Monthly Archives: April 2010

The SysAdmin Trap

Terry Childs is Guilty.

In mid-2008, Terry Childs, the (then) System Administrator for the City of San Francisco, was called into a meeting with the COO (his boss); the CIO of the SF Police Department; a Human Resources representative; and, unbeknownst to Terry, by phone, a few of the engineers he managed. He was ordered to share the system passwords for the network. He made them up. Subsequently challenged with this fact, he refused to reveal the passwords, ending up in a city jail cell.

Close to two years later, Childs has been found guilty of felonious computer tampering and faces up to five years in prison (he’ll likely be let off in two, with his racked time counting toward the total).

Open and shut, right?  The city claims, and the court found it believable, that Childs’ obstinate refusal to provide passwords resulted in over $200,000 lost city revenue.  He lied to his employer.  He held the city ransom.

Childs’ defense has always been that he was protecting the city’s network.  He wasn’t going to share sensitive passwords with people who, in his estimation, wouldn’t respect the sensitivity of those passwords, and would likely share them other employees and contractors.

To my mind, while that’s a valid concern, it doesn’t clear him.  He still works for the person who was asking for the passwords, and he was obligated to provide them.

The real crime here, though, is not that Childs’ hoarded the keys to the system. It’s that the meeting occurred at all, and the reasons that it came to the point of a stand-off are all too criminally common.  Was Childs guilty? Sure! But others shared guilt in bringing it to that point.  Consider:

  • The System Administrator reported to the COO.  No CIO? No VPIT? No IT Director?  This means that there was a gap between the absolute tech and the non-technical businessperson, and that’s a critical layer, particularly for an organization as large as the government of a major U.S. city.
  • There were no policies governing use of system passwords. The fact that Childs was allowed to be the sole keeper of the entire network was a lapse in operations that never should have been allowed.
  • Childs was a city employee for ten years.  If there were concerns about his trustworthiness or reliability, shouldn’t they have been addressed earlier in that decade?

All too often, IT departments are isolated from the organizations they serve.  Part of this is due to the nature of technology work and techies — we speak a language of our own; enjoy working with the tools that many people find obstructive and confusing; and the majority of us are not very good at casual socializing. More of it is due to the fact that most people — including the CEOs and VPs — don’t get technology, and don’t know how to integrate technology tools and purveyors into the organization.

But that lack of comprehension shouldn’t be a license for persecution.  Everyone’s a loser here, most personally Childs, but the city suffered from a situation they created by not investing properly in technology.  And, by investing, I don’t just mean hiring the right amount of staff and equipment — I mean that CEOs, COOs and everyone up the chain has to step out of their comfort zone and either learn more; hire staff and consultants to vet and translate; or, optimally, both.  The CEO doesn’t have to be as knowledgeable as Bill Gates, but they have to have educated oversight on how IT is run that “gets” what IT is about and how the technology practitioners operate.

As much as Terry Childs is guilty of a crime, he’s tenfold a victim of one, and it’s a cautionary tale for any of us who work in environments where management is happy to let us build a big, isolated kingdom.

What drove Terry Childs to commit a felony was a crime unto itself.

The Softer Side Of Security

This article was first published on the NTEN Blog in April of 2010.

As the technical staff at our nonprofits, we wrestle with all sorts of complex security concepts: firewalls, encryption, network address translation.

But here are three quick questions:

  • Would you spend $10,000 on a security system for your building, and then set the access code to “12345”?
  • Would you set the administrative account name and password to your network to the same thing that five other companies in your building use?
  • Would you allow an outside vendor to manage your network without sharing the passwords with you or anyone else at your organizations?

I’ve seen all three of these situations occur, the first two at commercial law firms, the latter at a large nonprofit [disclaimer: not the one I work for now!]. There are some infamous and true stories of clever hacking that played on the human side of security, such as the teenagers who took a couple of clipboards and interviewed people in the lobby of a large office building under the guise of a school project, in the process collecting birthdays; kids, spouses and pets names; street addresses — all things people commonly use as the base for their network passwords.

But all of the sophisticated systems in the world offer little more than a swiss cheese defense if we don’t have good organizational policies to address the human side of security. And even that’s a little tricky, as policies that are too complex for staff to easily comply with will be subverted in ways that open more security holes.

