Security decisions are often made for non-security reasons

From Bruce Schneier’s Crypto-Gram of 15 July 2004:

There was a single guard watching the X-ray machine’s monitor, and a line of people putting their bags onto the machine. The people themselves weren’t searched at all. Even worse, no guard was watching the people. So when I walked with everyone else in line and just didn’t put my bag onto the machine, no one noticed.

It was all good fun, and I very much enjoyed describing this to FinCorp’s VP of Corporate Security. He explained to me that he got a $5 million rate reduction from his insurance company by installing that X-ray machine and having some dogs sniff around the building a couple of times a week.

I thought the building’s security was a waste of money. It was actually a source of corporate profit.

The point of this story is one that I’ve made in ‘Beyond Fear’ and many other places: security decisions are often made for non-security reasons.

Clay Shirky on the changes to publishing & media

From Parul Sehgal’s “Here Comes Clay Shirky” (Publisher’s Weekly: 21 June 2010):

PW: In April of this year, Wired‘s Kevin Kelly turned a Shirky quote—“Institutions will try to preserve the problem to which they are the solution”—into “the Shirky Principle,” in deference to the simple, yet powerful observation. … Kelly explained, “The Shirky Principle declares that complex solutions, like a company, or an industry, can become so dedicated to the problem they are the solution to, that often they inadvertently perpetuate the problem.”

CS: It is possible to think that the Internet will be a net positive for society while admitting that there are significant downsides—after all, it’s not a revolution if nobody loses.

No one will ever wonder, is there anything amusing for me on the Internet? That is a solved problem. What we should really care about are [the Internet’s] cultural uses.

In Here Comes Everybody I told the story of the Abbot of Sponheim who in 1492 wrote a book saying that if this printing press thing is allowed to expand, what will the scribes do for a living? But it was more important that Europe be literate than for scribes to have a job.

In a world where a book had to be a physical object, charging money was a way to cause more copies to come into circulation. In the digital world, charging money for something is a way to produce fewer copies. There is no way to preserve the status quo and not abandon that value.

Some of it’s the brilliant Upton Sinclair observation: “It’s hard to make a man understand something if his livelihood depends on him not understanding it.” From the laying on of hands of [Italian printer] Aldus Manutius on down, publishing has always been this way. This is a medium where a change to glue-based paperback binding constituted a revolution.

PW: When do you think a similar realization will come to book publishing?

CS: I think someone will make the imprint that bypasses the traditional distribution networks. Right now the big bottleneck is the head buyer at Barnes & Noble. That’s the seawall holding back the flood in publishing. Someone’s going to say, “I can do a business book or a vampire book or a romance novel, whatever, that might sell 60% of the units it would sell if I had full distribution and a multimillion dollar marketing campaign—but I can do it for 1% percent of the cost.” It has already happened a couple of times with specialty books. The moment of tip happens when enough things get joined up to create their own feedback loop, and the feedback loop in publishing changes when someone at Barnes & Noble says: “We can’t afford not to stock this particular book or series from an independent publisher.” It could be on Lulu, or iUniverse, whatever. And, I feel pretty confident saying it’s going to happen in the next five years.

These are their brilliant plans to save magazines?

From Jeremy W. Peters’ “In Magazine World, a New Crop of Chiefs” (The New York Times: 28 November 2010):

“This is the changing of the guard from an older school to a newer school,” said Justin B. Smith, president of the Atlantic Media Company. The changes, he added, were part of an inevitable evolution in publishing that was perhaps long overdue. “It is quite remarkable that it took until 2010, 15 years after the arrival of the Internet, for a new generation of leaders to emerge.”

At Time, the world’s largest magazine publisher, Mr. Griffin said he wanted to reintroduce the concept of “charging a fair price, and charging consumers who are interested in the product.” In other words, consumers can expect to pay more. “We spent a tremendous amount of money creating original content, original journalism, fact-checking, sending reporters overseas to cover wars,” he said. “You name it. What we’ve got to do as a business is get fair value for that.” Supplementing that approach, Mr. Griffin said, will be new partnerships within Time Warner, Time Inc.’s parent company, that allow magazines to take advantage of the vast film and visual resources at their disposal. One such partnership in the planning stages, he said, is a deal between a major cosmetics company and InStyle to broadcast from the red carpets of big Hollywood events like the Academy Awards and the Screen Actors Guild Awards.

But one thing Mr. Harty said the company was examining: expanding its licensed products. The company already pulls in more than a billion dollars a year selling products with a Better Homes and Gardens license at Wal-Mart stores. It is now planning to sell plants and bulbs with the magazine’s imprimatur directly to consumers. “We have relationships with all these consumers,” Mr. Harty said. “How can we figure out how to sell them goods and services? We believe that’s a key.”

Hanoi’s last blacksmith

From Seth Mydans’s “A Lone Blacksmith, Where Hammers Rang” (The New York Times: 25 November 2010):

HANOI, Vietnam — He is the last blacksmith on Blacksmith Street, dark with soot, his arms dappled with burns, sweating and hammering at his little roadside forge as a new world courses past him.

The son and grandson of blacksmiths, Nguyen Phuong Hung grew up when the street still rang with the sounds of the smithies, producing farm equipment, horseshoes and hand tools, before modern commerce and industrial production made them obsolete. “I still remember, when it was raining lightly, the streets were empty and that was all you could hear was the sounds of the hammers,” said Mr. Hung, 49.

The men who worked there left for lighter, better-paying work, and because the word was out that no modern woman would marry a blacksmith, Mr. Hung said. There may be other blacksmiths working in Vietnam, he said, but not here in the capital.

“Once I am gone the street will have no meaning anymore,” he said. “Blacksmith Street will be only a name.” That has been the fate of almost all the 36 narrow streets in Hanoi’s tree-shaded Ancient Quarter, each of them named for the guilds that once controlled them — Fan Street, China Bowl Street, Sweet Potato Street, Conical Hat Street.

There is nothing like this little corner of the urban past anywhere else in Vietnam. Only four of the streets have retained something of their original businesses, said Nguyen Vinh Phuc, a leading historian of Hanoi. There are still jewelry shops on Silver Street, sweets and pastries on Sugar Street, votive papers and toys on Votive Paper Street and pots and pans on Tin Street.

