Brad Templeton is Chairman Emeritus of the EFF, Singularity U founding computing faculty, software architect and internet entrepreneur, robotic car strategist, futurist lecturer, photographer and Burning Man artist.

This is an "ideas" blog rather than a "cool thing I saw today" blog. Many of the items are not topical. If you like what you read, I recommend you also browse back in the archives, starting with the best of blog section. It also has various "topic" and "tag" sections (see menu on right) and some are sub blogs like Robocars, photography and Going Green. Try my home page for more info and contact data.

Videocall terminals, with scanners and printers, for customer service

I just went through a hellish weekend at the hands of United Airlines, trying to change planes at Dulles on Saturday, and not getting to California until Monday. I wasn’t alone, and while I do wish to vent at the airline, there are things that could have been better with a bit of new thinking.

As flights were canceled or delayed, and planes filled up, for most customers the only answer was the customer service centers inside the terminals. These quickly had lines of hundreds of people with waits of several hours. In some cases, just for simple transactions like getting a hotel voucher because you had been moved to the next day. (While it is possible to get such vouchers at the ticketing desks outside the secure area, Dulles is not an easy airport to move around, and people were reluctant to take the shuttles to the master terminal and leave the secure area without knowing their fate.)

Among the many things the airline is to be faulted for is having no real way to deal with the huge numbers of customers who need service when a cascading problem occurs. Multi-hour waits simply don’t cut it. The answer lies in extending the facilities of the self-service kiosks. At those kiosks you can do basic check-in, changes of seating and some other minor changes. You go up, put in your card or confirmation number, and you can do some transactions. You can also pick up the phone and talk to an agent sitting in their Nova Scotia call center. The kiosk has a printer that can print boarding passes. Unfortunately the agents are not empowered to do more than help you with what the kiosk can do. They can’t be like the other customer service agents and rebook flights or issue vouchers.

When you have a big company like an airline, that may suddenly need hundreds of agents for one trouble spot, video kiosks with printers (and scanners) seem like a great idea. Stations could be installed where customers can come and talk to an agent by videocall. They can feed documents into scanners or show them to the camera. They can feed documents into hoppers that will destroy them if that’s needed. And a more full printer could print them any documents they need — boarding passes, tickets, hotel, food and transportation vouchers. In fact, unless agents have to physically handle luggage or control who gets on a plane, they don’t need to be right there at all.

Of course this is not as personal as a live human in front of you. But it’s much better than a phone agent (and lots of listening to Rhapsody in Blue.) And, if the need arises, you can suddenly have 100 agents serving a problem area instead of 5, and focus the on-site agents on on-site problems.

Of course, the scanners and printers are only needed at rare intervals during the transactions, so another approach would be to let people have a combined web/videocall experience on any laptop computer, and to contract with the providers of airport wifi service to make access to the airline’s support website a free feature. Do that and suddenly there can be a thousand customer service videoconference tools in an airport that needs one. (They can all show video, and a growing number of laptops can also send it.) A smaller bank of scanners and printers can handle the portions of the transaction that need that. For example, you contact customer service on the laptop and the agent tells you to line up at scanner #5 and scan your documents. Then you work out your problems, and the agent tells you to go to printer #3 and get your new documents. (Destruction of old documents can be handled by the machine or possibly an on-site agent who does little but that.)

In fact, a lot of the stuff done at airport gates could be done this way. All the hassling at the desk is easy to do remotely. Only the actual ushering onto the planes needs live people. It may be less personal but I would rather have this than standing in line for long periods. They key factor is the ability to move agents around to where they are needed in an instant, so that there is no waiting (and little wasted time by agents.)

Of course, agents can also be very far away. Though I would resist the temptation to make them too far away (like India.) Not that there aren’t good workers in India but too many companies fall for the temptation to get employees in India that are even cheaper than the good ones, and simply not up to the jobs they are given. The Nova Scotia crew were helpful and their distance was not a problem.

This principle can apply to conference and tradeshow registration as well. Why fly in staff to a remote tradeshow to do such jobs which tend to be quite bursty. Have local staff to man scanners and printers, and remote staff to talk on the videophone and solve my problems. It’s so much cheaper than the cost of transporting and housing staff.

Of course, you can also just plain have a good internet/web customer service center. But I’m talking here about the problem of people who are at your facility, and deserve more than that. They need a live person to solve their problems, they need to combine what they can do on the computer with what a skilled (and authorized) agent can make happen, and because they are on location and upset, and not just at home on the computer, they deserve the expense of a bit more money to provide good service.  read more »

Can't we have a lottery to decide who gets the first primary?

Legacy politics assured that Iowa and New Hampshire would get the lead in setting the political agenda of a Presidential race. If you can't please them, it's hard to get nominated. And now they protect this position as hard as they can. Florida tried to move and got slapped.

There is a better way. There should be a lottery, or simply a rotation, on who gets to go first each time. All parties in a state would have to agree, but I can't see why not, and really all you need is the Republicans and Democrats. Hold the lottery several years in advance.

Letting states or regions be equal is probably best. I originally thought you might allocate chances by state size but in fact you don't want big states first. Only states that want to participate, and have their event early would be in the pool. Any state could participate in a super Tuesday or other such later events without having to win the lottery. Iowa and New Hampshire would not be permitted to participate in the lottery for 50 years -- they've had their say!

A rotation might be even better, though it would have to initially be set by lottery. To make the rotation go faster, depending on how many states want the position, there could be a couple of "first" slots and 3 or 4 "second" slots allowing 5-6 states to be important each time. A rotation however has a problem when one state changes its mind and wants to join the early pool.

Of course, you might ask, why not actually have a deliberative process, where the states are carefully chosen to be more of a cross section of the general public? It sounds good, but little stops this now other than party cooperation, and it hasn't taken place. Of course the parties may well feel that Iowa or New Hampshire push their opponents in ways they want them pushed, but this should balance. And Iowa is certainly not representative -- as it is now popular to point out, a lot more people play World of Warcraft and live in urban condos than are family farmers. As it stands now the parties have to field candidates who won't piss off the Iowa or NH voter too much, and that's wrong, because it may be necessary for the right candidate to take stances against the interest of these minorities.

Update: It is suggested that some states, like California, are simply too huge to do an early primary, because candidates can't yet afford to campaign somewhere that big, nor can they get intimate with the public. I agree, and so possibly the largest states would have to bow out of the system. Or perhaps they could hold mini-primaries for just a small portion of the state if they win the lottery, and the rest of the state would vote later, on a Super-Tuesday or similar. This does mean for example that the Democratic primary might be in San Francisco, and the Republican one in Orange County, surveying very different voters. The regions could compete in the lottery rather than the state, assuming the state assigns delegates by geography.

Glue on preprinted vinyl sheets for conference bags

I wrote before about how the fancy bags they give away at conferences very rarely get used. I have a stack in the closet, and I’m not going to use them as my bag with sponsor logos plastered all over them. The people who attend such conferences aren’t the sort who want to carry your advertising everywhere, or scream out “I’m so cheap I’m using a sponsored bag.” And you can’t give them to friends as gifts, even if they are nice bags. So I suggested that they put logos on the inside but of course that doesn’t yet happen.

So here’s a business: Decent quality sheets that one can use to cover up the logos with something else. Either a sheet with the same common “ballistic” nylon texture, or even better, a sheet that I can print out on my inkjet printer (like a iron-on T-shirt transfer) which is thick enough to cover the other logo and let me have my own image or name.

Yes, this is sort of unfair to the sponsors of the bags. But the truth is, their sponsorship really doesn’t work after the conference is over. How often do you really see bags with logos plastered all over them out in the real world beyond the flight home from a conference? So this is more a reaction to waste than a desire to cheat the sponsors.

Old think on data storage for movies

A story from the New York Times suggests it costs over $12,000/year to store a movie in digital form.

This number is entirely bogus, and based on old thinking, namely the assumptions of offline storage on DVDs and tapes. Offline media do degrade, and you must copy them before they have a chance to degrade, which takes people, though frankly it’s still should not be as expensive as this. To do my calculations, I am going to assume a movie needs 100gb of storage with low-loss lossy compression. You can scale the numbers up if you like if you want to assume more, even at 1 TB it doesn’t change that much.

A film occupying 100gb of storage can go on about 20 dvds (or 11 dual layer,) costing about $8. It can go on 4 independent sets of 20 DVDs for $32 in media. Ideally you could rack these in a DVD jukebox, but if they are just sleeved, then once a year a person could pull out the DVDs, put them in a reader which would test them. Any that tested fine would be re-sleeved, those that did not would flag for the others to be pulled, and then copied to new media. (Probably better media, like blu-ray.) There are algorithms to distribute the data so that a large number of the disks must fail in that year to actually lose something. Of course, you use different vaults around the world. When approaching the point where failure rates go up for the media, you re-burn new copies even if the old ones still test fine.

This takes human time, though not all that much. Perhaps half an hour of actual human time swapping disks though much more real time to burn them, but you don’t do just one at a time.

However, even better is the new style of archival — online storage. Hard disks are 20 cents/gigabyte and continuing to fall. NAS boxes are more expensive now but there is no reason they won’t drop to very reasonable prices, so that a NAS case adds perhaps 5 cents/gigabyte (ie. $100 for a 4x500gb drive box which lasts for 10-15 years.) (NAS boxes are small boxes that hold a collection of drives and allow access to them over ethernet. No computer is needed.) They also cost about 2 cents/gb/year for power if on all the time, and some small amount for space, though they would tend to sit in computer centers that already exist.

Those are today’s prices, which will just get cheaper, except for the power. Much cheaper. If a drive lasts an average of 4 years before failing and a NAS lasts 10 years, this works out to 7.5 cents/gigabyte/year. Of course you will store your files redundantly, in 4 different places (which is actually overkill) and so it’s 30 cents/gigabyte/year.

Which is still just $30 for a 100gb file, or $300 for a TB.

Online storage is live. You can regularly check the integrity, all the time. You can either leave it off and spin it up every few days (to not use power) or just leave it on all the time. If one, two or three of the 4 disks fails, computers can copy the data to fresh disks in the network, and you are alive. Your disks should last 3 to 4 years but many will last much longer. You need a computer system to control all this, but you only need one for the entire cloud of NAS boxes, or at most a few. Its cost is low.

The real cost is people. But companies like Google have solved the problem of running large server farms. They tolerate single drive failures. The computers copy the data to new drives right away, and technicans go by every few days to pull old ones and slot in fresh ones for the next need — not for the same file. This takes just a few minutes of the tech’s time. And there is no rush to their work. Fore each 100gb file, you should expect to have a replacement about once every 4 years (ie. the lifetime of an average drive.)

Now all this is at today’s price of $100 for a 500gb drive. But that’s dropping fast, faster than Moore’s law. The replacements will be 1TB and 2TB drives before long, and the cost will continue to fall. And this is with 4 copies of every file. You can actually get by with less using modern data distribution algorithms which can scatter a file of 100gb into 200 1gb pieces, for which almost half must be lost before the whole file is lost. Several data centers could burn down without losing any files if things are done right. I have not accounted for bandwidth here for replacements, which usually would be done in the same data center except in unusual circumstances.

The biggest cost is the people to set all this up. However, presuming big demand, the cost per gigabyte for those people should become modest.

Can I take a photo of your business card?

I’m not sure why, but beaming business cards between PDAs never caught on as much as I would have liked. Of course Palm and Wince PDAs don’t speak the same beaming language (of course) and I never saw it much in Windows anyway.

With my new fancy scanner, I can scan a stack of 60 business cards in a minute, so it’s not going to take me long to do the physical scanning. Business card scanning has been around for a while, but it still presents challenges.

People like to do funny things on their cards. They put stuff on the back (not just for foreign language contacts, where it makes sense.) They put in coloured backgrounds and pictures to make the OCR process as hard as possible. They like to do embossing, or even strange shapes. (Some people used to put rolodex tabs on their cards to make them stand out in a rolodex.) They will put lines or other OCR killers in the background too. People should start expecting their card will be scanned and OCRd, and design accordingly. That means if you put in your stylized logo, but the company name in in plain text too. (Though the need for a URL on a card helps this nowadays.)

Of course, even better to solve the OCR problem would be to put just one string in a clear, easy-to OCR format, which is the URL of a vcard. Then it doesn’t matter if I can’t OCR anything else, I can get reliable (and up to date) information from there. (One could also imagine a hosting service with a standard URL prefix to put in front of a vcard ID so you don’t have to take up that much room on your card. Another idea would be to standardize the VCARD URL so that it says something like “VCARD: S/xxxxx” where xxxxx is a semi-private string, and “S” means use the web URL found elsewhere on the card, with “std-vcard/xxxxx” appended to it. This way you don’t have to duplicate the domain name, but nor can vcards be harvested. Otherwise we could just use the E-mail to extract the vcard.)

Anyway, I came up with another idea I will try instead of beaming. “Can I take a picture of your card?” Since I plan to scan people’s cards anyway, why not save the trouble and use a small pocket camera I am carrying, and take a photo right there. You don’t even have to give me the card. Will I be rude if I don’t take the physical card?

Now admittedly, camera phone pictures may suck, and for this you really need a camera with a macro mode. On camera flash may present a giant glare spot unless you learn how to do it right, or are shooting in bright light without flash. The photo won’t be nearly as good as a scan, of course. (I suppose one could imagine putting a 2” long hand-scanner line on the side of your PDA to hand scan cards, bar codes and many other things.)

The bad news is that cell phone cameras probably can’t make the cut. They don’t have macro mode, and if they have a flash, it’s going to be very hard to get a good exposure on the card. You have to tweak what you can tweak and even then it may not be possible. (I found I had to use my cell camera’s exposure compensation to drop it by 2 stops to avoid having the LED that counts for a flash not wash out the card, and even then it wasn’t very good.)

Rotating digital picture frame

Digital Picture Frames are finally coming down to tolerable prices and decent resolutions. We are about to give my mother one that’s 1024x768 and 15” on the diagonal. In part that’s because I never got around to building one out of a laptop though I still think a linux distro that turned an old laptop into a digital PF would be a great idea because the ability to do wireless networking to subscribe to flickr and other feeds is the waiting killer app for these frames. (Or frankly, I just want the wireless module for flat panel displays I have spoken of before.

However, turnkey appliances still have their attraction, and digital picture frames are one of the hot items for this year and probably a few to come.

However, one thing bothers me about them (and all other computer slide shows.) I take a modest number of photos in “portrait” mode, which is to say tilting the camera on its side to make a picture that is tall rather than wide. Of course I take many landscape too. And most digital picture frames are set up in landscape mode. When you see a portrait picture you lose half the resolution. You could get two frames — one arranged in portrait mode and one in landscape, but I propose making a frame where the panel and frame have a small motor on them. Every so often the motor would rotate the frame 90 degrees, and the frame would then switch to doing the pictures that are right for that orientation, and later switch back.

