Windows Live Credit Card Phishing

November 30, 2009 at 5:30 am (Credit card scam, Fraud, Phishing, Risk Management, Security, Shyster, Trust, Windows Live, confidence artist, credit card fraud, deception, deceptive, exposed, snake oil)

Phishing 

I recently received an email claiming to be from Microsoft Live. The email stated that due to some processing issues, they could not authorize my credit card and so I would need to login to their website to update my credit card information by clicking on their link.

Over the years, I have seen a number of these types of emails, but this was the first one targeting me personally.  After skimming through it, I realized that it was a blatant phishing attempt, nevertheless, I still marveled at the ingenuity of the scammers.

image

Billing and Account Management

Dear Windows Live Hotmail member,
During our regularly scheduled account maintenance and verification procedures, our billing department was unable to authorize your current payment method information.

This might be due to either of the following reasons:

  1. A recent change in your personal information (i.e. change of address, credit card)
  2. Submitting invalid information during the initial Sign Up or upgrade process.
  3. An inability to accurately verify your selected payment method information due to an internal error within our processors.
    Please use the following link to update your payment method information :

http://billing.microsoft.com/logon.srf?action=SignIn&reason=auth&type=auto&uid=187&acct=49472101102

The above link may have been blocked for your privacy. To activate the link please look for the Show content link that is usually located on top of this message.

NOTE! If your account information is not updated within 48 hours then your ability to use your Windows Live Hotmail account will become restricted.

Thank you for using Windows Live Hotmail!
Please do not reply to this e-mail, as this is an unmonitored alias.

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

  © 2009 Microsoft Corporation. All rights reserved.


For the uninitiated, phishing (pronounced “fishing”) is a fraudulent attempt to acquire sensitive information from a user.  Such information can be: credit cards, user IDs, passwords, and/or account information.  It is often accomplished via email or phone

Anatomy of a Phish 

Anatomy of a Phish Phishing falls into the category of exploits  known as “social engineering”. Even though they are mostly low tech, (requiring neither sophisticated technology nor advanced programming), they tend to be very successful because most people tend instinctively to do what they are told and will not challenge the authority and authenticity of what seems to be an official correspondence.

In a typical phishing scenario, the perpetrators (usually located offshore) send a simple email—claiming to be from the customer service department of a recognizable organization  (like a bank, on-line service, etc.)—the email will inform you of some  problem with your account. You are then instructed to provide details of your bank, email, or credit card account in order to correct this problem.

Even though, phishing exploits can have many variations, they can be grouped into the following are five usage scenarios:

  1. Forged identities — In this exploit, the attacker creates an email address that is related to a reputable organization like “Windows Live Customer Support”. Even though on the surface, their email address looks legitimate (as in: billing@windowslive.com), it is not. If you’re not paying attention, it can be easy to mistake a message like this for a genuine customer support request.
  2. Compromised accounts — In this exploit, the attacker uses a compromised user account to send an email to everyone in the address book for that account. An email you receive from a known account dramatically increases the credibility of that message, and therefore the likelihood of a successful phishing attack.
  3. Direct phone calls — In this exploit, the scammer may contact you directly by phone, telling you that they work for some financial institution (may offer to lower your interest rates) or the fraud investigation departments.  They will inform you that your account has been breached and will directly ask you for your account details in order to verify it.
  4. Bogus websites — In this exploit, the attacker will send you a link to what seems to be a functional website.  The site will include official-looking logos, language, or other identifying information taken directly from a legitimate websites. The address of the site will show resembles the name of a reputable company but with some spelling variations. For example, the name"microsoft.live.com" could appear instead as: “micorsoft.live.com
  5. Social Network Harvesting — In this exploit, a communication from a scammer will ask you for personal information.  You may mistake it for an email from a friend wanting to reconnect. The email will include convincing details about your personal life which ware recovered from social networks such as Linkedin, Facebook, etc.

In general, the objective of phishing is to recover your webmail credentials since the resale value of a legitimate web mail account on the black market can be as high as $2-$3—twice the amount they could get for a stolen credit card number.  So for a phisher, breaching several dozens accounts a day can be a lucrative business, making $100K-$500K for the life of the scam.

In the case of my phishing email, when I followed the link in it,  I was taken to a credit card entry form (Image 1). As I expected, the form looked genuine, it had all the right corporate trimmings: a Microsoft logo, copyright notice, and even a link to a help page (which ironically offered the following advice You should keep this number secret, protect it, and never write it on your card.”)

Phishing Credit Card Form

Image 1: Phishing Credit Card Entry Form

As with most phishing sites, I was expecting to find some bogus or misspelled Microsoft URL, but instead I was surprised to see that the web address of the webpage actually belonged to a company called Human & Technology H&T (Image 2), clearly, htech21.com doesn’t even sound like Microsoft.   I’ve checked the parent URL out and It turns out, that this company was at one point a legitimate Korean hardware CEO Jeong Kuk-Kyomanufacturer, than,  two years ago, their CEO was arrested and the company became the target of one of the biggest class-action lawsuits in history.

So what is the connection between htech21.com and this phishing expedition?  It appears that the perpetrators of this scam decided to cut some costs and instead of purchasing and hosting their own domain, they chose to break into the H&T corporate web site and place their credit card collection pages on it.  At one point, our scammers discovered that Human & Technology has gone out of business (this could also have been an inside job) and safely assumed that this orphaned website (which has not been updated for 3 years) is no longer being maintained or monitored, and as such, was a perfect staging platform for a phishing operation.

Phish Help WindowIt is also interesting to note, that the site’s help file focused on ATMs (Automated Teller Machines), strongly suggests that at least some of the phishing website contents have also been used in other scams.

Human & Technology Phishing Website Korean  Human & Technology Phishing Website English

Image 2: Phishing Host Website

It is hard to recognize legitimate customer service communications from phishing expeditions. This is difficulty if further compounded by the fact that for many, using services such as Amazon, EBay, and e-banking has now become a  a way of life.  For most users, the potential inconvenience of being looked out of their favorite on-line services outweighs the risk of disclosing their account information. Unfortiunalty, the on-line services are not helping this situation either because most are either impossible to reach by phone or their offshore support centers are largely useless.

So how does one survive in the hostile world of email exploits? The following are my top 10 Do’s and Don’ts of email:

  1. Do Not open emails that have a wrong or incorrect spelling of your name. Phishers often harvest email addresses in balk and may not have your full name. Because of this, they will try to guess your name from your email address.
  2. Do Not open emails that are not addressed to your name. Phishers will almost never personalize correspondences; they will refer to you as “Dear Customer” or “Dear Valued Customer” because they send balk solicitations to millions of email addresses.
  3. Do Not respond to any account management email requests that come from your bank. If your bank needs to reach you, they will send you an official letter or leave you a voice mail with a valid callback telephone number.
  4. Do Not open unsolicited emails. Nothing in life is free, this includes the invitation to view naked celebrities and the Prozac and Viagra offers in your inbox.
  5. Do Not use email links to go to any financial websites. Type in the URL yourself and save it as a bookmark.
  6. Do verify the website URL you are about to log into, check the spelling carefully before you provide your login details on any web page.  Pay close attention to domain name following the “http://” section of the address.  Many phishers will Intentionally create very long names to obfuscate the fake URL.
  7. Do log in to your on-line accounts regularly and look for unrecognized transactions.  Do the same with your monthly credit card statements.
  8. Do Not send your account details via email to anyone.  email traffic is unencrypted, so anyone on route can intercept the message.
  9. Do check that the Internet connection you are using is secure. Look for HTTPS in the address field of your browser.  Encrypted connection iconYou may also want to click on the padlock to view the actual server certificate.  This will help you verify that it was issued by a reputable authority and assigned to the company managing the website in question.
  10. Do make sure that you have an updated anti-virus software and that your firewall is turned on.

© Copyright 2009 Jacob Apelbaum All Rights Reserved   Read in Google Knol

2 Comments

Mortgage Refinancing Shysters II

November 2, 2009 at 3:50 am (Banking, Finance, Fraud, Mortgage, Refinancing, Risk Management, Shyster, confidence artist, deception, exposed, hypnosis, marketing, snake oil, whitewashing)

The Mortgage Shysters II

You are Getting Sleepier

In Mortgage Refinancing Shysters, Part I I wrote about some suspicious refinancing solicitation letters I got from the Intercontinental Capital Group (ICG).  After writing about it, I got several interesting comments. One cryptic comment came from what appeared to be a former employee who wrote:“I agree with your assessment on ICG and know this for a fact…” Now my curiosity was piqued.  What was it that this individual knew? 

I performed another search on the term “Intercontinental Capital Group and Fraud” but this time, the search returned many more postings about unscrupulous dealings. There were many negative comments regarding ICG, but I noticed that there were also a few positive ones written by apparently satisfied customers. 

The details of the pro-ICG postings were interesting. They appeared to have come from bona fide customers.  On the one hand, the language seemed to be unbiased acknowledging some bad online press while on the other hand the writers claimed that they were very satisfied with the quality of service they received from ICG and that the company was entirely above board. One example read:

…I previously cancelled an appraisal appointment that I had scheduled with this company because I read something online that got me nervous especially being a single mom that just got back to work after being injured. I checked out these links and feel a lot better. I am going to give them a call and hopefully the rates are still low because I really would like to get rid of this adjustable rate mortgage and lower my monthly payments.
by educatedconsumer August 6, 2009 5:13

Then last week, I myself received a similar comment on my blog posting from a user who identified himself as “Joseph.”  He wrote:

I received one of their letters and refinanced with them. They did a fine job and got me a good rate. I agree that maybe it wasn’t the best way of soliciting business, but it’s a tough market. Either way, they did the job they promised to do. 
by Joseph October 28, 2009 13:33

Now, I don’t know about most people, but I certainly don’t spend my free time posting positive comments on blogs trying to sway other readers to believe that allegations of fraudulent or contentious services are unfounded.

I suspected that Joseph had some vested interest in ICG. From the crux of the comment left by him, it seemed that he was so moved by his mortgage refinancing experience that he became overwhelmed with the desire to spread the good news about ICG to the rest of the world.

When I examined the comment source, I noticed that the e-mail associated with it was jennifermargulis@gmail.com.  Now it is possible that Jennifer, following the romantic style of George Sand, was using a pseudonym.  But on the other hand it was also possible that Joseph was Jennifer’s darker side, I have heard of stranger things before. So I did some more research, then I slipped into my feminine persona and contacted her via e-mail asking for mortgage refinancing advice.

It did not take to long before I received the following ICG e-mail:

Hi Brittney, 

Intercontinental Capital Group can probably give you a good rate and fast service. Their website is: 

http://www.intercontinentalcapitalgroup.com

You should contact Brad Allen over there, he can give you the information you’re looking for. His phone number is 212.485.9655. His direct e-mail is ballen@icghome.com

I hope they are able to help you!

Best, 

Jennifer Margulis

——————————————————————————————
Hi,

I am looking into refinancing my home mortgage and would like to get more information about your services and rates. 

Can you please provide more information about your offerings?

Best regards,

Brittney Darcey

The Internet search confirmed my suspicions that Joseph and Jennifer Margulis were indeed one and the same (see image below). It also turns out that Jennifer was in fact an ICG marketing employee on a company mission to remove the rotten apples from the barrel.  Apparently, she found my posting about her notorious company and decided to sprinkle some fluffy propaganda comments. To make them look more credible, her comments were disguised as coming from little Joseph, your all-American, happy and satisfied mortgage customer.

Jennifer Margulis ICG

Deceptive solicitation letters, whitewashing negative customer feedback and impersonating legitimate users in order to lure customers have no place in any business, even less so in financial organizations that, above all, should uphold integrity and honesty.

Caveat Emptor

© Copyright 2009 Jacob Apelbaum All Rights Reserved   Read in Google Knol

 

1 Comment

The Financial Advisor

October 1, 2009 at 4:29 am (Banking, Finance, Fraud, Risk Management, Security)

The Financial Advisor

Your Trusted Advisor

You can’t miss him. He’s the guy with the freshly pressed $500 suit,  designer silk tie, and imported Italian shoes.  His stylish  attire is elegantly complemented by an expensive fountain pen, a standard issue Rolex, the latest  cell phone, and a brand new luxury car.   His physiognomy is unmistakable, styled hair, white teeth, and a nice tan; a modern day Cary Grant.  

He’s a natural, standing out at every social gathering—in the fitness club, on the golf course, at church and synagogue.  He is jovial and funny, the toast of the party, a real screamer.  Always the first to introduce himself, reaching across the room with a friendly and firm handshake.

He loves sports and works out regularly. Which one is his favorite? Well, he loves them all.  If you let him, he’ll talk to you for hours about the Super Bowl, the NBA, or the US Open

If sports are not your thing, that’s ok, he’ll talk politics.  But don’t get him started! He has an opinion on all matters domestic and foreign, and he’s not afraid to share them with you.  He has strong convictions about capitalism, socialism, the government , the environment…you name it.

After just 10 minutes talking with him, you think “Wow, is this guy connected to the hilt!”  He just got back from Washington D.C (important meetings with policy makers and various other movers and shakers). And then, there is his story about the White House—and check this out: a wallet sized group photo with the local congressman\senator\governor. And did I mention that he’s on texting terms with several high profile celebrities?

