whither an open cloud manifesto

Posted on by 1 Comment ↓

Many of you probably have already heard about the Open Cloud Manifesto. It’s the document that was crafted by IBM in an attempt to enunciate some broad principles to make those who are considering a leap into the the warm, puffy, interoperable clouds (in contrast to their own cold, dark, dank and proprietary data centres) get a warm and fuzzy feeling.

I’ve taken a very cursory look at it. Meh. To me, as a lawyer, it comes across as marketing fluff. Nice marketing fluff, but fluff nonetheless. For example, principle no. 2 says “Cloud providers must not use their market position to lock customers into their particular platforms and limit their choice of providers.” What exactly does that mean? And why would it be limited to market position? Would this mean that vendors would be able to use other means to lock in customers, such as refusing to provide termination assistance services?

There is also the irony, as CNN has noted, that the manifesto itself was not the subject of an open or inclusive process. In addition, as reported in eWEEK, a number of leaders in the area (Microsoft, Amazon and Google) have not signed on, for one reason or another.

It will be interesting to see what the industry does with it. And even more interesting to see how it plays out when it comes to customers. For example, I’d be very interested in seeing the reaction of those who signed on if a customer asked that this manifesto be attached to their services agreement with a clause obligating the cloud services vendor to comply with and act, in the course of providing its services, consistently with the manifesto.

from the “this is potentially very cool if it works” dept.

Posted on by No Comments ↓

Came across this story by chance via an article in a Twine update that I was about to delete. Anyway, I caught the name Wolfram so thought I’d take a peek. The name might ring a bell – it’s Wolfram as in Wolfram Research, as in Stephen Wolfram of Mathematica fame. No slouch when it comes to all things mathematical. In any event, apparently in May he will unveil Alpha which, I gather from the article, is a “computational engine” that will actually compute answers to plain language queries. A brief sampling from the article:

For those who are more scientifically inclined, Stephen showed me many interesting examples — for example, Wolfram Alpha was able to solve novel numeric sequencing problems, calculus problems, and could answer questions about the human genome too. It was also able to compute answers to questions about many other kinds of topics (cooking, people, economics, etc.). Some commenters on this article have mentioned that in some cases Google appears to be able to answer questions, or at least the answers appear at the top of Google’s results. So what is the Big Deal? The Big Deal is that Wolfram Alpha doesn’t merely look up the answers like Google does, it computes them using at least some level of domain understanding and reasoning, plus vast amounts of data about the topic being asked about.

It will be interesting to see how (and whether) it actually performs. Given Wolfram’s credentials, the huge effort (undertaken in stealth mode it seems) and data that has gone into it and the positive articles to date (such as the one below) it does sound very promising.

From a legal perspective, it will be interesting to see how content used in the engine has been utilized and how the rights to such content (assuming there is at least some non-public domain material used) have been dealt with. From a tech perspective, it will be very interesting to see what the iron powering this thing will look like, particularly if it starts getting millions of queries a day, how the underlying algorithms work and the extent to which it can evolve and improve over time (I hesitate to use the word “learn”). And from a biz perspective, it will be interesting to see whether Wolfram takes a google-type approach to revenue generation (i.e. ads) or whether he has something else up his sleeve. Check it out for yourself in May.

via Wolfram Alpha is Coming — and It Could be as Important as Google | Twine.

data/privacy breaches – costs are increasing – time for investment?

Posted on by No Comments ↓

An interesting piece in E-Commerce News about a new report from PGP and Poneman about the cost of data/privacy/security breaches and the reasons for them. Some excerpts:

Data breach incidents cost U.S. companies US$202 per compromised customer record last year compared with $197 in 2007 according to the study. The average total per-incident cost rose to $6.65 million in 2008 up 5.3 percent from $6.3 million in 2007.

Healthcare and financial services companies experienced the highest customer churn rates — 6.5 percent and 5.5 percent respectively.

