Sudden web traffic not so great with Adsense

As I’ve written before, Google’s Adsense program is for many people bringing about the dream of having a profitable web publication. I have a link on the right of the blog for those who want to try it. I’ve been particularly impressed with the CPMs this blog earns, which can be as much as $15. The blog has about 1000 pageviews/day (I don’t post every day) and doesn’t make enough to be a big difference, but a not impossible 20-fold increase could provide a living wage for blogging. Yahoo publisher’s blog ads, which some of you are seeing in the RSS feed have been a miserable failure, and will be removed next software upgrade. They are poorly targetted and have earned me, literally, not even a dollar.

Recently however I noticed a way in which the Google targetting engine is too good, from my standpoint. From time to time my web sites or blog will get linked from a very high traffic site. This week the 4th amendment shipping tape was a popular stumble-upon, for example. I’ve also been featured from time to time in Slashdot, boingboing and various other popular sites.

When this happens, it’s not a money maker because the click-throughs and CPMs drop way down. This is not too surprising. The people following a quick link are less likely to be looking for the products Google picks to advertise. However, more recently I saw high traffic bringing down not just the CPM, but even the total dollars! I theorize that Google, seeing poor clickthrough, cycles out the normally lucrative ads to try others. So even the normal visitors, who have not gone away, are seeing more poorly chosen ads. Or it could just be randomness that I’m seeing a pattern in.

Solution: Consider the referer when placing ads. If the clickthrough is poor on a given referer (like slashdot or boingboing) then play with the ads to hunt for better clickthrough. For the more regular referers (which are typically internal, the result of searches and regular readers) stick to the ads that typically perform well with that group.

eBay shipping scam and more eBay dynamics

I’ve done a few threads on eBay feedback, today I want to discuss ways to fix the eBay shipping scam. In this scam, a significant proporation of eBay sellers are listing items low, sometimes below cost, and charging shipping fees far above cost. It’s not uncommon to see an item with a $1 cost and $30 in shipping rather than fairer numbers. The most eBay has done about it is allow the display of the shipping fees when you do a search, so you can spot these listings.

I am amazed eBay doesn’t do more, as one of the main reasons for sellers to do this is to save on eBay fees. However, it has negative consequences for the buyer, aside from making it harder to compare auctions. First of all, if you have a problem, the seller can refund your “price” (the $1) but not the shipping, which is no refund at all. Presumably ditto with paypal refunds. Secondly, the law requires that if you are charged more than actual shipping (ie. handling) there is tax on the total S&H. That means buyers pay pointles taxes on shipping.

Again, since eBay would make more fees if they fixed this I don’t know why they have taken so long. I suggest:

  • Let buyers sort by shipping fees. Pretty soon you get a sense of what real shipping on your item should be. A sort will reveal who is charging the real amount and who isn’t. Those who don’t provide fees get listed last — which is good as far as I am concerned.
  • Let buyers see a total price, especially on Buy-it-now, shipping + cost, and sort on that or search on that. Again, those who don’t provide a sipping price come last.
  • Highlight auctions wthat use actual shipping price, or have a handling fee below a reasonable threshold. This will be unfair on certain high-handling items.
  • Of course, charge eBay fees on the total, including handling and shipping. Doesn’t help the buyer any but at least removes the incentive.

Now let’s talk about the reputation dynamics of the transaction. The norm is buyer sends liquid money sight unseen to the seller, and the seller sends merchandise. Why should it necessarily be one way or the other? In business, high reputation buyers just send a purchase order, get the item and an invoice, and pay later.

I think it would be good on eBay to develop a norm that if the buyer has a better reputation thant he seller, the seller ships first, the buyer pays last. If the seller’s rep is better, or it’s even, stick with the current system.

Sellers could always offer this sort of payment, even when the seller is high-rep, to high-rep buyers as an incentive.

There should also be special rules for zero-rep or low-rep sellers. By this I don’t mean negative reputation, just having few transactions. Who is going to buy from a zero-rep seller? The tradition has been to build up a buyer rep, and then you can sell, which is better than nothing but not perfect.

When the seller has a very low rep, the seller should just automatically assume it’s going to be send-merchandise-first, get money later except with very low rep buyers. Low rep sellers should be strongly encouraged to offer escrow, at their expense. It would be worth it. Often I’ve seen auctions where the difference in price is quite large, 20% or more, for sellers of reputations under 5. eBay should just make a strong warning to the low-rep sellers that they should consider this, and even offer it as a service.

Update: I’ve run into a highly useful Firefox extension called ShortShip. This modifies eBay search pages to include columns with total price. Their “pro” version has other useful features. You can sort by it, but it only is able to sort what was on that particular page (ie. the auctions close to ending, typically) so the price sort can be mistaken, with a cheaper buy-it-now not shown. eBay is so slow in adding software features that extensions like this are the way to go.

Wiretaps beget wiretaps -- I don't hate that much to say I told you so.

For some time in my talks on CALEA and VoIP I’ve pointed out that because the U.S. government is mandating a wiretap backdoor into all telephony equipment, the vendors putting in these backdoors to sell to the U.S. market, and then selling the same backdoors all over the world. Even if you trust the USGov not to run around randomly wiretapping people without warrants, since that would never happen, there are a lot of governments and phone companies in other countries who can’t be trusted but whom we’re enabling. All to catch the 3 stupid criminals who use VoIP and don’t use an encrypted system like Skype.

Recently this story about a wiretap on the Greek PM’s phone was forwarded to me by John Gilmore. Ericsson says that they installed wiretap backdoors to allow legal wiretaps, and this system was abused because Vodaphone didn’t protect it very well — a claim they deny. As a result there was tapping of the phone of the prime minister for months, as well as foreign dignitaries and a U.S. Embassy phone. Well, there’s irony.

We’re hearing about this because there is accountability in Greece. But I have to assume it’s going to happen a lot in countries where we will never hear about it. If you build the apparatus of the surveillance society, even with the best of intentions, it will get used that way, either here, or in less savoury places.

It would be nice if U.S. companies would at least refuse to sell the wiretap functions, or charge a fortune for them, to countries without legal requirements for them like the USA. Of course, soon that won’t be very many, thanks to the US lead, and the companies will have to include the backdoors to do business in all those nations. Will U.S. companies have the guts to say, “Sorry China, Saudi Arabia, et al. — no wiretap backdoors in our product, law or not. Add it yourself if you can figure it out.”

Baby Bells announce new "GoodPackets" program to charge for access

New York, March 22, 2006 (CW) Bell South and AT&T, two of the remaining Baby Bell or “iLec” companies announced today, in conjunction with GoodPackets Inc., a program to charge senders for certified delivery of internet packets to their ISP customers.

William Smith, CTO of Bell South, together with AT&T CEO Ed Whitacre, who will be his new boss once the proposed merger is completed, made a joint announcement of the program together with Dick Greengrass, CEO of GoodPackets.

Under the program, customers of GoodPackets interested in better delivery of their packets to AT&T and BellSouth DSL customers will pay GoodPackets a fee to get their packets certified. Certified packets will bypass blocks and filters in the routers of the ISPs for premium delivery to customers, and be tagged as certified to the end-user.

“We’re just seeing too many bad packets these days, and we have to block some of them. But serious, professional sites on the internet don’t want their packets blocked, and are willing to pay to assure they aren’t,” said Whitacre. According to Greengrass, a portion of the money paid to GoodPackets will be given to the ISP in question.”

According to Smith, “his firm should be able, for example, to charge Yahoo Inc. for the opportunity to have its search site load faster than that of Google Inc.”

“A lot of these extra packets filling our pipes are of dubious origin, in any event. A large portion of internet traffic comes from peer to peer filesharing systems which are often infringing copyright, or from companies like Skype bypassing the telcom tarrifs we all have to pay. Charging money will let the legitimate companies out there distinguish their traffic from all this unknown traffic, and assure delivery,” said Whitacre.

Traffic originating from BellSouth and AT&T servers would not need to pay for the premium access. “It’s our network, after all, and our video servers don’t go through the routers to the outside world to get to our users,” said Smith.

Greengrass insisted the fees were not for delivery, but for certification that the packets come from a known and trusted source. Users and ISPs can then decide if they want to give them more reliable delivery and acceptance. That the charges are per packet is simply a way to differentiate the market, and not overcharge low-volume senders.

For those who don’t get it, this is a satire comparing the AOL/Yahoo/Goodmail program to the network neutrality debate.

Have the OS give user permissions on "privileged" IP ports.

Very technical post here. Among the children of Unix (Linux/BSDs/MacOS) there is a convention that for a program to open a TCP or UDP port from 0 to 1023, it must have superuser permission. The idea is that these ports are privileged, and you don’t want just any random program taking control of such a port and pretending to be (or blocking out) a system service like Email or DNS or the web.

This makes sense, but the result is that all programs that provide such services have to start their lives as the all-powerful superuser, which is a security threat of its own. Many programs get superuser powers just so they can open their network port and, and then discard the powers. This is not good security design.

While capability-based-security (where the dispatcher that runs programs gives them capability handles for all the activities they need to do) would be much better, that’s not an option here yet.

I propose a simple ability to “chown” ports (ie. give ownership and control like a file) to specific Unix users or groups. For example, if there is a “named” user that manages the DNS name daemon, give ownership of the DNS port (53) to that user. Then a program running as that user could open that port, and nobody else except root (superuser) could do so. You could also open some ports to any user, if you wanted.  read more »

Let's see neighbourhood fiber lan

The phone companies failed at the fiber to the curb promise in most of the USA and many other places. (I have had fiber to the curb at my house since 1992 but all it provides is Comcast cable.)

But fiber is cheap now, and getting cheaper, and unlike wires it presents no electrical dangers. I propose a market in gear for neighbourhoods setting up a fast NLAN, by running a small fiber bundle through their backyards (or, in urban row housing, possibly over their roofs.) Small fiber conduits could be buried in soil more easily than watering hoses, or run along fences. Then both ends, meeting the larger street or another NLAN, could join up for super-high connectivity.

I would join both ends because then breaks in this amateur-installed line don’t shut it down. The other end need not be at super-speed, just enough so phones work etc. until a temporary above-ground patch can be run above the break.

Of course, you would need consent of all the people on the block (though at the back property line you only need the consent of one of the two sides at any given point.) Municipal regulations could also give neighbours access to the poles though they would probably have to pay a licenced installer.

An additional product to sell would be a neighbourhood server kit, to provide offsite backup for members and video storage. Depending on legal changes, it could be possible to have a block cable company handling the over-the-air DTV stations, saving the need to put up antennas. Deals could be cut with the satellite companies to place a single dish with fancy digital decoder in one house. The cable companies would hate this but the satellite companies might love it.

Of course there does need to be something to connect to at the end of the street for most of these apps, though not all of them. After all, fiber is not that much better than a bundle of copper wires over the short haul of a neighbourhood. But if there were a market, I bet it would come, either with fiber down main streets, fixed wireless or aggregated copper.

Encrytped text that looks like plaintext, thanks to spammers.

You may be familiar with Stegonography, the technique for hiding messages in other messages so that not only can the black-hat not read the message, they aren’t even aware it’s there at all. It’s arguably the most secure way to send secret data over an open channel. A classic form of “stego” involves encrypting a message and then hiding it in the low order “noise” bits of a digital photograph. An observer can’t tell the noise from real noise. Only somebody with the key can extract the actual message.

This is great but it has one flaw — the images must be much larger than the hidden text. To get down a significant amount of text, you must download tons of images, which may look suspicious. If your goal is to make a truly hidden path through something like the great firewall of China, not only will it look odd, but you may not have the bandwidth.

Spammers, bless their hearts (how often do you hear that?) have been working hard to develop computer generated text that computers can’t readily tell isn’t real human written text. They do this to bypass the spam filters that are looking for patterns in spam. It’s an arms race.

Can we use these techniques and others, to win another arms race with the national firewalls? I would propose a proxy server which, given the right commands, fetches a desired censored page. It then “encrypts” the page with a cypher that’s a bit more like a code, substituting words for words rather than byte blocks for byte blocks, but doing so under control of a cypher key so only somebody with the key can read it.

Most importantly, the resulting document, while looking like gibberish to a human being, would be structured to look like a plausible innocuous web page to censorware. And while it is rumoured the Chinese have real human beings looking at the pages, even they can’t have enough to track every web fetch.

A plan like this would require lots and lots and lots of free sites to install the special proxy, serving only those in censored countries. Ideally they would only be used on pages known to be blocked, something tools behind the censorware would be measuring and publishing hash tables about.

Of course, there is a risk that the censors would deliberately pretend to join the proxy network to catch people who are using it. And of course with live human beings they could discover use of the network so it would never be risk-free. On the other hand, if use of the proxies were placed in a popular plugin so that so many people used it as to make it impossible to effectively track or punish, it might win the day.

Indeed, one could even make the encrypted pages look like spam, which flows in great volumes in and out of places like China, stegoing the censored web pages in apparent spam!

(Obviously proxying in port 443 is better, but if that became very popular the censors might just limit 443 to a handful of sites that truly need it.)

The true invention of the internet, redux, and Goodmail/Network Neutrality

I wrote an essay here a year ago on the internet cost contract and how it was the real invention (not packet switching) that made the internet. The internet cost contract is “I pay for my end, you pay for yours, and we don’t sweat the packets.” It is this approach, not any particular technology, that fostered the great things that came from the internet. (Though always-on also played a big role.)

It’s time to re-read that essay because two recent big issues uncover attacks on the contract, and thus no less than the foundation of the internet.

The first is the Goodmail program announced by AOL. The EFF has been a leading member of a coalition pushing AOL to reconsider this program. People have asked us, “how bad can it really be?” Why is putting a price on E-mail so bad?

One particular disturbing thing about the goodmail program is that it reminds me a bit of a protection racket. Goodmail hopes its customers will pay it hundreds of millions of dollars because they are afraid of spam filters. They are selling those customers (who are required to be legitimate mailers sending solicited mail) protection from the spam filters of AOL. Problem is, those spam filters shouldn’t be blocking the legitimate mail at all — it is a flaw in the filters that makes people want to buy protection from them. They’re buying protection from something that shouldn’t be harming them in the first place. An ISP, like AOL, would normally be expected to have the duty to deliver legitimate mail to its customers. To serve those customers, they also block spam. Now, unlike the mobster selling protection, AOL’s spam-blockers are not blocking the legitimate mail maliciously, but that’s about the only difference, and part of why this smells bad.

This has been my direct criticism of the program on its own. Goodmail says it’s really a certification program. There have been IETF standards to sign E-mail and get certificates for signers for a long time, and many “Certificate Authority” companies of all stripes who sell such a process. They don’t charge per message, though.

The charging per message sets a nasty precedent which is an attack on the internet cost contract. It violates the rule about not sweating the individual traffic. I pay for my end, you pay for yours. As soon as we start deciding some traffic is good and bad, and some traffic has to pay to transit the pipes or get through the filters, we’ve taken a step backwards to the settlement based networks that the internet defeated decades ago.

In the 70s and 80s the world had many online services you paid for by the hour. It had MCI mail, which you paid to send. It had packet switched X.25 networks you paid for by the kilopacket. They were all crushed by the internet, not just in cost, buy in innovation. AOL, the last of the online services, had to adopt the internet model in almost all respects to avoid a slope to doom.

The idea of a two-tier internet, which many have been writing about recently, has generated the debate on a subject called network neutrality. Sometimes the problem is attempts to block services entirely based on what they are (such as blocking VoIP that competes with the phone service of the company that owns the wires.) Other times it’s a threat that companies providing high-bandwidth services, like video and voice, should “pay their share” and not get a “free ride” on the pipes that “belong” to the telco or cable ISPs.

Once again, the goal is to violate the contract. The pipes start off belonging to the ISPs but they sell them to their customers. The customers are buying their line to the middle, where they meet the line from the other user or site they want to talk to. The problem is generated because the carriers all price the lines at lower than they might have to charge if they were all fully saturated, since most users only make limited, partial use of the lines. When new apps increase the amount a typical user needs, it alters the economics of the ISP. They could deal with that by raising prices and really delivering the service they only pretend to sell, or by charging the other end, and breaking the cost contract. They’ve rattled sabres about doing the latter.

The contract is worth defending not just because it gives us cheap internet or flat rates. It is worth defending because it fosters innovation. It lets people experiment with services that would get shut down quickly if people got billed per packet. Without the cost contract, great new ideas will never get off the ground. And that would be the real shame.

Give us TVoIP, not IPTV

A buzzword in the cable/ilec world is IPTV, a plan to deliver TV over IP. Microsoft and several other companies have built IPTV offerings, to give phone and cable companies what they like to call a “triple play” (voice, video and data) and be the one-stop communications company.

IPTV offerings have you remotely control an engine at the central office of your broadband provider which generates a TV stream which is fed to your TV set. Like having the super set-top box back at the cable office instead of in your house. Of course it requires enough dedicated bandwidth to deliver good quality TV video. That’s 1.5 to 2 megabits for regular TV, 5 to 10 for HDTV with MP4.

Many of the offerings look slick. Some are a basic “network PVR” (try to look like a Tivo that’s outsourced) and Microsoft’s includes the ability to do things you can’t do at your own house, like tune 20 channels at once and have them all be live in small boxes.

I’m at the Von conference where people are pushing this, notably the BellSouth exec who just spoke.

But they’ve got it wrong. We don’t need IPTV. We want TVoIP or perhaps more accurately Vid-o-IP. That’s a box at your house that plays video, and uses the internet to suck it down. It may also tune and record regular TV signals (like MythTV or Windows Media Center.)

Now it turns out that’s more expensive. You have to have a box, and a hard drive and a powerful processor. The IPTV approach puts all that equipment at the central office where it’s shared, and gets economies of scale. How can that not be the winner?

Well for one, TVoIP doesn’t require quality bandwidth. You can even use it with less bandwidth than a live stream takes. That’s because after people get TVoIP/PVR, they don’t feel inclined to surf. IPTV is still too much in the “watch live TV” world with surfing. TVoIP is in the poor-man’s video on demand world (like NetFlix and Tivo) where you pick what you might want to see in advance, and later go to the TV to pick something from the list of what’s shown up. Tuns out that’s 95% as good as Video on Demand, but much cheaper.

But more importantly, it’s under your control. Time and time again, the public has picked a clunkier, more expensive, harder to maintain box that’s under their own control over a slick, cheap service that is under the control of some bureaucracy. PCs over mainframes. PCs over Network Computers and Timesharing and SunRays. Sometimes it’s hard to explain why they did this for economic reasons, or even for quality reasons.

They did it because of choice. The box in your own house is, ideally, a platform you own. One that you can add new things to because you want them, and 3rd party vendors can add things to because you demand them. Central control means central choice of what innovations are important. And that never works. Even when it’s cheaper.

If the set top box were to remain a set top box, a box you can’t control, then IPTV would make good sense. But we don’t want it to be that. It’s now time to make it more, and companies are starting to offer products to make it more. We want a platform. Few people want to program it themselves, but we all want great small companies innovating and coming up with the next new thing. Which TVoIP can give us and IPTV won’t. Of course, there are locked TVoIP boxes, like the Akimbo and others, but they won’t win. Indeed, some efforts, like the trusted computing one, seek to make the home box locked, instead of an open platform, when it comes to playing media (and thus locking linux out of the game.) A truly open platform would see the most innovation for the user.

Disclaimer, I am involved with BitTorrent, which makes the most popular software used for downloading video over the internet.

Browsers: Time to have a default margin

In most browsers, the default style presents text adjecent to all sides of the browser window, with no margin. This is a throwback to early days of screen design, when screen real estate was considered so valuable that deliberately wasting it with whitespace was sacrilige.

Of course, in centuries of design on paper, nobody ever put text right up to the margins. Everybody knows it’s ugly and not what the eye wants. Thus, when you see a web page using the default style, which I end up with myself out of laziness, people have a reaction to it as ugly.

Screens are now big enough that it’s time to change the default style to be one that is easier to read. And that means margins. If a page designer wants to put stuff up against the edges, they can easily define their own stylesheets now to do this, so let them do it. I doubt they ever will put text there, though they might put graphics or their own custom margins. If text to the edges is a choice that nobody would make if given the option, it sure seems like silly default to have. It won’t break anything, you can just make the window wider, or make it a user option (which I believe it is in some browsers, but rarely set).

And then more people could use the default for quick pages without having to think about style every time they spit out a web page.

Reputation system for cars and the selfish merge.

George Carlin once proposed a system where people would shoot suction cup darts at cars when they did something annoying, like cutting you off, and if you got too many darts the cops would pull you over. Another friend recently proposed a lot of interest in building some sort of reputation system for cars using computers.

Though Carlin’s was a satire, it actually has merits that it would be hard to match in a computerized system. Sure, we could build a system where if somebody was rude on the road, you could snap a quick photo of their licence plate, or say it into a microphone or cell phone for insertion into a reputation database. But people could also just do this to annoy you. There’s no efficient way to prove you actually were there for the rude event. The photos could do that but it’s too much work to verify them. The darts actually do it, since you could not just stick them on my car when I’m stopped, or I would pull them off before driving.

One problem I want to solve with such a system is the selfish merge. We’ve all seen it — lanes are merging, and the cooperating drivers try to merge early. Then the selfish drivers zoom ahead in the vanishing lane until they get to its end. And always, somebody lets them in. Selfishly zooming up does get you through the jam faster, but at the same time these late mergers are a major contributor to the very jam they are bypassing.

We’ll never stop people from letting in the drivers, and indeed, from time to time innocent drivers get into the free lane because they are not clear on the situation or missed the merge.

…More…  read more »

Hybrid Personal Rapid Transit

When I was in high school, I did a project on PRT — Personal Rapid Transit. It was the “next big thing” in transit and of course, 30 years later it’s still not here, in spite of efforts by various companies like Taxi 2000 to bring it about.

With PRT, you have small, lightweight cars that run on a network of tracks or monorail, typically elevated. “Stations” are all spurs off the line, so all trips are non-stop. You go to a station, often right in your building, and a private mini-car is waiting. You give it your destination and it zooms into the computer regulated network to take you there non-stop.

The wins from this are tremendous. Because the cars are small and light, the track is vastly cheaper to build, and can often be placed with just thin poles holding it above the street. It can go through buildings, or of course go underground or at-grade. (In theory it seems to me smart at-grade (ground-level) crossings would be possible though most people don’t plan for this at present.)

The other big win is the speed. Almost no waiting for a car except at peak times, and the nonstop trips would be much faster than other transit or private cars on the congested, traffic-signal regulated roads.

Update: I have since concluded that self-driving vehicles are getting closer, and because they require no new track infrastructure and instead use regular roads, they will happen instead of PRT.

Yet there’s no serious push for such systems…

Read on.  read more »

Mimic caloric restriction as a means to birth control?

I’ll admit that female endocrinology is not something I know a great deal about, but I do know that most of the birth control pills today follow a general strategy of fooling the body into thinking it is pregnant. This stops ovulation and implantation.

It is also the case that certain types of stress, notably caloric restriction and extremely high levels of physical activity can also retard both ovulation and menstruation. In fact, young girls who are serious athletes often do not experience menarche until years later than ordinary girls. (On the other hand, for reasons not fully understood, the average age of menarche has been gettting significantly younger in recent decades.)

The evolutionary reason for the late menarche seems obvious — if times are tough, and food is scarce, it may be best to not have babies right then.

Anyway, there must be some hormonal signals which these levels of stress generate which trigger the reproductive system not to operate. My question is — might it be possible to mimic these signals, without other harmful effects, as a method of birth control and even menstrual supression?

Of course, we’re very interested in other ways to mimic the signals of caloric restriction without the actual restriction, since in all the animals tested so far, caloric restriction results in serious extension of lifespan and youthspan.

4th Amendment Shipping Tape

Looking at printed wedding gift ribbon some time ago, Kathryn thought it would be amusing to put the 4th amendment on the ribbon, and tie it around our suitcases.

That turned out to be hard to make, but I did make a design for shipping tape which you can see below. The printed shipping tape has the text slant so that as the pattern repeats, the 4th amendment appears as a long continuous string, as well as a block.

You can put this shipping tape on your packages and your airplane luggage. Every time I fly, my luggage gets a card in it telling me how “for my protection” they have searched it.

Now, when they open my luggage, they will have to literally slice the 4th amendment in half in order to do this.

Too bad we can’t wrap it around our phone wires, but at least the EFF is suing AT&T to stop the NSA wiretaps.

We ordered several cases of this tape for the EFF. You can get it as a gift if you join the EFF or buy it directly from the EFF Store. There is a fat markup of course, which goes to protecting your civil rights. Buy some for your own shipping tape gun, or give the gift of privacy rights to a friend.

And yeah, I know it probably won’t stop them from searching. But if, like John Perry Barlow on his way back from Burning Man, I have to go to court over it, it will be nice to tell the judge that they cut the 4th amendment up to search my bags.

(Minor note: The printer could not always get the repetitions to line up perfectly, so sometimes there’s a vertical gap.)

Do our secure passwords in a bluetooth cell phone.

Password security on the web is a troublesome issue. We have hundreds of web accounts, some of them with access to all our money, and it must be secure, not just from phishers and people snooping the web line, but from viruses and keyloggers that can take over our own computers or roaming computers we want to use to access password protected web sites.

The only way to be secure if you can’t trust the very computer you’re logging in from is to have a security dongle which contains the real secrets and does the logon negotiation, plus confirmation of any big actions like large cash transfers. People have carried login dongles for years, typically which have a screen with a constantly changing number (securid) or which can do challenge/response.

Most of the world is moving now to having a smart phone, in particular one with a standardized data protocol such as bluetooth. I propose a protocol so that web sites can, given a limited channel to the phone, do a login dialog with the phone. The computer would just be a conduit for the data, it would not matter if it were compromised, as the passwords would not be sent in the clear.

More thoughts…  read more »

Digital Piano keys with computer controlled resistence

The sound of digital pianos continues to improve, and expensive ones also have a good feel, often by building individually weighted keys that go beyond simulating a key on a real piano.

What might be done with more modern technologies, such as super-fast servos, and fluids whose viscoscity can be varied based on the strength of electric or magnetic fields applied to them. (Some of these fluids are being applied to the development of dynamicly responding shock absorbers.)

So the first step would be to build an action to connect to a keyboard, be it either a servo, a fluid or just a plain powerful magnetic coil, so we can adust, with millisecond resolution, how much backwards force the key applies to the finger of the player. Of course we must also accurately and quickly measure the force being applied by the finger to drive the process.

Next, we would build a device to measure the force-response of a real piano keyboard. It would press the keys in various ways that real players press them -- slowly, quickly, hard, soft and with other forms of varying touch measured from real pianists. Then attempt to develop a model of how the keys on the real piano respond.

With this, we could measure all sorts of great pianos. The concert Steinways, the finest pianos available. These all feel different. In some cases the feel is not necessarily "superior" but just what people have come to expect from that type of piano.

Then we would program our dynamic resistence keys to model any piano that had been measured. Throw a switch and change how it feels from Steinway to Yamaha. Just as you can throw a switch to change how it sounds. Ideally, the equipment would be light so the keyboard would not have to be heavy, as today's weighted MIDI keyboards are. (Of course they are still much lighter than grand pianos.)

How web sites can do a much smarter 'pledge drive'

There is buzz about how Jason Kottke, of, has abandoned his experiment of micropayment donations to support his full-time blogging. He pulled in $40,000 in the year, almost all of it during his 3 week pledge drive, but that's hardly enough. Now I think he should try adsense, but I doubt he hasn't heard that suggestion before.

However, PBS/NPR are able to get a large part of their budgets through pledge drives, so it's possible to make this happen. I think we should be able to do it better on the web.

For example, on PBS/NPR, when they start the pledge drive, they get into a pretty boring endless repeat of the basic message. They tell you that if they reach the goal, they can end the pledge drive early. But this rarely happens, and even when it does, if you pledge early, it doesn't stop the begging.

On the web it could. You could do a pledge drive here where, after a person donates, the drive is over for them. This is not the same as sites that simply charge a subscription fee to get past the ads (such as Salon and Slashdot). This would be an organized pledge drive which is over for everybody after a set period, but over even sooner for those who donate. (There's a touch of work to do for people who use multiple machines, of course.)

Indeed you could even have a "turn off pledge drive I'm never going to give" button for the freeloaders as an experiment. Or it might turn it down a notch. Hard to say if this would work. Of course, people could also write filters for web begging if you make the drives too long. Of course, the drive could even be started at an individual time for the less frequent visitors, though that punishes those who disable cookies or switch machines.

Nominate for EFF pioneer awards

Each year since 1992 the EFF has given out the EFF Pioneer Awards to a wide array of online pioneers. Check out the lists on the web site.

We’re seeking new nominees for this year’s awards, to be given at CFP 06. We need them by Feb 28. Check out the web page, and e-mail us the nominee’s name and contact info with a description of their contribution. Organizations and Systems can be nominated, as well as individuals.

Who do you think has helped make the cyberworld what it is? Get them recognized.

Olympics notebook

Found a thread on avsforum where NBC's engineers are participating. Turns out it would be very simple for them to include a second audio stream without the commentary. In addition, this has apparently been done by some European broadcasters.

I would like to even propose we expand the standard a bit here, to indicate when two streams are "mixable." If Stream 1 had the full audio, and stream 2 had it without commentary, one could also mix these streams, to effectively adjust the volume of the commentary if your equipment knew enough to do so. You could also subtract them if you wanted just the commentary. In a perfect world, each audio channel would come in its own stream so that you could mix yourself, and edit out Scott Hamilton for example, but that's not likely to happen.

So let's encourage them to do this for all sports. Give HD viewers a true "being there" sense. Other interesting things learned: The SD stuff is being shot with widescreen PAL (625 line, 50hz) cameras, cropped and coverted to 525line 60hz for SDTV, upconverted with no need for crop for 1080i60hz viewers.

Sport inflation: It keeps going. Just too many sports. I must admit I am of two minds on Snowboardcross. On the one hand, sports where people physically race one another (like in track) are much more exciting to watch. On the other hand, both Snowboardcross and short-track speed skating tend to have too much luck in them because of this, as people both fall, or are hit by those who fall. Those who are innocent have been getting free passes from the heats (fair) but are just out of luck in the finals.

At least there is no "program component." In spite of Figure Skating's efforts to revamp the terrible judging system which ended in scandal last time when a French judge was bribed to reduce the score of a Canadian pair, it seems that "reputation" remains a huge hidden component in the scores.

It probably wouldn't get the audience, but I would switch figure skating to a pure, non-judged event like high-jump. You keep raising "the bar" (difficulty level on a series of jumps and moves) until only the gold medalist can do it. You would end up with more medals (at least one for the Axel and Toe Loop, or just a general for toe jumps and edge jumps.)

It's not that the dances and choreography aren't pretty and fun to watch. It's just that they are artistry rather than pure athletics -- and thus depend on reputation too much.

These olympics are doing poorly in the ratings. I would have figured with all the HDTVs out there the reverse would happen. Of course, I watch with MythTV. It would be unbearable to watch these games without Myth or Tivo or similar, and most HD users don't have those things.

Interesting issue with Ice Dancing. One of the teams featured a U.S. man and Canadian woman, who could not compete in 2002 because of this. They competed this year after some lobbying got U.S. citizenship for the woman via act of congress. I wonder if we'll see more Olympic gamesmanship with modification of citizenship rules. (It's been common for years for people with dual citizenship who can't get on one country's team to just compete for the other country, particularly small ones.)

I suppose one could just allow a bi-national team like this one to compete. I mean they give 2 gold medals to the winning team, what harm is there if it's one for each country? Seems like something grand in the spirit of international cooperation. The problem is the rules about how many competitors a country can send. Both nations might be afraid to send half of a team if it counted the same as sending the full team against their quota. If it only counted half, they would need to send half of two teams, but it might work.

The national borders are becoming less important in the big money sports. The US-Canadian ice dancers train in the US. I recall at least one eastern team which trained in Calgary. (Such training in richer countries is common.) Why not present the world with the best team?

Power through flash hotshoe

I’ll be moving soon to the Canon 5D camera from my 20D. It’s better in just about every way, but like many “pro” cameras it does not have a built in flash.

It’s not that there isn’t a reason for this. Built in flashes usually suck, and nobody would use them for any sort of serious photography, except for fill. So if you’re going out on a shoot, you would of course carry along some quality flashes and the built-in would be a waste of space.

On the other hand people use cameras like the 5D and 1Ds for more casual shooting, and if you don’t bring a flash and you find yourself wanting an indoor shot, you may find yourself out of luck with your multi-thousand-dollar camera. And, as noted, there is the need for fill. Pro flashes are big and unweildy, you don’t strap them on if you don’t need them.

So here’s a compromise. Add lines to the hotshoe for power, with a smart power bus that only applies real power when a smart flash is confirmed in place, and communicates digitally about voltages and current levels. This would have several benefits.

First, one could sell a small add-on flash that needs no batteries, it’s just capacitor, controller and flashtube, no more than the built-in flash used to be, but perhaps on a telescoping stick so it can raise up high over the camera as a flash should. In fact the camera batteries are pretty powerful, so you could consider making this a decent flash, at the cost of sucking your camera battery faster. But why not? Why not just carry more of one type of battery rather than having two different types for flash and camera? In addition, some people use a special grip on the camera that holds extra battery power.

This power bus could actually even have value with a flash that has its own batteries. You might elect that when those batteries get too low, you could switch to internal batteries. If it means getting a shot that you could not get due to dead flash batteries, of course this is worth it. In Canon cameras, internal battery is 7.2v and flash uses 4xAA meaning 6 or more likely 5 with NiMh, but a flash can easily take this range of voltages. (A fancy camera power supply might even be able to work in reverse, sucking power from the flash batteries when the camera battery is the one dead.)

Of course, I still want all the other goodies I’ve asked for — making infrared flash control standard in the camera bodies, instead of a $200 add-on. (At least with the power available the add-on transmitter could be smaller and cheaper.) And the dream we’ll never get — some standarization among vendors.

This power bus could also power other things — GPS receivers, radio transmitters, audio recorders, portable microdisks, anything people can think of.