August 31, 2008

Chuckle of the Day: Cindy McCain on Palin's National Security Experience

Greetings. This isn't a political blog per se, but I just can't let this one pass by.

It's been interesting watching interviews of Republicans attempting to justify McCain's choice of Sarah Palin as his V.P. running mate. Their obvious discomfort at repeating the official talking points regarding a person that most of them had barely heard of until a few days ago is palpable indeed.

This quote from Cindy McCain to ABC News really got my attention though. When asked about Palin's seemingly total and utter lack of any national security credentials, the Republican presidential nominee's wife replied:

"Alaska is the closest part of our continent to Russia. So, it's not as if she doesn't understand what's at stake here ... "

I love the "proximity theory" of expertise. By the same reasoning, it implies that living in the vicinity of a nuclear power plant magically imparts a college-level nuclear engineering degree on nearby residents.

It should be immediately apparent to everyone how Alaska's geographic position has provided Sarah Palin with comprehensive knowledge regarding the wars in Iraq and Afghanistan, international terrorism, and the vast array of other international security issues about which anybody who could become President of the United States should be little short of expert.

A Republican friend of mine yesterday pointed out to me what he sees as a bizarre similarity between the Republican ticket and characters from Gilligan's Island. I think he went a bit over the top with that comparison, but it's certainly true that this political season is getting more surrealistic by the minute.

And that's no three hour tour.


Posted by Lauren at 12:36 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

August 28, 2008

Comcast's New "Two Strikes and You're Dead" Internet Usage Policy -- and More

Greetings. Comcast has announced a 250 GB/month "death penalty" Internet usage cap, effective October 1. This appears to be based on the total of all downloading and uploading. (For reference purposes, here is a copy of the text from the page linked just above, as observed this evening before any possible changes by Comcast. Typos are in the original text.)

Comcast and some observers will no doubt suggest that 250 GB is a generous cap, particularly in light of some ISPs apparently planning caps an order of magnitude or more lower. I'll have more to say about "other ISPs" below.

Some specific details of Comcast's new policy are definite eyebrow raisers.

The cap is not a "no more usage after this point" cap. It's a "you're no longer our customer" cap. Exceed the limit twice in six months and you're tossed from Comcast for a full year. Due to limited practical competition in many areas, that would mean that some former customers would not have access to any other broadband Internet services at affordable (or in some cases any!) prices.

Comcast appears not to be providing customers with a means to check their current Internet usage volumes. They simply suggest that their subscribers go out and find software for this purpose for all of their computers and handle it completely by themselves.

The same cap applies to all levels of residential service, regardless of the speed tier to which the customer has subscribed.

The usual table of comparative usage is presented of course, to supposedly inform users about what 250 GB really means. Well, actually, the document provides the table twice, and the numbers are different in each!

Table 1:

Sending 20,000 high-resolution photos,
Sending 40 million emails;
Downloading 50,000 songs; or
Viewing 8,000 movie trailers

Table 2:

Send 50 million emails (at 0.05 KB/email)
Download 62,500 4 MB songs (at 4 MB/song)
Download 125 standard-definition movies (at 2 GB/movie)
Upload 25,000 hi-resolution digital photos (at 10 MB/photo)

Hmm, 10 million e-mails appeared magically between Table 1 and Table 2! And man, those are sure short Table 2 e-mails -- only 50 bytes each! Oops, let's try figure out what they really meant. Maybe 5K each? Oh well, the details don't matter, right?

But of course, most people use their Internet connections for a mix of applications -- many of which run autonomously, so no one element of those conflicting tables will apply in isolation for most customers.

Hey, wait a minute. Is something important missing from those tables? 125 standard-definition movies says Table 2. Huh. The cable companies, including Comcast, have been telling us that standard definition is obsolete, that we all need to upgrade to HD service! I wonder why they didn't include HD movies in their tables, given that those will increasingly dominate what viewers watch.

Perhaps this issue relates to the fact that a typical HD movie can run maybe five times the size of the same SD movie? Yeah, I guess "25 HD movies" (as your total usage for the month) wouldn't look so great, especially when Comcast's own on-demand/PPV movie offerings don't count against your Internet usage cap at all! Well, so much for outside movie services providing HD. "We don't need no stinkin' competition!" -- right?

