08 December 2010

Augmented Reality = the Cloud + Devices

Recently my good friend, Roy Kimbrell, wrote me about Google's latest Chrome announcement:
I was able to watch a few minutes of Google's live webcast of their announcement of their newest version of Chrome.  I am very impressed.  The biggest deal is the app store - apps that run in Chrome.  You may need to log-in to Google first (don't know, I use Gmail, so login is kinda automatic).  
During Google's presentation, they demo'd some of the apps.  Some are free, others are cheap.  The NPR app is free - and very nice.  Install it (just a few seconds) and click on the NPR app.  At the bottom you can click on the buttons to listen to the hourly news or their programs.

The Poppit game is fun - like popping bubble wrap, very addictive.

This is the future of the Web, I think.  This is Android and will be the netbooks when ChromOS is done - in beta now.
And another old fiend, Steve McIlree, responded
I was reading an announcement of Chrome 8 when it occurred to me to wonder if I had it yet. So I checked "About" and found I was using version 8.0.552.215. That's the way updates should be done. No muss, no fuss, no download notices, no restarting the app, no reboot; just, "Oh, I'm running the latest version"!

I have hopes that Apple and Google will basically become two flavors of this new world of augmented cloud computing.  (And maybe MSFT which is showing signs of life)  Eric Schmidt has said that where they disagree w/ Apple, is the idea of running any apps on the device.   Personally, I see a world where most of the apps run in the cloud, with device caching and stashing (optimistic pre-provisioning of data) available for speed and off-line usefullness.  However, in about 10 years, wide area wireless (WiMax et al) is going to be pretty assumable.  So net based apps are a very reasonable thing.  Running apps in the cloud in nice, comfy, powerful, secure servers makes everything a whole lot easier.  Plus then you can move from device to device and room to room or house to house and your context is maintained. I think this is what some people call "presence".

To the point of wireless everywhere, I am sitting in a condo in WinterPark.  The condo is nice, but old, and the lamers haven't put broadband everywhere.  This is unusual, since most people come equiped with WiFi devices to help them check out the weather, and the food, and maps and stuff.  Fortunately, my company had given me a Verizon modem that sticks in a USB port on my laptop.   It's pretty decent, up to 1 mb at times.  This device is actually obsolete.  For the serious road warriors, the company now just gives them Verizon hotspots.  These are little hockey puck like things that magically connect into the Verizon network and give up to four people WiFi access.  That means they work great with not only laptops but iPhones, iPods, IPads, Android phones, gameboys, Rokus - whatever.  Sprint/Clearwire offers the same thing w/ WiMax where availabe; Sprint 3G everywhere else.  I think Verizon is going to offer a similar hotspot next year.

Regarding the future, David Siegel's Pull is lots of fun to read about the future of pull data and cloud computing.  He has about a dozen interesting ideas per page.  It reads like science fiction.

And finally, I am reading Kevin Kelly's much hyped What Technology Wants  It is very good to read, especially if you are into evolution.  He has some Very Big Ideas that seem pretty well reasoned to me.  This book is sort of the next step beyond Kurzweil's The Singularity Is Near.  Kelley tackles head on the effect of humans on evolution, and the difference between information and biology.  He makes me feel a little more comfortable with the Brave New World.  I believe in the silicon future of evolution, but Kelly explains how and why we'll get there from a cultural point of view, rather than Kurzweil's mechanistic view.

In a recent interview, the famous sci-fi writer William Gibson says that their is no such thing as cyberspace anymore. 
"Cyberspace is colonising what we used to think of as the real world," he said. "I think that our grandchildren will probably regard the distinction we make between what we call the real world and what they think of as simply the world as the quaintest and most incomprehensible thing about us."
"The prefix cyber is going the way of the prefix electro," he said.
I think they used to call it augmented reality.   Well, boy, we are sure living in an augmented reality.

23 November 2010

Facebook IS Real ID

Psst! Wanna make a million billion dollars?

