Brad Ideas

Robocars & More

There are many proposals out there for tools to stop Phishing. Web sites that display a custom photo you provide. "Pet names" given to web sites so you can confirm you're where you were before.

I think we have a good chunk of one anti-phishing technique already in place with the browser password vaults. Now I don't store my most important passwords (bank, etc.) in my password vault, but I do store most medium importance ones there (accounts at various billing entities etc.) I just use a simple common password for web boards, blogs and other places where the damage from compromise is nil to minimal.

So when I go to such a site, I expect the password vault to fill in the password. If it doesn't, that's a big warning flag for me. And so I can't easily be phished for those sites. Even skilled people can be fooled by clever phishes. For example, a test phish to bankofthevvest.com (Two "v"s intead of a w, looks identical in many fonts) fooled even skilled users who check the SSL lock icon, etc.

The browser should store passwords in the vault, and even the "don't store this" passwords should have a hash stored in the vault unless I really want to turn that off. Then, the browser should detect if I ever type a string into any box which matches the hash of one of my passwords. If my password for bankofthewest is "secretword" and I use it on bankofthewest.com, no problem. "secretword" isn't stored in my password vault, but the hash of it is. If I ever type in "secretword" to any other site at all, I should get an alert. If it really is another site of the bank, I will examine that and confirm to send the password. Hopefully I'll do a good job of examining -- it's still possible I'll be fooled by bankofthevvest.com, but other tricks won't fool me.

The key needs in any system like this is it warns you of a phish, and it rarely gives you a false warning. The latter is hard to do, but this comes decently close. However, since I suspect most people are like me and have a common password we use again and again at "who-cares" sites, we don't want to be warned all the time. The second time we use that password, we'll get a warning, and we need a box to say, "Don't warn me about re-use of this password."

Read on for subtleties...

Right now this blog is hosted by powerVPS, which provides virtual private servers. This is to say they have a large powerful box, and they run virutalization softare (Virtuozo) which allows several users to have the illusion of a private machine, on which they are the root user. In theory users get an equal share of the machine, but since most of the users do not run at full capacity, any user can "burst" to temporarily use more resources.

Yesterday I received a Dell 3007WFP panel display. The price hurt ($1600 on eBay, $2200 from Dell but sometimes there are coupons) and you need a new video card (and to top it off, 90% of the capable video cards are PCI-e and may mean a new motherboard) but there is quite a jump by moving to this 2560 x 1600 (4.1 megapixel) display if you are a digital photographer. This is a very similar panel to Apple's Cinema, but a fair bit cheaper.

Today, Congress passed 410-15 the Delete Telephony Online Predators act, or DTOPA. This act requires all schools and libraries to by default block access to the social networking system called the "telephone." All libraries receiving federal funding, and schools receiving E-rate funding must immediately bar access to this network. Blocks can be turned off, on request, for adults, and when students are under the supervision of an adult.

Transit is of course more efficient than private cars, many people on one vechicle. But because a round-trip for a couple or family involves buying 4 to 8 single tickets, couples and families who have cars will often take their cars unless parking is going to be a problem. For example, for us to go downtown it's $6 within SF. For people taking BART from Berkeley or Oakland it's $13.40 for 2 people. Makes it very tempting to take a car, even if it costs a similar amount (at 35 cents/mile, 15 of those for gasoline in a city) for the convenience and, outside of rush-hour, speed.

Everybody in the blogosphere has heard something about Alaska's Ted Stevens calling the internet a series of tubes.

They just heard him wrong. His porn filters got turned off and he discovered the internet was a series of pubes.

(And, BTW, I think we've been unfair to Stevens. While it wasn't high traffic that delayed his E-mail -- "an internet" -- a few days, his description wasn't really that bad... for a senator.)

A proposal by a Stanford CS Prof for a means to switch the U.S. Presidential race from electoral college to popular vote is gaining some momentum. In short, the proposal calls for some group of states representing a majority of the electoral college to agree to an inter-state compact that they will vote their electoral votes according to the result of the popular vote.

Big news today. Judge Walker has denied the motions -- particularly the one by the federal government -- to dismiss our case against AT&T for cooperative with the NSA on warrantless surveillance of phone traffic and records.

The federal government, including the heads of the major spy agencies, had filed a brief demanding the case be dismissed on "state secrets" grounds. This common law doctrine, which is often frighteningly successful, allows cases to be dismissed, even if they are of great merit, if following through would reveal state secrets.

An interesting article in the WSJ yesterday on the paradox of abundance describes how many Netflix customers are putting many "highbrow" or "serious" movies on their lists, then letting them sit for months, unwatched, even returning them unwatched.

This sounds great for Netflix, of course, though it would be bad for Peerflix.

Hot on the heels of the regular photos the gallery of 2005 Burning Man Panoramas is now up. This year, I got to borrow a cherry picker at sunset on Friday for some interesting perspectives. The long ones are around 3400 by 52000 at full res (180 megapixels) and even the ones on the web are larger than before. Use F11 to put your browser into full screen mode.

Recently IEEE Spectrum published a paper on a refutation of Metcalfe's law -- an observation (not really a law) by Bob Metcalfe -- that the "value" of a network incrased with the square of the number of people/nodes on it. I was asked to be a referee for this paper, and while they addressed some of my comments, I don't think they addressed the principle one, so I am posting my comments here now.

Bruce Schneier today compliments Google on trying out pay-to-perform ads as a means around click-fraud, but worries that this is risky because you become a partner with the advertiser. If their product doesn't sell, you don't make money.

And that's a reasonable fear for any small site accepting pay-to-perform ads. If the product isn't very good, you aren't going to get a cut of much. Many affiliate programs really perform poorly for the site, though a few rare ones do well.

People ask me about the EFF endorsing some of the network neutrality laws proposed in congress. I, and the EFF are big supporters of an open, neutral end-to-end network design. It's the right way to build the internet, and has given us much of what we have. So why haven't I endorsed coding it into law?

If you've followed closely, you've seen very different opinions from EFF board members. Dave Farber has been one of the biggest (non-business) opponents of the laws. Larry Lessig has been a major supporter. Both smart men with a good understanding of the issues.

I haven't supported the laws personally because I'm very wary of encoding rules of internet operation into law. Just about every other time we've seen this attempted, it's ended badly. And that's even without considering the telephone companies' tremendous experience and success in lobbying and manipulation of the law. They're much, much better at it than any of the other players involved, and their track record is to win. Not every time, but most of it. Remember the past neutrality rules that forced them to resell their copper to CLECs so their could be competition in the DSL space? That ended well, didn't it?

Read on...

You've seen me write before of a proposal I call addresscrow to promote privacy when items are shipped to you. Today I'll propose something more modest, with non-privacy applications.

I would like PayPal, and other payment systems (Visa/MC/Google Checkout) to partner with the shipping companies such as UPS that ship the products bought with these payment systems.

I've gotten way behind on putting up my photographs, and I realized I had never put my Burning Man 2005 shots up. We're already planning for 2006.

So I got them up this weekend. Of particular interest to burners this year will be the aerial survey I did of the city, over 200 close-up photos of just about every camp in the city from the sky.

And yes, I shot plenty of panoramas, and I have built most of them, but still don't have the panorama page up.

Those who travel on trips through many countries face the problem of how to plug in their laptops and gear. Many stores sell collections of adapters, but they are often bulky, and having multiple adapters for multiple gear can be really bulky. (Usually you get one adapter and then use a 3-way splitter or cord for your type of plug.)

Today, however, almost all my travel gear is 2-prong, not 3-prong. It's mostly my laptop and various chargers for cameras, phones etc. And all of it runs on every voltage and hz found in the world.

When you buy stuff with a credit card online these days, they always want your address, because they will plug it into their credit card verification system, even if they are not shipping you a physical product.

I'm trying to give my physical address out less and less these days, and would in the long term love something like the addresscrow system I proposed.

Got to preview a powerful and interesting movie last night, The War Tapes. The producers, one of whom I met, gave quality video cameras to various members of a National Guard company doing a tour of duty in Iraq. The goal was to show the war from the soldier's POV. It's graphic at times, and puts forward a variety of views (though I doubt it will make many people decide to favour the war more) and well worth a watch. It opens in San Francisco and Oakland this weekend, later in other places.

I've been away because I had to have my gall bladder removed, thanks to a gallstone the size of a small moon. Unfortunately they had to do it "old school" rather than laproscopically, which means the recovery is so much more fun.

In recent times, we've seen a lot of debate about eroding the 4th amendment protections against surveillance in the interests of stopping terrorists and other criminals.

It's gotten so prevalent that it seems the debate has become only about how much to weaken the 4th. Nobody ever suggests the other direction, strengthening it.