Atomic Energy

Finally. RIM’s management has stepped aside. After 20 years running Research in Motion, Ltd., from startup to superstar to falling star, Mike Lazaridis and Jim Balsillie have stepped aside as co-CEOs and handed the reins to Thorsten Heins, formerly RIM’s co-COO. Of course, Balsillie and Lazaridis will remain active Directors, so one wonders how much maneouvring room Heins will actually have, but it may not matter that much. Heins is set to stay the course, and believes in RIM’s strategy. Heins may not have much of a choice, as the (c0)COO from the current management team, he is likely to be personally (and emotionally) vested in the current strategy.

I am not wholly convinced that the company can be saved. It has lost the war for the platform, and the battle for the hearts of its users.

A colleague recently asked me for my opinion on RIM’s management shuffle. My response?

“The Costa Concordia has already hit the shoals and is taking on water, with or without a new captain. Work to constantly delight your customers *before* the rocks, not after the ship is going down.”

Rumour has it that RIM will be asking the Nasdaq to change their ticker symbol from RIMM to RIP…

So Zappos was breached. It happens every day, certainly far more often than we hear about in the news, and, I suspect, more often than is reported to the appropriate law enforcement agencies, primarily the FBI cyber crimes unit (whose exact name escapes me at the moment).

I have done a lot of work in the cyber security space, in financial and retail, internal corporate and external facing, including compliance with the card industry’s official standard for cyber security, the imaginatively-named PCI-DSS.

I do not know how Zappos has built their internal network. But I can reasonably infer that they did at least a decent job, based on the results of the breach. The most important point is that despite a serious breach, no credit card info was compromised. Not one single complete credit card number was exposed, no security codes (those printed codes on the front of an AmEx and back of all the others) was lost.

Cyber security, like physical security, is built in layers of defense. The goal is both to minimize the probability of breach and assume a breach will happen some time, and thus mitigate the damage. Clearly, Zappos did not store credit card data in the clear with general information, but separately, and, likely, encrypted. They did not store the security codes, as PCI-DSS bans it. This breach hurts, but the impact is more of an annoyance than a serious impact. Further, they properly implemented password changes. They don’t store your password, nor can they email it to you, but rather can enable you to change it.

Most importantly, though, they handled customer relations correctly. They came clean from the beginning, and thus risking public wrath instead won customer trust.

Kudos to Tony Hsieh and his team.

Today, in the Harvard Business Review blog, Anne Kreamer discussed the exciting new finding that reading books, general books, even (horror) fiction or literature, stimulates new pathways and is beneficial to your social interaction and, by extension, your usefulness to society and the economy. Thus, one no longer need to feel guilty about reading, whether John Keegan’s military history or Clayton Christensen’s Innovators Series, whether the Great Gatsby or Harry Potter.

While I have no doubt some of her “guilt” discussed was intended tongue in cheek – anyone who really enjoys sitting reading the Great Gatsby in the evening instead of watching television is, thankfully, not about to be too burdened by such guilt – there is nonetheless some implicit (or explicit) assumption of productivity requirement. The study “absolves” one of the “sin” of non-productiveness when reading by showing that even reading can be a socially productive activity.

I find this deeply troubling. Literature, history, fiction, business.. it matters not. Reading is good in the absolute sense. To really understand the meaning of good, listen to Bill Cosby’s classic “The Apple” (available on iTunes and Amazon).

I love business. I love productivity. I see value in every productive moment and could not live without it. If I were wealthy, retirement would be the farthest thing from my mind, as it is, quite simply, unproductive. Profit means excess value creation, and the improvement of the lot of mankind. But life is about life. Reading is good because it expands one’s mind and makes them a better, more educated and more creative person and member of society, and a more fulfilled and fulfilling human being. It need no justification, no dispensation from the priests of high business.

I had the privilege of attending Columbia University, with its excellent core, as an undergraduate. Over the entrance to Earl Hall the following is inscribed:

“Erected for the Students that Religion and Learning May Go Hand in Hand, and Character Grow with Knowledge.”

A year ago, I wrote a piece on the tension between HTML5 and Native Apps, especially as it was playing out on mobile devices. The original is here. I found it interesting how the world flocked to the Web to get off of native apps, yet in mobile had flocked to native apps.

At least partially, I think that people were actually flocking to the idea of the cloud, rather than the no-distribution (or “No Software” as Benioff of salesforce.com would call it), which appealed primarily to IT departments. Nonetheless, it is ironic that the creation of truly portable devices – iPhones, iPads, Androids – meant considering being really offline on a regular basis, as opposed to mostly connected on a desktop/laptop. html5, with its offline capabilities, is meant (in part) to resolve that tension by providing the ease of development and distribution of a Web app, with the offline capabilities of a native app.

