e.p.c.'s shared items in Google Reader

The Promise and Peril of Ubiquitous Community

2008-05-15T21:11:36Z

The following is also my column in next week's AdAge.

Over the last five years I have been asked countless times: "Steve, what's the next hot online community?" It seems as though everybody is on the lookout for the successor to MySpace, Twitter or Facebook. Nobody, even in a difficult economic climate, wants to be viewed as a latecomer.

Perhaps as a defense mechanism to avoid being wrong myself, I now give a boilerplate answer that I believe can last. In short, the next big community is not a single destination. Rather, it is going to be everywhere. To paraphrase Forrester analyst Charlene Li, social networking is becoming "like air."

She writes on her blog:

"I thought about my grade-school kids, who in 10 years will be in the midst of social network engagement. I believe they (and we) will look back to 2008 and think it archaic and quaint that we had to go to a destination like Facebook or LinkedIn to 'be social.'

"Instead, I believe that in the future, social networks will be like air. They will be anywhere and everywhere we need and want them to be."

This represents a significant shift. For the past 15 years, online communities have primarily existed as stand-alone destinations rather than the web's equivalent of running water or electricity.

The problem, however, is that this model can't scale. Tastes change and people are always migrating to trendier sites-especially as their friends do. As a result, the Internet amber is littered with fossilized communities that once dominated. These former stalwarts include AOL, Angelfire, TheGlobe.com, GeoCities and Tripod.

Community today is a different animal. People now expect it to be part of virtually every online experience. Most media companies now allow users to leave comments or even create profiles. Hundreds of thousands of brands, NGOs and individuals have set up their own social networks on Ning.com. The entire web is going social.

Now, however, connective tissue is emerging to bring these individual points of lights together as virtual constellations. Google and Facebook have each launched systems that allow sites to plug into their architectures to turn them social. The tools equip site owners to enable visitors to tap their existing networks and connections in a way that adds value to the total experience. So imagine a Facebook user who can easily see on Digg.com which stories his or her friends voted up. Or a non-technical site developer who, with a few small lines of code, can add utilities such as reviews, members' galleries and message boards to their sites or applications.

As exciting as this is, the transition of community from a handful of big reach sites to a ubiquitous platform is incredibly disruptive for marketers. It essentially makes social network advertising, which according to anecdotal evidence is already a mixed bag, even more difficult. (And thus monetizing social networks.)

The end result is that marketers will need to shift the way they approach communities. Static advertising is no longer viable. The solution is collaboration. Marketers will need to tap these emerging social operating systems to build meaningful connections through their sites and others before competitors do.

Participation is no longer optional and the fist movers who dedicate resources will win.

Yahoo's Icahn Response: Calm, Detailed, Smart

2008-05-15T23:15:00Z

Yahoo's (YHOO) board has responded to Carl Icahn, who is circling Yahoo like a hungry shark. Earlier, Icahn unveiled his slate of ten new Yahoo directors, including himself, Frank Biondi, and Mark Cuban. In a letter to Icahn, Yahoo Chairman Roy Bostock says he thinks the board is doing its job just fine--and, more importantly, in detail, he explains why.

In fact, Icahn's attack has given Yahoo the best forum it has had to date in which to tell its story of the Microsoft negotiations--a story that it botched in the press the first time around. (In the days after the deal fell apart, Yahoo sounded wimpy, whiny, and clueless. In this letter, the company sounds diligent and reasonable.)

More to come...

SUNNYVALE, Calif.-- May 15, 2008--

Yahoo! Inc., a leading global Internet company, today sent the following letter in response to Carl Icahn's announcement regarding his intention to nominate a slate of ten directors to Yahoo!'s board of directors at the 2008 annual meeting of stockholders.

Dear Mr. Icahn:

We are in receipt of your letter with regard to your intention to seek control of Yahoo!'s board of directors.

Unfortunately, your letter reflects a significant misunderstanding of the facts about the Microsoft proposal and the diligence with which our board evaluated and responded to that proposal. A fair-minded review of the factual record leads to one conclusion: that Yahoo!'s ten-member board, comprised of nine independent directors along with Yahoo! CEO Jerry Yang, remains the best and most qualified group to maximize value for all Yahoo! stockholders.

Conversely, we do not believe it is in the best interests of Yahoo! stockholders to allow you and your hand-picked nominees to take control of Yahoo! for the express purpose of trying to force a sale of Yahoo! to a formerly interested buyer who has publicly stated that they have moved on. Please may I remind you that there is currently no acquisition offer on the table from that company or any other party. That said, we have been crystal clear in our stance that we have been and remain willing to consider any proposal from any party including Microsoft if it offers our stockholders full and certain value.

From the beginning of the process with Microsoft, Yahoo!'s independent directors focused on one central goal: how best to maximize stockholder value. At all times directing this process, Yahoo!'s independent directors carefully considered Microsoft's initial unsolicited proposal, which was at the time valued at $31 per share. After considering input from its financial advisers the board unanimously concluded that Microsoft's proposal significantly undervalued Yahoo! and was, therefore, not in the best interests of the company or our stockholders. While we rejected this offer publicly on February 11, 2008, we could not have been more clear in that communication and in every subsequent communication, both public and private, that we were and are willing to enter into any transaction that would maximize value for stockholders and provide them certainty of value.

The record of our efforts to engage Microsoft in meaningful discussions is unequivocal. Following receipt of Microsoft's proposal on January 31, our board of directors has met over twenty times to review Microsoft's proposal and Yahoo!'s other strategic alternatives. Throughout this process our board kept an open mind and an open ear. Our independent directors met with several of our largest stockholders to solicit their views and to make it clear that Yahoo!'s independent board is fully committed to maximizing stockholder value. In addition, at the direction of our board, our management team met with many of our investors to provide insight into Yahoo!'s strategy and views on value.

Our board's openness also extended to Microsoft. Without reciting all of the contacts between us and between our advisers, the senior-most management of Yahoo! and Microsoft and the companies' respective financial advisers spoke on numerous occasions and met in person seven times. During those meetings, Yahoo! discussed its strategic objectives in search and display advertising monetization, its perspectives on operating strategy and integration in a transaction with Microsoft, its perspectives on transaction synergies, and other non-price deal terms. Because certainty of closing is a critical issue, we sought to understand Microsoft's thinking with regard to the regulatory issues associated with a potential transaction. In fact, at the board's direction, our lawyers on March 28 asked for additional information in this regard, information which was never forthcoming.

On April 15th, a meeting was held at Yahoo!'s request. At that meeting, which included our respective financial advisors, we made clear, once again, that we were open to a transaction with Microsoft. During those discussions, Yahoo! made a detailed presentation of its strategic and financial plan, its thoughts on integration and its view with respect to the potential synergies that could be achieved in a transaction, essentially laying the foundation for Microsoft to understand--and respond to--our board's conclusion that Microsoft's offer substantially undervalued the company. Following that meeting we also provided to Microsoft a list of key non-price deal terms that our board believed were critical items to be addressed in a deal to provide reasonable protections for our stockholders.

