As a technology whore, I’m always interested in new services for my various electronic devices, so when I got an email message noting that odeo.com was open to try out, my curiosity was piqued. As a tech geek, it was naturally my duty to check this out and see what they had to offer.

For those not in the know, “Odeo is the place to browse, listen, upload, download, sync to your iPod (or any Mp3 player).” Be that as it may, it would appear to help to be an iPod user. People create audio feeds for download, which people can then listen to on their PCs or on their portable MP3 players. This is a practice known, for better or worse, as podcasting.

Desite my desire to be cutting edge and my knowledge of the availability of podcasting, up to the present, I hadn’t been actually doing any podcasting yet. iPod, check. PSP, check. Downloading random audio posts from bloggers and copying the files to my player(s)? Ummm, well, yeah, I never quite got around to that step.

That’s what makes Odeo such an interesting concept. They’re basically a catalog of various audio blogs on the web, simplifying the task of finding audio feeds, “subscribing”, downloading, and importing into iTunes or Windows Media Player. Then, theoretically, it’s just a matter of syncing up your MP3 player to make them portable. Neat!

As far as implementation goes, it was pretty painless as an iPod owner / user. I downloaded the Odeo syncer (which actually downloads MP3s and drops them in iTunes), then browsed their site for various feeds to add. Nicely enough, you can listen to snippets of these channels right on the web site. As far as interface goes, Odeo is a pretty slick package, and I got subscribed to a few shows right away. No MP3 player is necessary — if listening to podcasts on your PC is your bag, then Odeo is a nice step in simplifying that task.

However, while actually listening to a podcast, I came to a quick realization: just because you podcast doesn’t make you interesting. Case in point: MAKE Magazine has a podcast, and while they discuss much that I find incredibly fascinating, I’d hate to be listening to that in the car. I might nod off and wind up in oncoming traffic. The Suicide Girls channel (to which I subscribed purely for research purposes, of course) droned on about what a guy was wearing on a blind date and whether or not wearing a belt is optional.

There’s a decent number of podcasts catalogued in Odeo, including categorization, with the ability to see the Top 40 channels, as well as a selection of featured channels that change each week. Unfortunately, I can see how easy it is to get lost in the shuffle here. Being driven by the network of people actually using the service, good channels that haven’t been promoted very much will get buried in the listings. The fairly open ability to add any feed into Odeo also clutters up the choices. Random shows like “The Dawn and Drew Show” (self-proclaimed as “sex, jokes and more from a married couple in Wisconsin”) combine with junk marketing like the show “Adv – THIS SPACE FOR RENT” by Aruntx and people blogging just for the sake of audio blogging (I’m talking about you, Tom Greene), making it hard to find the fledging, good quality content podcast. The signal to noise ratio is rapidly decreasing!

That’s when I discovered something else: this is just radio. Yeah yeah, it’s downloaded off the Internet and allows people without FCC licenses to broadcast in some form, but at the end of the day, it’s still radio. I was listening to on-air ad spots in these things. The people who actually create good on-air personae and line up the sponsors will probably be the most successful.

My overall thoughts: Odeo is pretty good. Not bad at all for beta. It’s definitely worth checking out, especially if you’re looking to get into podcasting. However, we’re going to see a few things happen in the not too distant future, namely:

• Cataloging sites like Odeo will be flooded with poor podcasts and marketing spam. A rating system will be implemented, or some sort of moderation will happen.
• Dead channels will ensue. The low barriers to entry mean that a lot of people will start podcasts, and then just stop doing them.
• Someone will do a good job of consolidating podcasts. Instead of having a bunch of sites each running their own podcast, they will combine a slew of smaller podcasts to consolidate the marketing, and split the revenue.
• Good audio personae will develop the largest audiences. Leo LaPorte, you’ve got the right voice!

Overall, podcasting is still growing as a technology. I look forward to Yahoo and MSN folding in support for Podcasts into their portals, as that’s when you know the technology has gone mainstream. Looks like we’ll need more MP3 players, stat!

The digital revolution has completely revamped the way business and personal life are conducted, but with a cost: identity theft is at an all time high. In the old days, the most that people stole was your social security number. SSN theft typically lead to a rash of credit card grievances for the victim, from which they might never recover, as the government doesn’t re-issue SSNs.

As life itself shifts towards the online world, more of your life is up for grabs, and with less difficulty to steal. Nowadays, everything from online banking to message board accounts are vulnerable, leaving a would be victim with so much more to lose. Now, it’s not just your credit that gets dragged through the mud: so also go your name and all your hard earned money.

