October 11, 2018

Lost in transition

End_all_DRM_in_the_world_forever,_within_a_decade.jpg"Why do I have to scan my boarding card?" I demanded loudly of the machine that was making this demand. "I'm buying a thing of milk!"

The location was Heathrow Terminal 5. The "thing of milk" was a pint of milk being purchased with a view to a late arrival in a continental European city where tea is frequently offered with "Kafeesahne", a thick, off-white substance that belongs with tea about as much as library paste does.

A human materialized out of nowhere, and typed in some codes. The transaction went through. I did not know you could do that.

The incident sounds minor - yes, I thanked her - but has a real point. For years, UK airport retailers secured discounts for themselves by demanding to scan boarding cards at the point of purchase while claiming the reason was to exempt the customers from VAT when they are taking purchases out of the country. Just a couple of years ago the news came out: the companies were failing to pass the resulting discounts on to customers and simply pocketing the VAT. Legally, you are not required to comply with the request.

They still ask, of course.

If you're dealing with a human retail clerk, refusing is easy: you say "No" and they move on to completing the transaction. The automated checkout (which I normally avoid), however is not familiar with No. It is not designed for No. No is not part of its vocabulary unless a human comes along with an override code.

My legal right not to scan my boarding card therefore relies on the presence of an expert human. Take the human out of that loop - or overwhelm them with too many stations to monitor - and the right disappears, engineered out by automation and enforced by the time pressure of having to catch a flight and/or the limited resource of your patience.

This is the same issue that has long been machinified by DRM - digital rights management - and the locks it applies to commercially distributed content. The text of Alice in Wonderland is in the public domain, but wrap it in DRM and your legal rights to copy, lend, redistribute, and modify all vanish, automated out with no human to summon and negotiate with.

Another example: the discount railcard I pay for once a year is renewable online. But if you go that route, you are required to upload your passport, photo driver's license, or national ID card. None of these should really be necessary. If you renew at a railway station, you pay your money and get your card, no identification requested. In this example the automation requires you to submit more data and take greater risk than the offline equivalent. And, of course, when you use a website there's no human to waive the requirement and restore the status quo.

Each of these services is designed individually. There is no collusion, and yet the direction is uniform.

Most of the discussion around this kind of thing - rightly - focuses on clearly unjust systems with major impact on people's lives. The COMPAS recidivism algorithm, for example, is used to risk-assess the likelihood that a criminal defendant will reoffend. A ProPublica study found that the algorithm tended to produced biased results of two kinds: first, black defendants were more likely than white defendants to be incorrectly rated as high risk; second, white reoffenders were incorrectly classified as low-risk more often than black ones. Other such systems show similar biases, all for the same basic reason: decades of prejudice are baked into the training data these systems are fed. Virginia Eubanks, for example, has found similar issues in systems such as those that attempt to identify children at risk and that appear to see poverty itself as a risk factor.

By contrast, the instances I'm pointing out seem smaller, maybe even insignificant. But the potential is that over time wide swathes of choices and rights will disappear, essentially automated out of our landscape. Any process can be gamed this way.

At a Royal Society meeting last year, law professor Mireille Hildebrandt outlined the risks of allowing the atrophy of governance through the text-driven law that today is negotiated in the courts. The danger, she warned, is that through machine deployment and "judgemental atrophy" it will be replaced with administration, overseen by inflexible machines that enforce rules with no room for contestability, which Hildebrandt called "the heart of the rule of law".

What's happening here is, as she said, administration - but it's administration in which our legitimate rights dissipate in a wave of "because we can" automated demands. There are many ways we willingly give up these rights already - plenty of people are prepared to give up anonymity in financial transactions by using all manner of non-cash payment systems, for example. But at least those are conscious choices from which we derive a known benefit. It's hard to see any benefit accruing from the loss of the right to object to unreasonable bureaucracy imposed upon us by machines designed to serve only their owners' interests.

