air france - cost of software glitch

Our problems with Air France started with a strange bug in their reservation system, which seems to discriminate against or deny the existence of infants between the age of 1 and 2 years. The screen shot below is from Air France on-line reservation web site. If you notice (as i did to my astonishment) there is no way to enter a 18 month old traveller.


Now I thought this might be just user inteface glitch limited to the online portal. I was sadly mistaken. The web support personnel who tried to help me in getting my daughter booked on that flight also met with stiff resistance from the software system. It was not just the user interface but someone had, quite cunningly, designed the system in a way that it could not accept birth-dates for 1-2 year olds. It took 2 full days of backroom negotiations to override the deeply embedded digital conspiracy. It was then that i realized the true cost of a software bug


A back of the envelope calculation would be to multiply the number of 1-2 year olds traveling per year with customer support cost of 4-16 hours per traveling infant. Now Air France KLM together carry close to 70 million passengers per year. If we take ages of the passengers to have a uniform distribution we are talking close to a million 1-2 year olds each year. If we take average hourly wage of customer support staff at $20 per hour then we are looking $80-$320 per child. This translates to $80-$320M in customer support cost for Air France each year. Not something to sneeze at !!

Now arguably, there are many factors that may cause this to be lower amount like there may be just 0.25 million 1-2 yr olds flying each year as the age based distribution of the airline may not be uniform (say normal distribution with low standard deviation).

Some would also argue that this only applies to internet based booking but as I had pointed out earlier the glitch ran deep into the other software being accessed by other people like airline staff and hence arguably will effect every mode of booking at some stage requiring costly intervention.

It has been more than a month since this glitch has been there and hasn't been fixed yet.

Google must respond and plug this leak!!

Here I had described a surprising behaviour from Gmail. The bottom line here was that Google was using knowledge about my work email address which was configured in gmail as a backup address ( I will cover this in a different post when i have some time), in ways that can be clearly construed as a breach of privacy boundaries and at the very least as very unusual behaviour.

Quick recap - I had sent a calendar invite from my work address to someone at a fairly well known startup. The response to that calendar invite was automatically forwarded to my gmail address and my gmail address was exposed to all the people on this invite list without my consent. This is a clear breach of privacy. The reason for providing additional email addresses to an email provider are -

1. For forwarding emails to another address
2. For recovering account information in case one forgets his/her account information

To use this information in a way that exposes more information than i seek to share with others, is a clear breach of my privacy. Google must plug this leak. There are a lot of other dangerous possibilities once a service provider tries to stretch functionality that spans natural boundaries like professional life and personal life. It is critical that each function that spans these natural boundaries is evaluated for inadvertent or intended privacy abuse.

For example, assuming Gmail allows me to configure multiple mail forwarding addresses for specific kinds of rules (which it does). I may want to forward emails related to a specific topic to my wife. This will require me to add my wife's email address as one of the email addresses in my gmail account. My wife will actually confirm this as we'd have discussed this offline. Now if this acceptance is used to construe (mis) that both these email IDs are mine, i may start to receive calendar invites sent out by my wife from her email account. My gmail experience is just a step away from this possibility.

Calendering conflicts in today's world span personal and professional commitments and hence Google is trying to deliver functionality that allows you to keep your gmail calendar with your work calendar. But these are boundaries that need to be tread very carefully. We, the consumers, cannot leave this responsibility solely to Google and must raise concerns everytime we come across an interaction with Google or similar companies that don't look correct. This is the age when, consumers have to be doubly vigilant. It is hard to not provide information as you seek functionality but policing the usage of that information must be done by consumers.

Google must respond to this !! If you have experienced similar issues with other sites/providers please post it in the comments here so that we can investigate and raise awareness of these issues.

1-800-NO-SOFTWARE

Do you know which company has this as their 1800 number ? It is incredible to see a vision run so deeply into a company. Right from taking on CRM as the ticker symbol to this number as the customer support number, it communicates a fanatical pursuit of vision. When coupled with fantastic technical and business execution, these steps create religious fervor in employees and  mortal fear in competition.

An achievable binding vision set by a credible leader is worth its weight in gold. Salesforce continues to amaze me with its bold moves. The ability to drive a large organization with such optimisim in a highly complex technology environment takes a lot of courage. There seems to be a healthy skepticism for the word "impossible" at Salesforce.

I am looking forward to other bold moves by Salesforce to further encourage adoption of their Force.com platform. Spring partnership certainly addresses the Java application platform issue to a great degree. But every application and application developer has been using relational databases especially Oracle for a long time now and is likely to resist moving to Salesforce PaaS for generic applications as it has a different datastore. Same goes for Google App Engine. The most likely applications, in the current form, will be extensions/customizations around Salesforce data.


PaaS providers face this problem. IaaS providers like Amazon have a complete suite of offerings around traditional RDBMS products sand are seeing a quicker adoption of their services. It is critical that PaaS providers make it easier for people to port their current applications to PaaS provider without too much rework. Right now PaaS providers are hoping that new applications that are developed will be developed on their platform. This strategy may work but may not achieve critical mass of usage fast enough.

CDNs - the rise of the anticloud

I was at a meeting with Akamai the other day. Akamai is a very fascinating company and i have followed both their business and technology progress quite closely. in fact, I have made money on their stock. Akamai has been delivering services in the Cloud business model for longer than the term Cloud has been in existence. In a strange way, though, I consider them anticloud. They are a force driving decentralization of content while Cloud is the force of centralization of both content and processing. In many ways Akamai is stretching the boundaries of the Cloud to the edges and in an extreme situation right to the home. This extreme situation is when CDNs merge with P2P technologies to deliver content from the end points themselves. Now, if anybody thinks this is hypothetical and fantasy then, look at Red Swoosh acquisition by Akamai. What P2P lacks, arguably, is the content management sophistication of traditional CDNs but companies like Akamai see no reason why the management cannot be extended to a content delivery node sitting on any of home network devices viz., wifi router, broadband router, set-top box etc.

