Archive for October, 2009

Two things we can learn from the Left 4 Dead 2 Demo release debacle

Thursday, October 29th, 2009

1. How not to delay a release

The thing about deadlines is that sometimes, even when you’ve done everything you possibly could, they still get missed. It’s not always your fault, but nobody cares; once it’s late, everyone will blame you. And if you’re Valve, they will be loud and bitter and increasingly annoying.

But that doesn’t mean it’s ok to be stupid about how you postpone the release.

For those who of you who weren’t sitting on the edge of your seats from Tuesday afternoon until Wednesday evening, here is what happened:

  • Oct. 23rd 11:30 PST — Valve announced that the Left 4 Dead 2 demo would be available on Oct. 27th for anyone who pre-ordered the game.
  • Oct. 27th (early morning) — The release was scheduled for noon PST.
  • Oct. 27th noon PST — The release was postponed until 1pm PST.
  • Oct. 27th 1pm PST — The release was postponed until 2pm PST.
  • Oct. 27th 2pm PST — The release was postponed until 3pm PST.
  • Oct. 27th 3pm PST — The release was postponed until 11pm PST.
  • Oct. 27th 11pm PST — The release was postponed until Oct. 28th at 6am PST.
  • Oct. 28th 6am PST — The release was postponed until 1pm PST.
  • Oct. 28th 1pm PST — The release was postponed until 2pm PST.
  • Oct. 28th 2pm PST — The release was postponed until 3pm PST.
  • Oct. 28th 5pm PST — The demo was finally released.

This demo has been heavily anticipated for weeks, so needless to say people were very excited about it. After the first delay, most people were probably still too excited to care. After the second and third, the general populace was getting annoyed, but still had faith. But by the time it was delayed until 11pm (that’s 2am for us east-coasters!) people were starting to get quite upset. What was Valve doing that suddenly needed an extra five hours after already pushing the deadline by one hour several times? The comments on the official steam community group were shut down due to the sheer rage of Valve’s loudest fans.

When they missed the 11pm deadline, that’s when things got bad. Imagine living on the east coast and staying up until 2am to play the demo the moment it’s released only to find that shortly thereafter, Valve delays it until the following morning. Then waking up that morning only to find the deadline pushed until the afternoon!

And it didn’t end there. Even in the afternoon, Valve promised one more hour twice, then stopped updating anyone altogether before finally releasing the demo two hours later after a grand total of 8 missed deadlines in under 30 hours.

Now the proper way to handle a missed deadline is to give it one solid push, not to string it along for a day and a half. If Valve had come out on Tuesday and said “Sorry everyone, but we’re making some last minute changes to our servers and the demo won’t be ready until Thursday” then sure there would have been a bit of backlash, but nothing like what actually happened. Since this is the first push, the community can still have confidence that the new deadline will be met. And imagine how excited everyone would be when on Wednesday evening Valve releases it earlier than they had cited!

This was a serious mistake on Valve’s part. I’m not sure what went wrong or why they kept thinking they could fix it in under an hour, but they should have known better. They should have given it a big estimate with plenty of buffer in case more things went wrong — this would have been less stressful for everyone, and if it really only took an hour to fix, they could’ve just released it anyway.

2. Why it’s important to make awesome products

Because it makes people forget about things like a botched release date.

There’s no denying that the demo delivers. The new content is fantastic, and there’s just enough of it to give gamers a sense of what the full game will contain. It’s all kinds of fun, and the nature of Left 4 Dead means that the two levels available will be worth playing plenty of times — easily enough to satiate the cravings of many between now and the full-game release. A smashing success!

But back to my point. The blog coverage for the Left 4 Dead 2 demo between the afternoons of October 27th and October 28th was completely negative. Anger about the constant delays, blind rage directed at Valve, and users feeling that they could no longer trust their favourite publisher. How’s the blog coverage now? Very positive — everyone’s talking about how great the demo is. A couple of days’ worth of gushing is already drowning out all the bad press from the release. In a week, when the demo is opened up to the public, will anyone care that the pre-ordered version was a touch late? Of course not! It’s here now, and it’s awesome.

This is the power of a fantastic product. The power to overthrow 2 days’ worth of bad press and replace it with accolades.

What’s your take?

Can we draw any other lessons from this experience? Will Valve? Are you still pissed about how long it took the demo to come out? Leave a comment — I’d be glad to hear about it.

What is a Font Stack?

Saturday, October 24th, 2009

Font Stack (n) : A list of several fonts provided from a website to a browser via CSS from which the browser will chose a font with which to render the associated text. eg. font-family: Helvetica, Arial, sans-serif;

This is a pretty simple concept to understand. To show text on screen, the browser needs to use a font, and the way web developers tell the browser which font to use is by making a font stack like the one shown above. The browser will go through the list from left to right, and when it finds a font that it can use, it renders the text using that font. So you put the ideal font first, then the next-best-thing that looks pretty similar, then maybe another back-up or two, then a default like serif or sans serif, which essentially tells the browser to use whatever default font it has of that type.

I was sifting through WordPress themes the other day when I stumbled upon:

font-family: Georgia, sans-serif, Verdana;

Let’s take a moment to go over the various atrocities committed by this abomination:

  1. Georgia is a serif font, while Verdana (and obviously sans-serif) are sans-serif fonts. It’s purely nonsensical to include serif and sans-serif fonts in the same stack — you either want serifs or you don’t.
  2. Browsers choose fonts from left to right, remember? And sans-serif is one of those default fonts we talked about, so it’s guaranteed to always be supported by all browsers. This means that the Verdana in that stack will never be used, ever. There is absolutely no reason to include another font after a default.
  3. One of the notable characteristics of Verdana is that it’s very wide. The wider the font, the less characters will appear on a single line. It’s a terrible idea to include a wide font, such as Verdana, in the same stack as a comparatively thin font, such as Georgia (or Arial, which is a more common mistake) because now the width of your lines, the length of your page, and the general look and feel of your text vary greatly depending on which font is used.

Horrible! But all is not lost; here are a few simple guidelines to make sure you don’t create anything similar:

  1. Never mix serif and sans-serif fonts in the same stack.
  2. Always include a default font, but always put it at the very end.
  3. Always test each font first to make sure your lines break in about the same places and that your text still has the same general shape.
  4. Never guess — the internet is a wonderful place with plenty of resources for the aspiring typophile, use them!

What Makes for a Good Domain Name?

Friday, October 16th, 2009

A domain name is the unique, human-readable address of a website — the stuff in your browser’s address bar after “http://” but before any subsequent “/” characters. This blog actually has two domain names:

Both redirect to the same content, but each serves a different specific purpose (which we’ll get to in a moment). The idea behind a domain name is that it represents where your website “lives” on the internet, so you’ll be telling it to a lot of people and it plays a very important role. In particular, a domain name should be related to you and easy for people to remember. Each of these qualities is quantitative, and varies from domain to domain.

For this blog in particular, both domain names are easily related to me — they’re my name. Where they differ if in how easy they are for people to remember. There are essentially two high-level ways for someone to find out about a domain name; to hear the domain name spoken out-loud, and to see the domain name written down or on screen. These are different situations which have different requirements:

  • A domain name that is easy to hear out loud should sound very simple and clear. No weird characters, nothing too clever, no ridiculous abbreviations.
  • A domain name that is easy to read should “parse” well. This means that even a quick glance is long enough to comprehend what it says.

I chose to use two domain names for this blog because I couldn’t find one name that matched both those qualities. On the one hand, danmenard.com is very easy to hear out loud. “Dan Menard dot com” or “my name, dot com”. But I hate how it looks; it’s very hard to read, because the “nm” bit kind of obfuscates the whole thing. The other, dan-menard.com, is the opposite. It’s easy to look at an instantly read, but it’s awkward to say out loud “Dan dash Menard dot com” doesn’t exactly roll of the tongue, and I’m sure people would confuse the dash for an underscore or a slash. By choosing two domain names, I have the best of both worlds:

  • If I’m talking to someone in person, I tell them my blog is at the pleasant-sounding danmenard.com.
  • If I’m sharing my blog in writing (email, Twitter, etc), I write dan-menard.com because it is easier to read.

What do you think? Do you have a blog? Would it benefit from a second domain name? Leave a comment and share some thoughts.

Are Google Wave invites to blame for recent Hotmail/Gmail phishing attacks?

Wednesday, October 7th, 2009

I have no idea how the recent Hotmail/Gmail account compromises actually took place. What follows is a simple hypothesis based on a somewhat embarrassing anecdote.

Like many of you, I am currently waiting for an invite to Google Wave. Imagine my joy when this came across my inbox one Tuesday morning:

Subject: Google Wave invite

Congratulations! You’ve been invited to Google Wave by your friend {a close friend of mine with a Wave account}. Click the link below to register:

http://bit.ly/3lBnzB

Still half asleep (and now bursting with joy!) I open the link, suddenly thinking it’s strange that Google would use a url-shortener to send me a Wave invite. As you may have guessed, what was waiting for me was not a desirable HTML5 product but was in fact a YouTube video of Rick Astley performing Never Gonna Give you Up — yeah, I got rick-rolled a year after rick-rolling people was cool.

