SteveStreeting.com

I read today that ‘Pentagon uber-hacker’ (if you believe the US authorities, who presumably don’t want you to think that their security systems are akin to wet tissue paper) Gary McKinnon has lost his appeal in the Lords against his extradition to the USA. I think we can all feel sorry that a misguided but definitely non-malicious geek is going to get the book thrown at him.

Coincidentally, we also watched Sneakers last night, after I finally got around to buying it on DVD. It’s still one of my favourite films, even though occasionally it errs on being film-friendly rather than technically realistic (accoustic couplers in 1992?). The cast is fantastic, the script is great, and the appeal of a bunch of non-conformist, philanthropic hackers coming out on top is enduring.

What a shame life doesn’t imitate fiction a little more often.

Now it’s out of beta, Firefox 3 has become my primary browser - it’s a nice speed upgrade and I like the little extras like the unobtrusive ‘remember password’ prompt, smart location bar and reduced memory usage. It’s a shame their servers went belly-up on the planned release day, but then they did paint a bullseye on their face.

There were a few hiccups- I have a few add-ons I generally feel I couldn’t live without and a couple of them didn’t want to work immediately.

• Firebug won’t upgrade itself, you have to switch to the beta 1.1 version if you want it to work with FF3. Seems to work fine.
• Google Browser Sync doesn’t work and Google have apparently dropped future development support for it - because they never released it as open source (why?) it’s essentially a dead product. Foxmarks is a nice quick alternative, although it does only synchronise bookmarks and not open tabs, cookies or passwords. It does have the advantage that you can sync it to your own server if you want though. Long term Mozilla Weave looks like it could be the best option, but it seems a little young right now.

Also oddly, I had no back / forward button block to begin with. I don’t know if that was linked to the fact that I’d been running the beta beforehand, but I had to customise the toolbar to add it back in.

Still, overall it definitely feels faster and slicker, so it’s a useful update to a major staple of my application toolset. I haven’t tried the native look and feel on OS X yet, I’ll be updating next time I’m on the Mac to see what it’s like.

Opera is still the fastest browser of course, but IMO they really missed the boat by holding on to the concept of being able to sell a browser for a little too long, and I’m not sure they’ll ever catch up in terms of the sheer breadth of available add-ons. I have Opera installed on my machine too (for testing) and although it’s good I always gravitate back to FF just because of all the useful add-ons & the more active community - the same applied to Safari on the Mac.

Whatever your preference, with all these options there’s really no excuse to still be using that buggy piece of trash called IE!

I’m not a heavy user of eBay, in fact until about a year or two ago I’d never used it. Unlike some people who routinely buy tons of DVDs & games etc that they want to offload later, I tend to mostly buy stuff that I want to keep, and anything that I finally want to get rid of after a few years, I give to a charity shop. I did however find it useful to sell off my laptop last year, and I’ve since used it to sell a couple of bits of PC hardware I didn’t need anymore - they weren’t the kind of thing a charity shop would really find a use for, I can’t imagine a Granny picking one up there and thinking ‘oh yeah, I could really use a Mini-ITX board to run that media server I fancied building’.

However, I’m now getting rid of all my PS2 hardware, since its remaining raison d’etre was Guitar Hero which has now been ruthlessly usurped by Rock Band. Since it’s all only a year old and I’d quite like to offset some of the significant financial outlay for Rock Band, I naturally turned to eBay.

I figured I’d put a Buy It Now option on the PS2 hardware itself, and was pleased when someone took it up. However, I was less pleased afterwards to receive a forged PayPal payment confirmation email, sporting a delivery address in Nigeria. The email was quite a good forgery, they got the layout spot-on and they tried to hide their forged links behind Javascript-laden images, but really the effort was wasted since there were a couple of fatal flaws that even a total moron should have spotted:

1. The address was in Nigeria. Internet scam capital of the world. Duh.
2. They had inexplicably decided to add £100 to the amount (supposedly) paid for no good reason. Clearly the idea was to get people so excited that they would ignore the other issues, but I’ve always been taught that if something looks too good to be true, it usually is
3. The excuse as to why this email was not backed up with eBay / PayPal transactions was frankly ludicrous: “the amount will not show up until you send us the shipping reference number”. Shyeah, right.

