You Want Disruption? Can You Handle it?

johnny cashI’m on a panel tomorrow at the Mobile Future Forward event in Seattle. The panel discussion is on disruption, which we met on Friday to discuss over a quick conference call.

I actually don’t think a lot about disruption, which is not to say I don’t look for it. I just try to avoid being disrupted because you never realize the extent to which it’s happening until it’s already happened. The corollary to that is you really can’t plan on making it happen either.

This is why I don’t think about disruption. The great case studies for disruption in our business are all a result of executing really well against an idea that was well conceived and not impaired by compromise. Disruption happens when you don’t have anything to lose, and in every case disruption is the result of bringing together extraordinary people unified by a sense of purpose. Put another way, disruption is not a strategy, it is a consequence.

Encumbent players in any market NEVER disrupt the market they are in. They have too much to lose by leading the way to a new normal and insist on compromise as a core value. You have all seen this happen a million times, new products that threaten the status quo are nipped and tucked in ways that take everything potentially special away from them. There is a civility in these efforts that precludes them from breaking out… they may be successful but they won’t be disruptive. Transformation is not disruption.

You want disruption in your business? Hire the right fucking people! Search out combative, difficult, and argumentative people who care in a very personal way about the vision and purpose of the effort. Teams are messy because people themselves are messy, don’t risk a mediocre outcome by hiring people who excuse mediocrity and have toned down their passion in order to fit in. Hire people who won’t compromise.

Not compromising is not the same as not changing your answer. Wendy Lea once gave me an unintended compliment that I cherish to this day when she said “you are so damn stubborn… (and after awkward moment of silence) but I’ve seen you change your mind on big things.” Of course, if you get new information that supports a better direction than you originally pursued, change your mind. There are no prizes for who is the purest and most dogmatic, therefore changing your position in support of the common purpose is not only practical, it’s being smart.

Here’s what I’m looking for in the people I want to hire:

  1. They take things personally: Success and failure isn’t a clinical, sterile outcome. It involves emotions and sense of caring that goes beyond a job.
  2. Relentlessly curious: Want to infuse new thinking and approaches in any effort? Seek out knowledge in the unlikely of places, talk to people who have already done it, and don’t be afraid to share the random.
  3. Direct and confrontational: Don’t mix words, say what you think and don’t waste anyone’s time by waiting. If something is borked, call it out! If something is working, shout it out and do more of it.
  4. Laugh at themselves: Humor is a powerful antitode for tension, even more so when it is directed at yourself. This ain’t bean ball and even though it’s a tough, high stakes business that asks a lot of people, we can still have fun doing it.
  5. All the usual stuff: Smart, experienced, hungry… yeah, all that, but the inescapable fact is that there are a lot fo smart, experienced, and hungry people. These three attibutes by themselves are no indicator of future success.


Fingerprint Technology is the Next Privacy Catastrophe

OPMNew fallout today from the gift that keeps on giving, the Office of Personnel Management (OPM) hack. The news reports on this have focused on the standard PII elements along with the salacious possibilities associated with the disclosure information that is collected for security clearance applications.


FingerprintAn angle that has not been widely covered is the initial disclosure that 1.1 million fingerprints were also hacked. Today it is being reported that OPM has increased that number to 5.6 million fingerprints.

The nearly universal response to suggestions that people could be at risk is that the fingerprints are encrypted. Fair point, they are.

According to OPM, “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” The office acknowledged, however, that future technologies could take advantage of this information.

The government also said salt and fat were bad, and healthcare costs would go down.

Coincidentally, the NSA put out an advisory last month on Suite B elliptic curve cryptography that is widely used in the government, and is suitable for general national security use. Unlike Suite A, Suite B is widely used and available as a public standard.

According to the NSA, Suite B cryptography is not capable of withstanding advances in quantum computing.

Until this new suite (to replace Suite B) is developed and products are available implementing the quantum resistant suite, we will rely on current algorithms. For those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.

Well, this is reassuring… but let’s get back to the issue of fingerprint biometrics. The problem goes to the very nature of the biometric attribute itself, it is literally something about you and it is immutable. When someone hacks your fingerprints they have them forever. Forever.

I do have a horse in this race, having recently joined a speech biometrics company. Active speech verification has vulnerabilities, clearly, but one advantage over competing biometric technologies. In the event of a data breach that gives hackers the voice model data, an organization can simply force a re-enrollment for the participants and the integrity of the system is maintained. It’s the equivalent of forcing a password reset for your voice.

No system is without some vulnerability, but a system that does not provide for a reset capability is one that I have serious reservations about. With Apple TouchID and the upcoming Android M release with fingerprint support, fingerprint technology is mainstreaming. We are entering a period where fingerprint biometric data volume will explode and become an attractive target for hackers.

We’re building a speech verification and authentication service for developers who want to build speech biometrics into their apps using simple and reliable APIs. Sign up for news and launch updates, as well as early access, at

The Uncontrolled Implosion at VW

volkswagen_logo_bleeding_by_greenbob1986VW has been embroiled in a massive controversy. Here is the summary:

  1. VW has been marketing “clean diesel” technology on the basis of being environmentally friendly while also being fun to drive.
  2. Independent testing done by West Virginia University revealed that VW diesel cars were not in fact clean when compared to competitors, and exceeded EPA regulations governing emissions.
  3. VW asserted that the tests were inaccurate and offered to perform voluntary recalls to address specific issues.
  4. The EPA threatened to withhold certification for 2016 models – meaning VW would not be able to sell them.
  5. The company then admitted that they had engineered a defeat device which detected when the vehicle was undergoing emissions testing. In normal driving, the required emissions equipment was turned off.

The EPA has threatened the company with $18b in fines, which won’t come to fruition. BP paid just a 1/3 of that for their massive environmental disaster in the Gulf. It is hard to see how VW would be subject to a fine that equates to $37,344 per vehicle affected.


The damage to the VW brand is incalculable right now, but I predict it will be a death blow to them in the U.S. market. Their problem is twofold, the first is that their market share here has been stuck in perpetual single digits across categories. With the U.S. being the most competitive car market globally, every point of share comes at great cost.

The second problem is that they are now on record admitting to a conspiracy to deceive regulators and consumers alike. They have been marketing a clean diesel product that they knew was not, and worse, had engineered components in the vehicles themselves to perpetuate that deception.

This scandal is spreading, fast. The company has already admitted that they know 11 million vehicles globally have this defeat mechanism installed. Countries are opening up their own investigations daily, the damage to the brand is no longer contained the U.S.

For the foreseeable future every news story about VW will be about a scandal, every car review, even in the bought off automotive media, will be compelled to append articles about VW cars, and current customers will have to navigate recalls and sarcastic comments about their choice of vehicle.

What reason does anyone have to buy a VW in light of these revelations? While not alone in the annals of recent car company scandals, the VW one is the most brazen in concept. Toyota and GM have both suffered scandals of incompetence with air bags and ignition switches respectfully, and in all fairness a lot of people died as a result of those failures, which is not the case with VW. Toyota and GM also have market leader positions while VW is a third tier player in the U.S. market, which doesn’t provide the company with much inertia to ride this out.

I think they are done. Call the moving company and buy your tickets back to Wolfsburg. At least they still have Audi and, thus far, they have not been implicated in this scandal.

Apple Shutters Hopstop

Hopstop was a revelation to me, a legitimate ah-ha moment. The light bulb brightly shining in front of me in the form of a smartphone.

We take for granted today that Google Maps can tell us how to get anywhere, and for a generation not familiar with paper maps, that was a pretty big deal. It wasn’t always like this and through the development phase of this technology it remained car-centric.

HT_hopstop_nt_130719_16x9_992I was going to NYC quite a bit in 2005 and finally decided to ditch the street for the subway, but the NYC subway system can be intimidating to those not accustomed to the numbering, schedules, and transfers. Hopstop helped me make the subway a regular part of my NYC experience and in the process showed me how apps welded to smartphones with implicit geolocation capabilities could be life altering.

Apple acquired Hopstop in 2013 and announced today that the service will shutdown next month.

Apple and Google are pitched in a heated battle for your eyeballs on their maps. We’ll see more services built into their respective mapping platforms, but I’m mixed in my opinion of whether more is better when it comes to maps. The usability of maps is very often a function of the degree to which they are de-crapified. Google Maps has crammed more stuff into the basic mapping functionality and the app hasn’t become more usable as a result when it comes to the singular purpose of getting me from point A-to-B.

I appreciate how much more it does for me, and continually find new ways to use it, but Google Maps has a lot of crap that clutters up the UI. Apple Maps will no doubt suffer a similar fate as Apple races to catch up to Google in the everything-and-the-kitchen-sink phase that maps are currently in.

Hopstop will forever be held in high regard for me. It achieved a rate accomplishment of doing something far better than any competing approach while also changing my life in a good way that reshaped my expectation of all that followed.


I was listening to a media overview of the Life On Mars Project. The short version is that 6 people, 3 men and 3 women, will spend 365 in a biosphere located on the slopes of the Mauna Loa volcano in Hawaii. They will be permitted to leave the dome but will be required to wear a space suit to simulate the conditions on Mars.

In an unfortunate naming twist, the acronym for the effort is HI-SEAS. I think they should have gone with a different acronym.

The project will study the effects of long-term isolation and co-habitation. The results of the 1-year study will be used in the planning of an actual manned mission to Mars. This is certainly interesting research and the kind of work that can’t be simulated given the complexity of the human condition.

I thought it was curious that the crew features 3 men and 3 women. Given the fact that this is a 1-year project in close quarter conditions, with no external human contact, it would appear that the organizers were anticipating the human needs beyond food, shelter, clothing.

This leads to a number of interesting questions about the consequences of limited human interactions and self-enforced rules of order. What if one crewmember commits a crime against another crewmember? In a 36-foot diameter dome do you quarantine that person? Each crewmember holds specific skills that are necessary for the ongoing support of the station, putting an individual in isolation would deprive the rest of the crew of essential support.

What if someone unexpectedly binges and eats all the chocolate? Seems like a small thing but human conflict is often the result of small things piling up over time.

What happens when someone dies? This being a research project, one can presume that there would be an intervention in the event of life-threatening illness, but in space that isn’t possible so what would happen? Would you shoot the body out of a port, say a few words and move on? How do you replace the essential skills that person held?

There are obvious questions about long-term co-habitation in a small space that this research will shed light on. Entertainment, fitness, conflict resolution, communication, and mental health are all obvious questions, but it would be fascinating to learn about all the not so obvious issues that the planners have on their list.

I hope NASA departs from the usual media strategy of sunshine and rainbows to describe their work. This is a rare opportunity to shed light on the complexity of the human condition in anticipation of actual long-term cohabitation in space. I am also left to wonder why the International Space Station is not being used for this research given that it is an actual installation in outer space designed to support long-term co-habitation.

More on this topic (What's this?)
Market Outlook
Inteliquent Lands a Big One
Read more on Hong KONG&CHINA Gas at Wikinvest

The Ashley Madison Data Dump

madisonThe hack itself is an old story; Ashley Madison was hacked and profile information stolen. What is new is that the group behind the hack, Impact Team, dumped all the data. It has now been made available by many legitimate folks who created searchable online services against the data.

As much as I could enjoy the schadenfreude in this story, I simply cannot. I’m compelled to point out that just because an email is in the database does not mean it is a legitimate account. Email is a notoriously weak verified identifier, and while many websites have a sign-up flow for email verification, many don’t do anything to purge unverified emails. My thesis is that even unverified emails harvested in the sign-up flow have value for marketing purposes and, therefore, remain in the company’s database.

My email,, has been used by far too many “jnolans” to count. Often signing up for mundane services like car buying sites, but also for things that would certainly make my wife ask questions, like and an unrelated service for making arrangements with dominatrixes for a variety of, well, services.

The amount of crap I get from websites I have never visited is simple extraordinary. My oldest son has a gmail address that is first name only and I purge over a thousand emails from his account each month, and he’s only used it a few times for sending schoolwork.

2013101108The Impact Team has shrewdly wrapped themselves in a veil of moral righteousness to conceal a criminal act. While they aren’t stoning adulterers in the town square – or beheading them in a stadium – they are stealing personal information and using that in a form of extortion.

I find the entire affair, no pun intended, reprehensible and while AshleyMadison is itself objectionable, they are also a victim (of stupidity first and foremost). Despite complete awareness of the risks to the company and their customers, they did not employ best practices to secure their data. In addition to that, they had a sign-up flow and password recovery process that made it exceptionally easy to determine whether or not an email was in their user database. The flawed password recovery feature allowed for an entirely different line of attack employing social engineering to hijack individual accounts.

I won’t shed any tears if they shut down, which they likely will because recovering now is all but impossible, but I won’t celebrate the fact that a group of hackers brought their demise. To do so would welcome a global online sharia law where only those services that pass a moral test can exist.

PS- yeah, I searched for my email in the database! Who wouldn’t?

Amazon Dash, the Device Web, and Speech Verification

I purchased an Amazon Dash button recently. It’s a clever product concept and an example of a headless device that will be a major theme in the emerging Internet of Things movement.

The Internet of Things represents a massive shift in how we will consume services. I would assert that we will reorganize the existing Internet around three functional Internets:

  • The Web: This is what we know today. Constantly evolving, the complexity of services delivered to HTTP endpoint will increase, and as more web consumption moves to mobile, the interoperability of smartphone apps with web services will be transparent.
  • The Dark/Deep Web: This web already exists, it is beyond the reach of search or obscured behind secure and untraceable browser and domain technologies. Most often associated with illegal activity, the Dark/Deep Web will evolve to meet the needs of security and privacy, as well as conduct criminal activities. The Deep internet, that which is not obscured behind technology, it is simply not discoverable via search.
  • The Device Web: The proliferation of connected devices will overwhelm the traditional namespace. The devices that connect to the Device Web will be, predominately, headless. Lacking displays and traditional input modes, these devices will have speech interfaces, simple activation modes, and be tethered to a smartphone via a dedicated app.

My interest in the Device Web is what led me to spring the $5 for a Dash button. A Tide Dash button, we like Tide so what could be better than a simple push button replenishment mode? As it turns out, quite a bit.

dash1The Dash arrived in a simple package and activating the button was a simple process. I pressed the button and held it until the blue light blinked rapidly. Simple enough, just like a Bluetooth device.

With the blue light blinking, I went to the Amazon app that was already installed on my phone and found the “device” menu in the account menu. It was not immediately apparent because I was expecting a dedicated app, but when in retrospect it makes perfect sense the way they built this into their mobile app. I probably should have read the one pager that came with the device first.

The process of configuring the button is two parts, first adding the button to the network and then attaching it to a product option to purchase. The first part is interesting, the Amazon app forces my phone to drop the WIFI connection and form a direct connection to the Dash button. At this point, the app prompts you to select the network to connect the Dash button to. Dash then stores the WIFI password in the device, or in their cloud; it wasn’t clear where the password is being stored.

I wasn’t particularly excited about Amazon having my WIFI password in their network. To me, this represents a new front in privacy strategy because having access to my WIFI network opens up a lot of possibilities for Amazon that I would not endorse.

With the button configured I then needed to attach my product options to the buy button. At this point, my enthusiasm for this device went to zero. The number of products eligible for the Dash button are limited, and our preferred Tide option was not available. I detached the button from my account and put it back in the package. It will be a conversation piece now rather than a method for procuring laundry detergent.

When my six-year-old son saw the Dash button, the first thing he did was press the button, repeatedly. Had it been configured, I would be getting a truckload of Tide. Amazon has designed around this with the purchasing workflow, giving you the opportunity to cancel a transaction before fulfillment, but the problem I have with this is that I have to do it. The button itself does not discriminate between those in my household authorized to buy Tide and those that are not.

The Dash buttons would be significantly improved with a voice verification technology that responds only to an authorized and enrolled user. This authentication could be enabled with a fingerprint sensor but with current technology the cost of the sensor is an obstacle while adding a mic is trivial. Taking this to the next level, redesign the button to remove the button itself to enable Dash with a trigger phrase and voice verification to authenticate a transaction.

I love where Amazon is going with this, pushing the buying transaction out to the natural endpoint. I can envision this being evolved and improved with new technologies and improved backend integration, but I can also see this package being integrated into appliances. Not everyone wants to purchase exclusively through Amazon, so much like smart TVs now come preloaded with multiple streaming services, appliance makers could embed multiple retail options for the consumer.

Crisis Management for Lion Killers

The story of the Dr. “Lion Slayer” Palmer is all over the internet and people are outraged, for good reason. His dental practice is in limbo and he is in hiding after receiving death threats. Well done Internet… you have already surpassed the attention span of a #hashtag with this one.

I am conflicted on this story for many reasons. Big game hunting is deplorable, and there is no justification for it with licenses sold to the ultra-wealthy who are partaking in the experience for the sport of it. If the goal is herd management, have trained naturalists do the killing in a clinical manner and take advantage of the carcasses for research instead of skinning it and mounting the head as a trophy.

Here’s where my conflict hits a high pitch, the outrage that is being expressed by this story is disproportionate to the actual harm. In no small measure, this is due to the victim is an animal, a majestic animal rather than a deer or furry ground squirrel. African lions are threatened, not endangered, and the bulk of them live in a cluster of habitats like the one the one that was killed. Habitat destruction is a bigger threat to lions than hunting.

syrian atrocitiesHow do we square the universal outrage expressed about the killing of a lion with the antipathy to 200,000 people killed in Syria, including women and children gassed to death by the Assad regime? What about the near 8 million Syrians who have been forced to abandon their homes because of this civil war? Where can I post a satirical comment on Bashar al-Assad’s Yelp page?

The Internet is a marvelous creation that engages and connects people throughout the world. However, the unintended consequence of social media activism is that it is often a substitute for actual activism but with far less impressive results. We live in a world of #hashtags that create a false sense of engagement and deludes people into believing they made a difference. The half-life of a hashtag is hours; it is nothing more than an expression of vanity to attach your online personality to a cause… and then move on.

Where is the outrage about African countries selling the rights to kill these animals to the highest bidder? That, to me, is missing in focus here.

Here’s what I recommend that the Lion Slayer do to rehabilitate his image:

  1. Ride it out: We hit the crescendo of public outrage yesterday and by the end of the week the majority of people will have moved on. Making statements now does nothing to quell the firestorm and based on what he has already released, more damage is being done.
  2. Ignore the Zimbabwe authorities: This is a country run by a notorious thug, Robert Mugabe, who has ruined the economy and perpetuated many human rights abuses over his 33 year dictatorship. The U.S. ignores him, so should Palmer.
  3. Rebrand the clinic: River Bluff Dental is cooked, time to start over. He will have to actively manage the social media and review sites for NewCo. so plan on hiring a firm to do that over a protracted period of time.
  4. Focus on the local community: A dental practice is inherently local, it doesn’t matter what “Kim T. from San Gabriel, CA” thinks. Palmer needs to reach out to his local community and focus on the collective values of the practice, the people who rely on it for jobs, and the many people who have been served (apparently he is an accomplished dentist).
  5. Give up big game hunting: As already stated, it’s just immoral so give it up. Hunting is a big part of life in Minnesota so his local community will not object to hunting for local game. If he wants to go to Africa, take a camera instead of a bow.
  6. Take up animal conservation: His crime was in killing a majestic animal, the penance for that is supporting the preservation of majestic animals. I would recommend a strategy of donating a fixed percentage of revenue from the clinic to vetted causes, and being transparent about it.

If Michael Vick can rehabilitate his image after going to prison for dog fighting, I think Palmer has a good shot, no pun intended.

Tough Doesn’t Quit, Except at Breakfast

I was at a dinner on Sunday night and seated next to me was retired Admiral Eric Olson, who had a long and distinguished military career. He retired from the Navy in 2011 as the commander of the U.S. Special Operations Command. Interesting man, to say the least, but also incredibly gracious and unassuming.

I asked him what qualities he could identify that would be indicators of success as s Navy SEAL. His response was predictable in some ways, unexpected in others. Above all, he said, the SEALs look for problem-solving, intelligence and mental toughness in candidates. I expected to hear this, and he added that chess and water polo players seem particularly well suited for special operations, which certainly fits the profile.

seals-toughnessWhat he added, which was unexpected, is that they study the well-documented attrition rate during training. Within each cohort, they looked at the time of day that candidates would quit and found that the majority of drop-outs quit at breakfast and lunch. In other words, they didn’t quit during the grueling training exercises but in anticipation of them.

It makes a lot of sense in retrospect because this training program is designed to instill the commitment of team and capacity of the human body to go far beyond believed physical limits. Giving up occurs not in the moment of exertion where your team is counting on you but in the comfort of being alone and anticipating the grueling assignment.

Draw your own analogies to everyday life.

More on this topic (What's this?)
Is This The Beginning Of A Larger Equity Market Correction?
I'm Rich: Nigerian prince out, Hosni Mubarak in!
TierPoint Acquires Xand, Doubles Footprint
Jen Psaki Video: It's amateur hour at the US State Department!
Read more on Lingui Development, Admiral at Wikinvest

Corporate Activism: The Uber Edition

New York City Mayor Bill de Blasio really stepped in it by picking a fight with Uber. Acting as the puppet for the powerful taxi medallion owners in NYC, who despise Uber, the mayor proposed capping the addition of new Uber cars to 1%. Given the customer growth that Uber has been experiencing in NYC, a 1% increase in drivers would kneecap the company.

Uber fought back, which seemed to catch both City Hall and the yellow cab cartel off guard. Anyone who has watched Uber grow will tell you the company redefines the term being aggressive.

Making critical arguments that they were creating jobs, customers are being served that are neglected by taxi cabs, and the congestion claims didn’t match the numbers. Indeed, the congestion argument that De Blasio relied on was particularly curious because it is now clear that is based on anecdote.

In addition to a wave of advertising and protests by the very people who rely on Uber to earn income, Uber enlisted allies across the political spectrum. However, it was the use of the application as a tool for activating customers that is particularly brilliant. The de Blasio mode that rolled out provided every Uber customer in NYC with a picture of what service would look like if de Blasio successfully capped growth.


What is different about Uber fighting City Hall versus WalMart or an energy company, is that Uber has user experience on their side. This is where De Blasio fatally erred in taking on Uber. He attempted to use worn our arguments about safety and employee rights to define Uber as a threat to the public welfare when anyone who has ridden in a yellow cab – anywhere – will tell you it is quite the opposite. The data didn’t back up De Blasio’s claim, on the surface or at that level that we just intuitively know.

de Blasio backed down and his allies are attempting to spin a victory out of this defeat. Highlighting the fact that Uber agreed to “restrain” growth to their current level (it’s hard to imagine Uber juicing growth in NYC at this point) and sharing data for the traffic study. Make no mistake about this, it was a defeat for De Blasio and only further weakens him in the eyes of New Yorkers who are already fed up with him.

This loss comes on the heels of a humiliating showing in Albany. Mayor de Blasio sought permanent control of the city school system; instead he got a 1-year extension on the current oversight agreement. He bitterly opposes charter schools, doing the bidding for the teacher’s union, which bitterly opposes charter schools, and instead of reducing their numbers he was handed 50 more. He wanted pro-tenant changes to the rent control laws, he got nothing but a 4-year extension on the status quo. He wanted changes to the 421 real estate law, for which he got bupkis. His showing within NYC politics shows much of the same. He opposed hiring more police officers, and Bratton got 1,300 new officers pushed through.

And now he just lost to Uber.

In the end, it is customers that win. For years, the taxi industry has one constituent, regulators. The regulators derived their power from the fact that there was an organized industry to regulate and did little to improve customer experience and affordability. The money generated by taxes was spread around to mass transit projects and used to enrichen organized labor, who like the taxi industry had little incentive to improve customer experience. Just ride on San Francisco’s MUNI system, a textbook example for why a municipality should not be entrusted with public transportation.

Uber and Lyft came along and demonstrated that superior customer experience wins every time. It’s not just the taxi industry that sees this threat, cities with crowded and inefficient transit systems are watching their ridership shift to ride services and as companies introduce car-pooling services the trend will accelerate. Preparing for a long battle ahead, it is obvious that Uber and their counterparts are prepared to wage a direct and aggressive battle on behalf of their interests, and because their interests align with consumers I am okay with that.