VW caught putting vulnerable locks on luxury cars

In the news:

A British-based computer scientist has been banned from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis as it could lead to the theft of millions of vehicles, a judge has ruled…

The scientists wanted to publish their paper at the well-respected Usenix Security Symposium in Washington DC in August, but the court has imposed an interim injunction. Volkswagen had asked the scientists to publish a redacted version of their paper – Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser – without the codes, but they declined…

[The scienteists] argued that “the public have a right to see weaknesses in security on which they rely exposed”. Otherwise, the “industry and criminals know security is weak but the public do not”.


I’m no crypto expert, but my understanding of this is that:

a) This is really embarrassing for VW. Good cryptography doesn’t depend on people not knowing what your algorithm is, because if you can figure out how to make it, hackers are at least as smart as you are and can figure out how to unmake it. Good security, like the kind they have on credit cards, lets you tell everyone what your code is, and still nobody can break it in any reasonable amount of time without knowing what your key (password) is. It is a terrible idea to use a proprietary algorithm that will unlock all the doors you have made once someone reverse engineers it.

b) A temporary injunction on publishing the exact code is the right thing to do. Normally I would hate the idea of suppressing scientific publication, but the cat is out of the bag now that these codes can be broken, which means that it is only a matter of time before it’s open season on pinching fancy cars. It will presumably take VW some time to upgrade the security on this many existing customer’s cars.

For sure, rich people don’t make for the most sympathetic of victims here, nor are the insurance co’s, who would actually end up paying for the replacements, nor even VW (on whom lawsuits would inevitably try to pin the losses), but the main beneficiaries of a windfall of stolen luxury cars would likely be organized crime. Giving them such a large windfall of wealth is a not a great thing for society in general. That makes it worthwhile to delay publication of the exact details for cracking the algorithm. We know the locks are vulnerable, but lets give owners a fighting chance to replace them before we hand a master key to the local Mafia.


Marking the marketers: 3 ads in the key of racy. Good, better, best.

Normally “sex in advertising” means nudity, or shilling Viagra. Here are 3 fully clothed ads using it to sell food and drink. One is ok, one is better, and one is the best… but which? Make your picks, and I’ll share mine below.

No peaking now!

#1: Yorkshire tea:

#2: Kenco:

#3: Stratos:

So which one do you think is better?

[spoiler space]

All very entertaining, no?

The Stratos one is a lovely bit of story-telling. The narrative pulls you in, gets you to empathize with the little boy, and has a great twist at the end that works because it suddenly and retroactively flips the antics you just chuckled at into a cunning master plan. It’s a first rate bit of film making. So a great ad then?

The problem is that it doesn’t really say anything about Stratos. Does the chocolate bar make the kid smart? Lonely? Love football? Is it an expression of satisfaction at a job well done? Any of those could have worked, and probably more too. The ad builds these clever associations in your mind, and then never links its product to any of them. As a result you can’t even remember what the ad is for 30 seconds after it’s over. With no meanings to encode, it’s gone as soon as it rolls out of your short term memory banks. If it had jumped straight to the kid biting the chocolate bar, without any of the preceding story they they would have got just the same brand exposure – and that’s not a bad thing, but if you want just that to make an impact on people you have to show it to them a LOT, and only then do the more subtle learning mechanisms like mere exposure and classical conditioning start kicking in. That waste of potential for really strong brand positioning makes this, in my book, a pretty mediocre ad.

The Kenco and Yorkshire ads are both very similar. They splice naughty activity into a form of observational humour, and link in a brand meaning to boot.

For observational humour, think of Seinfeld.

What makes these whimsical stories into real funniness is that (when they work) they reference something that rings true to the audience, in at least some loose way. And that ring of truth, however distant, lends a little tiny bit of weight to the absurdity of the joke, and there is no absurdity more absurd than the weighty kind.

These ads try to pull a similar trick by creating a dramatic situation that (they hope) rings as just very slightly true to the audience. If that happens, a similar sense of weight should (they hope) vivify the brand message encapsulated in the ad.

Take the Yorkshire ad. It pokes gentle fun by invoking the central place tea has in the daily life in much of Britain. People here view themselves as notorious for taking a break for a nice cuppa. The young couple in this ad appear willing to do apply this cultural norm even to their sex life.  It’s an exaggeration (probably), but one that aims to ring just slightly true, giving people a feeling that “yes, we really do that a lot, don’t we.” And if you have that reaction, then you can appreciate Yorkshire’s invoking of it – and putting themselves at the centre of the ritual in doing so.

This reaction obviously won’t resonate any place that tea isn’t held in quite such cultural high regard – without that gentle sense of recognition it  just comes off as a bizarre set of priorities.

The Kenco ad has a couple sweeping everything out of their way in the throes of love-making, until they get to their Kenco coffee, which is apparently a bridge too far. Again we have a comic drinkus interruptus, but instead of playing off English cultural sensibilities about tea, it taps into the reverence for coffee as an awakeness lifestyle aid, and/or evangelically pursued taste experience (this is a culture which unquestioningly accepts grown adults asking for things like double skinny late grande’s. In public).

Poster of this available here.

Poster of this available here.

Combine the wide resonance of this insight with the high production values and attention to detail (e.g., using the baby monitor to efficiently establish the reality and urgency of the moment), with the clever construction that implicitly contrasts the coffee as more important than all the other things that are swept off the table… put it all together, and this is a very clever ad with a lot to recommend it.

Bottom line: I score that a B- for Stratos, a B+ for Yorkshire, and an A- for Kenco. And now I need a brew something fierce.

Apple: Price skimming or legitimate luxury? Part 3

I have a couple of colleagues at work who think Apple are price skimming on their phones. What they mean is that they aren’t producing new innovations that keep their product ahead of competitors, and instead of recognizing that, and dropping their prices to compete directly, they are hanging on as long as possible to higher price to skim extra money out of their still-loyal customers. Is this true? Is Apple cashing in, or are they just charging more money for a consistently premium quality product, like BMW and Calvin Klein have been successfully doing for years? Which is to say, are Apple’s big marketing advantages sustainable? I present my take on what Apple’s advantages are, and in a series of posts I will talk about them one at a time: Apple’s advantages:

  1. First mover with technological innovations
  2. It just works a) intuitive usability
  3. It just works b) devices work together
  4. Higher build quality
  5. Brand image

3) Devices work together: When you drop something you built into a new environment it often crashes pretty badly. A car that runs just fine around a test track might stall on real city streets, with their grinding stop, starts, and type A drivers. And once you get it running there, it might clog up with sand immediately if you take it to a desert (car batteries only last a year or two in hot climates too).

It’s the same thing with computer software. A web page that looks fine in Chrome might be a train wreck in Explorer (or vice versa), because the different browsers use slightly different rules for rendering the same code into visual images. The more different places you have to build something to work in, the harder it is, and the longer you spend finding and ironing out the new wrinkles. Building things for Apple you only have a handful of devices that need to work together and run the same software (let’s see, iPad, iPad mini, iPod, iPhone… that’s, what, 5?), and they’re all quite similar to each other.

Android apps, on the other hand, have to run on hundreds of different devices, made by dozens of manufacturers, with wildly varying levels of processing power, across hugely different screen sizes, shapes and resolutions, and with a gamut of different quirks and gremlins (edited to add: A new report shows almost 12,000 models of Android phones out now). Yet consumers expect anything written for Android to work just as flawlessly as Apple customers do. That is the sort of problem that keep engineering dollars flowing to antacid companies.

It’s not just apps, either. It’s easier for Apple than other people to sell you a computer that automagically connects to your TV and house speakers, so that you can browse, pipe shows, or play music through any of them using just the phone in your pocket. You plug it in, and it more or less “just works”. This has been one of Apple’s selling points since forever.

Is this advantage sustainable? On some level, yes. It’s baked into Apple’s business model that they only have a few different product lines, whereas the same is not true of their competitors.

On the other hand the rest of the world has been catching up. It used to be that every new piece of hardware you bought for your PC, from a mouse up, came with a CD of special software you had to install first. But these days you plug everything into a standard USB socket, and then the devices are pretty much plug ‘n play (or, as nerds used to call it in its earlier, less stable days, “plug ‘n pray”).

