Wednesday, November 08, 2006

Back from Hiatus

A lot has been happening in the tech world over the last few months that are worthy of note, and I have been considering them -- and some of these need digesting. Hence, the gap in entries since August. I did not just want to put entries in that are news items, but rather give some context to these activities -- why are they important to note? What are the ramifications? How do they affect the world of computing for individuals and for businesses?

For example, in June, Bill Gates announced that he was stepping down from his day-to-day involvement at Microsoft, ceding the job of Chief Software Architect to Ray Ozzie, of Lotus Notes fame, and becoming a "part time" employee in July of 2008. This begs comment -- this is a monumental event, and requires some analysis, rather than the usual "passing of the torch," "end of an era" rhetoric.

My take on this at the time, which has been strengthened in the last few months is: This announcement is the end of Microsoft as we know it, and removes Microsoft from its special status of what might be called the "Beatles" of the software industry (as in they are in a class by themselves) to being just another player in a tough industry. In five years or less, Microsoft will no longer be dominant, and will no longer have the choke-hold on the PC world that it has now. Bill Gates is Microsoft, and he is leaving. I have more to say about this -- and you can see that more needs to be said about it, and that it is not just another interesting event in the industry.

Two other items that need comment and analysis are Microsoft's deal with Novell, and Oracle's announcement that they are supporting enterprise Linux. These are both industry changing events. Oracle's announcement is brilliant. I'm not so sure about the Novell/Microsoft announcement.

Of course, Microsoft Vista, their successor to Windows XP, is another subject that begs analysis. Should you move, or not? Should you just chuck it and either stay with XP as long as you can, or move to Apple?

In addition, I have been having fun with some time management tools from David Seah, a graphic designer based in New Hampshire. Time Management and goal setting (and achieving!) is a subject with many, many opinions and methods, and following David's journey to time management nirvana has been interesting. Plus, the forms he has put together are just gorgeous!

So, I just wanted to post this and let you know that I will be posting some analysis on these and other items over the next week or two.

Thursday, August 31, 2006

Rather than Worry about AOL...

Just move! If you are an AOL user, there are many better ways to get to the internet, and you do not have to worry (as much) about privacy breaches, or "BadWare." AOL got dinged by StopBadWare.Org for their latest version of their software, which installs extensions to other parts of your system with no warning and no consent on your part. A program should stay in its own "sandbox" and not try to take over the machine, but more and more software packages and ISPs are crossing the line.

Of course, AOL also released the searches of its members to the "research community" a few weeks ago.

So, why worry? Be happy with some other ISP.

Tuesday, August 22, 2006

The Revolution is Here?

I have a belief, which is that all this fretting we have over the depletion of oil reserves, coal, and other fossil fuels, and global warming caused by the spewing of CO2 in the air, etc., etc., is unfounded. Yes, we should be concerned, but Al Gore notwithstanding, I believe we are leaving the gas-burning phase of our existence, and moving into the next phase, which is -- what? Nuclear? Fusion? Geo-thermal? Fuel Cell? I don't know what, but it will come.

One thing that is a constant in the history of humans is that we always find a way. We have a fear that we will over-heat the planet, that we will run out of gasoline, and/or that we will over-breed and deplete the food that exists (see Malthus for this latter view). My view is that we will find the answer and prevail, without turning the planet into a billiard ball. That's what we do.

The coming breakthrough that moves us from fossil fuels to the new paradigm is something that I have been calling "The Revolution." The Revolution is cheap, almost free, energy that will move us -- all of us -- to a new level. When you think about it, we have very fancy cars that are driven by 19th century basic technology: explosions in a cylinder that drive a piston to make a shaft turn, which then makes wheels turn. We are very good at making these explosions happen in more and more efficient manner, but we still use at most 40% of the total energy contained in a gallon of gas -- we waste more energy that we use. Here is a way-to-erudite explanation of this.

This is one reason that I am for SUVs, Big Trucks, and huge 20' Caddies: If we use up the gas, we will be forced to get to the answer sooner.

Come the Revolution, gasoline will be obsolete.

Now, comes news from Ireland, that the Revolution just might be here. It sounds pretty far-fetched -- energy is created, violating the law of physics that says this is impossible. The company that is claiming this, Steorn, laid down the gaunlet, challenging physicists to test and disprove the process.

Now, this could be a stunt. But -- what if? I am game. I'll keep you posted.

Tuesday, August 08, 2006

AOL -- Not Too Swift

AOL has been in the news lately. First, it is nearly impossible to quit -- there is a exasperating audio clip of someone trying to quit that is making the blog rounds. I had a free account that AOL tried to charge me for, and my call with them (which I didn't record, unfortunately) was a lot longer than the encouters referenced above.

Next, they released the search logs of 650,000 users (initial reports were 500,000, but it was worse than that) to the "research community." This was quickly retracted. For the short time it was up, however, there were a lot of people looking through it, with some very interesting findings.

What can we learn from this?

First: AOL does not care about its users. To them, users are not customers, but are fodder for their real customers, the people who buy advertizing from them. This has been true since they mailed their first "free" floppy disk years ago.

Second: There is no privacy on the internet. Period. As Scott McNeally said, "get over it." Please assume that all emails, searches, and everything else you do is open to the world. Online banking and most commerce from reputable companies are relatively safe, but there are still real risks, and even then, you must assume that a company will not keep secret your buying a stun gun or mace or something of that nature on line.

Third: This is a corollary to number 1: Quit AOL. They do not deserve to be in business. Period. More importantly, you deserve to have a real internet, not some fake "big brother" cocoon. Who do I recommend? I recommend getting cable or DSL from the likes of AT&T or Charter, and only use them for access to the internet. Go to Earthlink for dial-up, if you are in the sticks. Get your email address from a free service like Yahoo, or Gmail, or, better, get you own domain and email account from GoDaddy. I use their service for all my domain name registrations. There is too much good stuff out there for AOL to be your option.

Fourth: There are some sad and lonely people in the world. Looking through the AOL searches is like looking into someone's diary -- it is creepy, and it feels like you are looking at something that is better left alone.

Five: It is a good idea for all search engines to stop logging searches. Why should they? The only reason is for dubious marketing reasons -- ways to know what is "in the mind" of the user so that you can pitch more directed ads to them. But for logs of the detail that AOL kept - that is bad news. I did not expect better from AOL, but it is a drag to have your worst assumptions realized.

Tuesday, May 30, 2006

Microsoft Onecare Released 5/31/06

Microsoft's OneCare service is Microsoft's answer to McAfee and Symantec anti-virus and PC security software. I have not tried it, as I am try not to work with beta software. My gut tells me this, for what it is worth:

The main target of virtually all virus writers is coding errors and security holes in Microsoft's product base. Windows 2000, Windows XP, the Microsoft Office suite, Microsoft Outlook (for email viruses) -- these are all rich targets for hackers and crooks. And, the target has been an easy one. Many, many, many of the holes that are exploited are boneheaded (in my humble opinion) programmer and designer errors. "Buffer overruns" that allow viruses to take over your computer, for example, are errors that grade-school programmers are taught to avoid, and yet they are rampant in Microsoft's code. Code complexity has nothing to do with it -- or maybe it does, in the case of overly-complex code. Regardless, well-designed and well-written code (and, therefore, software applications) do not leave room for hackers to get in.

Now, Microsoft is writing security software designed to save you from people who take advantage of faulty Microsoft code. I don't buy it.

To be fair, OneCare comes with a bundled backup and restore capability, which may be worth the price, but there are other applications that you can use to backup and restore your PC. That is the only service OneCare provides that does not in some way correct an inherent Microsoft problem.

Yes, there are "phishing" emails, trojan horses, and other annoying security problems that are not exploiting Microsoft's flaws, and they are real threats. But MS's product line is a main source of trouble for viruses. You are going to pay money to Microsoft for software that "saves" you from errors of Microsoft's own making. Does this sound like a good idea? Not to me.

So, stick with McAfee. It works.

Happy News Web Site

It is really easy to find bad news in newspapers and web sites. In my random wanderings, I came across Happy News -- a news site that is dedicated to only good news. You would think it would be difficult to find good news in these times, but it has many, many positive articles. I can guarantee that no matter what your mood, you will be smiling by the third article.

Thursday, May 25, 2006

RFID "Security" failings

There is an interesting article on RFID's security problems. "RFID" means "Radio Frequency Identification" and is being touted as the newest way to track goods and services, and people. An RFID tag emits a response when activated by a scanner or other device. So, if you have an RFID tag on a shipping container, a scanner can quickly and easily ID the container from a few feed or yards away, without the need for line-of-sight visibility. So, if you have a frighter full of hundreds of thousands of containers, or a Fedex truck filled with hundreds of RFID'd shipments, a scanner can scan all of them, and quickly know what is in the freighter or truck. Much easier than scanning each one individually using barcodes, say.

With "easy" comes "easy to hack," or break into. Wired has an article showing that this can easily be done. Good reading, and informative. The bottom line is -- once again, we have a cool technology that is not "ready for primetime" that is being pushed for adoption before the kinks are "dekinked." Wal-Mart is pushing the technology because it will save them a lot of money in logistics. However, at what cost? When leave the Wal-Mart parking lot after you buy that RFID'd stuff, can some thief scan you as you leave, follow you home or hijack you and steal it? If you have an RFID passport, can some random person walk by you and pull your ID without even touching you? Can a walk in downtown Manhattan or LA result in a thousand thieves reading your personal information from your RFID tagged ID cards? That is the issue, and the issue is not yet resolved. My guess is that the security issues will be addressed, but not fully, because of the huge profit potential. Just as the financial services companies do not yet have an incentive to really ensure online transactions are really coming from you, RFID users are not incented to protect your privacy. So, my advice is, beware and cautious when dealing with this technology, both as a consumer and as a user.


Other articles on this include an article from Techworld from last year, and InformationWeek from November, 2004. This has been an issue for a while, and it is still a problem, showing that this is not an easy problem to solve -- so, again, treat RFID with suspicion.

The "Baby Photo" Scourge

In today's Wall Street Journal's Personal Journal section, there is a page one article on "The Baby-Photo Backlash." Apparently, proud parents are sending pics of their kids to their friends and family, and some people are okay with it, and others are annoyed by it. Also, parents can set up websites and blogs with photos of their kids, and send links to them. There are, apparently, "etiquette experts" that have something to say about this, like "show restraint," except, of course, when sending pics to the grandparents. Some parents have sent pics to wrong addresses and didn't know it.

That's the article. I don't want to be a critic, but that was about 24 column-inches on a really vacuous subject -- who cares? The one thing that I, being very sensitive to misuse of the web and the diabolical types who troll web sites, care about is that if you have a web site that anyone can access with pictures of your kids, please be aware that anyone can access it, and copy those pictures or your darlings for whatever nepharious reason. Of course, the article didn't mention that, and yet that is the potential tragedy. That is one reason -- the only reason -- I have never posted pictures of my beautiful child on an open web site.

By the way, one of the pieces of advice the article mentioned was to "make sure they are good quality photos." "Good quality" could mean "high resolution" which means "really big," like five or more megabytes per picture. It is not a good idea to send high resolution pics to people via email -- rather, it is better to scale them down by compressing them or resizing them so that they are about two-three hundred kilobytes each -- still big, but not earth-shattering. Of course, "good quality" could mean "nicely framed, in focus, good looking" photographs, and I agree with that wholeheartedly!

Tuesday, May 23, 2006

Nike and Apple -- Together

Nike and Apple?

Just read it.

This is a good example of technologies integrating. Not sure if it makes sense to "do it," but it is interesting!

Also, the new Apple ads are really cute.

Vets Data Stolen

A laptop with the names, social security numbers, and other private information of 26.5 million (that is one tenth the population of America!) was stolen from a "data analyst's" house. According to the Department of Veteran's Affairs, the employee was "not authorized to do" this.

This is the latest in a long string of personal information being stolen or lost -- lost tape backups, stolen laptops, etc., etc. that happened in the last year.

The VA putting the data analyst "on leave" for this is, actually, ridiculous -- the real question is: How could the private information of 26.5 million people end up on anyone's laptop?

With the advancements of technology for mobilization and advances in data storage, data is more mobile than ever before. With wireless laptops, we can now work at our local coffee house. With ever-increasing storage capacity, we could keep detailed information on every man, woman, and child on the planet on a single laptop computer.

With this incredible increase in computer capability comes responsibility, and we run right into one of Uncle Mark's technology maxims:

Just because we can do something does not mean we should do something.

You can take your computer to the beach and work there. That does not mean you should. You are at the beach, for crying out loud! We can check email with our BlackBerries or Treos while tooling along the freeway at 75 MPH. That does not mean we should.

In the case of the VA, while it is true that certain administrators and technicians can access data and get around certain safeguards built into technologies like database servers and business applications, that does not mean they should, and in this case, I would take it further: the systems that have this information should be built to make it virtually impossible for even skilled internal people to get access to mass data.

This is true across the boards, at all companies and government agencies. If there is data that should be treated confidentially, then the systems that access and store this information must be built to always treat this information this way. Appropriate access must be given, but not Carte Blanche access. In other words, the systems should be built in such a way that copying 26.5 million names and Social Security Numbers to a laptop is extremely difficult and out of the ordinary. To skilled internal people, copying any data anywhere is always going to be possible, mainly because you must be able to manipulate and work with data and data structures to build and maintain systems, but skilled designers and developers can make it difficult and well-defined, and can also create an "audit trail" of access, so you know who did the deed.

Given the extreme mobility of data, IT departments (and audit committees, CEOs, CFOs, and HR personnel) really need to evaluate their own data security, and act accordingly. First, you need to know if the data you are keeping is sensitive or not. Are you keeping SSNs of employees on a computer system, or customer tax information or credit card data? What would be the impact of someone stealing this data? Who can access this data internally? Who should have access?

On the other side of the ledger, the government and financial services industry must be responsible as well. Why does it matter if someone has your Social Secutity Number? Who cares? Well, the problem is that someone can open credit card accounts and other financial products with that information, without your ever having to be directly involved. People can pretend to be you and gain access to your existing accounts. This is a big problem.

The cat is already out of the bag, really, on stolen information. As Scott McNealy, former CEO of Sun Microsystems said five years ago "You have zero privacy anyway. Get over it." The answer is not only to make it harder for people to steal information, because the information of millions of people has already been stolen. Rather, the answer is to make the stolen information useless. Financial services companies must be absolutely sure the people they are dealing with are who they say they are, and the government should back that up by making the firms liable for charges made in any other way. In other word, if a credit card issuer opens an account because someone sent in a form with your SSN on it, without absolutely verifying that the person applying was you, then they are liable for all charges made on that card -- you are not. Likewise, if a retailer does not really know it is you they are selling to, they, too, should be liable for the full amount.

Why should you be responsible for their lack of adequate security? They opened the account without your knowledge or consent. They allowed access to your accounts without fully verifying your identify. It is a breakdown in their processes, not yours. If the bank was robbed, the bank doesn't reduce your accounts -- why is this any different?

Technology exists to fully identify you to whomever needs to know who you are. There are no fool proof methods, but there are methods that reduce the risks considerably, and reduces to zero the risk that someone can open accounts with just your SSN and mother's maiden name. There are security token devices that, in conjunction with a Personal ID number (PIN), can ID you online or in person, and is virtually impossible to break. Someone would have to steal both your security token device and know your PIN to gain access.

There is also "in person." You show up in the office of the bank and establish your ID with your birth certificate, passport, or other documents, and thumbprint. You can add retina scans, or other ID technology. Soon, no doubt, you will be able to use your DNA.

This is why I have been a proponent of strong authentication and identification technologies where it matters. If you have money in the bank, it matters that only you or your designates have access to it. It matters that only you can open a credit card account, or pay pal account, or any other account, in your name. It matters that stores really know it is you buying books or CDs from them on line, if they are charging the purchase to you. It matters that when you send an email, people know it is you who sent it, not someone masquerading as you. It is really easy to be anonymous on the web (sort of, anyway), but really hard to be, well, you.

Financial services and retailers will balk at this, because their position is that it would be "onerous" to make this type of identification work. In other words, it is hard. Fine. My view is that the price for their convenience is the cost of fraud. If they are unwilling or unable to fully establish the ID of their own customers, it should be they, not the customer, who pays for the inevitable fraud that will occur. They may say that "the customer" does not want this. My view is that "the customer" has no problem with being correctly identified, and has a big problem with having to recover from "identity theft."

The current issue of Reader's Digest has cover article on "ID Thieves' New Tricks." The fact of the matter is that technology, such as the security token, can defeat most of these tricks.

The bottom line is that companies and government agencies need to put in place systemic safeguards for personal (or any sensitive) information so that laptops or backup tapes being stolen doesn't affect millions of people, and companies and agencies that work with people need to put in place identification safeguards that will make the theft of "personal" information a non-event. The technology exists today to do both. This is one case where "just because we can do something, we should!"

Saturday, April 08, 2006

Apples Can Run Windows!

Apple recently released computers running Intel chips. This was, essentially, hell freezing over for the Mac faithful... at least at the time. Now, Apple releases a program called "Boot Camp" that allows their new Intel Mac to start up Windows XP instead of Mac OS X. Now, all of a sudden, Mac lovers are praising Apple for going Intel.

My view on this is that at the end of the day, computers are about software, not chips. You could have a Chevy Suburban, for example, with a Dodge engine, and you would never know - it would still be a Suburban for all intents and purposes. You can run Linux on pretty much any computer chip out there, and it is still Linux. The same is true of Apple's operating system, OS X.

Actually, Windows is the exception rather than the rule. Every serious current operating system for computers except Windows runs on a variety of computer processor chips. Windows XP, which is the decendent of older Microsoft operating systems like Windows 95, Windows 3.1, and MS DOS, has been hamstrung by these ancestors. Windows XP has to be able to run the programs written for these older operating systems (otherwise, people would not upgrade), and these all ran on Intel chips.

Boot Camp allows you to load both Windows XP and Apple OS X on the same Intel Apple, and choose which one to run. You cannot run both at the same time, which would be the ideal situation. Besides loading Boot Camp, you will need to purchase Windows XP, which costs about $200. Apple will not, to their credit, pre-load Windows on these machines.

Why would anyone want to run Windows XP on a Mac? The only reason is to be able to run programs that only run on a Windows XP machine, like certain computer games, and certain business software. So some people, that may be worth the $200 and the dabble in Apple.

Apple is very smart to not pre-load Windows. Actually, this is a no-brainer. IBM tried to get OS/2 to go big by having it encapsulate Windows, and they paid MS a license for each copy they gave away -- clearly stupid. OS/2 was so clearly superior to Windows that they really didn't need to do that. What they needed to do was pick a few key applications, like Word Perfect and Lotus, and push it home, and market the heck out of it. In '92 they could have killed Windows, but blew it.

As for Apple, Win XP runs everything OS X runs. The tendency for the non-Apple user will be, if they buy one, to boot Win XP. Why not? Their kids are already running it for games. The barrier is the cost of Win XP. The issue is, though, that if you shell out $200, you will want to use it.

So, there are two ways it can go on this: It will solidify Windows, because now it is everywhere, or it will be an interesting footnote in the history of the Mac. I think it is interesting that Apple can do this, and it will boost sales for Apples, and that is a good thing, but now that it is done, Apple should move on (except for Christmas season sales, taking advantage of the Windows Vista delay) and encourage really good software for OS X. Make it so they never want to leave.

At the end of the day, Apple OS X is very close to the point where it can truly replace Windows in the workplace. It already can at home. Apple should push for going the rest of the way. That is why Boot Camp is a potential distraction -- it could move Apple into a complacent mode where they think that users will use OS X daily, and only go to Windows for those things they really need. That will not happen. When the thing you really need is on Windows, you will stay on Windows. Once the things you really need are on OS X, then you will never need to go to Windows again.

Friday, March 03, 2006

"Enigma" message cracked!

This is a story that is on the "front page" of yahoo, so this is not exactly a scoop, but it is really interesting. An amateur cryptographer named Stefan Krah and a whole slew of computers broke the German WWII code created using their "Enigma" code machine. The project started January 9th, and the first code was cracked on February 20.

The project was not "Let's guess a billion times and see what happens." Rather, it was a combination of a huge amount of directed knowledge of how the enigma machine works, how the German language (and German naval terms) works, and how in general cryptography works. Then, using this knowledge, Krah created a computer program that then applies this information to try combinations to crack the code.

The program was written to allow for a coordinated effort of many computers to help break the code. This use of multiple, ganged, computers to share the work on a single task is called "distributed computing." The program runs in the background on a computer and works on these programs when the computer is otherwise idle. Since most people these days use their computer for web browsing or writing letters, computers are basically always idle.

For the first several days (up until Feb 10) only ten computers were working on it. Because of the publicity on slashdot and others, the number of participants was 2,500(!). This is a lot of raw power.

Distributed computing is the "wave of the future" except that it is extremely difficult to do. It is hard to coodinate the actions of more than one computer. As a result, we have a computing model where your computer is sitting idle most of the time asking for web pages on a server that is also serving web pages to a large, large number of other people. Your computer is mostly idle. The server is mostly working. There is a discrepency there. Your computer should share some of the load, but it really doesn't.

I do not have the exact numbers, but I am certain that if you were to add up all the
computing power wasted one hour today, that it would be more than all the computing power that existed in all of 1980. That date could even possibly be moved forward to 1990. There are an awful lot of computers out there doing nothing!

Projects like this show the power of this large pool of untapped computing power. Other projects, such as the SETI project, have done similar work of distributing work across a large number of computers.

The real code to crack is how to crack into this sea of unused computing power! Software has to catch up with the advances in processors and communications -- but it will. The sea of raw computing potential out there is like the seas of oil in the ground in 1870 -- lots of potential, but untapped. It will be tapped, and when it is, wow! You think iTunes and Google are cool, just wait!

Thursday, March 02, 2006

Wikipedia -- Caveat Emptor

There are lots of web reference tools out there, from Onelook to Google to Slashdot and many, many others. Wikipedia is an online encyclopedia with a major twist: Anyone can add to it, and anyone can edit the contents. There is no editorial board. There is no real editing, except that anyone can "edit." Wikipedia even describes itself using its own format -- anyone can edit the entry on Wikipedia!

The theory of Wikipedia is interesting to me, but to my mind the results are extremely uneven. "Editors" with one ax to grind or another modify entries to fit their point of view, which sometime errupt in edit wars. I looked up "Dog" in Wikipedia, thinking it to be a relatively benign subject. Yet, despite the fact that the day is young, there are fourteen edits to the content, some of which were "reverts" back to earlier versions, meaning that someone erased what someone else entered!

To Uncle Mark's mind, a medium in which anyone can contribute with no real fact checking is to be taken with a ton of salt. So, while Wikipedia is good for a quick lookup for obviously true data (like the US is in North America -- no controversy there!), caveat emptor!

Wednesday, March 01, 2006

Yahoo and AOL to Start Charging Senders for Email

Slashdot.org posted a notice today that aol was going to start charging emailers to email people using their service -- and that "Opposition is growing." Uncle Mark was intrigued by this. What is this?

Well, it turns out that AOL and Yahoo have turned to a company called Goodmail Systems to provide email certification services for them. AOL and Yahoo will accept "certified email" from Goodmail and allow it to go direct to their users' inboxes, bypassing spam filters. Senders who are certified by Goodmail pay a fee for each email sent.

Now -- when I read this, I thought "oh, great! AOL and Yahoo are allowing spammers to spam me, and collecting money for it!"

And, guess what? There is plenty of opposition to this. There is a web site called "Deal AOL." There is the Electronic Freedom Foundation (EFF) take on this. There is MoveOn.org's take on this. Why?

The leading claims against this are:

1. This would create a "two tiered" email system where some email is free and some is paid for. The paid for mail would therefore get preferential treatment, leaving small companies and people who do not want to pay for sending email out in the cold.

2. AOL and Yahoo would profit from spam, since they are collecting fees for emails to their user base.

3. It would remove financial incentives for AOL or Yahoo to fight spam -- they would just let spammers "pay to play." [Uncle Mark is adding: If anything, it would incent AOL and Yahoo to force all senders, not just spammers, to use their certification system, and block all non-paying emails].

Goodmail says that they do the following to certify senders:

1. Ensure the company is legitimate and has been in business for a while.
2. Ensure that the senders infrastructure is stable, and has been working for a while (this means that the infrastructure has a history of sending emails).
3. Ensure that the sender is a "responsible emailer" according to their and certified receivers' criteria.

In addition, Goodmail says that people who have email boxes on AOL or Yahoo must "opt in," or agree to receive certified email.

Given this, it became clear that this is not what detracters are saying it is, which is an email "tax." However, it is obviously a fee-based system which does add on a charge per email.

So, what is Uncle Mark's take on this?

I am not against it. I also think that this will die on the vine.

Here's the deal: We need, badly, email authentication. We need to have a system in place that certifies to you that the sender of an emailer is really who he or she says they are. This something that has been on my mind for many, many years, and the problem has gotten worse.

Basically, you have no idea, really, that an email from "Aunt Myrtle" is really from Aunt Myrtle, or is a "spoofed" email. Anyone, and I mean anyone, can make their email program say that they are sending emails from "george@whitehouse.gov." This is, frankly, insane, and reflects the openness of the internet, as well as the good intentions of the guys that built it. So we have the following problems:

1. "Phishing" in which people send you emails claiming to be from a bank, or PayPal, or some other service, with the intention of stealing your money or identity. This is a real problem.
2. Viruses that send copies of itself while claiming to be from someone else.
3. Internet scammers can claim to be anyone they want to be.

And there are others. People spend a ton of money on filtering "spam" and viruses from emails. Why? Because we have no real idea where the email came from. Spam filters and services can do quite a bit to filter this out -- you are spending money to do this, it is NOT free.

Let's say we have this world: I am Mark Patterson, Uncle Mark. I have certified to the government or to some authentication agency that I am really Mark Patterson, and they checked my ID, and they confirm that I am indeed Mark Patterson. They issue me an "email passport" that says that email sent from me really came from me, and no one else. Now let's say that everyone does this: Everyone applies for an "Email Passport."

Now, let's say that someone with an email passport emails me. I now know who they are, because I see they have a passport, and I trust the agency that issued it. So, Aunt Myrtle emails me, and I can see that it really is her.

What does that do?

1. Phisher's can no longer claim to be from a bank, because they do not have the bank's passport.
2. Spammer's can no longer spam with impugnity, because you can block all emails with their passport.
3. Viruses are limited in their effectiveness. You can still get a virus sent, but you will know where it came from, unlike now.

Basically, you now who is sending you email. If an email comes in that does not have a passport, that email is immediately suspect. You will know, however, that it is not a bank if is claiming to be one, because it does not have the bank's passport.

So why not just have an email passport?

Well, the main reason is that there are conflicting standards for email authentication, and there is no consensus. Microsoft is pusing a technology called "Sender ID", and Yahoo and others are pushing "Domain Keys," and then there is the "Sender Policy Framework." That's just three. This is something that needs to be a single standard, like email in general is.

So, it looks like AOL and Yahoo are cutting the Gordian Knot and saying "Heck with it! You gotta pay to reach our users!"

So, why will this "pay to play" scheme die on the vine?

1. The end user must "opt in" to receive it. Would you opt in to get paid-for advertising?
2. The sender must pay to send each email. Would you, as a company, pay to send anything but revenue-generating advertisements?
3. If Yahoo or AOL play the hand to heavily, and force people to get these emails, people will use other email services, or filter out these emails on their own. This removes the economic incentive of the senders.
4. If Yahoo or AOL neglect their spam and virus filters, users will leave.
5. Banks and other companies that want to ensure their emails are certified will certain use other means than a "pay per email" service. They will adopt an email authentication service, or all of them.

In addition to the above, that larger issue is that Internet services "want to be free." What that means is that once you have a connection to the internet, it is really, really easy to communicate with other people on the internet, and all forms of this communication therefore can be cheap to build and use. AOL's IM and Yahoo Messenger are free. If they started charging real money for it, something else would come along and do the same thing cheaper. Email is really, really cheap. If someone starts charging money for it, it is really, really cheap to go somewhere else. Voice over IP and internet phone calls are really, really cheap. If someone starts to charge big cash to make an internet phone call, you can go somewhere else -- even use IM or Yahoo Messenger. [This is why Uncle Mark was so flabbergasted when eBay spent so much money for internet calling vendor "Skype." You can do this for nothing! If you know even a bit about programming, you can write your own internet phone!]

So -- mark me -- this will start off, and then in about a year, it will be a non-issue. AOL and Yahoo may still use it, but my guess is that it will be very low volume. It certainly will not replace email, or, unfortunately, get rid of spam.

Monday, January 09, 2006

Almost a Year!

Well, it is almost a year since Ask Uncle Mark took to the blogosphere! I admit, it has been sporadic, but at least in doing it I've learned a few things. I hope you have, too.

Some of my lessons learned are:

  1. It's funny how when you tell people that you will answer their technical questions in a 'blog how fast the questions dry up! One of the original purposes of this 'blog was to allow one answer to address a number of questions -- if one person has a question, the idea was that so do others. I did not anticipate the number of technical questions to decline!
  2. I do not have to be the writer of all content. There are others who have written eloquently on technical subjects, and many times it is more expedient to link to their information -- the beauty of the web.
  3. It takes time to do something like this! When I post an answer, I want to ensure it is correct. It turns out that this "fact checking," as we in the journalism trade calls it, is an involved process.
So, I've decided to shift the focus a bit for Ask Uncle Mark to be less of a "Dear Abby" to more of an internet "Guide to the Inside." Sort of a specialist in "Endotechnology." There is so much technical information, news items, and just plain data flying around that it is extremely difficult to separate the wheat from the chaff. For example, some alarming technical information is just sensationalism, and some, like Sony's "root kit" fiasco, is truly evil. I broke the story to the non-technical world here, on Ask Uncle Mark (I got it from slashdot.org, the site for "News for Nerds."). The Sony Rootkit ended up on the list of one of the biggest gaffs of the year on several technical media outlets, and cost Sony a bundle.

The field of technology has gotten so vast that there is truly no way one person can report on the whole of it. There are, for example, computer specialists in the field of supercomputers that never touch Microsoft-run PCs or Apple Macs. There are Apple Mac afficianados who would die of mortification if they ever had to use a PC. And, there are the True Believers of the Microsoft/Gates Vision of the Future. But, those are the obvious divisions -- there are more. There is a magazine called "Computer Power User" that gets into the guts of the new PCs that are out, and is geared to computer gamers. These guys have a totally different take on computers than the casual web cruiser. They want maximum power from their computers, even to the point of forcing the computer chips to perform outside of specification (called "overclocking") and then cooling their super-charged computer chips with watercooled -- yes, really watercooled -- heat dissipators. This is a whole new realm of information.

During the year, I made a few informational posts in addition to the educational posts. Going forward, I will be posting interesting technology stories and experiences with technology as they happen, and adding some insight into them, again, with an eye to the non-technical reader. There are a ton of resources for the technically minded which are incomprehensible to the "lay person," but which are nontheless important to know about. Uncle Mark will post some of the more interesting and let you know why you should care.

So, welcome to The Guide to the Inside -- Ask Uncle Mark.