Tampa Bay and hurricane history

Since reliable records were kept, four major hurricanes have directly hit the Tampa Bay area. They are the Tampa Bay Hurricane of 1848, the 1921 Tampa Bay hurricane, the 1946 Florida Hurricane,  and the Storm of the Century of 1993.

All of these storms had one major attribute: They developed in the southwestern Caribbean or off of central America, rather than the Atlantic or eastern Caribbean. This fact is worth noting.

Commonly, major hurricanes in our part of the world come off the coast of Africa or the eastern Caribbean, and shoot off westward, affecting the US by hitting Florida or the southeastern states on the east, or going below Florida and shooting up to the Florida Panhandle or the various Gulf states (Louisiana, Alabama, Mississippi and Texas).

These storms rarely go up the Gulf, and then make an immediate jaunt eastward to Tampa. When in the Gulf, they just go straight up. Exceptions, such as Hurricane Charley (which came out of the central Caribbean), have not affected Tampa (but almost did, and it was a near thing indeed!).

The reason is that Tampa faces west, and the trade winds prevalent in our area move east-to-west.   In other words, the prevailing winds keep the storms pushed away from us.

Now, storms such as Elena, Irma and Frances have affected Tampa, but were not at the scale of a direct hit (although certainly not little storms – they all had an impact).

For me, the concern with Irma is that it would go further to the west, hitting us at an angle to hit Tampa Bay directly, causing a potentially massive storm surge. However, it was fairly clear by the 8th of September that it would be a major wind event – but not a big storm surge creator. Still, I took precautions.

The Storm of the Century in 1993 (often referred to as at the “No Name Storm”). See this animation for a powerful view of the storm’s path.
The track of the 1921 Tampa Bay hurricane, originating off of the coastline of the Honduras.
The Tampa Bay Hurricane of 1848 was an absolute monster storm; consensus is that the storm developed in the central Gulf region.
The 1946 Florida Hurricane developed off the coast of Guatemala.

What’s of great concern with a direct hit to Tampa Bay is that the region has a shallow continental shelf, with very warm water. That is a bad combination, creating a potential of a devastating storm surge. A big storm coming directly at us will be quite dangerous.

Remember, storm surges are where you see boats on top of trees 20 miles inland. Katrina. That kind of thing. Storm surge is the big problem in hurricanes.

So, I pay very close attention to tropical disturbances in the southwestern Caribbean, because these could hit Tampa directly. A direct hit creates the massive storm surge that is actually the major danger in hurricanes.

Now, that’s not to say that I am not wary of any major storms developing that could affect our area…

Disclaimer: I’ve lived in Florida, cumulatively, well over 20 years. I’m not an expert nor a meteorologist. But I have had to worry about the safety of my family in the face of big storms and I’m a bit of a nerd who has spent a lot of time studying the issue. This is only my viewpoint and observation. Feel free to disagree. Everyone fights about hurricanes, and the news doesn’t help by scaring the heck out of everybody, so the arguments tend to be between people who are scared witless – not the best combination. 

The wall is already pretty much done

BorderAtJacumba2

1414203158407

I’ve written about immigration policy before, and this is not that kind of post.

Instead, I am addressing a conventional fiction that “there is no wall” on the border of Mexico and the US. I’ve found that this is a surprisingly widespread belief.

We don’t even have to go to Mexico to get them pay it. Legislation is already in place for the wall, and for funding. With some modifications, we could have that wall.

You see, we have finished building about 60% of a wall. It’s actually a fence, but if you’ve seen it, it’s pretty big. And I think you’ll find the consensus is that this is much more realistic.

The border
The total length of the border is just under 2,000 miles. Roughly half of that distance is the Rio Grande (which gave rise to the derogatory term for Mexican immigrants, wetback, as many illegals used to swim the river to get to the US).

Securing the border
In 1994, a National Border Patrol Strategic Plan started the process of improving security on the border to stem the flow of illegal immigration. The post-9/11 war on terror gave this attempt a big boost, with the Bush administration pushing hard to build a fence and ultimately passing a series of laws.

In other words, we have had legislation in place for many years to build the wall. And it’s largely funded.

Quite a bit of the wall has been built
So far, the US has built roughly 600 miles of fence. Taking out the river, we’re more than halfway there.

(The remaining land is handled by the Border Patrol and various infrared and technical contraptions.)

