PCs: "The news of my death has been greatly exaggerated!"

With Apple's iPad storming the scene, some felt that the PC was dead giving away ground to the tablet form factor. What I felt that Apple achieved with the iPad, was the "toasterfication of IT": turning the relative complex device in something that is easy to operate as a toaster. This lent it to be something that would a fan favourite with the elderly and kids.

Things don't look as rosy for the iPad. Fortune reported that "the iPad is the current leader in the tablet market, accounting for 24.5% of all tablet sales, its market share has consistently decreased by about 18% over the last few years".

Nick Statt of CNET posted a great article that discusses some possible reasons as to the declining fortunes of the tablet. Once seen as a PC killer, now is in a state of normalization. One could argue that the tablet is entering into the "trough of disillusionment" after slide down the "peak of inflated expectations". Nick explains in his article that mini-tablets have lost market share to the the phablet (as I have noted in previous posts, I strongly dislike this term. But phonelet isn't much better!). Quoting IDC analyst, Jean Philippe Bouchard, "When your phone is only an inch or two shy, what's the point".

I find his analysis dead on: when I migrated from the Blackberry, I went straight to the Samsung Note to get a larger screen that would be easier to type because I was so used to the physical keyboard. However, when I was contemplating getting the Nexus 7 from Google, I thought exactly that: why bother with the tablet when my Note is already a "pocket tablet"? 

When it comes to the larger tablet form factors, Nick points out that tablet owners are favouring to keep their iPads for a longer period of time and now are opting for the 2-in-1s (like Lenovo's Yoga line of laptops), which enable more productivity than the tablet counterparts.

Why is this the case?

It seems to me that people have realized that tablets are more of a consumption device rather than a productivity device: they are great for reading, listen to podcasts or watching videos. However, if you want to churn out a blogpost, document or even email - you need that physical keyboard.

Wall Street Journal also had an interesting op-ed pointing to the continued usefulness of the PC. Geoffrey Fowler attempts to convince us  that the next computer should actually be - wait for this - a desktop! Mr. Fowler, not without humour, mentioned how a friend asked him whether he still drove a horse and buggy!

Jokes aside, I think he does a pretty good job in pointing out that when you are able to connect remotely via multiple devices to cloud based software to get your work done, desktops make a lot of sense. In the article, he included the following link that points to the improved productivity (17% more to be exact) of using a full keyboard and mouse. The article includes a number of suggestion, including the HP Pavillion mini, which looks quite tempting (see the CNET preview below). Definitely agree with the tip about using the keyboard and mouse: I actually lug around my ergonomic Microsoft mouse and keyboard connecting to my work issued 2-in-1 Lenovo Yoga to save my wrists and neck.



The revised interest in the PC and retreat in sales of the iPad highlights the importance of being on top of tech trends and avoiding the "bleeding edge": executives should be sure of the business value of the technology before jumping the bandwagon.

Artificial Intelligence: The new "space race" for the tech-giants?

When IBM's Watson defeated Ken Jennings and Brad Ritter on Jeopardy!, it was a shock. As Ken Jennings describes in this Ted Talk, he had no idea that a computer could possibly defeat him at Jeopardy! On this Ted Talk, Ken Jennings describes how he never thought that a computer could beat him:



And he's right.

How can a computer possibly understand that "feel can smell" and a "nose can run"? 

But on February 16th 2011, IBM's Watson did precisely that: it was able to defeat the two reigning human champions Ken Jennings and Brad Rutter. And with that IBM ignited the space race for artificial intelligence.

Although people may point to the wide array of personal digital assistants from Apple (Siri), Microsoft (Cortana) or Google Now as the true birth of the AI space race. However, these application are limited to the use of the personal arena. Anyone who used things like Google Now - which can link your calendar to traffic patterns and tell you if you'll be late for appointment - can tell how amazing it is to how have a digital assistant work behind the scenes to keep your day on track. That, however, is limited to the consumer realm. Where AI gets real interesting is the B2B realm: Watson has made some strides in automating the FAQ process. However, it's real promise has been demonstrated in the cancer treatment realm, where it enables doctors to "race with the machine" combining the millions of pages of medical journals and articles to determine the best cancer treatment for patients.  Watson is available in a cloud offering to developers who submit applications.

But IBM is not alone and so the AI Space Race is on!

