Category Archives: Technology

Commercial Spam Turns 20 Today!


Some other time, some other place
We might not have been here, with egg on our face
I just wanna tell you, made up my mind
You know I can’t help the way I feel inside


Oh, this heart’s on fire
Right from the start, it’s been burning with rage
Oh, this heart’s on fire
One thing buddy, spam fills it with rampage!

And 20 years ago today, Laurence Canter and Martha Siegel unleashed the “Green Card” spam upon the world. While this was not the first instance of Usenet spam, it was the first instance of commercial Usenet spam and, quoting Wikipedia, its unapologetic authors are seen as having set the precedent for the modern global practice of spamming.

Canter and Siegel sent their advertisement, with the subject “Green Card Lottery – Final One?”, to at least 5,500 Usenet discussion groups, which was a huge number at the time, posting it as a separate posting in each newsgroup so a reader would see it in every group they read. Their internet service provider, Internet Direct, received so many complaints that its mail servers crashed repeatedly for the next two days! You have to remember, this was back in the time of dial-up and the highest speed modems available at that time were fax-speed 14.4K modems, with most people still on 2,400 baud modems! But this effort, and their subsequent efforts through Cybersell, which was a “spam-for-hire” company, ushered in the age of spam that we are still dealing with to this day.

You Can Have Your Google Chauffeur. I’ll Choose Good Ol’ Alfred Every Day of the Week!

For those of you who thought the doctor was needlessly calling #badwolf last Sunday in response to the automotive industry’s push for autonomous automobiles, SI would like to point out this recent BBC News article stating that Toyota is to recall 1.9 Million Prius hybrids.

Why is Toyota recalling 1.9 Million Prius hybrids? A software fault that may cause the vehicle to slow down suddenly. To date it has identified more than 400 reports of the problem, with the bulk of them occurring in (the heavily congested streets and highways of) Japan and North America. According to Toyota in limited cases, the hybrid system might shut down and the vehicle will stop, perhaps while being driven.

In other words, all a hacker has to do to cause multiple fatal multi-car pileups is hack the OnStar network and send a signal to all Prius’ vehicles to execute that specific part of the code. They don’t even have to break the OS and figure out how to craft a small virus that will hijack the control system or execute a dangerous set of commands — the hacker just has to send a signal telling the OS to execute the set of commands already there.

Now, presumably, this would (hopefully) result in the brake lights being triggered and the outcome may not be as deadly as it would be otherwise, but what about the other 99 Million Plus lines of code. How many similarly dangerous, untested, and, as-yet, unexecuted code sequences are also in the Prius? And every other electronically controlled car on the road?

They’ve yet to release a personal OS that isn’t riddled with more holes than there are potholes in Canada’s winter roads*1! I’m all for technological advance, but until we figure out how to write more bullet-proof, and secure, operating systems, let’s keep the OS out of the car and on the desktop where it belongs.

Now if you’ll excuse me, I have to go help LOLCat tell some meddling kids to get off my lawn!


*1 A slice of swiss cheese is quite solid in comparison!

The Storm Clouds Are Coming!

Fifteen years ago, enterprise software was installed on-premise and managed locally. This required organizations with no knowledge of IT or IT management to create IT departments to manage servers and the software services that ran on them. For an organization that didn’t use software in it’s daily operations — such as a manufacturing organization that used manual production lines, an advertising agency that deals in existential image and not physical product, or a real-estate agency that only has to take listings and take cheques — it was an expensive proposition.

Then came the Application Service Providers, better known as ASPs. Using the power of the internet, these software solution providers built their own data centres and hosted the solution for their customers on dedicated machines in their own data centres. However, this solution was not optimal either, as the organization was not only paying for machines, energy, and administrators to run the software, but also paying for these through a thirdparty that added overhead and markup.

This provided an opportunity for more enterprising software delivery organizations that were able to build their applications to be multi-tenant and host multiple clients on the same platform. This reduced the number of machines, kilowatts, and system administrators that were required and thus reduced the overall operating cost. This allowed this new breed of Software-as-a-Service (SaaS) vendor to take business away from the ASPs and advance the state of the art.

