Google Docs lets you upload any file! Really? No, not really.

I decided to give it a try. Sounded cool.


Uh, ok. That doesn't make much sense. Is the limit 250MB or 1MB? Or what? I guess I'll look at the help.

So tell me, how does this reconcile with "Upload any file"? Not a great experience here. Google, I'm disappointed.

Spam now leverages social networks

I've been getting spam lately purporting to be from a former co-worker. Apparently they harvested her MSN Messenger list – it impersonates her hotmail account and sends to my work account.

This was probably due to a virus which hijacked MSN messenger, it's a notoriously problematic service: between the service outages, trojans and viruses, its usefulness is debatable. But even as Microsoft gets its security act together a decade too late, the attack is inevitably shifting someplace else.

With social networking sites asking for email passwords to "import connections", people respond quickly. After all, they say it's safe, and you can always change your password later (but you don't). As it has been pointed out, as an industry we've trained people to type passwords, and that's what they do – whether it's a good idea or not, and that's why phishing is so successful. But once they have your contact list they can keep that forever, and it's a wonderful tool for a spammer.

Facebook and Twitter are unlikely to misuse this data too egregiously, they are connected to real money and companies with reputations to protect. But Pownce, which is going out of business – what about their data? And tacky little utilities like Twitterank which spam your stream, you'd better believe they're warehousing your connections. And your private messages. And everything else. You can put these things together and draw meaningful conclusions about the people involved.

Science fiction has been talking about spambots impersonating your family and friends for years, but now it's happening for real, and expect to see a whole hell of a lot more of it. Expect to start seeing requests from friends and family, asking for money through new and unfamiliar websites (or even familiar websites that have been compromised). Expect increasingly strange and subtle requests: you may not even know what they're really trying to get you to do, or why. In short, this is going to get deeply weird, really fast.

Semantic web startup Twine hard to get wrapped up in

Twine is [yet another] site that offers recommendations for webpages, stories and information based on things that you've read. I've seen demos that are amazing, that pull together disparate threads of data in new and surprising ways. It is powered by some sort of fantastic semantic juju that allows it to create recommendations and connections that simpler probabilistic analyses cannot. Sounds good right?

The problem is that it is just too. damned. much. work. You start with nothing, and have to enter your links, from scratch, one at a time. You don't get any immediate satisfaction. Unlike FriendFeed or SocialMedian, it doesn't just figure stuff out based on your other activity elsewhere on the web. It doesn't even attempt to figure out what you already like. So all of the heavy lifting is left up to the user, and there's no immediate payoff. The new user is left wondering just what the hell this site is supposed to do for them.

So although it probably has good technology, so far it's a failure. If they don't realize that everybody's not suddenly going to start posting everything in their little walled garden with a promise of getting payoff, maybe, someday, they'll be left behind by other sites who have given a great experience out of the gate to new users. Other sites – Facebook, FriendFeed, etc. – can add this semantic hooey to their own sites at their leisure. Sometimes technology really doesn't matter.

Central authentication is coming, and here's a good reason why

Some interesting reading today on OpenID, Facebook Connect, and the dog's breakfast of authentication standards in the market:

Facebook Connect and OpenID Relationship Status: “It’s Complicated” – John McCrea of Plaxo

The authentication landscape appears to be coalescing. I think a lot of vendors will still want to have a "walled garden" ID scheme, but I'm inclined to think their customers will drag them kicking and screaming into a federated identity world.

I have a good reason to think so. People already use a dangerous form of single sign in: they use the same user ID and password across multiple sites. Some day soon an enterprising young script kiddie from Yemen is going to sit down and write a Distributed Identity Theft Attack that will plunder the databases of weak sites (like some forum that you don't even remember signing up for) to take possession of more valuable sites (like Facebook and LinkedIn) and then finally the holy grail (your email account, used to unlock everything else). Nobody, not even Bruce Schneier (by his own admission), has a different password for every site: at best, we have low, medium, and high-security passwords. But if you're using the same password everywhere, you're only as secure as the weakest site you visit, which means gold bars for the putative Yemeni banks.

Also, über-paranoid password complexity and periodic forced password change rules actually encourage people to use a password formula across different sites, and to change only the last character in a preset sequence. They're virtually assured to do so, because security training has taught people to never, under any circumstances, write down their passwords. So a dictionary attack will still work in most cases for the DITA outlined above – forty-seven variants isn't a lot to try, and most sites don't lock accounts for password failure.

So go change your online banking password right now, I'll wait. Don't forget PayPal, too. And Amazon, which holds your credit card info, as does iTunes.

So, we'll stumble along with our user ID (which is, often as not, the email address) and password (same everywhere) until the Russian Business Network strings together some Perl code and causes a smart-spam and bank fraud wave big enough to shake consumer confidence in the web. At the very least, consumers will learn not to trust websites with homegrown authentication. They'll pick one or two big-name vendors they trust.

PayPal iPhone app fails

PayPal iPhone fail
Originally uploaded by celeduc

I tried to install the PayPal iPhone application on my iPhone 3G, and it failed. An unknown error occurred (0xE8000022). Whoops!

