Thursday, March 31, 2016

Amalgamate all the things - biometrics, geospatial, and the buffet

So, where will we be five years from now? Will we have a number of companies providing everything to everyone, or will we have a myriad of specialty firms?

(Me, in 2011)

There are several different ways to organize businesses, ranging from the Mita model (we only do one thing) to the Beatrice model (we do everything). While the tail end of my Motorola years certainly exposed me to a trend toward the Mita model, I've been seeing a lot more of the Beatrice model lately, where dissimilar businesses end up as part of one big happy business.

Take my industry, biometrics. When I joined this industry in the mid-1990s, Digital Biometrics, Identix, and Printrak were three separate companies. Now all three of them are just a very small part of Safran.

I just ran across another example in the geospatial industry. You'll recall that I recently noted that Pitney Bowes, more commonly known for postage stuff, acquired the geospatial company MapInfo several years ago. But I have also run across another example [DISCLOSURE: I have worked with CACI in the past]:

CACI International Inc. announced it has been awarded a $180 million contract to provide Joint Geospatial Analytic Support Services (JGASS) to US Special Operations Command (USSOCOM).

So how did CACI get into this business?

Through its acquisition of TechniGraphics, Inc. in 2010, CACI has more than 20 years of experience providing geospatial services to the federal government and has become an industry leader in the production, analysis, and dissemination of geospatial data. The company's highly trained and cleared professional staff possesses a deep understanding of geospatial analysis and geospatial imagery intelligence.

Of course, the greatest example of diversification can be found in Warren Buffett's (two t's) company, Berkshire Hathaway. If you look at its list of subsidiaries, you can see that Berkshire Hathaway offers a buffet (one t) of different products and services. I won't provide the entire list, but let me just cite three examples:

  • Acme Brick Company (presumably a spinoff from Wile E. Coyote's supplier)
  • Kraft Heinz (I didn't even know those companies have merged)
  • Pampered Chef (chances are you know someone who works with Pampered Chef - but she can't sell you Acme Bricks)

Wednesday, March 30, 2016

But what if you don't want proprietary geospatial software?

In my various blogs, I've mentioned a couple of geospatial software vendors - many mentions of local company ESRI, and a recent mention of Pitney Bowes (and its product MapInfo). There are other vendors, including Smallworld (from General Electric, not Disney).

Ideally, these and other companies would want you to buy their proprietary geospatial software and use it.

But what if you want to go open source?

There are geospatial open source options, including the Open Source Geospatial Foundation (and GRASS GIS), ILWIS, and the QGIS project.

If you've used Red Hat Linux or other open source programs, you know that open source does not necessarily mean free. Open source software may include charges for support, as well as for consulting and other things - and, of course, you have to hire people to actually use the open source programs. And there are free packages (such as Google Earth) that are not open source, but proprietary.

So what's the difference?

Open source software is written by a community rather than a development team associated with a single software company. Participants from all over the world contribute via the Web. Some do this as part of their “day jobs,” while others volunteer.

A project steering committee or other group keeps order and manages contributions, bug lists and source control. Because the source is available, changes to a local implementation can be made immediately, though changes to the accepted current version may take time to be incorporated....

[O]pen source advocates suggest that programmers are more diligent if they know the world will be seeing their code.

And in certain cases, open source people can become really famous - well, almost as famous as a cartoon character.

Tuesday, March 29, 2016

Analyze all the things - Pitney Bowes, Mapinfo, and IoT

As you probably know, there are a number of organizations that give awards to a number of other organizations for various reasons. One of the award-givers is Forrester, and one of the award-getters is Pitney Bowes. But this award isn't for postage meters.

STAMFORD, Conn., March 14, 2016 - Pitney Bowes (NYSE:PBI), a global technology company that provides innovative products and solutions to power commerce, today announced that the company has been recognized as a Leader in The Forrester Wave™: Customer Analytics Solutions, Q1 2016. The closely watched market assessment notes that organizations consider the Spectrum Technology Platform and Portrait suite of analytical tools for their “customer centricity and smooth marketing integration.”

I don't know if analytics has jumped the shark yet, but it's certainly a popular buzzword these days. According to Forrester, Pitney Bowes has been positioning itself in the analytics arena for years.

“Pitney Bowes facilitates difficult analytical processes like data preparation for the less technically savvy marketer or customer insights,” writes Forrester Senior Analyst Brandon Purcell in the report. “With firm roots in location analytics (due to the acquisition of MapInfo in 2007), Pitney Bowes is well-positioned to leverage the growing volumes of contextual mobile and IoT [Internet of Things] data. It also offers a variety of industry-specific, demographic, and firmographic, data products for further data enrichment.”