The Rio Grande
Now, here’s where it gets complicated: We have this big river, the Rio Grande.

Putting a fence in a river causes all kinds of environmental problems, which even if you’re a conservative, are cause for some concern (I live in Florida, and have seen the damage that the Tamiani Trail did to the Everglades, and while a porous fence isn’t nearly as bad as a dam, there are some real issues at stake here.)AP_BORDER_FENCE_WILDLIFE

No worries! In 2006, the Real ID Act was passed, which, in part, gave the Secretary of Homeland Security (then Michael Chertoff) the ability to waive environmental regulations in this context. He really wanted a wall, so he did just that.

Yet, we still don’t have a fence completed.

A major problem is the fact that there are three Native American reservations that sit on the border in Arizona. This leaves a gap in the “wall” which is occupied by sovereign Indian nations.

Most notable is the Tohono O’odham reservation, which is huge — about the size of Connecticut — and includes the vast Sonora Desert. Citing its sovereignty, it once successfully barred the Border Patrol from entering the reservation. They’ve since changed their tune, since now, this opening in the border has driven drug smugglers into the area (as well as illegals, who are dying in the thousands trying to cross the Sonoran Desert).

This is a major issue: we have to figure out a way to build a wall through a sovereign Indian nation. It’s not insignificant. Imagine a wall going through your own neighborhood — the Native Americans are not crazy about this idea. And we can’t move the border south, nor north. It has to be a wall right through these Indian nations.

In other words, it’s a bit more complicated.

 

It really comes down to beer (endpoint security redux)

572px-Dutch_beersUpdate: SentinelOne responds in the comments. Additionally, they claim (and I have no reason to doubt this claim) that the report I referenced was an older version that had incorrect information on the part of Tevanos.

As a follow-on to my recent post about endpoint security (see “A bomb just dropped in endpoint security…“), I thought I’d share some additional thoughts, conclusions and opinions.

It really comes down to beer. But more on that later.

Reuters
First off, Joe Menn at Reuters wrote a story this morning. It’s a good story, fair and balanced.  Worth reading. There will likely be more stories as well.

Beating up vendors isn’t really my thing
In the recent blog post, there were a lot of slings and arrows thrown at a few endpoint security players. My blog got trolled quite a bit. I cleaned it up.

Cylance certainly came under heavy attack by some commenters, and I removed those comments.

I’m not interested in beating the crap out of some company; I’m really just interested in writing about stuff that I find is interesting.

On Cylance
There was a possible confusion that got propagated that Cylance was using VirusTotal directly in their product. I now have information that this may be incorrect.

Cylance was using VirusTotal, as they said in the Reuters article. It’s possible they were using the service to download samples to train their engine, not directly from inside their product. It’s also possible that they used VirusTotal to help detect malware.

I don’t know for sure, and that’s why I expect to be talking to them in the next several days.

Note that Cylance is not a bad group of people. There are many very good people working there, and they run a good business. I’ve challenged them to get more public tests, and I hope they do so. So far, there have been two tests that I know of — a condoned test by Av Test, and another test, where AV Comparatives/Effitas had to basically break the rules to try and get a copy of Cylance (one can’t just download Cylance and test it, as Cylance keeps its trials very closely monitored).

So testing more, and being more public, would be a good thing.

At any rate, peace, people.

Other endpoint players
I don’t know about other endpoint players. I know SentinelOne, for example, has been open about using VirusTotal.

Specifically, this report (PDF) on SentinelOne’s capabilities in healthcare, highlight this point:

SentinelOne ensures that it is always up to date, checking file hashes against reputable sources such as Virus Total. Using this method, SentinelOne’s platform does not suffer the traditional time lapse in needing to push out new definitions…

[Edit – As mentioned earlier in this blog, SentinelOne tells me this quote is from a PDF of an older document that incorrectly noted VirusTotal as a source and has since been corrected.]

Regarding Palo Alto Networks and CrowdStrike, I really don’t know the involvement of these players. But as the Reuters article mentions, they have been users of VirusTotal (and have not been participating with the community). That’s not to say they’re bad people or have bad products (CrowdStrike and Palo Alto both make excellent products). It’s just something that has been addressed.

Endpoint security
My knowledge of the endpoint security market comes from the fact that I’ve been there in the trenches.

I’ve presented at conferences like VirusBulletin and submitted papers, etc., but that’s the fun stuff. Actually being in the day-to-day sweating bullets to try to keep your customers protected is a very difficult task.

You see, we created a full-stack antivirus product at my last company (Sunbelt Software’s VIPRE) and I personally ran the antivirus lab for some time.

When we released the product, it was probably mediocre, and we avoided tests. It got better when we started opening up to tests, and in fact, it got quite good (and then I sold the company and, well, I don’t recommend the product anymore).

We were on VirusTotal, and it was painful to see us miss detections. But at least we saw ourselves for what we were, and made our product better as a result.

Is there a “next-generation?”
The truth is there are only so many ways to skin a cat. The former Eastern Bloc countries were famous for producing some of the world’s most brilliant mathematicians and now we have companies like Kaspersky and BitDefender with just those same type of people. Yet even they have a tough time of it (no matter what they say publicly). It’s not an easy business, trust me.

I don’t entirely buy a lot of the “next-gen” security arguments. I think that there is room for innovation, but I’ve seen companies like Malwarebytes (of which I’m a board member and incredibly biased toward) and (recently) Symantec do some very impressive work in detections, without resorting to anything of the next-generation type. It really comes down to a lot of hard work, block-and-tackling type of stuff.

So, it’s no surprise that people do whatever it takes to get the best result possible. If this means using VirusTotal to do a hash lookup (which IMHO is fairly silly, since polymorphism makes hash lookups far less useful than people might think), or good old fashioned PR to paint lipstick on a pig, well, so be it.

The key is openness. If you have something special, open it up to the world for them to look at, to test, to validate. Be a part of the community and give back to it. It will make your product much better.

Which comes to the beer
Information sharing in security happens around conferences and beer. (When I brought in a new lab manager for my research team years ago, I urged him to spend as much time as possible going to conferences and drinking beer with other experts. He didn’t object).

Perhaps that is a bit tongue-in-cheek, and it’s not that we’re a bunch of alcoholics (well, mostly not), it’s simply that a lot of information sharing happens at conferences, when experts talk to each other freely. The swords of competition are put down briefly, people open up, and you hear a lot of interesting things.

And what I hear around the tables is what is reflected in some of my blog posts. There is good data, but it can’t be substantiated and it won’t ever be confirmed. So, I’m sorry I can’t be specific, despite many of you emailing me for much more detail than I am prepared to give. Trust is everything in security.

But beer? Yes, we can all share that freely. So, here’s to beer (in my case, the ever excellent Buckler Non-Alcoholic).

You can see who VirusTotal credits here. 

A bomb just dropped in endpoint security… and I’m not sure anyone noticed

wp84552171_01_1a
Pay no attention to the man behind the curtain…

Update: Reuters now has the story

Update 2: I’ve updated this post with additional information, here. 

VirusTotal just dropped a major bomb, and only people deep in the endpoint security ecosystem understand the ramifications of this announcement.

If you’re involved in endpoint security to any degree – as a customer or an industry person – you need to understand what just happened. It’s really, really big.

A bit of background.
VirusTotal is a multi-engine virus scanner. You upload a file, and it passes the file to a large number of commercial antivirus products, and it tells you which engines detected the file as malicious.

While there are other tools available, and some have come and gone, VirusTotal is the big dog in the space. It’s owned by Google, has massive computing and resource power and everyone in the security industry uses it.

VirusTotal shares the results with subscribers. So, you can pay to get extensive and detailed information on what has been detected at any moment of the day, and who detected it. 

How antivirus companies use VirusTotal to make better detections.
It’s common practice of antivirus companies to use VirusTotal as a tool to make better signatures.

For example, if a researcher finds that two high quality antivirus engines detect a file as malicious, he/she has a high confidence that it’s actually malicious without further analysis. As an antivirus researcher, it saves an enormous amount of time.

Now, there’s absolutely nothing wrong with using VirusTotal results in research, and many antivirus companies use VirusTotal to supplement their own labs. They get samples from VirusTotal, and along with the samples, what engines detected them. If they find that a couple of high quality engines are detecting a file, they can easily add the detection to their own signatures without much further thought.

Now, there’s a next step. You could set up an an API integration with your product. If you scan a user’s machine and find an unknown file, you could upload it through an API to VirusTotal and get a disposition on the file –who detects it. From this data, you can flag a file as malicious.

In other words, you can use VirusTotal to create your own antivirus program. Easily. 

Until now. 

