Charlie Rose:  
And so when you look at where we are going, there seems to be two issues that are apparent to me at least, risk and leverage.  We just lost sight of risk and leverage of what was appropriate?

Warren Buffett:  
Yeah.  Again, because it pays off for a while.  You know, you can lose leverage, and it's the only way a smart guy can go broke.  If you owe money, you can't pay them out.  You just pay for everything, you do smart things, you eventually get very rich.  If you do smart things and use leverage and do one wrong thing along the way, it could wipe you out, because anything times zero is zero.  But it's reinforcing when the people around you are doing it successfully, you're doing it successfully, and it's a lot like Cinderella at the ball.  I mean you know at midnight everything is going to turn to pumpkins and mice; right?  But if the evening goes along, I mean, you know, the guys look better all the time, the music sounds better, it's more and more fun, you think why the hell should I leave at quarter of 12.  I'll leave at two minutes to 12.  But the trouble is, there are no clocks on the wall.  And everybody thinks they're going to leave at two minutes to 12.

Charlie Rose:  
And should wise people have known better?

Warren Buffett:  
People should always know better.

Charlie Rose:  
Yeah.

Warren Buffett:  
I mean people -- people don't get -- they don't get smarter about things that get as basic as greed and you can't stand to see your neighbor getting rich.  You know you're smarter than he is, and he's doing these things, you know, and he's getting rich, and your spouse is getting unhappy with you because you aren't doing -- pretty soon you start doing it.  And so you get what I call the natural progression, the three Is.  The innovators, the imitators, and the idiots.  And that's what happens.  Everybody just kind of goes along.  And you look kind of silly if you disagree.  I mean, you know, you could have these crazy Internet valuations in the late 1990s, but they prove themselves out in the market.  The next day they were selling for more than they were the day before, and people said, you know, you're crazy if you don't get in on this.  So it's very human.  Now, with housing it's something even more dramatic than that, because most people aspire to own their own home.  And if you really think that houses prices are going to go up next year and the year after, you feel if I don't buy it this year, I'm going to have to buy it next year.  That's not true of an Internet stock.  But it's true of a home.  And when somebody makes it very easy for you to do it by saying you don't really have to put up my money, you can lie about your income a little, or we'll give you 100 percent mortgage, you're going to do it, because everybody that's done it has been proven right.  You have what they call social tools, and, you know, you're going to feel like an idiot if you didn't do it, because the house cost more.

Warren Buffett:  
Oh, I think confidence will come back.  I will tell you this.  This country is going -- be living better ten years from now than it is now.  It will be living better in 20 years from now than ten years from now.  The ingredients that made this country, you know, the miracle of the world -- I mean we had a seven for one improvement in the average American standard of living in the 20th century.  Now, we had the great depression, we had two world wars, we had the flu epidemic.  You know, we had oil shock.  You know, we had all these terrible things happen.  But something about the American system unleashed more and of a potential to human beings over that hundred years so that we had a seven for one improvement in -- there's never been any -- I mean, you have centuries where if you've got a 1 percent improvement, then it's something.  So we've got a great system.  And we've got more productive capacity now than we ever have.  The American worker is more productive than he's ever been.  We've got more people to do it.  We've got all the ingredients for a sensational future.  It's just that right now the athlete's on the floor.  But we -- this is a super athlete.

There was a great article in the Economist about a conference for the Ameican Securitization Forum - the wonfderful people that brought us all these complex debt products that are giving banks no end of bellyache. Ironically the conference was held in Las Vegas, and a wonderful quote came from hedge fund manager John Devaney, who said "I'd like to thank the market for dealing me a direct hit. As a trader if you don't get sucker-punched every once in a while, you don't understand what risk is."

Also, there were a few good articles last week about how money managers had retreated from the market because they'd lost faith in the ability to model risk effectively.

If only it were so easy for information risk professionals, who often protect far more than just money - we protect innovation, national security, and even human life in some cases. It's not quite so easy for us to take a direct hit.