One of the biggest problems with this is the proliferation of passwords. Before, one might remember basic useful information, like social security number, mother’s maiden name, or *gasp* a PIN. In the online world, however, passwords are king, and with every site out there requiring registration, people are forced to remember more things just to get around. Got email? Got instant messaging? Shop at a few different sites? Read the news online? You can easily rack up several dozen passwords in a short time, and it’s harder than ever to remember everything.

So what’s one to do? Supposedly, you’re supposed to come up with incredibly difficult passwords to guess, and use a different one for each place you go. Somehow, this is preferable to using easy to remember passwords, or even the same hard password. Yet, the human mind doesn’t work that way. Remembering three difficult passwords is okay for the common person. Remembering a couple dozen is not so good. A Microsoft tech manager even suggested that people write down their passwords, which in the security field, is a no-no.

It’s a growing problem. You can’t use unchangeable metrics, such as a fingerprint, because someone could steal that and have access to whatever else is so protected for life (kind of like the SSN issue). You can’t use easy to remember facts, because hackers prey on that, so your favorite pet’s name or first girlfriend are out. You’re supposed to mysteriously come up with complex gobbledy-gook passwords on the fly, and remember them.

The solutions to this vary. Bruce Schneier’s Password Safe is an encrypted place to store all your passwords. Solutions such as SplashWallet allow you to keep your passwords on a Palm PDA. The idea is simple: if you have to keep a lot of passwords, you might as well keep them easily available in an encrypted format, so that you only need to remember one password, and can ignore the rest. This is okay until you find yourself away from the vault, and have to generate a password on the fly. Then it’s back to square one, remembering a password.

Another solution is to generate passwords based upon the site you visit. For instance, if you visit example.com, make your password some hash of the site name, such as take every other letter of the domain name, and add ‘pass’ to the end, e.g. ‘eapepass’. This is a terribly insecure password, but allows you to generate different passwords per site.

Yet another solution is to create a hard to guess password, and then use it everywhere. This is all fine and good…until just one of the sites you’ve visited gets hacked, and their unencrypted back end lets your password rosetta stone out into the wild.

Identity validation is basically a problem that rises at the same pace as identity theft: how does one verify identity, without crushingly difficult usage for the end user? There’s no good solution now, and no good solution in the near future. Until vendors as a baseline of business consider your information as extremely sensitive data and take measures to ensure its security, it’s a bit of a crapshoot as to whether or not you’re safe on whatever site you might peruse.

The best we can do is to be as safe as we can, use as much security as is not too inconvenient, keep a close eye on what information you give out, and wear our tinfoil hats while generating what we hope are sufficiently strong passwords. There’s a real problem with security these days, and unless you want to go off the grid, you’re going to have to make do with what we have. I just worry for the less computer-savvy: no one takes them by the hand and shows them what’s possible. Let’s hope our technology catches up before they experience serious problems.

Mozilla is quickly growing in marketshare, helping fight back the onslaught of IE. While I’m happy for their success, I know that little details like just having the browser work out of the box with Flash will still annoy end users. Another problem is that background music (considered by some to be as annoying as the “blink” tag in web design) doesn’t work either. Anyone who’s familiar with ytmnd.com understands the paramount importance of background music, however. Fortunately, it is fixable, rendering yet another reason to use IE as moot.

What you do is install Quicktime, then adjust your browser preferences to let QuickTime handle those filetypes. This article on Mozillazine provides information on how to do this.

Backwards web designers who refuse to make standards compliant sites by using the bgsound tag, however, will find that their web pages still won’t work. For that, install the BGM Conductor extension, which in addition to translating bgsound tags into embed objects, will allow you to start and stop background music.

Ah, now I can get back to viewing the important pages on the web.

In the old days of the Internet, site stickiness was a key metric. How long did you have eyeballs on your web page? What was the average user session length? At first, it was good to see how long you could keep people there. 5 seconds? 30 seconds? 3 minutes? 15 minutes? Depending on the content, people stayed on your site for longer or shorter periods of time. The theory was that the longer you had people on site, the longer you could show them more ads.

Then, a re-evaluation came. Site stickiness became not good. People who had good site stickiness complained that people were spending too much time on their site. Fresh eyeballs were the new cool thing. By having a steady stream of different eyeballs coming in, you could do short ads, and then get a fresh audience for the same ad. The lower a site’s stickiness, the better (though presumably, longer than 5 seconds).

