Christopher Herot's Weblog

Google Chrome Feature of the Day: Nerd Mode

2008-09-04T12:05:02-04:00

If you do a lot of research on the Web you've probably come to depend in the tab feature of Firefox - now widely copied in other browsers. But if you open a lot of tabs you've probably also seen your machine slow down to the point it becomes almost unusable. The Windows Task Manager shows the CPU is close to 100% used, but the only thing you can do is kill the browser and start over.

Now Google Chrome as addressed the problem with its very own task manager. Just open the "Control the current page" menu and select Developer>Task Manager. Or hit SHIFT+ESC if you are in a hurry. The resulting window shows each task and how much memory, CPU, and bandwidth it is using. There's even a "stats for nerds" that shows the process ID and memory breakdown.

The culprit usually turns out to be the Flash plug-in, which consume more than half of the CPU even when the offending pages are not on screen. One wonders if this discovery will cause more people to use FlashBlock.

Google Chrome Feature of the Day: Icognito Mode

2008-09-03T11:12:28-04:00

I've been playing around with Google Chrome. One feature, which was inspired by Safari and is also in IE8, is Incognito mode - a way of opening a new window such that no trace of the sites you visit is left in the history and no cookies are retained. Google puts it own spin on it with the warning they display:

This is a good list. While pretty much everyone is aware that web sites can collect information about their visitors, most don't know that ISPs routinely sell their subscribers' clickstreams to companies doing market research. And of course the most likely spying will come from the person looking over your shoulder.

Google Chrome

2008-09-02T00:13:08-04:00

Google's new browser, Google Chrome, launches tomorrow (for Windows - Mac and Linux will take a bit longer.) In the meantime, you can take a look at the clever comic book which describes it. They've written their own Javascript engine and done some clever stuff to improve browser performance, but my favorite part is how they describe some of the new security features:

True Enough

2008-09-01T17:59:58-04:00

When the World Wide Web burst into the pubic consciousness, many pundits believed it would usher in a new era in which better-informed citizens would finally transcend the partisan bickering and warfare of the previous millennium and allow the creation of a more civil society. Few were more fervent evangelists for this point of view than Louis Rossetto who in founding Wired Magazine wrote that "The Digital Revolution is whipping through our lives like a Bengali typhoon." Recently, Rossetto admitted that while Wired accurately predicted the degree to which the Internet would transform the economy, it underestimated the degree to which Old Media, Old Government, and Old Politics would live on.

Now Farhad Manjoo, a staff writer at Salon.com, has written a book, True Enough: Learning to Live in a Post-Fact Society, that explains how the new, more fragmented media enabled by recent technology, such as Cable TV and the Internet, may actually have exacerbated the situation. Citing a broad range of research in psychology, Manjoo catalogs the way humans appear to be hard wired to indulge in information that reinforces existing beliefs, interpret raw data according to those beliefs, listen to experts (real or phony) who make us comfortable, and attribute information which makes us uncomfortable to bias on the part of the source. He offers examples from both ends of the political spectrum, showing how the Swift Boat Veterans created a media campaign that may have influenced the 2004 presidential election and how the National Election Data Archive argued that the election had been stolen. In both cases, the data was ambiguous at best, but the groups involved skillfully exploited a fragmented media market to build their case among people who can increasingly select new that reinforces their existing prejudices.

Manjoo dissects a number of media events from the past few decades, including the conspiracy theories surrounding the Kennedy assassination and September 11th, the Lou Dobbs phenomenon, and some less well-remembered stories including the disputed 1951 Princeton-Dartmouth football game and the SALT II treaty. The last chapter, Truthiness Everywhere, delves into some modern propaganda techniques, such as astroturfing, push polls, and search engine marketing. In an Epilogue, Manjoo concludes that a successful society requires trust, which not only lowers what economists call transaction costs but can result in lower death rates and greater civic participation. He cites studies that show Americans who say they trust each other have declined from 60% in 1960 to 32% in 2006. While he admits there is considerable debate as to the causes of that decline, the increased efficiency of distorting the truth hasn't helped and the fragmentation of media may have shrunken the size of the circle of people we do trust.

Whether you believe the world is getting better or worse, Manjoo makes a compelling case that human nature being what is, we are susceptible to our decisions of who we listen to and who we ignore. Being aware of those decisions, and how others may attempt to influence them, is something we ignore at our peril.

Apple iPhone Problems - Last Stand for PR 1.0?

2008-08-29T17:55:43-04:00

Apple has recently suffered a rash of complaints from customers that the new iPhone 3G is more prone to dropping calls than other GSM phones, even on the same network. There have been various theories bandied about in the press. Richard Windsor of Nomura Securities blamed it on an "immature chipset" from Infineon Technologies. Claes Beckman, a Professor at the University of Gävle in Sweden was quoted that countries leading technology magazine, Ny Teknik as saying that tests from an anonymous testing laboratory revealed the phone's "nominal sensitivity" was below the GSM standard, probably due to consistency problems in manufacturing. Peter Burrows in Business Week surmised Apple's software may be at fault.

True to its usual Soviet-style PR philosophy, Apple was stonewalling on the issue. This attitude may be causing strains in the relationship with AT&T, according to an account in today's New York Times which reported that at the wireless operator there are "those who think Apple is too controlling with information and those who think Apple can do no wrong."

Perhaps the real clash is between the wireless industry, which no matter how good its technology must deal with the vagaries of RF propagation (e.g. people walking into buildings) and a manufacturing company which prides itself on perfection. The wireless operators have figured out they can't make people happy 100% of the time and have learned, as a Verizon executive put it, to offer refunds "or maybe toss in a free ring tone and a couple months of free service.” Apple's approach has been to preserve its image of perfection, even if it means denying the existence of problems long after they are visible to everyone. In a "PR 2.0" world where customers can band together and make themselves heard, how long can Apple hold onto its 1.0 ways?

Daily Grommet

2008-08-29T07:31:25-04:00

Yesterday, I stopped by the new offices of the Daily Grommet, a company for which I am an adviser. The company will do live blogging of the discovery of interesting and unique products and services which they will offer from their site. The site, being built in Ruby on Rails, is coming along nicely for the launch in November.

Shown at right are Jules Pieri, CEO and Joanne Domeniconi, Chief Discovery Officer. They've been assembling an impressive collection of potential grommets. If you know of something unique, interesting, and/or tasty that would appeal to their target demographic of women 25-45 let Joanne know. They are especially interested in things that have an interesting story about their creation or creators.

BGP Hijacking Vulnerability

2008-08-27T15:15:25-04:00

Just when you thought it was safe to go outside...

Wired and Slashdot reported yesterday on The Internet's Biggest Security Hole. This time it was a long-known problem with Border Gateway Protocol (BGP) which was given a new twist by Alex Pilosov and Tony "Xam" Kapela at the most recent DEFCON.

BGP, as you will recall, is the protocol that ties together the different networks making up the Internet. While Senator Ted Stevens (R-Alaska) famously described the Internet as a "Series of Tubes" he wasn't that far off. The reason it's called the Internet is because it is made up of a series of interconnected networks. These networks, referred to as Autonomous Systems (AS) have numbers (ASNs) and provide connectivity to a set of computers that are assigned a range of IP addresses. While both the ASNs and IP addresses are assigned by an official organization (ARIN in the US), the actual mapping between the two is done by a network owner using BGP to "advertise" to other networks what range of such addresses it contains. Usually network owners are ISPs and large corporations, but we had our own AS at Convoq and used BGP so that our servers could be connected to the Internet via multiple, redundant links. The problem is that since all such network owners are considered trustworthy, there is no widely used mechansim for verifying the validity of the advertisements. Anyone can claim to own any range of addresses and cause the rest of the Internet to send it traffic intended for those addresses. This happened last February when the government of Pakistan attempted to prevent its citizens from viewing a YouTube video by advertising a route for YouTube that led to a black hole. While they probably intended that route to apply only within Pakistan it was automatically redistributed throughout the Internet and took YouTube off the air worldwide.

Something as dramatic as making a web site globabally unavailable is usually noticed and repaired fairly quickly, but what Pilosov and Kapela discovered was a way to take the traffic one purloined and then forward it on, unnoticed, to its legitimate destination, perhaps copying or moidfying it in the process. They outlined a fix but as it will take a lot of effort and computing power to implement, most likely nothing will happen until there is a major attack and ensuing scandal. In the meantime, it is wise to do as people in high-security government positions are taught to do, which is regard all your communications as being open unless proven otherwise.

SnapYap

2008-08-26T18:05:13-04:00

While I was writing about the new wave of personal video calling companies around the world, I heard from one right here in Boston, SnapYap. It joins Userplane and Tokbox as a free, no-download service based on Flash.

The product is probably the simplest I have seen yet. You don't even need to sign up to call someone, just enter their URL in your browser, e.g. http://www.snapyap.com/call/cherot and you can have a video call. They also provide a widget you can embed on your own site if you want to receive calls.

I called "John" from the company and was impressed with the quality of the audio and video - better than I remembered from my experiences with Flash. According to John, SnapYap is just one of several projects the six-person company is working on from it offices on Termont Street. It's written in ActionScript 2 (my sympathies to them) but they have an updated version coming out soon. I look forward to trying it out.

Vidtel

2008-08-26T10:15:53-04:00

Since last week's piece on videoconferencing, I've come across another company with big plans for personal video communications, Vidtel, Inc. Founded by Broadsoft veteran Scott Wharton and communication industry veteran Wayne Willis, Vidtel has plans to make video calling (a term they prefer to videoconferencing to describe one-to-one conversations) as easy and ubiquitous as the telephone is today.

In a manifesto Wharton penned shortly before founding the company, he observed that the falling of the traditional barriers to video calling: bandwidth, technology, price, and usability. What is missing is someone to put all the ingredients together into a service that's as simple to use as the telephone. Given Wharton's previous stint as VP of Marketing at a VoIP platform company he must have a pretty good idea of how to do that.

Now all they need is a way to get over people's inherent shyness in front of the camera. We take the phone for granted today, but when it was first introduced no one knew what to do with it either. Alexander Graham Bell and Thomas Edison even debated the proper word to use when answering the phone, which for the first time enabled conversations between people who may never have been properly introduced, or even met in person. Bell favored "ahoy" but Edison won out with "hello." We may need to develop similar practices around video calling.

What Did Obama Gain By Announcing His Running Mate Via SMS?

2008-08-25T17:59:12-04:00

There has been much speculation on what the Obama campaign gained by announcing the choice of Senator Joseph Biden as Obama's running mate in what CNN's Rich Sanchez dubbed "the most anticipated text message in history." Certainly Obama added to the tech cred he established with Facebook (1.4 million supporters vs. McCain's 218,000), MySpace (20,871 vs. ???), and Twitter (65,000 vs. 0) but he also harvested a quantity of cell phone numbers that the Wall Street Journal estimated sat 1.5 million and others have doubled.

The biggest winner may he the company that powered the Obama Mobile web site, Distributive Networks and their SMS aggregator SinglePoint. The Journal reported that 18-person Distributed, which has 4 staffers dedicated to the campaign has already been paid $150K. And of course the wireless operators not only got paid for the messages but made Americans more aware of a service that has been commonplace in the rest of the world for years.

Did NBC Miss an Opportunity with the Olympics?

2008-08-23T11:54:02-04:00

NBC created a pretty sophisticated web site for the Beijing Olympics, using Microsoft Silverlight to provide stored and live video of multiple events. Still, a lot of the video that NBC shot was not available live, including some high profile events. This is somewhat puzzling as the Olympics, with its multiple, parallel venues is the ideal event for the kind of on-demand access that the Internet is so good for.

Did NBC do this out of fear that the Internet coverage would subtract from its conventional TV revenues? A recent report from eMarketer Inc. suggests NBC may have missed a big opportunity. According to the report, NBCOlympics.com will generate only $5.75 million in video ad revenue, which is only 1.1% of the estimated 2008 US online video ad spend. In contrast, CBS Sports brought in $23 million for its streaming of the NCAA's March Madness basketball, according to the Wall Street Journal. Of course none of these numbers are anywhere close to the $894 million that NBC paid for the broadcast rights or the estimated $1 billion in advertising revenue. The unanswered question is whether NBC could have had its cake and eaten it too. We may have to wait for the Vancouver Games in 2010 to find out.

Phweet

2008-08-22T22:40:04-04:00

Twitter exists somewhere in the middle of the continuum between real-time, synchronous communication such as the phone and instant messaging on the one hand and asynchronous communication such as email on the other. However, Stuart Henshall and David Beckemeyer observed that a surprising number of Twitter conversations escalate to real-time. (Try doing a Twitter search on "Skype".) The result: Phweet.

Phweet allows you to invite a fellow Twitterer to a real-time voice conversation which can be any combination of Flash-based in the browser and plain old phone connections. The invitation is sent as a Tweet containing a URL which the intended recipient can click to enter the conversation. There is an option to send this URL via Twitter Direct Message, but a more interesting usage is to send it out on the public feed. Although the user interface asks for the Twitter handle of the intended recipient, anyone can answer, and if more than one person replies they are all joined in the conversation. The result - a "Tweetup".

The implementation is "Alpha" and thus still a work in progress, but it works as advertised. The actual conversation is carried by the TringMe widget and TelEvolution service which supports both Flash and SIP, although I have only tried the Flash version so far, and it worked well on my RCN cable modem. Check it out.

Thanks to Jeff Pulver for bringing this to my attention.

Daily Grommet

2008-08-21T19:14:42-04:00

Jules Pieri muses on her blog whether her startup Daily Grommet (for which I am an advisor) is "real" yet. Given the progress to date (raising capital, hiring employees, renting office space) they are already real in the sense that multiple people are invested in their success. They will only continue to become more real as they launch their site and, hopefully, go public or get acquired some day. The question is a little like asking when one's children are grown - is it when they graduate, when they move out, when they have children of their own?

At this point it's the slope of the curve that matters, and they are certainly on an upward trajectory.

Non-competes Really Are a Problem

2008-08-20T12:57:02-04:00

A few months after the Harvard Berkman panel on non-compete agreements in Massachusetts, Professors April Franco and Matthew Mitchell at the University of Toronto Rotman School of Management have published a study, Covenants not to Compete, Labor Mobility, and Industry Dynamics that shed further light in the situation, explaining how non-competes can help a region get established but limit its growth in the long run. They show how in 1965 Boston's Route 128 had three times the technology emplyment of California's Silicon Valley, but by 1990 the proportions were reversed, primarily due to California's proscription against non-competes, which encouraged more spin-outs. They cite previous studies which show that not only are spin-outs more successful than other new companies, but that the firms that spawn them are also more successful than their competitors. The contribution in the new study is a model of the "contracting problem" between an employer who wants to retain its workforce and an employee who make more money by starting a new firm. Since an employer can't know in advance which employees plan to leave, in an environment without non-competes, the employer must either pay them all more or see more of them leave. Using more math than I can go into here (and unfortunately, more math than most politicians are willing to consider) the authors show how non-competes can increase profits of companies in the short term but decrease the growth of the enire region in the long run, hence SIlicon Valley's success.

Is the MBTA's Fare Card System Really This Weak?

2008-08-20T12:03:44-04:00

MIT undergrads Zack Anderson, RJ Ryan, and Alessandro Chiesa got an A for their class project in Computer and Network Security (6.857) taught by Ron Rivest (The R in RSA), but that was only the beginning of the story. When they decided to present their analysis of the security of Boston's transit system, the MBTA, to the annual DEFCON computer security conference the MBTA involved the FBI and got a temporary restraining order in Federal Court (1:08-cv-11364-GAO Massachusetts Bay Transportation Authority v. Anderson et al). A federal judge eventually sided with the students, but not until some serious First Amendment issues were raised and both the EFF and ACLU got involved.

The story followed the familiar arc wherein researchers discover a vulnerability and the organization whose security is shown to be weak takes them to court to prevent the information from becoming more widely disseminated. Indeed the company that provided the system to the MBTA and other transit systems, NXP, sued unsuccessfully in a Dutch court to prevent its weaknesses from being exposed. The generally accepted protocol is for the researcher to notify the affected company and give them time to fix the problem before publishing, but this is a controversial area as vendors are often slow to fix problems and the lack of disclosure provides a false sense of security and a window during which less scrupulous people may discover the same flaw and exploit it. In the end it comes down to whether there is a greater threat from criminals who independently discover the flaw or "script kiddies" who just follow a recipe provided by an obliging researcher. The MBTA apparently feared the latter, and the MIT students didn't help matters by publicizing their talk with an announcement promising "free subway rides for life." From an examination of the documents it appears that the students planned to withold some key information at DEFCON but were prepared to help the MBTA until the agency complicated matters by taking them to court. Now that the judge has rejected the MBTA's novel argument that the student's disclosure would violate the Federal Computer Fraud and Abuse Act (18 U.S.C. §1030) and lifted the temporary restraining order, the parties can get together and fix the problem.

According to the student's presentation, the MBTA has its work cut out for it. The magnetic strip on the paper Charlie Ticket, contains the stored value which is protected by a simple checksum instead of a cryptographic key. Using simple equipment available on eBay anyone can make a clone of a ticket or increase its value. The RFID Charlie Card is more sophisticated but is protected by a flawed encryption algorithm and a short 48 bit key. The MIT students showed how the algorithm is susceptible to a brute-force attack by currently available cheap parallel processing. Since these vulnerabilities were previously known, and the MBTA claims to have added additional security measures of their own, the legal skirmishing may have been a clumsy attempt to find out if the students have discovered something really new. From the MBTA's estimate that it will take five months to fix the problem, apparently they have.