The dark side of open source

I read today about the Tragedy of Eclipse and I think it’s a fine insight to the seldom discussed side of open source.  Like the dark side of the moon, most people have never seen it or thought about it.  When corporations sponsor open source projects they aren’t doing it because Richard Stallman spoke to their hearts.  They do it for the basest of reasons: because it helps them.

The most obvious reason is when corporations want to commoditize another corporation’s advantage.  Firefox is a great example of this.  Nobody could have won a head on fight against Microsoft Internet Explorer but a project like Firefox with a commitment to open source ideology, standards and the like captured the minds of many.  Projects like Firefox don’t get built by a few hackers on weekends.  A lot of developers were either loaned to or ultimately subsidized by big Mozilla contributors like Google.  It is clearly in Google’s best interest to weaken Microsoft’s control over the browser.

Another reason is when corporations want to use commoditized or standard implementations in their products so they can focus on the bigger problems.  This is the case with Linux, OpenSSH and Eclipse.  Imagine having a commercial partner who gives you world class software components at cost.  Nobody is going to compete on the basis of their development IDE or a network stack but those things are essential to any large project.

In both cases, corporations are effectively co-opting the open source project’s goals to their needs.

Ultimately I think this is a fair tradeoff.  Small companies could never get started without open source projects.  I do think it would be better if like the source code, this business model was a little more out in the open.

This all works well until the projects in question get too close to corporations revenue.  Nobody can make money selling network stacks but a standard video compression format is the gatekeeper of all gatekeepers.  This is when those “open source friendly” corporations start acting like Big Media.  The patents on H.264 give those involved all the power and niceness of a cartel.

Using shopping card data to manage food safety

As a card-carrying, tinfoil hat member of the privacy zealots group, I’m not a big user of shopping cards.  Today I read about what can only be described as a meaningful use case for those cards.

The CDC used shopping card data to track down a salmonella outbreak.  They did it in exactly the right way by starting with the victims, getting permission and then looking for high risk foods in their purchases.

Privacy advocates rightly worry that some overeager politicians will use this to make shopper tracking mandatory.  The problem is that the wrong people control the data.

I would love to have a dataset containing every purchase I’ve made, right down to the last box of cereal.  I’m sure that data could be mined usefully.  By me.  Not by my local supermarket.  And yes, when the CDC asks, I’d like to be able to answer their query and even given them anonymized subsets of data they can use to correlate with other people.

Our future will be full of data.  The key is to make sure that the collections of data are open, accessible to more than just the powers-that-be and properly controllable by the individuals whose privacy is most affected by the data: you and me.

It’s about the people, stupid

I have found myself using Buzz lately.  Considering my refusal to use other networks as more than address books, this is a bit of a surprise.

Facebook is primarily a way for me to see what old and truly old friends are up to.  It’s nice to see news from old friends but quite a bit of what’s there is just not interesting.  Out of deep paranoia I never post anything or use any applications.

Although Twitter doesn’t inspire the same paranoia as Facebook, I don’t use it much at all.  I have not created a meaningful network there and find reading other people’s tweets to be just like listening to dozens of people talking on their cell phones in a train.  I also think that the arbitrary character limit is an impediment to any meaningful discussion.

I use LinkedIn only for legitimate professional relationships.  I also treat it as a live curriculum vitae.  I don’t visit the site very often.  I never use MySpace or Orkut even though I have accounts.

I have plenty of friends who clearly enjoy being socially active on the networks and there are times when I want to join in.  But I won’t.  I value my privacy.  I see no upsides and plenty of downsides in creating a wide public trail of personal information.

And yet I find myself using Buzz.  Why is that?

The functionality isn’t perfect but it hits a nice sweet spot between Facebook and Twitter.  However, that’s not why I use it.

I use Buzz because of the social network.  The stuff I want to write about and am willing to post publicly just happens to be of interest to the social network I have via gtalk.  Posting the same things on Facebook would literally be like geeking out at a Family party with a techie in-law.  It just so happens that almost all of my contacts in gtalk are technically savvy.  It’s about the people.

Google has built a social networking application that is good enough but more importantly, they happened to do it on top of the network with whom I actually want to socialize.  The real question is whether that’s enough to stop Facebook from turning Google into the next Microsoft prematurely.

