I was just reading how Microsoft trumps Apple in battle of the brands, and I noticed yet another example of techies that completely miss the (business) point. It boils down to this misconception: if company A has a technically superior product, company A deserves the most valuable product brand in the marketplace.

As an example, I recently wrote about how Google Chrome is likely to be an important, disruptive technology. In the various comment threads, folks were vehemently deriding this idea as ludicrous given that Google is a "one trick pony" and that their other attempt at products and services have "failed miserably," citing examples such as Google Mobile, Google Docs, Book Search, etc.

Meanwhile, out in the real world of business (the world where money changes hands), they are saying exactly the opposite:

The report meanwhile attributed Google's success to "innovations like Google Mobile, Google Docs & Spreadsheets and Google Book Search" which has extended its "reach and ubiquity".

I'm a long-time computer techie myself (built my first computer in 1976 with a soldering iron and programmed it with toggle switches) and for a long time, I suffered the same from the same type of business blindness that a great many techies suffer from.  But as an entrepreneur starting and running several different software companies, I had to learn the some hard lessons, one of which is that business success is only slightly dependent on the underlying technology.

I was just reviewing our server security logs and ran across a questionable request for "/user/soapCaller.bs".  Doing a bit of research on this, I ran across this blog post by Rick Ekle confirming that was, indeed, the work of some script kiddie's "Morfeus F***ing Scanner" (sorry, that's its name—the underbelly of the Internet is a seedy place) looking for exploitable PHP servers.

No big deal; I added a couple new SlimeGate™ rules and all of our servers are protected from this slime ball.

But what struck me as interesting was the debate in the comment thread on Rick's post about whether or not webmasters should block requests bases on user agent names.  IMO, the answer is absolutely, yes!

Why block by user-agent?

Some people argue that blocking specific user agents is pointless because user agent names are easily spoofed, thus it is trivial for a hacker to masquerade as any user agent.  Therefore, the argument goes, blocking based on user agent provides only a false sense of security.

But this argument misses an important point.  Specifically, blocking by user agent is not intended to provide reliable security; it is intended to block unwanted traffic.  For example, blocking the user agent "^Morfeus" will not make a vulnerable PHP server secure, but it will prevent at least some unwanted traffic.  Arguing against doing this is like arguing against wearing safety belts on the grounds that doing so does not provide absolute safety.

What about blocking generic user agents like "libwww-perl" or "Java"?

In my opinion, most production servers should block generic user agents.  In my experience, it is very rare when a legitimate, desirable application, browser, or web service makes requests using a generic user agent name.  In the vast majority of cases, these products issue user-agent headers that properly identify themselves.

In years of hosting hundreds of commercial sites, I can count on one hand the times we have made exceptions to permit access by a generic user agent name.  And when such an exception is necessary, it is easily accomplished and the exception can be limited by IP address, referrer address, etc.

The bottom line

As a webmaster, you definitely should use user-agent headers to manager server traffic.  But understand that this is purely a pragmatic tactic and not a serious security measure.  Real security comes only through elimination of exploitable security holes.

A blogring connects a circle of Weblogs with a common focus or theme. The theme can be anything: a group of friends, a support group, sports fans, etc.

Widgetbox has just launched Widgetbox Network that leverages the blogring concept by defining a collection of thematic channels such as Art, Business, Family, Sports, Travel, and so on.  Bloggers are encouraged to join a relevant channel by registering an RSS feed with Widgetbox and creating a Widgetbox component (called a Blidget) that displays the latest posting from your blog.

Widgetbox provides then a "network channel" component for each channel in its network that displays the latest posting from all members of that channel.

I've registered this site with as a member of the Tech News network channel (it seemed the most relevant, though I sometimes stray from techno-geek speak in this blogsite.)  You can see the Tech News component in the lower right pane of this site.

What do you think?  Does this seem like a useful idea?  Or is this just another avenue that spammers will jump on and render useless?

Today, I happened across a blog post noting that, "Mozilla is demanding that FF users view an EULA the first time they start up Firefox in Ubuntu" and wondering if this was something to worry about.  This is a fair question, if by it you mean, "Does this particular EULA contain any terms or conditions that are unreasonable or undesirable to me?"

If, however, you are objecting to the very existence of an EULA (end-user licence agreement), I think you're being a bit naive.  For example, Mark Shuttleworth when so far as to report the very existence of the Mozilla EULA in Firefox 3 as a bug, stating, "... I would not consider an EULA as a best practice."

Come on, Mark, seriously?

There are many reasons why someone providing a service might want to have a EULA—not all of which are evil or conspiratorial.

Ever sign an agreement before renting a car, or a bike, or cross-country skis? If someone offering a service—of any kind—wants to clarify the terms under which they are comfortable offering that service, why is that unreasonable?

Now, you might reasonably take issue with specific terms in a EULA, (like Chrome’s EULA claiming ownership of everything posted via the browser, which is ridiculous, and which even Google acknowledges) but taking issue with the very existence of a EULA is naive.

I've been working with Bill French (@bfrench) since 2000, first as colleagues at Starbase, then as co-founders at MyST.  Very quickly, I came to understand that Bill offers a window into my technological future.  We're both techno-geeks, but Bill always gets his mind around new technologies first.  So, when Bill told me, a computer eon ago (a year or so), that he was looking at Twitter and that it was destined to become an important technology, I believed him but did not dive right in.