But this wasn’t the end. New enterprising software delivery organizations, who realized that their expertise was software and not data centre management, decided that they could do even better if they designed multi-tenant Software-as-a-Service solutions that could be run on someone else’s platform. This would bring more economies of scale into play as not only could multiple solutions could be run on the same platform, but the platform provider could be replaced by another platform provider with a lower-cost at any time. Enter the Cloud, which, like a real cloud is ephemeral, suspended in space, and, in some cases, full of security holes.

Cloud services are ephemeral as any specific instantiation of cloud services last as long as the company behind it has the means and the desire to continue supporting the cloud services. Cloud services are suspended in space since the instantiations may move over time as the service owners switch to lower-cost and/or more secure data centres. And, with the recent revelations on the PRISM program, the cloud is full of security holes to the point where the EU Parliament has called for suspension of the multi-billion ‘Safe-Harbour’ deal over NSA spying because some cloud providers don’t, either because they don’t have the expertise or won’t spend the money, secure their part of the cloud properly.

As a result, supply chains are exposed to additional risks of disruption (if a cloud provider unplugs overnight), security breaches (as some platforms are significantly less secure than others), and privacy risks (as some governments claim the right to all data on servers on their shore that is not associated with citizens or entities of that country or that might pose a security risk under acts like the US Patriot Act).

And this is only one of 14 significant threats to the supply chain in 2014. Would you like to know what the other 13 are? If so, download SI’s latest white paper on the Top Ten Transitions To Tackle in 2014 to Tame the Tolls, sponsored by BravoSolution. (Registration Required) Or, you could just wait and be surprised as the other 13, riding on black swans, one by one, strike at each full moon. Your call.

Some Things Should Be Autonomous, But Automobiles?

As per this recent K@W article, automakers are working hard to advance the state of the automobiles, and that’s a good thing, but should the ultimate goal be autonomous, driver-less vehicles?

While park-assist, remote control parking, trailer assist, construction site assistant, blind spot monitor and the pre-crash occupant protection system and other safety systems are a good thing, there’s a difference between adding technology to alert a driver to danger and creating a car that drives itself in an effort to remove the human element. While human error is the leading cause of accidents, it’s not the only cause of accidents. Sometimes an animal, or human, jumps in front of the vehicle or an object falls in front of the vehicle, sometimes something breaks and the vehicle can’t be stopped, and sometimes a natural disaster happens.

If there’s not enough time to stop, a computer is not going to be able to stop the car; if something breaks, a program can’t fix it; and if an unexpected event occurs, will the algorithm know how to deal with it? For example, even if there’s no time to stop, a human might be able to take evasive action and avoid hitting a person who steps in front of the vehicle without warning. But if the only choice is hitting a person or hitting a building, will the algorithm make the right choice? (Cars and buildings can be fixed, dead people can’t). Or will it keep calculating to infinity in hopes of finding a collision-free path of action, and hit the human in the process. What if the failure causes a disconnect between the core processor and the brakes? What if an earthquake happens? Will the algorithm be able to interpret the readings correctly?

But more importantly, what if the system crashes? The average car already has more lines of code in its operating system than in an average computer operating system. As per this article over on the MIT technology review, many cars have a hundred million lines of code in their operating system. For comparative purposes, Windows 7 has about 40 Million lines of code. How many lines of code is it going to take to create an operating system that can drive an autonomous vehicle that performs well enough for a government to consider allowing it on the road? Hundreds of Million, if not a Billion. That’s a lot o code. How do you adequately test that much code? You don’t. You can never guarantee that the code is error free and that system won’t crash. You can only test until the probability is high enough for you to accept as likely to be error free in practice.

And what happens if an unexpected event happens at 70 MPH on the highway and the system crashes? Nothing good.

But the real concern is what happens when the OS is hacked? Your computer gets hacked, you lose your personal and confidential information and the computer becomes inaccessible to you until you unplug (and reboot) it. If your car gets hacked, it becomes inaccessible to you until you cut the power. You can’t do that at 70 MPH, and since all cars are being built with 4G, bluetooth, wifi, etc. — if a hacker gets control of it while you are on the road, he can crash your car into another and there will be nothing you can do.

And if the hack is the result of a bug in the OS that allows for a massive zero-day exploit, a hacker could take control of all cars on the road on the same communication network, and cause them all to accelerate until they hit something. If tens of thousands of vehicles were hacked and subverted all at once in a zero-day exploit, the widespread damage that could be caused would be hundreds or thousands of times worse than most terrorist groups currently achieve when they manage to hijack a plane or blow up a single building.

In other words, removing the human completely from the picture doesn’t increase safety, it decreases it. If we must have autonomous vehicles, then they better all come with an old-school code-free manual override switch that, in an emergency, will let us turn the computer off so we can drive home safely and tell those darn kids to get off our lawns.

A New Year is Upon Us – Do You Have Your SpendHQ Ready To Go? Part IV

In the first three parts of this series, we introduced you to SpendHQ, a spin-off of Insight Sourcing Group (ISG), one of the strongest, but yet most overlooked, players in the spend visibility and analysis space from a software and services solution viewpoint. Introduced is the operative word here as we only reviewed the features of the product at a high level — each tab of each module has many more features, options, and capabilities than we reviewed, as our goal in this initial series was just to outline the capabilities of a solution that has been under development for close to a decade. Unlike most spend analysis solutions that were designed and built by sourcing solution providers, SpendHQ was designed by sourcing and spend experts and implemented by a development team experienced in the implementation, and integration, of sourcing and spend analysis solutions.

The solution, which so far consists of a spend visibility and category management module, soon to be accompanied by a contract (metadata) management module that will allow an organization to track contracts, associated prices, and expiry dates (and associate them with managed spend categories), as any expert in spend visibility and analysis knows, is only as good as the data it contains.

Fortunately, SpendHQ manages the entire process and has a good handle on the matter at hand. From consolidation through normalization, categorization, cleansing, and enrichment to cube building and release, the SpendHQ team is experienced at the end-to-end lifecycle.

And, moreover, they recognize that this process can take time. Even though a spend expert with analytics expertise can map 90%+ of spend by hand with the right tool in a week for even the largest fortune 500, most companies don’t have this spend expertise in a single person, don’t have all of the data available in a single merged instance, and don’t content themselves with 90% of spend when many providers promise 98%+ (even though this increased level of accuracy doesn’t make a difference during an initial spend analysis effort and initial project selection, as an organization always goes after the biggest cost savings opportunities first, which can always be identified with 90%+ mapping accuracy). As a result, while some spend analysis providers will promise to have you up and running in a week (and work their Indian data mapping team to the bone 24/7 in an effort to meet this goal), SpendHQ makes a more reasonable promise of six weeks from initial consultation to final deployment. The SpendHQ team knows it will take time to get data, create merge rules, cleanse, classify, review with the customer, create new rules, re-classify, enrich, get executive sign-off, and roll-out. Sometimes the process only takes a couple of weeks (with a smaller company that’s really on the ball), but, as a consulting firm, they know better than to make promises that are unrealistic (and it’s always better to beat a deadline than to miss it). Considering that they can get to full-deployment for even the largest multi-billion dollar companies with 60+ file formats and 20+ currencies in this timeframe, you don’t have to worry that they won’t be able to turn-around data and mappings as fast as you can get them the data and review the mappings.

ISG has been doing spend analysis engagements since it was founded in 2002 and started working on it’s own spend analysis toolset shortly thereafter (with the first commercialization of its spend analysis product in 2007) and, as a result, ISG and SpendHQ are quite familiar with the fragile data supply chain. Poor data input discipline leading to 200 different supplier names for FedEx in your system? Multiple AP Systems that fragment spend data across the enterprise in different file formats? Accounting oriented categorizations useless for spend analysis? Maverick spend gone wild? They’ve seen it all and can deal with it all. And before the cleansed and categorized data is presented to the customer, it is reviewed by North America and European Union based sourcing professionals — not by a low-cost data-entry tech in an outsourced Indian development shop.

And, as per recent posts, the SpendHQ product is extremely useable — one of the best UIs SI has seen yet for a vendor-managed spend analysis product that is designed to be comprehensible by even the most technology-inept. (SpendHQ believes their UI to be their competitive advantage, and SI agrees.) It’s a great entry point to spend analysis and a quick way to identify your top savings opportunities and get sourcing projects to address them underway. (And then, a few years down the road when you’re ready for do-it-yourself advanced spend analysis, it’s a perfect segway into a product like Opera’s BIQ — which supports multiple categorizations, multiple cubes, and the ability to re-define your own rules hierarchy on the fly — when you’re ready to dive deeper into tougher opportunities.)