In my work blog: “Announcing Elevation of Privilege: The Threat Modeling Game.”
After RSA, I’ll have more to say about how it came about, how it helps you and how it helps more chaos emerge. But if you’re here, you should come get a deck at the Microsoft booth (1500 row).
There’s a huge profusion of dating sites out there. From those focused on casual encounters to christian marriage, there’s a site for that.
So from a product management and privacy perspectives I found this article very thought provoking:
Bookioo does not give men any way to learn about or contact the female members of the site. Men can join for free, if they have been invited—and if a current Bookioo member can vouch for their information. They can then post a profile for the perusal of the female—and paying—members of the site. It’s those paying women, however, who get to call the shots.
As interesting as the approach is, what’s more interesting is how they came to it. They focused on a set of female customers, and asked what is it that they worry about, and what do they want? Co-founder David Olmos:
We think that women don’t feel comfortable with the current dating sites. The latter are too masculine: they were designed by men and they fundamentally address men’s needs. We know that many women prefer a different approach: they’re eager to socialize, to meet new people, and we propose to do that through activities. It may lead them to find a partner, of course, but they may as well enjoy an afternoon in a museum with a new girl friend whom they met Bookioo! So we propose to socialize through activities, common hobbies and common tastes.
As you can see, we actually want to revamp the “dating” concept, taking the perspective of women. The key issue for us is to make sure that women enjoy the level of privacy they wish and that the males’ profiles are fully validated. (“Bookioo: dating and social networking site gives women full control.”)
It’s also a very different approach to “creep management,” which we’ve covered in past posts like “Emerging dating paranoia,” “Dating and Background Checks in the UK” or “Dating & Background Checks in China”
At Microsoft, there’s a very long history of ‘eating your own dogfood’ or using the latest and greatest daily builds. Although today, people seem to use the term “self-host,” which seems evidence that they don’t do either.
Eating your own dogfood gives you a decent idea of when it starts to taste ok, which is to say, ready for customers to see in some preview form.
Apropos of which, there’s a really interesting post at the Inkling blog, “Pay for your own dog food:”
Using your own product comes with a ton of benefits, because you become your own customer. The quality of your product likely increases because you can’t ignore it’s problems. They aren’t just your customers problems. They are your problems.
…
We’ve gotten in the habit of actually taking out our own credit card and using it on our own account sign up page. Yes, it’s a bit silly when the credit card processing takes some money off the top. But it makes the feeling very real that you are paying for this, and now it’s an expense just like it’s going to be an expense for your clients.
Mordaxus emailed some of us and said “I hope this doesn’t mean MG has jumped the shark.” What was he talking about?
Apparently, ThinkGeek now has a “Molecular Gastronomy Starter Kit.” For those of you who’ve been hiding in a Cheesecake Factory for the past few years, molecular gastronomy is the art of using science to do things to food beyond your typical applications of heat with fire or its close analogs, acids baths beyond marinades, combinations harder to achieve than hollandaise, and whipping things without egg whites. See, it’s really a continuum and continuation of what chefs have been doing for years. Really, poaching eggs and poaching jolt cola are all about understanding and using the chemicals available in your kitchen in new and interesting ways. Ten years ago, not a lot of people brined their chicken, and twenty years ago everyone but the Japanese overcooked their tuna. Wasabi wasn’t a normal ingredient. Kitchens change. There’s chaos and experimentation. Some of what emerges is good, and some of it’s embarrassing. Some of it’s the home Sous Vide kits, and some of it’s the starter kit.
The real question is what’s going to emerge next in the market, and what’s going to emerge in your kitchen?
In a lawsuit filed Sept. 28 in Los Angeles Superior Court, Amber Duick claims she had difficulty eating, sleeping and going to work during March and April of last year after she received e-mails for five days from a fictitious man called Sebastian Bowler, from England, who said he was on the run from the law, knew her and where she lived, and was coming to her home to hide from the police.There was even a fictitious MySpace page reportedly created for Bowler.
Although Bowler did not have Duick’s current address, he sent her links to his My Space page as well as links to video clips of him causing trouble all over the country on his way to her former house in Los Angeles, according to the lawsuit.
“Amber mate! Coming 2 Los Angeles. Gonna lay low at your place for a bit till it all blows over,” the man wrote in one e-mail….
