Wednesday, September 10, 2014

Why Net Neutrality is Important & the Great Internet Slowdown

Today, September 10th, is the Great Internet Slowdown, a multi-site protest against the concept of "fast lanes" on the internet.  The FCC is considering this suggestion from Internet Service Providers and this week marks the last days of comments from the public.  This is all part of the broader conversation of "Net Neutrality".

But why is any of this important?  What is Net Neutrality and why are fast lanes bad?

Net Neutrality is the concept that all content is delivered as fast as possible regardless of source, message, or size.

In a world of Net Neutrality, when all hardware is equal, Netflix movies are delivered just as fast as Amazon movies which are as fast as Youtube videos, which are as fast as a Torrent download, which are as fast as any web page download.  The reality is, of course, that different businesses have different infrastructure and deliver content a varying speeds.  The key piece here is that the ISP (Verizon, Comcast, LevelOne, etc) do not discriminate and deliver content as fast as they receive it from the content provider, like Netflix.

Fast Lanes are the concept that content providers can pay a fee to have their content delivered quicker.

Verizon, Comcast, and others have a different vision.  They want to charge content providers, like Netflix or my own company, an additional fee so that our content can be delivered "faster".  In order to have a "fast" lane, you have to have a "slow" lane.  Right now, all the lanes are moving at the same speed, understood to be as fast as possible already.  In practice, anyone not paying the fast lane fee is going to be operating in a more congested, possibly intentionally slow infrastructure.

Verizon would have you believe that they building the internet infrastructure is expensive and to have Netflix or Google, or other sites pay these fees would only be fair so they can offset the costs of delivering their content.

Understand that Verizon, Comcast, and others already have two groups paying for service.  You and I, we pay a monthly bill to pay for cable and internet access, which are essentially the same thing.  We're one group.  If you pay for both, your bill is likely around $100 per month.  There are 279,834,232 users online in the United States.

That's possibly $27,983,423,200 / month spent by Americans for online access.  $27 BILLION.   PER MONTH.  Verizon alone made $60 BILLION last year, after expenses.  Total sales were $120 BILLION.
Sorry, Verizon.  It's tough for me to believe you can't afford to deliver Netflix content and expand the web.

So what's the second group paying for the web already?  Businesses have to pay for internet access to deliver content to the web.  We already pay a fee.  It's not a cheap fee and it increases for every gigabyte of content delivered.  This fee is paid to your pipelines to the web, of which most content providers have at least two.  (For redundancy)

This concept of Fast Lanes mean that not only would my company pay two ISPs, we would then have to add every other ISP to the list of who we pay.  Why?  Because if we want our content delivered quickly on their networks, we would need to pay the Fast Lane fee.

I am highly concerned the impact that would have on my company's bottom line.  Money that is going to ISPs around the country is not being reinvested in the employees or used to add jobs.

Nevermind the impact this could have to small business start ups.  Fast Lanes create a money divider between start up and large corporation.  If you can't deliver your content as quick as your competition, you are already battling from a significant disadvantage.  Especially in a world where speedy delivery is expected.

You need to help
Go here: Sign the letter to your lawmakers. Call your Reps. Call your Senators. We have stopped the government from making bone-headed decisions in the past with the SOPA & PIPA protests.  We can do this again.  We will have to keep doing it until we elect people that understand the web & what the technology means.

Last Thoughts
We wouldn't be having this conversation if competition actually existed in the ISP market.  Unfortunately, most of us live in a location that only has one, maybe two options for internet access.  This lack of competition allows the ISPs to push agendas like this from virtually unassailable positions, forcing anyone that wants access to pay whatever fees demanded.  That the major ISPs are all acting in concert is worrisome as well.  What's more, the motivation is greed, pure and simple.

It's not about providing a better service or building new infrastructure.  It's just about more money going into stake holders hands.  From ours to theirs.  Away from businesses that need to be moving that money into raises or more workers and into theirs.  If their income statements weren't so blatantly fat, maybe there would be argument to be made by the ISPs.  But they're very fat, with nearly 50% margins.  If you have 50% margins, you're not reinvesting your money.

