Thursday, January 31, 2008

Why Starbucks Loses in My Book

Why does Starbucks lose? It isn't because they don't make as good of coffee or that they have sanitized out the whole coffee house experience. If it isn't for any of the reasons why do they lose? Well I am going to show you...


and

Now how cool is that? The barista at my favorite coffee haunt did these when my girl and I went in earlier this week. I have never seen this before and I thought I would share it. We didn't see anyone else at the coffee shop with these, although I doubt we are the first people to ever receive something like this. However, it is times like these that even though this place is a bit expensive it seems worth it.

There is a good marketing message in this. It is something other well known people have said time and time again. Which is make your customers feel special/unique (at least part of the time) and the experience of where you go does matter. So, if you are in business keep that in mind? How can you draw a face in your customers coffee cup so they will feel special?

Labels: , ,

Monday, January 28, 2008

The Effect of High Energy People

Recently I have been in a funk at work.  I get there and just kind of get some stuff done but I really just don't care how it goes.  However, last Friday that changed.  I met with a person whose name was J.D. Meier who also works at Microsoft.  We talked about life at MS and how it differed greatly depending on the team and the organization you are in.  We also touched on how he approached work and life.  

One idea I was left with after talking with him was that to maintain high energy you need to have one of two things (sadly neither were bucket loads of caffeine).

1) People around you that are high-energy and positive (i.e. not clock punchers)
2) Projects that you are energized about and wanting to jump out of bed (or not go to bed) so you can work on them.  

If you don't have one or both of these things the job can start to suck the energy you might have for other activities outside of work.  So, you need to find those people or projects so that energy is more plentiful.  This made me realized I was missing one of these elements which I believe was leading me to this funk.  Thankfully J.D. is very high energy so I am feeling mucho better and don't feel so "blah" after sitting in my "prison cell" (drop by my work sometimes and you can look at the cement walls with me).  

Maybe next time if you are ever feeling down and not motivated a high-energy person or a project you are actually interested in is what you need.  

Well back to work I go!  

Labels: ,

Sunday, January 27, 2008

The Application Security Silo

People get used to a certain way of thinking and accepted "truths" when they are around a certain set of people. I have seen this time and time again and of course I have fallen into it myself. I have always heard this being called "being in your own bubble" or being in a "silo", hence the title of this post. Recently I have been thinking that the application security industry is very much in its own bubble.

Don't get me wrong there are a lot of bad bugs that can and have been found. I see value in people finding these types of bugs - of course since that is my job and I still want it - but how severe these bugs are seems to get inflated inside of the industry. This is one reason why I think business people don't always take the security industry seriously. Lets take a specific application as an example, in this case I am going to focus on Wordpress.

To give everyone a short background Wordpress is a well known and well used piece of blogging software. It is widely deployed and very popular.  However, this piece of software is very insecure at least in the eyes of the application security profession.  There is even a site focused solely on Wordpress security, this site is ran by people who know quite a bit.  But yet even with this Wordpress still stays popular and keeps being used.  Why?  There are better alternatives.  The blog-o-sphere hasn't imploded because of this insecure software and the biggest issue is with spammers.  So, with all of these bugs and the software being "insecure by design" why is it still being used?  Because it works and the chances of your personal blog being attacked is pretty slim.  Sure there are bugs and if someone really wanted to they could cause pain to a Wordpress user.  But here in lies the rub, it is a common belief that any piece of software has big enough holes that if you are doing a targeted attack you can get the person, period.  It might take a bit, but it is possible.  I am sure there are exceptions to this belief but so far I have not found one.  

The only reasonable goal people have for software is just to make it more secure than alternatives so attackers attack the easier targets :).  However, it seems odd to me that application security people really get into how a bug can be soooo dangerous yet it rarely gets used or even more likely they find a bug say it is really dangerous and in the end it just isn't.  I guess my main point is this.  
Application security people are like Chicken Little's always saying the sky is falling when it isn't.
Sometimes the sky is really falling, however, most of the time the bug is small and is best used in very targeted attacks and most people are really not important enough for that type of effort. Although I wonder if anyone ever tries to take over the President's computer or what happens when he gets malware :).  

Labels: ,

Friday, January 11, 2008

Good post by Hugh...

I try not to link to posts but this post by Hugh Macleod requires me to make an exception. You can read it here. Why am I making this exception? Because I think it is a really good post and I usually like his cartoons.

However, one point I am starting to realize that he doesn't make. Is that it is good to put your head down and work hard but if no one knows your work or rather if the "right" people don't know of your work it basically didn't exist. Granted now in this ever connected world it is a little easier to stand up and shout "hey look at this cool shit I am doing."