shahidhussain.com

Are you familiar with the UAC prompt in Vista?

Or the “%Application would like to use your current location” prompt on the iPhone?

We - the nerds - can make fairly accurate decisions about the security of a product.

My mum probably can’t. Strangely, she’s being asked all the same questions as I am.

This disconnect is something that Aza, Atul and Jono at Mozilla Labs are trying to solve. Last night, the team discussed some of these issues at an open Labs event held at the Twitter offices. Can your computer just know what the right answer is without pestering you? How can it get that information?

For Instance

Let’s say that you come across a piece of code on the web that you want to use. This could be:

• A Ubiquity script
• A Greasemonkey script
• A Facebook application
• A regular thick client application for your PC or mobile device

We can extend this idea a little further. Let’s say you come across a piece of information on the web that you want to use. Do you trust it? This could be:

• A blog entry detailing how to set up X11 for your video card
• A forum post on how to optimise your website for online advertising
• A site giving out fashion tips
• Or whatever

Modelling Trust

There are a few different ways of figuring out whether you trust information.

• Do you judge it, or do you take someone else’s word?
• Whose word do you take? Someone you know? Someone you don’t know? An authority?
• Does that degree of trust change over time?
• Can you just mitigate the risk of bad information / naughty code?

You Judge It Yourself - a traditional solution

If the user is looking at something they’re familiar with - a regular person looking at fashion tips, or a geek looking at code, this can work well enough. If it’s an area you’re not familiar with, you might be able to use some extra information to guide your way.

Does the information seem sensible?
Is it spelled correctly?
Is someone proposing that you wear A-line flares with pockets in the knees?

As before, the problem here - especially with code - is that not many people have the skills to review the thing accurately.

Mitigate The Risk - also known as sandboxing

In the case of code, allow it to execute in an area where even if it is naughty code, it can’t do too much damage. Or, you test out some advice on your online advertising strategy with 1% of your user population only. Or, you decide to wear your new clothes around the house, and invite some specific people in to check out how you look.

There are two obvious downsides. One, setting up a sandbox can be annoying. Two, you are probably going to have to restrict what sandboxed code can do. If you look fabulous in your new outfit, you probably want to be out on the street rather than inviting just a few people over.

Take Your Friends’ Advice

Women shop for clothing, in general, in a very particular way. They gather together in a group, try on outfits, and ask their friends / gay male friends / husbands how they look.

Frankly, the thought fills me with dread. But it works. It’s another trust model - basing your trust of information or content on people that you trust.

In real life, that trust is weighted. You might trust your friend Alice’s opinion on style, but Bob doesn’t quite have it.

Online, we might think of using a social graph like Facebook to pick up who trusted what. For example, when you consider adding a new Facebook application, FB tells you how many of your friends have added the application. That’s great, but it makes two important assumptions:

• If someone trusts you, you trust them
• You trust all of your friends equally

… neither of which is always true in real life. For example, if you want to install a piece of code and you want to know if it’s malicious, you’d probably trust the geeks you know more than your friend in marketing.

Take Everyone’s Advice

When you look up a popular item on Amazon.com, a whole bunch of people have reviewed it and given their opinions. With enough volume, these add up to sensible suggestions of which movies are good, and so on. When browsing the App store, the number of people who have downloaded a top 10 app adds up to a sensible suggestion of which apps are useful and don’t screw too much with your phone.

Also known as the wisdom of crowds.

This works very well at scale. When you’re starting off, the effect of outlier reviewers in the population is large, so it doesn’t work so well. Too many good startups flounder because of this - they’d work great at scale, but getting scale is tough.

The further assumption here is that everyone’s opinion has equal value.

Believe The Popular Kids

If we break that assumption, we can weight the opinions of some people over others. For example, in a web forum, one poster might have a better reputation that others, so you might trust their advice over someone else’s.

The more authority someone has, the more trust you have of their opinions, and the more weight you apply to them.

Don’t read beauty magazines, they will only make you feel ugly

If you don’t take Baz Lurhmann’s excellent advice, and you do read beauty magazines, you might be taking your fashion tips from an authority. SSL works in the same way - you trust that a website is who they say they are, because they registered with a certificate authority. This is having the ultimate trust in someone or something, because they are the ultimate authority.

OK - thanks. What was the question again?

How can your computer understand whether a piece of code it comes across on the web should be trusted?

• You could trust an authority to tell you.
• You can take advice from your friends.
• You can let everyone vote with their feet, and follow the crowd.
• You can try and figure it out for yourself.
• Maybe you can sandbox and not have to worry about it.

Capiche?

I often walk down Stockton to town, and I’ve passed by this shop many times.

