Two Slashes

As a very select few of you might know, I’m a (very) casual user of Qik.  For the uninitiated, Qik is a popular (especially now, thanks to the iPhone 3GS) video streaming application similar to Ustream or Justin.tv, the difference being that Qik requires a cell phone instead of a webcam and a computer.

My experience with Qik has been hit-or-miss, but generally it’s been a positive one, which is why I continued to use the service in the first place.  However, the events of the past hour or so have made me reconsider that position, especially now that I have a netbook I could use instead with my Justin.tv account.  Let me additionally point out the fact that the previous version of the Qik client I had on my phone worked perfectly.  It was familiar, it functioned as advertised, and I didn’t have any complaints with the way it worked on my phone.

Anyway, I generally consider it a polite gesture when a service decides to let me know that there’s something on my end I need to do to continue my use of the service.  I think that makes things feel a little more personal when you let the customer know that the latest and greatest is out and that there’s a tangible benefit to upgrading.  Qik, on the other hand, sent me this rather sparse e-mail this evening with the air of making it sound like something was broken.  Alright, stuff breaks, and I can understand that, but the unclear meaning of this e-mail was my first clue that I shouldn’t have bothered.

Given that it’s Labor Day, I’m taking a break from some of my schoolwork for the moment, and updating Qik shouldn’t take more than a few seconds, I decided to oblige the e-mail’s request and update.  That was my mistake.  Oops.

In contrast to my previous experiences with Qik, this “update” seems more like a leap backward than it does a step forward.  If you’ll take a look at the picture I’ve included, there are two things I would like you to notice.  First, if you’ll examine the screen on my phone for a moment, you’ll notice that my Treo Pro appears to be capturing the episode of House I was watching as well as it possibly can…but that it’s doing so with the user interface rotated clockwise.  Unfortunately, something between the client and the website isn’t properly functioning, because, while I should be seeing Hugh Laurie’s face on my 22” LCD, instead I’m seeing severe artifacting and the vague suggestion that it might be the fifth season of Fox’s hit show I’m watching.  I’ve tested this multiple times (on both a cellular 3G connection and Wi-Fi), and I get the same results all the way around each time.  And, while I’m not going to point fingers, I think I know where the problem is because there are plenty of people still broadcasting as you read this.

There’s a huge difference between releasing a test version of your software with the expectation that these bugs are present and that they will be reported and sending e-mails trumpeting end-user updates to your legion of users, updates that should be devoid of functionality quirks like this.  What am I supposed to do with Qik now that I can’t actually use it for the one function it’s designed to perform?  I’m currently slogging back trying to find the CAB for the previous version of the client, the one that actually works, in hopes of moving forward and fixing this mess, but I’m not entirely concerned given that it’s not something I use on a daily basis anyway.

All the same, let this be a lesson to the rest of you, one that you can probably apply regardless of the industry you’re in and regardless of whether you’re technically inclined or not.  If you’re going to ask that your users (or customers, or whatever term you use for the people you deal with in your line of work) should take action in some form or another, make sure that they don’t get screwed for obliging you.  Do your homework, run your test cases, follow through on your research and quality assurance; in other words, make sure that you’re not asking people to make the jump from a Ferrari to a station wagon.

Edit (9/9/2009): Apparently Qik is now aware of the issue and suggests that users experiencing issues like this backpedal to an alternate version of the software that wasn’t designed for the phone.  Great job, guys!

Warning:  I’m on a bit of a social/communications kick at the moment, so if you’re not in the mood, you’d best be reading something else from my blogroll.

Situation #1: You just met a roomful of people you want to stay in touch with.  You want to add them to your social circles on Facebook and LinkedIn, but there’s not enough time left for you to write everyone’s name down on the back of a napkin and, frankly, you’d be too worried about not being able to spell their name correctly or read what you wrote once you’re back at the computer.  And you’re sure that everyone else has the same problem, because they’re all social butterflies like yourself.

