Wednesday, December 18, 2013

Healthcare.gov and Hypocrisy

I've been really pissed off about healthcare.gov lately. No, not the buggy website. No, not the confusing questions. No, not the confusing coverage. I've been pissed off about its media coverage and the political debate surrounding it.

The media has been criticizing Obama and his healthcare plan for more than a month now and its unfair. A role out of a website this big was sure to have some glitches and to be fair healthcare.gov had plenty of those. From my experience and the media's story, it sounded like a simple lack of capacity problem. The project managers didn't expect peak coverage to be what it was. Of course, as a technology professional, I shouldn't expect the media to understand that big projects almost always have problems. Except that the media reported the massive problems with the Denver International Airport Baggage System and Boston's Big Dig (people died in the Big Dig). In this age of 24 hour news, it seems that the media's memory is about 15 seconds long.

Even worse is the way that Republicans handled healthcare.gov. They tried to sink it and now are arguing that it doesn't work. First they obstructed it—attempting again and again to repeal it. Think that uncertainty had any effect on the project plan? Then they refused to pass any minor technical corrections to the bill. These corrections are a common practice in Congress. They make sure that laws that are passed work properly. Whether or not you, as an American citizen, like an individual bill, you still want it implemented in a way that will cause the fewest problems, right? Well, not the Republicans. They then claimed that the technical problems were evidence that the plan didn't work. That's like saying that online shopping doesn't work because Amazon.com goes down for a while. The logic is flawed.

I recently signed up for healthcare through healthcare.gov and I must say that it isn't the easiest process in the world, but it isn't the most difficult ever. Most of the difficulty is justified by security, identification, and financial concerns. I would say that the workflow is pretty well implemented.

Still there were some confusing parts. The first time through the application, I thought I had finished, but couldn't actually buy healthcare. I called the helpline. A lovely woman named Serena answered my call within 1 minute. She walked me through the process. It turned out I had missed some questions. I was then approved for a state subsidized plan at a cheap rate.

All in all, I am pretty happy with the experience.

A lot of things don't work in the government. Congress is thoroughly broken. It is more focused on obstructing the other guy than getting anything done. The state agencies are horrible. State administered unemployment, food stamps, and welfare offices are difficult beyond belief. But of course no one cares about that because only poor people have to suffer through that bureaucratic hell. It's nice to know that something in this government works: healthcare.gov. And it's a good thing that I found good healthcare through the system because this hypocrisy is making me sick.

Thursday, June 13, 2013

BREAKING: Supreme Court Rules Against "Natural" Gene Patents

We have some rare good news in the area of intellectual property (IP) law. The Supreme Court ruled today that Myriad Genetics' patents on two breast cancer gene mutations are invalid.

Myriad Genetics offers a test which lets women know whether they are at increased risk for breast cancer. The test tells women whether they have BRCA gene mutations. Women with these mutations are up to 65% more likely to develop breast or ovarian cancer. Myriad's patent covered ANY use of the mutations including ANY OTHER test for those mutations. Although Myriad claimed to allow further scientific research on these mutations, it isn't clear that they actually allowed all research to go forward. More importantly, Myriad used the patent to block all competitors from introducing other (different) tests. Patients who couldn't afford the tests had no other option. Even those who could afford the tests had to option to get a second opinion (important as no tests are fool-proof).

SCOTUS ruled today quite rightly that patents cannot cover naturally occurring genes. SCOTUS has drawn some fairly bright lines this year. Past cases have shown that patents of human transplanted genes are valid and those patents. The ruling earlier this year on the replanting of Roundup Ready Soybeans shows that those patents are broadly enforceable. This ruling shows that patents of naturally occurring genes are not valid. Note that in the Roundup Ready Soybean case, the genes in question did occur naturally, but were transplanted from a bacterium into soybeans.

UPDATE: Supreme Court Rules in Favor of Monsanto in Gene Pattent Dispute

The Supreme Court ruled in favor of Monsanto in the case of the agri-business giant vs. small Indiana farmer.

But the ruling was narrower than it could have been. The court ruled that Vernon Bowman violated the patent intentionally. He was in violation because he actually made an attempt to use the patented soybean seed without paying for it. It appears that those who violate the patent accidentally (because of plants spreading seed on their own) would not be considered in violation, but SCOTUS did not specifically rule on this issue. This point of law is crucial considering that genetically modified (GMO) wheat has popped up in a field in Oregon despite never having been distributed beyond test crops. On the other hand, farmers can't sue Monsanto preemptively to prevent patent enforcement on accidental cultivation of patented seed.

Friday, May 31, 2013

Clean Coal No Longer a Pipe Dream?

A new coal technology may be able to provide commercial electricity without emitting dangerous greenhouse gases.

Every one knows that climate change is a huge problem. If you don't think it is a problem then you are more in denial than the Swiss were during World War 2. But in addition to warming global temperatures, more intense hurricanes and desertification, we face the problem of ocean acidification. Very simply, the increases in atmospheric CO2 is turning the world's ocean (and lakes and ponds) into carbonic acid. The acid is dissolving coral and shellfish, disrupting the ecosystems that depend on those animals. Even climate change deniers can't deny acidification.

Solar and wind are getting cheaper and cheaper. But we still face the problem of how to run our TVs and microwaves when the sun doesn't shine. We also don't have the electric grid infrastructure to get the power from remote solar cells and windmills to American homes.

The coal industry has been pushing carbon capture technology. The emissions of coal fired power plants would be cooled down and passed through a solution which would bind with the CO2. But the world burns more than 8 billion tons of coal annually and this capture process is extremely expensive.

But there may be hope! We may have true clean coal technology soon! A group of researchers is in the process of commercialing coal direct chemical looping. What is that? Well, think about a fuel cell car. The hydrogen is not burning in a fuel cell. It is being oxidized, but it there is no fire and no loss of energy to heat. Instead the energy released is turned straight to electricity. Direct chemical looping is like that but with coal.

Very, very exciting. This technology may allow people to continue to use an extremely cheap, plentiful fossil fuel without causing further global warming.

Thursday, April 18, 2013

Why no recent updates?

Good day to all of my loyal (and disloyal) readers! I must apologize for the lack of recent updates. I started a new job at the beginning of April. I am managing Comodo Certificate Manager, an enterprise software platform for issuing, installing, and revoking SSL Certificates (for those of you who don't know what is, they enable secure e-commrece).

The job is awesome, but it has been a lot of work to get ramped up on the organization and technology. Even worse, I have had to move to New Jersey (without a car) and have to deal with the time sink of NJ Transit. When things settle down, I promise to post more awesome stuff for you guys!

Monday, March 4, 2013

UPDATE: Next Gen Credentials

UPDATE: Recently, I posted some musings on fixing the issue of too many passwords, security and next gen credentials.

It turns out that there is another approach I was unaware of: Behavioral Biometrics. Here's the idea. The system will confirm that the user is who they say they are by the way that they type, not by their password. The concept of using behavioral biometrics for authentication is nothing new, but prior approaches use the typing style as a secondary credential in multi-factor authentication schemata. I.e. a user would both need to know a password AND type it properly.

Obviously, the two-factor scheme would be more secure and not solve the remembering-passwords issue. The biometric only scheme would solve that issue, but would it be more secure than password authentication?

Aside from the problem of false positives (granting access to an unauthorized user), the more likely issue would be false negatives. It isn't clear to me that everyone types in a way that could be consistently recognized all the time. Perhaps for trained stenographers, but what about non-touch typers? I don't touch type. Rather I hunt and peck rapidly and inconsistently. How would a system recognize my style? Perhaps the algorithms are sufficiently robust. Perhaps these systems will only be adopted in situations (such as the NSA) where security is prized above ease-of-use.

It makes me wonder, though how robust these approaches are. Could an attacker watch someone type and mimic their style? Probably, but an attacker who could do that could more easily discover the password by watching.

Identification by behavioral biometrics was pioneered by authorities in Big Brother Britain (which has installed around 4 million cameras to spy on its citizens). British authorities use gait recognition, a computer vision technique whereby software identifies users by their walking style.

Ironic that security firms are using these techniques to secure people's personal information whereas Britain is using them to invade privacy.

Friday, March 1, 2013

A Brief Primer: Hackers and Hacking

Hacking is a serious problem that should be taken more seriously. This primer should help the technological beginner understand many of the issues.

Note that there are two definitions of hacking:

  1. Informal engineering
  2. Software based attacks on computing resources, usually using network infrastructures
This article concerns definition #2

Script Kiddies at Play

Much hacking has been the domain the domain of so called script kiddies. These mischief makers often have minimal technical skills. Instead they use freely available tools to break into poorly administered websites. They are not terribly organized, malicious, or dangerous.

Hacking Inspired by the Godfather

Criminal organizations hack for profit. Often they steal financial data, send spam, or commit click fraud (automatically click ads into order to earn ad revenue). They use malware such as viruses, worms, and trojans to hijack consumer PCs. Once they gain control of a PC, these groups link the machine up to a botnet, a group of hijacked machines that coordinate. These botnets usually consiste of more easily hijacked windows machines, but are often led by higher-powered hijacked Linux machines. Another technique criminals use is phishing, deliberately misleading someone into giving away their user name and password. Usually, this is done by presenting the user with an email or webpage that appears to be from a reputable online bank, retailer, or service provider. When the user enters their password, the criminal stores it and exploits the user later. This technique can lead to illegal credit charges, bank transfers, and even identity theft. Sometimes the thieves use social engineering or active impersonation to deceive users (over the phone or in person). Estimates of the cost of these cyber-crimes range from the low billions to $1 trillion. The true cost is probably somewhere in between.

Hacking Inspired by MLK, Ghandi, and Mandela

Hacktivists constitute another category of hackers. These collectives view hacking as a form of non-violent social or political protest. Anonymous is by far the best organized, most famous, and most capable such collective. One of the most common techniques used by Anonymous and other hacktivist organizations is the distributed denial of service attack. This form of attack sends so many requests to a server, that the server cannot handle legitimate requests. Many hacktivists have argued that DDoS attacks are legal. Another common hacktivist strategy is to steal data or hijack a website in order to humiliate its target. One of the most dramatic hacktivist actions occurred on live television. Anonymous announced that it hacked the infamous Westboro Baptist Church while the organizations' representative debated live on air.

Hacking as Patriotism

Recently, there have been many controversial reports regarding state sponsored hacking. Although not 100% confirmed (approximately 99.99% confirmed), these hacking incidents are particularly scary for two reasons:

  1. Nation states have an order of magnitude more hacking resources
  2. Nation states may attack enemy's critical infrastructure

More on state sponsored hacking upcoming.

Chinese State Sponsored Cyber Attacks and Our Response

First, if you are unfamiliar with the basics of hacking, check out my previous post. Stay tuned for more specific info on how to secure your business.

Executive Summary

The Chinese State has been hacking U.S. and multinational companies, stealing valuable intellectual property. Businesses must take software security seriously, investing more resources in locking down computers and networks. The U.S. government should strike back at this Chinese aggression, disabling Chinese Internet censorship, and shedding light on Chinese government atrocities.

 

Chinese Cyber Attacks

Mandiant Corporation recently released a report on coordinated cyber attacks by the Chinese on large U.S. businesses and other organizations. The report raised lots of alarm bells and rightfully so. So what should we do about these attacks? We should respond in the name of liberty.

Sitting on our hands is not an option.

The detailed, well-written report focuses on APT1, the largest Advanced Persistent Threat to face American companies. APT1 is far more than a few script kidding with fast broadband. Mandiant presents a large body of evidenced that this organization is, in fact, Unit 61398, the cyber-warfare unit of the People's Liberation Army. This report was released in the wake of a New York Times article detailing a four month intrusion into its systems. The Washington Post reported a similar incident. The papers believe they were targeted in retaliation for less than favorable stories they ran on Chinese Prime Minister Wen Jiaobao.

Mandiant Corporation discovered those attacks and repelled the attackers. Their research has uncovered more than 140 total hacking incidents perpetrated against international organizations by APT1–most of them relatively sophisticated. The attacks originated from Shanghai and required a huge number of computing power and manpower. The pattern of attack used by APT1:

  1. Launch a spear phishing attack to acquire the password of a member of the target organization
  2. Use that user's credentials to load malware into his/her computer
  3. Leverage that malware to infect other systems in the target network
  4. Transfer a huge amount of intellectual property (often terabytes) back to APT1's servers
  5. Wash
  6. Rinse
  7. Repeat

The APT1 attacks were largely to steal intellectual property. This should be no surprise to anyone. China has written its laws so that foreign companies must partner with local firms in order to do business there–largely so that foreign companies will have to share IP in order to access China's burgeoning labor or consumer goods markets. Of course, these hacking incidents are far more sinister.

Who knows how far China will go? By one account, Chinese officials have already used stole IP to blackmail a corporate boss. What's to prevent China from attacking critical infrastructure? If China invades Taiwan and the US responds, might China be willing to take down the systems that operate the US power grid? You bet your sweet ass they would.

See no evil. Hear no evil. Hack no evil.

The Chinese government claims to have no knowledge of any attacks calling the Mandiant's report a fabrication. How beleievable are China's claims? Not very. Attacks of that magnitude could only have been carried out by a large organization, either a government or a large corporation., their location makes it nearly certain that they were at least tolerated. Furthermore, the Chinese government keeps a tight reign on their network. They use deep packet inspection in order to spy on and censor their own citizens. They maintain such tight control of their networks, and they didn't notice such large scale hacking happening in Shanghai? Yeah, right.

So what should we do?

Obviously, defensive measures are de rigueur. The Department of Defense, Central Intelligence Agency, and National Security Administration and many other government agencies have taken IT security seriously for a while now. Of course, the Chinese have chosen to attack the weak underbelly of U.S. corporations whose investors and management don't understand the threat. U.S. businesses need to get in the game. Firewalls, security policies, threat modeling, application security, data encryption, penetration testing, and more. If you don't know how to secure your networks, applications, and data, learn fast. Stay tuned for some specific information on how.

But are defensive measures enough? What we have here is a cyber-war. Or some would argue that cyber-espionage is a more appropriate term. That's all semantics. It doesn't matter what it's called. We need to fight back. Even if the group launching these attacks is not directly associated with the government, it is being sheltered. Remember, the Afghan government did bomb our embassies, but they harbored those who did. The U.S. government ignored the attacks, and a few years later, the thousands died in the 9/11 attacks. We don't know how far China is willing to go.

The NSA, CIA, and military cyber operations should strike back. But how? They attacked our businesses and stole valuable intellectual property. We could respond in kind, but we don't want their IP. What would we do with it anyway? We could escalate the war by taking down their infrastructure, grounding their airlines, stopping their trains, or take down their data centers, but that would achieve little.

Hacking for Liberty

We should steal embarrassing Chinese state secrets and use them to further its citizens liberty. China's government treats its citizens horribly. Those who seek redress are sent to labor camps, tortured or even executed. Rule of law does not even exist. Corruption is rampant at all levels. Rich public officials demand bribes from even the miserable poor.

China has gone to great lengths to keep its citizens in the dark regarding these injustices. The formal press is state run and the Internet is completely censored. We should use cyber operations steal data on all of China's injustices and corruption and give it to the press. Furthermore, the Chinese people are completely cut off from the press by Chinese censors, so we should change that. We should take down their censorship infrastructure and shine rays of light on their darkest secrets so that their citizens can demand justice.

What would happen? Certainly, this activity would raise Chinese awareness of their government's despotic nature. And this would foment change. Whether the change would come fast as in Egypt or slowly as in Myanmar, I do not know, but change would come. Change will come anyway. As China's population journeys from subsistence living to middle class, it will demand not just prosperity, but freedom. The first American colonists made this journey and these demands in the 17th and 18th centuries. Liberty is one of the cornerstones of American foreign policy. Recently, the U.S. has attempted to spread democracy in the Middle East. The imposition of democracy by ground troops failed. Many died, and the U.S. economy was gravely injured. But we have met success in Egypt, Libya, and Tunisia by supporting dissidents. The Chinese government is stronger than those Arab dictators, but the prize is bigger. First, in China, unlike in the Middle East, no violent, fundamentalist religion holds sway. The downfall of the Chinese Communist Party would certainly mean democracy. Second, the Chinese economy will be the world's largest by 2030. It is crucial, that such a large influential country be a force for good.

Of course, the U.S. is likely responding to these attacks as I am writing. If nothing else, security is being tightened in datacenters all over the country. Perhaps, agressive counter-attacks are happening. We won't know the details for years if ever. We'll continue to follow this fascinating story as it unfolds. Loyal readers, keep your Internet dial tuned right here for updates.

Takeaways

  1. The Chinese Government is operating large scale attacks on US business
  2. China denies everything
  3. Lock down your business! SECURE SECURE SECURE
  4. The U.S. government should respond by hacking back
  5. China's human rights abuses should be exposed to all
  6. The Chinese people should not be kept ignorant by their government any longer
  7. Hacking can be used as a tool for freedom

Thursday, February 28, 2013

Telecommuting, Marissa Mayer, and the Workplace of the 21st Century

Should businesses allow telecommuting?

Fair disclosure: I have lobbied in the past for Apple to buy Yahoo!. I still hold that position. But what to make of Marissa Mayer's new no-telecommuting policy?

Marissa Mayer, CEO of Yahoo!, former Vice President at Google, recently announced a no-telecommute policy at Yahoo!. She has stirred up a lot of controversy. Notably, Forbes supports the ban arguing that face-to-face collaboration will foster innovation. Richard Branson argued that employees need to trust each other enough to work remotely. Many argue that for the good of parents and kids, parents need to be able to work from home and raise children.

Q: So who's right?
A: They all are.

Marissa Mayer and Forbes are right. Often a five minute conversation can resolve an issue that would require a 16 email chain. Videoconferencing can help to resolve acute issues that come up. But communication latency, compression artifacts, and limited resolution all hamper creativity. Have you ever successfully brainstormed remotely? It can work, but the not as well. Similarly, a lack of water-cooler time can prevent a cohesive culture from developing. Those cultural HR campaigns and marketing materials do little. I do disagree that working remotely damages trust. I have worked remotely with some consumate professionals who I would trust with my toughest projects. Similarly, I have worked in person with morons who barely understand their own jobs or sociopaths who try to push all of their responsibilities on others. Trust comes from competence and forthrightness, not from co-location.

Richard Branson is right, too. I personally enjoy the human aspects of my job. I make it into the office whenever I can. But I can't always make it in. Like every human being, I get sick. It's nice to work from home so that I don't have to use my PTO. Without the ability to work from home, employees will go to work sick and pass germs on to colleagues. My girlfriend and I used to live several hours away. Without the ability to work remotely one day a week, we wouldn't have been able to maintain our relationship. Surprise, Ms. Mayer! I would have chosen my girlfriend over my job. As a talented, in demand engineer and product manager, I have no shortage of recruiters emailing me. I am sure that Yahoo!'s top talent have many opportunities, too. I am sure that many busy parents are currently considering how to achieve a better work-life balance.

So what's a CEO to do? How to achieve the TAO of telecommuting?

First, blanket, no-telecommuting policies will be harmful in the long term. Those talented Yahoo! employees who want to telecommute will leave. Period. But how to achieve a common culture and foster creativity while facilitating a good work-life balance for all employees? Like anything else, develop a detailed, pragmatic plan.

All jobs should be classified into telecommuting bands, similar to the job levels many companies use to grant vacation days and other perks. Everyone needs to spend some time in the office. Yes, even that sysadmin who lives in another state and only needs an Internet connection in order to monitor the database and restart the servers. The company should fly him in for one week a quarter, do some knowledge transfer, and do some fun morale building activity. Others may need different amounts of time in the office. For example, an engineering manager may need to spend four or five days a week in the office. An engineer may only need to spend three days. A receptionist could not ever work from home.

Maximize productivity and creativity

My mother always told me You catch more flies with honey than with vinegar and the old proverb is true. There are much better ways to foster creativity, productivity, and a vibrant culture than to force people into the office. Encourage employees to take an ownership stake in the success of their team, division, and company. I'm not talking about a financial stake. Those incentives don't work as well as you think. Allow workers to work on their own projects with an 80/20 policy or a 24 hour ShipIt contest.

Yahoo! and Telecommuting

I can't promise to understand all of the cultural and organizational issues at Yahoo!, but I'll donate my 2 ¢ to my noble bog readers anyway. Marissa Mayer has kept a high profile for a CEO. She has nearly five times as many hits on Google as Yahoo's founder, Jerry Yang. Certainly this announcement has generated a lot of publicity for Yahoo! of late. There is a good chance that lower level Yahoo! managers are already allowing their most valuable direct reports to violate the policy lest they walk. This policy may also die quietly. I do also think Yahoo! needs a shake-up. Its communities, Yahoo! groups and Flickr have been languishing in the wake of Facebook, Instagram, Tumblr, and the like. The temporary energy generated by this policy might work.

In the end, though, Yahoo!'s problem isn't policies, it's talent. Google has been purchasing the best engineers, scientists, and product managers for years. My best computer science professor left a high profile tenure track position at a top 25 university to take the Google money. Yahoo! shelled out a nice chunk of change to Ms. Mayer, but she won't transform the company on her own. Does Yahoo! have the money to buy the best and brightest? All the more reason for Apple to acquire the iconic Internet portal.

Wednesday, February 20, 2013

Supreme Court Appears to Back Monsanto in Patent Dispute

soybeansdna, biotechnology

I updated you guys yesterday on a fascinating case before the Supreme Court. As you have probably figured out, I am leery of the extremely broad legal protections given to IP in this country. I felt that the case was important enough that I posted it both to my political blog and to my tech blog.

Let's have an update on the arguments.

According to the New York Times, the arguments in Monsanto vs. Bowman seemed to go the way of the giant chemical and agricultural company. Apparently, the attorneys for Monsanto were allowed to speak at length whereas Mr. Bowman's attorneys were shut down. The justices outright told Mr. Bowman that the legal basis for his defense, namely the doctrine of patent exhaustion does not apply.

Although it seems that Bowman is unlikely to win outright, SCOTUS observers have been wrong before. The court may decide the case on narrower grounds that would not have pose such a huge threat to our long-term agricultural stability. Justice Breyer appeared to open the door for an exception with his comment "maybe three generations of seeds is enough", but it isn't completely clear what loophole that would allow. Perhaps the court could rule that Mr. Bowman intentionally planted seeds that he knew contained the genes resistant to Monsanto's herbicide Roundup, and there broke the patent. Perhaps if a farmer planted the seeds without any intention of using the patented seeds, then the patent might not apply.

Stay tuned for a ruling.

Monday, February 18, 2013

Monsanto Attempts to Control Global Food Supply

Today the US Supreme Court is considering a case which puts the country's, nay the world's food supply at risk.

This entry is posted to both my political blog and my tech blog. I apologize for the overpost, but the issue is both political and technical. It is also extremely important to the well-being of the nation.

Vernon Hugh Bowman, a 75 year old farmer from Indiana, purchased some soy beans from a local granary. He planted those beans and harvested the results. Some of the beans were genetically engineered and patented by Monsanto, but he did not attempt to purchase genetically engineered beans. He didn't care. The Monsanto beans were mixed up with others.

Many people oppose the patentability of living things. Although I share their concerns, I do believe that patent protection for such innovations can be a benefit to society–as long as that patentability does not extend to naturally occurring substances or processes. Let's set that issue aside. It is very complex and deserves its own discussion.

Monsanto viewed Bowman's growing of soybeans as an attempt to infringe on their patent. The gigantic agribusiness sued, and a lower court ruled in its favor. The judgment ordered Monsanto to pay Bowman $84,000. The agricultural biotech industry compares the planting of patent protected seeds to copying protected software. But the parallel doesn't work. Copying software violates its copyright. A software patent is violated by writing new software that performs the patented activity. Seeds cannot be copyrighted because they copy themselves. Bowman could have violated Monsanto's patent by engineering a new seed which had the desired biochemical properties of the original–namely resistance to a particular herbicide.

If Monsanto get's it's way, it will have inordinate control over the nation's food supply.

The practice of monoculture is already dangerous. Most farmers have chosen to grow a single variety of a single crop. They have chosen varieties that have drought resistance, herbicide resistance, or that yield larger crops. These varieties have been bred and engineered. Before modern distribution systems, many farmers bred many different beneficial varieties, but now the top few varieties claim the vast majority of acreage. This is risky for the food supply because if that variety is particularly susceptible to a new disease, a huge amount of the world's food could be lost in one epidemic causing famine across the third world.

This case poses a threat to biodiversity in agriculture that spreads far beyond that posed by monoculture. Plants don't know the boundaries of fields or property lines. Much like Tiger Woods, they have evolved to spread their seed as far as possible. If it does spread to some unpatented crops, farmers who are not Monsanto customers would be violating its patent just be replanting their own crops. Eventually, the patented crops would overrun all other crops and monoculture would rule all.

Farmers can not violating a patent by planting seeds. That is the intended purpose of the seed. If it was a patent violation to plant patented seed, then Monsanto's customers would be violating the patent by doing so. Farmers that buy Monsanto's seed sign a contract to not replant the harvested seed, but to purchase fresh seed the next season. But that contract is only enforceable on those who sign it. It is unrelated to the patent protection granted by the USPTO.

SCOTUS: Don't be a schil to big business again. Do what's right. The nation's best interests are clearly in line with the law here. Rule justly.

More details here.

Thursday, February 14, 2013

A Broader Strategy for Apple

Yesterday, I suggested that Apple buy Yahoo! or at least finance its acquisition in order to facilitate a long term partnership. Google is the king of internet data. In the digital economy, data is becoming more and more valuable and Google is outpacing all others. Apple has its own share of data, but only on those who purchase its hardware products. In the short term, this is fine. Apple is making fat margins and has $137 million of free cash. In the medium to long term, this lack of good consumer data is a liability. It is not operationally or logistically possible for Apple to keep up hardware sales growth at current levels. Google just needs to churn out more and better on-line products and services. And that's cheap. It requires no fixed assets. As I proposed yesterday, Yahoo! could help Apple catch up.

Apple's shareholders have filed a lawsuit attempting to force Apply to return some of its "petty cash". Apple is going the cash in short term, liquid investments earning a percent or two. The suit argues that investors could make better use of the cash and that Apple should return it in the form of larger dividends or a share buyback. Apple should absolutely NOT return the cash.

As I have argued, Apple needs to invest strategically in order to continue growth long term. And there are a number of ways, Apple could do this. Below are a few acquisition possibilities that would benefit Apple strategically:

  • Yahoo!: Enough said. Estimated cost: $33 billion.
  • Dropbox: Consumer cloud storage site would give Apple a ton of data to mine. Estimated cost: $8 billion.
  • Tumblr: Up-and-coming hip photo sharing site would be (relatively) cheap and increase Apple's already significant fashionability. Estimated cost: $2.5 billion.
  • Nokia: Old hand in the mobile devices industry with reputation for reliable, low cost manufacturing. Could help Apple easily scale up capacity without sacrificing cost or quality. This play would be most likely to happen when Apple decides to expand its mobile device offerings. Estimated cost: $18 billion.
  • Canonical: Largest Linux distributor would give Apple cred in the OSS community. Ubuntu has recently diversified into the mobile OS market. This play would be more defensive. Ubuntu could potentially pose a long term threat and Apple could snap them up cheaply. The OSS culture would be hard to integrate, so Apple would most allow Canonical to operate as a standalone while influencing its broad strategic direction. Estimated cost: $600 million.
  • WMWare: Server technology company would allow Apple to make a play in the enterprise server and hosting services market. At first, this might seem like an unadvisable play. Margins on enterprise software and services are growing more slowly than consumer revenues due to vicious competition. On the other hand, the business will be cash positive while allowing to mine e-Commerce traffic patterns and thus, perhaps, stay ahead of the competition. Estimated cost: $40 billion

Of course, there are uncountably many start-ups that might make sense and that Apple could snap up cheaply. It could easily pay cash for a all of those businesses and buy more. Of course, that would be a mistake. Over-diversification would prevent Apple from bringing its laser-like focus on quality and user-experience to its acquisitions. On the other hand, it will need to take some risks in order to continue its rapid growth.

My advice to Tim Cook:

Don't return cash to shareholders. They think that they can spend it better than you, but they can't. Do your due diligence. Investigate possible acquisitions. Pick one, two, or maybe even three that make sense. Develop a solid plan to either integrate the targets or run them as subsidiaries.

Then pull the trigger.

Wednesday, February 13, 2013

How Apple and Yahoo! can fight The Google, Lord of the Internet, Titan of Data

Yahoo! Logo Yahoo! Logo Yahoo! Logo

Google and Apple have eaten Microsoft's lunch, but Google is going to eat Apple's if Apple isn't careful. Remember the old Mac vs. PC battle of the late 80s, early 90s? Remember who won? That's right Microsoft forced Apple nearly to the brink by opening up its OS. Of course, this isn't a problem, yet. Apple is getting fat profit margins on its premium hardware, and it can always open up its OS when it does become a problem.

More importantly, Google owns the Internet. It has data on everyone in the world, and it uses that data to sell ungodly amounts of ads and analytics. Apple doesn't have that. More important, Google has innovative employees and enough user data to pick attractive new products and an ability to link them together through the broadest Single Sign-On mechanism on the Internet or in Mobile. This will only make Google's data more valuable. In a decade Google will control a plurality of ads and analytics dollars worldwide. In a few decades it could control a majority of such data.

Apple needs a partner which can help it to make more inroads into this market. And who better to partner up with than Yahoo!? Yahoo! has a huge on-line user base that's very active in communities. It boasts one of the most successful web portals, and the leading picture-centered social network in Flickr. Yahoo! could give Apple the users, on-line engagement, and broad communities that it needs.

Straight acquisition? Maybe. Better yet, feel out the anti-trust regulators first.

If the regulators won't allow Apple to gobble up Yahoo!, then the Microsoft deal could show the way.

Apple could finance a private takeover of Yahoo! as Microsoft financed Michael Dell. WIth the cash Apple has, it could finance a huge portion. It could pick it's suitor.

So what are the possibilities? Apple could finance a tech mogul along with private equity. Bob Parson (founder of GoDaddy), Marisa Meyer (current Yahoo! CEO), Sean Parker (Napster, Facebook), Elon Musk (founder of PayPal) are all possibilities. But I think there is a better spouse for Yahoo!

Apple should finance a takeover of Yahoo! by a group of traditional media companies, Disney, Viacom, Universal.

This would make a new media company focused on monetizing traditional media and opposing the ads and analytics behemoth, Google. Of course these companies would be happy to partner with Apple on content monetization, analytics, and advertising. iTunes downloads have a lot higher margines that YouTube views, right?

Apple will still need to find a way to fight the hardware portable, Android OS, but at least it would have a fighting chance in the war for user data./p>

Don't even get me started on Facebook...

How Microsoft Can Rise Like a Phoenix

In my most recent blog post, I asserted that Microsoft is dying.

One paragraph summary:

MS is paying for software development that other companies are getting for free. Microsoft employees are writing worse code than their unpaid counterparts. Microsoft can't focus on their user experience, because they have to write more parts of their OS than others get for free.

But how can Microsoft reverse this downward trend that may accelerate into a death spiral?

Follow the plan below:

  1. Dump the Windows kernel
  2. Adopt an open source kernel, probably a POSIX compliant kernel (list of them here)
  3. Adopt a creative culture of innovation and experimentation where failure is allowed
  4. Spin off the following divisions into majority controlled subsidiaries:
    • XBox
    • Mobile
    • Server
    • Office
    • Kernel: this division would not write a kernel, rather it would adapt the open source kernel for Microsoft's use
    • Online communities
    • Cloud computing
    • Device drivers and hardware specifications
    • Microsoft Research
    • New market exploration

Microsoft should maintain a majority stake in each allowing it to direct the strategic direction and leverage synergies between them. On the other hand, they would operate separately and might have different cultures. They would need to pay for services inter-subsidiary services. This would force costs downward.

The parent company would be left as a hollow corporate shell. This would allow it to focus solely on broad market strategy and avoid the costs associated with managing operations across a vast corporate empire.

This prescription sounds drastic for a company that is sitting on huge cash reserves and is still quite profitable, but it is growing slowly in markets that are growing quickly. Its competitors are growing like weeds. Furthermore, Microsoft's technical strategy is out-of-date by twenty years in an industry that is moving at light speed. Soon enough, Microsoft will face a tipping point. It needs to take drastic steps before it falls off a cliff.

Why Microsoft is Dying

By now, everyone has heard that Michael Dell is trying to take Dell Computer private

He recently threw in his lot with Microsoft, but not forever.

Microsoft is a big debt-holder for the new private entity, but not an equity partner. In the short term, it can use that influence to keep Dell on the morphine drip of Microsoft software.

Whether or not the acquisition goes through, Michael Dell should see the writing on the wall for Microsoft and Windows. The monopoly status of Microsoft means that it will play a huge part in a growing market long term, but in the end, Windows will become a relic.

Want to know why? First a recent history of the evolution of human knowledge.

Crowd-sourcing has become a buzzword. At its core is the concept of sharing creativity. That concept is at the core of knowledge and learning. Academic standards for writing allow, no require, citation of other relevant works and foundations. They also require review by experts. The more experts like a work, the more it is cited, the more influence it has. Thus was formalized the evolution of ideas, memetic evolution. (Interestingly, the structure of this network of knowledge is theoretically similar to that of the Internet. In network theory, they are both considered small-world networks.) In 1969, the Unix operating system was born of this system at AT&T Bell Labs and UC Berkeley. Strictly speaking, UNIX is a kernel. It controls the low level function. Users can't talk to it directly. Windows and buttons and command prompts talk to the kernel–they are called chrome. Berkeley's version of Unix (BSD Unix) allowed any person anywhere to modify the code for their own use. Furthermore, they could redistribute the system for profit or free as they liked. If users liked, they could submit their changes. If the changes were good, they would be incorporated into the source. Suddenly users and individuals could incorporate changes that would benefit them the most. Better yet, others would make improvements to those improvements!

The Unix OS is still the standard for much scientific computation, but Linux systems (which are very similar to Unix ones) have replaced them as the engines of E-commerce. Linux uses a very similar license to the BSD license, but it goes even further in promoting the OSS model. If users modify Linux, they cannot redistribute changes without redistributing the source code. For this reason, the Linux license is considered "viral" by many.

In 1998, Steve Jobs made the bold decision to ditch the two decades old Apple written operating system and build on top of the BSD system. This allowed Apple to crowd-source the low level engineering of its consumer operating system! Apple was free to focus on a shiny new user interface that "just worked". The BSD Operating System has always been far superior to Microsoft windows, so OS X steadily gained marketshare while maintaining higher margins. The freedom to focus on user interfaces has allowed Apple to spend engineering dollars building amazingly intuitive consumer gadgets. The decrease in manufacturing costs driven by the rapid industrialization of Southeast Asia has given allowed Apple to extract ever fatter profit margins from Customers and Partners.

Windows will become a relic because Apple uses more reliable software to run the innards of all its devices. Apple has superior chrome and performance. It pays more money for better hardware, too, and users are happy to pay. Linux and UNIX are given away for free to anyone--and they are becoming easier and easier to use everyday. They will eat into Microsoft's license fees, too. Microsoft still pays tons of expensive developers tons of expensive money to do what thousands of Linux and UNIX contributors are do for free everyday. And because of Microsoft's bureaucracy their devs don't do as good a job as their unpaid counterparts. (To be fair, Apple, IBM, Google and countless other countries pay developers to contribute to these products. But what code gets in is managed by dedicated experts who know their projects inside and out. No pointy-haired types are involved.) Google is assailing Microsoft's market dominance on all fronts. It now offers two OSes, Android and ChromeOS, with more planned. It also offers cloud based office software to compete with MS Office. Sooner or later Microsoft will wash out.

Steve Ballmer is largely responsible.

Under his leadership, Microsoft's culture of innovation has died and its place in the market will, too:

Ballmer should be:

  1. Fired
  2. Tarred
  3. Feathered
  4. Set on fire
  5. Set adrift on Lake Washington

Tuesday, February 12, 2013

Industry Implications Of Microsoft Financed Dell Buyout

As we all know from finance 101, debt holders have a material stake in the debtor company. Of course if this stake is high enough, the creditor can influence strategic decisions albeit quietly. As has been suggested elsewhere, this was Microsoft's play in financing $2 billion of debt in Michael Dell's play to take Dell computer private. (We'll see if minority shareholder lawsuits allow the deal to go through.)

This is an interesting play by Microsoft, and I think broader than a defense of the lucrative PC ecosystem. That defense is only a medium term play by Microsoft. Although the consumer PC ecosystem is lucrative, it isn't growing at the rate that mobile is. I believe that that is where the true value is. The Microsoft Surface is not a bad play. The UX of tablet + keyboard is a great concept. Of course, the early reviews of Windows 8 as a UI are not good. On the other side, Dell surely wants to enter the tablet market. And Michael Dell wants to gain all the equity he can before that play is made. Furthermore, that transition likely requires more control and discipline than the quarterly ups and downs of the market would allow.

Monday, January 21, 2013

Next Gen Credentials and Security

The password system that dominates personal authentication is becoming more and more unwieldy. As users acquire more and more accounts on more and more computer systems, it is becoming less and less reasonable to expect them to choose unique passwords for each. Passwords can be forgotten, so systems designers build in reset mechanisms that can be socially engineered or otherwise exploited. Many users choose the same password for every system or at best choose from a small set of passwords. One crooked web-site could allow the attacker who administrates it access to all of a users accounts on other systems. An even bigger problem is that most users simple passwords that are vulnerable to dictionary attacks, rainbow tables, or other attacks.

Google is exploring the possibility of using hardware based authentication. The idea is that the user would wear a ring or have a key fob that could be used to authenticate with either the device or with the customer's online accounts or both. This is a promising approach. This isn't perfect, but it the seems to have fewer problems than any other approach that I have seen.

In addition to passwords, most banks use a second authentication system whereby users re-verify via a non-password mechanism. Users must type in a one-time use code that is sent to a separate account. They are required to re-authenticate this way every the user tries to log in using time a new device or account (or whenever cookies are cleared).

Biometrics seemed promising, but the credentials (fingerprint, retinal pattern, etc) can't be changed. If an attacker cracks the encryption and steals the signature, he or she can log into your account for life. It might be a pain to replace an authentication ring but it is possible.

Another approach suggested by Turing Award winner and CAPTCHA inventor Manuel Blum was to use a "hard" function (computationally intensive to invert) to compute a password. The user could use a simple single password along with the site name as an input. The password would then be computed automatically. One problem with this approach (and a MAJOR pet peeve of mine) is that different sites have different password restrictions. Can't we agree on a standard set and move on? Or at least post them next to the login screen to hint to users what password they might have chosen.

Another problem with Blum's approach is that it would require a hardware device as well as manual input of data. Although it could be implemented in software, it would then be vulnerable to any trojans that had gained access to the user's system. According to Kerpersky, these trojans are the second most prominent threat next to malicious urls (many of which attempt to install trojans). A naive implementation of the hardware authentication token might be vulnerable to the same attack, but an active device could mitigate the threat by compute Blum's "hard" function (probably a cryptographic hash) in hardware. The software it interacts with could provide an "authentication domain" (my term) and the user could enter a simple PIN, a third unique code would then give the device a third auth component. Of course such a device would still be vulnerable to a Trojan that read the hashed inputs, but not if it was implemented in hardware and added the auth token directly using the network hardware.

Then an end user would only be as vulnerable as the network security in the many routes on the internet.

So what can we conclude? Information security is incredibly hard. There is no silver bullet, but the next generation of security will likely require some combination of hardware and software--biometrics may play a role also. A simple system is necessary, preferably a single sign-on system.

The logistics behind this advancement are daunting, but today's tech companies have made some incredibly impressive advances in the past twenty years. I believe that a consortium involving Google, Apple, and Intel could make it happen. Improved security would improve life for everyone save cyber-criminals.

Monday, January 14, 2013

When will Big Tech buy Big (Small) Content

Currently, the music business is dying. It isn't that we aren't listening to music. Artists haven't stop making music. What HAS happened is that the big record companies have stopped being able to print dollar bills just by printing CDs.

But content isn't dead. People pay for Netflix. People pay to go to the movies. People sign up to premium music streaming services. Music attracts a lot of attention on the internet and a lot of Ad dollars.

The rise of the Internet has cut the record companies out of a lot of the business, though. Bands can find a following on the Internet and distribute music on their own. Or they can build a faithful audience and make money playing concerts and selling memorabilia. Bands such as the Grateful Dead and Phish have been following that business plan for years. The Internet just makes it easier.

So what are record companies to do? They still own content, but they can't produce the returns that they used to be able to. The business has changed. They can't manage technology very well (people hate VEVO and its technical glitches). They can't drive the eyeballs the way that they used to.

So what's going to happen?

I have a theory. Big tech companies such as Google, Apple, and Amazon will buy record labels in order to cut out the middleman. What can fat cats in LA studios do to help us listen to music? Why can't social media pick hot artists and tech companies promote them through their technology.

The record companies who have mostly been bought out by media conglomerates are not releasing financial numbers, but it is safe to say that they haven't been perform well. Sooner or later, their parent companies will demand better performance and divest themselves of their music catalog. Who better to buy them than Google, Apple, Amazon, or Facebook?