Thursday, July 30, 2009

InfoQ: .NET 4 Beta 1 Now Supports Software Transactional Memory

Shared by Madhu


STM is an alternative mechanism to lock-based synchronization used to control the concurrent access to shared memory.
Software Transactional Memory (STM.NET) is a mechanism for efficient isolation of shared state. The programmer demarcates a region of code as operating within a transaction that is “atomic” and “isolated” from other transacted code running concurrently.
The goal is to be able to exploit concurrency by using components written by experts and consumed by application programmers who can then compose together these components using STM.

Microsoft has released a new version of .NET 4.0 Beta 1, one that incorporates STM.NET, the Software Transactional Memory. STM is an alternative mechanism to lock-based synchronization used to control the concurrent access to shared memory.

Wednesday, July 29, 2009

YouTube Biz Blog: YouTube myth busting

YouTube myth busting

Monday, July 20, 2009 8:36 AM

One of our favorite shows at YouTube is MythBusters, the Discovery Channel's popular science program in which hosts Jamie and Adam bravely attempt to debunk urban legends. For those of us who thought you could jump start a car with a defibrillator, we consider this show a public service.

Even though we're not drafting big rigs, or getting shot by 20,000 paintballs, we like to do a little myth busting as well. Too often, stories dredge up issues about YouTube products, metrics, or the state of our business that we thought were settled a long time ago. So while we can't tell you which kind of Mentos are better for blowing up Diet Cokes, we can debunk the top five myths about YouTube we repeatedly see:

Myth 1: YouTube is limited to short-form user-generated content. We have thousands of premium content partners, from Sony to Disney to Universal Music, and fans can find hundreds of full-length feature films and thousands of full-length TV episodes on YouTube. The world premiere of Joy Luck Club director Wayne Wang's film, "The Princess of Nebraska," was viewed 165,000+ times during the first 48 hours -- the equivalent of landing the 15th spot on Hollywood box office charts.

Myth 2: YouTube videos are grainy and of poor quality. It was only eight months ago that we launched HD videos on YouTube, and we already have more HD videos than any other video site. Hundreds of thousands of HD videos are uploaded to the site every month, and tens of millions are viewed every day. Earlier this year, CNET's WebWare called YouTube the best HD video service on the web.

Myth 3: Traffic, growth, and uploads are bad for YouTube's bottom line. There's been a lot of speculation lately about how much it costs to run YouTube. With revenue estimates ranging from $120 million to $500 million, and costs on an equally large spectrum, it seems people can pick any number to fit any theory they have about our business. The truth is that all our infrastructure is built from scratch, which means models that use standard industry pricing are too high
when it comes to bandwidth and similar costs. We are at a point where growth is definitely good for our bottom line, not bad.

Myth 4: Advertisers are afraid of YouTube. Over 70% of Ad Age Top 100 marketers ran campaigns on YouTube in 2008. They're buying our home page, Promoted Videos, overlays, and in-stream ads. Many are organizing contests that encourage the uploading of user videos to their brand channels, or running advertising exclusively on popular user partner content (see Carl's Jr.). Advertisers just want control, so we're continuing to develop tools and targeting products that give advertisers more control over where their ads appear on the site. We'll announce more on that front soon.

Myth 5: YouTube is only monetizing 3-5% of the site. This oft-cited statistic is old and wrong, and continues to raise much speculation. In our view, the percentage is far less important than the total number of monetized views, and we are now helping partners generate revenue from hundreds of millions of video views in the U.S. every week (and billions worldwide), more than any other video site has total views. Monetized views have more than tripled in the past year, as we're adding partner content very quickly and doing a better job of promoting their videos across the site.

These myths are officially busted.


187 – An unequal relationship?

Shared by Sumukh


lol.. worth a repost

Comic

So you see Mr Judge sir, the reason I created that fake account in a girl’s name was SOLELY to make this comic, nothing else.



43 weird things said in job interviews - CNN.com

"I'm not wanted in this state."

"How many young women work here?"

"I didn't steal it; I just borrowed it."

"You touch somebody and they call it sexual harassment!"

"I've never heard such a stupid question."

Believe it or not, the above statements weren't overhead in bars or random conversations -- they were said in job interviews. Video Watch man sing his resume to get an interview »

Maybe you were nervous, you thought the employer would appreciate your honesty, or maybe you just have no boundaries. Whatever the reason, you can be certain that you shouldn't tell an interviewer that it's probably best if they don't do a background check on you. (And yes, the hiring manager remembered you said that.)

We asked hiring managers to share the craziest things they've heard from applicants in an interview. Some are laugh-out-loud hysterical, others are jaw dropping -- the majority are both. To be sure, they will relieve anyone who has ever said something unfortunate at a job interview -- and simply amuse the rest of you.

Hiring managers shared these 43 memorable interview responses:

Why did you leave your last job?

"I have a problem with authority." - Carrie Rocha, COO of HousingLink

Tell us about a problem you had with a co-worker and how you resolved it

"The resolution was we were both fired."- Jason Shindler, CEO, Curvine Web Solutions

What kind of computer software have you used?

"Computers? Are those the black boxes that sit on the floor next to the desks? My boss has one of those. He uses it. I don't have one. He just gives me my schedule and I follow it." - Greg Szymanski, director of human resources, Geonerco Management, Inc

What are your hobbies and interests?

"[He said] 'Well, as you can see, I'm a young, virile man and I'm single -- if you ladies know what I'm saying.' Then he looked at one of the fair-haired board members and said, 'I particularly like blondes.'" - Petri R.J. Darby, president, darbyDarnit Public Relations

Why should we hire you?

"I would be a great asset to the events team because I party all the time." - Bill McGowan, founder, Clarity Media Group

Do you have any questions?

"If you were a fruit, what fruit would you be?" - Megan Garnett, Articulate Leadership Team, Articulate Communications Inc.

"What do you want me to do if I cannot walk to work if it's raining? Can you pick me up?" - Christine Pechstein, career coach

"I was a Chamber of Commerce Executive once hiring a secretary. [The candidate asked] 'What does a Chamber of Commerce do?'" - Mary Kurek, Mary Kurek, Inc. Visibility Consulting

"Can we wrap this up fairly quickly? I have someplace I have to go." - Bruce Campbell, vice president of marketing, Clare Computer Solutions

"What is your company's policy on Monday absences?" - Campbell

"If this doesn't work out can I call you to go out sometime?" - Christine Bolzan, founder of Graduate Career Coaching

"How big do the bonuses really get once you make associate? I hear it's some serious cash." - Bolzan

"[The candidate asked,] 'Can my dad call you to talk about the job and the training program? He is really upset I'm not going to medical school and wants someone to explain the Wall Street path to him.' The dad did call. Then that dad's friends called and I ended up doing a conference call with a group of concerned parents ... long story." - Bolzan

"If I get an offer, how long do I have before I have to take the drug test?" - Bolzan

"When you do background checks on candidates, do things like public drunkenness arrests come up?" - Bolzan

"Can I get a tour of the breast pumping room? I heard you have a great one here and while I don't plan on having children for at least 10 or 12 years, I will definitely breast feed and would want to use that room."- Bolzan

"So, how much do they pay you for doing these interviews?" -- Jodi R.R. Smith, Mannersmith Etiquette Consulting

Why are you leaving your current job?

