Anti-Spam? But some people like(d) email surprises

Back in January of 2001, some of my buddies and I did some serious thinking about spam, the obnoxious unsolicited email, not the canned luncheon meat (email spam is sometimes referred to as unsolicited commercial email or UCE). For several days we sat around a table in a room paneled with whiteboard in the basement of a house in a suburb of Philadelphia. Collectively we came up with some useful and enduring insights. With spam now accounting for up to 90 percent of all Internet email traffic and new, more malevolent variations appearing weekly, I thought it might be useful to revisit some of those insights in this post...

A Small Wonder: World's fastest autogyro

I recently came across a story that intrigued me and at the same time lifted my spirits. It concerns a small flying machine called Woodstock.

But first some background. I've been interested in aircraft at least as far back as my first transatlantic flight (in a Bristol Britannia operated by B.O.A.C. ). That was when my father was on his way to work for the Renfrew Aircraft company in Canada, where we lived for the year that I was six. When I was 10, he and I went on a church outing to Heathrow Airport (my folks belonged to a pretty cool church). We had a guided tour of the Boeing maintenance facilities (where I learned that each of the four engines on a Boeing 707 are held on by just three bolts).

My brother and I got my our first helicopter ride when I was 11 and he was 6. Many years later he completed his training for his helicopter license while staying with Chey and me in San Francisco.

Lavish G8 Menu: A hotch-potch of complacent inanity?

Gotta love those British journalists. They have such a knack for spotting irony. In the Times this morning the headline read "G8 leaders feast on 13 courses after discussing world food shortages." This was followed by a truly sickening menu of the exotic foods upon which the leaders of the world's richest and most powerful nations feasted while pondering a massive increase in world hunger.

And it's not like the Times smuggled the menu out--the summit organizers were actually bragging about it, proving, once again, that the people who currently rule the planet have no clue. I mean, either you eat the fancy food in secret or you make a big show of eating plain food, for a change.

Then the Guardian's economics editor Larry Elliott, writing under the headline "A G8 removed from the real world," ponders what action, if any, the G8 will take. Will they do something decisive, for a change? Warns Elliott, "It would be foolish to bank on it." After pointing out that the last summit was way off base, he concludes that we would be "far safer to expect a repeat of last year's hotch-potch of complacent inanity."

And really, the G8 would have done better to dine on "aged hotch-potch of complacent inanity," perhaps served with a side order of humble pie, instead of wolfing down things like corn-stuffed caviar and truffle soup or sea urchin 'pain surprise' style.

Coming Together Nicely: Google Maps, Streetview, and Trip Advisor

I need to find a hotel to stay at in New York on August 22 for the opening night of 'our' movie: Dare Not Walk Alone. So I go to Google Maps and check the address of the cinema (Pioneer Theater, 155 East 3rd Street between Avenues A and B). Then I use Street View to check out the neighborhood. Then I use the Find Nearby feature to look up hotels. This not only maps the nearby hotels but now shows me Trip Advisor listings for them.

Not sure when Google added this feature, but it's very handy. I've blogged about Trip Advisor before when I used it to find an affordable hotel for a working trip to London. I find it useful, although you have to filter the opinions of the reviewers (some people 'hate' or 'love' things too easily). But it is even more useful in combination with Street View because I can see what the hotel and environs look like in a candid photo, not the hotel brochure (at the very least this should reduce the disappointment factor when people arrive and find the place is less glamourous than the official photos suggest.

Erosion Threatening America: And it's not global warming

At the supermarket you try to buy fresh, natural produce. but you recently heard that more than 60% of the food on the shelves today likely contains GM ingredients (a recent survey said 80% of Americans want food labels to indicate the presence genetically modified ingredients but 99.9% of GM food it is not labeled as such).

In the meat aisle you look for some meat to grill at the weekend when friends come over to watch the game. You see some are Black Angus steaks on sale, but are vaguely aware that under USDA rules any beef meat can be labeled Black Angus if the animal has a "black hair coat". You just hope the steaks taste okay.

At the checkout you swipe your debit card and hope that there is not some malicious code in the store that is capturing your card details and shipping them offshore for use in fraud schemes (which was happening for a while at nearly 300 otherwise reputable grocery stores).

Come the weekend, you fire up the grill and settle in to watch the game, unaware that one of the teams has been illegally spying on its opponents for years. At half time a friend asks about an email he got from the IRS asking for bank account information so the agency could send his tax refund via direct deposit. You tell him the message is a scam and the IRS does not use email because it can't be trusted.

In fact, you have this growing feeling that there is too much that can't be trusted these days; surely this erosion of trust is not good for the country. As the second half of the game begins you find yourself surreptiously surfing the Web on your laptop, entering search strings like: trust economic payoff, trust erosion growth, and such like. You find a widely quoted paper from 1997 that showed trust having a significant impact on aggregate economic activity, specifically "the coefficient for Trust [...] indicates that a ten percentage point rise in that variable is associated with an increase in growth of four-fifths of a percentage point" (Knack and Keefer, 1997). You find another paper from 2000 that concludes "a ten-percentage point increase in the number of respondents revealing themselves as “generally trusting others” is associated with a rise of per capita income in purchasing power standards of three-fifths of a percentage point" (Van Puyenbroeck and Cherchye, 2000).

So, increasing trust within America by ten percent could actually provide a big boost to an otherwise sagging economy. Is that feasible? Consider the numbers in this IBM study. America's trust level is 36. The figure for the Netherlands is 55 and for Norway it's 65. The UK is at 44 and Ireland's at 47. In other words, if Americans had the same level of trust as the Irish, an annual GDP growth rate of 3% percent could be boosted to 3.8%. If we reached Dutch levels of trust, that 3% GDP figure could be 4.6%. And if we achieved Norway's trust level, we could hit 5.4%, a veritable powerhouse of growth, achieved not by raping the land and ruining the environment and hogging resources, but by engendering trust between individuals and institutions.

There Should Be Blood: Oil deserves better

I finally got round to watching There Will Be Blood and I was terribly disappointed. While Upton Sinclair's Oil! painted a subtle picture of human motives and morals set against a detailed picture of the oil industry, the story told in this film just didn't make sense, at least to me.

It's not that I was expecting a true-to-the-book movie, or even the same basic story as the novel--we are given fair warning that the book merely inspired the film; but what I did expect was a coherent tale full of insights into the oil business.

Instead we get this incredibly intense character, Daniel Plainview (Daniel Day-Lewis) driven by heaven-knows-what motives. We wait all movie to learn why he is so angry and bitter and violent. I never found out. It's like a Coen brothers' movie without the humor. Indeed, I would probably have been happier if the film had been introduced as a Coen brothers production set in the early years of the California oil boom and World War I (after all, they made O Brother Where Art Thou? about the Depression in Missippi).

What I don't understand is the need to hook the film to the novel. Elements are shared, like an oil developer with a son in tow and a quail hunt that finds oil and a charismatic preacher whose family sells its land to the oil man. But that's about where the similarities end.

The differences are even more telling. While we see some of the workings of the oil business in There Will Be Blood the film passes up a lot of opportunities to educate, which was part of Sinclair's genius. The difference between leasing land to drill and buying it outright was not made clear--something that a lot of people in today's gas-boom states like Pennsylvania and New York could stand to learn more about.

Also unaddressed were the conflicting emotions experienced by the boy, used by Sinclair to address the age-old conundrum of how well-intentioned acts can produce bad outcomes. Sinclair's oil man is seemingly well-intentioned. He was a simple shop-keeper whose wife left him. He happened into the oil business at 40, got lucky, and wanted to pass along his knowledge and wealth to his son. He is not cynical in his exploitation of resources and people, he believes he is doing the right thing and being fair. The film totally omits the unions, The War, Bolsheviks, and the rise of communism and this misses a great opportunity to highlight major parallels with the world today, and underline how easy it is for well-intentioned men who think they are fair to really screw up the world, politically, economically, and environmentally.

Child Porn: Why One Man's Innocence May Worry IT Managers

Computer security news out of Massachusetts this week could be a sign of big troubles to come for IT managers in enterprises, government agencies, and SMEs, in the U.S. and around the world. It's not a virus or worm or Trojan as such, although they may be involved. No, it's a case in which an innocent man lost his job and his reputation, and may now win a landmark suit against his former employer. Why? Because he was fired for having child pornography on his company laptop without adequate forensic evidence that he put it there.

The case of Michael Fiola could become a landmark of sorts, although some observers seem to have missed the point I'm going to make: Any employer considering taking action against an employee, based solely on what is 'found' on an employer-issued computer, must have solid forensic evidence to justify that action, and preferably be in a position to justify the action on additional, non-forensic grounds. Why? Because failure to do so could have serious consequences.

Legal Precedent, the CIO/CISO Remit, and Indian Affairs

Q. Have you spent much time at the U.S. government's Bureau of Indian Affairs web site lately?

A. No.

I didn't think so. Because, when you go to www.bia.gov it's not there. According to a recent news story that may be about to change, but don't hold your breathe. There hasn't been a web server at bia.gov for most of the past 7 years. Why? The short answer, which I consider to be highly instructive to Chief Information Officers and Chief Information Security Officers everywhere--inside the government and out--is this: "Because the judge just said No."

Allow me to elaborate. Back in 2001 a judge told the BIA to take its site off the Internet because it was not secure. And, in a judgment that strikes me as a brilliant application of commonsense, he added: "Don't put it back until it's secure."

How does a judge determine if a web site is secure? The same way that the Federal Trade Commission does: submit it to examination by an objective, independent third-party who is suitably qualified, such as a CISSP (Certified Information System Security Professional). And that's what the BIA did, in 2003, and again in 2004. Basically, the BIA kept reworking its systems to try and achieve a standard that I like to call "secure enough." That means the site can withstand all of the obvious, predictable and realistically feasible attacks.

And that pretty much sums up the real world standard used by site like Amazon.com and BankOfAmerica.com. For example, a site won't fail the "secure enough" standard just because it's encryption could be defeated by a brute force attack that would take $50 million super-computer to execute. A site will fail if it is found to be vulnerable to a known cross-site scripting attack or a SQL-injection hole that was patched six months ago.

Well now there is a Court Order permitting Internet reconnection for Indian Affairs and the agency is "on the path to full reconnection to the Internet." Note that this is not happening because the judge's security experts gave the site a clean bill of health. On the contrary, the United States District Court for the District of Columbia Circuit and agreed with the agency that the judge was out of line when he issued the Consent Order Regarding Information Technology Security that suspended the site back in December, 2001. So, the court gave permission for the "information technology systems of the Bureau of Indian Affairs (BIA), the Office of Hearing and Appeals (OHA), the Office of the Special Trustee for American Indians (OST), and the Office of Historical Trust Accounting (OHTA) to be reconnected to the Internet." It will be interesting to see how long that takes, and how secure the site proves to be, in a real 'real world' test.

In the meantime, companies might ponder how they would fare if all Web sites had to pass a security review before they were allowed to go live.

Anti-spam: A Stephen Cobb Podcast

A couple of months ago I recorded a 15 minute, interview-style podcast with Brian Kraemer of TechTarget on the subject of spam, then I promptly forgot about it. Well, today I remembered and figured I would embed it in a blog post.



For those who prefer a direct link to the original MP3 podcast file, all 14 megabytes of it, here it is: Cobb on Anti-spam.

I hope you find it useful listening. The target audience was mid-market CIOs (that is, Chief Information Officers at companies with 100-5000 employees or revenue up to $1 Billion). But I think it would be of interest to most SMEs (that is, small-to-medium sized enterprises). Finally, here's a link to the podcast on the TechTarget site.

Freelancers Unite! A way to get health insurance and a voice

If, like me, you've worked as a freelance writer (or coder, developer, editor, consultant, etc.), then you know the pain of trying to get affordable health insurance for yourself and your family, of trying to get paid on time, and generally trying to get the respect you deserve [to say "America runs on freelance labor" would not be an exaggeration].

Now there's an organization that is uniting freelancers to get action on some of these items, most notably health insurance. It's called the Freelancers Union and actually has been around since 1995 when Sara Horowitz, a former labor lawyer, founded Working Today. This was renamed Freelancers Union in 2003 to better reflect its expanded role, which includes lobbying on issues of concern to freelancers (the union received 501(c)4 status in 2007). The original focus was to serve freelancers in New York City but the group is now on a national membership drive. The timing could not be better, with a lot of people being laid off from salaried jobs and rates for individual health insurance is now higher than house payments in many states.

That's right, according to the Census Bureau, the median monthly housing cost was below $1,200 in 20 states in 2006 and $1,200 which the monthly premium we were paying for basic husband/wife BlueCross coverage, no dental, no optical, limited hospital benefits, with a large deductible and hefty copays; that was until we dropped our coverage because we couldn't afford it, which is not unusual for many baby boomers who are now in the health insurance 'dead zone' i.e. too young for Medicare but old enough to have acquired a few health problems and thus really hammered by rising premiums.)

Checking over the web site it appears that Freelancers Union's health insurance rates are about half those for individual plans. Definitely worth checking out if you freelance.