And now they want more.

Thursday, April 3, 2014

On SXSW 2014 : Getting Physical With Software.

Physical software?  I struggled a bit attempting find a succinct way to convey Michael Hendrix's talk at SXSW.  He's a consultant at IDEO and has been investing much thought into this concept of injecting physical metaphors into product design.  Product design in this context was more about things you can touch, not software.

What I'll attempt to do is take these concepts of embodied cognition and the tie between the physical and psychological that Micheal reviewed while applying them to software product design.

What is Embodied Cognition?
First, though, is we need to establish what Embodied Cognition is.  Basically it describes how the physical inputs from your body have a direct, sub conscious affect on how you perceive the things and people around you.  Some examples that Michael reviewed were :
  • Warmth conveys affection, safety.
  • Weight implies quality or seriousness.
  • Cold can mean distant, unfriendly.
Some recent research suggests some ways these can alter our perception.  Put a bunch of strangers together in a room with hot coffee and they'll perceive people as friendly.  Replace the coffee with ice water and a less friendly impression will linger.  Give students heavy clipboards and they'll take an experiment much more serious than if they had small flimsy pads of paper.

In practice, this has manifested itself in various ways.  BMW tightened the hinges on their car doors, giving them a heavier feel and imparting a sense of quality or safety.  Apple stores use high tables, forcing you to lean forward helping to emphasize progress and momentum.  Converse stores have scuffed, slightly worn floors, drawing a parallel to the comfort of a well-worn pair of Chuck Taylors.

Those are all well and good, right?  So how can you take these physical examples and apply them to software?  The obvious pieces are going to be visual parallels that you are likely already aware of, but may not exactly understand why they're better.

Look at these two apples :

Which is more appealing?  Pretty easy, right?  The fresh, plump, clean line apple is much more appetizing, right?  The wrinkly older apple is not very inviting.  So translate these same visual elements to an interface.

You would want :
  • Clean lines (plump)
  • Less clutter (wrinkles)
  • Inviting colors.  (red, green)
The idea is not to make the page look like an apple.  It is about identifying what are the things about a fresh apple that make it have the psychological connotation that it has.

What makes it physically inviting?

This would be a great start for a page explaining why to purchase a product or asking people to join a service.

Practical Application
This was one of those talks that made feel a little silly.  Not because it was incredibly eye-opening, but because this helps explain some fairly obvious trends in design.  I felt silly because I never really connected the deeper understanding of why we find physical metaphors functional in design.  Still, with that realization, there is the practical application of the concept.  Which is made a bit more difficult when you're talking about software.

We can't tighten some bolts to make our software heavier.  But we can include sounds that impart that same feeling.  We can't make our software warmer, but we can use colors and spacing to provide a sense of freshness and welcoming.  Before you can do that, though, you have to decide on what sense you want your software's interface to convey.

Is it warm and inviting?  Serious and strong?  Light and casual?  A method to discover this could be to go to various locations that you get this sense from and consider your software with that theme.  So if I'm building a new dealership management software suite, I might go to an office lobby to find the elements that convey "serious business".

Some serious business happening in this lobby.
From there I then need to boil down the elements of that location which convey those themes and find ways to elicit those same sensory inputs in my UI's presentation.  Maybe it's straight lines, spacing, and a marble-like color palette to give the sense of structure and importance.

Final Thoughts
As the subtleties of this point of view began to sink in, I became reflective on my sites.  They are information dense while having banner ads on virtually every page.  They are more like the wrinkly rotten apple than the fresh inviting apple.  The challenge is to reconcile the two.  How do I present the data that our user's demand but still recall inviting elements to make sure they come back?  Never mind adding the business case to augment existing revenue with additional advertising.

This is why consultants that are really good with UI and UX are paid well.  Anyone can tell you the clean design just feels better to use, not everyone can articulate why they feel better and how to apply it to a new product.

I became most excited about this conversation when I began applying last year's concepts of No UI.  Finding the right visual cues can help keep our interfaces trim and easily digestible.  My goal moving forward with our larger design projects will be finding the right physical metaphors to combine with minimalist interfaces.  There's a good recipe taking form here, particularly as our automated systems continue to improve!

Thursday, March 27, 2014

On SXSW 2014 : Data Privacy after Edward Snowden.

Photo by Jack Plunkett/Invision/AP
First things first:  this post is not a judgement for or against Edward Snowden.  What this is going to be is an analysis of the impact, response, reality of the aftermath of the documents that have been shared, and what we should be doing about it.  There is a direct impact upon the technology community.  One that touches the very basic responsibility we have as the builders and stewards of the software and data that are driving the 21st century's economic engine.

At SXSW, Edward Snowden was present for his interview virtually, using a Google Hangout.  He was piped through seven proxies in an attempt to keep his location as secure as possible.  While this caused the video to be very choppy, the audio was clear.

Christopher Soghoian, a technologist of the ACLU, and Ben Wizner, Snowden's legal adviser from the ACLU, conducted the interview.  Before I dig into the meat of the discussion, I want to level-set the scope of the NSA files released to date.

What has been revealed in the NSA files?
This timeline is derived from the EFF's comprehensive list of events.  I will bold particularly troubling attacks on tech privacy.
The list is extensive and startling.  Having attempted to pay close attention to this issue, I'm sure I experienced some "NSA fatigue" and ignored or missed a bunch of stories.  Now looking back to the actual timeline and information published in the media, my eyes cross and my stomach sinks.  The penetration is thorough.  It goes to the very base of the software in the encryption keys, to the very base of the physical infrastructure in tapping the fiber lines directly.

Slide published by the Washington Post detailing PRISM.
Point One - It's way too easy.
First and foremost, the level of penetration indicates one thing:  it's been too easy.  What's more is that we don't know who else is listening to our data.  And let's be clear, that data represents just about everything:  telephone conversation, email conversation, instant messenger conversation, video chat, what websites you browse and therefore what your interests are, your location, who you pay and how much you pay them, who you associate with, who your friends are and how close you are to them, what products you buy and what stores you buy them from, and what TV shows and movies you like.

It is your identity and the keys to your identity.

That all the NSA, GCHQ, and other agencies had to do was tap into the network reveals a disturbing truth about the internet that we've built:  it's too easy to snoop.  It's incredibly easy to snoop.  The first hurdle for anyone, government or not, to eavesdrop on our data should be how they're going to snoop.  Someone can always tap the physical fiber lines moving data between servers.  That so much of the data is "in the clear" is the problem.

Even Google was caught with its pants down.  Nevermind Yahoo! and Microsoft.

We should be encrypting everything.  Yes, the NSA has the keys to the RSA , who provides many of our encryption keys.  But now that we know, separate groups can begin providing them - groups not affiliated with any particular government or corporation.

This is, in fact, what's happening.  Mr. Soghoian pushed the point that these revelations have radicalized segments of the IT world.  Individuals are building better systems to provide better data  privacy.  In his words, there are lots of engineers that are "pissed".  It should be very hard for the government or anyone to siphon any meaningful data from our networks.

This quote stresses this:  "data should not be collected without people's knowledge and consent."

More importantly, perhaps, is that decryption does not scale.  The amount of compute cycles needed to decrypt a message without the key is vastly greater than that needed to encrypt it.  As the amount of encrypted data increases, the computation horse power needed to brute-force decrypt all of it rises exponentially.  It is our greatest defense of our digital presence.

Point Two - You Are Stewards Of User Data.
To bring this back home to the "every man" working for some web/mobile app company, we need to clean up our acts.  Snowden stresses the point that Privacy should be first and awareness that we are the stewards of our user's data should be second in how we construct our systems.

Once a user gives consent to hand their data to us, it is our responsibility to protect it.

We do this by only asking for the minimum data we need to perform our services.  Only retain that data for the minimum amount of time necessary.  All of the data we collect should have a time to live attached to it.  Once that time frame has passed, the data is purged.

The crucial point here is:  encrypt everything and all data expires.

