A market for journal articles, again

George Akerlof shared the 2001 Nobel prize in economics for his paper on “Lemon markets.” While reading Akerlof’s Nobel Prize essay, I was struck by the comment:

I submitted “Lemons” there, which was again rejected on the grounds that the The Review did not publish papers on topics of such triviality.

It seems to me that a fair number of interesting papers go through this process. Ideally, they are strengthened by the reviews, but as Akerlof makes clear, no one bothered to provide a useful review. Worse, it seems that journals go largely unread. Papers are disseminated when someone takes notice and promotes them (this starts with the author, telling his friends that he just got something published.)

In Zetland’s model, it would be reasonable to create a journal dedicated to interesting new ideas that are having trouble finding a place for publication. The goal would be to find new ideas, well presented. The journal would speculate on papers. It could drive readership on a promise to be interesting. I’m reserving the name “Curiouser and Curiouser” for my journal.

A lemons market for … anti-spyware

Anti-spyware software has many of the issues that other privacy software has had.* It’s hard to understand the technical means by which privacy is invaded. It’s hard to see that you have (some) spyware. And it’s hard to evaluate what anti-spyware software works, and what doesn’t.

Well, it was.

Eric Howes has started testing anti-spyware, and finds that it all sucks:

No single anti-spyware scanner removes everything. (1) Even the best-performing anti-spyware scanner in these tests missed fully one quarter of the “critical” files and Registry entries.

I hope that broad-circulation home PC magazines pick up his work, and send him loads of money to test more. Given that signaling is hard in this market, we need a consumer reports.

* I originally analyzed this in thinking about why Zero-Knowledge’s Freedom anonymous internet service didn’t take over the world. The big difference is that much spyware is intrusive, popping up windows and taking you to porn sites, motivating you to go find anti-spyware software.

(Via Slashdot.)


These women and a good many others, both frequent and occasional travelers, say they are furious about recent changes in airport security that have increased both the number and the intensity of pat-downs at the nation’s 450 commercial airports. And they are not keeping quiet.

Most of the women interviewed said they did not make formal complaints, most saying that they assumed it would be futile to do so. Ms. Maurer said she and some other women she had spoken to are wary of complaining in writing, both because of the presumed futility and from fear of being singled out when they travel in the future.

When does the intrusiveness end? The TSA has claimed unending power to change the law, to intrude on our lives as it sees fit, in the name of security. One thing I can say is that complaining in writing has not impacted the frequency, nor the competence, of the searches that I’m subjected to. Complaining at the site sure does bring out the brownshirts, though.

(From “Many Women Say Airport Pat-Downs are a humiliation”,” in the New York Times.)

No fly list

A man with an expired passport got onto Air France flight 26 on Saturday, November 19th:

Flight 026 from Paris to Washington Dulles International Airport was diverted to Bangor, Maine, after U.S. officials discovered that the man was listed on the government’s no-fly list. The man’s name also was on the State Department’s terrorist watch list and visa revocation list, a Homeland Security official said Sunday.

(USA Today’s ‘s Kathy Kiely was on the plane and wrote a story, and their main story.)

However, since he wasn’t wearing a “suspected terrorist” button, he was allowed to board.

[Update: On reflection, this is a fascinating light to shine on the no-fly list. If this Moroccan fellow is such a danger, why not lock him up as a material witness? We’ve locked up thousands that way. We don’t even have an accurate count. But no, they just sent him home, because even the TSA understands that the lists have become a one-way process: People get added, never removed. No one will risk their career to protect David Nelson or Johnnie Thomas or even a congressman by removing a name. This anonymous fellow is enough of a threat that he can’t get on a plane in the US, but we don’t care to arrest or detain him. Hmmm.]

Security and diplomacy

…Mr. Bush had to wade into a group of security agents to pull his lead Secret Service agent out of a shoving match with the Chilean police. The tape showing the president assuring the Chileans that his agent could come with him played over and over on television screens in the region this weekend.

