up and running

Posted on by No Comments ↓

Things now appear to be back to normal, I hope. For those of you who missed it, this blog was down for a couple of weeks due to a problem with my hosting service provider, who had to basically wipe my account and restart it from scratch. Took the opportunity to do a little bit of streamlining – clean install of WordPress, slimming down plugins, simplifying domain names and some under the hood tweaking of the DB to get existing content back in.

So welcome back. Hope to have some less mundane posts up shortly. Stay tuned.

two tales of security

Posted on by No Comments ↓

From the “if I had a nickel every time..” category, a story from The Telegraph on the loss of sensitive information by the RAF:

The Ministry of Defence has admitted that files had been stolen, and more than 500 RAF staff have been warned of the possible consequences to them and their families after the unencrypted data – stored on three computer hard drives- went missing.

The extremely personal information had been given by servicemen for an in-depth vetting process to give them high security clearance.(emphasis added)

Now, I certainly can’t comment on the specific facts surrounding the loss of this data, but I did note, in particular that the data recorded was unencrypted. As most readers of this blog know, this is certainly not the first time an incident like this has occurred (i.e. a lost, misplaced, or inadvertently discarded data storage device that contained sensitive information). In fact, to be honest, it is somewhat mind-boggling that this still occurs. Not that things get lost. I understand that things like that may happen despite the physical security protocols that one may put into place. But not encrypting such data? Perhaps  a decade ago, something like that would be understandable. But it should not be today, particularly when there has been story after story about this sort of thing. In this case, not only has the RAF compromised the personal information of certain of its officers, it has also put the UK’s national security at risk. Completely inexcusable. And if I sound harsh, it’s because I intend to.

So, once again for anyone who cares to read this blog: If you are responsible for sensitive data and store it in digital format, you really, really, must ensure that you encrypt that information, particularly if it is on a storage device that may be transported, or is sitting anywhere other than a very secure vault. Otherwise, it’s only a matter of time that someone will come after you for negligence. Or worse.

On the other hand, there is a brief story in Wired about an interesting video on YouTube. It’s basically a faked video showing some “hackers” tapping into a building’s SCADA system. Interestingly, this appeared to set off alarm bells in some circles:

“Perhaps the first demo was just for fun, but the others will have less juvenile goals,” McAfee Avert Labs researcher Francois Paget blogged on Friday. “An attack can involve nationwide damage, a terrible effect on the public’s morale, and huge financial losses.”

To be fair, McAfee’s Paget acknowledged some doubts “about the technical aspects of these light-show ‘attacks’ on unprepared buildings.” But with the enthusiastic faith of cybarmageddonists everywhere, he boldly asserts that it doesn’t matter if the video is genuine.

“Fake or not, the video confirms that hackers and cybercriminals have got their eyes on SCADA networks.”

So, a question for anyone reading this – even if the video were real (and it’s not), why (other than what the article already notes) do you think Mr. Paget’s comments might be a bit off the mark, at least when it comes to the contents of the video itself?

no more cash, please

Posted on by No Comments ↓

Interesting opinion piece in Wired about the disadvantages of cash – as in dollar bills and coins – and the general (albeit slow) trend of economies to move towards electronic forms of payment. It certainly makes sense, I think. Not only is cash inconvenient, but, as the article points out, it’s costly and not particularly eco-friendly:

The cost to taxpayers [in the US] in 2008 alone was $848 million, more than two-thirds of which was spent minting coins that many people regard as a nuisance. (The process also used up more than 14,823 tons of zinc, 23,879 tons of copper, and 2,514 tons of nickel.)

It strikes me as odd that e-payment devices had not gained much traction in North America. More specifically, devices that can be used in place of cash, without the hassle of credit card signatures or entering PINs for debit cards. Elsewhere in the world such devices seem to have been taken up quite rapidly. For example, in Hong Kong, the Octopus card, a contactless, stored value card originally designed as a payment mechanism for the Hong Kong subway system, has been a roaring success. Use of such cards has now expanded to stores, restaurants – even parking meters and vending machines. Similarly, I remember seeing a Coke machine in Singapore where one could buy a brink by dialing a short number and thinking, how cool is that? FTA:

“The cell phone is the best point-of-sale terminal ever,” says Mark Pickens, a microfinance analyst with the Consultative Group to Assist the Poor. Mobile phone penetration is 50 percent worldwide, and mobile money programs already enable millions of people to receive money from or “flash” it to other people, banks, and merchants. An added convenience is that cell phones can easily calculate exchange rates among the myriad currencies at play in our world.

In contrast, cash replacement systems in North America don’t seem to be faring all too well. I remember a few years back when Dexit made its debut in Toronto. It was a stored value chip that you could carry on your keychain and swipe to make payments. You could reload it easily through a website. Fees were quite reasonable. And it seemed to work quite well. I was quite a fan. That is, until Dexit was restructured in 2006 and more or less all the terminals at stores disappeared.

One survey has found that there is some resistance from consumers to the idea of using mobile phones, due primarily to security and identity theft concerns. Certainly an issue, but one I would have thought would be no more risky than the use of credit cards, e-commerce sites or even venturing on-line with a PC. I know this is a bit of a simplistic comparison, and that there are significant complexities involved in electronic security, particularly when it involves money, but I would have thought that both the development of a secure platform as well as the ability to properly market such a platform to consumers would not be beyond the capabilities of companies who have, for example, developed highly secure mobile e-mail devices, or set up nationwide, sophisticated 3G cell networks, particularly given the potentially lucrative market for such a service which as yet seems to be relatively free from much in the way of serious competition – at least here in North America.

In the meantime, I guess it’s off to the ATM again.

anti-spam law – about time

Posted on by No Comments ↓

There have been bits and pieces floating around on this for a while but apparently the official announcement has now been made that the feds will (finally) be introducing an anti-spam law (hat tip to Barb McIsaac for forwarding the link). The nub:

This bill proposes a private right of action, modelled on U.S. legislation, which would allow businesses and consumers to take civil action against anyone who violates the ECPA. The proposed ECPA’s technology-neutral approach allows all forms of commercial electronic messages to be treated the same way. This means that the proposed bill would also address unsolicited text messages, or “cellphone spam,” as a form of “unsolicited commercial electronic message.”

The bill would establish a clear regulatory enforcement regime consistent with international best practices and a multi-faceted approach to enforcement that protects consumers and empowers the private sector to take action against spammers.

An important component of the proposed ECPA is the enforcement regime whereby the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner would be given the authority to share information and evidence with their counterparts who enforce similar laws internationally, in order to pursue violators beyond our borders.

The proposed ECPA would enable the CRTC to impose administrative monetary penalties (AMPS) of up to $1 million for individuals and $10 million in all other cases. The Competition Bureau would use a similar AMPS regime already provided for in the Competition Act,and the Office of the Privacy Commissioner would use its existing tools and enforcement framework to enforce the provisions of this legislation. The bill also proposes that the Privacy Commissioner’s powers to cooperate and exchange information with her counterparts be expanded, in respect of the Personal Information Protection and Electronic Documents Act.

via Industry Canada Site – Government of Canada Protects Canadians with the Electronic Commerce Protection Act.

More on this when I actually get some time to read the thing.

no driving and typing – now law

Posted on by No Comments ↓

A new law that bans using hand-held devices to talk, email, or send text messages while behind the wheel has been passed by the Ontario legislature.

The new rules, which don’t come into effect immediately, include a fine of up to $500 as the province joins other jurisdictions in cracking down on drivers using the devices.

via the CBC website.

About damned time. See my previous rant on the topic.

work life balance is alive and well at 37signals

Posted on by 2 Comments ↓

Read an interesting article on the 37 signals blog about “lifestyle businesses”, work ethic (or rather work hours) and reward. The nub:

It’s been a long time since there was a direct correlation with the number of hours you work and the success you enjoy. It’s an antiquated notion from the days of manual labour that has no bearing on the world today. When you’re building products or services, there’s a nonlinear connection between input and output. You can put in just a little and still get out a spectacular lot.

True, though I imagine this varies somewhat depending on the type of  business you’re in. For example, in law there is a certain emphasis placed on billable hours. Needless to say, that results in quite a direct correlation between hours works and success. Of course, it’s not the only factor, but it there is definitely a correlation. It would be interesting to see how the thinking in this article could be transposed into the practice of law. Or for that matter whether it could be.

We’re living proof that you can work much less than popular entrepreneur lore would have you believe and still run a very successful, multi-million dollar business. And still have time for taking flying lessons, learning to play the guitar, nurture your garden, go hiking, enjoy cooking, socialize with people outside your tech circle.

It’s your choice.

Hmm. Maybe it’s time to become an entrepreneur. 😉

via The lifestyle business bullshit – (37signals).

don’t repay debt = lose your right to practice law

Posted on by No Comments ↓

An interesting blurb in reportonbusiness.com. The nub: Lawyer fails to repay student loans. Court revokes his license to practice law. Why?

“there is a clear and rational connection between Santulli’s lack of trustworthiness or reliability in carrying out responsibilities and the likelihood that he will harm a client, obstruct administration of justice or violate the disciplinary rules.”

It seems somewhat counterintuitive to take away a person’s primary means of earning an income to repay the debt as punishment for not repaying it – almost a “lose-lose” solution if you will. In addition, the reasons given seem to be somewhat overreaching. It’s one thing to take away someone’s license to practice if they do harm a client, obstruct administration of justice or violate disciplinary rules, but doing so because there is a “connection” to the “likelihood” that they will do so? Sure, there may possibly be some tenuous connection to failure to pay debt and being less professional to one’s clients. There is also a higher likelihood that he may rob a bank? While they’re at it, why don’t they just throw him in jail for that as well?