Illustrations: "Kill all the DRM in the world within a decade" (via Wikimedia.).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

May 11, 2018

The third penguin

two-angry-penguins.jpgYou never have time to disrupt yourself and your work by updating your computer's software until Bad Things happen and you're forced to find the time you don't have.

So last week the Ubuntu machine's system drive, which I had somehow failed to notice dated to 2012, lost the will to live. I had been putting off upgrading to 64-bit; several useful pieces of software are no longer available in 32-bit versions, such as Signal for Desktop, Free File Sync, and Skype.

It transpired that 18.04 LTS had been released a few days earlier. Latest version means longer until forced to upgrade, right?

The good news is that Ubuntu's ease of installation continues to improve. The experience of my first installation, about two and a half years ago, of trying umpteen things and hoping one would eventually work, is gone. Both audio and video worked first time out, and although I still had to switch video drivers, but I didn't have to search AskUbuntu to do it. Even more than my second installation Canonical has come very, very close to one-click installation. The video freezes that have been plaguing the machine since the botched 16.04 update in 2016 appear to have largely gone.

However, making it easy also makes some things hard. Reason: making it easy means eliminating things that require effort to configure and that might complicate the effortlessness. In the case of 18.04, that means that if you have a mixed network you still have to separately download and configure Samba, the thing that makes it possible for an Ubuntu machine to talk to a Windows machine. I understand this choice, I think: it's reasonable to surmise that the people who need an easy installation are unlikely to have mixed networks, and the people who do have them can cope with downloading extra software. But Samba is just mean.

An ideal installation routine would do something like:
- Ask the names and IP addresses of the machines you want to connect to;
- Ask what directories you want to share;
- Use that information to write the config file;
- Send you to pages with debugging information if it doesn't work.

Of course, it doesn't work like that. I eventually found the page I think helped me most last time. That half-solved the problem, in that the Windows machines could see the Ubuntu machine but not the reverse. As far as I could tell, the Ubuntu machine had adopted the strategy of the Ravenous Bug Blatter Beast of Traal and wrapped a towel around its head on the basis that if it couldn't see them they couldn't see *it*.

Many DuckDuckGo searches later the answer arrived: apparently for 18.04 the decisions was made to remove a client protocol. The solution was to download and install a bit of software called smbclient, which would restore the protocol. That worked.

Far more baffling was the mysterious, apparently random appearance of giant colored graphics in my Thunderbird inbox. All large enough to block numerous subject lines. This is not an easy search to frame, and I've now forgotten the magical combination of words that produced the answer: Ubuntu 18.04 has decorated itself with a colorful set of bright, shiny *emoji*. These, it turns out, you can remove easily. Once you have, the symbols sent to torture you shrink back down to tiny black and white blogs that disturb no one. Should you feel a desperate need to find out what one is, you can copy and paste it into Emojipedia, and there it is: that thing you thought was a balloon was in fact a crystal ball. Like it matters.

I knew going in that Unity, the desktop interface that came with my previous versions of Ubuntu, had been replaced by Gnome, which everyone predicted I would hate.

The reality is that it's never about whether a piece of software is good or bad; it's always about what you're used to. If your computer is your tool rather than your plaything, the thing you care most about is not having to learn too much that's new. I don't mind that the Ubuntu machine doesn't look like Windows; I prefer to have the reminder that it's different. But as much as I'd disliked it at first, I'd gotten used to the way Unity groups and displays windows, the size of the font it used, and the controls for configuring it. So, yes, Gnome annoyed, with its insistence on offering me apps I don't want, tiny grey fonts, wrong-side window controls, and pointless lockscreens that all wanted recofniguration. KDE desktop, which a friend insisted I should try, didn't seem much different. It took only two days to revert to Unity, which is now "community-maintained", polite GNU/Linux-speak for "may not survive for long". Back to some version of normal.

In my view, Ubuntu could still fix some things. It should be easier to add applications to the Startup list. The Samba installation should be automated and offered as an option in system installation with a question like, "Do you need to connect to a Windows machine on your network?" User answers yes or no, Samba is installed or not with a script like that suggested above.

