Tuesday, January 31, 2006

What blogging means to me

Dave asks how blogging changes beliefs.

My own blogging I've learned a lot of things because I wanted to join in the conversation. Reading Doc, one gets a sense that climbing the tail is the only way to go... so I signed on to that mission.

One of the things that rubbed off on me from my day job is that one should have clear goals, and measureable results. My goals for this blog at this point are:
  • find my voice - a vague 60's sounding thing reminiscent of "finding myself"
  • express myself - vague as well
  • improve the human condition - nebulous and vague as well
  • measure my rank - this is ego, pure and simple
  • not waste my time doing the above - well... that will always be up for discussion
So, I have no rock solid goals. I defintely do not expect to make a dime off of this. I charge $100/hour to fix things for people if compelled to do so, and that's dirt cheap... blogging is definitely not a money motivated thing for me.

I share Dave's dislike of bullshit, marketing or otherwise. Nobody likes being manipulated, and I'm especially sensitive to it, or I like to think that I am. Update: Noran tells me I'm a piece of moldable clay... ;-)

I do like to experiment... and this blog is one huge experiment, just to see what the heck happens. I've learned a lot because of it.

#1 - Blog Mechanics and Physics (Rank)

I've learned that my blog has about 10 visitors per day if I'm careful and exclude myself. This number seems to have absolutely no correlation to Technorati's ranking. I had expected them to be somewhat inversely proportional from the ClueTrain and LongTail theories.

Using Sitemeter, I'm now learning that people hit this blog from 2 sources:
  • When I happen to say something that results in a link from an "A lister"
  • When someone does a Google search and matches something I've written about
#2 - Attention

Occasionally someone will read something on one of my pages that actually causes them to want to read more... at this point I've actually gained some attention which is the hot commodity in the blog-o-sphere.

I'd estimate that perhaps 1 to as many as 10 page reads per day are due to actual interesting material. This is sufficient interest to me to warrant further writing and posting, and perhaps even finding a better blogging software to support categories, which would make it easier to discover my other "valuable" (ha!) "content" (aka stuff or miscellaneous scribblings)

Now, I'm fairly certain that at this point I have only two regular readers... myself and my lovely wife, Noran. I doubt that Doc, Dave, or anyone else actually reads this blog on a regular basis. I'm too sporadic in posting to meet the implied social contract of the blog-o-sphere... one post per day, minimum, no exceptions.

#3 - Editing - as process

My actual flow in building a post is:
  • Somebody says something I want to comment about
  • Start up a blog comment
  • Start putting together content, with links, etc...
  • reconsider what I'm saying
  • extract redundant stuff, crap, and unneccessary flamebait
  • read it out loud (if circumstances permit)
  • edit some more
  • post it
  • ping the original sources (put comments on their sites)

I worry I don't spend enough time editing, but the limited feedback from Doc tells me I'm ok blatering a bit... could it be Doc is wrong?

#4 What Doc Searls means to me

Sidenote: Like Dave, I really like Doc. One day I hope to meet him. It was weird hearing his voice on a podcast though... I expected him to be someone who listens, thinks a minute, then gives a slowly paced, very wise answer... he talks wayyyy faster than that.

Doc's got a lot of oars in the water (or so it seems to me)... and our agendas aren't always in sync. When Doc links to me, I get a big spike, usually only to the page directly linked, which I've learned to expect.

Doc always picks something I wouldn't ever expect out of what I write. I spend too much time trying to be clever at times... or is that just self doubt?

Anyway, Doc is an editor by trade, and serves as my editor on occasion, which I think is a valuable service to me and the community as a whole.

#5 - oh... back to beliefs, and how they change.

Dave and others offer a refreshing view of the world. I wouldn't have found Dave except as a result of my interaction with the blog-o-sphere... and I'm glad I found him.

I now spend a ton less time trying to be in the first 100 posts on slashdot, and spend about the same amount of time, overall, here on this blog. I'm finding it to be a worthwhile trade for me.

I find myself open to more views, and also more careful about how and what I say. I think this will have an overall positive effect on me in the long run.

I believe that while bloggers are good at smoking out lies, they can't do the job alone. I know there are a lot of good people doing a lot of work, and getting even a small group going consistently in the same general direction can be a very potent force.

back to blogging and beliefs... Again!

Companies need to fear us, the Cluetrain is dead on accurate about that. Bloggers are reactionary, and like to pile on to a story, it's human nature. I'm not sure that there is much real power in the blog-o-sphere... but we all like to think there is... the jury (for me) is still out on this one.

It takes a work and especially intention to get results that matter. Finding our voices, and learning to direct them for good is a long term challenge. The cluetrain is a visionary statement, that many of us want to be true. If we work hard, some of it will come true, but of course reality is always different that what we expect.

I've written a lot about this, but no hard evidence, only my gut feelings on it... I hope that's enough Dave.

--Mike--

Monday, January 30, 2006

Dissecting Venture Capitol

As I continue to get feedback about VC, and listen to others, the picture gets clearer for me.

I've previously come to conclude that VC has a minimum threshold, below which it can't operate. My current view is that VC can only deal with company size investments, which makes sense for a lot of reasons.

I've not been through VC myself, so I have zero knowledge of the process internals. So, let me use a hypothetical example. Let's say someone with a large chunk of change decides my BitGrid idea can be turned into a product, here's how I suspect it would work:

Idea + $ ---> Small Company

Company + $$$ + Time + Other Employees ---> Potential Gold Mine

Potential Gold Mine + Market Opprotunity + Good Marketing ---> PROFIT!

Breaking it down further, one sees that the company is a catalyst, along with a lot of $. The company gives control to its owners, especially control of any potential profit, but more importantly, control of the allocation and management of resources.

Money gets uses as a proxy to buy work from talent. It also gets used to hire management, QA, support and a lot of other necessary structure to provide an framework for the idea to blossom.

Once the idea has blossomed, it still takes a good market opprotunity, and good marketing to get the product to informed buyers.

ALL of the above steps could be done in an open source process. There are quite a few open source software authors, showing that the model works in that one instance. Transforming other types of creative product development into an open model is going to take quite a bit of work. There are a lot of roles that have only traditionally been done inside a company, as a part-time role. If we truely want to open up the creative process, these have to be done in the open as well.

I know some great project managers, they have just enough technical skills to watch for obvious bloopers, and to know how to communicate effectively with technical staff. We're going to have to recruit a lot of project managers, and other skill sets to join if we want to eliminate the need for companies and truckloads of cash to outright purchase those skills. It's going to be an interesting time.

So, to summarize:

Innovators + Developers + Managers + Support + Marketing + Luck --> Open Innovation

This goes far beyond the traditional sourceforge model of a software product. Were do we find someone to donate marketing skills, for example?

This is quite a challenge, but I believe we're up to it as a community.

--Mike--

Management - The Missing Ingredient

What Open Source needs, along with any large group of programmers getting together to get a job done is management. Linus and his trusted partners do a good job of riding herd on the kernel development process. They transform the energies of a diverse mass of programmers, add in the appropriate amounts of process, QA and documentation, with a good dose of vision, leadership, and management, and in the end we get a high-quality product.

The lone wolf programmer doesn't see the need for all these other skills if they are a novice. More experienced programmers know they need them, but getting open source management is still more a matter of luck than it should be.

This is also true of any project that is going to do development, hardware, software, or new technology development. The raw talent needs to be tempered with lots of other ingredients. We need to figure out what these elements are, how to qualify people and build their reputations, so that we can pay them, or give them their fair share of credit.

One of the keys to disintermediating VC is to build an alternate structure that can provide the other bits of development in an open and accountable way. This will increase the odds of success of a given project, and thus encourage investment in open development processes.

In summary: Tools, ideas and hard work go a long way towards success, but they can't to it alone, you need management and support to get there in any meaningful way.

Saturday, January 28, 2006

What's wrong with Venture Capital?

Rick wrote a story that he says shows something is wrong with Venture Capital. The more I think about this, the more the whole system needs to be changed. Here are some ideas which I think might help:

MicroVenture: Instead of trying to force innovators into the mold of a company, figure out how you can compensate them for work they've already doing, on a fair and consistent basis.

Eliminate the risk of invention: In the story Rick wrote, the hero worked for 5 years without compensation, making a huge wager. The VC essentially gets to pick which bets he thinks are best, and ante them up. If this could be done sooner, the Hero wouldn't have to be a "starving artist" and could focus on innovation, instead of survival.

MicroAngels: Find innovations in the open, and reward them, with no strings attached. Think MacArthur foundation, writ small.

MicroPatronage: Help discuss and figure out ways to make the "tip jar" model sustainable. There have to be ways other than ads to help support bloggers who add value to the community, for example. Hit counts are a terrible proxy for measure of value when it comes to blogging, for example.

Whuffie: Cory Doctorow really came up with a great concept when I wrote about Whuffie. If we came up with some system like this that really worked, outside of straight cash, it might be valuable.

Now, those ideas are all about lowering the barriers to entry, and alternative ways to add capitol to an innovation. The other side is to increase the efficiency of the existing VC system. I've never been through it, so I might be flat out wrong in my understanding of process, so please forgive me if I'm wayyyyy off.

Standardized Containers: Shipping took off like a rocket when containerization took over. It radically reduced the amount of time it took to load and unload things, and made trans-shipping economically viable. If we did an analogous thing, and built an industry standard VC company model, with standard contracts, terms, staff, and business model... it might help make things more efficient at extracting innovation from people, and into something that can be capitalized.

Open incubators: The incubator model seems to be a good one for lowering the cost of someone who wants to pursue his innovation, yet retain ownership. Perhaps even this could be open-sourced (out-sourced???), so that some members are contracted at large from the public.

I hope this helps.

--Mike--

Thursday, January 26, 2006

Venture Capital, Open Source, and Quantum Mechanics

Rick gives a cautionary tale about the fickle nature of some VCs, and the dread they inspire in those who need their money. He starts off:

Short story. “Joe” has been working for 5 years to bring a software product to market while keeping the day job waiting & bussing tables. He has a wife, two kids, a dog and they live in a small nothing apartment.

I think “Joe” already has a problem... and we're still in the introduction... do you see it yet? Let's keep going...

For years, Joe toils away while pounding the VC pavement looking for angel, seed, anything. He is in the apartment because he’s already sold the house, already maxed the credit cards, hiding from bill collectors, etc, but he believes! He also driving a Pinto with a billion miles on it; trillions if you do it in kilometers.

At this point Horatio Alger would be pleased... he's working hard and pulling himself up by his boostraps...
Finally, one day, he gets funded. 3 million brand new Yankee dollars into the company. He is flying. The VC says, Joe, you gotta do this full time, quit waiting on tables and Joe says, amen. The VC says, Joe, take a salary with the founder title and Joe says Amen.
At this point the story could be complete, except it goes bad, and thus the cautionary aspect of the story.

Now... I was ready to call foul right at the introduction... but I doubt that most people are. The problem is I have an idea in my head of how things should be... which doesn't match reality.

I've misread an article by Arthur R. Miller in the Harvard Law Review calling for a reboot of the law surrounding protection of ideas. He used the term Quantum Meruit which describes what happens when a price isn't agreed before work is done (IANAL)

I thought he wrote Quantum Merit , and read an entirely new concept into it that wasn't there.

So without further ado, here's my definition of Quantum Merit...

An idea takes some effort and initiative to be useful, or innovative. There is a definite amount of energy and creativity that has to be added to an idea before it becomes a useful thing in any system that will utilize it. This amount of work is the value of measure of Quantum Merit.


The thing is that Venture Capitalists see the smallest possible amount of innovation as one that they know how to fund and exploit. In the physics of the VC, the Quant of Merit is a Company. They can't work with anything smaller, their physics can't comprehend it, for good reason.

One very good reason for this is the Patent and Copyright laws in existance. The courts and lawmakers see it in their best interests to insist that the smallest possible unit of innovation that can be rewarded is one that is both Concrete and Novel, which make small innovations immeasureable, and thus decidedly un-Quanta-fyable (bad spelling, but I hope it makes the point)

This is the reason that "Joe" up above was forced to work without any compensation for 5 years... the fact that it takes a fairly large chunk of change to reach the quanta at which the market knows they can get the law to recognize a chunk of innovation, and thus have some reasonable assurance of getting to keep their investment.

We need to change the rules, and allow smaller units of innovation to be rewarded. Open source does this in a decidedly non-capitalistic, but effective way. Unfortunately for "Joe", he didn't think this was a reliable option, and for many people it's not.

I believe that innovation is just a matter of ideas that are commonly available, being put together with enough energy to get to the quantum level of being useful enough... and then simply keeping it alive, and not letting it get lost due to bad marketing.

I believe it would be a very good thing if we can get the courts and lawmakers to reconsider their stance, and normalize things to protect smaller (but valuable) innovations. Now this is what Arthur Miller does argue, quite well, in his article on the subject.

"Joe" should be able to recover value from his work in the very first paragraph of the story above. If he could be fairly compensated for something less than a VC bundle of cash, the rest of the story wouldn't have happened. Doc asks how to disrupt VC? This is how you disrupt VC.

Thank you for your time and attention.

--Mike--


PS: More discussion about Quanta:
Open source people see the Quanta as a project on SourceForge. Once a group of people (or a single very dedicated person) get a project going, and it stays active, that its the smallest amount of merit they can rationally discuss.

In Blogging, it gets hazy, but it tends to boil down to an actual person, or perhaps even a blog (which could be one of many written by even a single person). This physics allows us to go into areas with a much lower quanta, or a low barrier to entry in Economics parlance.

Wednesday, January 25, 2006

Hypercommentive Markets

I did it by accident... but I like it.... a new word

HyperCommentive Markets

I was typing this, and it just kind emerged.... odd.

--Mike--

PS: Neologism watch: Currently 0 matches on Google or on Technorati.

Connections

I like the James Burke Television series (and Book) called Connections. It appeared on PBS some years ago (around 1980 in Chicago), and simply fascinated and amused the hell out of me. He tells a story, following an amusing and informative daisy chain of innovation connecting some long ago innovation, such as the plow, to a modern result, which could be almost anything.

Blogging is like this, we all play the game. On the technical side we're aided by tools such as Google, Technorati, Blogger, Sitemeter, RSS, Wikipedia,and lots of other things I don't even know about.

The human side is much richer, and harder to categorize. We all have a mental list of authorities we've built up over time. Doc for blogging, Bruce Schneier for Security, Larry Lessig for Law, etc, etc. There's the communites such as Slashdot, Metafilter, BoingBoing, Digg, etc. All of these are heavy on human voice.

It all adds up to an addictive mix of discovery and learning when blogging works as a system. The ah-ha experience in the mind of a reader gets written down, then edited by the rest of us, and the cycle of life continues. It's fun to be part of this, gosh darn it.

---

So... here's the dump of links which I'll thread together...

  • Larry Lessig is a cool lawyer who wants to defend our rights, who decided it would be a good idea to build a Wiki to invite constructive criticism
  • Doc Searls functions as an editor, and writes a note about this new project, including it in the ever growing list of things that Doc is interested in learning about
  • The Wiki has a pointer to an article in the Harvard Law Review which turns out to be both very long, but accessable, and informative
  • I find myself reading an article in Harvard Law Review... ?!?!? I'm only half way there... and it's danmed cool, but it's LONG. Note: Adobe needs to add a provision to mark your place in a PDF.
  • The gist of it so far is that ideas should be protected, even if they don't qualify for patent or trade secret status... and it's a very clear picture that Arthur R Miller paints... he should definitely get some credit (or Whuffie) for this one
  • Meanwhile Doc bumps into Rick Segal, and suddenly Doc is wondering about how to disrupt Venture Capitalism...
  • which results in this post... 8)
My answer is to help foster a model where ideas can be bought and sold even before they are baked into products and/or patents. The arbitrary and binary notions of novelty and concreteness are harming the market. We need to rethink how we reward creativity, and build a fair and hypercomentive marketplace for ideas, instead of trying to lock down the future in shackles of "Intellectual Property".

