Arrrrgh!

How much of our infrastructure, supply chain or healthcare system could withstand a 12% disruption? How many people will be sickened unnecessarily because they “have to be somewhere?”

Times like this, I’m glad I can work from home.

The conclusion pretty much sums up how I feel about Microsoft today:

maybe its time for Microsoft to realize that they can’t afford to spend their time and energy tearing competing companies down. Instead they should be using that time to focus on building themselves up. While others are bringing new and innovative ideas to customers no matter the cost (see YouTube), Microsoft seems to be that 32 year-old guy who is obsessed with how awesome and popular they were in high school without realizing they are no longer awesome or popular.

Let me be clear… I don’t want Microsoft to fail. In fact I’d like to see them succeed. But the company seems to be driving itself into the ground with a corporate culture that may have worked a decade ago but will not work now.

I’ll specify, “I’d like to see them succeed as one of multiple options.” I’d like to see some diversity in the computing biosphere, something that is generally lacking today.

I think that the same thing could be said, though, for the long-term incumbents of any style- or innovation-driven business out there today. This is not just a Microsoft or technology problem. The automobile industry (which has inherent structural problems, and which it has effectively ignored in favor of lobbying), banking (”build more branches” and “layer risk” are not innovation, they are anti-innovation since they consumed capital at the expense of any potential real value creation), tech (see above), energy (”Clean Coal”)…and don’t even get me started about telecom, the kings of regulatory defense of business models.

The biggest problem I have is that with some of the shifts in my role at work, much of what I want to talk about is now considered to be Classified, and by the time I get finished sanitizing it, there’s nothing left to say. Don’t blame me, blame the lawyers.

Nevertheless, some interesting articles that I’ve left sitting in tabs on my browser until I get around to posting them and/or mailing them off to various folks:

• Why corporate IT should let us browse any way we want.
  I offer this with no stance on this article whatsoever. That is to say, I’m neither endorsing nor rejecting the premise, because there are bits of it that I want to agree with, even though I know that the author is *painfully* naive about both the risks and the poor judgement of the average corporate citizen.
  Much of the problem here is solved only by properly motivated and educated people. Unfortunately, Security Awareness is, as we all know, still a Hard Problem. If that is truly the case, then PC’s are a paradox in his world–locked down machines demotivate, which makes people therefore need those controls. Perhaps the real question becomes how organizations can break the current equilibrium point and find a new, mutually-beneficial equilibrium.
• INTERNET INFOWAR
  How to fight for Hearts And Minds on the modern Internet/Web
• Google is now crowd-sourcing traffic data
  I’m in favor since it’s an explicit, per-use opt-in (you have to start Google maps and enable it) and I get benefit from it.
• Why Craigslist Is Such a Mess
  Wired takes a look at Craigslist and how it should not exist. Back in my online dating days, we had a property that was not much better looking than Craigslist. We never touched it other than to patch the servers. It was ugly, buggy, and had a hardcore user base of ugly people (seriously) who flooded the Customer Care department when it was finally “updated.” Some things don’t want to be slick and up-to-date. Classifieds are one of them.
• 1,000 cameras ’solve one crime’
  Finally, a little something from Oceania Great Britain with a metric for CCTV effectiveness. “A Home Office spokeswoman said CCTVs “help communities feel safer”.” So CCTV’s are tweaking people’s Risk Homeostasis? If they’re increasing risk tolerance, but not actually making a difference, then the net effect would be that they’re actually making things worse.

Happy Friday, everyone!

….I wore a maternity dress for the first time. In listening to the coverage of the moon walk I recalled that your dad and I were invited to a moon walk watching party at an Arthur Andersen friend’s home. Everyone thought that Armstrong would land and just hop right out, only he took six hours to make the giant leap for mankind. In the meantime we learned that e-v-e-r-y restaurant had closed and the world was watching their televisions. The hostess was not prepared to feed all ten of us, so the host got on the phone and found some place that had carry out and went and got sandwiches. We never did eat at the fancy restaurant in the plan for that night.
Love, Mom
PS: The dress was aqua.