In principle, this may allow some users to become data center providers for their community where the service is delivered by Akamai through its partners but the real estate is rented from end-users who make the capital investment into buying bigger network devices.

The forces pushing the content to the edges are not new - network congestion which gets exacerbated by rise of video. Today's digital video is not your father's video content. It is much bigger in resolution, higher in frame rates, interactive, 3D etc. All these factors demand data capacity of unprecedented levels. A 4K video (which you can upload on youtube now and is actually a resolution of 4096x3072) will not take a lot of simultaneous viewers to clog the internet backbone. Through the history of the internet, the last mile has been the bottleneck but with the advent of video the rate limiting characteristic of the last mile is preventing the meltdown of the internet. Thank god, we don't have all the internet users on broadband !! It is easy for people who have seen Indian cities transform in last 10 years to relate with this. The prosperity has resulted in explosion of car ownership but the roads have failed to keep pace and result is massive traffic jams.

It is no surprise that Cloud providers are launching or looking to launch their own CDNs. It is not easy though to build out POPs across the globe even for large companies. For video the Cloud will be distributed and stretched to include the homes. It is the management of content that will be Cloud based but the data is more likely to reside on the edges. Microsoft has over a period of time has moved away from using Akamai and Limelight networks to owning CDN assets on the edges and Azure CDN i believe is totally MSFT owned now.

Things are getting really interesting in this space and it may be time to go long on Akamai again but at $40+ it is a little too high for me.

Strange use of my profile data on Gmail…….

Yesterday I sent out a calendar invite to the CTO of a well known cloud computing startup. When I view the response on Outlook on my PC, I see the acceptance email addressed to my Gmail address.



The acceptance email from this person on my iPhone was addressed to a friend of mine. On iPhone when I click on this friend’s name on the “to” field I see his Gmail address and my Gmail address in the details about my friend.

Now all this is very confusing because I sent my calendar invite from my work email and not Gmail. There is a connection though, I have set my work email as the forwarding address for the emails that I receive on my Gmail that match a set of filter criteria. More specifically, I have Google Alerts directed to my Gmail account and I forward those alerts to my work email address. Another important fact is that this startup Company is using Gmail for their corporate email.

So it is clear that when I send a calendar invite from my work email account to the personnel of this company it hits the Gmail servers. Gmail at that point is using my work email address to look up my personal Gmail account and is sending the responses to both my work email and my Gmail account. This is a big data privacy and security issue. When enterprises worry about moving their applications and data to the Cloud it is these kinds of leaks (inadvertent or otherwise) that they fear and rightly so.

In the traditional IT model, the likelihood of such events is low as there is clear physical and ownership separation of my personal data and my enterprise data. Google has a natural desire to maintain a single identity across all my aliases/accounts, which may or may not be a desired state for me. The massive analytics infrastructure operates across all data regardless of their ownership/tenancy boundaries.

While this may allow Google to offer valuable products and services to me, like highly personalized search results and recommendations, it exposes more information than I am comfortable disclosing and worst of all I don’t even fully understand what it might expose. This is a small but illustrative example that shows why it is imperative that enterprises follow the model of “trust but verify” with Cloud providers when engaging them. Cloud providers must share and expose their architectural details for 3rd party audit. There may be a case for identifying functions that are more prone to creating privacy/security risks like analytics which by design are meant to extract identifiable information from a large data sets regardless of tenant boundaries. These functions and their output data access should be controlled and controls should be made transparent. In fact, enterprise tenants should be able specify and verify what functions are allowed with specific data - like analytics. Consumers have little leverage with large Corporates since we consumers value the functionality delivered by these companies far more than the potential loss of privacy/security so we are unlikely to vote with our mouse clicks.

my iPhone mail and calendering application has a bug

I showed up exactly 3 hours late for a meeting. I was traveling from East Coast to the West Coast. Two things happened. Actually one happened and one didnot. My iPhone time automatically changed to PST. But, the calendar was still operating on EST as it requires an explicit change of zone.

Now things get interesting as the alerting functionality was picking up the time from iPhone time. So i was getting alerts for a personal reminder i had set at 10.00 EST each day at 10.00 PST. For some reason I did not notice this error. I think the reason is that time zone shift hadn't happened totally in my mind. For this particular reminder I actually did want to be reminded at 10.00 AM local time and that is what i was getting so I didnot find anything amiss. In fact, this behaviour lulled me into thinking that all was correct.

A consistent and correct solution is for all the functions in email and calendering appplications (and all linked applications) to pick time and zone data from a single source. If there are multiple sources user should be warned about conflicts.

Note to self, always manually change the time zone or switch the time zone support to "off"

Privacy, complexity seen as Google blind spots - Says SFGate

This link has the article talking about Google blind spots.

I have talked about complexity here around an year back. When I have some more time at hand I should elaborate.......

Ode to February

It fell short of expectations
Perched amongst peers
In a highly inconspicuous place
Every four years it leaps
Reaches out in vain
Catch up, it can't
Tired, it rests
Performing a vital but undistinguished role
Waiting for yet another time

Tied to the cosmic order like
None of its peers
It's unique
It's persistent
It's a reminder of a nuanced reality
It's everything some of us aspire to be
Live, do, have a deeper meaning, persist
It's February - the month of my birth
I embrace what it represents.

Vijay