If existence is turtles all the way down, then when it comes to technology and linked infrastructure, John Robb’s latest thought is Cyberhreats all the way down. There’s no good way to excerpt it, so you’ll have to just go read it. But that’s not a Bad Thing.

Still, as you read them, consider that these statements also apply to each component of the infrastructure with generally only syntactic tuning. Within a government or corporate entity, the same framework holds true. Within a business unit. Within a department. On a workstation. Within an application. Within a .dll or .so. etc.

So North Korea’s satellite launch attempt failed

North Korea failed in its highly vaunted effort to fire a satellite into orbit, military and private experts said Sunday after reviewing detailed tracking data that showed the missile and payload fell into the sea. Some said the failure undercut the North Korean campaign to come across as a fearsome adversary able to hurl deadly warheads halfway around the globe.

As I understand it, the failure was caused by a tangle in the string between the tin can on the satellite and the one on the ground.

AIG was a ponzi scheme for risk transfer and, IMHO, should be treated accordingly. We (meaning myself and the rest of the current and future taxpayers of the United States) should no more be bailing out AIG and its counterparties than we should be bailing out Bernie Madoff and his institutional counterparties.* And it, if the hints in the Institutional Risk Analyst article are to be believed, there is a paper trail to prove this.

I read yesterday (I forget where, I’m sorry to say) that the Madoff investigation is now widening to include his institutional counterparties who, basically, were either incompetent to possess their licenses or knew he was running a fraud but decided to ignore it so long as he continued to produce excessive returns.

Anyway, where I started was with a pair of fairly technical articles about risk transfer and re-insurance that summarize quite nicely what was really going on with AIG in particular and risk layering in general with regards to reinsurance and Credit Default Swaps during the past five years. Eventually, the transferred-but-not-really risk blew up and took everyone left holding it along with it.

Robert Waldman set me off about all this by leading me to this article, “AIG: Before CDS, There Was Reinsurance”

One of the first things we learned about the insurance world is that the concept of “shifting risk” for a variety of business and regulatory reasons has been ongoing in the insurance world for decades. Finite insurance and other scams have been at least visible to the investment community for years and have been documented in the media, but what is less understood is that firms like AIG took the risk shifting shell game to a whole new level long before the firm’s entry into the CDS market.

In fact, our investigation suggests that by the time AIG had entered the CDS fray in a serious way more than five years ago, the firm was already doomed. No longer able to prop up its earnings using reinsurance because of growing scrutiny from state insurance regulators and federal law enforcement agencies, AIG’s foray into CDS was really the grand finale. AIG was a Ponzi scheme plain and simple, yet the Obama Administration still thinks of AIG as a real company that simply took excessive risks. No, to us what the fraud Bernard Madoff is to individual investors, AIG is to the global financial community.

As with the phony reinsurance contracts that AIG and other insurers wrote for decades, when AIG wrote hundreds of billions of dollars in CDS contracts, neither AIG nor the counterparties believed that the CDS would ever be paid.

As Waldman cogently observes in his post

Contingent liabilities appear on published balance sheets (I mean Q-10s) at market value and without details. So on the assets side, a CDS has an effect which depends on its notional value and on the liabilities side at it’s market value.

Now I’d guess that regulators can detect and disallow regulatory benefits from positions which exactly cancel by definition. However, different CDSs can be very close substitutes without being identical. If I buy and write CDS on similar tranches of similar pools, I am not running (or insuring) much risk. If one counts at nominal value and one at market value, can I claim that I am insuring a lot of risk ?

No. And don’t let anyone convince you differently because they’re an “expert.” While I’m generally a fan of expertise, I’m an even bigger fan of evidence, and the evidence of unmanaged risk has now been spread across the front page of the paper for six months.

* While I’m moderately sympathetic to the individuals who lost money when Madoff’s fraud unwound, they ultimately need to realize that they were victims of their own greed. Excessive returns always come with excessive risk. In this case, the risk happened to be that the ponzi scheme would end before they pulled their money out. Just because they didn’t know the nature of the risk does not entitle them to be made whole beyond what can be recovered from Madoff and his wife, cronies, etc. I can only think of one case (the guy who tried to get the SEC to investigate Madoff) where anyone said, “This guy is beating the market so much that he can’t be on the level.”

As to participants in the banking system, I’m even less sympathetic. Nationalize, re-capitalize as-necessary, wipe out the equity holders. Again, you didn’t hear them crying when they were seeing excessive returns while things were going well. And I include myself in the group who will be hurt by this move–I still own a few shares in my former employer.

Here in my fair city of Chicago, the a 75-year franchise for the operation of 36,000 parking meters was recently sold to “Chicago Parking Meters, which is part of a joint venture led by the financial services giant Morgan Stanley” for $1.2 billion dollars.

But the plan has gotten off to a rocky start.

Chicago is sending out its own mechanics–and billing the private company now responsible for operating parking meters in the city–in a belated effort to catch up on a torrent of problems that include broken meters and inaccuracies in signage about parking rates and enforcement, officials said today.

I’m not a fan of selling off infrastructure or future cashflows for those sorts of time periods, but I guess Mayor Daley couldn’t find my number when he was asking around for opinions.

Regardless, I’d noticed that the meters in front of my house had gone from being basically 100% utilized, 24-by-7 to 25% utilized or less. I didn’t think too much of it until I noticed the new stickers on the front which informed me that the price to park had been quadrupled from $0.25/hour to $1.00 an hour. Hey, I thought, The demand curve is real after all. I should blog about that. Good Econ 101 example there. But I never got around to it.

Then something funny happened. I tried to park at a couple of meters and noticed that they were flashing “Out of order.” I didn’t think too much of it. Then, I had a couple of experiences where I saw that every meter around an intersection was “Out of order,” with either a quarter or other object jammed in them. Perhaps I’m showing my pessimistic/security paranoid side, but I thought, What are the odds that every meter at this intersection is out of order? I wonder if someone is sabotaging them?

Now, though, I find that this is just Hanlon’s Razor in action

The concessionaire is working “as quickly as possible'’ to fix meters that are jammed with coins because they were not emptied, Ed Walsh, spokesman for the Chicago Department of Revenue, said Wednesday.

They quadrupled rates, and even with the decreased demand, they still can’t keep them emptied. I wonder if they even considered the risk of having meters knocked off-line due to inadquate coin storage capacity?

Clay Shirky has a great essay up, “Newspapers and Thinking the Unthinkable.”

Back in 1993, the Knight-Ridder newspaper chain began investigating piracy of Dave Barry’s popular column, which was published by the Miami Herald and syndicated widely. In the course of tracking down the sources of unlicensed distribution, they found many things, including the copying of his column to alt.fan.dave_barry on usenet; a 2000-person strong mailing list also reading pirated versions; and a teenager in the Midwest who was doing some of the copying himself, because he loved Barry’s work so much he wanted everybody to be able to read it.

One of the people I was hanging around with online back then was Gordy Thompson, who managed internet services at the New York Times. I remember Thompson saying something to the effect of “When a 14 year old kid can blow up your business in his spare time, not because he hates you but because he loves you, then you got a problem.” I think about that conversation a lot these days.

Gives new meaning to “Killing them with kindness.”

Obviously, there’s the Business Risk aspect of this all–when your biggest fans are the worst enemies of your business model, you’ve got a serious problem. The problem with the model is probably that it’s based scarcity, and scarcity is no longer the basis of a business model for anything but physical commodities.

Now, I’m starting to wonder what the next business model to succumb to the Marginal Cost Of a Copy Approaches Zero. I’m going way out on a limb, but I think the next model will be basic IT services.

What?!, you’re probably thinking. Work with me here. The incremental cost of adding a row to a database has been essentially zero for some time. When I was working in online dating, the cost of adding a new user was close enough to zero that it almost wasn’t meaningful to try to accurately measure it (too many variables to wind up with a value that was both meaningful and accurate except at the highest aggregate levels). We effectively had a fixed cost which we then distributed across our subscriber base.

Gmail, Yahoo mail, and Hotmail email all brought a similar cost model to email. As the cost of adding an account fell, the variety of options for generating enough revenue fell with it. I think I pay less than five dollars per year for email hosting of my domain, and that’s for something like 25GB of storage and unlimited inboxes. The key is that email hosting is no longer costs enough that I consider it worth tracking.

The challenge today is not about finding the next digital asset or service whose marginal cost-per-copy is zero at one copy. It’s about determining how to manage the risk that it happens in some way that your firm is not well-positioned to adapt to (or, more honestly for most firms, attempt to prevent), either because it’s taking money out of your pocket as a provider or costing you competitive advantage because your competitors are better able to take advantage of the situation than your firm.

Extra credit to all of those who know where “][” comes from, even if it has only the most tenuous relationship to this post.
Photo from Boston Globe’s “Big Picture”

I forgot to point everyone to Cory Doctorow’s essay in Harvard Business Review, “The High Priests of IT — And the Heretics,” but it should be mandatory reading for anyone who manages or deals with the IT group in a corporate environment.

The dirty secret of corporate IT is that its primary mission is to serve yesterday’s technology needs, even if that means strangling tomorrow’s technology solutions. The myth of corporate IT is that it alone possesses the wisdom to decide which technologies will allow the workers on the front line to work better, faster and smarter — albeit with the occasional lackluster requirements-gathering process, if you’re lucky.

The fact is that the most dreadful violators of corporate policy — the ones getting that critical file to a supplier using Gmail because the corporate mail won’t allow the attachment, the ones using IM to contact a vacationing colleague to find out how to handle a sticky situation, the incorrigible Twitterer who wants to sign up all his colleagues as followers through the work day — are also the most enthusiastic users of technology, the ones most apt to come up with the next out-of-left-field efficiency for the firm.

Like I quoted from Barry Schwartz’s TED Talk, “Rules prevent disaster, but what they guarantee is mediocrity.”

In case you don’t read Dilbert, yet do read this blog (a quite small number, I’m sure), this week he’s having fun with “Risk Management Software.”

Mozilla is worried about life when Google no longer needs them

Google accounts for more than 88% of Mozilla’s revenue, which totaled $75 million in 2007. And as Mozilla wins over users of Internet Explorer, it helps Google grab share in the lucrative Web search market. Firefox has about 22% of the browser market, making it by far the strongest competitor to Internet Explorer, which maintains a 67% share, according to Net Applications.

How much longer this pairing can last has been called into question since September, when Google introduced its own Web browser, Chrome.

Now I’m guessing that Google won’t walk away from owning the default search option on 22% of browsers (as are most of the people the story talked to), but if you’re Mozilla, you still have to have a contingency plan in place for losing 88% of your revenue overnight.

A revenue monoculture is just as risky as any other kind of monoculture.

William Gibson wrote that, and I’m pretty sure this was not what the designers had in mind when they put a bar code scanner in the G1 Android Handset:

Now imagine that was a video store or friend’s house rather than the developer’s room. This is what real innovation looks like. It’s not more efficient ways for companies to separate people from their money, but rather how people can seize the moment in whatever way works for them.

Cory Doctorow is in love with an app for his Android G1 smartphone which shim’s the dialer of android devices to make calling card calls without him having to dial the entire series of numbers to get the cheap rates:

…today I downloaded my first game-changing app: Android Calling Card, which auto-dials any cheapo calling card you buy down at the corner store, and the PIN, and then any number from your address book, automagically. It supports multiple cards (the cornershop card-array is very country specific — Eastern Europe, USA, China, and other nations all have their own cards) and unobtrusively shims itself into the phone’s built-in dialer app.

I just used it for an hour-long overseas conference-call — the kind of thing that used to cost me £20 or £30 — and the total cost was £0.51!

Of course, I wonder how far behind it the malware version which shims the dialer to route your call through Tunesia or some other hyper-expensive billing fraud channel is. And what are our options (if any) to protect ourselves against it?