December 31, 2006
@ 04:19 PM

Jeff Simmermon wrote a blog post entitled Drowning Kittens In A River Full Of Cash which he seems to have deleted but which is cached here. There was a sentence from that blog post which stayed with me and I have reproduced below

Forget about trying to write under that kind of dread. Writing under family-friendly corporate constraints is a necessary but curious clusterfuck in the best conditions. Sometimes it's like reaching deep within your soul and pulling out a basket of kittens, then quietly drowning it in a river. A man's gotta eat, though, and I never griped about the paycheck. That was my choice, and I made it every day.

This year was the first year I considered ending this blog because I'd finally gotten tired of the hassle of people complaining about what I wrote here. The final straw for me surprisingly hasn't been work related although there have been stretching points from disgruntled coworkers who lashed out because I use competing products to people complaining to my management chain and theirs hoping to get me reprimanded or even fired for not toeing the party line. I stand by everything I've written in this blog but I've now gotten enough heat and taken enough inter-personal communication training classes to realize that some opinions are more trouble than they are worth. So every once in a while, a quietly drown a kitten of a half written blog post because I can't be bothered with dealing with the feedback. However that wasn't the breaking point, since I've considered this experience part of "growing up".

What I didn't expect to have to deal with was people back home in Nigeria reading my blog. Or even worse, certain posts in from my blog being printed out and republished in Nigerian print magazines. That audience which now includes quite a few members of my family is one I hadn't anticipated and one whose feedback on misconstrued posts is one I take more to heart than the other kinds of feedback I'm used to getting about my blog. This has now introduced a new set of filters I have to apply to my blog posts.

I've now begun to question the purpose of continuing to write this blog and considered ending it and perhaps restarting an anonymous one on some generic blog hosting service like TypePad or Blogger. I'm not sure what I'm going to do next but thought it only fair to let the couple thousand folks who read this blog regularly to know why it stopped if it does stop.

Have a Happy New Year.

Categories: Personal

December 28, 2006
@ 03:52 PM

The Wired Vaporware Awards '06 was announced this week and item #8 is The IPod Killer. Specifically the article states

8. The "IPod Killer"

Every time we hear about a new portable audio device, it's touted as the magic bullet that will end the iPod's reign once and for all.

Oh, you mean that thing? The one with the ugly design and clunky user interface? Does it at least work with iTunes?

Microsoft's Zune was supposed to do the trick, but it's sitting on the shelves (even the SanDisk Sansa is selling better than Zune) while the kids are all enjoying their freshly unwrapped, shiny new iPods.

Note to everyone: It's a White Wire World. Get over it.

I've bought a lot of iPods in my day and I've been making a list of things I'd like to see out of Microsoft's Zune effort that would tip the scales and make us go from a multiple iPod household to a Zune household. Below is a list of the 5 things that I think it would take to convert myself, my girlfriend and her oldest daughter from iPod users to Zune users based on conversations we've had about switching.

  1. Improve the Pocketability Factor: If you check out pictures of an iPod and a Zune side by side you'll notice that the iPod is thinner and shorter. Since I carry an MP3 player around a few hours a day either around my arm when working out or when walking around at work, the less bulky it is the better. My girlfriend definitely doesn't want to walk around with the outline of a rectangular brick in her pants especially now that skinny jeans are in

  2. Do Something Cool with the Wifi: At Christmas dinner, I was talking to a family friend who just graduated from college and she asked me about the Zune. She perked up when she heard about the Wifi capabilities and music sharing until she found out the limitations in the music sharing capabilities (3 days or 3 plays) which she described as lame. I doubt that there is much that can be done to make the music sharing feature interesting to college kids since [as she told me] they just want free music. However there are a lot of cool things I can imagine doing with a portable music player that has Wifi. For example, what if I was listening to a song on the radio on my Zune then could purchase that song in a few clicks right from the device? What if I could receive internet radio with no ads on my device?  

  3. iPod Dock Connector Compatibility: A lot of people mistakenly think that the large investment that prevents people from switching from an iPod is the library of songs they've purchased from iTMS which won't be compatible with another DRM system. However in my experience I've noticed that the huge range of iPod dock connector accessories is becoming more of a factor. After all, auto manufacturers from Chrysler to Ford, GM and Mazda are all shipping iPod-ready cars. We spent a few hundred dollars converting my girlfriend's SUV to an iPod-ready one. Then there's all the travel speakers, including my Christmas present a FUNKit DJ iPod Speakers. Re-buying hundreds of dollars worth of accessories doesn't fill me with glee. However if we could go to an electronics store like RadioShack and get a an iPod<->Zune connector that would ease the transition a great deal.

  4. Smaller, Cheaper Versions: The iPod Nano has totally swept the young girl demographic. Whenever we end up at the mall and I'm dragged to Claire's I tend to see a lot of iPod Nano accessories but very few for the video iPod. We need a Zune that targets that demographic.

  5. Celebrity Product Placement: I almost feel embarrassed to admit this but the tipping point for getting my first iPod wasn't when all the gadget wunderkinds at work got one or when I almost fell of the treadmill because I was switching CDs on my portable CD player. No, the tipping point was when I saw 50 Cent using one in the P.I.M.P. video. If you want to impress me with the cool kids that are using the player, don't show me annoying looking hipsters I probably couldn't stand if I met in real life. Another good example of this kind of product placement is Mariah Carey using a RAZR in the Shake It Off video.

What would it take for you to switch to a Zune?

Categories: Music

December 27, 2006
@ 07:08 PM

Mark Cuban has a blog post entitled Ripping on Gootube... Again which introduced me to a Youtube trend I hadn't even noticed. He writes

Take a look at Decembers Top Viewed English Videos.
Most Viewed (This Month)
Add Video to QuickList
Added: 3 weeks ago
From: tylermcgregor
Views: 1408363
3523 ratings
Add Video to QuickList
Added: 1 week ago
From: VerizonWireless
Views: 1373397
5731 ratings
Add Video to QuickList
Added: 1 week ago
From: wylinoutbitch
Views: 1341496
3299 ratings
Add Video to QuickList
Added: 2 weeks ago
From: CBS
Views: 1277719
3895 ratings

Go through the list. Only the StarWars PSA, the Christmas Tree Jump and PowerTool Racing are really user generated content. 3 out of 20.

From there you have a contrived 12 days of christmas that is one of thousands of promos for Youtube users themselves trying to build a following. Is this social networking at its best ?

From there we have commercials or promos for movies, for tv shows, for blenders, knives, for music videos and for a phone company. Then we have the most popular of Youtube videos these days. The fake Porn thumbnail with headlines of. Britney, Paris, whoever, nude, in the shower, wherever, doing whatever. 5 of the top 20 are fake porn.

The fact that the professionally produced content is more popular on YouTube than amateur content isn't that surprising. By definition, professionals can put more time and effort into producing high quality content which is why their content is more popular. This is true in almost all areas of user generated content areas including blogging, see the Technorati Top 100 for proof.

What is surprising is how popular 'gotcha' content which pretends to be soft porn turns out to be a practical joke has become. The two fake porn videos linked above have been viewed over a million times. The interesting question is whether Google/Youtube will do anything to curtail this trend. This is likely a cause for user dissatisfaction on the site based on all the negative responses I saw in the comments to the videos, however there seem to be enough people who find it funny that this isn't a clear case of spam nor can it be voted down by the community since a lot of people may vote them up since they find them amusing. 

As Mark Cuban points out in his post, this is one of those perennial problems with social software. If trends or people that are harmful to the community show up there isn't a clear way to deal with them without it seeming like the heavy hand authority slapping down people trying to have fun and express themselves. On the other hand, I doubt Google spent $1.62 billion for Youtube just to watch it turn into a haven for fake porn and other forms of griefing.


Categories: Social Software

The bigger Google grows, the more it seems that like every large company it's products now have to pay a strategy tax which may end up shortchanging their users. If you are unfamiliar with the term, you should read Dave Winer's excellent essay Strategy Tax which is excerpted below

Ben explained that sometimes products developed inside a company such as Microsoft have to accept constraints that go against competitiveness, or might displease users, in order to further the cause of another product. I recognized the concept but had never heard the term.

An example. Consider a company that develops both a Web browser and a word processor. The product team for the browser might get lots of input from users saying "We'd like a better editor in the browser." It would be natural to give the users what they want. So they put the feature in their project plan, but when it comes up for review, the CEO shoots them down. "They should use the word processor," he says.