Traders have done business on this spot since the ninth century, Mr. Phuc said. The 36 guilds established themselves at the start of the 19th century.

Blacksmith Street got its name at the beginning of the 19th century, Mr. Phuc said, when French colonial administrators sent out a call for metal workers to help build the Long Bien bridge over the Red River. It was designed by the French architect Gustave Eiffel and became a target of American bombing raids during the Vietnam War.

Mr. Hung’s family has been here from the start, and like his father and grandfather he was called to help out around the forge when he was just a boy, as young as 6. But he rebelled and left for jobs as a driver and factory worker until, when he was 35, his father called him back. “My father told me this is the family trade and I’m the only one left to do it,” Mr. Hung said. “He said, ‘Just watch me work and you’ll learn what to do.’”

Mr. Hung discovered that he loved the work, and that it was his destiny to be a blacksmith. He remembered his father’s words: “When the iron glows red, you earn your money. That is your life.”

Mr. Hung has set up a little tea table on the sidewalk, refilling a thermos from a huge iron kettle that swings gently above the hot coals. A giant bamboo pipe leans against the table, and passersby are welcome to stop for a lungful of strong tobacco.

Mr. Hung hammers with the confidence of a master, bare-handed as he works because he says gloves would dull his touch. Wearing a pair of plastic sandals, he ignores the sparks that sting his feet and pepper his shirt with holes. Flames and smoke gush from the hot metal as he tempers it in a bucket of oil. By the end of the day, his arms and face are black with soot.

The widespread corruption at the heart of Greek culture

From Michael Lewis’s “Beware of Greeks Bearing Bonds” (Vanity Fair: 1 October 2010):

In just the past decade the wage bill of the Greek public sector has doubled, in real terms—and that number doesn’t take into account the bribes collected by public officials. The average government job pays almost three times the average private-sector job. The national railroad has annual revenues of 100 million euros against an annual wage bill of 400 million, plus 300 million euros in other expenses. The average state railroad employee earns 65,000 euros a year. Twenty years ago a successful businessman turned minister of finance named Stefanos Manos pointed out that it would be cheaper to put all Greece’s rail passengers into taxicabs: it’s still true. “We have a railroad company which is bankrupt beyond comprehension,” Manos put it to me. “And yet there isn’t a single private company in Greece with that kind of average pay.” The Greek public-school system is the site of breathtaking inefficiency: one of the lowest-ranked systems in Europe, it nonetheless employs four times as many teachers per pupil as the highest-ranked, Finland’s. Greeks who send their children to public schools simply assume that they will need to hire private tutors to make sure they actually learn something. There are three government-owned defense companies: together they have billions of euros in debts, and mounting losses. The retirement age for Greek jobs classified as “arduous” is as early as 55 for men and 50 for women. As this is also the moment when the state begins to shovel out generous pensions, more than 600 Greek professions somehow managed to get themselves classified as arduous: hairdressers, radio announcers, waiters, musicians, and on and on and on. The Greek public health-care system spends far more on supplies than the European average—and it is not uncommon, several Greeks tell me, to see nurses and doctors leaving the job with their arms filled with paper towels and diapers and whatever else they can plunder from the supply closets.

A handful of the tax collectors, however, were outraged by the systematic corruption of their business; it further emerged that two of them were willing to meet with me. The problem was that, for reasons neither wished to discuss, they couldn’t stand the sight of each other. This, I’d be told many times by other Greeks, was very Greek.

Tax Collector No. 1—early 60s, business suit, tightly wound but not obviously nervous—arrived with a notebook filled with ideas for fixing the Greek tax-collection agency. He just took it for granted that I knew that the only Greeks who paid their taxes were the ones who could not avoid doing so—the salaried employees of corporations, who had their taxes withheld from their paychecks. The vast economy of self-employed workers—everyone from doctors to the guys who ran the kiosks that sold the International Herald Tribune—cheated (one big reason why Greece has the highest percentage of self-employed workers of any European country). “It’s become a cultural trait,” he said. “The Greek people never learned to pay their taxes. And they never did because no one is punished. No one has ever been punished. It’s a cavalier offense—like a gentleman not opening a door for a lady.”

The scale of Greek tax cheating was at least as incredible as its scope: an estimated two-thirds of Greek doctors reported incomes under 12,000 euros a year—which meant, because incomes below that amount weren’t taxable, that even plastic surgeons making millions a year paid no tax at all. The problem wasn’t the law—there was a law on the books that made it a jailable offense to cheat the government out of more than 150,000 euros—but its enforcement. “If the law was enforced,” the tax collector said, “every doctor in Greece would be in jail.” I laughed, and he gave me a stare. “I am completely serious.” One reason no one is ever prosecuted—apart from the fact that prosecution would seem arbitrary, as everyone is doing it—is that the Greek courts take up to 15 years to resolve tax cases. “The one who does not want to pay, and who gets caught, just goes to court,” he says. Somewhere between 30 and 40 percent of the activity in the Greek economy that might be subject to the income tax goes officially unrecorded, he says, compared with an average of about 18 percent in the rest of Europe.

The easiest way to cheat on one’s taxes was to insist on being paid in cash, and fail to provide a receipt for services. The easiest way to launder cash was to buy real estate. Conveniently for the black market—and alone among European countries—Greece has no working national land registry. “You have to know where the guy bought the land—the address—to trace it back to him,” says the collector. “And even then it’s all handwritten and hard to decipher.”

On he went, describing a system that was, in its way, a thing of beauty. It mimicked the tax-collecting systems of an advanced economy—and employed a huge number of tax collectors—while it was in fact rigged to enable an entire society to cheat on their taxes.

Tax Collector No. 2—casual in manner and dress, beer-drinking, but terrified that others might discover he had spoken to me—also arrived with a binder full of papers, only his was stuffed with real-world examples not of Greek people but Greek companies that had cheated on their taxes. He then started to rattle off examples (“only the ones I personally witnessed”). The first was an Athenian construction company that had built seven giant apartment buildings and sold off nearly 1,000 condominiums in the heart of the city. Its corporate tax bill honestly computed came to 15 million euros, but the company had paid nothing at all. Zero. To evade taxes it had done several things. First, it never declared itself a corporation; second, it employed one of the dozens of companies that do nothing but create fraudulent receipts for expenses never incurred and then, when the tax collector stumbled upon the situation, offered him a bribe. The tax collector blew the whistle and referred the case to his bosses—whereupon he found himself being tailed by a private investigator, and his phones tapped. In the end the case was resolved, with the construction company paying 2,000 euros. “After that I was taken off all tax investigations,” said the tax collector, “because I was good at it.”

The Greek state was not just corrupt but also corrupting. Once you saw how it worked you could understand a phenomenon which otherwise made no sense at all: the difficulty Greek people have saying a kind word about one another. Individual Greeks are delightful: funny, warm, smart, and good company. I left two dozen interviews saying to myself, “What great people!” They do not share the sentiment about one another: the hardest thing to do in Greece is to get one Greek to compliment another behind his back. No success of any kind is regarded without suspicion. Everyone is pretty sure everyone is cheating on his taxes, or bribing politicians, or taking bribes, or lying about the value of his real estate. And this total absence of faith in one another is self-reinforcing. The epidemic of lying and cheating and stealing makes any sort of civic life impossible; the collapse of civic life only encourages more lying, cheating, and stealing. Lacking faith in one another, they fall back on themselves and their families.

The structure of the Greek economy is collectivist, but the country, in spirit, is the opposite of a collective. Its real structure is every man for himself. Into this system investors had poured hundreds of billions of dollars. And the credit boom had pushed the country over the edge, into total moral collapse.

The Vatopaidi monastery, along with 19 others, was built in the 10th century on a 37-mile-long-by-6-mile-wide peninsula in northeast Greece, called Mount Athos. Mount Athos now is severed from the mainland by a long fence, and so the only way onto it is by boat, which gives the peninsula the flavor of an island. And on this island no women are allowed—no female animals of any kind, in fact, except for cats. The official history ascribes the ban to the desire of the church to honor the Virgin; the unofficial one to the problem of monks hitting on female visitors. The ban has stood for 1,000 years.

The ferry chugs for three hours along a rocky, wooded, but otherwise barren coastline, stopping along the way to drop monks and pilgrims and guest workers at other monasteries. The sight of the first one just takes my breath away. It’s not a building but a spectacle: it’s as if someone had taken Assisi or Todi or one of the other old central-Italian hill towns and plopped it down on the beach, in the middle of nowhere. Unless you know what to expect on Mount Athos—it has been regarded by the Eastern Orthodox Church for more than a millennium as the holiest place on earth, and it enjoyed for much of that time a symbiotic relationship with Byzantine emperors—these places come as a shock. There’s nothing modest about them; they are grand and complicated and ornate and obviously in some sort of competition with one another. In the old days, pirates routinely plundered them, and you can see why: it would be almost shameful not to, for a pirate.

Otherwise the experience was sensational, to be recommended to anyone looking for a taste of 10th-century life. Beneath titanic polished golden chandeliers, and surrounded by freshly cleaned icons, the monks sang; the monks chanted; the monks vanished behind screens to utter strange incantations; the monks shook what sounded like sleigh bells; the monks floated by waving thuribles, leaving in their wake smoke and the ancient odor of incense. Every word that was said and sung and chanted was Biblical Greek (it seemed to have something to do with Jesus Christ), but I nodded right along anyway. I stood when they stood, and sat when they sat: up and down we went like pogos, for hours. The effect of the whole thing was heightened by the monks’ magnificently wild beards. Even when left to nature, beards do not all grow in the same way. There are types: the hopelessly porous mass of fuzz; the Osama bin Laden/Assyrian-king trowel; the Karl Marx bird’s nest. A surprising number of the monks resembled the Most Interesting Man in the World from the Dos Equis commercial. (“His beard alone has experienced more than a lesser man’s entire body.”)

For most of the 1980s and 1990s, Greek interest rates had run a full 10 percent higher than German ones, as Greeks were regarded as far less likely to repay a loan. There was no consumer credit in Greece: Greeks didn’t have credit cards. Greeks didn’t usually have mortgage loans either.

But this question of whether Greece will repay its debts is really a question of whether Greece will change its culture, and that will happen only if Greeks want to change. I am told 50 times if I am told once that what Greeks care about is “justice” and what really boils the Greek blood is the feeling of unfairness. Obviously this distinguishes them from no human being on the planet, and ignores what’s interesting: exactly what a Greek finds unfair. It’s clearly not the corruption of their political system. It’s not cheating on their taxes, or taking small bribes in their service to the state. No: what bothers them is when some outside party—someone clearly different from themselves, with motives apart from narrow and easily understood self-interest—comes in and exploits the corruption of their system.

Philip Larkin on achieving happiness

From Robert Phillips’s interview of Philip Larkin in “The Art of Poetry No. 30” (The Paris Review: Summer 1982, No. 84):

INTERVIEWER Do you feel happiness is unlikely in this world?

LARKIN Well, I think if you’re in good health, and have enough money, and nothing is bothering you in the foreseeable future, that’s as much as you can hope for. But “happiness,” in the sense of a continuous emotional orgasm, no. If only because you know that you are going to die, and the people you love are going to die.

Tom Stoppard on the advantages of being famous

From Shusha Guppy’s interview of Tom Stoppard in “The Art of Theater No. 7” (The Paris Review: Winter 1988, No. 109):

INTERVIEWER Now that you are [famous], do you still feel excited by it, or do you think it isn’t that important?

STOPPARD Oh, I like it. The advantages are psychological, social, and material. The first because I don’t have to worry about who I am—I am the man who has written these plays. The social advantages appeal to half of me because there are two of me: the recluse and the fan. And the fan in me is still thrilled to meet people I admire. As for the material side, I like having some money. The best way to gauge wealth is to consider the amount of money that you can spend thoughtlessly—a casual purchase which simply doesn’t register. The really rich can do it in Cartier’s; I’m quite happy if I can do it in a good bookshop or a good restaurant.

