Perfected Chocolate Chip Cookies

Note: this is based on the recipe “best ever chocolate chip cookies” – http://www.dishingthedivine.com/2011/12/06/best-ever-chocolate-chip-cookies/

I found that (amazing) cookie to be too light & rich, and i wanted to devise something heartier — so I’d be satisfied sooner.

Adding in some whole wheat flour and olive oil gave it a nuttier and deeper taste. Pecans made it just perfect.

Dry

• 1 1/3 cups all purpose flour
• 2/3 cup whole wheat flour
• 1/2 tsp baking soda
• 3/4 tsp salt

Wet

• 3/8 cup ( 3/4 stick) unsalted butter, melted
• 1/3 cup olive oil
• 1 cup packed dark brown sugar
• 1/2 cup white sugar
• 2 tsp vanilla extract
• 1 egg
• 1 egg yolk

MixIn

• 6oz dark chocolate, cut into chunks (+ the shavings). [ i've used the following: 1/3 of the "Pound Plus 70% dark chocolate" bar from trader joes, or about 6oz of a block of ghirardelli dark chocolate ]
• 1/2 cup Pecans, smashed or roughly chopped

Yield

• 12-16 Large Cookies

Instructions

1. Mix the flours , salt , baking soda. Set aside.
2. Mix the sugars and butter just until thoroughly mixed. Add the egg, yolk and vanilla and stir until creamy, like a thin paste or caramel. Combine with the dry ingredients ( either can be added to the other ); I find loosely folding the sifted ingredients with a spatula works well to get things fairly evenly distributed. The dough should look dry in parts and wet in others at this point.
3. Add in the chocolate and pecans. Drop the spatula and get your hands in there – break the dough apart and fold it on top of itself a few times to ensure an even distribution. The warmth of your hands and working of the dough will even out the dough very quickly.
4. The cookies need to be shaped and frozen for at least 30minutes. There are two good techniques I’ve used:
   1. drop the dough onto wax paper in 1/4 cup scoops or rounds.
   2. put all the dough onto a sheet of wax paper and roll it into a large log, cut into portions once frozen
5. When you’re ready to bake, place the frozen dough on a baking sheet ( nonstick or parchment lined ), sprinkle with some salt, and bake the cookies for 8 minutes in a 400° oven, then drop the temp to 350° and bake for another 5-10 minutes — until the edges just start to turn golden brown.

Important Notes:

1. Freezing the dough does two things: it helps develop flavors and it keeps the inside of the cookie from cooking too fast. Properly cooked, the outside should be just turning brown and slightly crispy as it cools, while the inside is almost undercooked and a creamy custard.
2. This dough doesn’t really spread much – the shape and size of the dough that goes in the oven is roughly the same shape and size of what comes out. A quarter cup baking measure is a very good mold for this cookie. If you go the frozen log route, you’ll want to make sure that the diameter is roughly the same size as your 1/4 cup measures , and the rounds you cut are fairly thick — around 1″.
3. Starting the oven at 400° and dropping to 350° makes the perfect cookie. If you’re busy, you can bake a slightly less perfect cookie by keeping the oven at 400° and baking for 12-13 minutes.

I’ve had a lot of people contact me over the past two years trying to recruit me for a Product Manger role or looking for referrals to qualified candidates. I have a solid network and am well respected in Technology, Advertising and Publishing circles — so I’m used to constant pings by Executives I’ve consulted with or recruiters I’ve worked with and am happy to help when I can.

I feel compelled to write a post because out of several dozen inquiries for positions titled with some variation of “Product Manger”, only one was actually involved with product management. The rest? Sigh…

There’s been a huge conflation of terms with regard to “product management” in the past few years and it seems to be over-represented in NYC area. This conflation really needs to stop. Now.

The role of a Product Manager has a bit of variation in it’s definition, but it’s usually something around the lines of “the person who is ultimately responsible for a product”. In a large organization, Product Managers are essentially divisional GMs or ‘micro-ceos’; in smaller ( and tech ) organizations, they tend to be inter-disciplinary people who might report to a “head of product” or directly to the CEO.

Generally speaking: Product Managers are highly skilled and highly experienced professionals, often with extensive background across one or more areas, who are tasked with fine-tuning what a ‘product’ should be to best achieve business goals.

Most “Product Managers” I’ve known can be categorized like this:

• Most have 10+ years of professional experience, with very impressive track records; rarely do they have less than 5years experience;
• They either have advanced degrees like an MBA, MS, PHD or work-based equivalent, i.e. a C/VP/D level employee who have done some stellar work;
• All are experts / authorities in at least one discipline, and can somewhat function in whatever roles they oversee/interact with as they’ve had over a decade of experience working across them.

To give some quick examples:

1. I was recently at eConsultancy’s Digital Cream NYC event, in a room full of 150 people who were mostly Chief Marketing Officers / VPs of Marketing. If I were a technology company in the advertising space or a publisher looking to sell innovative new ad solutions, I would look into recruiting a Product Manager from the attendee list. This is rather simple – the person who could best manage my advertising product, would be an expert in advertising.

2. Several publications that I know of built out Editorial Product departments staffed with former Senior Editors and Operational Editors. What better way to deliver on editorial needs than by hiring a seasoned journalist?

3. A friend literally wrote the book on a certain technology, and is often called in to advise on different implementations of it — addressing the costs to scale/iterate, user behaviors, implementations, etc.

4. When Facebook buys a startup, their executives staff tend to become Product Managers owning a section of the Facebook experience.

Some of the things a Product Manager typically does is:

• Understand and manage the business goals: identify the best business opportunities , create and push products to address them.
• Understand the functionality and scope of the product: if it’s technology, they can code; if it’s a marketing product, they understand how and why advertising is bought.
• Understand the customers: make sure people will want to consume the product
• Make decisions and be qualified to make them: balance a mix of Strategic Decisions ( into markets or users ) and Operations ( costs to iterate – both financially and team morale )
• Manage the process : work with P&L sheets, quarterback the scope/design/build/deploy/sales process.
• other things I’m too tired to note. Product Managers are tasked with balancing the goals of the Organization against the needs of multiple types of Consumers and the people/resources to build them. It’s a lot of work, but it’s amazing fun for a lot of us.

The scores of “Product Manager” positions that are plentiful in NYC right now are nothing like my descriptions above – they tend to be a hybrid of skills belonging to a Digital Producer ( in the adverting world ) and Project Manager ( in , well any industry ). They are mostly what I consider entry level – with a target of 3 total years work experience.

These positions tend to be highly administrative , require no expertise or inter-disciplinary skills, and don’t even have access to seeing budgets — much less managing them or trying to affect revenue operations. Sometimes they’ll include a bit of customer development work, but most often they don’t. These positions completely lack a “Strategy” component, tending to either be a very entry level position or a mislabling for the most incredibly experienced and talented Project Manager you’ve ever met.

Almost always these roles become filled by someone who honestly shouldn’t have that job. One of my more favorite “Product Manager” interactions was with someone who had just assumed the new role as their second-ever job, with their first job being several years as a Customer Service representative. If the company provided Customer Service, it would have been a really good fit — but the company provided a very technical service, and their “Product Manager” was really functioning more like a mix of an “Account Manager” and “Digital Producer”, they were visibly out of their element and unable to understand the needs of their clients.

This is really a dis-service to everyone involved.

• It makes a potential employers look foolish to actual Product Managers , and labeled as a company to avoid.
• It skips over a huge pool of extremely talented Digital Producers and Project Managers who would excel at these roles.
• It creates a generation of early-career professionals with the title of a Product Manager, but without the relevant experience or skills to back it up.

Because “Product Manager” is so often a role that an experienced professional transitions into, it’s not uncommon to see someone with 1-2 years of “Product Manager” in their title, but a resume that shows 3 years as a Vice President and 5 years as a Director at a previous employer. You might even see someone with 3 years of “Product Manager” as a title — but an additional 9 years of “Digital Producer” or “Project Manager” experience behind them as well. Plenty of professionals from the Production side transition into Product Management too, once they’re well versed in their respective industries.

Mindless recruiters ( and certain nameless conglomerates ) of NYC don’t understand this though. They just focus on buzz-words: if someone has been in “product” for 2 years, they target them as if they’ve only been a professional for that long. It’s all too common for the salary cap of a not-really-a-product-manager position to be 1/4 the targeted recruit’s current salary. The compensation package and role should be commensurate with the full scope of someone’s work — i.e. 12 years, not 3 years.

So my point is simple – if you’re hiring a “Product Manger” you should really think at what you expect out of the role.

• If you’re really looking for a “Project Manager” or “Digital Producer” — which you most likely are — change your posting and recruit that person. You’ll find a great employee and give them a job they really want and care about. If you manage to get a Product Manager in that role, they’re going to be miserable and walk out the door.
• If you realize that you’re looking for a role that its both strategic and operational — and is going to be one of the most important hires for your organization or division, then either hire someone with relevant Product Management experience OR hire a relevant expert to be your “Product Manager”.

Last week I found a Security flaw on Dreamhost caused by the User Experience on their control panel. I couldn’t find a security email, so I posted a message on Twitter. Their Customer Support team reached out and assured me that an email response would be addressed. Six days later I’ve heard nothing from them, so I feel forced to do a public disclosure.

I was hoping that they would do the responsible thing, and immediately fix this issue.

The issue:

If you create a Subversion repository, there is a checkbox option to add on a “Trac” interface – which is a really great feature, as it can be a pain to set up on their servers yourself (something I’ve usually done in the past).

The exact details of how the “one-click” Trac install works aren’t noted though, and the integration doesnt “work as you would probably expect” from the User Experience path.

If you had previous experience with Trac, and you were to create a “Private” SVN repository on Dreamhost – one that limits access to a set of username/passwords – you would probably assume that access to the Trac instance is handled by the same credentials as the SVN instance, as Trac is tightly integrated into Subversion.

If you had no experience with Trac, you would probably be oblivious to the fact that Trac has it’s own permissions system, and assume your repository is secured from the option above.

The “one click” Trac install from Dreamhost is entirely unsecured – the immediate result of checking the box to enable Trac on a “private” repository, is that you inherently are publicly publishing that repo from within the Trac browser.

For example, if you were to install a private subversion and one-click Trac install onto a domain like this:

my.domain.com/svn
my.domain.com/trac

The /svn source would be private however it would be publicly available under /trac/browser due to the default one-click install settings.

Here’s a marked-up screenshot of the page that shows the conflicting options ( also on http://screencast.com/t/A2VQT5gOVkK )

I totally understand how the team at Dreamhost that implemented the Trac installer would think their approach was a good idea, because in a way it is. A lot of people who are familiar with Trac want to fine-tune the privileges using Trac’s own very-robust permissions system, deciding who can see the source / file tickets / etc. The problem is that there is absolutely no mention of an alternate permissions system contained within Trac – or that someone may need to fine-tune the Trac permissions. People unfamiliar with Trac have NO IDEA that their code is being made public, and those familiar with Trac would not necessarily realize that a fully unsecured setup is being created. I’ve been using Trac for over 8 years , and the thought of the default integrations being setup like this is downright silly – it’s the last thing I would expect a host to do.

I think it would be totally fine if there is just a “Warning!” sign next to the “enable Trac” — with a link to Trac’s wiki for customization , or instructions ( maybe even a checkbox option ) on how a user can have Trac use the same authorization file as subversion.

But, and this is a huge BUT, people need to be warned that clicking the ‘enable Trac’ button will publish code until Trac is configured. People who are running Trac via an auto-install need to be alerted of this immediately.

This can be a huge security issue depending on what people store in Subversion. Code put in Subversion repositories tends to contain Third Party Account Credentials ( Amazon AWS Secrets/Keys, Facebook Connect Secrets, Paypal/CreditCard Providers, etc ), SSH Keys for automated code deployment, full database connection information, administrator/account default passwords — not to mention the exact algorithms used for user account passwords.

The fix

If you have a one-click install of Trac tied to Subversion on Dreamhost and you did not manually set up permissions, you need to do the following IMMEDIATELY:

Secure your Trac installation

If you want to use Trac’s own privileges, you should create this .htaccess file in the meantime to disable all access to the /trac directory

deny from all

Alternately, you can map access your Trac install to the Subversion password file with a .htaccess like this:

AuthType Basic
AuthUserFile /home/##SHELL_ACCOUNT_USER##/svn/##PROJECT_NAME##.passwd
AuthName "##PROJECT_NAME##"
require valid-user

Audit your affected code and services.

• All Third Party Credentials should be immediately trashed and regenerated.
• All SSH Keys should be regenerated
• All Database Accounts should be reset.
• If you don’t have a secure password system in place , you need up upgrade

What are the odds of me being affected ?

Someone would need to figure out where your trac/svn repos are to exploit this. Unless you’ve got some great obscurity going on, it’s pretty easy to guess. Many people still like to deploy using files served out of Subversion (it was popular with developers 5 years ago before build/deploy tools became the standard) , if that’s the case and Apache/Nginx aren’t configured to reject .svn directories — your repo information is public.

When it comes to security, play it safe. If your repo was accidentally public for a minute, you should wipe all your credentials.

BoingBoing just frontpaged this EFF.org HowTo — How to Remove Your Google Search History Before Google’s New Privacy Policy Takes Effect

• https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect
• http://boingboing.net/2012/02/22/howto-turn-off-googles-searc.html

There seems to be a significant bug in Google’s Systems that may leave you “unprotected” if you follow the directions.

I had one of the “earlier” beta accounts from years ago, where the login was just the ‘local part’ of the email address — e.g. it was “jvanasco” not “jvanasco@gmail.com”.

When I followed the EFF instructions — and the Google instructions on their login box to sign in with a full email address — I got a message about how “Web History” is not enabled for “gmail”. It was the same message I saw for turning off a Google Apps email for “jonathan@ArtWeLove.com”. To make sure everything was okay, I double checked the gmail inbox… and it was the correct inbox.

I logged out as “jvanasco@gmail.com” and then logged back in again as “jvanasco”. I ended up at the same inbox, and I was then able to see the “Web History” page , which had ‘paused’ (read: ‘turned off’) in 2008.

I logged out of gmail, then back in again using both versions of the account name. I could now view the “paused” web history page on both systems — leading me to think an account update/merger happened.

In any event- if you receive a message that says something like “This is not enabled for gmail”, you should log out then log back in as just the “local_part”, and not an email address.

This is a draft.

In March of 2011 I represented Newsweek & The Daily Beast at the Harvard Business School / Committee of Concerned Journalists “Digital Leaders Summit”. Just about every major media property sent an executive there, and I was privileged enough to represent the NewsBeast.

Over the course of two days, we covered a lot of concerns across the industry – analyzing who was doing things right , and who was doing things wrong.

On the first day of the summit, we looked at how Amazon was posturing itself for digital book sales – where their profits were hoping to be , where their losses were expected, and strategies for finding the optimal price structure for digital goods.

Inevitably, the conversation sidetracked to the Apple Ecosystem, which had just announced Subscriptions and their eBooks plan — consequently being their new competitor.

One of the other 30 or so people in attendance, was Jeffrey Zucker from NBC who went into his famed digital pennies vs. analog dollars diatribe. He made a compelling, intelligent, and honest argument that captivated the minds and attention of the entire room. Well, most of the room.

I vehemently disagreed and quickly spoke up to grab control of the floor — “apologizing” from breaking with the conventional view of this subject, and asking people to look at the situation from another point of view. Yes, it’s true that Apple standardized prices for digital downloads and set the pricing on their terms. Yet, it’s true that Apple allowed for records to be purchased “in part” and not as a whole, and yes to a lot of other things.

And yes – Jeffrey Zucker didn’t say anything that was “wrong” – everything he said was right. But simply put, Mr. Zucker and other delegates were only looking at portion of the scenario in play — and the prevailing wisdom in the room was way off the mark… by miles.

Apple didn’t gain dominance in online music because of their pricing system or undercutting retailers — which everyone believed. Plain and simple, Apple took control of the market because they made it easier and faster for someone to legally buy music than to steal it. When they first launched — and still today — it takes under a minute for someone to find and buy an album or a single in the iTunes store. Let me repeat that – under a minute. Apple’s servers were relatively fast at the start as well, and the entire album could be downloaded within an hour.

In contrast, to legally purchase a record in the store would take at least two hours — and at the time they first launched, encoding an album to work on an MP3 player would take another hour. To download a record at that time would be even longer: services like Napster (then already dead) could take a day to download; torrent systems could take a day; while file upload sites were generally faster, they suffered from another issue that torrentz and other options did as well — mislabeled and misdirected files.

Quite possibly the only smart thing the Media Industry has ever done to curb piracy is , what I call, the “I Am Spartacus” method — wherein “crap” files are mislabeled to look like Top 40 hits. As an example, in expectation of a new Jay-Z record, internet filesharing sites are flooded with uploads that bear the name of the record , but contain white noise, another record, or an endless barrage of insults ( ok, maybe not the last one… but they should ).

I pretty much shut the room up at that point, and began a diatribe of my own – which I’ll continue here…

At the conference, Jeffrey Zucker and some other media executives tended to look at the digital economy like this: If there are 10 million Apple downloads of the Beyonce record or the 2nd Season of “Friends”, those represent 10 million diverted sales of a $17.99 CD – or 10MM diverted sales of a $39.99 dvd. If Apple were to sell the CD for 9.99 with a 70% cut, they’re only seeing $7 in revenue for every $17.99 — 100 million times. Similarly, if 10MM people are watching Friends for $13.99 (or whatever cost) on AppleTV instead of buying $29.99 box sets, that’s about $20 lost per viewer — 10 million times.

To this point, I called bullshit.

Digital goods such as music and movies have incredibly diminished costs for incremental units, and for most of these products they are a secondary market — records tend to recoup their various costs within the first few months, and movies/tv-shows tend to have been wildly profitable on-TV / in-Theaters. The music recording costs 17.99 and the DVD 29.99 , not because of fixed costs and a value chain… but because $2 of plastic, or .02¢ of bandwidth, is believed by someone to be able to command that price.

Going back to our real-life example, 10MM downloads of “Friends” for 13.99 doesn’t equate to 10MM people who would have purchased the DVD for $29.99. While a percentage of the 10MM may have been willing to purchase the DVDs for the higher price, another — larger — percentage would not have. By lowering the price from 29.99 to 13.99, the potential market had likely changed from 1MM consumers to 10MM. Our situation is not an “apples-to-apples” comparison — while we’re generating one third the revenue, we’re moving ten times as many units and at a significantly lower cost ( no warehousing, mfg, transit, buybacks, etc ).

While hard copies are priced to cover the actual costs associated with manufacturing and distributing the media, digital media is flexibly priced to balance convenience with maximized revenue.

Apple doesn’t charge .99¢ for a song, or $1.99 for a video because of some nefarious plan to undervalue media — they came up with those prices because those numbers can generate significant revenue while being an inconsequential purchase. At .99¢ a song or $9.99 an album, consumer’s simply don’t think — we’re talking about a dollar for a song, or a ten dollar bill for a record.

Let me rephrase that, we’re talking about a fucking dollar for a song. A dollar is a magical number, because while it’s money, it’s only a dollar. People lose dollar bills all the time, and rationalize the most ridiculous of purchases away… because it’s only a dollar. You’ll note that a dollar is not far off from the price of a candy bar, which retailers incidentally realized long ago that “Hey – let’s put candy bars next to the cash registers and keep the prices relatively low, so people make impulse buys and just add it onto their carts”.

Do you know what happens when you charge a dollar for something? People just buy it. At 13.99 – 17.99 for a cd, people look at that as a significant purchase — one that competes with food, vacations, their children’s college savings. When you charge a dollar a song – or ten dollars a record – people don’t make those comparisons… they just buy.

And buy, and buy, and buy. Before you know it, people end up buying more goods — spending more money overall on media than they would have under the old model. Call me crazy, but I’d rather sell 2 items with little incremental cost at $9.99 each than 1 item at $13.99 — or even 1 item at $17.99.

