HeartBleed in the Wild | Sucuri Blog -
Surprisingly there are still a bunch of in patched Heartbleed servers in the wild, 20k+ of the top 1MM sites on the Internet are still vulnerable.
I think the next version of Chrome should keep a cached copy of unpatched, popular servers and show me an interstitial warning before I attempt to login to any Heartbleed-exposed SSL server.
Traffic to unpatched sites would plummet, which would motivate webmasters to patch faster.
Plant Breeders Release First 'Open Source Seeds' : The Salt : NPR -
This is the most interesting thing I have read in months. Farmers are starting an open source seed movement in response to the Monsantos of the world turning plant line perpetuation into private property.
The open question in my mind is if phenotypes will be patentable or not. If so, the open source seed movement might hit headwinds against properties like Roundup resistance.
We live in the future!
Inspired by 1800Contacts’s advertisement for their mobile ordering app, I find it funny when companies are anachronistically named after their outdated distribution channel… or when named for a product that’s no longer relevant to the company’s revenue.
Even companies whose corporate names end in “.com” fall into this bucket in an increasingly mobile app driven world.
In a very short # of years, every book publisher that uses the word “Press” in their name will look antiquated, when pressing ink onto thin slices of dead trees fades as the popular distribution channel for text.
I finished Nassim Taleb’s Fooled by Randomness last night. Here’s some relatively unrelated thoughts:
1) Most of the anecdotal stories of trading failure in this book stem from people that thought they were making very safe, relatively small, repeatable profits… and doing so millions of times, unaware of the actual small probability of a catastrophic downside event. This was interesting food for thought in the context of my job. As a VC, the worst I can do in an investment is lose 100% of my investment, and unfortunately (with much emotional pain) this happens with reasonable frequency. In exchange for this risk, I am (hopefully) making investments with uncapped upside. In both upside and downside scenarios, my business of investing is contrary to many of Nassim’s fools.
However, I could still easily be fooled by randomness because I am only describing the possible end states of a given investment (1X loss, unlimited upside), and without a probability distribution to map against it. The distribution of these outcomes means *everything* to returns.
2) Nassim is a trader himself, analyzing his trading peers in a world of traders. He doesn’t believe in the value of technical innovation (he said something like (paraphrased) “for every innovation like the Automobile or Internet, there are thousands of failed technologies that waste our time.”) In trading Nassim is focused on reliably making money over the long run, without embracing underlying innovation or growth in production.
By contrast VC investing is different. VC is a much longer time horizon than most trading, and will only be successful if there is material growth in innovation and productivity in the startups being funded.
I’d love to see Nassim take his (highly skeptical) probabilistic lens and apply it to the world of investing as opposed to trading… perhaps he has already done that in a subsequent book I have not read.
3) Every time you hear mention of an average or expected outcome, this should trigger your Spidy senses that there is an implied probability distribution around this average and the shape of that distribution is far more informative than the average itself. Often times, the shape of this distribution will be Normal (aka Gaussian)… But when it isn’t, your assumption can bite back.
4) Nassim regularly gets up in front of his boutique investment firm and states quite simply (paraphrased): “We are idiots and know nothing. But we are blessed with the self-awareness of our limited knowledge, which makes us better than most other investment shops out there.”
I love this approach of perpetual humility as a “first principle” foundation to intellectual curiosity. I strive to be this humble when speaking of my own positions and ideas (and would not be so brash as to assume I hit my goals of humility all the time… I’m sure overconfidence slips past me on occasion).
5) Lastly, I took the whole book with a grain of salt because it must be exhausting to be a perpetual skeptic. Here’s Nassim on his own weakness in the face of an emotional response to randomness: “My humanity will try to foil me; I have to stay on my guard. I was born to be fooled by randomness.”
Yelp just launched the ability to search via Emoji… this is crazy. I feel like this is the kind of thing I’d read in a sci-fi novel. Kinda like a not-so-dark version of Newspeak emerging as a popular form of communication.
Yelp - Let’s you use emoji to search for businesses.
The #1 way iOS mobile applications reactivate their userbase is through push notifications. But not all users are willing to turn push notifications on. Does anyone have best practices or examples of applications that do a *great* job of getting their users to allow push notifications?
I’ve seen a few examples of apps that use a page during the sign up flow to justify to a user why accepting push notifications is a good idea, and only once this page is completed does the app launch the “accept push notif?” modal dialogue box.
Anyone have tips or tricks beyond this smart (but simple) low hanging fruit?
The hardest part of getting your users to accept push notifs is that you only get one shot. If the user declines notifs initially, you cannot reprint the user later. You need to use copy to beg them to go into iOS Settings and manually enable notifs. It’s an incredible high hurdle of activation energy to clear and I imagine once a user initially declines notifs it much be nearly impossible to get them to activate later.
So, best examples or best practices anyone?
This new “cinematic VR” company Jaunt that Redpoint recently funded looks interesting. They’re making a camera that will take 360 degree video, which can then be viewed using 3D headsets like the Oculus Rift.
I have not used Jaunt, nor have I ever seen real video through 3D goggles. On the surface one challenge they’ll have to tackle is camera movement and its effect on the viewer. When I make a decision to move myself in a 3D world, it’s less jarring then when my view moves for me without my control. So, if you put a Jaunt camera on a dolly or a set of rails while shooting, it might not be easy to consume as a viewer.
When I first saw this technology in a news post online, I started to wonder how actors and storytelling would have to be modified for immersive 3D consumption. To date, 3D gaming has largely failed on this front. When its storytelling time in a 3D game, game designers do one of two things: A) lock my camera position to force me to watch the cutscene without control, which is boring and breaks the immersive effect or B) let me run around the scene without being locked in, which means I invariably see the scene from a bad angle and miss half the action. Neither option really works well.
I think Jaunt (and other forms of immersive 3D storytelling) could learn a lot from Sleep No More, which is a staging of MacBeth in the fictional McKittrick Hotel, where the audience runs around from room to room as the play happens all around them. The design decisions that Sleep No More had to make might translate well to a digital 3D staging.
Brendan Eich stepped down last week from the CEO of Mozilla post, due to the controversy over his support of Prop 8, California’s anti-gay marriage legislation.
I don’t use Mozilla products anymore and have not for awhile. On a Mac my primary browser is Chrome and my secondary browser is Safari (for when I need new cookies, primarily). I know that Mozilla has done a lot to contribute to the open standards I use on the web, and they are a great voice for open source culture. But that said, the boycott of their products last week (such as OKCupid encouraging its users to drop Firefox), was a surprisingly impactful (from a media perspective) move given that Firefox seems to be ceding market share naturally anyway.
There is no shortage of political conservatives in the Valley, and the attention on this one conservative (Brendan) in particular is interesting to me, especially given that the larger problem at Mozilla is its waning influence. The focus landed on Brendan more than most Valley conservatives because he was trying to lead a company where his personal politics contrasted the politics of most of the employees, Board, and open source community he was trying to lead.
If Brendan were trying to build a company from scratch, there were be a natural process of selection where he would end up recruiting people that were ready to follow his lead. But, taking charge of an organization that has been infused from the start with a more liberal ethos proved too difficult.
This is instructive to any management change, and it’s not limited to issues of personal politics. A Founder infuses a company with his or her own DNA. Any future leader of the company has to make a similar impression upon the company (read “impression” as a molding of wet clay). The new leader must take the prior DNA, carry it forward, and simultaneously infuse some new piece to make the company reinvigorated and new.
The inheriting company leader can’t use just a partial piece of him or her to make the impression… it has to be 100%. There is little work/personal separation in leadership; what a leader does outside of a job is just as instructive to his or her employees as what happens in the workplace.
I have never worked at Mozilla and have no interaction with their employees, so I can’t really *know* anything about this situation, but observing from the outside, this feels like a failure to carry forward the company DNA.
The Mozilla I nostalgically like to remember is the one that pulled off the David and Goliath impossibility of dethroning Internet Explorer’s dominance in a completely scorched-earth market, battling uphill against monopolistic lock-in. The NYT two page ad was a high-water mark for me in this impossible mission. This is the Mozilla I’m rooting for, and I hope they can find a leader that can embrace this core founding DNA while also adding a bit of his or her own in the right direction.
How I Hacked Your Router -
This link is an entertaining step-by-step walkthrough of how a hacker took over another hacker’s computer, via the combination of a security hole in a router and also a bit of social engineering. I don’t pretend to have ever been a hacker, but the read certainly has some verisimilitude that resonates with my (modest) technical background.
I’ll definitely think twice before clicking on another LinkedIn invite in my inbox.
It feels like information today is *less* secure than the days when Nixon’s henchmen had to rummage through a DC office in the middle of the night with flashlights. Securing a physical document is far more intuitive than securing a digital document, mainly because people carry physical security analogies into the digital domain, when they don’t necessarily apply.