Saturday, May 21, 2016

The Carolina Donut Festival was clearly not "marketing free"

Years ago, some tech conference promoted itself as being "marketing free." If any speaker started to do any marketing, the speaker would be immediately battered by signs. Expertly constructed sign...whoops! (Ducks) However, the company that promoted "marketing free" stuff ended up going bankrupt.

Because of all this, marketing lives on. (Which is a good thing for me, since I am currently employed as a strategic marketing manager.)

I was recently reminded of the continued importance of marketing when I heard about a stellar event in Marion, North Carolina.

The Carolina Donut Festival, which is taking place as I write this.

Just listen to the local press description of the event:

The first ever Carolina Donut Festival will be held in the downtown Marion from 10 a.m. to 3 p.m. Saturday....

As of Tuesday, the festival had 66 vendors lined up. These include vendors for arts and crafts, non-profit organizations and direct sales. These vendors will be lined up along Main Street in the block in front of Mr. Bob’s Do-Nuts.

Before the festival begins, there will be a Carolina Donut Dash 5K through the streets of downtown Marion. All walkers and runners are encouraged to dress in a doughnut theme....

The Carolina Donut Festival Pageant will then take place after the opening ceremony. Masiello and Morgan said Tuesday the pageant so far had 38 contestants lined up, which includes male and female contestants. They will be in different age divisions: birth to 18 months, 19 to 35 months, 3 to 4 years, 5 to 6 years, 7 to 9 years, 10 to 12 years, 13 to 15 years, 16 to 19 years, birth to 6 years (male) and 7 to 19 years (male). The contestants will come from Spruce Pine, Troutman, Lenoir, Shelby, Morganton, Hickory, Newton and Dallas, N.C., in addition to those from Marion and McDowell County.

Sounds like a lot of stuff, and I haven't even mentioned the donut part. This is, after all, a donut festival. For that part of the festivities, I will turn to a friend of a friend, who posted a review on a semi-private Facebook post.

Doughnut festival.... One and only one doughnut vendor, the local doughnut shop, selling doughnuts on the street in front of the store. Hmmmm.....

Left after getting funnel cake, not even a doughnut. Lol.

Yup, that's right. The entire Carolina Donut Festival is the brainchild of Mr. Bob himself, the donut (whoops, do-nut) guy, along with an events coordinator. If you want to try someone else's donuts, go to THEIR festival.

Now there's no issue per se with a town hosting an event to glorify a single business. After all, if the business has contributed to the community for decades, and if the community is known for that business, I could certainly understand that. For example, if my hometown of Ontario, California entered into a festival deal with Graber Olive House (founded 1894), that would make sense. So how has Mr. Bob contributed to Marion? Back to the article:

Since this business opened in October 2014, Mr. Bob’s Do-Nuts has proved to be a big hit in the local community. Owner Bob Masiello serves up doughnuts, cinnamon buns, Danishes, cannoli, bagels and cream cheese. Customers can also enjoy a cup of hot coffee with their treats, all of which is made fresh every morning.

As you can see, Marion has been blessed with an amazing vendor - one who has served the community for over EIGHTEEN MONTHS, and who serves donuts that are made FRESH. Not only that, but he also serves COFFEE. Where are you going to find an establishment that has done all of that, for so long?

Yet, despite all of this, I am not criticizing Mr. Bob for coming up with this idea.

I am criticizing myself for not thinking of it first.

The Empoprises Festival Planning Committee is being set up as I speak.

Thursday, May 12, 2016

#page462 When you want to provide service, but depend upon a service provider

Brad took his usual exit off the Silicon Freeway. His morning commutes were sometimes filled with traffic, but today was rather pleasant. This would put Brad in a good mood as he drove to his company. Yes, his company - he founded it. A typical 21st century virtual company, Brad's firm provided an app that allowed its users to access specialized content. Typical of today's service offerings, the users didn't actually own the app, or any of the content that they accessed via the app. But the users found the service to be valuable, and kept on downloading the app. Brad still had to work out the whole revenue part of the equation, but his backers seemed to be happy.

Brad turned down a side street to get to his office building - and was surprised to find a gaping hole where his office used to be.

Within a minute, he was on the cell phone to his landlord.

"Where's my office?" Brad shouted.

The landlord was silent.

"C'mon. Where's my office?"

"Sir," replied the landlord, "that was not YOUR office. That is OUR office, and it is no longer available."

"But I have lease papers! That's my office, and you had better get it back!"

"And where are those lease papers?" asked the landlord.

There was a pause. "In my office."

"And we have a duplicate copy here," replied the landlord, "and if you consult page 462 of the terms of service agreement, you have acknowledged that your company did not own the building in question, and that we had the right to revoke access to that building at any time."

"But that's unfair! You can't just take something away from people with no notice!"

The landlord calmly replied. "Perhaps you should have thought of that BEFORE you removed the flying pigs movie from your app. I really liked that movie."

(Image source: Wikimedia)

Tuesday, April 26, 2016

#empoexpiire Lack of automated rotation is identified by @cloudsa as a problem...but automated rotation is not the solution


The Cloud Security Alliance recently published a report (downloadable from here) that talked about security breaches.

In February of 2016, the Cloud Security Alliance released “The Treacherous Twelve: Cloud Computing Top Threats in 2016” which revealed the top concerns expressed by IT security professionals in cloud computing. Data Breaches, Account Hijacking, and Malicious Insiders all rated as top threats. The enabling of these attacks can occur because of a lack of scalable identity access management systems, failure to use multifactor authentication, insufficient password use, and a lack of ongoing automated rotation of cryptographic keys, passwords, and certificates. As a result, these deficiencies can enable unauthorized access to data and potentially catastrophic damage to organizations and end users. It was not surprising to find that Insufficient Identity, Credential, and Access Management was listed as the top vulnerability in the report.

