Monthly Archive for December, 2007
This has been bubbling along for a few days now. Google have added some actual sharing functionality to their “share” function in Google Reader. I’ve been using it anyway - you can see my shared items on the side of my blog.
Now your shared items will be visible to your contacts in gmail or google talk. On the whole this seems OK - the whole point of sharing is to make them public.
There has been something of a backlash however, some of it reasonable and some rather less so. The reasonable point is that people were using the shared feed (a private RSS feed) to share items with a restricted set of people.
Most people, including me, have gmail and gtalk contacts who are friends and some who are business contacts. Now the gap between personal me and professional me is pretty small, but I am definitely the exception - and in my early twenties the gap was much larger. I have just become more boring, something I wouldn’t necessarily encourage. Many, more interesting, people are horrified at the idea of random professional contacts seeing their feeds.
Even for those of us with closely related professional and personal lives we manage those with a different conversational register, for which there does appear to be an emerging sort of protocol. This blog is my personal blog. We have a work blog too, but this is just me speaking for myself. I can say things here I wouldn’t say on the work blog not because I’m concerned that my professional contacts might see it, some of them probably will (hi there!), but because I trust them to understand that we do in fact legitimately have personal lives that diverge from our professional ones. Incidentally this blog isn’t private - if I wanted something to be private, I wouldn’t put it on the Internet (duh).
So, that point seems very fair to me - there needs to be more granularity in sharing. Share with specific users, or with groups or with all my contacts or with everyone. Edit: And lo, they have. Not the best thought out solution, but having to roll it out on Christmas day won’t have cheered them up any. Full marks. I imagine a better solution will come along shortly.
There have been some other complaints. One that I’ve seen is that people have been using the sharing feed for random other things, and that now those other things won’t work. Well tough really I think.
And finally you get idiots like Cyndy Aleo-Carreira at Profy.com, normally a pretty good tech news site, who has written this appallingly researched rubbish that is basically just full of lies.
I’d probably get all annoyed about how the blogosphere is so much less reliable than Mainstream Media now - except of course when this is picked up by the newspapers I expect they’ll do even less research, and publish even more rubbish.
I got an Eee PC just before christmas. I’ve used it for a few days, so here are some first impressions.
First, the good: the build quality is good, the screen is excellent, the sound is good as is the microphone. The webcam works fine, the touch pad is well tuned and the OS it ships with is very nicely put together. The wifi worked out of the box with WPA, which is better than I can say for any laptop I’ve used before, with any OS.
There’s a lot of talk about how to put Windows XP on them. I honestly can’t see the point.
In fact the whole package is ludicrously good for it’s price point. So good I think Asus have really invented a whole new category (Charlie Stross has some well-considered thoughts on this). Any PC manufacturer who isn’t now planning their own line in this new category is an idiot.
There have been “Ultra Micro” PCs before, but the price is a key factor - this is the first disposable general purpose computer. There’s no point fretting about the lifetime of the integral solid state drive, because you will have bought a new eee pc before it runs out. I’m already planning to get another one (and this time it’ll be black).
One of the things you notice about new technology categories is that you find new use cases you didn’t know you had. I’ve started listening to podcasts in bed - the eee functions as a bedside internet radio. Last night, the Now Show. The night before, In Our Time. Honestly, it’s worth getting one just for bedtime podcasts.
There are some downsides. The 800×480 screen is not big enough for a number of websites. I hope this encourages developers to consider small screens when building sites - I’ll certainly be testing our new sites on the eee myself. There is enough physical room in the lid of the machine for a larger screen, and I bet that’s near the top of their list for new models.
Not as high, I hope, as bluetooth. This is the only real gripe I have (apart from a perennial one below). Bluetooth is so ubiquitous I was really surprised to see it absent. It’s amazingly useful for mobile Internet, something I use quite a bit anyway (even if mostly with train or coffee shop wifi).
You can plug in a bluetooth dongle into one of the three (3!) USB ports of course, but it’s nowhere near as neat. This machine really needs bluetooth. Obviously 3G, when it comes, will be even better. As soon as they release a machine with integral 3G, I’m getting it.
Other models will obviously have more RAM and a larger disk, but the RAM is field upgradable and the disk is actually large enough for most people, even with only 4GB. Adding an SDHC card for storage is trivial, and cheap. Play.com do a 16GB one for 50 quid.
My one other gripe? The keyboard is designed for right handers. The space bar doesn’t work if you tap it on the left. If you are a left-handed typist you hit the space bar with your left thumb. I’ve had to change my hand position on the otherwise perfectly usable keyboard so I can hit space.
Us left-handers are a sizable minority of the population. We are honestly worth considering when designing stuff. Saying “ah well 10% of our users are going to have a substandard experience because we cannot be bothered to support them” is NOT good enough. Asus are nowhere near alone in this though. Perhaps fuel for a future post.
All that said, I’m writing this post on the Eee, and it is more than acceptable. This really is one of the best designed bits of tech I’ve got in many many years. You should seriously consider buying one, you are bound to use it more than you can imagine.
Escapist have an article about the activities of Fansy, on an Everquest PVP server. It’s interesting in a couple of ways. Their point about the unchanging nature of MMOs is easily the most disappointing aspects of MMOs. Old school MUDs had much more scope for change, at least once you got to a high enough level.
The first system that successfully provides for a fungible environment will be vastly successful. It’s difficult though. They need to cope both with the griefers, who will actively try to ruin the environment, and with the “fixed point attractors” in their rules - sort of heat death for MMOs. My instinct is that almost all rulesets will result quickly in point or cyclical attractors.
The second point from the article is of course that Fansy was a griefer. He is lauded in that article, but he was exploiting server rules to ruin the game for others. As such, he probably ought to have been terminated immediately - it was only the conceit of a “rules free” server that stopped them. Of course it wasn’t “rules free” at all - if it had been, Fansy would have been dealt with immediately by it’s inhabitants.
The final point is how MMOs really dealt with the Fansy problem. They rewrote mob engagement to rubber band at a distance from the mobs patrol zone, and they tweaked threat so that the originally aggroing player maintains threat.
Problem solved - no further risk from training (unless the victims actively participate by generating threat). The article wants to make a point about how restrictive rules are, so they don’t mention it, but it is in fact the essence of MMOs (and the real world too). Tuning the rules in microcosm can have huge effects on the overall playability of the game. Just look at the effect of poorly designed sub-prime lending rules on the global interbank trading market if you don’t believe me 
At work we’ve recently had dealings with a web design shop and a huge multinational, both of which were unable to receive files we sent them. The only way to get data to them was to zip it, encrypt the zip and put it on the web. It seems the javascript was enough to send their content filter a bit loopy and it silently refused any emails containing javascript.
Obviously someone somewhere made a decision to block this stuff. Whether they decided correctly is a moot point. The scary thing is the environment that is prompting them to make these decisions. Perhaps 90% of all email is now spam. A large amount of this spam contains malware (evil software), hence, I imagine, the aggressive content filters that gave me so much grief last week.
Facebook was Invented to Stop Spam?
It did lead me to wonder whether these are the dying moments in email interoperation. For all of it’s benefits, email has over the last ten years or so become more and more trouble, and it may become more trouble than it is worth. People are clearly moving to other mediums for their online communication. One of the reasons for the growth in popularity of web forums is that they avoid the grief of handling email (if you can manage to receive the email with the link to confirm your registration of course).
A number of people have told me they use Facebook to communicate with each other because their work email systems think their friend’s emails are spam. Facebook as a spam protection mechanism - just how unwieldy is that.
Of Course, Email is Hard
Internet email has always been more difficult than it looks. The Internet is a complex ecosystem, full of software from different vendors that, although they theoretically follow the same standards, actually have a huge range of behaviours. The Internet worked originally because people were “Tolerant in what they accept” (Postel’s Law), and even in that environment getting a mail server running was non-trivial. These days you would be well advised to make your mailserver as intolerant as you possibly can - only other mailservers that strictly follow the specification should be allowed, in the hope that the worst written are the ones run by spammers.
Furthermore, lots of additional checks are being imposed, from greylisting to multiline banners to pre-greet delays. All of these stretch the specifications a bit, to try to avoid cheaply written ratware. This is a progressing arms race however - as more servers implement these checks the spammers will improve their software to get around it.
The Technical Solutions and Why They Suck
A number of technical means are in progress that attempt to prevent forgery: Domain Keys, SPF, SenderID and DKIM to name but four. A lot of their proponents have claimed these will be an “end to spam”. Unfortunately they will do no good whatsoever. I’m going to quote Rich Kulawiec here, who puts it far better than I.
Problem number one: the bad guys own everyone already
The problem is that we are currently faced with a network environment in which at least 100M systems have been compromised (and some folks, e.g., Vint Cerf, think there are more — his number is 250M)…
Any email access or credentials present on a compromised system are now fully available to its new owner(s). If it has mail privileges by virtue of its network address, they now own those. If it has mail privileges because the user has accounts at (let’s say) their workplace, AOL, and a freemail service, they now own those too. The new owners can send email using the access privileges or credentials at will — either from that system (in the case of network-based privileges, that seems likely) or from another system (username/password pairs) *including* other compromised systems. Note as well that if the compromised system happens to be a mail server, then a large number of credentials may become available to its new owners very rapidly.
And all this email will be passed by any conceivable “anti-forgery” system: it’s coming from “the right” network address range, or it’s using “the right” username/password pair, etc.
– Rich Kulawiec, mailop mailing list, 12.12.2007
Problem number 2: what we do with them when we’ve caught them
Let me try to answer your question this way. Suppose that tomorrow we had in our possession the MAFT (Magical Anti-Forgery Technology) and that it was deployed globally. What happens next?
Well, one thing that happens is that now we have a way to figure out who’s responsible for sending spam (and phishes and whatnot). Okay, so let’s say that we do that, and as a result of that, we identify example.net as a major culprit in, oh, let’s say, mortgage spam. Torrents of it, nonstop, for months on end.
Now what? I’m not being flip, I mean exactly what do we do next?
Some people would say “get them prosecuted” but that’s a non-starter: what they’re doing may not be illegal in some jurisdictions, it’s not considered worthy of much attention, it might take forever, and even then it might not make the spam stop. Other people would say “litigate”, but unless you have very very deep pockets and are prepared to conduct trans-national litigation, forget it. And again, it might not make the spam stop. And so on, down the list of possibilities until we get to: “blacklist them”. Okay, *that* will make the spam stop, and it works immediately. Moreover, nobody’s sanction is necessary for it — we’re all free to stop offering services to anyone at any time for any reason (or none at all). The only people we’re obligated to provide services for are those with a contract for them.
And now we get to the killer problem with this whole line of reasoning, and it’s contained in what I said above:
Well, one thing that happens is that now we have a way to figure out who’s responsible for sending spam (and phishes and whatnot).
*We can do this today.*
We don’t need the MAFT, because we already know who’s responsible for spam — we’ve known for years. It’s whoever’s systems/network are sending it — i.e. this is part of the principle that if it comes from YOUR system/network on YOUR watch then it’s YOURS. This applies whether you run a /32 or a /8.
The problem is not identifying those responsible. Nor is it figuring out who they really are — Spamhaus, SPEWS, Spam-l, NANAE, and numerous other resources have documented this to an amazing level.
The problem is taking effective action once that information is in hand. And the biggest reason the spam problem is as bad as it is today — and will continue to get worse — is that we, collectively, have failed to take effective action. And the only effective action I’ve seen — ever — is blacklisting. Blacklisting is effective because it forces the consequences of the problem back onto the people causing it. Nothing else does that, and of course that’s why everything else — while it might temporarily stop spam — does *nothing* to stop spammers.
– Rich Kulawiec, mailop mailing list, 13.12.2007
This is a recurring problem on the Internet. If you look at fraud, identify theft, credit card theft and all sorts of computer crime the guilty parties are actually well known. If you ask any Internet security researcher they can provide chapter and verse on individuals and organisations who participate in these criminal activities.
Finding the bad guys is not the problem.
The problem is catastrophic failure of law enforcement. Even when Internet crime actually falls within their jurisdiction (unusual) and they have the will to do something about it (virtually unheard of) they are (understandably) woefully clueless about what to actually do about it.
I’ve blogged previously about the Storm Worm and this precise issue, and it applies equally with spam. Rich says that the only thing that works is blacklisting. Unfortunately for blacklisting to really end spam requires a huge number of people to work together, and their actions have unintended consequences - false positives may be acceptable in the wider scheme of things, but they are definitely unacceptable in those specific instances.
A real law enforcement response has to be the ideal solution. It is a very small number of organisations generating this vast quantity of spam - throw a few of them in prison and the quantities would drop rapidly. Catch and punish enough of them and the problem, as it stands now, will end.
I have my doubts about whether this will ever happen though. Email may become a historical oddity as new private forms of communication are adopted that allow people to hide from the
spammers, or that price them out of the market by adding cost. What a shame that would be.
Not the best designed of sites, but The Museum of Weird Consumer Culture is rather amusing, and it contains this absolute gem:
You’ve probably all seen this great Crack Dollshouse since it was in popbitch, but wow it’s very Antonia.
More handbag action from Sam Sethi and Michael Arrington. Blognation is no more. No need to pass comment I think - a quick read through the history should provide enough info, and some of it is quite entertaining.
It does sound like all those who wrote for BlogNation got royally stiffed though 
I can’t put it better than Mike does, really. Ordnance Survey have released our data a little bit, and it’s very welcome. What they haven’t done is make it available for commercial use.
Since we paid for the collection of data in the first place, and since there is such an obvious vast benefit to the residents of the UK in making this data freely available, I find their continued insistence on vast license fees frankly incomprehensible.
Recent Comments