Monthly Archives: August 2003

Software Customer Bill of Rights

Software Customer Bill of Rights.

As the software infrastructure has been going through chaos, reporters (and others) have been called me several times to ask what our software-related legal rights are now and what they should be.

I propose 10 rules that are more modest than other suggestions but that could go a long way toward restoring integrity and trust — and consumer confidence, consumer excitement, and sales — in this stalled marketplace.

1. Let the customer see the contract before the downloading, paying for, or using the product.

2. The vendor must disclose known defects.

3. The product (or information service) must live up to the manufacturer's and seller's claims.

4. User has right to see and approve all transfers of information from her computer.

5. A software vendor may not block customer from accessing his own data without court approval.

6. A software vendor may not prematurely terminate a license without court approval.

7. Mass-market customers may criticize products, publish benchmark study results, and make fair use of products.

8. The user may reverse engineer the software.

9. Mass-market software should be transferrable.

10. When software is embedded in a product, the law governing the product should govern the software.

[Cem Kaner's blog]

IEEE's “Body of Knowledge” for Software Engineering

IEEE's “Body of Knowledge” for Software Engineering. The IEEE Computer Society has been developing its own statement of the Software Engineering Body of Knowledge (SWEBOK). They are now calling for a review of SWEBOK, which you can participate in at SWEBOK pushes the traditional, documentation-heavy approaches. I have read several drafts of it over the years but I chose to not be involved in the official process because I believed that:

  • The document had little merit and probably wouldn’t get much better;
  • My comments wouldn’t have much influence.
  • These grand, in my view highly premature, efforts to standardize and regulate the field come and go but don’t really have enough influence to worry about.

In retrospect, I think that keeping away from SWEBOK was a mistake. I think it has the potential to do substantial harm. I urge you to get involved in the SWEBOK review, make your criticisms clear and explicit, and urge them in writing to abandon this project. Even though this will have little influence with the SWEBOK promoters, it will create a public record of controversy and protest. Because SWEBOK is being effectively pushed as a basis for licensing software engineers and evaluating / accrediting software engineering degree programs, a public record of controversy may play an important role. [Cem Kaner's blog]

Best value conference?

Best value conference?.

Here's a great analysis of some techn conferences….. [thanks Jason]

The Science of Conventions. Great breakdown of tech conventions…. [Jason DeFillippo's Journal]

Putting a Value to a Conference

In the past days there has been some discussion about the registration cost of professional conferences, especially the PDC ($1700) and BloggerCon ($500).  The discussion about the PDC is that without question the conference produces value for its fee, but that the fee in itself is just too high for some people. With BloggerCon people remarked with $500 for a one day conference with no history to show for, and a vague semi-technical content its return-on-investment (in contrast to for example the PDC) is questionable.

I thought a bit about this because I visits about 10-12 conferences per year, although most of them are academically oriented. I think there are a number of criteria to consider when selecting a conference:

  • Innovation – will you hear new stuff that may challenge you
  • Technical – will you learn about techniques/technologies you will use
  • Political – will you get a better of view at the strategic level
  • Networking – will you hook up with (new) people
  • Career – will this conference help you to advance your professional goals
  • Entertainment – Will you be able to have some fun
  • Location – if the conference sucks can you go somewhere else

Warning! The following is not scientific:

If I takes these criteria and apply them a number of professional conferences that have just happened or are about to take place, I get the following:

Conference  I  T  P  N  C  E  L  Days  Price  Value
Gnomedex  7  7  6  9  4  9  4  2  99  92.9
PDC  9  10  5  8  8  7  8  5  1700  16.2
BloggerCon  6  5  9  7  3  7  6  1  500  8.6
O'Reilly MacOSX  8  8  7  8  5  7  5  3  795  18.1
XML-DevCon  8  10  5  8  8  6  5  2  299  33.4

The weights for each of the criteria is from 1-10, and are made up by me for a fictive professional who wants to go to each of the conferences. Your mileage may vary. (BTW I am not sure what the registration for XML-DevCon was). The return value is calculated by 100 / (cost of the conference / (sum of the weights * number of days)).

Gnomedex is the absolute winner in terms of return on investment, with XML-DevCon also as a positive value maker. PDC and O'Reilly probably will give you a similar value.

BloggerCon however will need to do something drastic, either in its program or in its fee, if it wants to provide real value for it participants.  [Werner Vogel's All Things Distributed]

I really think Gnomedox shoulld get negeative points for being in the middle of po-dunk.  It just isn't reasonable to go to hell for a conference.  But there should ALSO be points for amusing moderators and hosts – so Chris Pirillo would make up for being in the middle of no where – by being such a fun guy.

And where's SuperNova?  reBoot?  Ars Electronica?   COMDEX?  [Marc's Voice]

Microsoft software 'riddled with vulnerabilities”, trade body claims

  • – Microsoft software 'riddled with vulnerabilities”, trade body claims. Dept of Homeland Security should avoid Microsoft

    The US Computer and Communications Industry Association (CCIA) has urged the US Department of Homeland Security to avoid using Microsoft software.

    The Washington based association, which represents members that generate over $300 billion, has issued an open letter to Tom Ridge, Secretary of the department, urging him to review his decision to choose Microsoft for its desktops and servers.

    It claims that last week's events relating to the Blaster and SoBig worms, have highlighted problems in cybersecurity.

    The letter, from Ed Black, the association's president, said:”We believe that for software to be truly secure it must be well written from the outset with security considerations given a high priority”.

    It accuses Microsoft of being more interested in economic marketing and competition than security and said the lack of diversity within a network system “amplifies the risk emanating from any vulnerabilities that do exist”.

    It continues: “Our preliminary findings indicate the severity of the security problems relating to some Microsoft software”.

    The Blaster worm, it said, crashed the Navy Marine intranet* (ed. A SMALL correction here. The worm caused an intrusion, rather than a crash, on this particular network.) , the CSX railway system, Maryland's Dept of Motor Vehicles, Air Canada systems, and most seriously earlier this year a nuclear power plant was downed by Slammer.

    Microsoft, it claims, isn't guiltless, because it is continuing to “create software riddled with obvious and easily exploited vulnerabilities”.  [Privacy Digest]

  • On Business Models

    On Business ModelsDon Park and Tim Oren are engaged in an interesting discussion of business models in the wifi world. Don kindly makes a suggestion to have Access Point hardware vendors subsidise the price of the wifi Access Point (AP) by bundling it with a services oriented business model.  It's like a blast of deja vu to 2001, back when Sputnik was getting started, and our original business model

    Don lays out the basic ideas behind Sputnik's original model pretty succinctly:

    1. Bob, a store owner, buys Sputnik at 1/4 of the price, plugs it in at his store, and use the installation software to register the AP with Sputnik Network.
      • The AP is configured so that only Sputnik Network members can use it. 
      • Administration, security, and account management is all handled by Sputnik Network.
    2. James, a Wi-Fi user, subscribes to World-wide Sputnik Network service for $10 per month, enabling him to use any Sputnik Network AP around the world.
      • Sputnik client software running on his laptop automatically handles authentication with each AP.
    3. AP usage is metered so Bob might receive a check each month if his AP gets a lot of traffic.

    In late 2001, Sputnik released its Sputnik Community Gateway to the world, which would turn any old PC with a wireless card into an AP that authenticated users onto the Sputnik Network, a centralized authentication service.  Lots of people downloaded the code, used the gateway, and people joined the Sputnik Network.  But we decided that we were pursuing the wrong business model, and changed our plans. Here's why:

    1. Revenue split.  Each subscriber is paying $10 a month in Don's example.  Some of that money is going to go to Bob, the store owner who has installed the subsidised AP.  The revenue split needs to be compelling enough to make it interesting for Bob.  But there are other folks in the mix here too – like the ISP, see below, the VAR or SI who installed the AP, the location owner, and possibly the roaming agreement provider (like iPass or Boingo) .  So now that $10/month is split with even more people.  That's a lot of ways to split $10, so your service margins get pretty thin, even as it is. Now add in the fact that James is calling customer support because he's getting unreliable service (see Customer Service Headaches below), and it becomes nearly impossible to make money.
    2. Legal issues.  Most residential broadband connections come with a pretty strict Terms Of Service and Acceptable Use Policy which prohibit the sharing of broadband connections.  Of those that do allow sharing, most only allow for sharing within a single household, not reselling of service.  One way around this is to cut the ISP into the revenue split, which would hopefully provide an incentive to them, and cover their costs of extra data traffic passing over their backbone as well as (potentially) James as a lost customer – why should he buy a new DSL or Cable modem if he can surf on his neighbor's connection?
    3. Customer Service headaches.  If we presuppose that our aforementioned wi-fi user, James, is paying a monthly subscription fee, then he's going to demand some kind of service level, otherwise he's going to feel like he's wasting his money.  The problem is that Sputnik has no control over how James is getting his access – for example, what if his neighbor, who is providing him with wifi access decides to move?  Or if he unplugs his AP when going on vacation?  James doesn't know about this, and the Network provider has no control over James' neighbor – we can't go over to his house and turn his AP back on.  James' percieved value of the service drops precipitously, and he gets puzzled, or even angry.  Then the support calls begin – Since he was getting service just fine the day before, he is going to try to figure out why the service isn't working now.  Now James starts calling the Sputnik call center, trying to diagnose the problem with “his computer”.
    4. The rise of “free” networks.  A significant number of businesses are giving wifi away for free – as an incentive to get butts in seats, who then order coffee, or happy meals, or whatever.  Other businesses are using an advertising-based support model – watch an ad when you log in, and you get free access for the day.  Others are using wifi as a customer affinity program, or CRM system – why go to the cashier when you can order your food and drinks while at your seat – “oh, and can we sell you a new CD with that, sir?”  Some businesses just want to get a better idea of customer demographic.  The point is that a traditional for-fee network isn't necessarily the right business model for all occastions or for all locations.  

    Believe me, we looked long and hard at the business model and tried to find ways to make it work.  What we realized is that wifi is not a one-size fits all service model.  Sometimes a per-minute or per-day for fee network is the way to go.  Sometimes it isn't.  What we realized, is that by creating an architecture that supported Don's idea allowed us to let our customers figure out the business model that was right for them.  In addition, the further commoditization of wifi hardware means that it is going to become more and more ubiquitous – so the number of potential wifi customers will increase, but hardware profit margins will decrease.  So we embarked on a new strategy:

    1. Give AP manufacturers something to differentiate themselves.  We shrunk our codesize so that it now fits onto the standard flash sizes of inexpensive APs.  Our core code only takes about 150KB of space, which means that there is no need to change hardware designs or increase hardware costs.  At the same time, optional components allow for manufacturers to add additional value through combinations of hardware of software, like VPN accelerators, group policy, bandwidth shaping and throttling, and more.  Licensing is very affordable, and it allows the AP manufacturers to increase their margins by selling differentiated products.
    2. Make money as a software company.  Sputnik's business model is based on selling the management system that lets you control and manage all of those inexpensive APs in a centralized manner.
    3. Let our customers decide on the right business model for them.  We built the Sputnik Central Control system using a set of open interfaces – so that our customers could use different billing systems, settlement systems, and authentication systems.  Because their capital expenditure is reduced by using inexpensive APs, and their operational expense is reduced by using the Sputnik Central Control management system, our customers are free to deply wifi in interesting ways, and to experiment with different service business models.  At $895 for Sputnik Central Control, it is also 1/4 to 1/10th the price of competitive systems.
    4. Be backwards-compatable.  Our products don't use any proprietary new radio encoding method, or even require special client software – all you need at a minimum is an SSL-capable web browser.  That means that all the major operating systems, all the major handhelds are immediately able to authenticate to a Sputnik-powered network.  Of course, client software can make things easier and more functional, but it is not a requirement for the system.  And IT directors can rest easy knowing that they don't have to add a single new piece of software to their standard builds.
    5. Be forwards-compatable.  Wifi is constantly changing – new speeds, new radios, new encryption methods are coming out all the time.  There's a lot of innovation going on in the space.  This is good and bad – you don't want to get locked in to buying a system that will be incompatable with tomorrow's standard. There is one body that everybody looks towards: the IEEE.  802.11 is the name of the IEEE working group that covers this whole area – and all the vendors work on and respect the standards coming out of the working group.  For example, when WEP was broken, the IEEE embarked on a new standard for encryption, based on AES, which is being hammered out by the 802.11i task group.  It's not ready yet.  When it is, Sputnik products will support it.  Until then, we're not getting into the crypto debate or muddying the waters with some proprietary crypto scheme.  A proprietary scheme ends up locking in a subset of customers, but it also ends up fragmenting the market, hurting everybody, especially the hapless souls who are now locked in.

    I still love the “change the world” aspect of Don's idea, and ideas like his that build on network effects can certainly create economies of scale and competitive advantage.  In fact, I want to encourage Don to go out and build it and turn it into a gold mine.  Along the way, we're happy to sell him the picks and shovels he'll need to mine that gold.  [Sifry's Alerts]

    More pleasant surprises, please

    More pleasant surprises, please. I want to be pleasantly surprised by software that notices when message patterns indicate the formation of a group or project, and volunteers to set up folders and filters for me. Likewise, I want to be pleasantly surprised by an RSS newsreader that notices how I save and organize items from my subscribed feeds. No breakthrough in artificial intelligence is needed to make this happen. We do the pattern recognition ourselves, quite naturally, as we process our information flows. If software paid more attention to what we attend to, and how, there could be more pleasant surprises. Full story at []. [Jon's Radio]