Third-party organizations accounted for more than 44 percent of all data breaches in 2008 and the resulting investigation and consulting fees made these the most costly form of data breaches.

Nearly 90 percent of all cases in the 2008 study involved insider negligence.

Many of the security problems companies face are preventable — but most organizations don t have the right software tools and security policies in place to deal with data breaches he observed.

“It s a combination of software and risk management ” explained Ponemon. “Good technology like encryption data-loss prevention tools and data-access tools can help — but they re not the complete answer because so many of these incidents are due to negligence and carelessness.”

Of course, there is a bit of of a conflict here given that the sponsors of the study also happen to offer security solutions. Nonetheless, the figures are important to keep in mind to drive home the point that the direct costs (not to mention the reputational costs) of a privacy or data breach are very real. And very substantial. Hopefully, some figures like this will prompt companies to invest more in proactive measures to reduce the risk (and costs) of privacy breaches.

If you’re beyond that stage, then you might want to read this: Practical Tips for Responding to Privacy Breaches (full disclosure: I work for the firm that published this article).

bilski going up to the supremes

Posted on by 1 Comment ↓

As most readers probably know, Bilski was a rather important case on patent law in the US. There have been many, many, many analyses and commentaries on the impact of the decision of the federal circuit court which would significantly limit the patentability of business methods. In short – patents would only be available if embodied within a machine or transformed one tangible thing into another.

According to SCOTUSblog, the decision is being appealed:

“This case,” the petition’s opening line says, “raises the most fundamental question in patent law: what can be patented? Are patents only for manufacturing processes that are tied to a particular machine or produce some physical transformation? Or do patents also embrace modern business procsses that do not depend on a particular machine or device?”

First time since 1981 since the Supreme Court has considered this, according to SCOTUSblog. Patent agents everywhere await with bated breath.

chrome – not a windows killer (part ii)

Posted on by No Comments ↓

I read with interest an article in The Register from last September that I just ran across a few days ago: Chrome-fed Googasm bares tech pundit futility • The Register. It echoes some of the sentiments that I had made in a post around the same time last year, albeit with a bit more edge and humour, as well as some thoughts as to the reasons why the tech press has presaged Chrome as the “operating system of the future”. Some excerpts:

Users aren’t going to decide which computer to buy based on which browser comes pre-installed, and even if they do, I’m going to guess that they will choose Internet Explorer (or – as it is known commonly in user parlance – “the blue internet that opens my web sites”). In any case, a browser is still going to need a proper operating system to run, and that operating system will almost always be Windows.

Given the thousands of Windows applications that are grandfathered in to many IT systems, the video games that are just a touch too GPU-intensive to run in JavaScript, and general user comfort with Windows, it’s hard to imagine a world where everything (and I mean everything) is done in a browser. Oh, and let’s not forget all your browser-based apps being ad-supported.

People are calling Chrome a cloud operating system because it is a “platform for running web apps”. It renders HTML and interprets Javascript, you know, like every fucking browser made since 1995. It’s also got Google Gears built in. Great. I’ll alert Tim Berners-Lee.

This bullshit is a common theme when talking about Chrome. Those who realize that Chrome is not a full fledged operating system but still want to get in on the page-view party are calling Chrome the cloud operating system. Get it, because it’s like clouds. All nature and shit. Don’t you want to read that story?

Well, at least Blodget sort of understands what it takes to run a web browser. I can’t say the same for Michael Arrington, who runs the Special Olympics of tech media, TechCrunch. Arrington fancies himself a kingpin of Web 2.0, but when he starts saying shit like this, it’s hard for him to keep the respect of people, who, you know, understand how computers work:

Chrome is nothing less than a full on desktop operating system that will compete head on with Windows.

Expect to see millions of web devices, even desktop web devices, in the coming years that completely strip out the Windows layer and use the browser as the only operating system the user needs.

In no way can this statement be construed to make sense, and I’m not just being a pedantic asshole here. Fortunately, El Reg readers are with it enough to know that you need a proper OS before you can have a browser. However, a significant number of the users you IT admins support are reading shit like this, and will be putting in support tickets to have Google Chrome OS installed on their computers as soon as possible, because they’ve had enough of Windows and are ready for a change.

Everyone was after the perfect story, whether or not it actually exists. Someone is finally bringing the battle to Microsoft’s front door, and that someone is already a media darling. Google releasing a browser is so damned close to the ideal situation, but there’s not quite enough to declare that Chrome will replace Windows. None the less, this does not stop the technically incompetent from spinning it as such. Maybe they were just feeling nostalgic about Microsoft pummeling the shit out of Netscape?

Anyway, not even Sergey Brin could stop the premature eGoogulation. At a press conference, Brin said:

I would not call Chrome the operating system of Web apps…

Dammit, Sergey. You’re ruining my story!

As comedy would have it, word is that Brin is a Mac user. Considering Google hasn’t released its browser for the Mac yet, he has to run Chrome in VMWare.
Operating system indeed.

Well said.

it’s funny because it’s true

Posted on by No Comments ↓

Another Dilbert, which is funny as usual:

Dilbert.com

So, why the headline? Well, because, it is true. The Daily Background broke a story a couple of weeks ago about precisely this type of behaviour. In brief, they discovered that an employee of Belkin (one Mike Bayard) was paying for fake positive reviews through Amazon’s Mechanical Turk. To wit:

That’s a request from somebody named Mike Bayard to review a product and “give [it] a 100% rating (as high as possible).” It doesn’t matter if the reviewer doesn’t own the product or has never tried it– the requester has helpfully written, “Write as if you own the product and are using it.” It even goes a step further, asking the Mechanical Turk user to “Mark any other negative reviews as “not helpful” once you post yours.”

Users are paid 65 cents for every positive review they leave. There are dozens of these requests from this Mike Bayard guy on Mechanical Turk.

They shouldn’t get away with this. Bayard has also been paying people to post fake reviews on Buy.com and Newegg. Faking reviews is not only against Amazon.com’s Terms of Service, it’s also highly unethical and misleading. Amazon should reset its ratings for this product, and Belkin should discipline or fire this Mr Bayard, ASAP. This is one of the more scummy, totally awful advertising schemes I’ve seen. Tell Amazon and Belkin to read this blog entry and act accordingly.

Needless to say, story was rapidly picked up and spread through the intertubes, courtesy of Gizmodo, Slashdot, Techcrunch, etc. etc. The story broke a couple of weeks before the Dilbert strip came out. I don’t know whether Mr. Adams actually got the idea from the incident. If not it would be even funnier.

To Belkin’s credit, they owned up to the incident and issued an apology letter.

The lesson: Quite simple – don’t do it, and make sure all of your employees know not to do it. If and when any of your employees make any representations regarding your products in public, make sure they clearly identify themselves as your employees, particularly in less formal arenas such as user-created forums and sites (like Amazon) posting reviews and commentaries on product. In fact, having an “official” presence in user forums will often do much for a company’s reputation, particularly where the company employee participating monitors comments and criticisms and actually gets them addressed.

internet e-mail is not secure

Posted on by 1 Comment ↓

From time to time I have moaned and groaned about the lack of security regarding e-mail. Oddly enough, many people who use e-mail on a daily basis for sensitive business communications don’t realize that, generally speaking, e-mail is, by default, not secure. Nothing is magically encrypted when you send or receive e-mails and, to the extent someone can intercept an e-mail, it can be read very easily. I don’t recall who said it, but I do remember the phrase that e-mail should be considered no different than sending a postcard – anyone along the way will be able to read it.