He’s not a loner; he frequently travels with the wolf pack.  The lovely spouse is always nearby, ready to lend a hand.  She will strategically join the conversation and make a joke or a teasing observation on his account (“Oh, my husband! He is such a Neanderthal. Ha, ha, ha!”),  while your own wife whispers in your ear to check out his adorable son: “He’s only 7! Doesn’t he look mature in his tailored suit!”  The kid, as if suddenly activated by some mysterious homing device, makes a B-line towards you for a handshake. “That’s my dad. He’s a financial advisor!” he says proudly.

By the time you’re done shaking hands with the kid, you realize that he’s dad has moved on.  You watch him mingling with other guests working the room like a cowboy in a rodeo, quickly branding the fattened calves for follow up. Than he’s back, telling you a joke (about a CEO who signs a contract with the devil). Next comes the debriefing.  What do you do? Who do you work for? Where is your office? Before you can say “Pocahontas”, he’s punching your e-mail and cell number into his Smartphone

A few days later, as you are getting ready to grab a bite to eat, your cell phone rings. “Hey, how’s it going?” says the friendly voice “Who is this?” you answer confused. “It’s the CEO and the devil guy from last week,” he continues without skipping a beat. “Hey, I happened to be in your neighborhood and I’ve got something for you. Do you wanna do lunch? It’s on me.”  “Sure,” you reply, wondering what he can possibly have for you.

During lunch, he goes over more of the same routine. You discover that he either knows some C executives in your company or knows someone else who does and he hints that he can pull some strings for you. After lunch as you are preparing to leave, he springs a few expensive tickets for some sporting event and tells you that he and his significant other would love to have you and your significant other over in their private booth to watch the game.  “Come on, its going to be fun!” A few days later when you come home from work, you discover a few boxes of toys and a bunch of CDs and DVDs on your dining room table.  “What’s this, Honey?” you inquire.  “Mr. CEO/devil’s wife just dropped them off. She said that their kids just love them and she thought ours would too!”

This goes on for several months, with lunches, family get togethers,  tickets to see the Broadway show and offers to use his timeshare in Disneyland for free.  You eventually let down you guard; clearly these are such nice people. 

Then one lunch, your newfound buddy, with an intense look on his face, tells you about this amazing 3-month, double digit return investment opportunity. (But you have to act immediately!) “How much are we looking at?” you inquire. “Oh, not much,”  he says, “just 100K.”  You politely decline, telling him that you don’t have that kind of money to invest. He says, “can you borrow it from someone?” Sensing a high pressure sales tactic, you say that you don’t feel comfortable borrowing money from people.  Your dining companion loosens up and assumes his collegial persona again and says  “Hey, that’s not a problem,  I’ll keep my eyes open for other opportunities for you, but I don’t know if they’ll be as good as this one.” 

Then the conversation turns to your company and he starts debrefing you about acquisition plans, mergers, strategy, etc.  His questions seem strangely reminiscent. Oh yeah, you just recently went over them in the corporate anti-trust and insider information certification course.  Now you realize that he’s actually fishing for insider information. 

In a moment of complete mental lucidity, you suddenly get it. This guy is a professional shyster and he’s been playing you like a violin.  Now would probably be a good time to end lunch and this relationship.  But its not as easy as that.  By now, he has woven himself into your social fabric. Severing the relationship now would cause you and your family mental anguish and would probably require some form of unfortunate confrontation. And what about mutual friends; what do you say to them?

And then there is the doubt issue. Even though now you know he’s dishonest and deceitful, shouldn’t you give him a break? After all, he’s just a another guy with a family and a mortgage trying to make a living, isn’t he?  So, what do you do?

The moral of the story is that this is all a scam.  Don’t let your emotions get the better part of you.  These individuals (and their accomplices) are cold blooded opportunists. They could care less about you, your family, or your financial well being.  Their interest in you is purely financial and short term.  As far as what you perceived to be generosity (the free tickets, lunch, gifts, etc.), they’re just a device to make you feel indebted and emotionally dependent. 

Unfortunately, as many have discovered, few of us are immune from this type of relationship and manipulation.  If you think that being scammed financially only applies to the ship of fools,  check out the Who’s Who on Bernie’s list.

The majority of independent financial advisors\planners operate as one man shows and are not dissimilar to the elixir and snake oil salesmen of the Old West.  To compensate for the lack of substance (i.e. breadth and depth of financial knowledge and operational know how), they rent an office at a respectable address, contract with financial service processor like Investors Capital, and purchase an off-the-shelf website that comes pre-loaded with content and functionality like whitepapers, newsletters, and financial calculators. The rest, is pure social engineering.

Despite the aura of legitimacy the financial advisor\planners industry is trying to assume (through certification and NASD regulation), the fact is that it is riddled with dishonest, unscrupulous confidence artists.  If you need financial or investment advice, go with a large non-contractor or commission based company like Fidelity. They won’t be able to guarantee double digit returns, but they won’t lose your investment overnight either. If you are new to investing, do yourself a big favor and carefully read the information on the FINRA site.  You can also use some of their tools to check out your prospective broker buddy.

Good financial advice is hard to come by. Since most of us are not savvy enough to distinguish between the legitimate advisors and the Madoff  wannabes, you should stay away from all independent financial advisors\planners, regardless of how smartly they dress or successful they appear.   This especially applies to the ones you know through your social circles.

If you do happen to use an independent financial advisor\planner, you may want to scrub him against the following list of the 7 deadly sins of financial conduct.  If he fits one or more of these descriptions, it’s probably time for you (and your investments) to move on.

  1. Promising you any return on your investment (especially ones in the double digit range)
  2. Telling you about sudden investment opportunities that require prompt action
  3. Soliciting you for insider information and references for other potential investors
  4. Paying you in cash or using proxy accounts (like personal checks from a spouse)
  5. Exhibiting dishonesty of any type (i.e. asking you to attend financial sales meetings masked as social events or having previous SEC or NASD complaints
  6. Showing willingness to spend money on you for no apparent reason (including free lunches, gifts for the kids, etc.)
  7. Having a history of contentious job loss with larger financial institutions and lawsuits or litigation involving trading irregularities

Caveat Emptor 

© Copyright 2009 Jacob Apelbaum All Rights Reserved

5 Comments

It’s Good Enough for Me

September 18, 2009 at 5:35 am (Engineering, Management, Quality, SDLC, Software Development, Team Building)

Captain Giacamo

Fighting the Best Defending the Good

I commute frequently, so I tend to have some down time at the airport while sitting at the gate and waiting for my ship to come in. I usually use this window to catch up on my technical reading, but recently I decided to take a break and venture in to one of the book stores in the concourse. After skimming the offerings, I discovered a bookshelf filled with titles of the “How I Became the Best In ___, and How You Too Can By Simply Following My Easy Three-Step Program” genre. These books, mind you, are not cheep paper backs. I was looking at thick hardbacks, generously illustrated and accordingly priced. Apparently, the “How to Become the Best” series is booming.