John Steinbeck on finishing a book

From Nathaniel Benchley’s interview of John Steinbeck in “The Art of Fiction No. 45” (The Paris Review: Fall 1969, No. 48):

I truly do not care about a book once it is finished. Any money or fame that results has no connection in my feeling with the book. The book dies a real death for me when I write the last word. I have a little sorrow and then go on to a new book which is alive. The rows of my books on the shelf are to me like very well embalmed corpses. They are neither alive nor mine. I have no sorrow for them because I have forgotten them…

John Steinbeck on how Europe & America view poverty

From Nathaniel Benchley’s interview of John Steinbeck in “The Art of Fiction No. 45” (The Paris Review: Fall 1969, No. 48):

I wonder whether you will remember one last piece of advice you gave me. It was during the exuberance of the rich and frantic twenties and I was going out into that world to try to be a writer.

You said, “It’s going to take a long time, and you haven’t any money. Maybe it would be better if you could go to Europe.”

“Why?” I asked.

“Because in Europe poverty is a misfortune, but in America it is shameful.”

Dan Ariely on irrational decision making

From Dan Ariely’s “Dan Ariely asks, Are we in control of our own decisions?” (TED: 24 June 2009):

I’ll give you a couple of more examples on irrational decision making. Imagine I give you a choice. Do you want to go for a weekend to Rome? All expenses paid, hotel, transportation, food, breakfast, a continental breakfast, everything. Or a weekend in Paris? Now, a weekend in Paris, a weekend in Rome, these are different things. They have different food, different culture, different art. Now imagine I added a choice to the set that nobody wanted. Imagine I said, “A weekend in Rome, a weekend in Paris, or having your car stolen?” It’s a funny idea. Because why would having your car stolen, in this set, influence anything? But what if the option to have your car stolen was not exactly like this. What if it was a trip to Rome, all expenses paid, transportation, breakfast. But doesn’t include coffee in the morning. If you want coffee you have to pay for it yourself. It’s two euros 50. Now in some ways, given that you can have Rome with coffee, why would you possibly want Rome without coffee? It’s like having your car stolen. It’s an inferior option. But guess what happened. The moment you add Rome without coffee, Rome with coffee becomes more popular. And people choose it. The fact that you have Rome without coffee makes Rome with coffee look superior. And not just to Rome without coffee, even superior to Paris.

Here are two examples of this principle. This was an ad from The Economist a few years ago that gave us three choices. An online subscription for 59 dollars. A print subscription for 125. Or you could get both for 125. Now I looked at this and I called up The Economist. And I tried to figure out what were they thinking. And they passed me from one person to another to another. Until eventually I got to a person who was in charge of the website. And I called them up. And they went to check what was going on. The next thing I know, the ad is gone. And no explanation.

So I decided to do the experiment that I would have loved The Economist to do with me. I took this and I gave it to 100 MIT students. I said, “What would you choose?” These are the market share. Most people wanted the combo deal. Thankfully nobody wanted the dominated option. That means our students can read. But now if you have an option that nobody wants you can take it off. Right? So I printed another version of this. Where I eliminated the middle option. I gave it to another 100 students. Here is what happens. Now the most popular option became the least popular. And the least popular became the most popular.

What was happening was the option that was useless, in the middle, was useless in the sense that nobody wanted it. But it wasn’t useless in the sense that it helped people figure out what they wanted. In fact, relative to the option in the middle, which was get only the print for 125, the print and web for 125 looked like a fantastic deal. And as a consequence, people chose it. The general idea here, by the way, is that we actually don’t know our preferences that well. And because we don’t know our preferences that well we’re susceptible to all of these influences from the external forces. The defaults, the particular options that are presented to us. And so on.

One more example of this. People believe that when we deal with physical attraction, we see somebody, and we know immediately whether we like them or not. Attracted or not. Which is why we have these four-minute dates. So I decided to do this experiment with people. I’ll show you graphic images of people — not real people. The experiment was with people. I showed some people a picture of Tom, and a picture of Jerry. I said “Who do you want to date? Tom or Jerry?” But for half the people I added an ugly version of Jerry. I took Photoshop and I made Jerry slightly less attractive. (Laughter) The other people, I added an ugly version of Tom. And the question was, will ugly Jerry and ugly Tom help their respective, more attractive brothers? The answer was absolutely yes. When ugly Jerry was around, Jerry was popular. When ugly Tom was around, Tom was popular.

A summary of Galbraith’s The Affluent Society

From a summary of John Kenneth Galbraith’s The Affluent Society (Abridge Me: 1 June 2010):

The Concept of the Conventional Wisdom

The paradigms on which society’s perception of reality are based are highly conservative. People invest heavily in these ideas, and so are heavily resistant to changing them. They are only finally overturned by new ideas when new events occur which make the conventional wisdom appear so absurd as to be impalpable. Then the conventional wisdom quietly dies with its most staunch proponents, to be replaced with a new conventional wisdom. …

Economic Security

… Economics professors argue that the threat of unemployment is necessary to maintain incentives to high productivity, and simultaneously that established professors require life tenure in order to do their best work. …

The Paramount Position of Production

… Another irrationality persists (more in America than elsewhere?): the prestigious usefulness of private-sector output, compared to the burdensome annoyance of public expenditure. Somehow public expenditure can never quite be viewed as a productive and enriching element of national output; it is forever something to be avoided, at best a necessary encumbrance. Cars are important, roads are not. An expansion in telephone services improves the general well-being, cuts in postal services are a necessary economy. Vacuum cleaners to ensure clean houses boast our standard of living, street cleaners are an unfortunate expense. Thus we end up with clean houses and filthy streets. …

[W]e have wants at the margin only so far as they are synthesised. We do not manufacture wants for goods we do not produce. …

The Dependence Effect

… Modern consumer demand, at the margin, does not originate from within the individual, but is a consequence of production. It has two origins:

  1. Emulation: the desire to keep abreast of, or ahead of one’s peer group — demand originating from this motivation is created indirectly by production. Every effort to increase production to satiate want brings with it a general raising of the level of consumption, which itself increases want.
  2. Advertising: the direct influence of advertising and salesmanship create new wants which the consumer did not previously possess. Any student of business has by now come to view marketing as fundamental a business activity as production. Any want that can be significantly moulded by advertising cannot possibly have been strongly felt in the absence of that advertising — advertising is powerless to persuade a man that he is or is not hungry.