A sustainable password policy requires that passwords be:

  • Of a decent length (7-15 characters);
  • Comprised of a mix of letters, numbers, and/or additional characters, preferably with mixed case; and
  • Not be based on data that can easily be associated with the user, such as kids names or the TV show that they often discuss online.
  • They should also n ot be so obscure (as in “6T5re#bb77l”) that they can’t be easily memorized — that’s a recipe for password post-its!

In addition to maintaining a secure password policy (and enforcing it with network policy automation), staff should be resourced with tools to manage passwords.

There are numerous free or inexpensive applications and services that offer encrypted, password-protected storage for the collection of passwords. Looking for the ones that synchronize to a mobile app will add additional convenience.

From the management level, a best practice is for the lead in IT to print all passwords, seal them in an envelope, and give it to the CEO or HR executive at the organization, repeating (with secure destruction of the outdated list) as passwords change. Twice in my career as a CIO/IT Director, I’ve walked into situations where my predecessors left mad, and took all of the system password information with them, leaving me, initially, unable to manage the networks that I’d been hired to oversee. Don’t put your nonprofits work at risk by omitting this type of failsafe.

All of the port blocking, proxy servers and point to point tunneling on earth won’t protect you from the person who clicks on a malicious link in an email. Only education, communication, and support will address those security holes, and no security plan can be considered valid if it doesn’t incorporate policies along with the technical protection.

What’s Up With The TechSoup Global/GuideStar International Merger?

This article was first published on the Idealware Blog in April of 2010.

TechSoup/GuideStar Int'l Logos

TechSoup Global (TSG) mergedwith GuideStar International (GSI) last week. Idealware readers are likely well-familiar with TechSoup, formerly CompuMentor, a nonprofit that supports other nonprofits, most notably through their TechSoup Stock software (and hardware) donation program, but also via countless projects and initiatives over the last 24 years. GuideStar International is an organization based in London that also works to support nonprofits by reporting on their efforts and promoting their missions to potential donors and supporters.

I spoke with Rebecca Masisak and Marnie Webb, two of the three CEOs of TechSoup Global (Daniel Ben-Horin is the founder and third CEO), in hopes of making this merger easier for all of us to understand. What I walked away with was not only context for the merger, but also a greater understanding of TechSoup’s expanded mission.

Which GuideStar was that?

One of the confusing things about the merger is that, if you digested the news quickly, you might be under the impression that TechSoup is merging with the GuideStar that we in the U. S. are well acquainted with. That isn’t the case. GuideStar International is a completely separate entity from GuideStar US, but with some mutual characteristics:

  • Both organizations were originally founded by Buzz Schmidt, the current President of GuideStar International;
  • They share a name and some agreements as to branding;
  • They both report on the efforts of charitable organizations, commonly referred to as nonprofits (NPOs) in the U.S.; Civil Society Organizations (CSOs) in the U.K.; or Non Governmental Organizations (NGOs) across the world.

Will this merger change the mission of TechSoup?

TechSoup Global’s mission is working toward a time when every nonprofit and NGO on the planet has the technology resources and knowledge they need to operate at their full potential.

GuideStar International seeks to illuminate the work of every civil society organisation (CSO) in the world.

Per Rebecca, TechSoup’s mission has been evolving internally for some time. The recent name change from TechSoup to TechSoup Global is a clear indicator of their ambition to expand their effectiveness beyond the U.S. borders, and efforts like NGOSource, which helps U.S. Foundations identify worthy organizations across the globe to fund, show a broadening of their traditional model of coordinating corporate donors with nonprofits.

Unlikely Alliances

TechSoup opened their Fundacja TechSoup office in Warsaw, Poland two years ago, in order to better support their European partners and the NGO’s there. They currently work with 32 partners outside of the United States. The incorporation of GSI’s London headquarters strengthens their European base of operations, as well as their ties to CSOs, as both TechSoup and GSI have many established relationships. GSI maintains an extensive database, and TechSoup sees great potential in merging their strength, as builders of relationships between entities both inside and outside of the nonprofit community, with a comprehensive database of organization and missions.

This will allow them, as Rebecca puts it, to leverage an “unlikely alliance” of partners from the nonprofit/non-governmental groups, corporate world, funders and donors, and collaborative partners (such as Idealware) to educate and provide resources to worthwhile organizations.

Repeatable Practices

After Rebecca provided this context of TSG’s mission and GSI’s suitability as an integrated partner, Marnie unleashed the real potential payload. The goal, right in line with TSG’s mission, is to assist CSOs across the globe in the task of mastering technology in service to their missions. But it’s also to take the practices that work and recreate them. With a knowledge base of organizations and technology strategies, TechSoup is looking to grow external support for the organizations they serve by increasing and reporting on their effectiveness. Identify the organizations, get them resources, and expose what works.

All in all, I’m inspired by TSG’s expanded and ambitious goals, and look forward to seeing the great things that are likely to come out of this merger.

Why I Don’t “Like” Facebook

Big changes are happening at Facebook, and they mean that what you do and say, on and off of Facebook, is now being more heavily tracked and more broadly shared. If you think that your Facebook data is somewhat private — e.g., shared only with friends and people you specify — you are wrong.

Facebook announced dramatic changes in their service at their annual “F8” conference on Wednesday. Facebook used to be a network where you could establish semi-private communities with family, friends and like-minded sets of people. Now it’s an internet-wide info-sharing platform that can keep your friends, and the businesses and advertisers that Facebook partners with, fully briefed on all of your internet-based activities and opinions.

The biggest announcement was the introduction of the Open Graph and the new “Like” buttons for the web at large. Yesterday, you could only “like” or “fan” something that appeared on Facebook’s web site. Now you can “like” things anywhere that the social graph and like buttons are implemented. What you “like” will be shared with Facebook, your Facebook friends, and all of the applications you subscribe to on Facebook, and, depending on your Facebook privacy settings, the world at large.

Also this week, and all of a sudden, despite what you might have confirmed a few months ago when Facebook started this paradigm shift, your likes, interests and job history are now Google searchable. That’s right: even if you went in and flagged them as private, your only way to protect this information, as of yesterday, is to remove it (and wait a month for it to fall out of Google’s cache).

Online privacy is a relative concept

Much of the Facebook privacy that we lost wasn’t real privacy to begin with, because any time you add an application (such as a quiz), that application’s developers have complete access to your entire Facebook profile. Worse, anytime a friend invites you to use an application, that application gets access to your profile. You don’t have to lift a finger to have data that you’ve marked as private shared with strangers; you just have to have friends on Facebook who aren’t thinking that, by inviting you to compare movie favs, they’re telling a complete stranger your gender, age, birthdate, job history, sharing all of your photos and publishing your wall to them.

Why “Love it or leave it” is unfair

I have friends who are somewhat blaze about all of this. After all, nobody put a gun to my head and ordered me to join Facebook. I just got so many requests from friends and family that I caved. And, once I caved, I connected to a bunch of “blast from the past” friends, extended family, former co-workers and current associates. So, now have a real investment in Facebook as a social connector. Sure, if I don’t like these changes, I can just delete my account and be done with it. But I’m throwing away far more than just a social network profile — I’m tossing out my connection to my communities of friends, family and professional associates, who are now expecting me to be on Facebook with them.

I could decide that I don’t like the policies of my local utility company, too, and just cancel my service. But the services they provide enable other services that I want/require as well — such as light, heat, computing, communication. Leaving Facebook wouldn’t be as extreme as canceling power services, but, with 40 million users and climbing, Facebook is like a utility in many people’s lives, and it supports services in such a way that relationships beyond our relationship with the service provider are centered there.

Change Management

This is what is so dishonest about CEO Mark Zuckerberg’s repeated assertion that Facebook is only following the direction of the Internet as an open sharing platform. He is right abut the trend. But this is the equivalent of saying that the trend is now for baggy pants and see-through tops, so all of your clothing has been swapped out in accordance with the trend. The internet is all things to all people, and there are plenty of places on it where privacy and closed community are the norm. Just because the internet is becoming more open, it doesn’t mean that Internet users need to be dragged into this new era.

It all boils into “Opt Out” vs. “Opt In”, and respecting rather than walking all over your customers. Facebook began with an assumption of privacy; changes in that assumption should be acknowledged by each user before they are enacted. Facebook could have easily developed their platform in ways that give users the choice of having open or private profiles. Instead, they’ve simply switched our private data to public without asking if that compromises our security, reputation or preferences. And it doesn’t escape my notice that there’s great money to be made in having more personal info about what I like and who I share that information with.

What you should do if this concerns you

If you went in and verified/altered your Facebook privacy settings a month or two ago, you should make another visit ASAP. Facebook has turned it around. Beth Kanter has a good write-up on what has changed. If you have any custom Facebook Pages, look out there as well — even if you’ve set profile data to private, if you link to any of your profile info from a Facebook page, it will default back to public. Whatever you do with your privacy settings, most of your basic profile data is now public and there is no option to make it private. So review your employment history, “about” and likes sections to make sure that it only has data that you don’t mind sharing with Google searchers and every advertiser on earth.

It all boils down to this

Facebook is now like Twitter and Google, with even less options for privacy than those big public networks offer. This doesn’t have to be a bad thing, it’s just a very different thing, and the crime here is mostly that “F8” and “social graph” are not terms that the vast majority of the 40 million Facebook users are paying any attention to. If you’re reading this, you know better, so you can set your profile up with information that you don’t mind being in the public domain, and you can decide if you’re willing to “like” things on the internet and, thereby, expose yourself and your Facebook community to the demographic analysis and actions that will ensue. I won’t be abandoning Facebook over this, but I’m very restrictive in my use of it, and will continue to approach it with great caution.

Putting The Tech Back In Nonprofit Technology

This post was first published on the Idealware Blog in April of 2014.

We’re all back from the Nonprofit Technology Conference, where nine of the ten Idealware bloggers congregated, along with some 1,440 of our peers in the nptech community. What a gas! NTC, as we call the conference, is what high school would have been like if everyone had been a member of the popular clique. The combination of peer education and celebration of our common interest in saving the world with heart and technology make for an exuberant occasion. And I can’t say enough about the awe and appreciation I have for Holly, Anna, Annaliese, Brett, Sarah and Karl, and the amazing event that they recreate year after year for us.

But, enough gushing. One of my (many) rants regards my concern that, although the biggest group of people that we call “nptechies” are the ones who support technology in their organizations, our biggest nptech conferences focus heavily on social media and the web (NTC, Netsquared, and now SXSW). It is true that the advent of social media and the interactive web is spawning a revolution in the way that we do advocacy and fundraising. But there is no less of a revolution in our server rooms, where virtualization, cloud computing and wireless devices are changing the entire way that we manage and deliver applications.

Our System Administrators, Support Specialists and Accidental Techies need to share in the peer support that can inform their efforts and help them feel more connected, both to their missions and the broader community. This year, in deference to a throat getting hoarse from ranting, I took a first stab at addressing this gap.

The Tech Track

The tech track was conceived as a six session “mini” track; five of the proposed sessions made the cut. The topics went from the basics to the broad overview:

  • Tech Track 1: Working Without a Wire (But With a Net): Dealing with Wireless Networks, Laptops, and Cell Phones
  • Tech Track 2: Proper Plumbing: Virtualization and Networking Technologies
  • Tech Track 3: Earth to Cloud: When, Why and How to Outsource Applications
  • Tech Track 4: Budget vs Benefits: Providing Top Class Technology in Constrained Resource Environments
  • Tech Track 5: Articulating Tech: How to Win Friends and Influence Luddites.

Joining me in these sessions were fellow blogger Johanna Bates of OpenIssue, Matt Eshleman of CITIDC, Tracy Kronzak of Applied Research Center, John Merritt of the San Diego YMCA, Michelle Murrain of OpenIssue, Michael Sola of National Wildlife Federation and Thomas Taylor of the Greater Philadelphia Cultural Alliance.

Subject Matter

Instead of doing the usual Powerpoint presentations and talking to the crowd, we pulled the chairs into circles for these sessions and put the session agenda up for grabs, asking each group what issues, related to the session topic, were foremost in their minds. The conversation was rich, and served as a healthy catalogue of the challenges facing nonprofit technology practitioners. Some highlights:

  • Supporting remote laptop use in a western state with very little wireless bandwidth available
  • Securing our networks while making network data accessible on mobile devices
  • Supporting use of and crafting fair policies to address the boom in mobile devices
  • Understanding the risks and benefits of virtualizing servers and desktops
  • Knowing how and when to virtualize, and how Storage Area Networks fit in the big picture
  • Weighing the risk of cloud computing, which also entails weighing the risks of our non-cloud networks
  • Knowing what to ask a cloud provider to insure that data is safe, even in the case of the provider going out of business
  • Assessing the cost of owned vs service-provided applications
  • Assessing the readiness of Cloud Computing, and moving large, complex server rooms to the cloud
  • Chickens and eggs: what to do when IT is asked to budget, but is not part of the planning process prior?
  • What strategies can be applied to provide good technology with limited budgets?
  • What tools and resources are available to help with the budgeting process?
  • How can we engage our users when we roll out new technology?
  • How do we get them to attend training?

Next week, I’ll follow this up with some of the answers we came up with for these questions.

Adventures In Web Site Migration

This post was first published on the Idealware Blog in April of 2010.

I recently took on the project of migrating the Idealware articles and blog from their old homes on Idealware’s prior web site and Google’s Blogger service to our shiny, new, Drupal-based home. This was an interesting data-migration challenge. The Idealware articles were static HTML web pages that needed to be put in Drupal’s content database. And there is no utility that imports Blogger blogs to Drupal. Both projects required research and creativity.

The first step in any data migration project is to determine if automating the task will be more work than just doing it by hand. Idealware has about 220 articles published; cutting and pasting the text into Drupal, and then cleaning up the formatting, would be a grueling project for someone. On the other hand, automating the process was not a slam dunk. Database data is easier to write conversion processes for than free form text. HTML is somewhere in the middle, with HTML codes that identify sections, but lots of free form data as well.

Converting HTML Articles with Regular Expressions

My toolkit (of choice) for this project was Sed, the Unix Stream Editor, and a generic installation of Drupal. Sed does regular expression searching and replacing. So I wrote a script that:

  1. Deleted lines with HTML tags that we didn’t need;
  2. stored data between title and body tags;
  3. and converted those items to SQL code that would insert the title and article text into my Drupal database.

This was the best I could do: other standardized information, such as author and publishing date, was not standardized in the text, so I left calling those out for a clean-up phase that the Idealware staff took on. The project was a success, in it that it took less than two days to complete the conversion. It was never going to be an easy one.

Without going too far, the sed command to delete, say, a “META” tag is:

/\<meta/d

That says to search for a literal “less than” bracket (the forward slash implies literal) and the text meta and delete any line that contains it. A tricky part of the cleanup was to make sure that my search phrases weren’t ones that might also match article text.

Once I’d stripped the file down to just the data between the “title” and “body” tags, I issued this command:

s/\<title\>(.*)\<\/title\>.*\<body\>(.*)\<\/body\>/insert into articles (title, body) values (‘\1’, ‘\2’);/

This searches for the text between HTML “title” tags, storing it in variable 1, then the text between “body” tags, storing it in variable 2, then substitutes the variable data into a simple SQL insert statement in the replacement string. Iterating a script with all of the clean-up commands, culminating in that last command, gave me a text file that could be imported into the Drupal database. The remaining cleanup was done in Drupal’s WYSIWYG interface.

Blog Conversion

As I said, there is no such thing as a program or module that converts a Blogger Blog into Drupal format. And our circumstance was further complicated by the fact that the Idealware Blog was in Blogger’s legacy “FTP” format, so the conversion options available were further limited.

There is an excellent module for converting WordPress blogs to Drupal, and there were options for converting a legacy Blogger blog to WordPress. So, then the question was, how well will the blog survive a double conversion? The answer was: very well! I challenge any of you to identify the one post that didn’t come through with every word and picture intact.

I had a good start for this, Matthew Saunders at the Nonprofits and Web 2.0 Blog posted this excellent guide. If you have a current Blogger blog to migrate, every step here will work. My problem was that the Idealware blog was in the old “FTP” format. Google has announced that blogs in their original publishing format must be converted by May 1st. While this fact had little or no relationship to the web site move to Drupal, it’s convenient that we made the move well in advance of that.

To prep, I installed current, vanilla copies of WordPress and Drupal at techcafeteria.com. I tracked down Google’s free blog converters. While there is no WP to Drupal converter, most other formats are covered, and I just used their web-based Blogger to WordPress tool to convert the exported Idealware blog to WP format. The conversion process prompted me to create accounts for each author.

To get from WordPress to Drupal, I installed above-mentioned WordPress-import module. As with the first import, this one also prompted me to create the authors’ Drupal accounts. It also had an option to store all images locally (which required rights to create a public-writeable folder on the Drupal server). Again, this worked very well.