It’s fine to use other engines. If you’re also contributing.
Using other engines to improve your detection rate is completely fine. If you’re also contributing back to the community yourself. In other words, if your antivirus product is also one of the participating antivirus engines.

The dirty little secret
And here’s the dirty little secret that very few people know. There are a number of endpoint products that use VirusTotal to determine if a file is malicious. Without any contribution to the communityWithout giving anything in return. 

They simply pay VirusTotal a subscription fee, and receive the information.

And some of these companies have been getting a lot of attention for their supposed prowess. But for some mysterious reason, they refuse to put their own engines on VirusTotal. Could it be because they don’t want to contribute back? Maybe. Or it could be that they just don’t want everyone else to see how poorly their products actually perform.

Unfair? Yes.
Using VirusTotal information without any contribution back to the community is patently unfair. The people who are actually writing detections are sharing their results with the rest of the community, while a small group of endpoint products have been boasting of their extraordinary abilities, while working off the backs of other researchers. 

So as a customer, perhaps you can ask the next endpoint security vendor if they’re on VirusTotal. If they are, they’re contributing to the antivirus community. If they’re not, they’re not. Whatever their PR story, that’s the simple truth.

Until now.
Well, the world just got a bit brighter for the many endpoint security companies that actually contribute to VirusTotal: Because VirusTotal just announced that they are requiring that all scanning companies that use their service must integrate their engines into VirusTotal. Furthermore, “…new scanners joining the community will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO).”*

It’s big news. It levels the playing field. No longer will antivirus companies see their hard work taken by some sexy startup that’s raised millions of dollars on the false promise of “next generation” endpoint or other such nonsense, while bashing the very companies that they’re effectively stealing the intellectual property of. And perhaps, we’ll see what their products are really made of. Because without VirusTotal as a crutch, companies that rely on it are going to see their detection rates take a hit.

Poetic justice, indeed.

What does this mean for the IT manager?
If you’re an IT manager who has been duped by sparkly marketing materials to buy-in to one of these “next-generation” endpoint products, take a hard look at their actual detection capabilities. If they’ve been using VirusTotal results but not contributing back, their ability to detect malware just took a potentially serious hit. This is serious.

You don’t have to believe the marketing hype. Setup a virtual machine that’s separated from your corporate network, and go to a site like MDM to find all kinds of nasty stuff. In the words of Ronald Reagan, “trust, but verify”. One nasty piece of malicious software (especially ransomware) can have serious consequences.

In closing
My compliments to the VirusTotal team for seeing this disparity and unfairness and taking such swift action. A class act, indeed.

And now, perhaps, we can all finally see what is really behind the curtain.


* Disclaimer: I am a board member of Malwarebytes (a contributing member to the VirusTotal community), and an advisory board member to AMTSO.  The opinions in this blog post are my own and are not connected to these two organizations.

The myth of the wall

BorderAtJacumba2

1414203158407

I’ve written about immigration policy before, and this is not that kind of post.

Instead, I am addressing a conventional fiction that “there is no wall” on the border of Mexico and the US. I’ve found that this is a surprisingly widespread belief.

The border
The total length of the border is just under 2,000 miles. Roughly half of that distance is the Rio Grande (which gave rise to the derogatory term for Mexican immigrants, wetback, as many illegals used to swim the river to get to the US).

Securing the border
In 1994, a National Border Patrol Strategic Plan started the process of improving security on the border to stem the flow of illegal immigration. The post-9/11 war on terror gave this attempt a big boost, with the Bush administration pushing hard to build a fence and ultimately passing a series of laws.

In other words, we have had legislation in place for many years to build the wall. And it’s largely funded.

Quite a bit of the wall has been built
So far, the US has built roughly 600 miles of fence. Taking out the river, we’re more than halfway there.

(The remaining land is handled by the Border Patrol and various infrared and technical contraptions.)

The Rio Grande
Now, here’s where it gets complicated: AP_BORDER_FENCE_WILDLIFEWe have this big river, the Rio Grande.

Putting a fence in a river causes all kinds of environmental problems, which even if you’re a conservative, are cause for some concern (I live in Florida, and have seen the damage that the Tamiani Trail did to the Everglades, and while a porous fence isn’t nearly as bad as a dam, there are some real issues at stake here.)

No worries! In 2006, the Real ID Act was passed, which, in part, gave the Secretary of Homeland Security (then Michael Chertoff) the ability to waive environmental regulations in this context. He really wanted a wall, so he did just that.

Yet, we still don’t have a fence completed.

A major problem is the fact that there are three Native American reservations that sit on the border in Arizona. This leaves a gap in the “wall” which is occupied by sovereign Indian nations.

Most notable is the Tohono O’odham reservation, which is huge — about the size of Connecticut — and includes the vast Sonora Desert. Citing its sovereignty, it once successfully barred the Border Patrol from entering the reservation. They’ve since changed their tune, since now, this opening in the border has driven drug smugglers into the area (as well as illegals, who are dying in the thousands trying to cross the Sonoran Desert).

This is a major issue: we have to figure out a way to build a wall through a sovereign Indian nation. It’s not insignificant. Imagine a wall going through your own neighborhood — the Native Americans are not crazy about this idea. And we can’t move the border south, nor north. It has to be a wall right through these Indian nations.

In other words, it’s a bit more complicated than a simple stump speech.

My Dystopian Vision
FOT1213780I talked to a Trump supporter recently in San Francisco. I asked him how he thought Trump would fix the economy.

“He’s going to get rid of all those fucking illegal immigrants,” he said, enthusiastically*.

So here’s my dystopian vision:

Trump enters office. Since “The Wall” is already approved and funded (by us, not Mexico, who will tell us to fuck off), it finally gets built.

Yay for Trump.

But then there’s the nagging problem of all of those “fucking illegals”. Trump wants forced deportation.

The last time that happened, the program, Operation Wetback, was stopped after Mexicans started dying in a trial of tears (we’re so good at this trial of tears thing, aren’t we?).

But what if, as some speculate, the military or others won’t follow his orders?

I see those, like my San Francisco Trump supporter, who will become effectively “brown shirts” for Mr. Trump.

I’m not making this up. Look at the protests. Watch Cartel Land, with citizen paramilitary outfits taking shots at Mexicans. The stuff going on right now is crazy.

Perhaps they will be called “Trumpeters” or some such name.  I expect they will bang on the doors, wrench the illegals out of their homes, and probably engage in a bit of good old-fashioned pillaging.

Outlandish? Not really. We’ve had plenty of paramilitary groups in our nation’s history. 

It’s only one of the disasters I foresee with a Trump presidency.

————–

* A silly statement. Getting rid of 11 million illegals will do nothing positive for our economy. It might very well crater it. The real problems — the massive national debt, the Federal Reserve hell-bent on printing money into ridiculous asset bubbles, massive spending on the military instead of national infrastructure, well… those are some of the real problems. Further simplistic arguments by Trump about taking on waste and fraud in the government? A drop in the bucket. 

I’m not in favor of illegal immigration at all, but getting rid of the people who pick our lettuce, wash our dishes and clean our cars isn’t going to do a thing to help the economy. Illegals are easy scapegoats, they always have been, but they are not the correct reason WHY things aren’t going well in our country.

The fake review problem on Amazon

Fake-Companies-List-Announced-By-TCS-and-IBM-2015

Amazon got a lot of press recently for going after fake reviewers.

Sadly, this problem has not gone away.

For example, let’s take this product on Amazon, which ironically has quite a few good real reviews (no idea why they have to get fake ones):

Untitled

reviews

We have our first red flag — so many of the positive reviews are not verified purchases.

Simply clicking on the reviewer’s names shows that these are professionally paid reviews.  For example, both “Grant_Williams” and “Patrick K. Bracewell” amazingly have the same tastes — they both love breast pumps. In fact, they both love a lot of the same products.

reviews2

Without going on ad nauseam, this pattern continues for other reviewers. They magically like the same products.

Other types of reviews come from “Reviewer Clubs”. Companies like AMZ Tracker, ILoveToReview.com and others offer Amazon sellers the ability to get reviews from reviewers, in exchange for a free or discounted product. These are legitimate (and encouraged by some) and as long as the reviewer makes it clear that the review came in exchange for product, I don’t really have an issue with it.

Enter FakeSpot
Curious about a brand’s level of “fakiness?” Try FakeSpot. It will try spot the fake reviews.

Amazon, please change.
Reviews are a cornerstone of Amazon’s success, and allowing non-customers to post reviews has to end. Furthermore, Amazon can still do a lot more to make sure that fake reviews, even from “verified” customers, don’t happen. Their brand depends on it.

Social media scams using false identities

theman
The Man Himself

Fake profiles are rampant on social media these days. I’ve even had my own photograph stolen to falsely connect to other people.

The purpose is invariably to spam you or to scam you. So you have to be careful.

I’ve written about this before.

So I thought I’d share a particularly pathetic attempt to scam me today.

I got an invitation from “Bruce Diaz”, representing himself as a tech columnist for the New York Times.

diaz1
Who is “Bruce Diaz?”

Huh? Never heard of that name. A quick Google search shows no such man at the NY Times.

So I search for his image on Google (you should always do this on anything suspicious).

diaz2
The search begins.

Hmm… no luck there:

diaz3

So I go to TinEye, a reverse-image search engine and upload his picture.

diaz4
TinEye to the rescue.

Bingo! It’s not “Bruce Diaz”, it’s “Attractive Young Man” on Shutterstock.

diaz5

I reported it to LinkedIn. But you might still find him for the next few hours.

So don’t just accept a social media invitation with out checking!

The G2 on buying domains

Very useful if you’re ever considering buying a domain

The domain name market is a mercurial one; it’s relatively secretive, however not by choice. When most people approach me about a domain they’re trying to buy I usually hear the same thing, “it looks like a squatter has it, what should I do?”

So I thought it was time to take my experience in buying, selling, and brokering millions of dollars in domain names and share the same advice and step-by-step process that I share with my friends and startup founders around the world. Here it goes.

 What Every Startup Founder Should Know About Buying Domain Names

(h/t Larry Smith)

The Immigration Paradox

Citizenship

Economics is about incentive. You get what you reward.

And our system of immigration has perverse incentives which are causing economic damage to our country.

The Immigration Paradox

Why are American technology companies off-shoring to other countries?

The obvious answer is cost. And that is true, cost is a benefit, but I would argue it’s of far lesser importance these days. (The cost of having an off-shored development team is far higher than people imagine, due to inefficiencies in teamwork, cultural differences, time zones, etc.)

There is another, hidden, problem, which I call the Immigration Paradox.

1. When a country makes immigration difficult, educated talent that is needed can’t come into the country.

2. This, in turn, forces business in that country to go offshore in order to get that talent, hurting the country’s economy.

And it’s exactly what’s happening in the United States.

Why are Apple’s computers and phones made in China? The immediate, snap answer is cost. Well, actually, that isn’t the complete answer. A more correct answeer is that Apple was unable to get the amount of engineers it needed in the United States, which forced them to go overseas (Apple, for many years, had their manufacturing in the United States).

Running a manufacturing operation in the US is productive. Simple things like stable electrical power, infrastructure, ease of transportation  — all these things are taken for granted, but are really meaningful in manufacturing. But it means nothing if you don’t have the engineers available in high tech.

The argument that there are “perfectly qualified people in the US willing to take the jobs” is disingenuous. Believe me, I’ve been there. At my last company, we would spend months trying to hire software development talent, and couldn’t get enough of them. I found plenty of great talent outside of the country, but getting those people in was nearly impossible.

So I ended up setting up off-shore development centers.

I really wanted these people in the United States. But I couldn’t get them in. It can cost upwards of a $100k to bring a software developer into the country; the hassles are legendary. And your chances of being successful are low.

It’s always been fairly difficult to bring in educated immigrants. Post 9/11, it’s extremely difficult.

This is why Mark Zuckerberg and others are trying to bring more overseas talent into the country.

And so, American businesses go to Romania, or Ukraine, or India, or wherever, to get the access to the talent. And our economy suffers.

We don’t have to make them citizens. But we should make it much easier to get a work visa.

But what about those horrible illegals?  They are criminals! They are rapists and murderers!

Now that discussion is different. I am talking above about getting work visas for smart people to boost our own economy.

But…while I’m on the general subject, I’ll go there.

The argument starts with “legal immigrants are fine (I myself am a child of immigrants!), but it’s the illegals who are terrible. They rape and pillage and steal and murder and all kinds of other awful stuff!”

Let’s start by pointing out that undocumented immigration is not spiraling out of control, it’s actually down from 12 million in 2007 to about 8 million now (you’d never know it if you listened to the news, though).

Furthermore, immigrants are actually less likely to commit crimes than natives (I know that doesn’t sit well with a lot of people who listen to talk radio, but it’s the truth).

Then, let’s get some perspective: Given the choice between starvation and food, would you choose to (a) starve, or (b) eat? I would hope your answer would be (b). Undocumented workers come into the country because they need the work to survive.

And calling them “criminals” is a bit misleading. You see, they can’t really get in legally themselves.

Sure, there are “guest worker” programs, but these are a) a bureaucratic nightmare and b) rife with exploitation. That’s why many Latinos come over the border illegally.

Farmers need cheap labor. If you want to go out and pick lettuce in 110º heat for 12 hours a day, be my guest. I think you’ll find almost zero interest in Americans in doing this kind of labor. Restaurants need cheap labor. If you want to wash dishes all day, be my guest. But again, you won’t find many Americans willing to slave away washing dishes at minimum wage.

The immigrants do the jobs we’re not willing to do.

The political answer is simple: Make it a straightforward process to bring workers into the country, under effective guest worker programs. Document them. Tax them. Track them. But erecting massive walls to keep them out is really not a solution.

The cost of illegal immigration

There is also a disingenuous argument that undocumented immigration is destroying the country’s economy and causing high taxes. This is not backed by data. The CBO itself has determined that 70-80% of undocumented workers pay Federal, State and Local taxes, and $7 billion per year to Social Security. In Texas alone, over $18 billion per year is added to the state budget by undocumented immigrants. Again, the facts are lost.

Let’s take the position that there is, in fact, a cost. Fine. But then, that’s even a stronger argument for documenting them, isn’t it? Let’s document them, and tax them.

Incidentally, the Great Wall of China didn’t work (and it wasn’t an immigration wall, it was to guard against invasions from the Mongol steppe tribes, as Mr. Trump recently learned for the first time). Walls don’t work.

In closing

Undocumented immigrants are easy targets. They are poor, can’t represent themselves, and they’re, well, different. But scapegoating another race or class of individual has never worked well historically. The truth is that a country needs a steady stream of fresh immigrants to survive. We need the educated immigrants to continue to fuel our technology boom; we need the uneducated immigrants to pick our lettuce; we need immigrants to breathe life into an economy; and finally, we need immigrants to create a healthy population pyramid (unlike xenophobic Japan, for example, whose anti-immigration policies are destroying their economy).

For my part, I just want to see a reasonable, sensible discussion based on common sense and facts. Not wild, unjustified opinions.

That would be a good start.

Meros: My new venture

meros logo smallModern software development is going through a massive change. Cloud computing, big data, new methods of developing products — the convergence of these factors (and others) has put the world of development into one of the most significant evolutions in how software gets designed, developed and managed.

A central part of this change is the DevOps revolution — new methodologies and tools to deal with the massively complex computing environments we live in today. At the same time, we are seeing the emergence of a game-changing technology, Docker, which is sweeping the development community with breathtaking speed.

Just google these terms yourself and you’ll see what I mean.

Disruption is occurring, and yet the tools are barely keeping up. Companies like Puppet Labs, Chef and SaltStack were unheard of a few years ago. They are now mainstream, successful companies.

Back in 1993, I was at the birth of the modern internet and this feels just like that — the tools are often rough, difficult, and buggy. And those companies (including mine) that got in and made it all work did very well indeed.

So, I have assembled some of the finest developers I know to help me create a new company, Meros, focused on tools for DevOps. Our first product will be specifically for Docker and will release later this year.

We are currently in stealth mode, with the company being funded by my founding team and me. (We are starting initial discussions with a small group of select early stage investors and if you’d like to know more, email me directly.)

I have had fun working with and consulting dozens of companies over the past several years, doing several turnarounds and, generally, having a blast. But it’s time for me to go back to doing what I do best — running software companies.

 

Why board meetings suck

I’ve been meaning to write something along this line for quite some time, but never seem to have the time to do it. As someone who currently sits on four boards, plus more advisory boards than I can count, there’s lots to fix in how board meetings are run.

Fortunately, my friend Mike Rogers did the work for me (thank you, Mike!).

You can read his excellent article here.

One man’s battle against a bad vendor: an atom bomb

 

Jason Heller hired a company to clear out some poison ivy, and got horrible service. He was pissed.

Unfortunately for the vendor, Best Poison Ivy Removal, Jason is a weapon’s grade expert on web SEO. And he is out to make sure that other consumers don’t get ripped-off. Another SEO expert, Kevin Lee, has piled on (bro code in action). This is just the beginning.

And now, let the games begin.