Good luck finding good content

I recently wrote about the inevitable death of journalism.  The Washington Post sees the same thing.  Tech Crunch describes Fast Food Journalism, and Paul Kedrosky points out that Google is starting to fail.  While I’m sure PageRank has been improved and tweaked, the same basic idea applies.  How people link to a page is a more reliable indicator of the page contents than the page contents itself.  It’s the first form of crowdsourcing.  The problem is that PageRank has been repeatedly hacked.  Google tries to stay ahead and the SEO industry tries to catch up.

The days of trusting what you can read on the net are long gone.

Do something useful

As I read about the Apple’s latest acquisition I am struck by the incredible amount of useless software is being developed.  More and more software is about some entertainment, a social networking twist or a new workaround for obsolete copyright laws.

All the new software I seem to see these days is either about search, entertainment or advertising.  Perhaps it’s because I’ve been consulting in the media business but there’s no escaping that there’s a lot of money, energy and innovation in software that doesn’t really do anything useful.

I’ve been trying to create a software startup for a while now.  It’s hard.  I’ve seen a lot of bad ideas, dished up a bunch of my own and learned a lot.  One thing is clear, if I’m going to do anything it needs to be software that does something useful.

The inevitable death of journalism

Recently I read about the latest form of media spin control through google adwords.  The story is about a NY Times article about hoki fishing in New Zealand.  The hoki is a relatively obscure fish that surfaced as a major source for McDonalds as other stocks came under overfishing pressure.

It would have been nice if the New Zealand Seafood Industry Council had looked at the science and figured out how to manage a long term sustainable balance.  Of course their actual response was to buy as much PR as possible to throw the claims of the article into doubt.

Another symptom of the death of journalism can be found at Demand Media.  They have taken the tabloid approach of giving people what they want to read and combined with search trends.  No longer is journalism about finding the story or uncovering the misdeed.

Journalism used to exist in an ivory tower of concentrated capital.  That tower was defined by the distribution mechanism be it paper, radio or TV.  Like it has for almost every other pay content before, the internet is tearing away the foundations of those towers.  What’s left will be a combination of paywalls, DRM, desperate relationships and a very large and utterly Balkanized world.

URL shortener failure

From tr.im

tr.im is now in the process of discontinuing service, effective immediately.

Statistics can no longer be considered reliable, or reliably available going forward.
However, all tr.im links will continue to redirect, and will do so until at least December 31, 2009.
Your tweets with tr.im URLs in them will not be affected.

We regret that it came to this, but all of our efforts to avoid it failed.
No business we approached wanted to purchase tr.im for even a minor amount.

There is no way for us to monetize URL shortening — users won’t pay for it — and we just can’t
justify further devleopment since Twitter has all but annointed bit.ly the market winner.
There is simply no point for us to continue operating tr.im, and pay for its upkeep.

We apologize for the disruption and inconvenience this may cause you.

I wasn’t actually aware that bit.ly had been endorsed by Twitter.  So what?  How is bit.ly going to monetize their product where tr.im cannot?  What will happen when bit.ly also fails?  The solution hasn’t changed, Twitter should create or buy an URL shortener and use it internally to keep URLs short.  The key is that URLs are only shortened inside the Twitter message bus and store, end users should never see anything except full URLs.  The shortener should be an internal implementation detail.

Looking for two fingered scrolling on my new Netbook

I just bought an Asus Eeeeeeee PC 1005HA.  Of course Asus has so many variations of each product that I actually need to be more specific and say that it’s the Eee PC 1005HA-VU1X-BK which means that it has the N270 Atom and no Bluetooth.  I hadn’t realized it didn’t come with Bluetooth but I decided not to worry.  I don’t use Bluetooth that much and I can buy a tiny tiny dongle for less than $5.

The first complaint was that the power supply connector was too loose.  It barely stayed in at all.  I couldn’t believe this was a manufacturing defect but it seemed even more incredible that it was a design defect.  Thanks to Andrew it turned out to be a discoverability problem.  One simply has to press the connector in a little harder until it clicks.