What if Facebook had slots for real world identitiers, like DMV name or bank name?  What if you built a Facebook app and a meatspace organization that would vet people, linking their Facebook ID to some real world ID?  You could charge them.  And you could offer insurance to relying parties through your Facebook app.

Vetting would have to be serious, because the fraudsters would be on to you like stink on manure.  But you could charge real money for this to recover your costs, because it would be for a significant period, like 5 years, and the better quality, the more value to the user.

Facebook themselves could offer support for self-asserted links to professional organizations, like IEEE or ASCAP or LinkedIn.  But it would take a real-world registration organization to vet the person with face-to-face meetings and breeder documents. (Check out this article in the Keesing Journal of Documents & Identity, by John Mercer, a U.S. State Department guru on documents.  He managed the development of the chip-enabled U.S. passport.  This article is just a terrific introduction to the topic of breeder documents, with lots of examples and concrete advice: Breeder Documents - the keys to identity.)

Before you rush out and start-up your new company, check out this free research from Gartner (the Burton Group) by Bob Blakley A Relationship Layer for the Web . . . and for Enterprises, Too. Bob is one of the savviest people in identity and this is a tour-de-force.  Read this and look for the term relationship service.  That would be you!

Have you ever thought about building a phony Facebook ID?  Besides being illegal, think about how really hard it is.  A fake home town, fake birthday, fake friends, fake pictures?  Each in and of themselves is not big proofing document, but taken together, they are a very compelling reality.  I am sure that there are people who can do it, but it is not easy.  It is not unreasonable to think about the person behind a Facebook as real.  What if that identity was reliably linked to other valuable identities, that have money and legacy and the law associated with them?

And this reality is what will make a Facebook ID so valuable in the future.  It is a true Real ID, way better than what the average state DMV can put together.

I heard Luke Shepard, a twenty-something Facebook engineer and evangelist talk at the 2010 Burton Catalyst conference.  Right there in front of God and everybody, he stressed that a real identity is the whole point of Facebook's design metaphor.

Nothing like basing an idea on reality to ensure long-term success.

(As an aside, if you did this for all personal data services, not just Facebook, it would get even more valuable.)

21 November 2010


This is a very pragmatic blog post, just to share what I’ve learned about e-readers.  It is not meant to be comprehensive, just useful.

There are four e-readers that I find interesting.  I use all four of them, partly to spread the wealth around, and partly because they each have a feature or two that I like.  I use them both on my PCs and on my iOS devices (iPhone, iPod Touch, iPhone).

Kindle - Amazon
Hardware: yes. Electronic paper. WiFi (and for fee GSM). USB
Software: PCs, Macs, iOS, Android, Blackberry
Software night reading mode: yes
Formats supported: Kindle, mobi,
Importing: only books downloaded from the Kindle store can be used w/ the software versions.  WIth the hardware version, importing is possible.

Nook - Barnes and Noble
Hardware: yes. Electronic paper. WiFi, USB
Software: PCs, Macs, iOS, Android
Software night reading mode: yes
Formats supported: Nook, ePub, PDB, PDF
Importing: only books downloaded from the Nook store can be used w/ the software versions. With the hardware version, importing is possible.

iBooks - Apple
Hardware: no.
Software: iOS
Software night reading mode: no
Formats supported: Apple, ePub, PDF
Importing: Book files can be dragged onto the Books section in iTunes and then synced w/ the device.

Stanza - Lexcycle (a division of Amazon)
Hardware: no.
Software: PC, Macs, iOS
Software night reading mode: yes
Formats supported: ePub, eReader. The PC and Mac versions can handle almost any format.
Importing: Many ways to import books.  This is in fact one of the big draws for Stanza

Some comments:

Electronic paper:
This is a display technology that is different that the LCD screens on laptops and phones. It only works in black and white, but has two terrific properties:
- It does not require back-lighting.  It works very much like ink on paper.  Thus it is very readable in direct sunlight but must be illuminated to be read in the dark.  LCDs are the opposite: very hard to read in sunlight, easy to read in the dark.
- It only requires power when changing the display to a new page.  Thus the battery life on the Kindle and the Nook is exceptional - days and weeks.

Acquiring eBooks:
All the eReaders have online download stores.  Kindle, Nook, and iBooks are nearly equivalent in their for-sale offerings.  I try to spread the business around.  Stanza has some for-sale offerings.  All have some free offerings, but Stanza is great way to read the free books on the Internet.  All the for-sale stores keep a record of your purchases and you can download them for like.  However, it is probably prudent to save the email confirmations of your purchases.

19 November 2010

The thoughtful Right comes back from the dead

http://tootallsid.blogspot.com/2010/05/liberal-and-conservative.htmlA year or so ago I just despaired at the "conservative" movement in the U.S.  It just seemed to be fatcats and idiots, with no smart, practical people.  After all, McCain picked Palin as as his Veep candidate, which thankfully handed the election to Obama.

But now I read David Brooks, Ross Douhat, and Reihan Salam (the last two are authors of  Grand New Party) and they are just full of energy and ideas, with links to other smart conservatives.  They actually respectfully consider the ideas of the liberals, attacking the idea and not the person, and with reason and not sarcasm.  Heck, sometimes they even agree with the liberals!!

I wish I knew what happened.  Maybe the nuts and dysfunctional fatcats scared them straight.

Btw, I just finished Robert Reich's Aftershock and really liked it.  I learned a lot.  His framing of the problem seemed clear and easy to test for soundness.  And, like his conservative brethren, he is polite and respectful.

There's hope!

26 August 2010

Cryptography (of PCI data) is Hard

I use to work in card payments and worked with the crypto, even participated in ASC X9F6.  One of the things that I thought about for over 6 years was how to encrypt the card number (personal account number - PAN).  Sixteen decimal digits - 31 bits of entropy max.  There are only a few initial numbers - 4 for Visa, 5 for Mastercard, etc - plus the cards for a given financial institution are all going to start w/ the same Bank ID Number (BIN).   The hard problem comes if you are using the PAN for the primary key in a database.  If not, you can usually find some other data to XOR it with.  But that data must not be predictable.

However, the ogre of PCI DSS compliance has driven everybody to smear a little soothing encryption on their pain.  The result is some crummy, non-X9F6 approved, encryption schemes.  The lid got ripped off that last week in Storefront Backtalk by Evan Schuman.  Everybody in retail and payment cards subscribes to and reads Storefront Backtalk.   So it really ruffled some feathers:


As an aside, we solved the PAN encryption as primary key problem by generating a random salt every time we generated a working storage encryption key.  We would encrypt them both w/ the KEK.  Then we'd XOR the salt with the PAN before encrypting or after decrypting it.  This effectively doubled the key strength.  The working storage encryption key was rotated at least annually.  The only hard part is that you can't take the system offline to rotate the keys, but we handled that by retrying w/ the old key for a record not found condition, assuming that the key rotation window was of short duration.

Meanwhile, the cryptographers have been developing format preserving encryption (FPE), led by Voltage.  If you haven't seen this, here is link to a paper about Voltage's FFX: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffx/ffx-spec.pdf   This is off the proposed modes page: http://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html

The PCI have been very nervous about this use of crypto, but since every Tom, Dick and Harriet in the point-of-sale business has been jumping on it, it is hard to stop.  Heartland Payment Systems has been beating the drum for this every time their CEO, Bob Carr, gets a chance to talk for the last two years.  X9F1, the cryptographer part of ASC X9F, has been glacially thinking about it, as has NIST CRSC, with no yea or nay yet.

