Gibson's Laws

In response to the deluge of requests, here are the current set of Gibson's Laws. By definition, they can change because I make the laws, but they're pretty static.

Interestingly, this is the first time I've actually written them down like this. It will be interesting to see the results. I was going to be all thermodynamic and have a zeroth law, but none of them seem that important - yet. Maybe I'll insert a zeroth law at some time in the future.

Gibson's First Law: "Fundamentally most people are good"
Maybe I'm too trusting, but I just don't want to believe that everyone is out to get me.

Gibson's Second Law: "The truth will set you free"
Controversial? I hope not. But I've believed this for years. The truth has always brought more good than bad. From this flows a corollary:
First Corollary to the Second Law: "Don't kid yourself"

Gibson's Third Law: "The more you think about security the more paranoid you become"
This law came out of the security projects I've done at work. The whole point of threat modelling and dealing to security is to try and be as paranoid as you can and then work out ways of dealing with your paranoia. Sort of like being your own psychiatrist, but creating your own psychoses in the first place.

Gibson's Fourth Law: "90% of people are stupid"
OK, here's a more controversial law. It became a law a few years ago at my previous company. I was surrounded by a number of very bright people, yet at every turn for weeks on end it seemed that nearly everyone else I was talking to just didn't have a clue. In frustration at the world I defined the Fourth Law to help me understand what I was dealing with - and it helped. By assuming that most people were stupid, it became easier to deal with them.
First Corollary to the Fourth Law: "I'm not one of the 10%"
Well duh.

Gibson's Fifth Law: "Why have 1 when you can have 2?"
A more recent edition. It might have come from the fact that I am doing architecture at the moment and spending a lot of time thinking up cunning ways of doing high availability and disaster recovery. But it works for wine too, and maybe even kids (I'll let you know if I ever have a second one ;-)

Gibson's Nth Law: "Regardless of the other laws, always listen to your wife"
If you're married, you'll know what I mean. I'm not trying to be smart or to placate my wife - there's method to the madness.

Sharon is the most important person in my life. At our wedding we got 1 piece of advice "Communicate, communicate, communicate". It's always worked for me. Sharon has a different perspective on life than I do, so a second opinion from someone I trust is invaluable.

It's called the Nth Law because it can override the others at times.

Anyone else got some good laws?

What is it about Softwate Architects???

My current job is solution architecture. Fundamentally, that means that for a set of requirements, I do the high level design to a point where I can produce an accurate fixed-price quote to complete the actual job we're being asked to do. The first part of that actual job is the detailed design.

One of the hoops I have to jump through to get my design signed off is a review by various architects to see whether my solution meets the overall enterprise architecture.

Now I thought I could be abstract, but man alive I've got nothing on these guys! They are in cloud cuckoo land. They talk about interfaces, contracts, defining things like "system" and "function". They can't answer a concrete question about anything. When I ask for architectural guidance on whether a solution is the right way to go, the best I've ever has is "that's an interesting idea, let's discuss it some more". They tell me I ask "important questions" but never answer them. They talk down to me because clearly I don't understand the big picture well enough. They get worried when the software I am proposing doesn't fit well into their architectural boxes. They want me to define "contracts" with systems that don't exist, when all I want is to propose an SQL query to read information from an existing database.

I propose a Wiki-based solution for something and apart from the fact it might introduce freeware into their blessed environment:
  • Is that where we want to go strategically with knowledge management?
  • Will it work in with the Identity and Access Management architecture (which they haven't written yet)?
  • Oh, yeah and are the users up to handling it?
Sheesh, all they want is a set of web pages that they can add information to when they learn something new. Eight weeks we've been arguing over this one.

Then I get an email telling me that we are too abstract in our solutions.

Give me strength!

I understand the need for architectural principles and the reasons behind what they are trying to do, but at some stage they need to get down off their pedestals and realise that there is more to live than their layers, domains, functional units and interfaces.

Rant ends.

More thoughts on passports - Gibson's Laws

Peter made a comment regarding my response to The Economist article I mentioned yesterday.

The more I think about this, the more I think I am in a quandary. My default take on many things is Gibson's First Law:

"Fundamentally most people are not out to get you"

By which I mean that while there are some real arseholes in the world, most people are not malicious and do not do things just to piss you off - they have a genuine reason (or at least think they do) to react the way they do.

The corollary to Gibson's First Law in the context of passports is therefore that most of this security crap isn't worth the effort because most people are not out to get you. If you do get caught, it's either because you're unlikely or you've changed the odds by going somewhere dangerous and doing something stupid.

The quandary
The quandary I am in is as a direct result of Gibson's Third Law:

"The more you think about security, the more paranoid you become"

Peter has raised a definite possibility for how this technology could be relatively easily used against me. I'm not convinced that it's worth worrying about, but it's possible. It comes back to where do we stop worrying. Security can never be perfect. Even if it could, we could never afford it - both in the monetary cost to implement it and the social cost of the restrictions it would place on people's lives. So my quandary is really, what if all my laws are wrong???? And that's too scary to contemplate right now.

Gibson's Second Law is a bit more controversial and will therefore be the subject of its own post at a later date ;-) as will the other laws.


Biometric passports

Having just subjected myself to having yet another terrible photo taken in order to get a new passport, I was interested to read this article in the Economist. It's come up on Bruce Schneier's radar too.

Biometrics is a "next big thing". The NZ government is, of course, working to create biometric passports to meet the US' entry requirements. That also means that if I want to go to the US without a visa, I'll probably need to upgrade my passport - yet another terrible photo. At least the camera shops will make money out of it.

Summarising The Economist
Leaving the discussion on whether or not biometric identification is a good idea in general, The Economist has three major problems with the technology:
  1. Interoperability is still a big issue.
  2. The error rate is as high as 10% on facial recognition.
  3. The data is not encrypted so anyone with a reader can access it.
None of these are major long-term problems (IMHO). Interoperability is an issue all over the world, but it's fundamentally a technical issue. The error rate will also improve over time. I think the third problem is more a red herring. Sure some terrorist could scan my passport by getting within 10 feet of me. But it's just as easy for them to steal it - they can steal my current passport already.

A lot of this is FUD - Fear, Uncertainty and Doubt. Sure terrorists are out there and travelling on passports - to get around this system all they need to do is apply for a passport from anywhere in the world in a false name - there must be a way. So they don't need to steal my identity.

So let's assume for a moment that we tightened up the entire worlds passport application systems, so that the only way for a terrorist to travel was to steal my identity. They need to get close to me, read the chip, load it onto their fake passport, get a photo of me and then make themselves look like me - so they should really just steal my passport - that's much easier.

How far will I go?
From an international travellers perspective, it comes down to what I am willing to give up to avoid the 2.5 hour cue at LAX? When I had my 6 month old daughter with me, it was quite a lot! I'd be happy if they had a camera on the wall with a passport scanner on it that keyed into me and my passport as I wandered past. It could even update the chip on the passport on the fly along the way. Of course then I'd lose all the cool stamps - which I don't want to give up.

I guess I'm a trusting kinda guy. I'm OK with letting Big Brother read some of my stuff, so long as I can tell him to 'naff off too.



I've blogged about the work my friend Alison has done before. Recently though, she sent through a news article showing some before and after shots of one of the patients. "Mate!", is all that can be said. (And I used to worry about pimples!)

Nothing short of miraculous.

Here's the before and after shots of Abu. There are lots more great stories on the Mercy Ships website.

Success Stories - Abu Before Success Stories - Abu After


Great weekend

Spent the weekend sitting in the sun in Christchurch. The whanua & I went down to see my brother & his partner. Excellent weather and a great time spent with Ciara running in and out of the surf at New Brighton. Too bad I had to come back to work.


Not at all what I expected

Here's an interesting website. Takes a few seconds for the Flash movies to load at times.


Clever, innovative, touching.

Just donate.


Anyone know a good requirements analysis methodology that doesn't cost the earth and take forever? I have some requirements that I want to formalise, validate and get signed off quickly.

The way I see it, there's a triangle - excuse the ASCII art. Must work out how to get piccy's in this thing.

/ \
/ \
Requirement -- Solution

If any arm of the triangle breaks, the whole thing falls down. So I think I want a way to validate the links.


Blogs I read

For what it's worth to all of you reading this, there are a number of other blogs that I keep track of. Personally, I use SharpReader to follow them all via RSS. It sucks memory like there's no tomorrow (50MB just to track a few RSS feeds - sheesh) but it works. At the moment I'm following:
Anyone of the zero people reading this have other useful suggestions?

Where is telecommunications going?

Now here's a heady topic! I don't intend to write up a "take over the world" strategy here. Although maybe over time, that is what will emerge. I'm using today's blog to get some thought down in writing. As no one is reading my blog yet, who cares anyway?

There seems to be a general consensus that VoIP is the way of the future. Companies like Skype have brought cheap (read free under certain circumstances) telephony to the masses. Whether the Skype model is workable long term is debatable in my opinion. Along with a few other people, I see some major problems with the Skype model:
  • You can't make money from it, long term. You can't support millions of people for free, that requires specialist infrastructure;
  • It's too hard for non-IT literate people to handle. For my grandma to use it, it's got to look, sound, feel and bill like a phone - i.e. it has to be a phone;
  • It requires your PC to be on all the time and connected to the internet (not good in the security conscious, capped DSL world). Although voice codecs are always improving, my 1GB limit is not large;
  • You can't carry your PC with you and wander around the house like a cordless or mobile phone - Bluetooth headsets are a start, but are currently limited to a 10m range.

An alternative to Skype that looks a little better is called Teleo. I picked up on it from Scoble's blog the other day. By redirecting from PC to mobile, they cut out one of the problems above. If they can redirect to mobile, why not a landline... etc.

Incumbent responses

Here's the kicker. What are the large Tier 1 telco's going to do about all this? They're not stupid, they know this is here and they are developing their own VoIP strategies. You can get IP PBXs and various enterprise level VoIP offerings already, but nothing mass market. The problem many face is that the per call cost of VoIP is perceived to be zero. i.e. the IP infrastructure is already in place and voice is just another form of traffic.

Note: So long as the codecs can handle this that's true. In high latency environments, voice traffic is still relatively good. High packet loss is more of a problem. The corollary of this though is that the conditions under which a simple VoIP service won't work are the same as those under which general internet performance degrades. i.e. if you try and break voice, you break everything else. A way around this is to offer Quality of Service-based (QoS) services to retail customers so you can differentiate voice from data, but then you come back to the whole cost question.

Commoditisation of bandwidth

Another challenge facing those with networks is that bandwidth is becoming a commodity. With the major fibre rollouts that occured in the late 1990's and early 2000's, there's a heck of a lot of dark fibre around. That means that if I want a 1Gbit connection from A to B, I can buy it, relatively cheaply. Third parties can also rent bandwidth for next to nothing. Who knows - maybe we'll see bandwidth on the futures markets before long? That said, it therefore costs large telcos with all this infrastructure lots of $$$ to maintain it for little gain.

So what's the answer?
Buggered if I know. If we assume that VoIP is the way things will go and that the large telcos want to hold onto this business (otherwise why are BT building the 21CN and migrating all their PSTN customers to it) then they need a business model for VoIP that works. I can't see them passing off a VoIP offering as a direct replacement for PSTN. On-net calls would need to be free and there goes a major revenue stream. However, maintaining that customer relationship is all important. Perhaps the answer is (once again) in services. i.e. "the profit's in the ink not the printer." Give them the capability for next to nothing and call charges go out the window. On the plus side, that simplifies the rating and billing side of things no end, which should bring some major opex reductions. Then partner with the content providers and charge them for that.


I like the idea of pay-as-you-go video-on-demand over IP (PAYGVoDoIP - wow what an acronym!) I don't want to pay lots of money for the priviledge of not watching a whole lot of Sky channels. I'd prefer a service where I can buy a single movie for more or less what I pay at the video shop, but do it from my remote. I'd prefer to buy a program schedule that I set up myself (kind of like Tivo) and only pay for what I watch. DYNAMIC is the word.

If my telco could give me that on my phone bill, I'd be interested.

More later this is long enough.



I have a friend (strange I kn0w) called Alison. She's a bit of a star. At the moment she's on a rusty old ship called the Anastasis moored of the coast of Benin (West Africa) where she's a theatre nurse mainly doing maxillo-facial work. The organisation she's working with is called Mercy Ships. They basically sail around the world to wherever they are needed, performing surgery for free. There's so much work to do that, for cataract surgery, unless you're blind in two eyes you don't get in. Alison went over in October for around 8-9 months. They're off to Liberia next.

It's a humbling experience hearing what they are doing for people.

And get this, it costs her around $US9/day for the priviledge of doing all this.

Anyone wanting to make a donation, get's brownie points from me.

Things I don't like

Begin rant

Yesterday was a hard day at work. Lots of staring at a computer screen. A few things got up my goat...
  • People who answer cellphones in meetings;
  • People who regardless of what they are doing or how important it is, always immediately respond to whatever hits their desk - like the phone ringing or someone walking up to them - especially when they are in the middle of talking to you;
  • People who, when they are unsure about something, decide the only response is to fill the air with words and hope that some of it makes sense;
  • People who are never around all day, don't read their email and then ask you if you've sent them something; and
  • People who are never around all day, then swan in making broad statements about things they haven't got the background on.
And that's just one guy.

End rant


Good ol' Kiwi music

Sigh. Sometimes, I think I'd going to go back in time and relive some parts of my life, knowing what I know now. What a great story it will be. All the time I wasted getting stressed about stuff that didn't matter.

Philosphy aside, today's little rant all came about because over the weekend I was listening to Luke Hurley's album High Risk. It is simply not possible to have missed Luke if you went to a New Zealand university in the 80's and early 90's. The guy was a legend. Every orientation he'd turn up with his guitar and sit in the middle of the Massey concourse and just play. He's had a few issues over the years, but he's just so damn talented. Listening to him play takes me back to when I was 19 or 20 and sitting in the sun for a couple of hours, listening.

Thanks Luke.


So what's WKID?

If anyone was reading this, I'm sure this is the first question they'd ask.

Unfortunately, that's my secret for now (until someone guesses it in which case I'll be really annoyed.) Don't worry about it too much, suffice to say that when I form my new company and take over the world, it'll be called WKID Inc. until I come up with a better name.


How the heck did you find this??? Oh well. Hello.

I have no idea how useful this will be, but I've always been a sucker for a trend so here I am on the bandwagon with the other umpteen gazillion people. I dunno, maybe it'll help me with my "issues".

I'd love this to become the hip, cool kinda blog that everyone talks about. Apparently to have a blog like that you've either got to be important, controversial or lucky (I'm off to buy the Lotto ticket now.)

The obligatory life story...
... is too boring to include here. Suffice to say it's nothing like I dreamed when I was 5, 10 or 15.
Basically, I am Kiwi. I've spent a few years overseas in various guises. I have an MBA from the
Open University in the UK and currently live in Wellington, NEW ZEALAND.

Things I care about...
All sorts really (particularly licorice ones.) I have a real sweet tooth. My musical tastes are eclectic (which is a posh way of saying I'll listen to anything.) I read to escape so nothing too heavy. Anything with a good story that doesn't make me think too much is great.
I'm a bit
anally retentive about grammar (that's the MBA talking) so feel free to bitch at me when I get something wrong - my grandmother does. I care about my family.

Other than that, I'm pretty easy going. I have an opinion on most things - especially those that I don't know much about. If I don't have an opinion I'm quite happy to make one up on the spot.

Anyway, let's see where this all goes...