Crossing the Chasm on One Page of A4 … and Wardley Maps

Crossing the Chasm Diagram

Crossing the Chasm – on one sheet of A4

The core essence of most management books I read can be boiled down to occupy a sheet of A4. There have also been a few big mistakes along the way, such as what were considered at the time to be seminal works, like Tom Peter’s “In Search of Excellence” — that in retrospect was an example summarised as “even the most successful companies possess DNA that also breed the seeds of their own destruction”.

I have much simpler business dynamics mapped out that I can explain to fast track employees — and demonstrate — inside an hour; there are usually four graphs that, once drawn, will betray the dynamics (or points of failure) afflicting any business. A very useful lesson I learnt from Microsoft when I used to distribute their software. But I digress.

Among my many Business books, I thought the insights in Geoffrey Moores Book “Crossing the Chasm” were brilliant — and useful for helping grow some of the product businesses i’ve run. The only gotcha is that I found myself keeping on cross referencing different parts of the book when trying to build a go-to-market plan for DEC Alpha AXP Servers (my first use of his work) back in the mid-1990’s — the time I worked for one of DEC’s Distributors.

So, suitably bored when my wife was watching J.R. Ewing being mischievous in the first UK run of “Dallas” on TV, I sat on the living room floor and penned this one page summary of the books major points. Just click it to download the PDF with my compliments. Or watch the author himself describe the model in under 14 minutes at an O’Reilly Strata Conference here. Or alternatively, go buy the latest edition of his book: Crossing the Chasm

My PA (when I ran Marketing Services at Demon Internet) redrew my hand-drawn sheet of A4 into the Microsoft Publisher document that output the one page PDF, and that i’ve referred to ever since. If you want a copy of the source file, please let me know — drop a request to:

That said, i’ve been far more inspired by the recent work of Simon Wardley. He effectively breaks a service into its individual components and positions each on a 2D map;  x-axis dictates the stage of the components evolution as it does through a Chasm-style lifecycle; the y-axis symbolises the value chain from raw materials to end user experience. You then place all the individual components and their linkages as part of an end-to-end service on the result. Having seen the landscape in this map form, then to assess how each component evolves/moves from custom build to commodity status over time. Even newest components evolve from chaotic genesis (where standards are not defined and/or features incomplete) to becoming well understood utilities in time.

The result highlights which service components need Agile, fast iterating discovery and which are becoming industrialised, six-sigma commodities. And once you see your map, you can focus teams and their measures on the important changes needed without breeding any contradictory or conflict-ridden behaviours. You end up with a well understood map and – once you overlay competitive offerings – can also assess the positions of other organisations that you may be competing with.

The only gotcha in all of this approach is that Simon hasn’t written the book yet. However, I notice he’s just provided a summary of his work on his Bits n Pieces Blog yesterday. See: Wardley Maps – set of useful Posts. That will keep anyone out of mischief for a very long time, but the end result is a well articulated, compelling strategy and the basis for a well thought out, go to market plan.

In the meantime, the basics on what is and isn’t working, and sussing out the important things to focus on, are core skills I can bring to bear for any software, channel-based or internet related business. I’m also technically literate enough to drag the supporting data out of IT systems for you where needed. Whether your business is an Internet-based startup or an established B2C or B2B Enterprise focussed IT business, i’d be delighted to assist.

Mobile Phone User Interfaces and Chinese Genius

Most of my interactions with the online world use my iPhone 6S Plus, Apple Watch, iPad Pro or MacBook – but with one eye on next big things from the US West Coast. The current Venture Capital fads being on Conversational Bots, Virtual Reality and Augmented Reality. I bought a Google Cardboard kit for my grandson to have a first glimpse of VR on his iPhone 5C, though spent most of the time trying to work out why his handset was too full to install any of the Cardboard demo apps; 8GB, 2 apps, 20 songs and the storage list that only added up to 5GB use. Hence having to borrow his Dad’s iPhone 6 while we tried to sort out what was eating up 3GB. Very impressive nonetheless.

The one device I’m waiting to buy is an Amazon Echo (currently USA only). It’s a speaker with six directional microphones, an Internet connection and some voice control smarts; these are extendable by use of an application programming interface and database residing in their US East Datacentre. Out of the box, you can ask it’s nom de plume “Alexa” to play a music single, album or wish list. To read back an audio book from where you last left off. To add an item to a shopping or to-do list. To ask about local outside weather over the next 24 hours. And so on.

It’s real beauty is that you can define your own voice keywords into what Amazon term a “Skill”, and provide your own plumbing to your own applications using what Amazon term their “Alexa Skill Kit”, aka “ASK”. There is already one UK Bank that have prototyped a Skill for the device to enquire their users bank balance, primarily as an assist to the visually impaired. More in the USA to control home lighting and heating by voice controls (and I guess very simple to give commands to change TV channels or to record for later viewing). The only missing bit is that of identity; the person speaking can be anyone in proximity to the device, or indeed any device emitting sound in the room; a radio presenter saying “Alexa – turn the heating up to full power” would not be appreciated by most listeners.

For further details on Amazon Echo and Alexa, see this post.

However, the mind wanders over to my mobile phone, and the disjointed experience it exposes to me when I’m trying to accomplish various tasks end to end. Data is stored in application silos. Enterprise apps quite often stop at a Citrix client turning your pocket supercomputer into a dumb (but secured) Windows terminal, where the UI turns into normal Enterprise app silo soup to go navigate.

Some simple client-side workflows can be managed by software like IFTTT – aka “IF This, Then That” – so I can get a new Photo automatically posted to Facebook or Instagram, or notifications issued to be when an external event occurs. But nothing that integrates a complete buying experience. The current fad for conversational bots still falls well short; imagine the workflow asking Alexa to order some flowers, as there are no visual cues to help that discussion and buying experience along.

For that, we’d really need to do one of the Jeff Bezos edicts – of wiping the slate clean, to imagine the best experience from a user perspective and work back. But the lessons have already been learnt in China, where desktop apps weren’t a path on the evolution of mobile deployments in society. An article that runs deep on this – and what folks can achieve within WeChat in China – is impressive. See:

I wonder if Android or iOS – with the appropriate enterprise APIs – could move our experience on mobile handsets to a similar next level of compelling personal servant. I hope the Advanced Development teams at both Apple and Google – or a startup – are already prototyping  such a revolutionary, notifications baked in, mobile user interface.

Help available to keep malicious users away from your good work

Picture of a Stack of Tins of Spam Meat

One thing that still routinely shocks me is the shear quantity of malicious activity that goes on behind the scenes of any web site i’ve put up. When we were building Internet Vulnerability Testing Services at BT, around 7 new exploits or attack vectors were emerging every 24 hours. Fortunately, for those of us who use Open Source software, the protections have usually been inherent in the good design of the code, and most (OpenSSL heartbleed excepted) have had no real impact with good planning. All starting with closing off ports, and restricting access to some key ones from only known fixed IP addresses (that’s the first thing I did when I first provisioned our servers in Digital Ocean Amsterdam – just surprised they don’t give a template for you to work from – fortunately I keep my own default rules to apply immediately).

With WordPress, it’s required an investment in a number of plugins to stem the tide. Basic ones like Comment Control, that  can lock down pages, posts, images and attachments from having comments added to them (by default, spammers paradise). Where you do allow comments, you install the WordPress provided Akismet, which at least classifies 99% of the SPAM attempts and sticks them in the spam folder straight away. For me, I choose to moderate any comment from someone i’ve not approved content from before, and am totally ruthless with any attempt at social engineering; the latter because if they post something successfully with approval a couple of times, their later comment spam with unwanted links get onto the web site immediately until I later notice and take them down. I prefer to never let them get to that stage in the first place.

I’ve been setting up a web site in our network for my daughter in law to allow her to blog abound Mental Health issues for Children, including ADHD, Aspergers and related afflictions. For that, I installed BuddyPress to give her user community a discussion forum, and went to bed knowing I hadn’t even put her domain name up – it was just another set of deep links into my WordPress network at the time.

By the morning, 4 user registrations, 3 of them with spoof addresses. Duly removed, and the ability to register usernames then turned off completely while I fix things. I’m going into install WP-FB-Connect to allow Facebook users to work on the site based on their Facebook login credentials, and to install WangGuard to stop the “Splogger” bots. That is free for us for the volume of usage we expect (and the commercial dimensions of the site – namely non-profit and charitable), and appears to do a great job  sharing data on who and where these attempts come from. Just got to check that turning these on doesn’t throw up a request to login if users touch any of the other sites in the WordPress network we run on our servers, whose user communities don’t need to logon at any time, at all.

Unfortunately, progress was rather slowed down over the weekend by a reviewer from Kenya who published a list of best 10 add-ins to BuddyPress, #1 of which was a Social Network login product that could authenticate with Facebook or Twitter. Lots of “Great Article, thanks” replies. In reality, it didn’t work with BuddyPress at all! Duly posted back to warn others, if indeed he lets that news of his incompetence in that instance back to his readers.

