Quick Course On Effective Website Copywriting

Posted by Smashing Magazine Feed at 05-18-2012

Many dismiss copywriting as something that ad agency people do. Truthfully, all of us need to pay close attention to copywriting if we want to achieve our business objectives.

The goal of a “regular” text is to inform or entertain. The goal of Web copy (and ideally your website in general) is to get people to do something—to sign up, make a purchase, or something similar. Hiring a professional copywriter can be very expensive, which is one of the reasons why this is a valuable skill to have yourself.

“I don’t need to learn copywriting, I write based on how it sounds to me.”

Think you don’t need to learn copywriting?

David Ogilvy, the father of modern advertising, addressed this in his book Ogilvy on Advertising. One of his copywriters told him that he had not read any books about advertising; he preferred to rely on his own intuition.

Ogilvy asked him: “Suppose your gallbladder has to be removed this evening. Will you choose a surgeon who has read some books on anatomy and knows where the gallbladder, is or someone who relies on his own intuition?”

What distinguishes top experts from mediocre players is that the best know more. You can write better copy if you know more about it.

The Process Of Writing Great Copy

Everything is easier with the right process. If your approach to copywriting is “I’ll just try to be convincing”, you’re setting yourself up for failure.

You don’t even need to be a “natural writer” to come up with excellent copy, you just need the right process and some key principles about writing copy that sells.

The best processes are simple, as those are the ones you actually use.

Here are the six steps of effective copywriting process:

1. Research: customer, product and competition.
2. Outline and guideposts.
3. Draft copy.
4. Conversion boost.
5. Revise, rearrange.
6. Test.

And now let’s get to the details:

1. Research

This is often the most time-intensive part of your copywriting.

“You don’t stand a tinker’s chance of producing successful advertising unless you start doing your homework. I have always found this extremely tedious, but there is no way around it.”
— David Ogilvy

David Ogilvy had the task to do copywriting for a Rolls Royce ad. He spent three weeks reading about it before he came up with the headline and the rest of the copy. While he was talking about advertising, it equally applies to your website copy—the goal is to get people to do something.

Ogilvy’s famous Rolls Royce ad.

You need to figure out why people buy the product, how they buy it, what they use it for, and what really matters to them. If you don’t have this figured out, you really cannot write a copy that works. When it’s your own business that you’re writing copy for, things go much faster, of course, as you know the product and the competition.

Gauge the Competition

You need to be aware of your direct competition, how they present their product, and what claims they seem to be making. If you are not selling something unique, you are selling as much for your competition as you are selling for yourself. Being “like” others or choosing to be “one of the leading providers of” is a losing strategy.

Neuromarketing research tells us that differentiating our claims is the key to talking to the old brain, the decision making part of our brain. Our whole business identity should be different from the competition, and the claims we’re making about our product should stand out.

Get Out of the Office

The answers are not in your office and you won’t have eureka-moments at brainstorming meetings (working solo is far more effective anyway). You have to interview people. Don’t waste time interviewing random people, you need to talk to your ideal customers and find out what’s on their minds.

Find out what they think about your kind of product, what language they use when they talk about it, what attributes are important to them, and what promises would most likely convince them to buy it. Pick the last 10 to 20 customers (who still remember their purchasing experiences), and ask them these questions (recording the interviews is a good idea, but ask for permission):

• Who are you? What do you do? (customer profile)
• What does our product help you do? (helps you understand how they use it, tells you words they use to describe our product)
• Which parameters did you compare on different options? (which features matter)
• What were the most important ones? (key pains to solve)
• Which alternatives did you consider? (competitors we have to look at)
• What made you choose our product? (our key advantage)
• What were the biggest hesitations and doubts before the purchase? (things we have to address in the copy)
• Were there questions you needed answers to, but couldn’t find any? (necessary information to provide)
• What information would have helped you make the decision faster? (same as above)
• In which words would you recommend it to somebody you know? (words they use to describe our product)

Take note of the exact wording they use. Your copy needs to match the conversation in your customer’s mind. If you talk about “scribing devices” and he needs a pen, there’s a mismatch.

My point is that when customers see the product described in words they have in their mind already, then you’ve got their attention.

2. Outline And Guideposts

Next step: write the outline. Guideposts are the markers that help you write the content.

Writing an outline usually only takes a few minutes and provides a road map for the rest of the project. It allows you to complete the work faster and ensures that you stick to the flow.

The outline structure will depend on the page you’re writing the copy for. The main pages you need a well thought-out copy in place are your home page and product pages.

Here are outline templates I personally use, and you can copy them. I’ve tweaked and tested them over the years, and this model works the best for me.

Home Page Copy

Your home page copy structure depends a lot on your business. A nail salon would have a different approach from an e-commerce store; a website selling mobile app design courses is different from a hosting company. Hence, it’s basically impossible for me to give you an outline template for your home page.

What IS universal is the value proposition. Every home page needs one (unless you’re a very well-known brand)

A value proposition is a promise of value to be delivered. It’s the primary reason a prospect should buy from you. The value proposition is usually a block of text with a visual.

There is no one right way to go about it, but I suggest you start with the following formula:

• Headline:
  What is the end-benefit you’re offering, in one short sentence. Can mention the product and/or the customer. Attention grabber.
• Sub-headline or a two-to-three sentence paragraph:
  A specific explanation of what you do/offer, for whom, and why is it useful.
• Bullet points:
  List the key benefits or features.

Here’s a list of useful value proposition examples you can check out.

Product Page Copy Outline

Product page is where you sell the value of your product and where the user takes action (adds to cart, sign up, makes a purchase, etc.).

1. Name of the product.
2. Value proposition: what’s the end-benefit of this product and who is it for?
3. Specific and clear overview of what the product does and why is that good (features and benefits).
4. What’s the pain that it solves? Description of the problem.
5. List of everything in the product (e.g. curriculum of the course, list of every item in the package, etc.).
6. Technical information: parameters, what do you get and how does it work?
7. Objection handling. Make a list of all possible FUDs (fears, uncertainties, doubts) and address them.
8. Bonuses (what you get on top of the offer).
9. Money-back guarantee (+ return policy).
10. Price.
11. Call to action.
12. Expectation setting: what happens after you buy?