Well, about a month ago I took the Twitter plunge and now understand that, true to form, Bill was spot on.

I'm still not a super active tweep ("Twitter person") but I have started and I'm finding it very engaging.  I use Twitter both on the web from my various computers and on my iPhone.  The iPhone make a particularly cool Twitter client because it's always there and makes it easy to incorporate photos and even current geo-location data into my tweets (i.e., Twitter posts).

Twitter also has a very complete web services API (application programming interface) which I've spent some time playing around with.  My head is already buzzing with ideas about how to leverage Twitter within the MyST Blogsite^®, Topic Cloud^®, and MyST Web Services platform.

If you use Twitter (or even if you don't--yet), you can follow me @faseidl. I look forward to seeing you online.

Cloud computing is the idea of using federations of commodity machines (virtual or otherwise) that exist somewhere "in the clouds" (i.e., outside your own data center) and are physically hosted for you by a cloud computing service provider (such as Amazon.)  Many of us see cloud computing as an important evolutionary step in computing technology.  However, its also easy to find technology pundits, like Paul Murphy of ZDNet, who think cloud computing is doomed to failure.  In his recent article, Where there's hype, there's fire?, Paul writes:

"Cloud computing is strategically important to companies from Amazon to Google and even Microsoft is looking at it as a simplification technology for home computing. History shows us, however, that any success it has in the near term will be relatively shortlived."

Why?  Because of reliability concerns.  Citing examples such as a recent Gmail outage, Paul goes on to say that cloud computing is "dangerous stuff" because it it means putting all your "eggs in one basket - because there’s no comeback when things go wrong."

Well, I suppose that if you indeed put all your eggs in one basket, you would have reliability risks.  But why does using cloud computing require that you discard everything you know about building reliable systems?  Why not build systems based on multiple cloud computing service providers with redundancy and fail-over designed into the architecture?

Already we see companies like Amazon offering multiple cloud computing "zones", that is, physically isolated computing resources.  By placing cloud computing servers in multiple distinct zone, you can reduce the risk of a total outage.  Mixing cloud resources from multiple providers (and perhaps even from your own data center(s)) would further reduce such risks.

Using cloud computing does not mean neglecting to architect solutions that meet their business requirements, including reliability requirements.  But it does provide us with the ability to rapidly expand or contract our computing environments to meet changing demands on a pay-as-you-go, commodity style basis.  In my opinion, cloud computing is a tremendous enabling technology breakthrough.

I continue to read (in techno-geeky threads like this one) about how Google Chrome will never make it because it has so many problems.  Such views are short sighted.

As I have written elsewhere, Chrome is disruptive technology:
http://faseidl.com/public/item/212172

The fact that Chrome has vulnerabilities, bugs, missing features, etc., that make it a poor choice as a mainstream, commercial browser is not a deal breaker... IF Google can keep the rate of improvement in Chrome high.

Disruptive technologies nearly always start life as an *inferior* solutions in mainstream markets BUT as an attractive solutions for fringe markets that provide the user base that drives improvement. If the slope of the improvement trajectory is steeper than that of mainstream solutions, a new technology is able to catch and surpass (and thus, disrupt) a mainstream solution.

Look at Google's ability to grab attention. (Consider all of us, simply because Google releases a browser, spending countless hours rehashing the news.) If Google can grab a few million users (which they can), and if Google can compete technically with the long-in-the-tooth-bloated-and-buggy code base of IE (which they can), Chrome stands a good chance of becoming a significant player in mainstream markets.

Chrome will not "kill" IE, nor will IE squash the Chrome. Chrome will likely change the browser landscape... and it might significantly change it.

Thanks to Sally Falkow for pointing me toward this little gem of a song, You're No One if You're not on Twitter.

Take a listen and learn why there are two types of people in the world: somebody and nobody.  I was glad to learn I am somebody.  Which type are you?  <g>

Some early reactions, like this one, to Google's foray into the browser wars (rightly) point out that Chrome is not ready to displace established browsers like Firefox, IE, or Opera.  While I agree with this (for the moment), what I see in Chrome is the makings of a disruptive technology.

A disruptive technology need not begin its life as a replacement for established solutions.  It need only begin its life as a compelling solution for some related need AND have the ability to rapidly improve in other areas.  Chrome is exactly this.

In the post cited above, blogger David Naylor notes, "[Chrome's] 'Create Application' is awesome and that alone will be the reason I use it..."  The key here is that there is a reason David will use it.  And there will be reasons for millions of others to use it, too.  I will use it because of the nice built in developer tools (and because, as a web developer, I have to support it!) but I expect I will quickly come to appreciate a number of other Chrome features as well (like the most recently visited thumbnails view.)

The second part of the disruptive technology equation is the improvement trajectory.  Google clearly has the resources--both money and talent--and the mindset to rapidly build on the Chrome foundation.  Google will quickly chip away at the advantages of the established browsers such the ability to add plug-ins.  Thinking, for example, about the historic rate of improvement in IE and considering the enormous challenges of bringing the huge (and old) IE code base forward, its easy to believe that Chrome will overtake and surpass IE in more and more mainstream areas.

Once again, I believe we are seeing a disruptive technology hiding in plain sight.  What do you think?