Monthly Archives: July 2007

What’s the fuss about XSS

Computers, Web 2.0, Web Development July 27, 2007 1 Comment

XSS stands for cross site scripting. Another interesting acronym is Cross-site request forgery (CSRF). All in all, what most of you should think about is that for web sites that are written without security in mind, or that simply have a bug, you can possibly infiltrate code of your own as an outsider. A good example of this would be the MySpace Worm which enabled the creator to have somebody who visited his MySpace profile, automatically add him as a friend. Additionally, that person automatically added his little code to their profile, automatically making all people that visited that persons profile the authors friend again.

So let’s see how long it took him to get a few friends. He included a little bit of code on his profile when he had 73 friends, an hour later somebody looked at his profile (1 more friend, bit more code on that persons page), 7 hours later he had 221 friend requests, one hour later 480, then another (he since accepted the 480 ;) ) 561 another hour later, … 3 hours later 2503 friends and 6373 request; 5 hours later 2503 friends, 917084 requests, a few minutes later over a million friend requests.

Now that’s really fun. I mean nobody was hurt. But what follows next can be just a small little addition to that little worm, or an add you see, or a forum posting, or an article, … .

As seen in this article that has just been published, entitled U R Insecure – how URl exploits are changing the webappsec landscape, you can at this time on firefox, or ie, or any other browser really as long as it is on windows, infect the file system. What does that mean again? It means that provided I have somehow been able to inject code on a web site you are visiting, I can open a command prompt on your machine without you noticing, download a small application, install it, and then can do virtually anything to you. What could that be?

  • I delete all contents of your hard drive (actually don’t need the app for that)
  • I turn of your computer
  • I scan all network drives for a file with “financial”, “next”, “quarter”, “confidential” or something mixing those (of course then sending me those files)

Just to connect this again to the MySpace Worms. Within a few hours I’d have turned off a million PCs, or scanned them for confidential material. You will by now come up with your own ideas. The thing is that the door is wide open because a system in browsers allows you to open another application. There might be a joost:// prefix on your machine and Joost might be insecure (not saying it is!) and I embed a link that will open joost://something that will again give me access to the file system.

This is not posted to make anyone afraid, but it should alert us all that this Web 2.0 idea, and all the JavaScript usage, doesn’t make things easier. We can’t just bang out an Alpha release of something without some idea of security. This is possibly getting dangerous and we need to be aware. With suddenly being able to get online apps offline the problem will only be bigger. We can write great apps that run in a browser and I am looking forward to more cool things coming there, but keep in mind that it’s not all as simple as it sounds. Imagine this working on the iPhone (I am not aware that it is). I’ll just call a few numbers and you are broke and I am rich.

Review: Wacom Bamboo as mouse replacement

Computers July 27, 2007 1 Comment

Yesterday I got my new Wacom Bamboo, a tablet that is ment to be a mouse replacement and I have to admit that it actually is. The biggest switch seems to be that I need to get used to holding a pen in the left hand and moving around on the screens with my left hand, instead of with my mouse on the right. At the moment I actually have both sitting at my laptop which is cool. I am missing the scroll wheel a little bit which is kind of there on the tablet but still a bit weird.

There are actually two settings you will have on the Mac if you plug it in and install the driver. One is for Ink and the other one for the Wacom Bamboo configuration. There you can configure the 4 special buttons on the tablet and the two buttons on the pen. The cool thing is that you can set these buttons to full keystrokes, meaning that the buttons FN1 and FN2 on the tablet are copy and paste (Applekey + C or V) and the top button on the pen is Apple+W which closes the active window, cool for using the browser. I might come up with other wonderful key compinations. The other keys on the tablet are TAB and Ink On/Off and right click for the second key on the pen. It is working pretty well with these kind of keys.

Another important setting is whether you want to use the tablet as a mouse or pen. I am using it as a pen meaning that the surface of my tablet kind of is the surface of my two monitors together. Tapping top left, will put the mouse top left on the left monitor, then top right on the top of the right monitor. The cool thing here is that you will get used to the Bamboo and the size ratios and slowly but surely know where to move the pen to have the mouse where you want it to be and that is a real time saver.

There are also some nice smaller things. I open GMail, click a mail, tab the one key on the tablet to enable ink, draw a Y on the screen and boom the mail is archived. Now that is wonderfully easy. I will have to play a bit more with Ink to really get used to using that one.

All in all I am starting to get really happy with using a pen instead of a mouse. That’s really what the tablet is built for. I having drawn with it yet but it might actually be too small for that. But more posts on playing with Ink will likely follow.

Tacoda goes to AOL

Advertising July 24, 2007 Leave a comment

What do we hear there? TechCrunch alerted me that AOL seems to have bought Tacoda. The New York Post is talking about it too, citing prices between $200 and $300 million. the NYP article was actually linked right from the Tacoda Homepage. :) We had some turmoil some weeks ago in the ad server market and AOL only got the small player in AdTech (not the conference, the ad server ;) ) And now it seems like they got themselves an ad network. Actually it really goes into the behavioral targeting world, about which  Jeremy Liew has some good thoughts.
The thing is though that this might hot up the behavioral ad market too.  It is important to note though that Tacoda also is a network, even though I am not sure how the network is booked, e.g. do they get the rests from publishers because they can monetize them better (Update: seems like it.), do they pay fixed up front and hope to make a margin, or are they first choice and simply really pay more. AdWeek has a good article on behavioral ads, in that they might even click worse, but have higher conversions afterwards.
The thing is that AOL already has advertising.com, and they are a network of sorts, and I don’t know what Tacoda ads to the equation. The thing is that some big publishers might cancel their relations with Tacoda due to a possibly buy from AOL. We really need an independant player in that market.  wunderloop might be one (Disclosure: Michael Kleindl is Chairman of wunderloop and Investor in Ormigo) or nugg.ad.
One thing is important though. Whoever gets to see people on niche sites, gets to target them on the big non-focused sites. So I might agree with Jeremy that that is the really important part for the behavioral market guys. Happy to learn more.

The Facebook Misunderstandings

Business, Investing July 14, 2007 Leave a comment

People are going back and forth about Facebook but there is one little misconception in the discussions going on. A good post comes from Scoble that highlights the good sides of Facebook. And it is really what the ultra pro gang likes to heard. Facebook is amazing, the widgetization will continue, Facebook will grow without end.
I actually don’t think anybody tries to deny that. What people are disputing is the valuation part of the entire thing. Valuations on the stock market depend on revenues and profits. Otherwise it is hype, and that is what we had in the first bubble and as soon as that hype entered the normal stock market, real people got hurt because they invested in beliefs.
To take a look at the other side you should read this post which talks about a 2008 IPO. The thing most interesting in there is the calculation that Microsoft promised some revenue to Facebook due to a 2006 deal they did. This might be the source of the main revenue of the $100 million Facebook is talking about as revenues for this year. Google’s amazing growth engine has a Price to Sales multiple on the stock market of 14. This means that even at $100 million of revenues, with amazing growth, Facebook shouldn’t be more valuable than $1.4 billion now, with growth factored in as in the case of the Google stock price. Now think if Google’s expertise and business model is something where you can understand that revenue and profit growth will come. Now think about Facebook. The metrics are not as clear. The upside is good but nobody out there has proven it yet. That’s like investing in a start-up and that shouldn’t be something unexperienced people do.
This is what some people think is nuts, and I have to admit I am one of them. $8 billion is just too steep, unless somebody buys it that really needs the expertise and entry into the web area and has an amazing sales team to make money of the site. Let’s see what happens. I have obviously been wrong before.
Update: Of course if they would IPO, then long term it might end up at several billion USD, hence the idea of the IPO. I wouldn’t sell either … but not for the valuation part but simply because Facebook might become a real company with long term potential.

Further Facebook Monetization Problems

Advertising, Business July 12, 2007 Comments: 2

So Facebook is worth $8 Billion. I agree it is worth a lot and it can be something that is very powerful in the future. I actually believe it will. But the $8 Billion are surely not based on current revenue. They had 15.8 Billion Page Impressions in the last month. Let’s presume they have all available inventory sold. Judging by this post they would make $2.6 Million a month, so $30 Million a year, meaning $8 Billion is a price to sales multiple of 266! And if you take this post, then you will start to wonder if they are fully booked because the ads do not really work well.
I remember the old times when monetizing discussion boards was hard and social networks are similar. People are just not there to buy something but are there to interact. Facebook can probably make good money on strong branding campaigns (needs to be something more than banner ads), and have a good revenue floor with CPA deals, but making a billion or two in revenue in the near future seems unlikely.
Just presume the traffic from Facebook converts amazingly well (which as I hear it doesn’t), so you have a lead rate of 10% on a lead campaign where you make $30 per lead. Then 100 Clicks makes you 10 Signups and hence $300. At the 0.05% click through rate that seems to be average on Facebook, that means you need 200.000 ad impressions to get those clicks. You could then spend $1.5 CPM to not turn a loss. Based on other numbers, the CPM is more at $0.17, meaning that the lead rate is more at 1%, which seems likely.
The cool thing is though that you might, through the exploitation of Facebooks Application Platform, keeping people on the platform with the ads, fostering more trust, embedding conversion there, … increase your conversion … then it gets interesting.
So will they be bought under $8 billion? Nope. The potential is there, it is just not clear yet what it is. With Google it was different, there was real revenue there and real reason why it would grow.

Social Viral Commerce and the Leads Business

Advertising, Business, Web 2.0 July 12, 2007 Leave a comment

I once again strolled over to Axel’s blog for something and it reminded my that I wanted to write something in reply to his Viral Social Commerce posts. With just having finished a bit of planning to get the current sprint done and the next one spec’d I thought it’s a good time as any. :)
First of all I really like his postings in general, and these two really rang a bell as they are so clearly linked to what we do here. Let’s take one specific part:
Even more market volume may be created by opening the advertising market to new segments that, until now, had a high cost barrier towards advertising, for example in the Long Tail of smaller and mid-sized companies, or in niche markets which had to rely on direct marketing because there was no medium for them to address at sales efficient cost on a large scale.
I agree with him that user generated content companies have a different cost structure and might hence be able to live on lower CPM advertising than a big old-school publisher. This lower CPM advertising can then also come from smaller companies, but the problem that comes in there is that smaller companies do not have the resources, or knowledge, to run web campaigns. It’s just not their business and shouldn’t be. Above that several millionen small business can’t talk to agencies to handle their advertising buying. It needs to be easy, understandable and with measurable performance. And if you do it right and target it right, it is actually far from lower end CPMs. The last bit is where he also agrees.
on-demand fully trackable horizontal niche long tail CPA advertising
[...] My point in this Blog post is that there have to be, and there will be business models beyond advertising and they are starting to emerge. Essentially these will be transaction based and will be centered either around the handling of goods in an e-commerce sense (that is already being seen in a number of start-ups) for example, by itravel, but there will also more and more be transaction platforms centered around services, much in the sourcing logic mentioned above.
Hell yes. The thing is that the trackability of online media really allows for performance based advertising. I started an internet statistics company in 1996, so I do love statistics. :) But where does this lead. Facebook will convert a lot worse on a CPM basis than some other big publisher, but I will not have to negotiate deals with Facebook other than a revenue share and targeting systems will make sure that the right ads run at the right time and in the right place. Through the CPA model I move from an advertising channel to a sales channel and the budget there is a lot different. Above that, it is understandable for smaller publishers. I get the contact data of somebody interested in my services. No need for a web site, adwords campaign pro, SEO, campaign management, Flash Ads, … . All taken care of.
There is still one problem though, millions of small advertisers. That is where another strength of the internet comes in, aggregation. There might be lots of different small advertisers but many times they can be aggregated around services and they themselves serve only their local market. This is what Ormigo does. We give small advertisers a way to attract new customers in their local market, and aggregate them to become really powerful marketing force with real budget that is relevant even for the biggest players out there. Especially for services this is possible.
In his next post he goes into a bit more detail.
So cutting back on Web 2.0 technology by seeking not a mash-up of all the functionalities that happen to be the talk of the town and instead looking for ways to create real value with Web 2.0 technologies requires, first, an analysis not of Web 2.0, of these technologies or even of the Web 2.0 early adopter crowd.
This is something I have been repeating for a long time. Most of these Web 2.0 features, be it social networking, tagging, user generated content, … are features, not a product in itself. You have to address a need, help somebody that has a problem, and sometimes, some of these new capabilities will allow you to do just that a lot more efficiently. People are wondering why we are becoming a social network, and I can only tell them that it’s a side effect. We help local merchants get new customers, and that leads to social interaction, and that leads to more customers, and more knowledge, and better matching of clients and merchants. That is also why social networking capabilities have not been our first step, and are still under developed.
Marketing then becomes not just a communication task but becomes much more a framework for the company’s role as the
host of a community of customers.
Good words to end this. The achievement is reaching an equilibrium between users, customers and publishers. For us, a potential field to achieve this is the local market. It’s interesting for all three and Web 2.0 enables clear benefits for all. Standard ads are just a start. Much more can come from this. As others have said, Web 3.0 will be about agents, among others. Interesting times ahead.

