• introducing the follow paradigm
• @addressing support (however the idea emerged out of the community)
• fail whale
• recommendation engine for new users on who to follow, which suggests Britney Spears and/or Mike Arrington

It really seems like the developers at Twitter HQ are playing Guitar Hero all day long. Why don't we have name tab-completion, threaded conversations, better URL shortening, marking of new tweets since last visit, in-line pictures, @replies from people one is not following in the main stream or groups yet? Sometimes they can't get even the basic functionality right. Until recently I couldn't follow/unfollow people and I'm not alone. A lot of these possible enhancements is low-hanging fruit. Just do it. And why did they buy Summize when there's still no search box on my homepage? How hard can it be? Do I really need to go to a different domain to search? Jeeeez.

Most of Twitter's traffic, and with it growth and popularity, comes from their API. Thence, one would think they'll focus on enhancing the experience of using and developing Twitter apps, which in this case it means implementing OAuth. Yeaaah...wrong. OAuth has been made available just recently (before that, only selected developers could try OAuth) and is still in beta. Nevertheless, even in spite of the sucky experience of trusting third-party sites and spreading  passwords all over the web, API traffic was so great (or the architecture so flawed) Twitter had scaling issues. Scaling is hard, but definitely not 2-years-to-get-right hard. Keeping your site up is, after all, a boring thing to do compared to playing Guitar Hero.

The problem is Twitter has no competition. Nothing forces them to innovate. Although I'd love to see new Twitter rivals arise (now is the best time, Google has released JaikuEngine and Facebook has redesigned to look more like Twitter, so people will be familiar with a similar interface), I'm not too optimistic about it. On the other hand, Twitter wouldn't be the first service not innovating killed.

However there's also some backend stuff that needs to be done. The same way users don't care what language you are using, they don't recognise if you've just updated your logging system or sealed some security hole. So obviously, we focus more on the buzz-creating, user-attracting features and leave the non-sexy stuff as last.

And that's the heart of the problem. Making the app secure is usually at the bottom of the TODO list. I'm not sure if it's because developers don't want to, don't care or don't know how to fix this. Or maybe they are relying on the security provided by the framework they're using (which may not be a good idea). It's irrelevant why, but the simple fact to the matter is that there are a lot of startups out there which have severe security flaws.

It's kind of OK when all you can lose is your business and your users. After all it was your fault. You can start all over again and this time be more careful.

However it is a different case when people put trust in you and store their valuable data (and presumably secret, in which case they are naive) on your servers, using your service. Yes, I'm looking at you DropBox. Thanks to a simple XSS vulnerability, DropBox effectively becomes Rapidshare. Take a look at this proof-of-concept video by Synopsi. It shows only how to change the computer's name, but it's possible to read and write files or access any folders shared through this service.

It's not just DropBox. Sadly, half of the web is vulnerable. What's even worse, companies, developers, people responsible for securing their app ignore this problem, don't talk about it, don't confront it, act as everything is normal and this problem doesn't even exist.

So I appeal to you, web developers: take some time to think about the security of your web application, be reasonably paranoid, sanitise your data, etc. Care about security.

But there are minor annoyances with normal books. You can't search fast. I don't use a bookmark so I have hard time remembering where I stopped reading. I often want to write down a quote from the text and it is not as convenient as it would be with an ebook reader.

So why not combine the best of these two world? By embedding a cheap touch screen, memory chip and some other necessary HW into the book's cover (so it wouldn't work for paperbacks, pity), reader could search through the book, note interesting passages, bookmark where he ended and probably many more. Hopefully, because it would be produced in millions, it wouldn't drastically affect the price of a single book.

Do you read this Amazon? Now go, design and produce it ;)

• The date is set on 23.5.
• It is not sure where it will be held yet. Jack wants to do it american style - grill, beer, wifi and Wii at his house. Jack anticipates 60 - 80 people will show up.
• Mike Arrington won't be attending. However, other TC bloggers will.

I'm really looking forward to this event. See you there.

UPDATE: There's a Facebook, so if you are attending, register there.

• Paul Graham: "Don't just not be evil. Be good."
• David Heinemeier Hansson: "Make money online by having a price."
• Peter Norvig: "Accumulate as much data as you can. Then, release sophisticated learning algorithms."
• Jeff Bezos: "The future of web applications is in cloud computing, better yet, in Amazon Web Services."
• Mike Arrington: "Engage with the community. Take from the community and give back. Communicate. Be a purple cow."
• Marc Andreessen: "Be so good they can't ignore you."

As I am a FOSS enthusiast and this whole blog runs on open source bits and bytes (Linux, Debian, Xen, Apache, Wordpress, the list goes on and on), I'd like to thank the whole open source community for making the world a better place :)

The only thing I had a little problem with was using mpm_worker Apache module with PHP. Because PHP isn't thread-safe, mod_php requires mpm_prefork. It's a shame not to fully utilise the four cores of the CPU, so I installed PHP as CGI which solved that issue. However, I'm not exactly sure if this will not break some Wordpress stuff. It is a little experiment of mine, we'll see.