You probably heard yesterday's good news that the ACLU prevailed in their petition for an injunction against the NSA warrentless wiretapping. (Our case against AT&T to hold them accountable for allegedly participating in this now-ruled-unlawful program continues in the courts.)

However, the ruling was appealed (no surprise) and the government also asked for, and was granted a stay of the injunction. So the wiretaps won't stop unless the appeal is won.

But this begs the question, "Why do you need a stay?"

Last week at ZeroOne in San Jose, one of the art pieces reminded me of a sneaky idea I had a while ago. As you may know, many camcorders, camera phones and cheaper digital cameras respond to infrared light. You can check this out pretty easily by holding down a button on your remote control while using the preview screen on your camera. If you see a bright light, you're camera shoots in infrared.

Everybody's pulling out IBM PC stories on the 25th anniversary so I thought I would relate mine. I had been an active developer as a teen for the 6502 world -- Commodore Pet, Apple ][, Atari 800 and the like, and sold my first game to Personal Software Inc. back in 1979. PSI was just starting out, but the founders hired me on as their first employee to do more programming. The company became famous shortly thereafter by publishing VisiCalc, which was the first serious PC application, and the program that helped make Apple as a computer company outside the hobby market.

Quite frequently in non-HTML documents, such as E-mails, people will enclose their URLs in angle brackets, such as <http://foo.com> What is the origin of this? For me, it just makes cutting and pasting the URLs much harder (it's easier if they have whitespace around them and easiest if they are on a line by themselves.) It's not any kind of valid XML or HTML in fact it would cause a problem in any document of that sort.

Many universities are now setting up to broadcast lectures over their LANs, often in video. Many students simply watch from their rooms, or even watch later. There are many downsides to this (fewer show up in class) but the movement is growing.

The blogosphere is justifiably abuzz with the release by AOL of "anonymized" search query histories for over 500,000 AOL users, trying to be nice to the research community. After the fury, they pulled it and issued a decently strong apology, but the damage is done.

Many people have pointed out obvious risks, such as the fact that searches often contain text that reveal who you are. Who hasn't searched on their own name? (Alas, I'm now the #7 "brad" on Google, a shadow of my long stint at #1.)

Those who know about my phone startup Voxable will know I have far more ambitious goals regarding presence and telephony, but during my recent hospital stay, I thought of a simple subset idea that could make hospital phone systems much better for the patient, namely a way to easily specifiy whether it's a good time to call the patient or not. Something as simple as a toggle switch on the phone, or with standard phones, a couple of magic extensions they can dial to set whether it's good or not.

There are many proposals out there for tools to stop Phishing. Web sites that display a custom photo you provide. "Pet names" given to web sites so you can confirm you're where you were before.

I think we have a good chunk of one anti-phishing technique already in place with the browser password vaults. Now I don't store my most important passwords (bank, etc.) in my password vault, but I do store most medium importance ones there (accounts at various billing entities etc.) I just use a simple common password for web boards, blogs and other places where the damage from compromise is nil to minimal.

So when I go to such a site, I expect the password vault to fill in the password. If it doesn't, that's a big warning flag for me. And so I can't easily be phished for those sites. Even skilled people can be fooled by clever phishes. For example, a test phish to bankofthevvest.com (Two "v"s intead of a w, looks identical in many fonts) fooled even skilled users who check the SSL lock icon, etc.

The browser should store passwords in the vault, and even the "don't store this" passwords should have a hash stored in the vault unless I really want to turn that off. Then, the browser should detect if I ever type a string into any box which matches the hash of one of my passwords. If my password for bankofthewest is "secretword" and I use it on bankofthewest.com, no problem. "secretword" isn't stored in my password vault, but the hash of it is. If I ever type in "secretword" to any other site at all, I should get an alert. If it really is another site of the bank, I will examine that and confirm to send the password. Hopefully I'll do a good job of examining -- it's still possible I'll be fooled by bankofthevvest.com, but other tricks won't fool me.

The key needs in any system like this is it warns you of a phish, and it rarely gives you a false warning. The latter is hard to do, but this comes decently close. However, since I suspect most people are like me and have a common password we use again and again at "who-cares" sites, we don't want to be warned all the time. The second time we use that password, we'll get a warning, and we need a box to say, "Don't warn me about re-use of this password."

Read on for subtleties...

Right now this blog is hosted by powerVPS, which provides virtual private servers. This is to say they have a large powerful box, and they run virutalization softare (Virtuozo) which allows several users to have the illusion of a private machine, on which they are the root user. In theory users get an equal share of the machine, but since most of the users do not run at full capacity, any user can "burst" to temporarily use more resources.

Yesterday I received a Dell 3007WFP panel display. The price hurt ($1600 on eBay, $2200 from Dell but sometimes there are coupons) and you need a new video card (and to top it off, 90% of the capable video cards are PCI-e and may mean a new motherboard) but there is quite a jump by moving to this 2560 x 1600 (4.1 megapixel) display if you are a digital photographer. This is a very similar panel to Apple's Cinema, but a fair bit cheaper.

Today, Congress passed 410-15 the Delete Telephony Online Predators act, or DTOPA. This act requires all schools and libraries to by default block access to the social networking system called the "telephone." All libraries receiving federal funding, and schools receiving E-rate funding must immediately bar access to this network. Blocks can be turned off, on request, for adults, and when students are under the supervision of an adult.

Transit is of course more efficient than private cars, many people on one vechicle. But because a round-trip for a couple or family involves buying 4 to 8 single tickets, couples and families who have cars will often take their cars unless parking is going to be a problem. For example, for us to go downtown it's $6 within SF. For people taking BART from Berkeley or Oakland it's $13.40 for 2 people. Makes it very tempting to take a car, even if it costs a similar amount (at 35 cents/mile, 15 of those for gasoline in a city) for the convenience and, outside of rush-hour, speed.

Everybody in the blogosphere has heard something about Alaska's Ted Stevens calling the internet a series of tubes.

They just heard him wrong. His porn filters got turned off and he discovered the internet was a series of pubes.

(And, BTW, I think we've been unfair to Stevens. While it wasn't high traffic that delayed his E-mail -- "an internet" -- a few days, his description wasn't really that bad... for a senator.)

A proposal by a Stanford CS Prof for a means to switch the U.S. Presidential race from electoral college to popular vote is gaining some momentum. In short, the proposal calls for some group of states representing a majority of the electoral college to agree to an inter-state compact that they will vote their electoral votes according to the result of the popular vote.

Big news today. Judge Walker has denied the motions -- particularly the one by the federal government -- to dismiss our case against AT&T for cooperative with the NSA on warrantless surveillance of phone traffic and records.

The federal government, including the heads of the major spy agencies, had filed a brief demanding the case be dismissed on "state secrets" grounds. This common law doctrine, which is often frighteningly successful, allows cases to be dismissed, even if they are of great merit, if following through would reveal state secrets.

An interesting article in the WSJ yesterday on the paradox of abundance describes how many Netflix customers are putting many "highbrow" or "serious" movies on their lists, then letting them sit for months, unwatched, even returning them unwatched.

This sounds great for Netflix, of course, though it would be bad for Peerflix.

Hot on the heels of the regular photos the gallery of 2005 Burning Man Panoramas is now up. This year, I got to borrow a cherry picker at sunset on Friday for some interesting perspectives. The long ones are around 3400 by 52000 at full res (180 megapixels) and even the ones on the web are larger than before. Use F11 to put your browser into full screen mode.

Recently IEEE Spectrum published a paper on a refutation of Metcalfe's law -- an observation (not really a law) by Bob Metcalfe -- that the "value" of a network incrased with the square of the number of people/nodes on it. I was asked to be a referee for this paper, and while they addressed some of my comments, I don't think they addressed the principle one, so I am posting my comments here now.

Bruce Schneier today compliments Google on trying out pay-to-perform ads as a means around click-fraud, but worries that this is risky because you become a partner with the advertiser. If their product doesn't sell, you don't make money.

And that's a reasonable fear for any small site accepting pay-to-perform ads. If the product isn't very good, you aren't going to get a cut of much. Many affiliate programs really perform poorly for the site, though a few rare ones do well.

People ask me about the EFF endorsing some of the network neutrality laws proposed in congress. I, and the EFF are big supporters of an open, neutral end-to-end network design. It's the right way to build the internet, and has given us much of what we have. So why haven't I endorsed coding it into law?

If you've followed closely, you've seen very different opinions from EFF board members. Dave Farber has been one of the biggest (non-business) opponents of the laws. Larry Lessig has been a major supporter. Both smart men with a good understanding of the issues.

I haven't supported the laws personally because I'm very wary of encoding rules of internet operation into law. Just about every other time we've seen this attempted, it's ended badly. And that's even without considering the telephone companies' tremendous experience and success in lobbying and manipulation of the law. They're much, much better at it than any of the other players involved, and their track record is to win. Not every time, but most of it. Remember the past neutrality rules that forced them to resell their copper to CLECs so their could be competition in the DSL space? That ended well, didn't it?

Read on...