I'm in Edmonton. Turns out to be the farthest north I've been on land (53 degrees 37 minutes at the peak) after another turn through the Icefields Parkway, surely one of the most scenic drives on the planet. My 4th time along it, though this time it was a whiteout. Speaking tomorrow at the CIPS ICE conference on privacy, nanotechnology and the future at 10:15.
Internet economics, technology and issues
In thinking about how to reduce the cost of bringing fiber to everybody (particulaly for block-area-networks built by neighbours) I have started wondering if we could build a robot that is able to traverse utility poles by crawling along wires -- either power, phone or cable-TV wires. The robot would unspool fiber optic cable behind it and deploy wire-ties to keep it attached. Human beings would still have to eventually climb the poles and install taps or junctions and secure these items, but their job would be much easier.
Over 15 years ago I proposed that USENET support the concept of "replacing" an article (which would mean updating it in place, so people who had already read it would not see it again) in addition to superseding an article, which presented the article as new to those who read it before, but not in both versions to those who hadn't. Never did get that into the standard, but now it's time to beg for it in USENET's successor, RSS and cousins.
It's common in the blogosphere for bloggers to comment on the posts of other bloggers. Sometimes blogs show trackbacks to let you see those comments with a posting. (I turned this off due to trackback spam.) In some cases we effectively get a thread, as might appear in a message board/email/USENET, but the individual components of the thread are all on the individual blogs.
I'm back fron Burning Man (and Worldcon), and though we had a decently successful internet connection there this time, you don't want to spend time at Burning Man reading the web. This presents an instance of one of the oldest problems in the "serial" part of the online world, how do you deal with the huge backup of stuff to read from tools that expect you to read regularly.
There are many proposals out there for tools to stop Phishing. Web sites that display a custom photo you provide. "Pet names" given to web sites so you can confirm you're where you were before.
I think we have a good chunk of one anti-phishing technique already in place with the browser password vaults. Now I don't store my most important passwords (bank, etc.) in my password vault, but I do store most medium importance ones there (accounts at various billing entities etc.) I just use a simple common password for web boards, blogs and other places where the damage from compromise is nil to minimal.
So when I go to such a site, I expect the password vault to fill in the password. If it doesn't, that's a big warning flag for me. And so I can't easily be phished for those sites. Even skilled people can be fooled by clever phishes. For example, a test phish to bankofthevvest.com (Two "v"s intead of a w, looks identical in many fonts) fooled even skilled users who check the SSL lock icon, etc.
The browser should store passwords in the vault, and even the "don't store this" passwords should have a hash stored in the vault unless I really want to turn that off. Then, the browser should detect if I ever type a string into any box which matches the hash of one of my passwords. If my password for bankofthewest is "secretword" and I use it on bankofthewest.com, no problem. "secretword" isn't stored in my password vault, but the hash of it is. If I ever type in "secretword" to any other site at all, I should get an alert. If it really is another site of the bank, I will examine that and confirm to send the password. Hopefully I'll do a good job of examining -- it's still possible I'll be fooled by bankofthevvest.com, but other tricks won't fool me.
The key needs in any system like this is it warns you of a phish, and it rarely gives you a false warning. The latter is hard to do, but this comes decently close. However, since I suspect most people are like me and have a common password we use again and again at "who-cares" sites, we don't want to be warned all the time. The second time we use that password, we'll get a warning, and we need a box to say, "Don't warn me about re-use of this password."
Read on for subtleties...
Everybody in the blogosphere has heard something about Alaska's Ted Stevens calling the internet a series of tubes.
They just heard him wrong. His porn filters got turned off and he discovered the internet was a series of pubes.
(And, BTW, I think we've been unfair to Stevens. While it wasn't high traffic that delayed his E-mail -- "an internet" -- a few days, his description wasn't really that bad... for a senator.)
Big news today. Judge Walker has denied the motions -- particularly the one by the federal government -- to dismiss our case against AT&T for cooperative with the NSA on warrantless surveillance of phone traffic and records.
The federal government, including the heads of the major spy agencies, had filed a brief demanding the case be dismissed on "state secrets" grounds. This common law doctrine, which is often frighteningly successful, allows cases to be dismissed, even if they are of great merit, if following through would reveal state secrets.
Recently IEEE Spectrum published a paper on a refutation of Metcalfe's law -- an observation (not really a law) by Bob Metcalfe -- that the "value" of a network incrased with the square of the number of people/nodes on it. I was asked to be a referee for this paper, and while they addressed some of my comments, I don't think they addressed the principle one, so I am posting my comments here now.
Bruce Schneier today compliments Google on trying out pay-to-perform ads as a means around click-fraud, but worries that this is risky because you become a partner with the advertiser. If their product doesn't sell, you don't make money.
And that's a reasonable fear for any small site accepting pay-to-perform ads. If the product isn't very good, you aren't going to get a cut of much. Many affiliate programs really perform poorly for the site, though a few rare ones do well.
You've seen me write before of a proposal I call addresscrow to promote privacy when items are shipped to you. Today I'll propose something more modest, with non-privacy applications.
I would like PayPal, and other payment systems (Visa/MC/Google Checkout) to partner with the shipping companies such as UPS that ship the products bought with these payment systems.
Ebayers are familiar with what is called bid "sniping." That's placing your one, real bid, just a few seconds before auction close. People sometimes do it manually, more often they use auto-bidding software which performs the function. If you know your true max value, it makes sense.
However, it generates a lot of controversy and anger. This is for two reasons. First, there are many people on eBay who like to play the auction as a game over time, bidding, being out bid and rebidding. They either don't want to enter a true-max bid, or can't figure out what that value really is. They are often outbid by a sniper, and feel very frustrated, because given the time they feel they would have bid higher and taken the auction.
This feeling is vastly strengthened by the way eBay treats bids. The actual buyer pays not the price they entered, but the price entered by the 2nd place bidder, plus an increment. This makes the 2nd place buyer think she lost the auction by just the increment, but in fact that's rarely likely to be true. But it still generates great frustration.
The only important question about bid sniping is, does it benefit the buyers who use it? If it lets them take an auction at a lower price, because a non-sniper doesn't get in the high bid they were actually willing to make, then indeed it benefits the buyer, and makes the seller (and interestingly, eBay, slightly less.)
There are many ways to write the rules of an auction. They all tend to benefit either the buyer or the seller by some factor. A few have benefits for both, and a few benefit only the auction house. Most are a mix. In most auction houses, like eBay, the auction house takes a cut of the sale, and so anything that makes sellers get higher prices makes more money on such auctions for the auction house.
We often travel as a couple, and of course both have the same e-mail and web addictions that all of you probably have. Indeed, these days if you don't get to your e-mail and other stuff for a long period, it becomes unmanageable when you return. For this reason, we bring at least one, and often two laptops on trips.
When you set up a mail client, you have to configure mail reading servers (either IMAP or POP) and also a mail sending server (SMTP). In the old days you could just configure one SMTP server, with no userid or password. Due to spam-blocking, roaming computers have it hard, and either must change SMTP servers as they roam, or use one that has some sort of authentication scheme that opens it up to you and not everybody.
A lot of the time, on web forms, you will see some sort of structured field, like an IP address, or credit card number, or account number, broken up into a series of field boxes. You see this is in program GUIs as well.
On the surface it makes sense. Never throw away structure information. If you're parsing a human name, it may be impossible to parse it as well from a plain string compared to a set of boxes for first, last and middle names.
As I've written before, Google's Adsense program is for many people bringing about the dream of having a profitable web publication. I have a link on the right of the blog for those who want to try it. I've been particularly impressed with the CPMs this blog earns, which can be as much as $15. The blog has about 1000 pageviews/day (I don't post every day) and doesn't make enough to be a big difference, but a not impossible 20-fold increase could provide a living wage for blogging.
A buzzword in the cable/ilec world is IPTV, a plan to deliver TV over IP. Microsoft and several other companies have built IPTV offerings, to give phone and cable companies what they like to call a "triple play" (voice, video and data) and be the one-stop communications company.
In most browsers, the default style presents text adjecent to all sides of the browser window, with no margin. This is a throwback to early days of screen design, when screen real estate was considered so valuable that deliberately wasting it with whitespace was sacrilige.
Of course, in centuries of design on paper, nobody ever put text right up to the margins. Everybody knows it's ugly and not what the eye wants. Thus, when you see a web page using the default style, which I end up with myself out of laziness, people have a reaction to it as ugly.
There is buzz about how Jason Kottke, of kottke.org, has abandoned his experiment of micropayment donations to support his full-time blogging. He pulled in $40,000 in the year, almost all of it during his 3 week pledge drive, but that's hardly enough. Now I think he should try adsense, but I doubt he hasn't heard that suggestion before.
However, PBS/NPR are able to get a large part of their budgets through pledge drives, so it's possible to make this happen. I think we should be able to do it better on the web.
Yahoo is now entering the context-driven ad field to compete with Adsense, and that's good for publishers and web authors. I have had great luck with adsense, and it provides serious money for this blog and my other web sites, which is why I have the affiliate link on the right bar encouraging you to join adsense -- though I won't mind the affiliate fee as well, of course.