If someone can help push this forward, then inventors can be paid fairly, without the need for excessive secrecy which corrupts the process of innovation, and prohibits full and open discussion of new ideas.

THAT is how you can disrupt VC... reinvent the whole industry. Get rid of the secrecy, and open the lid on this can of worms called trade secrets and non-disclosure.

If he can fund a lot of people with good ideas, creating a community that can build and share new technologies in a patent and lawsuit free zone, there could be a new virtual silicon valley, with much lower cost structures allowing a much more diverse marketing. This would allow searching a much greater part of the solution space for a given problem than is currently practical.

Just as an example, I've got his BitGrid idea I've kicked around for years... someone might be able to pick up and add a bit of commentary, but who would want to if it meant no reward at all, and the probabilty of having their added value effectively stolen when someone locked it up in a patent or 3 some years later.

It's time to rethink the whole thing, build a newer box. Like I've said before, it would be good to have a dependable way to innovate and prevent patents being used to steal ideas from their creators.

Venture capitalism is a smart network, but the value is in the ends, the inventors and manufacturers, and marketers... make the network as big as possible, as INCLUSIVE as possible, and you'll see innovation that will just plain frighten you.

Whew... that's my 2 cents.

--Mike--

Thursday, January 19, 2006

Reading about Capabilities

I'm always on the lookout for cogent, concise and persuasive explainations of Capabilities... and I found another one today:

Most of today's computer platforms operate under a fundamental assumption that has proven utterly false: that if a user executes a program, the user completely trusts the program. This assumption has been made by just about every operating system since Unix and is made by all popular operating systems used today. This one assumption is arguably responsible for the majority of end-user security problems. It is the reason malware -- adware, spyware, and viruses -- are even possible to write, and it is the reason even big-name software like certain web browsers are so hard to keep secure. We need to stop making this assumption.

I use google to find things, along with Wikipedia, Technorati, Slashdot, and others. I like seeing how people found me, so I often scan my referral logs as provided by Sitemeter, which is how I found this one. One of you was reading about Evlan before coming here... so thanks for the pointer!

Evlan is a project which aims to take on security in steps, by allowing secure programs now, and a planned OS in the future. There seem to be a lot of nice ideas going into this particular pot, and I don't see any bad ones at this time. I wish them well.

Evlan is a functional programming system, which implies quite a few things, one of which is that there aren't allowed to be any side effects of a computation. This means that a function CAN'T do things to other parts of the program. This restriction alone means that quite a few of the normal things that go wrong in other languages get prohibited. It also means that you don't have to run a function as soon as it's declared... which takes some time to grok (and I haven't fully)... but seems to be a VERY powerful feature in terms of optimization.

Well... thanks again for your time.
--Mike--

Wednesday, January 18, 2006

Finding your voice in Web 2.0

I've gotten hits from Doc and others, which pushed my my Techorati rank, for a while... but it's becoming quite clear to me that I'm not a compulsive poster... doing something day in and day out isn't my strong suit. I do better with spur of the moment commentary and analysis.

I use sitemeter to track visits to this blog... it's obvious if you look at the bottom of the page. I've noticed that a lot of my referrers are from google searches. It appears that I've written on subjects people are interested in... and that's where my base (less than 10 visits/day average) traffic is coming from. It's random, but persistent.

I think this is actually where my voice is going to be found. I'm not going to be very good at climbing the blogging tail, but I may be more successful commenting on things I have some good ideas on, worrying far less about frequency of postings, and more about quality.

I read Doc every day... I'm sure that at least 1000 other people do as well. The rock star economics of it mean that I'm never going to be as popular in those terms unless I post often, and very consistently, and keep feeding the beast that is rank. My opinion is that Doc is a writer by trade, and he does treat it as essentially an email with CC to everyone...

I don't have that many friends to do that with... but here I am... I'm learning, and trying to find my niche. It's all that any of us can be expected to do.

Oh... I uploaded some photos of Grandma's visit this past Sunday.

Jessica and Valerie, I'm sorry I took so long to get them uploaded.

--Mike--

Friday, January 13, 2006

DRM is impossible in a secure system

An honestly secure computer system is own in which the owner makes the rules, which get perfectly enforced. The use of a microkernel, and completely separate environments for each and every task, allows secure implementation of any rule set.

I've learned from my reading of KeyKOS and other design documentation that one of the tricky (and thus powerful) rules of a multi-level system is that each higher level of access must be able to undetectibly read the state of lower access machines.

It took a while for the implications of this to sink in. ANY secure OS could enforce a rule such as this. Thus any system which can virtualize a machine can wrap a DRM system such that there will always be some equivalent to the "analog hole", which allows direct access to the unencrypted content, which is required to be able to read it in authorized contexts.

This means that a DRM system can NEVER protect content from being copied or outerwise altered if the user is EVER authorized to read the contents. This is the fundamental reason that DVD "protection" has failed.

The reality is that our computers are defintely not secure, and any imposed DRM is a symptom of that problem. Truely secure computers are immune to DRM.

--Mike--

Thursday, January 12, 2006

Learning from the past

I've been reading about IBMs reasons for developing a Virtual Machine in the 1960s... and trying to read up on the current new technology from both Intel and AMD. It appears that we're learning from the past, and we might even have good chips with will allow full virtualization in our machines very soon now.