We appear to have come full circle in our measuring, and now think that site stickiness is good. Keep people on your site, and you can have a good run of it. Sites like Grab.com and MySpace offer a whole world of options to keep you on site, interacting with both the community and the technology for as long as possible. Beer.com’s Virtual Bartender certainly keeps people interacting with the site to see what they can do. (If you for some reason prefer Portuguese, then check out Bavaria Beer’s knockoff virtual bartender. Some quick commands for you non-Portuguese speaking folk: “beijo”, “dança”, “cerveja da bebida”, “foda”, “tira”.) I’ll leave the reader to inject an off color joke about site stickiness here.

We can probably relate this change to improvements in ad serving technology. In the past, ad rotations were limited to showing one ad. It was coded on the page, and changed whenever someone got around to it. Site stickiness is bad then, but no one really thought about it much. Then, ad rotation came into play, so random ads flourished. Site stickiness became good, meaning that the longer someone was on site, the more ad rotation could come into play. Better uniquing (such as IP and cookie uniquing) entered the foray, offering uniquing roughly by user. Hence, it’s not necessary to have the stickiness to show different ads; you can pump through as many people as possible, and let the uniquing take over. Stickiness was bad, because it meant less fresh traffic.

What’s happened now is that contextual advertising is on the rise. So now, ad targeting is much improved. By layering on top of the previous ad serving improvements, stickiness once again returns to good status, by allowing multiple targeted ads to be shown in a session.

On the whole, I think it’s a good thing: the more a site focuses on site stickiness, the better web content must be. Think about it: if a site has content that only has a passing interest, you’re only going to be on that site for a short period of time. Alternatively, if the site has compelling content, you might be on that site for quite a while. For the publisher, getting the opportunity to display more targeted unique ads is also a win. The branding doesn’t hurt either.

The publisher kind of gets dinked in the end (being, of course, the ever pressured and competitive-driven creators of content), but so it goes with any industry. However, it’s nice to know that advertising and consumer interests are converging right now, as far as content goes.

Bit Torrent has gotten a bad rap lately, due to its rampant use in copyright infringement. That’s why it wasn’t surprising to find sites like SuprNova.org shutting down, rather than face the wrath of music and movie lawyers who are turning the legal system into a volume business.

This is unfortunate, because Bit Torrent is one of the neatest developments to hit the net in a while — it’s an Internet representation of memes. For those not in the know, Bit Torrent is a distribution system, where you upload parts of the file while you download parts of the file. So, say you download the first quarter of a file. You can then act as a server for other people who are looking for that first quarter, and provide it to them for download, while you’re trying to download the remaining three quarters of the file. You, in turn, are downloading the remaining three quarters from others who have downloaded the file. The more people who try to download, the better off everyone is, as this gives you more places to download from simultaneously. Hence, the more in demand a file is, the larger and stronger the torrent. A meme in action! This has the benefit of not forcing the provider of the media to pay for all of the downloaded bandwidth, which is a good thing. It distributes that bandwidth load to the downloaders, which seems to be a sort of poetic justice.

So, despite the bad press that Bit Torrent seems to draw, this technology is quite good. Fedora allows people to download the latest versions of their Linux via Fedora torrent. South By Southwest provided their entire SXSW 2005 Music Festival catalog of 750 songs in a publically available torrent. If more people would use this system, providers of media could reduce their costs (allowing them to provide more media in the future), and downloads would be quicker for all.

The following sites provide legal Bit Torrents. As torrents need people participating to have power, install Bit Torrent and jump right in!

bt.etree.org: Live concert recordings of trade-friendly artists are featured here. Looking for a recording from the last Phish show? This is a good place to start.

LegalTorrents: LT is a clearinghouse of various freely available music, books, and movies.

Prodigem Torrents: An eclectic mix of mostly tech-related torrents.

torrentocracy: Mostly political torrents.

Click on, download, upload, enjoy. Not everything is evil, despite what the news tells you.

