Time to secure your website with an SSL EV certificate

This post is going to be a bit more technical than the most, but I will try to keep it as simple as I can. Last month I wrote about how domain owners can mask their identity by purchasing extra-cost private domain services. Today I want to talk about the opposite: where domain owners want to prove who they really are by making use of special encrypted certificates, called Secure Sockets Layer Extended Validation or SSL EV certs. It is something whose time has finally come.

One of the many problems with the average website is that you don’t necessarily know if the server you are browsing is for real or not. Scammers do this all the time when they send you a phished email: they copy the “real” site’s images and page design for say your local bank, and then try to trick you to login using their scammy page, where they capture your credentials and then steal your money. Rinse and repeat several million times and even if just a few folks take the bait, they can grab some significant coin.

So along came the SSL certificate many years to try to solve this problem. They did, for a while, until the scammers figured out a way to spoof the certificates and make it look like they came from the “real” site operator. So the certificate issuers and several other interested parties got together and formed two efforts:

First was a standards body where they would up the ante for how certs were vetted, to make sure that the real owner was who they say they were. This involves checking the domain ownership and making sure there actually is a Real Corporation (or some other trackable entity) behind the Internet registration. Now there are three different levels of certs that are available: the regular, old-school cert called domain validated (DV), a medium grade one called organization validated, and the most stringent of them all, the EV cert. Only the EV cert will turn the URL address bar of your browser green, showing you that you are connecting on the real site. Steve Gibson has a nice explanation on his site of how this works under the covers and how it is tamper-proof, at least so far.

That is nice and welcomed, but the second effort is also interesting, and that is a non-profit corporation is just getting ready to issue their own SSL certs for free. Called the Let’s Encrypt Project, they have begun with a few test accounts and will be ramping up over the next couple of months. The cost is nice — some of the issuing authorities such as Thawte and Digicert charge $300 per year for their SSL EV certs, and GoDaddy has recently discounted their SSL EV certs to $100 per year. (Wikipedia has a more complete list of those vendors that offer the EV certs.) But the real issue is that installing the certs is a multi-step process that requires some care. If you don’t do it very often (and why would you), it is easy to mess up. The Let’s Encrypt certs are supposedly easier to install.

One downside is the free Let’s Encrypt certs aren’t EV-class ones: they are just the old school DV low-level certs. So if you are serious about your certs and want that nice green label in your browser, you still have to buy one. But at least the issue has been raised, and one of the reasons why I am writing about this arcane topic today. If you own a domain and are doing ecommerce from it, look into getting at least the free certs when they are available or pay for one of the EV models.

Looking back: the art of the interview

We are gearing up, here at Strom Galactic HQ, for a massive anniversary celebration next month. I am sure you have all marked your calendars for when Web Informant turns 20. It is hard to believe that I have been writing these columns/blog posts/whatever for so long.

This week I wanted to talk about a few of the influential people that I have met down through the years. They were the industry luminaries that played pivotal roles in the development of the tech industry. In those early days, it was quite easy to call someone up to get a quick quote, but I am talking about people that I had more of a relationship of mutual respect and understanding, people who had big ideas and shaped the course of products that we use today, and people who I have interviewed over the course of time.

One resource I want to point out is the nearly 100 MediaBlather podcasts that Paul Gillin and I produced during the late 2000’s. We interviewed many of the leading marketing and social media experts of the time and had a lot of fun producing these programs. Paul worked for many years at Computerworld and started Techtarget before striking out on his own and writing several books.

Here are some of my favorite interviews, in no particular order.

Mark Cuban is better known today as the owner of the Dallas Mavericks and his time on Shark Tank, but he was quite influential in the early days of the PC networking world. Here is an interview that I did with him in 2007, where he talks about his HDnet project.

Vint Cerf was one of the most refined gentlemen in our industry, always impeccably turned out and always managed to be both serious and playful and being able to say in a few words what many of us couldn’t articulate in whole paragraphs. I have met him at various times down through the years, while he was inventing key Internet technologies. This interview is from 2005 when he was just starting at Google.

