The NFL lockout is over. Hallelujah! I know nothing substantial was really lost, besides the Hall of Fame game, but the folly of billionaires bickering with millionaires annoyed pretty much everyone. I believe more folks were hanging on this negotiation than the crap going on in Washington over the debt ceiling. It seemed like a tug of war gone wild, with both sides digging in. Until they finally reached a critical point, when real money was at stake, and amazingly the deal got done. What’s interesting is how the negotiations played out in real time.

If you're going to dig in, you may as well really dig...With a small armada of folks (from NFL Network and ESPN) staking out the negotiations for months, there was always a real-time flow of information, rumor, innuendo, and positioning via Twitter. In fact, I’m pretty well convinced a bunch of disinformation and PR tactics were employed to manipulate public perception. That’s new, and it highlights Twitter’s proliferation. At least in the circles I follow.

Back in 1987 (the last time the NFL lost games due to labor strife) there was no Twitter. I doubt there were folks staking out the negotiations, mostly because they happened in a room between the NFLPA head (the legendary Gene Upshaw) and Commissioner Paul Tagliabue. There was no minute by minute reporting of the ebbs and flows of negotiations. If anything, we should all now know that we probably don’t want to be privy to the ins and outs of a multi-billion dollar negotiation. I was getting seasick trying to follow all the ups and downs.

Although I probably should come clean and admit that even if there were daily updates and twists and turns, I’d have been mostly oblivious in 1987. I was far more interested in following the Bud Man most nights of the week.

So all’s well that ends well, at least in the NFL. But there are clearly lessons to be learned for those in public positions. The real-time generation is upon us. We are all privy to the roller coaster that is life. To whatever degree that you want to pay attention, that is. The next election cycle is going to be very interesting.

Let me also mention one other topic related to the lockout. It seems a positive ball got rolling once the lawyers left the room, and the owners and players started negotiating directly. When they started building personal relationships between the parties. Besides reinforcing all those positive stereotypes about lawyers, it gets back to something I mentioned in yesterday’s post How can you not understand the business?.

Most important stuff happens person to person. Not via social media. Not by text. And not via a Terminal window. So for those folks hoping to climb the corporate ladder as social misfits, sorry to burst your bubbles. That’s why I no longer worry about a corporate ladder…


Photo credits: “Tug of War” originally uploaded by toffehoff

Incite 4 U

  1. And you thought your health insurer was bad: I hate health insurance companies. Their processes are built to break you down and get you to stop trying to collect on declined claims. The Boss spends way too much time fighting about claims. Too bad I can’t bill those shysters for her time, but I digress. Every time someone asks me about cyber-insurance, I kind of chuckle. Without a lot of precedents for attacks, losses, liability, and the like, there are basically no rules. And when there is a loss the dance begins. Interestingly enough Zurich is proactively going after Sony, suing over maybe actually paying a claim under a general liability policy. Now they may have a case; they may not. The point is that companies pay crazy insurance premiums to protect against attacks, and then the finger pointing starts. Which insurance (if any) is liable? Guess the courts will need to figure that out. They really should be prepared to pay crazy legal fees to maybe even collect it. Sounds about right. Maybe Sony will give up and decide not to collect, which is all part of their evil plan. – MR
  2. Google+ -XSS: Feels like we are always calling out forms for having crap security, so we should occasionally call out when someone does something good. It looks like Google+ is taking browser security seriously – according to the Barracuda blog. Securing cookies and building in some frame-busting breaks many basic attacks that plagued Twitter and Facebook. Security folks aren’t likely to get very excited by minor advancements such as this, but a large site such as Google setting a positive security example is good news. Or think about it this way: companies like eTrade and many of the brokerage/retail sites I have visited recently did not have these header flags set. So give Google the nod for doing the right thing! – AL
  3. Don’t hold your breath for an authoritative web identity source: In the “we’ve seen this movie before” files, evidently Mozilla thinks it can be the authoritative source for web identity. Microsoft, VeriSign, Google, Facebook, and countless others have already tried this, haven’t they? Sure, establish a protocol and get everyone to buy into it. Then maybe they will still have a reason to exist as the browser war finishes mutating from Netscape vs. IE, to IE vs. Firefox, to the latest iteration: a Chrome vs. IE battle royale. Yeah, not so much. Like all the others, this effort will get a handful of sites supporting it, and then it will falter. Now if these folks would devote their energy to a standard (OAuth, anyone?). – MR
  4. That’s a lot of Moon River: Yes, that is a veiled homage to the proctologist scene in Fletch. But old movie nostalgia aside, our friends at Imperva have posted a very interesting analysis. Basically the web sites they monitored were probed once very two minutes. That frequency probably requires a case of KY. The most prevalent attacks were directory traversal, XSS, SQLi, and Remote File Inclusion. Surprise? Nope. But there is a bigger point here: we have been saying for a long time that the bad guys are testing your defenses, and clearly they have developed some decent automation. That means if you aren’t testing your defenses (yes, hacking yourself), I only have one thing to say: No lube for you. – MR
  5. Privacy < $$$: Border’s customer database is for sale. As the company is defunct and liquidating, all their assets are for sale. Everything must go! Somewhere along the way customer relationships were monetized and regarded as an asset. It’s logical that the creditors want their money (since they are taking a bath on the deal), and apparently that means the lawyers have carte blanche to try to void that privacy agreement and sell all personal data. Awesome. All of the information collected as part of the Borders Reward loyalty program – which in hindsight should have been called “Eff U, Pay Me”. All information collected under a promise of confidentiality, in order to better serve the customer? It’s available to the highest bidder(s). If (and I mean when) this sale is allowed, hopefully the terms will require the same responsibilities of custodianship Borders ‘committed’ to. Yeah, I know, that last sentence made me laugh as well. – AL
  6. Same as it ever was: Let’s give kudos to NetworkWorld. This is the first 5 biggest story in a long time to not be in one of those ridiculous slide shows (big picture + 15 words = page view). Besides the formatting, there is some value to the story, which talks about the 5 biggest IT security mistakes. If you think the business is the same and you don’t have high level relationships, well then you are an idiot. But I guess those are so-called big mistakes. There is, of course, the obligatory virtualization bit, along with being unprepared for a breach, and being complacent with the IT sec vendors. Ho hum. The biggest one in my book is pretty simple. Thinking you can win. Security folks don’t win – we survive. – MR