Situation #2: You’re at a meeting with a few prospective clients for some Internet-oriented startup.  How do you swap information quickly and easily without digging through your pocket for a business card?

What would you do in these situations?

Solution: Get yourself a Poken and use it.

It’s not often  that anyone finds themselves in a situation involving the need to mass-share information (actually, I can’t think of a single time that’s happened), and it usually takes getting to know and trust someone before most people make the jump from “acquaintance” to “friend” (which, by custom today, probably includes the indication of friendship on a social site).

A new startup called Poken (sharing the name with their product) doesn’t seem to believe in there being a such thing as an “acquaintance.”  Or, at least, they view social networking friend lists as a gigantic list of people you’ve ever been stuck in the same room with.  And to alleviate either of the situations above, they’ve designed a device that you simply touch to another to instantly trade your social networking information with each other.

As much as the company would like to say it isn’t targeting them, I find it hard to believe that anyone other than a teenager would want to possess one of these things.  However, the website backing the service (at this point, anyway) seems to suggest they’re aiming for a professional market.   Honestly, what professional wouldn’t feel at least slightly embarrassed about pulling an anime-styled panda out of their coat pocket to “high-five” their counterpart’s frog?  While the dongles are quite obviously child-friendly, I’ve yet to meet the teenager who wanted to share their had a LinkedIn profile, and the lack of MySpace support (*gulp*) probably gives even more reason for the young to avoid.

Ridiculous nature of the devices aside, there’s also the issue of acquiring them.  They’re not available individually in the United States (yet?), but you can order them in packs of twelve (and then share the humiliation with eleven of your friends) for the low cost of $180 per dozen.  For the math-challenged, that’s $15 for each adorable social electronic animal.

The website that makes everything work could also use a little help in and of itself.  As I mentioned, the only services you can link to your Poken are Facebook, LinkedIn, and what appears to be a Swiss social networking site called Usgang.  It’s plagued with URL generation problems of the same sort Facebook had early on in their interface replacement (I wonder what http://www.doyoupoken.com/[...]/logout.jsf?panel=statsdetails is going to do… ) and hands you reward points (redeemable towards discounts on more Poken if you save enough) for trivial tasks like logging in.  Yes, I’ve earned two points simply by logging into the dummy account I made.

I think the Poken solves a problem that never existed in the first place.  Consider most cell phones made within the past few years, and PDAs even older than that.  Almost every device you can name includes an infrared or Bluetooth-based way to share your information (or somebody else’s, should there be a reason to, but presumably it would be best used on your own) with someone else, the methods for accomplishing this have long been standardized, and the transfer of information can also be completed without handing anything to a third party.  Also, given the fact that everyone from teen to the technologically-enhanced power-businessman has a phone capable of contact sharing these days (also with these technologies, and dozens more besides), there’s a pathetic niche at best for which these devices actually serve a meaningful purpose.

Also, there’s benefit to getting the information on paper as opposed to letting one of these devices handle it.  If you’re the businessman handing out cards, you can write any other relevant information on the card, and it’s physical evidence that you met.  Ditto with getting the names and numbers on a napkin.  I’d love to see you do anything like that with a metaphorical handshake.

From a security standpoint, I have to raise the flag when it comes to giving everyone the ability to play “Six Degrees” with your friends list.  Sure, it’s a necessary part of social networking, but seeing as Poken isn’t a direct social networking site (and I’ve already given you a few alternatives, thank you very much), is this really necessary?  Perhaps Kevin Bacon would appreciate the idea, but beyond that, I’m hard-pressed to think of a single situation where posting your information in more places than required is a good idea.

There is one thing that I do believe is covered well, or at least deserves credit for being considered, and that’s dealing with creeps you’d rather not share your information with, but you still want theirs.  You can activate a “discrete” mode when you share your information with someone, and all they get is ghost information about you until you can investigate their profile more and then approve their ability to see your identity.  As they mention on the Poken site, it’s “better than memorizing a rejection number.”  Apparently they’re expecting guys to go crazy asking females they know to share information so then they can mark themselves as a couple on Facebook so then there can be drama when… *RESET*

However, my cynical rant seems to be in the minority; the original post that prompted me to write about this is in awe of the service and the potential it could provide.  What do you think?  Are you ready to “high five” (or rather, “high four,” as the Poken hand only has four digits) everyone you meet with what could very well amount to your contact information, or would you rather take the more conventional paper/PDA/phone route?

