Clay, in the midst of a nice posting teasing out the difference between interacte and publish made me laugh:
Dave Barry is in fact the perfect example. Dave Barry publishes a column online, using weblog software as his publishing platform, and his mode of
Tim Oren writes at the tail end of excellent posting on the business model of various choices Netscape made:
Moral of the story? It’s the business model more than the threat model that often dominates the real world of commercial security deployment. Grigg is right that if the actual threat had been analyzed, the focus would have been on the server (Willy Sutton: “That’s where the money is.”), not hypothetical packet sniffers. But that wouldn’t have created a client/server lock-in, so it didn’t fit the actual goals. Security designers - paranoids by trade - would be well advised to find an equivalently cynical business type to vet their ideas.
This is so true. It’s always advisable to look into motives. People tend to be very nieve about this, particularly specialists of one strip or another. I think one might go further and say that if you dig into the business model of the advocates of a proposed standard and find that it is driven entirely by noble virtues then you must step back and become concerned, not that they are being nieve, but that they run the risk of being coop’d by players who enter the market with a strong business model.
It is, of course, quite dangerous to try and look into motives. In fact some professions forswear it entirely. Just to pick one reason why it’s dangerous is that an entrepeur is often very fuzzy about his business model. He may have a primary model, but he always is juggleing a pool of options. He values these options because they give him the flexiblity to learn from the market as he goes forward. The outsider can’t see that information. The outsider can’t even see the list of options that the entrepenure is juggling; since the entrepeur is likely telling a simplified, but consistent, story about what’s happening so as not to confuse his audience.
While the pool of options are on the upside there is always a pool of risks haunting the emerging enterprise.
Of course it’s a good thing if you let all the professions have a chance to take a look at the worse case senarios around your whatever boondoggle your currently engaged in.
Which reminds me of an peice of paper they were handing out at a Real Estate open house once. This peice of paper adviced me that before making a bid on the property I would do well to consult with my own advisors. It then helpfully enumerated various advisors I might touch base with - in no particular order: pest inspectors, HVAC experts, structural engineers, title insurers, buyer real estate agent, geologist, … and on and on for maybe a good 40 or 60 kinds of expertise I might wish to bring to bear before making an offer on the house. This did not encourage confidence that the seller was being forthright.
This note attempts to put a valuation on the Site Finder hack. I estimate it’s worth about $3 Billion dollars, to Verisign. I don’t make any attempt to estimate it’s cost to it’s victums. One reason I got to thinking about this was that since it leverages people’s typo’s and misspellings I, as a dyslexic, find it particularly offensive. About one in five people suffer from dyslexia. Think of us as a market segment.
Computing the value of things is hard but necessary work. For example google needs to rank sites to decide which site to present first in a query. They want to have the ‘highest quality’ response to the query come first. Their solution is to use links as a proxy for quality. Sites with more links are presumed better than sites with fewer links. Of course their algorithums aren’t as simple as that.
The success of a standard is similar. You can measure how many people have adopted, linked up with, the standard. A better measure is how much traffic is moving over the standard. A number of people may speak Latin, but how many words of Latin are spoken each day? A number of people many know the secret boy scout handshake, but how many secret handshakes are actually consumated each day?
In the web world traffic statistics are collected by sampling. Alexia, a venerable firm acquired by Amazon some years ago, does that. They collect the data by signing up volunteers and installing something into their web browser that reports back traffic data.
If you want to value a company you have the same problem. You can count how many people link to the company (i.e. how many customers it has) or you can try to measure the amount of traffic the company has with those customers (i.e. how much money each customer hands over in a given unit of time). For example the Visa system has around 1,023,707,000 cards issued; but that doesn’t tell you much about the volume of traffic moving thru their system. They report that they do about 36,284,000,000 transactions a year.
Of course, Latin speakers will, for example, argue that their conversations are higher value than the conversations in many more pedestrian languages.
Currency exchange standards are unique because you can actually do better than even the amount of traffic. You can measure the value of those transactions. For example Visa reports they moved $2,668,821,000,000 thru the system in one year.
Alexa ranks Yahoo as the site with the most traffic on the net, while the market values it as worth $27.37 Billion. AOL on the other hand is ranked at 20 in Alexia’s traffic ranking.
Web traffic is power-law distributed, and if we assume that the exponent of this distribution is 1 then AOL get’s a tenth the traffic of Yahoo. And if we assume that all traffic is equally valuable (the Latin speakers will point out that this is obviously false) then we can roughly estimate that AOL is worth $2.7 Billion. On reason this is obviously false is that AOL has a subscription relationship with it’s users where as Yahoo doesn’t; and a subscription relationship is clearly more durable than a non-subscription one.
Ok, now notice this article from Alexia about the traffic levels that Site Finder managed to garner. It’s a little hard to see exactly how much traffic they managed to capture; but if you look at can see they managed to move up to aproximately the same rank as AOL.
The site finder hack appears to be worth about $3 Billion dollars.
Of course that number should be discounted by what ever you think the chances are that they are able to turn it back on.
The operation of the internet domain registry is a beautiful example of a public good platform or standard. The number of beneficiaries is huge, there are for example at least 44 million web sites that benefit along with at least a few hundred of million users.
The goverance of such a public good is a complex mess. But in this case it surprises me that the top twenty web sites haven’t made more of a fuss about the Site Finder’s arival as a major competitor. Well maybe it doesn’t; the beneficaries of the Internet standards have a ways to go before they realize how much of their fate is in the hands of standards bodies that don’t necessarily report back to them.
It’s interesting to look at this from Verisign’s point of view. If the hack is worth $3 Billion and they figure they have only a 10% chance of winning the day and being allowed to get away with it. Then that’s still enough money, $300 million, to make it worth spending a few million sending your advocates to the various standards bodies to argue the case. They can probably buy some pretty good advocacy for that kind of money.
If your interested in internet Idenity go read Phil Windley’s most excellent series of postings about Digital Identity World. Facinating! Those postings are another sign that, just maybe, the ‘mob‘ is beginning to get it. Until the mob begins to settle in on what “it” is it is very hard to accelerate the build out.