Now I’m fortunate that my dear friend (it was davefp) has a sense of humour – the truth is I technically just fell for a phishing scam, and I’m lucky there was no malicious intent involved. This got Dave and I talking; phony Wave invites would be a very opportunistic way to steal account credentials from eager Gmail users, and could be what caused the recent account compromises.

Let’s look at the reasons why I was inclined to trust the link in the email I received:

  1. I was expecting an invite
  2. It looked like an invite
  3. I was half asleep
  4. I was overjoyed

I was expecting an invite. There are thousands upon thousands of Gmail users anxiously awaiting Wave invites. There are thousands upon thousands more that have no reason to expect an invite but would still take one if one were offered to them. This is an exciting product, after all.

It looked like an invite. Sure the shortened url was one possible give-away, but even that could have been improved by masking the url with text that looked like a safe url, such as http://wave.google.com/mygmailaccount. Add a couple of Google images and maybe a formal signature and this could have been a lot closer to foolproof.

I was half asleep. Admit it, you’re not always paying attention when you check your mail either. We check our email late at night, early in the morning, on our mobile phones, while we’re eating or playing with a pet; there are all kinds of distractions that may contribute to not paying full attention to routine tasks like checking email.

I was overjoyed. Don’t discount this one — human emotion is what sells a social engineering attack such as phishing. I had a rush of feelings and thoughts flying through my head as I clicked a link I barely looked at: who do I know that already has wave? I hope it’s awesome! who will I invite? I should thank Dave for inviting me! where’s the link for that two-minute introduction video I saw the other day?

Of course it could just be a coincidence that Wave launched a few days before a high-profile phishing scam, and it could be that I’m the only one stupid enough to fall for a prank like this, but at the very least I think it’s conceivable that a phishing attack based on Google Wave invites could have snagged 30 000 users or so from a group of major email providers.

Am I out of my mind? Have you heard a better explanation? Share some thoughts and leave a comment.

Does Chrome Frame do more harm than good?

Wednesday, October 7th, 2009

There’s been a bit of buzz around the web lately after Google proposed a solution to the IE6 problem in Chrome Frame. While it seems like a great idea up front, there’s actually quite a bit of controversy behind whether or not this is a valid solution. Read on for a quick summary of anything you might have missed, followed by my own take on the matter and a chance to share yours.

Let’s get you caught up

Internet Explorer 6 is a browser that was created for Windows XP and released in 2001. Due to the massive popularity of XP and the widespread adoption of the Internet Explorer name going into this millennium, it’s still used today by a non-ignorable portion of web users. This is a problem for web developers, because it’s often necessary to bend over backwards in order to get new and exciting web products to perform reasonably in a browser that is about half as old as the world wide web itself.

While developing Wave, Google had to come up with a solution for IE6, and decided to do something novel by creating a plug-in for Internet Explorer which replaces the entire web page with an instance of Google Chrome, a very modern browser capable of rendering the latest-and-greatest the web has to offer. This “Chrome Frame” is then used to render the intended page, all completely transparent to the user who is still using and looking at Internet Explorer.

Now obviously this was met with a bit of backlash from Microsoft, who was none too happy seeing Google inject its Chrome rendering engine into Redmond’s (in)famous browser. They pointed out that this makes IE less secure, which Google obviously disagrees with, and some blogs noted (correctly) that Chrome Frame breaks accessibility features in IE which is kind of a big deal. Further supporting Microsoft was Mozilla (!) who referred to the Chrome Frame solution as “browser soup”.

Of course there are many proponents of Chrome Frame as well; it is a very convenient way to handle the growing discrepancy between IE6 and the modern web, and in some cases that benefit alone will outweigh the issues described above. There’s an article about how Chrome Frame will affect the corporate world which has sparked some very interesting discussion in the comments (which are now more enlightening than the article itself) — I highly recommend taking a look.

My thoughts on the matter

I think an underrated aspect of this debate is that this is about users, and what they expect from a browser. It’s not a technical problem, and it shouldn’t be met with a technical solution. Google is essentially offering a patch that will encourage users to continue browsing the web with a broken browser. What Google should do is inform users of the problems with IE6 and explain the benefits of a new browser with a very strong recommendation to upgrade. This will result in more educated users using better browsers, which is far more valuable to Google and the web as a whole than more users still clinging to IE6.

What’s your take?

There are a lot of different ways to look at this issue. Share your perspective and leave a comment!