Financial markets have taken centuries to evolve, yet look at what can happen with their well established risk models. Information risk modeling is still only nascent, and changing at blistering pace. Yes, we need a more structured approach to information risk management - defining and comparing the different risks we face - but technology and business are evolving so fast that we need to temper our expectations about how scientific this can ever become.

The best quote I heard on this topic was from Hugh Voight of Solutionary, who says that "To get from New York to San Francisco, you don't need Google Maps until you get close to the Bay Area. At first, you just need to go West."

We still just need to "Go West" when it comes to modeling information risk. Bring on the Village People!

Dear friend Opher Etzion responds to my post Betting on the SOA Horse with a discussion on how SOA, EDA and CEP are technically orthogonal, concluding:

“Event Processing can have different interactions with SOA, and when IBM’s announcements in this area will be available you’ll realize that there are different entry points. Event processing can also work in legacy and non-SOA environment.”

Richard Veryard, who also kindly reads my blog (and Opher’s blog) replies with Technological Perfecta where he opines,

“I think there are some mutual dependencies between these technologies, but they are what I call soft dependencies.”

Opher, Richard, you guys are technically right, but you are blogging orthogonally to the message in Betting on the SOA Horse.

First of all, my post was not a technical discussion, it was a discussion about business, marketing, timing positioning and the software industry in general. Therefore, it is a bit humorously orthogonal to reply to a marketing metaphor about investments, competition, software postioning and horse racing with architectual posts about technology and how they are related or interdependent.

In a nutshell, here is why….

Candidly speaking, despite what many analysts want you to believe, end users rarely build “SOAs” “EDAs” or CEPs”. End users have IT budgets to solve business problems with the most cost effective technology they can find; and they do not care (if they have a clue) what cute three letter acronyms have been created by analysts to describe momentum in the software market. Sorry, it is true really.

For example, I remember when I was in Tokyo where the very capable and conservatively risk adverse Japanese executives told me time and time again, “We don’t care about SOA we simply want to integrate our systems.” They were quick to remind me, “You guys in America must realize we don’t care what the western analysts, supported by software companies, say. They have a conflict-of-interest anyway and they are not end users. What we care about are mature technologies with solid reference clients and proven implementations.”

By the way, this is one reason I admire Japanese business so much. They are not impressed with handwaving hyperbole. They just want to see results. In other words, “Prove it, don’t just say it.” The devil is in the details, as they say. The Japanese are highly skillful at cutting through the smoke-and-mirrors. I think this is one reason the Japanese are among the leaders in so many industry sectors, but that is a blog story for another day.

To this point, if you are in front of customers and you are pushing SOA because your software company has “bet the farm” on positioning themselves as an SOA company, you are making a mistake. Three letter acronyms and technology jargon do not solve business problems. In fact, for the most part, they are a red-herring. The same is true of EDA and CEP. This was the main message in my post Betting on the SOA Horse.

How do I make such a statement?

Because for over 20 years I have worked as a consultant working on the opposite side of the table of hungry software vendors who come into our house (organization) tossing out buzzwords, acronyms, and jargon. My job was solving real business problems, not selling software. We used to wonder when all the scrabble and babble the software companies were tossing at us was going to turn into a business language that solves a real business problems easily, rapidly and economically. That day never came.

Then, I made a conscious decision to take a break from a long career of consulting to get an insiders perspective on, and perhaps even transform, the software industry. This experience, working for a software company, was an eye-opener, and one I am most likely not to repeat. I have never been interested in selling softare. I am interested in real business solutions.

Candidly speaking again, many software companies tend to live in “La La Land”.

They create go-to-market strategies based on jargon, buzzwords and three letter acronyms that have very little to do with understanding their customer’s business problems, risks, and culture. They spin and position and reposition in a land of smoke-and-mirrors happy to sell you a gold disk of “the-answers-to-all-your-problems.” They leave you the gold disk, and your business problem, as they drive away, looking at you in the rear view mirror as they count the revenue from their victorious campaign.

These same companies bet on jargon like SOA, EDA, CEP, BAM and they hedge their bets with different combinations of the above, the theme of my post Betting on the SOA Horse, which was not a technology nor architectural discussion, in any way.

