Meanwhile, the fraction of total box office that comes from the blockbusters (top 25 films) has been steadily falling, even as the cost of making those films (expressed here as a percentage of total box office revenue) has been rising:Maybe Hollywood should get a new business model and stop risking their entire business on a model that no longer works; that would certainly be less risky for the rest of us than forcing us to use crippled computers just for Hollywood’s advantage.
-jsq
Maybe I hit a nerve recently. Over on Specialty Insurace Blog, Bob Sargent follows up on my post about Insurance and Prevention with this:
We use the term risk management rather than prevention, and find that insurers insist on risk management. In professional liability this is the core of the underwriting process. For example, professional liability underwriters expect their professional insureds to have robust internal procedures and systems, and underwriters of D&O expect insureds to follow the internal control directives embodied in Sarbanes-Oxley.
Sargent provides a concrete example of an employment practices liability application, and sums up the general situation:
Rather than insurance being a replacement for risk management, our experience is that insurance drives risk management.
Also, AIG has told me that their Internet business continuity insurance requires an assessment to see if the customer has traditional Internet security before selling them the insurance. Sargent’s summation applies in every case of Internet-related insurance I’ve seen so far.
-jsq
Frequently I mention that monoculture is not good in computing or networks, using an analogy to monoculture agriculture. I forget to mention that monoculture is still bad in agriculture, and agriculture has gotten even less diverse in recent years. Plus it has developed a security by obscurity mentality:
They allowed me to see everything but the knocker who actually administers the fatal blow. It’s become more difficult since Sept. 11. The food industry has a new argument, which is partly sincere. They’ve recognized that with such a centralized food supply, somebody dropping a vial of bacterium into a vat of hamburger could reach tens of thousands of people. But it has also become an excuse to keep the prying eyes of journalists away from how our food is made, which is unfortunate because we would be better off if we had more transparency in our food system. If there was a right of access to meat slaughterhouses, they wouldn’t be slaughtering 400 beefs an hour, allowing manure to be smeared on carcasses, and going so fast that live animals get cut open. The best we could do for the safety of our food supply, for the beauty of our landscape and for the quality of our water would be to decentralize meat and agriculture.
We are what we eat: Interview with The Omnivore’s Dilemma" author Michael Pollan, by Ira Boudway, Salon, 8 April 2006.
The article goes on to detail how ignorance about the food supply ("I mean, some people would be shocked to learn that you can’t get a steak without killing a cow.") is widespread among everybody from the end-consumer to members of Congress.
Continue readingHere’s some new evidence that David P. Reed was right:
Continue readingWhile growth is slowing at most top Internet sites, it is skyrocketing at sites focused on social networking, blogging and local information.
New Trends In Online Traffic, Visits to Sites for Blogging, Local Information and Social Networks Drive Web Growth, By Leslie Walker, Washington Post Staff Writer, Tuesday, April 4, 2006; Page D01
Short version of why phishing works: users don’t look at the URL because they don’t understand URL or domain syntax, and they do believe graphics, as in if the web page has a security symbol on it, they think it’s secure. Long academic paper referenced by a news story,
For their paper, titled "Why Phishing Works," ( PDF here) Rachna Dhamija of Harvard University and Marti Hearst and J.D. Tygar of the University of California at Berkeley, conducted tests on a small sample of users. They found that 90 percent of subjects were unable to pick out a highly effective phishing e-mail when simply judging whether or not it was genuine.
The secret of phishers’ success By Will Sturgeon, Special to CNET News.com, Published: April 3, 2006, 10:20 AM PDT
In other words, people believe what they see. Seeing may be believing, but it’s not very good security.
-jsq
Occasionally I’ve posted items about the problems of U.S. companies such as Yahoo!, google, cisco, and Microsoft kowtowing to the Chinese government’s rules. A new wrinkle is that Someone in China has lodged a complaint against Yahoo! for its part in the current imprisonment of the Chinese activist Shi Tao.
Is it good risk management to do things that keep being brought up as bad by legislatures and journalists?
-jsq
PS: Seen on BoingBoing.
I don’t really get why people keep saying this about security. Sure, insurance is useful. But the implication is that it is okay to do less preventive stuff. I think insurance needs to be treated as a last resort.Nope, that’s not the implication at all. Continue reading
The Web hosting companies discovered the unusual charges through e-mail alerts that Authorize.Net sends after each transaction. Close to 3,000 suspicious transactions were pushed through the merchant accounts of three companies with which CNET News.com spoke, and more likely happened at other Web hosts, these three companies said.For once, automated online feedback mechanisms provided the leverage needed to counter the leverage crooks get by using the Internet. Also, multiple eyes at multiple merchants spotted it due to that feedback. Continue readingPayment processor fears credit card crooks By Joris Evers, Staff Writer, CNET News.com, Published: April 3, 2006, 7:27 PM PDT
Here’s an example of online insurance: BuySAFE insures online transactions up to $25,000. They do due diligence on merchants and bond them for up to that amount. Their partners include eBay for online markets and Liberty Mutual as the bond issuer.
The founder, Steve Woda, used to be a surety bond underwriter. Woda says his inspiration was when he bought a PDA on eBay and got ripped off. Instead of whining, he started a company to deal with it. Apparently he went to the Wharton School of Business at the University of Pennsylvania to learn how to do a startup that he originally called BondMyAuction. The president of BuySAFE is Jeff Grass, who formerly founded PayMyBills.com, since sold to PayTrust.
BuySAFE is more evidence that Dan Geer, Bruce Schneier, and Hal Varian have been right all along: the future of Internet security is insurance. Or, when security becomes a matter of credit or operational risk beyond the control of a single company, risk management is the answer, and insurance is one of the first forms of financial risk transfer that can implement risk management.
-jsq
PS: Thanks to Bob Stratton (CTO, Revive Systems, Inc.) for the pointer.
For a while now I’ve been using some relatively new sites that rank links according to their users’ preferences, such as
With these plus more traditional news sources, I never bother watching television news because when I do it seems like every story I already saw online several days before, often in several versions from several points of view (political, geographical, technical, etc.). Besides, TV gives you the news in brief, while the net gives you the news in multiplex.
Kevin Kelly has come up with a name for these things: Consensus Web Filters.
Meanwhile, Joshua Micah Marshall has come up with some datapoints or at least anecdotes about something that has bothered me about such sites for a while. Is the blogosphere derivative of the Mainstream Media (MSM), in that it just points at content that traditional editors and reporters produce, or does it produce significant content on its own?
Continue reading