Throughout this period, Microsoft continued to state that it would not raise its offer, and even suggested that it could lower it.

Despite this failure by Microsoft to respond in any substantive way to any of Yahoo!'s requests, on May 2nd, the same day we first learned of Microsoft's apparent willingness to increase its proposal to $33 (although this oral "offer" was never delivered in writing and did not include details of a cash/stock mix), our board determined to continue discussions, instructing Jerry Yang to indicate to Microsoft that we would be prepared to enter into a transaction that valued Yahoo! at $37 per share and that provided reasonable certainty of value and certainty of closing. This was communicated to Microsoft in-person at a meeting in Seattle on May 3rd. With Microsoft's offer at $33 and Yahoo!'s counter-proposal at $37, Microsoft elected, within hours, to walk away from the negotiating table and informed us that they were "moving on," having never engaged further on price or any of the key non-price deal terms.

In short, Yahoo!'s board was at every point in this process prepared to enter into a transaction with Microsoft that would maximize stockholder value--and included certainty of value and closing. What Yahoo!'s independent board refused to do was to allow control of this company to be acquired for less than its full value.

That brings us to today. Our business is performing well as evidenced by our first quarter results. As we have publicly stated, our board continues to actively and expeditiously explore strategic alternatives to maximize stockholder value. None of the alternatives we are considering would preclude us from entering into a transaction with Microsoft or any other party.

We continue to believe that Yahoo!'s current board has the independence, the knowledge, and the commitment to navigate the Company through the rapidly changing Internet environment and to deliver value for Yahoo! and its stockholders.

We look forward to a productive dialogue.

Very truly yours,

Roy Bostock

Chairman of the Board

About Yahoo! Inc.

Yahoo! Inc. is a leading global Internet brand and one of the most trafficked Internet destinations worldwide. Yahoo! is focused on powering its communities of users, advertisers, publishers, and developers by creating indispensable experiences built on trust. Yahoo! is headquartered in Sunnyvale, California. For more information, visit pressroom.yahoo.com.

Forward Looking Statements

This release (including without limitation the statements and information in the letter quoted in this press release) may contain forward-looking statements that involve risks and uncertainties concerning Yahoo!'s projected financial performance as well as Yahoo!'s strategic and operational plans. Actual results may differ materially from those described in this press release due to a number of risks and uncertainties. The potential risks and uncertainties include, among others, the implementation and results of Yahoo!'s ongoing strategic initiatives; Yahoo!'s ability to compete with new or existing competitors; reduction in spending by, or loss of, marketing services customers; the demand by customers for Yahoo!'s premium services; acceptance by users of new products and services; risks related to joint ventures and the integration of acquisitions; risks related to Yahoo!'s international operations; failure to manage growth and diversification; adverse results in litigation, including intellectual property infringement claims; Yahoo!'s ability to protect its intellectual property and the value of its brands; dependence on key personnel; dependence on third parties for technology, services, content and distribution; general economic conditions and changes in economic conditions; and potential continuing uncertainty arising in connection with the withdrawal of Microsoft's unsolicited proposal to acquire Yahoo!, and the announced intention by a stockholder to seek control of our Board of Directors, the possibility that Microsoft or another person may in the future make another proposal, or take other actions which may create uncertainty for our employees, publishers, advertisers and other business partners, and the possibility of significant costs of defense, indemnification and liability resulting from stockholder litigation relating to the Microsoft proposal. More information about potential factors that could affect Yahoo!'s business and financial results is included under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" in Yahoo!'s Annual Report on Form 10-K for the fiscal year ended December 31, 2007 and the Quarterly Report on Form 10-Q for the quarter ended March 31, 2008, which are on file with the Securities and Exchange Commission ("SEC") and available at the SEC's website at www.sec.gov. All information in this release is as of May 15, unless otherwise noted, and Yahoo! does not intend, and undertakes no duty, to update or otherwise revise the information contained in this release.

Yahoo! will be filing a proxy statement with the SEC in connection with the solicitation of proxies for its 2008 annual meeting of stockholders. Stockholders are strongly advised to read Yahoo!'s 2008 proxy statement when it becomes available because it will contain important information. Stockholders will be able to obtain copies of Yahoo!'s 2008 proxy statement and other documents filed by Yahoo! with the SEC in connection with its 2008 annual meeting of stockholders at the SEC's website at www.sec.gov or at the Investor Relations section of Yahoo!'s website at www.yhoo.client.stockholder.com. Yahoo!, its directors and its executive officers may be deemed participants in the solicitation of proxies from stockholders in connection with Yahoo!'s 2008 annual meeting of stockholders. Information concerning Yahoo!'s directors and officers is available in its Form 10-K/A for the fiscal year ended December 31, 2007, filed with the SEC on April 29, 2008.

Thoughts on Privacy

2008-05-15T11:40:52Z

As developers, you’re probably curious about the recent initiatives we and other companies in the industry have taken to help you build applications that let users take their information around the web. We wanted to give you a little more information on how we’re thinking about these projects and get your feedback in the forum.

At Facebook, we always look out for the privacy of our users. That’s a key reason users feel safe sharing their information on our site.

We also strive for openness, releasing the first Facebook API for external websites in August 2006, and then opening up the Facebook website itself with the most recent launch of Facebook Platform in May 2007. Last week, we announced Facebook Connect, which enables users to connect their identity, friends, and privacy across the web.

Privacy and openness go hand-in-hand – as we open up, we have to make sure that users always have control of their information, and understand how and where it’s being used. We’ve maintained that trusted environment while opening up Facebook Platform and the social graph to external developers by requiring third-party application developers to treat user information with the same respect we do. All Facebook Platform developers agree to the Developer Terms of Service, which strictly limit the collection, use, and redistribution of user information. We have technology and a team to ensure applications abide by those policies.

We’re excited that our industry partners are taking greater steps toward openness and enabling users to share their information around the web. We hope, though, that we can collectively find a model that allows users to share data while protecting the privacy of our users’ data and ensuring that the user is always in control.

In the past, when we found applications passing user data to another party (for instance, to ad networks for the purpose of targeting), we suspended those applications and worked with those developers to ensure they respect user privacy. Now that Google has launched Friend Connect, we’ve had a chance to evaluate the technology. We’ve found that it redistributes user information from Facebook to other developers without users’ knowledge, which doesn’t respect the privacy standards our users have come to expect and is a violation of our Terms of Service. Just as we’ve been forced to do for other applications that redistribute data in a way users might not expect or understand, we’ve had to suspend Friend Connect’s access to Facebook user information until it comes into compliance. We’ve reached out to Google several times about this issue, and hope to work with them to enable users to share their data exactly when and where they choose.

We think MySpace’s Data Availability, Google Friend Connect, and Facebook Connect can be part of a great movement in the industry to give users a better and safer experience online, while respecting user privacy. We look forward to working with our developer community and everyone else in the industry to help all of our users take their information, and their privacy, with them wherever they go.

.org owners facing 10% hike in registration fees this fall

2008-05-10T13:05:00Z

The Public Interest Registry plans to bump its wholesale rates on .org domains starting this November by 60¢ per domain, which means that smaller registries will likely pass the fee onto the organizations that depend on their .org domains to keep running.

The Ethics of Vulnerability Research

2008-05-14T17:29:45Z

The standard way to take control of someone else's computer is by exploiting a vulnerability in a software program on it. This was true in the 1960s when buffer overflows were first exploited to attack computers. It was true in 1988 when the Morris worm exploited a Unix vulnerability to attack computers on the Internet, and it's still how most modern malware works.

Vulnerabilities are software mistakes--mistakes in specification and design, but mostly mistakes in programming. Any large software package will have thousands of mistakes. These vulnerabilities lie dormant in our software systems, waiting to be discovered. Once discovered, they can be used to attack systems. This is the point of security patching: eliminating known vulnerabilities. But many systems don't get patched, so the Internet is filled with known, exploitable vulnerabilities.

New vulnerabilities are hot commodities. A hacker who discovers one can sell it on the black market, blackmail the vendor with disclosure, or simply publish it without regard to the consequences. Even if he does none of these, the mere fact the vulnerability is known by someone increases the risk to every user of that software. Given that, is it ethical to research new vulnerabilities?

Unequivocally, yes. Despite the risks, vulnerability research is enormously valuable. Security is a mindset, and looking for vulnerabilities nurtures that mindset. Deny practitioners this vital learning tool, and security suffers accordingly.

Security engineers see the world differently than other engineers. Instead of focusing on how systems work, they focus on how systems fail, how they can be made to fail, and how to prevent--or protect against--those failures. Most software vulnerabilities don't ever appear in normal operations, only when an attacker deliberately exploits them. So security engineers need to think like attackers.

People without the mindset sometimes think they can design security products, but they can't. And you see the results all over society--in snake-oil cryptography, software, Internet protocols, voting machines, and fare card and other payment systems. Many of these systems had someone in charge of "security" on their teams, but it wasn't someone who thought like an attacker.

This mindset is difficult to teach, and may be something you're born with or not. But in order to train people possessing the mindset, they need to search for and find security vulnerabilities--again and again and again. And this is true regardless of the domain. Good cryptographers discover vulnerabilities in others' algorithms and protocols. Good software security experts find vulnerabilities in others' code. Good airport security designers figure out new ways to subvert airport security. And so on.

This is so important that when someone shows me a security design by someone I don't know, my first question is, "What has the designer broken?" Anyone can design a security system that he cannot break. So when someone announces, "Here's my security system, and I can't break it," your first reaction should be, "Who are you?" If he's someone who has broken dozens of similar systems, his system is worth looking at. If he's never broken anything, the chance is zero that it will be any good.

Vulnerability research is vital because it trains our next generation of computer security experts. Yes, newly discovered vulnerabilities in software and airports put us at risk, but they also give us more realistic information about how good the security actually is. And yes, there are more and less responsible--and more and less legal--ways to handle a new vulnerability. But the bad guys are constantly searching for new vulnerabilities, and if we have any hope of securing our systems, we need the good guys to be at least as competent. To me, the question isn't whether it's ethical to do vulnerability research. If someone has the skill to analyze and provide better insights into the problem, the question is whether it is ethical for him not to do vulnerability research.

This was originally published in InfoSecurity Magazine, as part of a point-counterpoint with Marcus Ranum. You can read Marcus's half here.

Identity, OpenID and ‘Cognitive Load’

2008-05-13T18:02:13Z

We are often free and easy with the definitions of those things that mean most to us. We all applaud freedom, and yet often do not take the time to distinguish what kind of freedom we mean. It is the curse of all slogans that they somewhat lose their power when accompanied by an asterisk. Over my next few posts I’d like to look at the wider implications of identity and ownership and unpack the asterisk.

Dick Hardt does a far better job than I ever could here of introducing the multi-faceted components of identity in his OSCON talk on identity 2.0 and if you haven’t seen it, you should. The point is well made that our physical identity is a pretty amorphous term that encompasses any number of different aspects from our name and passport to the car that we drive and the same can be said for online identity. For me however, we can distill the core components of our online identity down to the ABC of Identity:

Authentication - I am who I say I am - my OpenID, my usernames and passwords.
Brand - My photos, my designs, my words, my friends, my reputation, my choice of services and companies - how I choose to represent myself to the world and how the world in turn chooses to represent me
Communication - How I choose to communicate and the identifiers that I use - my cell number, my email address, my IM handle.

The more coherent my identity is across these three facets, the stronger each individual component becomes. If I want to encourage adoption of a new identity component, my task becomes easier if I can link it to one of the other components. The standard username/password set either links brand (nickname) or communications (email address) to authentication. The key representation of my brand on Facebook or Myspace is strengthened by that profile being linked to my communications, messaging occurs between personal brands.

This has wider implications for consumer adoption of OpenID. One of the key barriers to adoption raised by critics is that for mainstream users the idea of typing in a URL in order to log in to a website is too much. The argument is that the ‘cognitive load’ of typing in a URL is substantially greater than typing in your email/username and password.

However, the cognitive load springs not solely from the problems of typing in a URL (though the complexity of the URL plays a role); the issue is one of emotional rather than cognitive load; the URL as authentication is often totally divorced from the other components of their identity. If, for example, http://johnsmith.myopenid.com has no relation to my brand and I can’t use it to communicate, that URL has little emotional resonance and means that typing in this random URL to authenticate who I am is less intuitive.

If we really want to see OpenID adoption take off, we should look less at throwing up a multiplicity of buttons to ease the flow and look more at how we can build the links between authentication, brand and communications. This could be done by mainstream brand repositories like Myspace becoming OpenID providers, and myspace.com/johnsmith becoming the place where my brand, communication and authentication come together in one URL that represents the totality of me. Focused OpenID providers like JanRain could build out what are currently fairly bland profile pages to make them more full-featured strengthening that expression of my brand. One might argue that with Livejournal, this was the original promise of OpenID. However, we still run into the problems of centralizing your life on a URL that you don’t control.

Domain-centric identity solves this problem to a great extent: If Johnsmith.com is the home for my brand, the domain through which my email and other communications flow (john@johnsmith.com) and OpenID providers provide domain delegation, I can create a flexible, permanent home for my identity centered around a URL that represents me with an experience that no longer feels fragmented or divorced from who I am. Instead of typing in john@johnsmith.com, I am merely typing in johnsmith.com. It does us good to remember that OpenID holds more than the promise of one password, it holds the promise of being one person.

Announcing Facebook Connect

2008-05-09T12:32:27Z

At Facebook, we're committed to enabling people to communicate and stay connected wherever they go.

In August 2006, we introduced the first version of the Facebook API, enabling users to share their information with the third party websites and applications they choose. Hundreds of companies have leveraged these APIs, allowing users to dynamically connect their identity information from Facebook, such as basic profile, friends, photos information and more, to third party websites, as well as desktop and mobile applications.

In May 2007, we launched Facebook Platform, which allowed third party developers to build rich social applications within Facebook. More than 350,000 developers and entrepreneurs from 225 countries have signed up, and started developing applications, and have seen significant adoption by Facebook users worldwide.

Today we are announcing Facebook Connect. Facebook Connect is the next iteration of Facebook Platform that allows users to "connect" their Facebook identity, friends and privacy to any site. This will now enable third party websites to implement and offer even more features of Facebook Platform off of Facebook – similar to features available to third party applications today on Facebook.

Here are just a few of the coming features of Facebook Connect:

Trusted Authentication
Users will be able to connect their Facebook account with any partner website using a trusted authentication method. Whether at login, or anywhere else a developer would like to add social context, the user will be able to authenticate and connect their account in a trusted environment. The user will have total control of the permissions granted.

Real Identity
Facebook users represent themselves with their real names and real identities. With Facebook Connect, users can bring their real identity information with them wherever they go on the Web, including: basic profile information, profile picture, name, friends, photos, events, groups, and more.

Friends Access
Users count on Facebook to stay connected to their friends and family. With Facebook Connect, users can take their friends with them wherever they go on the Web. Developers will be able to add rich social context to their websites. Developers will even be able to dynamically show which of their Facebook friends already have accounts on their sites.

Dynamic Privacy
As a user moves around the open Web, their privacy settings will follow, ensuring that users' information and privacy rules are always up-to-date. For example, if a user changes their profile picture, or removes a friend connection, this will be automatically updated in the external website.

These are just a few steps Facebook is taking to make the vision of data portability a reality for users worldwide. We believe the next evolution of data portability is about much more than data. It's about giving users the ability to take their identity and friends with them around the Web, while being able to trust that their information is always up to date and always protected by their privacy settings.

We look forward to working with other leading identity providers to develop the best policies and standards for enabling the portability and protection of users' information.

We expect that Facebook Connect will be available publicly within the next several weeks. If you want to learn more about bringing Facebook users to your website, application or device, send us an email at: connect@facebook.com.

MicroHoo: The Social Network That Could Have Been

2008-05-12T07:19:15Z

Over the course of the many weeks of on-again, off-again MicroHoo madness, I did a fair bit of pontificating and speculating of my own about the would-be deal. After all, it was THE Bay Area topic of conversation (for one brief moment we all put our Facebook speculation on hold -- I am so pleased that we can get back to speculating about Facebook now and, better yet, speculating about MicroBook, or is it FaceSoft?).

Many of the MicroHoo conversations I had centered around the combined assets of Microsoft and Yahoo. What could the two companies, in combination, bring to bear upon the Internet landscape? And while the press largely liked to discuss the impact a Microsoft/Yahoo merger would have on the search market, to my mind that was not the biggest advantage of the combination. From where I sit, the greatest combined asset of Microsoft and Yahoo would be their vast social graph data. Farmed properly, MicroHoo could have enabled a stunningly powerful social network using nothing more than the fumes of their existing services.

To see the power of Microsoft's and Yahoo's social data, one need look no further than the first visit to virtually every social service. The first thing you are asked to do in the registration process is to give your login data for Yahoo Mail, Hotmail, etc. Why? Because each new social experience on the Web needs to recreate your social graph and the best way to jump start that process is to use the social graph data you already have stored in your existing communications services.

What if MicroHoo were to simply farm the social data contained in all of its current social services? Step one, implement a unified login across all MicroHoo services. I must say that this is one thing that Yahoo has gotten right from the very beginning (and Google has been a fast follower). Since its inception, Yahoo has viewed the customer experience as a unified one across all of its properties. And with each of its acquisitions, job number one has been to unify the login experience. Thus, Yahoo knows that "davidhornik" on Yahoo Mail is the same as "davidhornik" on Flickr is the same as "davidhornik" on MyYahoo. What if MicroHoo also knew that it was the same as "davidhornik" on Microsoft Messenger and as "davidhornik" on Hotmail? In fact, MicroHoo could know that I am the same "davidhornik" on:

Yahoo Mail
Yahoo Messenger
Flickr
Delicious
Upcoming
Hotmail
Windows Live Messenger
Xbox Live
etc.

Every one of these services contains data from which MicroHoo could have created a social graph an order of magnitude larger than MySpace or Facebook. Add on top of that social data compelling personalized experiences drawn from the likes of MyYahoo, Yahoo Finance, Zune.net, etc. and you've got the makings of a pretty powerful social experience.

So why haven't Yahoo and Microsoft done this on their own, let alone in combination? That's a great question. If I were in charge, it is where I would start. As all experiences on the Web increasingly are informed by social relationships, the long term winners will be the players who can bring the most social data to bear on their services. What's more, as can be seen in the recent announcements by MySpace, Facebook and Google, the ability to own that social graph and make it available for use by third-party services will prove invaluable. While Google has relatively little to offer in terms of existing social data, both Yahoo and Microsoft sit on treasure troves of data (as does AOL for that matter) that would allow them to legitimately compete with MySpace and Facebook as the Social Graph of Record for the rest of the Web.

Not that it would be easy for Microsoft or Yahoo to create a social network from whole cloth. I know it wouldn't. (Just look at Yahoo 360.) But the prize is well worth the effort. Consider the millions of people who have yet to join any social network. While Yahoo and Microsoft may not be the likely starting point for Millennials, it strikes me as a very natural place for the rest of the Web to discover and embrace social networking. Similarly, Microsoft and/or Yahoo seem the natural repositories of the social graph of record for the rest of the Web. If MicroHoo is ever reborn, the big opportunity for the combined companies is to create the social network for everyone else (and the social graph for everything else). In the mean time, Jerry and Steve, if you are listening, you probably should get working on it independently. My guess is that your future in the Web depends upon it.

Use Amazon SQS to Build Self-Healing Applications

2008-05-09T21:41:59Z

Quite a few people ask us about best practices that they should consider when architecting solutions in the cloud. This post covers just one best practice: how to use Amazon Simple Queue Service to build self-healing applications. The basic idea is that you can create resilient and self-healing applications by implementing a Services Oriented Architecture that follows these three principles:

Each component operates on its own
Without relying on the component before or after it

Read from and write to a message queue at the boundary of each workflow stage in your application
If the component fails, restart automatically

Design for n + 1

Rather than repeat the details here, I just posted a short five-minute video on this subject on the Amazon Web Services Resource Center. Click here to view it in either Windows Media or Flash formats.

Also, the following links are useful references for learning about how to use Amazon SQS and Amazon EC2 together:

Get started with Amazon SQS and Amazon EC2
Sample application to get started with Amazon SQS and Amazon EC2
SQS-EC2 Job Processor Sample AMI

-- Mike

CMS Horror Stories, and Your Soon-To-Be “Legacy” Community Platform?

2008-05-10T14:06:53Z

In the late 1990s the CMS invaders deployed their systems at large corporations, as managing web pages using HTML editors wasn’t scalable and non-technical folks needed to publish. In many cases after the invader left, the company’s business teams and technical web teams were stuck cleaning, fixing, enhancing, for years to come.

Unplugging web publishing systems (and community platforms) ain’t easy.

Publishing from Word Docs, ouch.
I was a web manager at a very large corporations, as such, I was the business sponsor for the website, and therefore the tools that were used to publish the website. Often, in most cases, I inherited a legacy CMS system, one that I did not choose, the underpinning structure of the site revolved around it, documents, navigation, ability to edit pages, and look and feel.

This was one of the worst implementations of CMS systems I’d ever seen, the idea was for non-technical people to edit the webpages, so the system would have the ability to check out a ‘word doc template’ filled with macros, publishers could edit the word doc, check it back into the system and a new webpage would appear. fail.

The templates were so complicated as users had to be trained on how to use the word docs, understand the styles, and all the nuances associated with the code. The linking structure linked to a primary key for a document, which also caused confusion. That’s just the publishing process, it gets worse.

The Pains of Content and Structure Coupled
The site was unfortunately designed so the structure would for the most part, remain constant. The structure of the site, and the content were coupled together, and that’s a major problem. As the site would grow and more pages were added to the taxonomy, the system became more and more inflexible. The developers had a very complicated way of managing the pages, the changes took a few days to work as the underlying code had to be changed. The simplest of web changes that you would expected to see from a web CMS system required ongoing developer support –not content changes at the business level.

I’m not going to mention the name of the CMS vendor who provided this less than stellar tool, as I believe the deployment of the system was to blame from the in house technical group –all of which happened before I got there. Whew, I feel better, that’s been pent up inside of me for a few years now.

Thinking forward: Community Systems of today, to be legacy systems tomorrow
As we deploy community solutions that have social media features, are we thinking about in a few years how these legacy systems will be inflexible, don’t talk to our other systems, cobbled together application ware that we loosely couple with our other customer facing web systems?

I also know of many business groups that are deploying community software, often by ‘notifying’ IT that they are doing it, sometimes without thinking about the long term implications of these systems not being able to migrate, talk, or share data with other websites. In many cases, the business sponsor will move on to another role, job, or company, leaving the archaic community platform in the hands of the next web strategist.

Two questions for you:

1) I’d love to hear from you about your CMS horror stories, feel free to leave a comment below, go ahead, vent away.

2) Are you deploying a community platform for your web strategy at your company? What are you doing to plan for the long term 5+ years impacts of this system in regards to the rest of the enterprise web strategy?

Could OpenID Revolutionize Online Shopping?

2008-05-10T23:33:07Z

A couple of weeks ago Thomas Huhn and I discussed OpenID with regards to online merchants. We noticed that hardly any merchants have adopted the OpenID technology yet. Actually I don’t know of any at all. However we noticed that many online retailers in Germany don’t require customers to register for a permanent account if they don’t intend to return to the site later. Creating an account is just a matter of convenience.

From my own experience I am hesistant to create accounts at every online merchant. If I have the option to purchase products without the account creation step, I typically go for it. I would rather type in the required information again in the future. There is no specific reason why I don’t want to create accounts all over the place -- maybe I just want to keep the number of accounts I have low.

What about OpenID?

Online merchants should implement OpenID. I could then provide my details like my address, phone, etc. only to my OpenID provider. There are a number of extensions to the OpenID protocol which support this type of account: Simple Registration and Attribute Exchange (also see Dennis Blöte’s excellent article on the topic). Both extensions allow transfer of profile data from an OpenID provider to a relying party, e.g. a merchant. The first time I confirm my OpenID to a merchant, the merchant will ask for ask to retrieve the data. If I accept, all future authentication requests will be made automatically.

So what happens if my address changes? Before OpenID, I have to change my address in every merchant's database. I think that’s unnecessary. Merchants don’t even have to store that data thanks to Simple Registration and Attribute Exchange. Assuming my address changes I will update it at my OpenID provider. When returning to a merchant it simply asks my provider for the necessary details again and the updated information is provided to the merchant. It’s really that simple: the merchant will always have updated data but doesn’t have to store it and doesn’t even have to ask me for it. When the products are delivered and paid, it can delete my data.

Recommendations

Can online shopping be even more convenient? Yes, and here APML immediately comes to mind. It collects users’ attention data and their interests, e.g. their favorite music or movies. Just think of Amazon’s recommendation system. The data is stored in a file which can be shared and parsed by any services that support the APML standard.

The APML file can be stored anywhere. Why not at my OpenID provider? A merchant could ask for that file and, upon request, it gets transferred. Once the file is transferred, I would get recommendations based on my attention profile even if it’s the first time I visit the shop. For example, A music merchant could access my APML file which contains all the music I have listened to on Last.fm. And that’s the difference with Amazon which can only recommend products to me if I have already purchased products on Amazon.com or have surfed the site in detail. A shop supporting APML can provide the same thing immediately.

After I make a purchase at a merchant who accepts APML, it would be great if they would update my APML file and then send the updated file back to my OpenID provider. I have no idea how to make this work, just seems to make sense. Maybe OAuth is a solution or even Attribute Exchange as it is capable of storing data at the OpenID provider.

Conclusion

I think OpenID could really help make online shopping more user-friendly. There are benefits for both customers and shops. Customers don’t have to deal with registration processes anymore and get better recommendations for products they might be interested in. Shops will always have more accurate customer data and with APML support they could even boost sales because customers are only shown relevant products. Merchants can also save money on data management.

This article was authored by Carsten Pötter. Carsten blogs about OpenID and related topics from an end-user perspective at notsorelevant.com.

Partner Links
-- Web Jobs
-- NY Tech Directory
-- CenterNetworks LinkedIn Business Group
-- CenterNetworks Facebook Fan Page
-- Purchase an Apple iPhone

Social Networking Sites Turn Outward

2008-05-12T12:06:43Z

The New York Times reports on MySpace's new Data Availability project, which will allow third-party websites to automatically import information from a user's profile, saving the user the hassle of re-entering it on a bunch of different sites. As the Bits blog says, this is a smart move and could be the start of an important trend toward making MySpace a more outward-focused platform. Facebook wasted no time in announcing a program of its own called Facebook Connect that will have similar functionality. And now it looks like Google will rolling out an extension for Open Social that will provide some of the same features. We've said before that the achilles heel of social networking sites is that they're so inwardly-focused. In the long run, it's going to be difficult for any site—even one as large and technically savvy as Facebook or MySpace, to get users to stay inside of a walled garden. The site that figures out how to be a platform that other sites use for identity management will have a huge advantage in the long run. MySpace and Facebook appear to regard this kind of outwardly-focused platform as the next frontier in social networking.

They're going to face some serious challenges in the privacy department, though. We discussed the privacy dilemma with Facebook apps back in January, and both Facebook and MySpace are going to have to grapple with the same set of issues with their new strategies. On the one hand, they need to lock things down sufficiently that one bad (or compromised) application can't suck down a ton of private user data and do bad things with it. On the other hand, if they are too restrictive, it will limit the usefulness of their platforms and discourage third-party websites from using them at all. Striking this balance, and coming up with security mechanisms that give sites the information they need without giving away the store, will be crucial to these initiatives' success.

I think it's possible that these problems will prove intractable. Ordinarily, when we talk about an "open API," we mean an API that anybody can use without any kind of pre-approval, and that doesn't constrain how data received through the API is used. Obviously, MySpace and Facebook aren't going to want to offer an API that's open in this sense; there's too much potential for mischief if an application can trick a user into authorizing a malicious application. So unless they can come up with a really elegant mechanism for limiting the spread of information, there's going to have to be a vetting process, which will mean extra overhead that limits how quickly the platform can grow. It's going to take a lot of ingenuity to make these platforms open enough that a lot of potential partners can participate while keeping them closed enough that they don't become vehicles for the bad guys to cause problems.

Timothy Lee is an expert at the Techdirt Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

Permalink | Comments | Email This Story

The Secret to Reformatting a Western Digital WD 1TB My Book External Hard Drive « Psychohistory [del.icio.us]

2008-05-12T16:36:19Z

I bought one of these at Costco and without this hack, I couldn't figure out how to reformat and use superduper for backup with it.

Getting someone to do things in a particular order (Part 2)

2008-05-08T08:14:20Z

Continued from part 1

These are the suggested mechanisms applicable to User follows process or path, performing actions in a specified sequence - they fall roughly into three ‘approaches’. In this post, I’m going to examine the System element approach.

System element approach

This approach includes mechanisms relating to the layout and properties of system elements, hence all technical rather than human factors.

Placing, Spacing and Orientation - how system elements are laid out - are some of the most fundamental mechanisms a designer can employ to help a user to follow a process or path in the intended sequence, and can be used both in the ‘real’ world and, as metaphors, in software. Movement or oscillation, as an ‘action’ property of system elements, which may involve changing their placing/spacing/orientation, can also be used to help achieve similar aims.

Placing

Placing may be implemented as simply as arranging interactive elements (functions, buttons, shops, products on shelves - effectively, anything) in sequence so that a user interacts (sees / notices / experiences / uses) them in the ‘right’ order. This might involve actually hiding one element behind another so that the first ‘must’ be dealt with before progressing to the next (or only displaying the second element once the first has been dealt with), but often this is not necessary: users will tend to interact with elements in a predictable sequence, at least where it is clear which direction the sequence is meant to progress (compare reading directions in different alphabets, for example, and the effect this has on the layout of interfaces).

Example: The elements of Amazon’s order process, revealed to the user in sequence

Placing can also involve arranging (non-interactive) elements to ‘channel’ users along a path in an intended sequence - walls, fences and guard rails are obvious architectural examples, but there are more subtle ones too, such as the layout of some casinos in which winners are ‘funnelled’ past many lures on their way to a single cashier.

Example: Guard rails are placed to channel pedestrians away from crossing at the mouth of a road junction

Spacing

Spacing - deliberate separation of system elements in space - can also be used strategically to cause users to follow a path or sequence of operations or interactions. For example many supermarkets are laid out with common items such as milk and bread at the back of the store, meaning that shoppers pass many other shelves of items (with potential for impulse purchase) on the way to their ‘target’, and on the way back to the checkouts at the front of the store.

Spacing can also be used to cause users to follow procedures requiring a delay between performing operations - the ‘on’ switch for a lathe may be spaced far enough away from the chuck that it is impossible for the operator’s fingers to be in a dangerous position as the device is switched on. Along similar lines, spacing light switches for different parts of a corridor or stairway apart so that they must each be switched on in sequence individually when needed (rather than allowing users to switch them all on at once) may reduce unnecessary electricity use.

Example: Dairy items are often positioned to drive traffic to the rear of a supermarket. Image from wander.lust

Orientation

Orientation is necessarily related to placing and spacing - the relative angle or attitude of system elements can be used as a mechanism for encouraging or channelling users to follow a path or perform actions in sequence. A trivial example is the use of angled walls to ‘funnel’ pedestrians along a particular path. It can also be used to cause users themselves to change their orientation in response, where this is part of an intended sequence of user behaviour - the staggered pedestrian crossings which make sure users turn to face the direction of oncoming traffic, as mentioned in Part 1, use the changing orientation of the walkway to change users’ orientation.

Example: A staggered pedestrian crossing designed so that users face oncoming traffic. Image from the UK Highway Code.

Movement or oscillation

Movement or oscillation may involve changing the placing/spacing/orientation of system elements, and can be applied in a physical or metaphorical sense. A moving indicator which guides the user through a process or sequence, or indeed, brings system elements which require interaction to the user (or routes them past), encourages (or forces) following procedures in the ‘right’ order.

Consider this mechanism as a dynamic implementation of placing/spacing/orientation: it has the potential to control much more fully the order in which users are exposed to objects or functions. The most obvious examples are conveyors on production lines, bringing components or products to stationary workers in the right sequence, but even museum exhibits such as the Crown Jewels may be displayed in a rotating or constantly moving case, which displays them to visitors in a certain order and reduces the possibility of undesired interactions.

Example: A conveyor (such as this on a Krispy Kreme doughnut preparation line) brings products or components to workers in the right sequence. Image from Silversprite

In part 3, we’ll look at the Poka-yoke approach to getting someone to do things in a particular order.

