Pure Pwnage guys Jeremy and Kyle

The Web is a great place. It can turn two twenty-something slackers from Toronto into underground heroes. All it takes is some videos and viral word-of-mouth marketing. Meet Jeremy and Kyle, the stage names (or whatever you call them) of the guys behind the PurePwnage.com video series on what the life of a “pro” gamer is really like.

The duo, who are RL (that’s real life for you noobs out there) roomies, got the idea a little more than a year ago when Kyle borrowed a camera for a film school class assignment and “was looking for stuff to film and wanted to try out some editing software.” He began shooting a “pilot” with some test footage following around Jeremy and a day in his life. The video was so well received (at least, according to the duo) that they went on to make seven episodes, and more are in the works. Each episode, which last about 10 minutes, are better and more sophisticated (at least, according to my taste) than the previous one.

Jeremy in his usual garb. Kyle doesn’t appear before the camera,

The shows have amazingly good production values for something done on the cheap. “We use Adobe Premiere to edit the videos, and it shows that you don’t need a lot of money to make short films on the Internet. Our startup costs are only a few thousand dollars, and most of that went to buying a camera,” says Kyle.  And that is dollars Canadian, which is even more impressive given what you can buy there.

I spoke to the two guys, or at least two people that sounded like the guys in the videos, last week. Unlike most of the interviews I have done, the guys didn’t give me their real names, phone numbers or other identifying information, but I had fun interviewing them none the less. Part of the fun was doing real-time translation of leetspeak (the gaming lingo that Jeremy uses both in the videos and for the most part in RL too) and trying to not appear like the old fart that I really am. But that is the wonder of the Internet: you can always appear to be something that you yearn to be.

The videos are entertaining slices of life, mostly following Jeremy around with a hand-held camera as he slacks off, “owns noobs” (that means trounces unsuspecting opponents) with his game of choice, Zero Hour, and his advanced “micro” (meaning keyboarding) skills. They are funny and sad at the same time. The last episode 7 sees Jeremy in some hospital ward as he tries to break out of a catatonic state, and is jump-cut with scenes from a game where his character is being interviewed by a nurse, mirroring the actual RL scene shot in the movie. Hollywood SF could do no better, and what is impressive is how these guys have accomplished some great storytelling on a less-than-shoestring budget. It helps if you are familiar with gaming lingo but you can still enjoy the flicks for what they are, a romp around a brave new world where gamers rule.

The duo has started a cottage industry to be sure. The first month they released episode 7 more than 300,000 people downloaded it, and the audience has been doubling from episode to episode. They are using a variety of technologies to distribute their videos, and are looking to get more sophisticated by using an RSS feed and other improvements. “We don’t know where it is going to saturate,” says Kyle. “No one has ever done this before and had a reality TV show that has been this viral and spread this quickly.” And unlike the more expensive reality shows that are on broadcast TV, it is done without script doctoring or any visible writers.

Does Jeremy talk leetspeak all the time? “What are you saying?,” he asked me. “If you watch the show, well, yeah. I own, and yeah. When I meet fans in RL they seem kinda shocked when they meet me – they thought the show might not be real and when they meet me and then they are in total awe of how much I own and its good.” You dig?

Kyle is certainly more used to talking regular English, even though in the videos you rarely hear from him. The concept is similar to that of Penn and Teller, for those of you geeks old enough to remember them before their TV shows.

The guys are actually big Tom’s Hardware readers. “It is something we read whenever we are buying new hardware pretty much,” says Kyle. “But not a regular thing we read. Jeremy was looking at Tom’s when he was looking to buy a new video card.” Jeremy then piped up “Well, Kyle that was a year ago so it isn’t exactly new, but I got my 5950 and lots of stuff thanks to Tom’s.”

Jeremy builds his own PCs “Because I don’t have a job and like, you can get a lot better performance for your dollar if you build your own PC. If you are not a complete noob it is completely easy.” He doesn’t overclock that much. “I just make sure my rig is good enough to run games at like decent resolution because you don’t want to be totally noobing at 800×600 or something. I keep most of my hardware kinda default.”

The guys get lots of fan letters. “Jeremy gets a lot of marriage proposals over email. It’s actually kinda interesting. Supposedly from women. Some women send their pictures but it probably the guy’s sister or whatever. But no one is emailing me with their pictures,” Kyle says a bit peevishly.

“Obviously I am going to get most of [the proposals] because of my sexiness,” says Jeremy modestly. Indeed, one of the more humorous bits is in one episode with a series of  interviews of some girls. The girls talk about their interests in guys who are gaming addicts and their reactions to some of the gaming lingo. Kyle actually has a steady girlfriend in RL, or so he says. “As for Jeremy, you have to watch the show to see what is going on.” Jeremy obviously doesn’t want to disappoint any of his potential suitors.

“Most of my time is actually spent playing games, because I don’t have a job,” says Jeremy, reinforcing the cinema verite of their ouvre. “Pure Pwnage is actually turning into a job,” says Kyle, where he spends his non-studying time answering reading inquiries, sending off swag and editing the videos. He actually is in his last year at film school and promises that more episodes are on the way when he can get the time to produce and finish them.

Where do they get the idea for the videos? “Kyle comes over and, like he says be real funny and I’ll film you,” says Jeremy. “And then he comes back later and we watch the show. My life is pretty interesting. Most people would be shocked at how close to our real lives the show is, really. Well, some of it is exaggerated a bit.”

What does Jeremy’s real parents think of these efforts? “At first my mom was kinda embarrassed,” says Jeremy. “I don’t think she liked the idea much that all these people were watching me own, she was never too proud of that. She always thought that school and like, good jobs were like, the way to go. She is kinda traditional. She would tell me to play sports and throw a football around and like. And I would try to explain to her that mom, you would rather have me owning games all day and that I get some skills that would be applicable. As times have gone on, and both of my parents have seen what has happened, they are very supportive and looking back they are glad that I didn’t play football and instead play e-sports.”

A big part of the gaming lifestyle is going for long stretches of time without sleeping or eating. “It was like 54 hours was my longest single session,” says Jeremy. “I ate once, a couple of bathroom breaks, playing Zero Hour. By the end I was kinda seeing stuff, I decided that I should probably sleep. But don’t tell my mom that because I told her it was only 36 hours and she was pretty mad. She thought I went to school that day, but I didn’t leave my room for like two days. It was good times”

Jeremy in RL plays more than Zero Hour, which is what he is known for in the video series. “To be honest, I own most games that I have played. But typically anytime I pick up a game, I seem to just own anybody at it. Enough to make a show I guess. Everyone takes a couple of losses here and there – you are tired, you had some drinks, I don’t know.” His confidence is both charming and cute, without being a big ego trip. I think that is part of why I enjoy watching the series so much.

“I have been playing games my whole life, it is all I have really done as a hobby. Pong was my first game, I picked it up when I was about two years old, all the adults were laughing at me,” said Jeremy. He got his first Atari when he was 4 or 5.  What about Kyle? “Some of it has rubbed off on me. I like Civilization, played a lot of that, but don’t have the passion that Jeremy has for games.”

I asked Jeremy what the stupidest thing a noob has ever done to him, and he was quick to reply, “Besides entertaining the notion that he has a chance [at winning]?” Many of you might think that his braggadocio is bigger than his actual RL scores, but Jeremy maintains that he has real skills. “I never hacked myself in the game to make the world think you have skills that help you in the game. If you got the skills, you don’t need the hacks. That is what noobs do, they can’t accept the fact that they don’t have skills.”

Of course, trying to prove that he does deliver the goods may not be easy, even for this reporter. Jeremy doesn’t use the same identity in each of his games, even though he goes by the tag the_pwner in the videos. “I never used the_pwner tag in an actual game. Don’t want to break any hearts. I usually switch my names, if you get crazy stats people don’t want to play you when they see your record.”

Any suggestions for the noobs out there who are just getting started with RTS games? “Focus on your micro – make sure you use the keyboard shortcuts, don’t use your mouse,” says the pro gamer. And also watch plenty of replays of other pro’s sessions too.

Better yet, download the videos from their site.

Cisco behaving badly

We’ve had our own journalistic fracas here at Tom’s Hardware this week, and no, it didn’t involve Karl Rove or any leaks about covert ops. At least, not yet. But when we arranged to send one of our reporters to the Black Hat and Defcon shows in Vegas last week, we stepped into a messy situation involving Cisco, ISS, and divulging information about Cisco’s IOS router operating system.

For those of you that haven’t been following the issue, a security researcher by the name of Mike Lynn was scheduled to give a talk at the hacker conference about how he could gain ownership of a random Cisco router by exploiting a buffer overflow condition. Lynn figured this out several months ago, and tried but failed to gain the support of both his now-former employer ISS and also within Cisco. He quit ISS moments before going on stage and presenting how he did it, to a packed audience that included our reporter, along with reporters of several other sites and news organizations.

We posted a story on our sister Tom’s Networking site on Thursday, the day after Lynn gave his talk. The story included photographs of Lynn giving his talk along with photos we took during the talk of several of his presentation slides. In the meantime, down in Vegas the printed copies of his presentation were removed from the show proceedings and new CDs were pressed that didn’t include the electronic copy. Lynn also negotiated an agreement with Cisco and ISS to no longer disseminate this information. And a day after Lynn gave his talk, Cisco announced a patch to work around the exploit.

We received over the weekend a letter from a lawyer representing ISS that asked us to remove the article. Based on the advice of our own counsel, we left the article on our site, and removed the photos from the article and from our web servers.

This is clearly a case of shutting the barn doors after the horses have left, and while I agreed to remove our content (the first time in my journalist career that I have done so), I am not happy about it. Especially since copies of Lynn’s presentation (and our photos too) can be found at many places around the Internet, with just a few minutes of searching. I guess the ISS lawyers will be working overtime to try to get rid of these copies as well.

The whole episode recalls a situation when I was in high school and our public school began using a new health textbook. Someone objected to a couple of chapters in the book regarding sex ed, and before you could say X-acto the school board had approved cutting the offending chapters out of the books and blacking out the table of contents referring to these chapters. Any kid with a modicum of research talent (and this is way before Google) could stop at the local library and read the excised chapters at will. The action was noteworthy enough to make it to the New York Times’ editorial pages.

Removing this content (the Cisco content, not our sex chapters) doesn’t make the Internet safer, doesn’t make our routers more secure, doesn’t encourage IT managers to upgrade their routers and doesn’t make it more difficult to figure out the ultimate exploit. It just makes us, and ISS and Cisco spend more money on lawyering around the problem. All this time and energy and money could be better spent educating the right people. These are the people who should be making their routers more secure and understanding how and why they are vulnerable.

Most certainly, people can figure out what Lynn did and reproduce his attack, without his slides. His talk wasn’t all that prescriptive, and pointedly so. Lynn wasn’t interested in spawning a new series of attacks. At Defcon, a room full of hackers were trying their best to replicate it over the weekend, but didn’t succeed not for lack of trying but for lack of time.

It is only a matter of time before someone else figures this out and posts the steps or writes some code. So take some time, if you are running a Cisco shop, and make sure you have upgraded your IOS as instructed here and understand the exploit. And check this page often, it has already been revised several times in the past week. About time Cisco acknowledged this flaw, and it is unfortunate that it took the circumstances at Black Hat to bring it to light. I realize that the security researchers (the legit ones, such as those who still work at ISS and elsewhere) have a tough dance to do with the vendors they research, but the events of last week and this aren’t the best way to go about business. And cutting pages out of books and trimming images off Web sites is just plain stupid, as much now as when I was in high school health class.

The Browser Wars are so OVER!

It is ironic. Just when the Web is going great guns, just when the post-crash bubble is bubbling, just when Google hits $300 and when Time Warner and Murdoch and Disney have emerged from their collective dalliances and started to create some solid Web content, the browser is so over, so five-minutes ago, so last week.

You have been put on notice: the browser wars are over. Moz doesn’t matter. IE is irrelevant. Opera is doing a swan song. Why? You’ll have to read the column to find out.

An extended history of the BBS

Before there was the Web, before even Al Gore invented the Internet, before email was a daily routine, there were various technologies that flourished under the moniker of BBS, for the bulletin board system. This software was part discussion forum, part messaging system, and part chat rooms—taken together, the BBS contained the seeds of what we all know and love and use today online.

BBS’s came of age in the 1980s and were the passion for many software developers and users alike. Thousands of them flourished and grew in the decade before the Internet and in many instances created the groundwork for the growth of the Internet and its ensuing popularity. They are almost completely extinct as a species as the Internet made it easier to communicate and as TCP/IP protocols became the dominant language of the world.

I never was a big BBS fan, although I grew up professionally alongside them and watched the culture wax and wane. I came of age as an engineer and later as a writer and journalist during this era. At one point I had a job doing R&D for a company that was promoting an early BBS called Electronic Information Exchange System (EIES that was in use in some academic and corporate settings. But there is a still a fond place in my heart and mind for those that helped bring about this era, and luckily video producer Jason Scott has taken upon himself to document the many men and women that took part of the major and minor BBS’ around the world.

The documentary is in the form of a three-DVD package (that sells for $50) that is well produced and professionally done, from the extended slip case to the many notes and supplemental materials included on the DVDs themselves. The videos take the form of a series of 40 minute programs that can be watched in any order and that tell the story of the software, the graphic artists, the developers, the pioneering board operators, and other luminaries such as Vint Cert from MCI and Ward Christensen who built one of the first BBS’s and developed the XMODEM protocols that enabled many BBS’ file transfer activities.

What I found interesting about the video interviews was how passionate everyone was about their BBS’s – in some cases, people still had their original computing rigs, modems, and other gear from BBS’s long gone from the scene, and could recall details about their activities 20 and 30 years ago as if it were still fresh in their minds. In some cases, these were people who clearly had their creative peak in their early teens and twenties. But many of the people in the videos are just ordinary geeks, having fun the way geeks know: learning how to use a new computer system and telling people all about it. What is amazing is how primitive these systems are by today’s standards: we are talking character-mode screens, 300 baud modems, and hardware that was measured in single-digit MHz and KB of RAM.

