Quality Blogging — It Aint Easy

At my firm Strategic Communications Group more and more of our client work is in the social media arena. Usually a piece of the strategy involves helping the client launch a company blog. This can be a very valuable tool for thought leadership, spurring conversation and awareness and eventually for producing leads that support revenue generation. My colleague and Strategic founder Marc Hausman wrote recently about what he calls the three stages of social media maturation here: http://tinyurl.com/cmg4xf

Over the past 12-18 months we’ve stood up blogs for clients such as BT, Microsoft, Sun Microsystems, Inmarsat and GovDelivery. These implementations have led to a short list of best practices and issues to address prior to launch. The technology platform is the simple part. There are more fundamental questions to answer before launching a corporate blog — you can’t just  “throw it up” and hope for the best.

Here are the issues most of our clients have grappled with (successfully) as they launched their corporate blogs.

• Are you willing to take a stance? Many companies tend to be very careful with public statements, which is often a smart course. But middle of the road, consensus driven content doesn’t attract a strong readership. A company needs to be ready to take a clear position and welcome differing opinions.
• Response time needs to be swift. Responding to breaking news can be a very productive source of timely blog content. But if the marketing content must track down a subject matter expert, who then has to get his or her comment cleared, that’s not going to happen fast enough. Companies need to designate approved commentators, and they need to be accessible.
• Is everyone internally on the same page? Sometimes ownership of the corporate blog becomes a bone of contention between the IT department and the marketing/communications staff. Lines of responsibility need to be clear and agreed to prior to launch.
• Reasonable and clear metrics of success.  These can vary greatly depending on the nature of the content and the audiences targeted. Consistent growth in traffic is usually the best indicator. Sometimes clients focus on the  number of comments, which are harder to garner due to the increased effort required of readers.
• Finally, respect the time investment. At Strategic we have weekly calls with clients totally devoted the blog editorial calendar, and direct access the senior executive contributors as needed. If a company isn’t ready to dedicate the time and access required for quality content, they should reconsider launching a blog.

Here’s an interesting graphic courtesy of Matt Dickman at Technomarketer that illustrates some of these points well:

Blog Decision Tree

As communication professionals it is our responsibility to bring these issues to our clients early on and make sure they are successfully addressed. Companies that truly make the culture shift consider themselves as publishers, and bring that sort of serious consideration to their content.

With the decline of the technology trade media, quality corporate blogs can fill an important vacancy in technology coverage and become a trusted source of information in their specific market.

Got a story about a great company blog, or want to add to the list above? Please drop a comment or contact me directly.

It’s Tuesday — Must Be Time to Fix DNS

Tuesday a big story broke that could have impacted millions of web users. A researcher discovered a major security flaw involving the Domain Name System (DNS), and instead of selling the information or using it to market himself he went to major internet vendors and discussed the vulnerability with them. Today Microsoft, Cisco, Sun and BIND (via the Internet Software Consortium) issued patches to this problem, before the bad guys could exploit. Good report from Rob Vamosi of CNET:

Dan Kaminsky, director of penetration testing services for IO Active, found the DNS flaw earlier this year. Rather than sell the vulnerability, as some researchers have done, Kaminsky decided instead to gather the affected parties and discuss it with them first. Without disclosing any technical details, he said, “the severity is shown by the number of people who’ve gotten onboard with this patch.”

He declined to name the flaw as that would give away details.

On March 31, Kaminsky said 16 researchers gathered at Microsoft to see whether they understood what was going on, as well as what would be a fix to affect the greatest number of people worldwide, and when they would issue this fix.

http://news.cnet.com/8301-10789_3-9985618-57.html?hhTest

Here’s a description straight from Dan himself off his DoxPara Research blog:

I’m pretty proud of what we accomplished here. We got Windows. We got Cisco IOS. We got Nominum. We got BIND 9, and when we couldn’t get BIND 8, we got Yahoo, the biggest BIND 8 deployment we knew of, to publicly commit to abandoning it entirely.

It was a good day.

http://www.doxpara.com/?p=1162

For the most technical, here’s the US Computer Emergency Readiness Team (US-CERT) Vulnerability Note, which includes a long list of the vendors affected:

http://www.kb.cert.org/vuls/id/800113

I spoke with a DNS expert I know well for some context around the announcement. He confirmed the magnitude of the potential problem, saying that it puts the majority of web nameservers at risk for DNS cache poisoning.  He also noted that the initial reporting portrayed the problem as being with the DNS itself, which is true to some extent.

But BIND and Microsoft nameservers are particularly susceptible to cache poisoning, due to a weakness in how the query response number is randomized when the recursive server responds with the proper IP address. Other name servers, like PowerDNS, are much less at risk.

Here’s how he tried to describe the attacks to me in layman terms. The attack sends repeated queries for the same resource record (IP address) to the recursive server, which causes multiple open queries to be opened.  Think of these as tickets started but not completed.

Then the attack also sends a number of answers using spoofed addresses to make it appear they are coming from the legitimate nameserver for that resource record.  What the attacker is trying to do is “guess” the socket number and transaction ID of the actual, correct response.  So the machine asks a server for an IP number, but then floods the server with false answers to that same query, racing to see which answer gets accepted first by the resolver.

Because of weak randomization in many nameservers, the attacker was highly likely to eventually hit on a correct transaction address, which means the resolver would give an answer the attacker assigned, not the correct IP address. That false answer would then be cached by the server, and every request for that IP address would be given the new, fraudulent destination. And users might never know the difference.

This description makes sense, based on this from the CNET story that refers to beefed up randomization:

Kaminsky said he will release details in time for Black Hat 2008, on August 7 and 8 in Las Vegas. However, Microsoft in its security bulletin said its patch uses strongly random DNS transaction IDs, random sockets for UDP (User Datagram Protocol) queries, and updates the logic used to manage the DNS cache.”

Kaminsky did confirm that the patches released today will increase DNS randomness: “Where we had 16-bit before, we now have 32 bits.”

Beyond the technology, this is a very heartening story of collaboration and discretion in the name of the greater good. By waiting until Microsoft, BIND and others could issue a patch for this problem before making any public statements, a great deal of online harm was avoided. I’m sure Kaminsky will get the royal treatment at Black Hat, and it sure sounds like he deserves it. Dan, here’s a big thank you from this Internet user.

Add to: | blinklist | del.cio.us | digg | yahoo! | furl | rawsugar | shadows | netvouz

Jerry Yang Hatred Reaches Hysterical Levels

It’s been a few days since Microsoft reportedly walked away for good from discussions with Yahoo, and the vitriol being hurled at Yahoo CEO Jerry Yang is really something to behold. There certainly are facts to back it up, but the uniformity of the conventional wisdom and the level of anger puzzles me. Some of the coverage has taken on a very personal tone.

You can easily picture the veins bulging as Michael Arrington at TechCrunch screams Yahoo can’t possibly make more mistakes:

http://www.techcrunch.com/2008/06/13/massive-destruction-of-shareholder-value-employee-morale-and-internet-health/

Joe Nocera in the NYTimes rips into Yang and accuses him of violating his fiduciary duties and “stiffing” shareholders: http://www.nytimes.com/2008/06/14/business/14nocera.html?_r=1&partner=rssnyt&emc=rss&oref=slogin

Kara Swisher at All Things D already has a list of possible successors prepared:

http://kara.allthingsd.com/20080617/boomtowns-short-list-of-yahoo-ceos-sorry-jerry-but-fortune-favors-the-prepared/

Each executive departure is shown as proof of internal chaos — even when people like Jeremy Zawodny go out of their way to deny any connection:
http://jeremy.zawodny.com/blog/archives/010336.html

So what’s wrong with the conventional wisdom? Seems to me it’s focused too much on stock watching, assumes a merger with Microsoft would be successful and would curb the dominance of Google, and can’t conceive of the status quo changing. Let’s take those quickly in order:

• Didn’t techies used to complain about business types obsessing over quarter to quarter numbers, and failing to see the need for the long-term view? And do the shareholders of Yahoo need Michael Arrington to go into a frenzy on their behalf? Investment comes with risk. If you don’t like how a company you’ve invested in is performing, you sell the stock.
• A majority of mergers fail. Everyone knows this, many forget in the excitement of mergers and acquisitions. Poor planning, executive distraction, culture clashes and an internal focus on integration that hurts day-to-day performance are just some of the common causes. And is there any proof that Microsoft and Yahoo today exerting any moderating influence on Google’s rates? If not, then why assume a combined MicroHoo would?
• To think the status quo can’t be changed is showing a lack of faith in technology and innovation. Who saw Google coming when Goto.com first started offering bids for search ad placement in 1998? Will no company ever challenge Google? And this view is very North America centric — in other global search markets Google has nothing like the share it has here. Internet growth is fastest in areas like China, where the search engine Baidu.com reigns supreme.

So I’m not totally alone on this ledge, a couple of interesting posts. Tim O’Reilly talks about an Internent Operating System of which search is just a piece, and encourages Yahoo (and Microsoft) to find new ways to excel:

Meanwhile, Yahoo! has let itself be defined by the same kind of penis envy. Here is a business that has beaten Google in area after area, that is unquestionably the #1 media company on the net, and yet has let itself be defined by the one area in which it is #2 — and where it could be much more profitable and successful by partnering with #1 than by competing with them.

http://radar.oreilly.com/archives/2008/05/microhoo-corporate-penis-envy.html

And here’s a good read from Bernard Lunn of ReadWriteWeb, where he outlines 11 areas of possible opportunity around search:

My first post for ReadWriteWeb (nearly a year ago) started with the premise that search was “game over”, that Google had won and the only opportunity left was (re)search – i.e. what one does after the basic search. Unfortunately, none of the search start-ups since then has made a dent in Google’s relentless march towards search market dominance. In this article, we outline 11 search trends that may change that.

The proposition that launched countless search start-ups was: “If we can get just 1% of the search market, we will have a very valuable business”. That may be true, but getting 1% has proved elusive. It has been an all or nothing game. That may be about to change.

It is possible that Google will not be beaten by one big competitor. It is possible that they will be pecked at by thousands of tiny start-ups using a new outsourced infrastructure.

http://www.readwriteweb.com/archives/11_search_trends.php

None of this means Yang is necessarily the right guy for the job — he could be gone very soon under the avalanche of negative coverage. Unlike Kara Swisher, I’ve never spoken to him and can’t give an opinion on his abilities based on first hand knowledge. And unlike Michael Arrington I’m not on the speed dial of every disgruntled Yahoo exec with a juicy leak. (maybe someday this blog will get there…)

The reporting around the poison pill that was rushed through to make any MS acquisition harder sure sounds bad. A shareholder suit has been filed, and time will tell on that front. But it would be nice if some of the reporting allowed for the possibility — just the possibility — that Jerry Yang understands the company he founded and can lead Yahoo to success on its own.

UPDATE — Awesome, Danny Sullivan of Search Engine Land agrees! Of course he writes a more thorough and detailed post:

Yahoo The Failure — Myth vs. Reality: http://searchengineland.com/080620-094239.php

Add to: | blinklist | del.cio.us | digg | yahoo! | netvouz

Back to the Future — The Browser War

Fierce competition is back on the web browser front. After Microsoft crushed the Netscape challenge in the mid to late 90’s, Microsoft Explorer cruised for years as the overwhelming leader in the web browser market. It still is, with approximately 75% market share. But out of the Netscape defeat rose the Mozilla Foundation, a non-profit that launched the open source Firefox browser and has been refining it since. Here’s a good overview from Brad Stone of the NY Times:

http://tinyurl.com/6rux9g

Yesterday Microsoft struck back announcing a deal with Hewlett-Packard. Starting in January 2009 Microsoft’s Live Search will be the default search engine on all HP computers, taking that spot away from Yahoo. The deal is for North America only — Microsoft probably decided it has enough anti-trust issues right now with the European Union. Danny Sullivan of SearchEngineLand has a typically good piece, highlighting the US market share numbers of the various PC manufacturer/search engine alliances. I also like the idea he floats — why not cut consumers in with lower PC prices when the manufacturer gets big $$ from the search companies?

It fails to mention that HP will gain cash through the deal for effectively selling out their users. That’s not to single out Microsoft. The Google-Dell deal is exactly the same situation. Yes, in both cases, the computer owners are getting access to good search resources. But maybe the vendors should charge less for computer where they benefit by choosing for the consumer? Or maybe they need to disclose more fully why the defaults are the way they are?

http://searchengineland.com/080602-090000.php

But the struggle isn’t over when the default is set. Users can of course change their search option. Or they can be cajoled/coerced into doing so. Here’s a piece from Danny last year on that mostly behind-the-scenes battle:

http://searchengineland.com/070115-111111.php

There is one element of the HP/MS deal Danny doesn’t focus on, maybe because its not related to search. In addition to Live Search being the default on HP computers, Microsoft’s Silverlight animation software will be built in as well. This is the MS product that competes with Flash, and having millions of computers on the market that can view Silverlight without needing any plug-ins should be a big market advantage. Ars Technica thinks that will end up being more significant than the default search element:

http://arstechnica.com/news.ars/post/20080602-new-hp-microsoft-live-search-deal-is-all-about-silverlight.html

Personally I prefer Firefox. It seems faster than Explorer, and useful add-ons like the Alexa traffic reader are easy to implement. I don’t mind that Firefox has decided for me that Google should be my default choice for search — at least not yet. We users need to remember we can always make up our own minds.