Overall the Netbook is really nice.  The keyboard is nice, the battery life is great and the screen is good enough.  I bought it for the train rides into the city, it’s so much lighter that it’s easy to think that I forgot my laptop entirely.  Oh and it works with my iPhone tethering so that it truly is a Netbook.  The hard drive came with two partitions which will make installing Ubuntu or Mac OS X such much easier.  I’ll probably try that next week.

The trackpad is fine but the Synaptics driver is making me insane.  It supports pinch for zooming but it doesn’t work in the one place I would use it all the time: Google maps.  Instead it zooms the entire browser.  The other gestures are just annoying.  I have never liked the scrolling area on trackpads and on a device as small as this it’s awful.  Even worse is Synaptics’ strange alternative to two fingered scrolling.  I was expecting the “normal” two fingered scrolling because I’d tried it out on a demo unit (slightly different SKU of course) at BestBuy.  I truly hope there isn’t a patent issue that’s preventing Synaptics from supporting two fingered scrolling.  If anyone knows how to enable this, please let me know. Update: I finally woke up and searched for synaptics two finger scroll windows (credit to google autocomplete) and found an open source utility called two-finger-scroll that does the job.

The mouse buttons are just OK.  It’s a single rocker that clicks left or right with a dead zone in the middle.  What’s annoying is that it’s not clear where the dead zone is.  I find myself using the trackpad tap more.  All things considered I’d prefer a Mac like solution of a single tap friendly pad with a two finger or control key solution for right click.  I remember at least one Netbook (a Dell?) that puts the buttons under the front corners of the trackpad thus providing just a tad more surface area.

Pseudo-random seldom does the job

My friend Adam has hammered this one home.  A weak RNG can undermine the security of a system that uses it.  A recent scenario we worked on together involved a multi-player game.  If you can predict the RNG outcome then you can incorporate that into your game strategy.  Why engage in an attack if you know the dice are literally stacked against you?

Now the problem has turned up in a far more serious area.  Social Security Numbers should never have been used as IDs.  The US has a long and hypocritical history of resisting a nationally issued ID card and so the really-not-an-ID-card-no-matter-how-many-organizations-treat-it-that-way SSN has become the de facto national ID card.  A flimsy piece of paper and misplaced trust in a bank worked for a while but that ship has sailed.

Today we find out that the situation has gone from bad to worse.  SSNs should be randomly generated numbers that are very long.  Unfortunately SSNs were first issued a long time ago and use some “clever” scheme to self-validate against the person’s other metadata.  And now, someone has automated the process.  Name, birthday and social used to be enough.  Now we should treat them all as public information.

It’s time to rethink identity in a way that protects individuals from the government, from each other and  corporations.  Recent efforts pretend that the government is here to help you.  Fortunately most of these have failed but the problem hasn’t gone away, it’s getting closer and closer every day.

Management skills don’t scale up

One of the key lessons I learned at Microsoft was courtesy of my friend Paul who got it from Jeff Raikes.  What Raikes said was, that each level of management required completely re-inventing one’s role. It was never just more of the same with broader scope. It was always qualitatively different.

In other words, the skills you need to be a manager at a given level have almost nothing to do with the skills you need at the level above.

This is actually kinda obvious when you think about it from the perspective of the manager’s relationships.  Those relationships largely determine what you do.  The needs, wants and problems of individual contributors are very different from front line managers which are very different from mid level managers and then VPs.  When someone moves “up” not only do they acquire a totally different kind of reports but their manager is also a totally different breed.

One of the first manifestations of this knowledge was the Peter Principle.  The idea being that people who perform well will get promoted until they stop performing well.  I think the Peter Principle is probably too simple.  I’ve definitely met people who would have a hard time getting up to a particular level but who are very well suited to that level.  In practice it’s hard for these people to get to their right level.

Now it turns out that there’s actual research [via Technology Review] to support this.  The paper suggests some literally random ways to address this but I can’t help but feel there’s a better way.  Why should roles be discrete nodes on an organizational tree? Why do we value the tree over dynamic, changing organizations with roles that adjust to the people, the problems and the circumstances?  Why do we value a mid-level manager over the team?

Microsoft has long used mentoring to groom up and coming executives but this may not be enough.  This probably helps keep productive people from being promoted too far but it doesn’t feel like a real solution.