Oddly enough, for some reason, most folks in the business world – including lawyers, bankers, VCs, as well as very smart technology folks – either are not aware of this issue or, if they are, don’t consider it to be much of a risk. To illustrate – I was talking with someone the other day about the marvels of Blackberries. One reason, I was told, that Blackberries have gained such widespread acceptance is their bulletproof security. From what I understand, transmissions to and from the devices is encrypted using some very serious, very heavy duty technology. I pointed out, however, that the encrypted communication was only between the Enterprise Server and the device. So, while it was great that no one could pick up the wireles signal and eavesdrop that way, it would be quite possible once the e-mail made it back on to their mail server and was transmitted via SMTP, at which point it would no longer be encrypted at all (unless other measures had been taken) between their mail server and to the recipients mail server. So although it might be quite secure for e-mails within the organization, for external e-mails, not so much. That being the case, I questioned the value of a partial encryption path for external e-mails. To me, it seemed like armor plating your body, except for your head and chest. I ruminated that it is a question of when, not if, lawsuit or some other form of liability would attach due to someone exploiting this lack of security.

So I read with interest an article on reportonbusiness.com about insider trading as a result of IT folks hacking e-mail:

Regulators revealed yesterday that an information technology analyst working at TD Securities Inc. in Calgary was reading the personal e-mails of investment bankers working on the deal, and bought Synenco securities using undisclosed information about a pending offer from French energy giant Total SA.

While it appears no senior officials involved in any of the recent cases knew their companies’ confidential information had been breached, regulators say firms are responsible for ensuring critical e-mail is not intercepted.

I didn’t see anything in the article about the consequences for the companies. It will be interesting to see what happens. Then again, according to the article, this isn’t the first time this sort of thing happens.

All that being said, there are tools to ensure that e-mails and other communications are made security. There are built-in encryption tools in Outlook. There is PGP. There are services offering encrypted e-mail and other communications through access to secure websites. The fact of the matter, however, is that they’re all an incredible pain in the ass to use. You need to securely exchange public keys. You need to sign up for the web service. You need to go to the website to read and reply. And so on. So, in the meantime, not much is done and millions of unencrypted, easily read e-mails with highly sensitive and confidential information continue to flow through the ether. I imagine at some point something on a much larger scale will occur, and at that point, the imperative will be much stronger to implement security measures for e-mail (at least sensitive/confidential e-mails) or to replace it with something stronger altogether. My suggestion would be that firms exchanging sensitive information by e-mail seriously think about adopting such measures before that. Or run the risk of being the poster-boy for that imperative.

being an employee and a (potential) entrepreneur

Posted on by No Comments ↓

Apologies to my loyal readers for the extended blog absence. What can I say – I was perhaps discouraged by the recent pronouncement in wired that blogging was dead – and that twitter is the Next Big Thing.

In any event, I was reading Dilbert this morning. As those who follow the strip know, there has been a running series about how Dilbert started his own business on his company’s time. (As an aside, it was called dilbertfiles.com and is actually a real site that Scott Adams set up for file sharing).

So today, Dilbert gets some bad news:

Dilbert.com

Funny, but true, unfortunately. One of the things that I admire about Dilbert is the way it conveys some simple truths, such as the one above, with a bit of humour. And it never ceases to amaze me that some entrepreneurs do continue to find themselves barfing in their box full of junk. To wit: The founders of MGA Entertainment – the company that was very successful in marketing a line of dolls called “Bratz”. Apparently, the person who came up with the concept and drawings for the Bratz dolls did so while still in the employ of Mattel. Because of that, Mattel claimed that it owned the rights to the Bratz concept. The court agreed, and gave ownership to Mattel, which then wasted no time in seeking (and obtaining) a court order that effectively shut down MGA’s Bratz business and handed the keys over to Mattel. The folks at MGA likely barfed in their box of junk to the tune of several hundred million dollars. Not good.

The fact of the matter is that if you are a budding entrepreneur who still has a job, unless you have a written agreement with your employer that you will personally retain ownership of certain IP that you come up with, then in all probability whatever you create in the course of your employment will in fact be the property of your employer. So think twice about creating that little side software project on your work computer. Or, for that matter, that really cool blog. Otherwise, you may find yourself handing it over when it’s worth quite a bit more.