At least in theory (I don't know if the actualities match up with the marketing), all of these Pitney Bowes applications work together to convert data into wisdom. As Pitney Bowes noted:

By running analytics on your collected customer data, you can predict customers’ behavior, in terms of what, when, how, where, and why they buy.

I've mentioned the "where" previously in my Inland Empire blog (because of a Pitney Bowes competitor, ESRI). But while I was visiting the Pitney Bowes website, the company showed its dedication to geospatial information, something I've never encountered at the ESRI website - yet.

Friday, March 25, 2016

The unboring board meeting (activist director slate directed at Yahoo)

You've probably read the textbooks about how businesses are governed. All public businesses are run by the shareholders, who have the power to elect a Board of Directors, who has the power to select the people who actually run the company.

The reality is often quite different. The starkest example occurred during Michael Eisner's years running Disney, when he populated Disney's board with his kids' schoolteacher, his maid, the guy who trimmed his meat at the deli, and Justin Bieber. Actually, that's a lie; Bieber probably wasn't even born yet. But you get the idea; insiders often secure control over the company's Board of Directors, ensuring that they can do whatever they want without being stopped. Since people like to vote for incumbents (bold prediction: at least some of the 435 members of the U.S. House of Representatives will be re-elected - again), shareholders tend to keep the company's preferred slate of directors on the board.

Not that activist shareholders don't stop trying. The latest salvo is over the Board of Directors at Yahoo. Starboard Value LP, which holds 1.7% of Yahoo's shares, has announced its intent to nominate a slate of directors to replace the ENTIRE board. Excerpt from Starboard Value's press release:

We believe that Yahoo is deeply undervalued and opportunities exist within the control of management and the Board of Directors (the "Board") to unlock significant value for the benefit of all shareholders. Unfortunately, as we have outlined in previous letters, we have been extremely disappointed with Yahoo's dismal financial performance, poor management execution, egregious compensation and hiring practices, and general lack of accountability and oversight by the Board. We believe the Board clearly lacks the leadership, objectivity, and perspective needed to make decisions that are in the best interests of shareholders.

To that end, we will be delivering to Yahoo today a formal nomination notice of our intention to seek the election of nine highly qualified director nominees at the 2016 Annual Meeting. These nominees have been carefully vetted and selected following a several-month long process that included the evaluation of over 100 qualified potential candidates.

The way that Yahoo has been battered over the last several years, both before and after Marissa Mayer arrived, it is quite likely that THIS effort will... like most other efforts to wrest control of a company away from the insiders.

That's my prediction - which, given my track record, means that Starboard Value is guaranteed to win this fight.

Monday, March 7, 2016

Revisiting LPTA in the context of national security

Even though I'm no longer in proposals, I still follow LPTA discussions. If you don't recognize the acronym, it stands for "Lowest Price, Technically Acceptable." In an LPTA procurement, each vendor has to meet a minimum set of technical criteria. It doesn't matter if you exceed it - you just have to meet it. As long as you meet that baseline, the bid is competed on price.

As you can imagine, LPTA procurements work great for things like toilet paper. They don't work so good for things like jet aircraft.

Back in 2013, I shared a Bob Lohfeld story about one LPTA procurement that went awry. A particular bid came up for a recompete, which was a good thing in the agency's eyes, since the incumbent wasn't doing so great. The incumbent submitted a bid, as did its competitors. But when it came time to evaluate the bids, the evaluators were forced to conclude that the incumbent's bid was technically acceptable, since the incumbent had (marginally) been doing the work. However, the incumbent still feared that it would lose, so it bid a much lower price than the price it bid originally. The net result, according to Lohfeld:

The incumbent contractor, fearing that they would lose on price, took a dive on price and bid lower wages—probably making a bad situation worse.

At the time, neither Lohfeld nor I went into the details of why reducing your labor costs on an existing contract could "make a bad situation worse." Fast forward to February 2016, when Erik Kleinsmith wrote the following:

[C]ontractors who have people working on a LPTA-bid program coming up for re-compete have to bid with real people while competitors can bid fiction. As long as competitors can prove that they will provide [people] who will meet the baseline qualifications, it is easier for them to bid much lower and worry about the costs of actually hiring qualified people later. Incumbents are therefore faced with three choices:
•Bid their current people (and most likely lose)
•Bid their current people but cut their salaries (often drastically) and risk losing them, or
•Replace their current people and risk losing the relationships they’ve built with the government.

