Tom Bartel – a long time colleague going back to the early days of Email Publishing in the mid-1990s and a hardcore privacy advocate currently working at Return Path – mentioned a powerpoint presentation by Simson Garfinkel titled Remembrance of Data Passed: Used Disk Drives and Computer Forensics. While I don’t know Simson, we were both in the same year at MIT (87) and I remember him as the guy that always had articles and photos in a variety of MIT-related publications and I’m reminded of it every time I see an article by him in Technology Review.
If you care about data security and privacy, it’s worth downloading the powerpoint and scanning through it. Simson bought 235 used hard drives between 11/2000 and 1/2003 from eBay, computer stores, and swap meets. He set up a technical infrastructure to mount the drives, image them (using FreeBSD), store the images on a RAID server, store the metadata in a MySQL database, and then mine the data.
Not surprisingly, he found a huge amount of data, including confidential information such as medical records, HR correspondence, and financial data. For example, Drive #134 was from an ATM in a Chicago bank. It contained one year’s worth of transactions, including over 3,000 card numbers. In this case, the bank had apparently hired a contractor to upgrade the ATM machines – the contractor hired a sub-contractor. The bank and contractor assumed the disks would be properly sanitized, but there were no procedures specified in the contract. As a result, the drives weren’t sanitized correctly and the data was still on them for Simson to play around with.
In addition to explaining the problem and substantiating it with real data, Simson makes a number of suggestions for how to address the issue. Two of his more severe (but logical) suggestions for cleaning all the data off of used drives are (a) to degauss them with a Type 1 or Type II degausser or (b) destroy, disintegrate, incinerate, pulverize, shred, or melt the drive. Simson’s ultimate prognosis is that “drive slagging is a fool-proof method to prevent data recovery.” Just be careful not to light your house (or office) on fire.
Simson logically ponders this issue, especially in our current Patriot Act governed world. For less than $1,000 and working part time, he was able to collect thousands of credit cards, detailed financial records on hundreds of people, and confidential corporate files. He concludes by asking – “who else is doing this?”
I’m playing around with ads in my feeds. I’ve enabled the Feedburner feature to insert Amazon ads in my book feeds and Overture “context based” ads in several (but not all) of my other feeds. The ads should appear at the bottom of the feed so they should be easy to ignore if you aren’t interested in them.
I’m looking for both feedback (a) on relevance and (b) unobtrusiveness.
Jeff Nolan beat me to it with his “Attn PeopleSoft Employees” post, but he’s right on the mark. Given Oracle’s announcement that they are laying off 5,000 people today, a lot of experienced IT folks will be hitting the streets in the next few weeks. Like SAP Ventures, we’ve got a number of enterprise software companies that would love to talk to experienced sales, marketing, and engineering ex-PeopleSoft folks.
Email me if you are ex-PeopleSoft and are looking for a new gig and I’ll hook you up with some of our relevant companies.
I can’t claim credit for this one – it was the header of an invite I just got to an upcoming ThinkEquity Software Research and Banking Team’s lunch. Their suggestions are:
- Join the gym
- Buy my competition
- Shift to “On-Demand” model
- Re-architect my product
- Leverage more open source
- Outsource development – India? China?
- Figure out that Sarbanes-Oxley thing
- Discover the next “Killer App”
I’m definitely up for join the gym.
If you are a Firefox user, the About This Site Firefox Extension by Gina Trapani is worth checking out. With one click, you can get the following info for the site you are visiting (if you are into history, the Wayback Machine archive is “way cool.”)
In the pet peeves category, I’ve seen Siebel misspelled several times already – by reputable, smart people (some with editors, some without) since the new year started. Guys and gals – i before e except after c for Siebel.
NewsGator just released a production version of their Movable Type posting plug-in. It joins a bunch of other posting plug-ins including TypePad and Blogger. With this, you can post directly to your blog from within Outlook using all the normal Outlook editing features such as bold, italics, and colors.
Lists are easy also:
- Just like sending emails.
- Formatting is automatic.
- Bullets are pretty.
Using the plug-in, posting is as simple as sending an email, which is especially convenient if you live in Outlook like I do.
Adam Bosworth – one of the dudes behind a bunch of software products (including Borland Quattro, Microsoft Access, Microsoft Internet Explorer and BEA WebLogic application server), gave a brilliant speech at ICSOC04 which he posted on his weblog. He espouses his idea of KISS as it pertains to the Internet (and modifies it to “keep it simple and sloppy.”) It’s a must read for any exec of a software company.
I’ve been having this weird conversation lately. Last week, it happened again when I was being interviewed for an article titled Betting on Tools that Power Blogs in Businessweek Online.
During the interview, the writer asked something like “so, why are you investing in this blogging thing where no one knows what the business model is yet.” My pithy reply, among others, was “Anybody in the industry who says people haven’t figured out how to make money on blogging is [are] being ridiculous.” After I hung up the phone, I went and banged my head against the wall a few times, fortunately missing the nail that was sticking out of a stud.
We’ve made three investments in RSS/blog related companies: NewsGator, Technorati, and MessageCast. NewsGator sells software. Technorati is a search engine. MessageCast is a next generation ESP (an email service provider, but for multiple channels such as Instant Messaging.) Another high profile blog investment that we aren’t a part of is Six Apart which – voila – sells software – either on a stand-alone license or a hosted basis. Oh – and they are starting to help bloggers monetize their traffic with paid ads.
Please tell me these are well understood business models. I mean, there are at least 10 (or is it 10,000) software companies in America at this point, even with Oracle’s best efforts to force consolidation. And search – well – even Microsoft is working on a search business. Last time I checked, there were even a number of on-demand (or hosted, or whatever you want to call them software businesses.)
As a VC who does a lot of software deals, I seem go through this every time there’s a new technology standard (or protocol) that catches fire. In the early 1990’s, SMTP enabled a raft of companies that built businesses around all aspects of Internet-based email. Shortly thereafter, HTTP enabled – well – an entire industry. SMTP and HTTP are really simple protocols (and – when they were first created – had a slow initial commercial adoptions that suddently went non-linear and became pervasive.) We are seeing exactly the same thing with RSS – and blogging is simply the first broad-based instantiation.
I’ve looked at a lot of RSS/blog related startups in the past 12 months. They bifurcate into two categories – those with a well-defined, easily understandible business model and those without. The vast majority – with a little effort – can fall into the first category. Now – like with everything – a bunch of the ideas are either stupid, small, or disorganized. But – once you filter these out – you are faced with traditional businesses based on a new emerging protocol. The good news – and the bad news – is we know how the game will play out – so with RSS it’ll just happen faster than with SMTP and HTTP. I expect the victors will be the early birds that have a combination of conviction, compentence, and agility.
Those that come up with “new business models” – please don’t call me.
I sat through about 20 PowerPoint presentations yesterday (feel free to snicker now.)
As I was sitting in the audience, I noticed one thing that kept annoying me. A number of the presentations said Copyright “SOMETHING_OTHER_THAN_2004” in the footer. I’ve noticed this a lot recently, as footers seems to have “Copyright 2002”, “Copyright 11/02” or simply “4/12/03”. You’d think that PowerPoint would have an autocorrect rule for “Copyright.”
I know this borders on “nerd pet peeves”, but there you have it. There’s only one correct way to copyright something – it’s “© YEAR Company_Name.” If the presentation contains multiple years of work, then you should include both the first year of copyrightable material to current day (e.g. © 2002-2004 Company_Name).
Consider my pet peeve vent satisfied.