Watch this one first:
And now watch this one:
Wednesday, July 19, 2006
Friday, May 12, 2006
What Exactly Does "AD Integration" Mean?
A year or so ago, we bought an application for managing help desk requests. One of our requirements was Active Directory integration. The product we selected said they integrated with AD. The project was a bit rushed so we didn't conduct due diligence like we should have and we just bought the application.
For this application, AD integration actually meant that periodically (every 24 hours by default), the application would query AD and get the current user base and then replicate the same information in its own database. This means the application didn't authenticate through AD; it maintained its own permissions database.
Perhaps there are good reasons for designing the application this way but to me, it just seems unnecessary. The whole point to AD is to manage user access to network resources. Why does it make sense to create a redundant permissions database? This creates more overhead for system administrators and it adds a level of complexity to troubleshooting because the application's home-brewed authentication is another layer that needs to be troubleshot. Whenever I see solutions like this, my inital reaction is: These guys don't know how to query AD in code.
Yet, in direct contradiction to my theory is Microsoft's ISA Server 2004. Internet Security & Acceleration Server is used to manage user access to network and internet protocols. ISA uses various kinds of object definitions to accomplish this: protocols, applications, ports, users, domains, URLs, etc. You'd think the User object would be AD objects because it's a Microsoft application.
But no. You can't write access rules directly to AD objects like users or security groups. You have to create an ISA group, populate the group with AD users or security groups and then use the ISA User object to define who is affected by a rule. This is not AD integration.
SQL Server has a similarly schizophrenic authentication model. You can run SQL in mixed mode, which allows you to use Windows authentication or with SQL auithentication. With SQL 2005 and later releases of some of their applications (e.g. CRM 3.0) it seems that Microsoft is moving away from SQL authentication toward Windows credentials. This is as it should be.
My point in this post is to be aware of what various technical terms mean because there are often two definitions to important tech terms: the marketing meaning and the technical meaning. My mantra is to always distrust the brochure and the sales guy. Don't assume that important technical terms mean what you think they ought to mean. Always clarify the definition because sales people tend to be oriented around seelling to marketing definitions not technical ones.
For this application, AD integration actually meant that periodically (every 24 hours by default), the application would query AD and get the current user base and then replicate the same information in its own database. This means the application didn't authenticate through AD; it maintained its own permissions database.
Perhaps there are good reasons for designing the application this way but to me, it just seems unnecessary. The whole point to AD is to manage user access to network resources. Why does it make sense to create a redundant permissions database? This creates more overhead for system administrators and it adds a level of complexity to troubleshooting because the application's home-brewed authentication is another layer that needs to be troubleshot. Whenever I see solutions like this, my inital reaction is: These guys don't know how to query AD in code.
Yet, in direct contradiction to my theory is Microsoft's ISA Server 2004. Internet Security & Acceleration Server is used to manage user access to network and internet protocols. ISA uses various kinds of object definitions to accomplish this: protocols, applications, ports, users, domains, URLs, etc. You'd think the User object would be AD objects because it's a Microsoft application.
But no. You can't write access rules directly to AD objects like users or security groups. You have to create an ISA group, populate the group with AD users or security groups and then use the ISA User object to define who is affected by a rule. This is not AD integration.
SQL Server has a similarly schizophrenic authentication model. You can run SQL in mixed mode, which allows you to use Windows authentication or with SQL auithentication. With SQL 2005 and later releases of some of their applications (e.g. CRM 3.0) it seems that Microsoft is moving away from SQL authentication toward Windows credentials. This is as it should be.
My point in this post is to be aware of what various technical terms mean because there are often two definitions to important tech terms: the marketing meaning and the technical meaning. My mantra is to always distrust the brochure and the sales guy. Don't assume that important technical terms mean what you think they ought to mean. Always clarify the definition because sales people tend to be oriented around seelling to marketing definitions not technical ones.
Tuesday, May 02, 2006
ROI Gibberish and A Video to Illustrate It
I have argued before in my blog that for technology, ROI and TCO calcs are accounting gibberish that companies use to justify the costs to acquire new technology, but which are largely useless because they don't lead to meaningful information. I have a couple of components to my argument against ROI and TCO calculations for technology buys:
1. The actual dollar value of benefit gains are wrapped around assumptions that have varying probabiliites of accuracy, where "accuracy" is defined as how closely the assumptions map to the actual values of costs and benefits (and often the total cost and value picture isn't known at the time the ROI and TCO calcs are made). Further, these calculations tend to only look at benefits. They do not look at, for example, the loss of productivity that happens during implementation and during the user's learning experience as well as other factors that could potentially minimize the net benefits associated with the project.
2. ROI and TCO calcs are most accurate when direct costs are used. They are less accurate when indirect costs are applied. For costs like software licensing fees and hardware acquisition, direct costs are pretty solid. But there are other costs like hourly consulting fees that can easily go over budget. Further, these calcs can be hampered by the opportunity cost of the support provided by existing staff to the technology project in question: when staff is supporting the project, they cannot do their regular jobs. For disciplined companies, the cost of validating the ROI after the payoff period has expired adds costs to the project and diminishes the expected return (see item 3).
3. Most companies do not bother to measure the actual ROI of a project after implementation and after the projected payoff period. This implies that the ROI and TCO calculations are merely exercises to mollify the budget-keepers. If a company truly valued its capital and the need to satisfy a capital hurdle rate (ours is 12%), then they would also have the discipline to validate the ROI after the payoff period has passed. To me, the fact that most companies don't do this means that the ROI and TCO calcs are either acts of obeisance or they are simply traditional, yet vacuous corporate exercises.
4. Individuals who want the project approved adjust their assumptions not to reflect reality but to get the numbers needed to get project approval. It simply involves working the numbers backwards.
Check out this four minute cNet video on performing the TCO calculation. It's a wonderful illustration of my objections to these common exercises. There are two key problems with the claims made in this particular presentation.
Common metric for decisions on all potential projects: She asserts that the value of the ROI calc is that it allows a business to evaluate all potential cash outlays by using the same metric: namely, the value of expected benefit in relation to the up-front costs.
This is not true in all cases and is particularly sketchy with technology purchases. This is because the benefits of technology and the dollar value of those benefits are difficult to measure. In contrast, the ROI of a forklift is more tangible because the dollar value of benefits are easier to measure (e.g. increases ability to move inventory to assembly, which helps increase inventory turns, etc.).
She completely glosses over the value of benefits with a straight face: In her example, she says something like, "We are going to experience an increase in productivity that will drive revenue gains of $80,000/yr for three years."
This is exactly the kind of statement that completely undermines the value of ROI calcs. She doesn't describe how to go about calculating the value of the expected benefits. Specifically, how will the expected benefits translate into measureable dollars? The dollar value of benefits magically appear in ROI spreadsheets as functions of assumptions about those benefits and no one ever challenges the ROI calculation even though everyone knows the assumptions are usually innacurate and incomplete.
The reality is that most companies do not have a clear idea of the dollar value of benefits with technology acquisitions because tech buys are largely intangible. Further, the broader the scope of a tech buy, the more systemic its effects will be. This means that implementing an ERP application for a whole company will touch more business processes with more potential for broad benefit or catastrophic disruption than say implementing AutoCAD in the engineering department. The intangibility of tech buys can be made more concrete by conducting baseline analyses of the costs of business processes and redesigning business processes to derive benefit out of the tech buy. Of course, most companies don't have the discipline for this kind of validation.
Some tech spends have variable benefit value based on whether the technology is fully utilized. For example, if your company uses Office primarily for memos, localized number crunching (i.e. individuals running their calculations without regard to other departments) and databases, there isn't likely a whole lot of value in upgrading from Office 2003 to Office 2007. But if you take Office 2007 and integrate it with SQL 2005, SharePoint and Microsoft Business Scorecard Manager to distribute key performance indicator metrics to the company, you will experience incredible value for the cost of upgrading to Office 2007.
The bottom line is this: for tech spends, it is difficult to accurately measure the dollar value of expected benefits. ROI calculations are hampered by this difficulty. TCO calcs are hampered by the presence of direct and indirect costs, as well as costs that are ignored for various reasons. For example, cold room electrical consumption may be viewed as an overhead cost, which makes it difficult to evaluate the cost of electricity as a decision-making factor in choosing one server or another. This is why Sun's marketing strategy to sell SunFires on the basis of lower power consumption and lower heat throw is not likely to connect with a lot of companies. I address this issue heretoward the end of the article.
The bottom line is that in many, if not most cases, decision-makers buy software solutions because they have an intuitive or hopeful sense that the software spend will generate real process and dollar benefit. I have seen decision-makers tweak assumptions known to be erroneous simply to get the ROI over the hurdle rate so they can get their project approved. In other words, they adjust the numbers at the back end of the calculation in order to justify their desire and hope.
Risk analysis then is also intuitive and is measured by comparing the risk of failure with the comfort level among decision-makers that they have made a good selection and that the project will, in the end, be successful at delivering value.
Technology is bought because of emotion. It's not a purely financial decision.
As much as accountants would like it to be otherwise, technology spends are primarily emotional. Technology is bought because of intuition, desire, coveteousness, a need to appear significant and a deep hope that something can make business pain go away.
Sunday, April 30, 2006
Sun Marketing, Innovation and Commoditization
I have a couple friends who work for Sun. One is well-placed up in the Sun food chain and the other has been heavily involved in Java standards for a number of years. Both are loyal to Sun.
Below is an edited snippet of email conversation between one of my friends and me regarding, at first, the departure of Scott McNealy as CEO, and then a discussion about the strategy of Sun as it has been unwinding over the past year or so. I asked him what he thought of Sun's strategy as it relates to cheaper servers. His response was, "The low-power server is a big deal, I think. If you are just buying 1 of them, you don't care. If you are going to buy 100 of them, you care a lot: the air handling costs really do add up. It is certainly a unique strategy to try to market a server (not just a chip) as low-power, but I think that we are doing so because we were listening to customers."
I'm including my response because it sums up my current analysis of Sun:
"but I think that we are doing so because we were listening to customers.."
That's an interesting dynamic, for three reasons:
1. Are Sun's customers listening to Sun? http://blogs.sun.com/roller/page/jonathan?entry=the_dell_premium
2. In the book, The Innovator's Dilemma, the argument is made that innovators who listen to customer feedback can actually inhibit innovation because customers tend to only think in terms of incremental performance improvement with incremental cost reductions. Customers typically can only conceive of existing technologies once and then create demand that drives downward price pressure along with incremental performance/feature improvements. For an innovative company like Sun, listening to customers could (not saying it will) inhibit innovation. Sun needs to be careful not to allow themselves to be pulled into Dell's commodity server market because I don't think Sun has anywhere near the manufacturing efficiency that Dell does. That would mean loses for Sun. Sun cannot compete against Dell on the basis of price. Neither should Sun compete against Dell with the server as a commodity because that conflicts with Sun's innovation DNA.
3. Last year, when I was visiting my buddy Scott, we had dinner with a Sun exec. He made an interesting observation: he said that Sun has been an incredible innovator from the beginning but that Sun was terrible at marketing. He contrasted Sun with Microsoft, who he characterized as primarily a marketing machine and a technology innovator secondarily. He might have even scoffed at the notion of anything from Redmond as being innovative. I silently disagreed but listened to his point.
Bringing these three together might lead to the following idea: Sun may be taking marketing more seriously because they recognize that marketing is important to capturing more market share. I read Sun press releases and Schwartz' blog and both sources tell me that Sun is successful at large computing deals, particularly with developing nations and academics. Listening to customers is part of that but so is leading customers to better technology.
The links in Jonathan's blog tell a story of U-B's decision to go with Dell servers even though they were (if I remember correctly) Sun customers as well. U-B coulnd't afford to power and cool the Dell servers so they could only run a portion of them. What is interesting about this article is that the University of Buffalo didn't consider electricity consumption and cooling needs as part of the total decision-making process. I think this is in large part because most accounting types want ROI and TCO calculations that don't consider cooling and powering servers. Plus, as I wrote here: http://dereynolds.blogspot.com/2006/04/technology-and-cost-of-capital.html ROI and TCO calcs are accounting gibberish that frequently have little value in IT decision-making.
The question to ask here is Why? And I think the answer is because a lot of decision-makers aren't thinking of power and cooling issues because they view electricity and cooling as overhead expenses not direct costs. Overhead expenses are difficult to include in these kinds of calculations because they are... well, overhead and overhead is hard to tie to a specific point. You can get around it with an allocation of overhead but that's not entirely accurate. I think Jonathan refers to a per square foot cost for chilled server rooms but again, that allocation rate is based on assumptions about cooling and power needs, labor, cost of real estate, etc.
My point is that listening to customers is good and its good that Sun is taking customer input more seriously but what Sun really needs to accomplish is to sensitize decision-makers on the value of lower power consumption, particularly as you mentioned, with 100 servers or 1,000 servers. I think the mistake Sun marketing is making is by trying to pitch the new servers as eco-friendly, however. The only people who care about eco-friendliness are the bearded Birkenstock-wearing, Prius-driving IT guys.
My theory right now is that businesses see the server room as a commodity. They see value-add from IT purchases on the desktop in terms of what the dektop enables from a functionality and business process perspective. This is because software is on the desktop where users see the functionality. Once the philosophical and business decision of platform is made (Windows, Linux, OS-400, Solaris, etc.), it is easy to view the hardware of the server infrastructure as a commodity. This is due to two reasons: decision makers see only the desktop as evidence of IT, which makes the cold room invisible (except when a server goes down); and there is relative parity of price:performance ratios across server competitors and their products.
So, Sun is trying to compete on a selection criteria that isn't part of the thought process for a lot of organizations. Because of the emphasis on ROI in purchase decisions, IT guys need to justify up-front costs of server purchases because it is assumed that the back-end costs of server ownership are equal. The notion of eco-friendliness is not valuable to most people. Dollars, however, are, but from a marketing standpoint, it's a bit of a trick to get people to consider electricity and cooling factors, not only in terms of cost, but also in terms of capacity, i.e. do we have enough electricity and cooling to take these boxes live, because these costs are simply seen as overhead, not direct costs.
I think Sun has come up with a very cool innovation: more computing power, less electrical consumption, less heat generation. The challenge is to get existing and new customers to see it as a value-add feature/benefit set that puts Sun ahead of Dell instead of just something nice you do for the environment.
Below is an edited snippet of email conversation between one of my friends and me regarding, at first, the departure of Scott McNealy as CEO, and then a discussion about the strategy of Sun as it has been unwinding over the past year or so. I asked him what he thought of Sun's strategy as it relates to cheaper servers. His response was, "The low-power server is a big deal, I think. If you are just buying 1 of them, you don't care. If you are going to buy 100 of them, you care a lot: the air handling costs really do add up. It is certainly a unique strategy to try to market a server (not just a chip) as low-power, but I think that we are doing so because we were listening to customers."
I'm including my response because it sums up my current analysis of Sun:
"but I think that we are doing so because we were listening to customers.."
That's an interesting dynamic, for three reasons:
1. Are Sun's customers listening to Sun? http://blogs.sun.com/roller/page/jonathan?entry=the_dell_premium
2. In the book, The Innovator's Dilemma, the argument is made that innovators who listen to customer feedback can actually inhibit innovation because customers tend to only think in terms of incremental performance improvement with incremental cost reductions. Customers typically can only conceive of existing technologies once and then create demand that drives downward price pressure along with incremental performance/feature improvements. For an innovative company like Sun, listening to customers could (not saying it will) inhibit innovation. Sun needs to be careful not to allow themselves to be pulled into Dell's commodity server market because I don't think Sun has anywhere near the manufacturing efficiency that Dell does. That would mean loses for Sun. Sun cannot compete against Dell on the basis of price. Neither should Sun compete against Dell with the server as a commodity because that conflicts with Sun's innovation DNA.
3. Last year, when I was visiting my buddy Scott, we had dinner with a Sun exec. He made an interesting observation: he said that Sun has been an incredible innovator from the beginning but that Sun was terrible at marketing. He contrasted Sun with Microsoft, who he characterized as primarily a marketing machine and a technology innovator secondarily. He might have even scoffed at the notion of anything from Redmond as being innovative. I silently disagreed but listened to his point.
Bringing these three together might lead to the following idea: Sun may be taking marketing more seriously because they recognize that marketing is important to capturing more market share. I read Sun press releases and Schwartz' blog and both sources tell me that Sun is successful at large computing deals, particularly with developing nations and academics. Listening to customers is part of that but so is leading customers to better technology.
The links in Jonathan's blog tell a story of U-B's decision to go with Dell servers even though they were (if I remember correctly) Sun customers as well. U-B coulnd't afford to power and cool the Dell servers so they could only run a portion of them. What is interesting about this article is that the University of Buffalo didn't consider electricity consumption and cooling needs as part of the total decision-making process. I think this is in large part because most accounting types want ROI and TCO calculations that don't consider cooling and powering servers. Plus, as I wrote here: http://dereynolds.blogspot.com/2006/04/technology-and-cost-of-capital.html ROI and TCO calcs are accounting gibberish that frequently have little value in IT decision-making.
The question to ask here is Why? And I think the answer is because a lot of decision-makers aren't thinking of power and cooling issues because they view electricity and cooling as overhead expenses not direct costs. Overhead expenses are difficult to include in these kinds of calculations because they are... well, overhead and overhead is hard to tie to a specific point. You can get around it with an allocation of overhead but that's not entirely accurate. I think Jonathan refers to a per square foot cost for chilled server rooms but again, that allocation rate is based on assumptions about cooling and power needs, labor, cost of real estate, etc.
My point is that listening to customers is good and its good that Sun is taking customer input more seriously but what Sun really needs to accomplish is to sensitize decision-makers on the value of lower power consumption, particularly as you mentioned, with 100 servers or 1,000 servers. I think the mistake Sun marketing is making is by trying to pitch the new servers as eco-friendly, however. The only people who care about eco-friendliness are the bearded Birkenstock-wearing, Prius-driving IT guys.
My theory right now is that businesses see the server room as a commodity. They see value-add from IT purchases on the desktop in terms of what the dektop enables from a functionality and business process perspective. This is because software is on the desktop where users see the functionality. Once the philosophical and business decision of platform is made (Windows, Linux, OS-400, Solaris, etc.), it is easy to view the hardware of the server infrastructure as a commodity. This is due to two reasons: decision makers see only the desktop as evidence of IT, which makes the cold room invisible (except when a server goes down); and there is relative parity of price:performance ratios across server competitors and their products.
So, Sun is trying to compete on a selection criteria that isn't part of the thought process for a lot of organizations. Because of the emphasis on ROI in purchase decisions, IT guys need to justify up-front costs of server purchases because it is assumed that the back-end costs of server ownership are equal. The notion of eco-friendliness is not valuable to most people. Dollars, however, are, but from a marketing standpoint, it's a bit of a trick to get people to consider electricity and cooling factors, not only in terms of cost, but also in terms of capacity, i.e. do we have enough electricity and cooling to take these boxes live, because these costs are simply seen as overhead, not direct costs.
I think Sun has come up with a very cool innovation: more computing power, less electrical consumption, less heat generation. The challenge is to get existing and new customers to see it as a value-add feature/benefit set that puts Sun ahead of Dell instead of just something nice you do for the environment.
Saturday, April 22, 2006
Two Standards of Fair Use of Intellectual Property
There are two standards of conduct in the IT industry: those of Microsoft and those of everyone else but Microsoft. Nearly every action that Microsoft takes in the industry is contested but when Microsoft's competitors take the same action, there is no vilification or acerbic attacks. When Microsoft buys functionality and wraps the new capability into Windows, they are accused of suppressing innovation. When Larry Ellison buys PeopleSoft or Sun Microsystems buys StorageTek, they are adding shareholder value by improving their competitive capabilities. Some will even say non-Microsoft companies are buying functionality to extend innovation into the marketplace.
It's a double standard that the industry exploits over and over again.
ZDNet has been publishing articles that have pushed my buttons lately. I don't consider ZDNet to be overtly biased toward open source or against MS, but in the past week or so, I have read stories -- usually "analyses" -- that have done a pretty good job getting me cranked up. As I write on Saturday, I'm a little wound up after reading this analysis of the implications of virtualization software.
The author, Charles Cooper, seems to have two components to his argument: a).virtualization implies that Microsoft ought to let the licensing of virtual servers slide a bit to the advantage of the IT department and b). Microsoft ought to do this because they were accused but not fully convicted of predatory antitrust business practices.
The business value of virtualization accrues to the wise IT shop that sees an economic, operational and administrative advantage to the virtualization of servers. Virtual technology is cool because, as my friend Mike so wisely pointed out in response to my article that ROI and TCO are gibberish calculations for most technology, virtualization software actually does allow the calculation of a meaningful ROI because you can measure real physical boxes that can be eliminated in favor of single, beefy boxes to house numerous virtual servers.
The author seems to be implying an argument that since virtualization software runs on an OS, the extent of license compliance ought to be solely for the host OS. This is an argument predicated on physical use. But virtualization is a logical use not a physical one: VMWare and MS' Virtual Server enable the creation of logical servers and each of those logical servers provides the same functionality of physical servers. Whether that functionality is provided on a physical server or a virtual one is irrelevant to the cost of licensing.
Cooper attempts to build a connotative case against Microsoft using the double-standard of fair use of IP. He refers to a largely meaningless DoJ case against Microsoft in the first part of this decade to imply that the notion of charging customers for a Windows Server license for every instance of Windows Server is evidence of Microsoft's predatory anticompetitive behavior. Cooper insinuates that such a requirement is an economic artifact belonging to misguided libertarians (me being one) and evil capitalists who haven't yet appreciated the economics implied by virtualization.
But here's the question to ask to penetrate the author's accusatory thesis: Would he be challenging Microsoft's requirement of 1 license per Windows Server prior to the existence of VMWare?
The answer is No because the absence of virtualization technology would mean the policy would not be questioned.
The answer is No because the absence of virtualization technology would mean the policy would not be questioned.
This allows you to conclude that the issue is not whether licensing ought to slide for a virtual server but whether an IT department derives value from both physical and virtualized boxes.
It's hard to imagine a more sophomoric closing statement than what Cooper says here: "Last time I checked Microsoft was not in the philanthropy racket. Any company that tries to get out of paying for the full costs of virtualization will find itself on the receiving end of a sweet lawsuit, courtesy of Bill Gates & Co. "
Lovely.IT shops are not charities and they should expect none of the absurd "philanthropy" Cooper implies Microsoft ought to graft to them. There is honor in being a profitable company. There is also honor in paying for the licenses a company uses. Cooper's thesis has no merit.
Thursday, April 20, 2006
Seed the Hobbyist Programmer
Microsoft has decided to continue its free release of Visual Studio Express beyond their original plan of one year. According to ZDNet and other tech RSS feeds, VSE has been downloaded 5M times since November 2005.
Download Visual Studio Express here.
When combined with SQL Server 2005 Express, VSE provides a great learning platform for secondary school students as well as college students. VSE and SQLE also provide a powerful and affordable (how about $0?) development environment for hobbyist programmers who don't want to pay $260 for Visual Studio 2005 Standard.
SQL 2005 Express takes MSDE several steps better. First, the maximum database size is 4GB versus MSDE's 2GB. SQLE can run on a box with up to 1GB of RAM and 1 processors. Third, SQL 2005 SP1 adds graphical interaction with VSE to allow you to design databases without needing SQL Enterprise Manager.
With VSE and SQLE 2005 available for free, Microsoft is seeding the interests and development of future programmers. This is a wise move on Microsoft's part. As I have argued on other articles, software is where innovation and value are delivered. I think the OS platform is primarily a philosophical and business decision but once that decision is made, the hardware and OS are commodities. It's the software that creates value (one could argue that the OS has implicit value because the chosen OS yields a set of innovation that can only be used on the chosen platform). Kevin Kelly argued that the value of a network is a function of the number of nodes on the network. In order to sustain high numbers of Microsoft nodes, there needs to be innovative software to drive demand for the Microsoft platform.
Wednesday, April 19, 2006
This Is A Truly Wonderful Open Source Indictment
For at least the past three years, I've heard numerous rants from some of my friends and online contacts about how insecure IE is and how inherently secure FireFox is. I've debated with them with a bias not toward defending Microsoft but with a bias toward security that is platform indifferent. I won't rehash my arguments here because you can Google Blog search my blog and find those articles yourself.
In this incredible news item, Mozilla users are urged to upgrade their early-model versions of FireFox and Mozilla derivatives because they have significant security weaknesses that can be exploited.
Users have been urged to upgrade to the latest versions of Mozilla's software to protect themselves from a series of critical security holes.How utterly humiliating for all the people who have arrogantly mocked IE users and Windows advocates on slashdot and IT news boards that their browser was clearly more secure than IE. All their arguments have been completely undermined. Now all they have left is, "Yeah? Well, my browser has better functionality than your browser does!"
The Computer Emergency Readiness Team (CERT) warned on Monday that earlier versions of Firefox, and other Mozilla software based on Firefox code, contain a clutch of vulnerabilities that expose users to attack.
The Mozilla Foundation released a new version of Firefox last week, version 1.5.0.2, which it said contained fixes for several security flaws.
According to security firm Secunia, there are a total of 21 flaws in the older versions of Firefox, such as Firefox 1.5, some of which it described as critical.
I have this glowing, warm feeling inside right now. Vindication feels wonderful. It's a beautiful day.
Comments About Novell and Sun
Just days after I made fun of a Senior Analyst for imagining IBM, Oracle and Novell coming together to defeat Microsoft, my friend Mike sent me this article on Larry Ellison's potential interest in Novell.
I wrote back to him:
"It's interesting but buying Novell to get into open source seems to me to be similar to buying a 1998 Chevy Lumina to race the Indy 500. Ellison has a tendency to buy and absorb into the Oracle brand, so it's possible he has no plans to maintain the Novell brand; he may just want SUSE as an asset that can be rebranded as Oracle Linux.
What interests me about this is what database Oracle would use. Would they support an OS database like MySql or would they develop an OS version of Oracle?"
In a note to a friend of mine in Dallas, I made the following comments about Sun:
I just don't think Sun is going to be able to get their poop in a group any time soon to please the institutional investors' desire for profitability and the market's desire for innovation that means something to customers. I think Mr. McNealy needs to step down and let someone else try; he hasn't led the company well since the 2000 burst. I'm not sure if Schwartz is ready yet for CEO duties but he does seem to be leading Sun's thinking. Jonathan is definitely the less strident and more articulate Sun exec.
I think the big problem with Sun is that it is innovating in back office hardware, which is largely a commodity space. I'm not sure I follow the business logic of leading their marketing with entry-level x86 servers. With few exceptions, i.e. iPod, hardware is a commodity. Sun has a couple innovative takes on servers, namely thermally cooler and less demanding of energy, but the problem with that is its hard to market those criteria when TCO calculations don't typically involve cooling and power costs. (TCO calcs are acts of accounting gibberish anyway, but no one wants to admit that). I think most people view the server as a commodity with a low lifespan and therefore the costs associated with powering and cooling them are essentially the same as the costs of powering and cooling cubicles: it just goes to overheaed electrical expense.
I think that most of the interesting innovation occurs on the software side rather than hardware and I think there is more market demand for that kind of innovation because software is what drives business value. The computing platform is a philosophical and business choice, i.e. do we go with Solaris, Windows, Linux, Unix, whateverix, but once that decision is made, a server is a server. Software, however, is what creates value for a computing infrastructure.
Sun is still primarily a hardware company hoping to make some back-end money on servers and services by giving away Solaris and by selling tape backup systems (????). I think Sun is trying to innovate in the wrong area and the StorageTek acquisition seems to me to be an expression of hesitancy from Sun that their direction is on track: why invest $4B (net $3B cuz StorageTek had $1B in cash) to supply commodity storage servcies? What I do not see in Sun's marketing or in Jonathan Schwart's blog are PR pushes that bring Sun software to the forefront. Why should a business choose Solaris? Where is the value? Why (God, Why??) should a business choose StarOffice just because it is cheaper? See? Sun is innovating a commodity product and yet shipping commodity software in a market that expects software innovation.
Microsoft is doing some hella cool stuff. I saw some technology in Dallas that blew my mind. Office 2007 is bringing in functionality that is incredible. Office is tightly integrated into SQL, Windows and SharePoint portal in a way that allows companies to deliver information and analytics that are truly exciting. One session I went to demo'ed this stuff and twice the audience erupted in applause and "Oh my God"'s and "Wow"'s. After watching this demo, the relevance of Office costing $300/user completely disappeared from my mind. It was the first time I'd ever seen value in Office beyond, "I have to buy this to keep compatibility with everyone else in the world." My thought was, "How can a company not buy Office after seeing this?" Yes, it requires initial setup and implementation but the value it can deliver is truly exciting.
I wrote back to him:
"It's interesting but buying Novell to get into open source seems to me to be similar to buying a 1998 Chevy Lumina to race the Indy 500. Ellison has a tendency to buy and absorb into the Oracle brand, so it's possible he has no plans to maintain the Novell brand; he may just want SUSE as an asset that can be rebranded as Oracle Linux.
What interests me about this is what database Oracle would use. Would they support an OS database like MySql or would they develop an OS version of Oracle?"
In a note to a friend of mine in Dallas, I made the following comments about Sun:
I just don't think Sun is going to be able to get their poop in a group any time soon to please the institutional investors' desire for profitability and the market's desire for innovation that means something to customers. I think Mr. McNealy needs to step down and let someone else try; he hasn't led the company well since the 2000 burst. I'm not sure if Schwartz is ready yet for CEO duties but he does seem to be leading Sun's thinking. Jonathan is definitely the less strident and more articulate Sun exec.
I think the big problem with Sun is that it is innovating in back office hardware, which is largely a commodity space. I'm not sure I follow the business logic of leading their marketing with entry-level x86 servers. With few exceptions, i.e. iPod, hardware is a commodity. Sun has a couple innovative takes on servers, namely thermally cooler and less demanding of energy, but the problem with that is its hard to market those criteria when TCO calculations don't typically involve cooling and power costs. (TCO calcs are acts of accounting gibberish anyway, but no one wants to admit that). I think most people view the server as a commodity with a low lifespan and therefore the costs associated with powering and cooling them are essentially the same as the costs of powering and cooling cubicles: it just goes to overheaed electrical expense.
I think that most of the interesting innovation occurs on the software side rather than hardware and I think there is more market demand for that kind of innovation because software is what drives business value. The computing platform is a philosophical and business choice, i.e. do we go with Solaris, Windows, Linux, Unix, whateverix, but once that decision is made, a server is a server. Software, however, is what creates value for a computing infrastructure.
Sun is still primarily a hardware company hoping to make some back-end money on servers and services by giving away Solaris and by selling tape backup systems (????). I think Sun is trying to innovate in the wrong area and the StorageTek acquisition seems to me to be an expression of hesitancy from Sun that their direction is on track: why invest $4B (net $3B cuz StorageTek had $1B in cash) to supply commodity storage servcies? What I do not see in Sun's marketing or in Jonathan Schwart's blog are PR pushes that bring Sun software to the forefront. Why should a business choose Solaris? Where is the value? Why (God, Why??) should a business choose StarOffice just because it is cheaper? See? Sun is innovating a commodity product and yet shipping commodity software in a market that expects software innovation.
Microsoft is doing some hella cool stuff. I saw some technology in Dallas that blew my mind. Office 2007 is bringing in functionality that is incredible. Office is tightly integrated into SQL, Windows and SharePoint portal in a way that allows companies to deliver information and analytics that are truly exciting. One session I went to demo'ed this stuff and twice the audience erupted in applause and "Oh my God"'s and "Wow"'s. After watching this demo, the relevance of Office costing $300/user completely disappeared from my mind. It was the first time I'd ever seen value in Office beyond, "I have to buy this to keep compatibility with everyone else in the world." My thought was, "How can a company not buy Office after seeing this?" Yes, it requires initial setup and implementation but the value it can deliver is truly exciting.
Tuesday, April 18, 2006
BMW Improves iPod Interface
I believe it was in 2003 or 2004 that BMW and Apple announced that BMWs would be pre-wired to interface with iPods. Much ado was made of it but the execution left much to be wanted.
Essentially, the interface enabled the iPod to emulate the six-CD changer that is optional for BMW. This meant that you had to define 5 playlists that were analogs of five CDs. Certainly, you could create long playlists but being able to truly enjoy an entire music collection on a 30GB iPod was seriously hampered by this limitation. The design requires constant interaction with iTunes to modify playlists to take advantage of the capacity of the iPod. It was a neat idea with lame execution.
I've been struggling to find the ideal interface for my music player now that I have shifted from the Dell that died to the iPod 30GB Video. I used to be content with the Belkin FM trasnmitter but after it fell to an untimely death at the hands of spilled Beaner's, I replaced it with the iRiver transmitter. But then I found out about Harman Kardon's most-excellent Drive and Play system and coveted it for a while. I was on the cusp of buying it and I even have my CFO's approval (that would be my wife), but for some reason, I decided I wanted to wait. Perhaps my BMW radar was finely tuned to BMW NA headquarters in New Jersey and knew to wait for this design. Or maybe my decision to not buy the H-K system had nothing to do with this announcement.
In any case, I'll "suffer" through the iRiver FM transmitter until July.
The following is quoted from the BMW press release that announces a new interface available in July 2006.
The new BMW Interface for iPod will be available for owners of the new BMW 3 Series Sedans and Sports Wagons as well as the 5, 6, and 7 Series. It will also be available for the new M5 Sedan and M6 Coupe. It will enable audiophiles to bring their entire music collections with them, plug directly and effortlessly into a superior sound system while maintaining uncompromised control over their driving experience. Since the new Interface is compatible with SIRIUS satellite radio as well as the recently introduced HD Radio, owners will be able to enjoy a broad selection of high fidelity broadcast music sources as well. The original BMW iPod Adapter will continue to be available for 2002 and later BMW models: X3, X5, Z4, and previous generation 3 Series.
...The seamless integration of iPod makes it effortless for drivers to control their music through their existing audio system and the multifunction steering wheel. The new BMW Interface for iPod enables drivers to easily access their entire music library, shuffle songs, skip between tracks and adjust volume -- all of this with no loss of sound quality or driving control.
The new Interface is compatible with all iPods with a dock connector, including the iPod nano and the fifth generation iPod. The BMW iPod Interfaces integrate the iPod through a direct connection in the BMW glovebox, providing outstanding sound quality and constant power to the iPod all while your iPod remains protected and out of view.
The new BMW iPod Interface will be available for customers to purchase at BMW centers beginning in July 2006. Pricing has not been determined.
Sunday, April 16, 2006
Apple Boot Camp Won't Make A Bit of Difference
I have a good friend who is a long-time, die-hard Mac fanatic. He sent me an email titled Look Out Bill! and a link to Apple's Boot Camp beta. Boot Camp is an Apple OS X program that allows a Mac owner to set up a dual boot system that will run Windows XP on a Mac.
This is my response:
A). Bill has nothing to worry about from Boot Camp and he isn't going to lose money. It still requires an XP license so if anything, he's going to make money. But not very much, because...
B). Just about the only people who will do this are existing Mac owners or people who haven't yet purchased a desktop computer. What existing PC owner is going to buy an Apple so he can run Windows XP? It makes no sense. And Mac owners who do this are admitting that the title selection of software for the Mac is paltry in comparison to Windows. Plus, there is a little bit of irony in this: One of the most appealing aspects of the Mac is its relatively low need for users to have technical skills. For the average user, a dual boot computer is not easy to install or use. So, Apple is kinda violating the "easy interface" advantage with a dual boot environment.
When you find someone who has successfully ported Mac OS X to the Wintel platform, then that will be something worth having. I'd love to run Mac OS X on my existing hardware. There was a Japanese guy who did it last fall/winter after much confabulating. It requires a boatload of gyrations and software: VMWare, some open source stuff, some Apple stuff, etc. etc. When it is easy to do then I'll do it. I'll even pay the $100 for a legit copy of OS X.
The only problem is that Steve doesn't want to sell OS X to Wintel users (foolish man). He wants to bundle the OS with the box. Steve still believes that the hardware is cool. It's not. It's just a pretty box with a processor, RAM, a hard drive and ports to the outside world. A box is a box. Some are prettier than others but in the end, it's just a box.
To me, Steve's unwillingness to sell a Wintel port-able version of OS X is an implicit admission that Apple boxes are over-priced and were it not for Mac OS, Apple would have even less share than they do now in the computer market. Put a graphically boring OS like Windows XP on a Mac box and the market yawns. The Mac sizzle comes from the OS. The iPod is the only hardware that Apple makes that means anything. For that matter, the iPod is just about the only hardware that anyone makes that means anything. All other hardware are nothing but commodities. What makes the Mac great is OS X. The box is entirely trivial. And over-priced. The market has largely rejected Mac desktop hardware for the past 20 years. Boot Camp won't change that.
This is interesting from another perspective. It seems to suggest that the halo effect of the iPod on Mac computers hasn't driven the Mac sales Apple hoped it would. Were the halo effect powerful, then there would be no need to create incentive to buy Mac hardware with dual boot capability because people would be buying Macs hand over fist. And Boot Camp better be free because if people have to pay for it, they won't. They will look at a $600 Mini + $100 for Windows XP + $75 for Boot Camp and go, "Well this is dumb. Why do I want to pay $800 for a computer with no mouse, monitor or keyboard to run XP when I can just buy a complete Dell that runs XP for $400?" Even if Boot Camp is free, the argument is not compelling for the user who wants to have WinXP compatibility.
There is one simple factor that kills Mac sales even when most iPod users are Windows users: Windows iTunes.
Windows iTunes obviates the need to buy a Mac.
But if Steve were to cut off Windows iTunes, he would choke the life out of iPod sales. People aren't going to pay $300 for an iPod + $100 for almost necessary accessories like FM transmitters and cases then go spend another $700++ for a Mac Mini to support the iPod. Steve needs Windows iTunes to drive iPod sales. Boot Camp won't change that either.
I don't see Boot Camp selling much at all.
Now Discover Your Strengths
Tanya and I are reading a book together. It's called Now, Discover Your Strengths. Its thesis is that in American culture, and corporate HR culture in particular, we tend to focus on identifying and rectifying performance deficiencies. The authors argue that we are better off by understanding our strengths and capitalizing on them while only paying passing attention to what we are weak in. They believe that millions of training dollars are wasted on trying to build capabilities into people that they don't innately possess instead of helping people reinforce their strengths.
It's a thesis I deeply believe in. When I do public speaking coaching, I tell people to focus on what they already do well. If you focus too much on not doing things that are bad, then your presentation becomes more about not doing something than in releasing yourself to the audience so that they see you as well as your topic.
The book includes a strengths assessment provided by Gallup. My results are described below:
[click to enlarge]
Intellection:
Strategic:
Input:
Communication:
Ideation:
Initial Impressions of Novell Linux Desktop
I am going to post my impressions throughout the day as I experiment with Novell Linux.
Here's my first delightful discovery: 39 urgent updates and probably hundreds of suggested updates.
I thought Linux was inherently more secure than Windows...
And here is a screen capture of Novell's email client, inexplicably called Evolution. It sure reminds me of some other prominent email client.
One of the open source arguments I've heard against Microsoft is that they suppress innovation. In contrast, the open source movement lionizes itself by saying that they are the true innovators. Yet, when I look at Open Office and Novell's Evolution I see not innovation but artless, blatant mimicry of Microsoft's GUI and functionality.
This leads me to conclude that the open source camp expects people to just eat their assertions and arguments. We are supposed to simply accept the idea that the open source development model is inherently more secure, that Microsoft suppresses innovation and that open source unleashes it. I've challenged the open source advocates in my life to show me examples of how Microsoft suppresses innovation and the only remotely satisfying answer has been, "Well, Microsoft doesn't develop its own solutions; they go out and buy someone else's product and rebrand it as their own."
So, apparently if a company develops all its own functionality, that's innovative but if a company goes out and buys technology, that's just corporate relabeling. How come Oracle doesn't get eviscerated by the open source crowd for buying peopleSoft's functionality? What about Sun's acquisition of StorageTek? Oh yeah, I forgot: only Microsoft suppresses innovation by buying functionality. Everyone else is giving innovative solutions a chance by bringing them into the fold of a larger company. Can you spell myopic double-standard? I knew you could.
Sorry kids: Microsoft is producing some of the coolest, innovative and secure software out there. All I have ever seen from the open source crowd is high-horse-posturing that doesn't deliver substance and unoriginal mimicry. I just don't buy any of the core arguments offered by most open source zealots. Only Sun's COO Jonathan Schwartz offers a take on open source that is stated not in anti-Microsoft terms but in a postive statement of the value of open source, particularly as open source relates to intellectual capital rights in developing countries.
-----------------------------------------
A visitor made the following comment on my primary blog:
"Your comments show that you trully do not understand software engineering, or the open source development model.
One obvious reason why outlook/evolution or open office/microsoft office have the same skin is to present a commen interface that users can understand. They are quite different underneath.
You seem to have skipped over the fact that the security through obsurity model has failed and will continue to fail. "
-------------------------------------------
To which I responded (with added edits from the original post to improve clarity):
The commenter's argument is incomplete and it's representative of the standard open source zealotry playbook. He tosses out some common talking points but doesn't offer a cogent response.
GUIs have design philosophies. The intent in a design is to expose the underlying functionality to the end user. Well-designed GUIs present functionality in an intuitive manner, while unintuitive, like Novell's god-awful GroupWise, enable people to "do email" but not well. The GUI of Office 2007 is a radical departure from the traditional menu-driven GUI's exposure of functionality. The ribbon is an amazing design that presents the user with exactly what they need at the moment. The contrast between the GUIs of GroupWise and Outlook, for example, reveals a significant difference between design philosophies. This difference is experienced in the way functionality is exposed; one has a level of quality better than the other.
So, to say that Evolution and Open Office are designed to give a user a familiar interface and yet have them be "very different" underneath is disengenuous. This is because it's a straw man: most people cannot asess the qualty of code between an open source app or a commercially-developed app. But what people do see is the functionality that is exposed through the GUI.
Further, the underlying code is irrelevant to the user experience. Pretty code or code that flows from a favored ideology is completely irrelevant to the end user. What matters to the user is the experiece of interacting with the program. How easy is it? How intuitive is it? How natural is it? If people fail to code with the end user experience in mind, they are completely missing the whole point of writing software in the first place.
If the commenter is implying the classic open source argument that open source code is inherently more secure than proprietary code, then he needs to catch up to 2006. This is a stale accusation that had merit with Windows 2000, Exchange 2000 and IE 5. The current versions of Microsoft products are substantially more secure and as open source has gained prominence, they have created a more enticing attack target. Go to www.secunia.com and talk to me about inherently more secure code. Secunia lists a stunning array of security issues for the IT industry and in doing so, proves that security holes exist in all applications and always will. Inherent security by virtue of a development model is an illusion and a misrepresentation. And as I have commented in my blog numerous times, if anything, the exposed nature of open source code actually makes it more of a security risk because hackers have a 100% accurate map of what to exploit.
The commenter is correct: the obvious reason for the similarity is to give user's a commonly familiar interface. What an incredible concession on the commenter's part! It is an implicit admission that open source has no innovation to offer the end user. How can an application be innovative and mimic Microsoft Office and Outlook at the same time? The very notion of innovation involves a creation that is different from its predecessors either in design, conception or functionality. Mimicry cannot lead to innovation.
The commenter is absolutely correct: they are quite different underneath. The open source versions of Office are actually subsets of Office. The open source product offerings are wanna-be applications that don't even come close to the functionality of MS Office.
Open source zealots claim to have the market cornered on innovation. I don't see it. All they do is parrot Microsoft. From a marketing perspective, this makes great sense. But open source continually claims the moral high ground by asserting Microsoft suppresses innovation. They disparage Microsoft for buying functionality and use this as evidence to ostensibly support their assertion that Microsoft suppresses innovation.
So, I challenge the open source crowd: SHOW THE WORLD WHAT INNOVATION LOOKS LIKE. Quit replicating what MS does and write something unique. Oh and make sure it integrates with the corporate intranet and back end servers and the rest of the office suite to provide great functionality like Office 2007, Windows, SharePoint and SQL 2005 provides. Develop a killer app that is not only cool but is also desired by the open market.
And don't whine that MS has an advantage because they know all the internal hooks and API's into the platform. MAKE YOUR OWN DAMN HOOKS. INNOVATE! CREATE! ADAPT! BE GENUINELY CREATIVE. BACK UP YOUR WORDS WITH SUBSTANCE.
I don't really understand the commenter's mention of security by obscurity. He certainly cannot be referring to Microsoft security since the entire Microsoft product suite is under constant attack, which paradoxically, makes it more secure than less ubiquitous products. He might be referring to open source programs though since they do not weather the same intensity of security attacks as do Microsoft products.
I don't think the commenter understands what security through obscurity means. His mention of it makes no sense in the context of the article.
Baseless Gushing Over Open Source's Potential to Erode Windows
So, apparently Novell had their Brainshare conference recently. Novell, a company with no direction if there ever was one, was all glib about its new Novell SUSE Desktop build. Novell reminds me of the scene in Monty Python and the Holy Grail where one guy gets completely pruned in a joust, only to claim it's a flesh wound. Novell hobbles along on bleeding stubs of legs and tout how they are coming out to take command of the desktop if only 47 variable happen to line up properly.
I've not read Jon Oltsik's column before but it's amazing to me that people with his kind of reasoning can be selected as featured writers. I guess perhaps when you need material to advocate a weak, poorly-thought-out position, you take what editorial content you can get. Here's a high level summary of his argument:
1. Microsoft used to be considered inferior to OS/2, WordPerfect and Lotus 1-2-3.
2. Microsoft overcame that problem by "offering good enough technology, superior pricing and attractive bundling."
3. Microsoft gained its dominant position as a result.
4. At Brainshare, Novell unveiled a beta of their SUSE desktop Windows XP hegemony-killer. It is certain to have broader appeal.
5. The SUSE desktop comes loaded with OpenOffice and says Oltsik, "...I'm sure some of the bells and whistles Microsoft bakes in are missing, but there aren't any obvious functionality gaps. In other words, it's good enough for the majority of employees whose jobs depend on doing basic stuff."
6. The new desktop has improved interoperability with Windows.
7. It's cheaper than Windows XP and therefore offers a better value and lower TCO.
Then Oltsik's article takes an utterly comedic turn:
Novell isn't capable of leading the Linux desktop charge on its own, but there are plenty of others in the industry more than willing to help. IBM could certainly move the market if it evangelized Linux and offered hand-holding migration services in the process. (Author's note: It would be somewhat Shakespearian to think that a combination of IBM, Lotus and Novell would lead a successful Linux desktop assault.) There's no love lost between Microsoft and Oracle, so I'm sure Larry Ellison could be persuaded to support this effort. Intel and AMD want to sell boxes, so Linux desktops are just fine.I laughed out loud when I read this. It was so naively honest and the implications of what he admits are apparently lost on him.
Novell doesn't have the brawn necessary to appeal to the market in any meaningful way.
Oltsik fantasizes a consortium between Novell, IBM, Oracle, Intel and AMD to unseat Microsoft. "If only this would happen, Bill Gates would be undone..."
Oltsik's argument is predicated on the alignment of quite a few stars to unseat Microsoft. The man even admits that he doesn't fully understand Microsoft's offerings by asserting that Open Office is roughly equivalent to Microsoft Office and that the gaps between the two are inconsequential. While he is correct that for small and home offices, Open Office may be an adequate suite, he does not appreciate that for mid-sized businesses and corporations, Microsoft Office provides substantially more value than Open Office (see my articles from the past two weeks on what Microsoft is doing with integrating Office, Windows, SharePoint and its business applications).
Novell is a paragraph and a footnote in the history of IT. They have been marginalized by Windows and their only solution to the loss of market share is to pin their hopes on a phantom chance that the open source movement can propel them back to relevance.
As I write this, I have a remote access session to my computer at work and I am downloading a VMWare image of the Novell SUSE Desktop image. When I get back to work tomorrow, I will be able to play with it. I will be able to assess just how easy it is to integrate into a domain, add printer drivers and so on. I am anxious to find out if SUSE Desktop truly does integrate in a Windows environment or if it has limited interoperability and is therefore meaningful only to small businesses using a SOHO network with no AD domain.
Details Matter In Advertisements
My trip to Dallas two weeks ago was to a Microsoft conference called Convergence 2006. The focus of the conference was a suite of business enterprise management applications that are scaled based on the size of a business. Applications formerly named Axapta, Navision, Great Plains, CRM and Solomon have all been remarketed under the Microsoft Dynamics brand.
I'm very excited about what Microsoft is doing with Dynamics. The level of integration with the Dynamics suite and other Microsoft platforms like Windows Server, Windows XP, SharePoint Portal and Office 2007 is stunning. What these embedded technologies enable businesses to do is deliver role-based information in a timely, if not real-time, manner. While it is possible to piece-meal third party applications with Windows Server and XP, I believe that Microsoft is tying together servers, clients, Office and enterprise functionality with a level of integration that other solutions will be hard-pressed to touch.
Microsoft is focusing on rebranding the suite by pointing out that the integration enables real-time delivery of information. The following print ad was in Time magazine this week [click to enlarge].
The problem I have with this ad is that it depicts paper charts on the wall. Paper charts on the wall do not convey real-time, integrated, role-based data. It conveys a sense of kludgy, out-dated information that is not distributed based on a role but based on a inter-office distribution list. Microsoft Marketing may be trying to compare and contrast the paper-chart mode versus the real-time method of an integrated, role-based system but I don't think the approach is effective because there's ambiguity about the place paper charts play in the use of Microsoft Dynamics. It isn't clear from the picture whether people are relying on posted paper charts or the Dynamics reports on their screen. This ambiguity doesn't lead a customer to conclude that Dynamics is truly a real-time solution.
Bill Gates Keynote At Convergence
After a bit of a late night, I got up at 5:45 so that I could get showered and breakfasted early. I wanted to get a decent seat at Bill Gates' key note this morning. I achieved my objective. I was in the middle section in the 15th row.
Bill is not an ultra dynamic speaker. However, he is efficient as a thinking speaker. By this I mean that his words come out cleanly and he is able to communicate his ideas with few words. This is in marked contrast to two speakers I endured yesterday: gobs and gobs of words coming out without much communicative content. And yes, for those who know me, I recognize that this is a hypocritical comment for me to make. However, comparing Gates' style of speaking with the styles of some of his executives made me realize that I need to cultivate the ability to articulate ideas concisely. Gates was masterful at it. Bill was thoughtful and excited, and he used an economy in his words that deeply impressed me.
Microsoft is doing some incredibly innovative stuff. With each passing year, they continue to develop better ways of connecting people with information and this is done by connecting systems and data together in ways that are quite powerful. I have been blown away by some of the things I have seen so far at the conference.
This morning, Bill demoed technology that wowed the crowd and it aroused an emotional reaction from me. He showed three contexts: home, work and travel.
At home, he showed a home computer that was oriented in portrait mode and hung on a wall. On the screen was TV, family scheduling activities, pictures, notes, etc. He navigated the screen with touches, a la Minority Report's virtual 3D hand manipulation with the key difference being that extra gear wasn't needed. He saw a MSNBC news item that interested him, so he marked it as one to Track. The info was moved to his phone to allow him to follow the story as he commuted.
He was also able to track the actual real-time location of his children, which brought appreciative snickers from the parents in the audience.
At work... oh my. At work, he walked up to a desk that had three large, ugly panels. But as Bill set his phone down on the desk, a wave of predictive realization washed over the audience as they understood that Bill was about to boot up a computer that had near-180 degree monitors that were probably 2x3'. It was a wrap-around monitor set up that was amazing.
As soon as he logged in, his MSNBC news story followed him in. He was on a conference call and dropped the MSNBC item onto the video conference screen and all attendees on the call had access to the story.
At the airport, he dropped his phone onto a table that recognized the phone and gave Bill the opportunity to log into his phone and his data. He did this with his finger print. The table then displayed a desktop for his phone. Think of this in terms of those portable keyboards for PDAs but with a touch-sensitive monitor. Kind of like a Tablet PC. Bill had received a business card from someone at a meeting, so he put the card on the table and it scanned the contents and put an object representing the card on the desktop. Bill then dragged it to the icon for his phone and the table beamed the card into his Contacts in Outlook. The crowd actually applauded.
It was truly exciting. I felt I was seeing a glimpse into a very real, not-so-distant future. Even as I write this, I am excited. It was a breathtaking demonstration of technology that was actually useful.
Google's Dissonant Views on Information
I am wrapping up the lingering details of rebuilding my computer at work. I'm configuring some of the features of Google Desktop. Just now, I received the following notice:
Please read this carefully. It's not the usual yada yada.Now this is an interesting thing to say when you compare and contrast this to two other actions taken by Google:
When you use Advanced Features, you may be sending non-personal usage information and information about websites you visit to Google.
For example, Google Desktop sends Google information about the news pages you visit in order to personalize the news you see in Sidebar. We use other non-personal usage data, including crash reports, to help improve Desktop's performance. Please note that none of this data actually tells us who you are; we use it merely to improve Desktop's ability to give you the information that's most relevant to you.
To learn more about our privacy protections, read our Privacy Policy.
1. Resisted the US Attorney General's request to provide anonymous search terms in order to better protect children from child pornographers and (the real reason) to execute a warrantless search for terrorist activities. Google rightly told the Feds to get bent because a). there's no probable cause for the search and b). it doesn't take a whole lot of thought or creativity to come up with search terms that might typically be used by child porn seekers.
2. Google acquiesced to the Chinese government to filter search results for searches originating from Chinese IPs.
In the notice I received this morning, it is okay for me to feel safe that Google doesn't track anything related to me personally (... yet I need to log in to my Google account... hmmm) but it's an invasion of privacy when the Feds want the same kind of information. So, if the data collected by Google is so anonymous why not give it up?
I recognize that I've already answered my own question when I asserted that the Feds' request for data was an unreasonable search with no probable cause but it does seem a bit discordant for Google to tell me their data collection is harmless.
The filtering of Chinese use of Google is disturbing to me. Here is an explanation of the decision from Google's official blog. If you want to skip all the blah blah blah, here's the short version:
We decided to cater to the Chinese government's desire to curtail the free exchange of information by limiting certain kinds of search results so that we can expand our market presence in China. We value revenue over freedom.
Google users in China today struggle with a service that, to be blunt, isn't very good. Google.com appears to be down around 10% of the time. Even when users can reach it, the website is slow, and sometimes produces results that when clicked on, stall out the user's browser. Our Google News service is never available; Google Images is accessible only half the time. At Google we work hard to create a great experience for our users, and the level of service we've been able to provide in China is not something we're proud of.So, Google justifies their decision by saying that they want to deliver a Quality of Service that makes the Google engine available on a reliable and rapid basis. They are saying that performance and market penetration were the primary values they used when making a decision to restrict Chinese citizen access to information that would enhance the penetration of the democratic and capitalistic impulses within Communist China.
This problem could only be resolved by creating a local presence, and this week we did so, by launching Google.cn, our website for the People's Republic of China. In order to do so, we have agreed to remove certain sensitive information from our search results. We know that many people are upset about this decision, and frankly, we understand their point of view. This wasn't an easy choice, but in the end, we believe the course of action we've chosen will prove to be the right one.
Launching a Google domain that restricts information in any way isn't a step we took lightly. For several years, we've debated whether entering the Chinese market at this point in history could be consistent with our mission and values. Our executives have spent a lot of time in recent months talking with many people, ranging from those who applaud the Chinese government for its embrace of a market economy and its lifting of 400 million people out of poverty to those who disagree with many of the Chinese government's policies, but who wish the best for China and its people. We ultimately reached our decision by asking ourselves which course would most effectively further Google's mission to organize the world's information and make it universally useful and accessible. Or, put simply: how can we provide the greatest access to information to the greatest number of people?
I would argue that a more effective way of arousing desire for freedom than warring against phantom terroristic threats is to penetrate closed societies with information and ideas that encourage thinking on and desire for freedom. Certainly, there is a place for war. However, as I have commented before, the Bush Administration's justification for war today is to propagate freedom in the Middle East. Not only is this a significant departure from the initial basis of justification (secure WMD's before they are used against us) but it is also a fatuous argument: how does killing a country's people encourage democracy?
So, here is Google as a company. I believe that Google is one of the most important -- if not the most important -- assets on the internet and they are choosing revenue and, ostensibly, Quality of Service to justify catering to Beijing's desire to suppress freedom and innovative thought. Google stock is trading at upwards of $380/share. They are a cash cow company and more praise to them for that! I love successful innovative, capitalistic companies.
Yet with affluence comes a degree of responsibility to the disenfranchised. Could not Google subsidize the penetration of free information into China with revenue from open societies? Could not Google, in the case of countries whose governments oppress their people, use their tremendous assets to actively subvert oppressors like Beijing by finding creative ways to give QoS and fully-disclosed search results to the oppressed people of China?
Google's justification in the blog entry I cited above sounds more like a marketing plan than it does a mission for an innovative company whose sole purpose of existence is to get people connected with powerful and useful information. It is a noble-sounding excuse that seeks to get us to forgive their unwillingness to subvert oppression. Instead, it is a hollow statement of marketing corpo-speak.
When taken together, Google's positions on information it pulls from my computer, information it withholds from the Feds and information it intentionally restricts from Chinese citizens seems profoundly discordant to me. It seems to me that Google has given up an opportunity to be an innovator for the democratic process in exchange for Chinese Yuans that nicely convert to American dollars.
OpenOffice Assessment: Pointless
I'm done with my OpenOffice test. Might not have even been two weeks. I just don't like OpenOffice. OO doesn't offer enough to compel me to switch. There's not one damn thing that's innovative about it, even though the open source zealots say that companies like Microsoft suppress innovation. All OpenOffice achieves is a 3rd rate copy of Microsoft Office.
In order to be even marginally compelling, OpenOffice has to mimic MS Office capabilities, menus, commands and file structure. Why? Because without MS Office mimcry, OpenOffice cannot attract acolytes merely by being free. There is better value in Office's GUI and it offers substantially better functionality than OpenOffice. Sun has tried to level the playing field by adding MS Office-compatible macros to StarOffice, the for-pay version of OpenOffice. But this betrays the notion that the power of Office lies in its scripting capabilities. While macros are certainly useful and cool, the better value in Office is its ability to integrate with SharePoint and SQL Server. The open source suites cannot begin to touch this functionality.
This means that OpenOffice only holds appeal for small businesses who do not yet appreciate the value of MS Office. However, at some point, as businesses grow beyond simple letters and spreadsheets, they will have to abandon OpenOffice for MS Office because the open source version cannot scale to the needs of a growing company. At some point in a company's growth path, integration with the Windows platform will actually mean something to the business because of the value that integration delivers. At that point, OpenOffice will be abandoned.
But this is only an issue for people who opt for OpenOffice due to the price. Most other consumers and business people are not going to want to deal with the subset of functionality, juvenille GUI and different methods of functionality. They will make the better decision and buy Office.
So, all I really got out of using OO is a reinforcement that ubiquity is indeed one of the most powerful -- if not the most powerful -- dynamics in the computing industry. Ubiquity drives standards, stability, norms and eliminates the risk associated with adopting less popular platforms.
So, it's time to press the button:
Amazon Continues to Blow My Mind
This weekend, I am researching what is called a public key infrastructure (PKI) on Windows server. We are going to need to have the ability to allow people to encrypt their email because of a government contract we have. A PKI is a Windows server function that enables us to do this.
I've played around with PKI's on my home network and you can actually come to my server and get a digital certificate. But I need to have a level of knowledge that extends deeper than "I've dinked around with it a bit."
This being the case, I went to Amazon to look for books on PKI. I found a Microsoft Press book specifically on PKI's (which was exactly what I wanted). What really amazed me though was a new feature on Amazon called Statistically Improbable Phrases. You can see this section by going to the book link here. Let me quote from Amazon's description of what Statistically Improbable Phrases tells a user of Amazon:
Amazon and Google are the two most deeply, meaningfully useful sites on the web.
I've played around with PKI's on my home network and you can actually come to my server and get a digital certificate. But I need to have a level of knowledge that extends deeper than "I've dinked around with it a bit."
This being the case, I went to Amazon to look for books on PKI. I found a Microsoft Press book specifically on PKI's (which was exactly what I wanted). What really amazed me though was a new feature on Amazon called Statistically Improbable Phrases. You can see this section by going to the book link here. Let me quote from Amazon's description of what Statistically Improbable Phrases tells a user of Amazon:
Amazon.com's Statistically Improbable Phrases, or "SIPs", are the most distinctive phrases in the text of books in the Search Inside!TM program. To identify SIPs, our computers scan the text of all books in the Search Inside! program. If they find a phrase that occurs a large number of times in a particular book relative to all Search Inside! books, that phrase is a SIP in that book.This is simply incredible to me. The sheer processing power and comparitive indexing required to pull this highly-useful reference off is mind-blowing to me. Staggeringly brilliant and useful.
SIPs are not necessarily improbable within a particular book, but they are improbable relative to all books in Search Inside!. For example, most SIPs for a book on taxes are tax related. But because we display SIPs in order of their improbability score, the first SIPs will be on tax topics that this book mentions more often than other tax books. For works of fiction, SIPs tend to be distinctive word combinations that often hint at important plot elements.
Click on a SIP to view a list of books in which the phrase occurs. You can also view a list of references to the phrase in each book. Learn more about the phrase by clicking on the A9.com search link.
Amazon and Google are the two most deeply, meaningfully useful sites on the web.
Fortune Magazine: Why Globalism Matters to You
In the November 28, 2005 issue of Fortune is an article I think is important for people to read. It eliminates the mystique of hatred for Wal-Mart and points the reader in the direction of why globalism is a force that is sweeping away old economics. The problem of globalism is caused by consumers like you and me. We like stuff cheap. Wal-Mart has merely capitalized on gloabl economies better than any other company.
Please read this article.
Dave
Executives at Wal-Mart are worried that Robert Greenwald’s new documentary film about the company—Wal-Mart: The High Cost of Low Price—could become a cult hit on the order of Michael Moore’s anti-GM rant, Roger & Me. So my first piece of advice to CEO Lee Scott and his team is:
Stop worrying about the movie. It’s a jeremiad—a ham-handed snore with none of the humor, craft, or story sense that made Moore’s film so engaging. The people who already hate you will love it, but nobody else will be able to sit through it. My second piece of advice is to worry deeply about what the film represents. It’s a response to the great social disrupter of our time—the emergence of a friction-free global economy. This new film, awful though it may be, is a cry from the hearts of people being wrenched from the old world into the new and not liking it. There are millions of them, and they will demand to be heard in the media, the markets, and government. And the world’s largest corporation is, inevitably, the most inviting target they can find. Why they’re unhappy is no mystery. In the new world it’s possible to coordinate supply chains and distribution networks with precision and efficiency never before imagined. Result: big-box retailers with extremely low prices. Wal-Mart’s critics (including the new movie) dwell heavily on how the company heartlessly drives small-town stores out of business. One never hears the obvious problem with that allegation: that Wal-Mart can’t drive anyone out of business. Only customers can do that, and millions of them happily drive right past those little stores because they’d rather pay lower prices. Of course it isn’t just Wal-Mart that draws them. Home Depot and Lowe’s have been death for small hardware stores, Zales for mom-and-pop jewelry shops, Sports Authority for the old sporting goods retailers. They’re all using the plunging cost of computing power and telecommunication to create previously impossible business models that give customers what they want. That trend is not going to stop.
The new world also makes it impossible for employers to pay people as they used to. Maybe the most important part of the new world for many Americans is the advent of a genuinely global labor market, in which workers around the world compete. Of course nobody in Mumbai can directly take the job of a retail clerk on the floor of a Wal-Mart. But a lot of labor is fungible; a given person could work in a store or factory or office. So global competition for workers in factories or info-based jobs, where work can be offshored, pushes down the pay of millions of others—bad news for Wal-Mart employees and potential employees.
A big chunk of the documentary concerns the fact that many Wal-Mart workers don’t get very good medical coverage—or any at all. Again, welcome to 2005. Everybody’s medical coverage is getting stingier because in a global economy, where U.S. workers compete with those in Datang and Wal-Mart competes for capital with every other business on earth, American companies can’t continue paying the world’s highest health-care costs. Don’t blame Wal-Mart; blame America’s inability to devise a national health plan that takes the burden off employers.
The film includes a few allegations of illegal conduct by Wal-Mart managers, and obviously nothing can excuse that. The big question is whether such behavior is systemic, as the film suggests but doesn’t prove. Until there’s better evidence, one should be agnostic on this question, which is not the same as giving Wal-Mart the benefit of the doubt. The company’s growth has been slowing, and it’s under pressure from investors to improve results. As that pressure gets transmitted down to stores, it’s easy to imagine managers doing things they shouldn’t.
If that’s happening and Wal-Mart doesn’t fix it, the results could be dire. This is a battle, and nothing ordains that Wal-Mart must win. The forces of discontent could enable competitors to find toeholds and over time reduce it to just one of America’s several major retailers. What’s critical to realize is that it wouldn’t really matter. This film’s greatest disservice is to tell people, as it does in its closing sequence, that victory consists of stopping Wal-Mart. That’s a delusion. The only true victory will be adapting to the world that’s coming, like it or not and regardless of who brings it.
The Attack Paradox: Why Windows Is Safer Than Linux
Mac Malware Door Creaks Open
Having been married for a while, I usually try avoid "I told you so" because it's not a very effective way to build good will. Nevertheless, I have been saying for two or three years that when/if the open source and Mac OS X operating systems get more market presence, they are going to be attacked and exploited. I have often challenged the rabid SlashDot claims that Windows is inherently insecure and OS' like Linux, Unix, Mac OS and Solaris are inherently more secure. When I have done so on slashdot, I've been eviscerated with lots of open source groupspeak, stale talking points and lots of arrogant passion but not a whole lot of balance, fairness or reason.
Probably my best commentary on this debate can be found at [ My Authoritative Perspective - Which Is More Secure? ] In this article, I argue that while it is true that software manufacturers have a responsibility to write secure code, it is also the responsibility of sysadmins to keep their workstations and servers updated. When considering attacks by known viruses, the systems that are affected are systems that have not been updated. This is not Microsoft's or Linux's or Mac OS X's fault.
What delights me about the linked article about Mac malware is that it supports what I've been saying: I don't believe that one OS is more secure than another. And, I have also stated what I call the Attack Paradox: The fact that MS has been so vigorously attacked over the years actually means the Windows platform is more secure than others because its weaknesses are identified by hackers and patched by Microsoft. This then diminishes the attack opportunity for Windows. This is a concept that is hard to conceive at first: how can a platform that constantly has security issues be more secure than one that doesn't?
Windows and IE are the primary targets of exploits. Each time Microsoft is successfully attacked, their programmers develop patches to fix the weakness. This provides two opportunities that would't be available had the successful attack not worked: 1.) They get better insight into their code, their coding methodology and their supporting frameworks; and 2). they gain more and more insight into the pathology of the hacker. This knowledge helps inform their coding subsequent to the attack. Platforms that aren't as vigorously challenged because they are not as ubiquitous as Windows unquestionably have as-yet-discovered weaknesses but the absence of frequent attacks means the open source programming team isn't learning as much valueable information.
I predict that Linux and Mac OS will be proven to have many as-yet unexposed security issues. As hackers become more interested in Macs and Linux boxes, we will see a sharp rise in the the number of exploits developed for these "inherently more secure" OS'.
Until that happens, the Mac malware article seems to support my opinon that Anything-But-Microsoft-Operating-Systems are not inherently more secure. The Linux development model does not channel the talents of its programmers to produce inherently secure code.
I told you so.
Having been married for a while, I usually try avoid "I told you so" because it's not a very effective way to build good will. Nevertheless, I have been saying for two or three years that when/if the open source and Mac OS X operating systems get more market presence, they are going to be attacked and exploited. I have often challenged the rabid SlashDot claims that Windows is inherently insecure and OS' like Linux, Unix, Mac OS and Solaris are inherently more secure. When I have done so on slashdot, I've been eviscerated with lots of open source groupspeak, stale talking points and lots of arrogant passion but not a whole lot of balance, fairness or reason.
Probably my best commentary on this debate can be found at [ My Authoritative Perspective - Which Is More Secure? ] In this article, I argue that while it is true that software manufacturers have a responsibility to write secure code, it is also the responsibility of sysadmins to keep their workstations and servers updated. When considering attacks by known viruses, the systems that are affected are systems that have not been updated. This is not Microsoft's or Linux's or Mac OS X's fault.
What delights me about the linked article about Mac malware is that it supports what I've been saying: I don't believe that one OS is more secure than another. And, I have also stated what I call the Attack Paradox: The fact that MS has been so vigorously attacked over the years actually means the Windows platform is more secure than others because its weaknesses are identified by hackers and patched by Microsoft. This then diminishes the attack opportunity for Windows. This is a concept that is hard to conceive at first: how can a platform that constantly has security issues be more secure than one that doesn't?
Windows and IE are the primary targets of exploits. Each time Microsoft is successfully attacked, their programmers develop patches to fix the weakness. This provides two opportunities that would't be available had the successful attack not worked: 1.) They get better insight into their code, their coding methodology and their supporting frameworks; and 2). they gain more and more insight into the pathology of the hacker. This knowledge helps inform their coding subsequent to the attack. Platforms that aren't as vigorously challenged because they are not as ubiquitous as Windows unquestionably have as-yet-discovered weaknesses but the absence of frequent attacks means the open source programming team isn't learning as much valueable information.
I predict that Linux and Mac OS will be proven to have many as-yet unexposed security issues. As hackers become more interested in Macs and Linux boxes, we will see a sharp rise in the the number of exploits developed for these "inherently more secure" OS'.
Until that happens, the Mac malware article seems to support my opinon that Anything-But-Microsoft-Operating-Systems are not inherently more secure. The Linux development model does not channel the talents of its programmers to produce inherently secure code.
I told you so.
Saturday, April 15, 2006
Why Do You Use IE?
The Inside Microsoft blog has this article. It's a short article so I have quoted it below:
Most Firefox fans were able to cite specific things they liked about the browser, but those who used Explorer, for the most part, fell back on the “it’s all I know” argument, presenting what could be a huge marketing opportunity for Firefox.
Ummm, no it doesn't present a great marketing opportunity for Firefox. Here's why:
When you interview geeks and normal computer users about their browser preference, you will get two different answers. Geeks are aware of the security risks of surfing the web, particularly pernicious places like warez, hacking and porn sites. Consequently, geeks ought to understand that there was a significant difference between the security of Firefox and the security of IE. (I say was because Firefox has had a number of security weaknesses exposed as the browser has gained popularity. I won't rehash my arguments about inherent security claims here. Because geeks are aware of malware threats, they take seriously the notion of safe browsing. Firefox has made a (undeserved) reputation as the condom of the internet: if you want to surf safe, use Firefox. If you don't care if you catch a disease, surf IE.
Ordinary end users, in contrast to knowledgeable geeks, have little to no awareness of malware. They may be vaguely aware that it is "risky" to surf the net but they don't understand malware, how it gets into their systems and how it works. They only become aware of malware after their system has already been debilitated. End users simply don't understand the relationship of a browser to the threat of malicious software.
Consequently, there is little marketing opportunity because in order to get people to desire Firefox, they first must understand how malware works and why a browser might make a difference in securing a user's surfing experience. Users must have both an understanding of the risk and the desire to go through the process of downloading and installing Firefox. Yes, this is simple for the knowledgeable computer user and it is almost trivial in its difficulty. For the average home user, however, there is just not enough incentive for them to bother with Firefox when IE is already there.
I think there are three types of people who insist on Firefox:
1. People who still believe dogmatically that FF is inherently more secure than IE.
2. People who prefer the functionality of FF to IE, e.g. tabbed pages.
3. People who have geeks as friends who have insisted that FF is "better" than IE
I would admit that on a fresh build of Windows XP with no service packs nor IE updates installed, FF may be more secure than IE. However, with a current build of Windows XP SP2 and all current Windows updates, there is no appreciable security differential between IE and FF. The only security risk posed by IE is on a system that is not maintained.
Let me flip it the other way: If you had a box with Windows XP SP2 and all current patches for Windows and IE, that box's IE would be more secure (notice I didn't say inherently more secure) than an unpatched Windows machine running unpatched FF.
So, the issue is not whether a browser is safer than another. The issue is whether a user or administrator keeps their systems conscientiously updated. A well-maintained computer system has minimized its attack surface and is therefore more secure than an unpatched system. The browser is a negligibly relevant factor in overall system hardness when a system is conscientiously maintained.
The Paradox of Consumer Sensitivity to Fuel Prices
I have had a theory about consumer sensitivity to fuel prices for a few years. My theory is this: people will protest gasoline prices significantly more often than they will protest natural gas/heating prices. Sensitivity to gasoline prices is greater than heating fuel prices because consumers pay for gasoline more frequently than they pay for heating fuel.
I fill my tank about 1.3 times per week, every week of the year. That means my awareness of gasoline price changes is reinforced through ~ 5 refuelings per month. This is 60 events per year. As a result, I will have a finely tuned sensitivity to the rise and fall of gas prices and so do you. We will notice minor fluctuations, especially increases.
Now, consider heating fuel prices. There are three factors that diminish our sensitivity to natural gas prices:
- we only pay the bill once a month
- we only pay during the 4-5 months of cooler weather
- there is a 7 - 8 month span of time where we don't pay a heating bill
So, we have 5 months during which we pay once a month and after winter, we have 7 months where we aren't reminded of winter heating costs. For these reasons, we aren't as sensitive to heating costs as we are to gasoline costs.
The question though, is: Which fuel has the greater impact on our finances over the course of a year?
For auto fuel consumption, I make the following assumptions:
- Avg. fuel economy: 23 miles/gallon
- Avg. Miles driven/year: 15,000 (~1250 miles/month)
So, if gas during Month One is $1.86 and Month Two increases to $2.40, we get these values:
Month One Cost: $101.09
Month Two Cost: $130.43
So, gas for Month 2 only cost $29 more than Month 1. Suppose that gas rose uniformly by the same dollar amount from month to month over the next 11 months, the total extra dollars spent would be 11 months * $29/month = $319.
For natural gas consumption for a typical winter:
One CNN Money page reports that natural gas costs will increase 64% over last year to heat the average home for an average winter. Last year, it cost on average $957 to heat an average home during the winter. This year, the estimated total will be $1,568.
This is $611 more than last year.
So, not only will average home owners pay $611 more to heat their homes during the winters, they will pay that extra $611 over the course of 4 - 5 months.
Contrast this with gasoline, with the outlandish assumption of uniform prices increases month to month.
+$29/mo for gasoline ------------------------------- ~+$130/month for natural gas
+$319 for a whole year of gasoline --------------- +$611 for 5 months of natural gas
And this is the paradox of consumer sensitivity to energy prices. We complain about gasoline prices to the point where it is considered a factor in people's judgment of President Bush's effectiveness yet we completely ignore the cost of natural gas!
To review, consumers have greater sensitivity to gasoline prices than they do to natural gas prices, even though the greater total cost and impact to a household budget is with natural gas. The frequency with which people refill their tanks sensitizes them to fluctuations in gas prices. People consider a 10 cent jump in price per gallon significant, even though it has minimal impact on their budget. In contrast, people have little sensitivity to natural gas prices because they pay once a month, they pay for a few months out of the year and there is a large amount of time that passes where significant gas bills aren't paid. Yet, the greater meaningful cost increase is with natural gas.
And nary a peep of protest is heard from people.
Fascinating.
Open Source R&D
One of my esteemed readers made the following comment about open source R&D on one of my OpenOffice comments:
To me, open source SHOULD have a more intuitive interface as well as features. OO clearly is missing that boat... ok missing the dock.... ok it is in the middle of a desert. As I see it, R&D dollars shouldnt be an issue as more open source geeks are the type who would say "this sucks, I am going to modify it" then turn the code over the the originating "owner" Where as I would think non-OS would run into too much red tape before doing something cool.There are at least three problems when it comes to the open source development of an application suite with consistent functionality and an intuitive, visually enticing GUI:
1. lack of R&D dollars
2. lack of coherent development focus
3. lack of sustained, consistent usability testing
Lack of R&D Dollars:
The use of labor to produce something always has a cost asociated with it, usually money. Open source software development is no exception. OS software development is either approached from a hobbyist perspective, as implied above or it is approached by a for-profit company like Sun, IBM or Novell to be distributed for free to its user base. Since corporations are usually in the business of making money, there is usually a strategy of revenue generation at the back end (e.g. consulting services, hardware) to compensate for the price of Free in the front.
However the software is distributed, what is inescapable is the front-end costs associated with software development. Until we make software that can write other software without human intervention, software will always cost money to make. This is true for the fundamental reason that people have this relentless dependence on food, shelter and clothing and investors have a relentless desire for returns on investment.
Why do OpenOffice and StarOffice have such kludgy GUIs? In part because they are developed from the beginning as something given away for free or very cheaply (Sun charges ~ $35/set for StarOffice; OpenOffice is completely free). Because businesses are essentially oriented around generating revenue and profit, there is a limited amount of R&D dollars that can be spent on software intended to be low-cost because the expenditure is up front and the actual revenue generated through consulting or training services or hardware sales or maintenance contracts can't be entirely predicted. This implies a difficult decision about how much to invest in an open source project so that the final result has some degree of market acceptance but which doesn't require a company to overextend itself on the revenue it assumes will be generated by back-end services.
On the other side of OS development is the hobbyist programmer. Their primary investment is time. Presumably, they don't need money to code open source projects because they make money in some other manner. Yet the hobbyist programmer simply cannot invest the time needed to develop a solid GUI because they flat out lack the time and work capacity to do so. I suspect that OS programmers are motivated more by pride and a belief in the GPL than a desire for money, yet pride and ideology may not be enough to maintain a sufficient pool of adequately talented programmers to see a large-scale open source project through to completion. Similarly, it is difficult for an open source project manager to rely on hobbyist programmers, who will have varying levels of consistency and follow-through. Because the hobbyist programmer does not have their livelihood tied to an open source project, they have little extrinsic motivation to follow through.
In contrast are corporate development projects that are well-funded (at least in the case of Microsoft this is true). While corporate programmers can lack the intrinsic motivation that is probably more prevalent on open source projects, they may be motivated not only by "finish the project or else..." but by the resources available to them that hobbyist programmers would lack.
Lack of Coherent Development Focus:
In a pure hobbyist development model, there is a lack of a coherent development focus that guides decisions regarding functionality, GUI aesthetics and under-the-covers methodology. This is significant because there needs to be some method for concentrating unaffiliated hobbyist programmers so that they develop a product that will function and meet customer needs. It is rare for a person with strong programming skills to also possess an appealing sense of aestehtics and an awarness of what makes GUIs effective. So, yes, the open source model allows a hobbyist programmer to look at something in a product and say "Hey I don't like that; I'm going to change it," but this does not mean that the changes make sense and will lead to a product that has high user acceptance. In fact, if too many hobbyists have that response to what they see and they are not guided by a development focus, then changes become chaotic and any potential quality in the development will fall.
In a coporate environment that devlops OS apps, there is more of a coherent focus but again, the efforts of R&D for software destined to be free will be limited by budgeted cash. Most likely however, a company like Sun Microsystems or IBM, for example, will already have internal methodologies for development that can be applied to open source projects. The corporate-sponsored open source project will be much better positioned to create good software than a loose affiliation of hobbyists because there will be more internal compliance to a development model.
But again, the intent of a corporation is to generate revenue and profit. Spending money on development of an application that will be given away for free is a bet on the ability to generate revenue later on back end services. So for example, Sun doesn't view the code for OpenOffice as a corporate asset that holds measurable economic value. They see it as a magnet that will help induce alternate revenue streams. In contrast, Microsoft views the proprietary code of Office as a corporate asset with measureable economic value not only at the front end but also in its ability to generate revenue by Office's ability to integrate with other technologies like Exchange, SQL and SharePoint, all of which generate up-front revenue.
Microsoft has a robust and vigorous development model. They have a solid development platform (.NET), an application architecture that separates the code into three layers (user interface, business logic and data abstraction) and a lifecycle development methodology. My reader is correct in saying that corporations often inject "red tape," otherwise known as politics into the mix but overall, I would say that a well-managed software project can be designed to circumvent politics and corporate policy.
Lack of Sustained, Consistent Usability Testing:
In both cases of the open source corporation and the hobbyist programmer, there will be a lack of sustained usability testing. Why? Because it is expensive. Hobbyists not only lack the dollars needed but they lack the coordination with other hobbist programmers needed to do so. Corporate open source projects are limited in the amount they can spend on usability testing and user acceptance.
Usability testing requires iterative development cycles, where each cycle of development receives usability feedback which then leads to another cycle of decision-making and development. Microsoft has invested boatloads of money into Office usability and they have made some wise decsions about Office integration with other MS products (e.g. SharePoint). Hobbyist programmers simply do not have the labor and dollar resources to field test their changes with users.
Certainly, as my contributor pointed out, there is a lot of internal friction to overcome within a large corporation to get changes out efficiently. However, there is a tremendous investment in Office. Office and Windows are easily the primary sources of revenue for the company. Their ongoing development of Office indicates that they do not take their dominance lightly. They want to maintain their position, so they pump millions into R&D so that their position does not erode. That erosion is, in my opinion, almost a certainty because I am convinced the browser will replace Windows as a computer OS but nevertheless, Microsoft has a substantial stake in the security of Office's dominance and so they make significant investments in user acceptance.
In my opinon, software development cannot escape from the need for a centralized layer of decision-making; someone must have the authority to make a decision after everyone has voiced their ideas. The development of software that has expectations for broad user acceptance needs a top-level source of cash and decision-making authority. All one has to do is surf download.com for examples of the quality of software most hobbyist programmers churn out and compare it to Office 2003. Then compare hobbyist software to OpenOffice and notice the similarities. OpenOffice has a hobbyist feel to it. Using OO leaves one feeling a bit hollow, with a feeling that something is missing.
That something is exactly what happens when a product has ample R&D dollars; a consistent, coherent development methodology and iterative cycles of usability testing leading to high levels of user acceptability. OpenOffice is what happens when those three factors are lightly-weighted.
Bottom line: Open Source simply cannot touch the sophistication of corporate software development.
Firefox Claims of Better Security Increasingly Questionable
Firefox fans put new spin on browser security
This article steps up to the reality that browser security is not a function of open source code being inherently more secure code. Perceived security, measured by frequency of successful attacks, is a function of ubiquity and design. As any application or platform gains more market presence, it becomes more interesting to attack. Hackers are highly skilled individuals who have the desire to make names for themselves. Consequently, they will attack targets with greater visibility. When was the last time you read about someone writing a virus or Trojan for the Amiga platform?
Fundamentally, what this debate typically boils down to is emotion, zealotry and ideology. Much of the emotion, zealotry and ideology is simply anti-Microsoft, much like a lot of the support for Kerry was simply anti-Bush sentiment. You can only react against something with an anti-ideology for so long. Eventually, the antithesis has to stand for something. And when the antithesis is the "Windows is less secure than open source" assertion, it doesn't stand up to scrutiny, as Firefox's security problems illustrate.
The blind ideology is expressed well in this quote, which was obviusly not vetted by the guy's PR people.
The thing I like about the non-MSIE products is that I find they're more easily user-configurable to prevent things like pop-ups and pop-unders, which can be security risks," said Mike Finnie of Computer Forensics. "It seems that the Mozilla group is fairly immediately responsive to incidents of security lapses or bad code, and it seems to be making a genuine effort to fix them and get them released. But on a scale of one to 10, how many more points would they get than Microsoft? I don't know.
In other words, the guy thinks Firefox is better than IE but has no idea how much they are better. He can't put a number on it because he has no evidence for it. He just feels it.
IE has security issues. I'm not saying it doesn't. What I am challenging is the assumption that open source is inherently more secure simply because it wasn't developed by Microsoft. Linux, Solaris, Firefox and Mac OS X are all alternatives to Microsoft products. And all of them have locations on their websites where users and admins can download security updates.
Mozilla Security Updates Page
Macintosh OS X Security Updates Downloads
Sun Microsystems Updates
RedHat Linux Security Updates
Novell SUSE Linux Security Announcements
If open source is inherently more secure than proprietary systems, why do these pages exist? And don't give me the argument that Microsoft has more problems than some other favored platform, because that's not a standard of measurement. That's just a copout.
Innovation: Standards and Ubiquity
I finished Empires of Light the other day. It was an interesting story to me but wasn't particularly well-written. No biographer I have read comes close to Ron Chernow's ability to create biographies that read like novels.
I read this book because I am interested in the dynamics of innovation in general and emerging technologies in particular. One of the questions that I am asking is whether a company that is driven primarily by iterative cycles of innovation can perform financially to similar levels of consistency that commodity manufacturers can. In other words, is there something inherent to the dynamics of an innovative company and its killer app product cycles that tends to result in cycles of revenue swings or can an innovator manage itself so that revenue cycles are smoothed? I have talked about this dynamic indirectly on my blog by comparing the revenue cycles of Dell to those of Apple. Apple, as the innovator, has significant revenue and profitability swings that map to their killer-app cycles. I want to understand if this is normal for innovative companies or if Apple's swings are due to poor management.
Reading Empires of Light was part of my learning curve because Sun Microsystem's Jonathan Schwartz mentioned it in a blog that was a very influential piece for me. Schwartz mentioned the importance of standards in the development of innovative technologies and referred to the battle between Edison and Westinghouse in their attempts to achieve standard dominance during the emergence of electrical power. Edison advocated DC power, which held low-risk to humans but which required massive and repeated power stattions to transmit electricity over large distances. AC power, championed by Westinghouse, had more potential for killing people, but was able to push electricity over massively longer distances without requiring repeated boosts. Westinghouse eventually won the battle but both Edison and Westinghouse lost the war, as JP Morgan the financiers eventually gained total control over Edison's technology (General Electric) and Westinghouse's and Tesla's technology because both men had over-leveraged their companies. When the American economy tanked, they were over-extended and were bought out by the so-called robber baron financiers.
So, here's what I came away with: the degree to which an innovation has success in the marketplace is a function of a). the market's ability to perceive value in the innovation, b). the infrastructure and standards on which the innovation depends and c). the ability of any given technology to achieve ubiquity.
The AC/DC battle was really about standards. The standards battle is driven by at least two forces: companies that seek to make money off the acceptance of their standards and the market's willingness to embrace a standard. Proprietary standards hold more revenue potential but also hold more resistance from the marketplace because of the possibility of one company holding power over the technology through the standard. Open standards are more readily received but hold less potential for companies to make money off them. AC and DC are open standards but Edison and Westinghouse had proprietary stakes in each standard not because they "owned" AC or DC (for these are simply physical characteristics of electricity's behavior in certain mechanisms) but because they had designed their equipment around exclusively each standard. Implicit in each firm's technology was the factor in the cost of the underlying infrastructure needed to enable ubiquity for the technology. DC's infrastructure was inherently and significantly more expensive than AC's.
The question of whether the marketplace desired electrical lighting was moot: it was very clearly desired because the advantages of electrical light over gas lighting or arc lighting were immediately apparent when electrical lighting was piloted before small crowds. Consequently, the battle between Edison and Westinghouse was about which technology would gain enough market traction to achieve ubiquity.
Ubiquity is a highly important milestone for a new technology to achieve. I think the pathway to ubiquity is interesting: it requires early adopters, close followers and evangelists to create desire among the mass of users necessary to achieve ubiquity. Or in the case of Bill Gates and Microsoft, it requires phenomenal and prescient vision, combined with shrewd business sense. In most cases, though, ubiquity follows a path of adoption.
In the case of electricity, JP Morgan was an early adopter: it cost him serious cash to have one of Edison's DC powerplants running electricity in his house. It cost him the loss of some of the aesthetics of his house because he had wires all over the place as Edison refined the technology. Chicago was the close follower for electricity as they chose Westinghouse's AC solution for lighting the World Fair. Interestingly, Westinghouse brought electrical lighting to the fair somewhat cheaply. This was done strategically to establish AC as the standard of preference. He did this because he understood that market demand was the key to ubiquity and if he could demonstrate to municipalities that AC was a better phase for distributing electricity over distances than DC, then he would have the approval of people who made community capital decisions. The fair was great to demonstrate what light could do because it aroused demand for electrical lighting. This meant that people would go home from the fair and tell their mayors and councils to get electricity.
I'm still toying with the interplay between innovation, ubiquity, standards and market demand. I don't yet have a firm opinion on whether innovative companies are inherently cyclical in their financial performance but I am asking the question of whether expectations for the financial performance of innovative companies should be different from expectations for commodity producers.
I read this book because I am interested in the dynamics of innovation in general and emerging technologies in particular. One of the questions that I am asking is whether a company that is driven primarily by iterative cycles of innovation can perform financially to similar levels of consistency that commodity manufacturers can. In other words, is there something inherent to the dynamics of an innovative company and its killer app product cycles that tends to result in cycles of revenue swings or can an innovator manage itself so that revenue cycles are smoothed? I have talked about this dynamic indirectly on my blog by comparing the revenue cycles of Dell to those of Apple. Apple, as the innovator, has significant revenue and profitability swings that map to their killer-app cycles. I want to understand if this is normal for innovative companies or if Apple's swings are due to poor management.
Reading Empires of Light was part of my learning curve because Sun Microsystem's Jonathan Schwartz mentioned it in a blog that was a very influential piece for me. Schwartz mentioned the importance of standards in the development of innovative technologies and referred to the battle between Edison and Westinghouse in their attempts to achieve standard dominance during the emergence of electrical power. Edison advocated DC power, which held low-risk to humans but which required massive and repeated power stattions to transmit electricity over large distances. AC power, championed by Westinghouse, had more potential for killing people, but was able to push electricity over massively longer distances without requiring repeated boosts. Westinghouse eventually won the battle but both Edison and Westinghouse lost the war, as JP Morgan the financiers eventually gained total control over Edison's technology (General Electric) and Westinghouse's and Tesla's technology because both men had over-leveraged their companies. When the American economy tanked, they were over-extended and were bought out by the so-called robber baron financiers.
So, here's what I came away with: the degree to which an innovation has success in the marketplace is a function of a). the market's ability to perceive value in the innovation, b). the infrastructure and standards on which the innovation depends and c). the ability of any given technology to achieve ubiquity.
The AC/DC battle was really about standards. The standards battle is driven by at least two forces: companies that seek to make money off the acceptance of their standards and the market's willingness to embrace a standard. Proprietary standards hold more revenue potential but also hold more resistance from the marketplace because of the possibility of one company holding power over the technology through the standard. Open standards are more readily received but hold less potential for companies to make money off them. AC and DC are open standards but Edison and Westinghouse had proprietary stakes in each standard not because they "owned" AC or DC (for these are simply physical characteristics of electricity's behavior in certain mechanisms) but because they had designed their equipment around exclusively each standard. Implicit in each firm's technology was the factor in the cost of the underlying infrastructure needed to enable ubiquity for the technology. DC's infrastructure was inherently and significantly more expensive than AC's.
The question of whether the marketplace desired electrical lighting was moot: it was very clearly desired because the advantages of electrical light over gas lighting or arc lighting were immediately apparent when electrical lighting was piloted before small crowds. Consequently, the battle between Edison and Westinghouse was about which technology would gain enough market traction to achieve ubiquity.
Ubiquity is a highly important milestone for a new technology to achieve. I think the pathway to ubiquity is interesting: it requires early adopters, close followers and evangelists to create desire among the mass of users necessary to achieve ubiquity. Or in the case of Bill Gates and Microsoft, it requires phenomenal and prescient vision, combined with shrewd business sense. In most cases, though, ubiquity follows a path of adoption.
In the case of electricity, JP Morgan was an early adopter: it cost him serious cash to have one of Edison's DC powerplants running electricity in his house. It cost him the loss of some of the aesthetics of his house because he had wires all over the place as Edison refined the technology. Chicago was the close follower for electricity as they chose Westinghouse's AC solution for lighting the World Fair. Interestingly, Westinghouse brought electrical lighting to the fair somewhat cheaply. This was done strategically to establish AC as the standard of preference. He did this because he understood that market demand was the key to ubiquity and if he could demonstrate to municipalities that AC was a better phase for distributing electricity over distances than DC, then he would have the approval of people who made community capital decisions. The fair was great to demonstrate what light could do because it aroused demand for electrical lighting. This meant that people would go home from the fair and tell their mayors and councils to get electricity.
I'm still toying with the interplay between innovation, ubiquity, standards and market demand. I don't yet have a firm opinion on whether innovative companies are inherently cyclical in their financial performance but I am asking the question of whether expectations for the financial performance of innovative companies should be different from expectations for commodity producers.
I'm Struggling A Bit with the Open Document Concept
In Jonathan Schwartz's March 10th blog, he asserts the need for an open standard for document composition. He cites the example of a FEMA disaster relief site that required IE 6. (The site also required Java but apparently Jonathan is ok with that since it is a Sun tool). He then cites a problem he had in accessing webcams of California highways in order to prepare for a trip to Lake Tahoe because he was using his non-Windows laptop and the web cam site required Windows Media 9.
(Of course, the question to ask is: What format was the video actually in? If the site "required" WMP but the file was actually an MPEG, then the site didn't really require WMP.)Jonathan later makes a statement that at first seems plausible:
As a tax paying citizen of the state, my government was inadvertently telling me I could not receive state emergency services without buying a Microsoft product. Governor Schwarzenegger, I don't want my or my employer's tax dollars going to promote a monopoly in California. (Love them though I do as a business partner.) ... It seems plainly wrong for a government to suggest that citizens purchase Microsoft Word before reading a storm warning or ballot initiative. Or that they abandon their Macintosh to run Internet Explorer before applying for disaster relief. Or that they buy a Windows Mobile phone before requesting 911. Or that they have Solaris installed to pay their taxes.The factor that I think Jonathan ignores is the dynamic of ubiquity. A search on Google nets a substantial list of browsers an end-user can choose to surf with. Some examples are: IE, FireFox, Mozilla, Netscape, Opera, AOL's browser (Why does AOL install this crap browser with AIM and not give me the option to uninstall it but keep AIM??) Avant Browser, Apple Safari, Sun's Hot Java Browser, etc.
To ask a web developer to optimize their site's code for the myriad web browsers out on the market is to ask them to spend a lot of time that has diminshing return for the investment of time and money. Why? Because aside from IE and the Mozilla derivatives, all the other browsers are nich players eating the crumbs left over from Microsoft. Firm current numbers are hard to obtain but Microsoft IE has about 80 - 85% of the browser market with the remainder taken up by the other players.
It could be argued that optimizing for IE would be a wise financial decision because a web site optimized for IE will offer services to the maximum number of users. One could even argue that it is a decision "for the people," since optimizing for IE ensures the largest number of people have the best opportunity for accessing information.
So let's drill down into more of what Jonathan says and implies:
He says it's unfair for a video stream to require a certain kind of player. He objects to a government web site that requires a certain kind of player or viewer to access the contents of a file. Yet, the Open Document consortium he refers to considers a PDF file to be an open document standard. How can this be? A PDF viewer is needed in order to read a PDF document.
"Yeah but that's different from a Word document or an Excel document. You have to have Office to read Office documents." No, you do not. You can download Office viewers here.
What's the difference between using an Office viewer and using Adobe Acrobat Reader to read files?
Oh yeah. The difference is that one is Microsoft, which is inherently evil and the other is not-Microsoft and by George Bush Logic (If you aren't with us, you're against us), a PDF file or any other non-Microsoft format is inherently virtuous, even though all file formats require some form of a viewer.
Video is the same problem, just in a different format. There are a number of players in the video market: Windows Media Player, Real Player, Quick Time, DivX, etc. Each of these players can play MPEG files, which is fairly ubiquitous but like an MP3 file, is older and lacks contemporary compression and DRM capabilities. At the same time, however, these players are owned by companies that seek to make money through the use of their proprietary video formats.
Is it realistic for the Open Document Consortium to expect that Real, Microsoft and Apple are going to cannibalize their own formats in the interest of spreading the good gospel of an open source video format? Not likely. They might participate in an open video standard but my guess is that they would insist in characteristics of the standard that will not allow the open source video format to trump their own.
So, either an open source video format will suck and be endorsed by the video player companies or it will rock but languish as a marginal competitive option because the open source format would come late into the game and be unable to compete with Microsoft, Apple and Real for market share.
While a part of me agrees with Jonathan's concept, I think it is lacking an appreciation of ubiquity and the market dynamics associated with driving acceptance of an open source document format. The claims that Word, Excel and PowerPoint documents aren't accessible by those who don't have Office are bogus because viewers are available. "But there isn't a Word viewer for my Solaris box or my Amiga box or my TRS-80 Model III box or my...." Right. Welcome to the open market.
I struggle with the whole open document standard a bit because it smacks of socialism to me. Much of the rhetoric is arrayed against Microsoft yet curiously, no one complains about Apple's AAC format for audio compression. This is strange considering that Apple is clearly the monopolist in the audio market. Why isn't the open document community railing against Apple? Simple.
Most of the open document furor is not about open documents but about Microsoft's hegemony. I guarantee you if Sun Microsystems had the dominant media player format on the market and they were making money off licensing the format and selling the application to create content, Jonathan wouldn't be advocating for an open format. I know this is blunt, but this is the argument of market losers. They haven't been able to out-compete Microsoft or even Apple, so they try to compel an open standard under the banner of virtue and equal access to all people.
So they want to try to whip people into a "Hey, this is bullshit!" frenzy to try to compel state and federal governments to require an open document format. Why? Because it's a great strategy to wipe out Microsoft's control of the Office market: If the state and federal governments require open document formats, then this will flow downhill to businesses wanting to make money from government contracts and this ultimately flows to consumers.
The rhetoric, however, is disingenuous because every file format needs a "viewer" and most of the file formats that are out there require a viewer at minimum and all require the purchase of a program to create content. Want to create a QuickTime movie? No problem: give Apple $30 and you're good to go. Want to create a PDF and take advantage of all that the PDF format allows? No problem. $450 and its all yours.
The solution of the open document format is also flawed by the consistently sub-par quality of open source applications. OpenOffice/StarOffice's GUI is juvenille and for all of the open source community's jabbering about how Microsoft suppresses innovation, OpenOffice is comically nearly identical to Microsoft Office in terms of its iconography and menu structure.
I have a tremendous level of respect for Jonathan. In my opinion, he is one of the deepest thinkers in the IT community. He has much greater substance and is substantially less strident than his CEO, Scott McNealy. Where McNealy whines and pouts that Sun isn't dominant anymore, Schwartz slyly, cleverly and sarcastically attacks his competitors with wit and wisdom. This said, I disagree with what Jonathan advocates and complains about. I think his ideas about open documents ignore the dynamics of ubiquity and the historical lack of sophistication in open source products (in terms of the end-user experience). I know Jonathan understands this because his brilliant article on electricity demonstrates his knowledge of the dynamics of ubiquity and standards. In fact, his blog article was deeply instructive for me and my thinking about ubiquity.
What I would like to see Jonathan do is treat the open document format not by clamoring for something merely "other than Microsoft," but to explain how an open document format would work in the real world: how would he gain participation from the current dominant market players? Why does Jonathan consider a site optimized for technology that has dominant market presence a disadvantage for citizens? After all, the site he questioned used Java. Why is it legitimate for the government to use Java but not Windows Media Player?
If Jonathan wants to convince me that the open document format is a viable solution that most people don't even consider to be a problem, then he needs to articulate how this is going to happen in an open market. He's smarter than me and I need to understand this before I can agree with him. So far, his argument seems to be based on the inherent righteousness of open source and as regular readers of my blog know, I patently reject that inherent characteristic.
Press 1 To Hang Up
OK, so have you ever called someone at work or on their cell phone and the friendly voice mail lady gives you all sorts of options when leaving your message. My favorite one is "Press 1 to hang up." I've never quite understood this. Why do I need to press a 1 to hang up? Can't I just hang up?
Here's CNN's take on the web-page version of Press 1 to Hang Up.
Here's CNN's take on the web-page version of Press 1 to Hang Up.
Cisco Humbled by Security Breaches
My primary thesis about computer security is this:
There is no such thing as a platform or development model that is inherently more secure than other competing platforms or models . Open source software is not more secure than Windows by virtue of the development model. I assert that platform security is a perception that is in large part related to ubiquity in the marketplace.
Windows has a very high level of ubiquity and therefore presents a greater attack surface and has higher rates of exposure. Consequently, people may perceive that Windows is insecure. For example, at Secunia.com, there are 518 security advisories.
However, for the Amiga platform, there are no security advisories and 6 known viruses.
Could we conclude that the Amiga platform is more secure than Windows by the comparatively lower numbers of security issues? Of course not. Amiga is an enthusiast's, niche platform that has nearly zero market acceptance. It's lack of security issues is due in part to its lack of ubiquity and also its lack of functional sophistication in comparison to meaningful platforms like Windows and *nix.
Cisco's recent security woes support my thesis. Network security is a fundamental aspect of Cisco's business. Their products are all about securing and distributing network traffic. Security is a development focus.
And yet, their products have had security lapses in the past. Why is there not the same level of backlash against Cisco as there is against Windows regarding security issues? One could argue that a security vulnerability in Windows XP affects a workstation (or potentially multiple workstations) but a vulnerability in a firewall or router exposes an entire network.
My point is not to trash Cisco but to provide more evidence to debunk the open source zealotry that asserts that the OS methodology in general and the Linux platform specifically are inherently more secure than other platforms.
An Unrealistic View of the Power of Law
There are a few reasons for stealing intellectual property and probably just as many justifications for it but the bottom line is that because technology enables it, it will continue to happen. There is no doubt the music industry suffers revenue loss due to file sharing networks. What is in doubt is the actual dollar value of those "losses." It's one of those numbers that can't be measured because it's a number based on woulda-coulda-shoulda. It's like saying that 60% of sexual assualts are never reported. If they aren't reported then how can you say 60% of them are never reported? It's a number based on extrapolation from existing data and assumptions.
One of the key assumptions of the RIAA is that the rate of illegal downloads is equal to the rate of actual purchases if P2P networks did not exist. They assume there is a 1:1 corelation between illegal downloads and purchases. This couldn't be further from the truth. In the past, I have downloaded megs of music but hardly if ever listen to it because most of the music isn't appealing to me. But hard drive space is dirt cheap so I don't delete it. But just because I have it on my drive doesn't mean that I would've gone out and bought CDs if P2P networks didn't exist. As it stands now, I don't need to steal music because Yahoo Music Engine enables me to sample new stuff, buy it if I want or download it on to my computer. I can be legit and broaden my musical horizons at the same time for the price of a CD a month.
What the RIAA doesn't get is that people use P2P to discover new music. I think most people who share music actually buy CDs of their favorite bands. I always buy the latest DMB disc or U2 or an emerging artist I like a lot and want to support. P2P is a zero-cost way of trying music to find what a person likes. However, there are times when people find music, dig it a lot and still don't buy it. That is an actual loss of revenue and it is a loss RIAA can legitimately complain about.
The problem is that it's a number that is impossible to measure accurately. It can be measured probabilistically but even then that propbability calculation will itself be based on various assumptions about normal distributions of consumer behavior in a P2P network versus behavior at Best Buy where actual dollars are traded for a CD.
All this to say that Diane Feinstein, D - Kahleeforneeah, wants to pass legislation that will either regulate or outlaw P2P networks. It is odd for a Democrat to come to the defense of commercial intellectual property rights, being that today's Dems are typically indiscernible from socialists, who believe that no one should be rich and poor people should be able to live in gated communities. It is also odd because laws will not stop P2P.
The RIAA is vigorously pursuing people who share music on P2P networks. They are also alienating its customer base. Nevertheless, the only reason why prosecutions for P2P piracy have been effective is because the RIAA has been enforcing its rights. Yet, the efficacy of RIAA's efforts are questionable.
Here's why. As the RIAA flushes casual P2P users out of the networks, there will still be motivated people who participate in music sharing. The only effect laws against P2P will have is drive the networks underground. They are high-trust networks at the top that eventually filter down to low-trust, low-risk networks at the bottom. RIAA's Gestapo tactics will also drive technological innovation that makes it increasingly difficult to identify uploaders and downloaders.
Making something illegal always creates demand for it and with the demand comes subversive, covert networks to produce and distribute the illegal item. Think drugs, think alcohol during prohibition, think abortions before 1973.
One of the more ingenious techniques I've heard of are LAN parties. A bunch of people get together, jack into a switch and share files with everyone at the party. This is a form of distribution that the RIAA will never be able to touch. While not as rapidly effective as internet-based P2P, it still generates viral results. This kind of distribution is impossible to squelch because the high-trust, localized networks can't be monitored.
Wired magazine had an article a while ago that described the dynamics of piracy across underground servers. Top-level servers are where a lot of pirated media originates. It is a distribution network that is secretive and requires high-trust for access. It is also an unstoppable network. Congress can pass 10,000 laws on P2P-type distribution networks but they will be ineffective. Casual peer sharers will drop off but there simply are not enough music cops to suppress the sharing impulse, particularly when measured against weighier issues like felonious crimes, terror and making sure the paparrazi don't get illegal photos of Cameron Diaz shtupping Ben Affleck and Angelina Jolie.
What Congress and RIA/MPAA do not understand is that a fundamental, powerful shift has occurred in the way that people understand, distribute and consume media. The RIAA and MPAA are playing a losing game rather than adapt to the new rules. Media rights are in flux and while the open source movement has trouble functioning without schizophrenia in commercial markets, it is nonetheless having significant influence in the way intellectual property is conceived. The next five years will be deeply interesting.
I Thought Linux Was Inherently Safer - Guess Not
In [ this item ], it is reported that McAfee plans to port their Entercept product over to Redhat Linux.
The security software maker ported the Entercept server agent to Red Hat Enterprise Linux 3 because of what it considers to be a rapid rate of adoption for the open source platform. McAfee says that as Linux is more broadly installed, attacks against it have increased with more exploits targeting Web-facing Linux applications.
According to McAfee, attacks against Linux applications have risen dramatically. McAfee points to security bulletins found at Secunia as evidence, deeming it, "one of the most reliable sources we use for vulnerability awareness."
Hmmmm. This sounds very familiar. Seems like someone I know fairly well has been saying in his blog that Linux has enjoyed the illusion of being more secure because it lacks the ubiquity of Windows and is therefore a less desireable target. As Linux gains market share, it is gradually emerging out of the shadow of Security by Obscurity and is properly being exposed as an attack surface that can be exploited.
If open source is inherently more secure because of its development methodology, why does McAfee -- a for-profit enterprise -- see a market need to develop security applications for the open source poster child?
The Law of Unintended Consequences
In this post, I'm going to take a different tack on computer security. I want to approach security from a more broadly philosophical perspective. I am going to use computer security to illustrate one of the most interesting issues in the world today. I'm also giving my first nod to an approach to thinking about life that has been rattling around inside me for several years and which has been articulated in a book I am reading right now.
While poking around Tom Peters' website, I found a reference to a woman's website that intrigued me. Her blog promoted one of her books, The Future and Its Enemies. The woman's name is Virginia Postrel and her book has helped me tie together some ideas I have had for a long time about freedom, the opportunities of the free market and fundamental philosophical differences between people who believe the future should be controlled and those who believe that the future is best experienced by allowing it to flourish without artificial constraints. These are big ideas that I'm not quite ready to handle yet in my blog but Postrel does address the dynamics of Unintended Consequences and this dynamic is directly relevant to computer security.
There are two major philosophical battles at play in the world. When you consider the battles more deeply, it is not a reach to say that they are both essentially the same issue. One is a battle that initially sounds like a geek conflict but in reality is actually much deeperand broader than that. This battle involves the conflict between open systems and closed systems. The computer world is currently grappling with the nature of this conflict as open source software (OSS) like Linux seeks a higher philosophical ground thanproprietary software like Windows. Both sides have zealous adherents who assert that virtue is inherently in their camp. I tend to be of the opinion that both open and closed source software has merit and companies like Sun Microsystems are synthesizing both ideologies into what could very well prove to be a coherent and profitable business plan.
OSS advocates assert that because the code for OSS is available to anyone to inspect and modify, the software is more secure. The assumption is that the exposure of the code to a broader community of programmers yields a more rigorously developed and tested codeset than is possible with proprietary software development. By far, most software in use in the world today is proprietary, which means that companies view the code itself as a corporate asset and is therefore secret. This connection between proprietary code and its status as an asset is a direct driver of economic value, because the uniqueness and lack of availability of proprietary source code to the computer industry creates a competitive advantage.
For Microsoft, this is particularly true because Microsoft has massive levels of ubiquity around the world for both its Windows and Office products. Were Microsoft to expose its code for these programs,they would lose competitive advantage and a substantial amount of revenue. In spite of what adherents on both sides of the philosophical spectrum would claim, I do not believe that either approach to software development is inherently more robust or secure. This is due to one sticky reason: humans are involved in both approaches and humans always bring imperfections into what they do. Always.
Open and closed systems are in conflict in other areas of the world. Islamic Jihads are waged by closed-system ideologues against open source societies like America, where opportunities are, in essence, openly available to all people. Certainly, there are still inequities but in comparison to closed societies, open societies offer substantially more opportunity. The egalitarian ideal of equal opportunity for all players in a society is substantially more likely in open than in closed societies.
Another major philosophical battle is between static and dynamic systems. This is Postrel's primary thesis in The Future and Its Enemies. She categorizes the Republican and Democratic parties as being essentially the same in that both have vested interests in controlling society, primarily in the name of safety and stability. She names these people stasists. Stasists fear the dynamic, open-ended nature of the future and seek to mitigate its potential through rules, policies and bureaucracies (e.g. legislation, unions, bureaucracies like Homeland Security, government subsidies, welfare, Social Security, etc.).
Dynamists are much more open to the potential of the future. Their optimism is not blind; they are aware of the risks of an open, minimally-constrained future. Yet, they believe that the most opportunity for higher-quality life is in an open-ended future. Life is not optimized through stasist planning that seeks to minimize risk, but is achieved through iterations of trial and error. Optimization is not a matter of control of the future but of adapting to the sometimes dizzying proliferation of choices.
When people attempt to read the coming future to be experienced in the continually arriving present, they make decisions without perfect knowledge of the future. At any given point in time, we make decisions in the Now that we hope will carry well into the Future. Sometimes they are good decisions. Sometimes they are decisions that carry unintended consequences. Often, the decisions cannot fully anticipate what the future will bring. As adverse conditions arise, we adapt, we step into another set of iterations, where we experiment, fail and resolve problems.
OSS ideologues assert that the nature of the open source development process is inherently more secure than the proprietary approach to software development. They point to Microsoft's well-known historical travails with security flaws as proof of this assumption. The underlying reasoning is the belief that exposing the code to a global community of programmers yields robust code that has been vetted for weaknesses. What I have never seen anyone address is the corollary:exposing the code also gives exploitive programmers perfect knowledge of how the code works. This perfect transparency gives exploitive programmers an advantage that exploitive programmers for proprietary programs do not have, because the closed nature of the code occludes details about how the software actually works.
Whereas OSS programmers are part of a potentially global community of programmers, proprietary software is developed by a smaller group of people united under a corporate banner. Proprietary programmers have the advantages of corporate resources, a (hopefully) coherent vision for not only the current iteration of software but also second, third and fourth generations of the software, consistent best practices and, of course, intimate knowledge of how their applications work. Because the code is not transparent through open source distribution, exploitive programmers lack complete insight into how proprietary programs work.
Both OSS and proprietary systems have advantages and disadvantages. Neither is inherently more secure than the other. They share a common element and it is this element that undermines either side's claims that virtue rests with them: both sides are populated by humans.
Humans have a tendency toward developing imperfect creations. It is the nature of the human condition to be fallible. An open approach to design that favors iterative experiments of trial and error and an emphasis on learning tends to yield creations that are better designed. Both open source software and proprietary software can employ an open approach to development. But even with this approach, the law of unintended consequences still comes into play.
The law says that when people attempt to manipulate complex systems to generate specific outcomes, the planned outcomes don't actually materialize because the system's complexity generated results that could not be anticipated. One of the principles of complex systems is that as the number of variables in a complex system increases, the ability to manage that complex system decreases. For this reason, the likelihood of unintended consequences increases as well.
Some examples of the law of unintended consequences:
The United States provides arms to Afghanistan and trains its soldiers to battle the Soviets as part of the Cold War. In post-911, the US fights the Taliban in Afghanistan, where the Taliban is using weaponry provided by the US in the 70's and 80's.
The US support of Saddam Hussein in his war against Iran.
Apple attempts to protect its market share by keeping its OS closed. Apple made this decision before it had achieved sufficient ubiquity in the marketplace and as a result, has been little more than a niche player in the computer industry.
Postrel says this about the law of unintended consequences:
Unintended consequences really have to do with naive people believing that there are no holes [in a complex system]. It's very easy to seduce yourself into thinking that you've got everything under control. The reality is it's almost never true. Clever people will always come up with ideas no central rulemaker has conceived. A dynamist's world's rules must allow for adaptation, change and recombinations.Operating systems, applications and networks are highly complex adaptive systems (CAS). Complex systems are inherently adaptive because there are many factors of variability that feedback on each other. Think of ecosystems or the global economy: many players with self-interest and many external factors that each player must adapt to in order to survive and thrive.
Computers, people and networks all combine to form a highly complex adaptive system. All players on the network have myriad motivations: economic, sexual, educational, ego, exertion of power, etc. Consequently, the sum value of the internet and all private networks is staggering when measured by the currencies of money, sexuality, education, ego and power.
Security threats exist because the internet possesses so much value and not just in financial terms. The operating systems on the net are complex and the applications on the net are not only similarly complex but their interactions with other nodes on the net are also complex. The interaction between operating systems and individual nodes (home computers, work computers, servers, etc.) creates tremendous levels of complexity.
The complexity and variety of networks are what drives unintended consequences on operating systems and applications. No development methodology can anticipate all the variety that surfaces within complex adaptive systems like the internet and local networks. The open source development approach does not have the ability to anticipate network complexity and the ingenuity of self-motivated, independent players who seek to exploit weaknesses in computers in order to gain whatever currency is important to them. Neither does the proprietary development methodology have the ability to contain these threats. In other words, neither methodology completely mitigates the Law of Unintended Consequences. The result? Both open source and proprietary systems will experience successful security attacks.
For this reason, the claims of OSS zealots that their methodology is inherently more secure are profoundly fallacious. It is impossible to develop an operating system or application that is 100% secure 100% of the time. The network is too complex to ensure infallible security.
I had said earlier that one of the key philosophical debates is between stasists who seek to creates ever-increasing numbers of rules to stabilize the outcomes of the future. Dynamicists are more open to the ambiguity and uncertainty of the future. They place more value on iterative experiences of trial and error, learning and adaptation. They see value in experiencing the variety that emerges from complexity and uncertainty. The differences between stasists and dynamists are profound.
Stasists insist that one software development methodology be more secure than another. Dynamists look at both open source and proprietary development and see value in both. They recognize that the best approach to computer security is to abandon the illusion that any one development methodology is inherently better than the other and see instead that they are simply different. In both cases, what must happen is what in fact does happen: each OS and application developed by each methodology must respond to security exploits by developing patches that adapt to exploited weaknesses. Doing so is not an admission of weakness but a practical response to what is true about complex adaptive systems.
I rail against OSS zealots because I do not respect their dishonesty and pride. Their hatred of Microsoft blinds them to the realities of complex systems. Their propaganda actually undermines the effectivenessof their platform because, as is happening now, businesses are gaining a better understanding that what was promised about OSS has largely not materialized. This is particularly true as OSS gains more and more ubiquity because with ubiquity comes a more appealing target. Their arrogance offends me because there is little reason in it. Just emotion. Computers are more than an ideology to me and I'd like to think that some balance and sanity can be brought to the discussion. With about 40 hits a day, my blog isn't likely to make a dent, especially after long, ponderous entries like this. Nevertheless, this is one attempt to do that.
My Authoritative Perspective - Which Is More Secure: Linux or Windows?
I have just enough temerity to think that my perspective settles the divisive opinions on this topic, so read on for Nirvana-ish enlightenment.
IMO, most discussions that revolve around the core philosophical question of Which OS is better than the others? ultimately boil down to ideological preference, bias, selective filtering of ambiguous facts and degree of zealotry. And I'm okay with this. I think one of the coolest parts of the technology field is how passionate people are about their favored platforms.
I have a bias toward Microsoft. I think MS makes great software and I think MS has contributed a lot to the technology landscape as well as to the US GDP over the years. And just as the slashdotters look askance at the likes of me, I cast a cynical eye toward the rants and raves of open sourcers who think that Linux is inherently more secure than "Windows."
I quote Windows because when it comes to security, there are significant differences between versions of Windows. Windows Server 2003, IIS 6 and XP SP2 are substantially better designed to defend against malicious attacks than Windows Server/Professional 2000, Win9x and Exchange 2000/5.5. So, without defining the version of Windows that is being compared to some other platform, the comparison becomes immediately suspect in my mind.
I have long argued that any OS or application has inherent weaknesses for one simple reason: they were made by a team of humans. They lacked awareness of future technologies, tools and skills that would expose their product to risks they were not aware of. This is the reality of the opportunity cost of the Future: you do not know what is coming and so don't know how to invest in the right capabilities to defend attacks.
Further, I have felt that the blame for OS security gaps has been inordinately laid at the feet of the OS itself rather than the feet of system administrators who are responsible for configuring, hardening, monitoring and maintaining their servers. If it is true that any OS has inherent faults, it is then the vendor's responsibility to patch those faults. But this implies a significant responsibility on sysadmins: take care of your freaking servers and desktops!
Many slashdotter-types want to blame MS entirely for security gaps. While I think this is a fairly legitimate accusation for Windows 2000 and Exchange 2000, it is no longer legitimate. Windows 2003, Exchange 2003 and XP SP2, in partnership with Windows Automatic Updates provide a much higher level of resistance to attacks because of the original design and the ability to quickly distribute patches as the need arises.
Because they are sociopaths, virus writers derive satisfaction from having their destructive work recognized publicly and from major consequences of their actions on other people . Consequently, for virus writers, ubiquity is the key: writing a successful virus to a ubiquitous platform holds more appeal than writing to a rare platform (when was the last time you heard of someone being pissed because their Amiga got wormed?). It's hard to get more ubiquitous than Microsoft, so there's more appeal in attacking it than writing to Amiga. But Linux is not immune from Security by Obscurity - a security "strategy" that relies on being invisible to attackers. Because Linux is gaining market share, more viruses are being written to it.
So, when it comes to the question of Which is most secure? a different approach is needed. Controlled tests should compare attack frequencies against not only different versions of different OS's but more importantly, against various levels of patch maintenance.
In a controlled test, current versions of Windows and Linux would be compared with varying levels of update maintenance: no update maintenance, inconsistent update maintenance and 100% current maintenance. The susceptibility of a computer will be a function of the diligence of the application of security updates rather than the unanswerable religious question of which is inherently more secure.
Such a study would be more realistic and I believe would expose the ignored factor of sysadmin diligence in network security. My suspicion is that it would be markedly clear that all OS's are weak to varying degrees and for this reason, well-maintained servers of any OS will prove to be markedly more secure than systems not diligently administered. Such a study would shift the religious question from Who is better? to Just how important is being a diligent sysadmin anyway?
IMO, most discussions that revolve around the core philosophical question of Which OS is better than the others? ultimately boil down to ideological preference, bias, selective filtering of ambiguous facts and degree of zealotry. And I'm okay with this. I think one of the coolest parts of the technology field is how passionate people are about their favored platforms.
I have a bias toward Microsoft. I think MS makes great software and I think MS has contributed a lot to the technology landscape as well as to the US GDP over the years. And just as the slashdotters look askance at the likes of me, I cast a cynical eye toward the rants and raves of open sourcers who think that Linux is inherently more secure than "Windows."
I quote Windows because when it comes to security, there are significant differences between versions of Windows. Windows Server 2003, IIS 6 and XP SP2 are substantially better designed to defend against malicious attacks than Windows Server/Professional 2000, Win9x and Exchange 2000/5.5. So, without defining the version of Windows that is being compared to some other platform, the comparison becomes immediately suspect in my mind.
I have long argued that any OS or application has inherent weaknesses for one simple reason: they were made by a team of humans. They lacked awareness of future technologies, tools and skills that would expose their product to risks they were not aware of. This is the reality of the opportunity cost of the Future: you do not know what is coming and so don't know how to invest in the right capabilities to defend attacks.
Further, I have felt that the blame for OS security gaps has been inordinately laid at the feet of the OS itself rather than the feet of system administrators who are responsible for configuring, hardening, monitoring and maintaining their servers. If it is true that any OS has inherent faults, it is then the vendor's responsibility to patch those faults. But this implies a significant responsibility on sysadmins: take care of your freaking servers and desktops!
Many slashdotter-types want to blame MS entirely for security gaps. While I think this is a fairly legitimate accusation for Windows 2000 and Exchange 2000, it is no longer legitimate. Windows 2003, Exchange 2003 and XP SP2, in partnership with Windows Automatic Updates provide a much higher level of resistance to attacks because of the original design and the ability to quickly distribute patches as the need arises.
Because they are sociopaths, virus writers derive satisfaction from having their destructive work recognized publicly and from major consequences of their actions on other people . Consequently, for virus writers, ubiquity is the key: writing a successful virus to a ubiquitous platform holds more appeal than writing to a rare platform (when was the last time you heard of someone being pissed because their Amiga got wormed?). It's hard to get more ubiquitous than Microsoft, so there's more appeal in attacking it than writing to Amiga. But Linux is not immune from Security by Obscurity - a security "strategy" that relies on being invisible to attackers. Because Linux is gaining market share, more viruses are being written to it.
So, when it comes to the question of Which is most secure? a different approach is needed. Controlled tests should compare attack frequencies against not only different versions of different OS's but more importantly, against various levels of patch maintenance.
In a controlled test, current versions of Windows and Linux would be compared with varying levels of update maintenance: no update maintenance, inconsistent update maintenance and 100% current maintenance. The susceptibility of a computer will be a function of the diligence of the application of security updates rather than the unanswerable religious question of which is inherently more secure.
Such a study would be more realistic and I believe would expose the ignored factor of sysadmin diligence in network security. My suspicion is that it would be markedly clear that all OS's are weak to varying degrees and for this reason, well-maintained servers of any OS will prove to be markedly more secure than systems not diligently administered. Such a study would shift the religious question from Who is better? to Just how important is being a diligent sysadmin anyway?
I Love When Companies Have A Sense of Humor
VMWare recently announced a phenomenal virtual machine tool. They call it VM Player and it allows you to run any virtual machine definition without needing to own VMWare Workstation or either server product. It simply runs the image files. Obviously, you cannot create virtual machine images, much like you can only view QuickTime movies with the player. If you want to make your own movies, you need to buy the development app. It works not only for VMWare images but also Microsoft Virtual PC, Workstation and Server products.
With the rollout they had links on their site to other companies who had created virtual machine images to run with the Player.
Red Hat Linux is one of the companies that offer pre-made builds of their systems. As I was poking around, I got a little lost on the site. I received a Bad Dog message from the Red Hat site. It listed all the possible causes of my error. Check out the final possible cause of my problem:
click to enlarge
With the rollout they had links on their site to other companies who had created virtual machine images to run with the Player.
Red Hat Linux is one of the companies that offer pre-made builds of their systems. As I was poking around, I got a little lost on the site. I received a Bad Dog message from the Red Hat site. It listed all the possible causes of my error. Check out the final possible cause of my problem:
click to enlarge
I Wish I Was This Smart
The clueless RIAA has a new brainstorm: It's not so much illegal downloads that's stealing all their business but all the recording onto blank CDs that's stealing all their business. Read about the RIAA Rocket Science Festival here.
Ok, so this is just stupid. The RIAA is an organization that specializes in entrenched idiocy. But that's not what this blog is about. It's about a brilliant comment by a user on the above-quoted article that perfectly summarizes the absurdity of what the RIAA is doing. I quote him below. Sheer genius:
Ok, so this is just stupid. The RIAA is an organization that specializes in entrenched idiocy. But that's not what this blog is about. It's about a brilliant comment by a user on the above-quoted article that perfectly summarizes the absurdity of what the RIAA is doing. I quote him below. Sheer genius:
Apparently another 22% of music is shared by people having their stereos up too loud, perhaps they will be clamping down on this, and making everyone wear headphones, so only the people that paid for the music can hear it.
Obviously RIAA are idiots, so perhaps I can try to sell them my new device, it's a audio in-ear decrpytion device. The music is played through your loudspeakers as white-noise, and only the person with the correct PGP key can listen to it through their ears, as it's decoded realtime, in-ear..
I will sell the RIAA this technology for a very reasonable $1,000,000
Technology and the Cost of Capital
The use of capital in the acquisition of technology is an ambiguous proposition. The reason is because technology offers mostly intangible benefits that are difficult to measure. Accountants like calculations like Return on Investment and Total Cost of Ownership because it helps them make more intelligent decisions about the use of a company's limited capital.
ROI and TCO works for things like forklifts, a new assembly line, tools and company cars. You can calculate how a new forklift will increase the number of trips possible for inventory movement and how those additinoal trips can reduce production cycle times. This will impact labor rates and possibly inventory turns, since inventory can be processed faster. These all drive hard, measurable costs.
In contrast is measuring ROI and TCO for software. Software has intangible benefits and therefore require tricky if not meaningless calculations for ROI and TCO.
While it is possible to know most of the hard up-front costs of software (licensing, hardware, training) the back end benefits are not so easily measured. The whole idea behind an ROI calculation is that if you cannot gain a certain return on the investment then it makes sense to spend your money on something else. For example, the company I work for uses a hurdle rate of 12%: if capital expenditure doesn't yield a return greater than 12%, we don't do it.
For ROI to work, you have to ask specifically how you are going to measure the intangible benefits of purchasing software. For example, how do you measure the ROI of upgrading from Office 97 to Office 2003? There are significant technological differences between the two versions of Office suites but the question is: how many companies are actually going to use and derive measureable benefit from the additional capabilities? Further, how long will it take companies to implement the additional technologies like SharePoint and Exchange 2003 necessary to use some of the cooler capabilities of Office 2003?
In order to measure productivity gains from using software, you must first measure a baseline of productivity from using Office 97. This means you need to look at the most common and most valuable Office functions and calculate the cost and benefit of using Office 97 for those functions. Then, after you calculate the projected ROI (let's say it's a 20 month return on investment), you need to perform the same tasks using Office 2003 and compare the costs and benefits to the Office 97 baseline.
Unless you do a comparitive analysis between a baseline of Office 97 and an actual measurement of Office 2003 productivity, the ROI calculation was nothing more than corporate hoop-jumping designed to satisfy the accounting department and, if the expenditure is big enough, the board of directors. Without a comparitive analysis, ROI has zero meaning because the assumptions used in the ROI cannot be validated 20 months later.. Similarly, the comparitive analysis should be done with the purchase of a forklift, but because a forklift ROI can be meaningfully calculated, the comparitive analysis is usually not conducted. Because of the tangibility of the value of a new forklift, the ROI calculations are usually obvious and end up mapping to real world costs and benefits.
Total Cost of Ownership is a similarly silly calculation in the world of software and hardware. TCO attempts to take a look at both front end acquisition and implementation costs and combine them with the costs to maintain the system over a certain period of time, usually the break-even point for the ROI. ROI and TCO calculations have been used over the past few years to justify the claim that TCO for Linux is cheaper than Windows. The zero dollar acquision costs weighted the TCO calcs in favor of Linux because in comparison to Windows, there is a huge difference: zero dollars to something a lot greater than zero dollars.
The problem with Linux has been unforeseen back end costs, like a lack of Linux talent in comparison to Windows, a lack of 3rd party applications developed for Linux in comparison to Windows, a lack of standards for Linux competence in comparison to Windows' MCP, MCSE, MCSD, etc. (These are opportunity costs rather than hard costs but they illustrate the intangible nature of measuring factors that drive total cost. You could argue though that opportunity costs have real dollar costs but measuring those costs is challenging). Linix has higher back end costs because of the difficulties of fully integrating Linux within an existing infrastructure. There were also likely higher costs because Linux's low-cost to acquire enabled hobbyists to develop skills in Linux, but without clean pathways of certification, quantifying an individual's skills was more challenging. Incomplete Linux skills can drive the cost of ownership of Linux higher than would be anticipated. Because Linux infrastructures are less ubiquitous than Windows networks, Linux applications have less rigorous field experience. (And please do not counter that Linux is installed more than Windows -- it is Apache that is ostensibly the most popular web server on the net, but a web server Linux box does not a Linux infrastructure make.)
Further, there are certain components of a solution or a data center that are invisible and tend to not be computed in TCO numbers. For example, one of my favorite technology bloggers is Sun's COO, Jonathan Schwartz. He describes the differences in the cost of energy between Sun Opteron x86 boxes and Dell boxes. Schwartz cites a Sun analysis that shows that the University of Buffalo should have chosen Sun Opteron boxes instead of Dells because of electrical and heat efficiencies. The University can only use part of the availability of their Dell cluster because of lack of power supply and cooling ability. Read the analysis; it's a compelling example of the hidden costs of TCO. Whether Schwartz is right or not is open to interpretation but his argument does show that there are costs that are often ignored in not only ROI and TCO calculations but in product selection as well.
All this to say that it is nearly impossible to calculate the TCO of a solution because there are too many variables that have varying degrees of predictable values. It is easy to miss invisible factors like electricity and cooling issues. It is easy to assume constant labor costs. In short, TCO technology calcs are subjec to the same fundamental weakness as ROI technology calcs: questionable and incomplete assumptions. A more appropriate approach would be to caclulate a range of ROI and TCO based on stated assumptions but this then renders ROI and TCO to the realm of probabilities and accountants like dollar figures not probabilities.
The bottom line is that you buy a technology solution because your due diligence process (you do have a structured, defined due diligence process, right?) helps you filter out and select solutions that represent the lowest risk and highest level of functional benefit given what you know about the present and what you believe about the future.
ROI and TCO calculations make accountants, CFOs and boards feel happy but everyone knows that these calculations are almost always bogus. I've seen leaders back numbers into the calculation because they know what the ROI needs to be, so they just put in what gets them the ROI. They make assumptions about costs and benefits that may or may not be pulled out of someone's nether regions and therefore may or may not reflect reality. The end objective is to create a spreadsheet that beats the hurdle rate and gives decision makers warm feelings about signing off on the capital expenditure request.
The bottom line is that people buy what they think will benefit them. ROI and TCO is an exercise in computing the value of tangible assets that is incorrectly applied to the assessment of value for hardware and software solutions. I believe that when it comes to justifying a technology purchase, all you can do is attempt to assess risk, and mitigate it by a structured selection process and a well-managed implementation project. You can calculate ranges of costs and assumed value derived from implementation but in the end, calculating the dollar value of benefits from spending thousands, if not hundreds of thousands, of dollars is tricky.
In an issue of Fortune, there was a section on industrial management and technology. IBM's new chip fabrication facility in East Fishkill, NY is described. It is a high-tech system that involves minimal human labor. This is an advantage because decontaminating humans for the ultra-clean environments of chip fab plants is time-intensive and expensive.
One of the characteristics of the plant is an embedded RFID chip that accompanies the pods (known as FOUPs) that distributes the raw materials from fab machine to fab machine:
Technology is an assumed component of business. Yet, it is an elusive component, one whose total costs and complete benefits are hard to quantify. Yet, IBM felt RFID was a critical component in spite of its inability to quanitify its value. Implementing technology will always be risky because infrastructures are typically complex. This is because they can only be planned once -- at the beginning -- and then afterwards evolve according to business needs and contemporary technologies. As a result, in an infrastructure of any decent age and size, there is a staggering degree of interdependency and therefore, complexity.
I believe that ROI and TCO are meaningless measures of the value of proposed technology solutions. If business leaders decide that a piece of technology is needed, they should be able to implement it without the absurdity of ROI and TCO calculations. Of course, there needs to be a degree of accountability to the leaders and smart leaders will have designed a consistent selection methodology and may ask the solution provider to share in the risk of implementing the technology but ultimately, the decision to purchase technology cannot be purely a financial one. It is also one of desire and hope.
A consistent process of selection and project management can mitigate these soft factors but I believe that all technology solutions come down to desire and hope. Big desires and dreams can lead to big projects that have large pay-off potential but they can also be dramatic failures. Small play-it-safe desires and hope can bring about stability at the cost of innovation that could have provided competitive advantage.
It's time for businesses to remove the centrality of the accounting department and its justification processes from the decision-making process for technology solutions and place them in the hands of business managers who will have accountability for the results.
In addition, I think the software industry needs to develop a methodology for evaluating the cost, value, risk and benefit of technical solutions. That methodology then needs to be proposed to customers as a basis for making purchase decisions.
ROI and TCO works for things like forklifts, a new assembly line, tools and company cars. You can calculate how a new forklift will increase the number of trips possible for inventory movement and how those additinoal trips can reduce production cycle times. This will impact labor rates and possibly inventory turns, since inventory can be processed faster. These all drive hard, measurable costs.
In contrast is measuring ROI and TCO for software. Software has intangible benefits and therefore require tricky if not meaningless calculations for ROI and TCO.
While it is possible to know most of the hard up-front costs of software (licensing, hardware, training) the back end benefits are not so easily measured. The whole idea behind an ROI calculation is that if you cannot gain a certain return on the investment then it makes sense to spend your money on something else. For example, the company I work for uses a hurdle rate of 12%: if capital expenditure doesn't yield a return greater than 12%, we don't do it.
For ROI to work, you have to ask specifically how you are going to measure the intangible benefits of purchasing software. For example, how do you measure the ROI of upgrading from Office 97 to Office 2003? There are significant technological differences between the two versions of Office suites but the question is: how many companies are actually going to use and derive measureable benefit from the additional capabilities? Further, how long will it take companies to implement the additional technologies like SharePoint and Exchange 2003 necessary to use some of the cooler capabilities of Office 2003?
In order to measure productivity gains from using software, you must first measure a baseline of productivity from using Office 97. This means you need to look at the most common and most valuable Office functions and calculate the cost and benefit of using Office 97 for those functions. Then, after you calculate the projected ROI (let's say it's a 20 month return on investment), you need to perform the same tasks using Office 2003 and compare the costs and benefits to the Office 97 baseline.
Unless you do a comparitive analysis between a baseline of Office 97 and an actual measurement of Office 2003 productivity, the ROI calculation was nothing more than corporate hoop-jumping designed to satisfy the accounting department and, if the expenditure is big enough, the board of directors. Without a comparitive analysis, ROI has zero meaning because the assumptions used in the ROI cannot be validated 20 months later.. Similarly, the comparitive analysis should be done with the purchase of a forklift, but because a forklift ROI can be meaningfully calculated, the comparitive analysis is usually not conducted. Because of the tangibility of the value of a new forklift, the ROI calculations are usually obvious and end up mapping to real world costs and benefits.
Total Cost of Ownership is a similarly silly calculation in the world of software and hardware. TCO attempts to take a look at both front end acquisition and implementation costs and combine them with the costs to maintain the system over a certain period of time, usually the break-even point for the ROI. ROI and TCO calculations have been used over the past few years to justify the claim that TCO for Linux is cheaper than Windows. The zero dollar acquision costs weighted the TCO calcs in favor of Linux because in comparison to Windows, there is a huge difference: zero dollars to something a lot greater than zero dollars.
The problem with Linux has been unforeseen back end costs, like a lack of Linux talent in comparison to Windows, a lack of 3rd party applications developed for Linux in comparison to Windows, a lack of standards for Linux competence in comparison to Windows' MCP, MCSE, MCSD, etc. (These are opportunity costs rather than hard costs but they illustrate the intangible nature of measuring factors that drive total cost. You could argue though that opportunity costs have real dollar costs but measuring those costs is challenging). Linix has higher back end costs because of the difficulties of fully integrating Linux within an existing infrastructure. There were also likely higher costs because Linux's low-cost to acquire enabled hobbyists to develop skills in Linux, but without clean pathways of certification, quantifying an individual's skills was more challenging. Incomplete Linux skills can drive the cost of ownership of Linux higher than would be anticipated. Because Linux infrastructures are less ubiquitous than Windows networks, Linux applications have less rigorous field experience. (And please do not counter that Linux is installed more than Windows -- it is Apache that is ostensibly the most popular web server on the net, but a web server Linux box does not a Linux infrastructure make.)
Further, there are certain components of a solution or a data center that are invisible and tend to not be computed in TCO numbers. For example, one of my favorite technology bloggers is Sun's COO, Jonathan Schwartz. He describes the differences in the cost of energy between Sun Opteron x86 boxes and Dell boxes. Schwartz cites a Sun analysis that shows that the University of Buffalo should have chosen Sun Opteron boxes instead of Dells because of electrical and heat efficiencies. The University can only use part of the availability of their Dell cluster because of lack of power supply and cooling ability. Read the analysis; it's a compelling example of the hidden costs of TCO. Whether Schwartz is right or not is open to interpretation but his argument does show that there are costs that are often ignored in not only ROI and TCO calculations but in product selection as well.
All this to say that it is nearly impossible to calculate the TCO of a solution because there are too many variables that have varying degrees of predictable values. It is easy to miss invisible factors like electricity and cooling issues. It is easy to assume constant labor costs. In short, TCO technology calcs are subjec to the same fundamental weakness as ROI technology calcs: questionable and incomplete assumptions. A more appropriate approach would be to caclulate a range of ROI and TCO based on stated assumptions but this then renders ROI and TCO to the realm of probabilities and accountants like dollar figures not probabilities.
The bottom line is that you buy a technology solution because your due diligence process (you do have a structured, defined due diligence process, right?) helps you filter out and select solutions that represent the lowest risk and highest level of functional benefit given what you know about the present and what you believe about the future.
ROI and TCO calculations make accountants, CFOs and boards feel happy but everyone knows that these calculations are almost always bogus. I've seen leaders back numbers into the calculation because they know what the ROI needs to be, so they just put in what gets them the ROI. They make assumptions about costs and benefits that may or may not be pulled out of someone's nether regions and therefore may or may not reflect reality. The end objective is to create a spreadsheet that beats the hurdle rate and gives decision makers warm feelings about signing off on the capital expenditure request.
The bottom line is that people buy what they think will benefit them. ROI and TCO is an exercise in computing the value of tangible assets that is incorrectly applied to the assessment of value for hardware and software solutions. I believe that when it comes to justifying a technology purchase, all you can do is attempt to assess risk, and mitigate it by a structured selection process and a well-managed implementation project. You can calculate ranges of costs and assumed value derived from implementation but in the end, calculating the dollar value of benefits from spending thousands, if not hundreds of thousands, of dollars is tricky.
In an issue of Fortune, there was a section on industrial management and technology. IBM's new chip fabrication facility in East Fishkill, NY is described. It is a high-tech system that involves minimal human labor. This is an advantage because decontaminating humans for the ultra-clean environments of chip fab plants is time-intensive and expensive.
One of the characteristics of the plant is an embedded RFID chip that accompanies the pods (known as FOUPs) that distributes the raw materials from fab machine to fab machine:
The most important piece of hardware in the plant is a small glass vial containing an RFID transponder. One of the devices is embedded in each of the plants 5,000 FOUPs, as well as in similar containers used to ship wafers or transport reticles images of integrated circuits that are projected onto wafers. Each transponder emits a signal that can be read from a few inches away by 60 receivers along the monorail and in each of the plants 1,500 machines. When a FOUP arrives at a processing machine, the computer system tells the machine how to treat the wafers it bears. Whistling while it works, the machine sends progress reports and also alerts the computer when its ready for another load. "A lot of people ask, How do you justify it? How do you [calculate] a return on investment for RFID?" says Perry Hartswick, a senior development manager who led the team that automated the plant. "Its like asking, How did you ROI the wires in the walls? Without RFID, I couldnt have done any of this stuff."
Technology is an assumed component of business. Yet, it is an elusive component, one whose total costs and complete benefits are hard to quantify. Yet, IBM felt RFID was a critical component in spite of its inability to quanitify its value. Implementing technology will always be risky because infrastructures are typically complex. This is because they can only be planned once -- at the beginning -- and then afterwards evolve according to business needs and contemporary technologies. As a result, in an infrastructure of any decent age and size, there is a staggering degree of interdependency and therefore, complexity.
I believe that ROI and TCO are meaningless measures of the value of proposed technology solutions. If business leaders decide that a piece of technology is needed, they should be able to implement it without the absurdity of ROI and TCO calculations. Of course, there needs to be a degree of accountability to the leaders and smart leaders will have designed a consistent selection methodology and may ask the solution provider to share in the risk of implementing the technology but ultimately, the decision to purchase technology cannot be purely a financial one. It is also one of desire and hope.
A consistent process of selection and project management can mitigate these soft factors but I believe that all technology solutions come down to desire and hope. Big desires and dreams can lead to big projects that have large pay-off potential but they can also be dramatic failures. Small play-it-safe desires and hope can bring about stability at the cost of innovation that could have provided competitive advantage.
It's time for businesses to remove the centrality of the accounting department and its justification processes from the decision-making process for technology solutions and place them in the hands of business managers who will have accountability for the results.
In addition, I think the software industry needs to develop a methodology for evaluating the cost, value, risk and benefit of technical solutions. That methodology then needs to be proposed to customers as a basis for making purchase decisions.
What I Want from Sales People
I've been sitting through quite a few technical presentations over the last few months. It seems like most IT consulting and VAR marketing departments all develop their PowerPoint slides according to the same basic script:
1. Here's who we are (History, People, Philosophy)
2. Here's who our customers are (huge impressive companies with the implication that all of GE or AOL Time Warner uses the app)
3. Here's our solution
Yesterday, we had a company come in to present to us. The sales guy brought two technical guys with him. It was easy to see why pretty quickly: he couldn't speak, he could only describe the solution in vague generalities and he was a slave to his PowerPoint presentation.
None of us were listening to the presentation because, frankly, it wasn't relevant. I really don't care about the history of the company. I care about what their solution is and about the capabilities of their people. For an introductory meet and greet, I want to know about the solution, the architecture, implementation (especially since new technology implementations is what I'm responsible for) and post-implementation relevance of the solution.
Fortunately, the more savvy pre-sales guy read the signs (all of us making no eye contact, not viewing the screen, frequent watch glances, no engagement) and tactfully interupted the sales guy and asked us a couple of provacative open-ended questions of us.
Bam. We were off to an hour and a half of meaningful discussion. This experience has motivated me to put together a list of wishes for IT sales presentations:
I wish IT marketing departments would actually do some anaylysis of what potential customers look for in a presentation. I wish presentations were short -- less than 10 slides.
I wish IT sales calls were more about asking evocative questions instead of blabbing through a bunch of pretty slides.
I wish PowerPoint had never been invented. Not because it's not a useful tool but because too many people don't know how to stand in front of other people and attempt to inform or persuade them without relying on a PP presentation.
I wish pre-sales teams would have a few slides about the solution and then run the meeting with a white board (come prepared or know in advance whether we have one or not). I am most impressed when I see someone white board a solution in response to one of our statements or questions. This ability conveys not only "talking point" knowledge of the solution but also that they possess a broad and deep understanding of how the solution fits within a company experiencing some kind of pain. Talking off a PDF fact sheet is relatively easy. Being able to articulate how a solution fits requires knowledge and good questions that draw input from people. It is frustrating that few technical sales people have these abilities.
Yesterday's solution was an analytics package -- big, scalable, powerful, expensive.
If I were the sales guy, I'd make some reasonable assumptions and ask questions based on those assumptions. Companies looking at data integration solutions probably have:
Fragmented Data: Multiple platforms (Mainframe, SQL, Excel ad-hoc databases, Access databases, CRM, ERP, etc.), siloed databases scattered and duplicated across departments and work groups
Incoherent Data: No data model that is used by all departments to organize data
Dirty Data: Bad data that has typos, duplicate entries, etc.
Ask questions like:
"Do you find that your data is scattered all over the company?" [Good probabillity that the answer will be Yes]
"Do your departments have their own versions of data that could actually be used by other departments?"
"What do your users and management staff say are the consequences of this?"
"Do your decision-makers trust their reports?"
"Does the lag time between reports and the reality they are supposed to reflect affect responsiveness?"
"How does the fragmentation affect your IT infrastructure?"
"How does the existence of siloed databases affect your business processes?"
These are good guesses at open-ended questions that will lead to useful sales information. A skillful sales guy isn't primarily a talker (although I think that's important) but is first good at asking high-probability open-ended questions that draws people to participate and disclose information about the environment. With this information, the sales person can then make intelligent decisions about what to communicate about the solution based on what he or she hears back.
This is the difference between blabbing from a PP presentation and selling from knowledge of the solution and relating it meaningfully to the customer's environment.
Few tech sales people really understand this. The average sales person understands schmoozing and talking the salesy talk but in my opinion, few sales people really know how to sell a solution in a meaningful way. At least, I should say, in a way that is influential for me. It seems like so many times, I have had to help the sales guy fill in the gaps of their approach by essentially selling myself on the product.
On the other side of the spectrum are the sales support techs who just inundate you with feature/function demos of the software. This happened last week during a presentation on an ERP application. It was mind numbing and was completely ignorant of what the people in the meeting wanted to see. No due diligence, no surveying of the attendees. Just boot up, load and walk through all the menu options. Seriously lame.
A good sales team has people who share skills and knowledge in areas like business process; mapping program functionality to resolving customer pain; the ability to identify selling points and buying signals; the ability to build relationships of trust and knowledge of how various technologies in the solution come together during implementation. When sales teams talk about solutions, they ask questions about existing business processes and what is and is not working in those processes. They use that information to contrast the current mode of operations with what could be with their solution. It's not a comprehensive demo but a representative one. It's not detailed but it is a good survey of how the solution solves the customer's problem. It creates a vision for what could be.
Instead, what I see are sales teams come in where the sales lead stumbles through a PowerPoint presentation that is achingly long. The presentation used as a platform to speak at the customer rather than as a basis for inciting a conversation. Then the "tech guy" boots up his laptop, fumbles with getting it to work and systematically works through the entire band of menu options. So many times, I see tech guys boot up and they don't have the demonstration configured properly. They don't have a disaster recovery plan. In contrast, I have seen numerous Microsoft tech presentations where the demos just work. And when they do have glitches, the team has practiced how to recover and the demo is designed in a way to assist recovery.
So in summary, to impress me and sell me on your solution:
1. Keep the dog and pony show short.
2. No more than 10 PP slides.
3. Don't talk at your customer. Talk with them from the first minute. Ask what they want from the meeting. I'd be willing to bet what they want isn't on the average IT solution provider's agenda or PP presentation.
4. Save the history and client list to a point during the meeting when it's actually relevant.
5. Know your market well enough to understand what most customers' points of pain are likely to be. Most customers have common business problems. Understand the relationship between those problems and the solution.
6. Design and ask open ended questions that address the pain points to not only draw people into the discussion but to disclose information about the environment that can help you sell. In order to sell a relevant solution, you must have information about the environment. Sometimes that information is closely held. Encouraging a discussion helps expose that information.
7. Demonstrate deep knowledge of the solution and the customer's environment by white boarding a lot.
8. Make sure your answers are always oriented toward relating the customer's pain to how your solution specifically solves the problem. If you're really good, do this in a way that the customer doesn't even perceive. Most people know when they are being sold. When a sales team is really good, they are trusted and people lose their awareness of being sold.
1. Here's who we are (History, People, Philosophy)
2. Here's who our customers are (huge impressive companies with the implication that all of GE or AOL Time Warner uses the app)
3. Here's our solution
Yesterday, we had a company come in to present to us. The sales guy brought two technical guys with him. It was easy to see why pretty quickly: he couldn't speak, he could only describe the solution in vague generalities and he was a slave to his PowerPoint presentation.
None of us were listening to the presentation because, frankly, it wasn't relevant. I really don't care about the history of the company. I care about what their solution is and about the capabilities of their people. For an introductory meet and greet, I want to know about the solution, the architecture, implementation (especially since new technology implementations is what I'm responsible for) and post-implementation relevance of the solution.
Fortunately, the more savvy pre-sales guy read the signs (all of us making no eye contact, not viewing the screen, frequent watch glances, no engagement) and tactfully interupted the sales guy and asked us a couple of provacative open-ended questions of us.
Bam. We were off to an hour and a half of meaningful discussion. This experience has motivated me to put together a list of wishes for IT sales presentations:
I wish IT marketing departments would actually do some anaylysis of what potential customers look for in a presentation. I wish presentations were short -- less than 10 slides.
I wish IT sales calls were more about asking evocative questions instead of blabbing through a bunch of pretty slides.
I wish PowerPoint had never been invented. Not because it's not a useful tool but because too many people don't know how to stand in front of other people and attempt to inform or persuade them without relying on a PP presentation.
I wish pre-sales teams would have a few slides about the solution and then run the meeting with a white board (come prepared or know in advance whether we have one or not). I am most impressed when I see someone white board a solution in response to one of our statements or questions. This ability conveys not only "talking point" knowledge of the solution but also that they possess a broad and deep understanding of how the solution fits within a company experiencing some kind of pain. Talking off a PDF fact sheet is relatively easy. Being able to articulate how a solution fits requires knowledge and good questions that draw input from people. It is frustrating that few technical sales people have these abilities.
Yesterday's solution was an analytics package -- big, scalable, powerful, expensive.
If I were the sales guy, I'd make some reasonable assumptions and ask questions based on those assumptions. Companies looking at data integration solutions probably have:
Fragmented Data: Multiple platforms (Mainframe, SQL, Excel ad-hoc databases, Access databases, CRM, ERP, etc.), siloed databases scattered and duplicated across departments and work groups
Incoherent Data: No data model that is used by all departments to organize data
Dirty Data: Bad data that has typos, duplicate entries, etc.
Ask questions like:
"Do you find that your data is scattered all over the company?" [Good probabillity that the answer will be Yes]
"Do your departments have their own versions of data that could actually be used by other departments?"
"What do your users and management staff say are the consequences of this?"
"Do your decision-makers trust their reports?"
"Does the lag time between reports and the reality they are supposed to reflect affect responsiveness?"
"How does the fragmentation affect your IT infrastructure?"
"How does the existence of siloed databases affect your business processes?"
These are good guesses at open-ended questions that will lead to useful sales information. A skillful sales guy isn't primarily a talker (although I think that's important) but is first good at asking high-probability open-ended questions that draws people to participate and disclose information about the environment. With this information, the sales person can then make intelligent decisions about what to communicate about the solution based on what he or she hears back.
This is the difference between blabbing from a PP presentation and selling from knowledge of the solution and relating it meaningfully to the customer's environment.
Few tech sales people really understand this. The average sales person understands schmoozing and talking the salesy talk but in my opinion, few sales people really know how to sell a solution in a meaningful way. At least, I should say, in a way that is influential for me. It seems like so many times, I have had to help the sales guy fill in the gaps of their approach by essentially selling myself on the product.
On the other side of the spectrum are the sales support techs who just inundate you with feature/function demos of the software. This happened last week during a presentation on an ERP application. It was mind numbing and was completely ignorant of what the people in the meeting wanted to see. No due diligence, no surveying of the attendees. Just boot up, load and walk through all the menu options. Seriously lame.
A good sales team has people who share skills and knowledge in areas like business process; mapping program functionality to resolving customer pain; the ability to identify selling points and buying signals; the ability to build relationships of trust and knowledge of how various technologies in the solution come together during implementation. When sales teams talk about solutions, they ask questions about existing business processes and what is and is not working in those processes. They use that information to contrast the current mode of operations with what could be with their solution. It's not a comprehensive demo but a representative one. It's not detailed but it is a good survey of how the solution solves the customer's problem. It creates a vision for what could be.
Instead, what I see are sales teams come in where the sales lead stumbles through a PowerPoint presentation that is achingly long. The presentation used as a platform to speak at the customer rather than as a basis for inciting a conversation. Then the "tech guy" boots up his laptop, fumbles with getting it to work and systematically works through the entire band of menu options. So many times, I see tech guys boot up and they don't have the demonstration configured properly. They don't have a disaster recovery plan. In contrast, I have seen numerous Microsoft tech presentations where the demos just work. And when they do have glitches, the team has practiced how to recover and the demo is designed in a way to assist recovery.
So in summary, to impress me and sell me on your solution:
1. Keep the dog and pony show short.
2. No more than 10 PP slides.
3. Don't talk at your customer. Talk with them from the first minute. Ask what they want from the meeting. I'd be willing to bet what they want isn't on the average IT solution provider's agenda or PP presentation.
4. Save the history and client list to a point during the meeting when it's actually relevant.
5. Know your market well enough to understand what most customers' points of pain are likely to be. Most customers have common business problems. Understand the relationship between those problems and the solution.
6. Design and ask open ended questions that address the pain points to not only draw people into the discussion but to disclose information about the environment that can help you sell. In order to sell a relevant solution, you must have information about the environment. Sometimes that information is closely held. Encouraging a discussion helps expose that information.
7. Demonstrate deep knowledge of the solution and the customer's environment by white boarding a lot.
8. Make sure your answers are always oriented toward relating the customer's pain to how your solution specifically solves the problem. If you're really good, do this in a way that the customer doesn't even perceive. Most people know when they are being sold. When a sales team is really good, they are trusted and people lose their awareness of being sold.
An Interesting Analysis of Violating the Do Not Call Registry
In this news item, which lacks the necessary analysis to put it into perspective, you will read that DirecTV has been fined millions of dollars for egregiuosly violating the federal Do Not Call Registry. The FTC received 1.4M complaints about unsolicited telemarketing calls from DirecTV.
The real value of this article is in the comments of readers under the article. In this, they observe that the penalty amounts to $3.80 per call. They raise the possibility that DirecTV intentionally violated the DNCR law, knowing they would be fined but choosing to see the fine as a marketing expense.
This reminds me of Ford's decision to not only continue to make the Pinto in light of known issues with rear-end collision explosions but to choose to not recall the car with a $5 fix. Ford calculated the risk of deaths and successful wrongful death suits versus the cost of the entire recall. Ford willingly chose deaths over a recall. In Fight Club, Edward Norton's character dealt with this very same calculus.
Certainly, DirecTV's violation is nowhere near the moral gravity as Ford's decision but the idea is the same: make an informed risk-based decision to violate a law or ethic in the interest of making money.
One commenter made a good point: The FTC should levy a flat fee per complaint that must be paid to the Feds in the event that the FTC determines violations occurred. A fee of $200 per violation would have resulted in a penalty of $280 million.
Unless the penalty of violation exceeds the value derived from violating the law, the law has no deterrent effect.
The FTC's willingness to negotiate a settlement with DirecTV belies an assumption of I have commented on before: many in government believe merely making a law is sufficient to deter unwanted behavior. The law is incapable of stopping unwanted behavior simply on the basis that a law exists. The law must be enforced so that those who break the law are stopped or such that the penalty of the law creates a disincentive for violation.
Crybaby SBC: Don't Use Us For VOIP
In this article, SBC CEO Ed Whitacre cries that it's not fair that Google, MSN and Vonage are pushing VOIP traffic over their broadband lines. So, he's going to come up with a way to meter the service so that not only are customers paying for broadband service but they are paying for VOIP traffic.
This is ridiculous. IP traffic is IP traffic. Non telcomm ISPs recognize this and are not interested (to my knowledge) in metering VOIP traffic that goes over their lines. What the IP packets encapsulate should be irrelevant to any ISP. This is similar to ISPs wanting to charge residential customers from additional public IP addresses if a they desire to have multiple computers access the internet. The only thing ISPs should care about is that a customer is not hogging bandwidth and if they do care about that, they had better define what levels of peak and sustained bandwidth constitutes "excessive." Whether a customer installs a wireless access point or hard wired router is not the business of an ISP.
It will be interesting if he is actually able to pull this off. If SBC's competitors are smart, they will promote an open view of IP traffic by saying, "Hey, we don't care how you use our pipes; IP traffic is IP traffic. We welcome your business. Come to us."
This guy reminds me of the executives like Scott McNealy of Sun who whined that Microsoft was a monopoly. No matter that this was McNealy's stance as Sun began its plummet to $3.00/share stock and diminshed revenue because Sun (read: Scott McNealy) failed to anticipate the market and respond to Dell's commoditization of servers. You never see market leaders complaining about their competition. It's always the losers who cry like children when they don't win at Monpoly. Who are the kids crying on the playground? The ones who came out on the bottom either because they were either bullied or didn't play marbles well.
The Most Significant Ideological Battle
Cultures, societies and ideologies will war against each other as we move into the future, just like they have in the past. Of course, each side of a conflict will be convinced of its own righteousness and the inherent evil of its enemy. Each side will marshal an array of evidence to justify its actions to the world at large. But one thing will be constant across all cultural, social, military and ideological wars. This constant is the most significant philosophical issue in our day and will continue to be so into the foreseeable future.
The most important philosophical issue we will all grapple with is the conflict between open source and closed source systems.
For regular readers of my blog and for technologically-minded people, this statement most likely triggers thoughts of Linux in a battle against proprietary operating systems like Windows. While this is certainly one battleground for the conflict between open and closed source systems, it is not the sole context for conflict. People around the world are coming to terms with the differences between systems that are closed to scrutiny and collaboration and those that are open to input from the outside as well as participation in the formation of the system. Just like in any war, there are arguments for and against the righteousness of both sides of the debate. And as usual, each side tends to offer arguments and evidence that make their cases clearly compelling. The truth is rarely consolidated on either side but is often a synthesis of both.
A tangential discussion of the dynamics of dialectics might be useful before moving on. The process of dialectics has several different flavors to it but the basic dynamic is that an idea is put out into the marketplace to compete against other ideas. People will tend to organize and judge ideas in terms of a thesis and its antithesis. Over the course of time, the marketplace will take ideas and use them and turn them against each other so that eventually, there are fairly clear relationships between a thesis and its antithesis. If there is enough interest in these ideas, people will use them to form a synthesis, which is the result of a lot of churning and debate over the thesis and antithesis.
The ideal objective of the dialectic process is to find either lower case truth or upper case Truth. Both forms of truth tend to be slippery and elusive since humans tend to approach the search for truth with presuppositions and biases that are not shared by everyone. The quest for truth is, in the end, a personal search that may find other people who are sympathetic to a particular version of truth but as the tragedy of human history shows, the one global truth that all can agree with has never been found. Even saying that upper case Truth is found in God does not help us arrive at Truth because people have widely divergent views of who God is, what God values and what God desires of people.
So it is on this point that I take issue with several philosophers who have articulated the value and process of the dialectic search for truth. I do not believe that the dialectic process leads us to upper case Truth but it does help us get to lower case truth. Even this though is discouraging because lower case truth lasts only for an age. Eventually the synthesis becomes a thesis and it undergoes yet another iteration of dialectic churn. Furthermore, the process of debate and churn is not linear and it does not focus on one neatly defined thesis at a time. It's like a long-simmering stew. You know the ingredients that went into it but after a while, the ingredients stop being distinct and come together as the stew. As it cooks, you take some out and taste it and make adjustments.
We are in the midst of the dialectic process for open and closed source systems. For those of you who have read my blog and my articles on the computer industry's open/closed source battles, you know that I have taken issue with the idea that open source software holds the moral high ground over proprietary or closed operating systems. Open source zealots assert that software developed with the open model is inherently more secure and better designed. I think the body of my arguments against this assertion has pretty much dispelled that idea. Nevertheless, both camps are engaged in what is for some, a fight to the death. What I suspect will emerge from the fray is something that synthesizes both ideologies into something useful and more palatable. In my opinion, Sun Microsystems leads the way in synthesizing the zealotry of open source and the ubiquity of closed systems.
There are numerous other battlegrounds where the notions of open and closed systems are creating debate, struggle and churn.
Journalism, for example. For hundreds of years, the printing press was the most potent source of influence and dissemination of ideas. The maxim then was to never go head to head with someone who buys their ink in barrels. The primacy of the printing press lost ground when radio technology emerged as a means to reach larger numbers of people with the spoken word. With radio, people heard vocal inflection, different voices, and sound effects. They began to be entertained as well as informed. Radio's centrality was loosened when television emerged as the dominant source of information and entertainment. Television held sway over news reporting for decades and the maxim changed so that one should be cautious about taking on anyone who owned megawatt broadcast towers and vast cable networks.
The big three networks had a stranglehold on the dissemination of news and the spin that was placed on news. The cost of acquiring information on newsworthy events could only be paid by commercial networks that offered vast audiences to advertisers. Because of the capital investment required to enter the broadcast market, there was little competition to challenge the slant of reporting.
The internet has radically altered the landscape of news reporting. The internet has atomized reporting and dissemination to the point where individuals can report on news and disseminate their reports to potentially large numbers of people over the web. The maxim has been altered to read: Be cautious about taking on 10,000 individuals each with their own web server. The web has generated a proliferation of information sources, each with varying degrees of trustworthiness and value. Nevertheless, the web has subverted the traditional media's dominance over news reporting and analysis. The cost to enter the information age is exactly zero because blogs are free and public computer access is free as well.
Journalism used to be a closed system using infrastructures that were relatively expensive. Printing presses, broadcast towers and cable network access were all beyond the means of individuals. Print, radio and television were effectively closed systems that were controlled by corporations. They may have solicited or responded to customer input but ultimately, they made their own editorial decisions, pursued some stories, and buried others. Credibility was a function of which J-school someone attended.
The web server has turned journalism upside down. It has all but invalidated the need for traditional journalistic credentials and it has eliminated high-cost barriers to entry. The web server has democratized journalism and reduced credibility to a single value: is what this person reports reasonable? Can it be substantiated? Is there reason associated with analysis? No longer do the traditional media channels own journalism. Not only do they no longer own journalism but the open system created by the internet forces a much more robust level of competition. And the recent failures by the New York Times and CBS indicate that the traditional media giants are not faring as well as they would like in the competition.
The music and movie industries are also experiencing a shift from a closed system to an open one. Again, prior to the internet, recording labels owned the studios, the marketing and the distribution. Recording studios handled acts like venture capitalists handle business startups: the strategy is to invest in a number of businesses with the knowledge that most will provide marginal returns but one or two startups will be gigantic successes. Both the labels and VCs rake in large percentages of successful acts and businesses to offset the development costs of less-successful endeavors.
The personal computer and the internet have largely eliminated the need for distribution through CDs and retail outlets. Users aren't buying entire discs full of crap music but instead are buying Brittany's sole decent song and mixing it in with other music. The labels aren't only afraid of lost revenue but the larger picture is that they are losing their grip on the music industry as a whole. They have already lost distribution and as bands and entrepreneurs work out decent business models, the labels will also lose their hold on marketing. It used to be that studio time for a band would cost $10,000 a day. Now, artists can set up a remarkably capable home studio for less than one day in a commercial studio with comparable quality and they get to own the equipment instead of merely rent it. The labels are looking at the disintermediation of their business' infrastructure. No one needs them for studio time, they aren't needed for distribution and they are going to lose their hold on marketing. The only thing left for labels is tour management but I suspect the entrepreneurial spirit will grab that too. The end result will be an entirely open sourced business model where artists and independent businesses take over what the labels have dominated for 60 years.
Consider the process of buying a car. Not too long ago, the buyer walked into a show room and was at a severe disadvantage to the salesman. The buyer had practically no information advantage and the salesman had all the information advantage. Now, buyers are more prepared to go head to head with a sales rep. Buyers know what the markup is, they can research specific option packages and the dealer cost of those packages. Buyers can have access to the back end rebates available to dealers. In short, buyers now have information parity with sales reps. Buyers have an entirely open field of information to them so that they can minimize, if not eliminate, the advantage previously held by dealers. With car buyers, information is power. With open systems, power is conveyed to users by sharing powerful information. With closed systems, the power of information is kept among a select few to their advantage.
Another example of the open/closed source movement is Al Quiada and the radical Muslim fringe versus just about anything in the West. There are two prongs of closed systems in conflict with open systems here. The first is the exclusivity of the Muslim vision for salvation. Not only are infidels not allowed into the Muslim vision of heaven but they must be eliminated from the face of the earth. The second, and more significant shift caused by Al Quiada has been to shift the nature of warfare away from conflict between sovereignties to conflict between ideologies. Terrorism is nothing new except to Americans. The PLO and the IRA have waged terrorist skirmishes for decades. bin Laden has completed the shift by having the courage to take on the United States.
The challenge of terrorism is that there is no single sovereignty to attack, threaten or negotiate with. Terrorist cells are connected through global networks and are governed not be nations but by ideologues. Warfare in the past was a closed system, where only sovereign nations were invited to the battle. Today, the United States is dealing with not only Al Quiada but also Iraq insurgents led by Abu Musab al-Zarqawi, plus insurgents in Afghanistan sympathetic to the toppled Taliban regime. After Truman nuked Japan twice, it was easy for him to contact the Emporer and say, "Surrender unconditionally" because the field of combatants was closed. Today, the US pursues three different ideologues engaged in combat to the death.
As a final example of the battle between open and closed systems, I offer up the political sphere. Yet, again, the internet stars as the frictionless enabler of participatory democracy. We have a republic in the United States, which means we ourselves do not participate in every issue before our country or state or municipality. We elect representatives to vote for us. Prior to the internet, it took a lot of effort to monitor the records of our representatives. We could write letters to them but the lack of quick, accurate feedback about their conduct made it difficult to be involved in our government without a lot of effort.
With the internet, it is easy to remain informed with fresh information regarding how our representatives are conducting themselves and the government. We are provided with instant feedback on their votes, we can rapidly organize ourselves with other like-minded citizens and can make our desires known clearly. Again, the nature of information, its fluidity and its freshness work to our advantage by keeping us in tune with what is happening in government. Plus, keeping in mind the changes that open access to information has brought into journalism, we are less dependent on mainline media channels for not only the spin on news but also on what stories are published. In the last three presidential election cycles, open source journalism has brought information to light that the biases of mainline media would prefer not to cover because it exposes their bias as bias rather than just the news. No longer do we have to believe Walter Cronkite's assertion, "And that's the way it is." Uh, no Walter, it most certainly is not the way it is because I now have four other alternate sources of information on this event you just reported and they have a different perspective on it. I'm now empowered to come to my own conclusion.
We see this happening around the world as people become more aware of political issues. China is deeply intimidated by the disintermediation of information by the internet. The internet creates huge gateways into their closed society and it informs its citizens about the nature of freedom. China expends significant effort to tightly control internet access and traffic into the minds of its people. As China continues to gather steam in the global market, it will become increasingly difficult for the Communist government to maintain a culture of oppression and secrecy. Open markets tend to bring in not only new commodities to buy and sell but also new ideas. This openness is what the Taliban sought to suppress and it is why the Afghan people so quickly embraced radio, music and TV: these tools gave them exposure to new ideas that resonated with their desire for freedom and autonomy.
There's an interesting cultural dynamic that I think also has its root in the dialectic between open and closed systems. What sparked this idea in me the other day was a comment by an author I am reading right now. Dallas Willard said that we have a rejection culture. He said this as an aside and didn't fully develop it but the comment it triggered in my mind a connection between a rejection culture and reality TV. Underlying all of the reality shows on TV is the threat of rejection. Though the rules vary, fundamentally, each show has a dynamic by which individuals are eliminated. Some shows have votes, one has, "You're fired!," and some have contestants eliminate themselves. But the core of each show has people who are in and people who are out.
Being in and being out is one of the dynamics of the battle between open and closed systems. Open systems seek to involve more people in the activities of the system; closed systems seek to exclude people from participation. In open systems, responsibility for managing and leading the system belongs with the participants. In closed systems, there may be participants but they are not allowed to participate in leading the dynamics of the systems. Closed systems are intended to keep participants out of the core of the system.
I believe that the world will see stages set for the conflict between open and closed systems. Each will claim their own righteousness as a thesis over competitive ideas as antitheses. Zealots will marshal themselves for battle, each crying out that their just cause shall prevail. What really ends up happening however, is that the process of dialectics will bring polar ideas together in conflict where compatible ideas will rise up and the incompatible chaff will fall to the side. All of the open/closed systems I discuss here are currently engaged in battle. What we see in terms of the combatants today will be markedly different as the dialectical process works out over the next 10, 20 and 30 years. For example, the nature of socialism in China will probably shift more toward democratic capitalism as China is infiltrated by ideas that are antithetical to socialism. China will either adapt its notion of socialism or its leadership will crumble from the force of active dissidents informed from the outside by a free-er global economy.
The point to take away however is that what we see today in the battle between open and closed systems will be quite different than what we see in 10 or 20 years. By that time, today's systems will adapt into something different as a direct result of the conflict between ideologies. This adaptation will likely yield remarkable fruit in terms of economic, spiritual, governmental, social and cultural changes but this gain will definitely come at the cost of lives, ideals and ideologies. The churn and tumult will be significant but I believe the conflict between open and closed systems is deeply valuable. What we see will lead us to feel that this truly is the most remarkable time in history to be alive.
The most important philosophical issue we will all grapple with is the conflict between open source and closed source systems.
For regular readers of my blog and for technologically-minded people, this statement most likely triggers thoughts of Linux in a battle against proprietary operating systems like Windows. While this is certainly one battleground for the conflict between open and closed source systems, it is not the sole context for conflict. People around the world are coming to terms with the differences between systems that are closed to scrutiny and collaboration and those that are open to input from the outside as well as participation in the formation of the system. Just like in any war, there are arguments for and against the righteousness of both sides of the debate. And as usual, each side tends to offer arguments and evidence that make their cases clearly compelling. The truth is rarely consolidated on either side but is often a synthesis of both.
A tangential discussion of the dynamics of dialectics might be useful before moving on. The process of dialectics has several different flavors to it but the basic dynamic is that an idea is put out into the marketplace to compete against other ideas. People will tend to organize and judge ideas in terms of a thesis and its antithesis. Over the course of time, the marketplace will take ideas and use them and turn them against each other so that eventually, there are fairly clear relationships between a thesis and its antithesis. If there is enough interest in these ideas, people will use them to form a synthesis, which is the result of a lot of churning and debate over the thesis and antithesis.
The ideal objective of the dialectic process is to find either lower case truth or upper case Truth. Both forms of truth tend to be slippery and elusive since humans tend to approach the search for truth with presuppositions and biases that are not shared by everyone. The quest for truth is, in the end, a personal search that may find other people who are sympathetic to a particular version of truth but as the tragedy of human history shows, the one global truth that all can agree with has never been found. Even saying that upper case Truth is found in God does not help us arrive at Truth because people have widely divergent views of who God is, what God values and what God desires of people.
So it is on this point that I take issue with several philosophers who have articulated the value and process of the dialectic search for truth. I do not believe that the dialectic process leads us to upper case Truth but it does help us get to lower case truth. Even this though is discouraging because lower case truth lasts only for an age. Eventually the synthesis becomes a thesis and it undergoes yet another iteration of dialectic churn. Furthermore, the process of debate and churn is not linear and it does not focus on one neatly defined thesis at a time. It's like a long-simmering stew. You know the ingredients that went into it but after a while, the ingredients stop being distinct and come together as the stew. As it cooks, you take some out and taste it and make adjustments.
We are in the midst of the dialectic process for open and closed source systems. For those of you who have read my blog and my articles on the computer industry's open/closed source battles, you know that I have taken issue with the idea that open source software holds the moral high ground over proprietary or closed operating systems. Open source zealots assert that software developed with the open model is inherently more secure and better designed. I think the body of my arguments against this assertion has pretty much dispelled that idea. Nevertheless, both camps are engaged in what is for some, a fight to the death. What I suspect will emerge from the fray is something that synthesizes both ideologies into something useful and more palatable. In my opinion, Sun Microsystems leads the way in synthesizing the zealotry of open source and the ubiquity of closed systems.
There are numerous other battlegrounds where the notions of open and closed systems are creating debate, struggle and churn.
Journalism, for example. For hundreds of years, the printing press was the most potent source of influence and dissemination of ideas. The maxim then was to never go head to head with someone who buys their ink in barrels. The primacy of the printing press lost ground when radio technology emerged as a means to reach larger numbers of people with the spoken word. With radio, people heard vocal inflection, different voices, and sound effects. They began to be entertained as well as informed. Radio's centrality was loosened when television emerged as the dominant source of information and entertainment. Television held sway over news reporting for decades and the maxim changed so that one should be cautious about taking on anyone who owned megawatt broadcast towers and vast cable networks.
The big three networks had a stranglehold on the dissemination of news and the spin that was placed on news. The cost of acquiring information on newsworthy events could only be paid by commercial networks that offered vast audiences to advertisers. Because of the capital investment required to enter the broadcast market, there was little competition to challenge the slant of reporting.
The internet has radically altered the landscape of news reporting. The internet has atomized reporting and dissemination to the point where individuals can report on news and disseminate their reports to potentially large numbers of people over the web. The maxim has been altered to read: Be cautious about taking on 10,000 individuals each with their own web server. The web has generated a proliferation of information sources, each with varying degrees of trustworthiness and value. Nevertheless, the web has subverted the traditional media's dominance over news reporting and analysis. The cost to enter the information age is exactly zero because blogs are free and public computer access is free as well.
Journalism used to be a closed system using infrastructures that were relatively expensive. Printing presses, broadcast towers and cable network access were all beyond the means of individuals. Print, radio and television were effectively closed systems that were controlled by corporations. They may have solicited or responded to customer input but ultimately, they made their own editorial decisions, pursued some stories, and buried others. Credibility was a function of which J-school someone attended.
The web server has turned journalism upside down. It has all but invalidated the need for traditional journalistic credentials and it has eliminated high-cost barriers to entry. The web server has democratized journalism and reduced credibility to a single value: is what this person reports reasonable? Can it be substantiated? Is there reason associated with analysis? No longer do the traditional media channels own journalism. Not only do they no longer own journalism but the open system created by the internet forces a much more robust level of competition. And the recent failures by the New York Times and CBS indicate that the traditional media giants are not faring as well as they would like in the competition.
The music and movie industries are also experiencing a shift from a closed system to an open one. Again, prior to the internet, recording labels owned the studios, the marketing and the distribution. Recording studios handled acts like venture capitalists handle business startups: the strategy is to invest in a number of businesses with the knowledge that most will provide marginal returns but one or two startups will be gigantic successes. Both the labels and VCs rake in large percentages of successful acts and businesses to offset the development costs of less-successful endeavors.
The personal computer and the internet have largely eliminated the need for distribution through CDs and retail outlets. Users aren't buying entire discs full of crap music but instead are buying Brittany's sole decent song and mixing it in with other music. The labels aren't only afraid of lost revenue but the larger picture is that they are losing their grip on the music industry as a whole. They have already lost distribution and as bands and entrepreneurs work out decent business models, the labels will also lose their hold on marketing. It used to be that studio time for a band would cost $10,000 a day. Now, artists can set up a remarkably capable home studio for less than one day in a commercial studio with comparable quality and they get to own the equipment instead of merely rent it. The labels are looking at the disintermediation of their business' infrastructure. No one needs them for studio time, they aren't needed for distribution and they are going to lose their hold on marketing. The only thing left for labels is tour management but I suspect the entrepreneurial spirit will grab that too. The end result will be an entirely open sourced business model where artists and independent businesses take over what the labels have dominated for 60 years.
Consider the process of buying a car. Not too long ago, the buyer walked into a show room and was at a severe disadvantage to the salesman. The buyer had practically no information advantage and the salesman had all the information advantage. Now, buyers are more prepared to go head to head with a sales rep. Buyers know what the markup is, they can research specific option packages and the dealer cost of those packages. Buyers can have access to the back end rebates available to dealers. In short, buyers now have information parity with sales reps. Buyers have an entirely open field of information to them so that they can minimize, if not eliminate, the advantage previously held by dealers. With car buyers, information is power. With open systems, power is conveyed to users by sharing powerful information. With closed systems, the power of information is kept among a select few to their advantage.
Another example of the open/closed source movement is Al Quiada and the radical Muslim fringe versus just about anything in the West. There are two prongs of closed systems in conflict with open systems here. The first is the exclusivity of the Muslim vision for salvation. Not only are infidels not allowed into the Muslim vision of heaven but they must be eliminated from the face of the earth. The second, and more significant shift caused by Al Quiada has been to shift the nature of warfare away from conflict between sovereignties to conflict between ideologies. Terrorism is nothing new except to Americans. The PLO and the IRA have waged terrorist skirmishes for decades. bin Laden has completed the shift by having the courage to take on the United States.
The challenge of terrorism is that there is no single sovereignty to attack, threaten or negotiate with. Terrorist cells are connected through global networks and are governed not be nations but by ideologues. Warfare in the past was a closed system, where only sovereign nations were invited to the battle. Today, the United States is dealing with not only Al Quiada but also Iraq insurgents led by Abu Musab al-Zarqawi, plus insurgents in Afghanistan sympathetic to the toppled Taliban regime. After Truman nuked Japan twice, it was easy for him to contact the Emporer and say, "Surrender unconditionally" because the field of combatants was closed. Today, the US pursues three different ideologues engaged in combat to the death.
As a final example of the battle between open and closed systems, I offer up the political sphere. Yet, again, the internet stars as the frictionless enabler of participatory democracy. We have a republic in the United States, which means we ourselves do not participate in every issue before our country or state or municipality. We elect representatives to vote for us. Prior to the internet, it took a lot of effort to monitor the records of our representatives. We could write letters to them but the lack of quick, accurate feedback about their conduct made it difficult to be involved in our government without a lot of effort.
With the internet, it is easy to remain informed with fresh information regarding how our representatives are conducting themselves and the government. We are provided with instant feedback on their votes, we can rapidly organize ourselves with other like-minded citizens and can make our desires known clearly. Again, the nature of information, its fluidity and its freshness work to our advantage by keeping us in tune with what is happening in government. Plus, keeping in mind the changes that open access to information has brought into journalism, we are less dependent on mainline media channels for not only the spin on news but also on what stories are published. In the last three presidential election cycles, open source journalism has brought information to light that the biases of mainline media would prefer not to cover because it exposes their bias as bias rather than just the news. No longer do we have to believe Walter Cronkite's assertion, "And that's the way it is." Uh, no Walter, it most certainly is not the way it is because I now have four other alternate sources of information on this event you just reported and they have a different perspective on it. I'm now empowered to come to my own conclusion.
We see this happening around the world as people become more aware of political issues. China is deeply intimidated by the disintermediation of information by the internet. The internet creates huge gateways into their closed society and it informs its citizens about the nature of freedom. China expends significant effort to tightly control internet access and traffic into the minds of its people. As China continues to gather steam in the global market, it will become increasingly difficult for the Communist government to maintain a culture of oppression and secrecy. Open markets tend to bring in not only new commodities to buy and sell but also new ideas. This openness is what the Taliban sought to suppress and it is why the Afghan people so quickly embraced radio, music and TV: these tools gave them exposure to new ideas that resonated with their desire for freedom and autonomy.
There's an interesting cultural dynamic that I think also has its root in the dialectic between open and closed systems. What sparked this idea in me the other day was a comment by an author I am reading right now. Dallas Willard said that we have a rejection culture. He said this as an aside and didn't fully develop it but the comment it triggered in my mind a connection between a rejection culture and reality TV. Underlying all of the reality shows on TV is the threat of rejection. Though the rules vary, fundamentally, each show has a dynamic by which individuals are eliminated. Some shows have votes, one has, "You're fired!," and some have contestants eliminate themselves. But the core of each show has people who are in and people who are out.
Being in and being out is one of the dynamics of the battle between open and closed systems. Open systems seek to involve more people in the activities of the system; closed systems seek to exclude people from participation. In open systems, responsibility for managing and leading the system belongs with the participants. In closed systems, there may be participants but they are not allowed to participate in leading the dynamics of the systems. Closed systems are intended to keep participants out of the core of the system.
I believe that the world will see stages set for the conflict between open and closed systems. Each will claim their own righteousness as a thesis over competitive ideas as antitheses. Zealots will marshal themselves for battle, each crying out that their just cause shall prevail. What really ends up happening however, is that the process of dialectics will bring polar ideas together in conflict where compatible ideas will rise up and the incompatible chaff will fall to the side. All of the open/closed systems I discuss here are currently engaged in battle. What we see in terms of the combatants today will be markedly different as the dialectical process works out over the next 10, 20 and 30 years. For example, the nature of socialism in China will probably shift more toward democratic capitalism as China is infiltrated by ideas that are antithetical to socialism. China will either adapt its notion of socialism or its leadership will crumble from the force of active dissidents informed from the outside by a free-er global economy.
The point to take away however is that what we see today in the battle between open and closed systems will be quite different than what we see in 10 or 20 years. By that time, today's systems will adapt into something different as a direct result of the conflict between ideologies. This adaptation will likely yield remarkable fruit in terms of economic, spiritual, governmental, social and cultural changes but this gain will definitely come at the cost of lives, ideals and ideologies. The churn and tumult will be significant but I believe the conflict between open and closed systems is deeply valuable. What we see will lead us to feel that this truly is the most remarkable time in history to be alive.
Friday, March 03, 2006
Tech Talent In A Global Economy
Many times, when you call tech support, you get what is called a first-level technician. Depending on the way the call center is structured, first-level can have good technical skills that are oriented toward solving the most common end-user problems. In other centers, first-level is staffed with people who have no technical skills. They classify the nature of the problems and handle billing for the cost of the call. The first-level front end person usually speaks English clearly and without distracting accents. But once they have your problem qualified, you get handed off to someone who is almost invariably someone whose expression of the English language can be challenging at times.
I find it very interesting that first-level know-nothing phone center people who speak English plainly are cheap enough to be the front line but what can't be offered are technicians who know their stuff and who speak English clearly. Why not just offshore the whole phone process? Why is first level distinctly American?
If it is cheaper to offshore tech support,
why not just push the whole thing to the east?
why not just push the whole thing to the east?
There is much ballyhoo among techies about off-shoring of technical services. What are people's responses? Professionals who form unions to hedge compensation levels that couldn't be sustained after the penetration of globalization into IT labor markets. Professional IT people form unions to protect themselves against off-shore labor.
Woefully, this is classic American and Western European entitlement thinking. Though I would love to suffer the illusion that entitlement thinking is restricted to unskilled blue-collar labor, the mentality that the wage levels of a job skill should be sustained without any change in the manner in which an IT professional's services are rendered is nonetheless present.
What should IT professionals do instead of forming unions to try to capture compensation levels? They should reinvent their skill sets. Techies need to develop their business and communication skills. Technical professionals should look for ways to bring something to their employers (which are better thought of as customers) that transcends mere coding of applications or maintenance of infrastructures.
There has long been a wide gap that separates the technical mind from the business mind. This is absurd because globalization has been driven primarily by massive leaps in technical innovation which have bound people and commerce more tightly together regardless of distance.
Globalization can be simply thought of as the convergence of technology and economies. Politics and policy are the afterthoughts of this convergence.
To make matters more interesting, the nature of globalization means that there is profound pressure on niche markets toward commoditization. Technology not only enables massive reach across the globe but it also means that good ideas can be rapidly duplicated. Replicating a niche or innovative service or product cheaply is what commoditization is all about.
This results in a degradation of the shelf life of competitive advantage. And this degradation creates cost pressures which trickle down to pressure on wages.
And this means you either reinvent yourself frequently or you face commoditization.
Or you organize into unions and demand higher wages for doing the same kind of work your offshore competitors offer for less money. And since your professional union doesn't have quite the same grip on the throats of your employer (did I mention your employer is your customer?) as the UAW does, your negotiating leverage isn't as great. So, you create a flurry of press releases and whiny, impassioned pleas on Good Morning, America on how awful it is that evil corporations are shuttling work to cheaper labor markets. You lobby the federal government to limit work visas and to create legislation that penalizes US corporations for using offshore talent. You exploit Wal-Mart-like contempt for the impact on labor of low prices by attempting to cast shame on corporations for actually attempting to be profit engines that would actually add to the GDP of the US. You conveniently ignore that it is the customers of corporations like Wal-Mart who choose to buy at Wal-Mart instead of Joe's Pharmacy because customers love low prices when all other factors are relatively equal .
The solution to avoiding commoditizatioin of your skill set is to identify what your customer needs from you and to expand your services or radically change the services you provide. Don't be just a great coder: be a great coder who also happens to have the ability to get past your cube myopia and see larger business issues. Build a friendship with a business person who you think seems to understand what's going on. Let your tech stuff rub off on them (with minimal geek speak) and let their business stuff rub off on you. Learn the business lingo because frankly, if you want to be a valuable service provider, you need to speak the language of the decision-makers. In other words, be a technical person with a business mindset. Quit being zealous about platforms and the injustice of offshoring and help your customer beat its competition. Your competition sits in the cubes next to you and they sit across several continents and large bodies of water. So you need to out-play your personal competition and you do that by helping your employer beat theirs.
How do you make a clearly compelling case for your employer (yeah, your customer) to choose you over someone else, not just when they decided to hire you but also when they decide to keep you on staff because your value is so obvious? That's a question only you can answer for yourself. But answer it you must.
Why do I say all this? Because I suspect that the friendly English-speaking front-line phone workers are PR concessions to the IT labor pool to use American labor for tech support. But if businesses work out the flaws with offshoring, not the least of which is overall customer dissatisfaction with people who can't speak English well, an entrenched labor pool will find itself eliminated from the competition because being just a programmer -- even a talented one -- isn't enough in a global market. One need only study the relationship between the UAW and GM to see that union labor cannot be sustained and that the pressures of globalism will push labor and services to either the innovator or the low-cost provider.
Sunday, February 26, 2006
The Paradoxes and Ambiguities of Pharma Research
One of the most morally ambiguous industries in the world -- particularly countries with capitalistic economies -- is health care. It is not morally ambiguous because health care is morally uncertain. It is morally ambiguous because delivering health services costs money; where costs and profits are involved, there is pressure for financial performance. Consequently, healthcare, which ideally ought to be an altruistic philanthropy, is instead a huge business that comprises appreciable chunks of a country's gross domestic product.
I'm not going to visit the tired debates associated with health care and businesses that manage health care services and payments. What I want to approach here is to discuss one or two of the ambiguities and paradoxes associated with the development of pharmaceuticals.
In Wired magazine, there is an article on the use of India's citizens as pharmaceutical guinea pigs (available for free March 1 on wired.com) for foreign pharma companies to conduct clinical drug trials. This is a movement that has become increasingly appealing to pharmas because finding test patients in western countries is growing more difficult. Drug trials apparently involve three different test groups for a target drug: tests with healthy people, tests with slightly ill people and tests with people who have fully developed a particular disease. Each of these drug trials requires a pool of test patients. India has made its citizens voluntarily available for trials because a). they believe it can help bring in levels of health care that would ordinarily be unavailable to its citizens and b). India believes this sort of enterprise can enhance its economy much like outsourcing help desks and programming have done.
In my opinion, pharma is unevenly eviscerated in the liberal media as being unfeeling, profit-driven capitalistic endeavors. These people have not thought deeply about the paradoxes of money and health care. They have treated the economics and policy of capitalistic health care lightly and have glibly tossed out the "solution" of socialized medicine and buying pharmaceuticals from Canada. In their altruistic, idealistic and kind thinking, socialized medicine will give health care to everyone without realizing that all services cost something to deliver and consequently, someone has to pay for those services. When the someone is the government, socialists think that solves the problem of health care. It solves the problem of health care and introduces exorbitant tax rates on business and citizens, with a dire cost to our economy. Further, the notion of simply buying drugs from Canada fails to appreciate that should businesses, governments and citizens shift their purchases to Canada, pharma companies will no longer be able to subsidize the cost of selling drugs in Canada and will simply stop selling drugs to our northern neighbors. Then Canada will have to buy from us.
Costs will always be costs. Changing who pays the costs does nothing to change the costs. It only shifts the pockets the costs come from.
Over the past few months, I have found an increasing number of articles that describe what many people are calling the failure of the Food and Drug Administration to efficiently vet safe drugs. High visibility problems with drugs like Vioxx only reinforce the notion that the process of certifying a drug for introduction into the health care stream ought to do a better job of mediating the risk associated with the clinical trials as well as taking the drug itself once it is certified. Granted, the FDA faces a battery of ambiguities and paradoxes much like the pharma industry does: whereas pharma has to justify R&D investment in drugs that have promising marketability, the FDA needs to balance the needs of patients who are clamoring for life-saving drugs with the risks associated with testing and taking drugs.
Here is an interesting thought:
The FDA mitigates risk in clinical trials for people who have disease yet we do not apply the same rigor to preventing disease in the first place. The government mandates certain processes intended to minimize risk to trial patients and production patients but does not apply the same standards to the health of people to drive down the chances of contracting a particular disease in the first place.
In a sense, this is saying that the government is more concerned about the risk associated with taking a drug to cure a disease than it is in mitigating the risks of acquiring the disease in the first place.
One could argue that preventative health care is a statistical endeavor not a perfect science: people can only have a probabilistic sense of security from contracting disease. It is not certain that eating certain foods, engaging in certain activities and avoiding certain unhealthy practices will protect a person from contracting dangerous diseases. Similarly, many people who smoke never contract cancer, though they certainly experience other health issues.
Nevertheless, I find it odd that both the FDA and patients think little of actually contracting a disease but once a person has it, then there is a certain expectation associated with the risk of taking drugs to treat the disease. Initially, I was alarmed by India's decision to open its populace up to the risks of pharma research. But as I thought about the paradox of America's views on the risk of taking drugs versus the risk of contracting disease in the first place, I realized that India might well be on to something. The trials extend a higher level of health care to its citizens than they would have without the trials and India finds another economic niche in a global economy that quickly reduces niches to commodities.
We are somewhat insane in the way that we perceive our health care. Back in the mid-1990's, when Comrade Hillary attempted to foist socialized medicine on Americans by way of weepy stories of sick, poor people, the cartoon Bloom County featured a series of panels showing the Bill the Cat engaged in all sorts of dangerous activities. When his red wagon crashed into the ground after falling off a cliff, he muttered from the crumpled tatters of his body, "Free health care for everyone." This cartoon precisely captured the sentiment toward health care: that it was free if the government paid for it and that it was limitless in what it allowed us to do in terms of our lifestyle.
This article is not about a solution. It's about a couple of observations, namely:
- Our sense of risk associated with taking drugs is the inverse of what it should be: we should have more concern about contracting disease than we do about the risk of taking a drug to treat the disease. Why are we more comfortable with the probabilities of contracting disease than we are with the probabilities of complications associated with taking drugs to treat disease?
- Our notion of health care seems primarily prescriptive rather than preventative. We care more about responding to disease than in preventing it.
- At first repulsive to me, I am inclined to think that India's approach to opening its citizenry to voluntary participation in clinical trials is an innovative approach to extend a semblance of health care that is greater than what would be present without the trials and which helps build India's economic infrastructure.
Subscribe to:
Posts (Atom)