But all told, it remains remarkable progress. I salute the penguin wranglers.

Illustrations: Penguins.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

May 24, 2013

Forcing functions

At last Saturday's OpenTech, perennial grain-of-sand-in-the-Internet-oyster Bill Thompson, in a session on open data, asked an interesting question. In a nod to NTK's old slogan, "They stole our revolution - now we're stealing it back", he asked: how can we ensure that open data supports values of democracy, openness, transparency, and social justice? The Internet pioneers did their best to embed these things into their designs, and the open architecture, software, and licensing they pioneered can be taken without paying by any oppressive government or large company that cares to, Is this what we want for open data, too?

Thompson writes (and, if I remember correctly, actually said, more or less):

...destruction seems like a real danger, not least because the principles on which the Internet is founded leave us open to exploitation and appropriation by those who see openness as an opportunity to take without paying - the venture capitalists, startups and big tech companies who have built their empires in the commons and argue that their right to build fences and walls is just another aspect of 'openness'.

Constraining the ability to take what's been freely developed and exploit it has certainly been attempted, most famously by Richard Stallman's efforts to use copyright law to create software licenses that would bar companies from taking free software and locking it up into proprietary software. It's part of what Creative Commons is about, too: giving people the ability to easily specify how their work may be used. Barring commercial exploitation without payment is a popular option: most people want a cut when they see others making a profit from their work.

The problem, unfortunately, is that it isn't really possible to create an open system that can *only* be used by the "good guys" in "good" ways. The "free speech, not free beer" analogy Stallman used to explain "free software" applies. You can make licensing terms that bar Microsoft from taking GNU/Linux, adding a new user interface, and claiming copyright in the whole thing. But you can't make licensing terms that bar people using Linux from using it to build wiretapping boxes for governments to install in ISPs to collect everyone's email. If you did, either the terms wouldn't hold up in a court of law or it would no longer be free software but instead proprietary software controlled by a well-meaning elite.

One of the fascinating things about the early days of the Internet is the way everyone viewed it as an unbroken field of snow they could mold into the image they wanted. What makes the Internet special is that any of those models really can apply: it's as reasonable to be the entertainment industry and see it as a platform that just needs some locks and laws to improve its effectiveness as a distribution channel as to be Bill Thompson and view it as a platform for social justice that's in danger of being subverted.

One could view the legal history of The Pirate Bay as a worked example, at least as it's shown in the documentary TPB-AFK: The Pirate Bay - Away From Keyboard, released in February and freely downloadable under a Creative Commons license from a torrent site near you (like The Pirate Bay). The documentary has had the best possible publicity this week when the movie studios issued DMCA takedown notices to a batch of sites.

I'm not sure what leg their DMCA claims could stand on, so the most likely explanation is the one TorrentFreak came up with: that the notices are collateral damage. The only remotely likely thing in the documentary to have set them off - other than simple false positives - is the four movie studio logos that appear in it.

There are many lessons to take away from the movie, most notably how much more nuanced the TPB founders' views are than they came across at the time. My favorite moment is probably when Fredrik Tiamo discusses the opposing counsels' inability to understand how TPB actually worked: "We tried to get organized, but we failed every single time." Instead, no boss, no contracts, no company. "We're just a couple of guys in a chat room." My other favorite is probably the moment when Monique Wadsted, Hollywood's lawyer on the case, explains that the notion that young people are disaffected with copyright law is a myth.

"We prefer AFK to IRL," says one of the founders, "because we think the Internet is real."

Given its impact on their business, I'm sure the entertainment industry thinks the Internet is real, too. They're just one of many groups who would like to close down the Internet so it can't be exploited by the "bad guys": security people, governments, child protection campaigners, and so on. Open data will be no different. So, sadly, my answer to Bill Thompson is no, there probably isn't a way to do what he has in mind. Closed in the name of social justice is still closed. Open systems can be exploited by both good and bad guys (for your value of "good" and "bad"); the group exploiting a closed system is always *someone's* bad guy.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted irregularly during the week at the net.wars Pinboard - or follow on Twitter.

