Recently in Management Category

The art of business management.

  1. Feb10

    Economic anecdotes from SF restaurants

    The macroeconomic climate of a global marketplace is on everyone's mind these days, including small business. On Friday evening I had drinks with owners of two well-known restaurants in San Francisco. Our conversation turned to business, marketing, and what changes (if any) are occurring within the service industry. In this post I will share a few trends observed in the front lines of the San Francisco food and beverage industry that may apply to broader business.

    More diners in 2009

    The total number of diners is up year-over-year. People are connecting with friends over food, often bringing small groups into restaurants. Splitting plates has become more common, as have split bills paid with a credit card. Tips are increasingly paid with a credit card as well, leading to more income tax reporting for the recipients.

    Menu options

    Restaurants have introduced new menu items targeting diners at both ends of the price spectrum. Wine is available as a taste, glass, or bottle in 75 mL, 150 mL, and 750 mL portions respectively. The "taste" offering is becoming more popular and sometimes leads to additional beverage purchases.

    Popular dishes are sometimes offered in smaller portions to encourage a food purchase from the bar or more casual customers. Restaurant owners I have spoken with view this method as a hook towards repeat visits.

    Daily or weekly specials have proven a good way to extract additional revenue from the high-end of the price band. Rib-eye steaks, a catch of the day, or rotating dessert specialities encourage a spending stretch for special offerings.

    Partnerships with San Francisco's Visitors Bureau on prix-fixe offerings was unpopular with the owners I spoke with. Partnerships with media outlets or trade associations around a particular featured ingredient has worked well (e.g. celebrate the month of bacon).

    Personnel

    When given the choice between hiring more people or working more paid hours the staff has taken the additional hours. Restaurants hiring new staff have been overwhelmed with applicants for both cooks and servers and pleasantly surprised with the quality of talent.

    Lessons for web companies

    Pricing tiers extract revenue from different classes of self-service customers. Get Satisfaction and 37signals have shown good iterations over this concept.

    Advertise special options for larger customers. "Pro" or "custom" customer levels can attract the big deals and bigger spenders.

    Communication between managers and staff addresses uncertainty. They are the experienced workers adding value to the business and possibly cutting costs.

  2. Jan03

    Facebook v. Power Ventures

    Facebook v. Power Ventures

    Facebook filed eight legal complaints in United States federal court against Power Ventures, operators of social aggregator Power.com (story via NYT Bits blog). Facebook claims Power collected Facebook usernames and passwords, stored Facebook data on their servers, used the Facebook trademark without license, sent e-mails posing as Facebook, and knowingly circumvented Facebook's attempts to block access. The lawsuit, filed on December 30th in San Jose, comes one month after Facebook initially contacted Power.com regarding its violation and attempted to transition Power to an acceptable method of access: Facebook Connect.

    Power.com is headquartered in Rio de Janeiro, Brazil with additional offices in San Francisco and Hyderabad, India. Power raised $8 million from Draper Fisher Jurvetson, DFJ affiliate FIR Capital, Esther Dyson, and other investors. Facebook is seeking triple damages for willful violation including all revenue generated by Power.com in the month of December. Facebook may be able to claim $10,000 for each Facebook account accessed by Power under California Penal Code section 502 due to repeat violations.

    1. The password anti-pattern
    2. Social data distribution
    3. Dispute timeline
    4. Tips for business partnerships
    5. Summary

    The password anti-pattern

    Facebook login

    Collecting Facebook usernames and passwords is at the heart of the dispute. Power.com impersonates a Facebook user after collecting their username and password. The site imports friends lists from Facebook and other social providers to create a meta profile for its over-networked members trying to keep their many personas in sync. Facebook Connect, announced in May and available for beta testing shortly after, provides account linking between Facebook and other sites, SSL transport, and friend imports. Facebook Connect limits the data flow of Facebook user data in ways a direct login would not. Power.com assumed full user powers as a remote agent of a Facebook user instead of an authorized proxy to accomplish its own goals and violated Facebook terms of service in the process.

    I covered some of these data portability issues and best practices in my Data Portability, Authentication, and Authorization post last year.

    Social data distribution

    [T]he sole end for which mankind are warranted, individually or collectively, in interfering with the liberty of action of any of their number, is self-protection. That the only purpose for which power can be rightfully exercised over any member of a civilized community, against his will, is to prevent harm to others. His own good, either physical or moral, is not a sufficient warrant...In the part which merely concerns himself, his independence is, of right, absolute. Over himself, over his own body and mind, the individual is sovereign.

    John Stuart Mill, On Liberty

    Modern society mostly allows people to commit self-harm as long as that action is not also harming others. Facebook restricts access to another person's member data beyond the original intent that person's sharing. New data use must explicitly receive permission to participate in shared data beyond the walls of Facebook.com (you may invite me into this new context but I am not automatically imported). Data is shared within a friend context on Facebook with the understanding such information is protected and may be limited to only a group of approved friends. Once that friend data starts propagating outside its initial use (by a Facebook member or Facebook itself) the trust associated with sharing data is violated. If you have ever thought twice about posting an e-mail address on a web page out of fear of automated data harvesters you have experienced communicating with a known community of site visitors versus other uses. Facebook wants to be an identity hub of real data about real people and takes certain steps to protect that data exchange.

    Power.com knowingly violated the Facebook Terms of Service and encouraged Facebook members to do the same.

    Dispute timeline

    Power.com launched to a United States audience on December 1, 2008. The site previously focused on the Brazilian market with support for Flogão and Google-owned Orkut since launching in August. Facebook contacted Power.com on December 1, according to the lawsuit, notifying the team of their terms of service violation.

    Power Ventures CEO Steven Vachani responded to the Facebook inquiry on December 12 (11 days later) promising to delete all existing Facebook data stored on Power.com servers and implement Facebook Connect as a replacement by December 26. The next business day Facebook acknowledged the e-mail and waited for confirmation of data deletion and Connect switch-over. Vachani confirmed the transition progress on December 22 (4 days before the supposed switch).

    Vachani e-mailed Facebook legal council after the close of business on December 26 and communicates a "business decision" not to comply with Facebook's request to stop collecting and storing Facebook logins on Power.com. Vachani claimed the site would implement Facebook Connect but such integration would take over 5 weeks to complete. Power.com kicks off a "launch promotion" that same day with a $100 reward for the Facebook user who invites the most friends to join Power using their Facebook credentials. Facebook implements an IP-address block against Power.com servers on the evening of December 26 to prevent further abuse.

    Power.com circumvents the IP-block by Facebook and continues its marketing campaigns. Power sets up a Facebook event page to promote its $100 signup give-away and uses the existing Facebook accounts in its system to send event invites to friends lists.

    Facebook took legal action against Power Ventures on December 30, one business day after the Christmas holiday weekend, to prevent further abuse after civil discussions obviously broke down. Facebook accused Power of trespassing on Facebook servers in San Jose (a modern form of ToS violation), spamming Facebook members (violation of CAN-SPAM), and knowingly circumventing data protections (DMCA), and unlicensed use of the Facebook trademark.

    Tips for business partnerships

    Power Ventures could take proactive steps to look like a legitimate, responsible business in the eyes of potential business partners such as Facebook.

    Create a meaningful WHOIS record

    Power.com domain data currently lists "DiscountDomainRegistry" as a technical contact. "Power Assist Inc" is listed as a registrant and "Leigh Power" is listed as an administrative contact. Not good identity management.

    Add SSL

    If you are going to collect member login credentials from other sites you should at least use a SSL certificate for more secure data transfer. Self-sign if you must, but $30 will buy you a certificate recognized by major browsers. If you can afford extended validation certificates and the verification process that entails, even better.

    Register your company with the partner website

    Facebook allows its members to join one or more corporate networks. Register your company on Facebook and at least associate executive and developer accounts. This additional verification step helps Facebook identify your employees. Other social networks have similar verification and associations.

    Power Ventures is not listed in the Facebook corporate network directory.

    Summary

    Power.com violated Facebook terms of service by accessing and storing Facebook member data on its servers. Facebook immediately contacted Power regarding this violation and attempted to work with the site as they transitioned to the official data API, Facebook Connect. Power reneged on their agreement hours before promised delivery and immediately launched a marketing campaign to financially reward further violations. Facebook decided enough is enough and blocked Power through technical measures followed by legal measures when the site did not comply.

    I have little sympathy for Power and its actions. I hope other sites violated by Power.com such as Google, Microsoft, MySpace, and Hi5 put a stop to websites like Power harvesting user data instead of using permitted access methods such as OAuth. Locating your business in Brazil with servers in Canada and development in India does not shield companies from the consequences of abusive practices.

  3. Jan21

    Data Portability, Authentication, and Authorization

    The social web is booming, signing up new users and generating new pieces of unique content at a steady clip. A recurring theme of the social web is "data portability," the ability to change providers without leaving behind accumulated contacts and content. Most nodes of the social web agree data portability is a good thing, but the exact process of authentication, authorization, and transport of a given user and his or her data is still up in the air. In this post I will take a deeper look at the current best practices of the social Web from the point of view of its major data hubs. We will take a detailed look at the right and wrong ways to request user data from social hubs large and small, and outline some action items for developers and business people interested in data portability and interoperability done right.

    General issues

    Friends, photographs, and other objects of meaning are essential parts of the social web. We're much more inclined to physically move from one city to the next if our friends, furniture, and clothes come along with us. The interconnectedness of the digitized social web makes the moving process much simpler: we can lift friends from one location into another, clone your digital photographs, and match your blog or diary entries to the structure of your new social home. Each of these digital movers represent what we generally call "social network portability" or, more generically, "data portability."

    Social networks accelerate interactions and your general sense of happiness in your new home through automated pieces of software designed to help you move data, or simply mine its content, from some of the most popular sites and services on the Web. These access paths are roughly equivalent to a new physical location setting up easy transit routes between some of the largest cities to help fuel new growth.

    Facebook Friend Finder e-mail import

    Your e-mail inbox is currently the most popular way to construct social context in an entirely new location. Site such as Facebook request your login credentials for a large online hub such as Google, Yahoo!, or Microsoft to impersonate you on each network and read all data which may be relevant to the social network such as a list of e-mail correspondents. Every day social network users hand over working user names and passwords for other websites and hope the new service does the right thing with such sensitive information. Trusted brands don't like external sites collecting sensitive login information from their users and want to prevent a repeat of the phishing scams faced by PayPal and others. There is a better way to request sensitive data on behalf of a user, limited to a specific task, and with established forms of trust and identity.

    1. Use the front door
    2. Identify yourself
    3. State your intentions
    4. Provide secure transport

    Use the front door

    Google, Yahoo!, and Microsoft all support web-based authentication by third parties requesting data on behalf of an active user. The Google Authentication Proxy interface (AuthSub), Yahoo! Browser-Based Authentication, and Microsoft's Windows Live ID Web Authentication issue a security token to third-party requesters once a user has approved data access. This token can allow one-time or repeated access and is the preferred method of interaction for today's large data hubs. The OAuth project is a similar concept to web-based third-party authentication systems of the large Internet portals, and may be a common form of third-party access in the future.

    Google Accounts Access example

    Supporting websites provide limited account access to a registered entity after receiving authorization from a specific user. The user can typically view a list of previously authorized third parties and revoke access at any time. The third-party retains access to a particular account even after the user changes his or her password.

    Imagine if you could give your local grocery store access to just your kitchen, but not hand over the keys to your entire house. A delivery person would be automatically scanned upon arrival, compared against a registry, and granted access to the kitchen if yo previously assigned them access. You could revoke their access to your kitchen at any time, but they never have access to your jewelry box or other non-essential functions within your house.

    Identify yourself

    Third-party applications requesting access should first register with the target service for accurate identification and tracking. Applications receive an identification key for future communications connected to a base set of permissions required to accomplish your task (e.g. read only or read/write). A registered application can complete a few extra steps for added user trust and less user-facing warning messages.

    State your intentions

    Your application or web service should focus on a specific task such as retrieving a list of contacts from an online address book. Your authentication requests should specify this scope and required permissions (e.g. read only) when you request a user's permission to access his or her data.

    Google services with Gmail highlighted

    An application declaring scope lets users know you are only interested in a single scan of their e-mail and you will not have access to their credit card preferences, stored home address, or the ability to send e-mails from their account. Not requesting full account access in the form of a username and a password creates better trust from the user and the user's existing service(s).

    Provide secure transport

    Armored Truck How will you transport my user's data back to your servers? Did you bring an armored car with your company's logo prominently displayed on the side or will my data sit in the back of your borrowed pick-up truck? Requesting applications should transport user data over secure communications channels to prevent eavesdropping and forged messages. Registered and verified secured communications will result in less user-facing warning messages of mistrust, and secure certificates are relatively inexpensive. Large portals such as Google or Microsoft will bump your communications (and privileges) to mutual authentication if you are capable.

    Twitter SSL certificate Firefox view

    Register an SSL/TLS certificate for your website to enable secure transport and further identify yourself. Certificates vary in cost and complexity from a free self-signed cert to paid certificates from a major provider with extended validation and server-gated cryptography. Google and Yahoo! use 256-bit keys. Windows Live and Facebook use 128-bit keys.

    Summary

    Data authorization is the first step in data portability. Emerging standards such as OAuth combined with established access methods from Internet giants provide specialized access for third-parties acting on behalf of another user. Sites interested in importing data from other services should take note of these best practices and prepare their services for intelligent interchange.

  4. May31

    Economics paper on big company inertia

    Wharton professors Sarah Kaplan and Rebecca Henderson recently published a paper in Organizational Science about big company inertia when dealing with new industries and changing times. If you are a managerial econ geek you'll enjoy the full PDF of the paper, or you can check out the summary in Knowledge@Wharton.

    One example of the inability to change was Kodak's entry into the digital photography business. Chemical processing was a lucrative business and making the company a lot of money. The company staffed its new digital imaging division with employees more familiar with this world of chemical processing than image sensors and processing. The cognitive and collective frames present in the management of the chemical business persisted, and the company struggled to compete in the digital market with management practices and incentive systems tied to an old business.

    Yes, the article makes me think of Microsoft and its Windows Live initiative. Hopefully Microsoft management reads papers like these and learns from the past and mistakes of others.

  5. Dec05

    Eric Schmidt's rules of management

    Google CEO Eric Schmidt and Berkeley professor Hal Varian wrote an article in the latest issue of Newsweek about Google's approach to managing the knowledge worker. Google's extensive perks program is their way of removing things that may get in the way of their employees.

    Schmidt admits Google's problems of "techno-arrogance" and "the not invented here syndrome." The company also needs to adjust to a workforce of varying ages and motivations as it looks towards long-term growth.

    One of our not-so-secret weapons is our ideas mailing list: a companywide suggestion box where people can post ideas ranging from parking procedures to the next killer app.

    I like the idea of having somewhere to throw out ideas and know everyone on the list wants to hear your new ideas.

    {N]obody throws chairs at Google, unlike management practices used at some other well-known technology companies. We foster to create an atmosphere of tolerance and respect, not a company full of yes men.

    Obvious poke at Microsoft and Ballmer supposedly throwing a chair across his office when researcher Kai-Fu Lee left Microsoft to work for Google.

    Google has remarkably broad dissemination of information within the organization and remarkably few serious leaks. Contrary to what some might think, we believe it is the first fact that causes the second: a trusted work force is a loyal work force.

    Good to hear! Google should encourage more employees to blog and make intelligent decisions about information that could be proprietary to the company.

  6. Nov20

    Tis the season for recruiting

    The holidays are upon us. Around the United States this week millions of employees will return home to their families and relatives and be greeted with typical questions about life and the pursuit of happiness. The conversation inevitably turns to work, and causes a self-examination fueled by the best wishes of friends and relatives. Are you happy? How's your job working out? Are they treating you well? Do you think you will get a raise, bonus, or promotion this year? Have you heard about how John is doing at his job?

    The questions raised during the holiday season cause employees to question their current job and wonder whether they can do better. Combined with the debt-heavy spending of December, much of the workforce is primed for a job change.

    What is your company or your product group doing to retain talent and take advantage of outside employees now considering a move? Add a few more names to your Christmas card list with best wishes for a fruitful career.

    Tags: ,

  7. Sep05

    Time wasting at work

    According to a new survey of 10,000 workers by America Online and Salary.com the average worker in the Software and Internet sectors admits to wasting 2.2 hours per work day. Human resource managers admitted to an assumed loss of 0.94 hours per work day and a suspected loss of 1.6 hours per workday. The top reasons employees provided were not having enough work to do (33.2%), feeling they were underpaid for the amount of work they perform (23.4%), distractions from co-workers (14.7%), and not enough personal time after-work (12%).

    I think the top two cited work hinderances are actually related: not having enough work to do and feeling the work they do is undervalued. That means that there is a big opportunity to increase downtime with a well-communicated incentive and advancement program and the ability to be an agile business rewarding employees for being self-starters.

    Google and Yahoo! are often cited as companies enabling their employees to work on cool new projects a few hours a week. Google refers to its program as "20% time" while Yahoo! calls it "Friday fun" and I will simply refer to it as time set aside for side projects. Assuming a 50 hour work week each program enables 10 hours a week of acceptable employee sidetracking. Any employee working on something other than his or her immediate job duties might be seen as researching a side project, or taking away from their own personal project through this extraneous work. I believe the creation of such acceptable side projects empowers the individual employee to take more personal responsibility for his or her time on the job.

    The San Francisco Bay Area is a bit different than most places, but many people I know are involved in side projects outside of the workplace.

  8. Aug04

    Paul Graham on blogging and open source

    I just finished reading Paul Graham's latest essay he prepared for OSCON: What Business Can Learn from Open Source. Paul is an excellent writer and hit on a few key points I want to emphasize here.

    I think the most important of the new principles business has to learn is that people work a lot harder on stuff they like. Well, that's news to no one. So how can I claim business has to learn it? When I say business doesn't know this, I mean the structure of business doesn't reflect it.

    Business still reflects an older model, exemplified by the French word for working: travailler. It has an English cousin, travail, and what it means is torture.

    I think business structure most reflects the military or an army. Chain of command, dress clothes as well as fatigues, and little say about where and when you fight the next battle. Corporations were designed this way after World War II as most of our workforce had already had their lives altered by such a structure.

    Those in the print media who dismiss the writing online because of its low average quality are missing an important point: no one reads the average blog. In the old world of channels, it meant something to talk about average quality, because that's what you were getting whether you liked it or not. But now you can read any writer you want. So the average quality of writing online isn't what the print media are competing against. They're competing against the best writing online.

    Sometimes the best writing online is the aggregation of best writing of others with a unique perspective. Did the mainstream media not cover the entire story? Bloggers pick up on an existing base work and build on top of it in ways unique to their point-of-view and their audience.

    The problem with the facetime model is not just that it's demoralizing, but that the people pretending to work interrupt the ones actually working.