Unfortunately, the current stable of media executives – for the most part – just don’t get this. They think a bunch of lawyers , lobbyists and paying off politicians for sweetheart legislations are the best solution. Maybe that worked 50 years ago, but in this day and age of transparency and immediacy, it doesn’t.

Today: you need to swallow you pride, realize that people are going to steal, that the ‘underground’ will always be ahead of you, and instead of wasting time + money + energy with short-term bandaids which try to remove piracy ( and need to be replaced every 18months ) — you should invest your time and resources into making it easier and cheaper to legally consume content. Piracy of goods will always exist, it is an economic and human truth. You can fight it head-on, but why?

Instead of spending millions of dollars chasing 100% market share that will never happen (and I can’t stress that enough, it will never happen), you could spend thousands of dollars addressing the least-likely pirates and earn 90% of the market share — in turn generating billions more in revenue each year.

Until decision makers swallow their pride and admit they simply don’t understand the economics behind a digital world, media companies are going to constantly and mindlessly waste money. Almost every ( if not EVERY ) attempt at Digital Rights Management by major media companies has been a catastrophe – with most just being a waste of money, while some have resulted in long term compliance costs. I can’t say this strongly enough: nearly the entire industry of Digital Rights Management is a complete failure and not worth addressing.

Today, the media industry is at another crossroads. Intellectual property rights holders are getting incredibly greedy , and trying to manipulate markets which they clearly don’t understand. In the past 12 hours I’ve learned how streaming rights to Whitney Houston movies were pulled from major digital services after her death to increase DVD sales [ I would have negotiated with digital companies for an incremental 'fad' premium, expecting the hysteria to die down before physical goods could be made ], and read a dead-on comic by The Oatmeal on how it has – once again – become easer to steal content than to legally purchase it [ http://theoatmeal.com/comics/game_of_thrones ].

As I write this (Feb 2012) it is faster to steal a high quality MP3 (or FLAC) of record than it is to either: a) rip the physical CD to the digital version or b) download the item from iTunes ( finding/buying is still under a minute ). Regional release dates for music , movies and TV are unsynchronized (on purpose!) , which ends up in the perverse scenario where people in different regions become incentivized to traffick content to one another — i.e. a paying subscriber of a premium network in Europe would illegally download an episode when it first airs on the affiliate in the United States, one month before the European date.

Digital economics aren’t rocket science, they’re drop-dead simple:

1. If you make things fast and easy to legally purchase, people will purchase it.
2. If you make things cheap enough, people will buy them – without question , concern, or weighing the purchase into their financial plans.
3. If you make it hard or expensive for people to legally purchase something, they will turn to “the underground” and illegal sources.
4. Piracy will always exist, innovators will always work to defy Digital Rights Management, and as much money as you throw at creating anti-piracy measures… there will always be a large population of brilliant people working to undermine them.

My advice is simple: pick your battles wisely. If you want to win in digital media, focus on the user experience and maximizing your revenue generating audience. If your content is good, people will either buy it or steal it – if your content is bad, they’re going somewhere else.

I’m glad to no longer be in publishing. Maybe I’ll return one day, but that’s doubtful. I’m glad to be back in a digital-only world, working with startups , advertising agencies, and media companies that are focused on building the future… not trying to save an ancient business model.

As an Internet Professional who works with both Consumer & B2B Products, I’ve been keeping a growing list of issues with Facebook. I figured it was worth publicly sharing them — maybe others have thought this way.

Top 5 Product Quirks I Hate About Facebook , Part 1

1- Consumer Product : The messages that accompany a “Friend Request” are lost once you accept a Friendship

Let’s say someone sees your profile, realizes you know each other because of X/Y/Z to be a friend. Facebook has a great feature that gives them a chance to add a ‘qualifying message’ to their FriendRequest… you know, something like “Hey, Jonathan! It’s been years. My phone number is 555-123-4567. Call me!”

This is a great feature, right? Absolutely. There’s just a little problem though- once you become friends with that person, the message disappears. Since it’s not a real “message” ( in their world ), it doesn’t get archived in your message center history.

What Facebook should do: if a FriendRequest is accompanied with a message, turn it into a user-to-user message upon Accepting or Rejecting the request.

2- Consumer Product : When sending a FriendRequest to another User , the requesting first User doesn’t expose their Profile to the requestee

How many times have you gotten a FriendRequest, thought “Hmm, how do I know this person?”, and then clicked their profile ? I’d wager a lot. When you’re unsure of who someone is, it’s a normal reaction to check-them-out.

Here’s the problem – when Facebook first introduced their privacy settings, they gave users the option to make all ( or portions of ) their profiles “Friends Only”. It’s a great feature, but there’s a bit of a caveat — if this setting is turned on, the recipient of a FriendRequest can’t see the sender’s details. In many cases, the only information shown is a name & photo.

This user interaction is one of the most troubling and annoying to me – in order to find out exactly WHO sent me a FriendRequest, I need to accept their Friendship. This isn’t something that I really want to do — I don’t want to expose my activities, contact information, or network to someone that I don’t necessarily know or trust.

This is what it unfortunately looks like:

1. The Friend Request Pane

1. The requesting person’s profile. Who are they?!?!?

What Facebook should do: ProfilePermissions for “Friends” should apply to “outgoing FriendRequests”. There is an implicit intent to have a Friendship and share this information.

3- Consumer Product : Application Permission Dialogs show the name of the Application, not who is responsible for the Application.

All too often I see an interesting Post / Application and click on it to potentially add it to my own Profile.

Here’s an example – this Application promotes the song that was #1 on your birthday. “Hey, I want to find that out myself!”

When the Application requests an Authorization from me though, I see that I’m sharing my information with the App — which is great. What I don’t see, however, is exactly who I’m sharing my information with.

In an era where people get their Facebook accounts hacked, or viral apps pop out of nowhere only to get permissions they later abuse, I’m worried about who the developers/companies are. How do I know that “Some Random Application” is backed by solid, upstanding people – and not some foreign hackers that are trying to turn my account into a spamming node or mine it for personal info for identity theft?

Take a look at this screen and think about if you would feel comfortable granting whomever made this access :

What Facebook should do: list the main developer/company/etc on the authorization page. Facebook makes a huge point about being based on “real names” – even going so far as to quarantine accounts that use ‘common’ names instead of legal ones ( if you haven’t read his tirades, Salman Rushdie wrote some great stuff on his own struggles here).

It’s also worth noting that this was a really awkward App to profile , because finding the install/auth screen was near impossible.

4- Business Product : Data about the origin of Linked content is nebulous or cryptic – and worthless for metrics

Links shared in Facebook aren’t direct links to content – they’re intercepted by a proxy at “http://facebook.com/l.php”. Basically, there’s a bit of javascript that rewrites an external link on a webpage into an internal link, which is used by Facebook to track performance and display within their own analytics suite. This is great and fine. “l.php” seems to take two parameters: a url encoded version of the destination, and a unique corresponding hash — which I think is a) just the a digest of the link with a ‘site secret’, and b) exists to ensure that the “l.php” script isn’t abused by non-facebook traffic. I could be wrong on both parts, but if the exact unique hash doesn’t appear with the corresponding link… Facebook throws a 404 instead of a redirect to the url parameter.

Because of the way this linking works, if you look within your own analytics suite you’ll see that ALL traffic from Facebook.com appears as if its from “l.php”. The only way to see how your referral traffic performs from Facebook is to use their own, limited, analytics program — and that can’t roll up into your existing analytics reporting tools AND only applies to “pages”.

If you embed a “Like” button on a page you can specify a “ref” label, into which Facebook will toss information back to your site with. However – this isn’t a default action, and applies to “Like” stories only, not organic shares. This is confusingly documented too – at a major publisher I was working with, earlier versions of the docs suggested that we would be able to note where on the site that button was placed, and we would then be able to access the information… nope.

What Facebook should do: append information about the outbound links into query strings on the redirect (e.g. “?fb:context=user.newsstream” ) or create intermediary dummy redirects that have that information and will appear in referral logs ( e.g. “/l.php” -> “/l/user.newstream.php” ), thereby letting publishers access that information within their own analytics programs. The information could even be coerced into the “utm_” namespace that Google uses, as Omniture can work with them by default — easily supporting two of the top analytics packages at once.

Additionally, the behavior of the “ref” tool should be on by default — affecting all links — and control for fine-tuning can be offered on a per-domain basis.

5- The internal Insights/Analytics app has a lot of data, but does little with it. There are some key metrics that could be shown now – and others that should be expanded upon.

Facebook is great about telling me how much content is shared, but is pretty bad at telling me HOW it is shared. As a publisher, I want to know WHERE the share is coming from and WHY – is it from within Facebook ? If so, is it as people “share” on each other’s walls or another mechanism? Is it happening from a “user to user” newsfeed story, or a “page to user” newsfeed ? Where did someone “Like” my story – on my website, on a newsfeed, on my brand’s profile page? As the Facebook Comments system is used more: I want to know if people are posting responses on Facebook , or on my own site. Most importantly, I want the ability to slice and dice all these bits of data on a “per post” or “per url” basis — it’ll help me figure out how to spend my internal resources in promoting stories. I need to figure out which types of stories do best as user-to-user vs brand-to-user, and which ones are being spread on Facebook vs those where offsite likes merely show an affinity for the stories.

For generic users this might sound silly, but as someone responsible for the digital growth of a brand this stuff is really, really, really important. As someone who is debating how much of a yearly budget to allocate to Facebook development, advertising, and internal staffing – this is information I really need to know. This is the type of information that tells me what I’m doing right, what I’m doing wrong, and guides my next steps. I want to know which Headlines performed the best in terms of “Likes” and which had the highest percentage of clickthroughs. Today, I only see the clickthrough data on my analytics suite and the aggregate of all activity on Facebook’s. This data is simply not substantial enough to base sound decisions on.

What Facebook should do: Surface the data. Repeat. Surface the data.

These are pretty basic things I want to know — but I can’t know them, because Facebook’s data collection and reporting just aren’t that great.

I needed to upgrade from Python 2.6 to 2.7 and ran into a few issues along the way. Learn from my encounters below.

Upgrading Python

Installing the new version of Python is really quick. Python.org publishes a .dmg installer that does just about everything for you. Let me repeat “Just about everything”.

You’ll need to do 2 things once you install the dmg, however the installer only mentions the first item below:

1. Run “/Applications/Python 2.x/Update Shell Command”. This will update your .bash_profile to look in “/Library/Frameworks/Python.framework/Versions/2.x/bin” first.

2. After you run the app above, in a NEW terminal window do the following:

• Check to see you’re running the new python with python --version or which python
• once you’re running the new python, re-install anything that installed an executable in bin. THIS INCLUDES SETUPTOOLS , PIP , and VIRTUALENV

It’s that second thing that caught me. I make use of virtualenv a lot, and while I was building new virtualenvs for some projects I realized that my installs were building against virtualenv and setuptools from the stock Apple install in “/Library/Python/2.6/site-packages” , and not the new Python.org install in “/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages”.

It’s worth nothing that if you install setuptools once you’ve upgraded to the Python.org distribution, it just installs into the “/Library/Frameworks/Python.framework” directory — leaving the stock Apple version untouched (basically, you can roll back at any time).

Installing Mysql-Python (or the ruby gem) against MAMP

I try to stay away from Mysql as much as I can [ i <3 PostgreSQL ], but occasionally I need to run it: when I took over at TheDailyBeast.com, they were midway through a relaunch on Rails , and I have a few consulting clients who are on Django.

I tried to run cinderella a while back ( http://www.atmos.org/cinderella/ ) but ran into too many issues. Instead of going with MacPorts or Homebrew, I’ve opted to just use MAMP ( http://www.mamp.info/en/index.html )

There’s a bit of a problem though – the persons who are responsible for the MAMP distribution decided to clear out all the mysql header files, which you need in order to build the Python and Ruby modules.

You have 2 basic options:

1. Download the “MAMP_components” zip (155MB) , and extract the mysql source files. i often used to do this, but the Python module needed a compiled lib and I was lazy so…
2. Download the tar.gz version of Mysql compiled for OSX from http://dev.mysql.com/downloads/mysql/

Whichever option you choose, the next steps are generally the same:

Copy The Files

Where to copy the files ?

mysql_config is your friend. at least the MAMP one is.

Make sure you can call the right mysql_config, and it’ll tell you where the files you copy should be stashed. Since we’re building against MAMP we need to make sure we’re referencing MAMP’s mysql_config

iPod:~jvanasco$ which myqsl_config /Applications/MAMP/Library/bin/mysql_config

iPod:~jvanasco$ mysql_config Usage: /Applications/MAMP/Library/bin/mysql_config [OPTIONS] Options: --cflags [-I/Applications/MAMP/Library/include/mysql -fno-omit-frame-pointer -D_P1003_1B_VISIBLE -DSIGNAL_WITH_VIO_CLOSE -DSIGNALS_DONT_BREAK_READ -DIGNORE_SIGHUP_SIGQUIT -DDONT_DECLARE_CXA_PURE_VIRTUAL] --include [-I/Applications/MAMP/Library/include/mysql] --libs [-L/Applications/MAMP/Library/lib/mysql -lmysqlclient -lz -lm] --libs_r [-L/Applications/MAMP/Library/lib/mysql -lmysqlclient_r -lz -lm] --plugindir [/Applications/MAMP/Library/lib/mysql/plugin] --socket [/Applications/MAMP/tmp/mysql/mysql.sock] --port [3306] --version [5.1.44] --libmysqld-libs [-L/Applications/MAMP/Library/lib/mysql -lmysqld -ldl -lz -lm]

Include

Into /Applications/MAMP/include you need to place the mysql include files into a subdirectory called “mysql”

mkdir -P /Applications/MAMP/Library/include cp -Rp MySQL-Distribution/include /Applications/MAMP/Library/include/mysql

Lib

Into /Applications/MAMP/Library/lib you need to place the mysql lib files

mkdir -P /Applications/MAMP/Library/include cp -Rp MySQL-Distribution/lib /Applications/MAMP/Library/lib/mysql

Configure the Env / Installers

Note: if you’re installing for a virtualenv, this needs to be done after it’s been activated.

Set the archflags on the commandline:

export ARCHFLAGS="-arch $(uname -m)"

Python Module

I found that the only way to install the module is by downloading the source ( off sourceforge! ).

I edited site.cfg to have this line:

mysql_config = /Applications/MAMP/Library/bin/mysql_config

Basically, you just need to tell mysql to use the MAMP version of mysql_config to figure everything out itself.

the next steps are simply:

python setup.py build python setup.py install

If you get any errors, pay close attention to the first few lines.

If you see something like the following within the first 10-30 lines, it means the various files we placed in the step above are not where the installer wants them to be:

_mysql.c:36:23: error: my_config.h: No such file or directory _mysql.c:38:19: error: mysql.h: No such file or directory _mysql.c:39:26: error: mysqld_error.h: No such file or directory _mysql.c:40:20: error: errmsg.h: No such file or directory

If you look up a few lines, you might see something like this:

building 'mysql' extension gcc-4.0 -fno-strict-aliasing -fno-common -dynamic -g -O2 -DNDEBUG -g -O3 -arch i386 -Dversion_info=(1,2,3,'final',0) -D_version__=1.2.3 -I/Applications/MAMP/Library/include/mysql -I/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c _mysql.c -o build/temp.macosx-10.5-i386-2.7/_mysql.o -fno-omit-frame-pointer -D_P1003_1B_VISIBLE -DSIGNAL_WITH_VIO_CLOSE -DSIGNALS_DONT_BREAK_READ -DIGNORE_SIGHUP_SIGQUIT -DDONT_DECLARE_CXA_PURE_VIRTUAL

note how we see “/Applications/MAMP/Library/include/mysql” in there. When I quickly followed some instructions online that had all the files in /include — and not in that subdir — this error popped up. Once I changed the directory structure to match what my mysql_config wanted, the package installed perfectly.

Ruby Gem

Assuming you’re using bundler:

bundle config build.mysql \ --with-mysql-include=/Applications/MAMP/Library/include/mysql/ \ --with-mysql-lib=/Applications/MAMP/Library/lib \ --with-mysql-config=/Applications/MAMP/Library/bin/mysql_config

and then before you do a bundle install , set the env vars

export ARCHFLAGS="-arch x86_64"

or

export ARCHFLAGS="-arch $(uname -m)"

Test it

If things install nicely, lets make sure it works…

$ipod:~ jvanasco$ python

import _mysql

Oh , crap:

Traceback (most recent call last): File "", line 1, in File "build/bdist.macosx-10.5-i386/egg/_mysql.py", line 7, in File "build/bdist.macosx-10.5-i386/egg/_mysql.py", line 6, in bootstrap ImportError: dlopen(/Users/jvanasco/.python-eggs/MySQL_python-1.2.3-py2.7-macosx-10.5-i386.egg-tmp/_mysql.so, 2): Library not loaded: libmysqlclient.18.dylib Referenced from: /Users/jvanasco/.python-eggs/MySQL_python-1.2.3-py2.7-macosx-10.5-i386.egg-tmp/_mysql.so Reason: image not found

Basically what’s happening is that as you run it, mysql_python drops a shared object in your userspace. That shared object is referencing the location that the Mysql.org distribution placed all the library files — which differs from where we placed them in MAMP.

There’s a quick fix — add this to your bash profile, or run it before starting mysql/your app:

export DYLD_LIBRARY_PATH="$DYLD_LIBRARY_PATH:DYLD_LIBRARY_PATH=/Applications/MAMP/Library/lib/mysql"

Conclusion

There are too many posts on this subject matter to thank. A lot of people posted variations of this method – to which I’m very grateful – however no one addressed troubleshooting the Python process , which is why I posted this.

I also can’t stress the simple fact that if the MAMP distribution contained the header and built library files, none of this would be necessary.

I’m quickly prototyping something that needs to interact with Facebook’s API and got absolutely lost by all their documentation – which is plentiful, but poorly curated.

I lost a full day of time trying to figure out why my code wasn’t doing what I wanted it to do, trying to understand how it works so I could figure out what I was actually telling it to do. I eventually hit the “ah ha!” moment where I realized that by following the Facebook “getting started” guides, I was telling my code to do embarrassingly stupid things. This all tends to dance around the execution order , which isn’t really documented at all. Everything below should have been very obvious — and would have been obvious, had I not gone through the “getting started” guides, which really just throws you off track.

Here’s a collection of quick notes that I’ve made.

Documentation Organization

Facebook has made a lot of API changes over the past few years, and all the information is still up on their site… and out on the web. While they’re (thankfully) still supporting deprecated features, their documentation doesn’t always say what is the preferred method or not – and the countless 3rd party tutorials and StackOverflow activity don’t either. The “Getting Started” documentation and on-site + github code samples also doesn’t tie together with the API documentation well either. If you go through the tutorials and demos, you’ll see multiple ways to handle a login/registration button… yet none seem to resemble what is going on in the API. There’s simply no uniformity, consistency, or ‘official recommendations’.

I made the mistake of going through their demos and trying to “learn” their API. That did more damage than good. Just jump into the Javascript SDK API Reference Documentation itself. After 20 minutes reading the API docs themselves, I realized what was happening under the hood… and got everything I needed to do working perfectly within minutes.

Execution Order

The Javascript SDK operations in the following manner:

1. Define what happens on window.fbAsyncInit – the function the SDK will call once Facebook’s javascript code is fully loaded. This requires, at the very least, calling the FB.init() routine. FB.init() registers your app against the API and allows you to actually do things.
2. Load the SDK. this is the few lines of code that start “(function(d){ var js, id = ‘facebook-jssdk’;…” .
3. Once loaded, the SDK will call “window.fbAsyncInit”
4. window.fbAsyncInit will call FB.init() , enabling the API for you.

The important things to learn from this are :

1. If you write any code that touches the FB namespace before the SDK is fully loaded (Step 3), you’ll get an error.
2. If you write any code that touches the FB namespace before FB.init() is called (Step 4), you’ll get an error.
3. You should assume that the entire FB namespace is off-limits until window.fbAsyncInit is executed.
4. You should probably not touch anything in the FB namespace until you call FB.init().

This means that just about everything you want to do either needs to be:

1. defined or run after FB.init()
2. defined or run with some sort of callback mechanism, after FB.init()

That’s not hard to do, once you actually know that’s what you have to do.

Coding Style / Tips

The standard way the Facebook API is ‘instructed to integrated is to drop in a few lines of script. The problem is that the how&why this works isn’t documented well, and is not linked to properly on their site. Unless you’re trying to do exactly what the tutorials are for – or wanting to code specific Facebook API code on every page, you’ll probably get lost trying to get things to run in the order that you want.

Below I’ll mark up the Facebook SDK code and offer some of ideas on how to get coding faster than I did… I wasted a lot of time going through the Facebook docs, reading StackOverflow and reverse engineering a bunch of sites that had good UX integrations with Facebook to figure this out.

// before loading the Facebook SDK, load some utility functions that you will write
<script type="text/javascript" language="javascript" src="/js/fb_Utils.js"></script>
<div id="fb-root"></div>
<script>
    // when Facebook's SDK is loaded, it calls "window.fbAsyncInit"
    // the SDK load is the second block of code below
    window.fbAsyncInit = function() {
        FB.init({
            appId      : 'YOUR_APP_ID', // App ID
            channelUrl : '//WWW.YOUR_DOMAIN.COM/channel.html', // Channel File
            status     : true, 
            cookie     : true,
            xfbml      : true,
            oauth      : true 
        });
        // Additional initialization code here
        // ----------------------
        // ----------------------
        // the above is the fairly standard example from Facebook
        // now we'll do something custom 
        // we want to wrap all our facebook init stuff within a function that runs post async, but is cached across the site
        fb_Utils.initialize();
    };
    // this block actually loads the SDK
    (function(d){
       var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
       js = d.createElement('script'); js.id = id; js.async = true;
       js.src = "//connect.facebook.net/en_US/all.js";
       d.getElementsByTagName('head')[0].appendChild(js);
     }(document));

</script>

One of the move annoying things I encountered, is that Facebook has that little, forgettable, line in their examples that read:

// Additional initialization code here

You might have missed that line, or not understood its meaning. It’s very easy to do, as its quite forgettable.

That line could really be written better as :

// Additional initialization code here
// NEARLY EVERYTHING YOU WRITE AGAINST THE FACEBOOK API NEEDS TO BE INITIALIZED / DEFINED / RUN HERE.
// YOU EITHER NEED TO INCLUDE YOUR CODE IN HERE, OR SET IT TO RUN AFTER THIS BLOCK HAS EXECUTED ( VIA CALLBACKS, STACKS, ETC ).
// (sorry for yelling, but you get the point)

So, let’s explore some ways to make this happen…

In the code above I called fb_Utils.initialize() , which would have been defined in /js/fb_Utils.js (or any other file) as something like this:

// grab a console for quick logging
var console = window['console'];


// i originally ran into a bunch of issues where a function would have been called before the Facebook API inits. 
// the two ideas i had were to either:
// 1) pass calls through a function that would ensure we already initialized, or use a callback to retry on intervals
// 1) pass calls through a function that would ensure we already initialized, or pop calls into an array to try after initialization
// seems like both those ideas are popular, with dozens of variations on each used across popular sites on the web
// i'll showcase some of them below

var fb_Utils= {
    _initialized : false
    ,
    isInitialized: function() {
        return this._initialized;
    }
    ,
    // wrap all our facebook init stuff within a function that runs post async, but is cached across the site
    initialize : function(){
        // if you wanted to , you could migrate into this section the following codeblock from your site template:
        // -- FB.init({
        // --    appId : 'app_id'
        // --    ...
        // -- });
        // i looked at a handful of sites, and people are split between calling the facebook init here, or on their templates
        // personally i'm calling it from my templates for now, but only because i have the entire section driven by variables

    // mark that we've run through the initialization routine
    this._initialized= true;

    // if we have anything to run after initialization, do it.
    while ( this._runOnInit.length ) { (this._runOnInit.pop())(); }
}
,
// i checked StackOverflow to see if anyone had tried a SetTimeout based callback before, and yes they did.
// link - http://facebook.stackoverflow.com/questions/3548493/how-to-detect-when-facebooks-fb-init-is-complete
// this works like a charm
// just wrap your facebook API commmands in a fb_Utils.ensureInit(function_here) , and they'll run once we've initialized
ensureInit :  function(callback) {
    if(!fb_Utils._initialized) {
        setTimeout(function() {fb_Utils.ensureInit(callback);}, 50);
    } else {
        if(callback) { callback(); }
    }
}
,
// our other option is to create an array of functions to run on init
_runOnInit: []
,
// we can then wrap items in fb_Utils.runOnInit(function_here) , and they
runOnInit: function(f) {
    if(this._initialized) {
        f();
    } else {
        this._runOnInit.push(f);
    }       
},
// a few of the Facebook demos use a function like this to illustrate the api
// here, we'll just wrap the FB.getLoginStatus call , along with our standard routines, into fb_Utils.handleLoginStatus()
// the benefit/point of this, is that you have this routine nicely compartmentalized, and can call it quickly across your site
handleLoginStatus : function(){
        FB.getLoginStatus(
            function(response){
                console.log('FB.getLoginStatus');
                console.log(response);
                if (response.authResponse) {
                    console.log('-authenticated');
                } else {
                    console.log('-not authenticated');
                }
            }
        );
    }
, 
// this is a silly debug tool , which we'll use below in an example
event_listener_tests : function(){  
    FB.Event.subscribe('auth.login', function(response){
      console.log('auth.login');
      console.log(response);
    });
    FB.Event.subscribe('auth.logout', function(response){
          console.log('auth.logout');
          console.log(response);
    });
    FB.Event.subscribe('auth.authResponseChange', function(response){
          console.log('auth.authResponseChange');
          console.log(response);
    });
    FB.Event.subscribe('auth.statusChange', function(response){
          console.log('auth.statusChange');
          console.log(response);
    });
}


}

So, with some fb_Utils code like the above, you might do the following to have all your code nicely asynchronous:

1. Within the body of your html templates, you can call functions using ensureInit()

fb_Utils.ensureInit(fb_Utils.handleLoginStatus)
fb_Utils.ensureInit(function(){alert("I'm ensured, but not insured, to run sometime after initialization occurred.);})

1. When you activate the SDK – probably in the document ‘head’ – you can decree which commands to run after initialization:

   window.fbAsyncInit = function() {
   // just for fun, imagine that FB.init() is located within the fb_Utils.initialize() function
   FB.init({});
   fb_Utils.runOnInit(fb_Utils.handleLoginStatus)
   fb_Utils.runOnInit(function(){alert("When the feeling is right, i'm gonna run all night. I'm going to run to you.");})
   fb_Utils.initialize();
   };
   

Concluding Thoughts

I’m not sure if I prefer the timeout based “ensureInit” or the stack based “runOnInit” concept more. Honestly, I don’t care. There’s probably a better method out there, but these both work well enough.

