Katrina Relief – Send Bits, not Atoms

Here’s the Bay Area Red Cross donation page for Hurricane Katrina relief funds. You might find it’s not responding, I tried it unsuccessfully several times today, finally got all the way through the process a little while ago. Hopefully that’s a sign that many other people are trying to donate online.

New Orleans is one of those places I always wanted to visit sometime but hadn’t gotten to yet. Looks like I won’t have that chance, at least not the way it was. The images and stories from the past couple of days look like outtakes from Escape From New York meets the Poseidon Adventure. Aside from the acres of flooded and shredded buildings, I find it astonishing that basic law and order has collapsed to the extent and duration that it has.

Terry Ebbert said looters have been breaking into stores all over town to steal guns. The Times-Picayune newspaper reported that the gun section at a new Wal-Mart was cleaned out. And the thieves are apparently using their new guns, with shots heard through the night.

There’s a wonderful human impulse to want to pitch in, to do something to make it better. There have been some posts on the web by techies offering to fly out and help. However, for most people, especially anyone reading about Katerina online, the best thing they can do for now is to send cash donations.

Not equipment, not supplies, and not themselves.

Donate online, and the bits that represent your goodwill will zip across instantly, turning into funds for supplies and help on the ground out there, right now, rather than the atoms of physical stuff somewhere else, arriving in a few days, that will need to be shipped and inventoried, creating overhead and taking precious time. If you go out there in person, and if you haven’t been called already, you’re probably going to be in the way.

In addition to the Red Cross, here some other choices:

Here’s FEMA’s list of disaster relief organizations.

“Cash donations are especially helpful to victims,” Brown said. “They allow volunteer agencies to issue cash vouchers to victims so they can meet their needs. Cash donations also allow agencies to avoid the labor-intensive need to store, sort, pack and distribute donated goods. Donated money prevents, too, the prohibitive cost of air or sea transportation that donated goods require.”

Here’s Glenn Reynold’s extensive list of organizations accepting donations.

21 Days = Average Critical Vunerability Half Life

I hadn’t stopped by the SDForum Security SIG in a while. A few notes from last Thursday’s meeting in Palo Alto:

Gerhard Eschelbeck, CTO at network security company Qualsys, gave a presentation on his analysis of aggregated vunerability data. Their company provides network vunerability scanning and monitoring services, and the 2004 data set used in his study includes over 14 million IP scans, both within corporate firewalls and on the public network. They turned up over 3 million exposed critical vunerabilities, or just over 20% of the scanned systems.

He’s publishing a monthly list of the top 10 internal and external vunerabilities, along with his report on the Laws of Vunerability.

In aggregate, exposure to new vunerabilities decreases exponentially, i.e. with a half life, as patches are deployed or services are disabled. The average half-life in 2004 was 21 days for a critical exploit, meaning that after 21 days, half the vunerable systems had been patched. The time between announcement of a vunerability and the onset of new exploits is coming down faster than the vunerability half-life. As an example, the Zotob patch was released on August 9th, and by the 12th the exploit was propagating in the wild (but the corresponding half life has also been quite short).

The well-known Microsoft patch release schedule, intended to help customers in the IT resource planning, has also become the production schedule for exploit writers, who set up shop with parallel systems, one with and one without the new patches, and rush their code into “production” as soon as possible to hit the vunerability window. IT managers are increasingly faced with bad choices between living with a known vunerability for longer, or rushing into production with an untested patch that may break other systems.

Gerhard’s laws of vunerability:

      1. Half-Life – The half-life of critical vulnerabilities is 21 days on external systems and 62 days on internal systems, and doubles with lowering degrees of severity
      2. Prevalence -50% of the most prevalent and critical vulnerabilities are replaced by new vulnerabilities on an annual basis
      3. Persistence – The lifespan of some vulnerabilities and worms is unlimited
      4. Exploitation – The vulnerability-to-exploit cycle is shrinking faster than the remediation cycle. 80% of worms and automated exploits are targeting the first two half-life periods of critical vulnerabilities

Before Gerhard’s talk, Ira Victor also presented some notes from DefCon:

  • Going mainstream – half non-tech hackers, people use real names instead of handles
  • Physical security getting a lot of attention – QuikSet and Master locks often cited as example of nearly useless locks. Medeco locks were considered good, hard to pick.
  • Hotel safes are often similar to kryptonite locks, cylindrical pen hack frequently works.
  • ATM vunerability talk by former NSA guy – old atm machines available on ebay -buy it now price = $200, leave atm machine somewhere and acquire card data and pins, then collect the machine and use the data. Defense – look for machines that are built in to a real bank building etc vs transportable ATMs.
  • IR hacking – hotel – billing, television, minibar, etc, all hotel traffic appears on the IR link, lots of discussion on Slashdot

Other miscellaneous stuff:
Adobe PDF reader update to 7.0.3 addresses a new critical exploit. New attack vectors appearing through content, rather than direct code. Historically content has been viewed as innocuous, with corresponding user behaviors.

Ira likes Kaspersky or Nod32; says that Symantec and McAfee don’t pick up as many malware packages.
Nod32 on desktop, has low cpu load vs other packages, recently hired many kaspersky staffers. Likes diversity in security vendors across network layers. Ira likes to put kaspersky on server side. Symantec Antivirus, Corporate Edition has local privilege escalation vunerability in past few days.

Google Purge – Destroying all Unindexed Information

Google Announces Plan To Destroy All Information It Can’t Index. (via Batelle’s Searchblog)

MOUNTAIN VIEW, CA—Executives at Google, the rapidly growing online-search company that promises to “organize the world’s information,” announced Monday the latest step in their expansion effort: a far-reaching plan to destroy all the information it is unable to index.

I haven’t looked at the Onion in a long time. Good fun…

More on Cingular and McAfee

IMG_4021 IMG_4025

A couple of days ago I wrote about the unsolicited SMS message I received on my Cingular Wireless cell phone, inviting me to download some antivirus software from McAfee. Unfortunately, the source of the message was unidentifyable, meaning that anyone willing to downloaded the binary package would be just as likely to have picked up malicious code as an antivirus package from Cingular.

Apparently it really is from Cingular. I’m happy that they’re trying to provide a useful service, but this is a case where they’re educating the customers to behave in a counterproductive way. There’s no mention on the Cingular site, because this is a beta program.

Darla Mack writes:

On August 25th a small number of Cingular subscribers(including some Pre-Merger subscribers) received text messages alerting them of a new service provided by McAfee. Apparently, some of these subscribers had been infected by the Commwarrior virus. As you know, the Commwarrior virus can be spread via Bluetooth and/or MMS ad only affects devices running the Symbian OS.

Cingular began notifying customers via sms and in an effort to minimize the spread of this infection, have teamed up with McAfee to provide free virus scanning and removal software. Cingular customers may download the software from here.

Now before you go cursing your service provider for not offering a service such as this, please note that McAfee mobile is in beta stage and their virus protection software is in fact available for the rest of us.

From a discussion thread on the topic:

This sounds like a SCAM. Download something from …wappush.net… I would not.

Cingular is more than large enough to push something from ..cingular.com, or maybe even mcafee.com but not some strange site. Suggest you not browse to any protected sites where you put in a pin/password, if you install this stuff.

I would expect better from Cingular, given all of the Spam, Virus Attacks, and other crap that we have to live with. Sending out an unsolicited text message is the most idiotic thing they could do. At least a bill insert (or message for you online types) warning you that it was coming would make more sense.

I’m curious now, how would you know that this message came from Cingular and not some hack?

Steve Litchfield points out that viruses on Symbian mobile phones isn’t quite the same issue as on desktop computers, with this pithy example:

“Install Cabir?” (or “Sexxy”, or whatever the heck today’s media-favourite virus is called)
with buttons marked ‘Yes’ and ‘No’.

At this point, if you still answer ‘Yes’, then you deserve everything you get! (As an aside, there are still at least two more questions to answer before the application is actually installed, giving you two more chances to back out)

I’m still not installing it.

Pandora launch, DRM, and media

Pandora officially launched this morning. It’s been over a week since I signed up for an account and I’m still using it. It’s specifically designed not to provide on-demand streams, but I’m getting the hang of steering Pandora into building playlists that have what I want, which is almost better than on-demand, since I don’t have to actually build the playlist myself.

What I really wish for is a sane way to make my personal digital media effectively (and legally) portable across my networked environment. Pandora will be providing $36/year streams of interesting-but-not-on-demand music, Rhapsody provides on-demand music subscriptions at $100/year, and iTunes Music Store provides downloadable purchases that may or may not work elsewhere on the network and won’t survive a computer transplant.

My general preference is to own the album. So I buy CDs, rip them onto the house server, then store the CD. This doesn’t work so well for iTMS. If I could get a reliable subscription service that provided the range of music that I’ve accumulated over the years and let me distribute content among the various client devices in our household, I’d be very interested.

With DRM and online distribution, I’m never sure I’m going to be able to put my music on some new device I get next year. Worse, I’m not even sure that the music I purchase will continue to work on the devices I already have. The short term future proofing is having a stack of physical CDs in a closet that can be re-ripped as needed. I also occasionally find myself looking to download a track that I have on vinyl LP that I haven’t ripped yet, since I’m generally unwilling to repurchase my entire collection on CD, (for those albums that are actually available in CD format). I’d be very happy for a subscription service that could effectively replace those albums.

Fred Wilson has a much nicer audio setup than most, and writes about his experience with iTunes and DRM.

We connected these servers to a multi-room audio system and we control them with a combination of crestron panels, java clients, and web browsers throughout our home

In the peer to peer world, with DRM working behind the scenes, we end up buying the music several times, and then can’t play it on every computer we own. That doesn’t make sense.

Peter Burrows wrote about his music purchasing experience with iTunes recently as well, and why he’s been using Rhapsody lately (reformatted computer, didn’t want to purchase music over again).

I had to wipe clean my PC and reinstall Windows upon my return (for totally unrelated reasons), but forgot to back-up my iTunes folder one last time before I did so. So when I got the PC back up and running and repopulated iTunes, I found that the album was no longer in my library. And since Apple only lets you download purchased music once, clicking on “Check for Purchased Music” didn’t do the trick, either.

…subscription services are another kind of user experience, that would appeal to many current customers and millions more.

At present, if you’re willing to live in an all-Apple or all-Microsoft universe, things can sort of work for now. I have a hard time accepting anyone’s DRM package as being the one true implementation, especially with some much interesting development going on around devices rather than desktops.

More on Pandora from Tom Conrad, TechCrunch, and my earlier post on Pandora.

For reference: Cory Doctorow’s talk on why DRM is broken (originally presented at Microsoft Research, June 17, 2004)

Sidewalk Chalk for Big Kids

IMG_4083 IMG_4080

This weekend was the Palo Alto Festival of the Arts.

Big Pile of Soccer Balls

Equipment pickup day Many soccer balls

Today was equipment pickup day for the Palo Alto girls AYSO soccer league. Big pile of soccer balls.

Phone phishing or Cingular security update? You Decide

IMG_4021 IMG_4025

This turned up on my cell phone a few minutes ago.

I have no idea whether this is really from Cingular or not, but I’m sure some trusting people will go ahead and click the link.

It’s unauthenticated, sent to my phone via WAP push, with no way to verify that the originator is Cingular, McAfee, or an affiliate. They want me to download a binary and run it on my phone. Just lovely.

I hate the fact that its just as likely to be from an attempted security exploit as it is from Cingular. There’s no obvious mention of this on the Cingular public site, customer service site, or a quick Google search on Cingular and McAfee. Unfortunately, Cingular, like the other wireless service providers, tends to be poor at communicating with subscribers, other than attempting to upsell and cross sell services, so your guess is as good as mine whether this is authentic.

To help protect your phone from the following viruses, Cingular & McAfee have partnered to provide McAfee Stinger Mobile phone-based software to detect and remove the following viruses from your Nokia Series 60 phone:

  • CommWarrior.A
  • CommWarrior.B
  • Drever.A
  • Locknut.B
  • Fontal.A

To download and use this software:

    1. You must first agree to this End User License Agreement
    2. Click here to download

I’ll take a pass for now.

Update 08-30-2005 17:06 – follow up post, apparently it really is from Cingular

Ojos – photo hosting with face and text recognition

Ojos is the working name for a startup that’s building a photo site with automatic tagging through face and text recognition. Here’s a sample photo of a Treo, annotated with the words their technology can recognize.

From Rob Hof on his blog at Business Week:

Munjal Shah, onetime cofounder of the auction services firm Andale, finally let slip on his new blog what he’s been working on since leaving last year. As he writes: “I am co-founding a company because I found I had 31,246 photos all named DSC0009.jpg.” In other words, his startup, tentatively named Ojos (Spanish for “eyes”), is creating a new way to search and organize photos.

Over at Munjal Shah‘s new blog, he elaborates further:

I think Flickr’s tag based system is just super (in fact I love it), but I wanted all of my photos on there, I wanted them all tagged, and I didn’t want to spend hundreds of hours doing it. So being the lazy engineers that we are, we thought maybe we can at least auto-tag some of the faces and names. Folks can fix mistakes we make but it will still be less than than tagging in the first place and in the end you will have a tagged library of photos.

Looks like they’re going to be applying face and/or scene similarity and text recognition to help organize the rapidly growing collections of digital photos being generated through the mass consumer adoption of digital cameras and online photo services such as Flickr.

I don’t think there’s room in the market for another freestanding web site, even one based on better face and text tagging. At the same time, the autotagging capability can’t be tested, demonstrated, or evolved without a live data set and community of users.

This feels like it should become or at least expose a web service at some point down the road. It could then be used with any photo hosting service or web site to reach a wider set of users than just one site. It might also help distribute the computational load of calculating the regions of interest, feature vectors, and resizing, by pushing the task out to the clients in many cases as part of the upload process. Computing resources continue to become cheaper and faster, but there are a few bandwidth bottlenecks along the way, so why not let the desktop chew on it a while and send up the precomputed metadata, along with the (possibly smaller) image.

Auto tagging, combined with a community of users that helps “clean up” the relevancy of the applied tags, might also work well for labeling photos of celebrities and well known places.

I’ve wished for something like this a few times in the past, so I’m hopeful that this team will come up with a useful service and look forward to trying it out when they make something available.

Update 08-28-2005 23:28 – Posted some additional comments at Munjal’s site. Briefly – I think it’s becoming interesting to do image content-based retrieval in conjunction with tagging and other user behavior. I should write up some notes on group search and tagging.

Barcamp – The Video

Dorrian Porter has assembled a wonderful video (55MB .mov) capturing the feel of the past weekend at Barcamp, hosted by Laughing Squid . A great job of compressing the idea of the weekend into under 4 minutes, using commodity video and computing tools. It’s still beyond the casual consumer, but this level of production would have been remarkable (and expensive) even a few years ago.

Dorrian’s post discussing the selection and use of the Creative Commons-licensed music (in this case, “One Big Holiday” by My Morning Jacket) is also interesting.

Now, I am a lawyer and I have to say that it wasn’t as easy as the good folks at creative commons made it out to be to figure out my rights.

I am most hopeful that I am living up to at least the spirit of the license. The point is that as video comes scorching to the web, folks with no intention of commercializing their videos need better ways to insert a little jazz singing now and then. I want to encourage music artists to adopt creative commons type licenses that allow for easy access to and use of great tunes for non-commercial films. You will keep your copyright, but you will make this new age of media and distribution a little more fun.

It would be interesting if this particular batch of CC-licensed music helps get some visibility for My Morning Jacket. I’d never heard of them, and never got around to listening through the CD from the Wired issue that it came in, but thanks to their CC-licensing, now I have.

I’m still not sure how this turns into a sustainable economic model for My Morning Jacket, or for CC-licensed content publishers in the end, but part of the premise has to be that the content producer will benefit by wider exposure and finding an audience. I’d like this model to work, so I’m going out of my way to point to these guys. If you like the music, here’s their concert schedule. They’re playing in the Bay Area at the Fillmore on November 11 and 12.

See also: Notes from Barcamp


I’ve spent a few days now playing with the prerelease “friends and family” version of Pandora, the “music discovery service” demoed by Tom Conrad at Barcamp last weekend.

Some quirks, but overall really good, and easy to get going. Unlike some other services, I’ve been running it most of the time I’ve been at my desk for the past few days.

My personal taste in music is simultaneously eclectic and encyclopedic in some areas, yet with odd gaps. Using Pandora, I’ve been able to think of one or two songs, albums, or artists that’s representative of what I want to hear, and it will come up with a fairly decent playlist of similar tunes.

Although I’m finding that I could have theoretically constructed the playlists by hand, it’s really easy to try dialing in a tune or two until Pandora starts queuing up something like what I had in mind. The music discovery part seems to work reasonably well too, it’s turned up a couple of new artists for me to check out later.

