossible. That's a tough nut and might also have to include physical two-party, but I suspect it would work.

If you want into a site, you don't need to give it a name or password. You simply place your finger on the scanner and then wait for your phone to give you the access code which you then type in. The code expires the moment it's used (or in 60 seconds if it is unused). Thus, storing the biometric data isn't really all that useful. And if the biometric data is somehow hashed with an expiring timestamp, storing it won't do much good after a few minutes anyway.

Either way, passwords are dead and password security questions are worse than dead.

(Image: my first pet, "Nonyabizness" - not his real name)

Bit.Parts: Much Ado About Technology
Follow on Twitter

@TheDogberry

Twitter

Facebook Social

@TheDogberry

Facebook

Connect on LinkedIn

LinkedIn

LinkedIn