This got me thinking: statistically speaking, the best of any kind takes up only a tiny outlier of the bell curve. So why the hype? Clearly, if this industry is thriving there are enough literate people out there who were willing to buy into the idea that being the “best” is worth their time and money.

Then a few weeks ago, I found myself confronted with this concept again. I was having lunch with a colleague and he raised the argument that the only way to win in today’s lean software market is to develop the “best” features and functionality. He expressed his strong conviction by recounting his recent experience at a trendy “how to become the best” seminar. “I am a new man,” he said, “This event has changed my entire outlook on product development”. “How’s that?” I asked, curious. He leaned forward, squinted, and in a lower and somewhat more mysterious voice, he summarized his newly acquired philosophy. He said that according to the presenters, Trump, Robbins, and Kiyosaki, success hinges on one’s ability to tap into one’s inner best. Either you’re Napoleon or you’re out of the game.

At this point, I was done with my burrito and so I seized the opportunity to respond in kind with a rival French metaphor. I quoted Voltaire: “Le mieux est l’ennemi du bien” (The Best is the Enemy of the Good). Wellington, I pointed out, was by no means the best, but he certainly outlasted Napoleon in the game.

My companion was startled and said he didn’t understand what I meant. I offered an explanation: “It’s not that I am a proponent of mediocrity; to the contrary,” I said, “I pride myself on my attention to quality, schedule, and cost. I don’t have a problem with the theoretical concept of endeavoring to be the best; what prevents me from striving militantly for perfection are the practical constraints of achieving it.

Of course it’s easy to invoke demagoguery and claim that it’s either “best” or “bust”. Many development managers adapt this mistaken philosophy, assuming that it has a positive motivational value. The average corporate culture doesn’t help dispel the myth either, by creating unattainable criteria for bonus and personal performance evaluations. Regardless of how fond of the cliché’ you may be, unfortunately preaching the best when it comes to delivering software under time, quality, and budgetary constraints is one thing, actually being able to deliver on such promises is quite another.  If we learn anything from human endeavors, it is that “good enough” is more than acceptable. As far as I know, most of us don’t drive the best car on the market, live in the best built house, or exclusively buy the best clothes or appliances. Compromise is the order of the day.

My favorite story that illustrates this concept is the World War II race to develop the radar. Both British and German teams were aware of the tremendous operational and strategic advantage this new technology could offer. The German development team had the more advanced science and superior technology. Their radar was more accurate, had a longer range, and provided fewer false-positives. The German team—true to their cultural heritage—was striving to develop the best apparatus possible. The British team was smaller, less experienced, and had inferior technology. But from the outset, it adopted the motto: “Second Best Tomorrow”. This philosophy eventually allowed them to release an inferior but working radar earlier than the Germans thus winning the race and ultimately tipping the balance of power.

Cheap (often free) and simple software unhindered by stringent SLAs is popping up everywhere. Most of us now get our breaking news from Google aggregation and personal blogs, case in point. We make free, long-distance calls on Skype (and don’t mind the low QoS), watch video on tiny iPods screens rather than high definition TVs, and more and more of us are using low-power and relatively insecure cell phones that are just good enough to meet our surfing and emailing needs. For many leading companies, the distinction between good enough “beta” versions and commercially “best” products has blurred beyond recognition. (Gmail has finally come out of beta after more than 5 years.)

To be successful in commercial software development, one must fight the urge to gold plate by adding late stage functionality. One must also learn how to be firm regarding ad nauseum pressure for application re-writes, all in the name of making it the best.

Contrary to what the motivational posters profess, when it comes to shipping on-time, the pursuit of perfection can become your worst enemy. The same also applies to excessive QA and testing.  In the end,  even the most comprehensive white, gray or black box tests can only provide a projection of how your application will perform.  The ultimate usefulness gauge are the real users. The earlier you release your product into the wild, the faster you’ll discover if it adequately fills a need.

As I have discovered on many occasions, building a good enough product and releasing it early enough is good enough for most customers—which is good enough for me.

© Copyright 2009 Jacob Apelbaum All Rights Reserved

Leave a Comment

Political Science 101

August 10, 2009 at 7:28 pm (Education, Engineering, Management, Quality, science)

Political Science 101

The Arrest of Science

Having kids in elementary school comes with several important parental commitments. Ranking high among these is the participation in the yearly science project. The main objective is to expose kids to the fundamentals of the scientific method. Following the principal of "learning by doing," children, with the assistance of their parents, are required to conduct and showcase a yearly science experiment.

In our school district, exhibition day is a long-awaited, festive event with hundreds of projects being showcased at the school’s gymnasium. It is a great opportunity for families to mingle and view each other’s work. To spice things up a bit, at the end of the event, a panel of teachers selects the top three projects for each grade. The 1st place winners are then entitled to enter their project into the yearly regional competition that takes place at Brookhaven National Laboratory, a much coveted honor.

Although it is a great concept in theory, for some, the yearly science project can become a dreaded event, often testing a family’s procrastination capacity to the limits. On the weekend prior to the project’s due date, it is not unusual to find many agitated parents with kids in tow still scouring craft stores for project display boards and other supplies. In our family, however, we’ve come to view this assignment as an important pedagogical opportunity worthy of careful planning and execution.

Being a fan of Richard Feynman’s writings, I enjoyed reading Surely You’re Joking, Mr. Feynman! In addition to being an excellent primer for the budding technology hacker, the book inspired me to instill in my kids the importance of not falling victim to the "Cargo Cult Science" syndrome, but instead to think out to the box and be honest and original in one’s approach to discovery.

As it turns out, this has been a winning strategy for us. Since we started conducting science projects 4 years ago, we’ve been fortunate to have won 3 first place awards. Some of our past projects included experiments on a plant’s circulatory system, heat conductivity in solids, sound propagation in a vacuum, and the algorithms and mathematics used by a spider to construct a web.

This year, during a routine morning school drop off, our 4th grader, Sheva, noticed that a traffic bottleneck formed regularly at one of the entrances to her school. After discussing her observations during dinner and failing to come up with a good explanation for the phenomenon, she proposed to dedicate her experiment to deciphering it.

Over a period of several days, we examined traffic patterns, (volume, arrival and departure times, vehicle speed, etc.), but it seemed that there was no single significant cause to which we could attribute the formation of the bottleneck. We were stumped and unsure as to how to proceed. It was during one of the site visits that my daughter noticed a hawk hovering over the area. She commented that it would have been great if we could observe the traffic from above. Well, I thought, we may not be able to fly over the site like a hawk, (it is a residential area so a fly-over in an Ultralight would be out of the question), but we could certainly build an airborne observatory to do it for us.

After considering options, we decided that a fixed winged propeller driven aircraft wouldn’t work because the wind gusts at the area can reach up to 40 mph. Another constraint was that we would need a sustained, 30-minute flight to capture the entire bottleneck sequence which would be prohibitive.