Adrian Lamo was one of the key players in the Wikileaks/Manning case. Before that happened, he was in trouble with breaking into the proxy servers of numerous businesses. He actually stayed with me back before couch-surfing was a thing in 2002, here is a recorded interview I did with him in 2011.

I first met Professor Tom Schelling of Harvard back in the early 80s when I worked with on a project way before I was in the tech industry. I wrote about my experience here after he won the Nobel in Economics. If you haven’t read his book The Strategy of Conflict it is well worth your time.

Phil Dunkelberger has been around email and encryption for decades and I have spoken to him numerous times. Always a fountain of wisdom. Right now he is leading the FIDO authentication effort. Here is an interview that I did in 2005.

John Patrick helped build IBM’s Internet business and now serves on numerous tech company boards.  Here is a story from a visit to his house, one of the first very “smart homes” that I saw back in 2004. People are still figuring out how to implement things that he first thought of then.

Here are a few of the people that have been taken from us: There was my remembrance of Ray Noorda, the head of Novell, who died in 2006. Ray was far from a perfect leader but someone who moved mountains and was a key player in getting local area networks established in businesses in the late 1980s. And Garry Betty, who died in 2007 from liver cancer and was a key player in Earthlink, DCA, and Hayes modems. Another early cancer victim was Ed Iacobucci, who died in 2013 and was behind the early IBM PC, Citrix, and NetJets. I was very lucky to have spent the time that I did interviewing each of these guys, and learning about their products, passions, and people that they mentored in our business.

So yes, it has been nearly one Web Informant every week. Many of you have been readers from those early days, and I thank you for sticking with me. I would encourage you to put in the comments your memories of your favorite column or moment when we’ve met.

A look back with Web Informant (1996): Lessons Learned From Web Publishing

Nearly 19 years ago, I began writing a weekly column called Web Informant that was first exclusively distributed via email, then via various other technologies including a blog, push technology, and syndication to a Japanese print newspaper. It has been a wonderful journey, and hard to believe that it has lasted all this time. I first wanted to thank all of you readers who have stuck with me, sent me comments and encouragements over the years.

Over the next year and leading up to the big 20th birthday celebration, I thought I would resurrect a few of my favorite stories and see how well they have held up over time. This first piece was published by John December in a journal called Computer Mediated Communications back in May of 1996. My current commentary is in brackets so you can distinguish between the original me and the current me.

After writing and editing print publications, I threw caution to the winds last fall and put up my own website. I’m glad I did and have learned a few lessons along the way that I’d like to share with you. Here goes.

  1. Print still matters: it has the vast majority of advertising and is where the attention in our industry still lies. The industry still defines itself and pays attention to what these trade publications print. [Back in 1996, I mentioned one story that the online press did a better job than print in covering, that is still true today.]
  2. You may think otherwise, but the best way to get the word out about your site is for others to provide links on their Web sites back to yours, what I call inbound links. [With all the SEO expertise out there, this is still true today.]
  3. It is a good idea to review your access logs regularly to determine frequently-accessed pages, broken links, who is visiting, and when you have your peak periods. These logs are your best sources for measurements of success and a good way to figure out who your audience is.
  4. Community counts. If you are going to start a successful Web publishing venture, make sure you have a good idea whom your community is. By community I don’t just mean reader/viewers–I mean the entire life-cycle of information consumers, providers, and relay points along the way. Who creates the information? Who sends/interprets/messes it up? Who needs this information? The more you know this cycle, the better a Web publisher you’ll be. The more focused your publication, the better off you are.
  5. Just like running a “real” print magazine, you need to develop a production system and stick to it, and resist any temptations to fiddle with it. Online, the best feedback loop you have is when your reader/viewers drop you a note on email saying something doesn’t look right or a link is broken.
  6. Don’t get too enamored with the graphical look and feel of your publication: many reader/viewers will never see these efforts and they ultimately don’t matter as much as you think. While you are developing your production systems, don’t forget that many reader/viewers are running text-based browsers or turn their images off because they are coming in from dial-up connections. [Well, that has changed since 1996, but still lots of sites are filled with useless graphical junk and pop-ups that are annoying at any bandwidth.]
  7. The best Web publications make use of email as an effective marketing tool for the Web content, notifying reader/viewers when something is new on a regular basis. [This was in the days before blogs, RSS, social media, Twitter, and other notification mechanisms, all of which are great tools to complement the web.]