This seems to work for other people. Maybe it doesn't like Canadians? I would think even PayPal could come up with a better way of snubbing us, if that's the case.

---

Update: as much as I'd like to blame PayPal for this, it appears to be a common problem with iTunes synchronization. So then I have a question for Apple: if this is happening so much, why is it an unknown error?

Mac OSX is way better than Windows, but unfortunately Microsoft sets the bar pretty low. OSX winning against Windows is like a drunken Björn Borg winning at tennis against a comatose chimp.

Vicious garlic press designed to slice your palm

This garlic press pinches your palm when you squeeze it, making it painful to use. Did they try using the damned thing even once before they started manufacturing it? So much for German engineering.

Amazon not sure if DRM exists

Audible.com, a subsidiary of Amazon, is "agnostic" on the topic of DRM (Digital Rights Management). I wrote them to ask them to follow through on their pledge to remove DRM if people complain, and this is the response I got:

Hello from Amazon.com.

Audible is DRM agnostic -- our primary goal is to offer a great customer experience. Audiobooks purchased on Audible.com can be played on over 600 AudibleReady devices, including Kindles, iPods and most other MP3 players, Tom Toms and other GPS devices, Sonos and other in-home systems, and all PCs and Macs. Unlike DRM-free MP3 music files designed for songs, audiobook files must deliver a unique multi-hour listening experience. Customers have recognized and appreciated Audible's unique listening experience since the company's inception in 1997. Audible is committed to maintaining and improving the features that drive this experience. [Paraphrase: Shut up.]

Audible recently announced that it is working to provide the option of DRM-free spoken word audio titles on Audible.com for content owners who prefer this method and are committed to working with Audible to maintain a great customer experience.[Paraphrase: We're thinking about it.]

Thanks for your interest in Amazon.com and Audible.

Sincerely,

Customer Service
Amazon.com
http://www.amazon.com/

So, being agnostic, they presumably do not deny the existence of DRM, but they have no evidence it exists? Maybe they are just so tied up in the "customer experience" that they haven't thought about it. Well, if there's anything worse than annoying, dangerous and abusive DRM for the customer experience, I can't imagine what it might be.

Feature creep and bloated products

James Surowiecki has a lovely piece in the New Yorker this week about feature creep and bloated software. He talks about the "internal-audience problem":

the people who design and sell products are not the ones who buy and use them, and what engineers and marketers think is important is not necessarily what’s best for consumers

The article mostly refers to physical artifacts, and he doesn't call out the major motivation that feeds software feature creep: the desire for annual upgrades. In the packaged software world you have to motivate customers to buy your product again and again, preferably every year. With subscription-based or free software, you just have to keep up with the competition, but with licensed desktop software you are competing against the version they have already purchased. via BoingBoing

Body Text, Body Text, Body Text, Char

Body Text, Body Text, Body Text, Char
Originally uploaded by PaulSherman.

Paul says:

... how many usability issues can you find in this screen grab? Winner gets two crisp United States dollar bills, mailed to them in a No. 5 security envelope with an Elvis stamp affixed to it. (Fat Elvis only, sorry.)

My seven sins:

1) You can't see what you've selected in the collapsed combobox
2) It is hard to differentiate the styles vs indents vs fonts
3) Are there really as many styles as the scroll bar would imply? Egad!
4) What useful purpose is served by all of the styles being the same on every single line?
5) The combobox droplist obscures the entire window. What was I doing?
6) Provided you were able to select the perfect style, how would you ever find that one again?
7) Type-ahead to match in the combobox is useless if they all have the same label.

and a bonus answer:

8) Aiiiieee! Cash through the mail is always a felonious pyramid scheme used to fund terrorism!

Vista drops another one

Adolfo's continuing voyage into the land of Windows Vista produces the usual endless frozen windows and similar boring frustrations, but every now and then it comes up with something truly inscrutable. Today it squeezed out another little gem:
"What am I supposed to do about this?" Adolfo asked. "What does it mean? Do you understand this?" "Well, yes, I think so, but I'm a developer," I replied. "Well, I'm not a developer! How am I supposed to understand this?" I smiled. "I told you so," I said helpfully.

There are two things that amuse me about the phrasing. First, the accusatory tone of the dialog box is great: "OK, mister wise guy, now you did it, you tried to copy a file without its properties. Let's see you get out of this mess." The second is the window title: "Property Loss". Is he already screwed? Does that mean he can take a deduction on his taxes next year? [I could argue that buying a Vista PC should qualify him as a disaster victim.]

What I suspect was happening was that he was trying to copy files to a network attached storage device that won't let him preserve ownership. Well, so what? It's a computer, it should figure out what to do. Twenty years have gone by, and Microsoft is still using "Abort, Retry, Ignore?" Granted, they have at least swapped out some words, but it's the same error message. And yes, the dialog box is prettier under Vista. I look at this dialog and say "this is what the Mac would look like if it were designed by chimps."

New advertisement opportunity

The article Eyetracking points the way to effective news article design makes some excellent points about how to effectively format information so that people can consume it. At the same time, they show this marvelous picture... which advertiser will be first to buy space in that segment of the uniform, Gillette, Cialis, or Propecia? via BoingBoing.