If a machine can be fully virtualized, the software running on it has absolutely now way to tell its not running on the raw hardware. This requires a piece of software known as a Virtual Machine Monitor. A good VMM implementation makes it possible to run a VMM inside of a VMM. The original reason for doing this type of recursion was to make it cheaper to work on new versions of the operating systems. Instead of having to have a real machine per developer (not cheap with mainframes), it was far more sensible to let them use a virtual machine.

The Pentium instruction set has holes which make it very difficult to fully virtualize. The new chips announced in the past week seem to include everything necessary to change this picture, and open up some interesting new choices.

If we can virtualize the main chip in a PC, then you can run as many virtual machines inside it as you like, setting whatever security rules and interconnections as you see fit, in a very safe manner. I'm amazed at how much you can learn just digging around the internet with google and some persistance. It's been quite fun.

--Mike--

Wednesday, January 11, 2006

Learning about KeyKOS and CapROS

I've been reading through the documentation for KeyKOS, which was a secure OS running on the IBM/370 series of hardware back in the 1980s. I began to realize exactly what an honestly secure system involves, and started to get into the mindset.

First was the idea of only the barest minimum of code in the kernel. Everything runs in its own context. Even device drivers run each in their own context. Each context is essentially a well isolated virtual machine, with NO peripherals of any kind, except for the ability to call the system to ask for things. All the RAM is actually virtuallized out to disk, so that if the system gets restarted, the application can't even tell.

Needless to say, that's a big shift in mindset. It got kinda scarey thinking of a machine with NO filesystem... but it made sense in terms of security. Then I started to see why VM/370 had all these run time systems... and that started to come in to view.

I get the idea now, process containment over all else... and it's very secure.

Things got tweaky for me when I then read about the KeySafe project to attempt to qualify for Orange Book B2 security. The need to support 4 nested layers, each of which can completely spy on the lower layers, and must be undetectable... and the KeyKOS folks just wrote a set of rules to do it... that's it. VERY powerful system stuff going on here...

I've followed the trail from KeyKOS to EROS, and am now looking at CapROS, which has a sourceforge page and everything. I'm considering putting together a Fedora Core machine so I can get in on the action, and maybe even help.

I'd like to get a copy of it to boot inside VMware, if that's possible. Looks like I'm going to have to learn C, and lots of stuff about Mach, Kernels, etc...

It's going to be interesting.

--Mike--

Sunday, January 08, 2006

Routing around damage

One of the meta-memes about the internet is that it routes around damage. One of my predictions for 2006 and beyond touched on this very topic. I said:
AT&T will continue it's efforts to charge variable tolls on the internet, if they succeed, we'll route around the damage.
Now that makes a great pundit type statement, but how would this happen in reality? Ken seems to be worried about this very thing:
These two guys are convinced they can sell the same commodity capacity on the network time and again, billing everyone who comes near their plumbing (because that’s all either of their companies really provide is plumbing) time and time again.
The reality of the situation is always more complicated than it seems. In order to charge a premium, first you have to segment the market into pieces:
  • Those that can be intimidated by threats
  • everyone else
So, in order to get the "content providers" to cough up some extra dough, you have to essentially do a protection racket.... hey... this is some nice content you're dishing out... it would be a shame if it got broken, we can help make sure it doesn't get broken...

Now, who falls into this class of possible victims?
  • People with LARGE bandwidth needs (choke point #1)
  • People with critical latency issues (choke point #2)
Routing around choked bandwidth

Let's say that oh... Comedy Central, decides they want to sell me access to The Daily Show for $5/year, and I want to buy it. If we go with straightforward downloading from their site, then the choke point becomes obvious... the server. There are already options to get around this:
If they go for scouts honor type trust, it's just a matter of setting up bittorrent, and raking in the dough. ANYONE can do this type of distribution, for less than $20/month.

If they go the DRM route, they could still use Bittorrent, and only distribute the unlock code, or something like that, also bypass the choke point.

In either case, distributing the source points around the net is a way of routing around an artificially narrowed pipe.

Routing around malicious delays

Now, this one seems to be more of a running game, involving measures and countermeasures. In the long run I think we'll end up using governance to keep this from happening...

If a carrier starts preferentially routing packets, someone will figure it out, and the word will spread like wildfire, and the lawsuits and pressure on lawmakers WILL come out of nowhere. We tollerate monopolies because in general they aren't too excessive, except in price, so we live with it. If people sense someone with a God complex, they tend to eventually get clued up, and strike back in their righteous might to victory.

In summary, the short term prospects might not look so good, but in the long term the damage of dark ages thinking will get routed around. And remember, web logs are just text, and text is very, very small compaired to multi-media. We'll always be able to afford a voice.

--Mike--

Saturday, January 07, 2006

Do you trust your PC?

Doc worries about the narrowing of options when it comes to getting video content on the net. As with anything related to the internet, anyone can offer a new protocol, and if there is enough percieved benefit, it'll get adopted and and a new dimension to the internet.

Unfortunately, the ongoing saga of desktop insecurity is making people increasingly unwilling to try new programs, or new protocols. It is having a chilling effect on innovation, thus increasing the probability that we're going to have only limited options in the future. It's not just video that will fall victim, but pretty much any new innovation has a significant barrier to overcome, and the price is always going up!

Desktop insecurity theatens the ability of the internet to serve as a garden for innovation.

---

Now, you might think I'm full of shit when I say desktop security is still a problem. We have virus scanners, spyware scanners, and all sorts of lockdown tools.

Let me put it this way... do you trust your PC?

Are you willing to pick up any random CD, throw it in the tray, and run it?
Are you willing to give accounts out to random individuals on the internet?
Are you willing to expose your machine to raw unfiltered internet?