While it has to be harder writing apps for Android, people have nevertheless written hundreds of thousands of them, so the interface for building them must have been well put together. Google even does a little quiet quality control on occasion – recently they were caught ditching 60,000 apps that weren’t up to snuff, and/or violated copyright.

In fact, Apple’s failure to adopt a lot of these standardizations means that while you can just plug your PC into, say, a classroom projector, you can’t do the same with your AirBook without first buying (and carrying around) a special adaptor from Apple. Apple doesn’t even always play well with slightly older Apple. If you don’t keep paying Apple for updates to the operating system on your MacBook, for example, within 3 or 4 years basic functions on it stop working – the software that runs these functions demands to be updated to a version that is incompatible with your old OS (this happened to my spouse’s machine). Every so often Apple changes the power or adaptor cables it uses, so a new iPod won’t fit into your old stereo cradle without buying an adaptor. These are all problems you can solve by throwing money at, but, that makes Apple an even more expensive lifetime proposition to own.

There’s also an inherent marketing drawback to this “umbrella branding” strategy. By maintaining only a small number of products, you leave the field open to competitors to develop niche products that more closely fit different segments of consumers. Blackberry and the MS Surface, for instance respectively cater to business user’s needs for highly secure communications and native MS Office support in a way that iPads are unlikely to imitate. As the market matures further, there’s nothing to stop Samsung or Nokia developing phones and tablets more directly aimed at business people, or at little kids, or students, or people who see themselves as rugged trekers, or any number of other groups. The larger and more lucrative the market becomes, the more tempting this sort of targeted branding will become – especially if a lot of the changes don’t require overly expensive technology development. That might allow some of these other brands to start peeling away more users from the edges of Apple’s user base.

Bottom line: Apple’s strategy of marketing a small number of devices that can then be made to work very smoothly with each other is an enduring, but shrinking edge. The rest of the high tech industry has become increasingly good at standardizing various hardware and software features in ways that let even strangers play fairly well with each other, the practical edge that Apple holds shrinks slowly.

Washington state legalizes and regulates pot. Former Microsoft exec wants to invest. What’s a regulator to do?

Washington state voters have passed an initiative to legalize pot. The federal government still bans it, but there’s apparently enough legal grey area that some big rollers want to become the Starbucks of pot. Local growers aren’t happy about that, and economists are debating whether it’s a good idea too. Turns out that’s a tricky issue.

Mike Konczal has the details:

Unlike Colorado, which has passed a bill to expand its medical marijuana industry and make pot legally available to everyone, Washington is folding pot under regulations for the liquor industry. As such, the Washington Liquor Board has regulatory control over the new marijuana industry.

Hmm. So your move Liquor board. Are you going to restrict the way you dole out licences to give the little guy a chance?

As with the tobacco industry, voters don’t want firms marketing and selling pot to underage users. And public health officials are concerned about companies marketing to “problem users” who would like to quit or reduce their usage but find themselves unable to.

If that’s the case, then perhaps having pot dealers with large market power is a good idea.

So I guess a few near monopolistic big guys might now be so terrible. Except, no wait, Konzal has the counter-arguments on that too. If you let someone make monopolist level profits then they can eventually make so much money that they can pressure regulators to loosen up rules on them, and let them dodge more taxes. This is pretty much what the alcohol industry already does. On top of that, they gain a huge incentive to get people properly addicted, because all those future sales come back to them, not any competitors.

Really, read the whole thing, it’s very well written and thought out.


But what about from the consumer perspective? People often say that they want unique local shops, and bemoan the bland uniformity of the soulless corporate omnipresence. They’ll even tell you so, in no uncertain terms, right in between using Starbucks wifi to buy stuff on Amazon, and popping out to stock the fridge at Tesco. We may think that local is a virtue, but if we acted like it then there wouldn’t be enough chains left to be worth bemoaning.

The thing about the big chains is that they get big by getting their customer experience right – from the tidy aesthetic to the surly teenager at the checkout who isn’t paid enough to raise the price of your goods any further. Sure they don’t feel as genuine, but on balance  people vote with their feet in favour of that being a lesser evil.

So from a consumer point of view it may not be exactly what we admit wanting, but it’s what we keep on choosing… which means a lot of us really must want it after all.


I have more sympathy for the employees. There is a difference between owning, running, staffing your own project, and getting paid (even the same amount of money) to look after someone else’s. Yes there are lots of people who are happy to take a job, and have someone else provide the structure and make most of the tough choices (I’m one of them – thanks MBS), but there are also lots of people who feel alienated from being just a cog in a big machine, who are perfectly capable, with a little on-the-job experience, of running their own small business. That’s what used to happen to many people as they inherited the family store front, or opened their own shop. You can still do that now, but it’s tougher, as you have to compete against slick corporate competition, and low prices from economically efficient box-store warehouses. There is a reason that high streets are shrinking (not doomed, but shrinking), and it isn’t because the regular people who run them suddenly got stupider or lazier.

But that is a problem that no amount of pot will fix, regulated or otherwise.

Marking the marketers: Worst. Promotion. Ever. Surely? D.

One of these things is not like the others, see if you can spot it:

Baseball, long summer evenings, America’s pass time, cracker jack, social bonding, seventh inning stretch, beer, relaxation, the crack of a sharply hit ball, nostalgic Kevin Costner movies, hot dogs, quality coffins with professional embalming.

Anyone? Anyone? Bueller? Bueller?

Trick question, they all go together! At least, according to the Lehigh Valley Ironpigs of Allentown Pennsylvania, who want you to know that:

One deserving fan will earn all of the essentials for a free funeral or a memorial service on [the hilariously misnamed -ed] “Celebration of Life” night presented by Reichel Funeral Home when the IronPigs host the Scranton/Wilkes-Barre RailRiders on Tuesday, August 20 at Coca-Cola Park. The total funeral package is valued at nearly $10,000, marking the most valuable giveaway in IronPigs history.

And these guys should know, because according to the great wiki, Forbes rated them the second most valuable minor league franchise in America. So there.

But what, you ask, does this fabulous and expensive prize include? Well:

  • A casket.
  • Professional services of funeral director and staff.
  • Body removal and preparation (embalming or cremation).
  • Use of facilities and services for viewing (visitation/wake), funeral ceremony, Memorial Service and graveside services.
  • Vehicle to transfer remains to Funeral Home along with Hearse for cemetery transfer.

I swear I’m not making this up.

I can’t figure out who’s idea this was. Did someone working for the baseball team get it into their head that a warm evening of sitting under the floodlights, rooting for the home team, beer in hand, was a natural fit with contemplation of one’s own personal death, bodily decay, and the dispersal of one’s estate (“Let’s go Steelpigs!”)? I mean, maybe some customers would come to the game because the dollar value of the prize is so high, but I’m not sure I’d bet on them coming again a second time after this. Or did someone at the funeral home get to thinking that an event two steps up from a state carnival might help cultivate an image for dignified care and the sensitive handling of deep personal loss and mourning.


Can we save it?

Maybe for fans that are extremely, um… die-hard, you can try to make a case. There’s a lot of research on “terror management theory” which says that the human ability to be aware of the  inevitability of our own final demise causes pain and despair that we work hard to avoid. We do this by thinking of our self as part of something bigger and enduring – be that something metaphysical (e.g., God and an afterlife), physical (e.g., living on through kids and descendants), or even social (e.g., being part of a nation or other meaningful group). If you’re the kind of person who regards baseball as a quasi-eternal verity of the good life  (see, e.g., nostalgic Kevin Costner movies), then a reminder of death could lead you to endorse baseball harder, and the funeral home could benefit through  baseball lending death some kind of deeper shades of meaning. Maybe.

This seems to be what they’re going for with their “game of life” tag on the promotion – building a nexus of death anxiety with affirmation of life, and tying that in with baseball and the particular brand of funeral home. That’s not, in itself, a terrible idea.

Even so, the funeral home better hope that there are a high percentage of fans who feel this way, and who are willing to buy this framing, because they’re probably losing ground with the rest of the crowd. It makes even less sense for the team, as the fans who are hard core enough for this to conceivably work on probably already have season tickets, and were going to be at the game anyway – so why risk alienating everyone else?


Bottom line: There’s enough of an outside chance at intelligence that I won’t fail it. That and it made me laugh. D.