Before you dismiss this as another teen girl social media trend (remember the moronic haul videos?), consider the introduction to this video:

“Hey guys, umm, I just wanted to make a random video, oh yeah this is a koala hat, um, yeah I just wanted to make a random video to see if I’m like ugly or not because a lot of people call me ugly and I think I am ugly. I think I’m ugly and fat.”

When I watch videos like that in the context of stories of middle school aged children being involved in sexually explicit photographs, I honestly sit back and wonder whether technology has gone too far. It is sad to me that the technology that I love so much has been used in such sad and exploitative ways. But it is even sadder that children see the need to make these kinds of videos/images.

What drives this sort of behaviour in girls? Has our media become so sexualized that behaviour like this is now the norm? Or is there so much pressure on girls to be ‘beautiful’ that they are willing to hop online in search of validation? Or does this point to something even darker – has our sexualized media changed the view of beauty in such a way that no girl could ever possibly feel she measures up?

Then what about the boys? The article I linked to above, tells the story of a boy in middle school who was renting out his iPod Touch so that other kids could see sexually explicit pictures of classmates and other girls. Middle school. Renting out his iPod Touch. Pictures of classmates. Is porn so prevalent on the web that behaviour like this seems normal and natural to a whole generation of children?

This article is dramatically different from anything I have ever written on this blog but I think it is important enough to put up. Technology is being used to facilitate behaviour this this – as a technologist, it is my duty to think about its implications and try to come up with a solution.

Unfortunately, this problem hits right at the heart of some dangerous issues that have plagued parents, educators and youth care workers for years. Self esteem is a fragile thing and the vast majority of teens suffer from periods of low self esteem. This low self esteem brings about dangerous compulsions like eating disorders and addictions. It can also bring about equally dangerous activities like sexting.

I don’t know how to solve this and frankly, it terrifies me. I’d love to have children and I don’t know how I’ll navigate this minefield if I have daughters. Hiding them away will not be an option, but the thought of not being to protect them from something like this makes me terribly sad.

Imagine that you work within a reasonably new company that builds a consumer good. You believe that this consumer good fills a legitimate need, so you know that your next task is to get out there and let potential customers know that it exists. So, what do you do? Do you start buying traditional advertisements? What about PR – should you blanket the world with press releases? Or what about that newfangled social media? Should you start up a Twitter account/Facebook page/etc and try to build a following through social channels?

When you look at those choices at face value, it looks like social media is the cheapest possible solution. After all, you don’t have to pay for a Twitter account/Facebook page/other service. So, on face value, it is an extremely economical marketing solution. But step back for one moment…

Before you decide that you want to embark upon a major social campaign, you need to consider a couple of things. First off, it takes a certain amount of time (and a mass of tweets/posts) to build a following. Second, you may have to run some sort of giveaway in order to build that initial following. And third, you have to take time to interact with your followers, retweet their messages and build up relationships before they will trust/like you enough to both help promote your product and respond to your messaging. Finally, you need your account to be both authentic and human – social medias are not broadcast medias. Just as nobody would watch a television channel that had commercials 24 hours a day, nobody will pay any attention to an account that broadcasts advertisements.

When you consider social media, you need to consider scarcity of attention. Most people think of attention as something limitless – after all, you pay attention to something until you’re either asleep or dead. But when you have hundreds of things competing for your attention, you need to make certain (not always conscious) decisions about where to allocate your attention. Consider this scenario:

You follow 500 people on Twitter, yet you have a full-time job, a home, two kids, a spouse and an (offline) social life. How much time do you really have to wade through the clutter? And do you really have time to click through every single link that you see on Twitter?

I suspect that the answer to these questions is no. You simply do not have enough time to allocate attention to every single account that crosses your feed. So, you will allocate your scarce attention to the accounts you love the follow – the accounts that interact with you, the accounts that seem human, the accounts that have a sense of humour, and the accounts that strike you as being authentic.

