Archive for December, 2007

User authentication in a world with no free will

Thursday, December 13th, 2007

I have a little background in user authentication. I wrote my undergrad CS honors thesis on Secrecy and Authentication. If you search Google hard enough you can even find mentions of the Seberry & Jones Scheme for implementing subliminal channels. I held a provisional patent with Sydney University on a biometric user authentication method based on typing style in 1985/6. The method turned out not to be original, has been re-invented multiple times since then, and was even somehow published as new years later in CACM.

I therefore feel eminently qualified to speculate on what user authentication might look like in a world with no free will.

Note that I don’t care whether free will exists or not, and I certainly don’t want to waste my time thinking or talking about it. But if it doesn’t exist, then the following user authentication algorithm does exist. We couldn’t implement it, but it would certainly exist and it’s fun to consider instead of doing real work.

When a computer needs to verify who you are, it tells you to move the mouse around randomly for as long as you like. Or to just bang on the keyboard. The kind of thing you do when you’re generating randomness for the construction of a PGP/GPG key.

But if there’s no free will then it’s not random.

So the algorithm can just look up what you did in a big table to see who you are. As two users could conceivably do the same thing, it probably needs a little more information, like the time of day and your IP address – neither of which you’d have any control over either.

That’s it. No need for anything fancy, just a lookup table. No-one would ever fail to be recognized, no-one would ever be mistaken for someone else, there’d be no identity theft, etc. Even if you just sat there and did nothing for a while the machine would know exactly who you were. You could always log in by just briefly doing nothing at all, and then continuing. The length of time you did nothing for would betray you.

All totally absurd, of course, and thinking about it quickly becomes highly circular. Just like the rest of the debate.

As you were.

Carrying a knife onto a plane

Thursday, December 13th, 2007


Tonight I carried a pocketknife with a 5cm blade onto a plane in Paris.

At the Le Web conference, the bag they handed out to attendees had a really nice pocketknife in it courtesy of Six Apart. It’s silver, very solid construction, with 11 blades including scissors, screwdriver, corkscrew, etc. It’s not a cheap knife. It’s totally different from any other conference giveaway I’ve ever seen, and I’ve seen a few.

It’s also a pretty odd thing to hand to a bunch of travelers who are in town for 2 days, many of whom will not be checking baggage on their flights. I imagine the bins at CDG will have a fair number of fancy knives in them tonight. But not mine.

I’m not a security threat on an airline. A pocketknife buried in my carry-on bag stashed in an overhead locker probably doesn’t make the flight less safe. You could argue it makes it safer, if you were inclined to argue about it. I’m reminded of a comment Ana made after 9/11. She said the pilot should have a button in the cockpit. In case of hijack the pilot pushes the button and a compartment containing a baseball bat slides open beside every (window seat) passenger.

I don’t agree that if someone gives me a present in Paris that I need to surrender it to the airport authorities because I might be a terrorist. I’m clearly not a terrorist, even if the airport security doesn’t know it. So I put the knife into my carry-on and went through security with no problem at all.

There are plenty of studies, done by people like the TSA, where they test security at airports. The results are invariable dismal, with the checkers missing something like 75% of the weapons and bomb-making materials going through security. If they can get away with it, then why can’t I? Plus I had a plausible excuse – that I had thrown my conference stuff into my bag without thinking. The knife was still in a cardboard box, obviously brand new. And I guess I half wanted to see what would happen if they did find it.

I also don’t bother taking out my toothpaste and deodorant and putting them in a plastic bag. That just seems stupid too and so I decided not to do it. It’s even more ridiculous when you realize that security are basically relying on people to do as they’re told, take out their liquids, put them in a plastic bag, etc. If you don’t, they don’t see it on the scanner. Or maybe they do see something (is a tube of toothpaste highly characteristic when seen in a scanner? I don’t know). What kind of security is that? All the complying regular people are highly inconvenienced, forced to throw things away, find plastic bags, buy tiny amounts of things, just so they can show security that they’re carrying a tube of toothpaste. And what do the terrorists do? If they wanted to commit a crime involving liquids of some form they’d probably just put it in a regular commercial tube of some kind and put that in a plastic bag. They’d breeze through security. The whole thing is designed to limit liquid quantity. Leaving your liquid in your carry-on is probably the best way to indicate you’re not a terrorist. If they do open your bag, which happens to me from time to time, you can say you made a mistake, weren’t thinking, were rushing to the airport, etc.

So there you go, I’m probably a terrorist and I just don’t know it yet. Rules are made to be broken, etc. Most especially if you know for a fact that they do not and should not apply to you. I know, I know, I’m probably reckless or even stupid to do this, and it probably doesn’t work to fight stupidity with stupidity, but… I don’t feel like doing what I’m told in this case. It’s like having a job with a stupid boss. Unbearable.

Conference panels – self-indulgent, elitist, and smug

Wednesday, December 12th, 2007

I’ve been to too many conferences recently. FOWA in London, Web 2.0 in Berlin, and tonight I got back from Le Web in Paris.

Among various other dislikes, one thing I particularly don’t enjoy are the panels. I find panels very self-indulgent. Some small number of panelists sit on stage and have a conversation with each other, while the rest of us are supposed to sit there passively and lap it up. Then at the very end, the panelists take a question or two from the audience. Sometimes the questions are incoherent or require a bit of elaboration, and often the result is that the panelists end up being rude and dismissive. Most questions go unanswered simply due to lack of time.

That doesn’t feel right. I always wish the time balance were changed. And I wish I didn’t get the overwhelming feeling that the panelists are basking in their own glory, too busy for the common conference goer. It’s a pity, because I and I suppose many others, are genuinely interested in the individuals on the panels. But the format doesn’t work at all for me.

I could say much more, but that would probably get too specific.

As I please: pizza margarita & 2 beers

Tuesday, December 11th, 2007

I’m in Paris for the Le Web conference. Tonight is the party, at La Scala, which looks like exactly the kind of place I hate. I never understand why people go to loud clubs.

So instead, I went out wandering and found a pizza place, ordered a margarita, drank a couple of Italian beers and took my time savoring more of Orwell. It’s such a pleasure, as with Gore Vidal essays or Proust, to read his thoughts on all manner of things. I’ve been taking my time, slowly working through the 4 volumes of Collected Essays, Journalism and Letters (that link is to volume 1).

Here’s the last piece I read tonight, the May 19, 1944 As I Please column. Maybe you wont find it extraordinary, but I do. It probably helps to have the context, to have read the previous volumes (I’m in the middle of vol. 3).

Random travel thoughts

Sunday, December 9th, 2007

Here are some random thoughts on air travel from my last few weeks.

US travel is much much easier than it used to be. In the years immediately post-9/11, it was such a hassle to go anywhere. Despite the fact that we still have to take off our shoes and put liquids into ridiculous transparent bags, it’s much less hassle than it was.

Ubiquitous free wifi is still a distant dream. It makes sense to offer it as it’s a differentiator, it’s a fairly cheap thing to provide, companies and advertisers can sponsor it, etc. If Samsung and others can set up recharging stations for laptops in many airports, can free wifi be far behind? As I already wrote, I’d choose an airline offering free wifi – even if their tickets are more expensive. Probably dumb, but true.

One on flight (US Air, I think) I pulled down my tray table to see a full-tray advertisement. Never seen that before. The ad was for Sony noise-canceling headphones.

In 2002/3/4 I was Gold on Delta. Even so, I never used their lounges. I still have the Gold membership card and I used it to check-in in Chicago. The woman didn’t look at it, but handed me a invitation to the Air France lounge. So I went in. There’s “free” everything (though not wifi): sandwiches, wine, beer, champagne, newspapers, coffee, etc. Lots of business types. Meanwhile on the other side of the wall the regular punters are sitting in discomfort surrounded by super expensive and bad quality crap food offerings. The frequent flyers board calmly straight from the lounge, first of course.

Esther, who has about 10 million miles with various airlines, told me that in Frankfurt she gets taken to an entirely separate Lufthansa building. From there the “senators” are driven to the plane in a Porsche.

I hate taking Air France through Paris. They’re always a risk – I’ve been hit by strikes about 3 times, had to stay overnight in Paris (far less attractive than it may sound when you’re bussed late at night, after waiting for hours to get things sorted, to the cheapest economy hotel as close to CDG as possible), they’ve lost my bags (temporarily) a few times, etc. BUT, the meal last night out of Chicago was really excellent.

Terminal 2F at CDG is full of ridiculously expensive stores. It’s nuts. I did once buy a watch in one of them, back when I was spending way too much time in airports and I had taken to buying cheap watches in them for some reason. The watch shop in terminal 2F has extremely expensive watches. There are dozens of models for around €3,000. I saw one for €9,950. How many of them would they sell a year? It couldn’t be too many. If you’re going to spend that much on a watch, would you just pick one up at CDG? Or do a little more work and get it elsewhere? I guess if you’re that rich it may not matter to you. And there are plenty of other insanely expensive stores there too, with Hermès scarves, Mont Blanc pens, etc. It feels somehow wrong – I mean economically wrong, as though much more money could be extracted from travelers if they weren’t all selling outrageously expensive stuff.

In the waiting area at CDG for the flight to Barcelona I sat next to an American family. The son was saying how the flight from Paris would go West to get to Barcelona. The father corrected him, saying it went South, and then corrected himself saying it was actually South-East. I guess that’s not too remarkable – I’ve probably been on many flights where I couldn’t have correctly given the direction accurately – but it did make me smile. The conclusion of the conversation had the whole family believing something wrong, just because the father figure had stated it categorically, and then made a correction to make his claim even more precise and authoritative. The act of refining his opinion seemed to the family to lend extra weight to his claim – it wasn’t just South, it was South-East – while simultaneously revealing to others that he didn’t really know.

It still takes bags half an hour to emerge in Barcelona. Vegas is about the same, perhaps with more of an excuse.

I had about a 5 hour delay going in to Vegas. We got in at about 2 in the morning. Outside with my bags there was a queue of about 1000 people waiting for taxis. No kidding. It went back and forth about 4 or 5 times out the front of the terminal, running the whole length of the building. But it was well organized and moved fast. Still, a bit daunting. It was raining but not too cold, and we were covered.

It was about -17C overnight in Chicago on Wednesday. I shoveled snow a few times, for the first time in a long long time. I used to do it for fun in Canada, and do my neighbor’s driveway as well, to their amazement.

The Van Galder bus service out of O’Hare is pretty good. Efficient, not crowded, reasonably priced, easy to find/use etc.

I hired a car from Fox rental cars in Oakland. $16/day for a PT Cruiser. Hard to beat. No GPS though. I’m going to rent a car with GPS next time I do something like that. I made about 5 driving trips with multiple Firefox tabs open on my laptop showing Google maps.

Well, enough for now. I’m very happy to be back in Barcelona. I could live here forever.

Free wifi, with blacklisted IP, in Vegas McCarran airport

Monday, December 3rd, 2007

I’m sitting next to about 70 poker machines at gate B15 at the Los Vegas McCarran airport. They have free wifi, which is great.

But the IP address I picked up (63.164.47.227) appears in about a dozen blacklists (check your IP address here, for example). As a result, the various mail relays I have access to are rejecting my outgoing email. So I have to resort to blogging.

Pushing back on the elevator pitch

Saturday, December 1st, 2007

I’ve been out talking to people about raising money for Fluidinfo.

Over the last 7 years I’ve read literally thousands of articles on talking to potential investors, pitching, raising money, angels, VCs, dilution, control, rounds, boards, strategies, valuations, burn rates, equity, etc. I’ve bought and read dozens of related books. I’m a regular reader of about a dozen VC blogs and the blogs of several entrepreneurs. I’ve swapped stories in person and learned lessons from probably a hundred other entrepreneurs. I was CTO of Eatoni Ergonomics, a startup that raised $5M in NYC, and I sat on the board for 4 years.

I like to analyze things, to sit around thinking, to generalize, to look for lessons, to find patterns, etc. So I reckon I have a fairly good idea of what creating a startup and raising money is about.

Some aspects of doing that are relatively formulaic. But others have significant variation.

For example, what should you put in a business plan? You can spend many months working on business plans. It’s hard work to write well and concisely. Then you show it to VC A and they tell you they’d also like to see X and Y and Z, that are not in your plan. So you put them in. You show it to VC B, and they tell you the plan is way too long! That you should take out P, Q, R and S. That leaves you with a wholly new-looking plan and when you show that to VC C, they’ll tell you it’s incoherent and doesn’t flow and look at you like you’re some kind of innocent child who doesn’t even know how to structure its thoughts. When you tell them you actually already know all that and that you agree, they’ll think you’re even weirder. And so it continues.

Thinking is changing on the business plan front, though. Some entrepreneurs and some investors have realized that creating or insisting on a business plan too early is probably a waste of time. Everyone knows the market numbers and the financial projections are probably rubbish. People expect the business and the plan to change, etc., etc.

When someone asks me for a business plan, I (politely) tell them I don’t have one or intend to write one. I tell them I’m looking for someone who wants to understand what I’m doing and fund it, without needing to see a formal written business plan. I suggest that if I reach the stage of looking for someone who wants the comfort of a better-thought-out plan that I will get back to them.

I think that’s a good change all round. You have to push back a little. A tiny engineering team focused on building a product probably shouldn’t stop, or be stopped, to write a business plan. I’m certainly not going to do that. I could spend that time writing code, working with people I’m paying to create more of a product, to get more online, to have more to point to, etc.

Elevator pitches

There’s definitely been a change with respect to business plans.

And now to the meat of this post, to a place where a similar change has yet to penetrate: the blind insistence on having an elevator pitch.

Almost universally, potential investors will want or expect an elevator pitch. Tons of VC sites will advise you that if you can’t describe your idea in a couple of sentences, it’s probably a non-starter. If you don’t have a compelling elevator pitch they wont talk to you, wont reply to email (even if you have been introduced), and they certainly wont read any materials.

Some even go so far as to tell you that without an elevator pitch you wont be able to communicate your ideas to your employees to motivate them! Uh, excuse me? Since when did the intelligent, driven, dig-in, curious, thoughtful, dedicated people who join startups acquire the attention span of gnats?

Listen. Some ideas can’t be summarized and/or grasped in a two-minute elevator ride. Sometimes you don’t even know yourself what the outcome will be. The history of science and innovation is full of examples. Imagine what the world would be like if, in order to get seed resources to push a new project along, all ideas had to be pre-vetted, each in 2 minutes, by a fairly general audience (I’m being polite again).

Entrepreneurs have to push back—where necessary—on the demand for an elevator pitch.

I’ve tried to put my round ideas into the square hole of an elevator pitch for long enough. I haven’t managed to do it and I don’t want to spend any more time trying.

Until tonight I’ve just been telling people I don’t have an elevator pitch, sorry. I’ve even told them (hi Nivi!) that instead of robotically insisting that I shape my ideas to their expectations that they try being more open minded about the process and try working on their expectations.

From now on, I’m going to give the following elevator pitch:

Here is a list of people. Each of them has had the curiousity, time, and patience to listen to my ideas for at least an hour. Ask them if I’m worth talking to further.

(See below for my list.)

If that’s not ok, then I agree that 1) if I reach the stage where I need to talk to people who really need an elevator pitch, and 2) you’re still interested, then I’ll try again to work on getting you what you need. Same goes for a business plan.

Up to this point I’ve tried to only talk to people who are willing to put the time in, to listen and think, to talk among themselves and draw their own conclusions. But I’ve still run into a bunch of people who wont do that. That’s ok, of course. I also know what it’s like to be busy.

Here’s my list. I’m very happy and very thankful to have recently spent at least an hour, sometimes much more, with each of the following:

Bradley Allen,
Art Bergman,
Jason Calacanis,
Dick Costolo,
Daniel Dennett.
Esther Dyson (now an investor),
Brady Forrest,
Eric Haseltine,
David Henkel-Wallace,
Jim Hollan,
Steve Hofmeyr,
Mark Jacobsen,
Vicente Lopez,
Roger Magoulas,
Jerry Michalski,
Nelson Minar,
Roger Moody,
Ted Nelson,
Tim O’Reilly,
Norm Packard,
Jennifer Pahlka,
Andrew Parker,
Scott Rafer,
Clay Shirky,
Reshma Sohoni,
Graham Spencer,
Stefan Tirtey,
Mark Tluszcz,
David Weinberger, and
Fred Wilson.

That’s my new elevator pitch.

If you buy it, let’s talk properly sometime soon. If you don’t, but you’re still curious, talk to some of those folks. Take your pick.

And if you don’t know any of those people, maybe you should be sending me your elevator pitch.