Cloud Security Alliance “IDENTITY SOLUTIONS: Security Beyond the Perimeter”

For professional reasons - my employer provides both biometric and cloud-hosted solutions - I am interested in tons of things in this report, but for this blog post I want to focus on the statement about "a lack of ongoing automated rotation of cryptographic keys, passwords, and certificates."

My question:

So what?

As has been previously noted in other posts with this hashtag, there is really only one "automated rotation" that is required in IT security: rotate the keys/passwords/certificates in when the person requires access, and rotate the keys/passwords/certificates out when the person no longer requires access.

Years ago, a guy named Lamar worked at one of my employers. Lamar was a tall, imposing man. Among his other duties at the time, one of his jobs was to stand outside of the office/cubicle of a person who had just been terminated from the company as said person was packing up his/her things.

If I were to convert Lamar's name into an acronym for termination procedures, the "R" in LAMAR would stand for Revoke. As the person is packing up to leave the facility - or perhaps as the person is getting the bad news in a human resources office - your IT professional should be revoking the person's passwords and shutting off the person's company phone. Meanwhile someone should be taking the person's company phone, along with keys, computers, and the like.

Guess what? If all of these access privileges are revoked upon the termination of the employee - or upon the termination of an employee's need to have a certain level of access - then there is no NEED for an automated rotation policy. Which means that people won't have to deal with the hassles of such a rotation policy, and won't have to write passwords down every 90 or 60 or 30 days. Remember my prior post in which I quoted Lorrie Cranor (Chief Technologist of the U.S. Federal Trade Commission)?

There is also evidence from interview and survey suggest that users who know they will have to change their password do not choose strong passwords to begin with and are more likely to write their passwords down. In a study I worked on with colleagues and students at Carnegie Mellon University...we found that CMU students, faculty and staff who reported annoyance with the CMU password policy ended up choosing weaker passwords than those who did not report annoyance.

And remember the story from Alan Henry that I shared in this post:

I knew one person who put post-it notes [with her passwords] on the bottom of their chair—she was livid when she arrived one morning to find a colleague had borrowed her chair for an impromptu meeting in her office next door.

So if you get rid of auto-rotation, everyone will be more secure.

Tuesday, April 19, 2016

The management style of Brian Wilson, circa 1966

If you took my advice and liked the Empoprise-BI Facebook page, you might have seen my share of a Future Vintage video.

There are a number of musical reasons to be fascinated with this, but I was inspired to look at this from a business perspective.

The song "Good Vibrations" was Brian Wilson's finest moment, although he didn't realize it at the time. By this time Wilson had forced his father out of the group's management, had forced himself out of the group's touring unit, and had assembled a crew of musicians and lyricists to help him realize his vision. By the time of "Good Vibrations," most of the Beach Boys themselves (with the exception of Carl Wilson) were not playing the instruments, and Mike Love alternated with others for the lyrical duties (although, as was subsequently noted, Love's contributions may or may have been downplayed at the time).

Wilson did not have complete control - when "Pet Sounds" bombed financially, he had to take a step back - but with "Good Vibrations," he had the opportunity to craft what he hoped would be the perfect single. (After "Good Vibrations," he would try to write a teenage symphony to God.) But this was years before Prince could go into a studio and create an entire album by himself - Brian Wilson needed help to create his vision.

How did he do it?

Take the lyrics, for example. While Mike Love is in some respects a controversial figure (I've even alluded to the controversy myself), he had his own vision of the Beach Boys. By 1966, the band had enjoyed spectacular success with a steady diet of surf, car, and girl tunes. Why rock the boat? Love had a highly negative reaction when he walked in on the final production for "Pet Sounds," much of which had been conceived while the touring unit of the Beach Boys was on the road. Even by the time of "Good Vibrations," Love had his misgivings:

This was before the Summer of Love, but there were definitely psychedelic rumblings on the West Coast. I felt “Good Vibrations” was The Beach Boys’ psychedelic anthem or flower power offering. So I wrote it from that perspective. The track itself was already so avant-garde, especially with the theremin, that I wondered how our fans were going to relate to it. How’s this going to go over in the Midwest or Birmingham? It was such a departure from “Surfin’ USA” or “Help Me Rhonda”.

So I thought the one thing that everyone can relate to is boy-girl. You know, “she’s giving me excitations”. Had that track not had anything to connect to people intellectually or emotionally, then it would have been a brilliant piece of music, but perhaps not gone to No 1.

So Love wasn't completely on board, but as long as he could get his few words in, he was happy (at the time) to go along with his cousin's wild vision.

Meanwhile, Brian had to communicate with the instrumentalists, such as bassist Carol Kaye.

Brian had all the sounds in his head. He knew what he wanted and wrote out the bass parts for me. They were written crudely – it wasn’t the work of an educated person – but we could read it.

Kaye had another observation.

Brian was a really sweet guy, but he could be cocky when he wanted to be. It was that cockiness that comes with youth. But he was sharp, with very good ears. And he was completely engrossed in what he was doing.

At this stage of his career - after his disruptive father had been banished from the studio, and before Brian himself checked out - he was able to inspire both Wrecking Crew members and the band itself to come up with their greatest work.

In that respect, perhaps Wilson DOES belong in business case studies, right along with other mercurial leaders such as Steve Jobs. This statement about business success could just as well be applied to Wilson, especially when you consider that it took time to appreciate Pet Sounds:

The most revolutionary changes in business method alter the world so fundamentally that their insights can appear banal in retrospect. Alongside the bombast and egotism that can characterise business success, this is a reason for the achievements of business pioneers not always being appreciated as they should.

The parallel does not fit perfectly - after all, there were certain people who were calling Wilson a genius even in 1966 - but his contributions to music were certainly better appreciated in hindsight.

Even by Mike Love.

Monday, April 18, 2016

Can a fruit feel insecure? (QuickTime on Windows)

Apple has had a security battering lately. Recently, despite taking a stance for keeping its iPhones secure, the FBI hacked an iPhone. Now, a former flagship Apple product has been branded as insecure.

The Department of Homeland Security (DHS) is warning Windows customers to stop using Apple’s QuickTime media player.

I didn't read this in a tech journal; I read this in The Hill. For those who don't know, "THE Hill" is Capitol Hill, where national legislation is hammered out in my country.

And no, this isn't an attempt by the FBI to get back at Apple. This warning was issued by the Department of Homeland Security, not the FBI, and as I've already noted, two separate government agencies often have no incentive to cooperate with each other.

To be fair to Apple, the first version of QuickTime (for the Macintosh) was released over a quarter century ago, and much has happened in the world of security since then. This simply serves as a reminder that while software upgrades may appear to be a form of planned obsolescence, there are some legitimate reasons to get rid of that old software.

The DHS notification can be found here.

Workflow update, and the Empoprise-BI Facebook page

I've been playing around with something for the past few days, and I figure that I ought to clue you in on it. It has to do with my workflow.

In the past, I've gotten all convoluted about my workflow, and have created elaborate diagrams showing how my content flows from one service to another. For example, I shared this workflow back in 2008:

Part of the complexity of this workflow was due to my use of FriendFeed (R.I.P.), which (when originally conceived) served as a way to aggregate stuff from a lot of sources. Of course, FriendFeed (and Google News, etc.) is no more.

These days, my workflow is a lot simpler. NetworkedBlogs currently auto-publishes information about my blog posts to Twitter and to selected Facebook pages, and I manually share these on Google Plus (when I remember to do so). However, I'll confess that I'm not visiting Google Plus all that often these days, and I'm not the only one. I don't believe that Google Plus is dead, but the Facebook audience is still the largest one out there that meets my needs.

Well, provided that people find my content.

While I occasionally share posts from this and other blogs on my personal feed, the best way to find most of my content is through my Facebook pages. For example, this blog has an associated Facebook page, Empoprise-BI.

(My admin view. And yes, I'm working on it.)

Now for the workflow change - over the last few days, I've found that I'm sharing more and more stuff to the Empoprise-BI Facebook page. Some of it is random thought, and some of it may eventually end up as Empoprise-BI blog posts (which, as I mentioned, are automatically shared to the Empoprise-BI Facebook page).

So how can you find out about this amazing content?

By liking the Empoprise-BI Facebook page.

Now I won't insist that you choose the additional option to put Empoprise-BI page content at the very top of your feed. Heck, I don't do that myself (I constantly find myself switching to "most recent" rather than "top stories"). But go ahead and like the page, and be sure to visit it every once in a while. You might find a preview of what's coming up in the Empoprise-BI business blog. Heck, if you contribute, YOU might find yourself featured in the Empoprise-BI business blog. (Exciting, I know.)

(And yes, I'm doing similar things for some of my other blogs, but this post is keeping focused on this blog.)

Saturday, April 16, 2016

Update on John Krpan lawsuit

I've noticed increased activity around an old post of mine from April 2015, So you want to interpret for the deaf? There's just one thing.... This told the story of John Krpan, a certified American Sign Language teacher who wanted to get one more certification - the National Interpreter Certification from the Registry of Interpreters for the Deaf, Inc. I summarized the process to get that certification.

You start with the written exam, meet some educational requirements, and then have an interview.

An oral interview.

This caused a problem for Krpan, who is deaf. He ended up taking RID to court on the grounds that RID violated the Americans with Disabilities Act by de facto excluding him from certification.

So why is this old blog post getting renewed activity? Because a judge ruled in the case.

On March 8th, 2016 a U.S. District Court Judge in the Eastern District of Virginia, Alexandria Division granted RID’s Motion for Summary Judgment in the matter of John Krpan, Plaintiff v. Registry of Interpreters for the Deaf, Inc. As a result, a judgment in favor of RID was entered. On Count I, the court determined that the NIC exam and certification process do not violate Title III of the ADA. In terms of Count II, the court determined that the CDI exam and certification do not violate Title III of the ADA by labeling CDI credentialed individuals as “deaf”.

This does not necessarily render Krpan unemployable - after all, he has several other certifications. And perhaps institutions that insist on NIC certification may be picketed by Gallaudet University.

Or perhaps not. Gallaudet offers preparatory courses for people who want to obtain NIC certification, despite the fact that Gallaudet's own president may not qualify for NIC certification herself.

Friday, April 15, 2016

A spot for Spotify - or for any company (rent, taxes, and the talent pool)

There's a reason why this Spotify post isn't going into my Empoprise-MU music blog - because this goes well beyond Spotify.

But we'll start with Spotify, whose founders have penned an open letter to Sweden's government. Because my Swedish language skills are non-existent, I am relying on Quartz's account. Basically, Spotify has three issues:

[CEO Daniel Ek and chairman Martin Lorentzon] say their employees are having a hard time finding apartments and are being charged inordinately high taxes on their stock options, and that the pipeline of programmers coming out of Sweden’s schools is not large enough.

Let's ignore the third point for now, because after all, how can you get more programmers out of Sweden's schools if you don't raise taxes? And we'll also ignore the second one about high taxation for the moment.

So we're left with the first issue - The rent is too damn high.

How does Spotify propose to alleviate this?

By moving to New York.


As the Quartz article notes, there may be a flaw in that logic.

Mans Ulvestam, founder of Acast, which produces analytics and inserts ads in podcasts, has offices in New York, London, and Stockholm. “The cost of living in New York is way higher than Stockholm,” he says. “It’s certainly cheaper to buy an apartment in Stockholm than San Francisco, New York, or London. If Spotify had said they were moving to Idaho–that would have been a valid argument.”

But the difficulty, as Silicon Valley companies well know, is that you need to go where the talent is. And no matter how much I protest, there are not a whole lot of bleeding edge technical personnel in Ontario, California. And when the talent is outside of tech centers, it migrates to tech centers, despite the high personal costs. Talia Jane (who worked at Yelp until she was fired for talking about her struggles) wasn't the only Yelp employee trying to make ends meet.

Every single one of my coworkers is struggling. They’re taking side jobs, they’re living at home. One of them started a GoFundMe because she couldn’t pay her rent. She ended up leaving the company and moving east, somewhere the minimum wage could double as a living wage. Another wrote on those neat whiteboards we’ve got on every floor begging for help because he was bound to be homeless in two weeks. Fortunately, someone helped him out. At least, I think they did. I actually haven’t seen him in the past few months. Do you think he’s okay? Another guy who got hired, and ultimately let go, was undoubtedly homeless. He brought a big bag with him and stocked up on all those snacks you make sure are on every floor (except on the weekends when the customer support team is working, because we’re what makes Eat24 24-hours, 7 days a week but the team who comes to stock up those snacks in the early hours during my shift are only there Mondays through Fridays, excluding holidays. They get holidays and weekends off! Can you imagine?).

Theoretically, you could live anywhere - even Idaho - and work for a Stockholm or New York or Silicon Valley company, but the theory doesn't always work out - again, despite my protests.

So how does a company get access to a huge pool of tech people, yet do so in a way that the tech people can afford to live without giving most of their money away for rent, taxes, and ten pound bags of rice?

Thursday, April 14, 2016

Fear everyone - or don't (Cellebrite or Hacker X never met the Bedford Police Department)

Every once in a while, I like to write a post in which I explain why I don't fear Big Brother (or, to put it another way, "don't worry about the government"). Over the years I've documented the demise of uGov, the cross purposes at UC Irvine, competing airline security systems, the poor security for nuclear missile launches, the lack of NSA-FBI security coordination, the lack of DHS-CIA coordination, and conflicts between the DHS, the FBI, and the NSA. These and many other episodes highlight the truth, expressed by Dave Barry, that any action by government will be met with an equal and opposite reaction from another part of government.

But right now I'm thinking about another post in this vein - Which do you fear more - business Big Brother, or government Big Brother? I want to quote from that 2011 post, which seems eerily relevant today.

Cellebrite manufactures a Universal Forensics Extraction Device. Now we're not talking about debate or biometrics here, but the examination of any item for purposes of law enforcement. In this particular case, we're talking about cell phones. If Malte Spitz had been unsuccessful in getting his location information from Deutsche Telekom, perhaps he could have bought the Cellebrite UFED and obtained the location information in that manner.

"Based on Cellebrite’s expertise in data extraction technology, the mobile forensics products perform both logical and physical data extraction, including recovery of deleted messages and content.

"With more than a decade of experience in mobile data technologies, Cellebrite provides the widest coverage available in the market today. The UFED family of products is able to extract and analyze data from more than 3000 phones, including smartphones and GPS devices."

I am writing this post mere weeks after the FBI ceased its attempts to have Apple unlock Syed Farook's iPhone. Why did the FBI stop? Because it got someone else to unlock it. The FBI didn't say who helped, but various sources claim that Cellebrite did the work, while other sources claim someone else did it.

So who looks good after this affair? Nobody. The FBI, who pleaded that they couldn't unlock the iPhone and that only Apple had the expertise to do so, apparently found someone to do it - possibly cheaply. Apple, who wanted to maintain its posture as a manufacturer of secure communications equipment, has had its security breached - possibly cheaply. And the people who actually unlocked the phone can't get any credit for the deed. Oh, and it's quite possible that the only information that was found on the iPhone in question was data about San Bernardino dining spots.

Now, who are you supposed to fear?

The FBI, who set the wheels in motion to allow this phone - or perhaps your phone - to be hacked?

Apple, who manufactured a phone - perhaps your phone - that could be hacked?

Or the mysterious people who actually performed the hack on this phone, and could do it to your phone?

"None of the above," you might say. "I have nothing to hide."

Well, if you have nothing to hide, then feel free to share your name, address, Social Security Number (remember Todd Davis?), and bank account passwords.

Oh, and leave your house and car unlocked.

Wednesday, April 13, 2016

Does wisdom require information?

You may recall my old post about data, information, knowledge, and wisdom, and its underlying assumption that these are ordered and one proceeds from another.

James Altucher feels differently.

I never read random articles on the Internet unless they are by people I know. Mostly I read books I love.

A friend asked me, when he heard all of this, “But aren’t you afraid you’re going to miss some information?”

I asked him, “What information?”

Wednesday, April 6, 2016

Are credit unions evil banks, or virtuous anti-banks?

As I was walking through a parking lot near a credit union office, I spotted a Bernie Sanders for President bumper sticker.

And it got me thinking.

As many of you know, the Bernie Sanders campaign can almost be characterized as a single issue campaign - namely, to ensure that land acquisition for the National Park Service is fully funded.

Whoops - I seem to have scrambled my notes. Actually, the Sanders issue that is getting a lot of attention can be summarized in four words: "Wall Street is evil."

From the Sanders website:

Wall Street cannot continue to be an island unto itself, gambling trillions in risky financial decisions while expecting the public to bail it out....

The six largest financial institutions in this country today hold assets equal to about 60% of the nation’s gross domestic product. These six banks issue more than two-thirds of all credit cards and over 35% of all mortgages. They control 95% of all derivatives and hold more than 40% of all bank deposits in the United States.