… In 1942 a grateful and very anxious citizenry rewarded its soldiers, sailors, and airmen with a substantial increase in pay. In the teeming city of Honolulu, in prompt response to this advance in wage income, the prostitutes raised the prices of their services. This was at a time when, if anything, increased volume was causing a reduction in their average unit costs. However, in this instance the high military authorities, deeply angered by what they deemed improper, immoral, and indecent profiteering, ordered a return to the previous scale. …

The Theory of Social Balance

The final problem of the affluent society is the balance of goods it produces. Private goods: TVs, cars, cigarettes, drugs and alcohol are overproduced; public goods: education, healthcare, police services, park provision, mass transport and refuse disposal are underproduced. The consequences are extremely severe for the wellbeing of society. The balance between private and public consumption will be referred to as ‘the social balance’. The main reason for this imbalance is relatively straightforward. The forces we have identified which increase consumer demand as production rises (advertising and emulation) act almost entirely on the private sector. …

It is arguable that emulation acts on public services to an extent: a new school in one district may encourage neighbouring districts to ‘keep up’, but the effect is relatively miniscule.

Thus, private demand is artificially inflated and public demand is not, and the voter-consumer decides how to split his income between the two at the ballot box: inevitably public expenditure is grossly underrepresented. …

Microsoft’s real customers

From James Fallow’s “Inside the Leviathan: A short and stimulating brush with Microsoft’s corporate culture” (The Atlantic: February 2000):

Financial analysts have long recognized that Microsoft’s profit really comes from two sources. One is operating systems (Windows, in all its varieties), and the other is the Office suite of programs. Everything else — Flight Simulator, Slate, MSNBC, mice and keyboards — is financially meaningless. What these two big categories have in common is that individuals are not the significant customers. Operating systems are sold mainly to computer companies such as Dell and Compaq, which pass them pre-loaded to individual consumers. And the main paying customers for Office are big corporations (or what the high-tech world calls LORGs, for “large-size organizations”), which may buy thousands of “seats” for their employees at hundreds of dollars apiece. Product planning, therefore, is focused with admirable clarity on those whose decisions really matter to Microsoft — the information-technology manager at Chevron or the U.S. Department of Agriculture, for example — rather than some writer with an idea about how to make his colleagues happier with a program.

Lovely – Microsoft will let companies create ad-filled desktop themes

From Jeff Bertolucci’s “Windows 7 Ads: Microsoft Tarts Up the Desktop” (PC World: 13 November 2009):

Microsoft has announced plans to peddle Windows 7 desktop space to advertisers, who’ll create Windows UI themes–customized backgrounds, audio clips, and other elements–that highlight their brand, Computerworld reports. In fact, some advertiser themes are already available in the Windows 7 Personalization Gallery, including desktop pitches for soft drinks (Coca-Cola, Pepsi), autos (Ducati, Ferrari, Infiniti), and big-budget Hollywood blockbusters (Avatar).

The advertiser themes are different, however, in that they won’t be foisted on unsuspecting users. Rather, you’ll have to download and install the ad pitch yourself. As a result, I doubt many Windows 7 users will gripe about ad themes. Hey, if you’re a Preparation H fan, why not devote the desktop to your favorite ointment?

Bernie Madoff & the 1st worldwide Ponzi scheme

From Diana B. Henrioques’s “Madoff Scheme Kept Rippling Outward, Across Borders” (The New York Times: 20 December 2008):

But whatever else Mr. Madoff’s game was, it was certainly this: The first worldwide Ponzi scheme — a fraud that lasted longer, reached wider and cut deeper than any similar scheme in history, entirely eclipsing the puny regional ambitions of Charles Ponzi, the Boston swindler who gave his name to the scheme nearly a century ago.

Regulators say Mr. Madoff himself estimated that $50 billion in personal and institutional wealth from around the world was gone. … Before it evaporated, it helped finance Mr. Madoff’s coddled lifestyle, with a Manhattan apartment, a beachfront mansion in the Hamptons, a small villa overlooking Cap d’Antibes on the French Riviera, a Mayfair office in London and yachts in New York, Florida and the Mediterranean.

In 1960, as Wall Street was just shaking off its postwar lethargy and starting to buzz again, Bernie Madoff (pronounced MAY-doff) set up his small trading firm. His plan was to make a business out of trading lesser-known over-the-counter stocks on the fringes of the traditional stock market. He was just 22, a graduate of Hofstra University on Long Island.

By 1989, Mr. Madoff ‘s firm was handling more than 5 percent of the trading volume on the august New York Stock Exchange …

And in 1990, he became the nonexecutive chairman of the Nasdaq market, which at the time was operated as a committee of the National Association of Securities Dealers.

His rise on Wall Street was built on his belief in a visionary notion that seemed bizarre to many at the time: That stocks could be traded by people who never saw each other but were connected only by electronics.

In the mid-1970s, he had spent over $250,000 to upgrade the computer equipment at the Cincinnati Stock Exchange, where he began offering to buy and sell stocks that were listed on the Big Board. The exchange, in effect, was transformed into the first all-electronic computerized stock exchange.

He also invested in new electronic trading technology for his firm, making it cheaper for brokerage firms to fill their stock orders. He eventually gained a large amount of business from big firms like A. G. Edwards & Sons, Charles Schwab & Company, Quick & Reilly and Fidelity Brokerage Services.

By the end of the technology bubble in 2000, his firm was the largest market maker on the Nasdaq electronic market, and he was a member of the Securities Industry Association, now known as the Securities Industry and Financial Markets Association, Wall Street’s principal lobbying arm.

Australian police: don’t bank online with Windows

From Munir Kotadia’s “NSW Police: Don’t use Windows for internet banking” (ITnews: 9 October 2009):

Consumers wanting to safely connect to their internet banking service should use Linux or the Apple iPhone, according to a detective inspector from the NSW Police, who was giving evidence on behalf of the NSW Government at the public hearing into Cybercrime today in Sydney.

Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online.

The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows.

“If you are using the internet for a commercial transaction, use a Linux boot up disk – such as Ubuntu or some of the other flavours. Puppylinux is a nice small distribution that boots up fairly quickly.

Van der Graaf also mentioned the iPhone, which he called “quite safe” for internet banking.