Why not? We have account security, permissions, and lockdown tools. Surely a savvy administrator, or the right set of tools could make it safe?

If we had real security, all of these would be no problem. You'd be able to strictly limit the capabilities given to a program, instead of being forced into the binary trust/don't trust decision you now face.

If we had real securty, you could give anyone an account, and limit the capabilites they could give to programs on your computer.

If we had real security, the kernel of the OS would limit the ability of even a compromised system application to do damage.

We need a better security model, we need it yesterday. I'd be happy to see it by 2010. Who ever gets there first stands in a position to control the nature of the internet for a long chunk of time. I hope it shows up in an open source form.

I believe it is only by securing our desktops that we can hope to free the net.

--Mike--

Predicitions for 2006

Here are my predictions for 2006 and beyond:
  • Desktop security gets multiple 15 minutes of fame, but apathy still rules, and I'll keep complaining about it. People just don't get that it can be fixed, if they really want it to be.
  • Computers get faster, and we keep finding new things to spend that speed on, such as compressing video, indexing photos, etc.
  • Energy insecurity forces itself into everyone's reality. Riverbend gives us a preview of what it's like in Iraq. This will move James Howard Kunstler all the way from crackpot to visionary in one fell swoop.
  • John Robb's global guerrillas thesis makes a similar move into the mainstream. We opened pandora's box in Iraq, and the domestic blow-back is going to be a bitch.
  • The phrase "It's not what you know, but who" gets played out as we all move away from the old industrial model of work for hire, back toward the agrarian one of craftsmanship and social networks.
  • At some point, Comedy Central will allow me to download the daily show as a $5/year subscription... (one can always hope)
  • Technorati will offer a new tool that allows us to use the blog-o-sphere to gauge how effective we truely are, and give tips to help us improve our networking skills, in a direct manner. (Or maybe they already do?)
  • The war of the search engines continues, but whoever is first to successfully distill semantic information out to the web, will win big, because keywords don't always cut it.
  • After years of stupidity, the major Credit Card companies will make a shift towards capabilities based transactions... for example, you'll tell Citibank that you want to allow your Electric company (and only them) the ability to charge up to $300 per month. Even if their database gets hacked, nobody else could use the number.
  • AT&T will continue it's efforts to charge variable tolls on the internet, if they succeed, we'll route around the damage.
Well.. that's enough for now, isn't it?
--Mike--

Pulling rank

Dave said:
Ya gotta love that 100K bump in the rankings though, eh? A couple more weeks like this one and you'll have arrived
Well, yes... it's nice to get some positive feedback. Upon reflection I'm learning quite a bit about what it takes... the core value is to switch from passively listening to what everyone else says, to actually saying something, and doing it regularly.

Now going from #368,207 to #250,642 in the space of a week certainly seems like a good jump in status, though I'm still sore nobody picked up on my ranting about capabilities yet. ;-)

It's easy being a "small blogger"... you read a lot, and riff on what the A-list people say... you follow the crowd... if you randomly throw out something, and it gets picked up, you feel good about the attention, and life goes on. Things are different when you decide to actively try to find your voice, become a hyperlinked individual, and to make a difference in the world. (I want to make computers more secure, thus saving the internet, and helping society as a whole)

I'm learning that I need to focus more attention on those subjects, and less on the doom and gloom that is going to happen if I want it to or not, if I want to get results. (Not just ranking, but actual, substantive change)

It's hard breaking old habits, but this is a good time to start, as is any time. I'm going to read more, watch my feedback more, and surf less. It'll be a whole new set of lessons for me.

Thanks for YOUR time and attention.

--Mike--

Thursday, January 05, 2006

Climbing the long tail, part deux

Since I'm a small blogger, I have to do what I can to climb the ladder-o-attention. I've decided that posting more than once every 6 months is important. Watching who links to me is another part of it... and I've decided that TAGS can really help the "small blogger" such as myself get around the whole issue.

I've started going back through my old posts, and adding tags. Blogger doesn't support doing it, so I do them by hand, which is better than nothing.

--Mike--

Tags: [longtail, hyperlinks]

I like Dave

Thanks to the bru-ha-ha over the hierarchy... I've read some of Dave Roger's Roger's stuff... and I've decided we're alot alike. This absolutely clear sentence, picked out of context from this, is a winner:
We count birds killed by windmills, but we don't count dead Iraqis.
This is exactly the kind of straight forward, critical thinking lacking in this country in far too many places.

Dave tells it like it is, he's a straight shooter.

--Mike--

Where's the beef?

Reflecting on the previous post, it occurs to me to that maybe blogging can actually subvert things, but what I really wanted to know all along was how to do it myself. If blogging can change the world, just how can I make my dream come true? It's the only idea I've had so far where I wouldn't even mind Bill Gates making a few billion more $ because of it, if in the process we get real security embedded into the OS.

To paraphrase the old Wendy's commercial:
Where's the beef?
How do we, the "little blogs" go about making our own communities, and help to make the world a better place? I know some of it is marketing, and most of it is persistance... which is why I'm posting like mad now that I've found a point I want to drive home.

How do we make our own tail, instead of having to try to climb to the top of an existing one?

--Mike--

Tags: [hyperlinks socialtools]

Analyse this

Dave says:

All you’re witnessing is a great deal of sound and fury signifying nothing. Nothing will change. The authorities and thought leaders will still promote each new disruptive techology as something that “changes everything,” when it changes nothing.