By Saturday night – though it had not been announced – Chile had already begun calling the guests to the dinner planned for Sunday at La Moneda, the presidential palace that was the site of the coup that overthrew Salvador Allende on Sept. 11, 1973. The dispute over the dinner on Sunday centered on the question of whether the Chilean guests would be required to go through metal detectors before dining with Mr. Bush, a standard practice for the Secret Service. The Chileans told Mr. Bush’s delegation that the practice was humiliating. “Can you imagine someone like the Chief Justice of the Supreme Court having to submit to an inspection by gringo security agents in order to get into our own seat of government?” asked one of the disinvited Chileans, who spoke on condition that he not be identified. “That’s an affront no Chilean was going to tolerate, and Lagos had no choice but to act the way he did.”

(From the New York Times. )

What I’d like from a social software web site

There are lots of so-called ‘social software’ web sites that help you umm stay in touch with friends, or make new ones or something (Friendster, Tribe, Orkut, etc). Some are more socially oriented, others are more about business.

What I’d really like is one that supports my travel habits. I fly to lots of places. Many of my friends do too. But none of these sites help us drink beer together. I’d love to send travel email (“this is your flight information”) to a web site. It would parse it, and lookup who else who you know will be there then, and send you both an email.

Luke Nelson and I came up with this over beer in Portland, thanks to Jeff. Thanks Jeff! If anyone would like to run off and build this, please buy us all beer. You’ll know when we’re in town.

Informed? comment

Experts tend to know that when journalists report on their subject, things get twisted up and wrong. You start to evaluate a publication by looking at how it does on subjects you know, and assume that its work is consistently at the same level.

I’ve been (cautiously) reading Informed Comment, by Juan Cole. He tends to throw around the word “Likudnik” to refer to anyone to his right. He displays a bias that Israel is to blame, and so I’d taken to skipping his comments on Israel. I was also ignoring my consistency rule. Today, Iraq The Model writes a long article:

I was surfing the net as usual to find out what’s happening in the world, as I rely mainly on the net instead of TV now When I came across this article by Dr Juan Cole that made me feel ashamed of myself. This man who doesn’t live in Iraq seems to know more about the history of Iraq than I do. In his article he was criticizing the westerns, journalists in particular, for making judgments without knowing much about Iraq’s history, which I must admit is true.

He also provide a link to another article by a professor of Arab studies in the university of Colombia and use it as a reference to back up his theory. What Dr. Cole was trying to tell us, as you can see in his article, is that Fallujah is celebrated in Iraq’s history as a symbol for the large rebellion/revolution against the British back in 1920. His source, Dr. Rasheedi goes as far as considering Fallujah the start point of that event and says in his article:
“To restore Iraq to their control, the British used massive air power, bombing indiscriminately. That city is now called Fallujah.”

Anyway, I don’t know which is worse; that the two experts in Arb world didn’t know about Dr. Al Wardi and his writings or that they knew but chose Sadam’s version of Iraq’s history!?

I don’t know who Dr Al Wardi is, but I’m getting the feeling I should trust the consistency rule.

What’s Google Worth?

I opened this blog, exactly three months and 250 posts ago, asking, “Why Did Google Pop?” (with a second post on the topic as well.)

Nudecybot has two fascinating posts on Google today. The first is on Google bias, the second on gmail, and the fact that it now actually secures your email (way to go, Google!).

In the first, he claims that Google is overvalued. Google has a market cap of around 45 Billion dollars, on revenues of 2.6 Billion, and an EBITDA of 500 million.

There are two basic ways to value a company. The first is the discounted value of its anticipated cash flow. (Discounted means that jam today is worth more than jam tomorrow, and I should sell you jam tomorrow at a slightly lower price, because I get the money earlier, and can make use of it. On a broader level, having $100 in hand today is worth more than $100 in hand a year from now, and the amount you’d pay to get $100 next year (about $98 at today’s interest rates) is called the discounted value. So the discounted value of a company’s expected cash flow means that a company is worth what it’s going to bring in over time, adjusted for the fact that you’ll get that money over time, and the risk that the money won’t come in.

The second way to value a company is the replacement value of its assets. This means that a company is worth what it would cost to build the same thing. This method is harder to use. In Google’s case, it requires figuring the value of several notoriously hard-to-value assets. One is brand. I visit Google an average of 15 times a day. Google’s ease of use is amazing. You could spend a lot of time and energy and not get it as right as they’ve gotten it. (I’ll make an exception for gmail, which I really don’t like. I like mail to be lightning fast, because I get a lot of it, and hate waiting. Gmail now has secure POP servers, so I can use my own tools. I’ll be interested to see how or if they advertise over POP.) The second really hard to value asset is Google’s staff. Google has collected an amazingly smart set of people on the technical side, and they seem to figure out how to make money from the stuff those folks invent. The third non-obvious asset is the ability to run a 100,000 node server farm on the cheap. Moore’s law has lead to operations costs dominating hardware costs, and running a network cheaply is very hard. I think is rapidly depreciating as they add a mix of services. I’ve gotten tired of Orkut’s bad service, and Gmail sometimes gives me a come back later message. But I suspect that in the Gmail case they’ll fix it.

