I created a new TypePad account today to test our service that migrates TypePad data to WordPress—check out tp2wp.com if you haven’t yet.
Anyway, I was amused to find that TypePad wouldn’t accept the password I chose for my new account, but not for the typical reasons, like the password being too short or not containing a number. Instead, it was because the password was too long! TypePad seems to have a 12 character limit on passwords.
The XKCD cartoon above explains why imposing a maximum password length is doing your users a disservice.
I’ve recently installed Parallels Desktop 8 for Mac and I’ve started running Windows 8 in virtualization, primarily to run the same Windows-based version of Quickbooks as ReadyMadeWeb’s accountant. I’m also interesting in local browser testing and of course playing a few Windows games, though nothing too taxing.
So far I have been very frustrated with the Windows 8 experience. It seems like it may be an adequate OS for a tablet, but the absence of proper controls in the desktop mode—forcing users to returns to the “metro” experience to launch programs—just seems like a terrible mistake to me.
This would be frustrating enough for a tablet user, but because I can’t swipe on the screen of my laptop, I’m forced to call up the Start screen by placing my mouse in the upper right corner and waiting for Windows 8 “charms” to appear, then clicking the Start charm. I only knew to do this because the materials that shipped with the installation DVD mentioned “charms,” without any explanation as to what those were, but still I made note of this as it seemed like Microsoft was hinting at its importance. Suffice to say, the whole experience seems circuitous, poorly thought out, and unnecessarily frustrating.
I’ll be curious to see what 8.1 “Blue” brings us. Hopefully Microsoft realizes that Apple’s strategy of building two versions of their OS for two very different use cases makes more sense than the “Windows Everywhere” approach that seems like such a strategic blunder.
In case there was any doubt, Austin Gunter at WP-Engine declares WordPress to be a mature platform:
It’s one thing to make claims about WordPress’s hypothetical ability to be used in production by major organizations, it’s entirely another to actually see WordPress used in production by some of the highest-trafficked websites on the internet. These sites not only put the codebase to the test, and require a robust managed WordPress hosting platform to serve their traffic, but they also test the software’s suitability to a large-scale publication environment, and provide worthy test-cases of WordPress’s robust functionality.
With sites like CNN, The Wall Street Journal, and The New York Times using WordPress, I think we can put to rest the notion that WP isn’t suited for any publishing need imaginable.
The BBC does a wonderful job of summarizing today’s massive DDoS attack, which affect many of ReadyMadeWeb’s customers as well as Internet giants like Netflix. The coverage pointed out that this disruption was three times the size of the previous record-breaking DDoS attack:
Arbor Networks, a firm which specialises in protecting against DDoS attacks, also said it was the biggest such attack they had seen.
“The largest DDoS attack that we have witnessed prior to this was in 2010, which was 100 gb/s. Obviously the jump from 100 to 300 is pretty massive,” said Dan Holden, the company’s director of security research.
Even more disturbing, BoingBoing reports that an anonymous security researcher has found that a much larger botnet could be easily assembled using the world’s glut of unprotected, easily compromised devices:
The researcher reports that 1.2 million such devices are available online (s/he compromised many of these machines in order to run the census). These machines are things like printers and routers with badly secured firmware, visible on the public net. They are often running an old version of GNU/Linux and can be hijacked to form part of a staggeringly large botnet that would be virtually unkillable, since the owners of these devices are vanishingly unlikely to notice that they are silently running attackware, and the devices themselves are completely unregarded.
Is there a game plan for when this day eventually comes? Would the feds need to start a “cash for clunkers” program for old printers and routers? Would the government pass computer security mandates? Or maybe vouchers for copies of Norton antivirus or 2-hours of support time with your local Linux neck beard?
More locally, what am I supposed to do as a business owner who is providing a product to customers? What other product can be shut off remotely by an unrelated party a continent away?
The nature of the Internet makes DDoS attacks possible, but the attacks require a lot of computers to cause the sort of disruptions we say today. Unfortunately, that’s exactly what the pitiful state of computer security provides—the ammunition that rogue groups need to bring down whatever Internet service is no longer to their liking.
This is a distributed problem with localized costs, much like some forms of pollution. Everyone dumps a bit of chemicals here, a few toxins there, and suddenly the people downstream are experiencing astronomical cancer rates. Unlike pollution however, these individual acts of negligence (not updating software, not installing antivirus protection), can be gathered up by bad actors and wielded as a weapon.