Overall, am I glad I am in the Web-publishing business? Yes, most definitely: it has given me a greater feel for my community, it has helped increase my understanding of the technologies involved, and I have had a great deal of fun too.

Has it been easy? Nope: Web technologies are changing so fast sometimes you can’t keep up no matter how hard you try. Setting up a Web publication will take more time and energy than you’ve planned, and keeping it fresh and alive is almost a daily responsibility. You need lots of skills: programming, publishing, library science, graphic design, and on top of this a good dose of understanding the nature and structure and culture of the Internet helps too. And a sense of humor and a thick skin come in handy from time to time too.

Lessons learned from the potato salad guy

ps2I am sure by now you have heard about the Kickstarter project from Zack Brown where he promises to make potato salad. In a bowl. In his kitchen. That’s the project. For this he raised more than $55,000 from nearly seven thousand backers from all over the world, including more than 20 “platinum” sponsors.

The project became big potatoes — it was the fourth most-viewed page on Kickstarter, right behind the Veronica Mars movie and the Pebble watch, with more than four million views. Many of the contributions were small — backers averaged $8 per pledge, compared with a Kickstarter-wide average of $78. Maybe because it was something so goofy, or so simple (the project didn’t have a video intro), or just because it was so incredible. When I was interviewed about crowdfunding for our local TV station a few weeks ago, I mentioned his project on the air.

Brown’s potatoes became a big deal, he got thousands of media mentions that just fed his project even further. What started out as a big joke turned into a serious effort, and now he is talking about starting a foundation and building a humor-oriented website. And Columbus, Ohio, where he is based, is holding a street festival called PotatoStock that will feature food, music, and fun. I would call it a hash bash.

So what can we learn from this meme? Here are a few suggestions.

  • If you want to make something to share with others, maybe you just need ten or 20 or 50 people to get your idea off the ground. That is from one of the conclusions from Kickstarter central, and I think it is a good one. Brown’s original goal was to raise $60, and he quickly passed that.
  • Hyperlocal is best. The Internet is great for spreading the word, surely and he got funds from all over. But Brown’s project picked up a lot of backers from the Columbus area, which is one of his reasons for holding the PotatoStock event. The project is still about one man, one kitchen and his condiments.
  • Sometimes you don’t need that next Big Idea. While there certainly have been some fascinating crowdfunded projects, the simple ideas also have their place. Yes, it would be one thing if Brown was going to take his 55 large and head off to Tahiti, or wherever. But he seems humbled by the experience. Perhaps his foundation can pay it forward and nourish another idea, or add some additional humor into our lives.
  • Humor helps. Under the risks section, Brown is very forthcoming: “It might not be that good. It’s my first potato salad.” His update videos are hilarious, and others have used humor to describe his efforts, all in a goodhearted way. We are surrounded by too much gloom and doom that having some humor helps.

Pros and Cons of Responsive Design vs. Developing Mobile Apps

In my last post last month about designing your store’s websites, I mentioned that you should provide something unique for your store’s mobile app or else just enhance the overall general website itself. This point bears some further discussion as to when should you choose between the two approaches. It isn’t cut and dried, as I found out after examining dozens of different chain restaurants’ sites and mobile apps for a report that I co-wrote last month.

Most modern websites should implement responsive design techniques today. This means that they can automatically adjust how they place content in the browser window, and move column sizes and illustrations around as the window gets smaller for dealing with mobile devices, or larger for desktop screens. If you don’t know anything about this concept, I suggest reading up here. Nick Pettit, who wrote that blog entry for Treehouse Island, says, “Screen sizes and resolutions [are] widening every day, and creating a different version of a website that targets each individual device is not a practical way forward. This is the problem that responsive web design addresses head on.”

Here are two compelling reasons to choose to develop a specialized mobile app:

  • One is that your general website still uses Flash, and you don’t want to redo it. As you know, all iOS devices don’t do Flash, so they won’t be able to manipulate your content. Of course, that Flash-based site is getting pretty long in the tooth, so you might want to schedule when you are going to update your code and get rid of it once and for all. You know it is just a matter of time. I still come across numerous Flash-based sites that are just frustrating and want to make me toss my tablet across the table.
  • You can concentrate on features that mobile users need most, such as store locators or hours of operation. Or test market something new that isn’t on your general site and see if it is worth adding for all visitors. This is what Starbucks does for its mobile app, which is packed with features such as offers for free music tracks and the ability to pay for your drinks (which is hard to implement on a general website).

And here are two reasons to make your site more responsive:

  • You don’t have to maintain two different code bases, and can add features that will instantly benefit all of your visitors. This is by far the biggest advantage of using responsive design, and also has the added benefit that you don’t have to worry about image placement, column widths and other things that date back to the Cretaceous Period of the Web (say, 1996).
  • Your site will appear more attractive to more visitors, and become more engaging too. There is something just more snappy and clean about responsive design and how the text flows around the windows and images that just make it more appealing, at least IMHO.

Obviously, it is a balancing act between mobile-first and responsive design, but perhaps your situation will gravitate towards one or the other method. The important thing to keep in mind is what is the app or the site trying to communicate, and how can you be the most effective?

Want to learn more about what I found in my restaurant research of what the top chains are doing with their digital strategies? You can download a portion of our executive summary of the report here.

The well-connected restaurant

Screen-Shot-2013-01-22-at-11.24.00-PM-1024x709You can’t download your dinner, but you will order food, pay checks, and do much more with your smartphone. That is one of the conclusions of a paid custom report that Ira Brodsky and I have published this week called Good Food and Drink and Connected Technology, 2014-2019.

The days when restaurants could rely exclusively on good food, an enjoyable ambiance and word-of-mouth advertising are quickly coming to an end. More and more restaurants are discovering that they must become better connected and use various consumer-facing technologies such as websites, social media networks and mobile apps to get a leg up on their competitors.

In our report, we looked at the largest of the national restaurant chains and analyzed their behavior, social media usage, and evaluated their digital strategies and implementations and found several trends, including:

  1. Consumer-facing connected technology is taking off in the restaurant chain business. Revenue from online ordering, digital gift and loyalty cards, and mobile payments will soar to $90 billion by 2019. No retailer can afford to ignore this trend.
  2. Our report shows how restaurant chains can improve the information content, functionality, and overall quality of their websites. For instance, restaurants who employ responsive web designs can enable access from a wide variety of devices. However, restaurant chains must never lose sight of the fact that the best measure of their website is how well it promotes their food and dining experiences.
  3. Social media is a powerful new channel for interactive advertising and market research. Our report explains how restaurant chains can achieve greater success by better allocating social media resources, monitoring how people respond, and fine-tuning their social media programs.
  4. Most restaurant chain mobile apps don’t work reliably and merely duplicate information and features found on the restaurants’ websites. Our report points the way to mobile apps that are better designed, tested, and maintained.

There are lots of other conclusions in our report, You can download a portion of our executive summary and view the entire table of contents, as well as browse a table of the leading restaurant VARs and SI vendors from the report’s website here. The report is available for purchase, too.

Here are some links to other restaurant-related tech that I have been writing about for various outlets. First are a series of stories for the site Solution Providers For Retail here, including analysis of social media usage, how Chili’s is using table-side tablets and mobile apps. And there is this piece on Restaurant Technology on loyalty programs.

The changing labor relations laws of workplace social networking

photo
I saw this post not too long ago come across my Facebook feed: “The best part about being over 40 is that we did our stupid stuff before the Internet.”

It is very true. But what is interesting is how our legal system is adjusting to people that want to find all this “stupid stuff” of those under 40, especially as it relates to their on-the-job performance.

Has this happened to you lately? You are interviewing for a job and things are going well. The interviewer asks you about any social media postings that you want to tell them about. You think to yourself, “thank goodness I was smart enough to have tightened all my privacy controls. There is no way that anyone can view any of my questionable pictures who isn’t part of my network.” As you are mulling over a response, the interviewer turns her laptop around to face you and ask you to login to your Facebook account. What do you do now? Gulp.

