The defining quote by the engineers who worked on Tata Motors' (TTM) Nano:
"do we really need that?"
Now _that_ is some engineering mantra. Dan Pritchett's blog reminded me of another great quote on the same line from Antoine de Saint-Exupery
A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away.
Speaking of taking things away, when was the last time the hot new product rolled the clock back to echo the featureset of a product from 81(!) years previous?!?! Here is a snapshot of the Nano versus the Model T (circa 1926):
| Nano | Model T | |
| Introductory Price | $2,500 | $850 (about $19,000 in 2006) |
| Number of cylinders | 2 | 4 |
| Horsepower | 33 | 20 |
| Top speed | 60 mph (97 km per hour) | 45 mph (72 km per hour) |
| Fuel economy | 50 miles per gallon (21 km per liter) | 13-21 miles per gallon (5.5-9 km per liter) |
| Air conditioning | No | No |
| Power steering | No | No |
| Windshield wiper | Just 1 | A vacuum-powered wiper could be added to the driver's side of the 1926 model for $3.50 |
Are you kidding me? You are gonna build a product that is based on 81 year old feature set? It works in this case, because Indians buy about 7 million two wheeled scooters and motorcycles a year at prices topping out around $1500, so $2500 is a reachable upgrade point for consumers.
The point is that it is not just about adding features - its about knowing your customer - what can they afford, what do they want? I know a lot of people who like reliability and low prices, and Vannevar Bush (about 62 years ago) seemed to as well:
Machines with interchangeable parts can now be constructed with great economy of effort. In spite of much complexity, they perform reliably. Witness the humble typewriter, or the movie camera, or the automobile. Electrical contacts have ceased to stick when thoroughly understood. Note the automatic telephone exchange, which has hundreds of thousands of such contacts, and yet is reliable. A spider web of metal, sealed in a thin glass container, a wire heated to brilliant glow, in short, the thermionic tube of radio sets, is made by the hundred million, tossed about in packages, plugged into sockets—and it works! Its gossamer parts, the precise location and alignment involved in its construction, would have occupied a master craftsman of the guild for months; now it is built for thirty cents. The world has arrived at an age of cheap complex devices of great reliability; and something is bound to come of it.
The problems in security today are a lack of cheap and reliable security features - this is the problem to work, and we don't really need to invent tons of new mechanisms, we need to engineer the ones we have better. Case in point from my friends at Ping Identity:
Ping Identity today unveiled PingFederate 5.0, the most significant release to date of the company’s rapidly deployable identity federation software. PingFederate 5.0 is now available for download from www.pingidentity.com. Auto-Connect, a new feature in PingFederate 5.0, automatically establishes SAML connections for secure Internet single sign-on (SSO) in seconds versus the weeks or months it often takes with other products. ... "Federation technology must advance significantly if it is to become as pervasive as email services, which don't require extensive coordination between domains to establish connectivity," said Gerry Gebel, vice president and service director at Burton Group. "It's good to see federation product vendors addressing deployment scalability challenges, which will enable large enterprises to more easily integrate with partner networks."
Federation is really about packaging up existing security protocols and making them easier to distribute, whilst hiding the technical details from the users - the suckers that designed SAML and such really knew what they were doing. This is what we need more of in security, cheap, reliable security mechanisms not 7 figure products that are only affordable (note I did not say usable) for large companies.
I have done several projects with Ping's products, and they are way out in front technically with respect to standards and supporting use cases that enterprises care about, but this is not what I like best about their foo. I have worked with many, many tools that were technically sweet but you have to stand on your head, hold your breath, and type with your toes to get them to work (oh and only two other people in your company can get em to work). What makes it s joy to work with Ping's products is that they are engineered to be used. By real humans. In real companies. To solve real problems.
So my simple ask for the security vendor community is to learn from the above examples and engineer your products - less features, lower prices, and better reliability. Thanks in advance.
Comments