BBM Music - If you can't compete, lock your customers in

BBM Music beta announced

BBMessenger is one of the few features remaining locking non-business BB users into the platform. They've successfully added a new feature in BB Messenger Music (BBMM?) that works in concert with it to bring users who might use a Bleakberry but not BBM into the fold. Now they'll be getting pressure from any friends who use BBMM to hop on it and share their music so that those friends can have 25 more songs for free and it might seem reasonable because they'll get free access to 25 songs per friend, in turn. Social pressure can be a powerful thing. If your friend leaves who has a song you like but haven't purchased, yet, you must buy that song or find another friend to regain access to it(?). So, when you're in a phone-buying situation, you'll have that additional consideration holding you back from switching platforms (on top of the unfamiliarity of the other platform, potentially outrageous ETFs or unsubsidized purchase prices, contacts transfer, and all the other things going through your mind). Uncertainty motivates people to maintain the status quo.

I remember watching a poor Circuit City salesperson one day deal with a lady and her bratty daughter who kept whining about whether the new computer Mom was buying her would have AIM. She didn't care what else it did, how much it cost, and didn't bother to look into the fact that she didn't even have to be a paying AOL member to have access to it from *any* computer. The salesperson could have pointed at the most outrageously-expensive model in the store and said, "I know for a fact that one will run AIM," and Mom probably would have bought it just to get her daughter to shut it. Silly perceived lock-in situations like that keep companies (AOL, Circuit City) in business long after they've stopped competing when they occur as part of the buying decision.

On the plus side, BBMM has the potential to improve music discovery, which IMHO stinks with existing on-line music stores, assuming wide adoption (Could it possibly be worse than Ping?). More pragmatically, however, if RIM can have one more silly thing locking people into their platform, they want it because they're hemmorhaging market share. Whether its actually good for consumers - as partnering with an open platform like gchat might be - is secondary to their business interest as they try to remain afloat in a sea of innovative competitors.

Chromebook Please

I would love one of these Chromebooks. I do a fair amount of computer support by day and the potential to make life so much easier is obvious to me with Chromebooks. I bought a netbook a couple years ago looking to do just what a Chromebook does - quickly get on the web, look at some photos from our cameras on vacation, and entertain myself on the airplane. Instead, I got MS Windows which takes away any notion of doing anything quickly and adds a support load, a tiny screen which Windows clearly wasn't designed for, and 2 hour battery life. I wish the screen were just a bit bigger, the battery life alot better, and the web a bit faster.

Chromebooks hold a similar appeal to me that iPads do for many: Simplified, portable computing. They add the benefit (to me) of a keyboard so I can get something useful done, a much wider app selection I already use (the web), some useful ports for plugging in external memory and outputting to screens without buying expensive accessories, and remove Apple as my net nanny. There's no waiting for Windows Update only to launch my browser to find that there's a browser update only to finish installing that to find that there's an update to Flash that needs installing. There's not startup programs slowing my down. There's no worries about backup, whether it really went to sleep when I closed the lid, viruses, or other malware (do I trust this download?). You just open the lid, login, and you're on-line. With all that, they're still cheaper than iPads.

I'm not sure how big a deal the 3G connection is. I really like that they've bundled the connection in and removed the need for a contract. I'm doubting I'll like the pay-as-you-go rates, though, whenever they're announced. The fact that I'm already paying $30/month for an unlimited data connection from my phone and I can't use it for the Chromebook without paying even more would grate on me no matter what. I really like that they've included dual-band WiFi, though, so I can use it with my 5GHz home network.

What I'd love to see next is simpler ways to install the servers and webapp hosts at home so I could have my own private cloud. I'd rather have my photos and other files there than on someone else's service. That wouldn't stop me from getting a Chromebook, it's just what I'd like to see next. Perhaps I'll just have to start writing my own.

On-line Security, They Told You So

The news for on-line security has been pretty grim recently. I've personally been affected by user data theft at Epsilon and Sony's Playstation Network. Epsilon's breach revealing names and e-mail addresses was low impact but Sony's loss of control of everything you give them is no small matter: Name, Address, Credit Card Number, CC Expiration Date, Date of Birth, e-mail, username, and password. Storing your Credit Card Number was optional but the rest was mandatory to access PS3 features such as on-line play, downloadable content, and third party services such as Netflix's streaming movies. That's most of what someone needs to steal your identity. Furthermore, if you thought of this account as a throw-away, you may have used a username and password that you use elsewhere, potentially allowing hackers access to gain additional info and sell it to the highest bidder. Given that you have to enter your username and password with a D-pad and on-screen keyboard, a pretty frustrating system, users were certainly incentivized to use an easy-to-type password.

We trust companies who store our personal information in an on-line system more than they deserve. According to Sony's FAQ on their breach, credit card numbers were stored encrypted and they're only warning customers to assume their CC numbers were released in an "abundance of caution." That statement in addition to their statement that they're rebuilding the network from scratch with security upgrades says to me they aren't very confident in the encryption, key management, or communications security they used to move that info around. It is apparent that no one scrutinized their system before it was approved to store all this info and expose it to the open internet.

It shouldn't be possible for this to happen for all 77 million of their customers in a single breach. The concept that a firewall keeps the bad guys out has been disproved again and again. Critical information needs to be protected making the assumption that the bad guys are inside your network. Simple, mature techniques for protecting this kind of information (https, AES encryption, etc) have been in place, implemented on many platforms, and promoted by security experts for many years. Often, turning them on requires no more than ticking a checkbox. All the security experts get to say, yet again, "I told you so."