Scott got his start with the BBS culture with a Web site called textfiles.com, where he archived and saved the hundreds of files that BBS owners catalogued and maintained on their boards. He then expanded his interests into video production and began a multi-year product to interview anyone who would talk to him about their BBS experience. It is a labor of love and it shows.

Scott conducted hundreds of interviews with people notable and unknown, but with one common element: most of the people have terrifically bad haircuts and no fashion sense whatsoever. Even years later, and many of these people in are in their advanced years, they still proudly wear their outdated logo t-shirts and sit on furniture that could best be described as items that even the local Goodwill would turn down. One woman had a sofa with a pattern of repeating numbers 0 and 1 across it. Many of the people are filmed sitting next to their gear that they ran their BBS on, and these old relics of computers recall the dawn of the PC era, when the Commodore 64 and Apple II were new and novel.

The BBS was the precursor to many things that we take for granted now in the world of the Internet: world-wide nearly instantaneous communications, group discussion forums, instant messaging, multi-user games, online porn, and on and on. It was a culture into itself, and Scott does a terrific job of documenting this era. What makes for compelling film is that he is great at letting everyone tell their individual stories, and collectively it is a fascinating tour de force.

One segment concerns the hacker BBS culture. As Scott says, “portraying a generation of BBS users as evil geniuses bent on destruction is an easy story to tell – but that isn’t the story told here.” Another is the story about ANSI or ASCII art, images that are entirely constructed out of characters meant to be printed on a typewriter, the beginnings of the modern era of computer generated art and the online porn industry. The story about the phone phreaks is a good story about the lengths that people would go towards free long distance calls, back in the day when these calls were much more expensive than they are now. Again, this was something completely embraced by the mainstream with freebie IP voice software such as Skype.

“People today get their noses pierced. We were anarchists back then.”

For those of you that fondly remember the BBS era, this video is a must-have and recommended viewing. It is entertaining, it is informative, and it is exceptionally well done. For those of you too young to remember, it is a trip back in time to a part of our computing history that is well worth exploring. The video can be ordered  from their web site.

SLI Stands for Silly

If you haven’t yet placed your order for your 7800 GTX cards (I am assuming that you are buying a pair), here are some reasons you might want to wait. I realize that this advice flies in the face of all that is holy here at Tom’s Hardware, where we celebrate the new, the sexy, the champions of performance and the twin lords of graphics horsepower.

You can read the complete column here.

Tom’s Hardware: Interview with Phil Dukelberger

PGP the product has had a long and interesting past. It began as a piece of shareware written by Phil Zimmerman in the early 1990s called Pretty Good Privacy, a DOS-based command-line encryption utility that was used by uber-hackers to keep their emails from prying eyes and keyboards. Back then the Internet was young, the Web was still to come, and to make matters worse, the US Government quickly banned the nascent software utility, claiming that email encryption was a national security threat.

Well, eventually the government came to its senses and PGP became the gold standard for keeping emails private. A software company grew around the utility and became successful enough that the conglomerate called Network Associates bought PGP in 1997. After several releases, including support for Windows and Unix, a group of investors were formed in 2002 and purchased the assets and intellectual property back from Network Associates (which is now called McAfee) to have a successful life as PGP Corp.  (Note: PGP is now a part of Symantec.)

The company is run by Phil Dunkelberger, who was at the helm in the days before Network Associates era in the mid 1990s. The president and CEO is a soft-spoken but very intense man that is very focused on the task at hand, making PGP into the best encryption software provider bar none. Dunkelberger has a long heritage with his technology chops, going back to Xerox’s Palo Alto Research Labs in the late 1970s when they introduced the Star workstation, the precursor of the modern PC. He runs both Mac and Windows PCs today. We caught up with him recently in San Francisco, where he spoke to us about how the company was formed, where it is going, and how its channel and products have evolved.

Q. How easy was it to take PGP’s assets out of Network Associates (NAI)?

A: It was actually fairly easy for us. NAI had told the world that they were going to discontinue innovating PGP and that they weren’t going to support the products. So the end of life notice was already given when we picked up the assets from NAI.

I have seen more and more resurrected companies since we did our deal. There are a number of small and big opportunities and the traditional venture mode is changing. You can get a head start by acquiring these assets. My advice to entrepreneurs is instead of build it yourself to begin with look for proven, standards-based technology or a vertical market, and then pursue this because in our case it certainly gave us a running start.

Building a real business these days requires a lot deeper and broader set of skills than what was required five or seven years ago: your management team has to be deeper, your VCs have to be more patient. People aren’t as quick to bet on innovative companies these days. If you are entrepreneur, I would recommend that you buy an existing customer base.

Q: Do you ever use a public kiosk or public wifi network to get your own email?

A: I am pretty good about using our own security products. I don’t ever roam freely around those networks without any protection, and there are certain things that I won’t do on a public network. And if you are in a hotel in Europe if you aren’t protected you will likely get some form of malware on your machine from their networks.

Most of the time when I travel I use TMobile’s service, although I have used many others. On a recent trip to Europe I was on Vodaphone’s network at the Munich airport and Swisscom in Switzerland. I also use our own products extensively, including our own disk encryption and firewalls. Although right now I am testing Symantec’s Norton desktop firewall and several VPN clients as part of our internal quality assurance tests. All of us, and especially the executives at PGP, run a lot of different things to test our software against. It was a lucky thing that I had more than one VPN client installed, as one worked on the Lufthansa flight back from Europe and one didn’t. That was very fortuitous.
Q: How important to you personally is hard disk encryption?

A: I have had my laptop taken away from me briefly at airports for security screenings, and have the screeners pick it off the belt where I can’t see it, and that motivates me to make sure that everything on it is encrypted. Our product really is a godsend, and all my files on my laptop are encrypted. These days securing your data and not just encapsulation of the pipe is becoming more and more important, and an absolute business requirement.

Q: How does a corporation get started on setting up email security policy options?

A: We have seen this happen in variety of different ways: channel, reach, compliance and remediation, and industry-specific situations. First, it helps by having a robust channel with some focus on vertical markets where a company is under some kind of compliance and has some kind of external force pushing them to encrypt and protect their email traffic. Second, we have also seen many small businesses that are in business servicing someone big, and that big company mandates their suppliers and customers send email using PGP. We have a large auto manufacturer in Germany that has 5,000 suppliers and that mandated all of those small businesses to send email with PGP. Both are easier entries than just going in there cold and trying to get people to realize that file attachments are an issue.

As we look at the overall trends in business, there is more awareness about security in general and encryption. For example, in California there are small real estate companies and banks that are very aware of what they have to do to secure their data.

Q: You got your start with selling command-line encryption tools. How is that market doing?

A: We re-introduced the command line encryption products the middle of last year, and the business has grown 100% a quarter for the past three quarters. It has been a very pleasant surprise. We have had days where people order $50,000 off our Web site with their own credit cards. We have everything from a large aircraft manufacturer that takes all of the manuals to banks on Wall Street using the command line product. Some of our customers are encrypting their backup files and then storing them on tapes.

Q: Who of the surviving email security vendors is your competition these days?

A: We usually have two kinds of competitors now. First are the PKI infrastructure vendors, including Microsoft, Entrust, Cisco, Juniper, Aventail and those kinds of solutions. We usually win based on usability and reliability. Then we also have traditional email vendors that are selling into particular vertical markets such as Tumbleweed and Sigaba, and we win when the solution involves more than just selling email as part of the entire solution. We tend to be a suite vendor rather than selling a single product.

Q: Your PGP Universal product is supposedly very easy to deploy. Can you give me an example?

A: Universal is ready to run on a number of platforms, you just add hardware, and it works. Our biggest solution to date was with one of the top pharmaceutical firms and we had it running in less than 30 days for over 70,000 users. One of the very valuable features of the product is something we call “learn mode” which means the product just observes the traffic but doesn’t interfere with the mail stream and is very useful to help our installers as they tune the system to a particular customer’s needs.

Q: What do you think of the Microsoft/Groove announcement?

A: I think this validates the whole idea of peer-to-peer security that we have been talking about for many years and we welcome what they are doing.

Q: Tell me more about how you have developed your channel program and how it evolved.

A: We have three tiers of resellers. The top tier has the same training that our own system engineers have, and have to be able to install all the products and understand their interaction with our various partner products as well. The next tier has specific service contracts typically for larger corporate customers and they only need to know a couple of our products. The last tier are not very solutions oriented, just sell in quantity one to five units, typically only deal with our desktop products and specialize with one or two products and not sell enterprise-level products.

Our channel has evolved over the past several years. We now have 300 resellers in 91 countries and have added 30,000 new customers in the less than three years since we began our company and taken it out of NAI. In fact, our sales now are better than any of the years when we were part of NAI.

When I was in charge of sales at Symantec, we found that you couldn’t rely on the channels to create demand for new products like PGP Universal. The channel makes money on support, service, hardware management, off-site monitoring and so forth. But we had to go out and find the market segment, recruit the resellers, and do things like build hands-on labs to train our VARs and find other partnerships that would work for us.

For example we just put on a four-day training session in Singapore, for our local partners. We get everyone involved in installing the software and understanding how the products work in a very hands-on session.

But we also established a series of technology partnerships with vendors that have major email solutions such as IronPort, SendMail and MailFrontier. These vendors all offer things like anti-spam and content filtering solutions. First they wanted to cross-train their sales teams to resell our products and as their gained experience with PGP they became OEMs and wanted to bundle their software with ours on a single box. Now they are an active channel for us and we have consolidated reporting. They sell a single solution and everyone gets a better margin and the customer gets one vendor to buy all of it from and fewer vendors to deal with for front line support.

Q: So any final thoughts?

A: We have become successful because of several things. First, encryption is just becoming a standard feature for more and more people. It operates down at the transport layer and is just like a network dial tone, what I call “encryption tone” these days. Second, we got a great start by being established and not having to recreate everything from scratch when we came out of NAI. Third, it helps that we are an open standards vendor and we publish our source code. We wish more companies would publish their code as well. Finally, we have a very good product road map and we spend a lot of time listening to our customers, asking them what they want in the next two versions of the products and so forth.

Dark blogs

(Note: this was first written in 2005.)

Blogs are everywhere, and you know they have reached the point of no return when corporate IT departments begin to evaluate different blogging software tools and the topic gets cover story treatment from Business Week and Fast Company, for those of you that haven’t looked at a printed magazine in a while.

But what got me going was reading the a research report written by Suw Charman called Dark Blogs: The Use of Blogs in Business. The report is a case study of large European pharmaceutical company’s implementation of Traction Software’s TeamPage, a commercial blogging tool. Given that the report was paid for by Traction, you want to take a few of its conclusions with care, but still it gives some good advice when it comes to implementing blogs in the corporate world.

There has been a lot written about using corporate blogs for external communication, such as the CEO blogs from Schwartz, Cuban et al. But what caught my eye was how blogs have developed into a new IT tool for internal communications of the common cubicle dwellers, deep behind the corporate firewall (hence the name dark blog).

Before I roll through Charman’s conclusions I want to point out a couple of things that struck me reading her report. The pharma needed some software to keep track of its competitors and have a central place where researchers and corporate management could easily capture this information and comment on it. They were having problems with keeping up to date and getting the right people to discuss what was going on, and went looking for solutions.

They weren’t happy with their previous systems, using various Web-based intranets and applications built on top of Lotus Notes. The information they track is fairly unstructured and comes from lots of different sources. Notes is a very structured program, which is great for building databases on the fly but not so great if the information doesn’t have a consistent format and structure. The company wanted something that had the group collaboration dynamic of a blog, with the flavor of editing-on-the-fly of a wiki that was easy to use and didn’t require special software outside of the Web browser. Does this sound familiar? I can’t tell you how many companies I talk to want something similar. Heck, I want something similar for my crew here at Tom’s.

So what happened? The company built its blogs (they had several underway, which shows you how useful they were) in such a way as to tie in with the corporate LDAP directory structure (for a single user login) and to provide email notifications when new entries were posted. I think both of these are big reasons for its success, because it wasn’t as technologically disruptive to the corporate culture as it could have been. Pharmas are big email consumers, and having a blog technology that fit in with their email habits was important.

Second, they ran their blog like we run our publishing mini-empire here at Tom’s, with an editor-in-chief and a publishing process that was well defined to get material from the individual author to the Web. A lot of people mistake this process with censorship or control of information, but the actual use (and what seems to be happening at this pharma company) is to polish and make the information readable and attractive and organized. The Traction software also allows for an edit audit trail to see who was editing what piece when and a permissions system so that not everyone can edit or even view every piece. Too many blogs are just typing and not a real editorial product. You need extra pairs of eyes and brains (hopefully both connected and working together) to make sure that what gets posted makes sense.

Charman mentioned these other lessons:

  • Taking blogs to the corporate masses
  • The blogs’ aims were clear and precise and had been well defined
  • The project had the full support of the CEO and upper management
  • There was a well constructed project plan, which included consideration of high level issues such as structure, taxonomy and search requirements as well as day to day user requirements
  • The open commenting system allows for dialogue with users
  • Integration with existing systems and technologies created a more seamless user experience
  • Read permission control means that potentially sensitive information can only be accessed only by those who need it

Charman says in the report that “Compared to setting up a similar project on a more traditional CMS or KM platform, the project has been simpler, faster, more effective and less expensive to implement.” And that is perhaps the best lesson for today’s IT departments: find a technology that you can roll out quickly, that doesn’t require a great deal of training, and get the right people behind it. While you are at it, roll it out to a focused user group to build word of corporate mouth prior to a company-wide launch.

Looking for more tips about dark blogs? CIO Insight’s Edward Cone offers these suggestions in his story about corporate blogging.

Blogging.org has a nice rundown on how to make money with your blog that is aimed more for individuals, but still has some great advice for corporations.

Granted, blogs are the new religion, or the new color black, or the return of/son of push technology or the latest killer app, depending on your time and tenure in the IT industry. But like so many other corporate IT projects, their success or failure hinges not on the actual technology itself, but how you finesse the people parts of the equation and sell the app to userland.  The pharma case study is a good example of these “softer” parts of the IT equilibrium and how well it can work. It is nice to see that sometimes IT can get it right and be the good guys for a change.

Phil Dunkelberger from PGP

PGP the product has had a long and interesting past. It began as a piece of shareware written by Phil Zimmerman in the early 1990s called Pretty Good Privacy, a DOS-based command-line encryption utility that was used by uber-hackers to keep their emails from prying eyes and keyboards. Back then the Internet was young, the Web was still to come, and to make matters worse, the US Government quickly banned the nascent software utility, claiming that email encryption was a national security threat.

Well, eventually the government came to its senses and PGP became the gold standard for keeping emails private. A software company grew around the utility and became successful enough that the conglomerate called Network Associates bought PGP in 1997. After several releases, including support for Windows and Unix, a group of investors were formed in 2002 and purchased the assets and intellectual property back from Network Associates (which is now called McAfee) to have a successful life as PGP Corp.

The company is run by Phil Dunkelberger, who was at the helm in the days before Network Associates era in the mid 1990s. The president and CEO is a soft-spoken but very intense man that is very focused on the task at hand, making PGP into the best encryption software provider bar none. Dunkelberger has a long heritage with his technology chops, going back to Xerox’s Palo Alto Research Labs in the late 1970s when they introduced the Star workstation, the precursor of the modern PC. He runs both Mac and Windows PCs today. We caught up with him recently in San Francisco, where he spoke to us about how the company was formed, where it is going, and how its channel and products have evolved.

Q. How easy was it to take PGP’s assets out of Network Associates (NAI)?

A: It was actually fairly easy for us. NAI had told the world that they were going to discontinue innovating PGP and that they weren’t going to support the products. So the end of life notice was already given when we picked up the assets from NAI.

I have seen more and more resurrected companies since we did our deal. There are a number of small and big opportunities and the traditional venture mode is changing. You can get a head start by acquiring these assets. My advice to entrepreneurs is instead of build it yourself to begin with look for proven, standards-based technology or a vertical market, and then pursue this because in our case it certainly gave us a running start.

Building a real business these days requires a lot deeper and broader set of skills than what was required five or seven years ago: your management team has to be deeper, your VCs have to be more patient. People aren’t as quick to bet on innovative companies these days. If you are entrepreneur, I would recommend that you buy an existing customer base.

Q: Do you ever use a public kiosk or public wifi network to get your own email?

A: I am pretty good about using our own security products. I don’t ever roam freely around those networks without any protection, and there are certain things that I won’t do on a public network. And if you are in a hotel in Europe if you aren’t protected you will likely get some form of malware on your machine from their networks.

Most of the time when I travel I use TMobile’s service, although I have used many others. On a recent trip to Europe I was on Vodaphone’s network at the Munich airport and Swisscom in Switzerland. I also use our own products extensively, including our own disk encryption and firewalls. Although right now I am testing Symantec’s Norton desktop firewall and several VPN clients as part of our internal quality assurance tests. All of us, and especially the executives at PGP, run a lot of different things to test our software against. It was a lucky thing that I had more than one VPN client installed, as one worked on the Lufthansa flight back from Europe and one didn’t. That was very fortuitous.

Q: How important to you personally is hard disk encryption?

A: I have had my laptop taken away from me briefly at airports for security screenings, and have the screeners pick it off the belt where I can’t see it, and that motivates me to make sure that everything on it is encrypted. Our product really is a godsend, and all my files on my laptop are encrypted. These days securing your data and not just encapsulation of the pipe is becoming more and more important, and an absolute business requirement.

Q: How does a corporation get started on setting up email security policy options?

A: We have seen this happen in variety of different ways: channel, reach, compliance and remediation, and industry-specific situations. First, it helps by having a robust channel with some focus on vertical markets where a company is under some kind of compliance and has some kind of external force pushing them to encrypt and protect their email traffic. Second, we have also seen many small businesses that are in business servicing someone big, and that big company mandates their suppliers and customers send email using PGP.  We have a large auto manufacturer in Germany that has 5,000 suppliers and that mandated all of those small businesses to send email with PGP. Both are easier entries than just going in there cold and trying to get people to realize that file attachments are an issue.