Pascal-Emannuel Gobry, who has quoted my writings before, wrote an extensive interview piece that largely agrees with my assertion: html5 apps will eventually dominate and then replace native apps. He asserts that it will take longer, and that it will have different economics and dynamics than the closed-wall garden of current app stores.

I would find it very interesting to apply the models of Clayton Christensen @claychristensen to the html5 vs native app discussion, especially in light of Gobry’s description of native apps as very highly integrated (Christensen’s terms) vs open and modular (again, Christensen’s). Christensen’s model would imply that in the early stages, the integrated, controlled native app model is likely to dominate, but over time the modular html5 model will take over, eventually disrupting Apple’s and Google’s position at least in the app store.

An interesting possible continuation is that without locking to native apps, both iOS and Android become just platforms. Much as I like my iPhone and iPad, will html5 not only reduce their clout in the app store distribution model, but possibly lead to openings to disrupt the very platform itself?

Paul Vixie objected to a response on thehill.com (my response is on page 2 of the comments) to his (and other key Internet engineers’) objections to SOPA/PIPA on technical grounds, response by Paul is here. I agree wholeheartedly with Paul on the technical issues – not sure I would publicly try to disagree with Paul on the guts of DNS – but there is a more fundamental issue at stake, specifically the limits of government intrusion vs. freedom, and the limits of liability/culpability for unintended involvement in liable/criminal acts.

Here is my response as posted there:

@richard, @paul,

I think we miss an important point here. Richard, Paul knows far more about DNS and DNSSEC than almost anyone else on the planet, including you and me. He is correct – and I would trust him even if I didn’t understand him – that end-to-end security of DNSSEC is similar to that of https; if anyone in the middle changes an element or response, then the whole thing is invalid.

However, you both miss a key point. The issues with SOPA are not technical in nature, although, as @paul says, there are technical issues. If it were possible to do DNSSEC and the restrictions of SOPA/PIPA, the backlash would still exist.

The Internet-using population as a whole objects not to the mucking with the guts of the Internet as the attempt to create censorship. No one (at least no one mature) objects to anti-crime. There are already laws on the books that make it a crime to copy and distribute copyrighted material. If someone takes a copy of the last Harry Potter film, copies it and redistributes it without approval from the copyright holders (Warner Bros), then they can be charged with criminal activity under Section 5 http://www.copyright.gov/title17/92chap5.html

However, SOPA/PIPA does not even attempt to criminalize copyright infringement; that is already done. It attempts to criminalize any intermediary, knowing or otherwise, and give government and sometimes private individuals the power to shut down entirely those intermediaries.

If someone carries 500 copies of Harry Potter on his person, flies American Airlines into LAX, and is caught by Customs, he is held liable (as well as suppliers), not American Airlines nor LAX, and Expedia is not held liable for selling a ticket on AA, or Google from providing search results to Expedia. Yet SOPA/PIPA ask that the moment that happens, American Airlines can be shut down, as can LAX, Expedia and Google.

The only time AA or LAX should pay is if Warner Bros warns them in a timely fashion, and they don’t take reasonable action. We have a law like that for Internet copyright, it is called DMCA.

The issue is not the technical, it is the fundamental.

One of my favourite daily reads is Fred Wilson’s AVC at avc.com. I don’t always agree with him, but Fred has some great insights, raises interesting issues, and every one of his daily posts has 100+ comments. The community Fred has gathered around his writing is phenomenal. I think if he could find some way to monetize it, he could retire from the VC business, although I strongly suspect he enjoys it too much to do so.

In yesterday’s comments thread, John Revay posted a question about selection of technology for building a prototype. It was an important question, one that underlines how seemingly irrelevant early stage choices can have a huge long-term impact (or, in financial terms, the decision is highly leveraged). I felt it is worth repeating the question and my answer to it in full here.

And the response:

A piece on Twitter today made me think of the Second Amendment. Apparently, a Massachusetts DA used a subpoena to get information on some Twitter users, and then made the mistake of asking Twitter not to inform the user. Twitter promptly ignored the request to keep it secret, while still complying with the law by providing the user’s info.

What does this have to do with the Second Amendment (while steering clear of the politics)?

One of the key purposes of the Second Amendment was to counter balance the exclusive right to the use of force. While there is never any desire for civilians to rise up against the government, the very knowledge that government does not have an exclusivity on the means of force and violence would naturally curb its inherent tendency towards excess.

I am not an anarchist, nor one of those who believes that government and civilization are inherently evil. Hobbes was right, without organized civilization, life would be nasty, brutish and short. I do, however, recognize the foresight and understanding that the Founders had, that government, by its nature, would tend towards abuse of its power.

For some time, despite many well intentioned DAs, some, perhaps too many, have abused that power, in the self-interest of either power or political advancement. They do so safe in the knowledge that they pay no price for that abuse, as it normally does not make it to public knowledge.

The Twitter case shows how that power balance may be shifting. As key elements of behaviour that interest government shift online, government is attempting to use its tools – and abuse them – believing the old rules apply. While the tools can and should be used, and Twitter, Google, Facebook and the like should comply, officials need to know that the online communities communicate across large number of people, in many ways organized themselves, in seconds.

If the knowledge that officials no longer have a monopoly on organization, similar to its lack of monopoly on the use of force, in and of itself will curb abuses, then the Internet and social media have provided yet another invaluable service to society.

A few months back, Marc Andreessen posited that Oracle was in really big trouble, it just didn’t know it yet (at least not publicly). His experiential reasoning: he invests in lots of companies, and is connected to many many more, and not one of them, without exception, uses Oracle. Everyone uses either MySQL/PostgreSQL (i.e. open source) SQL, or NoSQL Mongo/Couch/etc.

Yesterday, Oracle’s earnings came out, revenue was basically flat, and the share plunged. As pointed out by Matt Rosoff, this may confirm Andreessen’s prediction.

My take on it was the income from support and maintenance versus new license sales. When a software firm reaches the point that the revenue from maintenance equals or exceeds revenue from new sales, essentially the company is on the way down. I was a customer of IBM when VP at a large financial back in 2001-2005, and I clearly recall when IBM’s Tivoli division crossed the 50% mark.

A software – and any – company’s future depends on its ability to sell to new customers. If existing customers are paying the same or more as new ones, then you are having a hard time selling to new customers, and you are on your way down. You may milk the cow for a good few more years, in which, because of reduced R&D investment, your cash may be higher than before, but life is on the way down.

The real pity of it is that Sun was a great company (and great engineering shop with great talent), and likely will go down along with Oracle.

I saw a great article earlier this week, listing large tech company CEOs who are most hated by their employees, based on their approval ratings. The article is available here.

My first reaction was, “who cares?” A CEO’s job, after all, is to work for the owners, not the employees. If s/he delivers value, who cares what employee approval ratings are?

On reflection, though, I realized that my attitude was wrong, beyond my not wanting to work for such a CEO. First of all, the best execs for whom I have ever worked, defined as most successful at delivering value, have always been strong leaders who command respect and high approval of their employees.

The reason for that is that a CEO cannot deliver value alone; the CEO depends on their organization, their employees, to delight customers, to innovate, to create and grow value. If the employees do not approve of the CEO, it is really hard to get them to deliver the value.

And, indeed, if you look at the list of top (or bottom) CEOs, they are not only reviled by their employees, but hated by their customers. AT&T Wireless? AT&T? Motorola? AOL? Verizon? Microsoft?

There is a direct line connecting inspired and motivated employees and happy customers, and a direct line from happy customers to revenues, profit and shareholder value.

Alienate your employees at your risk.

Clay Christensen is famous for his disruption theories. Lately, interestingly, he has been bringing examples of some large companies that have been successful at innovating and hence disrupting themselves.

One of the key point so this theory is why existing large players find it so difficult to innovate disruptively, and therefore give opportunity for tiny startups to overturn their markets. Essentially, it is in their DNA, and hence organization structure, projects, budgets and even comp plans, to protect their existing markets and squeeze more cash out of them.

Ironically, though, sometimes that very nature actually squeezes less cash out of existing markets while simultaneously opening the doors to disruptive players. It is one thing if an incumbent maximizes cash today at the expense of tomorrow; it is short sighted, but at least understandable. It is quite another when that same mentality minimizes cash today and tomorrow.

Today’s Wall Street Journal has a front page article on the rapidly escalating prices of ebooks. Most people expect that ebooks will cost less than printed copies. After all, the publishers (and retailers) are saving on physical printing costs, shipping, storage, and security. I do not know what the COGS are in the book business, but in the ebook business, they are essentially zero. An ebook that is a few MB in size does not even register as beyond a penny in Amazon or Barnes and Noble’s storage and bandwidth costs. Us customers expect that the cost savings will be passed on to them, at least in part. They are willing to give up in some of that in exchange for the convenience and easy replicability of the ebook, but not all of it.

The WSJ article explicitly states that ebooks sales will drop, or at least not rise as high as they would otherwise due to skyrocketing retail prices. Given that sales will drop, customers will be upset (optics), and thus they will hurt their own business short term while encouraging independent publishers, and perhaps Amazon and BN to become one themselves, why would they do such a self defeating move?

In the end, they are just captive to their existing mindset. They want to protect, preserve and defend their brand and margins, and so they raise prices. The fact that it will undermine, damage and attack not just their short term profits but their long term viability as a business, is something which they find very difficult to grasp.

I look forward to the disrupters.