As for the other vendors, see the following:

• Google's prediction API
• Amazon Machine Learning
• Microsoft's Azure Machine Learning

However, the one that I am really waiting to hear about is coming from the makers of the Siri, Viv.ai. They are hoping to build AI as a service, similar to Bluetooth, that will be embedded in all hardware. I will leave you with the following quote from the Wired article that discusses the possibilities of Viv.ai:

"Viv...generat[es] its own code on the fly, no programmers required. Take a complicated command like “Give me a flight to Dallas with a seat that Shaq could fit in.” Viv will parse the sentence and then it will perform its best trick: automatically generating a quick, efficient program to link third-party sources of information together—say, Kayak, SeatGuru, and the NBA media guide—so it can identify available flights with lots of legroom. And it can do all of this in a fraction of a second."

Driverless Cars and the end of car insurance (can't we dream?)

Great piece on Brookings on Driverless Cars, or what they call Autonomous Vehicles. As it turns it, driverless cars are safer than human driven cars. The Brookings refers to the following DW article to note the safety record of the Google driverless car experiment:


"Google's 11 accidents happened during 1.7 million miles of driving, working out to 0.6 percent per 100,000 miles (160,000 kilometers). The national rate for reported "property-damage-only crashes" in the United States is about 0.3 per 100,000 miles driven, according to the National Highway Traffic Safety administration. But as Google noted, as many as 5 million minor accidents are not reported to authorities each year."

(On a side note: Google's analysis of the official accident rate is a valid one. The real rate of human accidents is quite significant in determining how safe autonomous cars actually. Data integrity strikes again!)

What Brookings points out is that for years the various governments across north America have been able to exploit human weakness and use that to prop up their revenues: speeding, accidents, and driving related fines. They also point that there will be tremendous savings in the US (approximately $10 billion a year to the overall infrastructure) as state and federal governments will be paying less for the damages caused by accidents.

With the rise of "smart machines" such as, driverless cars or IBM's Watson, the society will under go economic shifts that are going to cause massive impacts on the way we do things. Just think of all those who currently benefit from the "human inefficiency" of traffic errors and infractions:

• Insurance companies: Ideally, governments will eliminate mandatory insurance as it can no longer by justified in such a low-accident environment. We can dream can't we? Perhaps the manufacturer can take on the risks associated with the vehicle instead of the driver
• Police departments: Police spend time catching motorists speeding, etc. They will need to be re-assigned to other areas. Although these areas are likely potentially less revenue generating, they may be more helpful to society. 
• Courts: Courts get bogged down and take months to process cases. This backlog will be a thing of the past and then they can work on other cases. 
• Lawyers and paralegals: If there are no court cases, then there's no need for these guys either.
• You and me: People will no longer to take time off work and spend time defending themselves against these charges and extra tithes we have to pay to our insurance-feudal-corporate overlords.

The counter-argument is that there's less freedom to drive as you please. But should you be able to driver faster than the speed limit if it's illegal? It's an inconvenient truth, but either speed limits are not necessary or fast cars are unnecessary. But why are we driving so fast? It's usually we are needing getting places to do things.  If we can shift our schedules to handles those task as we are taken where we need to go in our "e-chauffeur driven car" doing what needs to get done while driving at safe speeds. I, for one, welcome our new autonomous-car future. 

Can BlackBerry get back in the game with using the Android OS?

Late last year I wrote in a post reminiscing about those good old BlackBerry Days: days when Canada's very own tech darling, Research-in-Motion (as it was called back then), was the hot technology that executives and business savvy individuals had in their pockets.

In the post, I discussed the possible factors that led to the decline, wondering how the RIM exec's did not just go out and try one of the Android or iPhone devices to see why these brands were overtaking theirs. 

Well, not sure if they read my post - in fact I highly doubt it :) - BlackBerry appears to be toying with the idea of using the Android OS instead of its BB10. As noted in the following edition of Android Authority, rumours are a swirling about the Android OS being loaded onto BlackBerry phones (starts around 1:10). 

If this ends up being true, then this could be (for real this time!) that could get BlackBerry into the game. However, this hinges on BB being able to leverage their corporate customers to get this device to integrate with the corporate IT (especially email and calendar). For example, my employer support iPhones and BB but not Android.

So I have been contemplating on whether I should get a iPhone on my next upgrade.

However, if BlackBerry were to switch to Android then I would definitely consider that as an option. For me the issue is when I am travelling on business, I need to use my phone. However, the native BB apps are simply not the greatest and I miss using the Google Maps and other services.

There's definitely a good strategic analysis of how BB can benefit from the Android App store or offer users cutting edge services. However, it probably just simply boils down to a strategy of if you can't beat them you might as well join them!

Can Inadequate Disaster Recovery Planning be worse than locusts?

Why are US farmers facing a disaster?

Is it due to locusts? No.

It's due to inadequate IT disaster recovery planning.

As reported in the Wall Street Journal, the US Immigration Department is unable to issue visas to temporary workers due to a system failure. Specifically:

"“The system that helps perform necessary security checks has suffered hardware failure,” said Niles Cole, a State Department spokesman. “Until it is repaired, no visas can be issued.” He said technicians are working around the clock to resolve the issue but couldn’t offer a timeline for when the system would be back in action.

Specifically, a central database isn't receiving biometric information from U.S. consulates world-wide, he said. Biometric data, including fingerprints, are used for security screening of applicants."

And the losses are mounting daily. Over 200 workers are sitting at the Mexican-US border waiting to be processed by system so they can get into the US and help harvest the crops. The article reported that farmers are losing between $500,000 to $1,000,000 per day because the fruits are spoiling.

Reading this article I had the following questions

Why isn't there a hot site? 
Given the importance of the technology, why don't they have the ability to swap to a new piece of hardware instantaneously?

Was the security information backed up and why is there no manual work around? 
If it's digital information, why isn't there a manual work around to transmit the information and circumvent the faulty hardware? The data could be manually uploaded to the central database.

Was a proper risk assessment done? When a disaster recovery plan (DRP) is created for a system, the organization must determine the Recovery Time Objective (RTO) that determines how quickly a system will be stored after failure. Google, for example, has an RTO of zero. To determine what the RTO is there needs to be an assessment of the impact of such a failure. In this case when setting the RTO did the risk management professional include the fact that this system was critical in supporting the visa program H2-A for temporary farm workers? It should be noted that the US farmers association had paid into this program and now they are suffering losses of over $500,000. This will also reduce the amount of tourist visas issued potentially resulting in lost tourist dollars to the US.

The lesson we can learn from this is to ensure that we understand what business processes a system supports and understand the impact to those business processes should the system go down.

Hey CPA: Should I get anti-virus for my home network?

Recently, I was having a conversation with my friend's 12 year old daughter. She's an avid e-book reader and her Kobo is a close companion. We were discussing the susceptibility of Kobo (in contrast to her computer) to viruses. I wasn't sure what OS was on the Kobo, but I did a quick check and realized that it was a Linux operating system. So I explained the economics of malware: most malware are designed for the Windows or MAC Operating System: criminals want to get the most bang for their buck. So the likelihood that hackers would target the Kobo tablets would be quite low.

Then it struck me: would a CPA be able to lead this sort of discussion?

The recent merger of the professional accounting bodies prompted the publication of a new competency map. The new competency map, however, greatly reduced the amount of technology competence required by a CPA.

Coincidentally, the WSJ published a review of the Bit Defender BOX around the same time I had this discussion. For what it is, see Amazon's Video Review.

As with the conversation with the 12 year-old, I wondered whether a CPA could keep pace with the issues brought up in the article, which include:

• If there's an OS, there's a risk of virus infection: The proliferation of "smart" devices is actually a proliferation of operating systems. As they point, no large scale infections to report yet. But the point is that there is a risk of infection and consumers need to figure out how to handle the virus.
• Network controls versus end-point controls: The solution for the virus can either be put on each device (e.g. mobile phone, tablet, smart thermostat, etc.) or at a network level. But which one is better? And that's the point: could a CPA discuss the advantages and disadvantages of each approach
• Evaluating intrusion detection systems (IDS): box is, in a sense, the IDS for the masses. As noted WSJ, the Box sent a number of "unhelpful alarms". In other words, the system generated "false positives" which means that users will initially check it alert diligently, but then ignore subsequent alerts assuming it's a false alarm. 
• Limitations of scanning devices: The article also notes how the device can't work on encrypted traffic.  More generally, it talks about the overall (lack of) reliability and 
• Best security practices: The article also notes several best practices to make home networking safer including, patching/updating router software + enabling auto-update, use of strong passwords, hardening systems (i.e. changing the default user ID & password on things like routers), use WPA2 standards (i.e. not WEP which can be easily cracked), and use of guest network instead of sharing passwords. 

But that's not all. WSJ also published this article detailing five key corporate security practices, including:

• Patching, i.e. installing software updates to plug security holes in the software,
• Limiting connectivity of devices on a "need to do basis",
• Encrypting data that is confidential or highly confidential (e.g. credit card data)
• Use of physical security devices instead of just passwords
• Independently assessing vendor compliance with security. 

The interesting thing about this article is that it omits the use of SOC audit reports (see Amazon's FAQ on the topic or the AICPA's site) with respect to verifying the level of security compliance with the latter point. 

But, again, does the current competency map train CPAs sufficiently to spot that? 

We should keep in mind a couple of things.

Firstly, the WSJ is a good litmus test of what the business press can expect a business professional to know about IT security, and technology related controls more generally. 

Although not explicitly mentioned in the first article, one of the key trends that has raised the level knowledge required for the average business professional is consumerization: individual have access to technology, such as tablets, smartphones, networks, etc. that were once the sole domain of corporate IT. Consequently, now the average business professional needs to increase their knowledge of IT and IT risks to avoid a virus or getting hacked. For example, I heard a couple of guys at the gym discussing the risks of downloading illegal movies: getting targeted by regulators and malware infection. 

Secondly, my friend's kid is 12 years old and understands the concept of viruses, OS and risk at very rudimentary level. 

Okay so we all know the kids are tech savvy. 

But we need a competency map that would be relevant to the future generation that will be entering the profession.  Furthermore, if the CPA profession wants to achieve its vision of being the  "globally respected business and accounting designation" it must not just meet the level of the business press but must go beyond. 

Should Algorithm Audits be mandated for HFT firms?

Was heading into work on train and came across WSJ's op-ed piece on the need for regulation around algorithms involved in trading. The article mentions how the regulators have not done much since the Flash Crash of 2010.

What is the Flash Crash of 2010?

As noted in the piece, "flash crash hit on the afternoon of May 6, 2010, as riots in Athens and a European debt crisis weighed on markets. In about eight minutes the Dow Jones Industrial Average fell 700 points before rebounding." 

The op-ed goes on to dismiss the "official" explanation (i.e. a large hedge placed by a US firm and financial shenanigans of UK based day trader) and states: "More important, they say, is the role of high-frequency firms, which use hard-to-monitor algorithms to trade large amounts of stock in fractions of seconds. If they trade erratically, the market can come unglued, as happened in the flash crash."

The article notes that the SEC has been exploring the mandating disclosure requirements and controls on firms that use algorithms. However, the article also quotes a number of regulators who say they don't have enough funds to keep pace with the firms. 

Before I go back down memory lane, it is also worth noting that there are other experts who hold that algorithms - from a privacy perspective - need to be regulated. Bruce Schneier, a well known information security expert who helped review the Snowden documents, in his latest book, Data and Goliath (see clip below for a summary), also calls for "auditing algorithms for fairness".  He also notes that such audits don't need to make the algorithms public, which is it the same way financial statements of public companies are audited today. This keeps a balance between confidentiality and public confidence in the company's use of our data.

So is it time for auditing algorithms through an "AlgoTrust" offering?

As I noted on my reflections on "Big Data: A Revolution That Will Transform How We Live, Work, and Think": 

"[H]ow would you go about auditing an algo? Although auditors lack the technical skills of algoritmists, it doesn't prevent them from auditing algorithms. The WebTrust for Certification Authorities (WebTrust for CAs) could be a model where assurance practitioners develop a standard in conjunction with algorithmists and enable audits to be performed against the standard. Why is WebTrust for CAs a model? WebTrust for CAs is a technical standard where an audit firm would "assess the adequacy and effectiveness of the controls employed by Certification Authorities (CAs)". That is, although the cryptographic key generation process is something that goes beyond the technical discipline of a regular CPA, it did not prevent the assurance firms from issuing an opinion."

I also noted:

"some of the ground work for such a service is already established. Fundamentally, an algorithm takes data inputs, processes it and then delivers a certain output or decision. Therefore, one aspect of such a service is to understand whether the algo has "processing integrity" (i.e. as the authors put it, to attest to the "accuracy or validity of big-data predictions"), which is something the profession established a while back through its SysTrust offering."

What I saw to be the challenge at the time I penned that blog post is market demand for this type of service. The answer appears to be that SEC could mandate such audits and leverage the CPA firms the same way they do for financial audits. However, instead of rendering opinion on the financials, such audit firms would render an AlgoTrust opinion on the algorithms to ensure that they are in-line with Generally Accepted Algorithmic Principles instead of Generally Accepted Accounting Principles (sorry I couldn't resist!).

Beyond WebTrust for Certification Authorities, companies are currently leveraging SysTrust which has been subsumed into the SOC 2 and SOC 3 audit reports. For example, Salesforce.com gets an audit opinion that provides reasonable assurance that its systems are secure, available and that it maintains confidentiality of the information they are provided with.

The AlgoTrust standard should address issues such as the ones raised in WSJ (i.e. as it relates to trading algos) as well ensuring the preservation of privacy. But it should not stop there. In the original post, Chris Steiner explains how algos are invading all parts of life, including things like robot pharmacists.

We have at least three experts from three different fields: finance, data, and information security that all see the value in auditing algorithms. If the CPAs don't take the lead on this, who will? As Bruce Schneier notes it won't be easy, but it is something that will eventually be tackled by either the CPA profession or someone else.