This was the first time this had happened to me, but even so I’m stunned that people are taken in by this sort of attempt. Obviously I cancelled the bid and re-listed, but from what I read, people really do fall for this kind of thing; high-end mobiles appear to be very popular in particular. How dumb do you have to be to mail a £300 phone to an address in Nigeria on the back of an email that says that the money will magically appear once the item is in the mail? Maybe greed turns off certain parts of some people’s brains - wave the prospect of way more money than the item is worth in front of someone and maybe they’ll put common sense on hold.

In the end it’s a minor annoyance this one time. I’m actually surprised I didn’t have the problem with my laptop, which was valued significantly higher than the PS2 - maybe it was the Buy It Now option that was the honeypot. At least feel included in the whole Nigerian scam Internet phenomenon now - sure I’ve had the 419 emails for years but those are so impersonal

A couple of random thoughts for a slow Sunday…

You know, despite being universally reviled, spam actually has a purpose - and that is to prove that my email is working. My spam defenses are pretty good and sift out the vast majority of junk, but I still get the odd unfiltered mail every day and in a way, it’s comforting. It’s like a little heartbeat telling me that my email is indeed still online, and I will therefore be getting any important mail on time. In the last 12 hours I didn’t get any, and I was actually a little suspicious, and proceeded to test my mail (which was still fine). Funny how you come to rely on such things.

Secondly, I had noticed that YouTube was starting to shut me out of a lot of videos in recent days. It seems they’ve signed partner agreements with a bunch of media companies, and as of now most of the ‘top hits’ for things like music videos I look up have a little red triangle in the top left, meaning ‘partner video’. Yesterday when I was looking these up on Windows / Firefox, without exception these videos came up with an error saying ‘this video is not available in your country’ or similar - so I had to locate unofficial videos for the post I made yesterday. Oddly today (and I’m on the Mac now) I seem to be able to get to these videos - I’m guessing they perform these filters by IP though so my platform shouldn’t make a difference; maybe they’ve changed it in the last 24 hours and allowed the UK to see these videos? Anyone know what’s going on? I see this as one of the inevitable downsides as sites like YouTube start to make money.

I’ve often bitched about my connection to the intertubes being pretty slow compared to what is generally expected in the current times. As average download speeds have increased, I’ve found myself going to sites that assume faster download speeds than I have, and thus having to pause & come back to videos when they’ve buffered more to avoid an irritating stop-start experience (note to flash players that only allow buffering of a little bit of a video - shame on you). I jumped on the broadband wagon in 2001 at a downstream speed of 512k/s, and until now, in the intervening 6 and a bit years, the speed has only increased once to 1M/s. That’s pretty piss-poor, but the reality is that we’re an island, and even though we’ve been getting increased capacity via fibre-optic cable links to Europe, our shores are clogged with offshore finance businesses and gambling websites from other juristictions (hosted here for regulatory reasons) who are quite willing to soak up all this extra bandwidth through dedicated circuits at incredibly inflated prices, so the average consumer has been mostly forgotten.

Well, we’ve been tossed a bone finally and my downstream speed has now increased to 2M/s (unlimited), which is certainly welcome, but incredibly late and still below par considering I pay £22 per month for it - in comparison in the UK O2 will do 16M/s (unlimited) for £15pm. A quick test at SpeedTest.net (off-peak) indeed reported a decent performance, slightly off the max reported by my router:

I’m not sure why it thinks my ISP is in Slough, but there you go. The important fact, something I’ve banged on about for some time to our intransigent infrastructure supplier (Cable & Wireless, now rebranded as ‘Sure’ locally, which ironically is my exact response whenever their PR dept claims they’re building a ‘world class telecoms system’), is that we’re still running at about half the average speed of the UK and Europe, which is still pitiful. Yeah, I know there’s the island aspect, but that cuts both ways - the cables never have far to go here, certainly compared to the UK/Europe averages which include distant rural areas - even my parents can get up to 6.5M/s where they live, and they’re in a tiny village in rural Cornwall.  Plus, there’s also a captive market locally sloshing with shedloads of money from rich finance houses and related high-value services, which can easily fund investment - if there’s one place you could build a modern telecommunications infrastructure, it’s somewhere like this. But, they either can’t, or they’re not interested in doing so (for consumers), given that they can make their sackfuls of money from business links, and consumer services are small beer. That’s also why it’s almost impossible to rent a server cost-effectively over here, they’re only interested in (gambling) companies that will rent several racks at a time, small customers are irrelevant to them. Luckily that market is global - I can host pretty much anywhere and get a deal 10x better than I can locally - but when it comes to my local internet connection, I’m stuck with what we have.

I’m holding out for one of the competitors to put up a few high-speed wireless transmitters covering the whole island (not that difficult), using the bandwidth from the extra optical cable they’ve brought ashore in recent weeks, and completely bypass the physical cabling system that ‘Sure’ controls - maybe that will finally shake them out of their torpor and make them appreciate the consumer market again. But, my cynical mind thinks it’s more likely they’ll also chase the business customers first anyway since it has a greater return. Hmm.

Web 2.0. It’s a horrible, marketing-speak term that deserves the unending derision it is generally given by techs the world over, but nevertheless it’s stuck. Depending on who you ask, Web 2.0 either means the technology that make current darlings like Facebook and GMail work (such as AJAX), or the underlying principles of the regular users of websites having a more direct community involvement in the shaping of content they view. I guess it’s actually both. People have heralded this progression as a new renaissance for the Internet - personally I just see it as a natural incremental progression of technology and not the sea change that it is often sold as, there were pockets of the Internet doing this stuff long before the term was coined, it’s just more mainstream now.

However, there’s a trend that I’ve seen arise from Web 2.0 which I find a little disconcerting, and that’s an increasing centralisation of control and increasing reliance by the Internet-surfing public on a small number of technology players. On the one hand, we have personally hosted blogs, forums, comments etc where content is truly democratic / meritocratic; no-one controls what I say or do on this blog but me, and I expose precisely what I want to and no more. On the other hand, you have corporate players who provide hosted services, and increasingly this is what’s becoming what most ‘normal’ people associate with Web 2.0 - sites like Facebook, YouTube, Bebo, GMail are all controlled by corporations who make their money by attracting eyeballs. The content may be user-generated, but control over that content once posted is very much centralised and divested from the point of origin - convenient for sure, but what exactly are we giving up by being so dependent on them?

Freedom of speech has been one of the core tenets of the Internet from its inception. However, corporations have vested interests and potential exposure to litigation, so any service they host must be regulated, which is at odds with this principle. The result is of course censorship, often harsh and unilateral (particularly if Viacom took a dislike to you) and it has plagued most of the big names at one time or another. It’s because there’s a fundamental conflict of interest here - the corporations hosting these services make their money by hosting user content, but some of that content can get them into trouble, or ruffle feathers that it is not in their business interests to ruffle. Sure, these centralised sites can pretend to be the voice of the people, but they’re really not - they’re just corporations who have figured out how to make money by being a conduit for people’s Internet behaviour. In the end, despite the rethoric they’re ultimately not there for the individuals, or to make the world a better place, they’re there to make money - and individuals and content that isn’t compatible with that model can and will be excluded.

There are other issues too, probably the most important one being privacy. Protection of personal data from corporate exploitation has always been a serious issue in the UK (let’s ignore for a second privacy from our own governments which has gone backwards in recent years) but increasingly people are giving away their personal information to companies hosted in regions which have little or no such protection. Sure, a site may have a privacy policy, and perhaps give you supposed control over who you’re exposing the information to, but if they’re negligent and allow your data to slip into the wrong hands, there’s really very little statutory recourse, meaning data protection can never truly be a top priority for these companies, not compared to shoehorning in new features to beat the competition or to find ways of generating revenue. With identity theft on the rise, it’s alarming that so many people are willing to risk entrusting their personal information to third parties in juristictions with flimsy protections, and to companies who can sometimes pay lip service to privacy.