"Because I (expletive) my pants every time I enter the building." - Abbe Mortimore, Human Resources Manager, True Textiles, Inc.

"I was fired from my last job because they were forcing me to attend anger management classes." - Smith

Why are you looking for a job?

"Cigarettes are getting more expensive, so I need another job." - Pechstein

"My parents told me I need to get a job so that is why I'm here." - McGowan

Why do you want to work for us?

"Just for the benefits." - Jennifer Juergens, JJ Communications

"My old boss didn't like me, so one day, I just left and never came back. And here I am!" - Matt Cowall, communications manager, Appia Communications

"I saw the job posted on Twitter and thought, why not?" - Rebecca Gertsmark Oren, Communications Director at The Rudd Center for Food Policy and Obesity

What are your assets? (as in strengths)

"Well, I do own a bike." - Pam Venné, principal, The Venné Group

What are your weaknesses?

"I get angry easily and I went to jail for domestic violence. But I won't get mad at you." - Pechstein

"I had a job candidate tell me that she often oversleeps and has trouble getting out of bed in the morning." - Linda Yaffe, certified executive coach

"I am an alcoholic and do not deserve this job." - Deb Bailey, owner, Power Women Magazine & Radio Show

"I'm really not a big learner. You know ... some people love learning and are always picking up new things, but that's just not me. I'd much rather work at a place where the job is pretty stagnant and doesn't change a lot." -- Michaele Charles, Voice Communications

When have you demonstrated leadership skills?

"Well my best example would be in the world of online video gaming. I pretty much run the show; it takes a lot to do that." - Rachel Croce

Is there anything else I should know about you?

"You should probably know I mud wrestle on the weekends." - Venne

When can you start?

"I need to check with my mom on that one." - Bolzan

Use three adjectives to describe yourself

"I hate questions like this." - Katrina Meistering, manager of outreach, National Fatherhood Initiative

Tell of a time you made a mistake and how you dealt with it

"I stole some equipment from my old job, and I had to pay for its replacement." - Meistering

Have you submitted your two weeks' notice to your current employer?

"What is two weeks' notice? I've never quit a job before, I've always been fired." - Meistering

Random responses

"One guy [said] 'it would probably be best' if I didn't run a background check on him. Of course, I did, and learned all about his long, sordid past of law-breaking. Our client actually offered him a job as a staff accountant, but quickly retracted the offer when I had to tell them all about his recent arrest for a meth lab in his basement." - Charles

"[A] guy said he did not have a mailing address, as he was living in a gypsy camp at the airport." -- Sandra L. Flippo, SPHR

"I went into the lobby to pick up a candidate. As he stood up, his trousers fell to the floor! [He said] 'Oh, my gosh -- they told me I needed a suit for the interview. I've got no money -- so I borrowed this thing. It's too big!'" - Beth Ross, executive and career coach

"Wow -- I'm not used to wearing dress shoes! My feet are killing me. Can I show you these bloody blisters?" - Bolzan

"May I have a cup of coffee? I think I may still be a little drunk from last night." - Smith

(During a telephone call to schedule the interview) "Can we meet next month? I am currently incarcerated."- Smith

"[A candidate] was asked whether he could advocate impartially on behalf of the various universities he would be representing since he had attended one of them. He responded, 'Well, I don't like to poop where I eat, but I thought my education sucked, so I certainly wouldn't put that school above the others.'" - Darby


Tuesday, July 21, 2009

Yahoo Plans to Unveil a Revamped Home Page - Bits Blog - NYTimes.com

Yahoo Plans to Unveil a Revamped Home Page

By Miguel Helft
New Yahoo Home PageYahoo A screenshot of the new Yahoo home page, with a preview of a Facebook application.

After many rounds of testing and nearly a year of painstaking development, Yahoo is poised to introduce a thoroughly overhauled home page on Tuesday, a major step in the struggling company’s efforts to remake itself for users, advertisers and investors.

The outlines of Yahoo’s approach to redesigning the most popular home page on the Internet have long been known. The company has said time and again that it wanted to provide something of a dashboard that offered its users a view not only into their favorite Yahoo content and services, but also into third-party applications and sites they use frequently, like Facebook, eBay or Gmail. The idea was also to make it easy for users to customize that experience.

Jerry Yang, Yahoo’s co-founder and former chief executive, had described the goal as making Yahoo into a “starting point” for users on the Web. In the Carol Bartz regime, the preferred catchphrase appears to be putting Yahoo at the “center point of people’s lives online.” That’s how Tapan Bhat, a senior vice president at Yahoo who oversees the home page, put it in an interview.

But the specifics of the redesigned Yahoo.com have changed several times, and the final release, which remains in “beta” testing, appears to have taken some elements in a new direction. Perhaps the most singular feature is how Yahoo integrates third-party applications and sites into its home page. Those applications, which are chosen by users, appear in a right-hand rail called My Favorites. When users hover over one of them with their mouse, a preview of that application, be it their Facebook page, the front page of The New York Times, or their Gmail in-box, pops up. That makes Yahoo.com an easy way for users to check in with their favorite services. It also addresses a vital problem for Yahoo.

In early tests, some executives complained that the third-party apps took traffic — and with it, revenue opportunities — away from Yahoo. Now Yahoo is including targeted ads in the preview window.

Yahoo’s home page receives huge amounts of traffic, Mr. Bhat said. “The thing that has been missing is context and brand advertisers want to buy context,” he said. “The contextual advertising in the My Favorites area starts giving us chance to do that ” (It is not clear how third-party publishers will react to having Yahoo sell ads next to their content, but Mr. Bhat said Yahoo had notified publishers and that it was a “win-win for everyone.”)

Yahoo users will be able pick My Favorites apps from a list of more than 65 apps. They will also be able to create new apps for sites that are not included in that list. Yahoo promises that it will soon make it easy for users to keep PC and mobile selections in sync.

Other features of the new home page include more personalized news and “status” updates from various social networks like Facebook and MySpace.

Mr. Bhat said the overhaul represented “the most fundamental change to the home page in Yahoo’s history.” He said the company was trying to walk a middle road between sites that broadcast a single home page to all their users — the old Yahoo.com or a newspaper home page — and services that allow users to customize their experience, like My Yahoo or iGoogle. User tests show that a growing number of people say they like a custom experience, but the number who bother to program their home page remains relatively low, Mr. Bhat said.

Yahoo.com had 114 million visitors in the United States in June, 17 percent more than a year earlier, according to comScore. By comparison, MyYahoo grew 32 percent to 23 million users in the past year, and iGoogle, Google’s version of a dashboard, grew 32 percent to just under 10 million users.

The new home page, which inside Yahoo has been known as Metro, will not be imposed on users automatically — at least not yet. Mr. Bhat called it an “opt-in beta,” meaning that users would have to click on a link to select the new design. The beta part, of course, means the design is still subject to change. The new home page will be available in the United States on Tuesday, and in France, Britain and India later in the week, with other countries to follow next month.


Sunday, July 19, 2009


The Twitter document leak fiasco started with a simple story that personal accounts of Twitter employees were hacked. Twitter CEO Evan Williams commented on that story, saying that Twitter itself was mostly unaffected. No personal accounts were compromised, and “most of the sensitive information was personal rather than company-related,” he said. The individual behind the attacks, known as Hacker Croll, wasn’t happy with that response. Lots of Twitter corporate information was compromised, and he wanted the world to know about it. So he sent us all of the documents that he obtained, some 310 of them, and the story developed from there.


This post isn’t about the confidential information taken from Twitter. It’s about exactly how Hacker Croll was able to get such deep access to Twitter in the first place.


It’s clear that Twitter was completely unaware of how deeply they were affected as a company - when Williams said that most of the information wasn’t company related he believed it. It wasn’t until later that he realized just how much and what kind of information was taken. It included things like financial projections and executive meeting notes that contained highly confidential information.


We’ve already said a lot about all of this and the related “server password = password” story that was discovered by another individual last week. But we’ve got two more stories to tell. The first, this post, is exactly how the hacks took place, based on information gathered from hours of conversations with Hacker Croll. The second is what was happening behind he scenes with Twitter as the story unfolded. We’ll post that later this week.


When the story first broke the true scope of what had taken place and how it occurred was not understood. Various bloggers speculated about the cause of the attack - with some placing the blame on Google while others blaming the rising trend of hosting documents in the cloud.


We immediately informed Twitter of the information we had in our possession (and forwarded it to them), and at the same time reached out to the attacker. With some convincing, the attacker responsible for the intrusion at Twitter began a dialog with us. I spent days communicating with the attacker in an effort to gain insight into how the attack took place, what the true scope of it was and how we could learn from it.


We’ve waited to post exactly what happened until Twitter had time to close all of these security holes.


Some Background


In the security industry there is a generally accepted philosophy that no system or network is completely secure - a competent attacker with enough time, patience and resources will eventually find a way into a target. Some of the more famous information security breaches have relied on nothing more than elementary issues exploited by an attacker with enough time and patience at hand to see their goal through. A classic example is the case of Gary McKinnon, a self-confessed “bumbling computer nerd” who while usually drunk and high on cannabis would spend days randomly dialing or attempting to login to government servers using default passwords. His efforts led to the compromise of almost 100 servers within a number of government departments. After McKinnon spent a number of years trawling through servers looking for evidence of alien life (long story), somebody within the government finally wised up to his activities which lead to not only the arrest and attempted extradition of McKinnon from the United Kingdom, but a massive re-evaluation of the security methods employed to protect government information.


A more recent example is the case of Kendall Myers, who after being recruited to work for the Cuban government by an anonymous stranger they met while on holiday in that country, set out to obtain a high ranking position within the State Department specifically to obtain access to US government secrets. Kendall dedicated his entire life to obtaining state secrets, and up until he was recently caught by the FBI had successfully passed on secret information and internal documents to the Cuban government for 30 years. He relied only on his memory, his education credentials and sheer dedication.


The Twitter Attack: How The Ecosystem Failed


Like other successful attacks, Hacker Croll used the same combination of patience, sheer determination and somewhat elementary methods to gain access to a frightening number of accounts and services related to Twitter and Twitter employees. The list of services affected either directly, or indirectly, are some of the most popular web applications and services in use today - Gmail, Google Apps, GoDaddy, MobileMe, AT&T, Amazon, Hotmail, Paypal and iTunes . Taken individually, most of these services have reasonable security precautions against intrusion. But there are huge weaknesses when they are looked at together, as an ecosystem. Like dominoes, once one fell (Gmail was the first to go), the others all tumbled as well. The end result was chaos, and raises important questions about how private corporate and personal information is managed and secured in a time when the trend is towards more data, applications and entire user identities being hosted on the web and ‘in the cloud’.


“Hacker Croll” is a Frenchman in his early 20’s. He currently resides in a European country and first discovered his interest in web security over two years ago. Currently in between jobs, he has made use of the additional time he now has, along with his acquired skillset, to break into both corporate and personal accounts across the web. His knowledge of web security has been attained through a combination of materials available to the public and from within a tight-knit group of fellow crackers who exchange details of new, and sometimes unknown, techniques and vulnerabilities. Despite the significance and impact a successful attack has, the cracker claims that his primary motivation is a combination of curiosity, exploration and an interest in web security. There is almost a voyeuristic tendency amongst these individuals, as they revel in the thought of gaining privileged access to information about the inner lives of individuals and corporations. The “high” of access and gaining unauthorized knowledge must be big enough to carry a cracker’s motivation through the long hours, days and months of effort it may take to hit the next pot of gold.


For Hacker Croll, his first port of call in setting out to gain access to a target network is to make use of public search engines and public information to build a profile of a company or individual. In the case of the Twitter attacks, this public information allowed him to create a rich catalog of data that included a list of employee names, their associated email addresses and their roles within the company. Information like birth dates, names of pets and other seemingly innocent pieces of data were also found and logged. This dragnet across the millions of pages on the web picked up both work and personal information on each of the names that were discovered. Public information on the web has no concept of, or ability to, distinguish between the work and personal details of a person’s identity - so from the perspective of a cracker on a research mission, having both the business and personal aspects of a target’s digital life intertwined only serves to provide additional potential entry points.


With his target mapped out, Hacker Croll knew that he likely only needed a single entry point in any one of the business or personal accounts in his list in order to penetrate the network and then spread into other accounts and other parts of the business. This is because the web was designed at a time where there was implicit trust between its participants - requiring no central or formal identification mechanism. In order to keep private data private, modern web applications have built out their own systems and policies that require a user to register and then manage their identities separately with each app. The identifier that most applications use is an email address, and it is this common factor that creates a de facto trust relationship between a user’s applications. The second factor is a password: a random string that only the user knows, is unique to each application, and in theory should take even a computer months or years to figure out if it started guessing. These two elements would work well enough for most cases, were it not for what is often the single weakest factor: human habit.


Look at the front page of almost any web application and you will see hints at just how hopeless and helpless we are in managing our digital lives: “forgot my password”, “forgot my username”, “keep me logged in”, “do not keep me logged in”, “forgot my name”, “who am i?”. Features that were designed and built as a compromise since we are often unable to remember and recall a single four-digit PIN number, let alone a unique password for every application we ever sign up for. Each new service that a user signs up for creates a management overhead that collapses quickly into a common dirty habit of using simple passwords, everywhere. At that point, the security of that user’s entire online identity is only as strong as the weakest application they use - which often is to say, very weak.