In the end, we decided to build a lighter than air aircraft (Image 1) and after an intense weekend of design and fabrication we had a functional observatory. It took several test runs to get the flight characteristics and image quality right, but by Monday we were ready to conduct our operational flight.

Aerial Traffic Observation System (ATOS)

Image 1: ATOS (Airborne Traffic Observation System)


Flight Navigation and Imaging Specifications
  • 4′ Chloroprene weather balloon with 1.7 lbs of lifting capacity
  • Riveted aluminum base cradle
  • Flight control and stabilization via 2 tethers
  • Canon FS100 Flash Memory (16 GB) camcorder with image stabilization
  • Wireless broadcast via an Amimon’s wireless modem, streaming HD 1080P/24 video at 120 Hz over an encrypted connection to a base station laptop

The first flight of ATOS was smooth, producing an excellent video feed (Image 2). Back home after evaluating the images, Sheva almost instantly identified the source of the bottleneck.

It was apparent that the two-way traffic at the entrance to school was restricted to only smaller vehicles. As soon as the school buses arrived for their daily drop-off and pick-up, they forced all vehicles into a single file, which resulted in the immediate formation of a bottleneck.

Aerial View of Traffic  
Image 2: Aerial View of Gate and Traffic

This discovery was somewhat puzzling because, from the ground, the road (which is nearly 31′) seemed wide enough to comfortably support the passage of two side by side buses. So, on our next field trip we decided to measure the gate (Illustration 1) that blocks the entrance in question. Armed with the gate’s measurements, we then consulted the traffic calming section in the NY highway design manual and quickly concluded that indeed the gate was at fault.

Gate Dimensions   
Illustration 1: Gate Dimensions

So science aside, installing a gate that blocked over 30% of a high traffic thoroughfare was clearly a bad idea, not to mention that it violated numerous design codes. The gate and the fences that are attached to each of its sides also posed a series safety hazard because drivers who were unaware of the obstruction might plow directly into the fence, while still others who miscalculated the gate’s clearance could potentially scrape the posts supporting the gate.

On the day of the science fair, I approached the school principal and inquired about the origin of the gate. I explained that it appears that someone had either made a design or installation error because the gate’s posts should have been placed on the sidewalk curbs, off the driveway. The rationale for this being that when the gate was completely open it would allow for unrestricted traffic. The principal told me that the decision to construct the gate preceded her time in office and it had been influenced by the homeowners just down the street who complained that the traffic had become a nuisance. To reduce the traffic in order to appease the homeowners, the school agreed to install the gate as built.

Not satisfied with this explanation, I proceeded to point out the hazards posed by the gate as it stands and began to enumerate various doomsday scenarios. The principal’s otherwise cheerful demeanor suddenly darkened and after a quick and nervous glance at her watch she said that it was unfortunate that our meeting had to end so abruptly, but that she had to run to an important conference.

On the way home, my daughter who had been standing by me during the entire conversation with the principal asked me if, now that we’ve provided a scientific explanation for the formation of the bottle neck, the school would fix the problem. I thought about it for few minutes and said, "Probably not."  She asked “why?”, I said that unfortunately, sometimes in the short term, politics can trump scientific discovery. She was visibly disappointed and said that she worked so hard on this experiment and it all turned out to be a complete waste of our time. I told her that even though we didn’t win, we still conducted a great experiment and independently discovered and solved an interesting puzzle. And by way of analogy, I told her about the Galileo affair and how despite his mistreatment by the inquisition, in the end, his theories eventually won acceptance.

A few days after the science experiment, my wife, while waiting to pickup our daughter from school, struck up conversation with another parent who seemed to be somewhat annoyed. "Why the long face?" she asked. "Well," said our neighbor , "Just a few minutes ago while driving into the school parking lot, I was being polite and making extra room for the car approaching me, but I miscalculated the width of the opening and scraped the side of my van against the gate post." She had carved a deep gauge in right hand side of her van from wheel rim to wheel rim.

That evening during dinner, my wife recounted the story of the accident. My daughter at first thought that my wife was making the whole thing up, but after hearing that it was the mother of one of her classmates, she asked for permission to call her friend to verify the facts. When she got back to the dinner table, she had a look of disbelief on her face. “That’s exactly what we told the principle could happen!” she said. “We sure did,” I said.

She remained silent for few seconds and then I noticed a twinkle in her eyes.

© Copyright 2009 Jacob Apelbaum All Rights Reserved

4 Comments

The Vatican Loves Me, it Loves Me Not

July 6, 2009 at 12:57 am (Art, History, Management, science)

Science Vs. Dogma

Science Vs. Dogma

A few years ago, I read a series of articles about the Vatican’s plan to reconcile the Galileo affair.  The decision to reach this important milestone was by no means a hasty one; it was concluded after the Pontifical Academy of Sciences (the church’s leading scientific minds) deliberated every aspect of the case for almost 13 years.  To the average person, pondering a question for 13 years may seem a bit excessive, but when dealing with a 400 year old grudge, you can’t hurry love, you just have to wait. Net-net, I was delighted to witness the curtain descending on this, the final act of one of the saddest episodes in the history of science.

In a follow-up article I read that the Vatican was even prepared to go one step further. In a gesture that could only be described as brotherly love, they were planning to immortalize the father of modern science by erecting his statue near the apartment where, in 1633, he was incarcerated while awaiting his inquisition trial. This was getting better and better.

So, on a recent trip to Rome I decided to seize the opportunity and drop by the Vatican to pay my homage to Mr. Galilei. Not being familiar with the neighborhood, I consulted one of the Swiss guards for guidance. The soldier, in a somewhat disinterested voice, informed me that there was no statue of Galileo in the Vatican.  Here, I thought to myself, was an opportunity to one-up my mercenary friend. "Haven’t you heard about the Pontifical Academy of Sciences and the decision to erect the statue?" "Oohh, that?" he replied, "that project was canceled". 

I have to admit that at first I suspected my guard friend was out of the loop, but after performing a quick internet search on my Pocket PC I confirmed that indeed, the Holy See had decided that the funds originally allocated to the project were re-appropriated instead to an African educational program aimed at teaching about the interdependency of science and religion. Clearly the hand that gives can easily take away; but why? Why would the Vatican go through all the trouble of 13 years of meetings, making news announcements and publicly committing to erect a statue no less just to renege at the last moment? 

Last week, as I was rummaging through some magazines I fell upon an article written by Father Jose Funes, the Jesuit director of the Vatican Observatory. In the article, Father Funes theorized that if aliens existed, they were absolved from redemption because, contrary to us sinful humans, they were already in "full friendship with the creator".  After rubbing my eyes and rereading the article a few more times, (it read like something Father Ghido Saraduci might have written), the answer to the whole Galileo affair finally came into focus.