With my test completed, I set about doing it all over again on the new Idealware blog. Here I had a little less flexibility. I had administrative rights in Drupal, but I didn’t have access to the server. Two challenges: The server’s file upload limit (set in both Drupal and PHP’s initialization file) was set to a smaller size than my WordPress import file. I got around this by importing it in by individual blogger, making sure to include all current and former Idealware bloggers. The second issue was in creating a folder for the images, which I asked our host and designer at Digital Loom.com to do for me.

Cleanup!

The final challenge was even stickier — the posts came across, but the URLs were in a different format than the old Blogger URLs This was a problem for the articles as well. How many sites do you think link to Idealware content out there? For this, I begged for enough server access to write and run a PHP script that renamed the current URLs to their former names — a half-successful effort, as Drupal had dramatically renamed a bunch of them. The remainder we manually altered.

All told, about two hours research time, three or four hours conversion (over a number of days) and more for the clean-up, as I wasted a lot of time trying to come up with a pure SQL command to do the URL renaming, only to eventually determine that it couldn’t be done without some scripting. A fun project, though, but I’d call it a success.

I hope this helps you out if you ever find yourself faced with a similar challenge.

Hearts and Mobiles

This post was originally published on the Idealware Blog in March of 2010.

Are Microsoft and Apple using the mobile web to dictate how we use technology? And, if so, what does that mean for us?

Last week, John Herlihy, Google’s Chief of Sales, made a bold prediction:

“In three years time, desktops will be irrelevant.”

Herlihy’s argument was based on research indicating that, in Japan, more people now use smartphones for internet entertainment and research than desktops. It’s hard to dispute that the long predicted “year of the smartphone” has arrived in the U.S., with iPhones, Blackberries and Android devices hitting record sales figures, and Apple’s “magical” iPad leading a slue of mini-computing devices out of the gate.

We’ve noted Apple’s belligerence in allowing applications on their mobile platform that don’t pass a fairly restrictive and controversial screening process. It’s disturbing that big corporations like Playboy get a pass from a broad “no nudity” policy on iPhone apps that a swimwear store doesn’t. But it’s more disturbing that competing technology providers, like Google and Opera, can’t get their call routing and web browsing applications approved either. It’s Apple’s world, and iPhone owners have to live in it (or play dodgeball with each upgrade on their jailbroken devices). And now Microsoft has announced their intention to play the same game. Windows Mobile 7, their “from the ground up” rewrite of their mobile OS, will have an app store, and you will not be able to install applications from anywhere else.

iPhone adherents tell me that the consistency and stability of Apple’s tightly-controlled platform is better than the potentially messy open platforms. You might get a virus. Or you might see nudity. And your experience will vary dramatically from phone to phone, as the telcos modify the user interface and sub in their own applications for the standard ones. There are plenty of industry experts defending Apple’s policies.

What they don’t crow about is the fact that, using the Apple and Microsoft devices, you are largely locked into DRM-only options for multimedia at their stores for buying digital content. They will make most of their smartphone profits on the media that they sell you (music, movies, ebooks), and they tightly control the the information and data flow, as well as the devices you play their content on. How comfortable are you with letting the major software manufacturers control not only what software you can install on your systems, but what kind of media is available to them, as well?

The latest reports on the iPad are that, in addition to not supporting Adobe’s popular Flash format, Google’s Picasa image management software won’t work as well. If you keep your photos with Google, you’d better quickly get them to an Apple-friendly storage service like Apple’s MobileMe or Flickr, and get ready to use iPhoto to manage them.

If your organization, has invested heavily in a vendor or product that Apple and/or Microsoft are crossing off their list, you face a dilemma. Can you just ignore the people using their popular products? Should you immediately redesign your Flash-heavy website with something that you hope Apple will continue to support? If your cause is controversial, are you going to be locked out of a strategic mobile market for advocacy and development because the nature of your work can’t get past the company censors?

I’m nervous to see a major computing trend like mobile computing arise with such disregard for the open nature of the internet that the companies releasing these devices pioneered and grew up in. And I’m concerned that there will be repercussions to moving to a model where single vendors are competing to be one stop hardware, software and content providers. It’s not likely that Apple, Microsoft, Amazon, Google or anyone else is really qualified to determine what each of us want and don’t want to read, watch and listen to. And it’s frightening to think that the future of our media consumption might be tied to their idiosyncratic and/or profit-driven choices.

The Buzz Factor

This post was first published on the Idealware Blog in February of 2010.