January 6, 2012

Only the paranoid

Yesterday's news that the Ramnit worm has harvested the login credentials of 45,000 British and French Facebook users seems to me a watershed moment for Facebook. If I were an investor, I'd wish I had already cashed out. Indications are, however, that founding CEO Mark Zuckerberg is in it for the long haul, in which case he's going to have to find a solution to a particularly intractable problem: how to protect a very large mass of users from identity fraud when his entire business is based on getting them to disclose as much information about themselves as possible.

I have long complained about Facebook's repeatedly changing privacy controls. This week, while working on a piece on identity fraud for Infosecurity, I've concluded that the fundamental problem with Facebook's privacy controls is not that they're complicated, confusing, and time-consuming to configure. The problem with Facebook's privacy controls is that they exist.

In May 2010, Zuckerberg enraged a lot of people, including me, by opining that privacy is no longer a social norm. As Judith Rauhofer has observed, the world's social norms don't change just because some rich geeks in California say so. But the 800 million people on Facebook would arguably be much safer if the service didn't promise privacy - like Twitter. Because then people wouldn't post all those intimate details about themselves: their kids' pictures, their drunken, sex exploits, their incitements to protest, their porn star names, their birth dates... Or if they did, they'd know they were public.

Facebook's core privacy problem is a new twist on the problem Microsoft has: legacy users. Apple was willing to make earlier generations of its software non-functional in the shift to OS X. Microsoft's attention to supporting legacy users allows me to continue to run, on Windows 7, software that was last updated in 1997. Similarly, Facebook is trying to accommodate a wide variety of privacy expectations, from those of people who joined back when membership was limited to a few relatively constrained categories to those of people joining today, when the system is open to all.

Facebook can't reinvent itself wholesale: it is wholly and completely wrong to betray users who post information about themselves into what they are told is a semi-private space by making that space irredeemably public. The storm every time Facebook makes a privacy-related change makes that clear. What the company has done exceptionally well is to foster the illusion of a private space despite the fact that, as the Australian privacy advocate Roger Clarke observed in 2003, collecting and abusing user data is social networks' only business model.

Ramnit takes this game to a whole new level. Malware these days isn't aimed at doing cute, little things like making hard drive failure noises or sending all the letters on your screen tumbling into a heap at the bottom. No, it's aimed at draining your bank account and hijacking your identity for other types of financial exploitation.

To do this, it needs to find a way inside the circle of trust. On a computer network, that means looking for an unpatched hole in software to leverage. On the individual level, it means the malware equivalent of viral marketing: get one innocent bystander to mistakenly tell all their friends. We've watched this particular type of action move through a string of vectors as the human action moves to get away from spam: from email to instant messaging to, now, social networks. The bigger Facebok gets, the bigger a target it becomes. The more information people post on Facebook - and the more their friends and friends of friends friend promiscuously - the greater the risk to each individual.

The whole situation is exacerbated by endemic, widespread, poor security practices. Asking people to provide the same few bits of information for back-up questions in case they need a password reset. Imposing password rules that practically guarantee people will use and reuse the same few choices on all their sites. Putting all the eggs in services that are free at point of use and that you pay for in unobtainable customer service (not to mention behavioral targeting and marketing) when something goes wrong. If everything is locked to one email account on a server you do not control, if your security questions could be answered by a quick glance at your Facebook Timeline and a Google search, if you bank online and use the same passwords have a potential catastrophe in waiting.

I realize not everyone can run their own mail server. But you can use multiple, distinct email addresses and passwords, you can create unique answers on the reset forms, and you can limit your exposure by presuming that everything you post *is* public, whether the service admits it or not. Your goal should be to ensure that when - it's no longer safe to say "if" - some part of your online life is hacked the damage can be contained to that one, hopefully small, piece. Relying on the privacy consciousness of friends means you can't eliminate the risk; but you can limit the consequences.

