Author: Cem Paya

Cem Payahttps://randomoracle.wordpress.com/Building & breaking systems.
Cem Paya's avatar

NYT on shoulder-surfing at Grand Central ATMs

Catching up to past Sunday papers; this one from the Metro section dated 1/12/2008: the Times reports on a series of ATM fraud incidents at Grand Central station. A series of unauthorized withdrawals are traced to individuals lingering around the bank of ATMs, shoulder-surfing for PIN numbers and then stepping over to the ATM when the legitimate owner walks away without ending the session.

Not surprisingly the root-cause is bad usability: it is not intutitive to the user when they have “logged out” of the ATM for lack of better expression. There are two main design options: In the first case the card is inserted and stays inside the ATM until the transaction is complete. End of the session is signaled by the machine spitting out the card, letting the customer know it is safe to walk away. (For quick withdrawals there is even an additional forcing factor to guide users: the ATM will first return the card and wait to dispense cash until the user has taken the card back.)  The Grand Central ATMs used a different model: the card is swiped and in order to end the session the user has to answer the question “Do you want another transaction?” The problem is that question stays up for 17 seconds according to the article, enough time for a crook to walk up to the ATM and dip into the other fellow’s funds. As for location, Grand Central is the perfect setting.  Chances are people are hurrying to get some place or catch a train, making it even more likely they will not notice the ATM asking a question after the primary task is complete.

cemp

Netflix, Apple and movie distribution over the Internet

Couple of announcements on movie distribution made the headlines recently:

  • At CES 2008 in Vegas, Netflix announced a partnership with LG to build a set-top box for streaming movies to consumers over the Internet. Movies will be free to existing Netflix subscribers, the only additional cost being the hardware.
  • Not to be outdone, Apple took the opportunity and preaching-to-the-choir environment of MacWorld to make a splash with its own take-two attempt at movie distribution, iTunes Movie Rentals.
  • Not to be outdone Netflix announced it was removing existing limits on streaming for subscribers– Netflix already had boasted a “watch now” feature where subscribers

What to make of these developments?

For Netflix users, it’s business as usual. This blogger’s account had its streaming limits lifted before the announcement, at least if the Netflix web page was correct about describing the program. Streaming works fine on a decent broadband connection already,  although the image quality is sub-par when projected on a TV and the software requires a Windows operating system because of its dependence on the DRM platform. (Also worked fine under Parallels on this bloggers’s Macbook Pro with Tiger.) Long-term trends in increasing bandwidth as well as availability of new options such fiber-to-the home means that the quality may improve to the point of being competitive with existing high-definition content options. Given that an average PC or laptop can easily feed a high-quality digital via DVI interface today (and some even boast HDMI output) the set-top has questionable value. At best it may be an all-in-one solution for consumers who are not tech-savvy but it’s hard to argue that learning how to connect a DVI cable to the TV is not worth the $$$ for the device. In all likelihood the hardware will be subsidized by Netflix and given away for free in exchange for binding contracts on an extended Netflix subscription– similar to the cell-phone/wireless plan model.

The main challenge for Netflix is the limited selection. While the main catalog for physical DVD distribution boasts tens of thousands of titles and current new releases, the “Watch Now” option limits viewers to 6000 titles, most of them ancient. It’s as if a record label decided to experiment with DRM-free downloads and started with the Perry Komo collection.

As for Apple, this is the second foray into movie downloads. Jobs admitted that the first time around was not very successful:

“We learned what people wanted was movies, movies, movies. […] We weren’t delivering that, so we’re back with Apple TV, take two.”

iTunes will charge $4 for new releases and $3 for the euphemistically named “library titles”(translation: dated junk featuring washed out movie stars from the 1980s) As with Netflix everything comes with the inane DRM baggage. Apple gives viewers 24 hours to finish the movie once downloaded, terms comparable to XBox Live movie downloads. At 640×480 image quality is hardly stellar but again there is room for improvement with an eye toward HD-quality in the future. Another significant disadvantage: iTunes requires download of the entire movie before it can be played. Netflix solution allows for streaming with intelligent buffering.

Ultimately the choice comes down to pricing models: Netflix is flat fee for all-you-can-download over a limited catalog that is likely to work better for independent film, documentaries and rehashed TV-series, as well as shoring up gaps in movie background– in case there is a friend who has not yet seen “The Clockwork Orange.” As back-up there is always the DVD arriving in the mail. iTunes is optimized for instant gratification over a more updated selection and a correspondingly higher price tag.

cemp

MSFT and One-Laptop-Per-Child

OLPC project is showing a pattern of tumultuous relationships with leading IT companies. In the wake of a widely publicized fall-out with Intel comes a disagreement with Microsoft over the meaning of “dual-boot laptops.” To recap:  news reports suggested that OLPC and MSFT were working on models of the XO that could run both the custom Linux operating system and garden-variety Windows. Later Microsoft firmly denied these rumors and suggested the company had a different vision than Negroponte for integrating the Windows platform into the XO system.

Hardly any surprises here because XO laptop and Windows are ultimately irreconcilable concepts. There is no question that earning the loyalty of future PC users in emerging markets is critical for the long-term success in the platform battle. It is important enough to justify giving away copies of an operating system at a loss or trying to co-exist in an open-source ecosystem. But this is going to be a difficult balancing act.

One-Laptop-Per-Child project started out with the goal of producing $100 devices at scale. Some SKUs of Vista cost more than that already. This is a glimpse into the  impending reality check for Windows: as the price of hardware drops and the licensing costs for the operating system begin to constitute ever increasing shares of that price, vendors and customers are increasingly motivated to search for alternatives. Cost is a huge factor for OLPC but so is energy consumption and CPU/memory resources– two things that Vista has a voracious appetite for. That’s good news for Intel, AMD and for that matter any company supplying PC components: as long as the software continues to peg capabilities of the hardware, improvements in hardware can make a meaningful impact on the overall user experience and justify the investment.  But the target audience for OLPC is not subject to the standard hardware upgrade cycles, nor expected to meet the minimum recommended specs for Vista.

Even if copies of a highly stripped down version of Windows could be made to run efficiently in the highly minimalist specs of the XO and given away for free (similar to the Starter Edition sold at a significant discount at emerging markets where even the basic SKUs are very expensive compared to standard earnings) it will not create a sustainable advantage. Converting those free copies into full-paying licenses down the road will be a challenge to the extent that the premium for a Windows PC over an open-source one is appreciable– exactly the situation guaranteed by Moore’s law and dropping hardware prices.

cemp

From the digital media front

Starting the year on a positive note:

  • On the last day of 2007, New York Times published an article about the University of Oregon resisting RIAA’s subpoena requests. In the Fight Over Piracy, a Rare Stand for Privacy points to the opposition from Oregon state Attorney General’s to RIAA request for student information. RIAA has been aggressively going after P2P file-sharing in higher-education. Quoting the article:

The recording industry may not be selling as much music these days, but it has built a pretty impressive and innovative litigation subsidiary.

Oregon AG is not taking a stand on the principle that file sharing should be legalized in all forms– that more extreme position, while espoused by EFF is unlikely to hold sway with the courts. Instead this is a more focused, tactical battle against the questionable approach used by RIAA in going after suspected file-sharers by pressuring colleges to work around due-process and presumption of innocence.

  • More labels announced support for publishing their catalog without DRM. Sony/BMG is the last label to get on the bandwagon; still a long way for a company that once root-kitted user machines in the name of content protection.
  • Better technology can succeed in the market: Warner may just have delivered the fatal hit to HD-DVD by throwing its weight behind Blu-Ray format pioneered by Sony. This new alignment brings everyone one step closer to the anticipated end of the high-definition DVD format wars. The 3% decline in DVD sales for the past year was in part being attributed to consumer reluctance to buy into a new format until the dust settled. Some companies such as Samsung tried capitalizing on the confusion by building dual-mode HD/Blu-Ray players but consumers balked at the price. Sony may have its revenge for losing the VCR format with BetaMax, which provided a textbook example of how a better technology (similar to BluRay having more storage capacity than HD-DVD) does not necessarily succeed in the marketplace against savvy deal-making. It sounds like Sony learned the lesson and aggressively pursued studios with heavy incentives for exclusive commitment to its favored format this time around.

cemp

Comcast: 350 is the magic number

Postscript to  a two part series on Comcast throttling upstream bandwidth [1, 2]: a quick email exchange and Google search suggests that other subscribers noticed similar problems. Trevin,  a former colleague at MSFT wrote in a private communication that when using a remote backup service in the cloud, bandwidth is also capped around ~350kbps. Aside from an isolated thread on Slingbox community forums, this does not appear to have been publicized widely.

cemp

2007 in retrospect: bone-headed business moments

Business 2.0 (now with same parent company as Fortune magazine) continues its tradition of the yearly 101 Dumbest Moments in Business, a tradition going back to 2001. Highlights from this year’s vintage of distinguished entities:

  • Leading the pack at #1 is China. The debacle of recalled toxic toys highlighted the dependency of US consumer spending on Chinese imports. Just in time for the unfolding scandal, a Baton Rouge area journalist published a new book about her family’s experiment to live for one year without purchasing any goods made in China. (Note to Apple: adding “designed in California” after “made in China” on your products does not help.)
  • Diebold remains a perennial contender after suffering more embarassment over new trivial attacks against its touch-screen voting systems. Florida state officials add insult to injury by ordering 5000 new units.
  • Waggener-Edstrom (simply “Wag-Ed” inside MSFT) for emailing a Wired author his own dossier that the PR firm had compiled about him. J. Edgar Hoover would be proud.
  • Bear-Sterns analysis department for continued persistence in deluded thinking about the extent of sub-prime mess.
  • BestBuy for setting up ringer online websites for in-store comparison shopping. This one wins an honorable mention for truth-in-advertising.
  • Apple– not exactly known for business savvy after years of getting clobbered by MSFT/Intel– threatens to sue a 9-year old girl for writing a letter to Steve Jobs suggesting improvements to the iPod Nano.
  • Frank Gehry. In post-modern architecture form may not follow function but litigation always does. The architect is sued by MIT after the Stata Center develops serious leak and mold problems because of water collecting on the oddly shaped roof-lines.
  • Whole Foods. For spending years to craft an image as a customer friendly, eco-conscious and socially-responsible business, the enterprise manages to shoot it all down in flames after revelations that the CEO had been trashing competitors on online finance forums under pseudonyms.
  • Radiohead? The jury is out on this one, as Wired magazine hailed it as a successful experiment although one unlikely to transform the larger industry because few artists have comparable leverage. (But the band has not released detailed figures on how much fans were paying left to their own devices.)
  • OLPC: One Laptop Per Child project joins the club. Frequently penned by critics for being an expensive blunder, this time Business 2.0 contends that the computers had been put to unexpected uses by children in a pilot program in Nigeria. Shocking.
  • WikiScanner or more specifically, the people WikiScanner caught altering entries on Wikipedia with obvious conflicts of interest.

cemp

Scraping, or how to weaken authentication systems

The current issue of Wired is running an article on “scraping” or recovering data from other online services. It tries to paint a balanced picture of why large providers including Craiglist have been highly ambivalent about the practice, welcoming the increased attention/relevance but also agonizing over the increased load on the system, as well as lost revenue opportunities when the data is monetized by a free-loader. (In the case of Craigslist, the website that mined/reformatted listings  was shut out because it featured Google Adsense, violating the prohibition against commercial use of data.)

One point the article glossed over is the distinction between scraping public vs. private data. Many websites do not require any type of authentication prior to retrieving data. Craiglist is an example: posting a classified may require login but viewing the listings does not. By contrast, scraping address-book contacts from an email provider such as Hotmail is not possible unless authorized by the user. The way Facebook and other invasive websites accomplish this is by asking the user for their credentials and then logging in as that user behind the scenes to access personal data.

This is a very bad idea for many reasons explained elsewhere as well, all of which boil down to the observation that sharing a credential with a 3rd party weakens the identity management system. Hotmail passwords (more precisely, Windows Live ID since that is the single sign-on solution used by MSFT properties) are intended for only WLID and the user. Having any other entity in possession of this information nothing more than unnecessary attack surface. To pick on the Facebook example used in the article: did Facebook delete that credential after importing the user’s contacts from Live Mail/Yahoo/GMail etc? Or did it save a copy for future scraping excursions?  Did it make a good-intentioned attempt to delete it but instead ended up writing it to log files replicated around the world, visible for any employee to see?

There is no way to know, and that is the problem. In defense of Facebook, part of the problem is that the protocols required to “do the right thing” for security did not exist until recently. Importing contacts is an authorization problem: grant Facebook access to data stored about the user by a 3rd party such as Yahoo. There is a deceptively simple solution: give Facebook the password and it can “become” the user, accessing any information it needs. As well as information it did not need:  contents of email message, RSS feeds on Live homepage, roaming favorites, XBox Live account, travel itineraries at Expedia and in the future even personal files stored in the cloud. And it need not stop at simply importing information: it can also delete contacts, spam your friends with advertisements that appear to originate from you, post enthusiastic, ghost-written endorsements of Facebook to your Spaces blog. The damage potential is open-ended by virtue of Passport/Live ID being a multi-site authentication system, making it the worst-case scenario in case Facebook proves malicious or more likely incompetent, in keeping with Robert Heinlein’s principle. There is no reason to suspect Facebook is doing any of this but there is no way to know either. Most online services do not expose transaction history to users; it’s not possible to check if another entity capable of acting as your Doppelganger has been rummaging around your personal data.

In other words sharing the password violates the principle of least privilege: it may solve the immediate problem but it grants the 3rd party unchecked authority greatly exceeding what was justifiable. This confusion around authentication vs. authorization is everywhere. In order to authorize access, it is not necessary for the other person to be able to authenticate as you. (That is the end result from sharing the password but also other schemes such as constrained delegation, where  a more constrained type of impersonation occurs without the password getting shared.) OAuth is a new protocol designed to address this problem. It’s built around the idea of one service asking for permission from a user to access his/her data stored by another service. The data custodian is still responsible for the permissions and UI for granting/revoking them and the requesting site authenticates as itself instead of “cloaking” itself in user credentials. It remains to be seen whether OAuth will succeed in replacing other proprietary solutions along same lines.

cemp

2007: Is the tide turning for green technologies?

A collection of disparate and unrelated headlines:

  • House approves an energy bill to boost fuel-economy standards to 35MPG by the year 2020, over loud protests by domestic and foreign manufacturers. Unthinkable until a few years ago, no other action by the legislature could have sent a stronger signal to Detroit that their influence/lobbying power is waning and their days are numbered.
  • Google unveils the cryptically named “RE<C” initiative. It stands for renewable energy cheaper than coal. In other words making clean energy sources competitive with the cheapest and ecologically worst option, the abundant coal deposits supplying 50% of US electricity currently. This is the first time a company with significant resources is going beyond the standard-operating-procedure of hand-wringing over the economic incentives favoring coal.
  • Formula 1 decides to go green, announcing a ban on further engine development to focus on realizing higher efficiencies. One example according to the Wired article: kinetic-energy recovery systems, which improve on the regenerative brakes found on existing hybrids today, are expected to appear in 2009. F1 racing may sound remote from everyday concern but the trickle-down effect is responsible for ubiquity of antilock brakes and traction control, as well as more exotic options like clutchless manual transmissions.
  • Ferrari announces that the company will improve its fuel economy 40% across the line. It’s largely symbolic: while the cars routinely make the worst offender on EPA lists every year, there are very few on the road and likely they are not getting a lot of miles as Ecogeek points out. Total savings will be negligible. But the fact that a company operating in a unique niche market with captive audience, completely immune to mainstream trends is still pursuing a greener image speaks volumes.
  • Living With Ed, a reality show focused on an ecologically-minded actor and his more pragmatically inclined spouse debuts on HGTV channel.
  • By a single vote margin the Supreme Court decides that EPA can in fact regulate carbon emissions from automobiles, sweeping aisde “creative” interpretations of existing law as guaranteeing an inalienable right to pollute.
  • There are signs that price elasticity may exist after all when it comes to fuel prices: CNN/Money reports that drivers are cutting back as gas hovers around the magical $3 level. More mysteriously gasoline prices at the pump are not keeping up with the stratospheric rise of light-sweet crude in the barrel. In all previous price hikes, refiners were quick to dismiss allegations of price-gouging by arguing that price at the station directly follows from the underlying commodity prices. Oil briefly hit three digits a barrel but gas prices barely moved– because the demand is soft. Nobody is complaining or asking why they are not paying more. But it’s too early to declare the end of the SUV-era.  As a former colleague pointed out  suppressed demand may be temporary fallout from the credit-crunch. It’s too early to conclude that a renewed price-sensitivity has emerged.

On the downside:

  • Climate change meeting in Bali ends on a not-entirely-negative note. This is an improvement over the last time United States threw a wrench into the Kyoto agreement by rejecting the provisions after joining as a signatory first. Resulting agreement has no teeth, after a binding commitment for developed countries to cut emissions is dropped in favor of wishy-washy language about good intentions, best effort, sunshine-and-clear-skies.

cemp

Reflections on Comcast vs. SlingMedia

(Context: follow-up on earlier post about Comcast traffic-shaping on upstream bandwidth and its impact on using Slingbox for location-shifting.)Re-distributing content is a controversial subject in this day-and-age of copyright thugs, DMCA cease-and-desist letters and trigger-happy boutique litigation firms. SlingBox incorporates some design features (read: reduced functionality) to mitigate legal risk. Only one person can stream content at a time, preventing rampant sharing of cable content. There is still the possibility of extending functionality to other users when accepting analog inputs, because one user can stream a channel from a computer while another person in front of the TV could watch a different channel. The versions intended for digital cable and DVRs also allow simultaneous watching but the remote and local user would have to fight over the channel. Of course there is the possibility of using a screen-sharing solution along the lines of VNC to “split” the video stream virtually. Realistically the bandwidth available to most users is not enough to generate a usable picture that way.

The parent company has managed to avoid ending up in court thus far. News reports suggest that SlingMedia has been on the radar for content industry from the start. In 2006 the company pre-emptively sponsored the EFF Pioneer Awards ceremony at the Computers, Freedom & Privacy conference in Washington, DC. This was a departure from standard practice when start-ups ignore digital activism groups until they are looking at an expensive litigation. SlingMedia’s  recent acquisition by the satellite TV network EchoStar may have lent the firm new found legitimacy, and perhaps additional resentment from cable operators.

From the point of view of cable and satellite providers, the Slingbox is disruptive technology, representing potential loss of revenue because of its ability to space-shift content. Today that risk is minimal. Only customers with multiple residences or travelling frequently benefit from maintaining a single subscription and “slinging” the content over on the road. Even that assumes they would be paying for the content twice otherwise; often hotels have extensive channels included and there is always the option of watching the big game at the neighborhod bars. Picture quality is often sub-par even for non-HD content. Viewing experience on a laptop or PC may not be acceptable to customers used to large-screen TVs and it’s not always an option to . On the other hand, the commercial success of video for tiny devices like the iPod suggests that hurdle may be easier to clear.

When extrapolated to higher bandwidth future, the biggest disruption is making content a commodity that can be moved around. This breaks the assumption of one household equals one subscription. Granted it’s unlikely that complex arrangements required to leverage these efficiencies can be developed– eg 50 people sharing 30 subscriptions on the assumption that <60% are watching at anytime, a FlexCar model for cable. But space-shifting already breaks a number of lucrative practices such as discriminatory pricing by market: charging more for the same cable in one area because of the willingness of customers in that zipcode to pay. Similarly blackouts on Internet programming such as the MLB.TV restrictions on local market games are no sustainable given the option of streaming the TV broadcast from a remote location.

Comcast as a provider of TV, Internet and phone services has two incentives for interfering with Slingbox:

  • Upholding service quality for other subscribers. Streaming uses significant upstream traffic and the provider typically can not sustain the stated bandwidth for all users at all times. In this regard they are similar to banks: while any one user can empty their account, every user trying to do the same would spell trouble. For this argument to hold, the traffic shaping must be applied indiscriminately to all upstream bandwidth regardless of protocol. If YouTube uploads are not exempt or get higher quota, this argument breaks down. The network does not care whether congestion is caused by an Ingmar Bergman masterpiece or the kid next door.
  • Blocking reuse of the subscription at another location. The business case for this is unclear. The signal has already been paid for and the remote location may not even be a Comcast service area. Preventing the recipient from getting decent video quality would not necessarily bring in one more cable subscriber. Rational behavior is to block inbound Slingbox traffic for Comcast internet users– because that customer clearly can purchase the same content. But Comcast gets no direct benefit from restricting the video stream going to a Time-Warner customer. The alternative, a gentlemans’s agreement between ISPs to block streaming to each other’s networks would likely be considered illegal collusion.

cemp

Is Comcast throttling all upstream bandwidth?