Here is where acquisition costs begin to skyrocket. Not only does it take time to build a following, but you have to devote even more time to cultivating your following. I’m from a province with a history of agriculture, so I’m going to use a metaphor from the world of agriculture. I can buy some farmland, but if I just throw seed onto the ground, I’m not going to have a very high yield. Rather, I need to be out there in my fields, working, tilling, and fertilizing. All of this takes time and time has an associated cost.

Rather than focus on building your own social media presence, I encourage you to consider making sure that your product/service is innately social. My friend Jeph Maystruck uses the phrase ‘social objects’ to describe this. When I talk about making a product innately social, I suggest that you follow a relatively simple set of rules:

1. Build a product/service that people genuinely need.
2. Work hard to acquire your first set of customers – this is where you may need traditional advertising, public relations or a whole lot of cold calls.
3. Make sure that your product/service has a wonderful user experience.
4. Treat your existing customers like they are gold
5. Treat all of your employees like they are customers

If you build a product/service that people need, make sure that their experience of using it exceeds their expectations, and then treat all of your customers like they are your most important asset, I promise you that they will talk about you. Instead of building your own social presence, you are leveraging their social presences. Instead of broadcasting, you are creating word of mouth. Instead of driving the conversation, you get to participate in it…

Also, please note that I’m not advocating that brands abandon social media. There are some wonderful brands with amazing social media presences. Like this one. Or this one. Or this one. Or this one. And, lest I get arrested, be sure to check out this one.

If you watch these brands, they work hard to build their following, they take the time to interact with their followers, and they rarely broadcast. These accounts are innately social – they are not selling anything, rather they are building relationships.

1) Google will get even better at penalizing duplicate content/spammy links

Confession – there was a point (years ago) when some people said that I was pretty good at SEO. The very concept of SEO always made me queasy (and I find the acronym particularly cringe worthy) as I have always considered it an exercise in ‘pull’ marketing as opposed to any magic voodoo. However, despite my problems with the SEO industry, I still follow the space, read all the blogs, and stay informed as to the state of search.

Lately, I have been less than impressed with the quality of Google’s search results. Seems that while Panda did improve things, there are still far too many crappy link scams out there. How many (clearly paid) links do you see that pass link juice (including anchor authority)? How often do you find articles (on the first page) that were obviously created with the ‘find an article, translate it into a language, translate it into another language, translate it to English, post it on your site’ robot method? All of these problems can be solved with algorithms and Google is the one company with enough data to figure out these algorithms.

2) However, Google will begin to lose market share to Bing

I feel horrible saying this but my love affair with Google is beginning to come to an end. For one, I dislike how they have made it very difficult to determine which search results are ads and which are organic. For another, I am tired of how such a huge company can still get gamed by spammers (ie – the find an article, translate it multiple times, and post it on your own site trick). Finally, I am starting to realize that Google’s user experience really isn’t all that hot. For these reasons, I think that Google is primed to lose some market share…and Bing seems to be the one company poised to take some of that market share.

While I think that Bing’s design still needs some work and while some of their search results are a little off, I think that the experience of using Bing is beginning to trump the experience of using Google. Consider these searches – one on Bing, the other on Google:

Forgive me for the low resolution, but I think that the point still comes across – Bing seems to provide a better user experience on competitive searches. Consider the relative lack of ads on Bing. Also, look at the Google page and tell me which results are paid advertisements and which are organic.

3) Lightsquared will die

I’m not sure that many people are aware of Lightsquared – if you don’t know anything about Lightsquared, take a few minutes and read the Wikipedia entry. Lightsquared is currently in very deep trouble, to the point that its GPS interference issues are really the least of the company’s concerns. Consider some of these lovely little facts:

• The Federal Aviation Administration released a report demonstrating that Lightsquared interferes with the Enhanced Ground Proximity Warning System (ie – the system that keeps planes from flying into the sides of mountains). According to this report, if Lightsquared goes live, it could result in more than 790 deaths and a cost of greater than $72 billion.
• Philip Falcone (whose Harbinger Capital owns more than 60% of Lightsquared) is under SEC investigation.
• Lightsquared’s own financials seem to indicate that the company will run out of money in the middle of 2012.

I predict that Lightsquared is going to die a spectacular death in 2012 and this death will take Philip Falcone and Harbinger Capital with it. Seeing as how Philip Falcone made his fortune betting that subprime mortgages would default, I suspect that there are more than a handful of regulators who want to see him fall.

4) Research in Motion will (dramatically) change its leadership structure

Oh RIM…..

The company that was once a darling of the tech world has lost all of its luster. The once dominant Blackberry now only makes up 16.6% of all smartphones. And the Playbook (aka – the device that could save RIM) turned out to be a spectacular failure.

As I see it, the problem with Research in Motion is right at the top. Defying all logic, RIM continues its practice of having two CEOs. Jim Balsilie is the business guy and Mike Lazaridis is the tech guy. Can anyone out there name another company that has been successful with two CEOs?

Currently, reports are swirling that the two are about to lose their job as Co-Chair of Research in Motion’s board of directors. However, seeing as how RIM stock has increased 5% based on those rumours, I think it is a sign that the markets want a wholesale change at the top. Therefore, I predict that Jim Balsilie and Mike Lazaridis will soon be pushed out of the CEO’s office and into much smaller gigs.

5) Mobile applications will start to fall out of favour

I first wrote about this back in July and have been delighted to see the debate rage around the web. However, I think that 2012 will be the year that mobile application development begins to fall out of favour.

The arguments in favour of the web over mobile apps are numerous and well documented. However, my favourite argument has to do with simple economics and the agile startup. Simply put, if you have an innovative idea and want to start a company, you have an ugly choice to make. You can build something wholly mobile (and immediately have to support iOS, Android and possibly Blackberry/Windows). Or, you can build a web application (complete with a responsive design) and support every single platform with a web browser. The web is clearly the best platform for the agile startup.

While HTML 5 is still not ready for prime time, I have been delighted with some of my recent experiences with HTML 4, CSS and JavaScript. Seems the deeper I go into DOM, the more beauty I see within it!

6) Problems in Silicon Valley

I have never wanted to be one of those ‘the sky is falling’ types. In finance, the sky usually falls as soon as enough people say that it is. Consequently, I always try to be positive about the markets. However, recent goings on in and around Silicon Valley indicate that the tech bubble is about to burst.

2011 was not a good year for tech IPOs. Consider the four biggest IPOS – Zynga, LinkedIn, Groupon and Pandora. None of those IPOs have done terribly well. Problems in the IPO market have a habit of affecting the entire startup market – since IPOs are one of the two primary ways that investors cash in, IPO problems create valuation problems for everyone.

On the subject of the IPO market, I know that almost everyone expects Facebook to go public in 2012. I’m going to buck the trend and predict that they will stay private for at least another year. In my opinion, Mark Zuckerberg made the right decision when he suggested that in 2011 he wanted his people to pay more attention to new products than stock prices. Seeing as how Facebook seems to be facing real competition from Google+, it would be wise to maintain that strategy going forward. Second, he is clearly smart enough to ask, “What happens if Facebook’s IPO busts?”

In my mind, all of this points back to a fundamental flaw within entrepreneurship today. It seems to me that technology entrepreneurs are becoming focused on deals even moreso than technology. When a group of entrepreneurs get together, they tend to talk about things like, “How many times did you pivot?”, “How much money did you raise?”, or “Who lead your round?” Seems to me that technology markets should be about game changing technology, not money…

I have two predictions – first off, the IPO market will fizzle in 2012. Second, the supply of capital will begin to run dry. Third, these factors will get rid of some bad companies, make it easier for good companies to find talent, and improve the technology market as a whole. The invisible hand is a beautiful thing…

Perhaps something positive will come out of this episode. First off, I hope that Ben Gillbanks (who maintains timthumb.php) learned a few lessons about secure programming. Second, I hope that the rest of the online community learned proper zero day procedures. While I give Mr. Maunder all due respect for releasing a much better version of this utility, I really wish he had written this version, then announced the vulnerability.

