Atomic Energy

Finally. RIM’s management has stepped aside. After 20 years running Research in Motion, Ltd., from startup to superstar to falling star, Mike Lazaridis and Jim Balsillie have stepped aside as co-CEOs and handed the reins to Thorsten Heins, formerly RIM’s co-COO. Of course, Balsillie and Lazaridis will remain active Directors, so one wonders how much maneouvring room Heins will actually have, but it may not matter that much. Heins is set to stay the course, and believes in RIM’s strategy. Heins may not have much of a choice, as the (c0)COO from the current management team, he is likely to be personally (and emotionally) vested in the current strategy.

I am not wholly convinced that the company can be saved. It has lost the war for the platform, and the battle for the hearts of its users.

A colleague recently asked me for my opinion on RIM’s management shuffle. My response?

“The Costa Concordia has already hit the shoals and is taking on water, with or without a new captain. Work to constantly delight your customers *before* the rocks, not after the ship is going down.”

Rumour has it that RIM will be asking the Nasdaq to change their ticker symbol from RIMM to RIP…

So Zappos was breached. It happens every day, certainly far more often than we hear about in the news, and, I suspect, more often than is reported to the appropriate law enforcement agencies, primarily the FBI cyber crimes unit (whose exact name escapes me at the moment).

I have done a lot of work in the cyber security space, in financial and retail, internal corporate and external facing, including compliance with the card industry’s official standard for cyber security, the imaginatively-named PCI-DSS.

I do not know how Zappos has built their internal network. But I can reasonably infer that they did at least a decent job, based on the results of the breach. The most important point is that despite a serious breach, no credit card info was compromised. Not one single complete credit card number was exposed, no security codes (those printed codes on the front of an AmEx and back of all the others) was lost.

Cyber security, like physical security, is built in layers of defense. The goal is both to minimize the probability of breach and assume a breach will happen some time, and thus mitigate the damage. Clearly, Zappos did not store credit card data in the clear with general information, but separately, and, likely, encrypted. They did not store the security codes, as PCI-DSS bans it. This breach hurts, but the impact is more of an annoyance than a serious impact. Further, they properly implemented password changes. They don’t store your password, nor can they email it to you, but rather can enable you to change it.

Most importantly, though, they handled customer relations correctly. They came clean from the beginning, and thus risking public wrath instead won customer trust.

Kudos to Tony Hsieh and his team.

Today, in the Harvard Business Review blog, Anne Kreamer discussed the exciting new finding that reading books, general books, even (horror) fiction or literature, stimulates new pathways and is beneficial to your social interaction and, by extension, your usefulness to society and the economy. Thus, one no longer need to feel guilty about reading, whether John Keegan’s military history or Clayton Christensen’s Innovators Series, whether the Great Gatsby or Harry Potter.

While I have no doubt some of her “guilt” discussed was intended tongue in cheek – anyone who really enjoys sitting reading the Great Gatsby in the evening instead of watching television is, thankfully, not about to be too burdened by such guilt – there is nonetheless some implicit (or explicit) assumption of productivity requirement. The study “absolves” one of the “sin” of non-productiveness when reading by showing that even reading can be a socially productive activity.

I find this deeply troubling. Literature, history, fiction, business.. it matters not. Reading is good in the absolute sense. To really understand the meaning of good, listen to Bill Cosby’s classic “The Apple” (available on iTunes and Amazon).

I love business. I love productivity. I see value in every productive moment and could not live without it. If I were wealthy, retirement would be the farthest thing from my mind, as it is, quite simply, unproductive. Profit means excess value creation, and the improvement of the lot of mankind. But life is about life. Reading is good because it expands one’s mind and makes them a better, more educated and more creative person and member of society, and a more fulfilled and fulfilling human being. It need no justification, no dispensation from the priests of high business.

I had the privilege of attending Columbia University, with its excellent core, as an undergraduate. Over the entrance to Earl Hall the following is inscribed:

“Erected for the Students that Religion and Learning May Go Hand in Hand, and Character Grow with Knowledge.”

A year ago, I wrote a piece on the tension between HTML5 and Native Apps, especially as it was playing out on mobile devices. The original is here. I found it interesting how the world flocked to the Web to get off of native apps, yet in mobile had flocked to native apps.

At least partially, I think that people were actually flocking to the idea of the cloud, rather than the no-distribution (or “No Software” as Benioff of salesforce.com would call it), which appealed primarily to IT departments. Nonetheless, it is ironic that the creation of truly portable devices – iPhones, iPads, Androids – meant considering being really offline on a regular basis, as opposed to mostly connected on a desktop/laptop. html5, with its offline capabilities, is meant (in part) to resolve that tension by providing the ease of development and distribution of a Web app, with the offline capabilities of a native app.

Pascal-Emannuel Gobry, who has quoted my writings before, wrote an extensive interview piece that largely agrees with my assertion: html5 apps will eventually dominate and then replace native apps. He asserts that it will take longer, and that it will have different economics and dynamics than the closed-wall garden of current app stores.

I would find it very interesting to apply the models of Clayton Christensen @claychristensen to the html5 vs native app discussion, especially in light of Gobry’s description of native apps as very highly integrated (Christensen’s terms) vs open and modular (again, Christensen’s). Christensen’s model would imply that in the early stages, the integrated, controlled native app model is likely to dominate, but over time the modular html5 model will take over, eventually disrupting Apple’s and Google’s position at least in the app store.

An interesting possible continuation is that without locking to native apps, both iOS and Android become just platforms. Much as I like my iPhone and iPad, will html5 not only reduce their clout in the app store distribution model, but possibly lead to openings to disrupt the very platform itself?

Paul Vixie objected to a response on thehill.com (my response is on page 2 of the comments) to his (and other key Internet engineers’) objections to SOPA/PIPA on technical grounds, response by Paul is here. I agree wholeheartedly with Paul on the technical issues – not sure I would publicly try to disagree with Paul on the guts of DNS – but there is a more fundamental issue at stake, specifically the limits of government intrusion vs. freedom, and the limits of liability/culpability for unintended involvement in liable/criminal acts.

Here is my response as posted there:

@richard, @paul,

I think we miss an important point here. Richard, Paul knows far more about DNS and DNSSEC than almost anyone else on the planet, including you and me. He is correct – and I would trust him even if I didn’t understand him – that end-to-end security of DNSSEC is similar to that of https; if anyone in the middle changes an element or response, then the whole thing is invalid.

However, you both miss a key point. The issues with SOPA are not technical in nature, although, as @paul says, there are technical issues. If it were possible to do DNSSEC and the restrictions of SOPA/PIPA, the backlash would still exist.

The Internet-using population as a whole objects not to the mucking with the guts of the Internet as the attempt to create censorship. No one (at least no one mature) objects to anti-crime. There are already laws on the books that make it a crime to copy and distribute copyrighted material. If someone takes a copy of the last Harry Potter film, copies it and redistributes it without approval from the copyright holders (Warner Bros), then they can be charged with criminal activity under Section 5 http://www.copyright.gov/title17/92chap5.html

However, SOPA/PIPA does not even attempt to criminalize copyright infringement; that is already done. It attempts to criminalize any intermediary, knowing or otherwise, and give government and sometimes private individuals the power to shut down entirely those intermediaries.

If someone carries 500 copies of Harry Potter on his person, flies American Airlines into LAX, and is caught by Customs, he is held liable (as well as suppliers), not American Airlines nor LAX, and Expedia is not held liable for selling a ticket on AA, or Google from providing search results to Expedia. Yet SOPA/PIPA ask that the moment that happens, American Airlines can be shut down, as can LAX, Expedia and Google.

The only time AA or LAX should pay is if Warner Bros warns them in a timely fashion, and they don’t take reasonable action. We have a law like that for Internet copyright, it is called DMCA.

The issue is not the technical, it is the fundamental.

One of my favourite daily reads is Fred Wilson’s AVC at avc.com. I don’t always agree with him, but Fred has some great insights, raises interesting issues, and every one of his daily posts has 100+ comments. The community Fred has gathered around his writing is phenomenal. I think if he could find some way to monetize it, he could retire from the VC business, although I strongly suspect he enjoys it too much to do so.

In yesterday’s comments thread, John Revay posted a question about selection of technology for building a prototype. It was an important question, one that underlines how seemingly irrelevant early stage choices can have a huge long-term impact (or, in financial terms, the decision is highly leveraged). I felt it is worth repeating the question and my answer to it in full here.

And the response: