I’m really curious to see whether the video-comment medium will be more spam resistant than text. And how that will be addressed by spammers? How do you mass video-comment effectively? All we really know is that you probably use an attractive female. But does the script get changed based on demographic targeting. I noticed an animated person on Seesmic posting video comments. She wasn’t hyper-realistic, but if she were she could be programmed to deliver thousands of customized advertising messages pulling data from an ad server. Maybe even update her ad message over time with page keywords (responsive to latest comments, or template content, reading image alt tags, header tags, custom microformat tags, etc).

For these reasons, I don’t think the 2008 games should be canceled, and neither  does the Dalai Lama. However, we can’t ignore the spectacularly poor Human Rights record of host nation China — it seems to get worse by the day, especially with regards to Tibet. So what do to…?

Archbishop Desmond Tutu’s reasonable solution: that political leaders worldwide skip the opening ceremonies. Via Reuters:

“The leaders of the free world, for goodness sake, don’t attend the opening ceremony of the Olympic Games until it is quite clear that they (the Chinese) mean business and that they will stop the violence against the Tibetans,”

I think this is a reasonable and potentially effective strategy. And let’s take it a step further and boycott watching the ceremonies on TV (not that it’s such a sacrifice). Here’s what you can point out to people when they ask why:

• China has violently repressed peaceful pro-Democracy street protests, inciting riots, in the last few months.
• China prosecuted/persecuted these peaceful protesters with absurdly prison harsh sentences last week. The Daily Mail reports that some Tibetan protesters even received life sentences — for participating in street protests!
• Chinese secret police have intimidated and harassed journalists covering Tibetan freedom protests in Beijing

The BBC video below, published on March 20th, provides documentary evidence of the first and third point.

Mind you, let’s not confine our sino-disgust (hey, it’s a blog, I get to make up words) merely to its treatment of Tibet and its advocates. China’s collusion with the most vile and demented of dictatorships, as well as its de facto policy of unchecked capitalism, are also worth noting. But Tibet is China’s great black stain — an entire nation has been violently, wrongly, and almost sadistically, imprisoned by another nation.

We should hold China to higher moral standards, and take advantage of the fact that they are hosting the Olympics to shine a spotlight on what they are doing to Tibet, and to Tibet’s advocates inside China. I am signing this online petition and telling some people I know about it. I know that nobody reads petitions — but they do count them, so your signature counts. And do call or write your political representatives, if you live in a country lucky enough to enjoy that right, which so many Tibetan protesters are literally giving their lives for.

Also, if you live in the US, you know that we have our own moral standards we need to struggle to rekindle. Let’s start by asking President Bush (and his representatives) to heed Archbishop Tutu and skip the opening ceremonies in Beijing. And meanwhile, we’ll turn of the toob and read up on Tibet.

Wow!

This internet has many self-contained “Incidental Easter Eggs” — unexpected gems that surprise and delight us more than they are meant to. This line from Automatic’s Employee Handbook is evidence. When I run across something like this it reminds why I fell in love with the Internet biz in the first place — where else is innovation found in employee manuals?

Now I don’t know if this tidbit alone accounts for the supremacy of Wordpress, but I think it says a lot about the company and their success. The question of ‘contributed vrs core’ functionality is a tough one for every internet software application — open source or not, but somehow Wordpress nails it right on the head. We’ve seen other open source CMS projects like Drupal and Joomla spiral out of control and make no sense to any but the inner sanctum of engineers. Now Wordpress is not perfect of course, but the way it grows and evolves (wisely and with moderation) is darn near perfect in my book. In other words “how” they do things, if not what they do, is pretty darn near perfect.

Maybe the fact that every person on staff spent their first days fielding customer phone calls is why they do things so well?

p.s. And by the way, way to go on WP 2.5! I love how you brought Jeffrey Zeldman’s Coghead into the process!

I wonder if they saw the story that WP Designer was sold to the highest bidder?

WP Designer was a one-man Wordpress theme design-cum-blog website. And it was great (and maybe it will still be under new owner). WP Designer produced one the most innovative and unheralded themes out there, WP Market. I think this one theme could start a Wordpress-as-development platform avalanche. Hope so, because the open source ecommerce solutions out there right now are not so hot:

• OsCommerce sucks — makes too many assumptions about customer
• ZenCart sucks — come on, I know it’s a fork, but is it really any different than OsCommerce?
• Drupal Ecommerce SUCKS — just pathetic. I was hoping it would shape up, but no such luck.
• Drupal Uber Cart probably sucks (just because it’s Drupal) — better than ecommerce, but so what
• Magento actually look pretty decent, but there again it makes too many assumptions about the customer
• Joomla itself is a such a tangled mess, I refuse to invest any time looking at its ecommerce solutions

So, when a tool like WP Market comes along, and looks as good as it looks, one sees a glimmer of hope. Mind you, it does hardly anything … yet — more just inspiration for you can do.

And that’s really what WP Designer has been about. Innovating and inspiring Wordpress-related products and ideas.

And now it’s been purchased by an online entrepeuner for $66,000 — what a steal, for a site with these numbers (65,000 absolute unique visitors and over 300,000 pageviews per month).

Congrats Pawel.

In addition to User Ratings, they also added a category navigation. A bit a ironic this feature never existed until now, but better late than never. The category navigation is excellent but could split a few more hairs for my taste. ‘Email’ for example is way to big to limit to its own category.

As I see it, you need to break email into these three categories:

• Personal Email (winner: Gmail, and to hell with Zoho)
• Organization Email (winner: Google Accounts)
• Email Marketing/Broadcasting (winner: ?)

Office 2.0 doesn’t actually offer much here, so it’s hard to say. They do list Constant Contact, which is pretty heavily used, as well as Breeze. I don’t like either because neither offers an Open API.

Still though, now that Office 2.0 DB is letting users talk back finally, they should start to benefit from the guidance of their readership.

The book is organized into “Laws”, such as the Law of Contraction and the Law of the Category. They make sense for any business, large or small, and any market, including the madcap CRM software world. I won’t try to summarize all 22 Laws, some of which may in fact be mutable, but there are three I really like:

• Law of Contraction: A brand becomes stronger when you narrow its focus.
• The Law of the Category: A leading brand should promote the category, not the brand.
• The Law of the Generic: One of the fastest routes to failure is giving a brand a generic name .

The Law of Contraction is a beautiful idea: by contracting the amount of products and services you associate your brand with, you make it more powerful. It becomes more memorable, more trustworthy, and easier to understand, all of which enables your raving fans to evangelize your product for you. The narrower the stronger.

For those of you too lazy to read the book, let me recap the convincing example of Subway. A typical city has hundreds of cafes and delis other than Subway that may offer submarine sandwiches. But these establishments also offer regular sandwiches, and lots of other things: pirogis, pie, soup, quiche, pastries, oatmeal cookies, hot chocolate, coffee, cake, grilled cheese, etcetera. You know the menus I’m talking about — the ones that take 10 minutes to read through. Such establishments compete in the “deli” market category. Subway does not. By cutting out everything else, and focusing on submarine sandwiches, Subway created its own market category to compete in: “the submarine sandwhich deli” category, where it found little competition and tremendous success. Sure Subways may offer other items when you check out — chips, drink, cookies. But the brand stays focused on submarine sandwiches. That’s it. You know what you’re getting. Strong brand.

But what if, you might ask, there is no demand for the little market category into which your shrink youy brand? Then you apply the Law of the Category: grow your market category, not your brand. Subway did just that, and the leading CRM players have done a pretty decent job as well. And they continue to do so, judging by a Google search for “what is CRM software” , where you’ll see a plethora of ads for CRM review sites, CRM guides, CRM comparison sites, and the like, all meant to grow the CRM market category through consumer education, and all paid for by CRM providers. This is the Law of the Category in action, via Google Adwords. Businesses have a certain amount of money to invest in business software each year, the thinking goes, and CRM brands will capture those expenditures not by growing their individual brands, but by growing the CRM market category. I tend to agree this strategy — generally speaking, there is room to grow: businesses are under-invested in CRM for their external business needs (and in Wiki software for internal business needs, but that’s another story). I think there’s an argument to be made that even individuals, such as Affiliate Marketers, can improve their business using a specialized type of Online Marketing CRM.

Ries talks about applying The Law of the Category to one of the early players in the CRM software market: ACT!. When Pat Sullivan acquired ACT! in 2000, he sought counsel from Ries as to how to position the brand in the market. When Ries asked “what does ACT! do?”, the answer was “everything”. Red flag — clear violation of the Law of Contraction. Ries counseled ACT! to focus their brand on one concept: Contact Software, and grow their category.

As a result of this intentional brand narrowing, ACT! became one of the leading brands in the Contact Software/CRM category ( ‘Contact‘ software being less descriptive predecessor to ‘Contact Relationship Management software). At the same time, the CRM category as a whole has benefitted, Ries argues, from ACT!’s efforts at growing the importance of the contact software category, which in turn benefits ACT!. And so on. From a product design standpoint, ACT! may be a bloated piece of junk but at least they have (or had) their branding right.

Speaking of product defects, the fact that ACT!, and so many other enterprise CRMs, don’t offer a true on-demand solution is lamentable (in my opinion). The market has responded by endorsing a new generation of on-demand CRM, led by Salesforce.com,. The On-demand CRM category is growing fast and will ultimately capture the lion’s share of the CRM market. Meanwhile, even while the on-demand CRM market category grows with a host of vertical-specific solutions, ACT! continues to be one of the largest traditional, “offline” CRM applications on the market, with over 41,000 paying corporate customers.

In my next post I’ll analyze Salesforce.com (which is probably in violation of the Law of the Generic) and its on-demand CRM competitors in more depth, and take a look at where the market is headed. Hint: with a few exceptions, on-demand CRM brands are not doing so well at the Law of Contraction. They are trying to do too much. As the business software market becomes increasingly diverse, CRM as a software product and as a business method will be forced to splinter into several new categories of CRM, each one servicing completely different types of businesses. The “Acme Enterprise CRM” and “ACME Small Business CRM” approach aint gonna cut it. This category-birthing is already happening with new, targeted CRM brands coming on to the market, but many large CRM providers don’t get it, and will lose in the long run, both in terms of brand strength and product usefulness.

In the meantime, for those of you wise enough to take a look at this fascinating book, enjoy your reading!

Google Analytics now tracks this information with its “Site Search” feature. Most popular CMS’s are supported, including Wordpress.

In case some other poor soul tore hair out trying to setup Site Search for their Wordpress blog, hopefully this screenshot clears it all up. Your query parameter is simply “s”.

I can’t for the life of me figure out what to do for drupal when you have pathauto enabled…sigh…but drupal search logs are pretty efficient at collecting data.

Actually, CRM and I are still friends, and I count 37Signals design and development strategies as a friend as well. In fact, this weekend I dusted off my copy of ‘Getting Real’, a kind of product development manifesto published by 37Signals. I was prompted to take another look at Getting Real perhaps because I just noticed that Highrise — released earlier this year — is calling itself a CRM. Highrise is a useful and innovative Contact Management tool, but it is not CRM, I’m sorry to report.

CRM stands for Contact Relationship Management (Wikipedia uses “Customer” as of 11/28/07; I think that’s limiting though), with “relationship” being the operative word. Leaving aside the world of enterprise mega-CRMs such as Microsoft Dynamics and Netsuite, I believe that a web based CRM, however simple, should have at least two ‘relationship’ features:

• form publishing tools, to create contact relationships efficiently
• email marketing tools, to maintain contact relationships efficiently

These basic features are offered by the Granddaddy of web based CRM, Salesforce.com, and numerous imitators, most which offer reams of other “integrated” features. I like the idea of pairing CRM down, simplifying it for the “Fortune 5,000,000″, but Highrise demonstrates that if you keep pairing CRM down, then eventually you are left with a Contact Management tool. Which isn’t necessarily a bad thing.

For those of you living under a rock lately, simplicity is 37Signals signature. 37Signals garnered notoriety few years back with the Zen-like simplicity of its flagship product, BaseCamp, a project management tool that enables web-based communication. (The aforementioned Getting Real discusses the design and development strategy for BaseCamp — a great read for any internet professional, even if you’re not involved in developing product). I can personally attest to the soothing efficacy of Basecamp. It makes me hate MS Project even more than I used to.

Since Basecamp, 37Signals has been churning out other simple, effective web-apps that help you work and collaborate online:

• Backpack — a flexible information organizer and calendar, that lets you define what’s what.
• Campfire — real-time time group chat
• Writeboard — a text editing tool, like Writely, that simplifies MS Word and makes it web based.

and lastly…

• Highrise — a contact management tool and “Simple CRM” according to 37Signals official marketing copy.