Timthumb.php has some pretty serious problems which make me question why it was released in the first place. The script has this cute little $allowedSites array which lets users remotely load files from domains like flickr.com, or picasa.com. Not really a bad idea, except the developer decided to use strpos to see if that string appears anywhere in the domain. This means that if you are malicious, you can set up something like http://flickr.com.criminals.com/attack.php and timthumb will fetch the file for you and put it in your cache directory ready to be executed. From a design point of view, this is about as bad a mistake as a developer can make.

As I see it, nobody in this sad affair can go without blame and frankly, I am pissed.

In the developer’s defense, his own site was cracked using this method and it looks like the bug has been fixed. Every developer makes mistakes and I think that if you release something under the GNU GPL, you deserve the benefit of the doubt.

My issue lies with two groups – the theme developers who put this theme in their themes (Google shows ~ 39 million results so you can assume that this library is in at least a few million sites) and Mark Maunder who went public with the vulnerability. In my mind, these people have been negligent.

Consider the theme developers who haphazardly implement this library in their themes. I do a whole lot of work with WordPress and have a simple policy when it comes to plugins and libraries. Before I install anything on my own site, I like to read the source code and figure out how it works. I’m not perfect and I’m sure that I have overlooked security bugs, but I don’t like to install anything unless I have a basic idea of how it works. Why don’t other theme developers do this? This bug is apparent the second that you read the original source code!

And then there is the person who went public with the zero day. In Mr. Maunder’s defense, I doubt he thought his article would make the first page of Hacker News. But, what happened to proper zero day procedures? When you find a vulnerability, tell the developer, give him/her the chance to fix it (or fix it yourself), and go public after a patch has been tested/released. Rather than follow some relatively simple zero day procedures, Mr. Maunder chose to go public with the bug. He is a gifted writer and seems very strong with PHP – his description was so good that it formed a step by step recipe for how to crack WordPress sites. Since his recipe for disaster got so much traffic, he gave legions of criminals a nice guide to attacking websites.

Sorry to write such a negative blog post, but episodes like this make me very angry. Not only did a whole lot of theme developers (many of whom are well known and should know better) install a library with an obvious security hole, but another developer went public with a zero day before a patch was available. Both of these things are poor form. In the future, developers, take the time to read source code before you install something. And if you find a vulnerability in FOSS, don’t tell the whole world – try to fix it yourself and if you can’t, find someone more skilled than you, or let the original developer know. Please don’t go public with zero days – all you’re doing is ruining a whole lot of days and exposing vulnerable users to unnecessary danger.

A number of weeks ago, I read an article on Then Life Happens that shook me to my core. Years of fighting for the homeless had left me feeling…blah. There had been too many fights, too many hurt feelings, and too many problems, so I stopped writing about my friends. But, this particular article revved me up and literally forced me to write a guest post. That guest post was released last Tuesday and, I figure it is time to link to it.

Two surprises came out of writing this article. First, I am surprised by the fact that I am rejuvenated – writing that article was strangely cathartic and…I feel the urge to jump back into activism in a particularly wild and crazy way. Second, I was surprised to realize that Canadian Dimension magazine may be right and I could actually be a progressive thinker. I have always thought that everyone sees the good in everyone, but based on feedback I have received, that trait possibly makes me a progressive libertarian!

Thanks a million, Darren. Being published on TLH was an incredible honour!

First off, on July 28, antivirus maker Avast released an interesting article on the state of rootkit infections. Their findings really shouldn’t be much of a surprise – pirated versions of Windows XP are a major attack vector for rootkit infections. This simple (and fairly obvious) fact leaves me wondering something very important – why don’t the people who use pirated versions of Windows XP switch to a modern (free and more secure) operating system like Ubuntu?

I have been closely following the Airbnb saga for the past week. It began when a relatively old article reached the front page of Hacker News, continued through some awkward TechCrunch coverage, and culminated in a little blowup between Paul Graham and Michael Arrington. I am a huge fan of both Mr. Graham and Mr. Arrington, so reading them spar was difficult, yet utterly fascinating. Then, another similar case came forward and finally, Airbnb did the right thing. Founders – this whole episode is a wonderful learning experience!

Chris Dixon (the co-founder of Hunch/Founder Collective) released a really wonderful article called “The downside of accelerated investment decisions“. From an entrepreneur’s perspective, getting a quick term sheet from an investor sounds like a dream, but Dixon shows how going too fast is bad for both parties. I admire any person who can take my beliefs, urinate on them, and leave me feeling a whole lot smarter for the process.

Finally, my favourite webcomic released an incredibly poignant strip about cancer. Randall Munroe’s (the author of XKCD) fiance was diagnosed with breast cancer last year. My family has been ravaged by cancer and, frankly, this strip is the first time that I have ever read anything that has made any sense. Mr. Munroe nailed what it is like seeing people you love suffer with that vile disease, and for that, I thank him.

The user agent approach to HTML5 feature detection is fraught with problems. But the biggest one was code quality and maintainability. Feature detection via user agent ultimately revolves around a whole lot of ‘if’ statements – if you use Chrome, these features are available; if you use Internet Explorer 9, these features are available and on and on. The problem with that is that HTML5 is a moving target – to keep that library maintained, I would need a team of people constantly monitoring changes in browsers and the degree of support that they provide.

This experience scared me off of HTML5 and, while I continue to work with it to make sure that my skills stay current, I refuse to use it on a production site. As I see it, working with HTML5 is the equivalent of going back in time to the days before Microsoft introduced the DOCTYPE declaration and trying to build a site. At that point, you literally had next to no way of controlling how your page would render on various browsers, so every page you built had to contain a litany of HTML hacks. Pre-doctype page source was ugly and difficult to maintain.

I am sure that some of you are thinking, “Greg, use Javascript to detect features.” That is a good idea, heck, there is even an amazing library available to make that easier. This is a great idea, but Javascript is a major attack surface and frankly, it is not very smart to run every random piece of Javascript you come across.

Another problem I have with HTML5 is that the spec is not complete, so building a page with HTML5 involves a certain amount of trust. You have to trust that the features you include will not change significantly between the date you release and the date that the full spec is released. While I don’t expect any major changes, I have been following the W3C long enough to know that strange things often happen in that organization.

And what about some of the major technical shortcomings of HTML5? Are any of you aware that the <audio> tag does not support on the fly synthesis? This means that trying to program an interactive application (with interactive sound) is significantly more difficult than need be. Currently, the best workaround I can think of involves using JavaScript to dynamically encode buffers in real time! Under the best case scenario, this is incredibly resource intensive. Under the worst case, I can picture this crashing browsers.

Then, there is the <video> debacle. Consider this chart of the various browsers along with the video format that they support:

There is not one single video format that all the major browsers support. So, if you want to use HTML5 video, you have to render that video in two different formats, or a portion of your audience will not be able to view it. Complicating matters, there isn’t a clear choice for one dominant video format. H.264 is likely the best – not only does it have the best size:quality ratio, it is also widely supported by the tools used to make videos. Only problem is, H.264 has to be licensed, so video producers and software developers end up having to pay for it. OGG and WebM are both royalty free, but OGG is relatively inefficient, and both Apple and Microsoft have said they will never implement WebM.

I am aware that my criticisms of HTML5 actually have little to do with the standard and have everything to do with organizations that seem unwilling to cooperate. But, I am a developer who does not develop for specifications, I am a developer who develops for users. And frankly, if you use HTML5, you cannot guarantee that every single user will have a great experience. Therefore, I am going to stick with HTML 4.01 for the foreseeable future.

What would I do to fix this? First off, the browser manufacturers need to budge and be a little more flexible. The video format fight is one example of the free market gone wrong – these companies are so focused on competing that they are actually stifling innovation. Google could lead the way by publicly stepping away from WebM (which it sponsors) and getting all the companies together to build one single video format.

Second, the <audio> API needs a whole lot of work…fast, or we are quickly going to start having problems. Flash is the enemy, but unless we fix some of the problems with the audio tag, there will always a compelling reason to keep using it.