    Different people have different effective work environments as well. Office work can be noisy, full of interruptions, and less productive than if someone were to pick their own environment. If employees are choosing their work hours to avoid their coworkers and get things done something must be wrong.

    Our employer-employee relationship still retains a big chunk of master-servant DNA.

    Yep. I think that's why so many workers focus on how to become the master instead of the servant. Most people see escape from servitude through a promotion but find that once they climb the next rung you actually have a new master with different demands.

    Tags:

  9. Jul06

    Building long-term corporate goals

    The current issue of The McKinsey Quarterly has a good article on building long-term corporate goals. Most companies focus on short-term results such as quarterly earnings at the expense of long-term corporate health but I was really surprised to hear the results of a recent study of 401 financial executives and their planning goals.

    A majority of the managers polled said that they would forgo an investment offering a decent return on capital if it meant missing their quarterly earnings expectations. Indeed, more than 80 percent of the executives responding said they would cut expenditures on R&D and marketing to ensure that they met their quarterly earnings targets -- even if they believed that the cuts were destroying long-term value.

    I like these types of articles because they present theory and back it up with observations from client work.

    Tags:

  10. May26

    Incentives and small, fast moving companies

    Lately I have been giving a lot of thought to how theories of incentives apply to small groups and teams in startup companies. The employee base is relatively small (less than 50), the team size is less than 5, and the level of stress is mind-blowingly high. Our economy has experienced large gains from the always-on interconnected lifestyle of the last ten years, but employees are also increasingly mobile and volatile. I have yet to see good research studies covering this new work environment so I will offer some quick observations. It's mostly a brain dump because I am exhausted.

    Performance incentives

    Shorten the expected reward cycle. If your employees or team is overworking itself look for some way to reward that effort with a near-term payoff. It doesn't have to be big but it does have to pull them away from the keyboard for a little bit and give them something to look forward to while they feel like they are going to collapse from exhaustion. It can be relatively cheap too. Think tickets to a sporting event, a fancy lunch, or something geared towards each individual on a team. You've probably already lost two days of labor after overworking your team, so why not spend $250 to soften the recuperation?

    Google and Yahoo! offer founders awards with possible rewards worth millions of dollars but I consider those awards an attempt to make entrepreneurship outside the company less attractive. The awards may motivate employees with pie-in-the-sky aspirations but I have yet to talk to an employee at either company with their eye on that prize.

    Work environment setup

    I think managers often overlook evaluating an employee's work environment. Do they have the development programs they need? Would a second LCD or a new mouse increase productivity? Does Milton want a red Swingline stapler? Assuming an employee costs $120,000 a year in salary, benefits, office space, and other overhead configuring a proper work environment for an already costing the company $480 a day seems trivial. I think Fog Creek Software does this well. I'm still torn about how to best create a productive work from home environment one or two days a week for employees with commutes, families, or quiet time preferences.

    Formal training

    Most geeks like to be constantly learning new things. A cheap way to create learning environments is to swap expertise with other small companies. Have the database guys at two companies get together to talk shop or have a company advisor speak to your team for an hour.

    Conferences provide peer recognition and the ability to learn new things. You should encourage your employees to speak at various conferences in their areas of expertise or sponsor their attendance at one local conference a year.

    So that is just some of what's been on my mind over the last week. It's difficult to sort out but I am learning a lot every day by observing local startup companies and talking to entrepreneurs.

Niall Kennedy Niall Kennedy is a web technologist in San Francisco, California in the United States. I am very interested in the world of... MORE »

Search this weblog:

Subscribe:

Recently Popular

  1. Rewriting Twitter for web best practices
  2. The story behind Google Chrome
  3. Google App Engine for developers
  4. Sniff browser history for improved user experience
  5. Data Portability, Authentication, and Authorization

Archives: Popular Categories

  1. Widgets
  2. Programming
  3. Business
  4. Feed Aggregators
  5. Search

Sites: More from Niall