Librarians of note

There have been two interesting appointments (or proposed appointments) in the world of librarians recently, one at the Library of Congress and one at the University of Virginia. Interestingly, both appointments revolve around the transformation of libraries from physical to digital.

First, UVA’s selection of John Unsworth as the next University Librarian and Dean of Libraries (UVA Today, Cavalier Daily). Unsworth’s selection makes sense on a number of levels. Back when I was an undergraduate, he was a founder of digital library sciences and the use of digital technologies in research at UVa with the Institute for Advanced Technology in the Humanities. More recently, as the dean of libraries at Brandeis he oversaw a large library system. Interestingly, from the CD article, it seems he’s stepping into a student-led debate over the role of libraries and the transition from physical to digital, with students protesting the sending of books from the stacks to long-term storage. I can’t think of too many other people I’d like to have thinking through the considerations in that debate.

Second, President Obama’s nominee for Librarian of Congress, Carla D. Hayden, got her Senate hearing yesterday (New York Times, Washington Post). As expected, the nominee’s bona fides as both a librarian and her capabilities in extending libraries into the digital future went unchallenged by the committee, though the relationship of the Copyright Office to the LOC was raised as a possible issue. Her smooth hearing was a nice update to her previous history in 2004 with the federal government, when in her role as head of the ALA she went toe to toe with then-Attorney General John Ashcroft over the library records provision in Section 215 of the PATRIOT Act. In fact, aside from the usual partisan carping in right wing blog circles, there seems to be remarkably little argument with the position that Dr. Hayden is precisely the right candidate for the job.

Why do issues of digital literacy and concerns about transitioning to digital humanities figure so largely in both these selections? I’d argue that they are the right questions for all libraries and other professions which rely on data, which these days includes just about … everyone.

Never too late to have a happy childhood

Live action Pac-Man
Photo courtesy Chris Eng

It seems I’m falling into a pattern where at least one day a week, I will end up posting for two days worth of material. This is one of those days. At least I have a good excuse for not posting. It was Veracode’s Hackathon IX this week, and that means craziness.

Monday’s activity? Live-action Pac-Man. What you can’t see from the photos is that there is actually a player. Pac-Man was wearing an iPhone on his chest, connected to Webex, with the camera turned on and headphones in his ears. Someone connected to a WebEx gave instructions to Pac-Man on how to move through the maze.

The ghosts all had simple rules of how to move just like in a real video game. So the whole effect was very much like feeding quarters to Pac-Man machines as a 12-year-old. But it gave me a new appreciation for the life of the ghost—all left turns and no free will. It got, frankly, boring after a while… until random turns brought me in contact with Pac-Man.

It all reminded me of this:

naw…it's not that

RIP Andy Grove

Andy Grove, courtesy Esquire
Andy Grove, courtesy Esquire

CNN: Andy Grove, former Intel CEO and personal computing pioneer, dead at 79. It’s worth taking a second this morning to think about why we remember what Andy Grove did when other pioneers of silicon are mostly forgotten.

Motorola, Texas Instruments and others built chips. Andy built an ecosystem.

While Wintel may rightly be regarded as an example of a noxious monoculture, mostly because of the Windows side of the equation, Andy recognized the potential for personal computers and ensured that they would run on his chips. And he recognized that Wintel was only one ecosystem that could have been built with Intel as its foundation—witness his convincing Steve Jobs to shift the architecture of Macs away from PowerPC to Intel chips in 2006.

I had an opportunity during the 2001 MIT Sloan Tech Trek to meet Andy. He spoke with a bunch of MBA students for a few minutes, and took questions. He struck me as a long thinker, so I asked him a long thought question: how long could Moore’s Law continue to hold before the physics of small matter caused it to bottom out? He was airy as he said it was a “20 year problem.” And he was right: he knew that there was plenty of room to continue innovating on the silicon. He didn’t say it, but I suppose he was more focused on the business of the ecosystem; even then you could read the writing on the wall that the antitrust suit, a resurgent Apple, and mobile computing were about to take the wind out of Microsoft’s sails.

I don’t know that I’ll ever get to talk to a more brilliant man (not counting Bill Gates, but I never got a chance to ask him any questions as an intern). Rest in peace.

“Has a Bacon number of 3”

I added a line to my Twitter bio recently that probably bears some explanation. Here’s my current bio:

Grammy Award winning product guy for Veracode, building the most powerful application security platform in the world. Has a Bacon Number of 3.

Most of this is self explanatory, as I’ve written about the Grammy and my employer before. But what the heck is a Bacon number?

Turns out, it’s an established measurement of celebrity that even has a (portion of) a Wikipedia article about it. The “Bacon number” of an individual is the number of degrees of separation he or she has from Kevin Bacon, where a degree of separation is usually understood as “has worked with.” You can use the Oracle of Bacon, online at the University of Virginia since the mid-1990s, to determine an individual’s Bacon number.

As for mine: I can justify it two ways. One is via former Boston Symphony Orchestra music director James Levine, with whom I share a few recording credits (including the Grammy), and who has a Bacon number of 2.

The second, and funnier, one is via the Soup Nazi, the Seinfeld character created by Larry Thomas. Larry Thomas has a Bacon number of 2, also, and he and I shared billing in Veracode’s trade show booth at RSA in 2013, when I spoke in the booth about application security. So there you go.

The author with Larry Thomas, Seinfeld's Soup Nazi, in 2013.
The author with Larry Thomas, Seinfeld’s Soup Nazi, in 2013.

Flickr catch up

Snowstorm sunset

Back in the day before Facebook, we had to have multiple services for posts and pictures. I ultimately became a Flickr customer, but not without some wringing of hands about putting my photos in the service of another company.

These days, that concern seems incredibly naïve, considering how much of my writing and photography is currently behind locked walls at Facebook. Part of what I’m going to do with this new daily writing project is liberate some of the more interesting stuff that I’ve put into their walled garden and make it available on my blog, and on Flickr. I still have concerns about Flickr (especially in these days of angst for Yahoo, its parent), but it’s the best photo hosting service, hands down.

I just posted 20 new photos to my photostream, starting here. Go check them out!

Lonely hill: Apple’s stand on encryption

Rich Mogull of Securosis writing in TidBITS: Why Apple Defends Encryption. Great article summarizing the forces that drive Apple’s defense of encryption and resistance to introduction of a back door (briefly: their business model does not rely on compromising privacy, they understand that there is no such thing as a back door that cannot also be used by attackers, and it may be a personal issue for Tim Cook).

Rich’s analysis, which I agree with, aligns with another recently published article about the disparity in ranged weapons adoption in Europe in the Middle Ages. The question: why did it take the French and Scots nearly a century to adopt the cheaper, easier, and more effective longbow, instead continuing to rely on the more challenging crossbow? Answer: precisely because those technologies were cheaper and easier to adopt, they were blocked by the rulers of less politically stable states, who feared arming citizens with the weapon might lead to revolution. Only in more politically stable England was the longbow adopted.

There’s a clear analogy between restricting access to longbows and the current state desire to insert backdoors into consumer encrypted communications. What’s striking is the political difference in who’s doing the restrictions on crypto technology. It’s not just failed or unstable states (though there are plenty of those who seek to circumvent crypto), but also major global powers like the United States and India. I’m not sure whether that says more about the threat posed by crypto, or about the United States.

On the legality of peeping Toms

Boing Boing: Free Stanford course on surveillance law. Now I know what I’ll be doing in my spare time this month, and you should too. 

At last month’s inaugural Black Hat Executive Summit, I learned a few things that surprised me about how existing US law applies to “cyber,” and I expect to continue to be surprised by this course. Probably unpleasantly, but who knows?

Ten years ago (soon): BloggerCon

Dave reminds us that it’s almost ten years to the day since the first BloggerCon. I was highly invested in blogging at that juncture of my life, having tried and largely failed to figure out where I fit inside Microsoft, and so I managed to combine a recruiting trip back East and attendance at the first day of BloggerCon.

I liveblogged much of what I saw of the day. I’m sure most of it is redundant with the other coverage, but in retrospect it’s interesting to read through the coverage and see how much of it was on target, or just off-target. I think the biggest bit that surprises me is the collective failure to imagine that blogging, per se, was just one manifestation of a million ways for individuals to share ideas and feelings with the world, or that most people would be most interested just in sharing those ideas and feelings with a few friends and family.