“Another option is the Apple iPhone. It is only capable of running one process at a time so there is really no danger from infection,” he said.

Malware forges online bank statements to hide fraud

From Kim Zetter’s “New Malware Re-Writes Online Bank Statements to Cover Fraud” (Wired: 30 September 2009):

New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.

The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.

The ruse buys the crooks time before a victim discovers the fraud, though won’t work if a victim uses an uninfected machine to check his or her bank balance.

The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.

The victims’ computers are infected with the Trojan, known as URLZone, after visiting compromised legitimate web sites or rogue sites set up by the hackers.

Once a victim is infected, the malware grabs the consumer’s log in credentials to their bank account, then contacts a control center hosted on a machine in Ukraine for further instructions. The control center tells the Trojan how much money to wire transfer, and where to send it. To avoid tripping a bank’s automated anti-fraud detectors, the malware will withdraw random amounts, and check to make sure the withdrawal doesn’t exceed the victim’s balance.

The money gets transferred to the legitimate accounts of unsuspecting money mules who’ve been recruited online for work-at-home gigs, never suspecting that the money they’re allowing to flow through their account is being laundered. The mule transfers the money to the crook’s chosen account. The cyber gang Finjan tracked used each mule only twice, to avoid fraud pattern detection.

The researchers also found statistics in the command tool showing that out of 90,000 visitors to the gang’s rogue and compromised websites, 6,400 were infected with the URLZone trojan. Most of the attacks Finjan observed affected people using Internet Explorer browsers …

Finjan provided law enforcement officials with details about the gang’s activities and says the hosting company for the Ukraine server has since suspended the domain for the command and control center. But Finjan estimates that a gang using the scheme unimpeded could rake in about $7.3 million annually.

Why Picasso charged a million dollars

Femme aux Bras Croisés, 1902
Image via Wikipedia

From Josh Olson’s “I Will Not Read Your Fucking Script” (The Village Voice: 9 September 2009):

There’s a great story about Pablo Picasso. Some guy told Picasso he’d pay him to draw a picture on a napkin. Picasso whipped out a pen and banged out a sketch, handed it to the guy, and said, “One million dollars, please.”

“A million dollars?” the guy exclaimed. “That only took you thirty seconds!”

“Yes,” said Picasso. “But it took me fifty years to learn how to draw that in thirty seconds.”

You need to know if your product is a luxury or a premium

From Seth Godin’s “Luxury vs. premium” (Seth Godin’s Blog: 17 May 2009):

Luxury goods are needlessly expensive. By needlessly, I mean that the price is not related to performance. The price is related to scarcity, brand and storytelling. Luxury goods are organized waste. …

That doesn’t mean they are senseless expenditures. Sending a signal is valuable if that signal is important to you.

Premium goods, on the other hand, are expensive variants of commodity goods. Pay more, get more. … They’re happy to pay more because they believe they get more.

Plenty of brands are in trouble right now because they’re not sure which one they represent.

Various confidence scams, tricks, & frauds

From “List of confidence tricks” (Wikipedia: 3 July 2009):

Get-rich-quick schemes

Get-rich-quick schemes are extremely varied. For example, fake franchises, real estate “sure things”, get-rich-quick books, wealth-building seminars, self-help gurus, sure-fire inventions, useless products, chain letters, fortune tellers, quack doctors, miracle pharmaceuticals, Nigerian money scams, charms and talismans are all used to separate the mark from his money. Variations include the pyramid scheme, Ponzi scheme and Matrix sale.

Count Victor Lustig sold the “money-printing machine” which could copy $100 bills. The client, sensing huge profits, would buy the machines for a high price (usually over $30,000). Over the next twelve hours, the machine would produce just two more $100 bills, but after that it produced only blank paper, as its supply of hidden $100 bills would have become exhausted. This type of scheme is also called the “money box” scheme.

The wire game, as depicted in the movie The Sting, trades on the promise of insider knowledge to beat a gamble, stock trade or other monetary action. In the wire game, a “mob” composed of dozens of grifters simulates a “wire store”, i.e., a place where results from horse races are received by telegram and posted on a large board, while also being read aloud by an announcer. The griftee is given secret foreknowledge of the race results minutes before the race is broadcast, and is therefore able to place a sure bet at the wire store. In reality, of course, the con artists who set up the wire store are the providers of the inside information, and the mark eventually is led to place a large bet, thinking it to be a sure win. At this point, some mistake is made, which actually makes the bet a loss. …

Salting or to salt the mine are terms for a scam in which gems or gold ore are planted in a mine or on the landscape, duping the greedy mark into purchasing shares in a worthless or non-existent mining company.[2] During the Gold Rush, scammers would load shotguns with gold dust and shoot into the sides of the mine to give the appearance of a rich ore, thus “salting the mine”. …

The Spanish Prisoner scam – and its modern variant, the advance fee fraud or Nigerian scam – take advantage of the victim’s greed. The basic premise involves enlisting the mark to aid in retrieving some stolen money from its hiding place. The victim sometimes believes he can cheat the con artists out of their money, but anyone trying this has already fallen for the essential con by believing that the money is there to steal (see also Black money scam). …

Many conmen employ extra tricks to keep the victim from going to the police. A common ploy of investment scammers is to encourage a mark to use money concealed from tax authorities. The mark cannot go to the authorities without revealing that he or she has committed tax fraud. Many swindles involve a minor element of crime or some other misdeed. The mark is made to think that he or she will gain money by helping fraudsters get huge sums out of a country (the classic Nigerian scam); hence marks cannot go to the police without revealing that they planned to commit a crime themselves.

Gold brick scams

Gold brick scams involve selling a tangible item for more than it is worth; named after selling the victim an allegedly golden ingot which turns out to be gold-coated lead.

Pig-in-a-poke originated in the late Middle Ages. The con entails a sale of a (suckling) “pig” in a “poke” (bag). The bag ostensibly contains a live healthy little pig, but actually contains a cat (not particularly prized as a source of meat, and at any rate, quite unlikely to grow to be a large hog). If one buys a “pig in a poke” without looking in the bag (a colloquial expression in the English language, meaning “to be a sucker”), the person has bought something of less value than was assumed, and has learned firsthand the lesson caveat emptor.

The Thai gem scam involves layers of con men and helpers who tell a tourist in Bangkok of an opportunity to earn money by buying duty-free jewelry and having it shipped back to the tourist’s home country. The mark is driven around the city in a tuk-tuk operated by one of the con men, who ensures that the mark meets one helper after another, until the mark is persuaded to buy the jewelry from a store also operated by the swindlers. The gems are real but significantly overpriced. This scam has been operating for 20 years in Bangkok, and is said to be protected by Thai police and politicians. A similar scam usually runs in parallel for custom-made suits.

Extortion or false-injury tricks

The badger game extortion is often perpetrated on married men. The mark is deliberately coerced into a compromising position, a supposed affair for example, then threatened with public exposure of his acts unless blackmail money is paid.

The Melon Drop is a scam in which the scammer will intentionally bump into the mark and drop a package containing (already broken) glass. He will blame the damage on the clumsiness of the mark, and demand money in compensation. This con arose when artists discovered that the Japanese paid large sums of money for watermelons. The scammer would go to a supermarket to buy a cheap watermelon, then bump into a Japanese tourist and set a high price.

Gambling tricks

Three-card Monte, ‘Find The Queen’, the “Three-card Trick”, or “Follow The Lady”, is (except for the props) essentially the same as the probably centuries-older shell game or thimblerig. The trickster shows three playing cards to the audience, one of which is a queen (the “lady”), then places the cards face-down, shuffles them around and invites the audience to bet on which one is the queen. At first the audience is skeptical, so the shill places a bet and the scammer allows him to win. In one variation of the game, the shill will (apparently surreptitiously) peek at the lady, ensuring that the mark also sees the card. This is sometimes enough to entice the audience to place bets, but the trickster uses sleight of hand to ensure that they always lose, unless the conman decides to let them win, hoping to lure them into betting much more. The mark loses whenever the dealer chooses to make him lose. This con appears in the Eric Garcia novel Matchstick Men and is featured in the movie Edmond.

A variation on this scam exists in Barcelona, Spain, but with the addition of a pickpocket. The dealer and shill behave in an overtly obvious manner, attracting a larger audience. When the pickpocket succeeds in stealing from a member of the audience, he signals the dealer. The dealer then shouts the word “aqua”, and the three split up. The audience is left believing that “aqua” is a code word indicating the police are coming, and that the performance was a failed scam.

In the Football Picks Scam the scammer sends out tip sheet stating a game will go one way to 100 potential victims and the other way to another 100. The next week, the 100 or so who received the correct answer are divided into two groups and fed another pick. This is repeated until a small population have (apparently) received a series of supernaturally perfect picks, then the final pick is offered for sale. Despite being well-known (it was even described completely on an episode of The Simpsons and used by Derren Brown in “The System”), this scam is run almost continuously in different forms by different operators. The sports picks can also be replaced with securities, or any other random process, in an alternative form. This scam has also been called the inverted pyramid scheme, because of the steadily decreasing population of victims at each stage.

Visitors to Las Vegas or other gambling towns often encounter the Barred Winner scam, a form of advance fee fraud performed in person. The artist will approach his mark outside a casino with a stack or bag of high-value casino chips and say that he just won big, but the casino accused him of cheating and threw him out without letting him redeem the chips. The artist asks the mark to go in and cash the chips for him. The artist will often offer a percentage of the winnings to the mark for his trouble. But, when the mark agrees, the artist feigns suspicion and asks the mark to put up something of value “for insurance”. The mark agrees, hands over jewelry, a credit card or their wallet, then goes in to cash the chips. When the mark arrives at the cashier, they are informed the chips are fake. The artist, by this time, is long gone with the mark’s valuables.

False reward tricks

The glim-dropper requires several accomplices, one of whom must be a one-eyed man. One grifter goes into a store and pretends he has lost his glass eye. Everyone looks around, but the eye cannot be found. He declares that he will pay a thousand-dollar reward for the return of his eye, leaving contact information. The next day, an accomplice enters the store and pretends to find the eye. The storekeeper (the intended griftee), thinking of the reward, offers to take it and return it to its owner. The finder insists he will return it himself, and demands the owner’s address. Thinking he will lose all chance of the reward, the storekeeper offers a hundred dollars for the eye. The finder bargains him up to $250, and departs.…

The fiddle game uses the pigeon drop technique. A pair of con men work together, one going into an expensive restaurant in shabby clothes, eating, and claiming to have left his wallet at home, which is nearby. As collateral, the con man leaves his only worldly possession, the violin that provides his livelihood. After he leaves, the second con man swoops in, offers an outrageously large amount (for example $50,000) for such a rare instrument, then looks at his watch and runs off to an appointment, leaving his card for the mark to call him when the fiddle-owner returns. The mark’s greed comes into play when the “poor man” comes back, having gotten the money to pay for his meal and redeem his violin. The mark, thinking he has an offer on the table, then buys the violin from the fiddle player (who “reluctantly” sells it eventually for, say, $5,000). The result is the two conmen are $5,000 richer (less the cost of the violin), and the mark is left with a cheap instrument.

Other confidence tricks and techniques

The Landlord Scam advertises an apartment for rent at an attractive price. The con artist, usually someone who is house-sitting or has a short-term sublet at the unit, takes a deposit and first/last month’s rent from every person who views the suite. When move-in day arrives, the con artist is of course gone, and the apartment belongs to none of the angry people carrying boxes.

Change raising is a common short con and involves an offer to change an amount of money with someone, while at the same time taking change or bills back and forth to confuse the person as to how much money is actually being changed. The most common form, “the Short Count”, has been featured prominently in several movies about grifting, notably Nueve Reinas, The Grifters and Paper Moon. A con artist shopping at, say a gas station, is given 80 cents in change because he lacks two dimes to complete the sale (say the sale cost is $19.20 and the con man has a 20 dollar bill). He goes out to his car and returns a short time later, with 20 cents. He returns them, saying that he found the rest of the change to make a dollar, and asking for a bill so he will not have to carry coins. The confused store clerk agrees, exchanging a dollar for the 20 cents the conman returned. In essence, the mark makes change twice.