Now going back to Hacker Croll and his list of Twitter employees and other information. Twitter just happens to be one of a number of a new breed of companies where almost the entire business exists online. Each of these employees, as part of their work, share data with other employees - be it through a feature of a particular application or simply through email. As these users become interwoven, it adds a whole new attack vector whereby the weak point in the chain is no longer just the weakest application - it is the weakest application used by the weakest user. For an attacker such as Hacker Croll looking to exploit the combination of bad user habit, poorly implemented features and users mixing their personal and business data - his chances of success just got exponentially greater. Companies that are heavily web based rely largely on users being able to manage themselves - the odds are not only stacked against Twitter, they are stacked against most companies adopting this model.


Unfortunately for Twitter, Hacker Croll found such a weak point. An employee who has online habits that are probably no different than those of 98% of other web users. It began with the personal Gmail account of this employee. As with most other web applications, the personal edition of Gmail has a password recovery feature that presents a user with a number of challenges to prove their identity so that their password can be reset. It likely wasn’t the first account from a Twitter employee that Hacker Croll had attempted to access - but in the case of this particular account he discovered a kink in the armor that gave him the big first step. On requesting to recover the password, Gmail informed him that an email had been sent to the user’s secondary email account. In an effort to balance usability with security, Gmail offered a hint as to which account the email to reset the password was being sent to, in case the user required a gentle reminder. In this case the obfuscated pointer to the location of the secondary email account was ******@h******.com. The natural best guess was that the secondary email account was hosted at hotmail.com.


At Hotmail, Hacker Croll again attempted the password recovery procedure - making an educated guess of what the username would be based on what he already knew. This is the point where the chain of trust broke down, as the attacker discovered that the account specified as a secondary for Gmail, and hosted at Hotmail was no longer active. This is due to a policy at Hotmail where old and dormant accounts are removed and recycled. He registered the account, re-requested the password recovery feature at Gmail and within a few moments had access to the personal Gmail account of a Twitter employee. The first domino had fallen.


Well designed web applications will never just give a user their password if they forget it, they will force the user to pick a new one. Hacker Croll had access to the account, but with a password he had specified. To not alert the account owner that their account had been compromised, he had to somehow find out what the old Gmail password was and to set it back. He now had a bevy of information at his fingertips, a complete mailbox and control of an email account. It wasn’t long before he found an email that would have looked something like this:



To: Lazy User

From: Super Duper Web Service

Subject: Thank you for signing up to Super Duper Web Service


Dear Lazy User,


Thank you for signing up to Super Duper Web Service. For the benefit of our support department (and anybody else who is reading this), please find your account information below:


username: LazyUser

password: funsticks


To reset your password please follow the link to.. ahh forget it, nobody does this anyway.


Regards,


Super Duper Web Service


Bad human habit #1: Using the same passwords everywhere. We are all guilty of it. Search your own inbox for a password of your own. Hacker Croll reset the password of the Gmail account to the password he found associated with some random web service the user had subscribed to and that sent a confirmation with the password in clear text (and he found the same password more than once). He then waited, to check that the user was still able to access their account. Not too long later there was obvious activity in the email account from the account owner - incoming email read, replies sent and new messages drafted. The account owner never would have noticed that a complete stranger was lurking in the background. The second domino falls.


From here it was easy.


Hacker Croll now sifts through the new set of information he has access to - using the emails from this user’s personal Gmail account to further fill in his information map of his target. He extends his access out to all the other services he finds that this user has signed up for. In some instances, the password is again the same - that led Croll into this user’s work email account, hosted on Google Apps for Domains. It turns out that this employee (and in fact most/all Twitter employees and everyone else) used the same password for their Google Apps email (the Twitter email account) as he did with his personal Gmail account. With other sites, where the original password may not work - he takes advantage of a feature many sites have implemented to help users recover passwords: the notorious “secret question”.


Fork the story here for a moment because there is a real issue here with the “secret question” (from here on abbreviated more appropriately as just “secret ?”). For some strange reason, some sites refer to the “secret ?” as an additional layer of security - when it is often the complete opposite. In the story of Hacker Croll and Twitter, the internal documents that we now all know about were only a few steps away from the first account he gained access to. In addition to that, this attacker, and certainly others just like him, have been able to demonstrate that some of the biggest and most popular applications on the web contain fundamental weaknesses that alone might seem harmless, but in combination with other factors can cause an attacker to completely tear through the accounts of users, even those who maintain good password policy.


This is not the first time that the issue of “secret ?” being used in password recovery systems has been raised. Last September, US Republican Vice Presidential candidate and former governor of Alaska, Sarah Palin, had screenshots of her personal Yahoo mail account published to Wikileaks. A hacker or group known only as ‘Anonymous’ claimed credit for the hack, which was carried out by the attacker making an educated guess in response to the security question used to recover passwords. In early 2005, celebrity Paris Hilton suffered a similar incident when her T-Mobile sidekick account was broken into, and the details of her call log, messages (some with private pictures of Hilton) and contact list were leaked to the media. The culprit, again, was “secret ?”.


Giving the user an option to guess the name of a pet in lieu of actually knowing a password is just dramatically shortening the odds for the attacker. The service is essentially telling the attacker: “we understand that guessing passwords is hard, so let us help you narrow it down from potentially millions of combinations to around a dozen, or even better, if you know how to Google, just one”. The problem is not the concept of having an additional authorization token, such as mothers maiden name, that can be used to authenticate in addition to a password, the problem arises when it is relied on alone, when the answer is stored in the clear in account settings, and when users end up using the same question and answer combination on all of their accounts.


From this point, with a single personal account as a starting point, the intrusion spread like a virus - infecting a number of accounts on a number of different services both inside and outside of Twitter. Once Hacker Croll had access to the employee’s Twitter email account hosted by Google, he was able to download attachments to email that included lots of sensitive information, including more passwords and usernames. He quickly took over the accounts of at least three senior execs, including Evan Williams and Biz Stone. Perusing their email attachments led to lots more sensitive data being downloaded.


He then spidered out and accessed AT&T for phone logs, Amazon for purchasing history, MobileMe for more personal emails and iTunes for full credit card information (iTunes has a security hole that shows credit card information in clear text - we’ve notified Apple but have not heard back, so we won’t publish the still-open exploit now).


Basically, when he was done, Hacker Croll had enough personal and work information on key Twitter executives to make their lives a living hell.


Just to summarize the attack:



  1. HC accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned.

  2. HC then read emails to guess what the original Gmail password was successfully and reset the password so the Twitter employee would not notice the account had changed.

  3. HC then used the same password to access the employee’s Twitter email on Google Apps for your domain, getting access to a gold mine of sensitive company information from emails and, particularly, email attachments.

  4. HC then used this information along with additional password guesses and resets to take control of other Twitter employee personal and work emails.

  5. HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy.

  6. Even at this point, Twitter had absolutely no idea they had been compromised.


What could have happened next is that Hacker Croll could have used or sold this information for profit. He didn’t do that, and says he never intended to. All he wanted to do, he says, was to highlight the weaknesses in Twitter’s data security policies and get them and other startups to consider more robust security measures.


He also says he’s sorry for causing Twitter so much trouble. We asked Hacker Croll if he had any message he wants to deliver to Twitter, and he sent me the following:


Je tiens à présenter toutes mes excuses au personnel de Twitter. Je trouve que cette société a beaucoup d’avenir devant elle.


J’ai fait cela dans un but non lucratif. La sécurité est un domaine qui me passionne depuis de longues années et je voudrais en faire mon métier. Dans mon quotidien, il m’arrive d’aider des gens à se prémunir contre les dangers de l’internet. Je leur apprend les règles de base.. Par exemple : Faire attention où on clique, les fichiers que l’on télécharge et ce que l’on tape au clavier. S’assurer que l’ordinateur est équipé d’une protection efficace contre les virus, attaques extérieures, spam, phishing… Mettre à jour le système d’exploitation, les logiciels fréquemment utilisés… Penser à utiliser des mots de passe sans aucune similitude entre eux. Penser à les changer régulièrement… Ne jamais stocker d’informations confidentielles sur l’ordinateur…


J’espère que mes interventions répétées auront permis de montrer à quel point il peut être facile à une personne mal intentionnée d’accéder à des informations sensibles sans trop de connaissances.


Hacker Croll.


This roughly translates to:


I would like to offer my personal apology to Twitter. I think this company has a great future ahead of it.


I did not do this to profit from the information. Security is an area that fascinated me for many years and I want to do my job. In my everyday life, I help people to guard against the dangers of the Internet. I learned the basic rules .. For example: Be careful where you click the files that you download and what you type on the keyboard. Ensure that the computer is equipped with effective protection against viruses, external attacks, spam, phishing … Upgrading the operating system, software commonly used … Remember to use passwords without any similarity between them. Remember to change them regularly … Never store confidential information on the computer …


I hope that my intervention will be repeated to show how easy it can be for a malicious person to gain access to sensitive information without too much knowledge.


Croll hacker.


What’s the takeaway from all this? Cloud services are convenient and cheap, and can help a company grow more quickly. But security infrastructure is still nascent. And while any single service can be fairly secure, the important thing is that the ecosystem most certainly is not. Combine the fact that so much personal information about individuals is so easily findable on the web with the reality that most people have merged their work and personal identities and you’ve got the seed of a problem. A single Gmail account falls, and soon the security integrity of an entire startup crumbles. So for a start, reset those passwords and don’t use the same passwords for different services. Don’t use password recovery questions that can easily be answered with a simple web search (an easy solution is to answer those questions falsely). And just in general be paranoid about data security. You may be happy you were.


Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0








Tuesday, July 14, 2009

Alternative payments: Will history repeat itself? | VentureBeat

Alternative payments: Will history repeat itself?

July 13, 2009 Ron Hirson

boku-team-e28093-global-mobile-payment-leaders1With the phenomenal growth in social networks, online games and virtual worlds, we’re seeing a shift in monetization away from traditional advertising and credit card commerce. Virtual goods and currencies across these platforms, as well as gaming models like free-to-play, are opening a whole new world of things to sell and ways to pay for them. Facebook alone is calculated to have had $500 million of virtual goods and currencies run across its platform as people buy everything from birthday cakes to godfather favor points for their friends and for themselves. In addition to the usual means of paying for these virtual goodies, we’re seeing a host of other methods: Cross-sell exchanges (example: sign up for Netflix, get points/etc.), time barters (example: Fill out a survey), and even new credit sources (example: Charge to your mobile or home phone).

So who are going to become the leading companies providing these new alternative payment methods? Here at Boku, we’re building a new payments service focused on mobile, and we’ve been looking at past winners such as PayPal and BillMeLater to see what key lessons we can learn from their previous success. We talk about these key learnings below and then consider what has changed since then as a guide in predicting the next leading payment platforms.

Key learnings:

Be flexible. When PayPal launched, their original vision was to make money on the float created by allowing people to send money to each other safely over email (technically it started out over PalmPilots, but that’s another story). They shifted to focus on merchants on eBay and other P2P commerce sites and built out the operational capabilities to serve those merchants over time (like its forthcoming Adaptive Payments API, opening up parts of their platform to developers). Some shifts in alternative payments are already happening as lead-generation sites (offers) are starting to add more and more direct payment methods and give them greater web page real estate (pixels).

Ride a wave. PayPal’s was eBay auctions and the need for a trusted intermediary to handle the transfer of funds from buyer to seller. BillMeLater leveraged a mature ecommerce environment and offered a product that reached a segment of customers that either didn’t want to provide financially identifiable info or preferred to buy with credit. (As a disclaimer, BOKU’s CEO, Mark Britto, was an early investor in and board member of BillMeLater). Today virtual goods and currencies have a unique combination of low price-points and near-zero cost-of-goods-sold (COGS), enabling everything from a simple survey to a mobile payment as means to pay.

Reduce friction. Once you have a PayPal account it’s easier to “checkout,” especially on a site you haven’t shopped at before, than entering in your credit card information. BillMeLater was able to tap into a cohort of customers for merchants who still are reluctant to give up financial information over the web. Amazon and other ecommerce sites saw a 5-7 percent lift in customers transacting after adding BillMeLaters payment service. Today, mobile payments are seeing huge revenue growth because they are more convenient than other payment methods online. This is because you either 1) have a phone but not a credit card or bank account (as is the case in emerging countries like India, where only one in three people has a bank account), or 2) it’s just easier to enter your phone number than credit card number, address, zip, CVV number.

Go big. PayPal focused relentlessly on removing barriers to adoption - and they paid high (reportedly between $4-10) acquisition costs for each customer. They invested $100-plus million to grow their market and reaped the rewards of network effect they created. Facebook has the clearest opportunity to be the next network of customers, though others are working on this as well.

Invest in security early. PayPal reportedly had over 50 percent of its original 650 employees working on fraud prevention and customer support. It’s rumored that early fines and fraudulent activity have now brought their CS and fraud team to 2000 or more. Mobile payments, by design, require that you have your phone in order to complete a transaction and since it’s almost always in your possession (or more importantly, you realize as soon as it’s not), have significantly less “stolen identity” fraud than in traditional payment methods such as credit cards. However, all alternative payment methods, including mobile, are going to have to invest in technology and people for fraud prevention as success will bring unwanted attention from the same people that have their sights on PayPal and BillMeLater.

What’s changed?

Focus on merchants before consumers. Open platforms and ease of integration allow merchants (app developers and game publishers) to integrate payments services very easily. A simple iframe with few lines of code are all that are needed. Payments companies don’t have to go straight to consumer. PayPal kick-started their network effect by buying customers, initially for a $10 bonus for each one referred, and they’re now turning more deliberately towards merchants with the Adaptive API. BillMeLater had the benefit of appearing in the checkout flow and either did rev-shares or direct payments to merchants. By existing as an option in the checkout flow, payment companies can skip the higher direct-to-consumer acquisition fees, and focus on those who have intent to purchase instead of hoping to convert registrants to transacting customers.

