This may very well be the first LinkedIn outage I’ve caught, and it comes on the day Google’s Blogger was down, and the Technorati Monster popped up it ugly head again. Oh, well, at least this one is cute.
How to Navigate the Password Jungle
Posted on January 17, 2008 ·
In a funny (scary?) case of coincidence, the password problem became got highlighted in TechMeme just weeks after I came under an attack that caused me to rethink my password strategy. My login credentials got compromised at a Gmail account that I only use for mail-lists: – I fixed it soon, no harm done. Two month earlier my eBay account got hijacked, and while I was p***ed at eBay not doing anything about it, again, I could regain control, and changed all related accounts (PayPal ..etc, before suffering any consequences).
Then I started to think: what’s the point in stealing an account at a site like, let’s say photo sharing? The hijackers really can’t benefit… or can they? Then it hit me: I am (well, I was, until that point) just like 61% of Internet users, using the same userid/password combination on all sites. To purpose of attacking not-so-critical sites may just be to harvest login credentials, which the bad guys then can feed to their bots to try on all sorts of financial sites. Oops.. now I had a crisis. Needless to say I spent the next half day researching the subject and changing my login credentials.
Now, while I am fairly opinionated, I am by no means expert on Internet security best practices, so instead of trying to dispense advice, I am opening to subject to discussion, and hope to get some real feedback. Here are some of the options we all have:
- Use the same, or very few userid/password combos on all sites, so we can remember them without having to write them down or physically store them in any form. This may not have been that bad… years ago, when we all accessed less than a handful sites. With the proliferation of Web usage, this practice has become a timebomb waiting to explode.
- Use some variation of the basic credentials, simple enough to remember the actual “algorithm”, i.e. some characters from the site name combined with your own “standard” keywords. The benefit is that you use different credentials on every site (which you probably would not remember, but can re-construct every time), and still don’t need to record all the passwords. The weakness is that once the bad guys get hold of two-three sites, they can pretty much figure out your simple algorithm.
- Use different credentials on every site, preferably strong ones. The benefit is obvious, very secure, but it would be impossible to remember, so you would need to record them somewhere, whether on paper or electronic form, which itself is a huge security risk.
- Use different, strong credentials, and use a “password manager” system. There have been a number of client (PC) based solutions, or ones that code your information on a USB stick, but I don’t want to depend on anything tied to a physical location/device. I am experimenting with Web-based solutions, but am not fully convinced. OpenID got a huge boost today, with Yahoo adapting it. The system I am trying out is PassPack: here’s why Passpack’s founder thinks her solution is significantly different from OpenID. I can tell you it’s a hell of a pain to log in to PassPack – I guess it’s supposed to be that way. But other than the inconvenience, whether it’s Passpack, OpenID, or any online system, I am worried that if the info there ever gets compromised, it will expose everything.
With that, I’d like to turn this over to the security experts (I hope I have some amongst my readers). What do you think? What’s the ideal Web-login policy?
Update: How could I not think of this? (via Web Worker Daily)
Related posts: ReadWriteWeb, The Guardian, TechCrunch, Jeremy Zawodny’s blog, InfoWorld, Mark Evans, Compiler, CyberNet, Identity Woman, WeBreakStuff, Mashable!, Ars Technica, and many others.
SVASE VC Breakfast: Hummer Winblad, Focus On Software
Posted on January 15, 2008 ·
After a long break I’ll be moderating another SVASE VC Breakfast Club meeting this Thursday, January 17th in San Francisco. As usual, it’s an informal round-table where 10 entrepreneurs get to deliver a pitch, then answer questions and get critiqued by a VC Partner. We’ve had VC’s from Draper Fisher, Kleiner Perkins, Mayfield, Mohr Davidow, Emergence Capital …etc. This week’s we’ll welcome Prashant Shah, Managing Director, of the first exclusively software-focused venture firm, Hummer Winblad Venture Partners.
These breakfast meetings are a valuable opportunity for Entrepreneurs, most of whom would probably have a hard time getting through the door to VC Partners. Since I’ve been through quite a few of these sessions, both as Entrepreneur and Moderator, let me share a few thoughts:
- It’s a pressure-free environment, with no Powerpoint presentations, live demos, Business Plans…etc, just casual conversation; but it does not mean you should come unprepared!
- Follow a structure, don’t just roam about what you would like to do, or even worse, spend all your time describing the problem, without addressing what your solution is.
- Don’t forget “small things” like the Team, Product, Market..etc.
- It would not hurt to mention how much you are looking for, and how you would use the funds…
- Write down and practice your pitch, and prepare to deliver a compelling story in 3 minutes. You will have about 10 minutes, the first half of which is your pitch, but believe me, whatever your practice time was, when you are on the spot, you will likely take twice as long to deliver your story. The second half of your time-slot is Q&A with the VC.
- Bring an Executive Summary; some VC’s like it, others don’t.
- Last, but not least, please be on time! I am not kidding… some of you know why I even have to bring this up. (Arriving an hour late to a one-and-a-half-hour meeting is NOT acceptable.)
Here’s the event info page, and remember to register – the previous event with Hummer Winblad sold out in advance.
See you in San Francisco!
Macworld Live Blogging via CoveritLive? Nope. CoveritDead. Twitter Dies, Too.
Posted on January 15, 2008 ·
CoveritLive is supposed to change live blogging. What better opportunity to debut than Macworld? Except that I am off to a shaky start trying to watch Crunchgear’s coverage:
Upgrade? I’m already on the latest FireFox, thank you. 
Update: Now the CrunchGear CoveritLive page does not load at all. Coveritdead. 
Update: Fake Steve Jobs also tried CoveritLive, then attempted to switch to Twitter… which died, too.
Well, at least CrunchGear’s mothership, TechCrunch stayed with the conservative, manual updates… their coverage works.
Update (1/21): Here’s a new review on CoveritLive @ReadWriteWeb. We’ll just have to wait for another major event to see it truly “live”.
Update (2/27): Jeff Nolan and Dennis Howlett praise CoveritLive.
Related posts: Mashable, mathewingram.com/work, Paul Kedrosky’s Infectious Greed, Data Center Knowledge, Furrier.org, Mashable!, Valleywag, CenterNetworks, TechCrunch.
Gizmodo Calling Themselves Names
Posted on January 14, 2008 ·
I really did not want to write about Gizmodogate again. But instead of letting it die, today Gizmodo found it important to defend themselves as saviors of journalistic independence:
Our prank pays homage to the notion of independence and independent reporting. And no matter how much access the companies give us, we won’t ever stop being irreverent. That’s what this prank was about and what the press should understand.
How heroic! And hypocritical, as I pointed out before. After all, it was Mighty Hero Gizmodo themselves who not only trashed the TV-B-Gone 3 years ago:
Mitch Altman is an asshole. And not just any asshole, but one of those snotty holier-than-thou types who has nothing better to do with the money he made as a founder of 3ware than to develop a device with the sole purpose of imposing his viewpoint on others…
…Essentially a universal remote that cycles through every possible code, the TV-B-Gone has a single purpose: to power off televisions whenever the user feels like being a dick.
(Emphasis mine). So who is the dick now?
Related posts: Scobleizer, mathewingram.com/work, kottke.org, IP Telephony, VoIP, Broadband, Venture Chronicles and The Secret Diary of Steve Jobs, Webware.com
Gizmodo’s Prank Was Fairly Harmless, After All
Posted on January 14, 2008 ·
OK, time to put things in prospective. Yes, I believe the Gizmodo prank of switching off LCD’s at CES, disrupting presentations was immature, and they deserved to be banned. But let’s realize they were still relatively harmless; could have done a lot worse with the almighty TV-B-Gone, just like this Polish kid did:
A teenage boy who hacked into a Polish tram system used it like “a giant train set”, causing chaos and derailing four vehicles.
The 14-year-old, described by his teachers as a model pupil and an electronics “genius”, adapted a television remote control so it could change track points in the city of Lodz.
Twelve people were injured in one derailment, and the boy is suspected of having been involved in several similar incidents.
(Full story at The Telegraph)
Too Bad Gizmodo / Gawker Media is Not Public
Posted on January 11, 2008 ·
(Updated)
This would be a good time to short their stock. The biggies hurt at CES would sue their a***s off. The video is really fun to watch. Except if you’re one of the people who worked hard to prepare, stage and deliver their presentation which the pranksters sc***ed with – let alone the companies that spent millions to participate at the show.
Not everyone agrees, and frankly, I am amazed how people I normally respect find it a laughing matter.
Update (1/12): Must be a slow weekend, this is still the hot topic on TechMeme. Webware, Hardware 2.0, TECH.BLORGE.com, Valleywag, bub.blicio.us, Crave, Geek News Central, The Stalwart, Laughing Squid, Silicon Alley Insider, Bloggers Blog, Scobleizer… you name it. They all (including me) missed this irony: Gizmodo themselves trashed the TV-B-Gone 3 years ago:
Mitch Altman is an asshole. And not just any asshole, but one of those snotty holier-than-thou types who has nothing better to do with the money he made as a founder of 3ware than to develop a device with the sole purpose of imposing his viewpoint on others…
…Essentially a universal remote that cycles through every possible code, the TV-B-Gone has a single purpose: to power off televisions whenever the user feels like being a dick.
So who is the a**hole now? And who feels like being a d*ck? Was this Altman’s ultimate revenge? 
(hat tip: Anonymous commenter)
Your Digital Friends: Less is More
Posted on January 11, 2008 ·
It’s almost two years ago that I “cleaned house” at LinkedIn, dropping from 500+ connections to about 300.
I had no clue about Dunbar’s number ( the maximum number of people one can maintain active, stable social relationships with, estimated at 150 by British anthropologist Robin Dunbar), I simply felt I had been to open accepting invitations from unknown people, and as a result, I barely recognized names on my LinkedIn contact list. I thought the very idea of LinkedIn was that it should be an online reflection of my real-life relationships.
Fast-forward two years, now we have FaceBook, Plaxo Pulse, Twitter, and a zillion of other places, and get inundated by friends request from new and new “social networks” never heard of before. Perhaps the rules changed a bit – people do “befriend” each other in cyberspace, without having met first. I can accept that to a certain extent, but I still think Dunbar’s number has merit, even in today’s world. Of course it’s not fixed at 150, for some it may be 80, for the uber-social ones 3-4-500? JP Rangaswami, blogging at Confused of Calcutta, (also pioneering adopter of social software as former CIO at Dresdner Kleinwort Wasserstein) thinks his digital Dunbar number is higher than 150:
I’ve sensed that I have a Dunbar number of around 300 in the digital world, and I’ve been delighted to find I know most of the steady ones. Over the years I’ve actually met most of the community of readers, usually at conferences. The face-to-face contact, in turn, leads to a deepening of the relationship, and we land up creating and developing links in FaceBook and Twitter.
JP is wondering if there’s a trend here, and asks his readers:
How many FaceBook friends do you have, how many regular readers of your blog, how many followers in Twitter, do you see a correlation between the three, if not why not, and so on. Do you tend to meet a core of this number on a face-to-face basis, if not why not?
I’m not a regular reader of JP’s blog – discovered this post via Anne Zelenka at Web Worker Daily, but even if I was a subscriber, I would not consider myself a “friend”. I might want to follow his ideas on Twitter (if I was twittering at all) but that’s still passive mode. I think this commenter to Anne is right:
I don’t think that “following” people on Twitter would be considered “stable social relationships”. A social relationship implies a two-way street, and in my book, one that I value with some significance. That’s not to say that online social tools can’t be part of real relationships, but you can’t just add up all the numbers and think it means anything.