Well, it depends on what state you live in and what kind of privacy laws they have passed. A dozen states have laws restricting employer access to personal social media accounts of both potential job applicants as well as their employees. These laws try to restrict how an employer can ask for login credentials or have you login to your account in their presence or grant access to information that isn’t in a public online search. Similar legislation is pending in at least another 28 states, and Congress might even get into the act too. The National Conference of State Legislatures is keeping track here. They say:

Some employers argue that access to personal accounts is needed to protect proprietary information or trade secrets, to comply with federal financial regulations, or to prevent the employer from being exposed to legal liabilities. But others consider requiring access to personal accounts an invasion of employee privacy.

The legislation in some states extends to students at public colleges too. The laws restrict employers from requiring employees to friend a supervisor or even adjust their privacy settings on their account. Double gulp!

As you can imagine, the state laws vary in what activities are prohibited and what aren’t. “However, while state laws differ significantly, the general message is clear: employers must evaluate their current practices and policies to ensure compliance with these law,” says a recent article in Socially Aware, a newsletter from the legal firm of Morrison Foerster.

The newsletter article goes on to discuss several other aspects of the legislation, including what happens during workplace investigations of suspected wrongdoings or employee misconduct. To say that this is a legal minefield is an understatement. Clearly, if you haven’t implemented social media guidelines yet in your workplace, now would be a good time. You might also enjoy reading a piece that I wrote for ReadWrite a few years ago about creating social media playbooks.

And you might also ask for some help from Liz Brown Bullock, who created a lot of social media policies and trained thousands of folks when she was at Dell.

Ricoh blog: Is your slow website costing you business?

Time is definitely money when it comes to the Web. In particular, the slower it takes your website to load, the less patient your visitors will be waiting, and the more often they will leave your site without buying anything. And things are only getting worse. According to a 2013 report for CIO.com, the load time for the top 2,000 retail websites (as ranked by Alexa.com) increased by 22% over the course of the previous year. Given that our attention spans are decreasing, you don’t want to be contributing to this trend.

According to surveys done by Akamai and Gomez.com, nearly half of web users expect a site to load in 2 seconds or less, and 40% of them tend to abandon a site that isn’t loading within 3 seconds. That doesn’t leave a lot of wiggle room, or time to be staring at your screen. And just adding an additional second of load time to your page results in not only 11% fewer page views and a 16% decrease in customer satisfaction, but also a 7% loss in conversions to sales. This according to an often-cited 2008 report by the Aberdeen Group. Conversely, according to Walmart Labs, if you shave off that second, both conversion rates and incremental revenues improve. They even found additional revenues in ecommerce sites that were able to reduce load times by 100 milliseconds. Think about that: this is almost too brief an interval to even measure!

While it is difficult to track causes of abandoned Web shopping carts, the total dollar figure could be somewhere around $3 billion annually. That is a lot of items being left out in cyper-limbo. Certainly, slow load times is a major contributing factor. And as more Web shoppers use their mobile phones and slower wireless network connections, this means increasing frustrations too.

So how can you speed up your website? There are lots of things to help. First, you should examine and then optimize your page coding so that it takes the least amount of time to load. There are various HTML tricks to ensure that your Web server isn’t wasting time processing your code, including cutting down on image sizes and eliminating page redirect commands.

Second, employ a site monitoring tool to keep track and get to the root causes of any delays with your site. There are dozens of tools out there, Network World reviewed six of them here last summer that are worth taking a closer look. These tools can also help you tune your app servers to minimize delays with your Web servers. Your developers should be paying attention to this, but sometimes they miss less obvious coding errors that introduce additional network latencies.

Finally, if you have an audience from a wide geographic area, make sure you look into using a Content Deliver Network or cloud acceleration services. These services cache frequently visited pages and can cut down on page load times significantly.

Time to create a minimally awesome product

If you hang around entrepreneurs long enough, you’ll hear them start talking about MVPs. The first time I heard the acronym, I was thinking baseball: most valuable player, thinking here we go again with the sports metaphors. (Put the wood behind one arrow, have our product hit a home run, etc.) But it turns out that the term means minimally viable product, or for a new company to create something that is just good enough to gain traction and customers.