Beijing tea scam is a famous scam in and around Beijing. The artists (usually female and working in pairs) will approach tourists and try to make friends. After chatting, they will suggest a trip to see a tea ceremony, claiming that they have never been to one before. The tourist is never shown a menu, but assumes that this is how things are done in China. After the ceremony, the bill is presented to the tourist, charging upwards of $100 per head. The artists will then hand over their bills, and the tourists are obliged to follow suit.

How security experts defended against Conficker

From Jim Giles’ “The inside story of the Conficker worm” (New Scientist: 12 June 2009):

23 October 2008 … The dry, technical language of Microsoft’s October update did not indicate anything particularly untoward. A security flaw in a port that Windows-based PCs use to send and receive network signals, it said, might be used to create a “wormable exploit”. Worms are pieces of software that spread unseen between machines, mainly – but not exclusively – via the internet (see “Cell spam”). Once they have installed themselves, they do the bidding of whoever created them.

If every Windows user had downloaded the security patch Microsoft supplied, all would have been well. Not all home users regularly do so, however, and large companies often take weeks to install a patch. That provides windows of opportunity for criminals.

The new worm soon ran into a listening device, a “network telescope”, housed by the San Diego Supercomputing Center at the University of California. The telescope is a collection of millions of dummy internet addresses, all of which route to a single computer. It is a useful monitor of the online underground: because there is no reason for legitimate users to reach out to these addresses, mostly only suspicious software is likely to get in touch.

The telescope’s logs show the worm spreading in a flash flood. For most of 20 November, about 3000 infected computers attempted to infiltrate the telescope’s vulnerable ports every hour – only slightly above the background noise generated by older malicious code still at large. At 6 pm, the number began to rise. By 9 am the following day, it was 115,000 an hour. Conficker was already out of control.

That same day, the worm also appeared in “honeypots” – collections of computers connected to the internet and deliberately unprotected to attract criminal software for analysis. It was soon clear that this was an extremely sophisticated worm. After installing itself, for example, it placed its own patch over the vulnerable port so that other malicious code could not use it to sneak in. As Brandon Enright, a network security analyst at the University of California, San Diego, puts it, smart burglars close the window they enter by.

Conficker also had an ingenious way of communicating with its creators. Every day, the worm came up with 250 meaningless strings of letters and attached a top-level domain name – a .com, .net, .org, .info or .biz – to the end of each to create a series of internet addresses, or URLs. Then the worm contacted these URLs. The worm’s creators knew what each day’s URLs would be, so they could register any one of them as a website at any time and leave new instructions for the worm there.

It was a smart trick. The worm hunters would only ever spot the illicit address when the infected computers were making contact and the update was being downloaded – too late to do anything. For the next day’s set of instructions, the creators would have a different list of 250 to work with. The security community had no way of keeping up.

No way, that is, until Phil Porras got involved. He and his computer security team at SRI International in Menlo Park, California, began to tease apart the Conficker code. It was slow going: the worm was hidden within two shells of encryption that defeated the tools that Porras usually applied. By about a week before Christmas, however, his team and others – including the Russian security firm Kaspersky Labs, based in Moscow – had exposed the worm’s inner workings, and had found a list of all the URLs it would contact.

[Rick Wesson of Support Intelligence] has years of experience with the organisations that handle domain registration, and within days of getting Porras’s list he had set up a system to remove the tainted URLs, using his own money to buy them up.

It seemed like a major win, but the hackers were quick to bounce back: on 29 December, they started again from scratch by releasing an upgraded version of the worm that exploited the same security loophole.

This new worm had an impressive array of new tricks. Some were simple. As well as propagating via the internet, the worm hopped on to USB drives plugged into an infected computer. When those drives were later connected to a different machine, it hopped off again. The worm also blocked access to some security websites: when an infected user tried to go online and download the Microsoft patch against it, they got a “site not found” message.

Other innovations revealed the sophistication of Conficker’s creators. If the encryption used for the previous strain was tough, that of the new version seemed virtually bullet-proof. It was based on code little known outside academia that had been released just three months earlier by researchers at the Massachusetts Institute of Technology.

Indeed, worse was to come. On 15 March, Conficker presented the security experts with a new problem. It reached out to a URL called It was on the list that Porras had produced, but – those involved decline to say why – it had not been blocked. One site was all that the hackers needed. A new version was waiting there to be downloaded by all the already infected computers, complete with another new box of tricks.

Now the cat-and-mouse game became clear. Conficker’s authors had discerned Porras and Wesson’s strategy and so from 1 April, the code of the new worm soon revealed, it would be able to start scanning for updates on 500 URLs selected at random from a list of 50,000 that were encoded in it. The range of suffixes would increase to 116 and include many country codes, such as .kz for Kazakhstan and .ie for Ireland. Each country-level suffix belongs to a different national authority, each of which sets its own registration procedures. Blocking the previous set of domains had been exhausting. It would soon become nigh-on impossible – even if the new version of the worm could be fully decrypted.

Luckily, Porras quickly repeated his feat and extracted the crucial list of URLs. Immediately, Wesson and others contacted the Internet Corporation for Assigned Names and Numbers (ICANN), an umbrella body that coordinates country suffixes.

From the second version onwards, Conficker had come with a much more efficient option: peer-to-peer (P2P) communication. This technology, widely used to trade pirated copies of software and films, allows software to reach out and exchange signals with copies of itself.

Six days after the 1 April deadline, Conficker’s authors let loose a new version of the worm via P2P. With no central release point to target, security experts had no means of stopping it spreading through the worm’s network. The URL scam seems to have been little more than a wonderful way to waste the anti-hackers’ time and resources. “They said: you’ll have to look at 50,000 domains. But they never intended to use them,” says Joe Stewart of SecureWorks in Atlanta, Georgia. “They used peer-to-peer instead. They misdirected us.”

The latest worm release had a few tweaks, such as blocking the action of software designed to scan for its presence. But piggybacking on it was something more significant: the worm’s first moneymaking schemes. These were a spam program called Waledac and a fake antivirus package named Spyware Protect 2009.

The same goes for fake software: when the accounts of a Russian company behind an antivirus scam became public last year, it appeared that one criminal had earned more than $145,000 from it in just 10 days.