It turns out the prank was actually part of a marketing effort executed by the Los Angeles division of global marketing agency Saatchi & Saatchi, which created the campaign to promote the Toyota Matrix, a new model launched in 2008. …Tepper, Duick’s attorney, said he discussed the campaign with Toyota’s attorneys earlier this year, and they said the “opting in” Harp referred to was done when Duick’s friend e-mailed her a “personality test” that contained a link to an “indecipherable” written statement that Toyota used as a form of consent from Duick….(“Woman Sues Toyota Over ‘Terrifying’ Prank,” ABC News.)
Dear Toyota attorneys: a contract involves, first and foremost, a meeting of the minds. We’ve had years of farcical and indecipherable privacy policies. Anyone who’s ever tried to read them knows that you can’t figure them out. Everyone knows that no one even tries. The final thing which any first year law student knows: neither of those lead to terms which shock the conscience.
I’d like to ask readers to blog and tweet about this until Saatchi, Saatchi and Toyota explain what went wrong, and agree to all of Duick’s demands.
Shown, Toyota’s attorneys in conference with representatives of Saatchi and Saatchi. Photo by Jrbrubaker.
Ten years ago, I left Boston to go work at an exciting startup called Zero-Knowledge Systems. Zero-Knowledge was all about putting the consumer in control of their privacy. Even looking back, I have no regrets. I’m proud of what I was working towards during the internet bubble, and I know a lot of people who can’t say that.
We struggled with the tremendously hard problem of privacy. We did it for something bigger and more important than ordering your groceries online. We didn’t succeed at the first business plan, or the second, but we plugged away at it, listened to prospective customers and partners, and the company is still in business and going strong as RadialPoint.
We learned an awful lot. We learned that people are awfully passionate about privacy. Hundreds of thousands of people signed up to try our software. We had a guy who called support after buying a new computer to get privacy. I remember the woman who took his call telling me how sad she was she had to get off the phone and take other calls. And we learned that what we meant when we said privacy wasn’t what other people meant.
I think too much of today’s privacy debate is wrapped up in a similarly nebulous term, identity theft. It’s hard to address a problem that’s so vague. But that’s a post about today, not about ten years ago.
We hired a lot of great people who I knew. I met a lot of great people, too. Went to work with one of them, Dave Clauson at another startup, Reflective. Work with some of them again (Hi Christian! Hi Stefan!).
For me, the key lesson was to really drink deep of your prospective customer’s pain. To accept that they may have a label that you really understand better than them (“privacy”) and that it doesn’t matter. What matters is how they see it, and how they understand your solution. Zero-Knowledge made me skeptical of great technology as a problem solver, when the customer is asked to understand it or care. Your customers never care about your technology anymore. They care about what pain it solves.
I’d love to go back and tell myself ten years ago to love the customer better. There’s other lessons. I’d love to seized the day and some of its opportunities better. But in the end, that flight to Montreal put me on the path to where I am today.
So a huge thank you to all of our customers and prospective customers. Thank you to Ian for introducing me to Austin. Thank you, Austin and Hamnett for offering me the job. Thank you to all of my co-workers, employees and friends of the company.
Well, by now it’s all over the blogo/twitter spheres, and everything that might be said has already been said about Eric Blair, a publisher and Amazon:
This morning, hundreds of Amazon Kindle owners awoke to discover that books by a certain famous author had mysteriously disappeared from their e-book readers. These were books that they had bought and paid for—thought they owned.
But no, apparently the publisher changed its mind about offering an electronic edition, and apparently Amazon, whose business lives and dies by publisher happiness, caved. It electronically deleted all books by this author from people’s Kindles and credited their accounts for the price. [Update: This is misleading, see "We Regret The New York Times' Error"]
This is ugly for all kinds of reasons. Amazon says that this sort of thing is “rare,” but that it can happen at all is unsettling; we’ve been taught to believe that e-books are, you know, just like books, only better. Already, we’ve learned that they’re not really like books, in that once we’re finished reading them, we can’t resell or even donate them. But now we learn that all sales may not even be final. (“Some E-Books Are More Equal Than Others,” David Pogue, New York Times.)
Jack Balkin has some interesting commentary in “Control at a Distance:”
This is because of the combination of the first sale doctrine in copyright law and the fact that the book is a physical copy. Because it is a physical copy, nobody would think that the publisher of the book would have the rights to enter your house and remove the book. But when you purchase an e-book, what you really purchase is merely a license to store the an electronic copy on the Kindle’s hard drive according to end user license agreement that Amazon provides (and that you agree to when you purchase and first use the device). As a result you may not have the rights to do things with the e-book that you think you can.
For example, you may not have the right to read or write code like “MobiDeDRM.zip.” You probably have a right to read English about it in places like “Converting Kindle Books: a painful process that works for reading Kindle books without a Kindle.” I probably have the right to tell you that this will give you advice to type sentences like python mobidedrm.py Title-of-Book.azw Title-of-Book.mobi (your kindle serial number> (which is just an imperative form verb, a noun and three adjectives.) That sentence is incredibly expressive, and even emotionally evocative to any Kindle owner who is upset over what Amazon has done, and who takes the time to think through what the sentence means. It means that the boot can be removed from the device.
Back in the days of the crypto wars, we had the ITAR regulations which treated crypto like a munition, and helped keep the internet insecure against wiretappers. (The knock-on effects of the ITARs probably substantially enabled the Iranian government’s monitoring of internet traffic, as standards stay deployed for a long time, and the 3G phone standards were written in a world where crypto was radioactive.)
Back to the ITAR, people like Phil Karn and John Gilmore printed some crypto software and applied for an export license for the printed form, and the same software on a disk. Obviously, the paper form was covered by the first amendment, and to restrict something based on form was silly and ineffectual. Confronted with that, the NSA went back to the drawing board and revised their regulations. I’m hopeful that this “Memory Hole 2.0″ that Amazon has just demonstrated to the world will draw attention to the DMCA and its provisions which prohibit people from speaking certain sentences which cause ‘technological protection measures’ to be bypassed. Those sentences might be powerful, but they’re really little different from other sentences you might write in languages which you didn’t learn growing up. Written words have long been powerful. The pen is mightier than the sword, and all that.
Amazon is between a rock and a publisher here. They need the cooperation of publishers to get most any content created in the last 70 years onto the Kindle. They know consumers who discover book removal hate it. But I think they’ve chosen a sub-optimal position between that rock and publisher. I don’t believe they need the ability to reach out into Kindles and change things. They should treat that as a bug and fix it.
The alternative would be that consumers fix it themselves, and who knows what else they might do with the Kindles they’ve purchased? Folders? A private PDF reader? Chaos might emerge.
Oh, the very best part? The books in question? The ones that went down the memory hole? Blair wrote them under a pen name, George Orwell. And the books? Animal Farm and 1984.
Some additional links which I think are worth reading:
Image: Gizmodo.
In “Who Watches the Watchman” there’s an interesting history of watchclocks:
An elegant solution, designed and patented in 1901 by the German engineer A.A. Newman, is called the “watchclock”. It’s an ingenious mechanical device, slung over the shoulder like a canteen and powered by a simple wind-up spring mechanism. It precisely tracks and records a night watchman’s position in both space and time for the duration of every evening. It also generates a detailed, permanent, and verifiable record of each night’s patrol.
The market for these devices was well established when John Brainard Ken Weiss invented the SecurID token. In fact, either John or Vin McLellan told me that the reason Security Dynamics built a time-based system was so that it could play in the wandering guard market. The guard needed the SecurID to write a code in a book, and with that, you could determine when he was at a given watch station. Only later did they discover that their device had value for information security. [Update: Vin corrects some of my historical details in the comments.]
Security Dynamics did an impressively good job of building a complete system, and an ecosystem for their devices, but creating plug-in authentication modules for all sorts of things. Frankly, their security wasn’t really great in any theoretical sense. There were relatively obvious flaws like Mudge’s ‘listen and guess’ attack on the last digit being sent over a cleartext channel. His “Vulnerabilities in OTP’s – SecurID and S/key” was presented at DefCon IV, but I can’t find a copy of the paper. There were more difficult to find flaws as I pointed out in my “Apparent Weaknesses in the Security Dynamics Client Server Protocol“. Later Biryukov, Lano and Preneel presented “ Cryptanalysis of the Alleged SecurID Hash Function.”
What John, and later Art Covellio understood far better than Mudge or I understood at the time was that the security didn’t really matter all that much. The system and its components needed a baseline of security, and they invested in that, and beyond. They had their system reviewed by top outside experts. They needed to be able to handle the baseline questions about someone tampering with the card, and the algorithms and protocols were kept secret in accordance with practice at the time. (John told me that I settled a debate between their engineers and marketing when I published them. Had I known that, I would have included the hash function in my paper, but on advice of counsel I’d removed it. He called it “waving a red flag in front of Security Dynamics just because you can.”)
What did matter was that their customers were doing better than static passwords, and they mostly delivered, unless Bart Preneel or I was your adversary.
Security Dynamics also won on the usability of the system, relative to other tokens. Some alternatives, implemented challenge/response systems. To use them, you needed to enter a challenge, then press enter, your PIN and then enter, and then type in the response. All prompts and errors were in an 8 character LCD display. It was hard to deploy to real people.
Another advantage that Security Dynamics delivered was integration into everything. They had a server of their own. Clients to replace /bin/login on a dozen unixes, Netware and a GINA plugin for Windows. Radius and TACACS integration. They made themselves the easiest system to actually deploy. That’s important. A system with much greater security and double the cost of deployment would have been hard to justify.
Anyway, Security Dynamics was a good enough business that when they went to get an RSA license, it turned out to be “easier to buy the company than to get a license.” (As Art Covellio says in this Hearsay podcast with Dennis Fisher.)
And at the end of the day, developing products that people can actually understand and deploy for their protection and risk management is what it’s about. Knowing where to start innovating is a key part of that.
So I’m getting ready to head over to RSA, and I’m curious. If you believe that “security is about outcomes, not about process,” what outcomes do you want from RSA? How will you judge if the conference was worthwhile?
Paul Graham has a great article in “Startups in 13 Sentences:”
Having gotten it down to 13 sentences, I asked myself which I’d choose if I could only keep one.
Understand your users. That’s the key. The essential task in a startup is to create wealth; the dimension of wealth you have most control over is how much you improve users’ lives; and the hardest part of that is knowing what to make for them. Once you know what to make, it’s mere effort to make it, and most decent hackers are capable of that.
Then in “Geeks and Anti-Geeks,” Adam Barr writes:
You notice this if you listen to the chatter before a meeting. Half the time people are talking about World of Warcraft; those are the geeks. The other half they are talking about pinot noir; those are the anti-geeks. In either case, the group then proceeds to discuss a pattern-based approach to refactoring your C# class design in order to increase cohesion and leverage mock objects to achieve high code coverage while minimizing your unit test execution time.
…
The reason this matters is because Microsoft has recently been pushing engineers to realize that they are not the customer, the customers are not geeks, and therefore engineers can’t design properly for our customers. What I think happens, however, is that the anti-geeks hear this and think, “They’re not talking about me; I know that those beer-swilling geeks don’t understand the customer, but I’m a cultured sort, not a geek–I’m just like our customers!” And so they go out and design software for themselves…and of course they mess it up…because our customers may not spend their spare time playing Dungeons & Dragons, but neither do they spend it tramping across the Burgess Shale.
So I don’t disagree with Mr. Barr, but I do want to expand a little. The fundamental job of the program manager is to understand the market, come up with a solution that will delight the customer, sell that vision to the team, create and drive the product to shipping to those customers. The market only matters in understanding if a product is worth building, and in helping to shape our understanding of the customer by understanding their economic context.
I don’t think I’m anything like most of my customers. Those customers are first and foremost, 35,000 or so software engineers inside of Microsoft, second, security experts helping them or reviewing their work, and third, software engineers at other vendors who build on our platform. I’m most like the second set, but they’re a distant second, and (as several of them will tell you) I have a tendency to reject their first attempt at getting a feature out of hand, because our previous tools were so expert-centric.
More importantly, I don’t need to be like our customers to delight them. I am nothing like a professional chef, but I am frequently delighted by them. What I need to do is actively listen to those customers, and fairly and effectively advocate for their attitudes and words to my team.
As I was working on this Joel Spolsky posted “How to be a program manager,” which covers some similar ideas.