The explanation for the church’s apparent Dr. Jekyll and Mr. Hyde personality disorder had nothing to do with Galileo being right or wrong or the validity of any specific theory. At the core of the issue were the Pandora box that Galileo unlocked and the resulting devastation the scientific reasoning unleashed on the church’s authority. Where before the scientific revolution, natural disasters, war, diseases, and poverty could easily be explained as by-products of sin and demonic forces, now these explanations were no longer believable. 

The statement that theology and science share a common interest in questions such as the origin of the universe could be true, but there ends the commonality.  Legitimate scientific discoveries are driven by strong individual curiosity and doubt. The church’s scientheological research is driven by orchestrated attempts to harmonize dogma.  Where true scientific research is concerned with tangible results and the generation of derivative value such as useful technology, the Vatican’s scientific examination produces explanations to questionable theological concepts such as the redemption of aliens.  

For a scientific theory to flourish, everything must be open to examination; the observer must constantly reevaluate the universe and construct models that better fit his observations.  This almost cannibalistic process results in the wholesale destruction of old theories (most serious scientists no longer advocate explanations that are based on theories such as the Aether or the Four elements). But for the church, this constant construction and deconstruction of ideas makes it impossible to maintain a consistent position on any subject.  Being fully aware of the pending doom, they fought tooth and nail to preserve the status quo by enforcing models like the Ptolemaic system.

From the historical prospective, it is interesting to note that Galileo’s scientific revolution coincided with several critical events in the 30 year war (like the Battle of Breitenfeld). The Vatican quickly realized that the opening floodgates of scientific reasoning coupled with significant changes in the European political map would pose major threats to its hegemony—a fear which within 50 years (starting with the treaty of Westphalia) became a reality upon the birth of the sovereign nation-state and the rise of the secular society where science and free speech would thrive.  Not having an effective antidote, the Vatican concluded that the Counter-Reformation did not work and the only cure to halting the pandemic spread of scientific thought was the re-mobilization of the Inquisition, the Jesuits, and a new edition of the Index of Forbidden Books (containing writing by such troublemakers as Giordano Bruno and Johannes Kepler). 

Having a monopoly on truth and its interpretation goes a long way towards building one of the best selling brands in history. Being the oldest, largest, and most successful multinational corporation made the church perfectly adept at playing the public relations game and mastering of the art of simultaneously speaking from both sides of its mouth. Now, I know, some would argue that this is a cynical simplification of the church’s attitude toward science and that the Holy See would never utilize such tactics.  If you are one of the skeptics, I invite you to read the following completely contradictory papal statements regarding Galileo:

Loves Me

  • Pope Pius XII, in his speech to the Pontifical Academy of Sciences, described Galileo as being among the "most audacious heroes of research … not afraid of the stumbling blocks and the risks on the way, nor fearful of the funereal monuments".
  • Pope John Paul II admitted the Church had made a "tragic mistake” in rejecting Galileo’s views and offered Galileo a sincere apology.

 Loves Me Not

  • Joseph Ratzinger, (at the time still yet to become Pope Benedict XVI), described the Galileo affair as "a symptomatic case that permits us to see how deep the self-doubt of the modern age of science and technology goes today." He then quoted Paul Feyerabend, saying “The Church at the time of Galileo kept much more closely to reason than did Galileo himself, and she took into consideration the ethical and social consequences of Galileo’s teaching too. Her verdict against Galileo was rational and just and the revision of this verdict can be justified only on the grounds of what is politically opportune.”  Cardinal Ratzinger further commented about Galileo’s trial and concluded that it was "fair and reasonable".

I encourage you to reconcile these statements. If you do, please drop me a line and I will do my part to ensure that in the future, your statue too gets erected in the Vatican.  Where specifically, you ask? Why, right next Galileo’s.

Peace.


© Copyright 2009 Jacob Apelbaum All Rights Reserved

Leave a Comment

Mortgage Refinancing Shysters I

June 3, 2009 at 4:42 am (Banking, Finance, Fraud, Industry, Mortgage, Refinancing, Risk Management, Security, Shyster, Trust, e-Commerce)

 The Shysters

So you’re Looking to Refinance?

It may be true that David Hannum was the first to observe that suckers arrived in the delivery room at the rate of one per minute (ironically, he himself turned out to be a colossal sucker), but it took the marketing genius of P.T. Barnum (the man behind such novelties as the bearded lady) to turn gullibility into fortune. The world has changed significantly since the days of Barnum’s traveling freak shows where access to a new audience required lengthy cross country trips. Today, the Internet provides a virtual big top circus ripe with new ways to reel in and deceive, complete with unlimited seating for millions of new victims.

Eberhart and Kennedy in their excellent treatise "Swarm Intelligence" suggest that deception is quite common in social populations and they point out that all of us regularly practice it to one degree or another.  In support of their argument, they discuss the well documented El Farol algorithm frequently used by individuals to effectively compete in social communities in order to gain material or social advantage.

I recently I had occasion to consider this maxim and even try it on for size.  A practical and logical individual, I am by no means naive, so I was surprised—even blindsighted!—to discover that a certain financial advisor that I know personally is in fact a grade A shyster.  This got me to thinking about the varying shades of dishonesty and gullibility and the gray area that exists between telling "the truth and nothing but the truth" and outright lying especially as it pertains to financial solicitations.

You may have noticed that over the last year as the economy has spiraled out of control, the number of mail offers for mortgage refinancing has increased significantly.  The banks—which in the past were the traditional providers of such services—are still hemorrhaging profusely from the blunt trauma inflicted on them by the collapse of subprime mortgages. (I certainly don’t get any more solicitations for HELOC.) In what is further proof of the principal of horror vacui, it seems that the legitimate banking mortgage industry has now given way to a new breed of entrepreneurial ventures.  These con-corporations have smelled the blood in the water and are aggressively following Mr. Bigweld’s motto: "See a need, fill a need".

Realizing that many of these solicitations were probably rip-offs, I decided to test the waters to see if I could find out who was behind one of them.  As it happens, I didn’t have to wait long before receiving another mortgage refinancing solicitation letter. This one was from the Intercontinental Capital Group (ICG) and instead of sending it directly to my circular bin, I opened and read.

Intercontinental Capital Group Letter 1

Intercontinental Capital Group Solicitation Letter 1

Intercontinental Capital Group Letter 2 

Intercontinental Capital Group Solicitation Letter 2

On the surface, the language and content of the letters (see both versions bellow) was drastically different from the one I’m accustomed to receiving from my bank.  Whereas previous solicitations were factual and down to business, this one was laced with crafty and deceptive language.