Facebook is facing an entirely different risk: that people, alarmed at the thought of being mugged, will flee elsewhere. It's happened before.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

April 9, 2010

Letter box

In case you thought the iPad was essentially a useless, if appealing, gadget, take heart: it now arguably has a reason to exist in the form of an app, iMean, designed to help autistic children communicate.

The back story: my friend Michael's son, Dan, is 14; his autism means he can't really speak and has motor control difficulties.

"He's somebody who at the age of 12 had a spoken vocabulary of 100 words," says Michael, "though he seemed to have a much greater recognition vocabulary and could understand most of what we said to him, though it was hard to be sure."

That year, 2008, the family went to Texas to consult Soma Mukhopadhyay, who over the space of four days was able to get Dan communicating through multiple-choice. At first, the choices were written on two pieces of paper and Dan would grab one. He rapidly moved on to using a pencil to point at large letters placed in alphabetical order on a piece of laminated cardboard, a process Michael compares to a series of multiple-choice questions with 26 possible answers.

"Before Soma there were no letters, only words. So what he came to realize was that all the words he knew and could recognize were all combinations of the same 26 letters," Michael says. "The letter board did for Dan what moveable type did for the Western world, but the difference is that before Gutenberg people could still write and Dan could not."

The need for a facilitator to keep Dan focused on the task of spelling out a sentence also raises the issue of ensuring that it's actually Dan who's communicating. Michael says, "I was always very concerned not to impose myself on Dan while helping him as much as possible."

The iPad, therefore, offered the possibility of a more effective letter board that could incorporate predictive text and remember what's been said, and one whose other features might help Dan move on to more efficient - and more independent - communication. Dan's eyes jump so he may miss details in written text, but voiceover can read him email, and what he types into iMean can be copied into an answer. Performing all those steps independently is some way off, but the potential is life-changing.

Michael proposed the app he had in mind to 18-year-old programmer Richard Meade-Miller. "I didn't think it was going to be that hard because Apple has done most of it for you," says Michael, "but it turns out that to write an app you really need to be able to do programming in objective-C. For someone who learned Fortran 35 years ago, that's really difficult."

However, there were constraints. "We wanted the buttons to be as big as possible so Dan would have as little chance of error as possible." That forced some hard choices, such as limiting available punctuation marks to four, and shrinking the backspace button a little smaller than Michael had originally hoped in order to make room for Yes and No keys.

"When somebody like Dan sits down with this he may not be able to spell right away, but he needs to be able to say yes or no or say if something goes wrong on the screen. There should be a No button, bright red and very clear." Getting all that into the available screen space also meant creating a different view for numeric input, needed so Dan can do math problems and to speed entering large numbers.

The iPad's memory is also a constraint. "The program runs very quickly and smoothly, but anybody write an app for this platform has to be careful to release all the things that use memory on a regular basis." For the word prediction feature, iMean uses ZenTap, whose author supplied the code for Meade-Miller to integrate.

Word prediction - as Dan spells out words iMean offers him a changing display of three completed words to choose from - has speeded up the whole process for Dan. But it also, Michael says, has had a noticeable effect on his ability to read, "Because he's reading all day long." A final set of constraints are imposed by Dan's own abilities. Many autistic children do not point, an early developmental milestone. "Dan has started to point a little bit now as a result of tapping things on the letter board." Michael knew that, but he didn't realize how hard it would be for Dan, whose fingers sometimes shake and slip, to distinguish between tapping a key and swiping his fingers across a key - and a few keys are programmed to behave differently if they are swiped rather than tapped. "That may have been a mistake," he says. "It has forced Dan to really concentrate on tapping, so sometimes he double and triple taps.

Dan insisted on making a baseline video the first day so that later they can compare and see how much he's improved.

Their long-term goal is for Dan to be able to communicate with people independently. Whether they get all the way there or not, Michael says, "We know the app works the way we want. He can read a paragraph now instead of just a line - and it's only been three days."

Dan, by voice, is calling it his "stepping stone".

