thinkcondi.com

Definitely worth a read.

And why does this matter to the average citizen?

As their own funding dries up, the remaining financial firms will be much more cautious in extending credit to normal firms and individuals. So even for people whose own circumstances have not much changed, the cost of the credit is going to rise. For an individual or business that falls behind on payments or needs an increase in short-term credit because of the slowing economy, credit will be much harder to obtain than in recent years.

Despite reading the WSJ and N.Y. Times every day I still don’t completely understand what happened in the financial sector meltdown. Neither does Freakonomics author Steven D. Levitt. Fortunately he has smart friends Doug Diamond and Anil Kashyap from the Chicago School of Business who explain much of the mess in this Times article.

Much of the trouble lies in too much risk and not enough long-term investment capital according to the authors.

The company’s software could be described as a carbon accounting package. It allows corporations to do an inventory of their greenhouse gas emissions and provides them with an application to manage a program to cut down on those emissions.

For NGEN, the investment in a software company represents something of a departure. The clean tech venture fund is focused primarily on energy generation and energy efficiency.

Meehan said the equity investment will be used to expand the company’s sales staff and operations.

(Credit:
Carbonetworks)

Software company Carbonetworks on Monday is expected to announce it has secured $5 million in series A financing, led by clean-tech venture firm NGEN Partners.

That’s because companies are voluntarily tracking their pollution or they anticipate regulations will be put in place in the next few years.

A company could, for example, achieve reduction goals by making data centers operations more efficient or purchasing carbon offsets.

Carbonetworks’ applications provide companies with a way to account for their carbon emissions as they would other assets and liabilities.

“The U.S. market dwarfs anything in the world. So even if it takes a long time, it’s worth waiting for,” Meehan said.

CarbonFlow’s software is aimed at project developers looking for a way to record and manage carbon emission reduction projects by following regulated market guidelines, according to the company’s Web site.

But Carbonetworks CEO Michael Meehan said that demand for his company’s software is already high, noting that billions of dollars worth of carbon is being traded every year.

Separately, another carbon-trading start-up, CarbonFlow, is expected to announce initial funding on Monday.

Even without a federal mandate to reduce greenhouse gases in the U.S., existing state climate laws represent half of the country’s gross domestic product, he added. “We still believe things will happen much sooner than five years.”

There are already regulations in Europe to restrict emissions of carbon dioxide, a greenhouse gas. But for the most part, most corporations around the world aren’t mandated to reduce emissions.

The Windspire costs $4,995, which includes the inverter, pole, and other equipment.

Mariah Power said the Windspire is aimed at residential customers in urban, suburban, and rural areas. It has already been installed in a handful of U.S. locations.

The Windspire produces about 1.2 kilowatts, or 2,000 kilowatt-hours, per year, according to Mariah’s brochure. It works best in 12 mph average winds or higher, and it generally requires half an acre of land, the company said. It’s 30 feet high and has a 2-foot radius.

Mariah Power says its Windspire vertical-axis wind turbine is now commercially available, after having passed performance tests.

Typically, small-wind turbines such as Southwest Windpower’s 1.9-kilowatt Skystream, are best suited for homes with a substantial amount of land.

“(Its) efficiency is on par with most propeller-based wind turbines, but it is priced much lower. It is also much quieter because the rotor glides through the air at only a third the speed of propeller blades, and it can capture wind instantly from any direction,” Mariah Power CEO Mike Hess said in a statement.

The Windspire vertical-axis wind turbine

(Credit:
Mariah Power)

But the reality of how we make security decisions begs an important question–should security professionals focus on real solutions to security problems, or just on making people feel better about security? Unfortunately, there’s no easy answer to this question. It depends on who’s paying the professional’s salary, what they expect, and how rational they area. At one extreme, any professional should certainly want to improve security in real terms, but delivering the perception of improved security may be a practical job requirement.

There was one funny moment in the presentation that I have to relate. Schneier was describing the 1982 Tylenol crisis and the resulting broad use of tamper-evident packaging. At the very moment he made that connection, he took a bottle of water provided by the show organizers on the podium and cracked open the cap. It was apparent to me that he hadn’t even noticed this connection, and when I pointed that out, he agreed–tamper-evident bottle caps are now so much a part of our everyday lives that we don’t even notice them any more.

Click here for more stories on RSA 2008.

These caps don’t make us much more secure in any real sense, but they allow us to feel comfortable about drinking from bottles we’ve never seen before. The cynical old Bruce Schneier would probably say that’s a bad thing, even though the effect works on him just like anyone else. The new Bruce Schneier, I think, has a better appreciation of the role of psychology in making security decisions, and his future work will probably be better for it.

That’s a great definition. Security Theater is a real thing. But Schneier has frequently said that it’s universally a bad thing…as if human psychology is irrelevant. Yes, it’s obvious now that airport security checkpoints prior to September 11, 2001 were more of an inconvenience to travelers than they were to hijackers. Hijackings were rare but possible before the checkpoints, and rare but still possible after the checkpoints were set up. But without those checkpoints, a lot of people simply wouldn’t have flown on commercial airlines.