 

buzz.png
buzz.png

Long time readers of my ramblings here are aware that I drink the Google kool-aid. And they also know that I’ve been caught tweeting, on occasion. And, despite my disappointment in Google’s last big thing (Wave), I am so appreciative of other work of theirs — GMail, Android, Picasa — that I couldn’t pass up a go with their answer to Facebook and Twitter, Buzz.

Google, perhaps because their revenue model is based on giving people ad-displaying products, as opposed to selling applications, takes more design risks than their software-developing competitors. Freed of legacy design concepts like “the computer is a file cabinet” or “A phone needs a “start” menu“, they often come up with superior information management and communication tools.

What is Buzz?

Buzz, like Twitter and Facebook, and very much like the lesser used Friendfeed, lets you tell people what you’re up to; share links, photos and other content; and respond to other people’s posts and comments. Like Facebook, Friendfeed and Twitter (if you use a third party service like Twitterfeed), you can import streams from other services, like Google Reader, Flicker, and Twitter itself, into your Buzz timeline.

Unlike Twitter, there is no character limit on your posts. And the comment threading works more like Facebook, so it’s easy to keep track of conversations.

How is Buzz Different?

The big distinguishing factor is that Buzz is not an independent service, but an adjunct of GMail. You don’t need a GMail account to use it, but, if you have one, Buzz shows up right below your inbox in the folder list, and, when a comment is posted on a Buzz that you either started or contributed to, the entire Buzz shows up in your inbox with the reply text box included, so that continuing the conversation is almost exactly like replying to an email.

The Gmail integration also feeds into your network on Buzz. Instead of actively seeking out people to follow, Buzz loads you up from day one with people who you communicate regularly with via GMail.

Privacy Concerns

Buzz’s release on Tuesday spawned a Facebook-like privacy invasion meme the day that it was released — valid concerns were raised about the list of these contacts showing up on Buzz-enabled Google Profile pages. A good “get rid of Buzz” tutorial is linked here. To Google’s credit, they responded quickly, with security updates being rolled out two days later. I’m giving Google more of a pass on this than some of my associates, because, while it was a little sloppy, I don’t think it compares to the Facebook “Beacon” scandal. Google didn’t think through the consequences, or the likely reaction to what looked like a worse privacy violation than it actually was (contact lists were only public on your profiles if you had marked your profile “public”, and there was a link to turn the lists off, it just wasn’t prominently placed or obvious that it was necessary). Beacon, in comparison, started telling the world about every purchase you made (whether it was a surprise gift for your significant other or a naughty magazine) and there was no option for the user to turn it off. And it took Facebook two years to start saying “mea culpa”, not two days.

Social Media Interactions for Grownups

Twitter’s “gimmick” — the 140 character limit — defines its personality, and those of us who enjoy Twitter also enjoy the challenge of making that meaningful comment, with links, hashtags, and @ replies, in small, 140 character bursts. It’s understood now that continuing a tweet is cheating.

Facebook doesn’t have such stringent limits, but you wouldn’t necessarily know that to glance at it. It hasn’t shaken it’s dorm room roots; it’s still burdened by all of the childish quizzes and applications; and, maybe more to the point, cursed by a superficiality imposed by everyone having an audience composed of high school buds that they haven’t seen for a decade or two, and who might now be on the other side of the political fence.

But Buzz can sustain a real conversation — I’ve seen this in my day and a half of use. Partially because it doesn’t have Twitters self-imposed limit or Facebooks playful distractions; and largely because you reply in your email, a milieu where actual conversation is the norm. This is significant for NPOs that want to know what’s being said about them in public on the web. I noted from a Twitter post this week that the Tactical Philosophy blog had a few entries discussing the pros and cons of Idealistshandling of a funding crisis. But Twitter wasn’t a good vehicle for a nuanced conversation on that, and I can’t see that type of dialogue setting in on Facebook. Buzz would be ideal for it.

The Best is Yet to Come

This week, Google rolled out Buzz to GMail. Down the road, they’ll add it to Google Apps for Domains. The day that happens, we’ll see something even more powerful. Enterprise microblogging isn’t a new idea — apps like Yammer and Socialcast have had a lot of success with it. I’m actually a big fan of Socialcast, which has a lot in common with Buzz, but I was stumped as to how I could introduce a new application at my workplace that I believe would be insanely useful, but most of the staff can’t envision a need for at all. What would have sold it, I have no doubt, is the level of email integration that Buzz sports. By making social conversations so seamlessly entwined with the direct communication, Google sells the concept. How many of you are trying hard to explain to your co-workers that Twitter isn’t a meaningless fad, and that there’s business value in casual communication? Buzz will put it in their faces, and, daunting as it might be at first, I think it will win them over.

Blog Policy on Recent Racist Comments

This blog doesn’t get a ton of comments – the most active posts tend to be the ones leading up to this weeks Nonprofit Technology Conference.  But I’ve been getting a bunch lately that I’ve decided not to post, as comments, at least.  So this is to clarify the comment policy, and respond to some borderline conversational/offensive comments left in the last day or so.

Comments are moderated here, mainly in order to weed out the obvious spam that slips through my Akismet filter on occasion.  I don’t publish spam or link spam, so if you’re one of the people leaving innocuous comments about my writing style, note that I don’t believe that you’re sincere, and I won’t publish your link to your viagra site.

But the comments I received this week aren’t spam.  Instead, they appear to be the work of someone looking to provoke me.  They’re in reply to my post “The Offensive Bardwell Defense“, in which I spoke about segregation, my marriage, and the legal battle to allow same sex marriage underway.  The first message was easy to ignore, because it was pure vitriol, equating my interracial marriage with numerous controversial sex acts.  The writer, one “DMTS” of gmail, followed that up with a more measured comment that, while continuing to make personal comments about my marital status, argued that, while it’s fine for me to “hook up” with people of non-white ancestry, I have no right to blog about it.  “Don’t ask, don’t tell”, as it were.  The full comment went:

“Peter Campbells marriage (if still intact) is just an exception to the way things really work in mixed marriages. I don’t want to deny him any success or happiness with his nice wife and child pictured (great pic btw), but he does not have any rights defending something that is clearly wrong for the majority, when he is in the minority of working mixed marriages(for now). If I hook up with a different race partner, I will just do it, and not advertise it as normal, or make a big deal and use someones legit comment as a scapegoat. WHO CARES ANYWAY PETER? no one is making laws that specify you can’t hook up with dreadlocks, beehives, or skinheads, so what are you worried about? when has anyone persecuted mixed racials? sounds to me you are looking to MAKE TROUBLE by drawing sympathy to yourself that is totally unjustified. Blog about something else that is important, like what your son is planning to do with his future, to help make this a better world without blog script shills making trouble for all races. Shalom”

I’d point out two things to Mr. (I presume) DMTS. The first is that, while he can suggest that my marriage is some kind of exception to the rule, I’m not aware of any evidence that it is.  Divorce is rampant in this country, but I’ve never seen a statistic that suggests that it’s higher among interracial couples than same race. Mr. Bardwell didn’t cite any statistics for his assumptions, either.

The second thing I’d point out is that DMTS completely missed my point.  I used my interracial marriage, and interracial marriage in general, to point out that the same sex marriage debate underway in this country is a parallel, and, as with interracial marriage in the 60’s, the bigots, of whom I assume DMTS counts himself among, are going to lose the battle.  He seems to have skimmed my message and misread my conclusion that this type of bigotry — be it about race or sexual orientation — will be overcome.  It’s a slow process. It clearly still exists, as DMTS chooses to illustrate.  But, today, his attitudes and comments are sad.  In 30 years time, they’ll be outrageous.  Racism and hatred/bigotry based on assumptions about race (or race relations) is on the wane.  Interracial marriage is now accepted in the U. S.. It’s a slower course for a lot of the institutionalized racism in our schools and justice system. But most of the vitriol comes from old, white men, and two trends are clear: whites as a percentage of our population are shrinking, and old people will die sooner than the more enlightened young ones.

As to publishing comments like this: I’m interested in dialogue, and if DMTS responds to this with something that doesn’t use language that I wouldn’t want my Mom (who reads this blog) to see, I’ll certainly approve it.  If he provides some backing for his unverified claims that interracial (“mixed” is an offensive term) marriages are at higher risk of failure than same race marriages, a claim that I find very suspect and unlikely, I might even reply. But if DMTS actually isn’t invested in his arguments, and is just trying to get a rise out of me, it only takes a second to mark a comment as spam.  And rude, unconstructive conversation, like DMTS’s first message, which I will not publish,  is spam here; that’s the policy.