As it is, a lot of WordPress Plugins (there are circa 157 of them to do social site authentication alone) are of variable quality. I tend to judge them by the number of support requests received that have been resolved quickly in the previous few weeks – one nice feature of the plugin listings provided. I also have formal support contracts in with Cyberchimps (for some of their themes) and with WPMU Dev (for some of their excellent Multisite add-ons).

That aside, we now have the network running with all the right tools and things seem to be working reliably. I’ve just added all the page hooks for Google Analytics and Bing Web Tools to feed from, and all is okay at this stage. The only thing i’d like to invest in is something to watch all the various log files on the server and to give me notifications if anything awry is happening (like MySQL claiming an inability to connect to the WordPress database, or Apache spawning multiple instances and running out of memory – something I had in the early days when the Google bot was touching specific web pages, since fixed).

Just a shame that there are still so many malicious link spammers out there; they waste 30 minutes of my day every day just clearing their useless gunk out. But thank god that Google are now penalising these very effectively; long may that continue, and hopefully the realisation of the error of their ways will lead to being a more useful member of the worldwide community going forward.

So, how do Policing Statistics work?

Metropolitan Police Sign

I know I posted a previous note on the curious measures being handed down to police forces to “reduce crime”. While the police may be able to influence it slightly, in the final analysis they only have direct control over one part of the value chain – that of producing the related statistics (I really don’t think they commit all the crimes on which they are measured!). The much longer post was this:

I’ve just had one of my occasional visits back to “Plumpergeddon” – not recommended in work environments for reasons that will become apparent later – which documents the ebbs and flows of the legal process following a mugging and theft (of a MacBook and a wallet containing a debit card) in London in November 2011. It is, to put it mildly, a shocking story.

The victim of the crime – and owner of the MacBook – had installed a piece of software on his machine that – once he’d enabled a tick box on an associated web site – started to “phone home” at regular intervals. Taking pictures of the person using the computer, shots of what was on the screen at the same time, and both tagged with it’s exact geographic location. He ended up with over 6,000 pictures, including some which showed sale of goods on eBay that matched purchases made on his stolen credit cards.

I’m not sure exactly how the flow of incidents get rolled up into the crime statistics that the Met publish, but having done a quick trawl through the Plumpergeddon Blog, starting at the first post here and (warning: ever more NSFW as the story unfolds, given what the user started paying for and viewing!) moving up to the current status 29 pages later, the count looks like:

  • 1 count of mugging
  • 1 theft of a MacBook Pro Personal Computer, plus Wallet containing Company Debit Card
  • 2 counts of obtaining money (from a cashpoint with a stolen card) by deception
  • 9 counts of obtaining goods (using a stolen debit card, using a PIN) by deception
  • 2 counts of obtaining goods (using a stolen debit card, signing for them) by deception
  • 11 counts of demonstrably selling stolen goods

So, I make that 26 individual crime incidents.

The automated data collection started off within 4 weeks of the theft phoning home (it took one shot of the user, a screenshot and reported location and connection details every 10 minutes of active use). He ended up assembling circa 6,000 pieces of evidence (including screenshots of the person using his MacBook, and screenshots documenting the disposal of the goods purchased with the stolen card using three separate accounts on eBay). All preserved with details of the physical location of the MacBook and the details of the WiFi network it was connected to.

Many ebbs and flows along the way, but the long and short of it was that the case was formally dropped “for lack of evidence”. This was then followed by a brief piece of interest when some media activity started picking up, but it then sort of ebbed away again. In May 2013, news came back as The case file is back with the officer, and the case is closed pending further leads.”

Four weeks ago, the update said:

I Am No Longer the Victim. Apparently. I was told last night in a police station by a Detective Constable that because the £7,000 I was defrauded of was returned by my bank after 3-4 weeks, and the laptop was replaced by my insurance company after 4 months, I am no longer considered the victim for either of those crimes. I was told that my bank and insurance company are now the victims.

I assume this must mean that when a victim of an assault receives compensation, the attackers subsequently go free? Any UK based lawyers, police or other legal types care to shed some light on this obscure logic?

Cynical little me suspects i’m being told this because the police don’t want to pursue charges over those crimes, even though (as most readers will know and as I said in my previous post) I’ve done practically all the legwork for them.

I must admit to be completely appalled that a case like this. Given the amount of evidence submitted, it should have solved a string of fraudulent transactions and matching/associated Sale of Stolen Goods, that could have incremented the Metropolitan Police “crimes solved” counter like  jackpot machine. 26 crimes solved with all the evidence collecting leg work already done for them.

So, where does this case sit on the Metropolitan Police Statistics? Does it count as all 26 incidents “solved” because the insurance company have paid out and the debit card company have reversed the fraudulent transactions?And above all, is the Home Secretary really satisfied that she’s seeing an appropriate action under her “reducing crime” objective here??

The guy is still free and on the streets without any intervention since the day the crimes were committed. Free to become the sort of one-man crime wave that Bill Bratton managed to systematically get off the streets in New York during his first tenure as Police Chief there (I recall from his book The Turnaround that 70 individuals in custody completely changed the complexion of life in that City). Big effect when you can systematically follow up to root causes, as he did then.

However, back in London, I wonder how this string of events are mapped onto the crime statistics being widely published and cited. Any ideas?

Great Technology. Where’s the Business Value?

Exponential Growth Bar GraphIt’s a familiar story. Some impressive technical development comes up, and the IT industry adopts what politicians will call a “narrative” to try push its adoption – and profit. Two that are in the early stages right now are “Wearables” and “Internet of Things”. I’m already seeing some outlandish market size estimates for both, and wondering how these map back to useful applications that people will pay for.

“Internet of Things” is predicated on an assumption that with low cost sensors and internet connected microcomputers embedded in the world around us, the volume of data thrown onto the Internet will necessitate a ready market needing to consume large gobs of hardware, software and services. One approach to try to rationalise this is to spot where there are inefficiencies in a value chain exist, and to see where technology will help remove them.

One of my sons friends runs a company that has been distributing sensors of all sorts for over 10 years. Thinking there may be an opportunity to build a business on top of a network of these things, I asked him what sort of applications his products were put to. It appears to be down to networks of flows in various utilities and environmental assets (water, gas, rivers, traffic) or in industrial process manufacturing. Add some applications of low power bluetooth beacons, then you have some human traffic monitoring in retail environments. I start running out of ideas for potential inefficiencies that these (a) can address and (b) that aren’t already being routinely exploited. One example is in water networks, where fluid flows across a pipe network can help quickly isolate the existence of leaks, markedly improving the supply efficiency. But there are already companies in place that do that and they have the requisite relationships. No gap there apparent.

One post on Gigaom showed some interesting new flexible electronic materials this week. The gotcha with most such materials is the need for batteries, the presence of which restricts the number of potential applications. One set of switches from Swiss company Algra could emit a 2.4GHz radio signal between 6-10 meters using only energy from someone depressing a button; the main extra innovations are that the result is very thin, and have (unlike predecessors) extremely long mechanical lifetimes. No outside power source required. So, just glue your door bells or light switches where you need them, and voila – done forever.

The other material that caught my eye was a flexible image sensor from ISORG (using Plastic Logic licensed technology). They managed to have a material that you could layer on the surface of a display, and which can read the surface of any object placed against it. No camera needed, and with minimal thickness and weight. Something impossible with a standard CMOS imaging scanner, because that needs a minimum distance to focus on the object above it. So, you could effectively have an inbuilt scanner on the surface of your tablet, not only for monochrome pictures, but even fingerprints and objects in close proximity – for contactless gesture control. Hmmm – smart scanning shelves in retail and logistics – now that may give users some vastly improved efficiencies along the way.

The source article is at:

A whole field is opening up around collecting data from the Onboard Diagnostics Bus that exists in virtually every modern car now, but i’ve yet to explore that in any depth so far. I’ve just noticed a trickle of news articles about Phil Windley’s FUSE project on Kickstarter (here) and some emerging work by Google in the same vein (with the Open Automotive Alliance). Albeit like TVs, vehicle manufacturers have regulatory challenges and/or slow replacement cycles stopping them moving at the same pace as the computer and electronic industries do.

Outside of that, i’m also seeing a procession of potential wearables, from glasses, to watches, to health sensors and to clip-on cameras.

Glasses and Smart Watches in general are another much longer story (will try and do that justice tomorrow), but these are severely limited by the need for battery power in limited space to so much more than their main application – which is simple display of time and pertinent notifications.

Health sensors are pretty well established already. I have a FitBit One on me at all times bar when i’m sleeping. However, it’s main use these days is to map the number of steps I take into an estimated distance I walk daily, which I tap pro-rata into Weight Loss Resources (I know a walk to our nearest paper shop and back is circa 10,000 steps – and 60 mins of moderate speeds – enough to give a good estimate of calories expended). I found the calorie count questionable and the link to MyFitnessPal a source of great frustration for my wife; it routinely swallows her calorie intake and rations out the extra extra calories earnt (for potential increased food consumption) very randomly over 1-3 days. We’ve never been able to correlate it’s behaviour rationally, so we largely ignore that now.

There’s lots of industry speculation around now that Apple’s upcoming iWatch will provide health related sensors, and to send readings into a Passbook-like Health Monitoring application on a users iPhone handset. One such report here. That would probably help my wife, who always appears to suffer a level of anxiety whenever her blood pressure is taken – which worsens her readings (see what happens after 22 days of getting used to taking daily readings – things settle down):

Jane Waring Blood Pressure Readings

I dare say if the reading was always on, she’d soon forget it’s existence and the readings reflect a true reality. In the meantime, there are also feelings that the same Health monitoring application will be able to take readings from other vendors sensors, and that Apple are trying to build an ecosystem of personal health devices that can interface to it’s iPhone based “hub” – and potentially from there onto Internet based health services. We can but wait until Apple are ready to admit it (or not!) at upcoming product announcement events this year.

The main other wearables today are cameras. I’ve seen some statistics on the effect of Police Officers wearing these in the USA:

US Police Officer with Camera

One of my youngest sons friends is a serving Police Officer here, and tells us that wearing of cameras in his police force is encouraged but optional. That said, he said most officers are big fans of using them. When turned off, they have a moving 30 second video buffer, so when first switched on, they have a record of what happened up to 30 seconds before that switch was applied. Similarly, when turned off, they continue filming for a further 30 seconds before returning to their looping state.

Perhaps surprising, he says that his interactions are such that he’s inclined to use less force even though, if you saw footage, you’d be amazed at his self restraint. In the USA, Police report that when people they’re engaging know they’re being filmed/recorded, they are far more inclined to behave themselves and not to try to spin “he said that, I said that” yarns.

There are all sorts of privacy implications if everyone starts wearing such devices, and they are getting increasingly smaller. Muvi cameras as one example, able to record 70-90 minutes of hi res video from their 55mm tall, clip attached enclosure. Someone was recently prosecuted in Seattle for leaving one of these lens-up on a path between buildings frequented by female employees at his company campus (and no, I didn’t see any footage – just news of his arrest!).

We’re moving away from what we thought was going to be a big brother world – but to one where such cameras use is “democratised” across the whole population.

Muvi Camcorder


I don’t think anyone has really comprehended the full effect of this upcoming ubiquity, but I suspect that a norm will be to expect that the presence of a working camera to be indicated vividly. I wonder how long it will take for that to become a new normal – and if there are other business efficiencies that their use – and that of other “Internet of Things” sensors in general – can lay before us all.

That said, I suspect industry estimates for “Internet of Things” revenues, as they stand today, along with a lack of perceived “must have this” applications, make them feel hopelessly optimistic to me.

NFC and it’s route to, eh, oblivion?

Square iPad POS Terminal

I see that credit card companies have started deploying Near Field Communications (NFC) technology to the world (aka Contactless Payments), and speculation is running on which mobile handset vendors will bundle the technology. Am I the only person who thinks that it’s a neat solution to a problem that doesn’t exist – outside of the few geeks and Credit Card Issuers who think it’s neat?

I think Square (the mobile phone credit card payment processor and designer of the iPad till shown above) have got it completely right, where NFC takes everyone up a blind alley. Square started by looking at the usual buying experience in a retail setting, and worked things back from there on how to remove all the friction. It sort of works like this.

When a regular customer is within a short distance from the shop, their picture and name appears on the till. If they walk in, one press shows their regular order items and any special upsells. They can be greeted by name, asked if they want their usual and whether they’d like to try the offer of the day. You can then offer to let them pay using their normal debit or credit card, process the payment and email the receipt. You have already authenticated them, so all good to go. A nice retail experience.

With NFC, all the action is past the time when you can do the basics of good service, and the upsell opportunity is gone. You just take the payment, and oops – they need to authenticate that they are the user of the phone (otherwise a thief with a stolen phone would run past every till in the nearest department store). So you have to enter a password or pin. So, what’s the extra advantage over using a card, without the retailer having to cough up the costs of expen$ive readers?

I can’t think of one. Square seem to have the right idea. And to me, NFC looks like a white elephant. Have I missed something?