Saturday, October 30, 2010

Fire, Sheep, and Fox

About a week ago, a new tool was released to the internet, called Firesheep.  To me, there's just something funny about the name.  Sheep are inherently cool, and fire implies something serious.  The juxtaposition is funny.

But the implications are serious. Firesheep allows a user to EASILY sniff traffic over an open WiFi network, and steal cookies -- basically, your login authentication for Facebook, Google, Amazon, Flickr, CNET, the New York Times, Twitter, yahoo, and a ton of other websites that don't use secure protocols like https or SSL.  A well-written demonstration of using this can be found here -- just plop yourself down at the nearest Starbucks and send polite warning messages to the 20+ Facebook and Amazon accounts you can access. Watch their response.

There's a big reason I put EASILY in the above paragraph in CAPITAL LETTERS.  Other tools for doing this (known as sidejacking) have been around for years (it was first demo'd at a BlackHat presentation in August of 2007), but none have never been as user-friendly and intuitive as Firesheep.  This is a plug-in for Firefox (hence the "fire" in firesheep), and someone's account can be accessed within about 10 seconds and a double mouse click.  It's that simple.  To quote an oft-used Apple idiom, It Just Works.

Many tech folks are dismissing this as yet another tool to exploit something we've already known.  And maybe they're right.  But I believe they're underestimating the value of making things user friendly.  The gold standard of this is Apple:

  • They were not the first to invent the Personal Computer -- the window-based interface just made it easy to use.
  • They were certainly not the first to invent the mp3 player -- they just made it easy to use, in a cool form factor.  
  • They were not the first to invent the smart phone -- they just made it easy to use.

See a trend here?  I think Firesheep could develop the same way.  And although it may not appeal to everyday, innocent users of The Internets like you and me, I bet it has an incredibly strong appeal to pimply-faced technologically inclined teenagers.  And all it takes is some enterprising youth to camp out in a Beverly Hills Starbucks and wait for an unsuspecting celebrity to log in.  Instant tabloid news story, similar to the episode when Paris Hilton's smartphone got hacked over Bluetooth.

In a worst-case scenario, this would spook 95% of Facebook users, who run screaming from the site and dump their accounts before Facebook implements a solution.  Panics have happened on Wall Street many times; we're probably due for one on the Internet soon, too.

How to protect yourself against this?

  • There's already a counter program out there called FireShepherd, but it's kind of brute-force and not very user friendly.  Or network friendly.  But it's better than nothin'.
  • Make sure your gmail is set to always use https.

Just be aware of what's out there.  There's a whole lot of Not Privacy on the internet.

Saturday, October 23, 2010

When your only tool's a hammer ...

... all the world looks like a nail.

The above quote is attributed to Abraham Maslow, and it rings true time and time again.  In this particular case, I think it applies to The Federal Reserve.

News flash for those who have been living under a rock: housing prices have NOT been rising indefinitely (as many investment products were designed to take advantage of), and when this pyramid scheme began to unravel (I love mixed metaphors), a ton of things happened very rapidly.  Credit markets dried up; countless business plans that were based on aggressive growth failed; countless more projects dried up or did not get funded in the first place, and unemployment shot up above 10%.  The Fed pulled the biggest lever it could, and dropped its lending interest rates like a rock:


Look again.  The interest rate has been almost ZERO since January 2009.  Twenty months and counting.  Historically, it's usually around 5%, but was as high as 20% in March 1980.  Banks and other major financial institutions can borrow money for free.

This is a slightly indirect way of pumping money into the economy.  Allowing borrowers (big banks, in this case) to borrow money on the cheap is an attempt to loosen things up a bit in the financial markets, and hopefully stimulate new projects, new industries, and new jobs.

But it just hasn't been enough.  And here's the point of this post: the Fed is considering new ways of pumping more money into the economy.  They've got their hammer, and they're lookin' for nails.

What has been the result of the absurdly low interest rate over the past 20 months?

  1. It has probably stemmed the loss of jobs in this country.  Sorry, I don't have a definitely source to cite for that; it's just my opinion.
  2. It has not turned the economy around.  (See current unemployment rate.)
  3. Large companies, given the opportunity to borrow large amounts of money basically for free, have been investing in themselves and buying back their own stock.

Let me underscore that "buying back their own stock" point: there has been $258 billion dollars in stock buyback this year, compared to $52 billion at this time last year.  And they're getting the money to do it from Uncle Sam.

Imagine the corporate boardroom discussions, happening all around the US:

Chief Financial Officer: "Hey, we can get a loan from XYZ financial institution for $2 billion at 0.1% interest per year.  That's the lowest cost of money, ever."
Chief Executive Officer: "Sounds like a good deal.  I want each of my division leaders to examine what they could do with an extra $500 million this year."


Chief Financial Officer: "Boss, all of the divisions say they can start some projects, but can only estimate a return of 3-4% in the next year on our investment."
Chief Executive Officer: "What??!?  3-4% return on investment?  That's a miserable deal for our stockholders!  I expect our stock price alone will go up 10% this year!  Why would I invest in R&D at a 3-4% return when I can invest it in myself and make at least 10%?  The stockholders will be happier, too."

Hopefully I've made the point pretty clear by now.  The Fed has a hammer: the interest rate it sets when loaning Fed money to banks.  It's a really big hammer.  It can be very effective when the economy is chugging along.  But when it's sputtering, it's not a very effective hammer.

The road to recovery is not paved by giving money to corporations so they can buy their own stocks back.  That doesn't create new jobs, and it really only helps those people who already own vast amounts of stock.  It doesn't put bread on anyone's table that isn't already covered in filet mignon.  Instead, I think the Fed needs to find new ways to *directly* create new jobs, or provide better incentives that will push industry to create new jobs.  If the Fed can't do it, then stand back and let another government organization stimulate the economy.  This kind of "new thinking" isn't the message we've been getting from the Fed.

I'm worried about the "quantitative easing" measures that are bandied about now -- another fancy way of pumping money into the system.  They don't address the problem at hand, and they have a cost that we'll have to pay off (specifically, my generation) in the future.  And it didn't really work for Japan when they tried it before, but they're trying it again anyhow.

A hammer is a very poor choice of tool for a screw.  And the economy looks screwy to me.

Monday, October 18, 2010

The Singularity

There's a concept among futurists and science fiction folks known as The Singularity.  While there is no formal definition, it goes something like this:

Mankind's progress and rate of learning so far has been limited by the ability of our brains to process, assemble, and assimilate information.  There may come a time in the future when we build a robot or a software computer program that is, effectively, smarter than we are.  At that point, the pace and progress of learning is no longer bound by our brains.

That moment is known as the singularity.  After that moment, it becomes impossible for us to predict the future, because it grows faster than we can comprehend.  Vernor Vinge wrote about this in a 1993 article, but it was really first coined in an article from way back in 1965: "Speculations Concerning the First Ultimate Machine."  Since then, many books and articles have been written about it.  Business Week even had a blurb on it back in 1999, as they were making predictions for the 21st century.

I tell you all this as background, for it appears we're one step closer to this point: Carnegie Mellon has devised a computer that can read, and learn from, the internet.  Called NELL, for Never Ending Language Learner, it can browse and parse the internet, and form "beliefs" based on what's out there.

I freely grant that the internet is not the Paragon of Truth, and based on volume, NELL is more likely to emerge as a whiny teenager with a penchant for anarchy than it is to become a wise oracle.  But still: it can learn and process, and it can browse and internalize a whole lot more of the internet than you or I can.  With a few more years and a few more terabytes of memory, we could be in for a heck of a ride.