Which is exactly how I felt once my 15 bytes of fame were up, and I realized that nobody was buying my new disruptive technology that could change everything because they're focused on their big idea, which is blogging as social change agent. (Oh, the irony) I tried not to take it personally... and figured I'd have to take a different approach.

I'm trying to figure out just what it takes to get attention for an idea... maybe it's just a matter of searching out all the conversations where it might be an acceptable tangent, and injecting it there... maybe not... (people might think of you as that one idea at that point).

I'm analysing the web... and this is all part of an experiment, as is life itself. Only time and experience will tell what becomes of it.

I woulnd't mind having a bit of attention, my ego really likes it. What I really want, though, is to FIX the security problem, instead of watching the same shit happen again and again for the rest of my life.

--Mike--

Getting side-swiped in the war for control

Doc worries about the war between Silicon Valley and Hollywood. Either way, we lose, because it's actually just a war between profiteers, one that wants to wring monopoly rents out of our culture, and the other that wants to wring monopoly rents out of our innovation.

Now, I'm partisan, because at least of the techonologist profiteers win, we get better toys to play with for our money. It's my opinion that giving monopoly rents to Hollywood doesn't offer anywhere near that kind of return on investment.

The fact is, that we're going to get side swiped, by security. As I see it, our basic security model underlying things on the ends of the internet, all the boxes we use, is fundamentally insufficient to the task at hand. There are only a few people that I know of (so far) who are actually working on a solution, instead of profiteering from the current inherently insecure design that we're all saddled with.

Unless the big picture changes, there will always be a reason we can't trust the computers on the ends of the network, which will provide the justification for filtering the middle. Thus we're going to have a locked down internet, because we can't secure the ends. This is how we'll lose this war, in spite of all of our efforts elsewhere.

We need to get our house in order, get a more secure set of ends, if we're ever going to hope to hold on to the means.

Thank you for your time and attention.

--Mike--

Tags: [SaveTheNet, Security]

Wednesday, January 04, 2006

Capabilities explained

So, my 15 seconds of fame came and went without much notice, I'm still a "small blogger". I've been reading up about the Capability Security Model, and it's real world analogies, in an attempt to help get up to speed on what it's really going to take in the event I actually have to write an OS myself. (Not that I really want to)

The description of Capabilities in E in a Walnut by Marc Steiger back in 2000 has some good stuff, replacing the somewhat bland "confused deputy" with a more realistic example:

Suppose all security in the physical world were based on ID badges and ID readers. At your home you might put an ID reader on your door, another on your CD cabinet, and another on your gun vault. Suppose further you had to depend on 4-year-old children to fetch your CDs for you when you were at the office. How would you do it? You would hand your ID badge to the child, and the child could then go through the front door and get into the CD cabinet. Of course, the child with your ID badge could also go into the gun vault. Most of the children would most of the time go to the CD cabinet, but once in a while one would pick up a gun, with lamentable results.

The point being that a single identity is insufficient, and making the clear case for capabilities. It's the clearest explaination I've seen to date, go read it now!


When you run ANY program under Windows, Mac, Linux, you're handing it your badge... it can do anything it wants. Trusted code seems to be the order of the day for Microsoft, and most of the security initiatives out there, but it's not going to work. It doesn't allow for mobile code, and it doesn't do anything to eliminate all bugs, so you can't really trust the "trusted" code anyway.

My point in this blog is that we must completely replace the security model underlying our operating systems. Some day, if we do things right, we'll look back on the insanity of trusting that all of our code doesn't contain holes, and cringe.

The Capability Security Model is the only way forward if we are to have truely secure computers. We need truely secure computers if we're to avoid the future of a completely locked down, heavily censored and limited interent.

What will it take to make this happen? Only time will tell... and I'm not getting any younger... and I don't have infinite patience.

--Mike--

Tuesday, January 03, 2006

Starting new conversations?

I've got a clear goal, and subject to discuss... capabilities as a possible solution to the continuing saga of patchs and new vulnerabilities that plague ALL of the current PC platforms, Linux, Mac OS X, and Windows. I want to talk about what it's going to take to get real implementations available, even if they don't meet my arbitrary 5 year deadline of January 1, 2010.

Now, I don't expect Doc to keep giving me linkage for every posting... that's not a sustainable model of conversation. What I am interested in learning is how best to find people who are interested in the same non-keyword friendly subject as myself.

Keyword unfriendly is the understatement of the year... every possible term I can think of has been buzzword whored to death:
  • security
  • capability
  • OS
  • eros - the last serious effort at capabilities
So... google isn't going to help. Technorati doesn't seem to help much either, because of the same problem. The semantic web is years off, so that's no help either.

How do I go about creating this new conversation, and a new tail? How do I reach an audience to get this ball rolling? Is it just a matter of infinite patience?

I don't mind working my way up the technorati tail, but there has to be a better way to do this in the long run for everyone, on non-blogger subjects.

I'm interested in knowing is how John Q Public can best use blogs to get a conversation on any random topic going.

The current strategy seems to be to start a blog, and keep talking until someone happens to notice. Is that the only option? What am I missing?

I know you folks are smarter than me, so I thank you in advance for any advice given.

--Mike--

back to the point.... is a secure OS possible?

Do YOU believe it's possible to write a secure OS that can stand up to the full force of the Internet, and get us off the patch merry go round?

Subverting hierarchy?

David M. Rogers gives a critical (and welcome) response to my climb of the Technorati tail. He says: (emphasis mine)
Doc, for the umpteenth time, hyperlinks to do not subvert hierarchy. In fact, they help establish their own hierarchies. They may help overturn existing hierarchies, they may increase the rate of "churn," but as should be abundantly clear by now, human beings are all about competing for rank in a hierarchy and hyperlinks are merely another tool. Technology changes how we do things, it doesn't change what we do.
David makes a valid point, but there is a hidden assumption. The assumption is that there is only one heirarchy of value (like in the High-School social scene).

The thing is, hyperlinks make it possible to have multiple simultaneous heirarchies... which really isn't a hierarchy at all, is it?

I write about things that interest me, and read Doc's column every day because he's interested in the same stuff. We both worry about the "echo chamber" effect that can come from it, and always are on the lookout for new opinions, and feedback.

My lovely wife, Noran, uses blogs in the way that David mentions in his posting, as a means of social support and networking. She tells stories about her Father, (whom we both miss dearly) talks about our vacations, or whatever comes to mind.

Neither use of blogs is better than the other. Blogs are about networking, and making connections to help others. The only inappropriate use of blogs is when they are done just to gain status, and then it's called spam. I like to think that I'm not in this just to hear myself talk, if I'm wrong, then I deserve to be slapped down. 8)

Technorati rank is just one handy shortcut for guestimating one's popularity in the blog-o-sphere... the Technorati class of blog, anyway. The number is a shortcut, and as I've said before, there are always hidden assumptions and other dangers in shortcuts. Like IQ test, and other arbitrary measurements, they can NEVER tell the whole story.

Web 2.0, The BlogoSphere, or whatever else you want to call the World Live Web has many different dimensions... many "tails", each with it's own values and value. This multi-dimensional web of communities defintely isn't a high-school social structure... thank G*d.

So, there you have it... hyperlinks don't subvert... but they do?

Thanks for your time and attention
--Mike--

Tags: [longtail, hyperlinks]

Monday, January 02, 2006

Rethinking NGSCB

When I said we couldn't trust NGSCB, I didn't give the B enough credit... B in this case stands for BASE... it's a Secure Computing Base... just enough hardware and firmware security to make sure the machine is in a known state.... which is always going to be necessary to secure a foundation for an operating system.

Mea culpa, Mea culpa.... Mea maxima culpa.

--Mike--

Climbing up the long tail?

According to Technorati, this blog is currently #368,207 from the head of the blog-o-sphere, somewhere down the long tail. The BitGrid blog fares even worse (mostly because it's stale).. at #1,052,328. This makes me pretty far down the long tail of attention.

Now, it's all my own doing, because I haven't fed the blog-o-sphere what it likes to eat, a regular stream of tasty morsels of thought that add value, so I definitely deserve to be out here. The only reason I'm not futher out is that I've gotten the attention of a few from what I have contributed.

The reason for caring about this at all breaks down into two things for me, ego... and in a round about way... uh... ego. ;-)

First, it's the human desire to matter, to have value. I think that men particularly base their self worth on how useful they are. There's nothing worse for me than when I've let someone down because of my own failings, or there is nothing anyone could have done. I feel best when I've helped someone, built something cool, made a neat discovery, etc. I assume this is pretty much the same way anyone works.

The other matter is having a voice and reputation... I want to participate in the blog-o-sphere, the conversation, but I haven't yet learned to trust that what I'm doing is getting ANY attention, unless I get feedback from another human. When I wrote about security, and my strong beliefs that we won't get it without the magic bullet of Capabilities a few days ago... I felt that I was just wasting my time unless someone was going to read it.

I asked Doc Searls about reaching an audience... and I definitely understand the rock-star rule I've read that makes it crystal clear... there are a lot more people who read Doc, than Doc can possibly read, but he didn't answer it directly.

Not to be Blasphemous, but talking to Doc has a very spooky effect.... sometimes I think about something.... and there it is... in writing, from Doc.... or... I'll ask about something, and he'll address it... but in completely a different context, but still entirely usefull for my purposes.

For example, in the discussions area of Doc's web site... I posted How to most effectively engage the World Live Web? which specifically was about the web. Here we are 2 days later, and Doc's talking about getting the most out of conferences. Why do I see a connection? Because both are generally about how to best have conversations.

Maybe I'm reading too much into it... but it's spooky to me. Maybe it's just birds of a feather... I don't really know... but there it is... an observation.


I look at the tail as a training ground, a place where we find our voice. As long as we get some feedback and encouragement, we keep at it, and work our way up. Technorati rank, is of course only one dimension of things, a particular beast which has particular tastes, and there are many more ways to rank things. If one ranks interest in BitGrid computing, I'm pretty much the only one out there, or so it seems, which makes that particular tail very low value...so...

The length of the tail is a measure of value

Or better yet... the size of a conversation is a measure of its value (to its participants)

Someone at the long end of the tail is giving attention to stay in the conversation, if there is nobody interested, the tail drops to size zero, eventually. On the other hand, there are echo-chambers where everyone wants to talk about something cool, just to be in on the cool new thing... this is the dark side of the long tail, which feeds the spam monster.


With all of these measurements, it's tempting to use them as a shortcut for the analysis of real value... but shortcuts don't work, unless you know what to watch for (in other words how to do the work if the shortcut breaks)

Spam is what happens when enough people use a given shortcut, and it becomes profitable to attempt to game the system.

Well.. that's a long ramble... I'll post then edit