We must break up too-big-to-fail financial institutions. Those institutions received a $700 billion bailout from the US taxpayer, and more than $16 trillion in virtually zero interest loans from the Federal Reserve. Despite that, financial institutions made over $152 billion in profit in 2014 – the most profitable year on record, and three of the four largest financial institutions are 80% bigger today than they were before we bailed them out.

So why would a credit union employee support a guy like Sanders?

One possible reason might be the conclusion that when Sanders rails against financial institutions, he's not railing against credit unions. After all, credit unions are different - the government said so:

Credit unions are not-for-profit organizations that exist to serve their members. Like banks, credit unions accept deposits, make loans and provide a wide array of other financial services. But as member-owned and cooperative institutions, credit unions provide a safe place to save and borrow at reasonable rates.

So perhaps the bumper sticker owner believes that the problems on Wall Street are solely caused by for-profit (rather than not-for-profit) firms that are controlled by oligarchs (rather than individual credit union members just like you and me).

Or perhaps the bumper sticker owner realizes that money is money, but supports Sanders anyway. If so, he or she is not alone:

Meredith Burak is a third-generation Wall Street executive. At 32, she has worked in global wealth management for Bank of America and Merrill Lynch....

"Wall Street has been very good to my family," she said. "It has enabled myself and my cousins and people around me to go to college."

But at the same time, Burak said, Wall Street needs tougher regulation and rules. "People on Wall Street want the game to be fair," she said. "It is when people cheat that things get messed up for everyone. And to the extent that we can have rules and more enforcement to get people like [Ponzi schemer] Bernie Madoff out of the financial system, the better it is for the economy."

Burak said she left Merrill Lynch earlier this month and is traveling in Israel this week, focusing on charitable work on behalf of a cancer foundation in honor of her mother.

And after all, as an anonymous Sanders supporter points out:

"You've got Warren Buffett — one of the wealthiest people in the country — and he's out there supporting raising taxes and the things that Bernie talks about."

Tuesday, April 5, 2016

Coworking, where the new meets the old

Several years ago, coworking was a trend, part of the general trend of working away from an office. Perhaps you'd just park yourself in a coffee shop, or perhaps you'd rent time at a place such as Citizen Space. But people working in coffee shops initially created a backlash, and I just belatedly discovered that even the venerable Citizen Space is no more.

But companies are still entering the coworking market, such as Workbar. For those who aren't familiar with the coworking concept, Workbar has an explanation about the practice:

At Workbar we understand that people don’t always work the way they used to. Technology has made the workforce more mobile, yet has also increased the need for shared resources, human interaction, and fun at work. So we’ve created a network of coworking spaces where independent professionals, start-ups, small businesses, and remote employees of larger enterprises can enjoy a vibrant community and high quality office amenities at an affordable price.

Of course, if you're going to go out and create a coworking space for people, you And Workbar has, um, worked out a mutual win-win for itself and a much older company:

As consumer needs around commerce are changing, commerce hubs are reimagining and redesigning their physical locations to meet customers halfway, so to speak. Staples is joining in on that trend, and is thus converting some of its retail locations for office supplies into temporary office spaces for rent.

Staples, in conjunction with office-sharing startup Workbar, is looking to open three Boston-area communal workplaces. The hope is that the affiliation will draw more small business owners and mobile professionals into Staples locations. Staples needs the customers, as foot traffic has been on the decline since 2009.

This could be an interesting trend. As more people shop online, and brick and mortar establishments try to reinvent themselves, they're looking for all sorts of ways to use up their leased retail space. If this use brings in more customers for the establishment's primary business, all the better.

Thursday, March 31, 2016

Amalgamate all the things - biometrics, geospatial, and the buffet

So, where will we be five years from now? Will we have a number of companies providing everything to everyone, or will we have a myriad of specialty firms?

(Me, in 2011)

There are several different ways to organize businesses, ranging from the Mita model (we only do one thing) to the Beatrice model (we do everything). While the tail end of my Motorola years certainly exposed me to a trend toward the Mita model, I've been seeing a lot more of the Beatrice model lately, where dissimilar businesses end up as part of one big happy business.

Take my industry, biometrics. When I joined this industry in the mid-1990s, Digital Biometrics, Identix, and Printrak were three separate companies. Now all three of them are just a very small part of Safran.

I just ran across another example in the geospatial industry. You'll recall that I recently noted that Pitney Bowes, more commonly known for postage stuff, acquired the geospatial company MapInfo several years ago. But I have also run across another example [DISCLOSURE: I have worked with CACI in the past]:

CACI International Inc. announced it has been awarded a $180 million contract to provide Joint Geospatial Analytic Support Services (JGASS) to US Special Operations Command (USSOCOM).

So how did CACI get into this business?

Through its acquisition of TechniGraphics, Inc. in 2010, CACI has more than 20 years of experience providing geospatial services to the federal government and has become an industry leader in the production, analysis, and dissemination of geospatial data. The company's highly trained and cleared professional staff possesses a deep understanding of geospatial analysis and geospatial imagery intelligence.

Of course, the greatest example of diversification can be found in Warren Buffett's (two t's) company, Berkshire Hathaway. If you look at its list of subsidiaries, you can see that Berkshire Hathaway offers a buffet (one t) of different products and services. I won't provide the entire list, but let me just cite three examples:

  • Acme Brick Company (presumably a spinoff from Wile E. Coyote's supplier)
  • Kraft Heinz (I didn't even know those companies have merged)
  • Pampered Chef (chances are you know someone who works with Pampered Chef - but she can't sell you Acme Bricks)

Wednesday, March 30, 2016

But what if you don't want proprietary geospatial software?

In my various blogs, I've mentioned a couple of geospatial software vendors - many mentions of local company ESRI, and a recent mention of Pitney Bowes (and its product MapInfo). There are other vendors, including Smallworld (from General Electric, not Disney).

Ideally, these and other companies would want you to buy their proprietary geospatial software and use it.

But what if you want to go open source?

There are geospatial open source options, including the Open Source Geospatial Foundation (and GRASS GIS), ILWIS, and the QGIS project.

If you've used Red Hat Linux or other open source programs, you know that open source does not necessarily mean free. Open source software may include charges for support, as well as for consulting and other things - and, of course, you have to hire people to actually use the open source programs. And there are free packages (such as Google Earth) that are not open source, but proprietary.

So what's the difference?

Open source software is written by a community rather than a development team associated with a single software company. Participants from all over the world contribute via the Web. Some do this as part of their “day jobs,” while others volunteer.

A project steering committee or other group keeps order and manages contributions, bug lists and source control. Because the source is available, changes to a local implementation can be made immediately, though changes to the accepted current version may take time to be incorporated....

[O]pen source advocates suggest that programmers are more diligent if they know the world will be seeing their code.

And in certain cases, open source people can become really famous - well, almost as famous as a cartoon character.

Tuesday, March 29, 2016

Analyze all the things - Pitney Bowes, Mapinfo, and IoT

As you probably know, there are a number of organizations that give awards to a number of other organizations for various reasons. One of the award-givers is Forrester, and one of the award-getters is Pitney Bowes. But this award isn't for postage meters.

STAMFORD, Conn., March 14, 2016 - Pitney Bowes (NYSE:PBI), a global technology company that provides innovative products and solutions to power commerce, today announced that the company has been recognized as a Leader in The Forrester Wave™: Customer Analytics Solutions, Q1 2016. The closely watched market assessment notes that organizations consider the Spectrum Technology Platform and Portrait suite of analytical tools for their “customer centricity and smooth marketing integration.”

I don't know if analytics has jumped the shark yet, but it's certainly a popular buzzword these days. According to Forrester, Pitney Bowes has been positioning itself in the analytics arena for years.

“Pitney Bowes facilitates difficult analytical processes like data preparation for the less technically savvy marketer or customer insights,” writes Forrester Senior Analyst Brandon Purcell in the report. “With firm roots in location analytics (due to the acquisition of MapInfo in 2007), Pitney Bowes is well-positioned to leverage the growing volumes of contextual mobile and IoT [Internet of Things] data. It also offers a variety of industry-specific, demographic, and firmographic, data products for further data enrichment.”

At least in theory (I don't know if the actualities match up with the marketing), all of these Pitney Bowes applications work together to convert data into wisdom. As Pitney Bowes noted:

By running analytics on your collected customer data, you can predict customers’ behavior, in terms of what, when, how, where, and why they buy.

I've mentioned the "where" previously in my Inland Empire blog (because of a Pitney Bowes competitor, ESRI). But while I was visiting the Pitney Bowes website, the company showed its dedication to geospatial information, something I've never encountered at the ESRI website - yet.

Friday, March 25, 2016

The unboring board meeting (activist director slate directed at Yahoo)

You've probably read the textbooks about how businesses are governed. All public businesses are run by the shareholders, who have the power to elect a Board of Directors, who has the power to select the people who actually run the company.

The reality is often quite different. The starkest example occurred during Michael Eisner's years running Disney, when he populated Disney's board with his kids' schoolteacher, his maid, the guy who trimmed his meat at the deli, and Justin Bieber. Actually, that's a lie; Bieber probably wasn't even born yet. But you get the idea; insiders often secure control over the company's Board of Directors, ensuring that they can do whatever they want without being stopped. Since people like to vote for incumbents (bold prediction: at least some of the 435 members of the U.S. House of Representatives will be re-elected - again), shareholders tend to keep the company's preferred slate of directors on the board.

Not that activist shareholders don't stop trying. The latest salvo is over the Board of Directors at Yahoo. Starboard Value LP, which holds 1.7% of Yahoo's shares, has announced its intent to nominate a slate of directors to replace the ENTIRE board. Excerpt from Starboard Value's press release:

We believe that Yahoo is deeply undervalued and opportunities exist within the control of management and the Board of Directors (the "Board") to unlock significant value for the benefit of all shareholders. Unfortunately, as we have outlined in previous letters, we have been extremely disappointed with Yahoo's dismal financial performance, poor management execution, egregious compensation and hiring practices, and general lack of accountability and oversight by the Board. We believe the Board clearly lacks the leadership, objectivity, and perspective needed to make decisions that are in the best interests of shareholders.

To that end, we will be delivering to Yahoo today a formal nomination notice of our intention to seek the election of nine highly qualified director nominees at the 2016 Annual Meeting. These nominees have been carefully vetted and selected following a several-month long process that included the evaluation of over 100 qualified potential candidates.

The way that Yahoo has been battered over the last several years, both before and after Marissa Mayer arrived, it is quite likely that THIS effort will... like most other efforts to wrest control of a company away from the insiders.

That's my prediction - which, given my track record, means that Starboard Value is guaranteed to win this fight.

Monday, March 7, 2016

Revisiting LPTA in the context of national security

Even though I'm no longer in proposals, I still follow LPTA discussions. If you don't recognize the acronym, it stands for "Lowest Price, Technically Acceptable." In an LPTA procurement, each vendor has to meet a minimum set of technical criteria. It doesn't matter if you exceed it - you just have to meet it. As long as you meet that baseline, the bid is competed on price.

As you can imagine, LPTA procurements work great for things like toilet paper. They don't work so good for things like jet aircraft.

Back in 2013, I shared a Bob Lohfeld story about one LPTA procurement that went awry. A particular bid came up for a recompete, which was a good thing in the agency's eyes, since the incumbent wasn't doing so great. The incumbent submitted a bid, as did its competitors. But when it came time to evaluate the bids, the evaluators were forced to conclude that the incumbent's bid was technically acceptable, since the incumbent had (marginally) been doing the work. However, the incumbent still feared that it would lose, so it bid a much lower price than the price it bid originally. The net result, according to Lohfeld:

The incumbent contractor, fearing that they would lose on price, took a dive on price and bid lower wages—probably making a bad situation worse.