This helps secure our user's privacy and security not just from a government agency, but also anyone who may break into our systems.  Let's not forget what happened to Target.  We have a tendency to think that once inside our firewalls, all data is safe.  Target's failure indicates that once a malicious organization gets past your firewall, they can very easily cause catastrophic losses.

NSA slide published by Washington Post detailing how they are syphoning internal Google data.  Note the SSL encryption note.
Point Three - Google is not your friend.

I use quite a few Google products and while this point seems obvious, I found it eye-opening.  Google is what?  An advertising company.  By nature, Google's goal is to analyze your behavior and expose that data to various services.  At some point using those services you are served advertisements.  That is, after all, how Google makes their billions, right?

This inherently makes their software vulnerable to attack.  Google would never build a browser that provides end to end encryption.  If they did, they couldn't read the data being sent back and forth and build an analysis of your habits.  It would make Google Now useless.  GMail could serve no advertisements to you.

I use Google as an example here.  Microsoft, Yahoo!, neither of these guys are really our friend either.  It is going to take some group in the tech community to get together and build an OpenSource end to end encrypted browser.  If Google or IBM were to take on this task, as Mr. Soghoian stressed, you better believe that it will not be free.  They would have to make up the lost revenue dollars somehow and charging a monthly fee for access to the software is a likely avenue.

Point Four - The NSA is too focused on cyber-offense and not on real-world clues.
This portion of the conversation elicited some groans from the audience.  Snowden was making the point that the NSA's single-minded focus on gathering as much data as it could has made it blind to the data that matters most:  what's happening in the real world.  His argument followed these lines :

Before the underwear bomber ever got on a plane, his father went to the United States embassy and told them to watch his son and get him help.  Before the Boston bombings, Russia told the U.S. Government to watch Tamerlan Tsarnaev.  What the NSA should be doing is working to make our networks the most secure they can be.  Instead they're focused on weakening them through back doors, compromised hardware, and direct taps.  Perhaps if they worried more about security than attempting to gather every piece of data they could, strong signals like those from the underwear bomber's dad or the Russian's embassy would not have been ignored.

With two reports, one from left-leaning New American Foundation and the other from the right-leaning Hoover Institute, having come to the same conclusion of the system's ineffectiveness in stopping any terrorist attacks makes one wonder at the the amount of money spent and scope of the data collection.  The processes have borne no fruit and yet we are spending 55 billion on them?

We should focus those dollars on a more-secure internet and real-world police work, not exploiting every vulnerability that can be found.

Point Five - Why is all of this bad?
The question came in from the audience:  "Why is it bad for a government to have your private data, but okay for a company?"

The answer came in two parts, the first from Snowden:  governments can take away your Rights, companies cannot.  Google can't send the police to your home for violating some new law, but the U.S. Government could.

The second part of the answer is that it's not good for corporations to have all of your data either.  If their systems become compromised, there goes your data and maybe your identity.  Which is exactly how the NSA and other agencies around the world have acquired these vast amounts of information.

Don't forget that even if you're okay with who is running the government today, you may not tomorrow nor do you know what laws may be passed tomorrow.  The only way to be truly secure in your privacy is for your data to not persist anywhere.

Point Six - Change starts with technology.
Snowden and Soghoian stressed this point several times.  While there is certainly a political response necessary to unfettered government access to our data, the primary response will come from the technologists.  It will be us who constructs secure systems to ensure the privacy of our data.  If we improve our standards, then it won't matter who is trying to access our data, it can remain secure.  We'll be the ones who build the next generation browsers and network protocols.

It was this point that Snowden said is why he spoke to SXSW Interactive.  It was the best way to reach the most technology professionals and send this specific message.

This point resonated with me.  There's a cultural change that needs to happen in technology.  Security and privacy cannot be tertiary thoughts.  It has to be our primary thought in our designs.  Those measures have to be agnostic of who is trying to access the data.  Our Right to Privacy is not just privacy from a neighbor, it's privacy from anyone, including the government.

