A Few Things I Wish the Apple Appstore Had…

My first app store experience was many years ago, before Apple, before iOS, before any of the other app stores you see today.  It was Redhat’s Redcarpet subscription service which delivered a library of applications (packages) via the internet in an easy to use command line tool.  There was even a GUI if I remember correctly.  Then Debian/Ubuntu came around with their package repositories and it was such a major usability difference between Linux and Apple/Microsoft that it was only a matter of time before it caught on.  Of course, the ideals behind the Linux offerings of ease of use, reliability, and compatibility are supplanted somewhat by the key aims of profitability and control inherent in modern app stores, but who’s counting?Things I wish the Apple App Store had (these are post-Lion upgrade thoughts)

  • Some way to know what the schedule of app update notifications is – it’s unclear to me if this is daily, whether I have to have the appstore application running all the time, etc.
  • The App Store should intelligently close your application when updating an existing application.
  • The App Store should be able to store your credentials, and not require credentials for doing an update if the app is in safe state (e.g. closed).
  • There should be a compatibility layer in Lion that lets you run your iOS apps on your Mac.  I’m sure this is coming, but I wonder when.
  • The App Store should offer to scan your hard drive and find applications that it can manage for you.
  • On the Featured and other pages, you should be able to hide apps you’ve already installed.
  • Somewhere down the line, it might be interesting to have a “lists” feature like Amazon.  Apple could even show what apps certain celebrities use in lists like the inflight magazines do for travel accessories.  Maybe that’s too much on the pointless-marketing side.

I’m sure there are some other options that I’m missing, but overall I’m happy with the experience.  The App Store managed Lion install was incredibly painless, and so much nicer than having to mess with the Apple store, or a nasty CompUSA.

Some Thoughts on the Netflix Price Hike

I started subscribing to Netflix in 2003.  There was a hiatus for a couple of years when The Wife and I lived very close to a Blockbuster, and we even tried their streaming/mailing service when it launched, but the long waits for everything and the ultimate closure of our Blockbuster put the final nail in that coffin.  Living where we do today, there isn’t a video rental store within several miles, and we burn up our subscription – we have the 5 DVD plan with Bluray and it’s only by the iron fisted management of the Chief Queue Mistress that we’re kept in the appropriate quantity of DVDs.  We are also Amazon Prime members gaining access to their streaming service and while I do own Amazon stock, I don’t own any Netflix stock.Waking up to the firestorm over Netflix’s change in their pricing was amusing to me.  Everyone everywhere was melting down, but I thought it was a smart decision that probably needed to be made, even though it was going to be painful.  Price hikes are never fun, particularly when you begin charging for something that you’ve always done for free.  No matter what people are going to hate it, but my take on this boils down to the following points:

  • Netflix has a very short window to expand its offering globally before competitors start making that road a lot harder.  Last year was Canada, this year it’s Latin and South America, next year they’ve announced they’re hitting the UK and Spain.  A linchpin of any global expansion strategy will be their streaming service – it’s cheaper to scale initially and can be maintained and improved by engineers working on the core platform.
  • Netflix’s content prices are undoubtably going to skyrocket over the next five years.  Streaming was an afterthought, almost experimental foray when it started, and there was no competition, but content owners are going to want to extract their toll now that they’ve seen how well it’s worked.
  • Those customers (in my own unscientific scanning of the comments and arguments) who complained the loudest chose to denigrate the streaming service as a “weak library”.  If that’s the case, choose the DVD option.  Problem solved.
  • Very roughly, lets say all 85k people who whined on Facebook cancel, and lets say all other complainers are added in for a total of 150k cancellations due to the change.  Netflix loses something like $1.5 million dollars per month.  Assuming everyone is only on the cheapest plan which we know is not true, they’ll gain an additional six bucks a month from their 25 million subscribers, netting them an additional $150 million a month.  They’ve lost less than 1 percent of their subscriber base and made out like bandits.  A price hike that only loses you 1 percent of your subscriber base?  That’s an amazing success story.
  • That extra revenue will be immediately deployed to taking their service global AND buying better content to bolster their streaming service.  The angry cancelers will find they don’t have any serious alternatives, and will be re-subscribed within six months or less.  Blockbuster?  Redbox?  These are the alternatives that are out there, and they all suck.  Hulu might pick up some, but there simply is no replacement for the massive library of DVDs by mail.

Could their communication have been better?  Maybe, but nobody wants to hear that things you’re getting for free are now costing more.  That’s how revolutions are started.  Better to just announce it and take it on the chin like they did.  One thing that all the complainers forget is that Netflix is probably one of the most data driven companies in existence.  They’ve already ran the model, and will be within a few points on how many subscribers will leave.  They know the alternatives, and they know their plans for expansion.  Who wants to bet that this price hike perfectly correlates to how much additional revenue they project they’ll need for expansion and content acquisition?  From where I sit, it looks like a really really smart move that should pay off huge within the next two years.  I doubt there’s going to be an apology forthcoming like some so-called market experts have advised in the press. Maybe it’s time to rethink the fact that I don’t own their stock…

A Guide to Walt Disney World – Tickets and the Magic Kingdom

I wasn’t a big Disney buff until I met my wife.  She loves Disney, because, as she likes to remind me in that tone that only self-evident-truths-that-I-have somehow missed deserve, “It’s the happiest celebration on earth!”  At first, I got a kick out of going to Disney because she did, now we both enjoy going and usually manage 2-3 days a year.  This is our unofficial guide to the parks. Tickets Disney tickets are expensive, and it’s very difficult to get a good deal.  Your options are generally speaking the following:

  • Florida Residents: If you’re a Florida resident, you can purchase tickets at a discount with your valid Florida drivers license.  These are non transferable, and Disney fingerprints you to avoid the “have my Florida friend go one day then I’ll go”.  The discounts are very very attractive and if you pay attention they’ll run specials that have restrictions (certain days blacked out, etc.) which will let you get down to roughly 40 bucks a day if you buy a 3 or 4 day pass.  This is the best deal you’ll ever manage.  Note that most multi-day passes (but not all) can be upgraded within six months of your first visit to a year-long annual pass for the difference between what you paid and the annual pass rate.  This is another really good deal if you plan to go often.  Rule of thumb – if you’re going to go more than 5 days in a year, get the annual pass because it includes free parking, which saves you 10 bucks a day.
  • Out of Staters: You have a lot less options.  Generally speaking, you’re going to pay full price, unless you can wrangle some sort of amazing package deal, but beware, these tend to not be the greatest deals once you analyze it.

Scam Options: There are plenty of scam options available:

  • Timeshares: These involve sitting through a timeshare presentation (usually with two friends you’ve brought along) for 2 hours and result in theme park tickets and a room or two for a night.  This is OK if you’re sure you can say no, but they make us nervous because you usually have to prepay a hundred bucks or so that will get refunded upon viewing the presentation.
  • Tickets for some other presentation: See above. Same deal and same risks usually.
  • Get a Florida ID to unlock the Resident Discount: These services will help you get a Florida ID card, but are often defeated by the fingerprinting that Disney does and it’s illegal – a serious felony if you’re caught.

Legitimate Discount Options

  • Triple A (AAA) – They have a discount.  Use it.
  • Military Families – Another nice discount if you’re eligible.

The Bottom Line on Tickets

Disney is expensive, but here’s the thing – you’re going to spend as much money inside the park if you’re not careful as you did on tickets.  Seriously.  Many find that the ultimate costs of food, drinks, parking, souvenirs, aren’t closely scrutinized while they’re there and add up to being way more than the actual park entry fees.  Our advice would be to focus on cost control in those areas and just bite the bullet on the tickets.

Controlling Costs Inside

Disney allows you to bring food and beverages into the park.  I’m not sure about alcoholic beverages, but for sure you could sneak them in if that’s important to you.  We believe that eating as we walk around the park is one of the best things about Disney, but if you’re watching your diet and trying to cut your costs, bring sandwiches and some bottles for water is the way to go.  We see a lot of people with CamelBaks on throughout the park and if you stock it with enough ice, a Camelbak should last you most of the day. Don’t forget sunscreen – the stuff they sell inside the park is very expensive – $20 for a bottle, and you don’t have a choice on this item.

Hotels

We would advise not staying on property hotels.  They are really expensive compared to other options out there.  Hotwire and Priceline are your friend, but beware of the fact that there are a LOT of older hotels in the Orland/Disney area that are run down.  We recommend Priceline since you can read reviews on the properties you’re thinking about staying at before you pull the trigger, but we’ve had no real issues with Hotwire.  You can generally find accommodations that are decent in the 80 dollar per night range.  Many hotels have a resort fee or parking fee each day that’s tacked on so keep that in mind when you’re looking.  Many hotels also provide a shuttle which will save you the $10 a day parking fee at each park.

Times to Visit

We’ve been in the spring, summer, fall, and winter and even though we had a great visit in late April, it was a little skewed because it was during a weekday.  The Wife insists that January is the best time to go both for temperature and crowd control reasons, and of course, if it’s during the school year try to go on a weekday.

Fast Passes

The fast pass has revolutionized Disney and its infamous lines.  These are your life savers.  The way it works is each ticket gives you a token that lets you cut in line between a certain timeframe in the future.  This time increments throughout the day until about mid afternoon most fast pass machines shut off.  We recommend a strategy of hitting the popular rides early.  In other words, if you want to hit Space Mountain (one of the longest waits in the Magic Kingdom) immediately make a bee-line to that ride as soon as you enter the park, and get your fast pass.  That will give you a relatively early time say between noon and 1:30PM, then once you’re done you can Fast Pass your number two selection.  This will save you up to 2-3 hours of standing in line.

Line Monitoring Applications

You should also download an app for your phone that gives you wait times for each ride.  I use WDW waits and WDW maps – they’re free and seem to work OK.  They allow you to input wait times and see wait times reported by others across the park so you can monitor your hitlist during the day and “sneak” into rides that have their wait times temporarily drop.  We’ve used this to snipe a ride with “no wait” that was close to us several times and it’s remarkable how much wait times can fluctuate throughout the day.

The Magic Kingdom

This is the smallest of the parks, believe it or not, and also the busiest.  Expect the highest percentage of kids and stroller-jams.  We’ve found that even though most kids annoy us (we have no kids) one of the best things about the Magic Kingdom is to watch kids freaking out with excitement on the way into the park and during the day, and to spot meltdowns that occur when they get tired.  If you’re lucky, the parent will also melt down and we take sadistic pleasure in witnessing this.

Here are the absolute must-see rides:

  • Space Mountain – a fast, chaotic, clackety ride that’s world famous because it’s in the dark.  This is our first fast pass of the day always.
  • Monster’s Inc. Laugh Factory – this is probably the best, more underrated ride in the entire park.  I can’t say enough good things about this show.  Essentially, it’s a standup comedy routine performed by actors who voice and control the expressions of animated Monsters on the screen in front of you.  You can submit jokes, the audience participates, and no two shows are the same (jokes and gags differ).  This is an unbelievably creative ride and if you liked the movie, it’s a slam dunk.
  • Thunder Mountain Railroad – this may be a “kiddie coaster” but it’s a fun one with awesome theming.  The ride is fun and feels chaotic enough to be exciting.  Try to get a seat in the back cart.  This is always our second fast pass of the day.

Things we Enjoy

  • Tea Cups – This is another ostensibly kid ride that can be had in any park, but we attempt to spin as fast as possible and it’s a relatively short wait.  If you do this right, you can usually be so loopy you’re close to falling down at the end of the ride.
  • Pirates of the Caribbean – this ride closed for an overhaul that lasted quite awhile but really only saw them insert a few Captain Jack Sparrow figures into the ride.  It’s the same as it ever was, and that’s generally a good thing.  It’s got a covered line which gets you out of the heat and we generally use this line to eat a snack since it moves pretty well (usually not more than 40 minutes).
  • Train Ride – we use the train to get around the park a lot since the Toon Town and Frontierland stations are well positioned to save you walking through the chaos of the middle of the park. Note – currently Disney is completely renovating/rebuilding/expanding the Fantasyland part of the park which means the Toon Town station is closed which really limits the train’s usefulness.  This should reopen in 2012.
  • Haunted Mansion – we like this ride because it seems to exemplify the old-school haunted house theme and has a very creatively themed line with funny tombstones, etc.  This is probably not a good idea for young kids.  Bonus – every time we’ve ever been on the ride it has paused or broken down for a few minutes and a voice comes on that advises you to stay inside your “Doom Buggy”.  For us, this is the best part.
  • The People Mover – a good way to rest your legs and relax.  Nothing earth shattering here.

Things We Hate

  • The Hall of Presidents – Yes, I get this is a classic, but it sucks.  Although it is air conditioned and the wait is short, the problem is you’ll be tempted to fall asleep during it if you pop in during the middle of your day.
  • The Lilo and Stitch Ride – Easily the worst ride in the park.  It’s a bizarre ride, but it makes a little more sense when we learned that it was originally an Aliens themed ride that got retooled.  It’s horrible horrible horrible.  A complete waste of time.
  • Small World – insane lines and that horrid song.
  • Country Bear Jamboree – we thought we liked it as we had fond memories of this line, then we recently went to it and it ruined the memories for all time.

Food Guide

  • Giant Smoked Turkey Leg – the single best food offering in the park.  These can be found in Frontier Land in a cart right by the river.  If you’re on a high protein diet / low carb diet, this is essentially your only option, but who cares?  The meat is actually not turkey but Emu and it’s awesome.  Make sure you bring dental floss if you’re going to eat one of these – the meat tends to get stuck in your teeth and you can’t buy it anywhere within the park.
  • Cotton Candy – The Wife loves this.  You can get it on Main Street and also in Frontierland.
  • Pineapple Soft Serve Float / Coke Float / Pineapple Ice Cream – my favorite dessert, can be found in Adventureland near the Pirates of the Caribbean.
  • Taco Salad – find these in the food court opposite the Pirates of the Caribbean.
  • Jelly Bellies – these are insanely expensive but they’re inside the general store in Frontierland along with the Cotton Candy and Aunt Selma’s massive cookies, which are really good.

Other Items We Enjoy

  • There is a glass blower shop on Main Street on the right side when the train station is at your back.  Inside there are artisans that are shaping glass items and we’ve also seen them blowing glass to make goblets and other large items.  This is a lot of fun to observe.
  • The camels in Adventure Land spit water on you when you walk by.
  • The parades are always entertaining to watch, and even more fun to watch kids freaking out as their favorite characters walk by.  Protip: monitor line times closely during parades to hit a few rides while the parade soaks up large crowds.

Some Thoughts on Two Factor Security

Awhile ago I wrote an Open Letter to Mint.com laying out some major concerns I have with their service and their security implementation.  Almost all comments both here and on Hacker News and Reddit were divided into three categories:

  • From non-Americans: How is a service like Mint.com even possible or legal? US Banks don’t have two factor security?
  • I totally agree that Mint.com and their service is insecure and I don’t use them!
  • I agree that Mint.com needs better security, but their service is great and anyway, it would be too time consuming/too expensive/too hard/too impractical to implement these security improvements.

Between the time I wrote that letter and now, we’ve seen RSA (the only major token based two factor security provider) have all of its hardware tokens compromised to much public uproar. At Sentry Data Systems, we’ve had two factor security implemented for years using time based cookies and additional security questions to challenge users when they were logging in from a device that hadn’t been previously authorized.  This is similar to how many banks in the US do two factor security if they choose to implement it.  While not a HIPAA requirement, we felt that it was a great feature to offer that provided an additional layer of protection.  We’d originally offered RSA SecurID tokens to customers but found that most customers balked at the price, and even if they did use the tokens, many would simply tape it to their computer monitor or keyboard, or they’d forget the token at home which would cause quite the contentious support call. This experience brought to the forefront several issues that I had with hardware based tokens:

  • Casual users or those who didn’t value the two factor security benefit would simply leave the token lying around or affix it somewhere – it wasn’t natural to expect a user to carry one more thing with them day-to-day.
  • If there was a compromise, you have to replace all of your hardware, for everyone, everywhere.
  • They were expensive.
  • They were highly recognizable and screamed to informed observers that you had access to a system that was considered high-value by someone.

I even went so far as to start sketching out an iPhone app that we could deploy for our customers but it seemed like quite a lift to do it well (a correct implementation is key in cryptography systems) and it was with much delight that I ran across an outfit called DuoSecurity based in Michigan. They have really put together a fantastic service that provides both SMS based (challenge/response) and one-time password (via an iPhone or Android app) options for two factor security.  I signed up for the service, installed their package on my Ubuntu Linux server, and within about 15 minutes, I had a very strong two factor solution that avoids all the drawbacks of the hardware token approach…for free.  Yes – they provide up to 10 users for free to let you get your feet wet and see how the system works.  With the token being my phone, I’m not going to forget it, it doesn’t draw attention to itself, I can’t tape it to my workstation, and they can update the software if they need to. If their service goes down, you can configure it to not require the second factor (the default) or you can choose to prevent logins and keep a private key around for last-ditch logins.  Of course, for those of us running cloud based servers, there is still the risk that your hosting account could get compromised giving an attacker shell based access to the machine – hopefully Slicehost and other services will implement this type of additional security soon (Amazon’s EC2 cloud already implements two factor security as an option). Duosecurity can be easily implemented with any web application, a lot of VPNs, and on your Unix/Linux servers quickly and easily.  If you’re doing anything with medical, financial, or other sensitive data you should definitely check them out.  If you just like additional protection for your own servers and services, they’re a great option as well.  Just in case you’re curious: Duosecurity put up a great blog post about the steps they’ve taken to prevent compromise if they came under the same attack as RSA. A few thoughts on improvement:

  • Give me an apt package please!  I don’t want to compile things, and I don’t want to edit configuration files.  These things make it hard to deploy on lots of servers.  I talked with a support rep from Duosecurity and they told me this is in the works already.
  • Put a login form on your website!  They email the login URL to you but I shouldn’t have to remember it.
  • It’s a little unclear to me if the pricing scales well- if I’ve got the same 35 users access 100 machines, does that mean I pay 35x100x$3?  That seems expensive.  Course, it’s still way cheaper than RSA but at least you could bind an account to a token and not worry how many servers you were accessing.  It’s possible that a single user crosses the server boundary, but again, I’m unclear on that.

Bringing it all back to the original point – there is simply no excuse why a service like Mint.com doesn’t use Duosecurity to protect its own user’s logins.  But the second issue still exists – how do banks provide consumers of financial data access without compromising the entire account? A poor man’s solution of sorts could be taken by banks providing read-only accounts for customers that use generated, revokable passwords.  Google takes this approach with its own two factor implementation for Gmail.  You get texted when logging in normally, but for other applications, you generate a password that can be revoked at any point.  It seems like a decent compromise – you can’t control the account from that login, and the password is of sufficient length and complexity that it’s unlikely to be brute forced.  My initial suggestion of using Oauth is essentially the same thing. Congratulations to the guys/gals at Duo Security on providing a really great set of tools for developers and users.  I really hope it catches on and more and more providers begin offering two factor as an option.

More Easy Fun With Telephony

Recently I decided I needed a little more flexibility with my phone situation.  Years ago I was carrying two cell phones and had three Vonage lines while running my own business.  This got consolidated down to a single iPhone, but that can be a little problematic particularly if you’re calling to/from international numbers.  This week I ported my iPhone number to Google Voice (within 24 hours too), and got a new phone number for my cell that I’m hoping to keep private and function as a throwaway.  However, I needed a bit more flexibility on some of the things I wanted to do, so I threw Tropo into the mix.  Twilio lost out because Tropo provides free inbound and outbound calling.So here’s the path when you call my number:  call comes into Google Voice, which forwards the call to my Tropo application, which then plays a menu and you can either punch out to Sentry’s main number or continue to ring my cell.  Text messages are forwarded by Google Voice, and the net result is that for inbound calls, I’ve effectively decoupled the phone number I’ve had for seven years from any handset or location and added a whole bunch of flexibility.It’s almost eerie how much power Tropo gives you over your telecom setup.  With a few lines of code I can transfer calls, accept inbound international calls with a local number, kick out text messages, provide a menu, have their computer voice speak any text I want, etc.  Call quality is crystal clear through both Google and Tropo, and I have yet to have any reliability problems.  In 2004 we thought it was amazing replacing a 150k Avaya PBX with Asterisk, but this is replacing all of that with about twenty lines of code.  For free.  With no setup or ongoing hardware or maintenance costs.I’d say the only real drawback to the situation is the inability to spoof outbound caller id with native dialing – it would be interesting to see if Apple allows you too hook other providers into it’s native dialer (yeah right) or if this is a feature within Android.  It definitely needs to be implemented at some point – and then we’d have true telecom nirvana.

High Speed Passenger Rail for America: Thanks But No Thanks

Most of you know that I really like trains.  Model railroading is a hobby of mine, and I grew up consistently riding trains in China as alternative transport options either didn’t exist or were really unsafe (read: 80’s era Chinese airlines).  We generally travel by train in Europe when we visit.  However, most people are usually surprised that I don’t support any plans for high speed rail in the US and don’t envy the extensive passenger networks that exist overseas.Passenger service requires the presence of several factors which are almost never available in the United States:

  • Relatively short distances (less than 4 hours).
  • High population density.
  • Good local public transport one you’ve reached your destination.
  • High schedule density (a lot of trains providing lots of schedule options).

Passenger rail is incredibly expensive to operate by itself even with the presence of those four factors.  The last requirement of sufficient schedule density imposes a lot of constraints on the rail network that aren’t readily apparent to observers too.  As an example, The Wife and I often choose to ride the Amtrak from South Florida to Orlando instead of making the drive.  It’s more expensive at roughly 100 bucks for both of us round trip compared with a tank of gas at 40 bucks, but the 27 dollar toll for the turnpike makes things a little closer.  It’s roughly an hour longer too, but it’s nice to be able to read or watch movies on the train instead of driving.  Most importantly, and what prevents us from using it a lot more is the schedule: you can depart at 9:30 AM from South Florida, or 1:30PM from Orlando, and that’s it.  Compare this to Europe where most cities have an hourly service and you can see the difference.  There are several points in this little anecdote: the schedule, the cost, the need for pickup upon arrival in Orlando (thanks Sara’s family!) and the time all conspire to eliminate huge swaths of potential customers.A more insidious issue: once you’re at sufficient schedule density, you basically invalidate your rail network for freight traffic.  Here’s something you may not have known: the United States has the world’s most efficient railway system (See here, and here: the US enjoys the cheapest freight rates in the world).  This is because it’s entirely freight based which allows the railroads to maximize what trains are really good at: moving huge amount of cargo extremely cheaply and efficiently.  Adding in passenger traffic (particularly dense traffic) with its priority trains would essentially destroy the efficiency we have or require incredibly expensive infrastructure investments.  Even with those investments it’s generally not feasible to run freight and intense passenger service on the same trackage.  Most freight in Europe travels by truck in case you didn’t know.Passenger rail, even where it’s “successful” in Europe and Asia is still a chronic money loser requiring subsidy support.  In a wholly unsurprising development, China’s extensive new (and darling of the media) high speed passenger network is essentially insolvent.  This is the ideal which Friedman and other breathless watchers of China and India have been prescribing for the United States for years.  Says Chinese professor Zhao Jian:

“In China, we will have a debt crisis — a high-speed rail debt crisis,” he said. “I think it is more serious than your subprime mortgage crisis. You can always leave a house or use it. The rail system is there. It’s a burden. You must operate the rail system, and when you operate it, the cost is very high.”

I’d rather have the railroad system the US currently has, thank you very much.  A privately funded, operated, and most importantly, wildly efficient transportation system that’s designed to move big bulky stuff.  As gas prices fluctuate and we continue to import a huge percentage of our manufactured goods, we’re sitting pretty.

The Impending Ad War

A few weeks ago I attended Github’s CodeConf in San Francisco.  While there, I got to meet quite a few really accomplished technologists (hackers) and discuss a variety of projects, processes, programming methods and more.  One of the most interesting moments for me came over lunch while talking to the CTO of a very well known blog which clocks in over 5 million unique visitors a month.  Like most sites of its type, it receives almost 100% of its revenue from ads.  According to him, one of the largest (new) challenges they were facing was that advertisers are beginning to buy ads targeting the blog’s fans from Facebook, not the blog itself.  In other words, to get at the blog’s users, advertisers were paying Facebook less money to directly market to the blog’s fans on Facebook.The more I think about it, the more I think this is a major problem for almost every ad supported site out there, and it could be the pitch that Facebook is using to bolster its insane valuations.  Right now, there are probably no less than a dozen Googlers being kept up at night worrying over this very problem, not to mention the admen at hundreds of highly trafficked blogs and other internet properties.  After all, if I can immediately pitch my competing product to your customers without paying you a dime, I’ve got a huge advantage, you’ve got a huge problem, and Facebook has an unbelievably great strategic position.Maybe you’re reading this and thinking “yeah that’s old news” and it probably is to many, but having never worked at an ad supported organization, I’d certainly never thought about it before.  I’ve also never heard it articulated online, and I’m wondering how many organizations even realize this is happening.  Note there is a two-fold risk here: ad supported properties risk losing ad revenue to Facebook, and they risk exposing their customers to competition.  If you’re an advertiser, you’d much rather know that you’re reaching out to all 10,000 fans of Blog X with the stats to show you who clicked, etc., vs. an anonymous 100,000 impressions.  Note that even if a Blog chose not to have a Facebook page to attempt to combat this kind of thing, Facebook can still harvest those users who “like” the Blog in their profile.Before, I used to think that the benefits of a Facebook presence for an organization outweighed the downsides, but now I’m not so sure, particularly for ad-supported businesses.  It’ll be interesting to see how this plays out.