That word, syndication, I do not think it means what you think it means

2008-05-08T13:04:10Z

Something about the title of this week’s Perspectives interview, OpenSearch federation with Search Server 2008, has been nagging me ever since I wrote it. In the interview, Richard Riley and Keller Smith describe how the new Microsoft search server can extend its reach by sending queries to other search services that can return results as OpenSearch-compliant RSS or Atom feeds.

We call this activity federation, but the enabling technology is syndication. So is the group of participating servers a federation, or is it a syndicate?

Some definitions of federation, from 1 dictionary.com and 2 Merriam-Webster:

1 a federated body formed by a number of nations, states, societies, unions, etc., each retaining control of its own internal affairs.

2 an encompassing political or societal entity formed by uniting smaller or more localized entities: as a: a federal government b: a union of organizations

That seems too formal, too heavyweight, for an OpenSearch-mediated search scenario. When you modify a search service to return results in the OpenSearch format, you’re not necessarily joining any kind of union. You’re just making it easier for other entities to latch onto your search results.

OpenSearch was announced on March 16, 2005, at the Web 2.0 conference. That same day I adapted my version of the InfoWorld search service to use it. There was nothing special about what I did, which is why it only took a few minutes. I just added a variant of the query URL that returned results as RSS, with a few minor extensions to comply with OpenSearch.

Then I registered my service with Amazon’s A9, searched A9 for “Jean Paoli”, and saw the combined results shown here.

This arguably was a federation, because you had to join the club in order to have results from your service show up in A9. But nothing about OpenSearch required things to work that way. Other services could consume my search feeds without requiring me to register with them, or permit them.

What’s more, any RSS reader could consume those feeds. Although I’d done the OpenSearch hack to showcase integration with A9, it turned out that I’d solved another problem without even intending to. It was now also possible for individuals to subscribe to InfoWorld queries.

OpenSearch can involve federation, but more fundamentally it’s about syndication. So, do the participating entities form a syndicate?

1 a: a group of persons or concerns who combine to carry out a particular transaction or project b: cartel c: a loose association of racketeers in control of organized crime

2 a group of individuals or organizations combined or making a joint effort to undertake some specific duty or carry out specific transactions or negotiations

That doesn’t seem right either. We can get closer by focusing on the definitions that emphasize simultaneous publication:

1 a business concern that sells materials for publication in a number of newspapers or periodicals simultaneously

2 to publish simultaneously, or supply for simultaneous publication, in a number of newspapers or other periodicals in different places: Her column is syndicated in 120 papers

But these definitions still involve more business coordination than OpenSearch, or feed syndication in general, require. If I use OpenSearch to publish a search service within the enterprise, I don’t need to make a formal agreement with the Search Server administrator in order to enable that server to include my search results. I just need to publish my results as an RSS feed, and tell that person I’ve done so. That same RSS feed is available to users who may wish to subscribe to searches performed directly on my service.

It’s the same on the open web. When you adopt a syndication-oriented architecture, small pieces can be loosely joined, or they can be more tightly coupled. But the underlying publish/subscribe mechanism doesn’t determine that choice.

Chewing on these definitions is more than a pedantic exercise for me. In my local community, I’m trying to show how a particular use of publish/subscribe technology — namely, calendar syndication — can solve an important problem for people, organizations, and the community as a whole.

Federation would clearly be the wrong word for the network of calendars that I’m trying to bring into existence. I’ve been using the word syndication instead. But now I suspect that’s the wrong word too. I want to convey that we can create small pieces, that they can be loosely joined, and that important network effects will emerge. I don’t yet know what word or phrase will make that cluster of concepts light up in people’s heads.

When Is the Right Time to Launch Your Own Cloud?

2008-05-08T20:37:34Z

New York-based cloud computing startup 10gen launched today with backing from CEO Kevin Ryan’s startup network, Alleycorp. It makes sense, since with several ventures already under his belt, Ryan probably has enough customers to both justify the buildout and break even right away. And the founders know scaling, having built out ad network DoubleClick.

But is it always a good idea to build your own cloud when you get big enough to do so?

Yesterday, for example, I had a great chat with Lana Holmes, a Bay area startup maven, about product management and how to focus on doing the one thing that matters to your company. “The example I use is Amazon,” she said. “They just focused on selling books. And look at them now.”

At their root, Amazon’s EC2 and S3 offerings are the result of excess capacity from sales. The offerings have paved the way for an online world in which compute power is a commodity. The company has subsequently built, on top of those offerings, a layer of billing, services and support for them.

The motivation behind the creation of 10gen is similar: If you successfully launch a number of web firms, at a certain point the economies of scale of others’ clouds starts fall away and you may as well run your own.

It’s easier than ever to launch your own cloud. You’ve got grid deployment tools from folks like 3Tera and Enomaly. Virtualization management can be had from the likes of Fortisphere, Cirba and ManageIQ, to name just a few. And license management (built into cluster deployment from companies like Elastra) is knocking down some of the final barriers to building a cloud that you can offer to third parties as well.

But imagine a world in which there are hundreds of clouds to choose from. Moving a virtual machine is supposed to be as easy as dragging and dropping, and cloud operators will hate that. They’ll resist, putting in proprietary APIs and function calls. Applications and data won’t be portable. You’ll be locked in to a cloud provider, who will then be free to charge for every service. Sound familiar?

My guess is that as the cloud computing market grows and matures, one (or more) of three things will happen:

Standardization and portability, in which consortia of cloud vendors agree to a standard set of APIs and coding constraints that guarantee interoperability. This isn’t just about the virtual machines; they’re fairly standard already. It’s about the data storage systems and the control APIs that let cloud users manage their applications. This is the mobile phone model, where number portability is guaranteed and there are well-known services like voice mail and call forwarding.
Shared grid computing, in which smaller clouds sell their excess capacity to bigger clouds. This would let the big cloud dominate while paying the smaller cloud just enough to stop it from launching an offering of its own. Think of this as the electric company model, selling computing between clouds the way a solar-powered household can pump excess electricity into the power grid.
Specialization, where clouds are good at certain things. You’ll get OS-specific clouds (Heroku is already providing optimized Rails deployment atop EC2.) It’s only a matter of time before we see clouds tailored for specific industries or the services the offer — anything from media to microtransactions. Sort of like the cable channel model, with specialized programming that allows niche channels too survive.

Whatever happens, it’s clear that good old-fashioned branding, plus a healthy dose of experience, will be key to winning as a cloud provider.

During a panel at Interop last week that I sat on with folks from Amazon, Opsource, Napera, Syntenic and Kaazing, I asked the audience how many of them would entrust Microsoft to run a cloud with Microsoft applications, and how many would prefer to see Amazon running a Microsoft kernel on EC2. Roughly 75 percent said they’d trust Amazon to run Microsoft’s own apps rather than Microsoft.

So when’s the right time to launch a cloud computing offering of your own? Unless you have the branding and reputation to support that launch — or you can re-sell excess capacity to partners or specialize — maybe never.

If this story interests you then you should definitely check out our upcoming conference, Structure 08.

La madre de todas las pantallas gigantes (hecha de LEDs, en este caso): GreenPIX

2008-05-09T09:50:42Z

GreenPIX es una colosal pantalla gigante compuesta de 2.292 LEDs de color que ocupan una superficie de unos 2.200 m². Una de las cosas más impactantes de este montaje es que no requiere energía externa: la fachada capta energía solor durante el día y la utiliza para ilumnarla por la noche. Está montada en el centro comercial Xicui en Pekín (China) por aquello de las olimpiadas.

(Vía RGB desde information aesthetics.)

When the fall is all that’s left

2008-05-07T06:23:45Z

Not for nothing, but I’ve had my share of bad reviews in my professional career. Some I’ve taken well, and some I’ve taken… poorly. Some were my fault and others honestly weren’t. There isn’t a manager on Earth who hasn’t had to give a bad review to somebody, sometime. It’s always awkward and it’s never fun and in the end you’re left with a low score on a piece of paper and a sinking feeling in your chest.

And yet, if you rounded up all the managers in the world and shot them… no wait, that’s not where I was going with this. If you rounded up all the managers in the world and got them drunk — yes, I think that would work — you got them drunk and you asked them one question, they’d all tell you the same thing: the score that they give and you get doesn’t mean a damn thing. Oh, you’ll fixate on the score, since it means no salary bump or no bonus or no promotion or — jackpot! — all three at the same time, but it truly, truly, truly doesn’t mean a damn thing. The only thing that truly matters is the conversation that follows.

And it is in this context that I am somewhat embarrassed on behalf of the Mozilla Corporation. They certainly didn’t ask for my opinion or my guilt-by-proxy, but they apparently haven’t noticed that they ought to be embarrassed, so by God somebody needs to step up. I refer, of course, to the Acid 3 test cooked up by the inimitable Ian Hickson and his motley crew of meddling minions. The test gives a numerical score that purports to rank a browser’s compatibility with a potpourri of well-established web standards. Of course any such test is guaranteed to be unfair to somebody, but this one was especially unfair to everybody since the makers intentionally sought out bugs in major browsers to highlight their incompatibilities.

That, by itself, is not the story. First there was the Acid test, then there was the Acid 2 test, and there will no doubt be an Acid 4 test and so on. The fact that the testmakers had to work so damn hard to find compatibility bugs to highlight speaks volumes by itself, but that is not the story either. The story is that two browser vendors — Opera and Apple — somehow got into a bit of a race over who could reach a perfect score first. This, on top of their already insane release schedules (Safari 3.1, Opera 9.5), shocked and awed the web standards community, who for the first time in recent memory were put in the enviable position of arguing about which browser had increased its standards compliance the most and the fastest.

The funny thing is, I don’t even know who won. There were some inconsistencies about which builds passed what, and then they found some last-minute bugs in the tests themselves, and despite minute-by-minute updates on programming.reddit.com, I don’t really know or care who “won” the race. But I’ll tell you one thing: it sure as hell wasn’t Mozilla, because they were too busy complaining that the tests were just designed to highlight bugs (duh)… and they didn’t see any real worth in the feature tests (like downloadable web fonts, which is a five-digit Bugzilla bug that has been open since 2001)… and they felt they should get partial credit for still being ahead of Internet Explorer (new working slogan: “Firefox: We’re Not Dead Last”)… and anyway, they’re really busy right now — unlike the fine young minds at Apple and Opera, who, unbeknownst to their managers, have outsourced all their browser development to summer interns and are spending their newfound free time reenacting Roman toga parties. And oh, by the way, didn’t you hear that the other guys cheated? Also, their toga parties are, like, totally inaccurate when viewed from a psycho-historical perspective.

C’mon, guys. It’s not the score that matters, it’s the followup. It’s the conversation you have, the promises you make, the progress you show the next day and the day after that and the day after that. And bitching about an openly developed test suite whose ultimate goal was just to get people excited about web standards for a few minutes — man, you should all be embarrassed with yourselves. But you’re not, so here I am stepping up, publicly being embarrassed on your behalf. No need to thank me.

Update: once again, I explain myself better the next morning.

The Corporation's Two Bodies

2008-05-05T20:40:00Z

The New York Times quotes Laura Martin of Soleil Securities, as saying "This is management putting its employees and its job security ahead of current Yahoo shareholders' interest." The sense of horror here--that management could actually put the interests of employees ahead of the interests of investors--is interesting, to say the least. It raises an important question that's really almost theological in nature. It is most certainly theological in, as Lawrence Ferlinghetti wrote, "the promised land where every coin is marked In God We Trust, but the dollar bills do not have it being gods unto themselves. ("Autobiography," A Coney Island of the Mind, 1958, New Directions)

Where did the notion arise that management's sole responsibility is to its funding sources? It's not surprising that someone who represents investors thinks that investors are the only people who count. There's certainly some legal precedent for that view--employees work at the will of their employer, and if you take the abstraction far enough, the employer is basically a pile of money, and the employees are abstract labor power. But while Marx's formulation for the age of the Industrial Revolution may be applicable to workers in sweatshops, it's certainly not an appropriate formulation for the creators of value at Yahoo. Where, ultimately, is Yahoo's value? After all, Yahoo's contribution to the technology of the Web is second only to Google's (and that not by much). Yahoo engineers are not merely interchangeable cogs in an industrial machine.

Behind the idea of a "corporation" is, of course, the notion that a business entity is a kind of mystical body and can be treated as a person. So, what is that mystical body? Is it the investors, who certainly enable that body's existence, or the developers who create the value that the investors are after? Do we give priority to the food, or to the processes that digest the food? To give priority to the food lands us in a "cult of the investor," where Dollars provide the divine spark that animates the body corporate. In this view of the world, the investors are, in fact, little divinities. But Yahoo's value certainly doesn't derive from the investors, but from the company's technical creativity--something for which the investors are not responsible, and that they ultimately have nothing to do with. Would those creators be equally creative as Microsoft employees? Would the culture still be productive? Maybe yes, maybe no; it seems to me that the history of corporate acquisitions is littered with takeovers in which the shareholders may have profited, but the corporation's life and creativity withered.

It's certainly an oversimplification to imply that all (or even most) Yahoo employees opposed the Microsoft deal. But it's likewise an oversimplification to imply that all investors approved it--after all, one imagines that Yahoo's board and senior management are significant investors. But whether Jerry Yang was thinking in these terms or not, I can only applaud the idea that his company's value has something to do with the people who make it creative, not just with passive investors who wouldn't know a line of Javascript if it bit them on the wallet.