Never Expires

Given this raw material there is something to be said here.  But I can’t quite pull it together.

Something about how coupons are are a way to overcome the buyer’s impulse control?

Something about how no market is immune to discriminatory pricing?

This may well be the most evil thing I’ve yet encountered in my hobby around pricing games and shaping consumer behavior.

… Valeant’s business model.

They bought an out-of-patent drug (Sodium Seconal) which is used in physician assisted suicide – and after the California government passed laws to make the above legal they jacked the price up to $3000. … consistent with Valeant’s business model there is a copay coupon so that you, dear patient, are not out of pocket, whilst your insurance provider takes the hit.

via Bronte Capital.

Let’s Encrypt Everything

I renewed the SSL/TSL certificate on one of my little cloud servers over the weekend.  I had been using StartSSL for this.  This time I decided to try out the services of Let’s Encrypt Everything, which worked out nicely.

You can read their website for the background story.  This posting is about the details of how I proceeded.

Let’s Encrypt Everything will sign TLS certificates for your website.  It uses a scheme called ACME.  That scheme involves running some software on your end that talks to their servers.  During that conversation a transient page is created on your website, this is used to prove that you control the site.  That proof of control how they validate that you control the site and thus it’s ok for them to sign off on the cert.

What’s nice about this scheme is that you really don’t need to know much, if anything, about how all this works.  You only need to install some software on your machine – the ACME client – and then follow the instructions.  The better the ACME client the less work you need to do.  This posting has a nice review of various ACME clients.

I first tried the client that the Let’s Encrypt folks are working on.  It didn’t work well for me.  I then moved on to acme-tiny and it was great; though it certainly required more hand work.

The proof of control step/scheme requires that you let the ACME client add a page to your web site, i.e. put a file into your sites http files.  That page is served using HTTP, not HTTPS.

The certificate they give expires in three months, so they presume your likely to run a crontab to renew the certificate, montly say.

The largest hick-up I ran into was that the page wants to be served via HTTP.  My site is setup to to immediately redirect all HTTP traffic to HTTPS.  So I had to adjust the configuration to leave a small hole in that behavior just for the proof of control page.  I do the redirects with Apache’s mod_alias; and it required a bit-o-thought to get that hole build.  I now redirect all URL’s, except those that begin with a period, it’s lame but it works and was easy.

Tarsnap Notes

I set up tarsnap to backup one of my small small cloud servers.   Some notes on the hick-ups:

  1. Tarsnap’s install involves compiling it – that tells you about the overall tone :).  The compile requires this include file: “ext2fs/ext2_fs.h”.  My little server lacked that.  It took a while to find how to get it.  In this case the answer was: yum install e2fsprogs-devel
  2. There are two keys.  One is used to access your account on his server.  The second is used to encrypt etc. your backups.  I was puzzled about this file since I’d assumed it would encrypt the backups with one key (which would be installed on the machine(s) you backing up), and then a second key (the private key) would be used to decrypt them later.  Turns out the behavior is – sort of – optional.  The 2nd key you get fills both roles, and you need to use the key management tool if you want to make this distinction.

Normalization of Deviance

I’ve found it interesting to think about a posting from Bruce Schneier over the last few days.

He’s musing about the term “Normalization of Deviance.”  This term’s home is in public health, and it’s used to describe a syndrome where the profession knows that certain practices are key to assuring safe outcomes; but where they have a difficult and frustrating time keeping the parties involved on board with those practices.

Bruce is musing about how some large swath of the software industries security failures can be viewed that way.   Clearly in many cases we know what to do, and thus the problem comes down to how difficult and frustrating it is to make that happen.

Some communities of practice (medicine, civil engineering, aviation, …) reside in (mature?) straight jacket of practice.  He kicks off that post with a link to a horrific story of pilots failing to conform to required practice.

Bruce links to this rant,  who’s author is confident that small software startups can, should, ought-to live in that straight jacket too.  That’s a conclusion that is at odds with the buckshot model of startups.  An interesting tension that.

I see I’ve touched on this issue in the past, it’s a fascinating subplot of all this how the straightjacket of regulated practice is analogous to the Overton Window.  The average velocity of the overton window varies widely from one field to another.  There is some sort of relationship between that and safety, but damn if I can say what with the precision I’d like.

Decades ago I had an argument with a young Professor at CMU.  I was right, for various reasons [1, 2] software engineering was not going emerge a “professional engineering” practice in the manner of older engineering fields.   What is clear now is that security issues, like the ones Bruce works on in his day job, are rapidly building out a very similar straightjacket of engineering practice.

Process Shock

I’m very interested in questions of scale, so Ben Adida‘s “Important read” click bait had an easy time getting me to click through to  “Orders of Magnitude“. But, let me save you a click.

FYI – HR is very different at Google with 8! orders of magnitude more employees than it is at a startup.

He actually wrote “Important read! For bigco engineers who join startups, eng processes also are very different at diff scales.”   So he had me twice hooked, I’m thinking a lot about process these days, as one does.

From the employee/HR point of view: moving from one firm to another, like any move, is all about encountering, digesting, introducing new conventions.   The resulting culture shock is always part of the work.  For both sides.  This emotional work is huge.

Management, on the other hand?   Well, their brief includes moving the immovable culture.  The real work of HR is keeping the collective culture shock in some sort of Goldilocks zone.

Estimating is hard.

Guesstimate is a delightful first draft of a tool to help clarify why we don’t know the answer to your question.  Here for example the user has tried to get a handle on how: “Taking down the tree, how long?”

taking down the christmas tree

I was a bit taken aback that my immediate reaction to this. A flashback to Simula.  What a lovely language.  I used back in the late 1960s, and then once more in the mid 70s.  It had things that didn’t become common in other languages for a long long time, like threads and classes.  It was very good at this kind of computation.  Simulation accounted for a big slice of all computing, back in the day.

I didn’t see any loops.

Be grateful for what blessings your betters have bestowed upon you.

We owe Barbara Enrenrich a debt, for two things: her autobiographical work on the cultures cult like insistence on over the top enthusiastic cheerfulness at all times (see her book Bright-sided).   And for her books about what it’s like to live poor.

Her recent op-ed on the currently popular meme that gratitude it the key to happiness (in the New York Times) brings those together.   I’m embarrassed not to have presumed something I’m reveals:

Perhaps it’s no surprise that gratitude’s rise to self-help celebrity status owes a lot to the conservative-leaning John Templeton Foundation. At the start of this decade, the foundation, which promotes free-market capitalism, gave $5.6 million to Dr. Emmons, the gratitude researcher. It also funded a $3 million initiative called Expanding the Science and Practice of Gratitude through the Greater Good Science Center at the University of California, Berkeley, which co-produced the special that aired on NPR. The foundation does not fund projects to directly improve the lives of poor individuals, but it has spent a great deal, through efforts like these, to improve their attitudes.

One of my joke startup ideas: A chain of bookstores that offer to provide literature in service of any point you wish to make.  These stores would also let you select how you want your point made.   “Ah yes sir, you would like to show that the poor should be more grateful to their betters.  Would you like that in the form of a novel?  Or possibly a anthropological treatise?”  “…”  “Ah yes sir, we can arrange a bespoke social scientist, no problem at all.

Ideology of the politically active rich.

Interesting chart.

poole donor distributions

It give a glimpse at how and which of the mega rich spend a on our elections.  It would be interesting to see a similar chart about the lobbying of their agents.  I’m surprised how sorted this is by the age of the Lord’s empire.

That’s the last slide in this deck (pdf) from a year ago.  The entire deck is a nice summary of the state of our frighteningly polarized politics.

43 Dollars

Sometimes when I’m feeling a bit too cheerful I listen to the “New Books In Political Science” podcast.   I guess that’s because many years ago a book about political science changed my world view, a lot.

This week end I listened to a chat with the author of  “The Business of America is Lobbying: How Corporations Became Politicized and Politics Became More Corporate“.   I’m to lazy to go back and find the quote that shocked me, but let’s pretend it was: “For every dollar spent by lobbyist for various liberal goals (consumer protection for example) industry spends 43 dollars.”  Chew on that!

The Amazon review with just three stars dislikes the author suggested solution.   The reviewer amusingly characterises that as “I guess the only way to stop a bad man with a Lobbyist, is with a good man with a Lobbyist.”

Amazon Prime not a luxury good.

One of my favorite insights about pricing came from thinking about why bespoke tailors never discount.    The fun bit was the realization that sales (discounting, coupons, etc. etc.) are about impulse control.   Both players, Betty the buyer and Sam the seller, are tempted by discounting.

Sam discounts because it helps to close the deal, since it helps Betty to overcome her impulse control.  So Sam is very tempted; and that temptation means he’s got an impulse control problem too.  At it’s core the discounting acts to expedite the sale, it’s an accelerant.

But yeah, if Betty knows that Sam is given to discounting that knowledge dampens sales!  For example there is a men’s clothing store near my office, but I know that everything in can be had for 40-60% less than the usual asking price.  But only if I play the pricing games this vendor uses.  I “just” need to puzzle out what those are and then: wait for the sale, get the coupon, and buy the gift card in the secondary market, order online with delivery to store, and finally exchange what I bought for the item I really wanted in the store.

When the bespoke tailor clarifies that he never discounts he’s signalling that his goods are a luxury item with a lot of bundled benefits.   Betty should not be making the purchase decision based on price!  Price should never be the deciding factor in the purchase of a luxury good.

Presumable Brilliant Bob can skillfully compute the cost of the dampening v.s. the benefit of the accelerant.  The drug store knows that a lot of their buyers need it now, and hence has less fear of the dampening.   The big department store knows that most of their Betty’s are skilled shoppers and enjoy the game.   The combinations are numerous.

But one place this leads is the realization one of the many inputs to price setting is the how much discounting head room the seller wants.  So when Amazon raises the price of Amazon Prime to $99 they may hope that Betty thinks this is because it’s become so much better.  More features, valuable, and expensive to deliver.  But I suspect it’s that they decided to play more pricing games with that offering.

So today you can buy Amazon Prime for $67 v.s. $99.  (You’ll need to go read some of the threads in the forums where pricing game player’s hang out to see various schemes for playing that deal well.)

Which means Amazon Prime is now another product about which Betty may mutter “I never pay retail.”