On being on the Business Blogs list on

For about the past week, my blog has been linked from the Business page of Which is odd, because this isn’t really a business blog. Sometimes I write about technology strategy, occasionally about marketing; frequently about product management. But you’re just as likely to find posts about music, or turning 40, or the history of a 140-year-old singing group here.

So in the interests of truth in advertising: if you want all business writing all the time, better check somewhere else. If you don’t mind coming in on the middle of nine years of my writing about things that catch my attention: welcome.

Watch out, Rudolph

We haven’t taken down our Christmas tree yet. Sometimes I fantasize about just sticking the whole thing away, decorations and all, and hauling it out next year ready to go. But these guys did one better: they launched it. On 32 model rocket boosters (Estes D boosters, to be exact). Watch:

(Okay, it’s not really a tree, but who cares? It’s still one of the funniest things I’ve seen in a long time.)

Merry Christmas from Google: Cavalier Daily in Google News

A nice Christmas present from the Googlemind: if not a complete run, then a pretty good sampling of the full archives of the Cavalier Daily and its predecessor College Topics, the long standing student newspaper of the University of Virginia.

The boon to a researcher of the University (or the Virginia Glee Club) cannot be overestimated. Just in a few minutes I found:

If Google News’s presentation of archival newspapers leaves something to be desired (I find it much more difficult to manage searching through a single issue than with the UVA library’s search interface), there is still a real treasure trove here, and not just on the Glee Club but on just about ever other topic.

LongURL Mobile Expander slows me down

A reminder that addons, extensions, and other bolt-on software capabilities aren’t free:

It was a maddening bug. On my machine, and mine alone, our web based application slowed to a crawl when I chose a particular option. No one else could recreate the bug.

As I was showing the bug to the developer, we had a hunch, checked my add-ons, and turned off about half of them. The problem went away. Now I had a hunch about where the problem was. I turned on all the add-ons except LongURL Mobile Expander. The web application was working properly again, and I had my culprit.

I’m not a JavaScript developer so I’m not sure, even looking at the source code, why there was a problem. I wonder whether the issue was the fetch of the list of supported services, which seems to happen on every onload() event — possibly on our Ajaxy web app, the lookup was firing more than once per page? (Update: No See below.) All I know is that it’s turned off for good for me.

It’s kind of a shame, because LongURL performed a useful function: with it installed, when you hover over a link to, or one of the other URL shortening services, it looks up the link and shows you the destination in a tooltip–so you can tell if you’re going to get RickRolled, essentially. Useful, but not at the cost.

Update: the developer who looked at the issue with me does speak JavaScript, and he says the issue is not the fetching of supported services (happens once, then cached). Instead, the real issue is that the script re-parses the web page’s document object model each time a new node is added. This is what just about every AJAX app does all the time, which explains why the problem is only visible on apps like ours–or Facebook, as one rater of the add-on points out.

Web-wide citations?

I recently started a new wiki project, which I’ll discuss in more detail later. Like the Brackbill Wiki, this one is based on the same software that powers Wikipedia, MediaWiki. It’s a powerful site building tool if you want something that’s collaboratively edited.

However, don’t assume that all the power of Wikipedia is in any other MediaWiki site. Case in point: citations. I love the citation templates on Wikipedia, together with the reference templates, because they make it drop dead simple to do professional citations, which if you’re trying to construct a reference work are kind of important.

But the citation templates that power Wikipedia aren’t in the default MediaWiki package; they’re templates that live specifically in Wikipedia’s content. And while Wikipedia’s liberal license policies allows reuse-by-copying, that means you have to keep up with bugfixes yourself. It would be one thing if it were just one template, but by my count I had to copy no fewer than 66 templates to get web and book citations, and their associated documentation pages, working. That’s nuts.

What would be nice, of course, would be to have a nice, robust markup strategy that would do proper footnote citations on any site, not just a wiki. The anchor tag is kind of the degenerate version of it–very powerful but also lacking in some of the stuff you want for a formal citation, such as the date the item was last accessed.

The death of, or why you are your own product manager

The recent flap over the impending death of reminds me of a discussion I had at the Berkman Center when I crashed one of their meetings back in 2004. The question was, do you use external services with your blog? That is, do you host your images on Flickr or a related service? Do you outsource comment management? These days, the question is do you host your own videos or do you let YouTube do it; or do you use a URL shortener.

Fundamentally, these are strategic questions like the ones that product managers face every day. The question is “Build, Buy, or Partner?” and it’s a question about how you add functionality to your product offering. In this case, the “product offering” is your public presence on the Internet–which is to say, in public, on-the-record discourse. As the question is conventionally understood, “build” means build it yourself, “buy” means acquire the functionality via some sort of purchase of rights, and “partner” means make a business arrangement where the partner delivers the functionality directly. In web development terms:

  • Build: You can build most of the functionality that people use on the web, from photo galleries to URL shorteners, yourself if you are a reasonably competent programmer.
  • Buy: You are acquiring via a license (even a free one) functionality from a third party and providing that functionality to your users. Can include purchased software or free software, whole packages or plugins.
  • Partner: You are using third party services directly–embedding photos and video from someone else’s server, using a third party URL shortener, etc.

So how do you decide to build, buy or partner? You can ask yourself the same questions that product managers everywhere ask:

  1. Do I have the capability to create this functionality?
  2. Do I want the responsibility of maintaining this functionality and adding to it over the long run?
  3. Is this functionality a core part of what I do? Do I derive some sort of competitive advantage from it?
  4. How much control over the final product do I want?
  5. Can I afford to have the content go away?

If you can do #1 but not #2, buy might be a better option than build. If the answer to #4 is “a lot”, partnering is not an appropriate option.

Let’s look at some people’s reactions to the event in this light:

Dave Winer had chosen the “partnership” model with (in the sense described above, that he is using their services and building atop them), building a lot of functionality on top of their APIs. He sees’s collapse as an argument to eliminate URL shorteners altogether, or at least to require that they provide a portability option. Portability is a way that you can escape Question #5, a safety clause if the partner goes out of business or if you don’t like what they’re doing with your content. I think that shortened-URL portability is in this analogy the equivalent of source code escrow and other safety provisions in conventional software contracts–it’s your escape hatch to make sure your personal data isn’t threatened. This is a perfectly sane request if you’re entering a real partnership relationship, where you’re adding value to the other party’s offering.

By contrast, Jeffrey Zeldman went the “buy” path, installing a WordPress URL shortening plugin to share pointers to his own content. For him, having short links to his content that work indefinitely is too important to risk having “the third-party URL shortening site [go] down or [go] out of business.”

Looking at it through the build-buy-partner lens, it’s also easy to see why WordPress has become such a dominant platform. The ability to add third-party developed plugins to add functionality provides a wide variety of options to add new functionality and allows you more options than simply blindly partnering with another organization, without any assurance that they’ll continue to support you.

Why go down this path at all? Why worry about the longevity of what are almost certainly transient services? One way to look at it is this: at the end of the day, your web presence is your product, and you are its product manager. You are responsible for the strategy that determines how the world views you. And in that light, it makes sense to borrow some strategies from product management to plan that strategy. Others use the formulation “You are your own CEO”; as your own CEO, consider that what people interact with online is not you but a product.

Stupid breakage of the day: Ubiquity and MobileMe

This morning I tried to log into MobileMe, which has mostly been working well recently, and got an unsupported browser screen telling me I needed to be running Firefox 2 or later, or Safari. Only problem was I was running Firefox 3.0.5.

I figured it was a bug in MobileMe’s browser check logic, so I used some JavaScript to check what my browser was reporting as its user agent:


It told me I was running

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2008120122 Firefox/3.0.5 Ubiquity 0.1.4

Looking at the user string, I wondered if all the addons at the end, in particular the Ubiquity one, were breaking the browser check. So I disabled Ubiquity and restarted the browser. But the user agent string still showed Ubiquity.

I had just updated to the newest Ubiquity release this morning and was starting to think that something in the add-in was causing the problem. So I uninstalled it … and the user agent string was still the same.

Now I was curious. Did it leave a setting behind that the uninstall didn’t clean up? I looked under the hood in the browser preferences at about:config and searched for Ubiquity, where I found a very interesting preference under general.useragent.extra.ubiquity. There didn’t seem to be an option to delete the key, so I simply set its value to an empty string.

Doing the browser check now reported

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2008120122 Firefox/3.0.5

And I could log into MobileMe again.


  1. Uninstalling an add-in doesn’t always totally uninstall it.
  2. You might be better off without Ubiquity.
  3. Apple needs to fix the MobileMe browser check (aka Trampoline).