After examining the details I found the following noteworthy features:

  1. Disingenuous Claims of Previous Communication—In order to lower suspicions and fake familiarity, the letter claims to be a follow up on an already established relationship and ongoing communication.
  2. Design to Deceive—The letter contains what on the surface appears to be a legitimate application number, a "second notice" tag, a recognizable equal housing lender logo and acronyms of well known public and federal organizations.  In fact none of these details has any significance and are there simply to create the semblance of legitimacy.
  3. Vague and Deliberately Confusing Language—The letter states that ICG is "unconditionally endorsed by the U.S Department of Housing and Urban Development".  When I called the toll free number I heard: "Thank you for calling the FHA application processing center". ICG is certainly not a Federal Housing Administration (FHA) application processing center as the FHA neither issues loans directly nor has an application processing center.
  4. Skin Deep Corporate Internet Presence—On the surface the company web site appears to be fully functional, but when I tried to use some of its key functionality (login, change password, etc.) I quickly discovered that none of it worked.

Being deceitful in marketing is not news (see Mortgage Refinancing Shysters II for more details), so respecting that any marketing campaign will always necessarily be laced with a certain amount of dishonesty (Seth Godin thinks that All Marketer are Lairs), I was ready to let this one go. Just before doing so, it occurred to me to Google "ICG" and lo and behold…it turns out that this shadowy and mysterious organization not only stretched their marketing collateral, they actually had  some serious run-ins with at least one state banking regulatory agency (failure to submit financial statements and comply).

It appears that the vacuum created by the retreating lending banks is being filled in by old style confidence and run of the mill Internet scam companies. Be mindful of this and remember that "there’s no such thing as free lunch".  If the mortgage refinancing offer you received looks too good to be true, it probably is.

Caveat Emptor.

© Copyright 2009 Jacob Apelbaum All Rights Reserved

12 Comments

Social Networks vs. the Enterprise

May 27, 2009 at 3:58 am (AI, Engineering, Industry, Social Networks, Software Development)

He was Faking it

He was Faking it

Cicero decreed "fame is the thirst of youth". Nowhere is this mantra more pronounced than in Hollywood’s superlebrity industry.  It may come as a surprise but this same thirst is also the main force behind social network’s rapid rise to stardom.  

In a similar fashion to the celebrity business, many of the leading social platforms have developed a following totaling hundreds of millions of users (more than all the traditional commercial on-line services combined!).  But contrary to the entertainment industry that only parades the rich and famous in static fashion, the social networks provide an effective array of tools to help users realize and enhance their on-line digital personas.  Some of the current sampling includes effective mechanisms for self promotion (such as Linkedin and Facebook) and platforms that foster collaborative efforts on an unprecedented scale (such as Wikipedia).  To all but a few Neo-Luddites, these applications are ushering in the age of technological utopia.

But alas, every garden has its resident snake, and such is the grade A serpent found in Social Network’s Garden of Eden.  What many of us don’t realize is that the same characteristics that make the social networks so attractive are also their greatest limitations.  As the size and proliferation of these applications continue to increase, so will the pressures on traditional technology organizations to incorporate similar functionality into their line of business enterprise products. So where is the problem you say? Well, incorporating this technology into the old enterprise will most likely be done via acquisition of existing products (like the News Corp purchase of MySpace) which ultimately results in the conversion of free and cool applications to full fledged (and dull!) commercial advertising platforms.  Either way it will have certain predictable side effects on the user population not dissimilar to mixing alcohol with sleeping pillsFlanders and Swann have captured the essence of this conflict in their famous song "Have Some Madeira, M’Dear":

She was young, she was pure, she was new, she was nice,
She was fair, she was sweet seventeen.
He was old, he was vile and no stranger to vice,
He was base, he was bad, he was mean.
He had slyly inveigled her up to his flat,
To view his collection of stamps.
And he said as he hastened to put out the cat,
The wine, his cigar and the lamps,

Have some Madeira, M’Dear!"

If you are wondering what this witty Edwardian ditty has to do with social networks and the enterprise, wonder no more.

Over the last decade we have become accustomed to the sweet tasting fruits of strict SLA’s, strong security and access controls.  Most users now instinctively expect a high degree of 24×7x365 enterprise software availability (which includes corporate e-mail systems). Unfortunately, this is exactly what the social networks cannot deliver (recall Gmail outages).  Very much like superlebrities, they look great but when it comes to actual long term commitment and performance they’ll break your heart.

A quick glance at the most common error messages found on any social network reveals that availability and up-time are their Achilles heel.  This in itself is a clear indication that these platforms are not enterprise ready. Their business models are based on casual and non-contractual usage and their applications should not be relied upon to provide any sort of SLA.  The error messages we get from our favorite social networks may be adorable, but the causes for these messages are hardly cute and cuddly.

Social Errors

Social Errors

Any enterprise architect worth his weight in salt would immediately identify such error messages as show stoppers for the enterprise product. Big commercial software—suffering from no shortage of good software architects—is fully aware of such system limitations.  The real paradox is that even though big soft and media companies would love to exploit the cool and trendy social networks (for commercial purposes of course), they can’t because for the last 20 years they have been preaching the message that any product that cannot be governed by a strict SLA has no place in an enterprise data center.

Such is the sting of irony.

© Copyright 2009 Jacob Apelbaum All Rights Reserved

Leave a Comment

The Anti Socials

May 19, 2009 at 8:47 pm (AI, Engineering, SDLC, Social Networks, Software Development, e-Commerce)

The Anti Socials

The Anti Socials

I recently had an opportunity to discuss the question of social networks vs. commercial software at great length with a fellow airplane passenger who happened to be a SVP of technology in a fortune 500 company (which will remain unnamed here).

As we were preparing for takeoff on a cramped CRJ50, I took out my current reading assignment: SYNC: The Emerging Science of Spontaneous Order. My neighbor sitting in 1D inquired about the subject of my book and during the course of the bumpy flight and the conversation that ensued, he bemoaned his inability to understand how relatively young startups the likes of Facebook, Twitter and Linkedin were so rapidly able to develop so much rich functionality and capture such a large market share, while other much more mature organizations with much bigger budgets and talent pools were failing to make any such inroads.

His frustration is by no means unique. It is a shared by many large technology companies such as IBM and Microsoft which at present are still scratching their head trying to figure out if this social networks thing is for real and does providing a communication platform for income-challenged teenagers makes any commercial sense.  

To see just how hesitant the traditional software cartels are to dip their toe in the chilly and profitless waters of the social media, examine the social network landscape. I challenge you to identify even one significant, viral product developed by any of the major software vendors.

One example that illustrates this failure to improvise, adapt and overcome is Microsoft’s difficulty in harnessing the emergence of blogging and SMS as commercially viable services. In 2004, after some soul searching, they concluded that it was unlikely that products like Linkedin  would be commercially viable because—they guessed—few professionals would agree to pay a monthly subscription for them. In 2005 even after it became clear that users were indeed moving en masse to open and free social platforms, Microsoft continued to insist that this was just a fad and what these users really needed in terms of social networking were minor improvements to the MSN subscription service, Office Live and Windows live platforms.