I figured I’d try a different approach for once and see where that got me.

Given the sheer number of products and services we hear about on a daily basis, it’s easy enough to forget the ones that couldn’t quite reach out and make themselves a universally-known (in some cases, literally) entity.  But that doesn’t mean they are any less deserving of our attention.  For your enjoyment, here are some of what I believe to be the most amusing failures I can recall throughout the history of technology.

• (Swatch) Internet Time – If there’s one thing we definitely have enough of here on Earth, it’s time zones and ways to tell time.  Time zones, 12- and 24-hour time, daylight savings time…  Alright, listing that is boring, and having to take all of that into account while talking with people on the other side of the world is like taking a needle to your eye.  Swatch, being the omniscient corporate entity they obviously were, decided that all of this could be resolved with the introduction of an arbitrary standard called Internet Time.  Internet Time divided the day into 1000 equal parts of about a minute and a half apiece and was designed to be consistent across the globe to eliminate the need for time zones.  However, when you take into the account the fact that this was introduced just as the Internet was becoming mainstream, the issue with scheduling things in “blips” with people who have no idea what you’re talking about makes you look like a fool to the majority of the world, there’s no standard for writing the day (just the time), and the fact that ‘@’ was (and still is) most often recognized as part of an e-mail address, it’s not hard to see why Internet Time never made it to the big time.  (Sorry, pun intended.)
• Cuil – I wrote about Cuil once already, and I got quite a bit of feedback both here and on Twitter about it.  But for those who aren’t in the know, or haven’t seen my previous post about it, Cuil was touted at one point as the Google-killer, the end-all-be-all to searching.  Backed by some venture capital and a few of the genius minds who helped shape Google, Cuil was supposed to redefine what a search engine was.  Instead, it ended up showing just how pointless it was to try and humiliate Google right out of the starting gate.
• Microsoft’s Seinfeld Ad Campaign – Microsoft insists that the ads were intentionally about nothing (after saying that they were supposed to be a longer marketing campaign), but if that were the case, why were they produced in the first place?  I’m sure Jerry Seinfeld has plenty enough to do without helping Bill Gates try on shoes.  The only reason I can think of for this travesty even ever being unveiled was because Bill had some random “Things To Do Before I Leave Microsoft” list which was topped by making a pointless ad campaign with Jerry Seinfeld.  Well, Bill, now that you’ve got your wish, “What pointless thing would you like to do today?”
• Online Currency – Just as with Swatch’s idea of converting everyone to a unified time platform, several companies thought the way of the future was to develop “online currency” that could be used as an alternative to the real thing.  Get some credits for visiting a website?  No problem.  Viewing an ad?  Why not?  Want to buy something or send some money to that far-off relative?  Why not send them some e-money rather than worry about things like exchange rates, especially since retailers accept this mock currency as a legitimate form of payment.  It sounds like it might have been a good idea, had they put some thought into why they sounded just like they were illegally printing their own money and then corrected it.  I think I’ll stick with Paypal, as at least they keep my currency in US dollars.
• Lively – It’s curious enough that I should have something from Google on this list, but Google never expected to be knocked onto their backside when they launched their answer to Second Life with little fanfare and little reason for anyone using Second Life (especially those investing in the game) to make the jump.  Lively shuts its doors at the end of the year (so it’s not dead yet), but being the top performer in one area doesn’t automatically mean you’ll be the greatest elsewhere.
• The Phantom – An apt name for this ghost of a console, The Phantom is perhaps the precursor to the downloadable content now available from Nintendo, Sony, and Microsoft.  In short, The Phantom was designed to be a console that acquired games over the web, eliminating the need for pressed disks, cartridges, and whatever other physical delivery method you can think of.  Unfortunately, the product never reached fruition, and the only part of their work to make it to market was their excuse for a keyboard.
• Windows ME – Alright, so it’s probably unfair to have two items by the same company on this list, but I really think that Microsoft managed to outdo themselves by even bothering to ship Windows ME.  Having spent several years living having to deal with this monstrosity, I can tell you that Microsoft should have thought ahead and given everyone prescriptions for headache medication with every license.  Between ME and Vista, I’m beginning to believe that Microsoft’s business model is to release a stable, usable operating system as a quick follow-up to versions that create plenty of uproar.  (See ME v. XP, Vista v. Windows 7.)
• Disposable (“Rental”) DVDs – What does fruit have in common with a DVD?  If you said that they both can rot, you’re not far off.  Who would have thought that people didn’t like the idea of paying for movies that expired like produce?  (I’d like to add that this idea seems to come up quite often; while The Register reports that the idea was spawned earlier this year, I distinctly recall Disney running a pilot program a few years ago.)

Do you have any other failures you’d like to bring into the limelight?  Is there something I’m forgetting, or do you think one of these is more worthy than the others?  Or, alternatively, is there something you believe to be one of the greatest developments since sliced bread?  Leave a shout in the comments and vote for your favorite.

(Also, I do believe I owe some thanks to The_Ugster for a suggestion or two.)

 Loading ...

I’ve been a longtime user and fan of GrandCentral.  Being me, the ability to make sure that one phone number means near-constant contact is a very enticing one.  And the way Grand Central’s set up, it also works well as a privacy-protection number – you can let people reach you if you want, or forward them somewhere else if you don’t.

However, GrandCentral has one inherent flaw that I’m consistently running into when I hand the number out to people I know:  It only handles phone communication.  For a number that you’re supposed to hand out instead of your cell phone number (or any other number), it’s rather difficult to use that number for anything that isn’t strictly voice-based communications.  In other words…you can’t send or receive text messages with it.  In this day and age of people text-messaging and e-mailing each other from mobile devices left and right, it really kills the whole point of a forwarding number if it doesn’t forward everything with it – therefore leaving people like myself having to hand out the numbers we are “wrapping” with the GrandCentral number out to the people who need to get in touch with other ways.

GrandCentral has also been stagnant over the past few months following their acquisition by Google.  There are no invitations, so the only way to get an account is to reserve a number and pray that they admit you at some point.  Again, this is a bit of a deal-killer; for someone attempting to promote an open and free service, it’s really difficult for me to believe that without seeing any form of action taken.

I hate to be so negative, because from the inside, the service has been great (other than that “completeness” thing).  But if they really hope to get users, they need to start moving, open up to new users, and bring something new to the table.  Otherwise, they’ll get swallowed up in the vast sea of web services waiting to help people keep in touch.

Since it’s a required part of my curriculum here at school, I’ve been taking a rhetoric class. Recently in this class, we were assigned a research paper on a category of problems in academia, something that we can observe and then propose solutions about. Considering the post topic and me in general, you can probably guess (at least partially) what problems I’m focusing on in my research. This assignment couldn’t come at a better time, as I’ve heard plenty of complaints in particular about password-related issues as of late. You see, the school I attend mandates yearly password cycling, and considering the timeframe at which they hand incoming freshmen their account information, it’s becoming the one-year mark for a lot of people. Mostly, every gripe I’ve heard centers around one of a few major issues:

• The passwords my university requires are much more complex compared to the passwords most people use in their daily lives.
• Most services don’t require password cycles every year, or…ever.
• Since most people keep the same password (or set of passwords) for everything, constantly forcing password changes forces people to forget their password more often since it’s not the same password as other things they use on a daily basis.

While these arguments are perfectly legitimate, the people attempting to use them as rationale against needing to change their passwords also are the same people you find in a typical setting, not groomed in any form of security beyond that of the idea that any password is a surefire protection. (Cue Morpheus’ voice…”Welcome…to the real world.”) Anyway, as part of my research paper, I decided to compare the three pages’ worth of requirements about our university passwords with the requirements used by what I thought to be popular web services. And, after a few hours’ worth of investigative work, I can sympathize with the people who think changing their password is a lot of work. In short, these services, which I thought probably had at least a slight pulse on the idea of security, are grooming their users to be lazy and very unprotective of their data and service access. I’ve put together a table that should at least give an overview of the services I selected (if you have suggestions for more, I can’t promise anything but would welcome the heads-up) and the security procedures they enforce:

The numbers in brackets above correspond to these quick side notes:

1. MySpace’s requirement is an in-between: at least one numeric and one alphabetic character must be included in the password; no requirement is made as to the case of this character, however.
2. Windows Live has two sets of requirements that depend on the services the user accesses. Typically, users only have a six-character requirement, but if necessary due to the requirements of an application they use, Windows Live will force all of upper- and lower-case letters, numbers, and a unique symbol, and mandatory password changes every 72 days. These 72-day password changes are provided as an option to non-qualified users.
3. eBay refused to accept the password ‘aaaaaa’ because it is very poor in security. However, ‘ababab’ works, which means that eBay offers at least a slight security check at registration.

Frankly, I’m very concerned with all of that red, and especially concerned with sites like Amazon, which allow you to store important credit card information in your account for easy checkout, and then allow me to log in with a capital ‘A’. Microsoft even surprises me (though in a good way), if you consider their forced-security dependency to be a good idea. (For once, Microsoft, I like.) Not that these sites and services even compare to the requirements for our university credentials, but it gives you an idea of just how absurd it is. Especially when I throw in the fact that a lot of these places have posted “suggestions” for creating a good and secure password, and then brush them all away in favor of some six-character string. So I apologize if I’m re-iterating what you already know or have seen, but after all of that, I think it’s important that people actually understand what good security is.

• The best passwords are not found in any published or publicly available work, be it a dictionary, your favorite action novel, or some random screenshot you found on Flickr. Don’t use anything important either, like a social security number. And anything personally identifiable or that has a direct reference to your life is out too; that means quit using your aunt’s birthday as a PIN.As one demonstration of coming up with unique but memorable passphrases, try to think of memorable snippets from your favorite written work (you’re probably double-taking right now, but continue reading). Now, develop your own personal algorithm for going through the phrase to select characters (hey, don’t be afraid of punctuation or numbers, because they help too and add uniqueness). For example, try taking the Fibonacci sequence’s digits and pulling those letters out. It sounds tedious now, but if you use the password regularly, your muscle memory will take over and you won’t even realize you’re entering the password anymore. At least, if you use it that regularly.
• NEVER use the same password in more than one place. There IS a reason for this, aside from “the man” trying to confuse you and prevent you from checking your mail; it’s compartmentalized security. If an attacker can compromise one account, and holds a password you use everywhere, you haven’t just handed him one site or a credit card, you’ve handed him your entire life. If that password doesn’t work somewhere else, the attacker’s got to go back to work and start all over again on the new site (if they’re indeed targeting you). If you can’t keep all of your passwords straight, get a trusted and notable password manager, and store your passwords with it. Some suites also provide you the added benefit of randomly-generated passwords like ‘Bs4&nd*D’ – but at the expense that you probably won’t remember them unless you use the application.

Considering these password recommendations are nearly timeless, it only makes me wonder when people are actually going to pay more attention BEFORE something bad happens to them. So quit complaining that you’ve got to change your password. Make it memorable, make it unique, and consider it worthy of a national secret. And for christ sake, ignore the fact that Google isn’t going to check for varied-case characters; force yourself to check for them. And a note to the few, the proud, the WordPress users: WP2.5 RC1 is nice, but I don’t think it’s ready yet. It’s got a few bugs, and I miss my old blue administration panel. I actually think it made more sense doing “Blogroll > Add Link” than “Write > Link” to add things to my blogroll.