Category Archives: Adobe Systems

Attack on Nortel Not an Anomaly

In my last post,, I promised to offer a subsequent entry on why public companies are reluctant to publicize breaches of their corporate networks.

I also suggested that such attacks probably are far more common than we realize. What happened to Nortel likely is occurring to a number of other companies right now.

It’s easy to understand why public companies don’t like to disclose that they’ve been the victim of hacking exploits, especially if those attacks result in the theft of intellectual property and trade secrets.

Strong Sell Signals

As public companies, their shares are traded on stock markets. Not without reason, shareholders and prospective investors might be inclined to interpret significant breaches of corporate networks as strong sell signals.

After all, loss of intellectual property — source code, proprietary product designs, trade secrets, and strategic plans — damages brand equity. Upon learning that the company in which they hold shares had its intellectual property pilfered, investors might be inclined to deduce that the stolen assets will later manifest themselves as lost revenue, reduced margins, decreased market share, and diminished competitive advantage.

Hacking exploits that result in perceived or real loss of substantial intellectual property represent an investor-relations nightmare.  A public company that discloses a major cyber breach that resulted in the loss of valuable business assets is far more likely to be met with market dismay than with widespread sympathy.

Downplay Losses

So, if public companies are breached, they keep it to themselves. If, however, a company is compelled by circumstances beyond its control to make a public disclosure about being attacked, it will downplay the severity and the risks associated with the matter.

In early 2010, you will recall, Google announced that it was subjected to a persistent cyber attack  that originated in China. It was part of larger attack, called Operation Aurora, aimed at dozens of other companies.

Some companies acknowledged publicly that they were attacked. Those companies included Adobe Systems, Juniper Networks, and Rackspace. Other companies subjected to the attacks — but which were not as forthcoming about what transpired — reportedly included Yahoo, Symantec, Northrop Grumman, Morgan Stanley, and Dow Chemical.

After the Crown Jewels

At the time of the attacks, Google spun a media narrative that suggested the attacks were designed to spy on human-rights activists by cracking their email accounts. While that might have been a secondary objective of the attacks, the broader pattern of Operation Aurora suggests that the electronic interlopers from China were more interested in obtaining intellectual property and trade secrets than in reading the personal correspondence of human-rights activists.

Indeed, McAfee, which investigated the attacks, reported that the objective of the perpetrators was to gain access to and to potentially modify source-code repositories at the targeted companies. The attackers were after those companies’ “crown jewels.”

The companies that admitted being victims of Operation Aurora all downplayed the extent of the attacks and any possible losses they might have suffered. Perhaps they were telling the truth. We just don’t know.

Transfer of Wealth

Last summer, Dmitri Alperovitch, McAfee’s vice president of threat research, provided the following quote to Reuters:

“Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors. This is the biggest transfer of wealth in terms of intellectual property in history. The scale at which this is occurring is really, really frightening.”

What Alperovitch said might seem melodramatic, but it isn’t. He’s not the only knowledgeable observer who has seen firsthand the electronic pillage and plunder of corporate intellectual property on a vast scale. For the reasons cited earlier in this post, few companies want to put up their hands and acknowledge that they’ve been victimized.

Nortel, in apparently being subjected to a decade-long cyber attack, might have been a special case, but we should not assume that what happened to Nortel is anomalous. For all we know, the largest companies in the technology industry are being violated and plundered as you read this post.

Advertisements

SIP Pioneer Reportedly No Longer at Adobe

I have heard reports that Henry Sinnreich, the “godfather of SIP,” has left Adobe Systems.

Some suggest that Sinnreich was included in the latest wave of layoffs at Adobe, but I haven’t been able to confirm those reports. While it appears Sinnreich is no longer at Adobe, I don’t know the circumstances surrounding his departure.

I’ve had the pleasure of working on SIP-related initiatives and partnership with Henry. I wish him all the best in his future endeavors, wherever they take him.

Reconsidering China’s Market Allure

We should know by now that Google’s conflict with China isn’t about censorship. Instead, it’s about intellectual property. Google wants to defend and protect its intellectual property, whereas hackers based in China seem intent on plundering it.

Questions remain as to whether and how the hackers are affiliated with China’s government. We might never get complete answers, though circumstantial evidence suggests official approval for, if not direct complicity in, the illicit exploits.

It’s worth noting that Google wasn’t the only company victimized. More than 30 other companies were similarly breached, including notable technology vendors such as Adobe, Juniper, Symantec, Yahoo, and Intel.

Intel claims it wasn’t severely affected by what transpired. A spokesman for the company said: “To the best of my knowledge, no intellectual property was lost,” Intel has downplayed the incident, even though the company admits it was subject to a sophisticated attack.

Other technology companies have acknowledged being attacked, but have been reticent to say whether they suffered losses of intellectual property. Google, for its part, has conceded that its intellectual property was stolen by the hackers, but it hasn’t specified what was taken.

We do know that theft of intellectual property, depending on what was purloined, could have serious consequences for victimized companies. All of the aforementioned companies face competition from Chinese vendors who already have home-field advantage in their native market. What’s more, Chinese vendors often develop and produce commodity products at lower prices than their foreign rivals. The lower prices can confer competitive advantage in export markets.

If Chinese vendors were to gain illicit access to trade secrets and intellectual property of their Western rivals, technological differentiation would be more difficult for Western vendors to maintain. The edge these companies have over their Chinese counterparts is predicated on intellectual property derived from capital-intensive research and development. If that edge is mitigated severely or, even worse, eliminated by theft of intellectual property, the potential repercussions are manifold and profound.

Uncomfortable questions arise, but we ignore them at our peril. Arguably the biggest question is whether Western technology companies could lose more than they stand to gain from direct involvement in the Chinese market. The Chinese market, with its vast promise, is as alluring as a Siren song, but one has to wonder whether Google, Juniper, and others will meet the same fate as the shipwrecked sailors in Greek mythology. Ironically, the draw of Chinese lucre could result in the pauperization of companies that pursue it.

Some might charge me with exaggeration on that point, but I would ask that you turn your attention not only to the recent rash of hack attacks but also to Chinese policies regarding domestic government procurement and industrial practices.

A recent Computerworld story spotlighted the policy straitjacket China is tailoring for foreign technology purveyors:

U.S. business associations this week wrote a letter to the Obama administration requesting its help on China’s recent intellectual property rules, which the letter said give significant preference for Chinese government procurement to products whose intellectual property is developed and owned in China. The rules run counter to Chinese pledges to avoid protectionism and mark “an unprecedented use of domestic intellectual property as a market-access condition,” said the letter, which was posted on the Web site of the Business Software Alliance.

The new requirements would make it virtually impossible for foreign companies to win Chinese government contracts, said Xiang Wang, a Beijing-based intellectual-property partner at law firm Orrick, Herrington & Sutcliffe. To comply with them, multinational companies would have to change their global model for managing intellectual property rights, transferring ownership of the rights to their Chinese subsidiaries rather than just licensing rights to them, he said.

Tough regulatory issues are likely to increase for foreign companies in China as the country keeps rising economically, Wang said.

A recent item in the Financial Times addresses many of the same issues.

Taken together, these measures amount to a disastrous scenario for a range of foreign companies, including software makers, semiconductor companies and producers of telecommunications gear, computers and smartcards.

“The stuff the Chinese government is asking for is stuff we don’t give to governments,” says a US executive. “If we were to comply and it became known that we disclosed our source codes to Chinese labs, it would damage our standing in other markets.”

One way or another, it seems, China will get the source code and intellectual property it craves. Once China has what it wants, impoverished Western companies will fail to reap commercial benefits from China and the country won’t require that they have a presence there.

The U.S. and other nations seem to have no answer for China’s “indigenous innovation” policies. As a Reuters story points out, Washington has difficulty mounting a legal challenge to China’s indigenous innovation policy because Beijing has not joined the World Trade Organization’s government procurement pact.

As Mike Elgan wrote in Datamation, it makes one wonder whether China is the market paradise Western technology companies believe it to be.

Glassdoor Compiles List of Best and Worst Technology Employers

Glassdoor.com, the online career and workplace community, has polled employees across America and compiled its second annual list of the best and worst companies for which to work.

Om Malik has listed the highest-rated and lowest-rated technology companies. Juniper Networks ranks at the top among technology employers, though technically it finishes in a dead heat with National Instruments, Google, and NetApp. Apple, Qualcomm, Novell, Adobe, EMC, and Rackspace round out the top ten.

Although Adobe finishes in the top ten, it slides down the charts from last year.

At 91 percent, Apple’s Steve Jobs captures the top employee-approval rating of tech CEOs. Eric Schmidt of Goole ranks second among technology CEOs in employee approval, with James Truchard of National Instruments taking the bronze medal.

The lowest-rated technology company for which to work? That dubious honor goes to Xilinx. Affiliated Computer Services noses out Hewlett-Packard for second.

HP CEO Mark Hurd might have some friends on Wall Street, but he’s not winning friends and influencing people within his own company, where he earns a CEO approval rating of 22 percent. It might be time for him to hire an executive “food taster” for those boardroom lunches.

Rounding out technology’s bottom ten are Avaya, Real, NVIDIA, Infosys, Nortel Networks, Perot Systems, and Dell. Considering that Dell just acquired Perot Systems, it probably won’t have undue difficulty meeting the workplace expectations of post-integration Perot personnel.

All things considered, it’s surprising that Nortel didn’t fare worse than it did. After all, the company went from bad to worse — and then to utter dissolution — this year.

Former Nortel CEO Mike Zafirovski received an approval rating of just 2 percent, far worse than any other corporate kingpin running the lowest-rated companies. Even then, one wonders whether he had relatives working at the company to provide even that modest degree of approbation.

Adobe Cuts More Employees

Adobe continues to shed staff with alarming regularity.

In a regulatory filing submitted to the Securities and Exchange Commission (SEC) last night, Adobe disclosed that it would cut 680 full-time employees, about nine percent of its global workforce.

Said Adobe in a statement:

“Adobe is restructuring its business to align costs with its fiscal 2010 operating plan and budget, the company’s three-year strategic priorities, and the realities of the business environment, as well as to ensure its ability to continue investing in long-term growth opportunities.”

This latest payroll purge follows a nine-percent workforce reduction within the Omniture unit, which had about 1,200 employees when it was acquired by Adobe in September. Before that, in December of 2008, Adobe announced that it would part with approximately 600 employees after the disappointing sales performance of its Creative Suite 4.

Since then, Adobe’s fortunes have waned more than they’ve waxed. The company has experienced decreasing revenue and earnings in recent quarters, with its top line taking a particular beating. In the absence of growth, Adobe has taken to vigorous cost reductions, which have included a yearlong drumbeat of job cuts.

The company’s words and actions suggest that it doesn’t anticipate a near-term rebound.

Adobe CEO Narayen Joins Dell Board, Sparking Concerns in Apple Community

Apple and its customers might have reason to be at least mildly concerned about Shantanu Narayen, president and CEO of Adobe, joining the board of directors at Dell.

Said eponymous CEO Michael Dell in a press release announcing the appointment:

“As CEO of one of the world’s largest and most diversified software companies, Shantanu will provide us with valuable insight as we develop and deliver IT solutions to customers. In addition, he brings strong operational expertise and experience, leading a company known for its innovative culture and growth.”

Adobe’s software, including its ubiquitous Flash, is developed to run across multiple operating systems, including Microsoft Windows, Apple’s OS X, and Linux. Although not strictly a conflict of interest, Narayen’s joining the Dell board raises understandable questions in the Apple camp about Adobe’s commitment to the Mac platform.

It seems an odd move for Narayen to make. I can understand why Michael Dell would welcome him to his company’s board of directors, but I’m not sure what Narayen gets from the arrangement beyond his board stipend. I’d like to hear him explain his reasoning.

Narayen is taking a board seat vacated by Sallie L. Krawcheck, formerly a Citigroup Inc. CFO, who apparently has less free time since becoming president of Bank of America’s global wealth and investment management division.

At Dell’s annual stockholders meeting in July, Krawcheck remained seated in the front row of the audience, refusing to face shareholders, while explaining why board members didn’t accept reduced compensation during the downturn. Krawcheck reportedly received $517,679 in compensation from Dell during the 2009 fiscal year, the second-highest amount accorded to a board director.

Maybe Narayen is joining for the board compensation, after all.

Volpi’s Joost Tenure Key to Understanding Skype Saga

Perhaps the key to understanding the increasingly bitter battle for Skype can be found in what transpired during Michael Volpi’s tenure as the CEO of Joost, the video-sharing startup founded by Niklas Zennstrom and Janus Friis.

In the current context, what’s important about Volpi’s reign at Joost is that it coincided with an architectural change in how the company delivered video over the Internet.

I was reminded of Joost’s architectural overhaul by Julian Cain, an engineer who worked on Kazaa and is familiar with Joltid, bluemoon, and Skype. Cain, as you’ll recall, was a source for an earlier post I wrote on the deepening antagonisms between Skype’s founders and its current and would-be owners.

Zennstom and Friis originally set up Joost with the p2p architecture that formed the technological basis for companies the pair had founded previously, including Kazaa and Skype. In 2007, Michael Volpi became Joost’s CEO. Under his leadership, and evidently as part of a project he led, Joost slowly began an architectural transition away from its p2p roots. As Cain explained in a email message last night:

In case you don’t know how the Joost migration worked, well, it simply began to use p2p less and the long-tail providers more. Killing the Joost client for an ActiveX/NPAPI plugin with a p2p runner application for p2p services, and then removing the Joost plugin from download, is what abolished the p2p network for good. If the website could not load the Joost plugin, then it used Adobe Flash. It was seamless;, however, they didn’t have to deal with paid services and such a large user-base and other factors. Of course, look what Joost is now.

That architectural change looms as a central issue in the lawsuit Joltid, the company owned by Zennstrom and Friis, filed against Volpi and his colleagues at Index Ventures last week. That, of course, was the latest in a series of legal dustups between Zennstrom and Friis on one side and Skype and eBay on the other.

At the time of the architectural shift at Joost, Volpi claimed plausible reasons for the change. The justifications were commercial and technical. Other video-sharing sites, namely YouTube and Hulu, had proven far more popular. Meanwhile, some Joost users had complained that videos were slow to load.

Nevertheless, Cain contends those weren’t necessarily the only reasons Volpi pushed for the architectural overhaul.

Volpi’s move from p2p to Adobe Flash while at Joost wasn’t in any way to do with the lack of gain at that time. If they wanted to (do so), they would have been pushing HD content (both live and prerecorded) over p2p with long-tail back-off by now without any real competition . . . . . Volpi broke that into myths and theories based on what he wanted to do, not technical facts, trends, statistics or analytical data.

Still, Volpi had successfully transitioned Joost from the Joltid p2p foundation on which it was based. He’d moved it onto a server-based architecture that used Flash-based clients at the end points. He’s done it once. There’s no reason to think he couldn’t do it again, this time at Skype.

If the conflict plays out the way Cain believes it will, Zennstrom and Friis will not back down and neither will Volpi and his confederates.

In my last post on this topic, I suggested a settlement might be possible. Cain believes that isn’t in the cards. Both sides are playing to win, and neither is in the mood for accommodation. One way or the other, it will be settled in court.

I also said in my last post that eBay and Skype’s new majority owners would have to rebuild Skype from the ground up to obviate the lawsuit Joltid has filed regarding the disputed “Global Index (GI)” software, the patent for which became active early this year. While it remains true that Skype would have to be reconstituted from scratch, the reconstruction effort could be completed earlier than I anticipated.

A means of getting there faster is represented by technologies offered by Adobe. Henry Sinnreich and a team of SIP experts have worked for Adobe for a long time now, and Cain reminded me that Adobe Flash supports SIP p2p with NAT traversal. He explained as follows:

Don’t forget Adobe Flash has SIP and p2p with NAT traversal as well. This would be very easy to offload the client without much interruption; however you can kiss the desktop client and p2p network goodbye.

Om Malik wrote a post in 2008 that foresaw the implications of Adobe’s work in this area. Commenting on the advent of Flash p2p, Malik wrote:

The reason we should pay attention to this product is Adobe’s distribution strength. The company can easily upgrade its Flash clients and instantly become owner of one of the largest p2p services. What that means is that now anyone can contemplate a Joost-like service that works within a browser. Using AIR to extend those p2p abilities to the desktop would be fairly easy as well.

So, the move to a new client architecture could be achieved with relatively minor disruption to Skype’s operations. Meanwhile, the service’s registration index would have to be transferred to a centralized server-based model.

It appears Volpi and company have a solid plan in place, and one can assume they’re well on their way to executing it. Not for the first time — and certainly not for the last – I stand corrected.