Sometimes, especially after this week’s Twitter DNS debacle—Internal Twitter Credentials Used in DNS Hack, Redirect–Twitter Email Security Blamed for Latest Hack—, I wonder if Twitter really has what it takes to make it in the long haul. It certainly took them long enough to get basic scaling working. At least now a simple Apple announcement or single conference won’t completely take Twitter down. If this is the second hack that Twitter has suffered because of, I’m guessing here, poor email and password management then do they have the management chops to succeed?
Reading GigaOM this morning on startups, and thinking about something to limber up the writing muscles, the number #3 startup killer struck me as something that maybe Twitter hasn’t been very good at:
3. Failure to Weed or Seed Soon Enough
We’ve written about how to hire, fire and mentor and why to remove underperformers quickly for superior teams. Our message is simply that you can never eliminate underperformers soon enough and that you should always be looking for superior talent. Superior people make excellent technology and develop appropriate processes.
Has Twitter been holding on to people and practices too long? Have managers been reluctant to be hard asses? Sometimes when you have been given responsibility for something, you need to step up to the plate. Case in point.
To write Using WordPress I’ve reduced the time I spend with M2O but I still have responsibilities over the servers and such. Earlier this week I emailed everyone that we had to be serious about passwords. I had been thinking about Twitter and written a lot about making good passwords for Future Shop and the book and realized that I knew that at least a few of the passwords people used were bad. Like epically bad.
Yesterday afternoon, thinking about it again, I realized that most people take password security about as seriously as drier lint so I did something that probably earned me a lot of curses: I forced everyone to reset their Gmail passwords on their next login.
Yep, probably damn freakin’ annoying. I didn’t stop with active team members either, all active email accounts that had been set up for people (believe me there is going to be some house cleaning again in that department come Tuesday). Are people pissed at me? Maybe. Frankly I don’t care. I realized that if I wanted to avoid a Twitter-like debacle, I needed to put a stake in the ground and say that this is serious business.
I don’t know if Twitter feels the same way about their system or service. I wonder if Ev, Biz, and Jack still think of Twitter as a lark. Millions of people don’t think Twitter is a lark. Millions of us rely on and use Twitter as a key informational tool. I think we need to remind the folks at Twitter that it isn’t a lark. That having lax password security isn’t a good thing. Again the call to decentralize Twitter should be ringing in our ears. We need redundancy. We need a server that people can install themselves. Maybe Twitter should bite the bullet and make a deal with Google to allow Google Apps for Domains to host replicant Twitter servers and build an actual architecture like we have for email.
I think until Twitter steps up to the plate, gets serious, and is no longer a single-point-of-failure service we have to question whether Twitter can really make it.