Archive for the 'Opinion' Category

20FebOAuth is destined to fail

Over the past couple of years, a small but dedicated group of developers have been pushing a new technique for authenticating users called OAuth. While it has some benefits, it’s limitations are crippling.

The goal of OAuth is to create a more secure authentication system by limiting who has access to your username and password. By authenticating with a system external to your application, the idea is that your data is more secure. Unfortunately, OAuth was clearly developed without much regard real-world problems. Here are a few reasons why OAuth is destined to fail:

  1. Horrible User Experience - In a world where doing something as simple as changing a font or button color can create noticable changes in user behavior, asking a user to jump over the hurdles required by OAuth is just unrealistic. For web apps, it adds multiple steps to the authentication process and the experience is even worse for desktop apps. The experience also closely resembles the phising sites that we desperately warn our non-tech friends to watch out for. Also, keep in mind that the applications that poeple consider most secure (online banking, tax software, email, etc) NEVER redirect the user to a different site to enter login info.
  2. No Consideration for Desktop Applications - While web-based apps are growing in popularity, desktop apps still dominate in most industries. The OAuth experience is completely focused on web applications. Whether it’s an app on your home PC or an app on your iPhone, the OAuth experience sucks.
  3. OAuth is far from perfect - An ambitious hacker can get information via OAuth without much more effort than other athentication methods. There’s nothing to stop an application from collecting additional data in the background withour your knowledge after you’ve logged in. There’s also nothing to prevent an attack against or data breach with the OAuth provider.
  4. It takes power from vendors, but not from hackers - The main goal of OAuth is to prevent nefarious people from having your precious login credentials. However, most OAuth providers still transmit your credentials over an insecure connection. So, rather than having my app send you credentials via Basic Auth, the browser sends it via an HTTP post. In the end, the chances of a request being intercepted from a browser or an app are about the same.

While I completely understand the concept behind OAuth, it’s just never going to catch on. There is no such thing as a 100% secure system and there a plenty of approaches that are just as secure as OAuth. In the end, OAuth doesn’t solve any real security problems and shifts a lot of work onto developers. I don’t mind putting in the extra work, but OAuth is replacing a few lines of code with 1MB of dlls and a bunch of UX headaches for an illusion of security.

in Development, Opinion and Web Tech. Comments

23JanWhat Trophy?

One of the most common complaints about Generation Y is the “Everybody gets a Trophy” ideal. There have been dozens of articles and even an entire book dedicated to this and how to train us Generation Y kids to just drop it and behave like good cubicle monkeys should.

There are 2 things that are generally considered part of this trophy idea. The first is that everybody deserves a reward, even if they fail. The second is that every minor success should be rewarded. Based on the opinions of older generations on the web and in print, these are both ideals that every member of Gen Y holds dear. However, a lot of this is based on a misinterpretation of what’s really going on in our heads and I’ve found that many of us only believe the second part.

Nobody likes the Participant ribbon.

Let’s tackle the idea that even failure deserves a reward. Of the people I surveyed, most addressed this. Of the people surveyed, all of them felt that this was inaccurate. I think the idea started because of how my generation was treated in elementary school. In just about every competition, everybody who participates gets some sort of reward. This has clearly led my generation to accept and even embrace failure right? The people I surveyed disagree; here are a few of their responses:

“Boy Scouts, Marching Band, Tae Kwon Do and Academic Decathlon all had a lot of competition in them and they had clear winners and losers. Games where everybody wins were usually the province of corny church youth group games and were the butt of jokes among my friends and me.”

Jason W, Pembroke, NH

“… At sports tournaments, my brothers and I would sometimes receive trophies even for placing in last. My parents were proud of us and put it with our other awards. However, my brothers and I treated them more like a daily reminder of our failure and it drove us to work harder.”

Anonymous

There were a variety of similar responses, but I think these two represent the ideas shared by all. We’ve never viewed rewards for failure as a good thing. I never took home a “participant” ribbon and showed it off to my friends and family. That being said, I think that many companies are far too concerned with failure and fear of failure can cripple a team. Innovation and creativity are rarely the result of continuous success.

Failure is unavoidable. Many of the companies founded by Gen Y are successful because they recognize small failures as necessary steps in the process of innovation.

Rewarding Success is a Good Thing

The other part of this Trophy idea is that Gen Y expects rewards for small successes. I would agree with this 100% and most of the people surveyed agree too.

The general consensus amongst my fellow Gen Y members is that the current corporate culture favors job title and longevity over productivity. I’ve been in many situations where I’ve put in extra hours, travelled over holidays and gone above and beyond only to see a manager get a pat on the back. In one case, my supervisor didn’t even know why he was being congratulated. While this instance is rather anecdotal, nobody can argue against the obscene bonuses executives have received while the companies they run fall apart and destroy our economy. What company do you think would be more successful, the one that rewards the extra effort of individuals or the one that provides a fat bonus for executives?

The issue I have with this aversion to recognizing success is that in most cases it’s very simple and cheap to do. I don’t expect a huge bonus for doing my job, but when my team puts in extra hours every night for a week, maybe a lunch is in order or possibly even just an email saying thanks. Why would having a group of young, ambitious professionals that are easily motivated by small rewards and recognition be a bad thing? I would think that having employees that will work extra hours for a nicer desk chair or bagels once a week would be a c-level executive’s wet dream.

[FYI, for those that doubt Gen Y employees can be motivated by weekly bagels and the occasional beer, take a look at one of my former employers CustomScoop. When a company with less than 20 people is building better products than Google, you know they’re doing something right.]

Summary

Overall, the feeling in the survey could be summarized in the following points:

  • We don’t expect rewards for failure.
  • We will be rightfully upset when others are credited for our hard work.
  • Not every reward has to be cash, a thank you or kind gesture is often more meaningful.

To wrap up, here are a few more quotes:

“Failure is much more important than success and I do not want trophies that I do not earn.”

Matt G, Senior Public Affairs Analyst - Washington DC

“I want recognition, but not necessarily a trophy… I don’t see this as a negative because it just motivates me to strive to do more good.”

Kelley Muir, Manchester, NH

“Actually it really annoys me when people feel like they should be treated like special snowflakes because they exist.”

Courtney, Attorney, Concord, NH

“That is not the way I was raised. In rec soccer, I was terrible, and knew I didn’t deserve a trophy. To this day, I haven’t seen a good argument for rewarding poor performance.”

Anonymous

in Opinion and Rant. Comments

12JanGen Y Talks About Gen Y

Over the past 2 years, there have been a boatload of articles, posts, books and informative pamphlets about Generation Y. Most of them have either focused on “dealing” with us or how wrong we are. Every time I’ve read one of these, I’ve felt like it was written about somebody else. The facts have been accurate, but the conclusions drawn have been way off base.

Rather than assume I was some strange anomaly, I put the word out on Twitter to see if my fellow Generation Y friends would be interested in answering some questions. I received 14 responses to the following questions:

1.       In what year were you born?
2.       Are you well employed, underemployed or unemployed?
3.       How would you like to be identified in the post?
4.       Would you consider yourself Civic minded?
5.       Do you believe that the US government is effectively representing the US people?
6.       A common stated trait of Generation Y is the “Everybody Gets a Trophy” philosophy. Do you think this applies to you and is it a good thing?
7.       As employees, Generation Y often chooses jobs that provide opportunities for growth over jobs that provide purely financial rewards. Would you agree? Has this influenced your career decisions?
8.       Are you comfortable sharing personal information publicly or with people within internet-based communities? Do you feel that you are more open about your opinions and personal life than previous generations?
9.       Do you assertively seek more feedback, responsibility, and involvement in decision making in your career? Would you rather have feedback on a frequent informal basis or within a formal review structure?

The best part of the responses is that they are surprisingly diverse given the small sample size. The respondents included almost the entire age range of the generation, included a range of political affiliations and included an almost even gender balance. The surprise is that every question has at least 9 similar answers and 1 question was unanimous.

My original plan was to write a single post covering all of the results, but my new plan is to write several posts focusing on specific topics. Stay tuned for the results and analysis. I will probably tackle #5 or #6 first.

in Opinion. Comments

28NovTechstars Update

Yesterday, I posted about some concerns I had about Techstars. The post came across a bit more harsh than I intended (I’m a coder not a writer), and I’ve received a lot of feedback from both the Techstars crew and several of their participants. However, some of my concerns still stand.

$6k per founder is not enough to be the sole source of seed money. Based on a few quick exchanges with David Cohen at Techstars, it’s clear that this is intended. The capital provided is to help, but not sustain a company. While I agree that Techstars shouldn’t be fully funding their companies for a long period of time, I think that covering the cost of living for the founders for the 3 month course wouldn’t be unreasonable.

On a separate note, part of my concerns are clearly a result of my misunderstanding about the purpose of seed money. Most of the events I’ve attended are focused on companies that have already started and are looking for Angel or VC funding. At these events, it’s always been implied that seed funding is generally enough to get the company running and ideally have a first product ready to ship. Based on what I’ve been reading, it looks like most organizations that provide seed funding are more focused on providing connections and expecting the founders to front the capital.

In the end, there are really 2 core problems:

  1. Organizations like Techstars work best for founders who already have some capital, rather than founders who are just starting.
  2. There is a lot of confusion and mis-information around about how start-ups get going before they receive Angel or VC funding.

Based on these problems, there could be a variety of solutions.

For companies like Techstars and Y-Combinator, it would be interesting if the system would still work if founders recieved $10k-$12k. This would cover cost of living for the founders for the 3 month program, but is still low enough to encourage them to keep moving forward. Based on the potential gains, this seems like a relatively inconsequential amount and it would open the doors to a lot of talented people who don’t have access to capital.

It would also be great to see a few events targeted at pre-seed entrepreneurs. It’s clear that Techstars and similar groups have worked for lots of companies. It would be interesting to have  day to hear from organizations like TechStars, CRV, Y-Combinator and some of their companies to hear how others have made it work. It would also be great to give people an  idea of what it really takes to get though the seed phase. There are a lot of people like me, sitting around with prototypes and plans with no idea how to get that first beta to market or prepare for Angel or VC funding.

I owe the people at Techstars an apology. While their program doesn’t seem like a good fit for me in my current situation, it’s clear that they’re doing a lot of things right. It’s just frustrating to see great ideas that could become multi-million dollar companies fail because the founders can’t borrow that first $30k. It’s tough to walk through BarCampBoston or Ignite and see dozens of great ideas that will never see the light of day.

in Rant. Comments

27NovI Still Don’t Get Techstars

Update posted here

EDIT:  The tone of this post was clearly a bit off from my original intent. My main point was that it seems that the founders involved here are pretty much going all in by quitting their jobs for 3 months, whereas the investors are taking an incredibly small risk compared to other investment routes. Most of the other funding sources I’ve seen (Angel, VC, Bank Loans) at least provide some protection for the founders. (End of Edited Text)

As a developer whose participated in a few business plan / start-up competitions, it seems like everybody and their brother tells me to look into Techstars. I was pretty excited at first. Seed capital to get started and access to mentors, seems like a good idea right? After reading through the details, it’s definitely something I have no interest in. In all honesty, I think they’re misrepresenting themselves for a few reasons.

First of all, they prominently display $18,000 as the available seed amount in several locations. The amount is actually $6k per founder. Again, at first it seems like a great deal, but this is $6k/founder over 3 months. In the Greater Boston area, $2k per month is barely enough to cover rent and utilities and only slightly more than Wal-Mart pays. There is one difference though, Wal-Mart doesn’t ask for equity in your ideas. This leads to the second point.

Techstars requires 6% equity in your company. This seems a bit steep for a $6k investment. I know it’s very early seed money, but valuating the company at only $100k seems pretty lame given their rigorous entry process.  Since 60% of the companies have received Angel or VC funding at the end of the program, which was likely at least $1,000,000, Techstars must me pretty damn lucrative.

Keep in mind that the Manchester Young Professionals group managed to scrounge up $25k per business plus another $25k in services.  A small professional group in Manchester can front more than a group of investors in Cambridge?

I’m not expecting that Techstars should give money without gaining equity in the company. Trading equity for seed funding is common. However, this seems less like an organization that wants to help business get started and more like an organization that charges 6% equity to give you a meeting with some Angel and VC funding sources. Many of these investors are also likely at various start-up events that cost only a few hundred bucks. (See Speed Venture)

In the end, Techstars isn’t all bad; they’re just not representing themselves accurately. If you need $6k to get your company started, there are better places to get it. In the end, you’re not really getting seed money as much as you’re trading equity in your company for a few good networking opportunities.

I may be completely off-base here, and I’d be happy to hear from anybody at Techstars or their companies if I’m wrong.

in Rant. Comments

Blogroll

Recent Listening