Closing Notes.
Snowden ended the interview on an interesting note.  I'll share the quote (with link to clip) :
"...the interpretation of the Fourth Amendment has been changed - in secret - from no unreasonable search and seizure to 'hey, any seizure is fine, just don't search it' and that's something public ought to know about. "

Just this month Google has finished updating their infrastructure to encrypt all of the internal data.  Earlier last year Yahoo promised to do the same by March of this year.  Large American tech companies have faced significant losses and are spending billions to move their data centers off of U.S. soil.  These disclosures will continue to reverberate throughout the technology, political, and economic worlds.  The pressure has pushed the United States Government to consider ending its bulk surveillance.

Regardless of what you think of Snowden, these reverberations, while painful in the short term, will only make our software and networks more secure.  The better they become, the more secure we can feel about our online privacy.  Our "papers" as referenced in the Fourth Amendment have evolved into digital documents and correspondence.  They should be as private as the same papers that are sitting in your filing cabinet, free from search and seizure.  They should be as private as the letters you put in the mailbox.

We technologists are in a very unique position to shape the digital future.  We should be thinking of and implementing methods that can improve our privacy and the security of our networks rather than waiting for a political response.  It is clear that the government will break the rules in secrecy to get what they want.  If we want to defeat that we need to build better defenses so no one can collect our digital identities.

It starts with you and me.

Interview Video

Monday, March 17, 2014

On SXSW : 2014 Retrospective

This year's SXSW Interactive was a unique opportunity.  It was an opportunity to experience Neil deGrasse Tyson's enthusiasm for science, to see and listen to Edward Snowden's first public interview, see Adam Savage be quirky and engaging, and as always, open my brain up and let people dump things in.

These retrospectives help me filter out all that was poured in and find some of the key nuggets within the themes.  Each person's SXSW is a little different:  an amalgamation of the talks they listened to and who they met while experiencing the night life.  Still, given that, there are themes that resonate through-out the experience that you'll hear talked about whether on the shuttle ride or over the tables at the food truck court.

These themes fell into these categories:
  • Privacy of your data.
  • Where are the Apps and Responsive design.
  • Wearable tech.
  • Continuing Simplicity.
  • Experiment. Be scientists.
As usual, I will write some deeper dives on each of these following this summary!

There is a renewed focus on privacy, specifically privacy of your data.  With figures like Julian Assange and Edward Snowden making live virtual appearances, it would be hard to say that privacy wasn't a major theme for SXSWi 2014.  Both of these names tend to polarize individuals whether you believe them traitors, patriots, or something in between.  I won't comment on that, but what I will comment on the effect of Wikileaks and the NSA files have had:  technologists are pissed and are actively working to build better security solutions.  Perhaps one of the more salient points made by Snowden was that it wasn't difficult for the NSA to start vacuuming up data from across the web.  That was easy.  The hard part is processing the data in a meaningful way.  That there was little challenge in seizing the data means that many of us have failed in our roles as stewards of user data.

Photo by Jack Plunkett/Invision/AP
This isn't just a message about governments, but about corporations, too.  What are you doing to better secure your user's data?  Do you delete it when you're done?  Do you only ask for and keep the absolute minimum that you need?  Is it encrypted?  These should be active questions for all of us, whether we're writing the code, managing the data, or designing the interfaces.

An additional point driven home:  while a political change is necessary, more so is a change in the technology and its standards.  The drivers of that change to secure our data will be thought-leaders in technology.  Whatever the politicians do, we need to push the boundaries on security.

Not just because the NSA may be spying, but because anyone may be spying.

Apps or Responsive?
Noticeably absent were big pushes for Apps.  While people talked about building Apps in a greater context, the "Oh my God, you must have apps!" reaction has passed.  In its stead is a cautionary tale about company after company that has built an App for one reason or another and not gained any tangible benefits.  And don't forget the hassle that App approval presents.

