By Ivan Reese.

Heartbleed is the nickname for a very severe bug in OpenSSL, the software used to safeguard your connection to the websites you visit.

In a nutshell, the bug allows anyone on the internet to learn anything they want from any website that uses OpenSSL (most websites).

As an example: If Google used OpenSSL, I could easily get the password for every Gmail user. Worse, I could ask any website for the site admin password, and use that to do all sorts of evil technomancy.

One of the scariest parts of this bug is that it is untraceable. It has existed since March 2012, but we have no way of knowing how much it has been abused to date. We’re still putting the pieces together (and we don’t have much to go on).

The tech industry has been in a tizzy since Tuesday when the bug was discovered, and by now most websites have been patched. However, at this point, the safest bet is to assume that some websites were compromised before they were patched, but you don’t get to know which ones.

If you use the same password on every site, then that password is no longer safe, and you should change it immediately. If you use different passwords on every site, you should still change your passwords, since you don’t know which ones may have been compromised.

How I Create Passwords (inspired by this XKCD)

1) Come up with a long-ish, easy-to-remember phrase, such as “the outlaw is the future”

2) Add the name of whatever website you’re using: “the facebook outlaw is the future”

3) Remove all spaces, and maybe add a number or some capital letters, just for good measure: “TheFacebookOutlawIsTheFuture007”

Unless you are a celebrity or have a real-life nemesis, the point of a password isn’t really to prevent other people from accessing your accounts. It’s to prevent automated hacking systems from exploiting you. So if you worry about forgetting the passwords you create, it’s not a terrible idea to write them down on a piece of paper in a safe place in your house. Seriously.

Also, it’s better to have a long password than a weird password, so go ahead and use “itsabeautifuldayintheneighbourhood” instead of “iT;Z4B3aut”.

Finally, if a site needs you to use an 8-character password, or it requires weird symbols, you’ll just have to make an exception to this otherwise wonderfully long, simple password scheme. Again, you can totally write it down (on paper in your house — not on a file on your computer).

If you have any other questions about being safe on the internet, shoot me a message on Facebook.

What does priority support mean?

It means that Colin will answer emails to prioritysupport@ before he answers emails to support@. That’s it.

I know, I know, this blows geeks’ minds. Is it OK to charge for that? Of course it is. You advertised what they were getting, they accepted, and you delivered exactly what you promised. That’s what every legitimate transaction in history consists of.

Patrick McKenzine talks about marketing.
Do you know what curriculum means in Latin - little racetrack.
Ted Nelson, in Bret Victor’s transcript of a panel discussion featuring Doug Engelbart, Alan Kay, Ted Nelson, and Tim Berners-Lee! Absolutely incredible.
Thanks Patrick
A finite game is played for the purpose of winning, an infinite game for the purpose of continuing the play.

A company is nothing more (and nothing less) than three things: people, processes and purposes. In the language of the software engineer these would be inputs, algorithms and specifications. In the language of classical business analysis they are assets (or resources), organization structures and business models. In military theory, these are logistics, tactics and strategy.

This is the trinity which allows for an understanding of a complex system: the physical, the operational and the guiding principle. The what, the how and the why.

Horace doesn’t use oxford commas, but he does use uncommonly interesting lines of reasoning.
If you’ve been in the game 30 minutes and you don’t know who the patsy is, you’re the patsy.
Common saying in Poker.
I think for many such people pop physics is playing a role that could otherwise be played by religion. It provides a sense of awe and mystery about the universe and gives a sense of there being answers to big questions. For many people I don’t think any kind of understanding is important at all. It’s more the comfort of knowing that somewhere there exist people who are working on the big mysteries of life the universe and everything.

Our policy, like that of many companies, is not to comment on future plans or work in progress. There are many good reasons that companies as big as Apple and as small as one-person shows adhere to such a policy. One reason is to keep attention focused on what is already available. Another is that keeping your mouth shut about work in progress is a way to implicitly under-promise and over-deliver. When a company says “We plan to ship X in the next three months” and it turns out to take six months, customers are naturally disappointed.

When you say what’s coming next, people naturally want to know when. And when you tell them how long you think it will take, you’re giving them a guess, but to the customer it feels like a promise. And at heart, we’re all optimists about how long our work will take. In short, talking about work in progress and future plans is often a recipe for disappointing your customers.

John Gruber, reminding us what we all instinctually know to be best but always, always struggle with. Sometimes it pays to feel like an asshole.
Banks say a safe mortgage is a maximum of 3 times the buyer’s annual income with a 20% downpayment. Landlords say a safe price is set by the rental market; annual rent should be at least 9% of the purchase price, or else the [purchase] price is just too high.
Interesting metrics! Suffice it to say, it’s a terrible time to buy an expensive house.
You yourself are gratified by some music, arrangements of noises, and again essentially nonsense. If I were to kick a bucket down the cellar stairs, and then say to you that the racket I had made was philosophically on a par with The Magic Flute, this would not be the beginning of a long and upsetting debate. An utterly satisfactory and complete response on your part would be, “I like what Mozart did, and I hate what the bucket did.”
Kurt Vonnegut to his brother Bernie, excerpted from Timequake.
The reason a [new] product deserves to exist is that it can do a job that needs doing and that few, if any others can also do it. This happens when the job is unstated and difficult to perceive. Put another way, the difficulty behind jobs-to-be-done based design is that jobs are never plainly evident. In contradiction to invention, where the problem being solved must be as clearly stated as its solution, value-creating innovation meets new and unarticulated needs. Even when created, the value is more subtly perceived, often only after prolonged use.
I might as well just link to every Asymco article ever.

The Internet [eg: Google, Facebook] runs on the arbitrage between a consumer service market where everybody consumes but nobody pays and a separate data market where nobody consumes and everybody pays.

The complexity of services means that they are usually found in more advanced so-called service economies and rare in less developed so-called goods economies.

Economists have observed this process and even have a name for it: servitization: The process whereby almost all sufficiently advanced products are indistinguishable from services.

Asymco, looking at the iPhone as a service instead of a product.

Branding doesn’t start with the logo. It is not primarily a visual discipline. Your brand is what you stand for. Branding is more about content than shape. It is who you are, not how you look. The shape should represent your inside, your content. Your brand architecture is your information architecture.

The hard part is defining what your brand is and what it aims to become. Your brand strategy follows your brand ambition, and your visual identity mirrors your overall brand ambition. Identity is not just how you look, it is what you say, what you do, what you are.

A company is defined as the sum of three values: Resources, processes and priorities (RPP). Everything of value can be classified into these three categories.

When one company buys another it’s the equivalent of one set of RPPs trying to engulf or swallow another set of RPPs. The simplest (naïve) interpretation is that an acquisition is the purchase of Resources in terms of customers, sales, profits, etc. It might be of assets like employees, intellectual properties, brand etc. I say this is naïve because Resources are the easiest to value because they can be measured and valuing only what can be measured while ignoring what can’t be measured is deeply mis-pricing.

The newest Asymco post is full of business-savvy goodness!