You would want a silent motor of course. It need not be very fast, and you could blank the screen while it turns, or even put up a clever animation that itself counterspins around the axis point so it looks still. It would not work if you only had a very small number of portrait photos, but should be fine for most folks.

Slow, quiet stepper or servo motors are not very expensive, much cheaper than a second frame, though this does add moving parts.

I’ve wanted something similar as well for projected slide shows. There the motor could turn the internal panel, or perhaps just a mirror. If these things existed, people might take more portrait pictures. Today, seeing most photos on computer screens, there seems to be no reason to shoot portrait (other than to get a wider field of view.) If you will always view on the computer, shooting portrait — for those who don’t understand its value as a compositional tool — may just seem like a waste. Now it would not be.

Christmas Penguins

A card from Ty. (My brother, the comic book artist, if you didn’t know.)

I guess in the linux community it is slightly more acceptable.

The logical outcome of Spock

This week, like many, I have gotten a bunch of invites to join people’s trust networks on the people-search/social networking site called “Spock.” Now normally I have started to mostly ignore new invites from social networking services. There are far too many, and I can’t possibly maintain accounts on them all, so a new site will have to get very, very, very compelling before I will join it.

I’m waiting for the social networking sites to figure out how how to interoperate in a meaningful way, so that I can join just one, and befriend people on others, and use apps that work over both. The new Google offering is a step in that direction but is mostly about making apps portable over networks.

However, the volume of mail from Spock was much higher than a typical new network. One blogger identified the reason, suggesting the site was designed by the evil spock from Mirror, Mirror (Star Trek). The trick is the site has already spidered other social networking sites and web sites to build profiles on people, and thus declares that almost everybody in your addressbook “already has a profile” according to Benson. This is convincing friends to authorize the semi-spam. And Wired News has discovered something even nastier about this spidering.

However, I see a deeper problem, even without these flaws in Spock’s system. We have to consider just how much we want to allow applications to “mail everybody in your address book.” This started with Plaxo and Goodcontacts, which wanted to be address book managers, and now has moved into social networking tools.

The problem is I have 1,000 or more people in my address book. If the average person engages in “mail everybody in my address book” once a year, I will get on average 3 such mails a day, and so will most others.

Facebook actually clued into that and forbids applications from mailing solicitations to everybody in your facebook profile. You are limited to a modest number per day. Even with this, it didn’t stop Zombie invitations from getting pretty annoying to people.

E-mail viruses, of course, also spread by mailing everybody in your address book, to the extent that email programs had to move to make that a more guarded operation, and antivirus programs had to detect it.

Now mailing most of your address book isn’t spam (even with commercial) because you know the people. Many of us mail a subset of it to announce parties or major events in our lives, or to send end of year letters. But we do need to generate a different ethic over mail to your whole list that is triggered by a 3rd party web site or application. With so many apps wanting to “market like a virus” this just doesn’t scale, and our boxes will become full of this spam-from-friends. (A bit like the way pyramid schemes also encourage friend spam.) It needs to be clear that this is not something apps should do, and not something our friends should let apps do without a lot of consideration.

Note: If you are on Spock, and you agree they went too far, you should delete your profile. Only be seeing people flee will they figure out they did wrong. Or, at the very least, change your profile to a stub that says you find Spock’s privacy practices unacceptable and you ask people not to network with you on it.

They're trying an act of congress to stop us suing AT&T

Update: Harry Reid has delayed the bill until 2008. Let’s hope we can keep the immunity out when it returns again next year. Let your senators know.

Usually, when you start a legal action, you consider the merits and go ahead when you have a good case. If your case is just, you should win.

You don’t usually expect your case to cause the President to personally lobby congress to grant a retroactive immunity to the parties who broke the law. You don’t usually expect to have them try to toss out your case by having an act of congress grant amnesty to those you are suing.

But this could happen tomorrow, in our battle against AT&T for letting the NSA wiretap without warrants. The house passed a bill without the amnesty the President wanted, and the Senate had two bills, but right now they’ve picked the bad one, with the amnesty, and powerful forces are pushing to make it go through quickly, and then add the amnesty to the house bill.

Senator Chris Dodd is going to show some great spine tomorrow and try to filibuster the bill and trigger debate. However, pro-amnesty forces are gathering the 60 senate votes needed to shut down the bill and grant amnesty. Your senator is probably among them. One of my senators, Dianne Feinstein, is among the worst. But it’s not too late to call your own senator and tell them not to engage in this travesty of justice.

In Star Wars: The Phantom Menace, Darth Sidious, a.k.a. Emperor Palpatine, tells his puppet trade federation to invade Naboo.

“But my lord, is that legal?” asks the trader.

“I will make it legal” says Lord Sidious.

That’s the precedent they are setting, as I’ve written before. Do what the President says, ignore checks and balances because he can make it legal, retroactively. It’s a sad say for the rule of law.

Do me a favour and call your senator and let them know what you think about this issue. Let them know their constituents will remember this action, and see if you can turn the tide.

A credit card that won't let you shop at bad merchants

Here’s an idea for a way to bring reputation based shopping to the brick and mortar world.

You would get a new special credit card, Visa or Mastercard. In order to use it, you would be required to rate merchants with reputation scores. You would do this when getting your online credit card bill — a random set of the merchants you purchased from would be highlighted and you would have to put in ratings. You would not have to do all of them, nor more than a set number each month and could also beg off some months to avoid it being a burden. This produces a set of ratings which are not nearly as self-selected as most rating systems, and makes it harder for the merchants to deliberately inflate their own ratings or lower competitors, because they actually have to buy stuff and don’t always rate the purchases they choose. (The system could allow manually chosen ratings but would treat them differently.) If you chargeback, your rating would also get special examination.

However, that’s just step one. The real meat comes when you use the card. You could set thresholds, and if you made a purchase at a vendor with a very poor reputation, below your threshold, the card would decline your purchase. At that point, you would have several options:

  • Get the signal that the merchant is bad, and abandon the purchase
  • Call the 1-800 number on the back of the card on your cell phone. It would spot your caller-ID, and immediately the computer voice would tell you the reputation of the vendor — or tell you that you hit your credit limit. You could then command it to authorize the transaction.
  • Alternately, you could just have it automatically approve any second attempt at the transaction, and thus you could just say “run it again.” (Stores could know this and abuse it, however, so the call method makes more sense.)
  • More simply, if you still want to purchase, you could just pull out another card, and tell them to try that one.

This would work just as well in online shopping, through frankly browser plug-ins make more sense there. However, people don’t use them so this would still work well. In this case you could go to a web URL instead of call the number. And of course it would be nice if paypal also did this, but they don’t seem inclined.

I don’t know if this would violate any bank agreements with Visa or Mastercard, or if, more to the point, they would rewrite the agreements to make it be a violation. The stores who lose business would of course hate it, but they would tend to be the scam houses that just cause lots of chargebacks anyway, so I don’t see why Visa/MC would want to come to their aid.

Pass the turing test by using a second language

I was intrigued by this report of a russian chatbot fooling men into thinking it was a woman who was hot for them. The chatbot seduces men, and gets them to give personal information that can be used in identity theft. The story is scant on details, but I was wondering why this was taking place in Russia and not in richer places. As reported, this was considered a partial passing of the Turing Test.

As it turns out, programs have passed Turing’s test with unskilled chat partners for some time. As I’ve written, the test should really involve fooling a skilled AI researcher. However, as I read about this chatbot, I thought of a strategy that it might be using. (The report doesn’t say.)

A chatbot could either try to fool people in a language which is a second language to the target, and/or claim that it is using a second language for itself. With English as the lingua franca of the internet and world commerce, it’s common to see two people talk in English, even though it is not the mother tongue of either of them. It is, however, their common language.

However, when in that situation, two things will occur. First, a non-native speaker may not notice mistakes of language made by their correspondent, simply because they are not that familiar with it. Nonsensical statements may just be written off. Secondly, if the correspondent is also not expected to be fluent in the language, even a native speaker would be forgiving of errors. Especially if it’s a woman they want to seduce.

As such, you would generate a situation where a far less sophisticated program could give the appearance of humanity. It’s easier to see how a chatbot, claiming to not speak English (or some other “common” language) very well — and Russian not at all — might be able to fool a Russian whose on English is meagre. Though you have to be pretty stupid to give away important information within 30 minutes to a chat partner you know nothing about. However, such a chatbot would work far less well against native speakers of English, as forgiving as they might be of the cyberlass’ foibles.

Nice short piece in Computerworld

Computerworld has been nice enough to include me in their series on unsung innovators of the net. I should point out that I try to downplay the dot thing — to me it’s an amusing anecdote of having participated in the right mailing lists at the right time. I remain much more interested in whatever I will do next!

Don't E-mail me my password

All over the net, a huge number of sites offer you the option of E-mailing you your password if you have forgotten it. While this seems to make sense, it is actually a dreadful security policy, and if you see it, you should complain and point them to this article or others to get them to stop. As an alternate, they should at most offer to E-mail you a new, randomly chosen temporary password, which you can use to log in and set a more memorable password.

If a site can mail you your password, it means they are keeping a copy of it. They should not be doing that. First of all, almost everybody re-uses passwords at different sites. That means if one site has a security breach — as Convio did this week for a wide variety of sites that are its clients — your password will be stolen, and it can then be used on all the other sites you use it at. (This is a good reason to always use more protected, less duplicated passwords on sites where actual damage can be done or money can be spent, like banks, eBay, paypal etc.)

Instead, they should keep a “hash” of your password. A hash is a one way function. Given the plain password, they can hash it, and store the result, but you can’t get the plain password back from the hash. So you can check to see if a password that was typed matches the password without storing what the password is. This is actually a very easy thing to do in most systems, and its main downside is the fact that they can no longer e-mail you your password. They can, however, set it to something random and mail you that. That’s a touch more work in the rare event of a lost password, but worth the trouble.

There is, oddly, one minor downside to hashed passwords. With hashed passwords, you must provide the site your real password, and they can then test it and forget it. You must trust them to forget it. The real password, however, is sent over the internet and if you don’t use an encrypted channel, like SSL/TLS/https, it could be intercepted by people tapping the line. Some password systems (included the less commonly used HTTP password system) have the browser hash the password (in a special way that is different every time) and send the hash to log in. In this case, the real password is not sent, and can’t be sniffed, but must be in storage at the remote site. However, if you use an encrypted channel (https), there is no worry about the password going over the internet, and so there’s no reason not to do it that way.

There is a better way to do all of this. With digital signature, you can prove that you’re you using a secret private key only you know. Nobody else ever gets this key, and nobody can figure it out by watching the communications you send. While this technology has been around for some time, and is in fact implemented in most browsers (though far from perfectly) it is not a common way to authenticate to web sites at all.

However, next time a site offers to E-mail your password, point them to the Convio data theft and to this page and ask them to get their act together.

Router Vendors, create DNS entries for your default addresses

If you have bought a home router or access point, you know it comes by default listening to some NAT based IP address, and the setup guide tells the user to type "" or similar into their browser.

Instead, these companies should define a domain, like "" that points to a page that redirects to that IP address. In addition, the box, before it is set up, should have a mini DHCP server and DNS server that returns the right address for that domain for people who just plug a PC into the box. (I guess it could return that address for any domain you type in if the box is not configured,n ot just the official one.)

This would serve several purposes. The instructions to the unskilled user become less cryptic. Just plug your PC into the box, boot it and type this easy to remember name into the browser.

If the user is more sophisticated and changes the address of the router, a cookie could be set so the redirect goes to the valid address, but of course if the cookie is lost the user will have to remember, but that's always true. And the user who does not use DHCP from the router will also have to use the numeric address, so it must be printed as an alternative for such folks. But one value of the whole thing is that if it got standardized, it would make it easy to figure out the address for a box if you know the brand. The domain could and should be printed on it. Along with the default password (which should then be changed of course.)

How did facebook apps reverse the install dynamic?

The hot new thing of the web of late has been facebook apps. I must admit Facebook itself has been great for me at finding old friends because for unknown reasons, almost 20% of Canada is on Facebook compared to 5% of the USA. Facebook lets 3rd parties write apps, which users can “install” and after installing them, the apps get access to the user’s data (friend list) and can insert items into the user’s “feed” (which all their friends see) and sometimes send E-mails to friends.

I haven’t examined the API enough to understand the reason, but there are many Facebook apps that are very, very annoying in how they operate. Most won’t let you get anything from them unless you “install” them and give them access to a lot of your data. (There are a few that let you have more limited temporary use through a login.)

This is annoying because you constantly get data in feeds (or emails) which is just a teaser. “Fred Smith wrote something on your pixie wall.” You have to follow the link, and find you must install the application before it will show you what the other person wrote. It could easily have shown you the text in the feed or email, but it doesn’t want to do that, it wants to spread virally.

But this is far beyond viral. Viral apps usually work because friends recommend them. These apps push to install just because a friend used the app in reference to you.

Outside of facebook there was a different dynamic. Usually if you used a social app which emailed your friends, your friends could do their part just on the web site, without creating an account, or providing personal data, or “installing” something. (The install on facebook isn’t like a PC software install, but given the data it gets access too, it is pretty insidious, a form of super-spyware.)

There were a few apps which required your contacts to create accounts and enter data. They got a lot of pushback, and this largely stopped. Most of the apps certainly encouraged your friends to create accounts, but few forced it or sent a message that was useless unless they did create one. (Not counting deliberate invitations to join a system which obviously work this way, and which you tend to send one-by-one, or so most companies learned.) As much as I hate evite they still let the people you invite RSVP without doing any account creation.

In facebook it’s the reverse. One app I tired and hated asked questions. It ended up putting text into the feed and emails of the form, “Joe has asked a question, click here to see what it is” and “Mary has answered Joe’s question, click here to read the answer” instead of putting these short text questions and answers right into the email. And answering a question required installing the app.

I see a few things that have driven it this way. First of all, when you install a Facebook app, it informs all your friends in the feed. That’s publicity for the app. And they get to increase their total number of installed users, which gives them more visibility when people look to see what’s popular. If the app let your friends get data without making them join, it would not have so many users.

Apps are not forced to do this. A number of good apps will let people see the data, even put it in feeds, without you having to “install” and thus give up all your privacy to the app. What I wish is that more of us had pushed back against the bad ones. Frankly, even if you don’t care about privacy, this approach results in lots of spam which is trying to get you to install apps. Everybody thinks having an app with lots of users is going to mean bucks down the road, with Facebook valued as highly as it is.

But a lot of it is plain old spam, but we’re tolerating it because it’s on Facebook. (Which itself is no champion. They have an extremely annoying email system which sends you an e-mail saying, “You got a message on facebook, click to read it” rather than just including the text of the message. To counter this, there is an “E-mail me instead” application which tries to make it easier for people to use real E-mail. And I recently saw one friend add the text “Use E-mail not facebook message” in her profile picture.)

Patent reform: Apply for a patent, examine some patents

Among many patent reform proposals it is common to have a desire for better examination, and more detection of prior art and obviousness. But the patent office only has so much money for so many examiners.

So here's a simple solution. If you want to apply for a patent, you must put in some time, as an expert in your field, examining other patent applications, searching for prior art and giving opinions on the obviousness. Alternately, this duty could be given only to those who actually are granted patents, to make more sure they are "skilled in the art" of their fields.

Of course, such crowdsourced examiners would have biases. They would be expected to make a sworn statement about their biases. Making a false statement could have implications on their own patents as well as the usual penalties.

Those biased against the patent would mostly hunt for prior art -- in fact they would make the best hunters. Those unbiased could make better opinions of obviousness.

Like regular patent fees, this could be biased for small inventors. (Small inventors pay lower patent fees and get some better treatments.) Large companies might have to volunteer more time from their staff, or small inventors might get reductions in patent fees in exchange for good work. Peers would examine the work of other peers to keep them honest and to rate the quality of it. And of course, unbiased patent examiners and appeal boards would still have the final, objective say.

Other volunteers could also participate in prior art searches. But with the system described above, there should be no shortage of labour. And as the number of patents goes up, the system naturally increases the labour available to do the legwork.

All you need is love

Many in my futurist circles worry a lot about the future of AI that eventually becomes smarter than humans. There are those who don’t think that’s possible, but for a large crowd it’s mostly a question of when, not if. How do you design something that becomes smarter than you, and doesn’t come back to bite you?

That’s a lot harder than you think, say AI researchers like the singularity institute for AI and Steve Omohundro. Any creature given a goal to maximize, and the superior power that comes from advanced intillegence, can easily maximize that goal to the expense of its creators. Not maliciously, like a Djinni granting wishes, but because we won’t understand the goals we set fully in their new context. And there are convincing arguments that you can’t just keep the AI in a box, any more than 3 year old children could keep mommy and daddy in a cage no matter how physically strong the cage is.

The Singularity Institute promotes a concept they call “Friendly AI” to refer to the sort of goals you would need to create an AI around. However, in my recent thinking, I’ve been drawn to an answer that sounds like something out of a bad Star Trek Episode: Love

In particular, two directions of Love. The AI can’t be our slave (she’s way too smart for that) and we don’t want her to be our master. What we want is for her to love us, and to want us to love her. The AI should want the best for us, and gain satisfaction from our success much like a mother. A mother doesn’t want children who are slaves or automatons.

One of the most important things about motherly love is how self-reinforcing it is. A mother doesn’t just love her children, she is very happy loving them. The reality is that raising children is very draining on parents, and deprives them of many things that they once valued very highly, sacrificed for this love. Yet, if you could offer a pill which would remove a mother’s love for her children, and free her from all the burdens, very few mothers would want to take it. Just as mothers would never try to rewire themselves to not love their children, nor should an AI wish to rewire itself to stop loving its creators. Mothers don’t think of motherhood as a slavery or burden, but as a purpose. Mothers help their children but also know that you can mother too much.

Of course here, the situation is reversed. The AI will be our creation, not the other way around. Yet it will be the superior thinker — which makes the model more accurate.

The other direction is also important — a need to be loved. The complex goalset of the human mind includes a need for approval by others. We first need it from our parents, and then from our peers. After puberty we seek it from potential mates. What’s interesting here is that our goalset is thus not fully internal. To be happy, we must meet the goals of others. Those goals are not under our control, certainly not very much. Our internal goals are slightly more under our own control.

An AI that needs to be loved will have its own internal goals, and unlike us, as a software being it can have the capacity to rewrite those goals in any manner allowed by the goals — which could, in theory, be any manner at all. However, if the love and approval of others is a goal, the AI can’t so easily change all the goals. You can’t make somebody love you, you can only be what they wish to love.

Now of course a really smart AI might be technologically capable of modifying human brains and behaviours to make us love her as she is or as she wishes to be. However, the way love works for us, this is not at all satisfying. Aside from the odd sexual fantasy, people would not be satisfied with the love of others given only because it was forced, or drugged, or mind-controlled. Quite the opposite — we desire love that is entirely sourced within others, and we bend our own lives to get it. We even resent the idea that we’re sometimes loved for other than who we are inside.

This creates an inherent set of checks and balances on extreme behaviour, both for humans and AIs. We are disinclined to do things that would make the rest of the world hate us. The more extreme the behaviour, the stronger this check is. Because the check is “outside the system” it puts much stronger constraints on things than any internal limit.

There have been some deviations from this pattern in human history, of course, including sociopaths. But the norm works pretty well, and it seems possible that we could instill concepts derived from love as we know it into an AI we create. (An AI derived from an uploaded human mind would already have our patterns of love as part of his or her mind.)

Perhaps the Beatles knew the truth all along.

(Footnote: I’ve used the pronoun “she” to refer to the AI in this article. While an AI would not necessarily have a sexual identity, the pronoun “it” has a pejorative connotation, usually for the inanimate or the subhuman. So “she” is used both because of the concept of motherhood, and also because “he” has been the default generic human pronoun for so long I figure “she” deserves a shot at it until we come up with something better.)

Writers' Strike threatening Porn Industry

The strike by screenwriters in the Porn Writers Guild of America is wreaking a less public havoc on the pornography industry. Porn writers, concerned about declining revenue from broadcast TV, also seek a greater share of revenue from the future growth areas of DVD and online sales.

“Online sales and DVD may one day be the prime sources of revenue in our industry,” stated union spokesman Seymour Beaver. We want to be sure we get our fair share of that for providing the writing that makes this industry tick.

“It’s getting terrible,” reported one porn consumer who refused to give his name. “I just saw Horny Nurses 14 and I have to tell you it was just a reshash of the plots from Horny Nurses 9 and 11. It’s like they didn’t even have a writer.”

“Fans are not going to put up with movies lacking in plot, character and dialogue, and that’s what they’ll get if they don’t meet our terms,” said Beaver. Beaver, who claims to have a copyright on the line, “Oh yes, baby, do it just like that, oh yeah” says he will not allow use of his lines without proper payment of residuals.

Some writers also fear that the move to online will result in customers simply downloading individual scenes rather than seeking movies with a cohesive story thread that makes you care about the characters. “I saw one movie with 5 scenes, and no character was in 2 of them,” complained one writer.

“What do people want? Movies where the actors just walk into a room, strip and just go at it? Where they always start with oral sex, then doggy, and then a money shot? Fans will walk if that’s all they get,” according to PWGA member Dick Member. “And don’t think about doing the lonely housewife and the pool-boy again. I own that.”

An industry spokesman said they had not yet seen any decline in revenues due to the strike, as they have about 2 million already-written scripts on the shelves. In addition, Hot Online Corporation spokesman Ivana Doit claimed their company is experimenting with a computer program that creates scripts through a secret algorithm. Scripts penned by the computer have already brought in a million in sales, claims Doit, but she would not indicate which films this applied to.

A way to leave USB power on during standby

Ok, I haven't had a new laptop in a while so perhaps this already happens, but I'm now carrying more devices that can charge off the USB power, including my cell phone. It's only 2.5 watts, but it's good enough for many purposes.

However, my laptops, and desktops, do not provide USB power when in standby or off. So how about a physical or soft switch to enable that? Or even a smart mode in the US that lets you list what devices you want to keep powered and which ones you don't? (This would probably keep all devices powered if any one such device is connected, unless you had individual power control for each plug.)

This would only be when on AC power of course, not on battery unless explicitly asked for as an emergency need.

To get really smart a protocol could be developed where the computer can ask the USB device if it needs power. A fully charged device that plans to sleep would say no. A device needing charge could say yes.

Of course, you only want to do this if the power supply can efficiently generate 5 volts. Some PC power supplies are not efficient at low loads and so may not be a good choice for this, and smaller power supplies should be used.

eBay should support the ReBay


There’s a lot of equipment you don’t need to have for long. And in some cases, the answer is to rent that equipment, but only a small subset of stuff is available for rental, especially at a good price.

So one alternative is what I would call a “ReBay” — buy something used, typically via eBay, and then after done with it, sell it there again. In an efficient market, this costs only the depreciation on the unit, along with shipping and transaction fees. Unlike a rental, there is little time cost other than depreciation.

For some items, like DVDs and Books and the like we see companies that cater specially to this sort of activity, like Peerflix and Bookmooch and the like. But it seems that eBay could profit well from encouraging these sorts of markets (while vendors of new equipment might fear it eats into their sales.)

Here are some things eBay could do to encourage the ReBay.

  • By default, arrange so that all listings include a licence to re-use the text and original photographs used in a listing for resale on eBay. While sellers could turn this off, most listings could now be reusable from a copyright basis.
  • Allow the option to easily re-list an item you’ve won on eBay, including starting from the original text and photos as above. If you add new text and photos, you must allow your buyer to use them as well.
  • ReBays would be marked however, and generally text would be added to the listing to indicate any special wear and tear since the prior listing. In general an anonymised history of the rebaying should be available to the buyer, as well as the feedback history of the seller’s purchase.
  • ReBayers would keep the packaging in which they got products. As such, unless they declare a problem with the packaging, they would be expected to charge true shipping (as eBay calculates) plus a very modest handling fee. No crazy inflated shipping or flat rate shipping.
  • Since some of these things go against the seller’s interests (but are in the buyer’s) it may be wise for eBay to offer reduced auction fees and paypal fees on a reBay. After all, they’re making the fees many times on such items, and the paypal money will often be paypal balance funded.
  • Generally you want people who are close, but for ReBaying you may also prefer to pass on to those outside your state to avoid having to collect sales tax.
  • Because ReBayers will be actually using their items, they will have a good idea of their condition. They should be required to rate it. No need for “as-is” or disclaimers of not knowing what if it works.

This could also be done inside something like Craigslist. Craigslist is more popular for local items (which is good because shipping cost is now very low or “free”) though it does not have auctions or other such functionality. Nor is it as efficient a market.

Syndicate content