As we look at the overall trends in business, there is more awareness about security in general and encryption. For example, in California there are small real estate companies and banks that are very aware of what they have to do to secure their data.

Q: You got your start with selling command-line encryption tools. How is that market doing?

A: We re-introduced the command line encryption products the middle of last year, and the business has grown 100% a quarter for the past three quarters. It has been a very pleasant surprise. We have had days where people order $50,000 off our Web site with their own credit cards. We have everything from a large aircraft manufacturer that takes all of the manuals to banks on Wall Street using the command line product. Some of our customers are encrypting their backup files and then storing them on tapes.

Q: Who of the surviving email security vendors is your competition these days?

A: We usually have two kinds of competitors now. First are the PKI infrastructure vendors, including Microsoft, Entrust, Cisco, Juniper, Aventail and those kinds of solutions. We usually win based on usability and reliability. Then we also have traditional email vendors that are selling into particular vertical markets such as Tumbleweed and Sigaba, and we win when the solution involves more than just selling email as part of the entire solution. We tend to be a suite vendor rather than selling a single product.

Q: Your PGP Universal product is supposedly very easy to deploy. Can you give me an example?

A: Universal is ready to run on a number of platforms, you just add hardware, and it works. Our biggest solution to date was with one of the top pharmaceutical firms and we had it running in less than 30 days for over 70,000 users. One of the very valuable features of the product is something we call “learn mode” which means the product just observes the traffic but doesn’t interfere with the mail stream and is very useful to help our installers as they tune the system to a particular customer’s needs.

Q: What do you think of the Microsoft/Groove announcement?

A: I think this validates the whole idea of peer-to-peer security that we have been talking about for many years and we welcome what they are doing.

Q: Tell me more about how you have developed your channel program and how it evolved.

A: We have three tiers of resellers. The top tier has the same training that our own system engineers have, and have to be able to install all the products and understand their interaction with our various partner products as well. The next tier has specific service contracts typically for larger corporate customers and they only need to know a couple of our products. The last tier are not very solutions oriented, just sell in quantity one to five units, typically only deal with our desktop products and specialize with one or two products and not sell enterprise-level products.

Our channel has evolved over the past several years. We now have 300 resellers in 91 countries and have added 30,000 new customers in the less than three years since we began our company and taken it out of NAI. In fact, our sales now are better than any of the years when we were part of NAI.

When I was in charge of sales at Symantec, we found that you couldn’t rely on the channels to create demand for new products like PGP Universal. The channel makes money on support, service, hardware management, off-site monitoring and so forth. But we had to go out and find the market segment, recruit the resellers, and do things like build hands-on labs to train our VARs and find other partnerships that would work for us.

For example we just put on a four-day training session in Singapore, for our local partners. We get everyone involved in installing the software and understanding how the products work in a very hands-on session.

But we also established a series of technology partnerships with vendors that have major email solutions such as IronPort, SendMail and MailFrontier. These vendors all offer things like anti-spam and content filtering solutions. First they wanted to cross-train their sales teams to resell our products and as their gained experience with PGP they became OEMs and wanted to bundle their software with ours on a single box. Now they are an active channel for us and we have consolidated reporting. They sell a single solution and everyone gets a better margin and the customer gets one vendor to buy all of it from and fewer vendors to deal with for front line support.

Q: So any final thoughts?

A: We have become successful because of several things. First, encryption is just becoming a standard feature for more and more people. It operates down at the transport layer and is just like a network dial tone, what I call “encryption tone” these days. Second, we got a great start by being established and not having to recreate everything from scratch when we came out of NAI. Third, it helps that we are an open standards vendor and we publish our source code. We wish more companies would publish their code as well. Finally, we have a very good product road map and we spend a lot of time listening to our customers, asking them what they want in the next two versions of the products and so forth.

Power to Your Laptop

I want to take a moment to help you become a more powerful user. It won’t take much time and effort, and it will save you a ton of time if the unexpected strikes you down the road. And it is really simple to do and doesn’t require much in the way of technical knowledge.

Last week I lost the power supply to my laptop somewhere between the airport and home. It isn’t a big thing, and compared to losing my laptop ranks low down there on the charts. But it could have been much easier, if all I had to do was take note of something very simple: the power specs of my AC adapter.

You can read more about it here.

Pat Gelsinger from Intel

There are few people in the computer industry that have shaped the evolution of the microprocessor (and related technologies) as much as Pat Gelsinger. More than 25 years ago, he began his career “one step above janitor” as a Technician 2 at Intel, stuffing boards. He eventually rose to the position of the company’s first chief technology officer (CTO), before taking his current posting as executive vice president of the Digital Enterprise Group.

Read the full interview that Wolfgang Gruener and I conducted here.