Thanks, Mom! I love you too.

If you sell crack to kindergarten students, no need to read this.

Same thing if you donate all your belongings and income to the poorest and sickest in the slums and ghettos.

The rest of us have compromised. We’re not profit-maximizing sociopaths, nor are we saints. We’re somewhere in between.

It’s interesting to consider where we choose to compromise.

I took the Beeeg Job, found it not to my liking (or not to my liking at that company), then was given the honor of returning to a job which, while not quite as prestigious on paper, I now realize makes me happier in pretty much every way.

Don’t underestimate quality of life and job satisfaction when thinking about work just because they’re intangibles. After all, nobody ever dies saying, “I should have spent more time at work.”

-chandler

I am told that there are multiple symptoms of the RIF..tire Pandemic and they vary in each case. There is crying, fear, hate, anger, depression, sadness, joy, relief. I am surprised that there is little violence; and hopeful that we do not progress to that.

Out of the recovery comes another wave of emotions and the need to channel yourself into something good: exercise, volunteer, hug your wife, listen to music, walk in the woods. Then plan your budget, change jobs into a job hunter/gatherer/creator.

For me a time to write grants, plan a couple of iPhone applications, take more classes towards a degree that I want. Read “What Color is Your Parachute” again. Write a new resume, hit the pavement of the internet and job search world.

After almost two decades of walking the same road, the new one is hard to see in the mist. The cure is next friday; wish me luck.

-bob

I’m pleased an honored to be joining Adam, Alex Hutton and Brooke Paul to continue to expand on the evolving challenges of Information Protection and Risk Management.

Blogging will be even lighter than usual here as a result, but I hope to see all of you, dear readers, over there.

Still, as you read them, consider that these statements also apply to each component of the infrastructure with generally only syntactic tuning. Within a government or corporate entity, the same framework holds true. Within a business unit. Within a department. On a workstation. Within an application. Within a .dll or .so. etc.

North Korea failed in its highly vaunted effort to fire a satellite into orbit, military and private experts said Sunday after reviewing detailed tracking data that showed the missile and payload fell into the sea. Some said the failure undercut the North Korean campaign to come across as a fearsome adversary able to hurl deadly warheads halfway around the globe.

As I understand it, the failure was caused by a tangle in the string between the tin can on the satellite and the one on the ground.

I read yesterday (I forget where, I’m sorry to say) that the Madoff investigation is now widening to include his institutional counterparties who, basically, were either incompetent to possess their licenses or knew he was running a fraud but decided to ignore it so long as he continued to produce excessive returns.

Anyway, where I started was with a pair of fairly technical articles about risk transfer and re-insurance that summarize quite nicely what was really going on with AIG in particular and risk layering in general with regards to reinsurance and Credit Default Swaps during the past five years. Eventually, the transferred-but-not-really risk blew up and took everyone left holding it along with it.

Robert Waldman set me off about all this by leading me to this article, “AIG: Before CDS, There Was Reinsurance”

One of the first things we learned about the insurance world is that the concept of “shifting risk” for a variety of business and regulatory reasons has been ongoing in the insurance world for decades. Finite insurance and other scams have been at least visible to the investment community for years and have been documented in the media, but what is less understood is that firms like AIG took the risk shifting shell game to a whole new level long before the firm’s entry into the CDS market.

In fact, our investigation suggests that by the time AIG had entered the CDS fray in a serious way more than five years ago, the firm was already doomed. No longer able to prop up its earnings using reinsurance because of growing scrutiny from state insurance regulators and federal law enforcement agencies, AIG’s foray into CDS was really the grand finale. AIG was a Ponzi scheme plain and simple, yet the Obama Administration still thinks of AIG as a real company that simply took excessive risks. No, to us what the fraud Bernard Madoff is to individual investors, AIG is to the global financial community.

As with the phony reinsurance contracts that AIG and other insurers wrote for decades, when AIG wrote hundreds of billions of dollars in CDS contracts, neither AIG nor the counterparties believed that the CDS would ever be paid.