I’m certainly not suggesting he shouldn’t repay the debt or that there shouldn’t be sanctions for that. There should be. Seize his assets. Garnish his wages. And so on. There are a whole arsenal of tools available to creditors. But taking away his license to practice. That I don’t get.

Guess I better go pay that credit card off…

google ventures is up and running

Posted on by No Comments ↓

Announcement last night on the Official Google Blog:

Today we’re excited to announce Google Ventures, Google’s new venture capital fund.

At its core, Google Ventures is charged with finding and helping to develop exceptional start-ups. We’ll be focusing on early stage investments across a diverse range of industries, including consumer Internet, software, clean-tech, bio-tech, health care and, no doubt, other areas we haven’t thought of yet.

Perhaps not a surprise, as there were reports (like this one in the WSJ) in mid-2008 that this was in the works. So far, it seems reactions are mixed – not necessarily to Google Ventures per se but to corporate VCs in general. The WSJ had this to say:

Their track records have been mixed. Corporate venture-capital arms have been hampered by challenges that traditional venture-capital businesses don’t face. Venture capitalists invest in private start-ups at an early stage, usually in hopes of a big payout if the company is sold or if its stock goes public.

Many start-ups fear that taking corporate money limits their options and comes with strings that could turn away other potential investors — such as a right to buy the company at a later date. Some funds with less competitive compensation have struggled to retain managers, and corporate venture funds often don’t allow senior employees to invest personal money in their funds, while other venture funds typically do.

This is also echoed by some traditional VCs, including Fred Wilson of Union Square Ventures (who by the way writes a great blog – highly recommended) who concluded in his post:

But I do think that venture investing is not the best use of a corporation’s capital and that it is inevitable that it will produce sub-par returns at best and significant losses at worst.

He cites the same reasons above in the WSJ article and also suggests that corporate VCs will have difficulty retaining talented fund management.

Corporate VCs, like strategic purchasers in M&A deals, may have longer term strategic objectives that, over a longer term, will result in benefits to them. In this regard, corporate VCs can be likened to some extent to strategic purchasers in an M&A context (while traditional VCs can be liked more to financial purchasers). In this regard, one of the advantages of corporate VCs to investees is that they will often have a longer term view of their investment than their traditional VC counterparts – they won’t be under the same constraints to book gains and make their LPs happy or to meet the horizon of their fund. In this case, the very thing that Fred suggests is a weakness of corporate VCs could well be an advantage to an investee company, depending of course on the objectives of the investee.

For the same reason, I’m not sure if it would be valid to say that corporate VCs are or are likelier to (as compared with traditional VCs) fail, because if the focus is on longer term objectives, realized profits as reported on the corporate VC’s income statement might not accurately reflect the actual benefit. At the simplest level, it could allow a company like Google, which has traditionally simply acquired companies that interest it outright, to hedge it’s bets. If the company is wildly successful, and Google wants to buy it outright, it will have saved a few dollars by having put in money at an earlier stage (and presumably much lower valuations). Depending on how things are structured and accounted for, I’m not sure whether the savings in that situation would necessarily be reflected in the measured earnings of the corporate VC. But apart from actual savings, VC investing will also allow Google to gain an insider’s perspective on its investees at an earlier stage and to better assess how things are coming along, and to help them along. This itself may be worthwhile relative to the costs associated with researching potential acquisition targets at a later stage.

I’m not suggesting that in all cases Google will be using Google Ventures as a farm team for potential acquisitions. But even if it isn’t, it may well develop better and deeper relationships with entrepreneurial companies that it could later partner with or enter into some sort of strategic relationship that will enable it to realize financial benefits going beyond those measured in the VC arm’s financials. And it will be better positioned to do so as an investor in the company.

Not to say that life with corporate VCs is all wine and roses. There are often thorny issues to deal with, particularly when it comes to commercial dealings between an investee and an investor, as Fred notes, and things like purchase options (which I’ve seen proposed a few times and for which the answer is a relatively consistent “no” from investees).

All that being said, an article in Wired suggests Google Ventures will act more like a traditional VC:

The fund, to be called Google Ventures, will be wholly owned by Google, but will operate as a separate entity and will seek investment opportunities to maximize returns rather than looking for investments that strictly fit with Google’s strategic vision.

Several high-tech companies have in-house venture capital arms, including Intel and Motorola, But Maris said that Google Ventures will have more in common with traditional venture capital firms.

“We’re making financial return our first lens,” said Maris. But he noted that a part of the appeal of Google Ventures for start-up firms is the relationship to Google and its 20,000 employees.

Interesting. I guess we’ll see. In the meantime, if you’re looking for financing, go to the Google Ventures site.