On the Pandora blog, there’s a post with assorted user feedback, feature wish list, etc. Here’s some of what I’d like to see:


  • Playlist history (maybe with timestamps, like some of the radio stations provide), so I can go back and see what was playing a while ago.
  • Playlist lookahead (so I can see what Pandora is queuing, to help decide if I want to skip ahead)
  • Some mechanism for requeuing a past song in the future. I understand that at the moment, Pandora can’t provide a “backwards” function in the playlist, in order to avoid becoming an audio-on-demand service. On the other hand, having a method for indicating “I really liked this song and would like to hear it again” (or “I stepped away and mostly missed this song”) could be useful for the playlist queuing function. This may be handled by the “Guide Us” input form, not sure.
  • Music parameter template – since Pandora is building the playlist based on similarity to the starting tunes, I’d like to be able to see how it’s characterized the starting point.
  • Control over the parameter variation over time — I’ve let Pandora run for several hours at a time, and at times I’d like it to have wider variation over some aspect than others. For example, vary tempos gradually over several songs, but leave instrumentation and vocals more similar. Or vary instrumentation, but leave the tempo, echo, and bass / drums similar.
  • Some kind of clustering of characteristics for a given artist or album might be helpful. I get the impression that if you start with an album or artist, the starting “genome” is an average or perhaps a median of the entire collection. I get reasonable songs for a while if I enter something like “U2″ or “Lou Reed”, or “Lenny Kravitz”, but if I start off a channel with a specific song I will get very different results (as expected), but which never turn up otherwise (not entirely expected, since these all span a wide range of “sounds”).
  • Similarly, I might never want some combinations of characteristics to turn up on a given channel. So a way to specify the ranges or variances for a given “genome” parameter on a given channel would be handy.
  • A “time period” selector or bias might be helpful. This might not work well since there’s a lot of re-released material.
  • A progress bar and track info would be nice. Duration, artist, release info, link to iTunes, Amazon, etc
  • A way to stream the Pandora audio into devices on the local network, i.e. Roku and similar network players
  • A way to queue local audio data into the Pandora playlist, since I may have selections unavailable to Pandora
  • A community track rating function and/or message board, for promoting interesting discoveries among site users, and perhaps as data for improving the playlist generating function
  • Maybe a blacklisting function? Since the playlist is selected automatically by similarity, there can be interesting juxtapositions from a human listener’s point of view. I like that, but it might not work for everyone.

More data points:

  • A sample channel built using “Steely Dan” comes up with a reasonable start, but repeats tracks fairly regularly within an hour or so
  • A sample channel built using “Pat Metheny Group” is also reasonable, but repeats within an hour or so rather than moving to other albums.

These last points are easily fixed by using the “Guide Us” input form to select some additional starting points, but the playlist queuing function could probably use more latitude. I know the tracks are in the system, because I can use them as starting points as well, I just can’t get from “here” to “there” yet.

In addition to building playlists of music I know reasonably well, Pandora is turning out to be quite good at turning out electronica, techno, and club mixes, where I can throw in a couple of starting tracks and get back similar ones. I’ve already turned up a few tracks that I have heard, but didn’t know the artist or title. Since there’s often no artist, or the track is actually a DJ remix, Pandora provides a great way to find things. As a sample: starting with Gus Gus, Dirty Vegas, and Chemical Brothers turns up lots of similar, but different tracks.

Other early reviewers have mentioned Last.fm and Audioscrobbler. I ‘ve poked at these a little bit, but they’re geared more toward the social end and seem to require more upfront investment of effort. I think Pandora could ultimately benefit from the social functions, but it takes nearly zero time and effort to put together a very listenable channel or two. I’d probably find last.fm easier to use with something like Pandora spliced in as a selection filter, in addition to or instead of the user tags there.

Pandora is still in limited trial mode, but apparently I can invite 25 people from my trial account. Let me know if you’re interested!

If you’ve read this far, you should definitely check it out…

Update 08-26-2005 13:56 – In an e-mail to the prelaunch users, Pandora founder Tim Westergren announced that the service will be launched to the public next week. $36 for a full year of service, new users get a “short period” free, plus some changes based on user feedback. More at TechCrunch.

Update 11-10-2005 11:55 – Pandora is now free

Notes from Barcamp

I spent the whole day this past Saturday at Barcamp, arriving at 10am and not making it all the way out the door until almost 1:30am. I didn’t know any of the organizers beforehand, so it was nice to be met by someone (who turned out to be Andy Smith) keeping an eye out for new arrivals.

I’ve been working with so many either geographically dispersed or very buttoned down corporate teams lately that it’s been a long time since I’d spent this much time in non-stop, face-to-face, somewhat random yet unpredictably creative conversations with a bunch of just-do-it tech hackers. Spent the entire time there going from one interesting presentation to another, with several interesting discussions thrown in along the way.

IMG_3927 The Scheduling Wall

All the talks were informal and held in very close quarters, scheduled by signing up on the scheduling wall. In many ways, the strength and weakness of the Barcamp presentations was the short lead time for the event and the relative intimacy of the discussion spaces. This format put an emphasis on less structured presentations, by people who were comfortable enough with their topic that the slides weren’t the primary content. At the same time, having everyone literally elbow-to-elbow, sitting on the floor, an armslength or two away from the speakers, tends to eliminate random anonymous verbal potshots, and encourages actual conversational questions. Some of the presentations rapidly turned into something like topical roundtable discussions, which would have been hard to set up as such. (The Industry Darlings talk is a good example.)

Among my notes:

  • Tom Conrad’s demo of the Pandora (formerly Savage Beast) music discovery and streaming service, which is based on the Music Genome Project. I’ve signed up for a trial account, which I’m listening to right now. It’s coming up with pretty good selections so far. More on this at TechCrunch. Looks like Scoble likes it too.
  • Chris Messina gave a demo of the Flock browser, which extends the Mozilla platform to provide a lot of blogger- and social-software-friendly hooks. (review by Roland Tanglao here)
  • Demo of Mobido, by Mike Prince. It’s a social photo sharing service for mobile camera phones, as well as e-mailed images. Among other things, it’s could be used for people to other people who attended an event during or after the fact if they’re using the service. The service also includes provisions for anonymizing contact info.
  • Demo of a personal phone management system (forgot the name) by Brad Templeton. The general idea is to allow people to advertise their availability for making or receiving calls, and having the system set up calls when both parties are actually available, rather than having them play phone tag. The system is built on Asterisk, and uses Caller ID to invoke its rules, which may have some future problems based on…
  • Jake Appelbaum’s demo of phone insecurity and other security hacking, in which he walked us through the social engineering and general weaknesses in most cell phone systems, Paris Hilton’s Sidekick, and US airline security, and also demonstrated the Asterisk hack for Caller ID spoofing, which makes your calls appear to come from anyone you choose.
  • Nicholas Chim demoed The Personal Bee, an aggregator for building your own version of something like Google News. It appears to scan a collection of feeds to assign weights to “interesting” keywords, which it uses to build the page. More on this at TechCrunch.
  • Riana Pfeffercorn’s on buying and writing ads for search engine, and Google Adsense specifically, with a few bonus tips on Yahoo Paid Inclusion by Beau Lebens
  • Caught pieces of discussions on making AJAX-y applications faster, KaPing Yee’s presentation on improving web security (anti-phishing), a discussion on how to visualize the effects of social behavior to help save the world (resource consumption)
  • Other conversations with Bill Lazar, Ross Mayfield, Kevin Burton, Brendon Wilson, Rashmi Sinha, Wolfgang Zeglovitz, and many others.
  • Ran into a couple of other Koreans there: Eugene Eric Kim, and Min Jung Kim. Pleased to meet you.

Although there’s a constant background question of “how do you make money doing this”, the basic feel of the weekend was about sharing interesting ideas and work in progress with other people interested in making something new and better. These days, that attitude may be a bit old school, but it could be the cure for what ails Silicon Valley. And there’s apparently interest in organizing similar events elsewhere.

Lots of appreciation goes to Andy, Chris, Eris, Ryan, Ross, and all the Barcamp organizers, sponsors, and other contributors!

Update 08-27-2005 00:05 – Barcamp – The Video

Big tank, skinny wallet


It’s been a month or so since I filled up the tank, and we seem to be on our way toward European gas prices. A completely dry tank is a little more than 24 gallons, so the price of gasoline will have to hit $4.17 or so before cracking the $100 mark for a full tank. This week’s price at the local Arco is $2.92, so there’s still another 43% increase before that happens.

Our household is relatively insensitive to the changes in fuel prices, since we drive so little, but people who commute from places like Pleasanton, Modesto, or Los Banos into the Bay Area have got to be feeling like there’s a hole in their wallet.

On the positive side, if fuel prices stay high, it’s going to help alternative transportation and energy systems become economically viable.

See also: $62.25 to fill the tank

Back To School 2005


This week is the start of the Palo Alto school year. It’s earlier than usual this year, which makes for an abrupt transition from summer mode into school schedules. I always enjoy seeing how much the kids have grown over the summer, the flag ceremony, and the parents’ welcome coffee.






Barcamp 2005
I had an excellent weekend at Barcamp. I’ll write a proper summary later, but wanted to say congratulations and thanks to the organizers, sponsors, and volunteers for putting together an outstanding, fun, and friendly event.

Flickr photos for barcamp or barcamp05

Update 08-26-2005 23:56 – My notes from Barcamp, and a pointer to Dorian Porter’s excellent video.

BBS05 – San Francisco

BBS05 San Francisco

The main sessions on Thursday and Friday were in the larger hall downstairs at the Palace Hotel. This event was pitched as a “Business” blogging event, and the audience seemed to be predominantly PR, marketing, and advertising folks. The general mind set was something like “what exactly is this blog stuff and what do I need to do about it?” In a show of hands, a significant fraction (more than half?) of the attendees were not blogging, either for their business or personally, but more than half were occasionally reading blogs.

A lot of business (and human) behavior can be attributed to a combination of fear and greed. In this case, some of the “fear” would be:

  • Losing control or being blindsided by negative PR. The Kryptonite bike lock hack was frequently cited in discussions.
  • Legal exposure if my employees are blogging, or PR exposure if negative comments or hate speech left by comments.

On the “greed” front:

  • Blogging is new, and could become a competitive advantage (or disadvantage, if the competition is doing it) for existing products and services. Ford vs GM was cited several times, also Clip and Seal.
  • Opportunities to recruit new customers, influence consumers through more authentic word-of-mouth vs mass advertising.

Assuming that this crowd is representative of the interest and awareness of businesses, there’s a long way to go in educating companies about the changing opportunity, risks, and characteristics of blogs and syndicated web publishing. There’s also an usability / explainability issue for the software and services vendors. I’m not fond of Microsoft’s “Web Feeds” push, but it’s representative of the sort of changes that will be needed to get out of technology-focused discussions and into conversation about potential business value among the mainstream, vs early-adopter market.

Other stuff:
Wordpress demo and announcement of wordpress.com (hosted WordPress, like TypePad)
Movable Type 3.2 demo and release

The wireless service on Thursday was extremely unstable, probably due to the large number of users. On Friday, the Anchorfree team turned off the RADIUS authentication which seemed to improve the availability of the connection.

Lastly, Microsoft came up with some nice Ogio messenger bags. One of my old bags just bit the dust a couple of weeks ago, and I’d just started looking for one, so I think I’ll give this one a try for a while.

See also: BBS05 – Wednesday

The Inevitability of Blog Outsourcing

The blog outsourcing topic has rolled along while I’ve been spending the day at the Blog Business Summit, listening to discussions on commercializing blogs. There’s now a post about it (Outsourcing bloggers in China) at CNET, which turned up a few other skeptics, and it’s looking like the Blogoriented guys are probably a hoax.

Despite that, I also think it’s inevitable that we’ll see at least a couple of real projects along these lines within a year, not aimed at simulating teenaged girls, but rather at building blog networks, filled and buzzed by creating inexpensive original content and editing search feeds that target specific niches.

David Sifry at Technorati has a good summary on the growing problems of spam blogs and fake blogs, and all the search engines are likely to make progress against what are essentially the next generation of link farms. Unfortunately, as discussed in this afternoon’s sessions on web advertising and affiliate models, if you can get traffic, there’s potential for a lot of money to be made by simple manipulations of the system, at least until the search engines improve. Content picked up by the blog search engines gets indexed immediately, leaving a way around some of the the sandboxing and other mechanisms used by Google and others, and makes profitable links visible immediately.

It’s cheap and apparently effective to implement spam and fake blogs. I’ve noticed the volume of junk e-mail is decreasing, while the number of spam blogs in search results seems to be increasing. It’s going to take cooperation among multiple parties to fix this, but everyone recognizes this as a problem, so it’s going to get better. (Here’s Mark Cuban’s take.)

I think that a follow on issue is that genuinely “original” content, in the “first author” sense, rather than in the “new idea” sense, can be probably be reliably cranked out through a well defined process. Think of something like an Indian call center or coding shop crossed with a daily news bureau, supervised by an editor who picked topics with some guidance from Wordtracker, Google and others. You’d get low cost, original writing, around an editorially consistent, topically relevant set of themes, and perhaps even with some interesting domain expertise, all tuned to be informative and keyworded to be search engine friendly.

Many of the same processes used at Wipro, Infosys, and other software and BPO outsourcers could be adapted to this application. Why cheat the search engine rankings when you can just reduce the cost of production and actually receive ranking benefit when the search engines get better at filtering for contextually better results and get rid of the “really fake” blogs? The Weblogs Inc blog network model seems to be working so far – Jason Calcanis says they’ve just hit a $1M annual ad revenue rate. Reducing the content production costs can’t hurt. I’m sure they could apply some of these ideas, if they haven’t already, and if they don’t, some other new blog network will certainly try.

This approach to farming out the process-oriented writing tasks should apply equally to a number of periodicals, such as magazines and newspapers. The difference between the news content in many newspapers is already often just the local editor’s preferences on the AP or Reuters newsfeeds and what fit in between the committed ad inches.

I don’t think this sort of blog or content outsourcing would be “bad” or “evil” in the sense of creating lower quality content, at least in some topic domains, since a pool of skilled professionals already exists offshore, and is growing rapidly. If you got a good editor in place, it might even improve the overall quality of online content. It’s not misrepresentation, unless you tried to pass off your authors as being something they’re not. But I wouldn’t even bother with attempting the nuances of local US culture with a staff of offshore bloggers, despite the availability of cultural indoctrination programs they run call center trainees through. That would work about as well having US bloggers cover cricket or Bollywood gossip or Korean K-pop singers for their respective local audiences.

This seems to leave American pop culture as a secure niche for a while. Unfortunately, I’m incredibly bad at celebrity gossip. Although, now that I think about it, I did meet Cher once at her house in Malibu…

Putting on my evil genius hat, here’s a hypothetical approach for building an astroturfing blog empire, filled with posts from simulated teenaged (18-35) girls. Start by extracting common phrases, topics, and contexts from some LiveJournal and MySpace blogs. Next, build some auto-blogging agents resembling Weisenbaum’s Eliza program crossed with some modern chatterbots. Finally, set it loose on LiveJournal, Xanga, and MySpace and have it start forming its own blogrings and online cliques, responding to filtered inputs from comments, selected feeds, and topical news, biased for the current hot keywords and with statistically plausible content and linkage…any Emacs Lisp and SQL hackers want to take this on?

See also: Outsource your Blog, Reasons I Still Read Newspapers

Update 08-19-2005 12:32 – some discussion at My Heart’s in Accra

Update 08-27-2005 00:10 – See also Goofy algorithm generates web page about “Prostitute Phobia” (at BoingBoing), which comments on this site, which is one of a collection of automatically generated pages.

Google Search Result Page Changes?

google alternate search results page

Google seems to be trying out some alternate layouts for the search results pages. This morning, I got one page with just a small Google logo next to the text box, which keeps more results on the screen, and a couple of pages with a larger box of text ads at the top, which was bad, because it pushed the useful results down the page.

I hope they keep the small logo, without the big text ads at the top. The text ads at the top would probably generate some incremental revenue for Google, but hurts the usability. For me, this is partially because I’ve gotten used to Google’s page layout, so I can’t scan the results page as quickly.

BBS05 – Wednesday

blog business summit 2005 blog business summit 2005

The Blog Business Summit is actually on Thursday and Friday, but this afternoon there was an introductory session on blogging for business, led by Dave Taylor.

I’m not in the core target audience for this session, since I’m already involved in various blogging projects, but thought it would be interesting to talk with people and to hear their questions, concerns, and goals with respect to blogging.

It’s also useful to hear someone else try to explain blogs, RSS, web services, et al. I regularly find myself searching for a common starting context when talking about these topics with people who aren’t already somewhat involved in internet and web culture, especially if they’re from non-technology businesses. It’s remarkable that the tools have become as widespread as they are, given the impenetrable names.

I made good use of the free wireless service provided by AnchorFree. They’re running a captive portal that requires registration, so you’ll need to sign up for an account, but it’s nice to have. My notebook picked up three access points, all at high signal strength, probably installed in the room somewhere. Logged the location in Plazes.

Wirleess performance was okay to sluggish, I’m sure it’s a bit overloaded; something like half the people in the room had notebook computers. My session got dropped a few times, which reset my SSH sessions and required logging in on AnchorFree again using the browser. Lots of continuous partial attention going on in that room. Plus a few fully distracted people trying to get their wireless connections going. Perhaps they should hire those blog outsourcing guys.

This post is tagged (bbs05). Dave mentioned in his talk that he doesn’t like them, and thinks they’ll go away as search engines improve. I partially agree. User tags don’t scale well and in their present incarnation are highly vunerable to spam, but within relatively small communities, they can be an effective supplement to normal search engines. (Example – I could tag a collection of poetry as “haiku”, or “cinquain”, making it visible where the raw text might otherwise be difficult to locate through search.)

The coffee largely ran out after the break, hopefully they’ll have a larger supply tomorrow.

VC Comic Strip


VC Comics (via Texas Venture Capital Blog)

Page 1 of 212