Another example. An electronics company makes a portable music player, and also owns a recording studio. The team working on the music player knows that there's a big market for players that work with a format that's popular with computer users, but lacks sophisticated copy protection. They project huge sales. But when the product comes up for review, the CEO shoots them down. "We'll lose sales of our music," he says.

Before I read this essay I thought this was a problem unique to Microsoft and also thought that I was being astute in observing the trend at the company when in truth the term was part of the cultural knowledge of the company while I was still in programming diapers. Over time, it has become clear to me that this is a problem that affects any business endeavor where different product units either rely on each other or indirectly compete with each other [assuming that the company isn't dysfunctional enough to have products that directly compete against each other]. Below are three examples of how the strategy tax is affecting Google, all of which are observations by other bloggers which I've noticed myself but refrained from mentioning since I work for a competitor and it would have come off as sour grapes.

Disincentive to Improve Search Due to Ad Business

In his post Good Luck Jimmy, Dave Winer writes

Google is repeating the pattern of the previous generation of search engines (Alta Vista, Infoseek) were doing when Google zigged to their zag, so successfully. Today, Google is fattening up and spreading out, going after Microsoft in productivity apps, chasing the TV networks with YouTube. Etc etc. Today search is only one of the things Google is doing, and it may not be the most important thing.

Today Google's profits come from ads, and that business gives them a reason to keep search weak. They want you to do a lot of searching to find what you're looking for -- and the stuff they find for you for free is competing with the stuff they make money on. So Google actually has a disincentive to make search better.

A few months ago, I used to get into regular debates with Matt Augustine who argued that the fact that companies like Google make so much money from search advertising seems like a bug in the system. Matt would argue that if search engines were really that good at finding what we want, we would never have to click on the results they had been paid to show us unless we were deceived into doing so.

This seems to put a 'glass ceiling' on how good the search engine can be because you don't want people to stop clicking on ads when you make billions of dollars a year from them doing so.

Promoting Google Services at the Expense of the Integrity of Search Results and it's Advertisers

Blake Ross has a blog post entitled Tip: Trust is hard to gain, easy to lose where he writes

But Google lost me today, and it didn’t take much:

Google is now displaying “tips” that point searchers to Google Calendar, Blogger and Picasa for any search phrase that includes “calendar” (e.g. Yahoo calendar), “blog” and “photo sharing,” respectively. This is clearly bad for competitors, and it’s also a bad sign for Google. But I generally support anything that benefits users, including monopolistic packaging. I believe, for instance, that shipping Internet Explorer with Windows was a good move. So why are tips bad for users?
The tips are different—and bad for users—because the services they recommend are not the best in their class. If Google wants to make it faster and easier for users to manage events, create a blog or share photos, it could do what it does when you search GOOG: link to the best services. To prevent Google from being the gatekeeper, the company could identify the services algorithmically. But if that sounds familiar, perhaps that’s because Google already works that way. After all, Google is predicated on the idea that the democratic structure of the Web will push the cream to the top. Search for “photo sharing” and you should already get the highest quality services. According to Google, Picasa is not one of them.
While advertisers compete to be first in a string of lookalike ads that are often shunted to the side, Google now determines the precise position and appearance of ads tips that are not subject to any of the same rules. Its ads get icons while others don’t, and if you think that’s small potatoes, you are not an advertiser: images boost clickthrough. Google can make a Picasa ad say “Easier to use than Kodak,” but Kodak cannot create an ad that reads “Easier to use than Picasa.” And the kicker: neither the highest quality ads nor the highest quality search results can replace these tips.

The "strategy tax" here is being paid by the search engine and advertising groups at Google. To carry along Google services that Blake points out are not best in class, Google is foregoing ad dollars from a number of lucrative keywords and causing distrust in the search engine by the very power users upon whose backs it rose to fame in the first place. Google used to brag about how unlike other search engines, they don't use misleading ads that people can confuse for search results. However I tend to agree with the last statement in Blake's post

Perhaps the most nefarious aspect of this feature is how it operates within our collective blind spots. Advertisers are happy that Google no longer invades the canonical Ad Results. Technology purists continue to see untainted Search Results. But does my mother make that distinction? How much does a result have to look like a Result to cross the line?

Artificially Promoting it's Products in Search Results

From a comment highlighted in the post Google's Silent Monopoly Redux (Google Responds - Issues Public Statement) which states

But type in "maps". Google is again first. Ahead of Mapquest. Ahead of Yahoo maps. Yahoo also has backlinks out the ying yang. So why is it third? And mapquest has been around forever.. I'm sure there are more links to than to the URL, simply because the millions of web pages that linked their directions to Mapquest from 1996 to 2004 didn't all rush out and change all their links to Google maps in February of 2005 (when it was released), even if Google's is a better product.

Next, try "mail". Despite the fact that Yahoo mail has been around forever, and has all sorts of links, and that Hotmail has also been around forever, Gmail still manages to come up first.

And the most interesting thing about this particular keyword? The word "mail" by itself doesn't even appear on the page! The words gmail, webmail, and email appear. But not "mail". At least on the Yahoo page, the word "mail" does indeed appear. Yet Google still manages to rank ahead of Yahoo.

Finally, try "answers". Yes, comes up second, rather than first. But comes in third! Is the Google Answers site really getting that many more links than Yahoo's? Especially in light of the fact that Google recently decided to kill it, because almost no one was using it, while Yahoo's usage (and therefore also linkage, no doubt) are skyrocketing?

This claim was actually the most interesting to me since Google is very adamant about the integrity of their search results and claims we don’t accept payment for inclusion in our index, nor do we manipulate search results by hand. I tried a number of these queries myself and was pretty shocked by the results especially when it came to "mail". Here are some screenshots that illustrate the point

1. Search results for "mail" on Google

2. Number of links to (also the same as according to Google

3. Number of links to according to Google

It's hard to imagine any objective metric that should make Gmail show up ahead of Yahoo! Mail in a search for the word "mail". Of course, this doesn't mean that Google is tampering with search results "by hand". Their algorithm can simply have allowances to rank sites in their domain or linked from their domain higher without having to actually sully their hands by tweaking individual results by hand. Still, if Google is how the world finds information and we are increasingly being pointed to information that financially benefits Google, doesn't that taint the much vaunted claim of the integrity of their search results even if it is being done in an automated manner?


There were two stories announced today with a couple of fairly obvious reactions.

  1. Story: Google Replaces SOAP API with AJAX widget

    Obvious Misinterpretation: Google Search API? - mistakes a Web service endpoint the widget talks to for a sanctioned API

    Obvious Reaction: The end of SOAP

  2. Story: announces AJAX widget

    Obvious Misinterpretation: API for URL top tags, bookmark count - mistakes the web service endpoint the widget talks to for a sanctioned API

    Obvious Reaction: God bless the re-inventers - complains that the "new API" uses JSON instead of XML-RPC

The obvious reaction was to make the Google and announcements into a REST vs. SOAP or XML vs. JSON story since geeks like to turn every business decision into a technology decision. However if you scratch the surface, the one thing that is slowly becoming clear is that providers of data services would rather provide you their data in ways they can explicitly monetize (e.g. driving traffic to their social bookmarking site or showing their search ads) instead of letting you drain their resources for free no matter how much geek cred it gets them in the blogosphere.

This is a good thing because it means that as an industry we are slowly figuring out why and how to provide Web APIs and Web services and when not to.

PS: If you are a site that thrives on user generated content this doesn't mean that you should replace APIs that make it easier to add content to your site (e.g. the MetaWeblog API, Flickr API or the API) with a widget. That would make you an idiot.


I've been tagged by Nick Bradbury as part of the 5 Things People Don't Know About Me meme. Here's my list

  1. I've gained back 25 lbs of the 60 lbs I lost earlier this year. With the holidays and an upcoming trip to Las Vegas to attend CES I assume I'll be gaining another 5 lbs due to disruptions to my schedule and poor eating habits before I can get things back under control.

  2. I sold all my stock options when MSFT hit 30 last week.

  3. I used to smile a lot as a child until when I was about 11 or 12. I was in a Nigerian miltary school during my middle school years and some senior students didn't like the fact that I always walked around with a smile on my face. So they decided to beat me until I wiped that silly smile off my face. It worked. My regular scowl was mentioned as a dampener in more first dates than I'd like to admit while I was in college. I'm glad my mom decided to pull me out of the military school after only two years. At the time, I thought that was the equivalent of running away. Mother knows best, I guess.

  4. My dad is in New York this week but I turned down an opportunity to fly up and see him. I found out the details of his trip on Saturday evening which meant I'd have had to break of prior engagements such as baby sitting my girlfriend's kids and taking my intern on his farewell lunch if I wanted to see him. I'm sure I'll regret missing opportunities like this later in life.

  5. I have songs from every G-Unit Radio mixtape on my iPod.

I'm tagging the following bloggers to spread the meme; Mike Torres, Shelley Powers, Sanaz Ahari, Derek Denny-Brown and Doug Purdy


Categories: Personal

While browsing my referrer logs I noticed a lot of hits from a comment on Jensen Harris's blog post about the Office 2007 UI being licenced. Below is the comment which has driven several hundred page views on my blog

Mike Dimmick said:

As an example of how a developer could horribly misuse the Ribbon interface, see Dare Obasanjo's proposal for RSS Bandit:

My reason for moving to a ribbon-like interface for the Phoenix release of RSS Bandit was because I was under the impression that the Ribbon was the wave of the future with regards to application user interfaces in Windows. However I just read a blog post by Mike Torres entitled More on the Office 2007 UI where he points out that practically every Windows application released by Microsoft this year has abandoned the traditional File menu and toolbar structure in a different way. Below are links to the screenshots from Mike's post [and one extra which was suggested by Omar]

  1. Office 2007
  2. Windows Media Player 11
  3. Windows Live Messenger 8
  4. Windows Photo Gallery
  5. Windows Live Mail Desktop
  6. Internet Explorer 7

As you can se all of the above applications which where shipped by Microsoft this year embraced the idea of getting rid of the traditional File menu and toolbars yet didn't agree on what to replace them with. As a developer of a Windows application, it is clear to me that the traditional yet consistent File menu and toolbar look is now played out on Windows. The main question is which app I should emulate. If history tells me anything, I can't go wrong betting on Office driving user expectations around what Windows applications should act and feel like. I'm glad to see Infragistics on the list of vendors who will be adopting the Office 2007 UI guidelines. This means we'll likely inherit some best practices around using the Office 2007 Ribbon for free since we now use the Infragistics NetAdvantage GUI components in RSS Bandit.

If this means, I'm going to get people like Mike Dimmick flaming me for not living up to the vision of the 'Ribbon' then so be it. I'd rather that than an application that looked old and busted instead of being the new hotness. ;)


Categories: Programming | RSS Bandit

I'm using the Windows Background Intelligent Transfer Service (BITS) as the technology for downloading podcasts in the background so that RSS Bandit doesn't hog too much bandwidth while downloading the latest Ze Frank video. However it came to my attention that there certain conditions that had to apply before BITS was able to be clever about downloading a file from a website in the background. The conditions are spelled out in the HTTP Requirements for BITS Downloads which states

BITS supports HTTP and HTTPS downloads and uploads and requires that the server supports the HTTP/1.1 protocol. For downloads, the HTTP server's Head method must return the file size and its Get method must support the Content-Range and Content-Length headers. As a result, BITS only transfers static file content and generates an error if you try to transfer dynamic content, unless the ASP, ISAPI, or CGI script supports the Content-Range and Content-Length headers.

This means you can't use BITS to download podcasts from the feeds of sites such as C|Net MP3 Insider because it doesn't provide a Content-Length header when retrieving podcasts. Due to this limitation I've had to implement a fallback mode where we use a direct HTTP download request to retrieve the podcast. This solution is problematic if large video files are being downloaded in this manner because all the PCs bandwidth may end up being consumed by this task. For this reason, I've borrowed a leaf from the RSS platform in IE 7 and will also only support this for podcasts that are 15MB or less.

I sampled a number of files over 15MB at and didn't see many which were provided by a Web server that didn't meet the BITS requirements. Of course, I might be mistaken and there is some popular podcast which regularly provides files over 15MB and doesn't meet the conditions set forth by BITS. In that case, I'd consider upping the limit to something higher or providing some config file option to increase the limit. 


Categories: RSS Bandit

December 19, 2006
@ 02:45 PM

My girlfriend recently purchased an iDog for one of her kids and I thought that was the silliest iPod accessory imaginable. It seems I was wrong. Podcasting News has an article entitled The Ten Worst iPod-Related Christmas Presents Ever which has gems such as

iPod Toilet Paper Dispenser

Here’s something that we thought we should flush out of our system right away - the iCarta toilet paper dispenser/iPod player. The last thing we want anyone doing in the Podcasting News bathroom is making a #$#@ playlist for using the toilet.
icarta pod toilet potty
The one that really takes the cake is the iBuzz. You'll have to read the article to see what that accessory does.

Earlier today I noticed a link from Mike Torres to a press release from ComScore Media Metrix entitled The Score: Blogs Gain Favor Worldwide which states

In recent years blogs have garnered significant media coverage in the United States for their ability to reach a wide audience. With more than one-third of the online population in the United States visiting blogs within a given month, it is clear that the category has become mainstream. An analysis of blog penetration by country in North America and Western Europe shows that the popularity of blogs is a worldwide phenomenon.
  • Windows Live Spaces is the favorite blog site among the majority of countries studied, with 37 percent of all Canadians visiting the site in October 2006. had the highest penetration in the United States (12.4 percent) and Germany (9.7 percent), while the same was true for Skyblog in France (27.4 percent).

Interesting statistics although I wonder whether ComScore is including social networking sites like Bebo and MySpace in its reckoning. Based on how ComScore usually scores things my assumption is that they are going by number of unique users instead of page views which is where heavily trafficked social networking sites like Bebo and MySpace reign supreme.


Categories: Social Software | Windows Live

December 19, 2006
@ 02:02 PM

Brady Forrest over on the O'Reilly Radar blog just announced that Google Deprecates Their SOAP Search API where he states

In an odd move Google has quietly deprecated their Search SOAP API, will no longer be issuing keys, and have removed the SDK from their site. They did not even issue a blog post about it. They will continue (for how long?) to support existing users, but will not do any bug fixes. They are urging developers to use their AJAX Search API ((Radar post) instead.

The AJAX Search API is great for web applications and users that want to bling their blog, but does not provide the flexibility of the SOAP API. I am surprised that it has not been replaced with a GData API instead. The developer community has been discussing this and do not seem happy with the change. Discussion on the forums have pointed out that Yahoo! has a REST Search API. Live Search also has a SOAP API available.

I find it odd that Brady is surprised by this move. Brady used to work on the MSN Windows Live Search team working on APIs and he should know first hand that the value of Search APIs was always questioned. Unlike data APIs which extend the reach of a service and add value via network effects such as the MetaWeblog API, Flickr API or the API, the search APIs provided by the major search engines do no such thing. With the data APIs one can argue that making it easier for people to add content to sites increases their value, on the other hand making it easier for people to run search queries without seeing highly lucrative search ads doesn't make much business sense.

This reminds me of a quote from Bill Gates taken by Liz Gannes in her report Bill Gates on the Future of Web Apps which is excerpted below

We each got to ask Gates one question. I asked which applications he forecast to live within the browser and which outside of it.

He replied that the distinction would come to be silly from a technical standpoint, but that the necessary movement toward web APIs does present challenges on the business side. “One of the things that’s actually held the industry back on this is, if you have an advertising business model, then you don’t want to expose your capabilities as a web service, because somebody would use that web service without plastering your ad up next to the thing.”

His solution wasn’t very specific: “It’s ideal if you get business models that don’t force someone to say ‘no, we won’t give you that service unless you display something right there on that home page.”

The quote seems particularly relevant now when you consider that Google has replaced a web service with their AJAX Search API which is a widget that is easier to monetize. I'd also note that Scoble telegraphed that this move was coming in his post Google changes its monetization strategy toward a Microsoft one? which implies that Google AdSense will be bundled with usage of Google's search widgets.


December 15, 2006
@ 03:09 AM

Moishe Lettvin: Large companies and 'A' talent

But then I got an offer from Google and after a little bit of waffling (I was having much fun with the hackers) I started there back in January. And holy shit I hope I can convey to you what sort of geek heaven I'm in now.

Above I talked about NT4 being the "new hotness" back in '94 -- the guys who made it that way sit right next to me. In the same office. And that sort of expertise is everywhere here... it seems like every office is occupied by at least a couple of industry leaders, guys whose names you'd recognize if you're even a casual observer of geek culture.

Google's culture values independence and transparency of communication in ways I didn't think were possible at a large company. We've of course got our 20% time, but beyond that there's a sense that everyone here is competent enough and trustworthy enough to be clued in to many parts of the business -- not just engineering -- which would typically be hidden. That trust nets huge gains in loyalty and excitement.

There aren't many places in the world where you could can come up with the idea for a feature or product, implement it, and launch it to an audience of millions, with the infrastructure to support it. Yes, you can do it at a startup or on your own, but getting eyeballs and servers is non-trivial. For every YouTube there are hundreds of sites nobody's heard of.