Like many smart people, Schneier is also highly opinionated. Although I have yet to hear a technical opinion from Schneier that I disagree with, some of his nontechnical opinions are–in my opinion–open to debate.

Most notably, it explains the proper purpose of Security Theater. When people feel less safe than they ought to given the facts of a situation, they can make bad decisions–for example, avoiding commercial aviation even when it’s objectively safer than the alternatives. Security Theater brings feelings and facts back into agreement and restores rational behavior.

Schneier expanded on his essay by adding a third independent variable. Along with facts and feelings, we also build conceptual models for security analysis. However rational our models may be, our feelings may still be different. Although someone in the audience asked if we shouldn’t just think in terms of facts and models, I think we have to accept that feelings and models are functionally distinct, and therefore we have to keep them separate. For example, we can express and analyze models far more easily than we can communicate our feelings.

Security expert Bruce Schneier is rightly regarded as one of the industry’s most intelligent and insightful participants. He has made substantial personal contributions to the science of cryptology, and has written some of the best books on the subject.

Security Theater isn’t entirely good. It’s still a kind of fraud, and the mere fact that it works doesn’t mean it’s an optimal solution; it just shows where this approach comes from and why it works. There are still plenty of problems with it. For example, one audience member pointed out in the Q&A session following Schneier’s talk that using Security Theater to make people feel better about some threat can backfire if the reality of the situation deteriorates. People will retain the good feelings engendered by the charade and thus underestimate the real threat.

I think this was very good work, and represents a significant maturation of Schneier’s thinking on the nontechnical issues he’s been covering all these years.

At the RSA Conference this week, Schneier gave a talk on “Reconceptualizing Security” based largely on an essay on his Web site titled “The Psychology of Security.”

For example, Schneier coined the term “Security Theater” to describe measures that serve to make people feel safer without significantly improving security in any real sense.

The best conference swag I know of comes from the Office 2.0 conference (2008 preview story), where paid attendees get some cool piece of hardware that becomes part of an experiment in collaboration. At the 2006 show, it was an
iPod Nano. In 2007, an
iPhone. This year, attendees got an HP mini-notebook. As for the Office 2.0 bag of branded marketing props: there isn’t one. That show has the greenest non-giveaway of all, and I don’t think anyone minds.

In the past, I’ve received some pretty sweet bags of stuff from conferences like Demo (although this year, as Center Networks reports, it was mostly air). Of the conferences I attend, though, the only one where the swag is still memorable is the Walt and Kara show, D. See my reports from D5 and from D6.

At TechCrunch50, the swag was mostly branded and useless junk straight from the catalogs of useless junk that marketing interns receive on their first days at work.

Still, there’s nothing wrong with a good tchotchke, and this stuff is kind of fun to give out to kids, and useful if you need clothes for changing the oil or painting a room.

No matter how loaded the VC, over-funded the entrepreneur, or jaded the journalist, you won’t see many leaving a tech conference without the $15 of tchotchkes in the swag bag that comes with the show’s $3,000 admission.

“During development we have tested Irregexp against one million of the most popular Web pages to ensure that the new implementation stays compatible with our previous implementation and the Web,” the programmers said.

Speed is particularly important because JavaScript is used for interactive aspects of Web pages, where fast response or annoying lags are noticeable by people controlling the application. But it’s also widely used for many more mundane aspects of Web pages, so JavaScript speedup helps improve Web browsing performance broadly.

JavaScript is increasingly widely used to build sophisticated Web applications, including Google Docs and Gmail, for example.

More changes are coming to V8, though, and Google will detail some at its May developer conference, Google I/O. One session there will focus on the software, including “initiatives that will propel V8 to the next performance level,” according to the session notes.

Separately, Google also released the new version 1.0.154.46 of Chrome for both its stable and beta version users on Wednesday. That version fixed a security problem and an issue with Chrome’s incognito mode.

Separately, the programmers said they created a new third version of their JavaScript benchmark. This version specifically exercises regular expressions taken from 50 of the Web’s most popular pages.

The change came with a key component for processing JavaScript text called regular expressions. “As we’ve improved other parts of the language, regexps started to stand out as being slower than the rest. We felt it should be possible to improve performance by integrating with our existing infrastructure rather than using an external library,” according to a Chromium blog post by programmers Erik Corry, Christian Plesner Hansen, and Lasse Reichstein Holst Nielsen.

Chrome’s JavaScript engine is called V8. Mozilla’s Firefox has TraceMonkey, and WebKithas Squirrelfix Extreme. Opera hopes to outdo all those with its own new JavaScript engine, called Carakan.

Previously, Chrome used a supporting software package, or library, called JPCRE, a variation by the Webkit browser project of the PCRE package. That eased compatibility issues by making Chrome behave more like Apple’s
Safari, which is based on Webkit, but Google thinks it’s got the compatibility issue in hand.

Chrome programmers have switched out a third-party software package in favor of their own as part of Google’s attempt to speed its open-source browser up more.

Thus was born Google’s own project, Irregexp, the headline feature in the new developer preview version of Chrome, 2.0.160.0 (release notes). Check the blog post if you’re curious about the technical details of Google’s choices about native code generation, backtracking avoidance, and intermediate automaton representation.