Strategy and Technology

33 Books in 2019

2020-01-06 by Roberto Zoia 1 Comment

As I’ve written before, we live in an age where self-learning becomes more relevant every day. As less people read books, reading becomes a real competitive advantage. It’s a very effective way of standing on the shoulders of giants.

In 2019 I completed a total of 16 books (non-fiction) and 17 novels. From the non-fiction list, these are the ones I enjoyed very much and consider worth recommending:

21 Lessons for the 21st Century by Yuval Noah Harari.
This Is Marketing: You Can’t Be Seen Until You Learn to See by Seth Godin and Ken Blanchard.
Building a Better Business Using the Lego Serious Play Method by Per Kristiansen and Robert Rasmussun.
Atomic Habits by James Clear.
Keep Going: 10 Ways to Stay Creative in Good Times and Bad by Austin Kleon.
AI Superpowers: China, Silicon Valley, and the New World Order by Kai-Fu Lee.
Information Doesn’t Want to Be Free: Laws for the Internet Age by Cory Doctorow, Neil Gaiman and Amanda Palmer.

These are the books enjoyed most in the fiction/fantasy category. If I had to choose one, I would pick the Remembrance of Earth’s Past trilogy by Liu Cixin.

A Year and a Day in Old Theradane by Scott Lynch. (Fantasy.)
The Murderbot Diaries by Martha Wells (All Systems Red, Artificial Condition, Rouge Protocol, Exit Strategy). (Science-fiction.)
The Quantum Evolution Series (The Quantum Magician, The Quantum Garden) by Derek Künsken. (Science-fiction.)
Lady Astronaut series (The Calculating Stars, The Fated Sky) by Mary Robinette Kowal. (Science-fiction.)
Delta-V by Daniel Suarez. (Science-fiction, techno-thriller.)
Remembrance of Earth’s Past trilogy (The Three-Body Problem, The Dark Forest, Death’s End) by Liu Cixin. (Science-fiction.)
The Technologists by Matthew Pearl. (Historical mystery.)

Photo by Nong Vang on Unsplash.

Problem Solving Skills for the Future

2019-08-28 by Roberto Zoia 1 Comment

Learning complex thinking is uncomfortable. Complexity is, after all, the realm of unknown unknowns.

The Cynefin Framework is a conceptual framework created in 1999 by Mary E. Boone and Dave J. Snowden while working for IBM Global Services. It classifies the issues leaders face into five contexts, defined by the nature of the relationship between cause and effect. It offers decision-makers a “sense of place” from which to view their perceptions, and make better decisions.

Obvious or simple is the domain of best practice, or known knowns. Problems in this realm can be solved by applying rules or best practices. There is rarely disagreement or doubt about what needs to be done.

Complicated is the domain of experts, the realm of the known unknowns. Relating cause and effect requires expertise and analysis, but once the problem has been analyzed, the course of action is clear: apply the appropriate good operating practice.

Complex, on the other hand, is the context of the unknown unknowns, where the relation between cause and effect is known only in retrospective. “Complexity is more a way of thinking about the world than a new way of working with mathematical models¹.” Complex systems are dynamic. They involve large numbers of interacting elements. Interactions are non-linear. The whole is greater than the sum of its parts.

Political entities, organizations, markets, the rainforest… are examples of complex realities.

Solutions to complex problems can’t be imposed. There is no ‘right solution’. Deciding on the criteria to be used to evaluate possible solutions is part of solving problems in this realm.

Most situations and decisions in organizations are complex because some major change—a bad quarter, a shift in management, a merger or acquisition—introduces unpredictability and flux. In this domain, we can understand why things happen only in retrospect².

Finally, a problem is chaotic when it’s too confusing to wait for a knowledge-based response. Because cause and effect are unclear, we need to establish certain level of order first, sense where stability lies, and try to turn what’s chaotic into the realm of complexity.

Guess what kind of problem solving skills will give you an unfair advantage and won’t get you replaced by a robot, automation, or a clever machine learning algorithm anytime soon. “Work is moving yet again. The move from Simple to Complicated that was a hallmark of the twentieth century is being outpaced by a move from Complicated to Complex and Chaotic³.”

To learn to navigate the sea of complexity, you need a sense of curiosity and the habit to notice the nature of things around you. You need to nurture the ability to learn new things. Expose yourself to complex situations, where identifying the problems is part of the challenge, leaving behind the shallow and safe waters of what’s just complicated and tactical.

Photo by Samuel Zeller on Unsplash

cfr HBR, November 2007. A Leader’s Framework for Decision Making. SNOWDEN, David J. and BOONE, Mary E. ↩
cfr HBR, November 2007, idem. ↩
Taylor Pearson, The Commoditization of Credentialism: Why MBAs and JDs Can’t Get Jobs. ↩

How to Prevent Hackers from Accessing Your Mail and Other Online Services

2019-08-18 by Roberto Zoia Leave a Comment

Online security is more relevant than ever. News from hackers breaching massive number of user accounts from an online service no longer surprises anyone.

Two important things that you should do today to improve the security of your online accounts are setting up two-factor authentication and using a password manager.

Two-factor Authentication

Two-factor authentication means that each time you log into an online service, before you can get access to your account, you’ll be asked to enter an additional code after you enter your password. This code is generated by an app on your phone¹, or sent to you by SMS, and changes every 30 seconds. With two-factor authentication enabled, even if your password is compromised, a hacker cannot log in into your account.

Ideally, security is based on three things: something you know, something you have, and something you are. Almost everybody uses usernames and passwords. That’s something you know. But as security experts point out, “passwords have outlived their usefulness as a serious security device”. Adding something you have to the login process, like an additional code generated by an app in your phone, greatly enhances security.

If you are required to use your fingerprint to unlock your phone, then you’ve introduced a third factor: something you are. This is probably the best scenario you can get without resorting to professional-level security.

There are several authenticator apps on the market, perhaps the most well-known are Google Authenticator and Authy. Microsoft also offers an app. My personal favorite is Authy, because it syncs across devices so you can generate tokens from your phone or laptop. (Authy’s webpage offers a handful of guides on how to activate two-factor authentication on popular services. Check, for example, their guide for Gmail.)

What if your mail service provider doesn’t offer two-factor authentication? Don’t hesitate, change to a provider that does.

Use a Password Manager

The second most important thing is to use a password manager. Writing down your passwords on a stick-it note or in your iPhone’s Notes app is not only inefficient but insecure.

Companies that require their employees to change their passwords every 30 days, and don’t provide them with a password manager, are simply encouraging their employees to use weak, easy to guess passwords, or to write them down in a note they stick to their laptops.

With a password manager, you only need to remember one password: the one for the password manager itself. The app takes care of storing the usernames and passwords for every online service you use. Thanks to browser extensions, they recognize which webpage you are visiting and fill in the proper credentials. It also keeps you passwords synchronized between devices. (And yes, you can enable two-factor authentication for the password manager itself.)

Passwords and hashes

To understand why password length and complexity is important, we need to dive into how online services store passwords, and what hackers do when they steal user’s credentials from a server.

When an online service asks you to enter a password to create your account, the password is not stored as-is in the company’s servers. Instead, the server generates a hash code for the password. This hash code, and not the actual password, is stored along with your username and other data on the server².

A hash is a mathematical function that takes a string of data as an argument, and produces a fixed-size series of numbers, which is call a hash code. Different passwords will produce different hash codes, and it is nearly impossible to deduce the original password from the hash code.

To verify your identity, the online service asks for your password, generates a hash code for the characters you typed in, and compares it to the hash code it generated when you created your account (or last changed your password). If both hash codes are equal, it means that the password you just typed and the password registered on the server are the same. You are granted access to your account.

Now and then, hackers break into an online service’s servers and steal data: email addresses, and password hashes, among other data. These stolen databases are sold in the black market for money³.

As computer processing power becomes cheaper, it is possible to try a brute-force attack against a stolen database and succesfully recover part of the original passwords from the hash codes. Brute-force means that the hacker will use a program to generate, systematically, passwords with every combination of characters, and compare their hash codes with the hash codes in the stolen database⁴. For every match, the attacker now knows he or she’s got the password for a given account.

To protect you from this kind of attack, password managers allow you to generate long and random passwords for each new service you sign in. If you are inventing passwords by yourself, then your passwords are probably not long or complex enough. A long enough password ensures that a hacker won’t be able to crack it for several years from today.

This comic by xkcd’s Randall Munroe illustrates the point.

If the hacker get’s to know your username and password, chances are he or she will try to use them to access your accounts on popular services: Gmail, Facebook, Dropbox, Instagram, LinkedIn, etc. Once he’s got access to your email, he can request a password reset from other services, which will send a link to for resetting your password to your now-compromised email account. (That’s another reason to enable two-factor authentication.)

Which password manager should you use? I can recommend 1Password, which I’ve been using for several years now. Also, LastPass has excellent reviews.

Two-factor authentication and using a password manager are the most important things you should do today to improve online safety and protect your accounts from being hacked.

Photo by Dayne Topkin on Unsplash

These apps are called, among other names, two-factor authentication or 2FA apps, authenticator apps, one-time password or OTP apps. ↩
There are some online services that store their customer’s passwords as-is, which is a terrible practice. You can detect such services when you forget your password and click on the ‘Forgot your password?’ link: they’ll send you your password by email, instead of generating a new one or sending a link to reset it. ↩
There are pages that will tell you if your email has been compromised in a data breach. Check, for example, \. ↩
The attacker doesn’t even have to be an expert hacker to do this. For $10, you can get a very good book explaining how to do it. ↩

Maybe it’s time to let the old ways die

2019-08-09 by Roberto Zoia Leave a Comment

A difficult aspect of facing technological innovation is the decision to change your business model in ways that disrupts your current business. It’s not easy to leave the safe shores of what works and is known.

NiemanLab published this interesting article about the L.A. Times and its difficulties competing in the digital business once the advantage of physical distribution of newspaper that gave them market power disappeared. Among other things, the L.A. Times is late in the game. The New York Times launched its first try at digital subscriptions in 2011, eight years ago. The table below, extracted from the article, shows the results.

“In every era, traditional media channels will diminish, dismiss and ignore the new ones. They do this at the very same time that they are supplanted by the new ones. While they will occasionally spend some time or money testing a new medium, they rarely leap.¹”

An important exercise is to write down a list of the current technology trends, and consider how they could affect your business. The difficult part is not falling in a blind spot, dismissing things as ‘hyped’ or ‘not serious’.

Take, for example, Artificial Intelligence (AI). If you follow some kind of business trends, you’ll read news every day of companies applying AI to some part of their operation. The insight here is that there are a small fraction that are actually applying advanced AI. But there is a significant number of companies that are going through ruthless automation of everything task-related, applying automation to every process possible. Call it ‘basic AI’ if you want. In a couple of years, thanks to their lower costs and operational efficiencies (and the insight they can get from their data), these companies will be in a significantly better poisition to compete than companies that are dismissing AI as just ‘hype’.

Hint: If you can’t identify a technology trend that could disrupt your current business model, you’re doing your analysis wrong.

Photo by Austin Chan on Unsplash.

cfr Seth Goding, The old media/new media chasm. ↩