Open Letters to Security Vendors

John Masserini has a set of “open letters to security vendors” on Security Current.

Everyone involved in product or sales at a security startup should read them. John provides insight into what it’s like to be pitched by too many startups, and provides a level of transparency that’s sadly hard to find. Personally, I learned a great deal about what happens when you’re pitched while I was at a large company, and I can vouch for the realities he puts forth. The sooner you understand those realities and incorporate them into your thinking, the more successful we’ll all be.

After meeting with dozens of startups at Black Hat a few weeks ago, I’ve realized that the vast majority of the leaders of these new companies struggle to articulate the value their solutions bring to the enterprise.

Why does John’s advice make us all more successful? Because each organization that follows it moves towards a more efficient state, for themselves and for the folks who they’re pitching.

Getting more efficient means you waste less time per prospect. When you focus on qualified leads who care about the problem you’re working on, you get more sales per unit of time. What’s more, by not wasting the time of those who won’t buy, you free up their time for talking to those who might have something to provide them. (One banker I know said “I could hire someone full-time to reject startup pitches.” Think about what that means for your sales cycle for a moment.)

Go read “An Open Letter to Security Vendors” along with part 2 (why sales takes longer) and part 3 (the technology challenges most startups ignore).

What’s Copyright, Doc?

I blogged yesterday about all the new works that have entered the public domain as their copyright expired in the United States. If you missed it, that’s because exactly nothing entered the public domain yesterday.

Read more — but only commentary, because there’s no newly free work — at “What Could Have Entered the Public Domain on January 1, 2014?

It’s near-impossible to see how our insanely long copyright terms, or their never-ending extensions encourage Dr. Seuss, Ayn Rand, Jack Kerouac or Ian Fleming to keep producing new work. Those authors have been richly rewarded for their work. But it’s easy to see how keeping those works under copyright reduces creative re-use of our collective cultural heritage.

What Price Privacy, Paying For Apps edition

There’s a new study on what people would pay for privacy in apps. As reported by Techflash:

A study by two University of Colorado Boulder economists, Scott Savage and Donald Waldman, found the average user would pay varying amounts for different kinds of privacy: $4.05 to conceal contact lists, $2.28 to keep their browser history private, $2.12 to eliminate advertising on apps, $1.19 to conceal personal locations, $1.75 to conceal the phone’s ID number and $3.58 to conceal the contents of text messages.

Those numbers seem small, but they’re in the context of app pricing, which is generally a few bucks. If those numbers combine linearly, people being willing to pay up to $10 more for a private version is a very high valuation. (Of course, the numbers will combine in ways that are not strictly rational. Consumers satisfice.

A quick skim of the article leads me to think that they didn’t estimate app maker benefit from these privacy changes. How much does a consumer contact list go for? (And how does that compare to the fines for improperly revealing it?) How much does an app maker make per person whose eyeballs they sell to show ads?

Lunar Oribter Image Recovery Project

The Lunar Orbiter Image Recovery Project needs help to recover data from the Lunar Orbiter spacecraft.

Frankly, it’s a bit of a disgrace that Congress funds, well, all sorts of things, over this element of our history, but that’s besides the point. Do I want to get angry, or do I want to see this data preserved? Yes to both.

First View of Earth from Moon
That’s why I’ve given the project some money on Rockethub, and I urge you to do the same.

Should I advertise on Twitter?

Apparently Twitter sent me some credits to use in their advertising program. Now, I really don’t like Twitter’s promoted tweets — I’d prefer to be the customer rather than the product. (That is, I’d like to be able to give Twitter money for an ad-free experience.)

At the same time, I’m curious to see how the advertising system works. I’d like to understand it and blog about it, but Twitter would like to maintain confidentiality around the program. They’re engaged in white-hot competition with Facebook and Google to be the new advertising platform of the future. At the same time, it’s less transparency than the exceptionally high bar that Twitter has generally aspired to.

That said with the launch of Control-Alt-Hack, my collaborators have stuff to sell and give away. (Not to mention maybe a sales bump for The New School of Information Security?) Or maybe I could promote other books that I think people should read, like “Thinking, Fast and Slow“). Does the nature of what I’m advertising change the calculus? Would advertising the giveaway make it different?

Then again, I do lots of “advertising” on Twitter already–I advertise the book, the game, blog posts, ideas I like. Does paying to bring them to more people dramatically change the equation?

Interestingly (and I think this is something that can be discussed, because it’s visible), I’m offered the chance to promote both tweets and myself.

I’d be really interested in hearing from readers about how I should take advantage of this, and if I should take advantage of it at all.

Taxpayers Stuck With Tab, but not in Seattle

In an article with absolutely no relevance for Seattle, the New York Times reports “With No Vote, Taxpayers Stuck With Tab on Bonds.” In another story to which Seattle residents should pay not attention, the city of Stockton is voting to declare bankruptcy, after risking taxpayer money on things like a … sports arena.

Of course, in Seattle, blah blah it’ll be so profitable, that it’ll make us a world class city while unlocking a stream of buzzwords and nonsense.

No, really. That seems to be the level of public discourse right now. The taxpayers of the region are being asked to pony up as much as 400 million bucks to help a hedge fund manager offload risk. That strikes me as doubly unwise. First, there’s lots of better ways we could allocate a possible $400 million dollars of spending. Second, when making a deal with a hedge fund manager to take risk, you should look for the sucker in the deal. It’s unlikely to be the hedge fund.

Washington State Frees Liquor Sales: some quick thoughts

I hate to let an increase in liberty go by without a little celebration.

For the past 78 years, Washington State has had a set of (effectively) state-operated liquor stores, with identical pricing and inventory. Today, that system is gone, replaced by private liquor sales. The law was overturned by a ballot initiative, heavily backed by Costco.

This is an interesting experiment in letting a little chaos emerge. Unfortunately, it’s not really a transition to a free market, since there are all sorts of licensing restrictions on who may trade in the demon rum. However, there will initially be about 5 times as many legal retailers as were previously present.

The transition is going to be messy. There’s lots of licensed retailers who haven’t obtained inventory. There’s a thousand people who were voted out of their jobs. Change is often messy.

After the transition, I expect prices will be roughly the same because of taxes and fees. What I expect will be much better is the selection and variety, especially of locally produced products from folks like Oola and Pacific Distillery. Many of those businesses were seriously inhibited by the complex and chummy system that was present.

I also expect surprise and look forward to it.

So raise a toast to the slow unwinding of a very silly system of prohibition.

How to get my vote for the ACM Board

I’m concerned about issues of research being locked behind paywalls. The core of my reason is that research builds on other research, and wide availability helps science move forward. There’s also an issue that a great deal of science is funded by taxpayers, who are prevented from seeing their work. One of the organizations which locks science behind a paywall is the ACM. As it turns out, the ACM is having elections, and I’m a member, so I thought maybe I could usefully vote on this issue. So I went to the ACM website to see what’s being said on it. Here’s what I had to go through to find the answer:

  • Are the elections important enough to be listed on the home page? Apparently not.
  • Maybe it’s an issue of importance to the ACM Membership? Nah.
  • Maybe I can find something about it on ACM US? That’s actually the “public policy” arm.
  • So perhaps it’s a matter of who will be on Boards and Committess? No, that points to this page, which is highly informative.
  • Maybe it’s under MyACM? Nope
  • Ahhh! Finally, it’s under Membernet: here

And it turns out that there’s no one running for the board of the ACM who’s running on open access issues. That’s too bad.

So let me be very clear. I’m a one-issue voter for academic societies. I believe that open access to science is a key part of everything that these societies should be doing, and it’s the only part that involves change to the business, and thus controversey.

If you want my vote, run on an open access platform.

(If you’re not familiar with the arguments for open access, see The Open Access Pledge site, The Cost of Knowledge site, or this faculty memo from the library of a small college in Cambridge, Mass.)

[Update: Don’t miss the comment by Brighten Godfrey, who’s been reaching out to the candidates, and gathering their positions.]

It’s a Lie: Seattle Taxpayers Will Pay for a Staduim

The Seattle Times carries a press release: “Arena plan as solid as it looks?

The intricate plan offered for an NBA and NHL arena in Sodo hinges on the untested strategy of building a city-owned, self-supporting arena, without the aid of new taxes, and with team owners — not taxpayers — obligated to absorb any losses.

This not only a lie, it is a blatant lie, contradicted by statements later in the article:

…Seattle and King County would finance $200 million — likely in bonds — to cover construction costs. The city would recoup its money through lease payments and the taxes on everything from tickets to concessions from the arena.

Let me translate that into plain English. The taxpayers of Seattle and King County would sign a bond. We’d be obligated to pay it back if or when the Supersonics new team leaves town. Also, let me comment that the use of “would” is inaccurate. The word that the writers sought and were unable to come up with is “might”, as in: “the city might recoup its money…”

One more quote:

It’s hard to argue against the idea of an arena that pays for itself.

It’s even harder to guarantee it, though.

Actually, it’s easy to guarantee that the arena pays for itself, or at least that the taxpayers don’t pay for it. The builders finance the arena. See how easy that is? They issue the bonds, they reap the profits. Then the people of Seattle and King county are guaranteed to not be on the hook.

Pretty simple, if the Seattle Times would stop relaying lies about who’s on the hook for bonds issued by Seattle or King County.

Look, while I’m opposed to having to sit in traffic for yet more sporting events, I shouldn’t have a say in how these folks spend their money. The arena backers should feel free to spend their money, plus as much as anyone will loan them, to build a stadium, buy a team, or hold a parade. That’s what freedom is about. But the people of Seattle should not carry any of the risk. The money should be entirely private.

Maybe the plan can’t work without Seattle bearing some of the risk. If that’s the case, that’s because this isn’t the sure thing that its backers want us to think. It means that the bankers see this as a risky thing, and want to transfer that risk to some sucker. I don’t want to be the sucker who’s paying for a failed deal. Do you?