I don’t expect Nigerian email scammers to win any awards for good citizenship. These scammers (also known as 419 scammers) are out to bilk money from naive Internet users, so unhealthy behavior is sort of the name of the game. Though I find it annoying that they both fill my inbox with solicitations as well as steal money from people, it’s rare that they actually piss me off. Then, today, I got the following email message:

TSUNAMI SURVIVORS RELIEF & REHABILITATION SERVICES

Good Day,

My name is Mark S Paylor, i am a victim of the Tsunami quake flood, i came to london some few days (6th of Dec. 2004) before the quake flood happen (26th Dec. 2004) i got information from skynews while in London that the quake flood killed people in my country Somalia and other countries, its realy sad for me cause i spoke with my parents few days before the quake flood, i went back to Africa Somalia, and find out that all my family was gone, my father and mother was dead left with only my sister of 8yrs and my self are the only surviving children of my family,go to this link for more information.
[DELETED]

my father was a gold marchant and a top contractor in my country who had made so much money in Gold Business, he has a company in Somalia but all was gone, i saw my father lawyer in Somalia and he gave me all my father documents and testament of my late father and i am the next of kin to my late father, i found out in the documents that my dad has deposited some money ($18million usa
dollars) in a Security Company in Ghana and i called the company for the clam of the funds, but they told me that my dad has already registered the funds unexpress transfer to live Africa, that i need a foregin partner to help me cliam the funds.

I need your help so i can cliam the funds and i want to contribute the funds to the TSUNAMI RELIEF FUNDS, i will give to you 30% if you can help me contact the company with your delivery address so this funds can be delever to you, i will be going to Ghana next week to make arrangement with the company on the transfer of the funds to you.

May God bless you, please you can email me back so i can give you more information.

Best Regard,
Mark Paylor.

NB: CONTACT ME ON: ( mark_s_paylor@yahoo.co.uk )

This is the first 419 scammer I’ve seen that was using the tsunami disaster to scam people. He’s actually preying on two emotions: sympathy for tsunami victims and philanthropy. (Well, that and greed, but for greed, you get what’s coming to you.) Not only is this shameless, it really makes me wonder about the state of society where there is no sensibility, with anything being fair game for a quick buck. What’s next? A 9/11 disaster relief fund? It pisses me off that this guy is using the generally good human sympathies as a point of weakness. It’s hard enough to get people to feel sympathy or philanthropy for others, without people like this out there trying to make sure that people who do get burned.

Anyone want to scambait this guy?

Interestingly enough, someone decided to blog spam me again. This is interesting, because, as I’ve noted before, I have no traffic, which makes it pointless. However, what it did show me is that blog spamming technology is constantly evolving.

Who did the attack? It’s not really important, but here’s the cursory information on the domains spammed:

e-leave
Yukkii (yukkikunikkennen@yahoo.com)
3 Connell Dr.
Berkeley Heights
NY,07922
US
Tel. +1.9082342243

Inna Fridman (FHPAY) gazelhofman@yahoo.com
SilverStar
bolshaya nikitskaya 23
Moscow, RU 52333
Russian Federation
Phone: (095)2917979 x

Was it actually these people who did the spamming? It’s unclear. It might be random spam, or then again, it might be a “screw you” for my previous comments.

What’s interesting is the evolution of attacks. Previously, attacks had been simple: someone would post about their product, and that was that. Easy to track down.

What’s happening now is that random phrases are being used for message comments. Why is this different? It’s not as easily perceived to be a spam message, and it boost relevance ratings in Google. It *appears* to be a valid post, and hence, it seems to have additional credence.

Also, while before posts came from one IP, this one came from at least 28 different IPs. Not all of them reverse-mapped, but the following did:

psalliote.ens.fr
atlantis.eece.unm.edu
nmr500.unl.edu
debian.lhi.is
btcpx8.che.uni-bayreuth.de
trshare.triumf.ca
templa.lnk.telstra.net
194-106-154-19.customer.eircom.net
haruka.tail.gr.jp
mail.tcp-bv.nl
h.orsn-servers.net
www.pfungstadt.de
ns1.ruffdogs.com
h-67-102-112-87.snvacaid.covad.net
cpe.atm0-0-0-1761165.0x50a4c7da.boanxx4.customer.tele.dk
s005.nl.envida.net

A quick look at the countries of these IPs shows they came from Australia, Canada, Switzerland, Germany, Denmark, France, Indonesia, Ireland, Iceland, Italy, Japan, Malaysia, Netherlands, Russian Federation, Taiwan, and the United States. Since the attack seems to be from one perpetrator, but came from several different IPs spread across several different countries, I figure either a) they set up a coordinated attack as a group with others; b) they’re doing some rather broadband and impressive IP spoofing; or more likely, c) these computers have been hacked. The IPs listed above appear to be in many cases (if not all cases) UNIX machines. (If you’re the administrator of one of the above, you might want to do a security audit!)

