The title of this post is clickbait. It should be titled something closer to "How we lost user interaction after our redesign".
They specifically mention that they did not lose any traffic/visitor numbers: "Important: our overall traffic didn’t change. The same amount of people came to this feature’s page."
It appears as though the "lost users" were really lost interactions with the vote button: "our voting numbers decreased by ~50%."
It's fascinating to me how far people are willing to go when skewing the information to pique interest. I'll bet a lot less people would read it without "lost users" in the title.
As a writer, I know quite much about clickbait name and use them extensively, true that.
However, in this particular case, the point is true: ~47% people stopped using the feature (user = someone, who uses). Meaning the conversion between people who found the feature and started using it has dropped by 47% as well.
So, if traffic numbers are EXACTLY the same (as noted) but less people click on a single button, you've "lost those users"? Doesn't make any sense to me. You've lost interaction with a button from your unchanged user base. Like you said yourself, click conversion from your users changed. Users changing interaction ≠ losing users
If you had lost 50% of your users, you would have half of the overall site traffic that you had last time.
Yes and no. I see what you are saying, but in my opinion every site can have its own definition of user and visitor. For some sites the terms may be interchangeable, while for other sites they have completely different meanings.
Let's take HN for example (I don't know if HN considers this their metric or what, just using it as an example.). Let's say they made a change that now requires everyone to login to the site each time they visit. So if you closed your browser window or were inactive for a period of time you would have to log back in. While you could still read posts and comments, you would be unable to submit new stories or comment until you logged in. While you are not logged in you would be considered a visitor. But when you log in, you now become a user.
While at first the traffic, or visitors, may remain the same, without participating users on the site the number of visitors will eventually drop as not as many people are submitting or commenting.
A site that does not require interaction, may on the other hand, simply use the two terms (visitor & user) interchangeably.
Seems to me by losing this argument I'll save 50% users for our feature. I hope you're right and those who stumbled on redesigned feature and left it, will one day return and finally know how to use it.
To remove the icon from your cmd+tab: open the preferences/settings for the application and under "Application Options" use the multi-select field from "Both" to "Only Menu Bar", then restart the app. The icon won't be in your dock or cmd+tab anymore, but lives in the menu bar :)
I have had reservations about the Echo line because of the whole "always listening" thing, regardless of what anyone's said about how it's not recording, how I can unplug it, etc. The whole "always listening" thing isn't what interests me about playing with Alexa.
As someone who's spent a fair amount of time with hardware, I think this is what will make me tinker with the Alexa service - I am interested to see what it can do and I like keeping up with Amazon's hardware projects. I've got all the parts lying around to throw this together without spending anything, so it's a neat way for them to grab some interest from a different user demographic. This also should be fairly easy to get running on a BeagleBone too, which I tend to lean towards (more I/O, PRU can be useful)
>I have had reservations about the Echo line because of the whole "always listening" thing
I've spoken with other people about feeling this way. I think that the difference here is actually 100% psychological, and that always-listening devices like the Echo are exactly as trustworthy as the company that makes them.
I am currently standing next to at least 4 different devices with microphones and internet connections that are on or in "sleep" mode. Just because they aren't "listening" to me in a way that is obvious (e.g., they respond to a command) doesn't mean that they're not recording every sound I make. There are in fact trojans designed to do exactly that.
Either you trust the manufacturer of these devices or you don't. The fact that there's a secondary processor on the Echo that does low-power constant voice recognition for the word "Alexa" (and similarly for some phones which can be activated with "OK Google") doesn't make it suddenly more likely to be storing all of your audio, all the time.
The only salient difference is just that it makes it obvious that it was in fact listening, whereas any internet-connected device around you could be listening to you right now and simply never let on.
Even if you trust the company, you also have to trust that they have no logs that can be subpoenaed and that they cannot be compelled or hacked to wiretap you.
Sure, but that misses the point: if your phone were doing that it would be functionally equivalent. You wouldn't be able to tell any more than you would with Alexa
I'm pretty sure Alexa isn't recording or transmitting what's said at all times, there's just a local process looking for the queue to start recording a sample to upload. That queue being the word "Alexa".
I believe you're right, but it still feels icky to have something always listening for that special phrase, to me. Maybe if I wrote and maintained the code myself that always listened, I'd feel more comfortable with it.
Oh, I think the proper word was cue, not queue, by the way.
You could try adding in some simple motion, like raising your hand, before the system would start listening for hot words. Maybe connect a cheap infrared sensor to GPIO and block its view so it only detects motion at or above certain height.
I believe the terms and conditions for the Alexa SDK state you can't activate the Alexa Voice Service via voice, your user has to purposefully interact with something like a button to use it.
EDIT: I'm wondering if this is a legal thing, i.e. they don't want any tom, dick or harry creating "always listening" devices associated with their brand, or they just want to differentiate their Echo product and not have competitors
Its worth remembering that these services are dependent on the network 'carrying their packets'. If you're worried about them 'phoning home' just make sure your home network is configured to record such events to the best of your ability, and setup some simple alerts or blocking.
Agreed, I think this can be generalized to say that this should be the case with all these cloud services. The hardware should be open source, so you can at least control that part. At least you have that much control over the cloud APIs.
The whole "old installer" and "bootable disk" has been a pain-point since 10.8 for me. I have done 4 or 5 clean installs for friends in the last 6 months, and I tried to make a 10.10 or 10.11 bootable USB... no go - each time, a new issue.
I have ended up every time using my older 10.8 (ML) install USB every time, then just firing off the free App Store upgrade to 10.11.
In newer Mac's (2012 onward IIRC) you can just boot into a net installer, and it goes and fetches the installer from the internet before re-installing.
So this looks like HR or someone from inside snapchat got a phishing email and happily obliged and sent off a bunch of sensitive information without confirming that it should all be shipped over (unsecure) email.
I do work for some higher ed institutions, and almost every year without fail we have seen (and dealt with) successful phish attempts of various staff members... it's usually something small like a credit card number, but it still amazes me how an email that may look "very suspicious" to me doesn't set of a flag for someone else who isn't really thinking about this type of attack.
Social engineering attacks will probably be a thorn in security's side for a very long time, if not indefinitely... There's a sort of fundamental disconnect inherent in "Trust the system! It's secure! Except be careful because sometimes something that is not the system will pretend to be the system..."
We keep treating falling for phishing emails as a user error. But, perhaps, having our most "official" means of communicating online (email) be a protocol that has no identity verification, no authentication and no encryption, is actually a technical bug, not a human one.
I mean, you would expect that we should at least be able to tell that if you get a x@snapchat.com email in your y@snapchat.com inbox, it actually came from x who works at Snapchat. However, that is (in general), not how email works, for some reason (yes, I know, ancient protocol, tons of stakeholders, identity is hard, but come on...).
SPF Everywhere would be a start. But, as currently deployed, at least, SPF is nowhere near enough. I do research in security, and even I often have no clue, when faced with a new corporate email system, whether the email addresses I see can or can't be forged, depending on domain.
Hell, if I get bob@company.com on my Gmail inbox, I cannot really tell whether even the @company.com part has been authenticated or not. There isn't even an HTTPS like lock icon or anything, let alone a "Google has verified that this email comes from Amazon.com" assurance.
SPF doesn't really do anything to prevent this. It can only protect the return path address, the scammer is free to use whatever From and Reply-To headers they like in the email itself - they don't really care if a bounce goes to the wrong place.
DMARC protects the From header, but isn't widely deployed.
Of course, because, well, unless you know the whole story of email, down to knowing what SMTP is, there is zero reason to expect that the from address of your email client lies to you. Which is also why all web traffic should be over TLS, because the same can be said of domain names. This is one area of security where our systems really should be made to match the user's expectation, and not the other way around. This is not a "grampa doesn't understand the interwebs" sort of issue, this is clearly broken design.
Non-envelope headers on emails are arbitrary. "From" (as opposed to Envelope-From) is one of these. Some mail clients looking at you, Outlook) just display the minimum amount of data including From, and make it non-obvious that this is not really where the mail was from. You only see this difference in address when you hit reply.
We had a phishing attack on an employee in accounting that was stopped in progress and just in time before a bank transfer took place. The emails in question passed SPF as they weren't actually from another user in our domain.
Adopt PGP signatures as a requirement on emails that include sensitive data. It should be easy enough to have an internal key server and a company key that counter signs all valid company keys. Require the key only be used for signing and kept on a usb stick.
S/MIME and X.509 is a lot more common than PGP signatures -- support for it is built in to most MUAs. Also, typically the keys are on smartcards rather than USB devices where the private key could be accessed.
An unknown person told the manager on the phone that they were with the fire department and needed to conduct a diagnostic test on the fire system, police said. The manager followed instructions and turned on the restaurant’s fire suppression system. The caller then said what the manager had done had caused a gas leak, so everyone had to evacuate the restaurant and the employee was told to break all the windows to avoid an explosion.
Wendy’s employees complied and smashed every single window, while waiting for the fire department to show up. Once officials arrived, they confirmed the call was a hoax.
I have seen so many stores of this on reddit. People's HR departments sending sensitive information to random phishing emails. It seems a little ridiculous that we're still trusting these people with our data.
I'd love to see some performance benchmarks for Nginx's caching vs Varnish (memory, reqs). Even if Nginx can do the same thing, if I need more RAM to do it, or it handles less requests - I'd rather keep Varnish.
First impression: after looking over the homepage, the 9 "Get Started - It's FREE" buttons made me hunt in the footer for "Pricing" or more information before signing up, because usually that tactic says "free trial, but then you want my money" to me.
Second impression is that it seems like a Swagger Editor tool combined with a REST Explorer (like Postman or Advanced REST Client). Testing now and will update with some more thoughts :)
It really is free, for individual use, forever :). Pricing starts at the team level - at $8/month/member. We're also introducing cheaper, annual pricing soon.
The hosted documentation integration is completely free - we have a paid option coming soon, that adds custom domains, theming, analytics, etc.
Yeah, the copy kind of indicated to me that there was some pricing scheme coming, but there is no indication (or info) about that on your site. Just something to remember if you're going to take a little time to add the Pricing details :)
I clicked this mainly because I had skimmed the other piece from Sandberg saying that FB didn't need the MBA to be seriously considered.
This article (title included) appears to primarily be "clickbait." I didn't find any part of the piece particularly insightful. There are links advertising their own services/pages to help people with MBAs trying to get jobs, which leads me to believe this was primarily done for traffic
I'm wondering if "clickbait" should be a first-class content flagging option. It's subjective, of course. Clickbait is not quite fraud...but I do feel like people are attempting to steal my attention.
Agreed. Initially, I canceled the OAuth request because I thought I had missed other options, but really Twitter is the only option. I don't love that it wants to read all of my tweets. Would love to see more integrations (and I'm sure they're coming) :)
Also there's a redirect through something called https://oauth.io which I've never heard of so now I'm thinking that oauth.io has some kind of access to my Twitter account rather than openhunt.co?
They specifically mention that they did not lose any traffic/visitor numbers: "Important: our overall traffic didn’t change. The same amount of people came to this feature’s page."
It appears as though the "lost users" were really lost interactions with the vote button: "our voting numbers decreased by ~50%."
It's fascinating to me how far people are willing to go when skewing the information to pique interest. I'll bet a lot less people would read it without "lost users" in the title.