microsoft envy

Always On interviewed Bill Gates this week. They talked about a number of things (linux, security, stock vs options). I thought this was the most interesting quote:

Gates: … I think that jealousy has driven my competitors to more mistakes than any other factor I can name.

So true.

Coveting Microsoft’s position on the desktop has a led to a host of bad decisions. They all scream bloody murder when they see Microsoft (ab)using its power, all the while they’re running around trying to copy the strategies and tactics that got Microsoft where it is. And waste millions on futile attempts to take the desktop from Microsoft.

For example, you may recall that Java, when it was originally pitched, was all about applets — the idea was that your desktop software would be delivered to you over the network, in a form that could run on any machine. This was Sun’s attempt to take the desktop. How this would have benefitted them is completely unclear. They got lucky that the “write once, run anywhere” resonated with enterprise developers, who quickly co-opted the technolgy for servlets, so they could stop porting their software from platform to platform. The only way this currently benefits Sun, as far as I can tell, is that they get some license revenue via their certification and trademarking programs. It certainly doesn’t seem to have benefited much from the generation of Enterprise software that can run as easily on Intel or HP as it does on Sun.

Apple pursued its attempts to compete with Microsoft much longer than they should have trying to regain the desktop they once held. They tried beat microsoft at it’s game by producing a better operating system and application suite long after the market had tipped in Microsoft’s favor. They even went as far as starting to commoditize their hardware (remember those Mac compatibles that were available for a year or two?).

From my point of view, this is the fundamental thing Steve Jobs did after his return — convince Apple it didn’t need to be Microsoft; it could be great without beating Microsoft. By doing so, he’s been able to get Apple on to sound strategic footing (control the hardware to reduce the amount of hardware supported; move the OS to one better able to harness open source efforts) and steer it into niche markets where it was uniquely positioned to compete. Apple may never be as big as Microsoft, but it will continue to exist and may even thrive.

More than I will say for Sun, who’s big annoucnement this week was the Java Desktop.

demand draws supply

The NYT has an article, New Economy: Markets Shaped by Consumers, about how consumers shape markets in a more direct sense than is often appreciated. An unmet demand, if its strong and left long enough, will creates its own supply.

Eric von Hippel, a professor at the Sloan School of Management at the Massachusetts Institute of Technology, argues that a huge swath of innovation can be traced to elite consumers whom he calls lead users. These imaginative and technically adept consumers spot a need and invent a solution, often changing whole industries, from sports to software.

Mr. Von Hippel and his graduate students have compiled a series of case studies that fit his model of user innovation. Mountain biking, for example, began in the early 1970′s when cyclists wanted to abandon paved roads for rough terrain. At the time, commercial bikes were not up to the task, so cyclists took heavy old bike frames with balloon tires and bolted on motorcycle-type lever-operated brakes for surer stops when careering down mountain trails. The industry spotted the trend, and mountain bike sales now account for more than half of the bike market in the United States.

“Needs emerge, and users scrounge around and find something,” Mr. Von Hippel said, “or tools and technologies emerge, and people figure out how to use them.”

The same was true of fiberglass surfboards, wet suits, and skateboard decks and wheels.

It was also true of digital music sharing in 97-98. I was consulting for the RIAA at the time — they were worried people using CD burners to copy CDs; the internet seemed like distant concern. But there was this frenzy of activity around ripping digital audio off CDs (as trivial as this seems today, there are some technical challenges and the pioneers had to roll-their-own ripping software to do it) and compressing it (also an area where the pioneers had to write a lot of their own software). By 1999, there were neatly packaged tools, Napster had been born, and the music world had changed.

When a publishing association asked me when they had to worry about the same thing happening to them, I essentially told them to watch for the lead users — people developing clever new ways to digitize printed media. So far, this advice will have served them well.

An interesting question is what would have happened had the lead users for digital music had their needs met before they’d had to resort to writing their own rippers, compressors, and players and developing their own distribution networks. Would all this innovation still have happened?

[via Many-to-Many]

carol coye benson on federation and liability transfer

Carol Coye Benson of Glenbrook Partners has a article, Liability and Federated Identity: Much Ado About Nothing on why Federated identity probably may not live up to expectations: they will likely never provide a basis for transferring liability for between the parties to an on-line transaction. But, as she points out, this probably won’t matter.

This is the thing I think most security wonks miss — it’s tilting windmills to try to make risks disappear or to transfer them all away. But this doesn’t mean you can’t do business. It just places a burden on you as the business manager to understand the risks and how they affect the prospects of turning a profit. Its perfectly reasonable to take an informed risk, and often significantly cheaper than trying to eliminate the risk altogether.

pricing technology

TJ’s Weblog “Technology, Venture Capital and Entrepreneurship”: pricing technology is a nice summary article on the approaches to setting prices companies use and the companies that off products to support it.

This a topic in which I have an interest. At one point, some colleagues and I, were trying to get a company funded that would have done dynamic pricing of online goods for the entertainment industry — I still think its an idea that has some merit. At the time (3 years ago), the VCs we talked to felt that it was ahead of the market.

Belkin Highjacks Browser, Delivers Ad

Wow, and I was just starting to think of Belkin as a semi-respectable peripheral vendor. Apple should rethink its affiliation with them after this. Not cool.

[marketingwonk] The innocuous box on your network known as the router may not be so innocuous after all. A Belkin wireless router has been found to highjack your browser and redirect you to a page that promotes Belkin’s parental control service. Every eight hours an offer for a free six-month trial is delivered to your browser. This is no technical glitch. Belkin openly admits the offer was programmed into the box. Steve Hall comments.

The question is – did they openly advertise this behavior on the box?!? I would want my money back.

repudiating non-repudiation

One of the most frequently sited benefits of public-key based digital signatures is that they are theoretically non-repudiable. Unlike conventional cryptography, where the same key is used to encrypt and decrypt, public key crypto uses a pair of keys: one that encrypts and one that decrypts. The advantage of this is that the originator can create a key pair, keep one key private and make the other public. When the holder of a private key encrypts a document with the private key, people can verify the that the encrypted document came from the holder by simply decrypting it with the public key from the key pair. In practice, digital signatures are a bit more complicated, but that’s the core of it.

With conventional crypto, the encrypter would be able to deny having encrypted the message: the sender has to know the encryption key in order to decrypt it, so they might also have been the one to encrypt the document. With public key crypto, the holder can’t deny having creating the encrypted document — only they have the private key, after all. Very cool, right?

Unfortunately, that’s just the theory. The practice is significantly less elegant.

To turn the theory into practice, your ability to rely on non-repudiation hangs on your ability to do three things right: implement the technology, put in place proper business practices and agreements, and make your case in court.

So, there are three questions you should ask: Relative to other means, how much does using digital signatures lower my risk over other technologies? how much will it cost me to setup up and operate a the business end? how will my chances in court be affected?

If you’re not put off by your answers to the first two questions, then you should definitely take a long, hard look at the third question. While the signer may not be able to deny that their private key was used to sign the document, they may be able to repudiate the signature on a host of other grounds: They didn’t keep their key secure and someone stole it; they didn’t understand their obligation under their user agreement to keep the key secure; they didn’t understand what authority they had granted signatures generated with their private key, etc.

I suspect you’d have better luck enforcing an agreement built around usernames and passwords than you would one built around private keys and digital signatures. So, what technology would give you the biggest return (reduction of risk) on your investment?

The theory of non-repudiation is great, in practice, it tries to do something that is unnatural: it tries to transfer all the risk of a transaction to one party — the signer. My bet is that you get better returns by accepting a more natural distribution of risk.