Many companies have built whole teams centered just on App development, sunk gobs of cash, and haven't realized a windfall of money or users.  People are still trying to figure out what the rules are around what to build and what not to build as Apps.  This is leading towards a trend of building flexible, scalable sites using Responsive methodologies as a stop-gap.  Even then there is sub-context since most Responsive techniques are fairly immature and certainly not optimized for speed.  While most technologists today will tell you to build Responsive, there are arguments to be made for device-optimized sites.

The biggest concern around device-optimized sites is the scalabilty of maintenance.  With the growing number of wearable devices coming, can you reasonably build for each device you want to be available on?

Which leads me to...

Wearables, Wearables Everywhere
Shocker, right?  Not likely.  With numerous conversations about wearable tech, there is definitely an air of excitement around the potential.  But the experience with Apps has left many people cautious.  A common thought in conversations around SXSW was that wearables will be awesome once dynamite Apps are built for them.  But who is building the Apps?  The software community is cautious while the hardware community is bullish.

The end result, I'm predicting, is not going to be good for many of the wearable manufacturers.  The ultra-specific devices have to be incredibly good at their one task to remain relative.  How many of you, or people you know, jumped onto the FitBit band wagon only to ditch it after a few months?  This type of use and discard mentality is a carry-over from the Apps phenomenon.  Apps that did their job very well stick around on your device.  Those that don't or lose novelty collect dust until they're eventually deleted.

Therefore most of the software people are adopting a wait-and-see approach.  Don't get crazy trying to be present everywhere.  Be selective and husband your resources.

Simplicity, assisted by Body Cognition
Last year I was rather impressed with the combination of AI advancement with the No UI movement.  The crossroads of those axis of advance is a nice sweet spot where good software delivers relevant services without requiring much interaction from you.

A great addition to this No UI concept is the integration of Body Cognition principles into the design of software.  Body Cognition is the science investigating how physical inputs to your body influence your perceptions at a subconscious level.  I'll do a whole lot better explaining this by using some examples.

Being in a room of strangers with a warm cup of coffee is more likely to make you more comfortable than if you had ice water.  A heavy clipboard and lab coat is more likely to make you take a science experiment more seriously than if you just had a notepad and board shorts.

When it comes to software, this is more about pleasing visual cues or cues that evoke other physical senses.  Clean, fresh lines and colors are more likely to be found attractive than a messy, disheveled presentation the same way a fresh apple is more appealing than an old one.

Applying this line of thought is a challenge for me.  With sites that are data-heavy, finding a "clean" presentation that is also informative is not always straight-forward.  Applying some of these ideas can help make the optimal path a bit more obvious.

Science means experiment, experiment, experiment!
If there is anything Neil deGrasse Tyson and Adam Savage represent, it's the scientific method.  Their keynotes spent a bunch of time talking about this and stressing why it is important for our future.  Adam took it another step forward emphasizing that Art is Science and Science is Art, that one cannot live without the other.

A few of you may roll your eyes at this, but he has a subtle point.  The scientist cannot create a hypothesis without being creative enough to think of one.  The artist cannot find what is most pleasing to them without trying different techniques.  In my business we exercise our creativity every day - whether designing a new interface, data model, architecture, or attempting to find a solution to a bug, it's creative thought that drives.  It's the scientific method that takes a creative idea and molds it into a design pattern.  It's the computer science that optimizes its performance.

This means you have to experiment and allow your teams to experiment.  Which also means you may have to budget some padding for that experimentation time.  Scott Cook of Inuit fame encourages this behavior in his development teams.  With a business infrastructure designed around percolating the best ideas into experiments, they spend significant amounts of money/time testing ideas understanding that the end result will be a better product.  The success of TurboTax and QuickBooks speak for themselves about the potential of this type of business management.

At the end of the day, as Neil stated, we can only be a competitive nation in the 21st century if we continue to teach science and be scientific minded.

Other Details
There were several other interesting talks I sat in.  One had the first 3D-modeled live fly-through of an active human brain.  There were a few API conversations that had some tid-bits to bring back.  I'll try to wrap these up into a "miscellaneous" post.
A GIF of the 3D active brain-fly-through.
All in all - another fun & challenging SXSWi, despite the ridiculous traffic!