Is it any real wonder why SOA has become, for the most part, complex, vendor-driven jargon barely making a dent in the real-world, whereas social-networking and other grass-roots user-driven technologies, most without trendy three letter acronyms, has left SOA in the dust for the past few years?

"Like most major corporations, it is our corporate responsibility to have systems in place, including software systems, to monitor threats to our network, intellectual property and our people," Wal-Mart spokeswoman Sarah Clark said in a statement in April. Following the Gabbard firing, Wal-Mart said it conducted a review of its monitoring activities. "There have been changes in leadership, and we have strengthened our practices and protocols in this area," Clark said.

[...]

At a gathering of security specialists in New York City in January of 2006, David Harrison, the former Army military intelligence officer who was hired by Senser to head Wal-Mart's analytical security research center, provided a rare glimpse into the company's monitoring operations. Harrison told the gathering Wal-Mart faces a wide range of threats: "A bombing in China, an armed robbery in Brazil, an armed robbery in Las Vegas, another bomb threat, and that was just yesterday," Harrison said.

To safeguard its employees and operations Wal-Mart has tapped its massive data warehouse of information, now believed to be larger than 4 petabytes (4,000 terabytes), to look for potential threats. It tracks customers who buy propane tanks, for example, or anyone who has fraudulently cashed a check, or anyone making bulk purchases of pre-paid cell phones, which could be tied to criminal activities. "If you try to buy more than three cell phones at one time, it will be tracked," he reportedly told the audience.

[...]

Gabbard, the Wal-Mart employee fired for recording reporters' phone calls, said in his interview with The Wall Street Journal that Wal-Mart uses software from Raytheon Oakley Networks to monitor activity on its network. The Oakley product was originally developed for the U.S. Department of Defense.

The Oakley software is so sophisticated it can allow administrators to visually see what types of information are moving across the network, from Excel spreadsheets to job searches on Monster.com, or photos with flesh tones that might indicate a user is viewing pornography.

And this article talks about ex-CIA agents working for corporations:

The best estimate is that several hundred former intelligence agents now work in corporate espionage, including some who left the C.I.A. during the agency turmoil that followed 9/11. They quickly joined private-investigation firms whose U.S. corporate clients were planning to expand into Russia, China, and other countries with opaque business practices and few public records, and who needed the skinny on international partners or rivals.

These ex-spies apply a higher level of expertise, honed by government service, to the cruder tactics already practiced by private investigators. One such ploy is pretexting -- obtaining information by pretending to be somebody else. While private detectives have long posed as freelance reporters or job recruiters to get people to talk, former agents have elevated pretexting to an art.

[...]

Similarly, ex-agents have helped popularize the use of G.P.S.-based monitoring devices and long-range cameras for following people around. One corporate-espionage technique comes straight from the C.I.A. playbook. In the constant search for the slightest edge, some hedge funds and investment companies have turned to a handful of private-investigation firms for a tactic that seems to fall between science and voodoo. Called tactical behavior assessment, it relies on dozens of verbal and nonverbal cues to determine whether someone is lying. Signs of potential deception include meandering off topic rather than sticking to the facts and excessive personal grooming, such as nervously picking lint off a jacket. This method was developed by former lie-detector experts from the C.I.A.'s Office of Security, which administers polygraph tests to keep agents honest and verify the stories of would-be defectors.

[...]

Most of the ex-agents' activities, from surveillance to lie detection, are perfectly legal. In the wake of the 2006 Hewlett-Packard scandal, detectives used pretexting to obtain the private telephone records of company directors, employees, and journalists. In an effort to track leaks to the media, federal law was tightened to prohibit using fraudulent means to obtain telephone records. Financial records were already off-limits. But federal law doesn't forbid assuming a false identity to get other information -- an area that ex-spies exploit.

Still, a few techniques favored by the spies-for-hire do appear to violate privacy statutes. One of these involves using "data haunts," extreme methods of electronic monitoring such as tracking cell-phone calls and gathering emails by relying on secretly installed software to record computer keystrokes. An ex-C.I.A. agent described a group of his former colleagues who set up shop offshore so that they could tap into telephone calls -- a practice prohibited by federal law -- outside U.S. jurisdiction. "They call themselves the bad boys in the Bahamas," he said.

