The Diablog - it's Diabloglical™

Is it the way of the future, or is it a fad?

– Robert Kruger

29 October 2009

Running a successful business often means being a student of history. When laying a course for the future, consider who else may have faced a similar situation in the past.

Adopting new technology is an area that challenges many business owners. Sometimes, an industry can be strong for years (or even centuries), and then it goes so far out of fashion that it never returns. At other times, a fad comes along that looks and feels like the next big thing, but it burns out, and businesses that feared the end was near ... survive.

I have an example, but first I have an apology. I am remodeling my kitchen (while living among the mess), so I apologize if my perspective is skewed. My example is nails. I've seen a lot of them lately, so I did some pondering and a bit of nine-finger research (avoiding my sore left thumb). The history of nails is interesting. Mentions of hand-made nails go back thousands of years, including in the Bible. There were two areas of specialization in the making of nails, Slitters, who slit sheets of iron (and later, steel), and Nailers, who forged heads on the slits of metal made by Slitters. As the industrial revolution replaced countless hand tasks, Slitters were replaced with machine-slitting and wire-making. For a while, Nailers still put heads on machine-made nails, but then someone invented a machine that did that, too.

Consider the plight of the mid-nineteenth century Nailer. Putting heads on nails may have been the family business for many generations. Some probably thought, "Hand-made nails will always be better than the machine-made ones. These machines are a fad." That proved to be a bad business strategy. Nailers who saw the industrial revolution as a paradigm shift in manufacturing, not a fad, moved out of the hand-made nail business into something that was not threatened by the industrial revolution.

So how do you tell if something is a fad or a permanent replacement of an established technology? Here are some of my observations.

1. Is everyone suddenly talking about the Thing? Fads are commonly popular across the entire population and erupt quickly.

2. Is the Thing marketed to or accepted by a specific group? If the Thing is a business solution, it may be valued more highly than a consumer Thing. If the Thing appeals to a specific section of the consumer population, they may heroize it or absorb it into the group's culture. Rap music never went away, no matter how many stodgy music "purists" claimed it was a fad. Apple Computer found a stronghold in the graphic design and music industries, thwarting the wishes of PC-users.

3. Can you see how the Thing will make (or save) money in a recurring way? The Pet Rock made money, but there was no opportunity for opening a steady revenue stream. People who thought it was funny bought one, and people who didn't, didn't. Then it was done. If a Thing can make steady money, it is much more likely to stick around.

4. Is the Thing popular because it's cool? If the buzz is all about how cool something is, it's more likely to be a fad than if the buzz is about how the Thing is improving the lives or the businesses of adopters.

5. Do adopters of the Thing make room for it in their lives, or are they replacing something with it? Fads commonly are a distraction from the things people need, use, do, etc. If it can replace something useful or important, it is more likely to become permanent.

If change is affecting how and where your business operates, you need to decide how to respond.

1. Capitalize on fads if (and only if) it makes sense for your company. When the 1,000,000th Beanie Baby sold, The Vermont Teddy Bear Company may have been discussing damage control, but McDonalds was planning a new Happy Meal campaign. However, don't jump on every band wagon. If the connection between your company and the Thing is a distant stretch, you may be perceived as desperate.

2. What seems to be a fad could become permanent if no alternative appears. If some Thing is threatening your business, look for ways to outmaneuver it. Do not simply wait for it to go away. In the 1970s, CB radios became very popular. Today, CBs appear to have been a fad, but at the time, people were pondering the possibility of a world without telephones. What really happened to the CB craze? The telephone industry responded with a better portable communication solution.

3. Not every new Thing will affect your business, but some things will. Just because everyone is talking about the Thing doesn't necessarily mean you have to change what you do. However, don't dismiss the new Thing as a fad without considering if dismissing it has the potential to hurt your business.

I encounter this last point fairly often as part of our internet consulting business. While it is rare to find a business with no website, it is surprisingly common to hear business owners dismiss emerging internet trends like SEO or social networking as unimportant fads - something their customers don't care about.

This current generation of the internet has proven itself. It is not a fad. Businesses make money with it, day after day. It has effectively replaced brochures, telephone directories, road maps, cashiers, magazines, and on and on. Companies who understand that websites can create a personalized experience for each unique visitor are beating competitors who sit around waiting for their website to send someone to their phone. Dynamic, data-driven websites with flexible and ever-changing content are the future of business. If you're happy with a website that just sits there, go back to biting your nails.

Hey! Where is my commercial printer?

