👋 Hello World

My end of year

The end of year again! Time for some semi-public reflection. First of all I've been neglecting my own blog, which for the record has been in this form since 2005 (and funnily enough started also with an end of year review). Which is kind of a waste given a blog is a great way to commit your thoughts.

I won't make any promises I might not keep, especially at a time of new years resolutions. But I want to share more here, and especially less based on me only checking in to promote some new launch (for which I've been abusing the blog now for a while). I like Seth's idea of just showing up which he re-iterates in his new book This is marketing (nice read). But I have not been doing that for a while...

I have mixed feelings for this year, but overal 2018 was a year with a good personal & professional focus (I think I know by now what makes me happy), but maybe not much luck with results (given my entrepreneurial KPIs are way 📉).

I launched Mailbook (which gets almost daily happy testimonials), my son went to school (and is very happy there), I totally enjoy development with React now, my daughter is potty trained at 2.5, and I launched several new projects under the build.amsterdam concept, and found a new (possible) partner along the way (hi Marco). And of course, our family enjoyed a healthy year (needs a mention when you pass the 25 I guess)

But the new year starts with a sad decision: I decided to stop operating Directlyrics (after over 11 years and 1 billion (!) page views). I've seen and enjoyed the high tide of lyrics, ringtones, licensing, ads and seo, but also the downsides of low value content, decreasing CPMs, increasing costs, and complexer competition. Read more in this IndieHacker post 👉.

I wasn't able to re-invent the project, didn't surprise users and stuck too long to SEO as acquisition strategy. But also to be fair, not from a lack of trying (lots of things were tried). In this case lyrics are a high traffic business and without the traffic (e.g. under 100k a day is unmaintainable) the revenue isn't enough to continue. Kevin (the editor) was amazing over the last decade. Hire him.

But this makes room for 2019 to let go of old habits, and start of fresh, finding new fuel and route to succes (defined as... ). Less lurking (bye Twitter), more actionable days (Hello OKRs) and even more focus (oops, this now does sound like a new years resolution).

I'll be enjoying the Swiss mountains the last few days. I'll keep you updated :)

Posted by

Finding product/market fit with Mailbook

Beginning this year (2018) me, Bram and Emiel decided to build a cool side project. Bram was then struggling with collecting addresses from friends to sent out an upcoming birth announcement, so he came up with the idea that we named Mailbook. After a user signs-up, he retrieves a personal link, shares that with his friends, friends add their address and the addresses appear neatly in their personal address book. Simple. And inherit viral, because every new user sends a link to Mailbook to on average over 50 other people (in the same demographic).

In 6 months over 40,000 people added their addresses to a Mailbook. Some users collected over 200 addresses in under two days. And growth only seems to accelerate. Very cool to see.

I continue to work on it, empowered by the positive feedback and incoming feature requests. Most recently I released a quick way to create and print address labels. Compare my solution with the horrors build by Word + Excel in this Dutch article adresetiketten printen.

But the latest change: an English version of Mailbook 🎉. Not only good for my Dutch users with international friends, but also to expand the reach of the product.

So are you expecting a baby anytime soon, or planning a wedding: start collecting addresses.

Meer uitgelegd op deze gemakkelijk adressen verzamelen voor geboortekaartjes pagina.

Posted by

Latest published articles:

Below the latest articled I published in several publications:

Posted by

The Economist Explorer

I've recently posted two articles on Medium:

I'll maintain this blog and continue with updates, but Medium has evolved to a very useful tool for publishing.

Posted by

My own multi-room audio setup

I always liked the idea of having a Sonos-like multi-room setup in my house. The same tune near my dining table, in the kitchen or even outside. But I don't want to create another audio system next to my fine tuned hi-fi stereo setup. I already support Airplay, Bluetooth, Spotify Connect, etc. through my high-end AV receiver. But that audio setup is only perfect for my living room area.

Physically wiring up other rooms by creating extended zones doesn't feel like a flexible solution. Wires suck, so wireless, right? Yes, but now we're stuck with its latency that will interfere with the existing wired setup unless you like echoes or a 2 second delay (looking at you Airplay). The scope of my wants:

  • Multiroom speakers which are in sync
  • Existing receiver as audio source
  • No wires throughout the house
  • Amplified speaker, preferable portable
  • Relative high quality output
  • Control volume local and central
  • Stereo (optional)

Most existing wireless audio solutions introduce a hub setup, where a piece of hardware only job is to sync up the hooked up speakers. Every brand comes has it's own solution. My issue with those is that they introduce an (expensive) piece of hardware, which actually introduce latency from the source. There must be a better way.

The solution lies with Bluetooth. Apparently Bluetooth - of all technologies - has improved significantly over the years, and can now feature an audio codec focused on low-latency audio transmission: aptX. To be more specific, although confusing, the newly launched aptX low-latency variation. Without making this sound like an ad, it's actually kinda cool: it specs at 32ms latency end-to-end while keeping a 'near CD quality' signal (352Kbit/s).

Compared to Sonos prices, I can now create a relative low cost custom wireless solution, which extends my existing hi-fi. Bringing in a quality Bluetooth speaker (or any amplified portable speaker or soundbar) and a $50 USD Bluetooth transmitter.

Unfortunately, currently there are only a limited number of these low-latency speakers available that support aptX. I did find a match with B&O's Beoplay S3. Released recently, but packed with a nice Class D amp and beautiful design. Pricey yes, but compared to what's available, this matched the best. The sound feels big for its relative small size, and it is nicely tuned.

After getting everything hooked up, the real test came. Was Bluetooth aptX low latency the solution to my wants? How is the experience throughout the house? Happily I can say it sounds great. Honestly I did do a audio sync between the two speakers. But the setup is easy to understand, and very flexible.

I now own only one speaker, but it also has a stereo mode when paired up with another S3.

Tech stack:

  • Miccus Mini-jack TX4: AptX low-latency capable Bluetooth transmitter with an audio-in.
  • B&O Beoplay S3
  • Denon X4100W receiver
  • Kef LS50
  • Spotify app, with Spotify Connect
  • Denon app

Limitations:

  • Bluetooth's 10 meter open range and pairing.
Posted by

Recent Product Hacks

I've always enjoyed launching small product hacks. Building something from scratch gives a great rush. Hacking together API's, backend code, new functions and responsive layouts. A hackers mentality sets aside any sensible doubts which could lead to the trap of overthinking, while also challenging the brain to kick into a creative thinking and problem solving mode . Some of these hacks became timeless successes, others vanish into a folder on my PC.

Below a few recent projects I launched:

  • With the power of the Google Analytics's Real Time Reporting API I created a beautiful search activity visualization. A remake of Google's own live search presentation, but made for any site running Google Analytics. It's listed in the Google Analytics app gallery.
  • Producthunt.com leaderboard, no API so I'm crawling the site daily. Setup to get insights into whats going on in the Valley. It provides an overall overview of the activity on Producthunt, with a focus on the hunters as well as the products. I also found out I got so much data points, I can easily flag dubious voting going on. Upvote.
  • I really enjoy YouTube. But it seems they go out of their way to make it difficult to just continuously play a user channel's as one big playlist. Point in case, Majestic Casual, a video channel with over 1.7M followers, which serves a great selection of music to play in the background. So I created the unofficial majesticcasual.tv, which does what I want and looks nice too.
  • Marc Andreessen tweet essays fixes the readability of the thoughts of well-known investor Marc Andreessen which are spread out over multiple tweets on Twitter. @pmarca is known to tweet up to a dozen tweets - a tweetstorm -, but Twitter has no good way to group and read them. I even found they roll up his intermediate tweets in the stream. The project retrieved very positive high profile attention on ProductHunt and on Twitter. Really cool to see the people I follow to also mention this project on Twitter.
  • Solved a annoying issue where the native filters on iPhone photos can't be accessed on a Windows computer because the filter is only part of the meta data. The previous solution was to email myself the photo. A better solution is this crazy hack that uses the Dropbox API. I auto sync with Dropbox and this way I just select which photos I want to save back into Dropbox with the filter baked in them. Magic!
  • And my latest hack is Citytrip which collects recommendations from Airbnb hosts and lists them on a map. Great for discovering local places to eat and drink. More details on the Producthunt listing.

All of these projects scratch a personal itch, are developed in a handful of hours, and more important were fun to make and able to capture some of the web's attention.

Posted by

Product Hunt hunters analyzed

Exploring the insiders in the startup scene

Only live to the public for 100 days, Product Hunt is already bolstering an impressive affluent user base. Launched initially as a 20-minute MVP by Ryan Hoover (ex-PlayHaven, Startup Edition) and further developed into an actual product together with Nathan Bashaw (General Assembly), its user engagement and traction show they are on to something.

Their invite-only system has grown a user base featuring a who’s-who of the startup tech scene. Well known investors, founders, journalists, and developers are all hanging around.

My everlasting interest into the startup scene sparked me to look more close into these so-called tech insiders. A quick crawl of the site pulled in all 636 contributors, whom posted a total of 1571 products since October ’13.

By matching up their Twitter username with the Twitter API, I was able to pull in more profile details like location and Twitter reach.

Leaderboard

Instead of doing a lenghty write up of my findings, I've coded up a leaderboard that will update every 12 hours.

I ranked the most influental people who contributed at least one product on Product Hunt by their Twitter follower count:

Ashton Kutcher doer 15,674,053
Kevin Rose Partner, Google Ventures 1,447,113
Tristan Walker 2,79,690
Brad Feld Managing Director, Foundry Group 162,671
Johnny Shahidi Co-Founder, Shots 141,352
Hiten Shah Founder, KISSmetrics 141,192
MG Siegler 139,271
Nihal Fares Co-founder & Chief Product at Eventtus 100,937
Fred Oliveira Head of Product, Disruption Corp 59,428
Hunter Walk Partner, Homebrew 57,575

If we look at the site's activity, these hunters have most reach:

Ryan Hoover Product Hunt / Tradecraft 948 #77
Murat Mutlu Co-Founder, Marvelapp 653 #44
Jonno Riekwel Product designer, Jonnotie 438 #48
Dave Ambrose Venture Investor 353 #38
Kevin William David CEO,WalletKit 342 #42
Adam Kazwell Product Manager 342 #40
Robert Shedd Founder 334 #34
Geoffrey Weg Independent 313 #23
Nathan Bashaw Product Manager at General Assembly 298 #37
James Mundy Founder, Foundbite 277 #2

Follow all these hunters with this Twitter list. If there is an interest I'll add some more features to the leaderboard.

Posted by

Site search visualization using Google Analytics

Last summer Google re-launched its user search trends page. A page which features trending search keywords around the world. A cool addition is their visualization of these Google searches. While it is a great way to visualize data, it pretends the searches are happening at Google in real-time while if you dive into the code it's setup to only updates once every hour.

Next to that the Google Analytics team launched a developer API for real-time website reporting. The API allows queries on what visitors are doing on your site right now.

As a fun project I thought of combining both of these tools into one: visualizing visitor searches using the Real Time Reporting API data.

Launch project.

You can setup your own site visualization in only two steps: first authorize access to your Analytics data, select your site, and set the query parameter for your site search, usually the letter q. Click save, and see your visitor's searches appear live as a beautiful visualization .

If you don't have many visitors on your site you might be staring at a red screen for a while, do a search on your own site to see it appear. This is an video example of my visualization. Let me know if you run into any issues.

Featured on:

Posted by

Facebook values the privacy of its billion users at $4,500

Back in 2009 I found a major security exploit on both Facebook and the than popular MySpace which exposed access to a user's personal data. I reported both data leaks to the social networks, and weeks passed as I had to convince them of the major hole they left in their security. Reluctantly the leaks were closed after details appeared on Reddit's homepage. MySpace's PR quickly denied there was an issue at all (luckily a well-regarded TechCrunch reporter could confirm my Proof of Concept did work) and Facebook proposed to send me a t-shirt as thank you (which I never retrieved).

Since, website security has shown to never become fool-proof, leading to privacy breach news stories, diminishing user's trust in handing over their personal details and content. To counter act these security breaches (and the media exposure that comes with it) most internet giants (Facebook, Paypal, Google, Twitter, Github) have setup a so called whitehat security researcher program which allows for whitehat hackers to report security leaks for it to be patched and closed ("responsible disclosure"). In exchange of the disclosure and not actually exploiting the issue, there will no prosecution (!) and a finders bounty as reward. An idea initially developed in the software industry, due to a growing black market of parties buying exploits to setup botnets and whatnot detailed in this interesting The Economist article.

Facebook initiated such a program in 2011. This year, Facebook already lists 65 people who reported a confirmed vulnerability, which Facebook defines as "[a vulnerability] that could compromise the integrity of Facebook user data, circumvent the privacy protections of Facebook user data, or enable access to a system within the Facebook infrastructure". In other words, which puts user privacy at risk. For example the researchers Nir Goldshlager, Homakov and Isciurus are all filling up their own blogs detailing their numerous security exploit findings on Facebook and have become well known on the YC news homepage.

Actually, 66 people reported a vulnerability in 2013

Given my experience in 2009 (still not a proud owner of a Facebook t-shirt) and intrigued by the bold sentence on Facebook's security researcher page "There is no maximum reward" I went out and started giving Facebook's code another peak. Tracking several Facebook developer plugins, I stumbled upon a interesting Flash file used by Facebook which serves as proxy for communicating data between domains (to work around Cross-domain browser limitations). For me a clear sign to keep digging. A few hours later, by jumping a few hoops using cleverness, juggling subdomains around, and walking around a regex, I was able to load any user data or content using the user's own Facebook session, as shown in this proof of concept video: http://www.screenr.com/SWi7 [2m11]. In the video I pull in a user's private email addresses, but it could also easily access any content, including items tagged with the privacy restriction "Only Me". Yikes!

My excitement of the discovery was obviously high, given my exploit completely exposed, just like in 2009, a complete Facebook user account.

Facebook's bounty

Facebook holds an unprecedented amount of personal data and content in quantity as well as in quality, which can't be compared to any other (online) entity. There lays also one of their biggest operational risks. After finding the leak, I disclosed the details to Facebook's security team. After confirmation, my disclosure of the exploit accessing a user's account was awarded with the bounty of... $4,500. A nice day's pay, but a paltry fee for pointing out a gaping hole in the security of a social network holding the personal data of over a billion people. Without the disclosure of whitehat hackers, like I did, these exploits can also become available to dubious parties who could wreak (digital) havoc. An example could be an rogue ad network who would love to harvest and tie in the users Facebook identity for ad targeting. Facebook's PR reaction on these exploits is usualy that they haven't seen actual usage "in the wild", but obviously if it would be abused, it would be in silence (while also penal).

Even aside from whether the discovery & disclosure is worth only USD 4,500, if you hold that against the continuous struggle Facebook has with privacy of its users, the costs of its thousands highly skilled employees, and the real implications of exposing user's data to actual dubious parties, $4,500 is clearly a small sum for the help in protecting Facebook's users personal data. With 66 exploit disclosures in the past 5 months you can wonder how many exploits are found but not disclosed to Facebook, and also wonder why Facebook is so dependent on external security research & disclosure for its user data security.

Update: /r/netsec lists some more technical details if you are interested and Hacker News has an interesting discussion.

Update #2: I'm now also listed on facebook.com/whitehat.

Posted by

TechCrunch Crunched - Exposing the lastest tech trends

6 fictitious questions finally answered

TechCrunch has always been the most authoritative news outlet on whats hot in Silicon Valley regarding start-up trends, early & late investments, product launches, celeb founders and of course geeky drama. Although some frequently praised start-ups were eventually exposed as fads (Badgeville, Groupon) other were expertly picked early on (Twitter, AirBnb).

Giving it's again that time of the year for end-of-year re-captions, I've setup a research focused on analyzing TechCrunch's editorial posts, with as aim to expose this year's trends in tech. And while I was at it, I even went all the way back into the archives from when TechCrunch's was launched.

I analyzed all 106,664 posts made from January 2006 onward, looking for interesting data hidden in the individual posts.

Read my complete guest post on TechCrunch.

Posted by

1 2 3 4 5