With Comcast leading the way, we can assume that other ISPs -- cable and DSL -- will be hot to trot for this bandwagon.

I saw this image in a Time Warner Internet ad a few days ago. One imagines that such "No Limits" promotions will be seen as a historical artifact very shortly. I visualize Wile E. Coyote crouching in a cave, smiling at a rack of equipment labeled "ACME Bandwidth Limiter" -- as the Road Runner zooms along a nearby desert road. Suddenly a light on the ACME unit turns red, a metal wall pops up in front of the Road Runner, and the speedy bird finally meets his match is a flurry of flying feathers. Wile attaches his bib, grabs his fork and knife, and heads out for his long-awaited reward.

Reasonable network management by ISPs should not only be accepted, but also expected. We all want the Internet to run smoothly. But sloppy, arbitrary, technically questionable, or anti-competitive policies are not acceptable. It's time to start a serious dialogue regarding the differences between these two situations, and how as consumers of Internet services we can obtain enough information about ISP operations to make informed judgments about such matters.

In the meantime, Comcast might want to clean up their bandwidth cap FAQ on an ASAP basis -- before David Letterman gets hold of it.


Posted by Lauren at 06:18 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

August 24, 2008

New Short Video: "Network Neutrality in 30 Seconds" (Part 1 - "Drowning the Competition")

Greetings. Is it possible to successfully demonstrate the concepts associated with the ongoing "Network Neutrality" debate in only 30 seconds, without doing oneself considerable physical or mental damage? Better yet, can this be accomplished using mainly props that can be found around the average household?

Well, I'm giving it the ol' college try, with a very short new video:

"Network Neutrality in 30 Seconds" (Part 1 - "Drowning the Competition")

Taking my usual inspiration from legendary filmmakers such as Ed Wood, Jr., I intend for this extremely brief "feature presentation" to be the first of a series of such bottom-rung cinematic shorts, all aimed at trying to untangle various aspects of Network Neutrality with a minimum of high-tech imagery. And as you'll see, ya' can't get much simpler than the demo in this vid -- though you can get a bit damp.

So without further ado:

Network Neutrality in 30 Seconds - Part 1 (Permanent YouTube Link)

Network Neutrality in 30 Seconds - Part 1 (Current Direct YouTube Link)

And don't worry, it'll all be over in less than a minute ...

Thanks as always.


Posted by Lauren at 08:34 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

August 20, 2008

eBay Responds Regarding My PayPal Posting

Greetings. After my posting earlier today regarding eBay's move to require electronic payments in the U.S., I was contacted by a senior eBay public relations official -- and we had a pleasant chat.

While there aren't any fundamental changes in the story, I wanted to pass along a few details gleaned from our conversation.

As you might expect, eBay's position is that their move is a win-win-win situation for eBay, buyers, and sellers, especially since reportedly some 90% of eBay transactions are already in electronic form -- and they note that as part of the transition to the "100%"-electronic requirement, eBay will offer 100% purchase coverage insurance. eBay also points out that eBay has no direct financial interest with at least one of the electronic payment options -- credit card acceptance system ProPay.

It was also mentioned that buyers and sellers who meet in person to consummate a transaction would still be free to use whatever payment means they wished -- though in my view this is a highly atypical situation for most eBay users, and it seems clear that eBay will be monitoring transactions carefully to to avoid abuse of this "loophole" in the otherwise rather dogmatic electronic payments regime being implemented.

eBay also asserts that the regulatory reaction situations in Australia and the U.S. are not directly comparable due to differing specific particulars in eBay's plans for the two countries.

As you might imagine, eBay apparently will be offering inducements to try convince eBay sellers that the loss of the ability to continue routinely accepting checks or money orders is nothing to get worked up about. And after all, we're only talking about a measly 10% or so of transactions, right?

Anyway, that's eBay's take on the situation. The eBay seller community has the final say of course -- one way or the other -- by voting with their auction items and/or their feet.

Thanks much to eBay for reaching out to discuss this interesting controversy with me today.


Posted by Lauren at 01:42 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

eBay to Force U.S. PayPal Use (After Australian Rejection)

Greetings. Months ago I mentioned to various eBay sellers in my acquaintance (mostly sellers of collectibles not suitable for "fixed price" sales) that eBay was moving to force the use of PayPal for all transactions in Australia -- and wanted to do the same here in the U.S. Most of these eBay diehards, used to being manipulated by eBay's fee structure and recent detrimental changes (like the abolishing of "negative feedback" regarding buyers), still refused to believe that eBay would make such a move.

Subsequently, Australian regulators have made it clear that they would not accept such an arrangement down in Oz -- a plan that would have primarily benefited eBay itself (which charges significant percentage-based fees for the use of its wholly owned PayPal) -- so eBay apparently has cancelled the scheme there.

But knowing full well that U.S. regulators can be easily cowered into inaction in similar circumstances, eBay has announced today that PayPal (or credit cards) are to be the standard required payment mechanism on eBay for all U.S. transactions. For most sellers this means that they must use PayPal, and eBay will be assured of a nice juicy PayPal commission from each of those sales. eBay of course claims that this is mainly a consumer protection measure -- interesting that the Australian regulators didn't see it that way, eh?

eBay is also making other changes to de-emphasize auctions entirely by making fixed-price sales more attractive -- essentially undermining the basic auction model on which they built their business, and turning eBay even more into Just Another Online Store in many respects.

There are numerous alternatives to selling on eBay. I've wondered why so many eBay auction sellers have been willing to be fleeced for so long by eBay's increasingly callous practices toward this bedrock group.

It will be interesting to see how the eBay auction community reacts to this latest punch in the gut from eBay itself.


Blog Update (August 20, 2008): eBay Responds Regarding My PayPal Posting

Posted by Lauren at 09:03 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

August 14, 2008

Authenticating Hosts Via Self-Signed Certificates (New CMU Tool)

Greetings. I have strongly argued for the expanded use of self-signed security certificates, and against the multiple alarming hoops that Firefox 3 now puts in the way of their use. I consider self-signed certificates to be an extremely valuable mechanism toward the deployment of pervasive Internet encryption, despite their native inability to provide host authentication in the manner of (usually commercial) certificates signed by traditional external authentication entities.

So I'm especially pleased to learn of a new tool -- "Perspectives" -- from CMU, that may offer a means to provide a very useful level of host authentication while still permitting the use of free self-signed certificates.

If you're interested in security and the wider adoption of encryption as a default state on the Net, you might wish to explore this development. I'd be interested in hearing your opinions regarding the techniques described, both pro and con. Thanks.


Posted by Lauren at 10:07 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

AT&T the Web Spy? -- And Their Big Google Lie

Greetings. The battle lines in the broader war over "network neutrality" are becoming ever more clear, and from the standpoint of some ISPs it increasingly appears that the (seemingly coordinated) strategy of the moment is a "But Google is Worse!" defense -- and offense. Truthfulness matters not to these ISPs in this battle, and in a manner reminiscent of the "Obama is a Muslim!" Big Lie, our friends at AT&T have trotted out their own anti-Google lie in an attempt to sway public opinion and the Federal Communications Commission.

The context today is various filings with the FCC associated with their Deep Packet Inspection (DPI) inquiries. Within these documents we learn that AT&T has been enthusiastically exploring the possibility of "opt-in" spying on their subscribers' entire Web surfing data stream.

This revelation yields a plethora of speculative questions. How would such affirmative opt-in permission be obtained (and withdrawn)? What happens to the data collected? Will subscribers be "coerced" into granting permission, perhaps by lower prices and higher bandwidth caps? And is there any reason for us to trust AT&T regarding such matters in the first place, particularly in light of their past history?

AT&T's new Big Lie regarding Google is of particular note:

"Advertising network operators such as Google have evolved beyond merely tracking consumer Web surfing activity on sites for which they have a direct ad-serving relationship. They now have the ability to observe a userís entire Web browsing experience at a granular level."
     -- Dorothy Attwood, AT&T senior vice president for public policy

That second sentence is the kicker -- and is simply untrue. But it's crucial to AT&T's arguments that people believe it to be factual.