Love for Geeks

Business, Web 2.0 July 9, 2007 1 Comment

You have to have Love for Geeks, partly because they love Apple and hence love the iPhone. Bill Liao from Xing is one of those people and now he posted about having his iPhone here in Europe. Having made some money down the line, surely helps to cover the cost of constant roaming, but hey, I still have to thank him.
For some time, one of the main features I wanted from Xing was an export of all my contacts as a vCard to import into the Apple Address Book. Now Bill got his iPhone and wanted his contacts on there, hence, diverted a few development resources and now in your Address list on Xing you have a small little button that says “mobile export (iPhone) …”. What that thing does is export a vCard of all your contacts, which again, easily imports to my address book. 312 Contacts imported, 149 duplicates will be updates. Kick ass! Thanks Bill for getting an iPhone :)

Google Acquires Postini

Business, Investing, Web 2.0 July 9, 2007 1 Comment

Google seems to hit them when and where you don’t expect it. Now they have acquired Postini. What I really like about the Google acquisition strategy is that it does not seem to be fueled by hype but is a real long term strategy. Let’s look at the last few Google acquisitions starting 2006 as I feel like it ;) :

  1. dMarc Broadcasting for radio ads … ok, they want to do radio ads and they did not have the radio experience, so it’s a non brainer.
  2. Measure Map for Blog analysis … they are building out Google Analytics so it was probably for the team. The analytics part just gives them oodles of data.
  3. Upstartle for Writely … they need an online office for their entire Hosted Pro scheme. This was well before the pro part of Google Hosted came out.
  4. @Last Software for SketchUp … must have been cheap … at least I still can’t use the software but ok, I might not be the target group ;)
  5. Orion for advanced search methods or rather for a cool algo by Ori Allon … so “team” buy ;)
  6. Neven Vision for image search typ things and more research power.
  7. JotSpot for the entire Google Hosted push … it’s a really good wiki though awfully slow at the moment.
  8. YouTube … probably also knowing that you want to integrate videos into search and then you’ll send oodles of traffic and hence want to own the site anyway.
  9. Endoxon again a team buy of a team of experts in mapping in Europe.
  10. Adscape for video game ads … everyone wants to have something in there. Better than hiring a team.
  11. Trendalyzer … ok just watch Hans Rosling perform (and I mean perform) at TED and you know they just wanted to make sure he can continue his research. Hans now has a video blog via google :)
  12. Tonic Systems is a presentation software to complement their Google Hosted tools.
  13. Marratch is for video conferencing which again helps the hosted part.
  14. Greenborder is about entireprise desktop security.
  15. Panoramio is a geo photo sharing thing and if they want to move local it’s good and again the same thing as YouTube, if you are sending tons of traffic there anyway …
  16. FeedBurner … something lacking in their stats was RSS. There now.
  17. PeakStream … who better to buy something about parallel processing
  18. Zenter … ok, with Tonic Systems … this presentation thing seems to be hard ;)
  19. GrandCentral … I presume this is also a local advertising play, useful for their extensive VoIP number routing knowledge.
  20. Postini is again about security.

So if you look at it, they are buying stuff to complement what they need strategically, not really to have it make money for them directly. They need presentations, security, local ads, new markets/channels for ads, good teams, … . Really looking forward to seeing what they buy next. Up till now I do like it.
Update: Just saw this post on the Google blog welcoming the team from Postini.  Nice bit of information: Over 1000 small businesses sign up each day. We use it for some time now here at Ormigo and are happy with it. Good to see usage is growing.

Long Term Investment Strategy

Investing July 5, 2007 Leave a comment

Fortune recently had an issue about retiring rich, or at least rich enough to live happily ever after. There were lots of different strategies on how to invest, many by the big investment gurus out there. I have to admit that I read many books that go into great detail on the different strategies by the wise men cited in the stories, and you can learn a great deal by reading the books, only one methodology kind of rang a bell. This is something that Tom Gardner from Motley Fool called 6 supertrends … and 6 superstocks.
The idea is to invest in trends that you believe to be true. Real trends that will shape your future life. You can then obviously mix it with trying to find trends that are not really visible yet or possibly trying to find small under covered companies that will grow with this trend.
I have to admit that I was a long time member of Motley Fool and followed Tom’s and other Fool’s posting, also being very active on the boards themselves. The idea that Tom posts about in the Fortune article is something that fits very well with the long term strategy that Motley Fool is advocating. This really led to my believe that the stock market is something you can invest in, but not something you can play with. Going in and out of stocks in hourly trades or even monthly trades is nothing for me.
So what kind of stocks did I pick in terms of long term trends?
eBay: The company has a relatively secure main business that has still lots of room for growth. Due to the volume of auctions eBay is very hard to replace and same as Google’s profits are growing via optimization, I believe eBay still has a lot of room to grow through usability improvements and moving into other closely tied spaces. One of the big reasons was also their real banking on APIs and that those can be free and eBay still makes more money. That trend will continue for a long time.
Above that I do really believe in PayPal. It’s a bank that belongs to eBay and there are some very fine long term numbers playing in their favor. I expect a lot more on that front. Payment on the internet is a way forward and eBay is very well set up with PayPal.
Third Skype. Maybe they did pay a lot but again it is the “all my friends are there” phenomenon that will keep you locked in and with additional features and easier integration through their API knowledge, moves into the services market, direct local connections and the like, I believe that it can be a real winner.
It’s really three trends that play in eBays favor, a favor that will make it outperform the market in the long run.
Nokia: I probably invested too much during the first bubble here but am back well in the green. Sure they are having problems press wise in the high end with stuff like the iPhone but boy do these people know mobility. This does not mean that you hype everything, but with a paying suppliers later than getting their money, banking on platforms like cars, investing in Symbian as an OS, covering the entire spectrum from low to high end and still trying out new things like a tablet, blogging and more, I believe that if you believe that mobility is here to stay, and that we will be more mobile in the future, and that a very big opportunity is in 3rd world countries, then Nokia is the company to bank on. Sure a Motorola can have a one time Razr success, and sure others are making money on licenses. But I don’t know licensing, but I do know that Nokia will always be very good.
F5 Networks: Will we have more traffic on the internet in the future? Will there be more big web sites? Will there be more huge web sites? Will there be more encrypted traffic? Do companies want to buy something where they have somebody big to blame? Are they a if not the leader in load balancing, world wide load balancing, ssl accelerators, … and have they been small when I invested several years ago and undercovered? Hell yes! The stock performance tells the tale.
Apple: Buy the stuff you use. This is one of the cases where you just need to look around yourself. I am now up close to 300%, one of my better performers, and I believe that they will have a good future ahead of them. The thing is that design is a very important thing. Once things just work, design is really one of the very few things that will make your product stand out. And I always wanted a Mac. Suddenly Jobs came back and the Mac Laptops were not too expensive anymore. The iPod was the second hard disk mp3 player I bought and it was such a leap forward, just for the design and want to have factor.
They really know how to build great products, how to excel, how to really thrill people. The thing is that this is how the future of marketing will work. Sure you can market everything, but if you invest half of the money you want to spend on marketing into product development and get the product right, then the rest of the marketing budget will have a much bigger effect. This is what Apple has understood.
Genentech: Is medicine a research business? Is/Was Genentech still rather small? Yes, it was when I invested and I just felt that they are attracting the right people to be successful in the long run. Because in the end the right drugs need a good development team and a good research effort. This is what Genentech really excells at it seems. I have no way of looking at a drug pipeline and finding out which drug will make it and which won’t and how much money each can make, and factor that in. I think in the long run, looking at other companies, Genentech is bound to have some really killers out there. This is why I invested there next to a fund by Sal. Oppenheim that is managed together with several consulting companies in the medical business. The fund is really my general bet thinking that if several consultants decide on something, they can’t be all wrong (and history up till now has proven that idea right) and above that I have a bit of upside (I believe my long term downside to be limited) with Genentech.
Conclusion. I could be all wrong, but holding those for several years, buying in down time when I did not see the trend changing and still believing in management, up till now has been a good thing for me. Let’s see how they look after the second time the stock market tanks and comes back up again. I can’t play the market anyway, so I’ll just sit it out.

Installed Lijit for Search

Blogging July 4, 2007 Comments: 2

Thanks to Feld for pointing me to (his investment) Lijit. Feld already invested early in Feedburner, now belonging to Google (thanks for making the pro stats free by the way ;) ). Hence, I needed to at least give Lijit a try and I do like it. Install is easy enough, also on WordPress if you know a bit of HTML (tiny bit) and the Lightbox version for keeping search on your site is great. The entire idea holds great promise. If you search on my blog via the Lijit search it will first go over all my blog posts, then include things like Bluedot and my OPML file from my RSS reader. Not sure how it all ties together as it should take the blogs from the OPML file and include results form those pages, which I presume it does. Above that it has my LinkedIn connection and Xing connection (but I would probably have to give up my login credentials) so it can (theoretically in the future) look at my network and see which people I trust, possibly knowing their Lijit accounts … and the list goes on. Very cool indeed.

One short request: Please give me the code to just add a search box with GO at the end without the bells and whistles as I would like to exchange the search box at the top of the blog too. And there should not be any Lijit there and such. People will see it soon enough when they search.

Follow

Get every new post delivered to your Inbox.

Join 1,881 other followers

%d bloggers like this: