Author: Cem Paya

Cem Payahttps://randomoracle.wordpress.com/Building & breaking systems.
Cem Paya's avatar

When the US Postal Service makes a mistake

An envelop arrived in the mail recently– containing another envelope inside visible through a transparent window, obviously damaged. Front of the package bears the red stamp “Received in damaged condition at Seattle, WA.” The back reads:

“Dear Valued Postal Customer:
I want to extend my sincere apology as your Postmaster for the enclosed document that was inadvertently damaged in handling by your Postal Service.”

What makes this unique is the infrequency of mail mishandling by the USPS. Quaint and old-school as this apology may be, it shows how seriously the postal service takes its duty of delivering mail reliably. (In this case it did not even matter: it was a newsletter from a theatre company in Seattle that continued to keep this blogger on their mailing list even after he had moved to the East Coast.) As the message points out, USPS handles over 200 billion pieces each year and most of them arrive at their intended destination without a hitch.

The reliability of physical mail stands in sharp contrast to what happens with its high-tech cousin. From the early days of the Internet, the basic infrastructure of email was predicated on “best-effort delivery.” There are no guarantees, no one to apologize if the message disappears into the ether and not even a reliable return receipt feature when crossing organizational boundaries. While network and software reliability has improved, widespread deployment of anti-spam measures erased any gains. Ironically messages can now survive unscathed through multiple hops in cyberspace, only to be filed away as “junk” at the destination by an over-zealous spam filter.

One could argue that state of affairs makes sense economically, given that it costs money to send letters when email is free. (It is not, but the perception remains because of ubiquitous free email providers. “Free email” is subsidized by advertising, often based on extensive data-mining. As Heinlein would say, TANSTAFL.) But the problem with email is that there is exactly one quality-of-service, independent of how motivated the sender is. A good friend does not always have better odds than the spammer outfit based in China for getting email into your inbox. There is no equivalent to registered or certified mail even if the sender cared to pay for it, either in real currency or virtual one such as HashCash.

cemp

Beyond compact fluorescents: LED lighting crossing the chasm

Compact fluorescent lamps are all the rage these days. Praised for their efficiency and ecofriendly pedigree, they are becoming an icon in the struggle to green America. CFL light bulbs are about 4 times as efficient as the average incandescent bulb in converting electricy into usable light and they have 5-8K hours life expectancy compared to just 500-2K for incandescents. Unlike hybrid vehicles which remain more of an ecological commitment, CFL can pay for its higher initial purchase cost in a matter of months. The low power usage creates an interesting dilemma for packing: traditionally light bulbs are labelled for their power consumption in watts, instead of their light output which would be lumens. (About as misleading as car commercials talking horsepower, as if drivers could telepathically sense power. The only experience of engine output is acceleration. Something akin to 0-60 times is a better indication, which has as much to do with weight as engine– that 8000lb SUV isn’t going anywhere fast. ) When the incandescent is labelled 100 and the equivalent CFL sitting next to it on the shelf only needs 26 watts for the same brightness, it may well be mistaken for the inferior product; dangers of confusing effort with results.

CFL is also a great example of a disruptive technology crossing the chasm into broad adoption. It is no news that florescent lights are far more energy efficient. Experts have been praising their virtues since 1980s and they are standard in industrial applications– office buildings, hospitals, garages. That assocation with sterile environments and dreary spaces, coupled with memories ghostly-white pale light buzzing/flickering is exactly the reason they never took off in the consumer space. If there is a white florescent lamp installed, chances are it’s because the power bill is payed for by somebody other than the occupants of that space. Improvements in bulb technology helped reduce address these inconveniences, while mixing multiple phosphors allowed a closer approximation of tungsten bulbs in color correctness. Finally the form factor changed: instead of massive tubes destined for wide ceiling fixtures, CFLs were ready to compete with ordinary bulbs, using the same E26 base and taking up about as much space.

As for proof that it worked: WalMart, the Arkansas based giant retailer trying to clean up its corporate image in the wake of a series of negative PR stories, announced its commitment to take CFLs mainstream and heavily promote them in stores. At least the reaction to this move was overwhelming positive, unlike the mixed reception for an earlier decision to feature organic food– apparently the pundits are not equally worried that WalMart may corrupt the essence of “CFL-ness.” Mass CFL adoption promise to make a sizable impact on US carbon emissions. 50% of electricity in the US is generated by coal, a fuel more carbon intensive than oil, not withstanding latest attempt by coal industry to bill itself as the clean solution for elliminating foreign oil dependence.

But as CFLs are becoming mainstream, the next disruptive innovation is already entering its own early-adopter stage. It has been known for a long time that LEDs are even more efficient at turning watts into lumens. But their relatively low output made it very difficult to use them for replacing. Like any other disruptive technology, it nibbled at the edges and niche markets instead: first bicycle lights, followed by tail-lights on automobiles (where LED reliability translates into fewer tickets for law enforcement to write over brake-lights), then household applications in flashlights. Solid-state lighting is now appearing in form factors ready to compete against standard incandescent and CFL bulbs. TreeHugger points out two new models, featuring as many as 150 LEDs arranged in 360 degree layout using only 9 watts to replace 70W incandescent bulb. (That’s 2x factor improvement over CFL.) As with any early-adopter technology they are too expensive for broad adoption now. The two online retailers referenced in the article are charging $60, compared to ~$5 for CFL and a fraction of that for tungsten. But there may be applications where it is the only solution, such as living off-grid or emergency lighting from back-up source. But the writing is on the wall: chances are LED-based bulbs will become cost efficient and eventually competitive for household lighting, in the same way they have taken over flashlight applications. Looking at the $60 bulb it is hard to see that, but then again CFLs date back to the 1980s– that’s two decades from availability to WalMart shelves.

cemp

Recording industry: full-steam ahead on P2P whack-a-mole

Many problems on the Internet today resemble the game of whack-a-mole: a pointless arms-race, a futile gesture, a Sisyphean task that nevertheless draws investors and commercial interest against all reason. Some of them are arguably necessary and server some social good: one example is blacklisting of zombie PCs used for spamming or the takedown of phishing websites. As soon as the ISP taken down the offending site, five more are already opening for business. This is the sad state of the art when it comes to phishing and breaking up botnets.

Then there are other games of whack-a-mole played on global scale with far more dubious social benefits. Our friendly content industry has been at the forefront of one: the war against peer-to-peer file sharing networks. RIAA and MPAA (collectively dubbed the “copyright thugs” by Stanford’s Larry Lessig) have engaged in a no-holds-barred battle against piracy online. The original Napster was the first casualty of this crusade. Later P2P systems such as Gnutella, eMule, Kazaa, Morpheus and most recently BitTorrent found themselves in the cross-hairs. Unlike Napster these ultimately proved far more resilient and difficult targets because of their  true distributed architecture. Napster ran a centralized index, its Achilles heel, one  that could not exist without the corporate entity keeping the service. It was no match for the lawsuit. More lawsuits followed: Kazaa was forced into operating out of a front company located overseas,  to seek better jurisdictional protection but the P2P genie had been unleashed. Grokster went all the way to the supreme court, only to be held accountable over its users’ actions. Over time RIAA/MPAA feeling increasingly indignant and wronged, started  going after users instead of technology, often resorting to questionable tactics such as injecting bogus content into networks, remote tracking and surveillance of P2P users. In late 2003 and all throughout 2004 came the highly publicized cease-and-desist letters to users. (Usually on target, occasionally giving rise to comical cases of mistaken identity.)

Now an article on CNN/Money says this game of whack-a-mole is not working. Quoting the new RIAA president:

“P2P remains an unacceptable problem. […] The folks engaged in the practice are doing more of it.”

iTunes has sold about 2 billion tracks since inception. By comparison,the article cites an estimate that every month half as much songs are traded on P2P networks. Way to go, Apple.

cemp

Winds of change for Prius demand

Interesting article from CNN/Money comments on the fact that after 3+ years of robust demand, it is now a buyer’s market for the Toyota Prius.

Prius was the second hybrid released in the US, second to Honda’s now discontinued and largely impractical 2-seater the Insight, although it was originally first in Japan. Apparently sales are now slowing right after Toyota committed to increasing inventory by 70%, no doubt prompted by the surge in interest last year as oil prices climbed out of control. Economists were vindicated: there is price elasticity after all, even when price fluctations in the late 1990s showed no signs of stemming the consumer fascination with SUVs. This time the spikes following 2005 hurrican season did lead to renewed focus on fuel economy– when GM Is advertising one of their trucks as “best fuel economy V8 full-size in its class” you know that expectations have been reset. (Is that akin to being the fastest unicorn?) Prius was there to capitalize on the demand. According to the statistic from the article, in its halcyon days the average Prius sat on the dealer lot for 5-11 days compared to 33 days for Toyota average across US and industry record of 66 days. As one who participated in a Prius search last fall, this blogger can attest that in metropolitan areas that figure was closer to zero-days: most vehicles were already spoken for by the time they were loaded on the 18-wheeler for transit.

What is different now? Part of it is the car became a victim of its own success, an arguemnt also rasied here. The tax incentive for hybrids is a function of the sales and after Sep 30 it was cut in half last year, because Toyota exceeded the target. It will go down another 50% again in April and October of 2007 based on projected sales volume. Other hybirds have not enjoyed nearly as robust sales and maintain the full credit. (Tying the amount to units moved does make sense: after all the incentive exists to motivate consumers to buy and healthy volumes indicate that consumers need little extra convincing.)

On the economics side, fuel prices retreated and the initial over-reaction corrected itself. On the other hand as critics pointed out, extra cost of purchasing hybrid technology is unlikely to be recouped in fuel savings, suggesting that for most consumers the decision was one of ecological statement– or a case of bad mathematics.

What does this mean Toyota? Advertising for one– that would be a first since 2000, as it never required much publicitiy for a niche vehicle aimed at buyers already in the know. There is also incentives, 0% financing and probably an end to price gouging by Toyota dealers who were capitalizing on demand last year. In short, shrinking profit margins across the board and more Priuses on the road. In this case what is bad for Toyota, is good for the environment.

cemp

Latest distraction from an operating system

First it was Minesweeper, in Windows 3.x days. Often unstable and not very good at multi-tasking, the operating system nevertheless came with the ultimate addictive simple game that could easily get the user distracted while waiting for some CPU intensive task to complete– such as opening a word document in the good old days. (This blogger even wrote an Amiga port of the game, so he could play on his primary machine.)

XP had Solitaire. Vista ups the ante with a simple chess program called Chess Titan. It is not exactly a tribute to AI or likely to defeat Kasparov, but the game is perfect for short 5-10 minute runs of speed chess. The application responds quickly in a matter of seconds, even at the higher levels, on a relatively middle of the road PC rated 4.2 on the Vista experience index. At the low levels (adjustable 1-10 scale) it plays like a coffeehouse player, with no sense of theory or opening book. In the upper range it shows better grasp of standard chess but has a penchant for unusual opening lines. When playing black it appears to avoid King’s opening at all costs, preferring the Sicilian, French defense, obscure gambits, anything but a standard e4-e5 exchange.

Chess Titan, 2D view

2D view, in wood and black/gold pieces. This blogger has white, and the computer is just about to get 0wned after Bf4.

3d-frostedglass.JPG

3D view, looks decent but not great for actually seeing board position well.

cemp

Kim Zetter on carders

Kim Zetter has an excellent series of articles on Wired about the underground “carding” industry responsible for the wave of phishing and Internet-based identity fraud. It is available as a single PDF file or four-part series:

The meticulously documented article– featuring screenshots of conversations with carders, with much redacted information including Paris Hilton’s social security number– follows the exploits David Thomas as he is recruited by the FBI to work undercover after his arrest. Thomas ends up running one of the major gathering sites for carders called “The Grifters”, a rival to the Shadowcrew taken down in 2004. Great reading.

cemp

More bad news on the phishing front

Situation is not looking good for the good-guys combatting phishing.

Various toolbars and browser plug-ins were the heralded solution against the plague of emails arriving from Eastern Europe, urging unsuspecting users in badly mangled English to visit a random website and provide personal information. At first it even appared to be working. Then came the signs that not all was well.

One study commissioned by MSFT showed that IE7 was best-of-breed among existing solutions. (Full disclosure: this blogger is employed by Microsoft.) Not to be outdone, the Mozilla foundation, the non-profit organization behind the open source Firefox web browser, conducted its own study and not surprisingly crowned the anti-phishing feature of Firefox 2.0 as the winner. Either study would have been easy to dismiss based on the funding/affiliation.

But then academia took interest in the problem and a group at Carnegie Mellon published a study showing that in effect none of the technologies were very good. Even the best one missed 15% of confirmed phishing pages at least 24 hours into the life of the scam. (Because the average site stays up 4.8 days according to the Anti-phishing Working Group, most of the damage is done very quickly and it is imperative for defenses to kick into action promptly.) Surprisingly the best toolbar in this study was 2004 vintage, an open-source solution developed at Stanford University which relied purely on heuristics and without the benefit of a costly-to-maintain blacklist of known phishing sites. Unfortunately SpoofGuard had its own Achilles heel: it had a very high false positive rate, or classifying legitimate websites as phishing. This is equally damning because a security warning that cries wolf all the time is the one that will get ignored when it is justified.

But there is hope, the optimists could argue. After all the CMU study only considered phishing filters that integrate into popular web browsers and attempt to warn the user when they are lured to a phishing website. That’s not the only paradigm for combatting phishing: a more promising approach gaining popularity involves personalizing legitimate websites for each user. For example, users can choose an image that will appear on their login page, allowing them to recognize whether a given site is the correct one at a glance. PassMark was one of the first companies to commercialize this approach, now use by Yahoo! in SiteKey, as well as Bank Of America and Vanguard.

At least that was the theory. A new paper from Harvard/MIT team appropriately titled “The Emperor’s New Security Indicators” suggests that it does not work very well as deployed. As reported by the New York Times (the fact that this is even covered in NYT suggests how main-stream internet security has become) the researchers found that the majority of users were happy to ignore missing images and provide their credentials anyway.

cemp

TiVo angling for a Big Brother award

“I promise with my hand on a Bible that your data is not being archived and sold, […] We don’t know what any particular person is watching,” he said. “We only know what a random, anonymous sampling of our user base is watching.”

So says the CEO for Tivo, according to a recent article in San Francisco Chronicle. The data in question is whether subscribers are skipping commercials. This is a classic case of having to place blind faith in hardware, or at least in the marketing proclamations of the vendor. The TiVo device sitting in the consumer’s living room certainly has visibility into what is being watched and how often the commercial skip feature is used to avoid going postal over that lame beer commercial again. But what is not clear is whether this information is shipped off the box to headquarters, for data mining purposes and if it is, to what extent it is sanitized to strip identifying information about the original user.

Problem is only Tivo engineers can know for sure– and even they may not have it right. One person’s “anonymized data-set” is another’s treasure find of personal data waiting to be correlated against just the right database to reveal the identity behind each record. For everyone else Tivo is a blackbox. The only sources of information are:

  • Vendor claims, to the extent they are complete and accurate
  • Third-party claims, such as privacy advocates assuming they have better sources of information
  • Information gathered by reverse engineering the device. This is costly and returns on investment can be low. Often vendors intentionally obfuscate their protocol in order to protect their intellectual property. (Conspiracy theorists would argue obfsucation only serves to hide nefarious purpose.)

Tivo is neither unique or particularly significant. The question of whether a device owned by the user is acting against their interests comes up all the time. A deceptive short-cut is that open source software is better because anybody can verify it is working as intended. MythTV instead of Tivo? True– in the trivial sense that, if you went over every line of code and built it from scratch yourself. (Otherwise you are at the mercy of the authors, download sites etc.) That approach does not scale and better trust mechanisms are called for. Marketplace reputation of an established company in principle serves as a check: too many eggregious data collection practices equates to lost revenue. But such dynamics can only operate when there is transparency and competition: when users know exactly how 2 different PVR vendors use their data, and factor this into their purchasing decision. We are far from that level of awareness.

cemp

Mobile USB computing on the cheap (part II)

An earlier post here pointed out examples of companies commercializing mobile USB computing, which promises to roam the entire computing environment, applications, data, settings and all, on a portable USB drive ready for work anywhere. Each one is predicated on use of special software on the USB device and sometimes custom/versions of apps tweaked for roaming. In this second installment, we’ll discuss getting 90% of that functionality with freely available software and zero modifications to apps for roaming.

Key ingredient is virtualization. That term is ambiguous because VT can exist at any level, but in this case we are referring to machine-level virtualization a la VMware, Virtual PC and Xen. These systems create the appearance of multiple, completely independent PCs (called “guests”) on top of a single computer (called the “host”) This has been a very active field in recent years, with lion’s share of commercial R&D efforts focused on server consolidation in the enterprise. Because managed IT environment costs are often directly related to number of physical servers, having one beefy server run multiple virtual machines to replace a handful of dedicated servers translates into directly measurable savings. But virtualization has broad implications and mobility is an obvious scenario. Because a virtual machine is represented by an ordinary file, no different than a Word document or a photograph (albeit a very large one), roaming this file amounts to roaming the computer. Any machine with the compatible VMM can run the virtual machine, which contains all the applications and data the user needs.

As for implementing this in practice:

  1. Grab one of the free virtualization solutions. This author recommends Virtual PC for consumer scenarios, although VMware‘s excellent VMware Player is a second-best, limited by the fact that it can not create new machines. (VMware Server and Virtual Server R2 are also free, but they are more aimed at server/enterprise scenarios.)
  2. Create a new virtual hard disk, type “dynamically expanding” default size is generally sufficient. Use the mobile drive for storing this file.
  3. Create a new virtual machine, also saved on the mobile drive and attach the virtual disk image created in step #2.
  4. Boot the VM and install a new operating system from CD or ISO image. This is the tricky step becuase depending on the conditions of purchase, the new OS may require an additional license. If the idea of worrying about OS licensing and activation frustrates you, there is always a great selection of open source distributions such as Ubuntu variants.
  5. Install virtual machine additions. This allows seamless integration of mouse and keyboard between guest/host.
  6. Install applications in the VM, configure settings as you would on any PC and copy over data. (See earlier point about licensing.)

The mobile environment is ready. Any other PC running Virtual PC– or for that matter VMware Player, which has the impressive feature to import VPC images– can recreate the machine. Since these are both free downloads, that is not setting a very high bar. As backup option, the installers for VPC and VMware Player can be carried around the USB drive as well, just in case. VPC allows working with the machine in full-screen mode where the guest takes up full screen, creating the illusion of dedicated PC. One can even “hibernate” the machine by saving its state on the USB drive on one PC and restoring from saved state on a different PC.

There are a number of limitations to this approach, some of which apply to any roaming solution. The final post in the series will cover these challenges.

cemp

Secret to being “cutting edge” in IT

… is having 5% of market share.

Apple has proven this axiom time and again, by being a marginal niche product with the Mac but successfully maintaining the cutting edge, hip image verses the mainstream PC. (Latest example being the series of hilarious commercials where Tonight Show contributor John Hogman plays the stody PC characters against a hipster Macintosh.) In an interview with Newsweek, Gates railed against the over-simplifed comparison, perhaps for the first time not sparing any words about Apple. Quote:

“I don’t think the over 90 percent of the [population] who use Windows PCs think of themselves as dullards, or the kind of klutzes that somebody is trying to say they are.”

Aside from the inevitable questions about the Mac/PC cultural divide, most of the interview focuses on actual comparisons of Vista verses available functionality in Mac OS X. Predictably the comments drew heavy fire on Slashdot and elsewhere on the blogosphere.

cemp