Google does collect a great deal of data across their affiliated networks, via IP addresses, cookies (when enabled by users), and presumably URL referers as well. But this only includes sites somehow affiliated with the Google networks, and/or users who have installed various Google tools and enabled associated site reporting features. But it does not otherwise include all visited Web sites. Not by a long shot.

Yet however much dispersed data Google collects in this manner, it still pales in comparison to the 100% of subscribers' unencrypted data directly available to ISPs via DPI, and the immense leverage ISPs have over their customers' total Internet access experience -- with bandwidth caps looming as yet another tool in the ISPs' anti-competitive arsenal.

In fact, ISPs are the only entities with "the ability to observe a userís entire Web browsing experience at a granular level."

And there's another factor too -- more of a gut feeling than a technical analysis. Do I have any issues with some of Google's data collection and related privacy practices? Sure, that's not a secret. But I've been encouraged by Google's continuing evolution in this area, and in particular by their willingness not to simply roll over in the face of outrageous demands for access to customer data.

I realize that all corporations must obey the law, that financial considerations can always put privacy concerns at risk, and that all sorts of other complex factors enter into these situations. But all else being equal, I simply am more willing to trust my data to Google's current management philosophy than I am to the "Yes Sir, whatever you say, Sir!" sensibilities of AT&T when it comes to outsiders wanting to pry into their subscribers' communications.

I used to know quite a few great people at AT&T, especially at Bell Labs in its heyday. Perhaps it's something of a metaphor for where we are now that most of those brilliant individuals have been driven away from AT&T -- and in more than one case they're now at -- Google!

The large ISPs want to remake the Internet in their own image. They see today -- right now -- as the best possible time to take total and complete ownership of Internet users and all associated data. They wish to make sure that the ISPs' positions as gatekeepers to the entire Internet in every respect are firmly entrenched within the oligarchy of the existing U.S. Internet access landscape.

To help ensure outcomes favorable to these goals, it seems that some ISPs are willing to say or do just about anything, be it saddling their subscribers with unreasonable Terms of Service, implementing oppressive operational limitations and bandwidth caps, and in the case of AT&T, issuing distortions and lies about Google as well.

Shame on you, Ma Bell.


Posted by Lauren at 03:15 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

August 03, 2008

Why TiVo and YouTube Terrify ISPs

Greetings. TiVo is in the process of introducing a direct interface to YouTube for their Series 3 and TiVo HD units. I saw it in operation for the first time yesterday. It is seriously slick. You can browse YouTube on any old connected TV, watching full-screen with surprisingly high quality, completely acceptable resolution in most cases (apparently an H.264 codec is in use).

TiVo has a variety of other broadband content facilities, including downloading of movies, but the availability of the vast range of YouTube content, along with the familiar search and "more like this" features, strikes me as something of a sea change.

Suddenly now, there's always going to be something interesting to watch on TV. Anyone who can't find anything up their alley on YouTube is most likely either not trying or dead.

But if viewers are reduced to counting bits by draconian bandwidth caps, such wonders will be nipped in the bud -- and that's apparently what the large ISPs would like to see (unless they can get a piece of the action, of course, in addition to subscriber fees). The sorts of convergence represented by a broadband TiVo terrifies ISPs whose income streams depend on selling content as well as access.

If a critical mass of viewers becomes comfortable with the concept that "bits are bits" -- whether they're coming from ISPs' own video services or from outside Internet sources -- the ISPs' plans to cash in on content are seriously threatened.

It's becoming increasingly clear that bandwidth caps are being eyed by ISPs largely as a mechanism to "kill the competition" -- to limit the mass migration of viewers from traditional program sources to the limitless bounds of Internet content.


Posted by Lauren at 09:42 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

Do It Yourself Slydial -- Even Dumber Than I Thought!

Greetings. When I wrote last night about the stupidity of Slydial's patent application and proposed a methodology for how their service functioned, it turns out that I was missing one fascinating piece of information.