Options 2 and 3 require a certain degree of cut-throat mentality, as they entail telling current employees that their past efforts have been so great that they’ve resulted in a severe pay cut or outright replacement.

And of course the fun is just beginning during the bid process. It gets even more fun after the bid has been "won":

Unlike programs where turnover happens because of the government selecting better quality people, the normal chaos that results in contract turnover is not a one-time event for LPTAs. It continues throughout the life of the program. Many incumbent employees who do not have immediate job prospects elsewhere will stay on – but only as long as it takes for them to find a better paying job elsewhere. New analysts starting on the program soon learn that they are worth more working somewhere else and also tend to leave in fairly short order. If there is a certification, clearance, or some other skillset acquired on the new job, they will wait until they gain it and then take their more marketable resume somewhere else in the community.

Oh, and one thing that I neglected to mention - Kleinsmith was writing this in the context of intelligence analysts. Now I have no idea how many national security-type bids are issued as LPTA bids, but Kleinsmith does an effective job of painting a scary picture. Namely - if you're going to bid LPTA for intelligence work, then you might as well hand Snowden's documents, Clinton's email server, and everything else over to ISIS right now.

OK, he didn't go that far. But he did say this:

When considering an intelligence career, ask specific questions from your hiring managers and don’t take “It’s a best-value program” for an answer. Ask them about the average turnover rate and talk to other analysts currently on task if possible. Also ask them if there are specific resume submission or experience requirements for your position. If not, be warned. Eventually you will run into an LPTA-bid program, but hopefully from a third-person and not a first-person perspective.

Friday, March 4, 2016

#empoexpiire In which the FTC and universities look at password expiration policies

On the same day that I wrote my most recent post on password expiration policies, someone named Lorrie Cranor wrote a post on the same topic.

Now are you going to listen to Lorrie Cranor, or are you going to listen to me? I mean, who is Lorrie Cranor?

She's just the Chief Technologist of the U.S. Federal Trade Commission.


There's no way that I can address all of the topics that Cranor raised, so I encourage you to read her entire post. Its title? "Time to rethink mandatory password changes."

At one point in her post, she describes the results of a University of North Carolina study that looked at password files and history for people who were required to change passwords regularly.

The researchers then developed password cracking approaches that formulated guesses based on the previous password selected by a user. They observed that users tended to create passwords that followed predictable patterns, called “transformations,” such as incrementing a number, changing a letter to similar-looking symbol (for example changing an S to a $), adding or deleting a special character (for example, going from three exclamation points at the end of a password to two), or switching the order of digits or special characters (for example moving the numbers to the beginning instead of the end)....

The researchers performed an experiment in which they used a subset of the passwords to train their cracking algorithm to apply the most likely transformations and then use it to crack the remaining passwords. The paper includes a lot of technical detail about what they did, but the bottom line results are striking. The UNC researchers found that for 17% of the accounts they studied, knowing a user’s previous password allowed them to guess their next password in fewer than 5 guesses. An attacker who knows the previous password and has access to the hashed password file (generally because they stole it) and can carry out an offline attack can guess the current password for 41% of accounts within 3 seconds per account (on a typical 2009 research computer). These results suggest that after a mandated password change, attackers who have previously learned a user’s password may be able to guess the user’s new password fairly easily.

Cranor further states:

There is also evidence from interview and survey suggest that users who know they will have to change their password do not choose strong passwords to begin with and are more likely to write their passwords down. In a study I worked on with colleagues and students at Carnegie Mellon University...we found that CMU students, faculty and staff who reported annoyance with the CMU password policy ended up choosing weaker passwords than those who did not report annoyance.

After reading Cranor's post (and there's a lot more there than what I cited), I only have one regret - I wish that she wasn't the chief technologist at the FTC, but at the government agency that I cited in my March 2 post.

Thursday, March 3, 2016

Business in India - it looks different over there

I live in the United States of America, and as such I have a particular perspective on business in India. From the American perspective, India is a huge market that provides a number of services to the United States.

So a business paradise - right?

Well, it looks a little different from the Indian perspective.

Narendra Modi swept into power in May 2014 on the strength of a charismatic personality and a promise to eliminate India's legendary bureaucratic barriers to business. Today, India’s corporate leaders are losing faith that he can remove those obstacles....

India jumped 12 places on the World Bank’s ease of doing business index during Modi’s first year in office — from 142 to 130 — but many complex regulations and paperwork requirements have not been reduced.

The way the USA Today writer sees it, Modi's efforts are blocked by anti-business legislators in the upper house. And one writer speculates that there is an incentive for opposition parties to oppose business reforms:

If the Indian economy palpably (and not just in terms of numbers) improves over the next three years then more Indians will be convinced of Modi’s growth model. This may improve NDA’s vote share in the 2019 election, to the extent that even if its opposition forms a mega-alliance, NDA will retain the majority in the Lok Sabha. For this to happen, critical reforms must be enacted. While the actual economic impact of any reform will play out in the long term, in the short to medium term they improve certainty about the future and are thus, likely to support the stock market and along with it, the positive sentiment with respect to the government.

However, for the opposition parties, an adverse economic scenario will help them gain vote share against the incumbent ruling party and possibly win more seats. No matter how deplorable, it will be ‘rational’ for them to oppose reforms and dent sentiment, if not the actual economy.

Of course, that's silly. Politicians would never intentionally trash their own country to increase their own electoral prospects.

Would they?

Wednesday, March 2, 2016

#empoexpiire - Another example of how a 90 day password expiration policy discourages registrations

I haven't posted anything in my #empoexpiire series lately. Well, it's time to revisit the topic of 90 day password expiration.

You'll recall my June 15, 2015 post in which I returned to a service after several years, only to find out that if I reactivated the service, I'd have to change my password every 90 days.

I didn't reactivate the service. Too much hassle.

Some time last year, I also tried to re-access a separate service that listed government business opportunities. I ran into hassles and dropped the matter until now.

I knew my login name for the service, but could not recall the password. I tried a number of possible passwords, none of which worked. So I went to the service's reset password option, which would email me procedures to reset my password. I would receive that email within a few minutes.

I never received the email.

After some thought, I realized why I didn't receive the email. Over the last eight years, I have had four different work email addresses, and three of those addresses are no longer operational. (Note to those who are trying to email me at my old Motorola email address: I won't get your email.) It was extremely likely that the password email had been sent to one of those three email addresses.

So I went to the service's support website, which required me to set up a separate support account. (Did I mention that the first site listed government business opportunities?)

Once I had set up the support account, I contacted a person who was very helpful, and who confirmed that my account was linked to one of those three non-existent email addresses. The support person also noted that they were not authorized to modify email addresses on accounts, and that I would therefore have to set up a separate account with a new user name.

Frankly, I can understand this policy. After all, it is quite possible that I could have been an imposter, trying to gain access to John Bredehoft's account. An imposter could probably easily provide old email address information, along with a sob story about having no access to those email accounts any more. This could trick a support person into redirecting account emails to a fraudulent address.

So why haven't created a new account with a new user name for this particular service? Because of the sentence at the end of the support email.

Passwords must be changed every 90 days or your account will be disabled.

So if I set up the new account today, I'd have to change the password within 90 days anyway.

I might as well wait until I have to use the service on a regular basis before setting up the account.

P.S. You know that separate support account that I DID set up? Well, it has a 90 day password expiration policy also.

Tuesday, March 1, 2016

LAWA on the web, revisited

If you follow all things Inland Empire, you may have seen the post that appeared in my Empoprise-IE blog on Monday. Among other things, the post took an online publication to task for saying that Los Angeles International Airport (LAX) has five terminals. I then noted, with support from the LAX website, that LAX has eight terminals - Tom Bradley International Terminal, and numbered terminals 1-7.

I'm sure a few of you know where this is going.

After I wrote the post, but before I published it, I had to take someone to LAX. According to my FlightStats app, the flight was scheduled to leave from Terminal 8.

Thinking nothing of this, I went to Waze to plot a course for Terminal 8. (Aside: if you are meeting someone at the ARRIVAL level of LAX, be very careful when selecting your Waze destination.) But when I searched the Waze destinations for LAX, I couldn't find Terminal 8 - just Terminal 7. So I drove to Terminal 7 and dropped the person off there.

Is there a Terminal 8, or is there not? Another portion of the LAX website says that there is a Terminal 8.

And apparently the confusion has persisted for years. Here's a quote from a 1998 Los Angeles Times article:

Those figures include travelers passing through Terminal 7 and also the "Shuttle by United Terminal," which many travelers think of as Terminal 8, but which LAX considers a satellite of Terminal 7.

Of course, all of LAWA's plans for 1998 were adversely affected by 9/11 - which, among other things, explains why LAWA-controlled Ontario International Airport still does not have a Terminal 3.