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. This blog eats comments for unknown reasons. Email

September 5, 2008

Return of the browser wars

It was quiet, too quiet. For so long it's just been Firefox/Mozilla/Netscape, Internet Explorer, and sometimes Opera that it seemed like that was how it was always going to be. In fact, things were so quiet that it seemed vaguely surprising that Firefox had released a major update and even long-stagnant Internet Explorer has version 8 out in beta. So along comes Chrome to shake things up.

The last time there were as many as four browsers to choose among, road-testing a Web browser didn't require much technical knowledge. You loaded the thing up, pointed it at some pages, and if you liked the interface and nothing seemed hideously broken, that was it.

This time round, things are rather different. To really review Chrome you need to know your AJAX from your JavaScript. You need to be able to test for security holes, and then discover more security vulnerabilities. And the consequences when these things are wrong are so much greater now.

For various reasons, Chrome probably isn't for me, quite aside from its copy-and-paste EULA oops. Yes, it's blazingly fast and I appreciate that because it separates each tab or window into its own process it crashes more gracefully than its competitors. But the switching cost lies less in those characteristics than in the amount of mental retraining it takes to adapt your way of working to new quirks. And, admittedly based on very short acquaintance, Chrome isn't worth it now that I've reformatted Firefox 3's address bar into a semblance of the one in Firefox 2. Perhaps when Chrome is a little older and has replaced a few more of Firefox's most useful add-ons (or when I eventually discover that Chrome's design means it doesn't need them).

Chrome does not do for browsers what Google did for search engines. In 1998, Google's ultra-clean, quick-loading front page and search results quickly saw off competing, ultra-cluttered, wait-for-it portals like Altavista because it was such a vast improvement. (Ironically, Google now has all those features and more, but it's smart enough to keep them off the front page.)

Chrome does some cool things, of course, as anything coming out of Google always has. But its biggest innovation seems to be more completely merging local and global search, a direction in which Firefox 3 is also moving, although with fewer unfortunate consequences. And, as against that, despite the "incognito" mode (similar to IE8) there is the issue of what data goes back to Google for its coffers.

It would be nice to think that Chrome might herald a new round of browser innovation and that we might start seeing browsers that answer different needs than are currently catered for. For example: as a researcher I'd like a browser to pay better attention to archiving issues: a button to push to store pages with meaningful metadata as well as date and time, the URL the material was retrieved from, whether it's been updated since and if so how, and so on. There are a few offline browsers that sort of do this kind of thing, but patchily.

The other big question hovering over Chrome is standards: Chrome is possible because the World Wide Web Consortium has done its work well. Standards and the existence of several competing browsers with significant market share has prevented any one company from seizing control and turning the Web into the kind of proprietary system Tim Berners-Lee resisted from the beginning. Chrome will be judged on how well it renders third-party Web pages, but Google can certainly tailor its many free services to work best with Chrome - not so different a proposition from the way Microsoft has controlled the desktop.

Because: the big thing Chrome does is bring Google out of the shadows as a competitor to Microsoft. In 1995, Business Week ran a cover story predicting that Java (write once, run on anything) and the Web (a unified interface) could "rewrite the rules of the software industry". Most of the predictions in that article have not really come true - yet - in the 13 years since it was published; or if they have it's only in modest ways. Windows is still the dominant operating system, and Larry Ellison's thin clients never made a dent in the market. The other big half of the challenge to Microsoft, GNU/Linux and the open-source movement, was still too small and unfinished.

Google is now in a position to deliver on those ideas. Not only are the enabling technologies in place but it's now a big enough company with reliable enough servers to make software as a Net service dependable. You can collaboratively process your words using Google Docs, coordinate your schedules with Google Calendar, and phone across the Net with Google Talk. I don't for one minute think this is the death of Microsoft or that desktop computing is going to vanish from the Earth. For one thing, despite the best-laid cables and best-deployed radios of telcos and men, we are still a long way off of continuous online connectivity. But the battle between the two different paradigms of computing - desktop and cloud - is now very clearly ready for prime time.