Aaron Swartz: The Goog Life: how Google keeps employees by treating them like kids

The dinosaurs and spaceships certainly fit in with the infantilizing theme, as does the hot tub-sized ball pit that Googlers can jump into and throw ball fights. Everyone I know who works there either acts childish (the army of programmers), enthusiastically adolescent (their managers and overseers), or else is deeply cynical (the hot-shot programmers). But as much as they may want to leave Google, the infantilizing tactics have worked: they're afraid they wouldn't be able to survive anywhere else.

Google hires programmers straight out of college and tempts them with all the benefits of college life. Indeed, as the hiring brochures stress, the place was explicitly modeled upon college. At one point, I wondered why Google didn't just go all the way and build their own dormitories. After all, weren't the late-night dorm-room conversations with others who were smart like you one of the best parts of college life? But as the gleam wears off the Google, I can see why it's no place anyone would want to hang around for that long. Even the suburban desert of Mountain View is better.

Google's famed secrecy doesn't really do a very good job of keeping information from competitors. Those who are truly curious can pick up enough leaks and read enough articles to figure out how mostly everything works. But what it does do is create an aura of impossibility around the place. People read the airbrushed versions of Google technologies in talks and academic papers and think that Google has some amazingly large computer lab with amazingly powerful technology. But hang around a Googler long enough and you'll hear them complain about the unreliability of GFS and how they don't really have enough computers to keep up with the load.

"It's always frightening when you see how the sausage actually gets made," explains a product manager. And that's exactly what the secrecy is supposed to prevent. The rest of the world sees Google as this impenetrable edifice with all the mysteries of the world inside ("I hear once you've worked there for 256 days they teach you the secret levitation," explains xkcd) while the select few inside the walls know the truth -- there is no there there -- and are bound together by this burden.

The truth is always somewhere in between.


Mark Baker has a blog post entitled Validation considered harmful where he writes

We believe that virtually all forms of validation, as commonly practiced, are harmful; an anathema to use at Web scale. Specifically, our argument is this;
Tests of validity which are a function of time make the independent evolution of software problematic.

Why? Consider the scenario of two parties on the Web which want to exchange a certain kind of document. Party A has an expensive support contract with BigDocCo that ensures that they’re always running the latest-and-greatest document processing software. But party B doesn’t, and so typically lags a few months behind. During one of those lags, a new version of the schema is released which relaxes an earlier stanza in the schema which constrained a certain field to the values “1″, “2″, or “3″; “4″ is now a valid value. So, party B, with its new software, happily fires off a document to A as it often does, but this document includes the value “4″ in that field. What happens? Of course A rejects it; it’s an invalid document, and an alert is raised with the human adminstrator, dramatically increasing the cost of document exchange. All because evolvability wasn’t baked in, because a schema was used in its default mode of operation; to restrict rather than permit.

This doesn't seem like a very good argument to me. The fact that you enforce that the XML documents you receive must follow a certain structure or must conform to certain constraints does not mean that your system cannot be flexible in the face of new versions. First of all, every system does some form of validation because it cannot process arbitrary documents. For example an RSS reader cannot do anything reasonable with an XBRL or ODF document, no matter how liberal it is in what it accepts. Now that we have accepted that there are certain levels validation that are no-brainers the next question is to ask what happens if there are no constraints on the values of elements and attributes in an input document. Let's say we have a purchase order format which in v1 has a <currency> element which can have a value of "U.S. dollars" or "Canadian dollars" then in v2 we now support any valid currency. What happens if a v2 document is sent to a v1 client? Is it a good idea for such a client to muddle along even though it can't handle the specified currency format?

As in all things in software, there are no hard and fast rules as to what is right and what is wrong. In general, it is better to be flexible rather than not as the success of HTML and RSS have shown us but this does not mean that it is acceptable in every situation. And it comes with its own set of costs as the success of HTML and RSS have shown us. :)

Sam Ruby puts it more eloquently than I can in his blog post entitled Tolerance.


Categories: XML | XML Web Services

December 14, 2006
@ 05:09 PM

I've noticed that some problems with viewing feeds of sites hosted on TypePad for the past few months in RSS Bandit. The problem was that every other post in a feed would display raw markup instead of correctly rendered HTML. I decided to look into the problem this morning and tracked down the problem. Take a look at Here are relevant excerpts from the feed

<content type="html" xml:lang="en-ca" xml:base="">
&lt;div xmlns=&quot;;&gt;&lt;p&gt;&&nbsp;&lt;/p&gt;
&lt;div style=&quot;text-align: center;&quot;&gt;&lt;a href=&quot;;&gt;&lt;img border=&quot;0&quot; src=&quot;; style=&quot;padding-bottom: 6px;&quot; /&gt;&lt;/a&gt;&lt;/div&gt;
&lt;p&gt;It&#39;s now easier than ever to spread joy this holiday season by giving the &lt;a href=&quot;;&gt;&lt;strong&gt;Gift of Flickr&lt;/strong&gt;&lt;/a&gt;. You can purchase a special activation code that you can give to anyone, whether or not they have an existing Flickr account. We&#39;ve even created a special Gift Certificate card that you can print out yourself, fold up and stuff in a stocking, under a tree or hidden away for after the candles are lit (of course, you can also send the gift code in an email).&lt;/p&gt;

&lt;p&gt;And it&#39;s even better to give the gift of Flickr since now your recipients will get &lt;a href=&quot;;&gt;&lt;strong&gt;unlimited uploads&lt;/strong&gt;&lt;/a&gt; — the two gigabyte monthly limit is no more (&lt;em&gt;yep, pro users have no limits on how many photos they can upload&lt;/em&gt;)! At the same time, we&#39;ve upped the limit for free account members as well, from &lt;a href=&quot;;&gt;&lt;strong&gt;20MB per month up to 100MB&lt;/strong&gt;&lt;/a&gt; (yep, five times more)!&lt;/p&gt;

&lt;p&gt;The Flickr team also wants to take this opportunity to thank you for a wonderful year and wish you and yours all the best of the season. Yay!&lt;/p&gt;&lt;/div&gt;
<content type="xhtml" xml:lang="en-ca" xml:base="">
<div xmlns=""><p><a href="" title="Photo Sharing"><img width="500" height="357" border="0" src="" alt="Dec 2 2006 208 copy" /></a></p>

<p><a title="Photo Sharing" href=""><img width="500" height="375" border="0" alt="riding" src="" /></a></p>

<p>See more photos in the <a href="">"Berkeley," "Stanford," "big game" cluster</a>.</p>

<p>Photos from <a href="" title="Link to caryniam's photos">caryniam</a> and <a title="Link to mrtwism's photos" href="">mrtwism</a>.</p></div>

So the first mystery is solved. The reason some posts look OK and some don't is that for some reason TypePad seems to alternate between escaped HTML and well-formed XHTML as the content of an entry in the feed. When the feed uses well-formed XHTML the item looks fine but when it uses escaped HTML it looks like crap. The next question is why the items aren't rendered correctly when escaped HTML is used.

So I referred to section 3.1 of the Atom 0.3 specification and saw the following

3.1.2  "mode" Attribute

Content constructs MAY have a "mode" attribute, whose value indicates the method used to encode the content. When present, this attribute's value MUST be listed below. If not present, its value MUST be considered to be "xml".

A mode attribute with the value "xml" indicates that the element's content is inline xml (for example, namespace-qualified XHTML).
A mode attribute with the value "escaped" indicates that the element's content is an escaped string. Processors MUST unescape the element's content before considering it as content of the indicated media type.
A mode attribute with the value "base64" indicates that the element's content is base64-encoded [RFC2045]. Processors MUST decode the element's content before considering it as content of the the indicated media type.

To prevent aggregators from having to use their psychic powers to determine when an item contains plain text or escaped HTML, the Atom folks introduced a mode attribute that indicated whether the content should be treated as is or should be unescaped. As you can see the default value for this is not "escaped". Since the TypePad Atom feeds do not state that the HTML content is escaped then the aggregator is not expected to unescape the content before rendering it. Second mystery solved. Buggy feeds are the culprit. 

Even though these feeds are broken it is probably faster for me to special case feeds fromTypePad than trying to track down and convince the folks at SixApart that this is a bug worth fixing. This issue will be fixed in the next beta of the Jubilee release of RSS Bandit.


