I came across new "game" being played related to domain names. I was in a position to attempt to capture a domain that had expired and was about to be deleted. I had the .ca version of that domain and wanted to get the .com that was just about to be available. I employed a service that is designed to capture these domains as soon as they become available. I've done this before successfully so I was hopeful that this one would happen without a hitch.
Well the service announced that the domain had been captured by a registrar called "namevolcano.com". I knew a lot of the domain spammers capture newly deleted names to "taste" them for the revenue generation prospects. They usually drop these domains within 5 days so that they don't have to pay for them. I guess that they are looking for domains that will generate more revenue than the roughly $6/yr that they end up paying for registering them. So I was hopeful that I still might get a crack at the domain.
About 4 days after the domain was captured by "namevolcano.com", I got an email that was trying to "sell" me the domain, suggesting that the fact that I had the .net variant (I didn't have that) that I really should buy this .com from the sender, for the low price of only $557! I was careful at the time to not follow any the links in the email as that might have shown interest to the sender and they might have kept the domain. I didn't repsond.
About 12 hours after receiving the email the domain change hands to a registrar called "vibrant networks". After two days, I received a second email, substantially the same as the first, although reminding me that this was their second email on the subject.
After the second 5 day tasting period ran out, I finally captured the domain. I then went back and started checking the links provided by the email. This is how I got the $557 purchase number as it wasn't actually in the email.
A interesting fact is that the whois server for the second taster was whois.itimemarketing.com, which is the same domain where the link in the initial email was pointed at. So these two domain registrars seem to be related and were playing some kind of tag team game. I guess they figured that they needed 10 days to try to "sell" the domain to me.
I've use the words "game" and "sell" in quotes above as I actually consider this activity to something in the neighborhood of scam to extortion. Somehow think that this kind of activity is against the terms of service that registrars must follow to be accredited by ICANN. ICANN has really got to clean up the mess of scammers that are posing as domain registrars. These guys make the oil, gas and electricity market manipulators look tame by comparison in their brazen activities.
The one takeaway I can suggest from this experience is that if you run into a similar situation, don't do anything to raise the scammer's hopes of actually selling you the domain as I think that this will reduce your chances that they will just let the domain go and give you a real chance of getting the domain.
I received an interesting message yesterday from a developer using Microsoft's Silverlight (I suspect a Microsoft employee). He was trying to read a RSS feed from the Twemes.com website but couldn't because Twemes.com
did not have a cross-domain policy file
. My immediate thought was "What's Microsoft attempting to do to RSS?" It felt like some kind of Trojan Horse, sneaking in with the Silverlight runtime.
My "expertise" in Silverlight cross-domain policy requirements consists of about 10 minutes reading the provided references, so I could be completely wrong about all of this but here are my concerns about using this for RSS.
Microsoft seems to have modeled this on Adobe's cross-domain policy file (/crossdomain.xml) and will fall back to this file if it doesn't find it's perferred /clientaccesspolicy.xml. The idea being that client software that supports the use of this policy file will use it to decide if the content on a given website is allowed to be used by the client. So for Adobe Flash or MS Silverlight runtimes, it's a way to prevent someone from creating an application that access resources from a website that does not explicitly give it permission. (I'm assuming that this is a technical permission and does not assign copyrights but I'm Not A Laywer).
I don't know how effective this has been for controlling cross-domain usage of Flash resources but it seems superficially viable. Especially with the Flash file formats and players that were at one time proprietary (are they still?) This could provide for a type of DRM, regardless of it's effectiveness.
The problem with applying this kind of DRM to RSS is that in some respects, a RSS file *is* a content policy file. It kind of says: "Instead of scraping data from my website's HTML pages, I'll give you this data in an nice machine readable format so you will get it right and so I can have some say in what and how it is presented." By having an RSS feed, we are saying you can use this data in the RSS file but leave the rest of what's on the website alone. I don't know how much legal standing this has but there does seem to be a pretty clear common sense message in RSS.
So over the last 8 years RSS has developed with a fairly universal understanding that its reasonable for any software to import and use it (within the bounds of copyright) and that if the publisher doesn't like this, then don't publish it. If you want to restrict access to an RSS feed, use technology (such as HTTP basic authentication) to do that.
So why is Microsoft demanding a new layer of permission system (DRM) to be present before a Silverlight program can access resources that have been considered completely open? Is this just the side effect of overly intrusive legal counsel? A beta software problem where RSS was just thrown in with media files types and no one considered this issue? Or is just another example of Microsoft's long history trying to turn open standards into proprietary Microsoft monopolies?
I've been following the various conversations about data portability between the various big social networks. This is definitely a hotly debated space right now. The funny thing is that there is this one tiny piece of information, a person's email address, that is really at the center of the controversy but no one has really brought up why. The only reason that we don't want our email to get out there in an aggregated way is that the technology behind email can't really control how it is used. So when our email address gets out there, we get spammed. This is a highly emotional issue for a lot of people. If it were possible to positively identify the sender of email, we would get very little spam (and those that did spam us would be blocked quickly) and we would not care nearly as much how this piece of data is distributed. It's funny that an email address is specifically designed to be published so that others can find it and send us messages but we now want the publishing of that email address to be tightly controlled and describe it as data that we "own". It would be so much better if we did not need to control how that is published because it's use would be controlled.
In the context of the social networks, many people (that do not have a vested interested in a social network) say that an email address is our own data and that we should have the right to control it. The problem is that for it to be a useful piece of data is has to be freely available. What's happened with Facebook this week is that although they have been pretending to be opening up their network, they realize that combination of the social graph and email address is the basis for their walled garden. If that gets away, other social networks can reproduce the Facebook network and undermine it's value. What I see as significantly more important is the social graph itself. If we had a messaging identifier that was spam proof, then this would not need to be protected data. We would want to be careful about allowing other to know who we know and interact with, at least at a real world level. There is no value to society (except for sociology research) in having any one company build a social graph and there is a lot of harm can come from it (McCarthyism). There is a value to that company in that they can use this social graph to advertise to you and in building walled gardens. I prefer a model where my piece of the social graph lives completely in my control and I only provide that information when and to who I chose to, from time to time. Just like it used to before Friendster and Facebook. Humans just work that way.
That's a question that's being asked, answered and discussed on and around Twitter in ever increasing waves lately. This is a pretty good indication about how important Twitter is to the people that are talking about it. It's becoming an increasingly important tool in the everyday lives of those people. I know it has for me. I've stopped using blog aggregation as my way of keeping in touch with what's going on in the topics that I'm interested in. Instead, I follow the people have interesting things to say. Many point to interesting articles, sometimes their own, and if I have the time and inclination, I'll go read those. This has saved me hours a day wading through mounds of closely related headings in Google Reader.
So before talking about what's wrong with Twitter, what is it? It's essentially the conceptual melding of instant messaging, forums and chat rooms. It has that rapid feedback and short messaging of IM but in the context of a larger group of interested people. It has a bit of the feel of IRC and chat rooms but instead of being organized around topics, it's organized around our own unique set of interests. It's "limitation" of 140 characters, defined by what SMS can handle, makes people concise and allows readers to rapidly scan through a stream of concentrated ideas. We overcome the signal to noise problems from other conversation systems by only follow those who we identify as signal and ignore those that look like noise to use. The platform nature of Twitter also allows people to interact with Twitter in as varied a manner as the kinds of people that they follow.
As I've heard Robert Scoble say, "Everyone's Twitter experience is different." That's because you tailor it to create your own experience. So what people will see as wrong with Twitter will depend a lot on how you've tailored it, what tools you are using with it and what additional things that you would like to do with it. Personally I don't think that there is a whole lot wrong with Twitter any more than there is anything wrong with YahooIM, AIM, MS IM, Google Groups, Google Reader, etc. Yes, Twitter could be more reliable and it's a bit surprising that it's not. It's completely down as I write this. The biggest problem is that a lot of people are overlaying what they would like Twitter to be on the service and seeing the shortcomings of that ideal. They see what could be. What's "so close" but not quite possible.
What I do see in Twitter and the way that people have such different ideas about how Twitter should be changed/upgrade/replaced is that Twitter has opened up people's eyes to the many faceted ways that people can communicate in the real-time, always connected, anywhere world that we are just starting to dip our toes into.
My recent trip Banff
gave me a lot to think about in terms of the kinds of tools that would make me productive in mobile environments.
There really are two different environments that I am thinking. The first is relates to being able to do a limited amount of work while I'm out and about but need to be able to react quickly to problems. The second is one that would travel with me to places where I want to get serious work done.
My "out and about" mobile client needs to be light enough to fit in a big pocket of my cargo pants and powerful enough to write medium length email messages and visit standard web pages. I've played with a few things. I've uses a Nokia 770 Internet tablet
, a Samsung A920, a Razr, an eee PC
and even an OLPC XO
. The WiFi devices are pretty good where you can get open WiFi but that's not an easy thing to do in Vancouver. There is a lot of WiFi signal around but people have gotten smart about locking them down. Until/if Vancouver gets blanket WiFi or WiMax, the only real solution is cellular data. I tried to pairing up the N770 with the A920 via bluetooth and use the DUN. That worked fairly well until the $100 bill came in for a couple of dozen web pages. Cellular data plans are hideously expensive here in Canada. So far, my best option ends up being a lowly Razr on a prepaid plan from VirginMobile.ca. I don't use it much for talking but for $7/month I unlimited web browsing, albeit on an extremely limited device. At least I can check my Gmail account regularly and either respond if it's no more than a sentence, or get myself to a real computer quickly.
This is not a great solution but it will have to do until I can find something better. An iPhone would get me fairly close but even if it were available in Canada, I'd still have a hard time justifying it's cost. I'm just not that mobile that I could justify it. Unless I could find a project that I required it! Even then, I would like to have a better keyboard. I like the idea of the folding bluetooth keyboards. You can just pull them out when you need to do more extensive typing. I have a borrowed one but I've yet to find a bluetooth device that it will work with. That seems to be a common problem with these things.
When I'm going to camp out in some hotel room for a bit and need to do serious work while I'm there, I can get by with some standard equipment but I have been dreaming about the ideal set up. Most of this equipment does not exist and I doubt it ever will. It's not a matter of can it be built but is there a market for it and a manufacturer willing to risking building it.
Instead of having a standard notebook computer, this would be made up of a couple of components that would be built using similar technologies to notebooks. The core would be the CPU and storage module. This would be something along the lines of a mac mini in size although I'm not sure that the optical drive would be necessary. Not for me anyway. Just a hard drive and a decent CPU. Maybe a battery. Some IO ports. WiFi, WiMax or cellular data or a PCI express slot to provide for connectivity. I could see selecting this component from a number similar units that could be configured for high power or portability, etc, just like notebook computers are today. For display, we could have our choice too. A very think and light clamshell that was made up of a keyboard, touch pad and screen that had wireless connectivity to the CPU base up to folding dual 17" panels with stand and wired DVI connection to the base. A separate wireless keyboard and touch pad or mouse would be designed for travel but could be chosen to suit the user. Many would be fine with a notebook style keyboard and touch pad but I'd prefer a split keyboard and full size mouse.
All of these components could fit into a reasonably small case and not be too heavy. Likely in the 10 pound range. Now that sounds heavy to those that wander around all day with a 3 pound notebook over the shoulder all day but that's not what this is for. This form factor would be very nice as a desktop replacement but would also be compact enough to travel although note necessarily fit on your airline seat back tray.
Most of the interface standards already exist. Bluetooth would work for a lot of the wireless communicatiosn between compoents. The screen connection might need some redesign, especially if it were wireless. Most of these components just require the tallents of a good notebook packaging designer and engineer. When you look at what Apple did with the Air, could you imagine that same skill applied to these component system?
What's kind of funny about some of these ideas is that I've had some of this in the past. 15 to 20 years ago, I had a series of "portable" computers that weighted from 20 to 35 pounds. From the Osborne to the original Compaq, the metal cased Eagle and even IBM's first (and I think only) lunchbox style computer, I had computers that were fairly close in functionality to the then available desktop computers. I actually took most of these on airplanes (although the Compaq had to have it's boards and connectors reseated after each trip!)
So I would love to have some of the expertise that is used to make today's laptops put into portable component computing. To have a set of mix and match parts that I could use to build my ideal portable working environment would be wonderful.
I doubt that I will see this though. The computer industry is too focused on building slight variations on a couple of themes. You can see how reluctant manufactures are to step out side of a narrow box when you look at the success of the eee PC. Millions of these have been sold into a market that did not exist before it was produced. There was obviously a demand but the manufacturers were not willing to risk it until Asus came a long. Hmm... maybe Asus will start building my mobile modular computer components (the MMCC?).
I can always dream!
I've always found that my productivity really suffers when I need to go mobile. I have to squeeze a subset of my office desktop's functionality onto a notebook computer. The time and effort required to get setup and low productivity environment that I end up with would generally make it not worth the effort. Well, I just came back from a 9 day stay at The Banff Center so before I left, I was determined to experiment on how I productive I could become in such an environment. The Banff Center is an academic and conference center that has a world class reputation for media, arts and management events. I was told that they had a great computing resources so I thought that this would be a best case test.
Once set up in our room, I tested out the WiFi. The signal was better than in my office! I continued to set up the 5 computers that I brought. A 14" Dell notebook, a MacBook, an eee PC, an OLPC XO and a Nokia 770 Internet Tablet. The Dell was to be my main workstation and I brought my office mouse and MS Natural Keyboard to give me a feeling that was as much like the office as possible. The MacBook and eee PC are my wife's computing devices so they were not an important part of the experiment. The XO worked well as an email station for around the campus and the N770 was easy to carry around Banff. With the large number of hotels/motels and coffee shops, it's wasn't too hard to find WiFi in town.
To add an additional screen to the mix, I uses a S-Video cable to create a secondary desktop from the Dell on the room's TV. The quality wasn't great but worked well for Twhirl Twitter client and for playing movies at other times.
At the workshop that my wife was attending, she won a Tangent WiFi Table Radio so we ended up with 6 WiFi devices in the room at times. They all worked really well. The one problem that I did have is they seemed to be capping the bandwidth of any individual WiFi device to about 100Kbps. It was low latency so it was fast enough for using VNC, SSH and general web surfing but made downloading my daily podcasts a pain.
Bringing my comfortable mouse and keyboard really helped. I use a natural keyboard because of it's split layout. It has really helps keeping chronic carpel tunnel syndrome at bay but it makes the transition to the cramped space of a notebook keyboard a real pain (literally). I think that I almost prefer the little rubber keys on the XO to the notebook keyboard because I don't even try to touch type but switch to a 4 fingered hunt and peck.
The two things that I did miss from my desktop environment is the 4 screen setup using a 22" and 19" monitors on my desktop, and controlling the Dell using Input Director from the desktop and the little XO sitting above my monitors scrolling logging information. The second things is text size. The text on the 22" seemed monstrous when I got home. It felt like you do after getting off of a long flight sitting in a middle seat.
Another problem that developed relates to a particular ergonomic requirement that I have. In my office, my keyboard sits about a foot in from the edge of a corner disk. I can then put my elbows on the desk. I find this to be extremely comfortable and I can spend long sessions typing without fatigue. The room at The Banff Center was very well equiped but it did only have the standard 24" deep desk. The notebook with only the natural keyboard in front of it left only a couple of inches of desk to rest my arms on. Not nearly enough for me and I ended up with very sore arms.
Because most of my work involves websites and the internet in general, I often working on remote servers vis SSH so working from Banff was not much of a hindrance. A VNC connection to my office desktop and other office machines were pretty effective. I found I could get light coding done remotely with no problem. I've moved most of my productivity apps to the cloud (GMail/GDocs, SlimTimer.com, RememberTheMilk.com, Twitter, etc) so as long as the connectivity is good, those are no problem.
All in all, I think that I came pretty close to a good mobile setup. It was fairly productive but I don't think that I ever really got into the "groove". There are reasons for this that go beyond the nature of my setup (maybe the beautify mountains!)
I did have some thought about the dream mobile office setup would be but I'll leave that to another post.
I don't use the word "hate" very often. I reserve that work for things that I dislike with a real passion but email is becoming one of those things. If you attempted to follow my previous posting about Controlling SPAM you can guess why I have this passion.
I wish that I could give up email altogether. I think that this will happen in the next few years but at least at this point, there is not a better alternative for most of the people that I communicate with. I have found that Twitter and IM have become integral parts of my communications infrastructure but it doesn't and will never come close to replacing the majority of my communications needs. The long breaks in my blogging record suggest that blogging is not a good communications mechanism for me. Most of the social networks out there just seem to add to the spam and privacy problems and don't really add much positive to my communications. I'm just stuck with email for a while.
There are some good technologies out there to "fix" email. DomainKeys and Sender Policy Framework (SPF) are two technologies that could to a lot to climate the problems with SPAM but there is just too much inertia in the install based of technology and administrator skill sets to actually get a critical mass of adoption. If the weight of spam has not overcome this inertia by now, I don't think it ever will.
I think that the only thing that will fix the spam problem is something new that replaces email. That new techology must have obvious benefits and have spam resistance built in from the beginning. Earlier adopters will legitimize the technology and will eventually drag the rest of the world into using that technology. We are seeing these kinds of shifts with the use of Facebook and Twitter but the closed, centralzied nature of both these system make them inappropriate for mass adoption that the internet infrastucture level that is required to really replace email. By the way, when I speak of "email" here, I'm refering to SMTP email. I think that we will always have email as in electronic mail but it may be based on completely different underlying technology than the SMTP that we see today.
What will replace SMTP email? That's a pretty tough question. There doesn't seem to be anything with momemtium on the horizon yet. It is something that I've been thinking about and does tie into the OpenPersona idea that I've been playing with. Maybe it will come out of that effort.
I've been noticing that the amount of spam that I get has been going up. Up until about a month ago, I was receiving about 1000 spam messages a day but that has risen to about 3000 per day over the last week or so. I have been using GMail for managing my email and it had been great at filtering out this spam. Virtually no false positives (good messages going into the spam folder) and about 1-2% false negatives (spam not getting put into spam filter). That left me with about 10-20 spam messages a day to deal with. Not too much overhead. Sometime over the last couple of days, Google must have changed their spam filters in some way. I suspect it was in response to increasing levels of spam. The net effect was that the false positives went from practically none to about 70%. In other words, about 70% of my legitmate email was going into the spam folder with 3000 spam messages.
Well that made GMail's spam filter just about useless. It was time to see if I could figure out some ways to filter out some of this spam before it got to GMail so that I could do occasional, manual false positive checks in the spam folder. So the first question is "How is it possible to get 3000 spam messages a day?" That's easy. I have two domain names that send all email, regardless of address, to my GMail account. I've had these for many years and use them to create ad hoc "BACN" email addresses for signing up for new services. I'll call these domains my BACN domains and use BACN.com generically. I embed a standard code and the website's domain name into the email address so that if I start to get spam, I know who to blame (and block). For example, my email address might look like this: asdfa.newwebsite.com@BACN.com. The "asdfa" code (not what I really use) has been a string that I've embedded with the thought that at some time I could use this to help in my spam filtering. That time is now!
I've learned a few things about spam from using these catchall BACN email setups. First, a number of websites have sold/given/lost their email lists to spammers. A couple that come to mind are Napster, Bicycle.com, and my local gas and electricity company. It is also very interesting to see just how much spam is sent to made up email accounts. I see a lot of random looking string as email accounts. Others look like that they might be an account name from some other domain with my BACN domain tacked on the end. Others include HTML tags and attributes (like HREF or MAILTO) and are obviously due to HTML parsing errors when the spammers were trying to harvest email addresses from web pages.
Another factor in my large number of spam messages is that I manage several hundred domain names. Some are for my own projects, others are for clients, friends and relatives. A lot of these domains have legitimate email addresses that forward to me. I've yet to find any way to keep any email address spam free short of never telling anyone about it and not using it. Also, when registering these domains, they must have a legitimate contact email address and it's really important that I get any legitimate email that is sent to these accounts. I have 3 email addresses that are used for this purpose and so they end up in the public whois registration database entries for those domains. The whois database is a favorite place for spammers to harvest email addresses so these 3 addresses get spammed heavily.
So how to do some pretty brutal spam trimming? My solution is not for everyone. It involves Sendmail, Procmail and an extra GMail account. I happen to have the luxury (and the associated maintenance overhead) of having a dedicated Debian Linux server that handles some of my client's email and all of my email. I could run spamassassin or other linux server spam filtering software but I want to keep this simple to implement and manage. I've used these server based spam filters in the past but found them to be overkill for the use of a relatively small number of people. Spam filtering is not a service that I need to offer my clients. Most of the email that comes to this server just gets forwarded off to some other email account via a Sendmail virtusertable configuration file. Even my own email just gets forwarded to my GMail account. So my first line of defending myself from the spam was to create a local email account that I forward all of my BACN. I then implemented a procmail filter that would only forward mail that had the the special code "asdfa" in the To address field. What gets forwarded is what I call potentially good BACN. What gets left is pure spam and discarded. Here is an example of that filter with dummy data and email addresses inserted:
* ^To: .*asdfa.*
email@example.com is not a real GMail account (at least its not mine) but just a place holder for my real, spam filtering only, Gmail account. I forward my potentially good BACN to this GMail account along with my whois database email addresses and a few other heavily spammed accounts. In that GMail spam account I set it up to immediately forward all mail to my real GMail account. This only forward messages that don't get caught in it's spam filter. False positives in this stream of email are tolerable because this email is BACN plus some spam.
So now I have a 4 level spam filtering strategy.
- A sendmail virtusertable file that blocks some known spammed email addresses that I just don't need any more. Like my bicycle.com website email address. I also forward email addresses that are my main contact email addresses directly to my main GMail account. This short circuit of the process reduces the chances of false positives and even if there are false positives, they will show up in my main GMail account. This account won't get too diluted by spam so I can occasionally check for them.
- BACN+spam is sent to a local email account that has a procmail filter to strip out all email that doesn't have "asdfa" in the To field.
- Potentially good BACN is sent a special spam GMail account that is used to filter out real spam sent to BACN email addresses.
- Finally I use my main GMail account's spam filtering as a final line of defense but I can still check it for false positives.
I implemented this strategy about 3 hours ago. The procmail filter, has caught about 200 messages since then. All spam. The GMail spam account has caught about 40 spam messages. All real spam sent to my BACN and whois accounts. My main GMail has caught 5 spam messages and missed one that I had to manually mark as spam.
That feels much better!
I have create a website for the discussion of Persona concepts and a set of protocols to make to allow them to communicate. You can find this at OpenPersona.org.
older blog items...
There has been a lot of talk lately about being in control of your own data online. This talk has arisen due to the various websites that revolve around the concept of a social network. MySpace and Facebook are the two best known of these websites but this is just the tip of the iceberg. Social networking online is not a new concept. To varying degrees, forum websites and going back further, BBSes, Compuserve, The Well, and Newsgroups are all instances of very successful social networks. They may not have been as focused and structured around the networking aspects as such websites as Frendster, LinkedIn or Plaxo but they still provided that functionality.
What is different now, especially when looking at a tool such as Facebook, is the shere amount of concentrated data that a single company has collected about a large segment of the online population. That scares a lot of people. It scares me and is the reason that I've minimized my exposure to Facebook. To a lesser degree, I have this same issue with Google as well, particular with respect to GMail.
I've been talking, although not blogging, about this issue for a couple of years and would have expected some serious progress towards addressing this issue by now. I often hear the mantra about "owning ones own data" but I have not seen a lot of progress other than being able to import/export data from various online tools and some ideas being generated on DataPortability.org
So what have I been hoping to see develop in this space? I've been using the term "Persona" to describe a structured set of data and services that represent me or any individual online. I want my Persona to be completely under my control or delegated to a trusted service organization. Think "data analog to the banking system". I want that Persona to be my proxy to the online world as well as provide a window onto other Personas that interest me and provide a place for us to communicate and collaborate.
In a very real sense, I want to see the business model that Facebook is using turn it inside out. I want to see a lot of smaller service providers that make it their business to protect the Personas that have been entrusted to them. I want protection from spammers, data identity thieves and from marketing messages that are not of interest to me. If I'm particularly paranoid or technically savvy, I want to be able to host and operate my own data and services so that I don't have to trust anyone.
This is just a first entry in what I hope will be a long series of posts on the topic of Persona. Stay tuned!