Wendy M. Grossman's Web site hasn extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

February 1, 2008


Large numbers are always fun, and $44.6 billion is a particularly large number. That's how much Microsoft has offered to pay, half cash, half stock, for Yahoo!

Before we get too impressed, we should remember two things: first, half of it is stock, which isn't an immediate drain on Microsoft's resources. Second, of course, is that money doesn't mean the same thing to Microsoft as it does to everyone else. As of last night, Microsoft had $19.09 billion in a nice cash heap, with more coming in all the time. (We digress to fantasise that somewhere inside Microsoft there's a heavily guarded room where the cash is kept, and where Microsoft employees who've done something particularly clever are allowed to roll naked as a reward.)

Even so, the bid is, shall we say, generous. As of last night, Yahoo!'s market cap was $25.63 billion. Yahoo!'s stock has dropped more than 32 percent in the last year, way outpacing the drop of the broader market. When issued, Microsoft's bid of $31 a share represented a 62 percent premium. That generosity tells us two things. First, since the bid was, in the polite market term, "unsolicited", that Microsoft thought it needed to pay that much to get Yahoo!'s board and biggest shareholders to agree. Second, that Microsoft is serious: it really wants Yahoo! and it doesn't want to have to fight off other contenders.

In some cases – most notably Google's acquisition of YouTube – you get the sense that the acquisition is as much about keeping the acquired company out of the hands of competitors as it is about actually wanting to own that company. If Google wanted a slice of whatever advertising market eventually develops around online video clips, it had to have YouTube. Google Video was too little, too late, and if anyone else had bought YouTube Google would never have been able to catch up.

There's an element of that here, in that MSN seems to have no immediate prospect of catching up with Google in the online advertising market. Last May, when a Microsoft-Yahoo! merger was first mooted, CNN noted that even combined MSN and Yahoo! would trail Google in the search market by a noticeable margin. Google has more than 55 percent of the search market; Yahoo! trails distantly with 17 percent and MSN is even further behind with 13 percent. Better, you can hear Microsoft thinking, to trail with 30 percent of the market than 13 percent; unlike most proposals to merge the numbers two and three players in a market, this merger would create a real competitor to the number one player.

In addition, despite the fact that Yahoo!'s profits dropped by 4.6 percent in the last quarter (year on year), its revenues grew in the same period by 11.8 percent. If Microsoft thought about it like a retail investor (or Warren Buffett), it would note two things: the drop in Yahoo!'s share prices make it a much more attractive buy than it was last May; and Yahoo!'s steady stream of revenues makes a nice return on Microsoft's investment all by itself. One analyst on CNBC estimated that return at 5 percent annually – not bad given today's interest rates.

Back in 2000, at the height of the bubble, when AOL merged with Time-Warner (a marriage both have lived to regret), I did a bit of fantasy matchmaking that regrettably has vanished off the Telegraph's site, pairing dot-coms and old-world companies for mergers. In that round, got Wal-Mart (or, more realistically, K-Mart), E*Trade passed up Dow-Jones, publisher of the Wall Street Journal (and may I just say how preferable that would have been to Rupert Murdoch's having bought it) in favor of greater irony with the lottery operator G-Tech, Microsoft got Disney (to split up the ducks), and Yahoo! was sent off to buy Rupert Murdoch's News International.

Google wasn't in the list; at the time, it was still a privately held geeks' favorite, out of the mainstream. (And, of course, some companies that were in the list – notably eToys and QXL – don't exist any more.) The piece shows off rather clearly, however, the idea of the time, which was that online companies could use their ridiculously inflated stock valuations to score themselves real businesses and real revenues. That was before Google showed the way to crack online advertising and turn visitor numbers into revenues.