So how do we address such a problem? When addressing pollution we used taxes, fines, mandates, and education to change how we treat the environment. But what about this problem? Do we attack the criminals or the innocent people enabling the criminal activity? Maybe both?
Neowin reports that in order to avoid the triggering the special carve-outs that nearly every website has to make for IE6, 7, and 8, Microsoft’s next version of Internet Explorer may identify itself to browsers as “Like Gecko,” Gecko being the engine that powers the Firefox browser:
To further ensure IE11 users don’t receive an odd version of the site, Microsoft also included the command “Like Gecko” which instructs the website to send back the same version of the website as they would to Firefox. The results of this update are unknown, especially on websites which are poorly coded. The move is strange, but shows that Microsoft is desperate to clean up Internet Explorer and get away from the awful experience in IE6, 7 and 8.
This underscores the need for the entire web community to operate under the same standards, rather introducing competing standards. Microsoft thought deviating from the agreed standards would help to differentiate IE as the clear winner in the browser wars. Instead, it has forced web designers to grabble with legacy IE code. It’s satisfying to know that Microsoft now has to do the same.
I want to apologize to our ReadyMadeWeb hosting customers who are experiencing outages today. Our hosting provider, Rackspace, is suffering system outages due to a DDoS, or distributed denial-of-service attack.
This appears to be part of a global DDoS attack that is slowing down the entire Internet today. Boing Boing is reporting that at 300 gbps, this DDoS attack is the worst in public Internet history. Hosting magnates like Cloudflare’s Matthew Prince have compared this type of DDoS attack to “nuclear bombs” noting that the damage caused is wide-spread and nearly impossible to defend against.
Suddenly, 20% meant half-assed. Google Labs was shut down. App Engine fees were raised. APIs that had been free for years were deprecated or provided for a fee. As the trappings of entrepreneurship were dismantled, derisive talk of the “old Google” and its feeble attempts at competing with Facebook surfaced to justify a “new Google” that promised “more wood behind fewer arrows.”
Google is putting a lot of wood behind a lot of very dull arrows. Where is the profitability in the Android model? Where is the Google+ payoff for its advertising business? What does shuttering Reader and likely Feedburner (check out FeedBlitz) do for good will in the developer community?
Seems as though Google has forgotten where it started, as Whittaker notes:
The old Google made a fortune on ads because they had good content. It was like TV used to be: make the best show and you get the most ad revenue from commercials. The new Google seems more focused on the commercials themselves.
I’d argue that they’re not focused on ads, or else their searches would be better and they’d be building new businesses that actually lead to advertising revenue. Right now it seems like mobile and social are unprofitable white whales and Larry Page has gone full Captain Ahab.
I came across this very insightful observation from Alex King today:
Interesting thing about Google Reader shuttering: Google basically saying that “what we read” data isn’t valuable to them.
Perhaps more accurately, Google doesn’t believe that “what we read” is valuable to them. But people hold a lot of false beliefs.
This is likely born out of the myopic focus the company has placed on Google+ and trying to compete in the social space where the power of network effects are working against them in a very powerful way—sure Google+ has “circles,” but Facebook has users, which sorta matters with social.
Somehow the braintrust at Google couldn’t see how Reader could fit into their Google+ strategy. But consider briefly what Reader really is, a power tool used by infovores (folks who read, like a whole lot) who are at the core of information consuming and sharing on the web. Google has denied itself data and alienated trendsetters with this move. And to what end? Saving a few bucks on servers? Seems awfully short-sighted.
Contrast the shuttering of Reader with the $12 billion purchase of Motorola which has since lost money quarter, after quarter, after quarter and it seems that Google has become the embodiment of “penny wise, pound-foolish.” But Android is popular! Sure, and very profitable, for Samsung.
I’d sure like all of this odd behavior from Google, which seems like the thrashings of someone sinking in quicksand, to be revealed as part of some master strategy to make the web a better, more innovative place. Right now, however, the whole thing seems like Larry Page is throwing good money after bad in mobile and social.
All of this drama and meanwhile half my web searches result in junk.
This decision isn’t happy news, especially in the same week that Google announces the impending shutdown of Reader. However, at least Adobe provided some solid guidance in recommending BrowserStack and Sauce Labs to Browser Lab’s (now former) users.
I’m not sure why large companies simply decide to shut down these service rather than selling them. Somehow others are making money from browser simulators and RSS readers, probably by charging for them.
Recent shutdowns of free services, or the morphing of platforms like Twitter into a ad-fueled platform for celebrity promotion, will hopefully help the Internet to mature into a place where consumers realize that they get what they pay for.