Podcast: Play in new window | Download

Something has been bothering me lately and it is our assumption that China is the world’s next superpower and that we’d darned well better get used to it. Hogwash. We’re into the Chinese decade, not the Chinese Century.

The century belongs to India.

Last century was all-American. We came into the 20th century a huge but unsophisticated nation. Our industrial might made us a factor in World War I. Our cultural ingenuity caught the world’s fancy in the 1920s and — 90 years later — still hasn’t let go. As a result this will not be the Bollywood Century. The Great Depression secured our place at the table by showing we could take much of the world down with us. World War II saw us save that world, grabbing half a century of global dominance in the process (thanks Dad). But now we’re screwing it up a bit out of inertia and greed and ignorance of the very world we created. We did it to ourselves by thinking that nothing could really hurt us. But in the end that wasn’t true any more than the idea that Harry Houdini’s stomach could take any punch.

So we’re giving it up to the Indians. not to the Chinese. China has the population, the will, the educational system, the foreign currency reserves — everything to make it the next global superpower except two things: 1) an emerging middle class generation comparable to our Baby Boomers, and; 2) a functional diaspora (look it up, I’ll wait).

In contrast to China, India has only those two things: 1) a real Baby Boomer class, and; 2) a functional diaspora (did you look it up?). Nothing else about India works at all — nothing. India is corrupt and divided. While India has a commercial tradition it isn’t an especially functional one. Fractionalism and factionalism, whether economic, social, or religious, will keep India from ever truly pulling together. But that doesn’t matter because my two original points are enough.

What I find interesting is that most people just take it as bible truth that China will be the next superpower because it is so number-oriented (huge infrastructure dollars, huge manufacturing dollars, higher per capital wealth than India, bigger middle class, etc…). Plus it is easier to see China becoming dominant because we prefer, I think, to be economically conquered by people very different from ourselves. And China just seems more different than India.

China has all those factories and all that money (our money — isn’t that the way we tend to see it?). China also cheated itself out of a generation through overzealous population control, which might be good for the globe but is bad for hegemony. But the biggest reason why India will win and China will lose is the Chinese stay to themselves too much. They don’t assimilate.

Look at the world’s multinational companies. Compare their executives of Indian and Chinese nationality or descent. Indian executives are everywhere. Chinese executives are nowhere.

Now remember what western corporate law teaches us — that managers control companies, not their shareholders. China isn’t just the 1.5 billion Chinese, but Chinese inside China plus their diaspora worldwide. Same for India. The big point is not very politically correct but it is nevertheless true — there is a massive disparity in Indian vs Chinese executive representation in the top 500 multinational corporations.

You can rattle off the number of Indian CEOs, COOs, CTOs, CIOs, and CFOs then find another legion operating just below the CXX level. My guess is that their comfort with western culture, their English language skills, and — perhaps most importantly — their institutional training by the Brits enable them to be the best bureaucrats and political operators who — even though they may not add a single dollar of value — use those skills to survive in droves and make it to the top. In contrast, you see hardly any high-level Chinese executives in multinational corporations that aren’t Chinese multinationals.

Juxtapose this with domestic Indian conglomerates that have managed 10 percent year-over-year growth despite the absurd inefficiencies of the domestic Indian market and you get a phenomenal triangulation move that will leave China in the dust in the next 10-20 years.

Then remember that the Indian workforce will still be young and growing in 10 years versus a rapidly aging Chinese population and the fact that India has not only already won in services and pharma, but is proving itself smarter and more innovative in industrial manufacturing, too.

China is not a particularly good bet after about 2020, though the Chinese domestic economy will grow like gangbusters for the next few years — hence they win the decade, though not the century.

History has shown, too, that India and China don’t play well Both are outrageously arrogant and selfish, China is too top-down and India is too driven by short-term political issues. Chinese companies hate dealing with Indians.

Here’s what all this means for the future. It’s very good for the English language, for one thing. That may not seem like much, but it is, at least for those of us who are native English speakers. It’s not that English is so great, you see, but that it is not Mandarin. The Indians will ensure Mandarin does not become the dominant language. And if they can do it they’ll also make sure the RMB doesn’t replace the dollar as it is not in their interests from either a national or a multinational corporation management perspective, either.

I suspect the multinational corporations effectively controlled by the indian diaspora won’t even need excuses to work more with India instead of China as China becomes more and more of an ass-pain for the world.  Since the Indians control the multinational corporations, they have a vested interest in the U.S. and Europe not completely collapsing.

Lucky us.

While there’s not much optimism floating atop this idea that Indian managers will allow us to survive as viable economies mainly to keep the Chinese at bay, remember that survival is an absolute prerequisite for resurgence.

If we have a hope of making the 22nd century again ours (and I think it can be done) we have to start somewhere.

Podcast: Play in new window | Download

As we’ve all read, Google recently experienced a massive attack on its network, probably from China, and has threatened to leave the Chinese market as a result. I’ve written about that aspect before (Google taking its ball and going home) but this column is about the attack itself and Google’s internal plans for how to deal with future such problems, because of course this will happen again. I’m frankly trying to understand what Google is up to in its response to the Chinese threat — a response that doesn’t make much sense to me given the details of the attack as published.

First reports of the attack blamed a security flaw in an attached PDF file. Later reports blamed a vulnerability in Microsoft’s Internet Explorer browser. Adobe denies the PDF vulnerability, though the company not long ago issued a security patch for that product. Microsoft confirmed the IE vulnerability. But what’s interesting to me is that I understand from inside Google that the company plans to respond to this Chinese threat by changing its log-in process for web apps to one using a secure secondary server. That’s great, but it wouldn’t have stopped the most recent attack.

Is there something here we aren’t being told?

The most popular secure secondary server access system is called SiteKey and is used by Bank of America and many other financial institutions. The way SiteKey works is you log on to your bank’s computer, for example, by first typing an account identifier which causes one server to generate a picture and another server to generate a pass phrase which together don’t identify you to the bank but rather identifies the bank to you. Trapped as it is in a hash table, nobody at the bank can even tell you what picture you chose but you know it (the pass phrase too) so you can be pretty sure the server you are logging into is the one you want and not some phishing site. If the picture and phrase are satisfactory you can then type in your real password and you are there.

I’m told that Google will soon roll-out a similar system for Google Apps.

But I can’t see how using secure secondary authentication would have had any impact at all on the recent Chinese malware incident.

So I went to a friend who manages data security for a huge defense contractor and he agreed. “Authentication helps, ” he said, “but that was the second part of the attack, the original piece was a carefully crafted PDF file that was executed by the user. No amount of authentication helps against an authorized user. Don’t get me wrong, I am a believer in strong X. 509 based authentication, just it would not have helped against a malicious attachment.”

Adobe says it wasn’t a PDF problem at all. Yet my friend, who is privy to a flow of information the rest of us are not, says Adobe may be technically incorrect in this assertion.  I don’t know for sure, nor do I think it really matters in this case.

“The IE use was a secondary effect (to download the malware using an allowed program), ” he explained. “I’m not sure what they are calling a vulnerability (it might be a feature). The initial vector was the PDF. Typically such an attack is limited in just how large a program can be in the initial attack (hidden inside the attachment).  It has to be just enough to pull the real root kit. Early ones used their own network app but most systems are now protected by personal firewalls that would disallow or alarm. Use of IE would probably avoid this (and explains why large corporations are going to gateway white lists). Bottom line: the attack requires an executable program to be running on the workstation. Once that is in place, anything can be done. ”

The best defense against this sort of attack would have been two-fold. First, strip all e-mail attachments from messages and replace them with a URL. Send one copy of the attachment to a dedicated server that can be set to paranoid. Take as much time as needed to vet the attachment including emulation to see if it is malware or not. Once complete, the URL embedded with the forwarded e-mail becomes active and the attachment can be downloaded.

Google owns Postini, which could implement just such a technique, so we should probably expect that they will do so, making Google apps more secure and therefore more attractive in the process.  In Google’s move to make itself ever more essential to the net they may well offer such a quarantine service as a standalone product, too.

The second part of this solution unfortunately died with Windows Vista — the hated User Access Control (UAC). Temporary privilege escalation with logging, which is what Vista’s UAC provided along with some user grief, is the way to go.

Remember that all the authentication in the world will not protect against a privileged user doing the wrong thing. It’s just that logging may help to determine what happened after the fact.

We have known for years how to fix this, but nobody cared.

Podcast: Play in new window | Download

More 2010 predictions, this time for Google, which is reeling right now from cyber attacks in China and customer attacks in the U. S. where the Nexus One is getting an underwhelming response from early adopters.

Here’s word from a friend of mine — a smart phone whore — who had a Nexus One for a month and didn’t tell me until this morning. Still, his reactions are informed and represent a month of experience. “I’m not too impressed with it as a phone, ” says my friend. “It’s basically a wash. Google is screw’n it big time with the horrible plans they are dishing it out on t-Mobile and the price is ridiculous. To beat all, it’s radio is horrible, so bad that I literally gave it back and returned to a clunky G1. There is no decent smart phone out right now except the Moto Cliq unless you are lucky enough to have good AT&T coverage with an iPhone, which I don’t.”

Early Nexus One users hate the phone, hate the plans, hate the network, hate the price, but what they hate most of all is Google’s lack of customer service. Shouldn’t Google have seen this coming? Of course, but the company operates in a bubble that market realities often can’t penetrate. Eventually Google will be good at this stuff, but how long will that take? Too long?

What amazes me is the bad radio given that this is an HTC product and HTC is a very good mobile phone manufacturer. Taking a guess about what’s happening there I predict that HTC warned Google about the radio problem but there were so many IQ points jetting around the conference room at Google that nobody bothered to actually listen they were so much in love with each other. Sometimes just being smarter is not enough. In fact just being smarter is never enough, even at chess – a lesson Google will have to learn the hard way, I suppose.

Now to China where hackers or spies or who-knows-who have been attacking Google and the search giant is threatening to take its ball and go home, leaving completely the Chinese market. What sense does this make? It makes no sense to me. Google is going to have zero impact on China — zero — by abandoning that market, which Microsoft and Yahoo will gladly fill. so threatening to walk away is simply stupid.

Of course Google couches all this in terms of rejecting Chinese government censorship, which is a good thing, but we’re still left with either posturing that isn’t real or stupid-ass behavior that is real but shows this isn’t likely to be the Google Decade after all.

Here’s a better approach for Google to take. Stand in front of a bank of cameras and microphones my very impressive friend Tiffany Montague (Google’s link with NASA, keeper of the Google G-V parking spaces at Moffett Field, and internal space expert) to have her explain how Google is going to launch a satellite Internet service similar to one I described in a recent column, specifically to bring freedom of information (and advertising) to totalitarian regimes everywhere.

The technology exists, Google could finance it, and China couldn’t stop it.

This assumes, of course, that Google has some guts, which I doubt.

Otherwise, 2010 looks like a good year for Google mainly because Internet advertising will recover somewhat and Google should make some progress in phones, browsers, operating systems, apps, and the cloud in general. In those areas they are still ahead of the curve and ahead of the curve is a great place to be.