It's often said that the hardest thing for a new technology company is to develop a second product. Microsoft is one of the few who succeeded in that. But the history of personal computing is still extremely short, and history may come to look at DOS, Windows, and Office as all one product: commercial software. Microsoft has seen off its commercial competitors, but open-source is a genuine threat to drive the price of commodity software to zero, much like the revenues from long distance telephone calls. Looked at that way, there is no doubt that Microsoft's long-term survival as a major player depends on finding a new approach. It has kept pitching for the right online approach: information service, portal, player/DRM, now search/advertising. And now we get to find out whether Google, like very few companies before it, really can compete with Microsoft. Game on.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

February 16, 2007

Quick fix

The other day, I noticed that the personal finance software I've been using since January 2, 1993 (under DOS!), Quicken, had started responding to requests to download stock quotes this way: "Quicken was unable to process the information in the file that was downloaded. We recommend that you try again." (It's their version of Sisyphus's torture: trying again produces the same message.)

It must be a couple of years since I started seeing warnings that Quicken was going to disable quotes in older versions of its software. My version, 2000, probably should have stopped functioning in 2004. But I'd begun to think it would never happen.

I recognize that by this time I am a valueless customer to Quicken's maker, Intuit, I tried the 2002 version (mostly so I could synch with Pocket Quicken on the Palm) and hated it; I found useless the 2005 version that came on a laptop. Intuit's idea for turning me into a valuable one is apparently to force me to upgrade to Quicken 2007. Even if 200x versions had been good, this wouldn't be a perfect idea: In 2005 Intuit dropped its UK product, and while its US product now handles multiple currencies, what about VAT? Worse, in two (or three) years' time I will be forced to do the whole thing again because of Intuit's sunset policies.

This is, of course, an entirely more aggressive approach than most software companies take. Even Microsoft, which regularly announces the dates on which it will stop supporting older software, doesn't make it inoperable. It's odd remembering that we used to cheer for Intuit, partly because it was a real pioneer in usable interface design, and partly because in the 1990s it was one of very, very few companies that had to compete with Microsoft and succeeded.

The bad news is that this is likely to be what the future is going to look like. Cory Doctorow, who has spent years following Hollywood's efforts to embed copy protection into television broadcasts and home video systems, has warned frequently that the upshot will be that things unexpectedly stop working. TiVo owners have already seen this in action: the company proposed to disable the 30-second skip popular among the advertising avoidant, and also in some cases can how long you can save programs and whether you can make copies.

I'm sure there are other examples that don't spring instantly to mind. It's part of the price of a connected world that the same features that allow benefits such as downloaded information and automatic software updates give the manufacturers options for changing the configuration we paid for at their own discretion. If these were hackers instead of software companies, we'd say they'd installed a "back door" into our systems to allow them to come in and rummage around whenever they wanted to, and we'd be deploying software to disable the back door and keep them out. Instead, we call these things "features" and apparently we're willing to pay software companies to install them.

All software has flaws; part of learning to use it involves figuring out how to work around them. When I bought it, Quicken was one of only two games in town; the other was Microsoft Money, and its notable how few competitors they have. Quicken did a far better job, at least at the beginning, of understanding that personal finance software only really works for you if you can integrate it into the world of banking and credit cards you already live in. Intuit pioneered downloading bank and credit card data. Had I ever learned to use it right, it would have prepared my VAT returns for me.

But I never really did learn to use it right, and it's gotten worse over time as the software has disimproved (as the Irish say). The Quicken files on my computer have become hopelessly lost in confusion over split transactions that don't make sense, invoices that may or may not have been paid; mortgage interest I've never been able to figure out correctly; and stock spin-offs it's adamantly put in the wrong currency. Early on, Intuit created a product called Quick Invoice that did exactly what I wanted: it wrote invoices, simply and reliably, in about five seconds. This functionality was eventually subsumed into Quicken, which made it laborious and unpleasant. My least favorite quirk was that its numbering was unreliable.

I now realize that I had come to hate the software so much that I more or less stopped dealing with it other than for invoices and stock quotes. The original purpose for which I bought it, to save money by keeping track of bank balances had long since been forgotten.

So, I say it's spinach and I say to hell with it. It will cost me at least $50 more than the price of Quicken 2007 to buy a decent piece of invoicing software and something like, say, Moneydance, and quite a few hours to start over from scratch. But at least I know that two years hence I won't be doing it again.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).