Has this happened to you: login to your credit card site, only to be told you “need an activation code now”. That’s fine, so you get one via phone or email, enter it and go about your business.

You then attempt to login from home/work and it tells you you need an activation code for that computer too. Okay, not too bad, I can handle that… seems to make sense. I go through the process there.

But I go back to the first location and NOW it tells me I need to do the activation process again. I already set up an activation code for this - and since a lot of people access things from two locations, they should not have to keep creating activation codes whenever they use two different computers consecutively! Annoying things like this actually reduce security because users will try to find ways to circumvent them, and/or will be inconvenienced (e.g. not as likely in this case, but a more sophisticated user might set up a remote login to their home computer to get around this, thereby creating another large potential security hole). Silly stuff.

I posted a comment to Seth’s posting about what they’re doing with Facebook apps.

I can’t wait for the multi-platform aggregation plays!

love it. The BART subway system I use has implemented touchless smart cards for access - very convenient except for the problem that there is no allowance for parking validation! The current system requires you to associate your space number with your physical ticket in a validation terminal (before you could just type in the number but I guess that was open to abuse). So after getting 5 parking tickets for parking without validation, and being told the only solution is mailing the tickets back with a copy of my card… I left a note on my last ticket under the wiper. we will see what happens today…

Scraping makes a lot of things work — but I can also see the viewpoint of people who’d rather not have their site scraped. I don’t foresee apocalypse if this happens, I just think that the market helps decide who and why needs to be open to it depending on the value generated for the end user, and some mechanisms can arise for sharing that value… screen scraping is a special variant (not entirely the same point as the above piece) that still provides a lot of value and has allowed certain services like Yodlee’s aggregation model to work for more than 5 years now despite them saying they were moving toward setting up direct data feeds (too expensive and unnecessary when most banks started not complaining about it anymore since they weren’t stuck in that “this can’t be good because we can’t control the customer experience” mindset any more… or at least, not stuck in it as much as before). I have zero doubt we will start to see a whole new scraping holy war start again in the next 6 months… Greg’s post as a good start on thoughts here.

Root Markets’ San Francisco office is located, as many places of business in the US are probably now, roughly equidistant between two different Starbucks locations. One of my colleagues was saying he prefers to go to the “uphill one” (this is San Francisco, remember!) that is also slightly further away, probably about 25 yards further mind you. I have tried both and found the uphill one to be smaller, but slightly less busy on average with concomitant lower average wait times. But this got me to wondering (as I often do while waiting in line at Starbucks e.g. about queueing behavior) about what the quality of the people who work at the various locations might bring to the equation.

I’m guessing that on average the baristas that work there are fairly similar but that it probably comes down to one or two good or bad experiences, and then you might fix into a pattern from which it is difficult to deviate from. You “decide” that one location is better than the other and it then becomes hard to dislodge that decision. Starbucks reportedly schedules employees work hours in such a way to make sure that customers see the same baristas at their regular hours and so builds this relationship… and certainly it is nice (if I were to order anything fancy, which I don’t) to have someone recognize you– bring the “neighborhood” feel to what is essentially a generic location. But really, it is something that’s very sensitive to initial conditions. I’m fascinated by this notion of many people doing the same job in different locations, near (as in the case above) or far from one another, and seeing how the results might compare.

For the record, I’m completely indifferent between our two locations… I’m just waiting for a Peet’s to open up

The Amazon Mechanical Turk — mundane tasks as a web service! Bizarre and intriguing in that Amazon-kind-of-way. Found out about this from Greg Yardley of course.

Sometimes I have to go back and catch up on some of the reading I missed when I was busy actually getting stuff done here at LinkedIn. Makes me wonder how people can do all this blogging and still get things done - never enough hours in the day. Anyway, at the risk of losing what little street credit I have left: In this case it was a great essay about AJAX (Asynchronous JavaScript + XML). Yes, things like Google’s new stuff, Flickr, some A9 features etc.

Sorry, for now I have had to disable the comment functionality due to comment spam. If you want to share your thoughts with me, email me at rleathern at yahoo.com and I’ll post your ideas here.

New York Times, The Lure of Data: Is It Addictive?:

“ACCORDING to research compiled by David E. Meyer, a psychology professor at the University of Michigan, multitaskers actually hinder their productivity by trying to accomplish two things at once. Mr. Meyer has found that people who switch back and forth between two tasks, like exchanging e-mail and writing a report, may spend 50 percent more time on those tasks than if they work on them separately, completing one before starting the other. As a result, Mr. Meyer said, businesspeople who multitask “are making themselves worse businesspeople.” ”

I know I have a lot of half-finished and almost-begun documents, projects, thoughts and ideas that litter both my brain as well as my laptop computer(s)…

It’s been quite some time since sites like Yahoo! started throwing up roadblocks to automatic email account generation by forcing the account creator to read symbols and type them into the computer. Providers of WHOIS databases like GoDaddy similarly have made it difficult for automated crawlers to go through the database pulling down names, email addresses and phone numbers for later spamming. Other examples abound, but in order to prevent legitimate Web business as well as personal applications from grinding to a halt, we will have to keep a close eye on what I call R.A.I.D.: Repetition, Automation, Inference and Distribution

Repetition: As networks spread (whether they be the use of the same software, payment processor relationships or common business practices) they create favorable economics for bad actors to repeat the same intrusion/compromise attempt’
Automation: Subtly different, once an open door/loophole is discovered, automatic software can be set up to repeatedly infiltrate and exploit that loophole.
Inference: Guessing that I may choose first initial.last name at yahoo for my email address, guessing that I might use the same password at your honeypot sweepstakes website as I do at my Citibank bank account, making inferences and playing on inherent human foibles like laziness, those of ill intent can figure out how to gain access, annoy or compromise.
Distribution: The hard edge of ubiquity is, of course, that not only is everyone (in the world) one step away from your products or services but also everyone is one step away from your (dirty or otherwise) laundry. Attacks can come from anywhere, at the same time.