What you now have in place is like a skeleton. Next step would be to start writing the draft version of the copy by filling in the blanks.

3. Draft Copy

Start filling in the blanks in the template above, and keep these points in mind for the style of your writing.

Avoid Jargon and Blandvertising

The goal of the copy is to connect with the reader, and guide them towards an action.

“Human relationships are about communicating. Business jargon should be banished in favor of simple English. Simplicity is a sign of truth and a criterion of beauty. Complexity can be a way of hiding the truth.”
— Helena Rubinstein

Using complicated, fancy words does not make you seem any smarter or your solution any better—it just turns everybody off. Who wants to read something that doesn’t feel like it’s written for them? Talk to people like a real human. If you wouldn’t use a phrase on your website in a conversation with a customer, then don’t use it.

In addition to fancy words, avoid meaningless phrases. What do “on-demand marketing software”, “integrated solutions” or “flexible platform” really mean anyway?

Or useless phrases like “changing the way X is done”, “paradigm shifting …” or “exceeding customer expectations”—stop the nonsense. These bland phrases have long lost any meaning, and you will just waste precious attention time. You can see a list of the top 100 most overused buzzwords and marketing speak in press releases here.

Another thing to avoid—superlatives and hype. Saying things like “the best”, “world leader”, “once-in-a-lifetime opportunity” will just ruin your integrity. People don’t believe such claims anyway (even if they’re true).

What to do instead? Be specific.

Be Specific

Specificity converts.

“Clearer and more specific subject lines convert better.”
— Bob Kemper, Senior Director of Sciences, MECLABS.

While in that specific quote Bob was focused on subject lines, this principle applies equally well to all copywriting. Specific is believable, specific is attractive, specific is convincing. Don’t be vague, be specific.

“We have the best coffee in the world” vs “Our estate earned the ‘world’s best coffee’ title at the Specialty Coffee Association of America’s Roasters Guild for the third year in a row.” Which claim is more believable?

You can use a superlative if you back it up.

Here’s an example. Can you understand what they offer?

Specific headline. Specific call to action with a specific explanation of what they get when they sign up. Specific benefits listed. Specific image to show the product in action.

It Has to Be About Them

Remember the old brain I mentioned before?

Our brains have three layers, and the oldest part—the old brain—is the decision-making part.

The “Old Brain” is the part that humans and their predecessors have had the longest—like 450 million years or so. So the part of the brain that controls decisions is fairly primitive and mostly concerned with survival.

If your copy is about you (your product, your company) and not the prospect (his problems, his life), you will fail. Make it about them. Too many companies start by stating “our company was founded…”, “we offer …” or something especially useless like “welcome to your website”.

Instead of saying “we specialize in dog training”, say “train your dog in two weeks”—move the focus from you to the benefit they will receive. People care about themselves—not you—and whether your website can be helpful in some way.

How Much Information Should I Provide?

Tests have shown that 79% of people don’t read, they just skim. However, 16% read everything.

Those 16% are your main target group, the most interested people. If people are not interested in what you are selling, it doesn’t matter how long or short your sales copy is. If they are interested, you should give them as much information as possible.

Complete information is the best sales copy. A study by IDC showed that 50% of the uncompleted purchases were due to lack of information. They can always skip parts and click the “buy” button once they have the information they need. But if they read through the whole thing and they’re still not convinced, then you have a problem.

This is why you should always strive to say everything that can possibly be said about your product. You cannot be there in person to explain and answer the questions, so your copy needs to do it for you.

All at Once or Make Them Click?

Long form copy works just great, but it’s not necessary to provide all the information on a single page. It’s okay to move supplemental information onto a different page (layer, popup, etc.) and just link to it.

For instance, Amazon often hides full technical information of products behind a link—since it’s only interesting to the hardcore tech savvy customers (and most customers are not).

Full technical details available after clicking a link.

The important thing is that all the information needed to make the decision is on a single page. Don’t make people work click to read stuff that you want them to read anyway (like features, benefits, testimonials, pricing, etc.).

When, Where and If at All Should I Show the Price?

Some people think that the price drives readers away, and they should hide it somehow—or make it hard to get to. While there is truth in that sometimes, it’s mostly false.

Consider this:

1. People always want to know how much things cost.
2. If you don’t publish the price, have a “get a quote” form instead. But if your competition does, they may get the client.

You should always make the price easy to find, but for more complex / expensive products communicate the value before the price.

Let’s say you’re selling a copper vase. Price: $990.

Seems expensive. But what if you knew that it was designed by Andy Warhol and previously used by Kurt Cobain? If you know who these people are and respect them, this changes everything, and it might seem like a steal instead.

So communicate value before price.

If your price is cheap, you want people to know it. If it’s expensive, the price qualifies the right people who are convinced to buy your copy. Giving price details also convinces your reader of the image and brand value of your product.

4. Conversion Boost

Once you have the content in place, it’s time to give it a conversion boost. The goal of the website copy is to convert the reader into a buyer (or subscriber, lead, etc.). There are certain things we can do to improve the conversion rate (the percentage of readers that take action) of the copy.

We’ll use three guides here to make the copy sell better:

• Conversion frameworks.
• Science of persuasion.
• Neuromarketing research.

Conversion boost. Image credit APM Alex.

Conversion Frameworks and Why They Matter

Conversion frameworks are a structured approach for increasing website conversion rates. The most prominent ones have been fine-tuned over the years and have been proven to boost sales.

While the conversion frameworks apply to a website as a whole, they can also be used as frameworks to improve sales copy.

There are many conversion frameworks around, let’s use one of them as an example:

C = 4m + 3v + 2(i-f) – 2a

This is not a lesson in physics, but a conversion formula developed by Marketing Experiments. Translation:

C = Probability of conversion
m = Motivation of user (when)
v = Clarity of the value proposition (why)
i = Incentive to take action
f = Friction elements of process
a = Anxiety about entering information

Summary: The probability of conversion depends on the match between the offer and visitor motivation + the clarity of the value proposition + (incentives to take action now—friction)—anxiety. The numbers next to each character signify the importance of them.

How to apply this to your copy:

• Is your value proposition easy to understand and perfectly clear? Would everyone understand what you offer and how it’s beneficial to them?
• Go through your copy and see if there’s any way to make your statements clearer.
• Communicate value: don’t just list features, turn them into benefits.
• Make a list of all possible questions, doubts and objections that prospects might have in the buying process. Address them.
• Make the buying or signup process as easy as possible, remove everything that is not absolutely necessary.
• Add microcopy: explain why you need certain data and what happens after they give it to you.
• Provide full information: what happens after they buy, what can they expect, when is the product shipped, what’s the delivery time.
• Add risk reversal: what kind of guarantees are in place? What happens if they don’t like it, or it’s not what they thought, etc?

The Science of Persuasion

Persuasion has been researched thoroughly. Mr. Cialdini is undoubtedly the biggest authority on the field. His books are bestsellers and have been on the “must-read” list for marketers and copywriters for years.

In his research, Cialdini came up with six scientific principles of persuasion that will help guide you to become more effective at getting people to do what you want. In case you’re not familiar with those principles, then here’s the summary:

Principle 1: Reciprocity
People feel obligated to give back to others who have given to them.
How to use it: teach your prospect something useful in your copy, give away free stuff, and better yet—add value to your prospects long before you even start to sell them something.

Principle 2: Liking
We prefer to say “yes” to those we know and like.
How to use it: talk/write like a human, connect with the reader, share details about yourself. Blog. Be friendly and cool (like Richard Branson, Oprah, Gary V).

Principle 3: Social Proof
People decide what’s appropriate for them to do in a situation by examining and following what others are doing.
How to use it: show how many others are already using your product. Show off your numbers. Use testimonials. Link to 3rd-party articles.

Principle 4: Authority
People rely on those with superior knowledge or perspective for guidance on how to respond AND what decisions to make.
How to use it: Demonstrate your expertise. Show off your resume and results. Get celebrity (in your niche) endorsements.

Principle 5: Consistency
Once we make a choice/take a stand, we will encounter personal and interpersonal pressure to behave consistently with that commitment.
How to use it: Start small and move up from there. Sell something small at first (a no-brainer deal), even if you make no money on it. They now see themselves as your customer, and will most likely return to make a larger purchase.

Principle 6: Scarcity
Opportunities appear more valuable when they are less available.
How to use it: Use time or quantity limited bonuses. Limit access to your product. Promote exclusivity.

What Neuromarketing Teaches Us

Research in neuromarketing (put together in this book) reveals interesting things about our brains.

Neuromarketing study in action. Image credit: SMI Eye Tracking.

We’re usually trying to talk to the “new brain”—the sophisticated one—but it’s the brute “old brain” that makes all the decisions, so we need to dumb it down. Here’s the formula for talking to the old brain:

Selling probability = Pain x Claim x Gain x (Old Brain)³

1. First you need to identify the prospect’s pain and make sure they acknowledge the pain before you start to sell them anything. Then, you’ve got to differentiate your claims from your competitors. The strongest claim is the one that eliminates the strongest pain.
2. Next, you have to show convincing proof to back the claims up. The “Old Brain” is resistant to new ideas and concepts, so your proof must be very convincing. Show tangible evidence, data, before & after comparisons, testimonials, and case studies.
3. In order to reach the old brain, you need to start with a “grabber”—something that really gets the attention (“if you’re selling fire extinguishers, start with fire”, like Ogilvy said). Second—the “Old brain” is visual, so use a big picture to illustrate and reinforce your message. Visuals get to the brain much faster than words. Best visuals show contrast—before/after, beginning/end, then/now.

How to apply it to your copy:

• Start with a grabber—something that evokes emotion.
• Address the pain from the get-go.
• Use a big picture next to your value proposition, one that the prospect can identify with.
• Are your claims different from the competition?
• Add proof to your claims in all possible formats.

5. Revise And Rearrange

Done with conversion boosting? Now enjoy a full night of sleep and come back to the copy in the morning.

A fresh look a day later will help you spot inconsistencies, missing information, and flaws in the general flow of the copy. Use this time to add more information, rearrange the order of different blocks and fix the typos (spelling mistakes can cost you customers).

Before you publish the sales copy, it always pays to get two or three other people to read it and give you feedback. You want feedback from your ideal customers—do they get any questions that were left unanswered? Is there any part that needs to be made clearer? And peers—other marketers or entrepreneurs. What could make the offer better and more credible?

Once the editing is complete, you can make it live on your website. Don’t guess whether the headline or value propositions are as good as they can be, immediately launch two versions of the copy and test them.

6. Test

There is no good way to predict how well the copy will do. Sometimes the conversion rates can skyrocket overnight. Sometimes the new copy turns out to be a downright dud.

You need to test your copy. Image credit Horia Varlan.

Maybe it’s because the offer is weak. Perhaps the headline is the bottleneck. It’s impossible to put the finger on the problem as all you have are hypothesis. The only way to know is to test.

Don’t trust a copywriter who says he always writes killer copy on his first try. Nobody does.

Most common problems:

• Your value proposition is poor.
• The offer doesn’t match the audience’s needs.
• The headline is weak.
• It’s not clear how the visitor benefits from this.

Start with A/B testing value propositions, and go from there.

Conclusion

Writing great copy is a skill you have to learn just like anything else. Use the outline and the tips to get started on the right track. Stephen King, the famous writer, said that if you want to be a writer, you must do two things above all others: read a lot and write a lot. I believe the same goes for writing great copy.

The best Web copy is not the one that uses sophisticated persuasion and mind manipulation techniques. The best copy provides full information about the product, its benefits, and makes it clear whether it’s the right one for the user.

(jvb) (il)

---

© Peep Laja for Smashing Magazine, 2012.