Payment variety. PayPal does offer the ability to pay with your credit card or bank account, while BillMeLater is essentially a credit application, but what we’re seeing with the alternative payments companies today, especially amongst the “offer” companies, is the aggregation of multiple payment methods. SuperRewards, Gambit, and Offerpal now offer credit cards, mobile phone payments, offers, PayPal, etc. and combinations of the above. The ease of integrating these companies means that the developers can focus on what they do best and still offer all types of payment methods to optimize revenue. But variety is leading to clutter and poor user experience and payment aggregators will focus in the coming quarters on cleaning up the interface to deal with the issues that come about from the paradox of choice.

Ease of integration. When PayPal for checkout arrived it was arguably the easiest of all the payment integration methods (versus PaymentTech, etc.). However, this now seems complex compared to the simple addition of an iframe and a few lines of code to confirm transactions. This ease of integration means that developers are adding, duplicating and swapping payment methods often. Some game developers have four of the top payment aggregators running at once and display them in tabs, for customers to switch between – increasing revenue dramatically. This ease of integration is double-edged. While it has been in our favor recently, we’re aware that this means if we aren’t delivering results, we will be swapped out.

Global faster. Social networks are global. Publishers of apps and games are global. They want domestic and global solutions at the same time. It’s become clear that advertising and credit cards aren’t the only solution to monetizing these services, and in some cases the new payment methods are better able to make money both in North America and Western Europe (the head) as well as emerging markets like Southeast Asia and Latin America (the tail). Boku is live in 50 countries – we take a ‘head and tail’ approach to international reach. An app’s next fan base may just be in Thailand, Malaysia, or Turkey. PayPal got global reach later in their evolution mainly because, at its inception, e-commerce revenue was only coming from 8-10 places.

What’s next?

Based on what we’re hearing from working directly with online games and social applications and in partnering with payments aggregators, it’s clear the industry is shifting from the “revenue at all costs” phase to the “optimization and analytics” phase of monetization. Great apps and gaming companies that are already making $1-30 million are already hiring more web monetization and merchandising experts and user experience, reach and results are being rightfully questioned. Merchants will be looking closely at payments companies and their ability to provide long-term operational value. The rest of 2009 will clearly identify leaders, while others will fail to see 2010. We at Boku are working hard to take these lessons to heart and do our best to become a standard in mobile payments.


Sunday, July 12, 2009

For Fun And Profit Books

HOW TO RAISE CHILDREN FOR FUN AND PROFIT


Thursday, July 9, 2009

Amazon Killing Mobile Apps That Use Its Data

by MG Siegler on July 7, 2009

picture-45Well, this sucks. I had not yet gotten around to downloading the new Delicious Library iPhone app, which I heard was great. And now I can’t because the developer had to remove it from the App Store. Why? Because of Amazon.

A recent change to Amazon’s Product Advertising API means that apps like Delicious Library are being restricted from using it, according to Alan Quatermain. And what’s really perplexing is that this change apparently only matters on mobile devices, meaning bye bye to an iPhone app that took its developers 8 months to build.

Here’s the official wording that killed the app:

You will not, without our express prior written approval requested via this link , use any Product Advertising Content on or in connection with any site or application designed or intended for use with a mobile phone or other handheld device.

Developer Wil Shipley tried to reach out to Amazon to see about getting permission, but Amazon apparently said no exceptions were being made. Not only that, “they [Amazon] told me to remove it today, or they’d shut me down,” Shipley tweeted out.

And this data is crucial to Delicious Library, because it’s how it pulls its product information. So it won’t be back unless Amazon changes that rule, which it doesn’t appear to be ready to do anytime soon.

It would seem that Amazon only wants you to be able to access its product data through its own mobile site and apps. But that’s a problem because, as Quatermain points out, the Amazon iPhone app isn’t even available in places like the UK.

Yeah. This is fairly ridiculous.

Update: As Rod points out in the comments, this seems to be related to similar action Amazon was taking nearly 2 years ago against mobile web startups. But here’s why this remains utterly ridiculous — if not more so — just read what Amazon told us at the time:

2/ Now with regards to just ECS, we do limit access by some mobile-focused companies to just that service. Its says in our license agreement for that service that developers must first get permission from Amazon Web Services prior to using Amazon ECS in connection with any handheld, mobile, or mobile phone application (see 5.1.4 here) . The reason is that it’s very early days in the mobile space and Amazon.com is still thinking through how to best serve customers who want to use mobile devices to shop on Amazon.com. At this point, we’re being cautious about exposing our catalog data for use in the mobile space.

Amazon tried to make it sound like they were just in the process of figuring everything out and then would come up with a way to “best serve customers who want to use mobile devices to shop on Amazon.com” Uh yeah, it’s been almost 2 years.

And again, Shipley did ask for permission, and was flat-out denied.


Amazon Killing Mobile Apps That Use Its Data

by MG Siegler on July 7, 2009

picture-45Well, this sucks. I had not yet gotten around to downloading the new Delicious Library iPhone app, which I heard was great. And now I can’t because the developer had to remove it from the App Store. Why? Because of Amazon.

A recent change to Amazon’s Product Advertising API means that apps like Delicious Library are being restricted from using it, according to Alan Quatermain. And what’s really perplexing is that this change apparently only matters on mobile devices, meaning bye bye to an iPhone app that took its developers 8 months to build.

Here’s the official wording that killed the app:

You will not, without our express prior written approval requested via this link , use any Product Advertising Content on or in connection with any site or application designed or intended for use with a mobile phone or other handheld device.

Developer Wil Shipley tried to reach out to Amazon to see about getting permission, but Amazon apparently said no exceptions were being made. Not only that, “they [Amazon] told me to remove it today, or they’d shut me down,” Shipley tweeted out.

And this data is crucial to Delicious Library, because it’s how it pulls its product information. So it won’t be back unless Amazon changes that rule, which it doesn’t appear to be ready to do anytime soon.

It would seem that Amazon only wants you to be able to access its product data through its own mobile site and apps. But that’s a problem because, as Quatermain points out, the Amazon iPhone app isn’t even available in places like the UK.

Yeah. This is fairly ridiculous.

Update: As Rod points out in the comments, this seems to be related to similar action Amazon was taking nearly 2 years ago against mobile web startups. But here’s why this remains utterly ridiculous — if not more so — just read what Amazon told us at the time:

2/ Now with regards to just ECS, we do limit access by some mobile-focused companies to just that service. Its says in our license agreement for that service that developers must first get permission from Amazon Web Services prior to using Amazon ECS in connection with any handheld, mobile, or mobile phone application (see 5.1.4 here) . The reason is that it’s very early days in the mobile space and Amazon.com is still thinking through how to best serve customers who want to use mobile devices to shop on Amazon.com. At this point, we’re being cautious about exposing our catalog data for use in the mobile space.

Amazon tried to make it sound like they were just in the process of figuring everything out and then would come up with a way to “best serve customers who want to use mobile devices to shop on Amazon.com” Uh yeah, it’s been almost 2 years.

And again, Shipley did ask for permission, and was flat-out denied.


Amazon nixes Twitter, Facebook affiliate commission » Adotas

Amazon nixes Twitter, Facebook affiliate commission

Written on
July 7th 2009
Author
by Edward Barrera 
Feed
   XML Feed

affiliate11.jpgADOTAS — The e-retailer has made a nice living off affiliate members who have been a large commission-only salesforce for a long time.

But the love doesn’t go both ways. Joshua Odmark, a technology consultant at Simply Ideas LLC and who also blogs for Performance Marketing Blog, found that out recently. He wrote a recommendation and product review with a link from an Amazon link page — except he did it through Twitter and Facebook. Amazon later killed a commission, pointing to its TOS, which says that ‘“Your site” means any site that you will link to the Amazon Site (and which you will identify in your Program application)”

But as Joshua notes:
“If you really think about it, what is the difference between posting a link on my blog, which is read by subscribers who are interested in what I have to say, as compared to the followers who are following me because they are interested in what I have to say? Seems to me a simple matter of semantics. Oh, and that whole character limit thing.”

As states start to squeeze e-retailers like Amazon (forget the bite from other countries), I find the company’s position odd. It’s losing money from affiliates and penny-pinching its salesforce instead of expanding with the different ways the Internet allows users to find and buy products. But I guess since Amazon’s profits have doubled to $207 million from last year, based mostly around the Kindle, it couldn’t care less about the people who helped it.


Amazon nixes Twitter, Facebook affiliate commission » Adotas

Amazon nixes Twitter, Facebook affiliate commission

Written on
July 7th 2009
Author
by Edward Barrera 
Feed
   XML Feed

affiliate11.jpgADOTAS — The e-retailer has made a nice living off affiliate members who have been a large commission-only salesforce for a long time.

But the love doesn’t go both ways. Joshua Odmark, a technology consultant at Simply Ideas LLC and who also blogs for Performance Marketing Blog, found that out recently. He wrote a recommendation and product review with a link from an Amazon link page — except he did it through Twitter and Facebook. Amazon later killed a commission, pointing to its TOS, which says that ‘“Your site” means any site that you will link to the Amazon Site (and which you will identify in your Program application)”

But as Joshua notes:
“If you really think about it, what is the difference between posting a link on my blog, which is read by subscribers who are interested in what I have to say, as compared to the followers who are following me because they are interested in what I have to say? Seems to me a simple matter of semantics. Oh, and that whole character limit thing.”

As states start to squeeze e-retailers like Amazon (forget the bite from other countries), I find the company’s position odd. It’s losing money from affiliates and penny-pinching its salesforce instead of expanding with the different ways the Internet allows users to find and buy products. But I guess since Amazon’s profits have doubled to $207 million from last year, based mostly around the Kindle, it couldn’t care less about the people who helped it.


Monday, July 6, 2009

Amazon adding in-book ads to Kindle?

Amazon adding in-book ads to Kindle?

By Jason
Created Jul 6 2009 - 10:51am

A pair of recent patent applications suggest Amazon.com is planning to introduce advertisements to content optimized for its Kindle ereader platform. United States Patent Application 20090171751 [1], detailing "On-Demand Generating E-Book Content with Advertising," outlines "a method of providing fixed computer-displayable content in response to a consumer request for content," while Patent Application 2009171750 [2], "Incorporating Advertising in On-Demand Generated Content," outlines a "system and a method of incorporating advertisements in on-demand printed content."

"While on-demand printing provides access to a wide variety of content, including out-of-print and/or rare documents, the content is fixed and, therefore, has not been adapted to modern marketing," the patents state. "In contrast, many Internet sites that publish content are able to do so profitably by displaying advertisements with the published content. Indeed, most content providers that host 'free' Internet sites are typically supported by advertisements. Of course, in regard to out-of-print or rare books, they typically do not include advertisements and, if they do, the advertisements are out of date and inapplicable... As part of printing documents in an on-demand fashion, the on-demand printed content provides the opportunity to incorporate advertisements, as well as other subject matter, in an on-demand printed document." However, that language is a little strange given that most books don't include advertisements, regardless of whether or not the title is in print.

For more on the Amazon patents:
- read this Slashdot article [3]

Related articles:
Amazon promises Kindle [4] content across more devices
Amazon to sell Kindle [5] ebooks via iPhone


Links:
[1] http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220090171751%22.PGNR.&OS=DN/20090171751&RS=DN/20090171751
[2] http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220090171750%22.PGNR.&OS=DN/20090171750&RS=DN/20090171750
[3] http://yro.slashdot.org/story/09/07/03/2232256/Amazon-Wants-Patent-For-Inserting-Ads-Into-Books
[4] http://www.fiercemobilecontent.com/story/amazon-promises-kindle-content-across-more-devices/2009-06-16
[5] http://www.fiercemobilecontent.com/story/amazon-sell-kindle-e-books-iphone/2009-03-04


Amazon adding in-book ads to Kindle?

Amazon adding in-book ads to Kindle?

By Jason
Created Jul 6 2009 - 10:51am

A pair of recent patent applications suggest Amazon.com is planning to introduce advertisements to content optimized for its Kindle ereader platform. United States Patent Application 20090171751 [1], detailing "On-Demand Generating E-Book Content with Advertising," outlines "a method of providing fixed computer-displayable content in response to a consumer request for content," while Patent Application 2009171750 [2], "Incorporating Advertising in On-Demand Generated Content," outlines a "system and a method of incorporating advertisements in on-demand printed content."

"While on-demand printing provides access to a wide variety of content, including out-of-print and/or rare documents, the content is fixed and, therefore, has not been adapted to modern marketing," the patents state. "In contrast, many Internet sites that publish content are able to do so profitably by displaying advertisements with the published content. Indeed, most content providers that host 'free' Internet sites are typically supported by advertisements. Of course, in regard to out-of-print or rare books, they typically do not include advertisements and, if they do, the advertisements are out of date and inapplicable... As part of printing documents in an on-demand fashion, the on-demand printed content provides the opportunity to incorporate advertisements, as well as other subject matter, in an on-demand printed document." However, that language is a little strange given that most books don't include advertisements, regardless of whether or not the title is in print.

For more on the Amazon patents:
- read this Slashdot article [3]

Related articles:
Amazon promises Kindle [4] content across more devices
Amazon to sell Kindle [5] ebooks via iPhone


Links:
[1] http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220090171751%22.PGNR.&OS=DN/20090171751&RS=DN/20090171751
[2] http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220090171750%22.PGNR.&OS=DN/20090171750&RS=DN/20090171750
[3] http://yro.slashdot.org/story/09/07/03/2232256/Amazon-Wants-Patent-For-Inserting-Ads-Into-Books
[4] http://www.fiercemobilecontent.com/story/amazon-promises-kindle-content-across-more-devices/2009-06-16
[5] http://www.fiercemobilecontent.com/story/amazon-sell-kindle-e-books-iphone/2009-03-04


Sunday, July 5, 2009

The Web Collapses Under The Weight Of Michael Jackson’s Death

by MG Siegler on June 25, 2009

michael-jacksonIn terms of well-known celebrities, few are bigger than Michael Jackson. Love him or hate him, pretty much everyone on the planet knows him. And that caused big problems for a lot of huge websites today with the news of his passing.

It was probably to be expected that Twitter would struggle as reportedly hundreds of thousands of tweets came in about Jackson in a very short amount of time. While I only got a couple actual Fail Whales, the site was really sucking wind for much of the hour that people were trying to get information about him. But Twitter was hardly the only site that was struggling.

Various reports had the AOL-owned TMZ, which broke the story, being down at multiple points throughout the ordeal. As a result, Perez Hilton’s hugely popular blog may have failed as people rushed there to try and confirm the news. Then it was the LATimes which had a report saying Jackson was only in a coma rather than dead, so people rushed there, and that site went down. (The LATimes eventually confirmed his passing.)

Meanwhile, CNN wasn’t down, but failed for another reason. CNN first said that Jackson was revived (see screenshot at the bottom) before going to the hospital.

picture-315

picture-57

picture-613

aaaa

cnnfup

Update: And just in case you didn’t believe this story is dominating the web right now, 9 of the 10 trending topics on Twitter are MJ-related. The lone exception is Ed McMahon, who also passed away two days ago. Meanwhile, Twitter search seems to be running about 20 minutes behind.

picture-910

Update 2: And here’s a tweet in kind of poor taste from Google Maps API team: “Sad about MJ & FF? Cheer up by watching some Geo I/O talks.” Way to promote yourself at the expense of someone’s death, Google. Classy.

picture-107

Update 3: And Google has apologized.

16

Update 4: And now Twitter has had to remove features like Search on its main site to stay afloat.

Update 5: Here’s a statement from AOL regarding TMZ during the news:

our internal records show that the site didn’t experience any interruption due to traffic. It’s possible that some people may have had trouble accessing the site due to local network issues, but TMZ was not down.


The Web Collapses Under The Weight Of Michael Jackson’s Death

by MG Siegler on June 25, 2009

michael-jacksonIn terms of well-known celebrities, few are bigger than Michael Jackson. Love him or hate him, pretty much everyone on the planet knows him. And that caused big problems for a lot of huge websites today with the news of his passing.

It was probably to be expected that Twitter would struggle as reportedly hundreds of thousands of tweets came in about Jackson in a very short amount of time. While I only got a couple actual Fail Whales, the site was really sucking wind for much of the hour that people were trying to get information about him. But Twitter was hardly the only site that was struggling.

Various reports had the AOL-owned TMZ, which broke the story, being down at multiple points throughout the ordeal. As a result, Perez Hilton’s hugely popular blog may have failed as people rushed there to try and confirm the news. Then it was the LATimes which had a report saying Jackson was only in a coma rather than dead, so people rushed there, and that site went down. (The LATimes eventually confirmed his passing.)

Meanwhile, CNN wasn’t down, but failed for another reason. CNN first said that Jackson was revived (see screenshot at the bottom) before going to the hospital.

picture-315

picture-57

picture-613

aaaa

cnnfup

Update: And just in case you didn’t believe this story is dominating the web right now, 9 of the 10 trending topics on Twitter are MJ-related. The lone exception is Ed McMahon, who also passed away two days ago. Meanwhile, Twitter search seems to be running about 20 minutes behind.

picture-910

Update 2: And here’s a tweet in kind of poor taste from Google Maps API team: “Sad about MJ & FF? Cheer up by watching some Geo I/O talks.” Way to promote yourself at the expense of someone’s death, Google. Classy.

picture-107

Update 3: And Google has apologized.

16

Update 4: And now Twitter has had to remove features like Search on its main site to stay afloat.

Update 5: Here’s a statement from AOL regarding TMZ during the news:

our internal records show that the site didn’t experience any interruption due to traffic. It’s possible that some people may have had trouble accessing the site due to local network issues, but TMZ was not down.


Friday, July 3, 2009

Business consultant gets better performance out of naked office staff - Yahoo! India News

Business consultant gets better performance out of naked office staff

Thu, Jul 2 05:25 PM

London, Jul 2 (ANI): A business consultant, who was called in to help an ailing design and marketing company pull itself together, has managed to get the staff to perform better after he asked them to work naked.

David Taylor, a self-styled business psychologist, was enlisted by company onebestway, in Newcastle upon Tyne, after they were forced into six redundancies at the start of the credit crunch.

Taylor asked shocked employees to go naked for just one day to boost team spirit, and, amazingly, they agreed to go ahead with the daring Naked Friday idea.

"Inviting an organisation to go naked is the most extreme technique I've used," the Sun quoted Taylor as saying.

"It may seem weird but it works. It's the ultimate expression of trust in yourself and each other," he said.

Despite some initial reluctance, nearly all the staff went totally starkers - except for one man, who wore a posing pouch, and one of two female workers, who kept on black underwear.

And front-of-house manager Sam Jackson, 23, was the only one to go fully naked.

"It was brilliant. Now that we've seen each other naked, there are no barriers," Jackson said.

"We weren't put under pressure. If we wanted to come in clothed or in our underwear, we could. But I love my body and wasn't ashamed.

"We're all beautiful, whether we've got big bodies or small ones," Jackson, who suffers from cerebral palsy, added.

Managing Director Mike Owen, 40, said: "We're either brave or mad. But I did tell everyone they didn't have to do it - only if it felt right. As a creative company, we persuade our clients to be brave, and this was about taking on some of the braveness ourselves." (ANI)


Business consultant gets better performance out of naked office staff - Yahoo! India News

Business consultant gets better performance out of naked office staff

Thu, Jul 2 05:25 PM

London, Jul 2 (ANI): A business consultant, who was called in to help an ailing design and marketing company pull itself together, has managed to get the staff to perform better after he asked them to work naked.

David Taylor, a self-styled business psychologist, was enlisted by company onebestway, in Newcastle upon Tyne, after they were forced into six redundancies at the start of the credit crunch.

Taylor asked shocked employees to go naked for just one day to boost team spirit, and, amazingly, they agreed to go ahead with the daring Naked Friday idea.

"Inviting an organisation to go naked is the most extreme technique I've used," the Sun quoted Taylor as saying.

"It may seem weird but it works. It's the ultimate expression of trust in yourself and each other," he said.

Despite some initial reluctance, nearly all the staff went totally starkers - except for one man, who wore a posing pouch, and one of two female workers, who kept on black underwear.

And front-of-house manager Sam Jackson, 23, was the only one to go fully naked.

"It was brilliant. Now that we've seen each other naked, there are no barriers," Jackson said.

"We weren't put under pressure. If we wanted to come in clothed or in our underwear, we could. But I love my body and wasn't ashamed.

"We're all beautiful, whether we've got big bodies or small ones," Jackson, who suffers from cerebral palsy, added.

Managing Director Mike Owen, 40, said: "We're either brave or mad. But I did tell everyone they didn't have to do it - only if it felt right. As a creative company, we persuade our clients to be brave, and this was about taking on some of the braveness ourselves." (ANI)