Even some of the legal methods are controversial within the industry. Certain old-school firms won't stoop to dumpster diving or stealing garbage -- which is usually legal as long as the trash is on a curb or other public property --" because they consider it unethical. They say that the prevalence of former intelligence agents in the field and the rise of unscrupulous tactics have tarnished a business that often struggles with its reputation. One longtime investigator complained that he recently lost business to some ex-C.I.A. officers who promised a potential client that they could obtain the phone and bank records of a target -- something that is illegal in most cases.

[...]

Current and former employees said Diligence's ex-spies also held classes in using false identities to obtain confidential information. Ex-employees said it wasn't unusual for an investigator to have five or six cell phones, each representing a different identity, on his or her desk. And while ex-C.I.A. and former MI5 agents were old hands at such deception, the new initiates sometimes got confused and answered a phone with the wrong name.

All interesting. It seems that corporate espionage has gone mainstream, and the debate is more about how and when.

On a related note, this paragraph disturbed me:

On occasion, Diligence investigators were dispatched to collect garbage from a target's home or office. In some cases, two former employees said, Diligence hired off-duty or retired police officers to take trash so that they could wave their badges and fend off any awkward questions.

It's public authority being used for private interests. We see it a lot -- off-duty police officers guarding private businesses, for example -- and it erodes public trust of authority. In the case above, I'm not even sure it's legal.

Selling software and related professional services is like a horse race.

The field is composed of horses named SOA, CEP, EDA, RSS, Web 2.0, Social Networking, BPM, BAM, BI, XTP and so forth.   Each horse has one or more primary sponsors, some are consulting organizations, who seem to have a nack for creating and marketing acronyms, and others are software companies, who’s hope is that their horse is in the winners circle.    There are also investors, venture capitalists and so much more.

There are the jockeys, those supported by the sponsors (for example the analysts) who will ride the horse fast and hard until it starts to fade, then find another horse to ride  (often at the same time!).   There are also the trainers, the vets, the racing forms, the cheering crowds and those who bet on the different races.  

Many of us are in this profession because we love the racing action.

Just like horse racing, the technology sponsors, the jockeys and other interested parties wear many hats, sponsors and jockeys generally betting heavily on their own horse.   Organizations, especially large ones, sponsor many horses and they place their bets accordingly, betting on exactas, trifectas and superfectas and various combinations.

The SOA - CEP exacta in the racing forms are interesting, including Joe McKendrick’s Complex Event Processing and SOA: a ‘beautiful thing’? and Jerry Cuomo’s, IBM WebSphere CTO sees CEP as SOA’s ‘next big thing’ .  There also continues to be heavy betting on the the SOA - EDA - CEP trifecta.

Betting on horses is a risky business.  Exactas and trifecta have enormous payouts, but the odds are remote.  Very few people win these exactas or trifectas.   I recall warm memories of my years in New Orleans when I was a university student at Tulane University.   We loved the excitement (and the beer!) at Jefferson Downs, in Kenner, Louisiana.   We took our dates to the horse races at Jefferson Downs and these evenings were always great fun!  What a good life!  Let the good times roll, as we used to say!

You know, I don’t recall anyone ever winning a trifecta.  I can barely recall anyone winning an exacta.

We won, and we did win big at times (and lost big), by hedging our bets, betting on a single horse or combinations of horses to win, place and show.

This is the essense of the excitement of the software industry, isn’t it?

Companies who bet heavily on SOA are now seeing the SOA horse is fading.   They see CEP coming around the track and hear the pounding of hoof against pay dirt as CEP starts to move up into the pack, and they place their bets, accordingly, on the CEP horse.  Will the CEP horse really survive the race?   No one knows, so they hedge their position by betting on EDA. 

The main difference between real horse races and technology horse races is that you can’t bet on the live horses after the gate opens.  However, you can definately bet on the technology horses at any time, and the race goes on and on and on and on. 

That is why technology horse racing is so exciting!