At the time, neither Lohfeld nor I went into the details of why reducing your labor costs on an existing contract could "make a bad situation worse." Fast forward to February 2016, when Erik Kleinsmith wrote the following:

[C]ontractors who have people working on a LPTA-bid program coming up for re-compete have to bid with real people while competitors can bid fiction. As long as competitors can prove that they will provide [people] who will meet the baseline qualifications, it is easier for them to bid much lower and worry about the costs of actually hiring qualified people later. Incumbents are therefore faced with three choices:
•Bid their current people (and most likely lose)
•Bid their current people but cut their salaries (often drastically) and risk losing them, or
•Replace their current people and risk losing the relationships they’ve built with the government.

Options 2 and 3 require a certain degree of cut-throat mentality, as they entail telling current employees that their past efforts have been so great that they’ve resulted in a severe pay cut or outright replacement.

And of course the fun is just beginning during the bid process. It gets even more fun after the bid has been "won":

Unlike programs where turnover happens because of the government selecting better quality people, the normal chaos that results in contract turnover is not a one-time event for LPTAs. It continues throughout the life of the program. Many incumbent employees who do not have immediate job prospects elsewhere will stay on – but only as long as it takes for them to find a better paying job elsewhere. New analysts starting on the program soon learn that they are worth more working somewhere else and also tend to leave in fairly short order. If there is a certification, clearance, or some other skillset acquired on the new job, they will wait until they gain it and then take their more marketable resume somewhere else in the community.

Oh, and one thing that I neglected to mention - Kleinsmith was writing this in the context of intelligence analysts. Now I have no idea how many national security-type bids are issued as LPTA bids, but Kleinsmith does an effective job of painting a scary picture. Namely - if you're going to bid LPTA for intelligence work, then you might as well hand Snowden's documents, Clinton's email server, and everything else over to ISIS right now.

OK, he didn't go that far. But he did say this:

When considering an intelligence career, ask specific questions from your hiring managers and don’t take “It’s a best-value program” for an answer. Ask them about the average turnover rate and talk to other analysts currently on task if possible. Also ask them if there are specific resume submission or experience requirements for your position. If not, be warned. Eventually you will run into an LPTA-bid program, but hopefully from a third-person and not a first-person perspective.

Friday, March 4, 2016

#empoexpiire In which the FTC and universities look at password expiration policies

On the same day that I wrote my most recent post on password expiration policies, someone named Lorrie Cranor wrote a post on the same topic.

Now are you going to listen to Lorrie Cranor, or are you going to listen to me? I mean, who is Lorrie Cranor?

She's just the Chief Technologist of the U.S. Federal Trade Commission.


There's no way that I can address all of the topics that Cranor raised, so I encourage you to read her entire post. Its title? "Time to rethink mandatory password changes."

At one point in her post, she describes the results of a University of North Carolina study that looked at password files and history for people who were required to change passwords regularly.

The researchers then developed password cracking approaches that formulated guesses based on the previous password selected by a user. They observed that users tended to create passwords that followed predictable patterns, called “transformations,” such as incrementing a number, changing a letter to similar-looking symbol (for example changing an S to a $), adding or deleting a special character (for example, going from three exclamation points at the end of a password to two), or switching the order of digits or special characters (for example moving the numbers to the beginning instead of the end)....

The researchers performed an experiment in which they used a subset of the passwords to train their cracking algorithm to apply the most likely transformations and then use it to crack the remaining passwords. The paper includes a lot of technical detail about what they did, but the bottom line results are striking. The UNC researchers found that for 17% of the accounts they studied, knowing a user’s previous password allowed them to guess their next password in fewer than 5 guesses. An attacker who knows the previous password and has access to the hashed password file (generally because they stole it) and can carry out an offline attack can guess the current password for 41% of accounts within 3 seconds per account (on a typical 2009 research computer). These results suggest that after a mandated password change, attackers who have previously learned a user’s password may be able to guess the user’s new password fairly easily.

Cranor further states:

There is also evidence from interview and survey suggest that users who know they will have to change their password do not choose strong passwords to begin with and are more likely to write their passwords down. In a study I worked on with colleagues and students at Carnegie Mellon University...we found that CMU students, faculty and staff who reported annoyance with the CMU password policy ended up choosing weaker passwords than those who did not report annoyance.

After reading Cranor's post (and there's a lot more there than what I cited), I only have one regret - I wish that she wasn't the chief technologist at the FTC, but at the government agency that I cited in my March 2 post.

Thursday, March 3, 2016

Business in India - it looks different over there

I live in the United States of America, and as such I have a particular perspective on business in India. From the American perspective, India is a huge market that provides a number of services to the United States.

So a business paradise - right?

Well, it looks a little different from the Indian perspective.

Narendra Modi swept into power in May 2014 on the strength of a charismatic personality and a promise to eliminate India's legendary bureaucratic barriers to business. Today, India’s corporate leaders are losing faith that he can remove those obstacles....

India jumped 12 places on the World Bank’s ease of doing business index during Modi’s first year in office — from 142 to 130 — but many complex regulations and paperwork requirements have not been reduced.

The way the USA Today writer sees it, Modi's efforts are blocked by anti-business legislators in the upper house. And one writer speculates that there is an incentive for opposition parties to oppose business reforms:

If the Indian economy palpably (and not just in terms of numbers) improves over the next three years then more Indians will be convinced of Modi’s growth model. This may improve NDA’s vote share in the 2019 election, to the extent that even if its opposition forms a mega-alliance, NDA will retain the majority in the Lok Sabha. For this to happen, critical reforms must be enacted. While the actual economic impact of any reform will play out in the long term, in the short to medium term they improve certainty about the future and are thus, likely to support the stock market and along with it, the positive sentiment with respect to the government.

However, for the opposition parties, an adverse economic scenario will help them gain vote share against the incumbent ruling party and possibly win more seats. No matter how deplorable, it will be ‘rational’ for them to oppose reforms and dent sentiment, if not the actual economy.

Of course, that's silly. Politicians would never intentionally trash their own country to increase their own electoral prospects.

Would they?

Wednesday, March 2, 2016

#empoexpiire - Another example of how a 90 day password expiration policy discourages registrations

I haven't posted anything in my #empoexpiire series lately. Well, it's time to revisit the topic of 90 day password expiration.

You'll recall my June 15, 2015 post in which I returned to a service after several years, only to find out that if I reactivated the service, I'd have to change my password every 90 days.

I didn't reactivate the service. Too much hassle.

Some time last year, I also tried to re-access a separate service that listed government business opportunities. I ran into hassles and dropped the matter until now.

I knew my login name for the service, but could not recall the password. I tried a number of possible passwords, none of which worked. So I went to the service's reset password option, which would email me procedures to reset my password. I would receive that email within a few minutes.

I never received the email.

After some thought, I realized why I didn't receive the email. Over the last eight years, I have had four different work email addresses, and three of those addresses are no longer operational. (Note to those who are trying to email me at my old Motorola email address: I won't get your email.) It was extremely likely that the password email had been sent to one of those three email addresses.

So I went to the service's support website, which required me to set up a separate support account. (Did I mention that the first site listed government business opportunities?)

Once I had set up the support account, I contacted a person who was very helpful, and who confirmed that my account was linked to one of those three non-existent email addresses. The support person also noted that they were not authorized to modify email addresses on accounts, and that I would therefore have to set up a separate account with a new user name.

Frankly, I can understand this policy. After all, it is quite possible that I could have been an imposter, trying to gain access to John Bredehoft's account. An imposter could probably easily provide old email address information, along with a sob story about having no access to those email accounts any more. This could trick a support person into redirecting account emails to a fraudulent address.

So why haven't created a new account with a new user name for this particular service? Because of the sentence at the end of the support email.

Passwords must be changed every 90 days or your account will be disabled.

So if I set up the new account today, I'd have to change the password within 90 days anyway.

I might as well wait until I have to use the service on a regular basis before setting up the account.

P.S. You know that separate support account that I DID set up? Well, it has a 90 day password expiration policy also.

Tuesday, March 1, 2016

LAWA on the web, revisited

If you follow all things Inland Empire, you may have seen the post that appeared in my Empoprise-IE blog on Monday. Among other things, the post took an online publication to task for saying that Los Angeles International Airport (LAX) has five terminals. I then noted, with support from the LAX website, that LAX has eight terminals - Tom Bradley International Terminal, and numbered terminals 1-7.

I'm sure a few of you know where this is going.

After I wrote the post, but before I published it, I had to take someone to LAX. According to my FlightStats app, the flight was scheduled to leave from Terminal 8.

Thinking nothing of this, I went to Waze to plot a course for Terminal 8. (Aside: if you are meeting someone at the ARRIVAL level of LAX, be very careful when selecting your Waze destination.) But when I searched the Waze destinations for LAX, I couldn't find Terminal 8 - just Terminal 7. So I drove to Terminal 7 and dropped the person off there.

Is there a Terminal 8, or is there not? Another portion of the LAX website says that there is a Terminal 8.

And apparently the confusion has persisted for years. Here's a quote from a 1998 Los Angeles Times article:

Those figures include travelers passing through Terminal 7 and also the "Shuttle by United Terminal," which many travelers think of as Terminal 8, but which LAX considers a satellite of Terminal 7.

Of course, all of LAWA's plans for 1998 were adversely affected by 9/11 - which, among other things, explains why LAWA-controlled Ontario International Airport still does not have a Terminal 3.

Tuesday, February 23, 2016

Is that a best of breed, out of the box ninja?

Perhaps I saw it on LinkedIn.

I don't recall the specific details, but the item talked about signs of a poor organization. One of those signs was referring to your employees as "ninjas."

Now perhaps it's worthwhile to review the actual definition of the term ninja:

a member of a feudal Japanese society of mercenary agents, highly trained in martial arts and stealth (ninjutsu) who were hired for covert purposes ranging from espionage to sabotage and assassination.

I would be willing to bet that most organizations are not feudal organizations, and that they don't want their employees to sneak up on people and kill them.

Well, at least I'd be willing to say that organizations don't endorse killing people. Feudalism might be wonderful from their perspective.

So one day, I thought I'd find a company that actually used the term ninja to see what it was really talking about, and found this - a blog post seeking a "go-to-market ninja."

Even the hiring company admitted that they probably couldn't get a real ninja, and therefore would settle for "people who were ninja-like." I guess that means that they won't kill their enemies; they'll just laugh at them or something.

Unfortunately, the company's love of cliches did not stop with the misuse of the term ninja.

This ninja’s goal? To manage the 4 members of the Outreach Team and level-up our sales and marketing presence in the community–swiftly and with monster-truck force.

Ninjas AND monster trucks? But wait - it gets better.

Imperfect is a mission-driven startup...

As opposed to a startup with no mission whatsoever. Or perhaps the founders are practicing Roman Catholics. Forgiveness certainly plays a theme in this mission:

Imperfect is on a mission to find a home for these misshapen fruits and veggies in people’s fridges by selling them for a 30-50% discount with a lovable, hip brand.

Hint from an old (over 25) geezer - if you have to say you're hip, you're not.

Even if you're a lovable, hip monster-truck ninja.