It appears that I actually gave the Slydial folks too much credit. I've now learned that Slydial does not reliably function for all destination numbers without either leaving a "missed call" indication or actually ringing the destination phone once or twice. As "Emily Litella" used to say, "Oh, that's very different!"

Now we can see the light and can duplicate this functionality with ease. The extremely likely "secret" mechanism: Multiple phone calls!

In fact, earlier today, Bob Frankston had joked with me about the possibility of using two calls to get one to voicemail, but of course we both knew this wouldn't work if there was also the requirement of no ring or other indication to the destination phone of the call, other than a voicemail alert. With this requirement dropped, the procedure becomes clear.

You make two calls (on two lines) to the same destination number at essentially the same time from a single origin point. We'll assume that the first call initiated will complete first -- a very good bet in this circumstance. You probably want to stagger the calls very slightly -- a second or two should be fine. The stagger avoids problems that can occur in same cases when two calls hit the same single line service at the same instant, and also helps to assure that you know which of the calls will go to voicemail and which you want to abandon.

If you're willing to chance ringing the destination phone, just wait until you hear the start of a ring then drop that call. The second call should bounce directly to voicemail. If you want a shot at avoiding the ring, wait a couple of seconds for the connection to likely complete, then drop the first call. Depending on the ring sequencing of the destination carrier/number, a ring can probably be avoided in many cases. There are some other obvious tricks that could make ring avoidance even more certain.

This technique duplicates the Slydial symptoms that I've now seen reported. If you don't drop the first call fast enough, you'll trigger ringing. If you drop during or before the ringing (but after the call completes to the switch) you're likely to trigger a "missed call" indication much of the time. In both cases you may also trigger a caller-ID display (if not blocked by the calling number, of course).

But what about call waiting? We don't care about call waiting! First, if no current call is in progress to the destination phone, call waiting will normally not be triggered. Call #1 is the set up and enters the connect/ringing sequence, and call #2 bounces straight to voicemail. And if a "real" call is in progress, our set up call #1 will simply trigger a call wait beep (but by the time the person called can get to it that set up call will be dropped) and our call #2 will bounce to voicemail -- exactly what we want to happen.

In testing with a couple of landlines and my own cell phone earlier today, I was able to make this work 100% of the time after just a few minutes of "tuning" my technique.

So there you go. You can do it yourself. But, uh, keep in mind that some folks might consider those initial abandoned calls (especially if they ring) to be harassment. You don't need Slydial to pull off this stunt, though obviously they make it easier since you don't have to use a couple of your own lines.

And if any of this tomfoolery rates a patent, then we might as well all pack it in -- the lunatics will have taken absolute and total control.

"Your call cannot be completed as dialed ..."


Posted by Lauren at 12:31 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

August 01, 2008

A Patently Silly Filing by "Slydial"

Greetings. Just a late night quickie. The New York Times has a story up about a service called "Slydial" -- which is making a big deal out of letting people send outgoing calls directly to cell phone voicemail rather than ringing the destination phones.

The story states that Slydial wouldn't reveal their technology since it was apparently patent pending.

Well, I'll reveal it with a high level of probability, without even having to see their application -- which one would hope would be rejected by the USPTO (but of course, these days you can get a patent on just about any ridiculous concept, so ...)

Anyhow, the obvious way to accomplish Slydial's purpose is simply to link callers to the direct voicemail entry interfaces that are available to cellular subscribers (and in many cases, open to anyone who makes the simple effort to note the centralized voicemail access number used by various carriers in regional areas).

Once you've used one of several techniques to access the voicemail system at that level, a typical option is "send a message to another number." You enter the destination number (on that cellular system) and you go straight to their voicemail prompt.

No magic at all -- lots of people use this feature to send each other voicemail messages all the time. The only "value-added" that Slydial seems to be providing is (surreptitiously?) permitting non-subscribers to access the systems.

Of course, I have no proof at this point that Slydial works in this manner. But it's a good bet that they're doing something along these lines -- and also that their patent application belongs in the round file at the patent office.

Say goodnight Gracie.


Blog Update (August 3, 2008): Do It Yourself Slydial -- Even Dumber Than I Thought!

Posted by Lauren at 10:34 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein