Welcome to the Friday edition of The Diff! This newsletter goes out to 24,363 subscribers, up 138 since last week. In this issue:
Tim Clissold's Mr. China is a memoir about running a buyout fund in China in the early 90s. The main plot of the book is that the investments lose money, but they lose it in two ways:
The fund buys a business that looks profitable, and while the business keeps growing, margins aren't great. Eventually, it turns out that someone is stealing the money by taking kickbacks or embezzling funds.
The fund buys a business that looks profitable, and is profitable. The business grows for a while, until one day the manager stops answering his phone and suddenly all the money has been transferred to an offshore bank account.
The mechanism for that second maneuver is the company chop, a stamp that allows the holder to do business as the company. Holding on to the chop as a way to retain control of the company still comes up from time to time, and it raises all sorts of interesting questions. A company is a legal means to coordinate behavior—a way to treat a group of people, assets, and contracts as if it's just one person. But this means that it needs some way to verify who is entitled to act on the company's behalf and under what circumstances. This is a top-to-bottom question at every company; Starbucks needs to know when a barista can give you a free replacement for a drink you spilled without asking their manager, and Starbucks also needs to decide what kinds of strategic choices the CEO can make without getting permission from the board.
As with so many other human problems, this is expressed most explicitly in software, where vague norms and qualitative understandings have to give way to yes-or-no rules. Modern identity products are a sort of anti-product, since what they're selling is an alternative to passwords as they're currently used. Un-managed passwords are a mess, because the options people have are: