Innovation in Software

This morning I find that bastion of journalism Valleywag (please note sarcasm here), has decided to lay into Marissa Mayer the VP who oversees Google’s core search business. Their analysis of her comes down to this:

• She seeks publicity
• She has influence in the company at a senior level
• She dictates the style of web pages without a style guide
• She is a perfectionist over candidate selection
• She points to athletics as part of her life but her times aren’t great

And then… well, this:

“Did she really mean to invite media scrutiny of her athletic career? What’s really telling about it: In the handful of times where Mayer has competed on her own, without the backing of a billionaire ex-boyfriend and a pliant boss, she has proven to be an outright failure.

At the beginning of the piece, Mayer once again denies rumors of her impending departure from Google — rumors which Valleywag first reported. Perhaps she has realized that without Google, she’s nothing. Can you blame her for clinging to her job?”

The vindictive tone, the over-arching sense of misogynistic snobbery is just astonishing.

Let’s take another figure within the tech sector who is influential: Steve Jobs. He, for what it’s worth:

• Seeks publicity
• Has influence in the company at a senior level
• Dictates the style of some products, sometimes with a style guide, sometimes not
• Is a perfectionist over candidate selection

What about Bill Gates when he was at the helm at Microsoft? Well:

• He saught publicity
• He had complete influence in the company at a senior level
• He dictated the style of Microsoft software without a formal style guide (and it showed!)
• He was a perfectionist over candidate selection

Yet we call them symbols, heroes, geniuses even. Marissa may indeed have pointed to athletic engagement where her performance is not above-average, but is it wrong to aspire? Valleywag’s little dig by turning around Mayer’s words that “good students are good at all things” to mean she should be good at everything she does is frankly unfair.

She got picked on because – and only because – she is a woman.

I shouldn’t be surprised. This is a sector that struggles to attract and retain women. Given the tech sector now effectively runs Western civilisation, this is a problem beyond reasonable description. However, it seems that time and time again the women who get close to the top get torn down again.

Take Kathy Sierra whose articles on usability were perhaps amongst the best written in that area, well, ever. She was helping people understand how to improve software and services in real, tangible ways. Didn’t ask for a penny for it, just did the odd speaking gig and basked in the glory the majority of us held her in. Astounding writer. Anyway, you’ll never guess what happened? Well she got death threats and the occasional suggestion she should be raped. She shut the blog down and got out of Dodge. We as an industry are worse off as a result.

Gentlemen (and it is you who I speak to specifically): what the crap are we playing at here?

I believe in equality of the sort that means that women who genuinely screw up should be called for it as much as any man and should not be put in cotton-wool environments. But to pick out women for doing things exactly the same way her male peers do (or better) and then basically using the medium of the blog to bully them because they remind you of that cheerleader who wouldn’t go to the prom with you, is quite frankly despicable.

I not only want more women to be attracted to this sector, but I think as a society we need them. Not as social media analysts, but as real entrepreneurs, managers, engineers and designers. I was foolish enough to think the Sierra episode would be a watershed moment for us as an industry. The reality is we remain far away.

It seems Valleywag has found somebody else to bully and I have a horrid feeling this is going to get more miserable and vindictive before it gets better.

In an article in Harvard Business Review Johnathan Zittrain takes a look at the risks facing the Internet in the immediate and medium term and how best to tackle the issues.

It’s interesting to me that his argument can be boiled down like this:

1. Technologies that can be used unintentionally by others to build useful things (generative technologies) are great.

2. The PC is great because of this. So is the Internet.

3. Because they are so generative people are able to create technologies that are actually harmful.

4. In order to avoid harmful software being run on their PCs connected to the Internet, users may choose to use less generative technologies, and move to appliance-like systems or services (e.g. iPhone, or only ever staying within Google/Yahoo sites)

5. We need to stop them adopting appliance-like systems in order to keep the Internet strong.

He goes about spelling that out in a few thousand words, but his ideas on how to do all this are a little light and tucked up at the end almost like an after-thought. It’s ideas though that I’m most interested in here, so here they are:

• Netizenship

  He suggests that all code should be subject to a Wikipedia-like editorial process where self-chosen experts vouch for whether the code you download and run on your system is harmful or not.

  This sounds novel, but I’m concerned about how such a system could be gamed by nefarious types. It may be that you would need to establish a trust network with certain users, but this would require you to expose information about the software you’re running: giving up your privacy to people who can name you is considered a greater threat by many than giving it up to criminals.

• Virtual Machines

  You download software and you put it in a special “container” on your machine where it can destroy what it wants to: it can’t get out to destroy your precious data. Once it has been running for a while and you trust it more and more, you can move it over into the “special” area where it has more rights.

  One question: why would I ever want to run the software outside of the container? Why not just provide a proper security model for all applications running on the system and take it from there? Unix sorted this one out better than Microsoft ever has in the 1970s, and with jailed/container environments from the BSDs and Solaris likely to hit the desktop Unix market within a couple of years, this might have some traction.

• More help from ISPs

  Zittrain argues here that ISPs turn a blind eye to zombie machines because they don’t want to help their users. This is completely and totally wrong.

  About a year ago I was in the ops center of a major multi-national ISP, sat with their abuse team watching how they worked. I was being considered for a contract to help them automate their processes (a contract cancelled as it was announced the ops team was to be relocated down South shortly afterwards).

  One of the jobs they took on was handling the automatic e-mails sent to them by AOL informing them of spam received by a machine on their network. They would then cross-correlate the IP address to customer records by hand, and give the customer a call and talk them through de-zombie-fying the machine. This *is* industry standard practice. ISPs who didn’t do this would eventually just find themselves being disconnected by their peers as they became more and more of a harbour for zombie machines.

  What would be better is more ways for ISPs to handle this automatically and to establish better trust frameworks. I also think that ISPs could relatively trivially prevent the most common spyware passing through their transparent reverse proxy cache boxes without causing major damage – the problem would be whether such action would be legal.

  I also think one area that ISPs could improve is education: a lot of people are pretty naive when they first get online and it’s only once the real story is told (or experienced first-hand) that users wise up. I think that at current rates enough people will be clued up enough to stop downloading spyware within a decade, but that’s a dangerous prediction, and there’s nothing stopping ISPs getting into the mix.

• Network neutrality for mashups

  This is an idea that sounds simple in practice, but actually defeats the point of generative technologies being adaptable, flexible, unregulated and novel.

  The premise is simply that if you write an application for a an API, your application is locked into that API’s vendor. They could withdraw service completely or just for your API key, or they could decide that they want to change the API at any time thereby breaking your application. In other words, if you invest time in developing to Google’s code base, you are suddenly beholden to Google: you can’t switch to Yahoo! or Microsoft APIs instead. This appliance-like style of development suddenly makes the “generative technology” of the Internet look quite stale compared to say the PC revolution.

  Zittrain argues that certain basic functions should be standardised so that once you write the application, it can work with similar services from other providers. If you write a Google maps mashup, changing it to work with Yahoo! should be as simple as changing a URL and an API key reference.

  It sounds simple, and standardisation is sure to come about over the next five years, but it’s actually a major undertaking. It would require all the major players to agree a baseline set of functionality, and that’s unlikely to happen with a group of commercial players.

  Where standards have arisen on the Internet – the IETF or the W3C – it has been a group of people acting in the spirit of non-commercial interest. Sure, the IETF meetings are dominated by Cisco, Juniper, Nortel and the ilk, but they are adopting a process first initiated by academics and amateurs: they’re second to the party, and are kept in their place by the tradition of open collaboration the IETF encourages.

  To create a standards body for web APIs now would require open source developers to somehow subvert the progress made by the commercial guys, or for the companies to stop behaving the way they have done for the last decade or so. It is an onerous task.

I think the error Zittrain is making here is that he believes these are problems that need to be solved in a way that is 100% efficient, or near 100% efficient. He also seems to be forgetting the human factors.

In terms of protecting users from harmful software, I believe this problem will go away within the next five years. It’s a dangerous prediction, but I believe that once users become more aware of the risks of software they are more likely to question where they source it from. It could be argued that without some kind of trust metric start-ups might find it hard to get traction, but start-ups have always benefited from the attention of early adopters who are clued up enough to know how to assess the risks of software like this.

In other words: if it’s getting good blog press, it’s OK to download. Most companies have woken up to the fact that you can lose every shred of credibility on the Internet within a day or less now, and credible company are not likely to push code that is going to harm your machine. By 2012, companies prepared to compromise their credibility will likely have no future. Zittrain’s assumption is a little like that of Cold War game theory: everybody is out to harm you, and the only right course of action is trust with verification, or outright suspicion.

As for the issue around APIs, again I think Zittrain is missing the human angle here. Yes, Google or Yahoo! could shut down their APIs at any point in time. Google have in fact stopped supporting an API or two in the past, but were careful in how they did so: they just stopped taking on new users for that API. If they were to leave developers high and dry, developers would feel the trust they had in the company had been broken, and they would make the effort to switch. Switching might be a pain, but it’s not impossible: most mashup apps out there right now are almost toy-like in their simplicity and can be recoded to a new API within a few hours. Once that happens, Google may as well drop all their APIs, and they know that.

I think eventually some form of standardisation is going to have to emerge, but all I can say about that with any degree of certainty is that it is unlikely to come from the commerical players.