Following up on my recent post about the CloudPC, I’ve just learned about a new project which is much closer to my original proposal, but with a twist. A very good twist.
The Keepod is a USB stick that contains a simple operating system and storage. As explained in this BBC article about the Keepod, the goal is to give people in the developing world their own personal and portable computing environment. They simply take their Keepod with all their programs and data on it, and plug it into any available networked computer. For the Keepod’s target base, that’s likely to be an old or recycled PC. When they’re done using it, they unplug the Keepod and the next user takes their place.
No one needs to own expensive hardware, everyone gets their own private environment with all their own information on it. It has a lot in common with my original idea, except that where I was thinking about what a privileged Westerner (me) might need, the Keepod inventors are thinking about the needs of people in the rest of the world.
They had an Indiegogo project which has now finished, but maybe there’ll be other opportunities to support what sounds like an excellent project in future.
About four years ago, I wrote a post about my ideas for a CloudPC, which would be a small (very small) device that would let you carry your personal computing environment around with you. To use it, you’d just plug it into a ‘dock’, which would provide all the peripherals, processing power etc. My idea was that the device would be able to make use of the cloud but wouldn’t be dependent on it. You could still get work done even if the Internet connection went away.
A recent TechCrunch article describes a new product called TangoPC, which it calls an ‘everywhere computer’. The idea is quite similar: TangoPC is a tiny dockable unit about the size of a hard drive, equipped with a CPU, RAM, SSD and various ports and adapters. It plugs into an inexpensive desktop dock, which is used to attach keyboard, screen and other peripherals.
TangoPC differs from my proposal in that it provides a CPU. It is, in effect, an actual computer, whereas my idea was something less. In my proposed CloudPC, the base station would provide the computing horsepower, so that you could get more power by simply plugging your portable environment into a fatter, faster desktop. CPU and RAM were just another ‘service’ provided by the base station.
There are strengths and weaknesses to both approaches. The computing power of the TangoPC will always be restricted by the power of the CPU that you can fit into that little pocketable box (apparently cooling is a big issue, although the TangoPC makers believe that they’ve made major progress in this respect). The TangoPC tops out at about "ten times the power of a smartphone." You can’t enjoy more power by plugging your portable device into a bigger workstation.
On the other hand, because it’s a real computer, the dock can be made cheaper and simpler (an important consideration for a device that will depend on widespread availability of docks). Also, it can actually do useful work on its own: TangoPC will offer an adapter that lets you use it ‘on the road’ using an iPad as a display, which is a very smart idea.
The TangoPC is in some ways more practical than the CPU-less device that I proposed. The question is whether the available onboard processing power will be enough for all users. Things could go one of two ways. It may turn out that the computing power offered by a pocketable device will be sufficient for the needs of the vast majority of users. The other possibility is that enough users will find themselves limited by such a device that developers of devices like the TangoPC will work on ways to allow a portable device to leverage the additional power in a desktop (or laptop) dock, or even in a regular desktop computer. A standard will emerge allowing computation to be offloaded onto the host machine with its greater resources, through a kind of ‘processor sharing’ mechanism.
The other element that I expect to see in a CloudPC is a virtual filesystem, with the user’s documents stored both locally and in the cloud. This is, in some senses, an evolution of services like Dropbox, but the virtual filesystem will have to go much further. Unless changes in storage technology allow near-infinite storage on a small device, the filesystem will need to intelligently juggle data between the device’s own limited storage and a larger backing store in the cloud in such a way that the user is seldom aware of the limitations of the actual device. This means that the filesystem will need to do version management and conflict resolution, as much as possible without user intervention. It will also need to anticipate the user’s needs, ensuring that documents or data that the user uses regularly or is likely to need in future are present on the actual device for faster or offline access, while moving little-used documents to the cloud to save space. Doing it right is challenging, but there’s plenty of precedent in computer science for solving problems of this kind.
Ultimately, the ‘everywhere computer’ is likely to merge with a device that many of us already carry everywhere — a smartphone. Smartphones already have the computing power to run basic applications at speeds that are acceptable to most users, and they have increasing amounts of onboard storage. The CloudPC or ‘everywhere computer’ may eventually turn out to be simply a powerful smartphone supported by processor sharing and a virtual filesystem. In the meantime, however, the TangoPC looks like an interesting step along that road.
About a year ago, when Google announced that it was closing the doors on its popular (but not popular enough) Reader application, there was a momentary flutter of interest in RSS (used generically to mean all subscribable newsfeeds, whether RSS or Atom), with various commentators taking to the Internet to declare that RSS was doomed. For example, my old buddy Drew Olanoff opined that RSS had to go because it lacked consumer appeal, and Ben Parr spoke of the death knell for RSS.
Today, the publisher MacMillan announced a new MacMillan eDeals site. Being an ebook deal addict, I went to take a look, then looked around the page for a link to the RSS feed.
There wasn’t one. Despite the fact that this — a regularly updated list of deals — is pretty much made to measure for delivery via some kind of feed, and despite the fact that — because the site was built using WordPress — it’s practically a one-line code change to generate and offer such a feed, it simply wasn’t there. Of course, because the site is built using WordPress, the feed is there if you know where to look (it’s at http://macmillanedeals.com/feed/), but the content is minimal. Apparently MacMillan are counting on users to revisit their page every day to see what has changed. That seems optimistic to me, but what do I know?
What indeed? I still like RSS. I check my newsreader daily. This apparently makes me a ‘power user’, where ‘power user’ means "someone who knows enough to click a ‘Subscribe’ button" or perhaps "someone who knows that the Internet doesn’t begin and end with Facebook and Twitter". Power user? Feh. If I were a power RSS user, I would have some kind of RSS client that supported old-fashioned Usenet-style kill and highlight filters, something like Laurent Humbert’s amazing NewsHopper client rewritten for RSS. The fact that no one — as far as I know — ever implemented such a thing may just bear out Olanoff and Parr’s theory that RSS was always doomed.
But why was it doomed? Olanoff posts a screenshot of Google Reader and says "people don’t want to read news like this", while Parr explains that once he got Twitter, Google Reader began to seem like "a chore". When I read these two statements it sounds to me as if they’re both saying "People are really fucking dumb. And lazy too." And maybe that’s the explanation.
Let’s get something straight. Twitter is a woeful way to keep up on anything that interests you. It’s a firehose. Every crumb of useful information comes submerged in a tsunami of kitten pictures, LOLs, and minute-by-minute re-tweets of “Downton Abbey” and “RuPaul’s Drag Race” from everyone you have ever met in your entire life. If you think you’re keeping up with anything on Twitter, you’re deluding yourself. And your boss would probably like to know how you have quite so much spare time in your day that you can waste it combing through all this dreck.
And don’t get me started on Facebook. Facebook’s news feed seems to have been designed by Heraclitus to drive home the point that you cannot step twice into the same river. Every time you refresh it, it’s different. Want to find something that someone posted an hour ago? The day before? A week ago? Good luck with that. Much of the time, it simply can’t be done. Facebook seems to take a perverse pleasure in rearranging things and hiding things from you, probably in order to ensure that you spend as much time unproductively reading Facebook as possible.
Reading RSS through any half-decent reader, by contrast, is simple, elegant and efficient. You don’t have to wade upstream through a tsunami of nonsense: you can check a single feed, or group of feeds (because it only takes 5 seconds to put your newly-added technology news feed into the ‘Tech News’ folder). You can bookmark things that interest you so that you can come back to them later. You can even search for keywords. And contrary to the claims of its detractors, nothing to do with using feeds is in any way rocket science.
So why is RSS dying (or dead)? Currently, we’re in vicious circle territory: site owners don’t provide feeds because users don’t use RSS, and people don’t use RSS because site owners don’t offer feeds. Once begun, that downward spiral will continue until the technology withers away entirely, and I see no real chance of stopping it.
But why didn’t it take off in the first place? I still believe that it’s so clearly useful that the only reason why it didn’t catch on — except among geeks — was because it was never really ‘sold’ the right way. For a long time, subscribing to feeds required a separate application, which was apparently an insuperable burden to people who spend their whole lives in Internet Explorer. When the browser makers belatedly added RSS capabilities to their browsers, it was still too obscure: the availability of a feed was shown only by a tiny icon at the end of the address bar, and even clicking the button to see the feeds that you had subscribed to was seemingly too much of a cognitive hurdle for most users. Reader features lasted a version or two and then vanished: Safari, for example, no longer supports — or even acknowledges the existence of — RSS.
I don’t know how things could have been done better, but I think that the naysayers are probably right and that feeds are doomed. This is too bad. Some of us find them very useful, and the actual effort involved in providing a feed of your site is almost always minimal. Increasingly, however, fewer and fewer webmasters bother to make the effort.
There’s nothing really complex about RSS: it is still simple, useful and efficient. It’s trivial to provide, unchallenging to consume. The fact that it didn’t flourish tells us an unpleasant truth: that the average Internet user is even dumber and lazier than we’ve always assumed. Any technology that isn’t right there in their faces, serving up instant gratification in pre-chewed ready-to-swallow individual servings simply isn’t going to make it.
01/31/2007 — Never forget
(from the wall of our old office)
Today’s cyber-security horror story comes from Naoki Hiroshima, whose rare Twitter handle was stolen from him by an extortionist. The thief used social engineering to obtain information from Paypal, which allowed him to reset passwords on Hiroshima’s domains to take ownership of those domains. The thief then essentially held Hiroshima’s websites to ransom in exchange for the coveted handle.
Analysis of the problem
So what went wrong? Both GoDaddy and Paypal seem to have dropped the ball dramatically here. Paypal released confidential information to someone claiming to be the account owner. GoDaddy then accepted partial (and easily obtainable) information as proof of identity, after which their ‘security’ procedures swung in to block the legitimate owner from fixing the problem.
From the account, it appears that GoDaddy accepted the last four digits of Hiroshima’s credit card, plus the first two, as proof of identity. The last four digits are relatively easily obtainable — even if Paypal hadn’t happily handed them over, it’s common practice for businesses to send out paper or electronic invoices that refer to “your credit card XXXX-XXXX-XXXX-1234”. So now the attacker only had to guess the first two. But the first two digits of a card are part of the Issuer Identification Number. If the attacker knew who had issued the card (or even the type of the card), it would only take them a few guesses to get the right first two digits. And according to the attacker, the GoDaddy customer service representative was willing to let them go on guessing as long as they liked.
So GoDaddy’s ‘security check’ offered no real security at all, but the problems didn’t end there.
Once the attacker had changed Hiroshima’s account settings, GoDaddy notified him with a message that said that the change had been made. He wasn’t asked to confirm that he wanted to make that change: he was told that the change had been made, and he needed to act if he wanted to undo it. That’s an ‘opt-out’ rather than an ‘opt-in’. Moreover, undoing it turned out not to be an option, because GoDaddy’s subsequent checks stonewalled Hiroshima’s attempts to regain control.
To use an analogy, it’s as if a thief broke into your house, changed all the locks, and the police refused to allow you to get back in because your key didn’t fit the new locks. The difference here is that while the police can’t compare your key to the old locks, GoDaddy should have been able to confirm that Hiroshima’s credentials matched the previous settings on the account. If GoDaddy’s procedures offered real security, that should have been sufficient grounds to revert the account to the previous settings and lock it pending resolution of the issue. But apparently that’s not how they do things.
There are possible problems with prioritizing prior account information. An unscrupulous domain owner might, for example, sell a domain to someone else and then reclaim it by claiming theft. Nevertheless, the potential risks seem smaller than a system that essentially favors thieves.
Reading between the lines, it sounds as if GoDaddy’s procedures are designed not for security, but for customer support. Their system is set up to help the customer who calls up and says "Oh, I’ve forgotten everything, can you get me back into my account?" And with a claimed 6.5 million customers, many of whom are probably not technically savvy, it’s easy to see why GoDaddy might take this approach — which minimizes support time and probably makes most of their customers happy — rather than offering stronger security.
What can be done?
Hiroshima offers various suggestions for increased security (aside from not trusting Paypal or GoDaddy with anything). One is to increase the TTL on your domains — the thief’s initial attempt to gain control of the Twitter handle failed because delays in DNS propagation meant that emails sent to an address at Hiroshima’s domain still went to his own mailserver rather than the thief’s.
Another is not to use email addresses at your own domains for registration of anything valuable. If an attacker can gain control of the domain — and Hiroshima isn’t the first person to lose control of a domain registration in this way — then they control the email address, and if they control the email address, they control anything registered with it.
That’s sound advice, although I’m unconvinced by his recommendation to use Gmail instead. I’m not prepared to assume that passwords for webmail services such as Gmail, Yahoo or Hotmail are immune to theft. I’ve certainly seen plenty of stolen webmail accounts over the years, probably the result of phishing or keylogger attacks. Better security might come from ensuring that anything you want to protect isn’t registered with a publicly-known email. If the attacker doesn’t know which email they need to control in order to take possession of an asset, their task becomes harder. In the case of domain names, that’s an argument for taking advantage of any ‘private registration’ service offered by your registrar, and setting it to auto-renew.
In Hiroshima’s case, that wouldn’t have saved him. The attacker’s attempt to obtain the asset (his Twitter handle) via his email address failed, so he switched to plan B, which was simply to bargain one asset (Hiroshima’s domains) against another (the Twitter handle). GoDaddy had given the thief leverage over the first asset; Hiroshima weighed up the risks and concluded that he had no option but to hand over the other, less valuable asset.
Things that we own online have real value. The value can come from rarity (such as a Twitter handle consisting of a single letter) or from the potential to exchange for hard cash (Bitcoins, in-game currency or virtual artifacts), or because they’re crucial to your business. Loss of control, even temporary, over a domain could be badly damaging to a small business, exposing it to anything from loss of revenue or customers to theft of secret information. Loss of an email account can have similar consequences: if you depend on an email address at a service such as Gmail to send and receive essential communications, you’re hostage to anyone who can take control of it.
The weak link
The deeper bottom line is that our security is in the hands of others. You can use multiple email addresses and multiple dissimilar passwords (and you should) so that an attacker who gets hold of one of your assets doesn’t get the set. You can store your access codes in an encrypted password safe rather than writing them on a Post-It note. You can use secure connections and shredders. But at the end of the day, if you share that information with someone else, then your security is only as good as their security procedures. And if their security procedures involve storing your password in plaintext, or letting malware run riot on their PoS terminals, or handing over your credentials to anyone who asks, you’re essentially screwed.
I have never liked the idea of Digital Rights Management (DRM), but it was a bad encounter with Adobe’s eBook DRM that eventually hardened my profound distrust into frank loathing. I won’t go into the details but suffice to say that I ran into everything that anti-DRM advocates like Cory Doctorow have always warned us about: getting locked out of content that I naively believed I ‘owned’, waves of incomprehensible error messages and baffling ‘permissions’ dialogs, being forced pretty much at gunpoint to use only their chosen e-reader, and so on. In the end, it all led to a simple resolution: if you use Adobe’s DRM (or any similarly intransigent proprietary DRM scheme), the sale is off. It’s just not worth it to me.
I don’t feel this way because I think that I or anyone else has a sovereign human right to run out and upload everything we buy to the Pirate Bay. I am almost neurotic about paying for the digital content I enjoy, and about expecting others to do the same. I don’t give away what isn’t mine. But I don’t want to waste even a minute more wrestling with poorly-implemented software that treats me as a criminal, I don’t want to be told that I can’t use the software or hardware of my choice, I don’t want to find that everything I thought was ‘mine’ is suddenly lost to me because of a glitch or a change in corporate policy or technical obsolescence. Punto, e basta.
So, on reflection, I’m pretty happy about the news that Adobe has decided to double down and develop a new, even more aggressive DRM scheme. Because I wasn’t going to buy anything protected with their DRM anyway, and when — as it inevitably will — the new version proves to be even more nightmarish than its predecessor, then maybe, just maybe, it will trigger a backlash against DRM that will finally drive a stake through the black heart of the whole concept.
The latest crumb of information to emerge from the Snowden files is a claim that the NSA shares shares raw intelligence data with Israel, including data gathered from US citizens. Use of the data is governed only by a ‘memorandum of understanding’ with no real legal force.
Cynics will not be surprised. Within the US, other agencies including the DEA, Homeland Security, and the Secret Service have also been given access to data collected by the NSA. The official line is that such sharing is limited and subject to strict controls. Reading between the lines, it sounds as if the NSA’s own innate secretiveness may play a bigger role in limiting the unchecked flow of information out of Fort Meade than any official safeguards against misuse.
Once the first steps have been taken to allow a government agency to look where it couldn’t before, any new powers available will quickly be expanded beyond their intended use. In New York, police were given the power to search the bags of anyone entering the subway system as an anti-terrorist measure. The program was not particularly useful for its ostensible goal: a would-be bomber who spotted police at one subway entrance could usually find another station with no checkpoint only a little distance away, or might choose to set off his bomb on a bus or in a department store. It’s doubtful that the program made New Yorkers any safer. However, in the event that a bag search disclosed something else — drugs or weapons, for example — the NYPD was authorized to make an arrest. An ineffective measure against ‘terrorism’ offered the police the opportunity to go fishing for evidence of other crimes.
Similarly, it took less than two years for the anti-terrorist PATRIOT Act to be turned to other purposes, including the investigation of a Las Vegas strip-club owner suspected of bribery. By 2007, a government audit had determined that the FBI was guilty of ‘serious misuse’ of some of the powers given to it by the Act, violations not merely of the spirit but of the actual letter of the law.
So it’s no surprise to learn that all the new powers that the NSA has quietly awarded itself are already being used in ways that go far beyond the agency’s official remit, and that information gathered is being shared, often without restriction, with those that the NSA sees as its natural ‘partners’, including foreign powers. To date, only Israel has been named as a recipient of raw intelligence. You don’t need to be a cynic, merely a realist, to think that it’s probably not the only one, and that raw or processed intelligence derived from the NSA’s broad surveillance of Americans will be or has already been shared with other foreign states, including some that we would consider despotic.
The NSA, of course, isn’t telling, and unless another Snowden comes forward, we’re unlikely ever to hear about it.
If you ever needed any proof that our brave new panoptical world is two parts Stasi to three parts Keystone Kops, consider this quote from Lulzsec’s ‘Topiary’, in his interview page at askFM:
The only communication between LulzSec and WikiLeaks was between an FBI informant on their end and an FBI informant on our end, both trying to entrap each other to incriminate both groups further, and likely both oblivious to the fact that the other was working for the same organization.
It would be funny, except that it points to the way that the ‘intelligence services’ (a term that sometimes looks like an oxymoron) are increasingly involved not just in investigating crime, but also in inciting it. A majority of high-profile ‘terrorist plots’ supposedly uncovered by the FBI since 2001 have been variations on the same tawdry scenario: a small group of marginalized, disaffected and desperately dysfunctional people — often including long-term drug addicts or the mentally-ill — is infiltrated by an FBI informant. Under direction from his controllers, the informant then prods, exhorts, cajoles, bribes or threatens this band of losers until they agree to execute the plan he suggests, using ‘explosives’ provided for them by the Feds. At the 11th hour, the G-men swoop in to arrest the bad guys, and it’s handshakes and press conferences all round.
Of course, it isn’t just government agencies that use infiltration and entrapment. McDonalds hired teams of spies from two separate firms to infiltrate London Greenpeace, an activist group critical of the multinational. This was in the context of the famous McLibel case, in which the corporate giant unleashed the full force of its legal department on two minimum-wage defendants to earn a victory that was in every way Pyrrhic, with a number of the allegations made by the activists being shown to be true in court. Still more disturbingly, it has now emerged that one co-author of the McLibel flyer was actually an undercover police officer. To date, however, McDonalds has not announced any plans to sue the Metropolitan Police for their role in the defamation.
But wait — there’s more. According to the Guardian, the officer who co-wrote the pamphlet also had sexual relationships with four activists and fathered a child with one of them, before abandoning his false identity and disappearing back to Scotland Yard. He didn’t sleep with Helen Steel, one of the ‘McLibel Two’: that was left to his colleague, another police infiltrator from the Met’s Special Demonstration Squad. And the shenanigans don’t end there: it’s been reported that at least one of the corporate spies hired by McDonalds also infiltrated an activist’s bed in order to win his trust.
It’s easy to focus on the farcical aspects of this: the teams of competing spies all busy compiling reports on each other, the terrible seriousness with which senior officials try to persuade us all that a ‘conspiracy’ composed of six addled homeless men constitutes an existential threat to our society, the secret policemen who can’t seem to keep it in their pants. But the methods in use — infiltration of peaceful groups, deliberate entrapment, and yes, the use of sex as a tool for espionage — are also the tried and tested strategies used by repressive regimes everywhere. When they become common currency in self-styled democracies, that’s not funny at all.
Twitter / Search - #clarionbedtimestory -
We came, we got drunk, we took turns reading Laurel K. Hamilton’s “Micah” out loud in silly voices. Hilarity ensued.