How Not to Start a Briefing

I was on a vendor call today with two of my analyst colleagues. The vendor intended to update us on a revision to an existing e-mail security appliance. The product is simply known as the "8300 appliance." Of course, the product managers must have assumed that the product's functions would be somehow self-evident, because the product manager's first question to us, after introductions, was this: "Are you all familiar with the 8300 product?" Crickets started chirping on cue... Now, bear in mind that not too long ago I received a briefing from a different vendor about a product they called "the 8550." This was another gateway product -- but for SOA security. Too many briefings, plus too many arbitrary number-centric naming schemes, equals confusion. Considering how much flak Microsoft catches about their products, at least historically they haven take time to come up with names that tell you something about what their products do (e.g., Internet Security and Acceleration Server). They seem to have fallen off the sensible-naming wagon lately (Windows Live OneCare? Dynamics?), but still get it right more often than not. Mercedes and BMW can get away with numbers-only product names. Security vendors? Not so much.

Work/Life Schizophrenia, and the Calendars They Produce

Every Anywhere Consumer, myself included, do their best to balance their personal and professional lives. In my case, I've got multiple "personas":

• My day job persona (as a Yankee Group analyst)
• My "professional hobby" personas: securitymetrics.org editor, JSPWiki commiter,Identity Gang member, weekend programmer
• My "private life" personas: family man, friend, book club member, cook, bread-baker, condo association treasurer
• My consumer personas: buyer of books, music, clothing, gadget hound, political junkie

All of these personas, taken together in their totality, form the essence of who "I" am. Much of what composes my identity is offline, but plenty of it is online. Running through all of them, however, is the continuity of time. Each persona engages in activities, which need to be scheduled and time-sliced. 

Most people use a combination of analog techniques (date-book, to-do lists, scribbly notes, photographic memories) and digital tools (calendaring programs) to keep their priorities, and activities, straight. In the digital realm in particular, experienced PIM addicts use their calendaring programs. I got my first Palm in 1999, and I took to it like a duck to water. For me, my electronic calendar is my lifeline. If an event isn't in my calendar, it does not exist, and won't happen. The reason is simple: every day I receive dozens of requests for briefings, inquiries, follow-ups, social gatherings and the like. I have found that I cannot stay sane unless I stay on top of my calendar. I may not always be as prompt as I'd like with e-mail -- but I can guarantee you that my calendar is always up to date.

Over the years I have tried many techniques to keep my calendar straight. Up until last year, I used the One True Calendar approach: namely, use my work calendar (today, Lotus Notes) as the canonical source of all things calendar-related. In short, stick everything into it, regardless of the the persona they relate to: personal, professional, consumer, developer etc. The One True Calendar is, in essence, a centralized hub for everything time-related.

The centralized, One True Calendar technique worked well enough. It synced to my Treo, and life was good. But now, in 2008, I need more than what one calendar can give me. I have friends to keep track of, birthdays, travel plans and other activities that aren't always within the span of my control, and wouldn't be practical to spend time double-entering. Thus, last fall I abandoned the One True Calendar in favor of a more loosely-coupled system based on calendar subscriptions (iCalendar). iCalendar subscriptions have simplified my life considerably, and made aggregating time and event information from multiple sources easier. Apple's iCal application pulls everything together into a consolidated view.

Using calendar subscriptions means that instead of having a single calendar, I can stitch together multiple calendars, including those of other people. Subscriptions are superior because each event source continues to maintain its own schedule independently. But, through the magic of iCal aggregation, I can still see how everything relates. Best of all, because iCal syncs with my iPhone, I can take my tangled schitzophrenic schedule with me wherever I go.

Rather than traffic in abstractions, here's a screenshot of my current iCal calendar. I've turned on all of the calendars.

As you can see,  I subscribe to iCalendar feeds like US Holidays (in green), a list of security conferences (in brown) and a service called Dopplr that tells me when I'm going to be in the same cities as my friends (orange). And, to integrate my work-related events, I also wrote a little LotusScript hack that exports my work calendar (from Lotus Notes, shown in blue) as an iCalendar feed every 15 minutes. You can also see my Birthdays calendar (green, pulled from Address Book).

I have also become addicted to TripIt (shown, in orange), a service that creates nicely-formatted travel plans, based on itineraries you forward to it. At Yankee, we use a particular outside travel service for booking flights, hotels and cars. I used to enter all this stuff by hand into Notes. Now, I don't have to. When I book something, I forward the travel agency itinerary to TripIt, and it smartly parses everything and creates a virtual calendar entry with from/to information, flight numbers and times, confirmation numbers and the like. I can use TripIt with other travel agencies, too: so, if a customer arranges travel for me using their own agent, I can simply forward the details to TripIt, and all is well. Here's the best part: all of these details are available as an iCalendar subscription. That means that everything I send to these folks will magically appear in my calendar, because I'm using a calendar (iCal) that understands iCalendar subscriptions.

The point of all of the preceding isn't to show how much of a smarty-pants I am. Dork tendencies aside, I wanted to demonstrate, in concrete terms, three things: 

• All of the things I keep track of don't fit nicely into a single persona
• Calendar aggregation , not calendar centralization, holds the key to allowing all of multiple personas to time-slice
• Subscriptions hold the key to integrating outside services, and other people's calendars

All of these points speak directly to the needs of Anywhere Consumers, and of the limitations of insular calendaring programs like Lotus Notes. As workers seek to increasingly blend their work and personal lives, we will increasingly need software that is persona-aware, and that works seamlessly in a federated, interdependent world.

Epitaph to the high-definition disk war

I've been talking to a couple of reporters over at Wired lately about the aftermath of the HD-DVD/Blu-ray war (I'm waiting for a declaration that February 20 will forever be commemorated as HD armistice day). The upshot of my comments to date has been 1), that Blu-ray was crowned the winner by the studios and CE manufacturers in 2006, and 2) Apple's role in Blu-ray is more about creating Blu-ray content than playing it. But I thought Notes From Anywhere readers might be interested in some additional factors that haven't been getting as much press play.

Daniel Eran Dilger over at roughlydrafted.com made some good points I'd forgotten about the HD-DVD vs Blu-ray war, among them that HD-DVD carried with it the proprietary lead weights of Microsoft's Windows Media Player, WinCE, and VC-1 coders built into the standard. And while VC-1 was supported in Blu-ray, it relied more on H.264 which was a true international standard. It should come as no surprise that Hollywood, having seen the movie of Microsoft using proprietary standards to become the toll collector an an industry before, rebelled, and therefore ended up siding with Sony, who was at least, "one of them." It also didn't help that Microsoft, in its usual inimitable development style, was consistently late in delivering its technology software to HD-DVD partners, which caused Toshiba's early technology lead to evaporate.

One other data point I'd forgotten was that Michael Eisner at Disney was originally a Microsoft/HD-DVD fan and licensee of Windows DRM, but when he left in 2004, Disney became a Blu-ray supporter. That defection may have started the stampede away from HD-DVD, and Disney's purchase of Pixar and Steve Jobs sealed the deal.

One point I had made in articles I wrote about this technology war in 2005 was the two of the big supporters of HD-DVD were Microsoft and Intel, each of whom could account for exactly zero million HD-DVD drive sales. Whenever I see "Barney alliances" -- ones where no money changes hands, but all the partners agree to love each other and their technologies --- I always consider it a sign that the partnership is going to fail. As someone once said, anything worth doing in business is worth doing for money. And when there's no money at stake, there's no business. The death of HD-DVD proved that rule again.

One final Anywhere note to this obituary: as my colleague Andy Jaquith noted in a press interview recently, DRM is the mortal enemy of Anywhere media. The HD-DVD battle taught Toshiba that lesson, but Sony has yet to learn it, despite its ATRAC defeat at the hands of Apple's less heavy-handed DRM. Sony's Blu-ray may have won the high-def format war, but there are still many battles to come to win over Anywhere consumers, who will be inundated with on demand offerings, downloadable media, and innovative media-repurposing technologies like Slingbox. In our increasingly digital world, collections of ones and zeros will become increasingly more difficult to protect. Sony should learn from Toshiba's mistake and think beyond Hollywood's demands for more and more DRM. If it doesn't, Blu-ray's victory could be short-lived.

Update: One commenter notes that WinCE and Windows Media Player were never part of the HD-DVD spec. I personally haven't read the spec, so I can't prove or disprove the assertion, but Microsoft certainly claims these are key and essential parts of reference HD-DVD implementations. I apologize for any confusion.

Yahoo-Microsoft: the damage has been done

I'm not typically a fan of Motley Fool nowadays, but I think this article titled, "It's Too Late to Apologize, Microsoft" has the dynamics of this deal just about right: "...both Yahoo! and Microsoft's online division have been permanently damaged. Google won." And just to add irony to the mix, it's published on MSN.

Amazon's service failure provides cautionary Anywhere lessons

For those who started their long weekend early last week, Amazon's storage 'cloud' service goes was offline for about three hours on Friday. When I combine this with the similarly long Blackberry outage earlier in the week, I think there are some lessons worth noting:

• Outages that seem important to you aren't important to service providers. Too many people assume that by outsourcing their technology challenges, they'll be getting world class service and risk management in return. Based on the quotes of Amazon and Research In Motion executives, those assumptions are misplaced. RIM co-CEO Jim Balsillie dismissed the Blackberry outage as "an intermittent delay, a couple of hours. It's old news." Amazon at least admitted that the downtime was unacceptable, but only did that after customers spent hours searching for the cause of the problem.
• Cloud services don't guarantee anything. No matter how good those service level agreements sound when you sign them, when the service is down, you're down as well. And if you look very carefully at most of those service level agreements, the penalties for not providing the service are limited to what you are paying that month. That's cold comfort when your business's revenue goes to zero for an unknown period of time.
• Anywhere services need more than commodity service. Many Web 2.0 startups have staked their future on the hope that cloud computing is "good enough" to propel their business models. But as consumers get used to Anywhere services -- ones that anyone can use on any device on any network -- the more they will be disappointed by garden variety, commodity service. Those companies aspiring to be the next Google should remember that Google started out by building its own massively-redundant infrastructure in closets at Stanford University rather than just piggybacking on university resources. Anywhere reliability and scale will require more than formless cloud infrastructures to work 24 hours a day, seven days a week.

One final note: one of the companies I consider to be a great Anywhere company already is FedEx. While some may argue that it isn't in the Anywhere information business, many of their executives would disagree strenuously, noting that the information they collect on packages and deliveries is just as valuable as the packages themselves. I remember one of the CIOs of FedEx commenting, "Our data center is a lot like Noah's Ark: we have two of everything." And their circa 1996 thinking about contingency planning and reliability of service as documented by Wired Magazine is a great example for companies today to consider:

Behind one of these straitlaced corporate citadels, a low-slung building squats buried under a vine-covered earthworks, shielded by walls of thick concrete. Formally known as the Global Operations Center, it serves as a subterranean command facility for the entire FedEx distribution and delivery system. Employees call it "the Bunker."

The lighting in the Bunker is subdued, and a hushed intensity crackles through the climate-controlled air. On the walls, giant flat-panel projection screens display real-time weather maps of the continental United States, while workstations around the periphery stand equipped with banks of computer terminals and heavy black telephones. A team in the back of the room specializes in domestic operations, and another behind it focuses on surface transportation. Up front is the international unit; a bevy of flight crew dispatchers are positioned off to the left, and there's a handful of meteorologists tucked off in a dark corner.

"It's pretty quiet here now," explains Bunker manager Pete Gwaltney. "But come midnight, the place will be a whole lot busier. At peak periods, we operate in five-minute decision cycles.

"Gwaltney's job is to keep the FedEx distribution network running smoothly despite the inevitable grind of glitches and failures that plague any complex mechanical system. But as he nonchalantly puts it, "This company spends lots of money preparing for contingencies."

To demonstrate the point, he explains how FedEx launches an empty jet freighter each night from Portland, Oregon, bound for Memphis. The jet tracks a course that brings it close to several FedEx terminal airports so that if one of the jets parked on the ground suffers a sudden mechanical failure, the empty freighter can swoop down and pick up the stricken plane's cargo.

The image of that empty FedEx jet streaking through the night reminds me of the old "doomsday" bombers that were kept aloft and on alert during the Cold War. "Jeez," I remark. "It's like Strategic Air Command around here." Gwaltney smiles, as if the same thought crossed his mind a long, long time ago. "Actually," he says, "it's more like Strategic Freight Command."

That's what I think of as the gold standard for Anywhere services. And for those companies who think they can bet their futures and investors' money on cloud-based, best-effort services and compete with companies that think like FedEx, good luck with that. You'll need it.

The Post-Platform Security Era

Greetings everyone! This is Carl Howe’s Yankee Group colleague, Andrew Jaquith. I’m a security analyst at Yankee. Carl was kind enough to invite me to contribute to this blog. The attraction of posting to this blog was plain, because it is about what we at Yankee Group call Anywhere. At its core, our mission is to forecast how mobility, miniaturization, exploding numbers of form factors, plentiful bandwidth and networked applications will change our lives. We expect that carriers, corporations and consumers alike will benefit from a rising tide of innovation that will bring us new forms of entertainment, commerce and access to information. With that in mind, it is with a mix of resignation and bemusement that I was recently asked to respond to a study by security vendor Sophos about malware predictions for a particular platform, in this case the Mac. You can read the story (which includes my comments), but I’ll save you the time and cut to the chase. According to Sophos, “93 percent believed malware writers would increasingly target the Mac in the future.” I'm not really sure what to make of this study. While I recognize that not all of the security vendors speak with one voice, the narrative on the subject of Macs and viruses has gotten so twisted that it would make Ernö‘ Rubik gasp. First, the line was “Watch out! Mac users will, we are very very sure, be targets of malware in the very near future.” This was generally accompanied by, “Mac users need to stop living in a false paradise!” But now, according to Sophos, Mac users aren't living in a false paradise after all, because they “expect to see more malware.” So which is it? Are Mac users all beret-wearing, latté-sipping artistes that don’t have a clue about security, or are they world-weary realists warily awaiting their next attack? Of course, it doesn't really matter. Frankly, all of these things are just justifications to sell more OS X software. And Sophos’ study should be seen for what it is: a publicity event in service of that goal. More broadly speaking, though, all of this hot air about Mac versus PC security has nothing to do with the real problem: cyber criminals trying to trick end users so that they can take over their PCs, steal money or steal account credentials. That’s a platform-agnostic problem. For Anywhere Consumers — who use whatever operating system they want — the targeted device or platform is much less important than the goal of the attacker. The story really ought to be about whether end-users are safe, educated and aware, not what platform they use. It is high time for the dialogue to shift to the post-platform security era. Let’s stop the usual finger-pointing, schadenfreude and scare-mongering.