Comcast Inc. may have cast a much wider net in their effort to bring customers inline increase subscriber value. The Slingbox is set to become the latest example of collateral damage in the war against user content.

Quick recap: Slingbox is the generic name for a family of special-purpose devices that can stream TV content for remote viewing. In the same way that VCRs and DVRs allow time-shiftin watching a live broadcast at a different time, the Slingbox allows for “space-shifting” by watching content at the same time from a different place than the physical location of the cable connection or satellite dish. SlingPlayer application available on Windows, Mac and smart-phones allows connecting to the device from any Internet connection and streaming almost the same video/sound that one would see see watching television in comfort of the living room. “Almost” being the operative keyword, because video quality or how closely the streamed content approximate the original, is crucially dependent on available bandwidth. That includes both the upstream bandwidth available on the connection where the SlingBox is located and the downstream bandwidth at the remote location where the traveling customer is trying to tune in to his local TV station. As noted earlier here, downstream bandwidth is usually abundant while upstream bandwidth is the scarce commodity and the expected bottleneck for scenarios involving streaming from home. SlingBox FAQ notes that about 250-300kbps is the minimum recommended bandwidth. That turns out to be an understatement similar to Vista minimum hardware requirements. In this bloggers’s experience ~500kbps is required to avoid compression artifacts and closer to 800 kbps is called for when the signal is intended for display on a TV at standard watching distances instead of a tiny window on a laptop screen.

This is where the Comcast story comes in, only weeks after the company finally admitted to interfering with the operation of BitTorrent protocol. Recent experiments on trying to stream content from a Slingbox attached to a residential Comcast broadband line suggests that the traffic-shaping may be more widespread than peer-to-peer alone. SlingPlayer uses a sophisticated, adoptive algorithm to optimize image quality for the maximum available bandwidth on any given connection. It starts out by streaming a few frames at low quality, successively increasing the transmission rate until the channel is close to saturation or the client can not keep up with the decompression.
When streaming from a wireless home network where the Slingbox is located, bandwidth peaks out 2-3 Mbps and the image quality is very good. In a more representative scenario, during 2006 a SlingBox A/V routinely delivered cable content from Florida, behind a Cox 9.0/1.5Mbps broadband connection hitting anywhere between 700-800 kbps sustained, good enough to watch on a 32″ TV. (Ironically the downstream side of that connection in Chicago was Comcast.)

It turns out Comcast is happier to go along with receiving content than serving it. Below are pictures of bandwidth usage when streaming from a SlingBox Solo on a Comcast 9.0/1.5Mbps connection in Philadelphia.

[Update: added second trace using perfmon– Jan 9, 2008]
As expected, the connection rate shows the initial gradual climb to roughly ~700 kbps. But after two minutes something very strange happens: it drops precipitously, shedding 50% of the bandwidth in a matter of seconds and flat-lines at around 350.

  • These results can be reproduced consistently, at different times of day, from a wide array of streaming locations: broadband at home in NYC, a corporate LAN in Silicon Valley, free hotel networks in San Francisco, even a 3G wireless modem. Without exception all of them exhibit the same jagged, initial climb followed by a sharp drop and flat-line.
  • The flat-line is very suspicious: “organic” network traffic is subject to random perturbations due to effects of congestion along the way.
  • We can rule out the client side as being source of the problem because it repros independently of how the streaming side is connected to the Internet. It’s unlikely to be a bug in SlingPlayer or bad interaction with a particular operating system’s networking implementation because it repros on Windows, OS-X and Mobile versions. Even allowing for the possibility that all of the cross-platform variants share the same code base, and susceptible to sharing the same bug, there is the mysterious fact that this “bug” never occurs when SlingPlayer connects over a home network– not crossing any Comcast controlled space– where it easily hits multiple Mbps.
  • Disconnecting from the Slingbox and immediately reconnecting restores the initial spike of high bandwidth– so there is no transient congestion issue either. That spike then follows the same pattern, eventually dropping off to a flat-line.
  • At this point the most plausible explanation is: Comcast has engaged in wide-spread traffic-shaping which downgrades available upstream bandwidth to a fraction of the stated value and in particular interferes with the operation of the Slingbox.

cemp