As Waldman cogently observes in his post

Contingent liabilities appear on published balance sheets (I mean Q-10s) at market value and without details. So on the assets side, a CDS has an effect which depends on its notional value and on the liabilities side at it’s market value.

Now I’d guess that regulators can detect and disallow regulatory benefits from positions which exactly cancel by definition. However, different CDSs can be very close substitutes without being identical. If I buy and write CDS on similar tranches of similar pools, I am not running (or insuring) much risk. If one counts at nominal value and one at market value, can I claim that I am insuring a lot of risk ?

No. And don’t let anyone convince you differently because they’re an “expert.” While I’m generally a fan of expertise, I’m an even bigger fan of evidence, and the evidence of unmanaged risk has now been spread across the front page of the paper for six months.

* While I’m moderately sympathetic to the individuals who lost money when Madoff’s fraud unwound, they ultimately need to realize that they were victims of their own greed. Excessive returns always come with excessive risk. In this case, the risk happened to be that the ponzi scheme would end before they pulled their money out. Just because they didn’t know the nature of the risk does not entitle them to be made whole beyond what can be recovered from Madoff and his wife, cronies, etc. I can only think of one case (the guy who tried to get the SEC to investigate Madoff) where anyone said, “This guy is beating the market so much that he can’t be on the level.”

As to participants in the banking system, I’m even less sympathetic. Nationalize, re-capitalize as-necessary, wipe out the equity holders. Again, you didn’t hear them crying when they were seeing excessive returns while things were going well. And I include myself in the group who will be hurt by this move–I still own a few shares in my former employer.

But the plan has gotten off to a rocky start.

Chicago is sending out its own mechanics–and billing the private company now responsible for operating parking meters in the city–in a belated effort to catch up on a torrent of problems that include broken meters and inaccuracies in signage about parking rates and enforcement, officials said today.

I’m not a fan of selling off infrastructure or future cashflows for those sorts of time periods, but I guess Mayor Daley couldn’t find my number when he was asking around for opinions.

Regardless, I’d noticed that the meters in front of my house had gone from being basically 100% utilized, 24-by-7 to 25% utilized or less. I didn’t think too much of it until I noticed the new stickers on the front which informed me that the price to park had been quadrupled from $0.25/hour to $1.00 an hour. Hey, I thought, The demand curve is real after all. I should blog about that. Good Econ 101 example there. But I never got around to it.

Then something funny happened. I tried to park at a couple of meters and noticed that they were flashing “Out of order.” I didn’t think too much of it. Then, I had a couple of experiences where I saw that every meter around an intersection was “Out of order,” with either a quarter or other object jammed in them. Perhaps I’m showing my pessimistic/security paranoid side, but I thought, What are the odds that every meter at this intersection is out of order? I wonder if someone is sabotaging them?

Now, though, I find that this is just Hanlon’s Razor in action

The concessionaire is working “as quickly as possible'’ to fix meters that are jammed with coins because they were not emptied, Ed Walsh, spokesman for the Chicago Department of Revenue, said Wednesday.

They quadrupled rates, and even with the decreased demand, they still can’t keep them emptied. I wonder if they even considered the risk of having meters knocked off-line due to inadquate coin storage capacity?

Back in 1993, the Knight-Ridder newspaper chain began investigating piracy of Dave Barry’s popular column, which was published by the Miami Herald and syndicated widely. In the course of tracking down the sources of unlicensed distribution, they found many things, including the copying of his column to alt.fan.dave_barry on usenet; a 2000-person strong mailing list also reading pirated versions; and a teenager in the Midwest who was doing some of the copying himself, because he loved Barry’s work so much he wanted everybody to be able to read it.

One of the people I was hanging around with online back then was Gordy Thompson, who managed internet services at the New York Times. I remember Thompson saying something to the effect of “When a 14 year old kid can blow up your business in his spare time, not because he hates you but because he loves you, then you got a problem.” I think about that conversation a lot these days.

Gives new meaning to “Killing them with kindness.”

Obviously, there’s the Business Risk aspect of this all–when your biggest fans are the worst enemies of your business model, you’ve got a serious problem. The problem with the model is probably that it’s based scarcity, and scarcity is no longer the basis of a business model for anything but physical commodities.

Now, I’m starting to wonder what the next business model to succumb to the Marginal Cost Of a Copy Approaches Zero. I’m going way out on a limb, but I think the next model will be basic IT services.

What?!, you’re probably thinking. Work with me here. The incremental cost of adding a row to a database has been essentially zero for some time. When I was working in online dating, the cost of adding a new user was close enough to zero that it almost wasn’t meaningful to try to accurately measure it (too many variables to wind up with a value that was both meaningful and accurate except at the highest aggregate levels). We effectively had a fixed cost which we then distributed across our subscriber base.

Gmail, Yahoo mail, and Hotmail email all brought a similar cost model to email. As the cost of adding an account fell, the variety of options for generating enough revenue fell with it. I think I pay less than five dollars per year for email hosting of my domain, and that’s for something like 25GB of storage and unlimited inboxes. The key is that email hosting is no longer costs enough that I consider it worth tracking.

The challenge today is not about finding the next digital asset or service whose marginal cost-per-copy is zero at one copy. It’s about determining how to manage the risk that it happens in some way that your firm is not well-positioned to adapt to (or, more honestly for most firms, attempt to prevent), either because it’s taking money out of your pocket as a provider or costing you competitive advantage because your competitors are better able to take advantage of the situation than your firm.

Extra credit to all of those who know where “][” comes from, even if it has only the most tenuous relationship to this post.
Photo from Boston Globe’s “Big Picture”

The dirty secret of corporate IT is that its primary mission is to serve yesterday’s technology needs, even if that means strangling tomorrow’s technology solutions. The myth of corporate IT is that it alone possesses the wisdom to decide which technologies will allow the workers on the front line to work better, faster and smarter — albeit with the occasional lackluster requirements-gathering process, if you’re lucky.

The fact is that the most dreadful violators of corporate policy — the ones getting that critical file to a supplier using Gmail because the corporate mail won’t allow the attachment, the ones using IM to contact a vacationing colleague to find out how to handle a sticky situation, the incorrigible Twitterer who wants to sign up all his colleagues as followers through the work day — are also the most enthusiastic users of technology, the ones most apt to come up with the next out-of-left-field efficiency for the firm.

Like I quoted from Barry Schwartz’s TED Talk, “Rules prevent disaster, but what they guarantee is mediocrity.”

Google accounts for more than 88% of Mozilla’s revenue, which totaled $75 million in 2007. And as Mozilla wins over users of Internet Explorer, it helps Google grab share in the lucrative Web search market. Firefox has about 22% of the browser market, making it by far the strongest competitor to Internet Explorer, which maintains a 67% share, according to Net Applications.

How much longer this pairing can last has been called into question since September, when Google introduced its own Web browser, Chrome.

Now I’m guessing that Google won’t walk away from owning the default search option on 22% of browsers (as are most of the people the story talked to), but if you’re Mozilla, you still have to have a contingency plan in place for losing 88% of your revenue overnight.

A revenue monoculture is just as risky as any other kind of monoculture.

Now imagine that was a video store or friend’s house rather than the developer’s room. This is what real innovation looks like. It’s not more efficient ways for companies to separate people from their money, but rather how people can seize the moment in whatever way works for them.

…today I downloaded my first game-changing app: Android Calling Card, which auto-dials any cheapo calling card you buy down at the corner store, and the PIN, and then any number from your address book, automagically. It supports multiple cards (the cornershop card-array is very country specific — Eastern Europe, USA, China, and other nations all have their own cards) and unobtrusively shims itself into the phone’s built-in dialer app.

I just used it for an hour-long overseas conference-call — the kind of thing that used to cost me £20 or £30 — and the total cost was £0.51!

Of course, I wonder how far behind it the malware version which shims the dialer to route your call through Tunesia or some other hyper-expensive billing fraud channel is. And what are our options (if any) to protect ourselves against it?