Regardless of whether FPE is sound or not, encrypting the whole transaction without XORing it with unpredictable data is madness.  We'll have to see how this plays out.  After the RBS Worldpay breach a couple of years ago, where the crooks got malware on the payment system, sniffed the traffic to the hardware security module and built a dictionary attack against the PINs, it is clear that the bad guys have some decent cryptographers and cryptographic engineers in their midst.

23 August 2010

The Eternal Tao: Push vs. Pull

The Tao is the concept of opposites, articulated historically by Laozi (the Lao Tzu of my youth).   The two opposites are referred to as yin and yang.

I am a Taoist in that I can see large patterns driven by opposites that seem diametrically opposed, and seem to always manifest, one with the other.

Right now on the Internet, another major paradigm shift appears to be happening in a shift from push to pull.  In this model, push is moving information to where the application is that wants to use it, whereas pull is the application going to get information when it needs it.

Pull is enabled by cheap, fast, global communications, and standard ways to represent metadata - the data about data. (Ouch!  It always makes my head hurt a little bit to say things like that, but it's true.)  I am reading Pull: The Power of the Semantic Web to Transform Your Business by David Siegel.  This a terrific book, best I've read in awhile, and when I am done, I will be writing a review in this blog.  Pull and metadata are the whole topic of Siegel's book.

Yin and yang seem to lob reality back and forth between them like a cosmic tennis game.   It has been compared to a pendulum, but I think of it more as a spiral - the classic Hegelian dialectic: thesis, antithesis, and then synthesis.   The two opposites usually seem to be tied to some third concept, at right angles to both, and that is what produces the spiral.

There is an old saying about remote operations, attributed to Don Box.  If the cost of local function call is 1, then the cost of a call that crosses local process boundaries is 1,000 and the cost to cross machine boundaries is 1,000,000.  A big part of this is because every communication transaction has two costs: channel seizure and then data transfer.  For short transactions, the channel seizure cost tends to be dominant.  That's why we open a file once and then read/write from it many times or open a TCP/IP connection, set up the SSL, and then use it for awhile.  When you cross process boundaries, it takes a major context switch.  When you cross machine boundaries, it requires remoting, using stubs and ties at many levels.

Caching can go a long way to hide this cost.  That is why modern computing systems use lots pools of pre-built, expensive objects, such as connections to files, databases, and remote machines, and keep pools of recently retrieved data from remote processes and machines.  The hard problem here is cache-coherency, which means keeping the local copy in the cache in sync with changes to real data.  Fortunately lots of work has been done on this, so we have a lot of tools in our toolbox.  A meatspace example of the caching problem might be as simple as finding out that a relation has a new child that you didn't know about, or as complex as figuring which is the final last will & testament of a deceased person.

Still, cheap, fast, global communications, and standard ways to represent metadata are all reducing the channel seizure cost to go get the data when you need it.  Thus new application features are becoming possible and the Internet is becoming a more lively, integrated environment.  I find it really exciting and fun!

16 July 2010

Email Account Takeover

It just happened to another one of my friends: suddenly everybody in their address book is telling them that they got some serious spam, intent on fraud.   Apparently, someone got into their email account, stole their address book, and mailed spam to everyone in it.

It happens all the time.  It happened to Sarah Palin and it happened to me last month.  It is very embarrassing.  It was quite a shock to have a ton of people in my address book writing me back with "Hey!  What's this?!"  and me, a security guy!

The usual reason is that either somebody got your password or they answered the security questions for "I forgot my password."

Because we tend to use the same user ID and password at many sites, a breach at one site becomes a breach at all the rest.  When you enroll at a site for moms or quilters or whatever, you have no guarantee that they store the passwords correctly (as a one-way hash, with a unique salt per password), or that they manage their personnel or operational security at all, so that some dope-crazed disgruntled admin can't steal all the data.

What to do if it happens to you:
  • You should change your password and the "I forgot my password" security questions on the account.   This will stop it.  
  • You should use a password that you don't use anywhere else, or only at very trusted sites.  I use three passwords: one for my ultra-high security accounts, like my bank and brokerage; one for my pretty secure accounts, like my email and Amazon; and one that I use everywhere else.  A good password has mixed case and numbers.  Two small words concatenated with a number or two is good.  
  • Pick security questions that can't be figured out from Facebook.  Don't use mother's maiden name, city of birth, or high school.  If you have to use one of those, type some wrong answer in there, but you better write that down, because you'll never remember it. 
  • Yes, it is okay to write passwords and stuff down. What, somebody is going to break into your house or hold you up at gunpoint to get your password list?!

I work for a company, Ping Identity, that is part of an industry that is trying to do away with passwords.  It can't happen soon enough!  The Internet has made our lives better in so many ways, but our security and privacy is just getting worse and worse.  We can do better.

07 June 2010

Old, meet New: PCITF - the Payment Card System as Trust Framework

Contrary to what the proponents of "unfettered capitalism" say, business requires rules, regulations, and laws.  Alan Greenspan, for example, points out that at a minimum, all capitalism requires the concept of private property, embodied in law.
To build a public identity system that is also a business, requires a framework, too. In March, 2010, at RSA Conference 2010, a basis for frameworks, the Open Identity Exchange was announced:
"Industry leaders Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton today announced the formation of the Open Identity Exchange (OIX), a non-profit organization dedicated to building trust in the exchange of online identity credentials across public and private sectors. OIX also received initial grants from the OpenID Foundation (OIDF) and Information Card Foundation (ICF) to advance assurance for open identity technologies."

The key concept of the OIX is the trust framework.  In the words of OIX, "In digital identity systems, a trust framework is a certification program that enables a party who accepts a digital identity credential (called the relying party) to trust the identity, security, and privacy policies of the party who issues the credential (called the identity service provider) and vice versa."
The payment card industry, PCI, has just such a trust framework, their operating rules, that map perfectly into the OIX trust framework concept.  Since the PCI (Visa, MasterCard, American Express, Discover, JCB) is one of the most financially successful systems in the world, this validates the value of the OIX trust framework idea.

At IIW 10, I gave hosted a session on this.  I put the slides on slideshare.net.   They include some background on the payment card system in case you are new to it and I included a few slides on the EMV smartcard.  EMV is important because it provides a tamper-resistant security module in the smartcard that holds secrets.  EMV could be the basis for strong authentication that will help us finally build trustworthy identities on the Internet.

03 June 2010

I Always Wondered...

I have no idea if any of these are true, but they sound believable!
        1.  Q: Why are many coin banks shaped like pigs?
        A: Long ago, dishes and cookware in   Europe were made of a dense
orange clay called 'pygg'. When people saved coins in jars made of this
clay, the jars became known as 'pygg banks.' When an English potter
misunderstood the word, he made a bank that resembled a pig. And it
caught on.
        2.  Q: Did you ever wonder why dimes, quarters and half dollars
have notches, while pennies and nickels do not?
        A: The US Mint began putting notches on the edges of coins
containing gold and silver to discourage holders from shaving off small
quantities of the precious metals.  Dimes, quarters and half dollars are
notched because they used to contain silver. Pennies and nickels aren't
notched because the metals they contain are not valuable enough to
        3.  Q: Why do men's clothes have buttons on the right while
women's clothes have buttons on the left?
        A: When buttons were invented, they were very expensive and worn
Primarily by the rich. Because wealthy women were dressed by maids,
dressmakers put the buttons on the maid's right! Since most people are
right-handed, it is easier to push buttons on the right through holes on
the left.  And that's where women's buttons have remained since.
        4.  Q. Why do X's at the end of a letter signify kisses?
        A: In the Middle Ages, when many people were unable to read or
write, documents were often signed using an X. Kissing the X represented
an oath to fulfill obligations specified in the document. The X and the
kiss eventually became synonymous.
        5.  Q: Why is shifting responsibility to someone else called
'passing the buck'?
        A: In card games, it was once customary to pass an item, called
a buck, from player to player to indicate whose turn it was to deal. If
a player did not wish to assume the responsibility, he would 'pass the
buck' to the next player.
        6.  Q: Why do people clink their glasses before drinking a
        A: It used to be common for someone to try to kill an enemy by
offering him a poisoned drink. To prove to a guest that a drink was
safe, it became customary for a guest to pour a small amount of his
drink into the glass of the host. Both men would drink it
simultaneously. When a guest trusted his host, he would then just
        touch or clink the host's glass with his own.
        7.  Q: Why are people in the public eye said to be 'in the
        A: Invented in 1825, limelight was used in lighthouses and stage
lighting by burning a cylinder of lime which produced a brilliant light.
In the theatre, performers on stage 'in the limelight' were seen by the
audience to be the center of attention.
        8.  Q: Why do ships and aircraft in trouble use 'mayday' as
their call for help?
        A: This comes from the French word m'aidez - meaning 'help me' -
and is pronounced 'mayday.'
        9.  Q: Why is someone who is feeling great 'on cloud nine'?
        A: Types of clouds are numbered according to the altitudes they
attain, with nine being the highest cloud. If someone is said to be on
cloud nine, that person is floating well above worldly cares.
        10.  Q: Why are zero scores in tennis called 'love'?
        A: In   France , where tennis first became popular, a big, round
zero on the scoreboard looked like an egg and was called  'l'oeuf,'
which is French for 'egg.'  When tennis was introduced in the US ,
Americans pronounced it   'love.'
        11.  Q: In golf, where did the term 'Caddie' come from?
        A. When Mary, later Queen of Scots, went to France as a young
girl (for education & survival), Louis, King of France, learned that she
loved the Scot game 'golf.' So he had the first golf course outside of
Scotland built for her enjoyment. To make sure she was properly
chaperoned (and guarded) while she played, Louis hired cadets from a
military school to accompany her. Mary liked this a lot and when she
returned to Scotland (not a very good idea in the long run), she took
the practice with her.  In French, the word cadet is pronounced 'ca-day'
and the Scots changed it into 'caddie.'

01 June 2010

Cognitive Surplus

Wired Magazine has a killer interview with Daniel Pink and Clay Shirky.  Clay is one of my heros, and after reading this, I think I need to learn more about Mr. Pink.

Clay has been talking for awhile about where we all find the time to do stuff on the Internet: we don't watch as much TV. Americans watch on the average 200 billion hours of TV a year.  Yeah, take a minute and just think about that number.  Remember, a normal 9 to 5 job is about 2000 hours a year, so that is about 400 million 9 to 5 jobs per year - about the population of the U.S. if you include every man, woman and child.  Yeah, just think about it.

Clay has coind the term, cognitive surplus.  Great phrase.

Check out the interview.  It is short, has very high signal to noise ratio, and has some great quotes.  Plus you find out what both their favorite Gilligan Island episode was. (It was mine, too.)  Cognitive Surplus: The Great Spare-Time Revolution

There's hope, friends.  Carpe diem!  Moving from consumption to sustainability.

25 May 2010

When Quality, Security Count

I recently collaborated with Jon Erickson at Dr. Dobbs Journal ("Running light, without over byte!") on an article about static source code analyzers.   At my previous job at ACI Worldwide, I had inaugurated the use of one of these, Klocwork Insight, although we looked at four others.  If you happen to be interested in this topic, you can find it here.

11 May 2010

An Iconic Relationship

He friends her, she IMs him, he emails, they tweet, he texts, they iChat, she calls, they reach altered states with designer cocktails, have sport sex, and never see each other again.


10 May 2010

Observations of the new world - part 1

My brain is of course being massively altered right now.  Being paid to try to make sense out of social media is Ken Kesey being paid to test out psychedelics.

Blog: TooTallSid  Twitter: @TooTallSid  Facebook: Sid Sidner  LinkedIn: Sid Sidner

Above you see my four outlets.

I am starting to get rocking on Twitter.  I use the program Tweetdeck and really like it. It has PC and iPxxxx versions.  You can fire up the PC version in the background in the morning and check it every now and then.  It supports the idea of columns, which is a terrific idea.  I have learned most of what I know about Twitter in the last two weeks from Tweetdeck.

My personal blog is just a great place to capture once, ideas like this.  Then I can send a blog link by email, Twitter, Facebook status or message, or handwritten on a note for use with a carrier pigeon.

Facebook is for personal stuff.  Statuses, musings, comments, photos - just fun.  No business, although I plan to turn Ping Identity's corporate page into a way to share the human side of PingIdentians.  I am careful about two things w/ Facebook, however. (1) I don't post anything that could be used for identity theft, such as to calculate my birthday or out-of-wallet info like mother's maiden name, and (2) I avoid religion, sex, politics, and death, since those are always bound to offend somebody that I know and like, or don't know and want to like.

I haven't started in on LinkedIn, except to make sure that my shoes are shined and hair parted on it.  LinkedIn is my professional image and it needs to be crisp as a new $100 bill.

Well, back to watching the nurse w/ the clipboard, who just doesn't understand what is happening inside my head...

Like Velcro for Negative Experiences and Teflon for Positive Ones

[From quotationoftheday_request@yahoo.ca]

Quotation of the Day for May 10, 2010

"That same circuitry is active in your brain today in the amygdala, hippocampus, and related structures. It's hard-wired to scan for the bad, and when it inevitably finds negative things, they're both stored immediately plus made available for rapid recall. In contrast, positive experiences (short of million dollar moments) are usually registered through standard memory systems, and thus need to be held in conscious awareness 10 to 20 seconds for them to really sink in.

"In sum, your brain is like velcro for negative experiences and teflon for positive ones."

- Rick Hanson, psychologist, and Rick Mendius, neurologist, writing in the journal Inquiring Mind.


Submitted by: Lynn Kisilenko
April 30, 2010

07 May 2010

Liberal AND Conservative

I think the current polarization of the American electorate is just a false dichotomy.   I have many friends who vote way different than me, but we still can agree on basics.  Who is NOT for family values, for instance?  Nobody.  Who wants the U.S. to keep getting deeper and deeper in debt.  Nobody.  I would call myself a liberal Democrat, but I am a big fan of Christy Todd Whitman, Olymipa Snowe, and the Govenator.

Ross Douthat and Reihan Salam have put together a book that irritates conservatives and liberals alike.   But it is just packed with great ideas.  The first half of the book is an analysis of 20th century politics starting with the New Deal and continuing through 2006.  I found it very believable and illuminating.  Their central contention is the working class in America are the real drivers of politics.  As the political parties embrace the needs of the working class, they succeed.  As they turn away, they fail.  Former Minnesota Governor, Tim Pawlenty, coined the term "Sam's Club Voters" for this bloc.

The second half of the book are the two authors ideas about how the Republican Party can regain the trust and votes of the Sam's Club voters.   I don't accept all their ideas, but here's the deal: if I don't, what would I put in their place?  This is the whole point of reasoned, civil discourse among people.  If you disagree with someone, you have to articulate a better idea and be willing to defend it, without resorting to demagoguery (e.g not Rush Limbaugh, not Keith Obermann).

Besides a lot of very thought provoking ideas, this book is also crammed with names and sources to go look up.  If you are a political junky, you have a wealth of material here.  I think this book could easily form the basis of a one or two semester course.

I plan to read this several more times.  It is the best set of ideas about the future that I've seen in a long time.

How To Communicate on the Internet: Inbound Marketing

Blogging? Twitter? Facebook? LinkedIn? Search Engine Optimization? Social media? If you're just a little confused or overwhelmed by these concepts, I highly recommend Inbound Marketing by Brian Halligan and Darmesh Shah.  This little book is easy to read and gives you a step by step introduction to how to participate in the Web and find your Voice.

Inbound marketing contrasts with outbound marketing because it is based on pull rather than push.  People find you by word of mouth, or the digital equivalent, hyperlinks.   The Web is becoming a vast social network, where value and reputation are king.  This book is not just about marketing in the conventional sense.  It is about the marketplace of ideas, whether it is commercial, non-profit, or personal.

Each chapter of Inbound Marketing ends with a checklist of actions discussed in the chapter with lines to add your own action items.  As I read the book, the ends of the chapters ended up filled with my ideas, scrawled in the margins and all the free space.

They use the Grateful Dead as a use case, so how could I not like this book?!

The authors have a Web site, hubspot.com, which goes into even more depth.  If you want, they can host your company's Web site.

05 May 2010

Why did I join Ping Identity?

In April I accepted the position of Community Evangelist with PingIdentity.


Internet-scale identity:  This is a smoldering passion of mine.  Two friends at my previous employer, ACI Worldwide, got me thinking about it in 2002.  The more I thought about it, I began to realize that this was one of the great unsolved problems in the world.  In my work with payment cards, online banking, and e- & m-commerce at ACI, I kept always thinking and reading about identity.  When Kim Cameron invented information cards, I really got bitten by the bug. Claims based, user-centric identity feels right.

Ping Identity: I started following the posts of Ashish Jain (then at PingIdentity, now at PayPal).   I tracked down Ashish's email address and started a dialog with him about identity and payments.  He said he was going to be in the PingIdentity booth at the next RSA conference if I wanted to drop by.  I finally met Ashish face to face and he introduced me to Andre Durand, the CEO of PingIdentity.  We started talking; I ranted about my interest in the intersection of payments and Internet-scale identity;  and Andre's eyes lit up and we were on the road to becoming friends.   Ashish also introduced me to Patrick Harding and Pam Dingle, two more members of the PingIdentity braintrust.  One thing led to another and ACI and PingIdentity ended up doing a joint demo and presentation about using  Information Cards to pay at a merchant, using the 3DSecure protocols in the payment card network to authorize the payment.   Next, through PingIdentity, and especially through the great parties they host, I got to know many of the movers and shakers in identity.  Clearly, PingIdentity is at the center of digital identity.

Why now?  I had been at my old job for 11 years, the longest I've been anywhere in my career.  I just turned 60 in February and was wondering what the next 30 years would hold.  And I had just gotten an email from a Marty Halpin at PingIdentity saying that he was looking for a Community Evangelist and that I was part of the group of PingIdentity's friends that might know of someone.  So I walked into the PingIdentity party at RSA Conference 2010 at the Mars Bar and encountered Andre and Patrick.  I asked them if they thought I'd be fit for Marty's job opening.  Andre exclaimed that he thought that it would be perfect fit for my personality and Patrick agreed.   The next day I got in touch with Marty.  We quickly concluded that me as the Community Evangelist at PingIdentity would be good for me and good for PingIdentity.

What is a CommunityEvangelist?  Marty Halpin is a genius when it comes to operations and customers.  As PingIdentity grows, he knows that we will constantly need to knit our various communities together: our customers, our friends and prospects, and our employees.  PingIdentity is focused on the human side of the future - that's why we care so much about identity, and security, and privacy, and trust.  And as a company, PingIdentity believes that people come first.  We want to harness the strength of our communities as we grow and navigate the future.  And I'm the guy to pull it all together for Marty and PingIdentity.

Passion:   After just a short time, I know I made the right decision.  I can feel the creative juices starting to flow.  I have much to assimilate and master, but as I learn about PingIdentity, their communities, and how to use the Internet social media, ideas are beginning to pour out like a fountain.  I am starting to see a vision, hazy for now, but it is leading me on.

I can't believe that I am getting paid to do this!  :O)