In addition to marketing copy printed on the Highrise website, there is the marketing copy in the title tag, which refers to Highrise as a “Web based CRM”. This is rather pernicious.

I would love nothing more than for 37Signals to rise to the challenge of building a web based CRM. Meanwhile it rankles me that they are branding Highrise as such.

Perhaps 37Signals is trying to reform the stale CRM market by redefining what CRM means. And perhaps this is only a first step, that will later be integrable with small apps that together will comprise CRM.

Or to take a more cynical view, maybe it was just a smart marketing decision to use the phrase CRM when publishing an Address Book app. I am prone to cynicism, but I don’t think this is the case. I think 37Signals have proven themselves to be an honorable, straight-shooting software company.

Whatever the case, let this be a warning to all ye who seek an simple web CRM: Highrise isn’t quite it; and unfortunately, I don’t know of anything else that is.

The article is provocatively titled “Hackers Cracked Charities’ Addresses and Passwords”. This is uncharacteristically ribald wording for the Grey Lady and it echoes the gradual trend of linkbait seeping into the mainstream media.

The article also makes some forceful claims, such as: “A growing number of donors use the Internet to make their gifts, and experts said some charities might have been reluctant to inform them about the breach out of fear that it would affect donations.”

The author didn’t name specific non-profits who might be engaging in this lying by omission, but at other poiints in the article The American Museum of Natural History, CARE, and the Red Cross were mentioned… Wink, wink. Nudge, nudge.

The article also offers some new details for anyone following the story, as well as a bit of color commentary from the Non-profit Technology Blog. In any case, it always interesting to see what new wrinkles the Times can eke out when coming a month late to a technology story.

Who knows perhaps next month they’ll cover the Salesforce security breach, though they may not dig deep enough to realize that Salesforce also has non-profit clients.

Salesforce is the premiere provider of hosted (aka “software as a service”), enterprise CRM software, although it has a growing list of competitors. This can’t be good news. The company released a public mea culpa:

“We learned that a salesforce.com employee had been the victim of a phishing scam that allowed a salesforce.com customer contact list to be copied,” the company wrote. “Information in the contact list included first and last names, company names, email addresses, telephone numbers of salesforce.com customers, and related administrative data belonging to salesforce.com”

This explanation bears a striking resemblance to the one offered to excuse the Convio fiasco — “foolish employee, smart hacker: what could we do?”. Salesforce followed this up with several security tips, two of which are worth reprinting:

• IP Range Login Restrictions — you can only login and manage your CRM from certain connection points — this is a fantastic idea.
• Two-factor RSA encryption. This is probably going a bit overboard, but would be very effective. You basically carry a physical, electronic key on your person, which generates random numbers that you must have to login. Can’t acquire this through phishing.

I used the 2nd technique to login to a US Government website and I must admit — it does make you feel like quite the spy!

The other tips were pretty run-of-the-mill. But for any Convio client still concerned about whether the security breach has resulted in phishing attacks against their end-users, I would recommend taking a look at Saleforce’s security recommendations as well as screenshots of the actual phishing emails that resulted, which Salesforce has prudently posted online. See if they bear a resemblance to whatever phishing attacks your Convio account end-users might be receiving. Of course, this doesn’t help if a hacker is breaking into bank accounts with the passwords that were stolen, but it’s something.

As for what Salesforce is doing:

What We Are Doing
Customer security is the foundation of customer success, so we have been implementing and will continue to implement the best possible practices and technologies in this area. Our recent and ongoing actions include:

	::	Actively monitoring and analyzing logs to enable proactive alerts to customers who have been affected
	::	Collaborating with leading security vendors and experts on specific threats
	::	Executing swift “takedown” strategies on fraudulent sites (often within an hour of detection)
	::	Reinforcing security education and tightening access policies within salesforce.com
	::	Evaluating and developing new technologies both for our customers and for deployment within our infrastructure. We will regularly update you on these security innovations

Sounds quite similiar to Convio’s strategy, although I give Salesforce kudos for adapting a more web-savvy philosophy. But again, the kicker could be one-way hashing. With one way hashing, you can’t get a login’s password unless you also know the password of the email associated with the login. Seems like a no-brainer, no?

Perhaps not. Perhaps the business analysts at Salesforce have calculated that once or twice yearly security breaches cost less than the potential customer dissatisfaction resulting from the inconvenience of retrieving reset passwords via email from a database employing one-way hashing.