It has become an abused term however. I came across a post from a VC friend of mine from Pittsburgh, Sean Ammirati. Sean and I worked together at the misbegotten ReadWriteWeb a few years ago and he ran their business operations. Now he works with a lot of startups and you can tell from his post where he explores five myths about MVPs.

His first suggestion is that minimal doesn’t mean that it is crappy. A lot of startups interpret viable to mean that you slap something together quickly. But your interface matters. “I’ve met with too many entrepreneurs over the years who mistakenly interpreted a lack of demand around a concept when it really was at least partially due to an ugly or unnecessarily complicated interface,“ Ammirati says. The cruder the product, the harder it will be to understand how people will react to it, and an entrepreneur could be getting lots of wrong information because users are responding to the crude pieces, rather than the overall vision and what the product will ultimately supposed to be doing.

Next, the MVP is not a destination, and entrepreneurs have to remember that any product or service is more about the process of refinement. What is viable today may be obsolete tomorrow. Ideally, he says, “you end up having multiple iterations that test different core assumptions about your business based on different customer interactions” and refine and adjust dynamically to this feedback.

Don’t be afraid to take the actual “product” out of the equation, and look more closely at an actual idea. Ammirati suggests a simple sketch can do wonders here – remember the famous Compaq napkin idea for a luggable PC?

Don’t always swing for the fences (sorry) and try to come up with an idea that will appeal to millions of users. Far better is to examine the overall user experience, responsiveness and what you can learn and how you can validate your initial hypotheses.

Finally, built lots of landing pages to test various hypotheses and see what is gaining traction. “ If you aren’t a designer and don’t have a designer on your team, you are crazy not to spend the $300 with DesignPax or a similar service to ensure the landing page isn’t so ugly that it affects the conversion rate,” he says. Startup guru Eric Ries calls this the “Adwords Smoke Test” and it is a good concept.

Ammirati has come up with “minimally awesome product” as a replacement for the MVP acronym, and I think it is a dandy term.

Are you paying yourself too much?

As we get into the holidays, I want to ask all of your startup CEOs this question. Could you be paying yourself too much, and risk losing your business eventually? No, this isn’t coming from my Scrooge side, but some practical thinking.

Last week, a Sili Valley startup (Yet Another Social Media Posting Tool) posted, in the name of complete transparency, their entire staff salary schedule, from the lowliest workers on up to the CEO, who is getting nearly $160k. While people weighed in on whether or not this is Yet Another GenY Oversharing, what got me going on this particular screed was what the CEO was paying himself. It should be about a third of his current draw.

CEOs should be working for peanuts. Yes, they have bills to pay, but if they are in the startup scene to make money, they should stick with a salaried position at a more established company. When you go into startup mode, you want to be building a company, and you do that with offering equity and a longer-term payouts. Offer more money, and chances are good that your venture will fail because you will be burning through your cash pile. I asked a friend of mine, a tech startup CEO, for his opinion, and he told me: “I personally don’t believe in the CEO of a startup having the highest cash salary. If CEOs believe the story that they are telling investors then should be taking as much as they can in stock. If they are concerned about the cash portion of their paycheck they should be seeking employment elsewhere.” Take a look a this poll taken last year of startup CEO salaries.

And lest you think this is just for startups, the CEOs of Facebook, Oracle, Google, Yelp and HP all had $1 salaries in the past year — granted, they all made megamillions on bonuses and other incentives, but still something to think about.

And while it is admirable that this one startup wants to be so transparent, they could be hurting themselves in the long run. Again from my friend the tech startup CEO: “I would never publicly disclose my company’s compensation model. Doing so provides your competition better insight into how you think and how to compete against you. It also gives potential employees a baseline by which to start negotiations” when they start thinking about going elsewhere.” He and I both think that experience is a poor metric to be used in setting higher salaries. What should matter is results, and what each staffer produces, or how the market will respond to having a rockstar on your team.

Happy holidays and hope you all have a great break and a wonderful new year’s.