In terms of what kind of code should go into the fb_Utils and what should go in your site templates – that’s entirely a function of your site’s traffic patterns — and your decision of whether-or-not a routine is something that should be minimized for the initial page load or tossed onto every visitor.

I’m looking into the top blenders out there; there seems to be many pros & cons with the VitaMix and the BlendTec. Most notably I’ve found this:

VitaMix

• Great Warranty – 7 years
• The motor has issues for many people – like burning out or needing a rest period – its just not as “industrial” as many thing.
• Most people need to use the stirring tool to blend
• Not many bad reviews on the Amazon page, but many people on the BlendTec page mention “trading up” from it.

BlendTec

• Warranty isn’t as great
• Seems to blend faster for everyone.
• The reviews are great, but some people have owned several units

Net Neutrality is an increasingly popular topic for debate: Consumer advocates preaching about the freedom of choice; lobbyists preach about the freedom of markets; millions of people sit on the sidelines and wonder what they hell they’re talking about. While I can appreciate the arguments from each stakeholder, I’ve come to find both rather moot as internet tiering seems to be more a symptom of a larger economic problems than an actual issue itself. Net Neutrality isn’t a battle about the rights of internet consumers, its about the decline of innovation in the American economy.

Once upon a time ( in a land far far away), companies would compete for consumer dollars based on the strength of their products. The best /whatever/ were solid pieces of machinery that would last for years as the focus of innovation was to create better products. Most people are all too familiar with buying a modern day kitchen appliance that barely lasts a few years, while their parents regularly use products that are decades old.

At some point in time there was a cultural shift in America and we collectively decided to stop making purchases based on the strength of products, but instead on price. At the same time, corporations started to focus exclusively on maximizing their profits — and we all became familiar with planned obsolescence, offshore labor, and eventually offshore customer support as we increasingly complained about inferior goods.

The typical American Company no longer cared to innovate on the strength of their products, and instead focused on their financial statements — trying to make products as cheaply as possible. People began to not care they’d have to replace their blenders every year, because an unserviceable chinese made appliance was cheap enough to not care about how long it lasted. Unfortunately, we all learned the real costs involved on the third, fourth and fifth times we replaced any given appliance.

I doubt manufacturers consciously aimed to reduce quality at first, they simply didn’t care about it anymore; quality was an early casualty of minimizing costs. At some point though, marketers realized that they could position multiple lines of products — using a lower price point of disposable goods to inflate the prices of better made products, and encouraging consumers to trade-up to the higher priced model.

Over several decades, the general focus of what we innovate on — across our entire economy — has shift from what we make, to how we make and market it. American products are no longer as well made as they once were; in fact, many are not even made in America, they’re merely designed or managed within US borders, and manufactured outside.

Our capacity to innovate has shifted focus so much onto Costs and Marketing that an entire industry has grown around virtual goods. No, I’m not talking about the million dollar digital goods purchased in online games — I’m referring to the 1.2 quadrillion dollar “financial derivatives” market that nearly collapsed the US economy. Financial derivatives aren’t products that are linked to tangible goods, they’re essentially complex methods of valuing trading loan repayment obligations. An entire industry worth not millions, billions or trillions — but quadrillions — was created on the premise of selling different types of billing arrangements.

Financial Derivatives are merely an example of our shift from tangible products to intangible transaction-oriented ‘products’. US based Bank of America and Wells Fargo both recently lost class action lawsuits for creating illegal “billing products” in which their customers banking activity was processed in a way to maximize overdraft fees. While a customer’s deposits would be processed in a chronological order, their withdrawals would be reordered into a “largest to smallest” list. This created an abusive and aggressive situation in which multiple overdraft fees and penalty charges would occur. Instead of figuring out ways to lower fees or provide better service, Bank of America and Wells Fargo decided to innovate on how they bill their customers.

Telecommunication companies have operated in a similar manner. If you have a multi-year Cellular or Internet Service contract, you might note that your service has remained the exact same, while you have an increasing number of plans or service changes disclosed in your bills. It’s not uncommon to have an ‘unlimited’ plan suddenly capped at a very limited number; or learn that you now have your choice of 3 different ways to be billed for the exact same phone service. Instead of addressing the countless dropped calls or 2 week wait for customer service appointments, telecommunications companies have pushed their capacity to innovate into their billing department.

In modern times we use the term “billing products” to discuss these types of innovations, but historically this has been called “Rent Seeking (Activities)”. For those unfamiliar with the term, Rent Seeking is when an organization uses their resources to obtain an economic gain, without actually creating any wealth.

While the financial derivatives crisis has shown itself to be outrageous, the Net Neutrality issues is nothing other than perverse. For the first time in history, companies are actively lobbying for the ability to charge people for substantially worse service – and proud of it.

The argument for Tiered Internet Service isn’t one about free markets – in fact its the exact opposite , as its requires the manipulating of telecommunication resources – not to mention garnering government legal support. Instead of spending their energy on faster downloads, larger bandwidth, or cheaper costs… these companies are spending tens of millions of dollars to lobby the government for the ability to charge consumers more money for worse service. Instead of lowering their customer’s bills or improving their service through technological advances, companies like Comcast, Verizon and AT&T are spending time, energy and resources to argue for the ability to charge additional fees for improvements on a degraded service. Even in a purely capitalistic sense, this is a terrible idea — its an implicit sign to stockholders that these companies are technologically unable to compete for products, so must instead find new ways to bill.

I’m simply amazed that no one is discussing the situation around Net Neutrality from the larger economic context. Many people like to talk about the core of the American economy shifting from product to service based, but the service aspects have increasingly proven to be a midpoint on a larger shift — one in which Rent Seeking is a major component. The presence of Rent Seeking Activity has historically been one of the best indicators of substantial economic and governmental problems one can find, if you can find it. Today we’re in a cultural moment where this sort of activity isn’t happening behind-the-scenes , but its being publicly embraced and hailed as an ideal by its benefactors. Our economy has embraced a shift away from innovating on goods and creating better products that push our civilization forward, to one that is just trying to bill people differently. To me, this isn’t troubling, it’s terrifying.