– Robert Kruger

20 October 2009

I enjoy ebay. I even use ebay. Beyond actually buying and selling, I like to visit ebay just to look around. I tell you that I'm a fan so I don't seem overly negative with the observations that follow. Ebay is the combination of a garage sale and a clearance outlet. If I was trying to be the next Andrew Wyeth, and I found one of my original paintings on ebay, I'd probably switch to house painting.

It's interesting to me how ebay is a barometer for what is current and what has lost popularity. I recently sold a $9000 (new price) 4x5 film camera on ebay for $300. Why? No one wants to shoot film any more. We've moved on to something better - digital cameras (a public sentiment, not an absolute truth!). Film cameras, even professional ones, are novelties. TGIFriday's is probably buying them up to screw to the walls of their restaurants.

You know what you can buy on ebay these days? Sheet-fed offset printing presses. There's no more need to debate Heildelberg vs. Komori - buy one of each. I just saw a 6-color 40" Komori listed on ebay for the price of a nice car (or make an offer!).

Fifteen years ago, when the internet was just beginning to make waves, the buzzword was "paperless office." Every tech-oriented publication included at least one article about how paper was dead. After a few years of reading "paper is dead" in paper-based communications, we all began to doubt the veracity of the paperless office story. Perhaps the concept was still gaining momentum.

I have a theory about what's going on today in the printing industry. Small businesses are historically late adopters of new technology. If you miss the melodic whine of a dot matrix printer, go buy something from your local auto parts store. In 1995, the internet couldn't make much impact on a business that didn't own a computer. Today, small businesses have caught the internet bug. The value of a dynamic website and electronic communication is now apparent to millions more business owners than even a few years ago.

I believe that the specific shift has come from an understanding that websites can be easy to revise and update. That is the inherent problem with printed collateral. If a business prints a brochure, they have several options: print a small quantity of brochures (message can be updated fairly often, high unit cost) or print a large quantity (low unit cost, but inflexible message). If a business opts for the lower unit cost option, they either resist changing their business to stay true to their communications, or they allow their business to evolve and accept that their brochure will be less and less effective.

Just a few years ago, many business owners had the perception that websites have the same problems as printed materials - expensive up front and quickly lose relevance. They were surprised to hear about tools like Dialogs that make websites affordable and easy to update. That doesn't seem to be the case anymore. Today, site owners are shopping for Content Management Systems that include all the features they need to consolidate their communications activities. As more businesses understand that an easy-to-update website does not have any of the downsides of printing, the printing industry in general loses market share.

I have heard about more commercial printing companies closing this year than any other time in my professional career. Printer reps I know who have been selling printing for decades are looking for sales work in other industries. This trend should be a wake-up call to creative agencies that focus on ink-on-paper work.

If you don't take my word, look on ebay. If that doesn't do it for you, look for a Speedmaster screwed to the wall in your local Friday's.

Securing sensitive data.

– Charlie Brown

13 October 2009

If I steal your web server how secure is all that encrypted data on the drive? The answer is usually "not at all". That's because the all-too-common method for encryption in web applications also stores the decryption key, unsecured, on the same server. Get the server, get the key. Get the key, get the data. It's that simple. The argument in favor of this method says that the key has to be there for the server to encrypt the data. Perhaps it's a coincidence that it's also a lot easier, and, speaking from personal experience, programmers are lazy by nature.

So that begs the question, "Is there a way that would keep the data secure even if the attacker has full access to the server?" Yes - and it's not new. It's just harder than the one-key-fits-all method. You have to blend one-key (Symmetric) encryption with two-key (Public Key) encryption.

Encryption:

1. random 256-bit AES key generated - 128-bit is plenty strong enough, but hey, why not?
2. random key used to encrypt the data
3. RSA Public Key is used to encrypt the Random Key
4. both the encrypted data and the encrypted key are stored in the database.

Decryption:

1. login pass-phrase is strengthened into a 256-bit AES key
2. strengthened key is used to decrypt that user's RSA Private Key
3. RSA Private Key is used to decrypt the AES (Random) Key
4. AES Key is used to decrypt the data.

Note that although the encryption key is stored on the server, it is encrypted and, more importantly, cannot be decrypted using anything on the server.

Since the whole decryption phase is kicked off with the user's login pass-phrase, an attacker would have to have that in addition to the encrypted data in order to get anywhere.

Most new PHP installations have everything you need:

• mcrypt-encrypt
• mcrypt-decrypt
• openssl-public-encrypt
• openssl-private-decrypt

If you're collecting sensitive information on your wesite (or websites that you've developed), you should be securing it properly. If you are not, or are not sure, give us a call. Let us discuss with you how Dialogs can empower you to securely work the web.