Contextual Series: User Engagement

In the second part of the contextual series, I will be continuing from where I left off last time with User Onboarding. I’ll be covering how to make your application relevant after the user has gotten past their initial experience.  The goal is to engage with the user in a way that will retain them and have them spend money.

The first few minutes of the user trying your product is crucial. In that short period of time they will decide whether they will uninstall it and move on or keep trying it out. But the next 30 minutes are also just as important. Like a drug, you want the user hooked to your product, you want them to feel as though they are dependant of it.  The most common way products get you addicted is through social engineering by getting you to engage with people you know. While it is something I would recommend each product would do, the product should be able to stand on it’s own even if the user has no friends.

Let’s assume that your product is capable of tracking a lot of data, including basic user profiles to narrow down their demographics and activity history. The data can be used to improve your analytics, determine business logic, and can be used to feed into your contextual engines.

Continue reading…

Is Lunarpages storing passwords in plaintext?

First of all, I want to state that these are serious claims. That what I am stating is based on my observations.  While I cannot confirm what I am saying is true, it is hard to claim the situation is much different than what I am stating.

Lunarpages, as I wrote in my previous post, has been my hosting provider for nearly 10 years. I’ve grown up from being that wacky teenager with limited technological understanding to now architecting and building infrastructure and development tools. I don’t claim to be an expert in any way and there is a lot I can learn.

Over the past year, I noticed some very shady things going on with my account. In part, my account was compromised at least twice where files were overridden. To this day, I still do not know how it has happened. But lately having to deal with support, I noticed a rather major flaw.  Lunarpages and it’s staff have access to your passwords in plain text.

To come up with the conclusion that Lunarpages in has access to your passwords in plain text comes from two separate emails I’ve received from them in the past week.  Frankly, I have lost all faith in them as a company.

Continue reading…

I’ve Implemented Two Factor Authentication

Over the past 24 hours, someone has been attempting to gain control of my accounts. I’ve received over 50 different emails for password resets and various services alerting me that someone is attempting to gain access to my account.  This very blog a few months ago was averaging roughly 5 login attempts per second. Over the course of a day, I was seeing nearly 450k failed login attempts.  I’ve implemented a series of features that would slow down and potentially block people from gaining access through brute force.  At the end of the day, it seems someone clearly wants to gain access to my accounts.

I’ve been living in comfort all this time without two-factor authentication, assuming my strong passwords, unique for each service would suffice. I still think these passwords are strong. But what if someone figures it one password through brute force? As far as I know, none of the attempts have been successful.  But it leaves me paranoid that they will keep trying until they eventually become successful.

Continue reading…

Must changing your default email be this difficult?

As you may (or may not) have read yesterday, I have been migrating my email services onto a more reliable platform.  In the process of doing so, I have been looking to change my primary personal email address from @cy-designer.com to one at @pelland.me. I don’t know if any of you have tried to change your primary email address, it is not at all easy.

Continue reading…

I’ve finally migrated my email away from shared hosting!

I’ve spent the better part of the day today working to migrate all my email accounts from my current shared hosting provider onto a more reliable Outlook.com. My shared hosting provider, which I do not wish to mention at this moment, but will in future posts, has been terrible. I’ve had emails disappear on me and in many cases my emails bounced. Of course when I contacted support with those issues, they blamed the sender for improperly typing the email address. Out of the dozen or so support tickets on the issue, not once did they bother looking into the issue.

Continue reading…

Technical Redundancy – A Crucial Business Requirement

This post comes in light of recent events in New Jersey and New York, hit by hurricane Sandy.  Like Katrina, it has been a very difficult moment and is nice to see people help each other.   Businesses too were affected by Sandy.  They suffered power loss or loss of hardware due to flooding.  Individuals and business alike will be changed forever.

While working for General Motors, I was given the opportunity to learn and work on disaster recovery and business resumption plans.  This included researching tremendously in something I knew little about.  To my surprise, a lot of horror stories came out of Katrina, many businesses effectively shutting down and liquidating.  These business owners having written about their losses, hoping that others would learn from their mistakes.  GM as you can imagine, has a significant amount of employees, business apps and data required to run day to day operations.  If the headquarters is hit by a tornado or blocked by disgruntled union workers, how do we ensure continuity as if nothing happened?  Working on the Disaster Recovery Plan (DRP) and Business Resumption Plan (BRP) was an eye opening experience for me.

Just to make sure I am not confusing anyone, DRP is a plan that is used to recover data and ensure that the tools used by the business are recovered.  BRP is the plan that is executed when the physical business local is no longer operable and requires setting up remote locations to resume business as normal.  Each business will have different requirements for resuming operations, including timelines and services that are crucial to operations.

I operate under the assumption that anything that can go wrong will go wrong and the edge cases, while rare, will also happen when you least expect it.  For instance, who knew that of all things, a CAW blockade would require execution for the BRP for GM?  Looking at Amazon over the past few months, they’ve had numerous large scale failures.  Sandy has caused major disruptions and forced multiple websites and services to shut down as the backup generators ran out of fuel.

I’ve asked many small and medium sized business owners to describe their disaster recovery process.  To my disbelief, most are unprepared or do not understand the severity of potential events.  I live in a world filled with paranoia, so I asked them “what if your hosting provider disappears tomorrow?” which is often followed up by a puzzled look. Amazon could never crash right?  What about pushing code to live the accidently purges live data?  Or even an intern who runs a query that deletes data?   Companies and developers are assuming that edge cases never happen because they pay attention and they can fix problems as they arise.  They need plans for when things go terribly bad, even if it never will.  I won’t try and claim that I haven’t made mistakes and that I have everything implemented, but I have the plans.  Now if I had money to execute my plans, I’d perhaps be in a better position to convince everyone to follow my lead.

Regardless of your situation, you should plan.  I won’t get into business resumption too much. Unless you have a decently sized company or a corporation, you won’t necessarily need it, your developers likely could work from home and be as productive as they are in the office.  If you operate under VPN and have a variety of services in house, then you will more than likely need a BRP.  I may get into that for another blog post if I get requests. Plan the implementation of the DRP as you get cash and the scale of which you deploy this plan.

Continue reading…

The Age of the App – Get With the times

It is no secret that our governments are as slow as molasses when it comes to truly helping citizens. Need help getting a hold of the city to fix a water leak in your basement? In the past you’d call 311, surprisingly, that hasn’t changed much these days. However, given the internet age, you can likely jump online or onto your smartphone and find an app that can get you the help you need. This begs the question, why do our governments need large teams staffed to handle those calls when an app can do the same work?

Don’t get me wrong, I think it is great that people are employed to support services like 311.  This post isn’t about spending money. I am not in any way a staffing / financial expert and will stick to commenting what I know, which is technology and building / managing this technolgy. My question is whether we can improve the government’s efficiency and open up the services to even more people.  The majority of government sites I’ve used were impossible to navigate and at times lacked consistency.  In most cases, app developers are focused on usability and UI that I don’t tend to complain as much.

Continue reading…

Pelland.me now with Open Graph “Read” support!

As of today, pelland.me has been upgraded with the ability to keep track of all the articles you read. I’m looking to add some more actions in the near future and make the actions better associated with the interactions you are performing in this blog. To start, you only need to Login with Facebook.

If anyone feels I should post a tutorial or perhaps a plugin for this, let me know in the comments.
Continue reading…

Digitizing CDs and the cure to my musical madness

Since I’ve started using Spotify, its made me want to discover music again. Whatever the music, new or old, I wanted to hear it. I’ve always really loved music, but over the past few years, work and hobbies have taken over and I have been unable to really go searching. Spotify has allowed me to to find some tracks from artists I liked that but never heard of, also helping me find tracks from artists I’ve never heard of.

The one thing I noticed was that I found myself going back to artists I used to listen to, used to love. I have over 100 CDs of various artists. Anything from soft rock, rap, hip hop, rock, punk… I seem to be all over the place. The only thing I seem to dislike is country, unless of course its Taylor Swift. Spotify guarantees 320kbps bitrate and my library is mostly lossless. The music sounds awesome on my Onkyo system.

One thing about me, is that music opens up my mind and makes me more productive. Now having over 8000 tracks locally and access to likely hundreds of thousands more with Spotify, my music cravings are now satisfied. I can’t say I need to listen to a song more than twice anymore! I guess this means the next few months may turn out to be interesting… I think it will be.

And if you were wondering, I am currently listening to the Blue Man Group’s I Feel Love. I love this band’s innovative instruments and sounds. Mind you they are more entertaining to watch, but their music still sounds great!