So, are these hard to value assets, plus the more obvious ones like Pagerank and a fast web service, worth $45 billion?

So who likes them?

Ryan Singel catches an AP article on RFID passports:

On the latest passports, the agency has “taken a ‘keep it simple’ approach, which, unfortunately, really disregards a basic privacy approach and leaves out the basic security methods we would have expected to have been incorporated for the security of the documents,” said Neville Pattinson, an executive at Axalto North America, which is working on a prototype U.S. electronic passport.

So I’m just curious. If the privacy-aware don’t like them; if the people making them don’t like them; if the security experts don’t like them; who’s pushing this crap? The identity thieves union?

Cost, Value of government

After the election, I asked What’s a Free Election worth?.” John Robb over at Global Guerrillas has a partial answer, which is what the 2nd intifada has cost both sides over 4 years:

10% of Israel’s GDP (roughly 2.5% of GDP per year), and a stunning 300% of GDP over 4 years for the Palestinians.

Global Guerrillas is fascinating because he’s using economics, sociology, and epidemiology a lens for understanding terrorist and guerrilla action, trading in information, techniques, and material, spreading of infections, and the failure of the state. Not always spot on, but always challenging and interesting.

Also related, there are a couple of posts at Hit & Run on Somalia’s telecoms industry, based on a BBC story:

“The government post and telecoms company used to have a monopoly but after the regime was toppled, we were free to set up our own business,” says Abdullahi Mohammed Hussein, products and services manager of Telcom Somalia, which was set up in 1994 when Mogadishu was still a war-zone.

Mr Abdullahi says the warlords realise that if they cause trouble for the phone companies, the phones will stop working again, which nobody wants.


There’s a 3 page article in the Washington Post on phishing, the use of fake email and web sites to capture usernames and passwords. The phishers often target financial institutions.

Marcus Sachs, a former White House cyber-security adviser and current director of the SANS Internet Storm Center, said marketing departments at many banks do not heed their companies’ own advice. Too often, he said, banks send e-mails to customers offering balance transfers and other deals by asking them to click on a Web site link and enter their information.

“If the corporate policy is never to send e-mails that contain links to Web sites asking for your personal information then these businesses need to work harder to normalize their behavior so that consumers will know what’s abnormal,” Sachs said. “The fact is some banks still send out e-mails that look remarkably like phishing scams.”

This is very true, and I’d like to award a Golden Homer (“D’oh!”) to AT&T Wireless, who send out statements as large emails, with Javascript (and lord only knows what else), asking you to enter your social security number. There will be a custom virus that screws all AT&T Wireless customers because of this stupidity.

Sachs said online merchants, banks and credit card companies need to invest in technologies used by most European banks that require customers to use one-time “identity tokens” or smart cards — in addition to user names and passwords — to get their financial information over the Web.

This will be something of an improvement, it means that the phisher can’t come back later and execute an attack, but nothing in the current SSL system, or the SSL system plus tokens, certificates, or biometrics, prevents a “man in the middle” attack where the phishers take the one time token data, feed it to the web site, and steal money live.

This will be somewhat easier to detect, because the money is moving, but the phishing attacks will likely slow down, so that they’re not harvesting, storing and then using credentials, but “hunting and gathering” as they go.

Ian Grigg has done yeoman’s work on SSL and phishing.

Training companies to send a consistent message, and fining them when they deviate, would be a fine start, as Marcus Sachs said. But the real solutions require authenticating the server in a meaningful way.

Deworming the Internet

The always engaging Doug Barnes has a new paper out, “Deworming the Internet“. The paper is more interesting because Doug is technically and legally savvy. (Always a dangerous combination.)

The paper evaluates regulations, markets, government intervention, litigation, and finally, a set of suggestions for what is most likely to work. Its perhaps the most comprehensive and detailed study I’ve seen.