For Microsoft and other leading commercial software vendors, social networking has to be a subscription based because their entire operating model is based on reoccurring revenue (either via subscription, licensing, or advertising). 

Yes siree, for big soft, it’s one of those ‘damned if you do and damned if you don’t’ scenarios. You may find it hard to believe, but the same organizations that made their fortunes outdoing each other with applications like the spreadsheet are now missing the train big time on what is clearly the next killer platform. In what appears to be a blockbuster sequel to Oedipus Rex, they are powerless to leverage this newfangled phenomenon to make any money or capture market share.

Microsoft and IBM are certainly not unique with regard to this model. AOL with its Messenger product is another good example of how to squander your entire user base. Following a slightly different tactic, they offered a “free messaging service” with the small caveat that the user would need to install a fat and intrusive client that would quickly pay for itself by monitoring all of your Internet (and network) traffic all the while serving up unwanted advertisements.  

If you think that this form of Myopia only affects the software companies, think again. Traditional communications organizations like Avaya and Nortel which should know better (because of their proximity to the social segments) are still trying to survive the proverbial 7 lean years in the hopes that the public social network phenomenon is just a fleeting narcissistic fad fueled solely by generation X’s and Y’s fascination with exhibitionism. In their vision of market paradise, all future social networks will once again go back to being routed and controlled through their proprietary appliances and just like in the good old days they will once again skim the fat profits on a per-server\user license basis.

Whether you like it or not, the social networks are here to stay. They provide meaningful social interaction, are fun to use, and ultimately do what good software is supposed to do: connect people and give them more control over their lives.

My advice to big software is to heed Dylan’s words: “The Times They Are a-Changin”. Don’t wait any longer; jump in now and contribute to the social networks development effort by providing free and open source applications (Seadragon and Wave would be two great candidates). As contrary as it may seem to your operational philosophy, disregard the immediate profitability question and do it because of the tremendous social benefit these products could offer. I have no doubt that in due time, the money and champagne will follow as well.

Peace.

© Copyright 2009 Jacob Apelbaum All Rights Reserved

2 Comments

The Death March

April 20, 2009 at 3:56 am (Engineering, Management, SDLC, Software Development, Team Building)

The Death March

The Death March

Most software development professionals view themselves as the masters of their own destiny, analytical and calculated, wisely exercising free choice in all matters of importance.

This was certainly my mental image of myself as well until several years ago, when I gradually came to realize that given enough time on the job, even the most experienced development manger will eventually have to venture into that dark and irrational world of the death march project.   

For those unfamiliar with the term, a death march is not a walk through Ezekiel’s valley of dry bones.  Rather, it is a reference to a development project where requirements either exceed the realistic deliverables by at least 50 percent or where critical resources are cut in half without adjusting functionally and schedule delivery accordingly. 

Contrary to the common misconception, death march projects are not limited to only naïve and over ambitious startups. To the contrary, they are also quite common in large and mature organizations that should know better yet for some poorly understood reason continue to practice every form of anti pattern known to man.  How do I know this? Well to confess my sins, over the years I’ve participated in several of these projects and even have initiated a few of them on my own.

Perhaps you are wondering why any rational person would choose to participate in or initiate a project that from its onset is clearly doomed to fail. The answer has to do with the adaptive strategies we use in order to survive in highly competitive and schedule driven corporate environments.

When performing a post mortem, most death march software projects typically exhibit the same pathology. The prominent finding is that the team has worked twice as hard and/or twice as long as would be expected in a "normal" project. So for example, if a normal work week is 45 hours, then a death march project team works 15-hour days, six days a week for a 90 hour week. Of course, thanks to a steady diet of caffeine and management coercion, the pressure within the team eventually escalates beyond control and leads to project failure. 

The psychological drivers behind the willingness of individuals to join what is clearly a long and drawn out sadomasochistic exercise primarily stems from the strong disdain that many of us have for organizational politics and our refusal to take any part in it.  Unfortunately, by not participating in the political horse trading, we sacrifice our ability to effectively influence these irrational projects and leave all the decisions to corporate politicians who have little stake in the actual development effort.

Scott Adams, commented on this form of irrational behavior:

“Nothing defines humans better than their willingness to do irrational things in the pursuit of phenomenally unlikely payoffs. This is the principle behind lotteries and dating…”

Having reached this realization myself, I eventually started wondering if there were any early signs or warnings that could help identify an imminent death march. After some introspection and reexamination of previous projects, I have come to conclude that any of the following three (individual or combined) project scenarios will almost guarantee the formation of just such a project:

  1. Naivety of YouthThe schedule has been compressed to less than half the amount estimated by historical precedent; so for example a project that would normally be expected to take six months will be set to be delivered in three months or less.  This form of a death march is most common in startups and "Internet time" development environments that naively believe that when it comes to their ability to deliver the “sky is the limit”.
  2. The Senility of Old AgeThe development team has been reduced to operate at half the capacity that would normally be required for a project of similar size. This may have come about as a result of management’s belief that a new development language, framework or technologies will double the team’s productivity.  This is often seen in older companies that are downsizing while at the same time transitioning from older procedural languages like COBOL to OOP and languages like Java.
  3. Offshoring HellThe budget for the project has been cut in half because the business believes that offshoring it is a cheaper alternative. In this scenario, the project manager is informed by the business unit sponsoring the project that it’s a “take it or leave it deal” and if the development manager doesn’t accept the budgetary constraints the business unit will offshore the entire project for less.  Thus, in an attempt to save his team from the chopping block, the development manager accepts an impossible challenge.  Another interesting side effect of this type of project is that as soon as management finally realizes that the project is going nowhere fast, they try to salvage it by throwing additional resources at it, which leads to further delays (Brooks’s law).

It is true that many of the contributing factors to a death march may be beyond your control, but if you find yourself involved in one of these coveted assignments don’t panic, take notice.  Contrary to the advice dispensed by some purists (i.e. transfer to another team), being assigned to such a project doesn’t mean that you should abandon it or quit your job.  My advice is to keep your ethics and personal priorities separate from the politics of the project.  Do your best to contribute to the success of the development (which may include working some amount of overtime), but in so doing be sure to set your manager’s expectations to realistic levels. 

State your concerns in a non-argumentative and level headed manner and clearly communicate your conditions for participating in the project in terms of exactly how much overtime you will agree to and your willingness to work weekends and holidays.

Without advocating or orchestrating a mutiny, encourage your team members to speak their minds as well. In these ways, although you may not be able to cancel the project, you will likely succeed in regaining some control over it and reduce the amount of stress everyone on your team incurs.

Happy coding!

© Copyright 2009 Jacob Apelbaum All Rights Reserved

Leave a Comment

« Older entries