Now, if I commented on JP’s blog several times, and he responded, we’d establish a form of conversation, which, over time would allow us to get an insight into each other’s mind – i.e. getting to know each other to some extent. Perhaps at that point it would be appropriate to “befriend” each other on FaceBook. (Not that I actively use FaceBook, which is increasingly becoming an advertising platform, and even before that I had found it somewhat of a time-waster.)
I still don’t think we’d be ready to become LinkedIn contacts, because that network is all about trust, and recommending / referencing “friends” in a business context. Call me old-fashioned, anti-social, but I think that level of trust requires more of a real-life relationship, so my LinkedIn numbers would be close to my Dunbar-number, the number of active social contacts I am able and willing to maintain.
Before they cracked down on them, LinkedIn got polluted by contact-hunters, so-called superconnectors who amassed thousands, in a famous case 16,000 contact records. Note the emphasis on records. It’s just that. Data records, not real relationships. FaceBook (possibly learning from LinkedIn) limits the number of contacts to 5,000, which some users, including Robert Scoble find inadequate:
I think it sucks because it isn’t scalable and falls apart at 5,000 contacts. It pisses me off more and more every day because of that scaling wall.
Robert is a celebrity, and the 5000 or so are in his fan-club. Just like the Twitter example above, he has followers, not active friends. Hyper-social or not, he also has a Dunbar-number. It may be in the higher hundreds, but not in the thousands. For the rest of us, non-celeb types, I still believe less is more, and our online networks should reflect our real-life one, instead of being an inflated collection of data records. (This line became Doc Searls’ Quote du jour
).
Finally, somewhat off-topic, here’s an observation from JP’s post: he’s using to ClustrMaps to monitor and illustrate where his readers come from. I understand the concentration in Europe, and also in the US, but what I am amazed at is the picture inside the US: what is this magical East / West divide? How come his readership drops so significantly in the Western half of the US?
Update (5/29/08): How Many Friends is Too Many? asks Josh Catone @ ReadWriteWeb .
The Nothing New Announcement
Posted on January 10, 2008 ·
Ever get the feeling that some tech firms have run out of anything new to say? So does fellow Enterprise Irregular Brian Sommer, so he offers a template for such companies:
XYZ Announces Nothing New
Nothing New to Become the New Industry Standard
January 9, 2008 – Chicago – Today, XYZ Corporation is announcing ‘Nothing New’ a revolutionary, industry-leading approach to stall-ware, procrastination and marketing waste. “We believe this is the most important announcement we’ve made this year – maybe this decade”, says Jim Bigwind, CMO of XYZ.
…
“This announcement is nothing short of extraordinary. It is, in fact, nothing” says XYZ customer Getz Fleeced Oftin at SoftTouch Ltd.
…
Blithering Media represents way too many tech firms and amazingly enough has no one on staff that understands the space. Blithering Media personnel are expert though at crafting press releases on just about anything (or nothing as in this case). For more info on Blithering Media contact us point.less@ blitheringmedia.com
I’m not giving away the full announcement – click over to Software Safari and enjoy. 
Update (1/11): Wow, Brian is on fire: his next piece, Acronym Shortage to Adversely Impact Tech Sector is a must-read.
Weird Google Blogger Error
Posted on January 10, 2008 ·
We’re sorry, but we were unable to complete your request.
What request? I did not request anything. Did not touch my keyboard or mouse at all.
Describe what you were doing when you got this error.
I was simply reading this blog post when it blew up.
This is an error I’ve observed several times recently: click on a link to read a post on Google’s Blogger: the post comes up normally, but a few seconds after I start reading it, it just blows up and I get the above error. But I haven’t touched anything – is this a speed-reading test?
Update: apparently it’s a frequent error, but typically encountered while publishing, not reading.
Recent Comments