Liminal states

An activism group I know is thinking about setting up a Q&A (question-and-answer) site.  What technology base should they use?

Here’s the functionality wishlist:

1. users can ask and answer questions, vote on others’ answers, and leave comments
2. multilingual and accessible
3. a pleasant and attractive user experience
4. good moderation tools
5. easy to attach tags (or categories) to questions and to browse all the questions in a category
6. people can sign in with their existing Twitter, Google, Microsoft, Yahoo, Facebook, etc. IDs
7. questions, answers, and comments are easy to tweet and look good when posted on Facebook etc.
8. there’s a way to include Twitter, Facebook, etc. responses as answers or comments
9. users can have profiles if they want but don’t have to spend any time setting them up
10. the overall look-and-feel can be customized (to match the activism campaign’s overall branding)
11. there are a few options for themes for questions, answers, profiles, and categories
12. it’s possible to integrate discussion forum and chat software [to help people as they’re learning to use the system, and to talk about ‘lessons learned’ as we’re using it]
13. secure
14. privacy-friendly (meaning a robust privacy policy if it’s hosted elsewhere)

In general, open-source software with a fairly  unrestrictive license (BSD-style) is preferable; if the GPL’ed or commercial tools for the job are better, that’s fine too.

Continue Reading »

The Q&A (question and answer site) market segment is red hot right now.  Here’s some links to complement my own posts Life imitates art imitates life, Prisms, Kool-aid, and Opportunity, and What do you think of this one-line pitch for qweries?

The overall landscape

• Choe Sang-Hung’s South Koreans Connect Through Search Engine (in the New York Times) describes how Naver’s Q&A site catapulted them to dominance in the South Korean search market.
• How do social Q&A sites monetize and scale?, with answers by Lisa Kavanaugh of Ask.com and others
• What are other Q&A sites besides Quora?, What are some sites that are similar to Quora?, and What are some private-label Q&A solutions?
• Just How Many Q&A Websites are There Out there?, Daniel Roberts, Fortune.

Quora

• Boomtown Tries to Get some Answers from Quora’s Adam D’Angelo, an interview by Kara Swisher of All Things Digital.  Kara frames Quora’s challenge as “trying to move the site well beyond its Silicon Valley-tech-dudes forum to one in which a plethora of topics and memes thrive.”
• Confessions of a Quora newbie, by Christie Ann Barakat, with a great set of references.  The comments are pretty spectacular too.
• Quora Raises Questions, David Pogue, the New York Times
• Quora Backlash Slams into Quora Backlash Backlash, MG Siegler, TechCrunch
• Quora Investor Scoffs at $1 Billion Offer Price, Nicholas Carlson, Business Insider
• Question: Does Quora do Politics?  Answer: …, Nancy Scola, Tech President
• Early Quora Design Notes, by Rebekah Cox on Artypapers, and Life without Photoshop, by Joel Lewenstein, discuss Quora’s design philosophy and process
• Quora Engineers Accused of Vandalizing Clone’s Site, Grey Review; the Hacker News discussion and comments on Quora are interesting too
• Why do some people prefer Quora to StackExchange?, on Quora
• Quora Gamifies: Credits and “Ask to Answer” Live for Everyone, Alexia Tsotsis, Techcrunch, and  Everything You Need to Know About Quora Credits, Yishan Wong (“the richest man on Quora”), Quora Review
• What is Quora currently doing to improve the diversity of its user base? (answer summary: nothing), How would Quora be different if it prioritized diversity?, and Quora diversity: a big red flag — all written by me, on Quora.

Stack Overflow

• Stack Exchange/Quora competitive positioning, Joel Spolsky, Hacker News
• Forget Quora, Stack Overflow is Killing It, by Adrianne Jeffries, The New York Observer.
• Stack Overflow Architecture Update, by Todd Hoff in High Scalability
• Blekko Partners with Stack Overflow to Improve Search Results, Matt McGee, Search Engine Land
• Series A funding announcement and chat Q&A

Ask.com

• Are Quora and new Ask competitors?, with an answer by Doug Leeds of Ask.
• Ask.com Rediscovers Its Roots as a Question & Answer Site—Powered by People This Time, Wade Roush, XConomy
• Why Do People Answer Questions on Q&A Sites? Ask.com Users Speak Up, Wade Roush, XConomy

And …

• 1.8 Billion Questions Later, ChaCha Has Evolved Past Text Message Roots, Sarah Kessler, Mashable
• What’s the difference between Quora and Focus?, with an answer by Scott Albro of Focus
• Federated Fluther Lets Third Parties Integrate Q&A With A Few Lines Of Code, Jason Kincaid, TechCrunch
• Which Q&A Sites Are Best for Business?, Angela West, PCWorld
• What are some Q&A sites in Spanish?
• Quora Competitor Opinionaided Raises $1 Million in Funding for Mobile App, Devon Glen, Web Newser.
• Crowdbeacon: When Quora Meets Yelp, Paloma Vasquez, PSFK.
• Q&A Platform LawPivot Raises $1M; Launches Legal Services Marketplace, Leena Rao, TechCrunch.
• Doctors and lawyers get gamified on Avvo, but will they play along?, John Cook , GeekWire.
• The Race to Build a Page Rank for the Social Web Continues, Mathew Ingram, GigaOm
• Quora for the Enterprise: Two Contenders, Klint Finley, Read Write Enterprise
• Quora for Startups: Sprouter Pivots to Focus on Q&A for Entrepreneurs, Audrey Watters, Read Write Web.
• Le réseau d’entrepreneurs Sprouter se repositionne pour faire face à Quora, Roxanne Varza, TechCrunch France.
• Seattle’s Questionland builds Q&A community around popular alt.weekly The Stranger, Paul Boutin, VentureBeat

Ya can’t make stuff like this up.  From Ginny Mies at PC World:

Picture this: You’re gearing up to create a killer playlist on your 30GB Zune for your annual New Year’s bash. All of a sudden, your Zune locks up, reboots itself, and freezes. What the heck is going on?

