Is there a marketing person leading the IT team?

Seth Godin is a well-known figure in technology marketing. And it’s no surprise that he thinks marketing is a pretty important function. Last month, he wrote a blog post with the same title as the one you’re reading right now. In it, he argues that marketing is more than advertising and the innate customer focus of marketers means they’re a good fit to lead IT teams.

Maybe Seth is being a little self-important here. I’m sure many IT teams would not be pleased to learn someone from marketing is being put in charge. But there’s something to Seth’s case.

I worked in marketing for two years. I don’t think I’d want to make a career of it, but I consider it valuable experience. Working in marketing gave me a lot of practice communicating concisely and effectively to audiences who might not want to listen to what I have to say. And it made me consider the optics of how actions and decisions may be received.

I’ve long believed that the best sysadmins and technical support people don’t come fro a strictly technical background. Knowledge of other business areas or even other academic domains gives a broad background for connecting with the customer as a fellow human. And successful IT leadership means being able to work with other parts of the organization and meet their needs.

So maybe IT teams don’t need a marketing person in charge. But it doesn’t hurt to think like a marketer sometimes.

NPM helps us learn important open source lessons

NPM is the gift that keeps on giving. Remember back when left-pad “broke the Internet“? This time, a package with two million weekly downloads started stealing cryptocurrency. As with the left-pad incident, it’s not NPM itself that was the problem, it just exposed a general problem: project maintainers don’t want to maintain their projects forever.

Dominic Tarr, the original developer of the event-stream package, started the project for fun. He got tired of maintaining it, someone offered to take it over, and he handed it off. It just turns out the new maintainer wanted to steal Bitcoin.

“You get literally nothing from maintaining a popular package,” Tarr wrote. In fact, the more popular your project becomes, the more it costs you. You have more expectations and responsibility put on you. Responsibility you didn’t ask for and probably don’t want. And all of that comes with no compensation. Paying maintainers is an obvious solution, but implementing that plan can be challenging. 

When someone doesn’t want to keep working on a project, they often hand it off to willing contributors who will take the lead. That works out most of the time, but sometimes it blows up spectacularly. I’m sure it happens in other ecosystems, too, but the “grab your dependencies as you go” nature of Node makes it really easy to bring this issues to light. I think we all owe NPM a big “thank you”.

Other writing: November 2018

What have I been writing when I haven’t been writing here?

Stuff I wrote

Red Hat/Fedora

Lafayette Eats

  • Amer’s Grill — A local Mediterannean restaurant gets subjected to my discerning palate.

Opensource.com

Stuff I curated

Red Hat/Fedora

Opensource.com

Is it time to replace the Saffir-Simpson scale?

Short answer: yes. Long answer: I’ll let Cliff Mass explain it. But as the 2018 Atlantic hurricane season draws to a close today, I’m more convinced than ever that the Saffir-Simpson scale does us no good.

The categories simply don’t mean much to the average person. Sustained wind speed is only one part of a hurricane’s power, and perhaps not even the most important. Storm surge, rainfall, and wind gusts are all significant contributors to the harm caused by hurricanes. Of course, coastal conditions, population density, and building quality factor into the end impact, too. Particularly inland, a slow-moving but weaker storm could cause more damage (due to flooding) than a stronger storm that spends less time over the area.

Ultimately, as I’ve written in the past, it’s not the meteorology that the public cares about. They want to know what the impact will be and what they should do about it. This means de-emphasizing wind speeds and focusing more on impacts. To its credit, NOAA agencies have put more emphasis on impacts in the last few years, but the weather industry as a whole needs to do a better job of embracing it. It requires a cultural change in the public, too, which may take a generation to settle in.

But there’s no time like the present to start preparing for day. And maybe it’s time to drop the distinction between tropical storm and hurricane watches and warnings, too.

So long, Google Voice

I signed up for Google Voice in about 2008 or 2009. This was back when providers actually charged you for text messages and I didn’t really use them. So I registered for an account and didn’t do a whole lot with it until I changed jobs and ended up in the basement. RIP cell phone signal. Google Voice made it possible to call one number and ring either my cell phone if I was above ground or my office phone if I was in the office.

It turns out that was pretty useful to me, so by the time I was moved to a different office, my Google Voice number was the number I told everyone to use. Being able to text and make phone calls from my web browser was a great feature. But as carriers started catching up, Google Voice sat stagnant. I braced myself for Google to decide they were going to drop the service.

Instead, they finally added the ability to send and receive pictures. In 2014. For a long time, that was only available if you used Hangouts for your Voice messages. But then the Voice app got support and all was right with the world. Unless you wanted to do videos. It’s something Google is supposedly close to rolling out.

But a few weeks ago, I bought a Samsung Galaxy Watch. That meant making phone calls or sending texts would come from my carrier number. Since I’ve been giving people my Google Voice number for nearly a decade, I figured that would just lead to confusion. So I decided to ditch Google Voice and port my number to my carrier.

It was fairly straightforward, albeit slightly slow. This is apparently due to the fact that Google Voice numbers are treated as landlines, so there’s more process involved. But not getting texts reliably for a few days was much easier than trying to get everyone to switch to using a new number for me.

I decided that the features I use are more important than the features I don’t use. I haven’t had Google Voice forward to anything except my cell phone for years. T-Mobile’s DIGITS service provides the web-based functionality I got from Google Voice (admittedly not quite as well, but I expect they’ll catch up). While I don’t often talk to my phone, the fact that Google Assistant can’t use Google Voice to send messages is a longstanding frustration.

Google had a chance to really make a great product here. Apart from search and GMail, Google Voice was the most valuable Google service for me. But the years of seeming neglect finally took its toll. Maybe some day I’ll move my number back, but for right now, I don’t really miss it.

Naming your files is important

I recently shared a Tweet about file names.

The inspiration for this was adding a new podcast to my podcatcher. For reasons that are mostly nerdy, I use bashpodder. I run it a couple of times an hour during my waking hours and stream or copy the files to whatever device I happen to be at. It’s a setup that works pretty well for me in general.

The downside is that all of the files get dumped into a directory by date. Some podcasts (e.g. Marketplace) do a good job of naming files: I know what show it is and when it’s from just by looking at the file name. Others use the network (e.g. “GLT” for Gimlet Media) and a string of numbers without any obvious meeting. The worst offender is Art19.com, from where I get “The Greatest Generation” and Akimbo. Those shows have UUIDs as filenames.

I can understand why, on the backend, that is beneficial. The files themselves are just one part of (I assume) a database of shows. No human ever has to touch it, so you might as well name it in a way that minimizes the risk of a naming collision. But it’s extremely hostile to the user.

I suspect that most podcast listeners these days use an app and don’t directly download the files. But for those that do, sane file names are important. A friend asked about using just the date as the file name, as he apparently does for recordings from his church. That’s even worse, because it assumes that the listener saves them in a unique location.

When it comes to media that you intend for others to download, it’s vitally important to not make any assumptions how they will store it. Maybe they save everything to their Downloads folder and never move it. If two separate items were produced on the same day, one of them will potentially get overwritten. That’s probably not what you want to happen.

Wrists on with the Samsung Galaxy Watch

I’ve owned the same watch for two decades or so. It’s a Timex Expedition that I paid about $25 for. I’ve paid far more than that to replace batteries over the years. But recently I decided to get a new watch, so I popped into the T-Mobile store to get the Samsung Galaxy Watch.

The style is nice. The 42mm bidy fits my wrists well. While the strap won’t win any design awards, it’s unobtrusive. Of course, the face can be whatever you want. I have the “Analog Utility” face, but in fancier situations, I might set it to something a little more elegant. Or not.

Setting up the watch was simple. I like that I can decide which apps will notify on the Watch. The Galaxy Wearable app on my phone made it simple to apply updates and install new apps to the Watch. Of course, the app selection for the Tizen operating system is pretty limited. Samsung Health and replies to incoming texts and Facebook Messenger messages are about the limit of my usage so far.

Composing those replies has been a trip. The default input method is to write the letters with a finger. That generally works pretty well, but the character set is limited. Typing on the T9 option takes some getting used to, since it isn’t the T9 you remember from your featurephone days. Speech-to-text is…underwhelming. It’s clear that Bixby is not in the same league as Google Assistant.

The battery life is pretty good. I’ve been wearing my Watch all night and charging it during the day when I’m at my desk. Even over the weekend, it doesn’t take long on the wireless charger to get enough juice. I could probably get close to two days without charging. Longer would be nice, but this is good enough for me.

I have the built-in SIM, although I haven’t used the Watch away from the phone yet. I can’t see myself doing that too often. But using it for payment instead of pulling out my phone is slightly more convenient. Samsung Pay makes it easy to quickly select which card I want to use. Still, I’m more likely to have already pulled out my wallet by the time I realize that using Samsung Pay is an option.

What’s been most interesting to me is how the Watch has changed my behavior. I’ve noticed I have my phone out less now because I can get notifications on my wrist. From there I can decide whether to pull out my phone or just wait a bit. As a parent who sometimes gets too distracted by his phone, I appreciate this. I also like that it can count my steps without having to remember to put my phone back in my pocket. Having sleep data and heart rate data is interesting, although I haven’t done much with it. I see that data as something to look at retrospectively.

In all, I’m pretty happy with the Galaxy Watch. It won’t last as long as my Timex, but if I get a few solid years out of it, I’ll probably buy a new one.

Why subscribe to a newsletter you don’t read?

Why would you subscribe to a newsletter that you don’t read? I mean, maybe you intend to. Maybe it’s sitting there in your inbox unread just waiting for you to get around to it Real Soon Now. Or maybe you filter it off to some folder where email does to die. I get that. I do that all the time.

No, what I’m thinking about is the case where an obvious spam account signs up for a newsletter. As of this writing, my newsletter has 283 subscribers — a number that has grown 27% in the past month. But only 40 people at most have ever opened it. The number of opens has stayed relatively constant even as the subscriber count has gone up.

So why do I think the accounts are spam? For one, there’s the fact that most of them haven’t opened any newsletters. Sure, maybe there’s a reason for that. But also they look…spammy. The addresses are often yahoo or other domains that have fallen out of favor. The names represented by the addresses don’t look like the names of people I know. I can’t imagine why people I do know read my newsletter, nevermind why strangers would. Taken all together, I feel safe calling many of these accounts spam.

But to what end? I understand spam accounts on Twitter liking random posts in the hopes that someone will look at the profile and click a link to whatever thing someone’s trying to peddle. Or maybe follow the account and get clicks that way. That makes sense to me. But what can a spammer do with a newsletter subscription? Is it a really crappy denial of service attack? Do they hope that after a few years my subscriber list will exceed Mailchimp’s free tier? Maybe it’s done to hide nefarious activity in a flood of confirmation emails. That seems like the most likely answer, but it doesn’t seem very efficient. Then again, I’m not a spammer, so what do I know?

What if we never used the phrase “common sense” again?

On Tuesday night, I heard my local NPR station interviewing a newly-elected representative. At one point, he made some reference to “common sense” policies. I don’t even remember what they were talking about, but it doesn’t matter. When someone says “common sense”, what I hear is “I don’t have any substantive arguments in favor of my position.”

This is not unique to one political party, or even to politics as a whole. In any field, “common sense” is a shorthand for “this is the only reasonable position and you’re unreasonable if you disagree with it because I said so.”  In most situations where “common sense” is deployed, reasonable people can disagree on what the sensible approach is.

In addition to silencing dissent, the phrase “common sense” also oversimplifies most issues. What seems like an obvious solution on the surface may not fit the underlying complexity. Life is rarely as simple as it seems.

If it’s really common sense, it should be easy for you to explain why. So let’s all agree to never use “common sense” again.

If everyone followed good password advice, we’d be less secure

Passwords are hard. To be useful, they must be hard to guess. But the rules we put in place to make them hard to guess also make them hard to remember. So people do the minimum they can get away with.

Earlier this week, security company Webroot took a look at the unintended consequences of password constraints. The rules organizations set in order to ensure passwords are sufficiently complex reduce the total number of possible passwords. This can make automated password guessing more

Good passwords are easy for the user to remember and hard for computers and other humans to guess. Let’s say I wanted to use a password like 2Clippy2Furious!! Various password checking sites rate it highly. It’s 18 characters long and contains upper- and lower-case letters, digits, and special characters. But because it contains consecutive repeating letters, some companies won’t allow it.

Writing for Webroot, Randy Abrams says “it’s length, not complexity that matters.” And he’s right. That’s the point behind the “correct horse battery staple” password in XKCD #936. So let’s all do that, right?

Well…it’s not so simple. If I were trying to brute force passwords, and I knew everyone was using four (or five or six) words, suddenly instead of “CorrectHorseBatteryStaple” being 26 characters, it’s four. Granted, the character set goes from 95 to (using /usr/share/dict/words on my laptop) 479,828. “CorrectHorseBatteryStaple” is many powers of 10 more secure if the attacker doesn’t know you’re using words.

And let’s be real: they don’t. This hypothetical weakness has a long time before it becomes a real concern. Don’t believe me? Just look at the password dumps when a site gets hacked. There are a lot of really bad passwords out there. If we took all the constraints off (except for minimum length), people would just use really dumb, easily-guessed passwords again. But it amuses me that if everyone followed good password advice, we’d actually make it worse for ourselves. Passwords are hard.

Sidebar: Yes, I know

The savvier among you probably read this and thought “it’s better to use a random string that you never have to memorize because your password manager handles it for you. Just set a very long and memorable password on that and you’re good to go.” Yes, you’re right. But people, even those who use password managers, will often go to memorable passwords for low-risk sites or passwords they have to use often (e.g. to log in to their computer so they can access the password manager).