So now, not only are hacked machines used to send spam. Now they’re used to post to web pages. Strange.

The attack on my blog was very minor. It left a lot of room for improvement, but I can see how it’s only a matter of time before that gets locked down. Interesting times. Considering how ineffective the war on spam has been, can the war on blog spam be any more successful? How long before blog spam is even considered an issue? Only time will tell, but considering the ineffectiveness of the war on spam, I’m not optimistic.

We’re standing on the brink of a new email revolution. As Google begins signing email with DomainKeys, we may be seeing the first steps of the first major overhaul of email technology in twenty years.

Techies have been following this news pretty closely. Direct marketers have been following the news very closely. Spammers have been following the news even closer. The question is, what is going to happen to email? I remember getting my first email account at college and thinking that it was just a strange electronic oddity to save the cost of postage. Nowadays, it’s quite difficult to find somebody without an email address. Everyone in my sphere of contact, even my mom, has an email address. That’s what makes this revolution so important.

Here is what the techies know that the common folk do not:

- Email is insecure. I mean, really insecure. The great majority of people send unencrypted email over unencrypted channels, sometimes with their passwords in plaintext for authentication. If you think email is private, you’re a fool.

- There is no identity validation. I can forge a message from anyone in the world, with nothing more than an email client. Hell, give me access to a telnet client and I can forge a message from anyone without a client. There is no user validation or trust that the person who sent you a message is actually the person who they say they are.

- Spam is an exponentially growing problem. Email inboxes are being assailed with spam in volume unlike any other point in email history. The signal to noise ratio is growing, and email is becoming an increasingly difficult way to get in contact with people.

- Countermeasures are sometimes inaccurate. The best filtering is only so good, and nothing is 100% accurate. We’ve built up an impressive set of technologies to help filter spam, but that technology has been flagging legitimate mail. ISPs have been blocking mail from dynamic IPs, at the expense of legitimate mail coming from them. Imagine if you were waiting for your college acceptance notice to arrive by email. Would you trust your filters not to lose that message?

- Technology is too confusing for the masses. We make strides every day, but the fact remains: if technology isn’t braindead simple to use, then it will be misused.

As such, there is a movement to refine email technology to address one or more of the above concerns. In terms of mail server validation, there are several different initiatives on the table. SPF is a first step, requiring mailers to have custom DNS records. DomainKeys is a “standard” created by Yahoo!, who curiously own the patent on the system. Sender ID is Microsoft’s answer, carrying with it Microsoft’s own flavor of DRM.

While the above three systems are the primary leaders in the field, they also illustrate the current problem: there is no clear winner here yet. Google’s support of DomainKeys notwithstanding, Yahoo! itself still has not implemented DK. Most companies shy away from Sender ID due to Microsoft’s influence and the fear of them embracing and extending right over their profit margins. As to SPF, though it costs basically nothing to implement, it’s not foolproof — perhaps a sixth of junk email may use SPF, which means that just because you support it doesn’t mean you’ll strip out spam. (It does help with accountability, though.) In all cases, whatever gets broad distribution is what will win in the end, as a hodgepodge of different standards will be too fragmented.

It’s also not as if other methods that don’t mess with standards haven’t been attempted in the past. GnuPG and PGP have been around for years providing email encryption and signed messages, but people in general have not been quick to adopt it. I remember creating a PGP key before, though I don’t remember ever sending it to anyone, nor getting anyone to actually set up PGP and use it.

Perhaps it’s as Meng Wong, lead SPF developer, says: “It’s true that changing standards is not easy. But not changing is even worse. There’s a war on — a war against spammers. We have to be quicker to react and quicker to adapt if we want to win it. If things go on, how many years until people just stop using email altogether? They’re not going to give us another twenty.”

We are probably on the brink of a complete email system redesign, in an effort to make email useful again. It should be interesting to see what things will make the cut, and how email will work in the future. One things for sure: if I can get less of those ink toner, diploma, cialis, and viagra messages, I’ll be quite happy.

I have a little blog. When I say little, I mean tiny. I mean, I post occasionally, and very rarely, and no one ever reads it. No one. It’s a lot like shouting down a bottomless pit sometimes, and that’s just the way I like it. Well, if occasionally someone would shout back, I guess that’d be okay too. However, when I hear that voice come out of the abyss, to echo back that I do in fact exist, I would hope it wouldn’t be telling me that zithromax is the answer. Welcome to the wonderful world of blog spam — it’s no longer just the venue of email!
(more…)