December 13, 2006
@ 03:05 AM

Six Months Ago: 10 people who don't matter

Mark Zuckerberg
Founder, Facebook
In entrepreneurship, timing is everything. So we'll give Zuckerberg credit for launching his online social directory for college students just as the social-networking craze was getting underway. He also built it right, quickly making Facebook one of the most popular social-networking sites on the Net. But there's also something to be said for knowing when to take the money and run. Last spring, Facebook reportedly turned down a $750 million buyout offer, holding out instead for as much as $2 billion. Bad move. After selling itself to Rupert Murdoch's Fox for $580 million last year, MySpace is now the Web's second most popular website. Facebook is growing too - but given that MySpace has quickly grown into the industry's 80-million-user gorilla, it's hard to imagine who would pay billions for an also-ran.

Today: Yahoo’s “Project Fraternity” Docs Leaked

At Yahoo, the long running courtship has lasted at least as long as this year, and is internally referred to as “Project Fraternity.” Leaked documents in our possession state that an early offer was $37.5 million for 5% of the company (a $750 million valuation) back in Q1 2006. This was rejected by Facebook.

Things really heated up mid year. Yahoo proposed a $1 billion flat out acquisition price based on a model they created where they projected $608 million in Facebook revenue by 2009, growing to $969 million in 2010. By 2015 Yahoo projects that Facebook would generate nearly $1 billion in annual profit. The actual 2006 number appears to be around $50 million in revenue, or nearly $1 million per week.

These revenue projections are based on robust user growth. By 2010, Yahoo assumes Facebook would hit 48 million users, out of a total combined highschool and young adult population of 83 million.

Our sources say that Facebook flatly rejected the $1 billion offer, looking for far more. Yahoo was prepared to pay up to $1.62 billion, but negotiations broke off before the offer could be made.


Nick Bradbury, the author of the excellent FeedDemon RSS reader, has a blog post entitled Simplicity Ain't So Simple, Part II: Stop Showing Off where he writes

One mistake I see developers make over and over again is that we make a feature look complicated just because it was hard to create.
For example, the prefetching feature I blogged about last week hasn't been easy to create.  This feature prefetches (downloads) links and images in your feeds so that they're browse-able inside FeedDemon when you're working offline.  It works in the background so you can keep using FeedDemon while it does its business, and it's smart enough to skip web bugs, links to large downloads, and other items that shouldn't be cached (including items that have already been cached in a previous session).

It didn't seem like a complex feature when I started on it, but it ended up being a lot more work than I anticipated.  It could easily be an application all by itself, complete with all sorts of configurable options.

But instead of turning this feature into a mini-application, I demoted it to a lowly menu item

I've had that feeling recently when thinking about a feature I'm currently working on as part of podcasting support in RSS Bandit. The feature is quite straightforward. It is the ability for users to specify a maximum amount of space dedicated to podcasts on computer to prevent their hard drive from filling up with dozens of gigabytes of ScobleShow and Channel 9 videos. Below is a screenshot of what the option looks like.

As I started to implement this feature every question I asked myself led to two or three more questions and the complexity just spiralled. I started with the assumption that we'd enforce the download limit before files were downloaded. So if you have allocated 500MB as the maximum amount of space dedicated to podcasts and you attempt to download (200MB), funny_song.mp3 (5MB) and scary_short_movie.mpg (300MB) in order then we will issue a warning or an error indicating that there won't be enough room to download the last file before attempting to download it. Here's where I got my first rude awakening; there's no guaranteed way to determine the size of the file before downloading. There is a length attribute of the <enclosure> element but it sometimes doesn't have a valid value in certain podcast feeds. Being a Web geek, I thought to myself "Ha, I can always fall back on making an HTTP HEAD request and then reading the Content-Length header". It turns out this isn't always guaranteed to be set either.

So now we have the possibility that the user could initiate three downloads which would exceed the 500MB she has allocated to enclosures. The next question was when to enforce the limit on the files being downloaded. Should we wait until the files have finished downloading and then fail when we attempt to move the downloaded file from the temporary folder to the user specified podcast folder? Or should we stop downloads as soon as we hit 500MB regardless of the state of the downloaded files which means we'll have to regularly collate the size of all pending downloads and add that to the size of all downloads in the podcast folder to ensure that we aren't over the limit? I was leaning towards the former but when I talked to Torsten he pointed out that it seems like cheating if I limit the amount of space allocated to podcasts to 500MB but they could actually be taking over 1GB on disk because I have four 300MB files being downloaded simultaneously. Unfortunately for me, I agreed. :)

Then there's the question of what to actually do when the limit is hit. Do we prompt the user to delete old files, if so what interface do we provide the user to make the user flow sensible and not irritating? Especially since some of the files will be podcasts in the podcast folder and others will be incomplete files that are pending downloads in a temp folder. Yeah, and it goes on and on.

However all our users will see is that one checkbox and field to enter the numeric value.


Categories: RSS Bandit

December 12, 2006
@ 02:29 AM

I've had a number of people mention the article about Steve Berkowitz and MSN/Windows Live in the New York Times entitled Looking for a Gambit to Win at Google's Game which contains a bunch of choice negative quotes about our products supposedly from Steve Berkowitz. The article starts of without pulling punches as you can see from the following excerpt

The pressure is on for Mr. Berkowitz to gain control of Microsoft’s online unit, which by most measures has drifted dangerously off course. Over the last year, its online properties have lost users in the United States. The billions of dollars the company has spent building its own search engine have yet to pay off. And amid a booming Internet market, Microsoft’s online unit is losing money.

Google, meanwhile, is growing, prospering, and moving increasingly onto Microsoft’s turf.

Microsoft lost its way, Mr. Berkowitz says, because it became too enamored with software wizardry, like its new three-dimensional map service, and failed to make a search engine people liked to use.

A lot of decisions were driven by technology; they were not driven by the consumer,” he said. “It isn’t always the best technology that wins. It is the best experience.”
Mr. Berkowitz does not defend the brand choice he inherited.

“I don’t know if Live is the right name,” he said, saying he had not decided what to do about it. But before he gets around to deciding whether to change the brand, he wants to make Microsoft’s search engine itself more appealing to consumers.

What he did decide was to keep the MSN name afloat, too, as it is well known and its various services have 430 million users around the world. He promoted Joanne K. Bradford, Microsoft’s head of advertising sales, to oversee and revive the MSN portal.

Definitely some harsh words attributed to our corporate VP which has led some Windows Live watchers to wonder whether the brand is going to be tossed. I'm going to ignore the obvious flame bait of seeing an article claiming that one of our corporate vice presidents criticized what is probably the only best of breed online service we provide (i.e. and just focus on an implicit yet incorrect assumption carried throughout the article. The assumption is that Steve Berkowitz runs Windows Live.

I've commented on our org chart before but here is a refresher course for the reporters and bloggers out there that feel compelled to write about Windows Live and MSN. If you go back to the press release after our last major reorg Microsoft Realigns Platforms & Services Division for Greater Growth and Agility you'll notice that it beaks out Microsoft's internet business into the following three pieces

Windows and Windows Live Group
With Sinofsky in charge, the Windows and Windows Live Group will have engineering teams focused on delivering Windows and engineering teams focused on delivering the Windows Live experiences. Sinofsky will work closely with Microsoft CTO Ray Ozzie and Blake Irving to support Microsoft’s services strategy across the division and company.
Windows Live Platform Group
Blake Irving will lead the newly formed Windows Live Platform Group, which unites a number of MSN teams that have been building platform services and capabilities for Microsoft’s online offerings. This group provides the back-end infrastructure services, platform capabilities and global operational support for services being created in Windows Live, Office Live, and other Microsoft and third-party applications that use the Live platform. This includes the advertising and monetization platforms that support all Live service offerings.
Online Business Group
The new Online Business Group includes advertising sales, business development and marketing for Live Platforms, Windows Live and MSN — including, MSNTV and MSN Internet Access. David Cole, senior vice president, will lead this group until his successor is named before his leave of absence at the end of April. [Dare - Steve Berkowitz is the replacement]

As you can see from the above press release you'll note that Steve Berkowitz owns the sales, marketing and business aspects of Windows Live but not the products themselves. Steven Sinofsky and his subordinates, specifically Chris Jones and Christopher Payne, are responsible for Windows Live. Although Steve Berkowitz is probably the right guy to talk to about the marketing and branding of Windows Live, he probably isn't the right person to talk to about the future of Windows Live products like search (holla at Christopher Payne) or email/IM/blogging (talk to Chris Jones).

I find it interesting to see articles like NY Times: Will Berkowitz keep Windows Live? because I think although things are confusing now with two poorly differentiated and overlapping brands, it would send out the wrong signal to the the market, our competitors and our customers if we decided to go back to the MSN brand for all our online services. What do you think? 


Categories: MSN | Windows Live

Keith Teare of Edgeio has a blog post entitled De-portalization and Internet revenues where he writes

7. Publisher driven revenue models will increasingly replace middlemen. There will be no successful advertiser driven models in the foothills, only publisher centric models. Successful platform vendors will put the publisher at the center of the world in a sellers market for eyeballs. There will be more publishers able to make $180,000 a month.
8. Portals will need to evolve into platform companies in order to participate in a huge growth of Internet revenues. Service to publishers will be a huge part of this. Otherwise they will end up like Infospace, or maybe Infoseek. Relics of the past.
9. Search however will become more important as content becomes more distributed. Yet it will command less and less a proportion of the growing Internet traffic.
10. Smart companies will (a) help content find traffic by enabling its distribution. (b) help users find content that is widely dispersed by providing great search. (c) help the publishers in the rising foothills maximize the value of their publications.

I find Keith's post interesting especially when juxtaposed against Fred Wilson's take on how the big Web companies like Yahoo! can relate to this trend in his blog post The De-Portalization of the Internet (aka What I Would Do If I Were Running Yahoo!) where he writes

Today, we shop directly with the Internet merchants we like or we use a shopping search engine to find what we want. We can look for jobs on Indeed, meet people on MySpace or Facebook, find roomates on Craigslist, and use Meebo for instant messaging. It's rarely true that the best of breed service exists on a "portal". The portals continue to buy best of breed services like Flickr, but now they let the service continue to exist on the web with its own look and feel and URL structure.
So if you buy that the web has been de-portalized, what do you do if you run the largest portal in the world? I think its pretty simple actually. Yahoo! needs to offer its users and customers (advertisers) the ability to get the same experience they get on Yahoo! all over the web. They need to stop thinking about keeping their audience on and start thinking about serving their audience wherever they are on the web. They need to stop thinking about selling ads on and start thinking about selling ads all over the web.
So what are some concrete things they need to do? Well first, they need to improve their search service. On a de-portalized web, it all starts with search. I never hear of companies that have 80 percent of their traffic coming from Yahoo! I hear of companies all the time that have 80 percent of their traffic coming from Google. Yahoo! may have 28% of all Internet searches, but for some reason that I am not sure I completely understand, Yahoo! does not generate 28% of Internet traffic.
And Yahoo! needs to get its YPN (Yahoo! Publisher Network) service in gear. They need to offer advertisers the ability to reach people when they are not on Yahoo! They've done some things recently, like the eBay partnership, that suggest they are headed in that direction. But I would urge them to move faster in this direction than they are moving now. It might mean buying some ad networks instead of just investing in them.

This is probably the best advice I've seen on this topic and one I'm sure a lot of folks over here at MSN Windows Live would nod their heads in agreement as they read Fred's advice. The one thing missing from Fred's advice is how exactly Yahoo! should "offers its users and customers (advertisers) the ability to get the same experience they get on Yahoo! all over the web". I'm not sure Fred realizes it but Yahoo! is already halfway there if you look at a number of their initiatives. For one, there are the numerous APIs for Yahoo! services which enable websites and Yahoo! users to incorporate Yahoo! content and services wherever they want on the Web. More importantly, there is now Yahoo! Browser Based Authentication (BBAuth) which is a low cost way for any site on the Web to appear to end users as a member of the Y! network of services since it accepts Yahoo! credentials. Yahoo! is making a lot of the right moves, their big problem now seems to be whether they can evangelize market these initiatives to their customers and other websites in a way that increases adoption. Ideally, they need to show websites how to make that $$$ by partnering with Yahoo!, Google has the advantage in that they have lead with providing $$$ to websites outside their network and now have in that is difficult to beat when it comes to "giving users the Google experience wherever they are on the Web". One could argue that Google Custom Search Engine is a good example of Google embracing the de-portalization trendin the only Google service that end users actually care about.

When it comes to the importance of search, one thing to note is how delicate of a position the major commercial sites such as Amazon and eBay are in. The pattern with the major portals search engines is that they look for what customers are searching a lot for and then provide that as a service. Witness Google's integration of Google Video into the main search page when they realized how much traffic they were sending to YouTube. However the YouTube brand was too strong to be defeated by such tactics and eventually Google purchased the site instead of competing with it. Thus far, Google has embraced de-portalization by providing ads for commercial sites like Amazon but what happens when they realize that they send a ton of traffic to the Amazon and could be getting a cut of the referral fees? I'd keep an eye on Google Checkout if I worked at Amazon or eBay. I suspect that it is just a matter of time before paying the Google tax will be part of the cost of doing business on the Web, in the same way giving Google a cut of your advertising revenues (i.e. being a Google AdSense customer) is almost a given when venturing into the content business on the Web today.

Embracing de-portalization means becoming the ultimate middle man. I remember when erecting Internet Toll Booths was a bad thing. ;) 


December 11, 2006
@ 02:03 PM

Edd Dumbill has a blog post entitled Afraid of the POX? where he writes

The other day I had was tinkering with that cute little poster child of Web 2.0, Flickr. Looking for a lightweight way to incorporate some photos into a web site, I headed to their feeds page to find some XML to use.
The result was interesting. Flickr have a variety of outputs in RSS dialects, but you just can't get at the raw data using XML. The bookmarking service is another case in point. My friend Matt Biddulph recently had to resort to screenscraping in order to write his tag stemmer, until some kind soul pointed out there's a JSON feed.

Both of these services support XML output, but only with the semantics crammed awkwardly into RSS or Atom. Neither have plain XML, but do support serialization via other formats. We don't really have "XML on the Web". We have RSS on the web, plus a bunch of mostly JSON and YAML for those who didn't care for pointy brackets.

Interesting set of conclusions but unfortunately based on faulty data. Flickr provides custom XML output from their Plain Old XML over HTTP APIs at as does from its API at If anything, this seems to indicate that old school XML heads like Edd have a different set of vocabulary from the Web developer crowd. It seems Edd did searches for "XML feeds" from these sites then came off irritated that the data was in RSS/Atom and not custom XML formats. However once you do a search for "API" with the appropriate service name, you find their POX/HTTP APIs which provide custom XML output.

The morale of this story is that "XML feeds" pretty much means RSS/Atom feeds these days and is not a generic term for XML being provided by a website.

PS: This should really be a comment on Edd's blog but it doesn't look like his blog supports comment.

Categories: XML

One of the interesting things about Microsoft is that the company is so big that it is quite possible to be working on similar ideas to other groups in the company without significantly exchanging information or cross pollinating ideas. Earlier this week, I was at a cross-divisional information sharing event where I got to see where a lot of products were going with integrating the ideas from social software trends on the Web into their products.

One of the presentations I was most impressed with was the one forthe Knowledge Network for Microsoft Office SharePoint Server 2007. This is a product that integrates with enables people at a company to

  • Discover who knows what and who knows whom within an organization. Quickly and easily locate people by subject expertise or social relationships with key contacts or companies.
  • Simplify creating automated user profiles for each member of the network. Knowledge Network automates the discovery and sharing of undocumented knowledge and relationships for each member in the network. The user-customizable automated profile is secure and requires member approval before it is shared.
  • Effectively search and pinpoint individuals. Knowledge Network provides the ability to connect with internal and external contacts, and calculates the shortest social distance between any two people in the network.

The problem of discovering people with subject matter expertise is a big one at a company like Microsoft with over 70,000 employees. How do you track down the best person to send feedback about Windows Live Spaces or ask a question about some of the idiosyncracies of C#? Knowledge Network attempts to address this in two ways. Recently I was on a mail thread where some folks suggested building a database of employees and annotating it with tags that identified certain attributes or skills of these employees such as the products they worked on, technologies they were experts at and so on. People quickly pointed out that asking people to create a profile of themselves on an internal site then tag themselves is a hassle that few would undertake. What many people on the mail thread [including myself] didn't realize is that Knowledge Network is actually targetted at exactly this scenario. To get over the boot strapping problem, the Knowledge Network client application indexes your email inbox and extracts two sets of information from it (a) a graph of your professional relationships based on who you exchange mail with regularly and (b) a set of keywords that describes subject matter your regularly communicate about. This information can then be uploaded to your company intranet's "People Search" feature where people can then search for you by tags keywords and then once they find you can then ask "Show Me How I Am Connected to this Person" which uses information gleaned from the org chart and email chains to figure out how your social networks overlap. This is seriously cool stuff. 

Although I had heard of the Knowledge Network product I haven't been deeply familiar with it which seems really unfortunate given that a lot of the kinds of social networking features I've been thinking about for Windows Live would benefit from the ideas I've seen implemented by the Knowledge Network team and Sharepoint. If only there was a way I can search for and browse people working on "social networking" technologies at Microsoft so I don't miss information like this in future. :)  I wonder if I can subscribe to an RSS feed of "People Search" results so I can keep track of when new people that have been tagged as "social networking" enter the system (i.e. join the company or start working on a new product). I need to investigate or propose this as a feature if it isn't already there. 

By the way, the Knowledge Network folks have a team blog at which has a lot of informative posts about their product such as What is Knowledge Network and Why Should You Care? and How KN Integrates with SharePoint. Definitely add their blog to your news reader if you are interested in social networking within the enterprise.


December 8, 2006
@ 04:59 PM

From Jon Udell's blog post entitled A conversation with Jon Udell about his new job with Microsoft he writes

Q: Your new job is with Microsoft?

A: That's right. My last day at InfoWorld will be Friday Dec 15. On Jan 15, after a month-long sabbatical, I'll become a Microsoft employee. My official title will be Evangelist, and I'll report to Jeff Sandquist. He's the leader of the team that creates Channel 9 and Channel 10, websites that feature blogs, videos, screencasts, and podcasts for Microsoft-oriented developers.

Q: What will your role be?

A: The details aren't nailed down, but in broad terms I've proposed to Microsoft that I continue to function pretty much as I do now. That means blogging, podcasting, and screencasting on topics that I think are interesting and important; it means doing the kinds of lightweight and agile R&D that I've always done; and it means brokering connections among people, software, information, and ideas -- again, as I've always done.

Q: Why are you doing this?

A: I'm often described as a leading-edge alpha geek, and that's fair. I am, and probably always will be, a member of that club. But I'm also increasingly interested in reaching out to the mainstream of society.

For those of us in the club, it's a golden age. With computers and networks and information systems we can invent new things almost as fast as we can think them up. But we're leaving a lot of folks behind. And I'm not just talking about the digital divide that separates the Internet haves from the have-nots. Even among the haves, the ideas and tools and methods that some of us take for granted haven't really put down roots in the mainstream.

I had dinner with Jon a couple of weeks ago when he came up to Microsoft for interviews and I was impressed with the plan he described for the future of his career. I was pretty sure that once anyone interviewing him spent even a few minutes talking to him they'd be convinced they'd found the right person for the job, even though the job was Jon's idea. I was honored that Jon contacted me to talk to me about his plans and have been on pins & needles wondering if the folks at Microsoft would hire him or not.

Congrats to Jeff Sandquist. First Rory, now Jon Udell. You're hiring all the right folks.


Categories: Life in the B0rg Cube

December 7, 2006
@ 01:27 AM

Via Sam Ruby's blog post entitled Equal Time I noticed that there has been an interesting conversation brewing about message security and RESTful Web services between Pete Lacey and Gunnar Peterson. However they both seem to be cherry picking parts of each others arguments to dispute which reduces some the educational value of their posts.

Gunnar Peterson started the discussion going with his post REST Security (or lack thereof) where he writes

So the whole REST security thing just gets funnier, the S for Simple folks forget that S also stands for security. Here was a response to my post on the fact that people who say REST is simpler than SOAP with WS-Security conveniently ignore things like, oh message level security:

HTTP Basic or HTTP Digest or SSL (certificate-based) for authentication. SSL for encryption and digital signatures. You know, the way we've been doing things since 1995.

Where to start? Right, it was state of the art in 1995. no bout a doubt it. The world has moved on slightly since then. You know a couple 97 million stolen identities, endless phishing/pharming (growing double digit pct each month), malware taking 60% cpu utilization on consumer desktops. You know little stuff like that
Now if you are at all serious about putting some security mechanisms in to your REST there are some good examples. One being Amazon's developer tokens using HMAC for authentication at the message level (you know where the data is). But if you are going to say that REST is so much simpler than SOAP then you should compare REST with HMAC, et. al. to the sorts of encryption and signature services WS-Security gives you and then see how much simpler is. And, you know, maybe even see, oh golly gee I don't know, which one protects your customers' data better? Until then, we'll just continue (as Gene Spafford said) using an armored car to deliver between someone living in a cardboard box and someone living on a park bench.

Gunnar has a good point which he ruins with some of his examples. The point being that HTTP authentication and SSL aren't the be all and end all of securely communicating on the Web. However his examples of spyware and phishing are unrelated to his point and end up harming his argument. For one, there's nothing one can do at the service security layer to protect against a user that has malware running on their computer. Once the user's machine has been compromised, it is over. As for phishing, that is a problem that relies on the unique combination of social engineering and the unfortunate characteristics of email readers and Web browsers. Phishing is not really an architectural problem that affects machine to machine interaction via Web service. It is an end user problem of the HTML Web.

In Pete Lacey's response entitled RESTful Security he writes

Gunnar notes that the world has moved past SSL etc., and cites as examples identity theft, phishing/pharming, and malware. But these security threats are completely orhtogonal to the security concerns SSL addresses. Ditto, I might add, WS-Security. Both of these standards address identity propagation, message encryption, and message integrity only, and neither will protect you from the threats just mentioned. Security is a BIG subject and the areas covered by SSL and WS-Security are just one small part of it. We also need good practices around securing persisted data (and what data to persist); education to prevent social engineering attacks; properly designed operating systems that won’t run anything with a .exe extension or run needless services; developers who are cognizant of buffer overflows, SQL injection, and cross-site scripting attacks; properly managed perimeter defenses; and so on and so on.
With all of that behind us, I can get on to what seems to be Gunnar’s main point and the only significant difference (outside of the whole simplicity and interoperability thing) between SSL and WS-Security. And that is that SSL provides transport level, point-to-point security while WSS provides message level, end-to-end security. That’s true, but that doesn’t provide WSS with magical security powers, it just solves a different problem. Nor does it relegate SSL to the scrap heap of history. SSL is not a security panacea–nothing is, but it does what it is does very well. Regardless, there is nothing in REST that prohibits the use of message-level encryption, though the mechanism–should it be needed–would need to be spec’d out.

I’m not dismissing WSS, it’s a perfectly adequate specification for what it does (though it requires the WS-I Security Profile to introduce enough constraints to provide a reasonable chance of interoperability). But the value of message level security should still be questioned. For one thing, what’s the business case? If message-level encryption is so important, why isn’t anyone using it? When Burton Group queried its clients as to their use of WSS, it was found that the only use was to pass identity tokens over HTTPS. When I was working at Systinet (now HP) I vividly recall the WASP (not Systinet Server for Java) product manager spitting nails because his team had just spent six months implementing WSS at our customer’s request and no one–not even those who requested the feature–was using it. Also, this is not the first time message level security has been proposed. When I was working at Netscape back in 1997 I spent a fair amount of my time advocating for S/MIME. Now, nearly ten years later, how many people are using S/MIME to secure their email? And how many are using SSL? Exactly.

I tend to agree with Pete Lacey that a lot of the people who claim that they need message level security actually are fine with the transport level security provided by SSL. Message level security is primarily needed if the message will be passing through hostile intermediaries without secure point-to-point communications between the sender and receiver. But how often does that really happen on the Web? One could argue that the vaunted example by Gunnar Peterson, Amazon Web Services which utilize HMAC-SHA1 hashes of a developer's secret key for authentication could just as easily have been implemented using SSL. After all, man-in-the-middle attacks are prevented in both examples. If the issue is what happens if the sender's machine has been compromised (e.g. by malware) then both approaches fall down flat.

That said, there are times when one has to author an application where the message has to pass through potentially hostile intermediaries and message level security is needed. I've actually had to deal with one such situation in my day job so I know that they are real although I doubt that there are many that will encounter the exact same problem that we did at work.

Once you get to that point, the tough problems are usually around key exchange, key protection and key revokation not around the niceties of whether you should roll your own usage of XML Signatures or should go with a fully featured yet inconsistently implemented protocol like WS-Security. Using the Amazon Web Services as an example, I couldn't find any information on how to protect my secret key beyond admonitions "not to send it around in email" nor did I find any mechanism to revoke or reissue my secret key if it became compromised. As a Web service developer, you'll likely spend more time worrying about those issues than you will figuring out how to integrate signing or encryption of XML documents into your RESTful Web Service.


Categories: XML Web Services

Linking to Niall Kennedy's blog reminded me that I owed him an email response to a question he asked about a month ago. The question asked what I thought about the diversity of speakers at the Widgets Live conference given my comments on the topic in my blog post entitled Who Attends 'Web 2.0' Conferences

After thinking about it off and on for a month, I realize that I liked the conference primarily because of its content and focus. The speakers weren't the usual suspects you see at Web conferences nor were they homogenous in gender and ethnic background. I assume the latter is a consequence of the fact that the conference was about concrete technical topics as opposed to a gathering to gab with the hip Web 2.0 crowd which meant that the people who actually build stuff were there...and guess what they aren't all caucasian males in their 20s to 30s, regardless of how much conferences like The Future of Web Apps and Office 2.0 pretend otherwise.

This is one of the reasons I decided to pass on the Web 2.0 conference this year. It seems I may have made the right choice given John Battelle's comments on the fact that a bunch of the corporate VP types that spoke at the conference ended up losing their jobs the next week. ;)


Categories: Trip Report

December 6, 2006
@ 02:50 AM

Niall Kennedy has been on a roll in the past couple of weeks. He has a blog post entitled Brands will be widgetized, but who is the author? which tackles the interesting problem of widgets, branding and customer confusion. He writes

Sites with personal user data placed behind a username and password may be subject to new types of phishing attacks from the widget web. A user will likely locate your service's widget through the widget provider's directory, searching for terms such as "Gmail" and "eBay" to access their latest mail messages or watched auction items. These widgets will prompt the user for their login information before delivering personalized information from each service, leaving the trust of a brand in the hands of a third-party developer who may or may not act in the best interest of the data provider.

If Google Mail and eBay worked directly with the large widget producers to establish certified or trusted widget status they could reduce opportunities available for third party widgets offering enticing functionality to send messages to a remote server with collected user data. The trusted, certified, or verified seals provided by each widget platform is one way to ensure users receive the official product and not a knock-off.

This issue has been rattling around in my head ever since I wrote a Flickr gadget and a Blufr gadget for Windows Live Spaces. After all, I don't work for either company yet here I am writing gadgets that are being used by hundreds of users in their name. Who ends up getting the taint if my gadget is buggy or causes some problems for the user? Me or Flickr? What happens if legitimate looking gadgets like mine are actually fronts for phishing attacks? How can Flickr protect their users and their brand from malicious or just plain sloppy developers? I like the idea of the major widget galleries like Windows Live Gallery, Yahoo! Widget Gallery and Spring Widgets coming up with a notion of trusted or certified gadgets but it seems like an unfortunate hoop that web sites now need to jump through to police their brands on the various widgets sites on the Web.  Reminds me of trademark holders having to rush to register their brand name as a domain whenever new TLDs are opened up.

PS: This is one of the reasons you don't see a bunch of Windows Live gadgets out there today. The brand dilution and phishing problem is a real one that worries lots of folks over here.


If you are a reggular reader of Slashdot you probably stumbled on a link to the Groklaw article Novell "Forking" by Pamela Jones. In the article, she berates Novell for daring to provide support for the Office Open XML formats in their version of OpenOffice.

Miguel De Icaza, a Novell employee, has posted a response entitled OpenOffice Forks? where he writes

Facts barely matter when they get in the way of a good smear. The comments over at Groklaw are interesting, in that they explore new levels of ignorance.

Let me explain.

We have been working on OpenOffice.Org for longer than anyone else has. We were some of the earliest contributors to OpenOffice, and we are the largest external contributor to actual code to OpenOffice than anyone else.
Today we ship modified versions of OpenOffice to integrate GStreamer, 64-bit fixes, integrate with the GNOME and KDE file choosers, add SVG importing support, add OpenDMA support, add VBA support, integrate Mono, integrate fontconfig, fix bugs, improve performance and a myriad of others. The above url contains some of the patches that are pending, but like every other open source project, we have published all of those patches as part of the src.rpm files that we shipped, and those patches have eventually ended up in every distribution under the sun.

But the problem of course is not improving OpenOffice, the problem is improving OpenOffice in ways that PJ disapproves of. Improving OpenOffice to support an XML format created by Microsoft is tantamount to treason.

And of course, the code that we write to interop with Office XML is covered by the Microsoft Open Specification Promise (Update: this is a public patent agreement, this has nothing to do with the Microsoft/Novell agreement, and is available to anyone; If you still want to email me, read the previous link, and read it twice before hitting the send button).

I would reply to each individual point from PJ, but she either has not grasped how open source is actually delivered to people or she is using this as a rallying cry to advance her own ideological position on ODF vs OfficeXML.

Debating the technical merits of one of those might be interesting, but they are both standards that are here to stay, so from an adoption and support standpoint they are a no-brainer to me. The ideological argument on the other hand is a discussion as interesting as watching water boil. Am myself surprised at the spasms and epileptic seizures that folks are having over this.

I've been a fan of Miguel ever since I was a good lil' Slashbot in college. I've always admired his belief in "Free" [as in speech] Software and the impact it has on people's lives as well as the fact that he doesn't let geeky religious battles get in the way of shipping code. When Miguel saw good ideas in Microsoft's technologies, he incorporated the ideas into Bonobo and Mono as a way to improve the Linux software landscape instead of resorting to Not Invented Here syndrome.

Unfortunately, we don't have enough of that in the software industry today.


Categories: Mindless Link Propagation | XML

December 5, 2006
@ 02:53 PM

I'm a big fan of alcopops but it seems like everytime I settle on one I like, it stops being carried in my local grocery stores. Here's my list so far

  1. Mike's Hard Iced Tea [relegated to urban legend]
  2. Brutal Fruit [discontinued]
  3. Bacardi Silver O3 [tasty and hard to find]
  4. Hornsby's Amber Hard Cider [so far so good]
This is just my way of warning you folks out there that if you like Hornsbys Amber Hard Cider you better stock up because given my luck it's going to be discontinued in the next couple of months. :)

Categories: Personal | Ramblings

December 5, 2006
@ 01:26 PM

Any Zune owners got any good stories about using the music sharing feature yet? The Zune ads make it looks so cool but I wonder how it actually works out socially. Do people ask each other for songs or is it more like the comic strip above?

Categories: Music

By now, hard core RSS Bandit fans have found out that the installer for the Jubilee release of RSS Bandit is available. A bunch of people have tried it out and given us a lot of good feedback on how some of our new features can be tweaked to make them even better. One of the places we got good feedback [and bug reports] has been our behavior when automatically downloading podcasts from a feed. One signficant bug is that in the beta, RSS Bandit doesn't keep track of what enclosures it has previously downloaded so it may download the same enclosures several times. However, even with this bug fixed we realized there is a problem when one first subscribes to a podcast feed especially if the feed has videos such as Microsoft's Channel 9. On the first time subscribing to that feed, RSS Bandit would automatically start downloading 2-3 gigabytes of videos from the site since that's how many are exposed in the feed. This seems like a bad thing, so we added two new options which are shown in the screenshot below

My main question is what default values we should use. I was thinking 'Only download the last 2 podcasts' and 'Only download files smaller than 500MB' as the defaults. What do you guys think?


Categories: RSS Bandit

From the blog post on the Windows Live Search team's blog entitled Search on the Go with Live Search for Mobile Beta we learn

we’re proud to announce three new ways to search on the go:

Mobile Software Download an application to your phone for local search, maps, driving directions, and live traffic information in a faster, richer and more interactive user interface. It's the best way to search from your phone.



Mobile Browsing - Access maps and directions directly on your phone’s browser. Simply enter into your phone’s address bar and select Map. Choose from the scopes of Local, Web, Map, News and Spaces and get Live Search from your mobile device.

Text Messages (SMS) - If you don’t have a data plan, you can simply send a text message to 95483 (WLIVE) with a query like “Toys Chicago, IL” or “Coffee 90210” and you’ll immediately receive a text message reply with the nearest business listings with address and phone numbers.

This is a pretty sweet release and I can't wait to get it on my AudioVox SMT 5600. So far, the release has been favorably reviewed by those that have tried it including Gizmodo which has an article entitled Windows Live Search For Mobile vs. Google Maps Mobile which ends on the following note

If you're using a Windows Mobile phone, we'd definitely recommend you try out Windows Live Search. The Java-based Google Maps is just too buggy and slow, not to mention clunky, to be useful to us.

Not bad, eh? I thought Google was the king of innovative search products. :) Speaking of innovation and Microsoft, there is a debate between Robert Scoble and Dave Winer in a recent Wall Street Journal article Is Microsoft Driving Innovation Or Playing Catch-Up With Rivals? which has both bloggers going head to head on whether Microsoft is innovative or not. Interesting read.


Categories: Windows Live