Fox News picks up the story:

Later in the day, Microsoft finally figured it out. While writing some of the driver software, the world’s biggest software company had forgotten to compensate for leap years.

The solution? Wait 24 hours until Jan. 1.

As Joseph Flatley says on Engadget, let’s hope they get it right by 2012.

But wait, there’s more:

Even then, there may be a pesky digital-rights-management issue.

“If you’re a Zune Pass subscriber,” the posting continues, “you may need to sync your device with your PC to refresh the rights to the subscription content you have downloaded to your device.”

The Microsoft posting promised a fix by the end of the next leap year in December 2012.

Looks like they’re on top of it.

Happy software quality/DRM new year!

also posted on Pam’s House Blend.
for a good time, compare and contrast
how Soapblox (there) and WordPress (here)
display the URLs in the quotes 🙂

As a “grand old man” of the software engineering field of defect detection, I sometimes take it personally when I run into bugs or usability problems.  My IM friends are never surprised when I switch from a conversation on another topic to a rant about how it doesn’t need to be that way and running commentary about my search for a workaround while lamenting that so few companies — or open-source projects — bother to go for the rather-obvious competitive advantage of making software that works reliably and well.  It usually ends in comments in something like

jon: doesn’t look like there’s any way to get around it.  i hate software

friend: lol.  looks like you picked the wrong profession then

Ha ha.

Continue Reading »

In RSA: “It feels like something’s missing” earlier this week, I mentioned that I found myself wondering whether what I was seeing at the show responded to security problems as experienced by users. Coincidentally enough, when I checked Slashdot today there were several of interesting security-related threads. So while it’s far from a statistically-valid sample, it’s still agreat chance to ask: is the industry successfully addressing these kinds of problems?

Let’s start with Oklahoma Leaks 10,000 Social Security Numbers, which is by far the most serious single issue:

“By putting SQL queries in the URLs, they not only leaked the personal data of tens of thousands of people, but enabled literally anyone with basic SQL knowledge to put his neighbor/boss/enemies on the sexual offender list.”

Continue Reading »

A continuation of RSA: “It feels like something’s missing”

RSA’s a tough show for static analysis companies, but several were there. Ounce had the largest booth and an excellent message (“listen to your code”); Veracode, Armorize, and Fortify had smaller presence. However, I didn’t actually spend much time at the booths or looking at the details of any specific technology, instead talking with various folks I ran into about the strategic possibilities.

Continue Reading »

Fourteen years ago today was my last day at Digital Equipment Corporation before leaving to work on the technology today became PREfix and the company I started with a few friends that became Intrinsa, so it seems especially appropriate to post about this today …

I’m delighted to announce that I’m starting a part-time strategy consulting gig working with San Francisco-based software engineering startup Coverity. My initial focus will be exploring possibilities in the security space, and I’ll be using techniques like community-driven strategy and design, asset-based thinking, and social network analysis. So it’s a very natural followup to each of my last three professional incarnations: static analysis architect, computer security researcher, and grassroots strategist.

Continue Reading »

The Economist’s Technology Quarterly has an excellent article on Software bugtraps: software that makes software better. This is something of a followup to an article they did a few years ago; most people quoted think that the situation is improving, although of course as Capers Jones points out it depends on your metrics. And why the improvement?

According to … the chairman of the Standish Group, most of this improvement is the result of better project management, including the use of new tools and techniques that help programmers work together. Indeed, there are those who argue that computer science is really a social science. Jonathan Pincus, an expert on software reliability who recently left Microsoft Research* to become an independent consultant, has observed that “the key issues [in programming] relate to people and the way they communicate and organise themselves.”

Indeed, I have argued that — in keynote talks Analysis is necessary but not sufficient at ISSTA 2000 and Steering the pyramids at ICSM 2002, and then more explicitly in the “BillG thinkweek paper” Computer science is really a social science (draft) from early 2005 and my 2006 Data Devolution keynote with Sarah Blankinship applying this lens to computer security.

Continue Reading »

Over on Tales from the Net, I’ve been discussing Kevin Poulsen’s articles about a MySpace security bug that allowed access to photos in profiles that had been marked as “private”. It had been well known for months, but MySpace didn’t fix it until the day after Kevin’s first article. In the interim, somebody wrote an automated script to download photos, and released 500,000 of them on the BitTorrent p2p network.

Since it’s social network-related, I posted about over there, but it’s on topic here as well, so I figured I’d mention it …

Boeing just announced another delay for the 787, its second or third so far depending on who you believe, so I wanted to go back to a story Kim Zetter reported a few weeks ago on the Wired Threat Level blog:

Boeing’s new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane’s control systems, according to the U.S. Federal Aviation Administration.

The computer network in the Dreamliner’s passenger compartment, designed to give passengers in-flight internet access, is connected to the plane’s control, navigation and communication systems, an FAA report reveals.

Wow. This is a really basic mistake — and a great example of the kinds of risks we discuss in the National Academies/CSTB report Software for Dependable Systems: Sufficient Evidence? Of course one of the excellent things about the avionics certification process is that the FAA does an analysis of the “special conditions” for new designs and publishes its findings (in the Federal Register, no less; a good example of the transparency we call for). According to Kim’s article, they’ll deny certification to the 787 until this is fixed – and well they should.

Continue Reading »