Posted in Design | Add Comments »

Freebie Friday: 4 Chipped Concrete Brushes

Posted by BittBox at 05-18-2012

Preview

Download .ZIP

Posted in Design | Add Comments »

33 Hot New Freebies from the Dribbble Community

Posted by BittBox at 05-17-2012

The designers over at Dribbble are exceptionally talented in a wide range of skills. You can always find work of illustrations, vectors, patterns, and graphics for the web & mobile. Some designers are even nice enough to offer their work for free download to the community. As such I’ve put together a collection of the newest freebies in 2012 you’re sure to love.

Minimal Chrome Browser Window

Nautical Icon Set

Free White iPhone 4S Mockup

Freebie: Settings Menu

Cuisine Icon

Free UI Icons

Comments Form PSD

iPhone App/Game Free PSD

To-do Icon

Playlistnow.fm Inspired Search bar

NES Icon Battle

Vintage Book Texture

350 Free Vector Web Icons

PSD Sliders

Mini-Flags Icons

Ultralight UI Kit

Alien Webkit Freebie

Seamless Textile Texture

Washing Machine Icons

Freebie – Social Keyboard

Dropdown Buttons

Wood Display Frame

Freebie Android 4.0 UI

Free PSD Video Player

Depth Interface Revised

Chrome Freebie PSD

Woodapp Sign-in Page

TV Icon Freebie

PSD UI Simple Design – Music Player

Mega Web Elements UI Kit

Stylish Music Player

Darkchest PSD Switches

Dark Login Dribbble

Posted in Design | Add Comments »

Backpack Algorithms And Public-Key Cryptography Made Easy

Posted by Smashing Magazine Feed at 05-17-2012

E-commerce runs on secrets. Those secrets let you update your blog, shop at Amazon and share code on GitHub. Computer security is all about keeping your secrets known only to you and the people you choose to share them with.

We’ve been sharing secrets for centuries, but the Internet runs on a special kind of secret sharing called public-key cryptography. Most secret messages depend on a shared secret—a key or password that everyone agrees on ahead of time. Public-key cryptography shares secret messages without a shared secret key and makes technologies like SSL possible.

Cryptography is a scary word: it conjures thoughts of complex equations and floating-point arithmetic. Cryptography does have a lot of math, but it’s more about keeping and sharing secrets.

A Simple Secret

Telling my best friends a secret is easy: I find a private place and whisper it in their ears. As long as no one is listening in, I’m totally secure. But the Internet is full of eavesdroppers, so we need codes.

We’ve all been inventing codes since we were children. I created this simple number code (actually a cipher) when I was 5:

a=1, b=2, c=3, d=4, e=5…

It fooled my friends, but not my parents. Simple substitution ciphers are based on a lack of knowledge. If you know how they work, then you can decode every message. The experts call this “security through obscurity.” Letter and number substitutions don’t work on the Internet, because anyone can look them up on Wikipedia. For computer security, we need codes that are still secure even if the bad guys, or your parents, know how they work.

The most secure code is still easy to use: a “one-time pad.” One-time pads have been used for centuries, so they don’t even need computers. They played a big part in World War II, when each pad of paper with the key numbers was used only once.

Let’s say I wanted to send you this secret message:

I love secrets

First, I’d turn the message into numbers using my simple cipher from when I was 5. (I’ve heard rumors that other people had this idea first, but I don’t believe it.)

Then I’d mash my keyboard to generate a random key string for my one-time pad.

Now I can add the two strings together. If my number is greater than 26, I would just wrap it around to the beginning. So, i(9) + e(5) = n(14), and o(15) + t(20) = i(35 - 16 = 9). The result is an encrypted string:

Decrypting the string to get the secret back is easy. We just subtract the one-time pad: n(14) - e(5) = i(9). Follow that pattern through the entire message, and you can securely share a secret. You don’t even need a computer: just work it out with a pen and paper.

This function is called a symmetric-key algorithm, or a shared-key algorithm, since it uses the same key to encrypt and decrypt the message. Modern systems can safely use the pad more than once, but the basic idea is the same.

The one-time pad is totally secure because the bad guys don’t know how we got the encoded letter. The n could be i + e, j + d or any other combination. We can use our shared secret (the one-time pad) once to share another secret.

But there’s a fatal flaw. We need to share the one-time pad ahead of time before we can start sharing secrets. That’s a chicken-and-egg problem because we can’t share the pad without worrying that someone will snoop. If the bad guys get the one-time pad, then they would be able to read everything.

One-time pads help me share secrets with my best friends, but I can’t use them with strangers such as Amazon or Facebook. I need a way to share something publicly that doesn’t compromise my one-time pad. I need a public key.

The Public-Key Backpack

Public-key encryption focuses on a single problem: how do I prove that I know something without saying what it is? An easy concept to help us understand this is a backpack full of weights.

I want to prove that I know which weights are in my pack, but I don’t want to tell you what they are. Instead of showing you all of the weights separately, I’ll just tell you the total. Now you can weigh the pack and see if I’m right without ever opening it.

If the pack weighs 20 kilos, then you wouldn’t know if it has one 20-kilo weight, twenty 1-kilo weights or something in between. With a large number, you can be pretty confident that I know what’s in the pack if I know the total; you don’t have to see inside. The weight of the backpack is the public part, and the individual weights are the private part.

This basic backpack enables us to share a secret without really sharing it. If we each have a backpack, then we can both share secrets.

The backpack works well enough for smaller numbers, but it isn’t useful in the real world. Backpack algorithms were a mere curiosity for decades. Then RSA changed everything.

RSA

RSA was the first public-key encryption system that worked in the real world. Invented more than 30 years ago, it coincided with the introduction of the more powerful computers that were needed to run the big numbers. RSA is still the most popular public-key encryption system in the world.

The basic premise of RSA is that factoring large numbers is difficult. Let’s choose two prime numbers: 61 and 53. I’m using the numbers from Wikipedia’s article on “RSA” in case you want more details.

Multiply these two numbers and you get 3233:

61 × 53 = 3233

The security of RSA comes from the difficulty of getting back to 61 and 53 if you only know 3233. There’s no good way to get the factors of 3233 (i.e. the numbers that multiply to make the result) without just looking for all of them. To think of this another way, the weight of our backpack is 3233 kilos, and inside are 61 weights weighing 53 kilos each. If you make the resulting number large enough, then finding the numbers that produced it would be very difficult.

Public And Private Keys

Unlike the one-time pad, RSA uses the public key to encrypt information and the private key to decrypt it. This works because of the special relationship between the public and private keys when they were generated, which allows you to encrypt with one and decrypt with the other.

You can share the public key with anyone and never reveal the private key. If you want to send me a secret message, just ask for my public key and use it to encrypt the message. You can then send it to anyone you want, and you’ll know that I’m the only one who can decrypt the message and read it.

I could send you a message in the same way. I would ask for your public key, encrypt the message using it and then send it to you to decrypt. The popular program Pretty Good Privacy (PGP) worked like that. We’re secure as long as we both keep our private keys private.

Exchanging keys is made even easier by special key servers that allow you to search for people and find their public keys.

Public-key encryption also works in reverse to provide digital signatures. Let’s say I want to write a message and prove that I wrote it. I just encrypt it with my private key and post it. Then anyone who wants to check can decrypt it with my public key. If the decryption works, then it means I have the private key and I wrote the message.

RSA is relatively simple: take two numbers (the private key), apply some math, and get a third number (the public key). You can write out all of the math in a few lines, and yet RSA changed the world. Business doesn’t work on the Internet without public-key encryption.

RSA And HTTPS

We use public-key encryption every day with HTTPS. When you access Facebook, Twitter or Amazon with HTTPS, you’re using a simple encryption mechanism like the one-time pad, but you’re creating the pad with public-key encryption. Without HTTPS, anyone else at Starbucks could read your credit-card number, Facebook password or private email while sipping a latte.

Amazon has a certificate from a company named VeriSign. The certificate certifies that Amazon is Amazon, and it contains its public key. Your browser creates a special key just for that session and encrypts it using Amazon’s public key. Then it sends it over the Internet, knowing that only Amazon can decrypt the session key. Once you’ve exchanged that secret key, you can use it as the one-time pad to protect your password and credit-card number.

You could keep using public-key encryption for the whole session, but because of all the math, it’s much slower than the one-time pad.

RSA And GitHub

Another place many of us use RSA is GitHub. Every time you push a change to GitHub or pull from a master branch, GitHub has to make sure you have permission to make the change. It gets its security through a secure command shell using RSA.

Remember when you set up your GitHub account and followed some commands to generate keys?

You used the SSH-Keygen tool to generate a new RSA private/public key pair. Then you went to your GitHub account page and entered your public key.

Now, when GitHub needs to authenticate you, it asks your computer to sign something with your private key and return the signed data. With your public key, GitHub can confirm that the signature is authentic and could only have been produced by someone who has the corresponding private key—even though GitHub itself doesn’t have that private key.

That’s better than a simple password because nobody can snoop it. And if GitHub ever gets hacked, your private key won’t be in danger because only you have it.

Sharing Passwords

When WordPress.org was “hacked”, it wasn’t really hacked. WordPress plugin developers, like everyone else, have accounts on other websites. They also reuse their passwords. When hackers cracked those other websites, they used the stolen passwords to log into WordPress.org and make malicious changes to plugins.

Most people use the same user name and password on multiple websites. That makes your website only as secure as everyone else’s. Public-key encryption changes that. Because you never have to share your private key, it doesn’t matter if other websites get hacked. If an attacker breaks into GitHub and gets your public key, they can’t use it to impersonate you or log in as you on other websites. Only someone with your private key can do that, which is why your private key remains safe on your computer. Using public-key cryptography makes GitHub much more secure.

GitHub Gets Hacked

GitHub was hacked recently, but not because the encryption failed. Real-world security breaches are caused by problems in implementation, not in math.

In this case, the hacker was able to exploit a hole and add his public key to the Ruby on Rails repository. Once the key was added, GitHub used it to verify the hacker’s identity and granted him access. We’re lucky this hacker was friendly and told GitHub about the issue.

Once the problem was fixed, you could keep using your private key because GitHub never had it to lose; it stayed on your machine. Public keys saved GitHub from serious problems.

The weakest link in GitHub’s security was in the mechanism that allowed clever users to add public keys to other projects without being authorized. The math was perfect, but the implementation wasn’t.

Public Keys In The Wild

Knowing the fundamentals is essential (you might say the key) to writing secure applications. The math is complex, but the basics are simple:

• There are two main types of encryption: shared-key encryption, such as a one-time pad, and public-key encryption, which uses public and private keys.
• Shared-key encryption is faster, but sharing the keys is difficult.
• RSA is the most popular public-key encryption algorithm, but a few others are in general use, as well as some cool experimental systems.
• Public-key cryptography works best in combination with other technologies.
• Don’t ever share your private key with anyone.

When it comes time to implement public-key cryptography in your application, don’t. RSA and other algorithms are already implemented in all major languages. These libraries include extra security features such as padding and salts, and they have a lot of testing behind them.

Most security flaws come from poor implementations and misunderstanding about the libraries. You don’t have to write your own cryptography libraries, but you do have to know the fundamentals so that you can use the ones that are out there.

Illustrations in this article were provided by Robb Perry.

(al) (km)

---

© Zack Grossbart for Smashing Magazine, 2012.

Posted in Design | Add Comments »

Stop Redesigning And Start Tuning Your Site Instead

Posted by Smashing Magazine Feed at 05-16-2012

In my nearly two decades as an information architect, I’ve seen my clients flush away millions upon millions of dollars on worthless, pointless, “fix it once and for all” website redesigns. All types of organizations are guilty: large government agencies, Fortune 500s, not-for-profits and (especially) institutions of higher education.

Worst of all, these offending organizations are prone to repeating the redesign process every few years like spendthrift amnesiacs. Remember what Einstein said about insanity? (It’s this, if you don’t know.) It’s as if they enjoy the sensation of failing spectacularly, publicly and expensively. Sadly, redesigns rarely solve actual problems faced by end users.

I’m frustrated because it really doesn’t have to be this way. Let’s look at why redesigns happen, and some straightforward and inexpensive ways we might avoid them.

The Diagnostic Void

Your users complain about your website’s confounding navigation, stale content, poor usability and other user experience failures. You bring up their gripes with the website’s owners. They listen and decide to take action. Their hearts are in the right place. But the wheels quickly come off.

Most website owners don’t know how to diagnose the problems of a large complex website. It’s just not something they were ever taught to do. So, they’re put in the unfortunate, uncomfortable position of operating like country doctors who’ve suddenly been tasked to save their patients from a virulent new pandemic. It is their responsibility, but they’re simply unprepared.

Sadly, many website owners fill this diagnostic void — or, more typically, allow it to be filled — with whatever solution sounds best. Naturally, many less-than-ethical vendors are glad to dress up their offerings as solutions to anyone with a problem — and a budget. The tools themselves (search engines, CMS’, social apps) are wonderful, but they’re still just tools — very expensive ones, at that — and not solutions to the very specific problems that an organization faces. Without proper diagnostics to guide the configuration of tools, any resulting improvements to the user experience will be almost accidental.

Sometimes design agencies are brought in to fill the diagnostic void. And while not all agencies are evil, a great many follow a business model that depends on getting their teams to bill as many hours as they can and as soon as possible. Diagnostics can slow the work down (which is why clients rarely include a diagnostic phase in their RFPs). So, many agencies move to make a quick, tangible impression (and make their clients happy) by delivering redesigns that are mostly cosmetic.

A pretty face can last only a few years, but by then the agency is long gone. Invariably, the new owner wishes to make their mark by freshening or updating the website’s look. And another agency will be more than happy to oblige. Repeat ad nauseam, and then some.

Oh, and sometimes these redesigns can be pricey. Like $18 million pricey.

See why I’m so grouchy?

Forget the Long Tail: The Short Head Is Where It’s At

Whether you’re a designer, researcher or website owner, I’ve got some good news for you: diagnostics aren’t necessarily difficult or expensive. Better yet, you’ll often find that addressing the problems you’ve diagnosed isn’t that hard.

And the best news? Small simple fixes can accomplish far more than expensive redesigns. The reason? People just care about some stuff more than they care about other stuff. A lot more. Check this out and you’ll see:

This hockey-stick-shaped curve is called a Zipf curve. (It comes from linguistics: Zipf was a linguist who liked to count words… but don’t worry about that.) Here it is in dragon form, displaying the frequency of search queries on a website. The most frequently searched queries (starting on the left) are very, very frequent. They make up the “short head.” As you move to the right (to the esoteric one-off queries in the “long tail”), query frequency drops off. A lot. And it’s a really long tail.

This is absolutely the most important thing in the universe. So, to make sure it’s absolutely clear, let’s make the same point using text:

Query’s rank	Cumulative %	Query’s frequency	Query
1	1.40%	7,218	campus map
14	10.53%	2,464	housing
42	20.18%	1,351	web enroll
98	30.01%	650	computer center
221	40.05%	295	msu union
500	50.02%	124	hotels
7,877	80.00%	7	department of surgery

In this case, tens of thousands of unique queries are being searched for on this university website, but the first one accounts for 1.4% of all search traffic. That’s massive, considering that it’s just one query out of tens of thousands. How many short-head queries would it take to get to 10% of all search traffic? Only 14 — out of tens of thousands. The 42 most frequent queries cover over 20% of the website’s entire search traffic. About a hundred gets us to 30%. And so on.

It’s Zipf’s World; We Just Live in It

This is very good news.

Want to improve your website’s search performance? Don’t rip out the search engine and buy a new one! Start by testing and improving the performance of the 100 most frequent queries. Or, if you don’t have the time, just the top 50. Or 10. Or 1 — test out “campus map” by actually searching for it. Does something useful and relevant come up? No? Why not? Is the content missing or mistitled or mistagged or jargony or broken? Is there some other problem? That, folks, is diagnostics. And when you do that with your website’s short head, your diagnostic efforts will go a very long way.

The news gets better: Zipf is a rule. The search queries for all websites follow a Zipf distribution.

And the news gets even jump-up-and-down-and-scream-your-head-off better: Zipf is true not only for your website’s search queries. Your content works the same way! A small subset of your website’s content does the heavy lifting. Much of the rest has little or no practical value at all. (In fact, I’ve heard a rumor that 90% of Microsoft.com’s content has never, ever been accessed. Not once. But it’s a just a rumor. And you didn’t hear it here.) Bottom line: don’t redesign all of your content — focus on the stuff that people actually need.

You’ll also see a short head when it comes to your website’s features. People need just a few of them; the rest are gravy.

And there’s more. Of all the audience types that your website serves, one or two matter far more than the others. What tasks do those audience types wish to accomplish on your website? A few are short-head tasks; the rest just aren’t that important.

As you can see, the Zipf curve is everywhere. And fortunately, the phenomenon is helpful: you can use it to prioritize your efforts to tweak and tune your website’s content, functionality, searchability, navigation and overall performance.

Your Website Is Not A Democracy

When you examine the short head — of your documents, your users’ tasks, their search behavior and so forth — you’ll know where to find the most important problems to solve. In effect, you can stop boiling the ocean…

… and start prioritizing your efforts to diagnose and truly solve your website’s problems.

Now, let’s put these short-head ideas together. Below is a report card for an academic website that starts with the short head of its audience:

In other words, of all the audience types this university website has, the three most important are people who might pay money to the university (applicants,) people who are paying money now (students) and people who will hopefully pay money for the rest of their lives (alumni). How do we know they’re the most important audiences? We could go by user research; for example, the analytics might suggest that these audiences generate more traffic than anyone else. Or perhaps the university’s stakeholders believe that these are the most important ones in their influence and revenue. Or some combination of both. Whatever the case, these three audiences likely swamp all other segments in importance.

Then, we would want to know the short-head tasks and information needs of each audience type. We might interview stakeholders to see what they think (column 2). And we might perform research — user interviews and search analytics, for example — to find out what users say is most important to them (column 3).

Of course, as the good folks at xkcd demonstrate, stakeholders and users don’t always see things the same way:

That’s why talking to both stakeholders and users is important. And once you’ve figured out the short head for each, you’ll need to earn your salary and, through some careful negotiation, combine your takes on each audience type’s needs. That’s what we’ve done in column 4.

Finally, in column 5, we’ve tested each task or need and evaluated how well it works. (Because it’s a university-related example, letter grades seemed appropriate.) You can do this evaluation in an expensive, statistically significant way; but really, enough research is out there to suggest that you don’t need to spend a lot of time and money on such testing. More importantly, these needs and tasks are often fairly narrow and, therefore, easy to test.

So, after testing, we can see what’s not going well. Finding information on “mentoring” is hard for applicants. And current students have a devil of a time when they “look up grades.”

Now we’re done diagnosing the problems and can begin making fixes. We can change the title of the “Paired Guidance Program” page to “Mentoring.” We can create a better landing page for the transcript application. The hard part, diagnostics, is out of the way, and we can now fix and tune our website’s performance as much as our resources allow.

From Project To Process To Payoff

These fixes are typically and wonderfully small and concrete, but because they live in the short head, they make a huge and lovely impact on the user experience — at a fraction of the cost of a typical redesign.

The tuning process itself is quite simple. It’s what we used to arrive at the report card below:

If you repeat this simple process on a regular basis — say, every month or quarter — then you can head off the entropy that causes fresh designs and fresher content to go rotten. Thus, the redesign that your organization has scheduled for two years from now can officially be canceled.

Your website’s owners ought to be happy about all this. And you should be, too: rather than tackling the project of getting your website “right” — which is impossible — you can now focus on tweaking and tuning it from here on out. So, forget redesigns, and start owning and benefiting from a process of continual improvement.

Special Thanks – Illustrations

Eva-Lotta is a UX Designer and Illustrator based in London, UK where she currently works as an interaction designer at Google. Besides her daytime mission of making the web a more understandable, usable and delightful place, she regularly takes sketchnotes at all sorts of talks and conferences and recently self-published her second book. Eva-Lotta also teaches sketching workshops and is interested in (something she calls) visual improvisation. Exploring the parallels between sketching and improvisation, she experiments with the principles from her theater improvisation practice to inspire visual work.

(al)

---

© Louis Rosenfeld for Smashing Magazine, 2012.

Posted in Design | Add Comments »

New tutorial on creating object pools in AS3

Posted by leebrimelow.com at 05-15-2012

I just uploaded a new tutorial that shows you how to create and use object pools in AS3. In the example I am using Starling but the concepts carry over to any other framework or just the traditional display list. This concept is vital to get good performance for your games on mobile.

Posted in Flash | Add Comments »

GreenSock tweening comes to JavaScript

Posted by leebrimelow.com at 05-15-2012

Great news for those who are looking to get into JS animation. GreenSock, the creator of excellent libraries like TweenLite and TweenMax, has just released their new animation platform and it includes support for both Flash and HTML5. By the looks of the API, it makes animating DOM elements and CSS properties a breeze and the performance looks amazing!

Posted in Flash | Add Comments »

Free Texture Tuesday: 5 Vintage Paper Textures

Posted by BittBox at 05-15-2012

Posted in Design | Add Comments »

Zocial Button Set: 72 CSS3 Buttons

Posted by Smashing Magazine Feed at 05-15-2012

The idea behind this project was to produce a consistent set of buttons that could be used for the range of social actions frequently taken in Web applications. These actions are often important goals for users, such as connecting third-party accounts or sharing content to third-party platforms, so their appearance has to be attractive and clear.

The standard buttons provided by third parties (such as Facebook, Twitter and SoundCloud) vary in size, style and interactivity. A consistent button set could reduce a lot of that visual noise and inconsistency. Furthermore, having it in CSS format means that changing the text for certain actions would be a breeze for developers, and it also allows administrators of non-English websites to translate labels into their native languages.

The button set was designed from the beginning to require no extra markup, and the elements used are entirely the choice of the (semantically considerate) designer. All buttons are fully scalable and customizable, and they degrade gracefully on older browsers, although the aesthetics in IE 6 and 7 are admittedly inferior to image-based alternatives.

No raster images or sprites were used. Instead, vector icons were inserted using a custom font file, an @font-face rule and pseudo elements. For more information, John Hicks has an informative write-up on this technique.

Download The Button Set For Free

This button set is free to use and extend, personally or commercially. No attribution is required.

• Preview
• Demo
• Download the package (ZIP, 147 KB)
• GitHub repository (handwritten CSS)
• Sass framework (six buttons) (by @adamstac)

Features

• 100%-vector CSS3 buttons
• @font-face icons and custom font files
• 72 services supported
• Button and icon versions supported
• Em sizing for full scalability
• Generic primary and secondary action buttons for consistency
• Graceful degradation on older browsers

Preview

Screenshots of each set are below. Or view a live demo.

Usage

The button set was designed with simplicity and semantics in mind. No unnecessary or extra markup is required, and button types are called through class names. Call the zocial.css file on your page (make sure the font files and the zocial.css file are in the same directory). Buttons can be displayed with the following markup:

<button class="zocial facebook">Sign in with Facebook</button>

The parent element is agnostic, so you may use <a>, <div> or <button>, but it must contain a child <span> element. [Thanks, Lea!]

To choose buttons from the set, include the appropriate class name for the service, such as .dropbox, .linkedin or .twitter.

Icon versions can be displayed by including an extra .icon class, as follows:

<a class="zocial quora icon">Follow me on Quora</a>

More code samples are available on the Zocial page.

(al)

---

© Sam Collins for Smashing Magazine, 2012.

Posted in Design | Add Comments »

Novel Constructions

Posted by I love typography, the typography and fonts blog at 05-15-2012

A sudden bolt of inspiration would makes for an enticing story of a typeface’s beginnings, one that would perhaps be helpful when marketing it. However, in reality, not all typefaces come into the world that way. Sometimes, as was the case for Novel, the idea slowly percolates. Even the somewhat unspectacular name I chose for this family reflects that process.