My opinion on this is that these problems are inherent to using third parties to act as hosts for our information, or rather allowing those third parties to control how the information is stored and regulated (and if you think that interface on your Facebook profile is true control, think again - at the end of the day your data is sitting unencrypted in a datacenter somewhere and is far from secure). They’re never going to care as much about our information as we do - with millions of users and a business to run, how could they? Maybe you don’t care that much since you’re just using these sites for personal photos and simple information, but I think this is a slippery slope. Do you know where the dividing line is between facts you’d be happy to be accidentally exposed by a server breach, and those you would not? Perhaps it isn’t a line, maybe it’s more of a grey area, since it’s increasingly possible to take a bunch of disparate information and piece together a greater profile from that? And can you deny that more and more of your life is transitioning to the internet, and that at some point you might look at everything you’ve given to the likes of Facebook and wish you hadn’t? And, what if you find that you can’t delete it?

Web 2.0 and the current vision of what ‘the cloud’ should be tends to revolve around technology companies holding repositories of information which we all must feed in order to form these rich online information exchanges. However, I really don’t believe this is necessary. Yes, there is a need for ‘hubs’ in the Internet, focal points where people can discover each other and connections. However, there’s really no reason why all our potentially private data needs to be centralised, under someone elses control. Right now it’s the only way for most people, because rolling your own hosting requires more technical knowledge and resources than most people have at their disposal, and ‘connecting the dots’ can only currently be done on centralised sites. I think we should be working towards developing technologies that make it easier for individuals to be in charge of their own information, not to give it away to third parties, and to form and be in control of their own connections - directly, not just via some centralised site which provides a mere illusion of control.

Personally, I see the current situation as a step on the path, and that the eventual goal should be to ‘re-democratise’ the Internet, where users are once again in full control of their data, exposing and exchanging only what they want to, directly with their trusted contacts and not via an untrusted middle man. Every Internet user has an ISP, and that ISP generally provides them with additional services like a mailbox and some variable amount of web hosting. All these technologies are based on standardised protocols and well-known principles, and generally are delivered via open source software. They’re true commodities - and what’s surprising is that this base feature set has barely changed in over a decade, and yet the way people use the Internet has changed almost beyond recognition. Imagine this - what if, as part of your ISP service, you were provided not just with simple web hosting, but a local version of Facebook? One where all the data you post is held locally on the ISP’s server (with appropriate quotas, but hey, disks are cheap), and preferably encrypted. Let’s now say that you can syndicate / exchange elements of that information to third parties that you trust over standardised protocols - exchanged over a secure channel if desired and the source / destination verified using digital signatures or common authentication systems like OpenID. All those updates you usually post to a central site can easily be desemminated directly in an ad-hoc fashion to your friends in a push model, or in a pull model for new joiners. But, you may ask, even with the automated syndication / synchronisation, how do you find your friends in the first place without a central system? Well, via the search engines we’ve all used for years - you will obviously need a regular public profile web page for unvalidated users to land on, and automated search engine submission; there’s no reason why specialist networking providers like Facebook couldn’t still act as hubs for just the public information to allow this discovery to happen, without having to hold sensitive or personal data.

In a nutshell the advantages of this approach over current centralised services include:

• Control of personal data remains in your own hands; you can choose what to give out, control encryption etc
• No censorship
• No need to maintain multiple profiles in many different systems
• No dependence on third parties, they are a value-add, not an inherent requirement
• Security based on open standards, transparency and trust are key

Much of the technology required to do this already exists, and has done for years, what’s needed is the vision and development effort to pull it all together and make it truly usable for the mass-market. If something like this is to fly, it has to be as easy to use as Facebook even though the underlying tech to make it happen is a lot more complex (as any decentralised system is). I think it’s an effort worth making though; personally I strongly believe that we’re setting ourselves up for a fall by entrusting too much of our data to third parties, and that in years to come, as people look to put more and more of their personal and business lives up on the Internet, eventually people will be crying out for a way to wrench control of their information back. Think of the web-of-trust systems we rely on for PGP communications, and now imagine that extended to a social network model, peer to peer, decentralised control, encrypted and validated via trusted signatures, not some self-appointed third-party web site.

The hard part is finding a business model to support it, because to do something this ambitious will undoubtedly require funding. Although I strongly believe that putting the power back in the hands of the people is the right thing to do, when you stack it up as a business pitch against the current approach of forcing users to give all their data to you, and to be totally reliant on you on an ongoing basis, it doesn’t stack up particularly well. Plus, everyone is already familiar with the ‘host user content, get eyeballs, profit!’ sequence so it’s a relatively easy sell. Perhaps the answer is not to chase the stratospheric growth targets of typical Web 2.0 companies, but to ramp something up quietly and organically, funding via lightweight (optional) hub search services and provisioning to ISPs and/or early adopters. Open source is totally inherent in the approach too, both to promote open adoption but also to instill trust - in order to fully trust a system like this, its inner workings have to be completely open for anyone to scrutinise.

Well, there we go, my vision for the future of exchange of personal information on the Internet. If any VCs are reading this, feel free to discuss it with me further

Bah, it never rains, but it pours. I was poised last night for the Google Summer of Code 2008 accepted students announcement (we knew already for OGRE of course, since we picked them), since I had a bunch of things to do once that happened, such as welcoming the students to the project. Unfortunately, the announcement was quite late and I had a bunch of friends coming around so I wasn’t that great a host to begin with, as I’m there hitting F5 on the Summer of Code page waiting to fire everything off (in the end I just had to give up and wait until after they’d gone to finish up). Worse though was that spammers decided to pick that particular time to use my email as a return address in a fairly major spam offensive, giving me something else to curse about when I had no time to deal with it properly. I’m no stranger to spam, having a number of very publicly visible email addresses, and my several layers of defenses normally deal with it, however in this case the sheer volume of specifically targetted backscatter was a problem. *sigh*

Backscatter is where a spammer uses your email address as a return address for all the spam they’re sending, so that when it can’t be delivered, you get the Non-Delivery Report (NDR). The problem with backscatter is that it often doesn’t register highly on content based spam detectors because the initial chunk of the mail is a perfectly valid set of content (the report from the server). I’ve had backscatter before, but it’s usually directed at random addresses in domains that I control and therefore easy to deal with - it’s rare to get backscatters directed at one of my valid addresses, and not in any great number. However this time I had literally thousands of backscatters specifically targetted at one of my valid email addresses in the space of a few hours. Many got chewed up by my filters anyway, but many didn’t, enough to really piss me off.

If you have a more recent version of SpamAssassin than I have, there’s a handy rule already defined to handle backscatter - another reason for me to upgrade my mailserver to Etch soon. Sometimes the problem with Linux servers is that they’re so damn stable & unobtrusive you tend to forget about them - beyond security patches, I haven’t messed with this server in any significant way for at least 3 years. Hence I tend to put off the upgrade as a ’sometime when I’ve got nothing better to do’ - which usually means never! I have a list of things that aren’t essential but would be quite nice now though, so I guess I’ll have to get around to it.

Anyway, I certainly didn’t have time to start upgrading anything last night, I was already on borrowed time, so after some head scratching and experimentation I added this to my .forward rules:

# Deal with spam bounces not originating via my servers
if error_message and not
    ($h_Received: contains "from \w*\.myispsservers\.com" or
    $h_Received: contains "from \w*\.google\.com")
then
    seen
    finish
endif


That seems to have done the trick, and has the advantage of allowing through NDRs for emails that I actually sent, which just dropping all NDRs would lose. Basically, any NDR that was generated from a message that I actually sent should have been relayed via either my ISP’s mail server, or Google’s (if I happen to send a mail from GMail - since I use both my own mailservers and GMail). The ‘from’ part is important, because obviously any mail I pull down from my mailservers will mention their fully qualified names in the route trace, therefore just looking for the name on its own wouldn’t help. But the key is that if the mail has just ended up there and was pullled down via POP (rather than being relayed by SMTP), it will only have an entry saying ‘by mailserver.myispsservers.com’, not ‘from mailserver.myispsservers.com’. Thus this rule rejects NDRs that were not a result of mails that went out through my known mailservers in the first place. I’ve used a wildcard match just in case my provider or Google change their email server names.

Maybe that will help someone else who ends up in the same unfortunate position. I refuse to give in to the spammers and hide my email address from the public - like it or not I need to be easily contacted via the web, and I refuse to let them win.

Firefox 3 is about to hit Release Candidate 1 any day now, and beta 5 is supposed to be pretty stable now, and since it can co-exist with Firefox 2 on Windows (not on OS X or Linux, mind) I thought I’d give it a try. And hey, it’s pretty damn cool.

Outwardly when static you won’t notice a great deal of difference - the back / forward buttons are a little more compact, the icons are a little flashier in places and you have quite cool things like one-click bookmarking on the location bar (the little star icon - it’s gold when you’re on a bookmarked page already, outlined when you’re not), but otherwise just feels like Firefox 2, which is no bad thing. Where you will notice the difference is in the speed - I found the new version to be a bit faster with general web browsing, and much faster when dealing with AJAX-heavy sites like GMail or Analytics. Given that’s the way things are going for most sites these days, I’m not surprised they’ve concentrated on streamlining that element of it.

Seems pretty stable to me, the only thing that stops me using it right now is that there is no updated version of Google Browser Sync for it yet, one of my 3 ‘essential’ plugins, the other two being FlashGot and Web Developer, which do work with the new version. Once that’s updated, which I guess will be fairly soon now that FF3 is emerging from beta, I’ll definitely be upgrading.

Yet more proof, if we needed it, that Mr Facebook has his head permanently lodged shoulder-deep in his own arse, because allegedly, Facebook is now going to help rid the world of terrorism. Yep, that’s right - not content with running a one-trick popularity-dependent company that despite still scrabbling around for a viable business model still gets funded to a level that defies all rational analysis, nor with his could-you-get-any-more-pompous 100 years of media gaffe, good old Zucky is now taking credit for stopping terrorism too.

"Facebook has a relatively large population in London, " he said, making a rare connection with reality. "Terrorism comes … from a lack of empathy and understanding. …. There are people who are at a point in their lives, a crossroads, deciding whether they’re going to pursue terrorism. And people have told me that Facebook has helped them maintain connections with friends in Europe, in America, and maintain that empathy."

Right. Need a little perspective much Mark? I guess you can’t blame him, he’s barely out of school so can’t be expected to have any idea about his place in the grand scheme of things, especially when people keep throwing sackfulls of money at him like it was 2001 all over again. I really, really can’t wait for this particular bubble to burst.

Let’s get this out of the way early - I hate Facebook. Not because of the implementation, but because I hate everything Facebook stands for, in exactly the same way I hated the last hype-cycle of the Internet age, and every predecessor to Facebook that has been flavour of the month this time around. Here’s my reasons:

• It’s fundamentally a total waste of time and resources - social networks generally are of course; they’re just a great big hole to piss your time into for absolutely no measurable return. The idea of building a great big list of imaginary friends, very few of which give a flying toss whether you live or die, is ludicrous in its narcissistic inanity. I do use LinkedIn, but only for recording my business contacts - it’s my virtual Rolodex. Social networks where connections have no purpose other than allowing you to claim that you have 200+ friends is just a shameful pile of wasted bits on a massive rack of disks, that must wish they were being put to use doing something worthwhile.
• It has no business model, and yet is supposedly worth $15bn - the whole Web 2.0 hype annoys the hell out of me just as much as the dot com bubble did ten years ago; listening to journos, marketeers and commentators blather on about Facebook, you’d think it was a massive value proposition. But it’s highly questionable whether there is any genuine business model there, beyond advertising - and that will only last until everyone gets bored and moves on to whatever is the next big inane waste of online time, just as they have done many times before. Each time Facebook tries to create a more robust business model, they screw it up and find it’s incompatible with their community. What exactly do they have? A few nice ideas but most of which are pretty low-hanging fruit, a small inventive leap made possible by the general march of online technology, and absolutely nothing to stop someone else doing much the same thing but with a new twist in a years time which decimates their user base as they flock sheep-like to a new pointless fad.

The whole thing is just a big overhyped gimmick in the very worst model of the dot com bubble, and now the whole Web 2.0 bullshit (where the techniques are all fine, until they’re hyped to the extent you’d think the cure for cancer will be implemented via AJAX). I can’t wait for the whole house of cards to finally come crashing down to Earth in a huge reality check, just like it did in 2000, but I have my doubts whether anyone will have learned anything, so  many times has this cycle been repeated now.

Anyway, now Facebook is asking its users to translate the site for them. Because obviously that’s better than, you know, paying someone to do it - like most real companies do. While this works for open source / volunteer projects, why the hell should anyone further prop up Facebook’s ludicrous ‘valuation’ by doing stuff for free for them? How bloody stupid are they?

*note: yes, I’m aware of the irony of slamming Web 2.0 on a blog, thankyou.