I’ve popped in a couple of times - it’s a gadget shop, I’m a nerd - but I’m still absolutely confused as to what the store’s purpose is.

You’ve probably seen the products before. If not, I offer you this link. Hanspree products are all pretty much the same - slightly crappy LCDs with a novelty surround.

Yes, that’s a box of chips. No, the other chips.

Like a lion in Zion

So where might you actually find something like this being used? Here’s our best guesses:

• A kids bedroom
• A themed environment (like a baseball fanatic’s recreation room, or a shop)

Perhaps I’m being a little pessimistic, but I don’t think these are huge segments in the US.

Driving Footfall

It seems to make sense to design the store to appeal to the same people that might buy the products. So here’s what the store looks like:

That’s right - it looks just like the Apple store, except it’s empty

Again, I’m going to stab in the dark and guess that a store that looks like this would appeal to trendy 20 - 30 year olds or roll-neck, designer glasses wearing 50 year olds, both of them fresh from the Apple store.

What I can’t work out is where the crossover between these two segments lie. It’s possible that they are going for trendy designer parents with young kids who have themed bedrooms. That strikes me a pretty narrow segment for a significant investment.

The other possibility is that this store is a cock-up of sorts. There are plenty of reasons why it might have happened - the store looked that way before they got there and they didn’t want to change it, the store designer is being inspired by Apple rather than the customers, and so on. I think it’s most likely that Hanspree HQ have had success with this format overseas, and didn’t want to modify it for the US market.

I don’t have enough data to say either way - but if I had to guess, that’s the one I’m going with.

Learning about the birth of the IBM S/360 while at the Computer History Museum is like eating chocolate biscuits wrapped in chocolate as far as I’m concerned. Last week I tasted the goodness.

What’s the System/360?

Back in the day, you bought a computer and programmed for that computer alone. If you bought another one, this ran a different way and you had to program it differently. Now imagine how many PCs you’ve been through, and imagine how it feels for a company that wants to buy a computer, then grows and needs a bigger one. It sucks, and every time you switch it doesn’t matter if you buy an IBM, a Fujitsu or whatever - you have to rewrite everything anyway.

The S/360 was the first line of computers where architecture and hardware were separated. That meant that you could buy a little one, write programs for it, then buy a bigger one when the time came to upgrade. It meant less of a pain in the arse for customers, and a lock-in for IBM. Kerching!

The only problem was that the project was planned to cost $5bn over four years, which was way over IBM’s annual revenue at the time. They went ahead with the project - but why? They answer, as usual, is a bunch of different reasons.

IBM, the organisation

Tom Watson Sr, who pretty much started IBM from scratch, was a Victorian, moral, old guy. This song probably helps explain better than I can. His son, Tom Watson Jr., was handed the reins just as Sr was shuffling off his mortal coil. They didn’t get on. The father never trusted the son.

This is Watson Sr. Definitely a crusty old dude.

So the son, we suppose, wanted to do something to make IBM his own. But there’s more.

Fear

It seems that there was a culture of fear at IBM at the time. Fear of competitors, sure - but also fear of doing nothing and being squashed as a result. People argued with each other all the time, but the strong culture that Watson Sr. had installed kept the company together and working. This is the amazing part - the agitation that people felt was what drove them to win.

Andy Grove describes some similar stuff in his book about his time at Intel.

"Fear is powerful in creating and maintaining passion. Fear of competition, fear of bankruptcy, fear of being wrong and fear of losing can all be powerful motivators."

The strange part for me is that history repeated itself. There’s a formula for a successful culture here, but certainly not a comfortable one.

Here’s another one:

"Success breeds complacency. Complacency breeds failure. Only the paranoid survive."

You’ve probably heard that one before, but it’s fascinating. Any successful company’s first instinct is to recognise what they did that was successful and repeat it. As time goes on, they become resistant to doing anything else - I mean, it seems completely illogical. Why would Microsoft do anything to endanger Office or Windows? Why would IBM leave hardware and turn into a services company? But the problem is that it leaves you completely open to attack by a competitor who is free from this way of thinking.

Lots of companies have thought a little further ahead, and released products that cannibalised their own - it’s better to do that to yourself than let someone else do it for you.

The S/360 was one of those projects, and IBM was one of those companies.

The Tutor

The class was taught by Prof Tedlow, who is one of the superstar professors at HBS, and a specialist in business history. It’s unexpected to see someone that skinny fill a stage, but that’s exactly what happened. He had help - the room was littered with old-school IBMers, including a couple of superstars.

That gentleman on the left is Tedlow. And on the right, Gene Amdahl, the chief architect of the S/360. (Oh - and he quit IBM, started Amdahl computers, which flopped and got bought by Fujitsu, to the amusement of the chap now working at Fujitsu who was sitting to my left.)

One more that I didn’t manage to get a picture of - Bob Evans, the S/360 project lead (hat tip to Karae in the comments).

The more things change

There’s nothing really new that happens in business - culture changes, products that change the industry, engineering versus sales and so on.

I thought that technology was an exception.

Maybe not so much.

Linuxworld is a meeting place between corporate IT departments and businesses trying to make a buck with Linux / Open Source.

I had the chance to attend Simon Crosby’s keynote - he’s the CTO of Citrix, and used to be the CTO of Xensource before it was gobbled up. Although I was disappointed to hear the words “drive innovation”, the kernel of his talk highlighted an interesting trend - the migration of large corporate IT to cloud computing.

It’s an old story. (Remember the NC?) Unsurprisingly for a Citrix guy, he talked a lot about thin client computing. As anyone who’s used a corporate thin client knows, it’s kinda slow, printing to a local printer / reading from local drives is a pain, and so on. (From the IT side, licensing is a pain in the arse, you have a central point of failure, and you need to find a bunch of people with more expensive skill sets to get it working.) One hopes that bigger pipes will make it workable, but it’s anyone’s guess as to when the tipping point on generally available bandwidth is reached to make this type of stuff truly practical. There is a pot of gold here - centralising IT infrastructure makes sense to a lot of corporate IT departments. Companies with a large mobile sales force and minimal applications spring to mind.

More widely, he talked about the advantages of bringing cloud computing into a data centre. I suppose that means using your browser to get at web-based corporate stuff rather than a Citrix / RDP client to get at a virtual desktop. The line is fuzzy somewhere. Here’s the Xen angle - he can get the requests for computer power abstracted from the hardware, just like in a cloud like EC2. (It turns out that Amazon use Xen all over the shop for EC2.)

Isn’t EC2 neat?

One interesting case study: it turns out that the NY Time “time machine” was constructed by converting their old TIFFs to PDFs and doing OCR, and it cost $240. Here’s how: they outsourced the horsepower to EC2. (Of course, I imagine they spent a hell of a lot more than that setting the run up.)

Is that really relevant?

Probably not. But here’s the bit that I think is important.

As clouds wander into the corporate data centre, they give us the opportunity to centralise a bit more of the computing stack. Right now, we usually centralise files, emails, printing queueing and that sort of thing. These things enable us to also centralise processing power & storage. Granted, it’s not for everyone, but I can see it making sense for some folks. (Banks and academia spring to mind, as they both routinely solve computationally hard problems.)

The internship is an essential part of the MBA experience, because most people come to do an MBA to switch jobs, and most people use the internship to do that. So, with that in mind, here are some important things to consider.

If you’re choosing a school, note that companies will only recruit at some schools.

That’s not to say that you can’t get a job if you’re outside the target list, but keep an eye on it. As you choose which MBA school to enter, find out how many alums they have at the companies you’re interested in, and when they went. If you see a healthy stream of folks heading to where you want to go, that’s good. The company has links with the career service, and most importantly, the alums inside the company will now be recruiting and will look favourably on your school. Managers define the culture, and if that culture is Kellogg (or wherever), you’re going into recruiting with an advantage.

If you’re choosing target companies, choose your location wisely.

There’s a crappy MBA word we use to describe this, which is co-location. In English, this means that the location you choose has other effects than just the weather. If you’re in Finance and you’re interning in London, you’ll be meeting a bunch of interesting people from other firms, and will be hob-nobbing with bigwigs in your firm (as London will either be HQ or a powerful subsidiary). If you’re in VC in the Valley, same applies. And so on.

If you’re in school already, talk to your alums.

These people are phenomenal. Not everyone will talk to you, but some are happy to chat. Captain Obvious also advises that you are NICE to the people you’re talking to - they’re giving up their time to talk to you, and they’re bigger than you are.

Don’t listen too hard to company presentations.

It’s probably obvious, but they are telling you what is great about the company, when what you need to find out is how well you fit within it. It’s rare to hear a company say “if you’re not a person like X, you probably shouldn’t apply”. However, some industries (Consulting, Finance, some Tech) keep a beady eye on whether you showed up as an indicator of your interest. Also, you can grab people afterwards to talk one-on-one. If you listen carefully, you can get the straight dope.

A very small hack. In Office 2003, once you have inserted a picture you can make it transparent. If you love transparency, you’ll have been disappointed to discover that this function has been removed in Office 2007.

However, there is a way around. It’s a little bit ugly.

• Insert a regular vector object like a rectangle.
• Right click -> Format Picture -> Fill
• Select “Picture or texture fill”
• Insert your picture
• Now play with the transparency
• You may have to remove the “line” outlining the shape