Just like many of my fellow Type and Media graduates I was adamant about continuing to work on designing typefaces after graduation. But unlike most of them I never had to face the question of whether to continue on the project developed over the course of my study. My efforts were less than stellar, so I couldn’t wait to start from scratch.

Though there was no sudden moment of insight, I believe that with most type designers it’s very obvious which typefaces could have had an influence. As for me I admire Jan van Krimpen’s Romulus and Bram de Does’s typefaces Trinité and Lexicon. In addition, I can’t imagine ever getting tired of looking at Peter Verheul’s Versa. As I studied both graphic design and type design at the Royal Academy of Art, my affection for reading typefaces with broad-nib contrast and calligraphic details isn’t surprising.

For me the start of working on a typeface involves strictly being away from computer. The design process is rather simple. I spend a lot of time on sketching different ideas — at first quite roughly, but as soon as I find something I like I develop it further in greater detail. My favorite part of drawing letters is sitting down with a rather soft pencil and my sketch book. Most glyphs I draw have an x-height of about 6 cm, which enables me to redraw them quickly when I make mistakes, or consider alternative shapes. In this phase the design and characteristics of letters take precedence, so I don’t worry about inaccuracy in the overral rhythm. When I feel that I’ve found some ideas worth developing further, I strive to develop these letters as far as possible on paper. When I reach a phase where I discover the shapes I was searching for, I tend to switch to a Rapidograph as it permits greater precision. Those drawings have no gray scale and they sometimes brutally reveal weaknesses in the concept.

Designing typefaces this way takes a little longer at the beginning, but I feel that working this way provides me with a much better and clearer understanding of the shapes. I am also convinced that this way I am able to implement changes much quicker than if I had to think about nodes and path directions. Immediate contact with shapes that drawing with a pencil provides liberates me from thinking about font production and lets me concentrate on what matters most — designing the alphabet. It often feels that adjusting anchor points, nodes, and extrema are a distraction at this point in the process.

When drawing type I tend to focus on the darker book weight. That way I can imagine or envisage how the shapes will alter when made lighter or bolder. Precise drawings take a lot of time and effort. I try to work as efficiently as possible, even though I find drawing type very enjoyable.

Once I feel I have designed enough glyphs, I scan the drawings and begin to vectorize them. Here I begin to integrate the future interpolations in the design process. I use the glyphs I just digitized as a basis for the light and the bold weights. My preference to develop italics and roman at the same time makes this phase of the process very time consuming. A lot of the issues only become apparent when test prints at reading sizes are made. That is why in this phase some major design ideas might be altered or jettisoned all together.

Italics

There appears to be a growing trend in typefaces for italics whose design is fairly close to the roman, and I find this disconcerting. I think that highlighting some passages of text is more elegant when done with distinctly designed italics. While naturally roman and italic should have similarities, slant angle should not be the only means to differentiate them.

As lowercase constructions are more complex than the uppercase I felt it was necessary to have them a little more dynamic. For that reason lowercase letters are slightly more slanted than the uppercase letters.

Flexible f-terminal

In my early drawings I fell in love with the long f-terminal of Novel. This feature looked nice in many letter combinations, but not all. Letters followed by b for example, or when an accented glyph follows f looked very unattractive. The solution was a flexible f-terminal that would be wide when space permitted, show up as a ligature, or shrink if it were followed by an accented letter. All typefaces in the Novel family have this feature, except Novel Mono.

Swash-like Terminals

Novel is supposed to have a friendly appearance. Swash-like endings or terminals on round shapes like a, c, f, r, and y contribute to a natural feel. Also the calligraphic details on A, V, W, v, and w help to extend the warmth of design elements that have their origin in handwriting. As italics are closer to handwritten words, developing them came easier than the roman. Naturally these characteristics were not adopted to the sans serif version, lending it a more neutral personality.

Novel Sans

Creating a matching sans serif typeface was the plan from the outset. Only a few weeks after I digitized the first drawings of Novel, I began designing Novel Sans. I decided to make the two typefaces in parallel to make sure they were complementary. This way I could ensure that elements I designed for Novel would also work for Novel Sans. Obviously many shapes would not be problematic, but some of my favorite details proved to be difficult to adopt. For example, I spent considerable time on letters such as lowercase v, w, x, y, z before I was confident that I could go for a particular design feature without fear of later regretting it.

Novel Mono

When Novel Sans was nearing completion, friends suggested that I should try to make a monospaced version. I must admit that at first I wasn’t taken by this idea. I thought that too many of Novel’s design features, such as its Classic proportions, a generous roman combined with a pretty narrow italic, and the warmth would get lost. Despite these reservations, I decided to give it a go.

Of course there are differences to be seen, especially between the italics of Novel Sans and Novel Mono, but when comparing both designs side by side it’s more obvious what they have in common. The final outcome surprised me. It works much better than I ever thought it would. In fact, of all the styles, I use Novel Mono most.

Novel Sans Condensed

The classic proportions of Novel and Novel Sans might be considered distinct characteristics of the family. The Sans Condensed version, however, required a much more balanced rhythm. The width contrast between the romans and the italics had to be decreased, as the italics of Novel Sans were already very narrow.

Legibility

There are many ways to measure legibility, with some more legitimate than others. But with all of them I have difficulties when it comes to the most interesting aspect: What is the reader accustomed to looking at? I don’t think that actually measuring legibility is nonsense, but it’s only one of the many aspects or ingredients of a typeface design. I believe a good type designer instinctively makes the right decisions when faced with the question: Should I go for the distinctive detail or for reading quality? Reducing Typeface design simply to considerations of legibility seems to be unfair and perhaps misguided.

When I was designing Novel, I printed high resolution proofs of different type sizes to judge quality and legibility. To me it helps much better discussing legibility with colleagues like Albert-Jan Pool, rather than spending time on eye tracking or mathematic grayscale calculations. ■

Sponsored by H&FJ.

Novel Constructions

Posted in Design | Add Comments »