The future of personal computing

Posted on by

According to Nicholas Carr, it’s captured in a single simple equation: Google plus Apple.

The future of personal computing was divulged by Mr. Eric Schmidt, the chief executive officer of Google, on March 23 of this year during an interview with Wired’s Fred Vogelstein. Vogelstein asked Schmidt why he had recently joined Apple’s board of directors, and Schmidt responded:

“Google’s architectural model around broadband and services and so forth plays very well to the powerful devices and services Apple is doing. We’re a perfect back end to the problems that they’re trying to solve. And they have very good judgment on user interface and people. They don’t have this supercomputer I’m talking about, which is the data centers.”

At this very moment, in a building somewhere in Silicon Valley, I guarantee you that a team of engineers from Google and Apple are designing a set of devices that, hooked up as terminals to Google’s “supercomputer,” will define how we use computers in the future. You can see various threads of this system today – in Apple’s iPhone and iPod Touch, its dot-mac service, its iLife and iWork applications as well as in Google’s Apps suite and advertising system, not to mention its vast data-center network. What this team is doing right now is weaving all those threads together into what will be, for most of us, the fabric of cloud computing. (This is so big, you need at least two metaphors to describe it.)

Damn. I’m going to have to get an iPhone…

In millions of Windows, the perfect Storm is gathering | Business | The Observer

Posted on by

This morning’s Observer column

Storm has been spreading steadily since last January, gradually constructing a huge botnet. It affects only computers running Microsoft Windows, but that means that more than 90 per cent of the world’s PCs are vulnerable. Nobody knows how big the Storm botnet has become, but reputable security professionals cite estimates of between one million and 50 million computers worldwide. To date, the botnet has been used only intermittently, which is disquieting: what it means is that someone, somewhere, is quietly building a doomsday machine that can be rented out to the highest bidder, or used for purposes that we cannot yet predict…

TrueGrain

Posted on by

This is interesting to anyone who — like me — muses on the aesthetic differences between digital and analogue photography.

TrueGrain is a creative tool for accurately recapturing the aesthetics of black and white film with digital imagery.

TrueGrain takes the form of a stand-alone image processing utility that imposes the physical characteristics of a real-world film stock onto a digital image. The synthesis is done through measured and sampled data gathered from the actual film and development process being reproduced…

Here’s the workflow:

1. Prepare a color digital photograph as a TIF file

2. Load the TIF file into TrueGrain

3. Choose a film stock

4. Save the resulting image

It’s ingenious, but expensive. A single licence costs $300. Having just taken delivery of a batch of chemicals for processing some recent films, I’ll stick with chemistry for the time being.

There’s a nice irony in using sophisticated digital processing techniques to create an analogue effect!

Many thanks to Boyd Harris for spotting it.

Halloween mania

Posted on by

I detest Halloween. Here are two reasons why.

Seen in a local Tesco store. Er, shouldn’t that read “this store has agreed to…”?

A newspaper ad.

Of course none of this will stop Tesco commercialising it.

Neat work, AP

Posted on by

Associated Press have done a really neat piece of detective work to investigate rumours of dirty tricks by Comcast, a US ISP.

NEW YORK (AP) – To test claims by users that Comcast Corp. was blocking some forms of file-sharing traffic, The Associated Press went to the Bible.

An AP reporter attempted to download, using file-sharing program BitTorrent, a copy of the King James Bible from two computers in the Philadelphia and San Francisco areas, both of which were connected to the Internet through Comcast cable modems.

We picked the Bible for the test because it’s not protected by copyright and the file is a convenient size.

In two out of three tries, the transfer was blocked. In the third, the transfer started only after a 10-minute delay. When we tried to upload files that were in demand by a wider number of BitTorrent users, those connections were also blocked.

Not all Comcast-connected computers appear to be affected, however. In a test with a third Comcast-connected computer in the Boston area, we were unable to test with the Bible, apparently due to an unrelated error. When we attempted to upload a more widely disseminated file, there was no evidence of blocking.

The Bible test was conducted with three other Internet connections. One was provided by Time Warner Inc.’s Time Warner Cable, and the other came from Cablevision Systems Corp. The third was the business-class connection to the AP’s headquarters, provided by AT&T Inc. and Cogent Communications Group Inc.

No signs of interference with file-sharing were detected in those tests.

Further analysis of the transfer attempt from the Comcast-connected computer in the San Francisco area revealed that the failure was due to ”reset” packets that the two computers received, carrying the return address of the other computer.

Those packets tell the receiving computer to stop communicating with the sender. However, the traffic analyzer software running on each computer showed that neither computer actually sent the packets. That means they originated somewhere in between, with faked return addresses…

It seems that Comcast uses Sandvine traffic-shaping hardware to limit the effectiveness of BitTorrent seeding. The goal is to manage BitTorrent traffic without tipping off mainstream users that it’s being done. This source cites Robb Topolski’s explanation of how it’s achieved:

“The Sandvine application reads packets that are traversing the network boundary. If the application senses that outbound P2P traffic is higher than a threshold determined by Comcast, Sandvine begins to interrupt P2P protocol sequences that would initiate a new transfer from within the Comcast network to a peer outside of the Comcast network. The interruption is accomplished by sending a perfectly forged TCP packet (correct peer, port, and sequence numbering) with the RST (reset) flag set. This packet is obeyed by the network stack or operating system which drops the connection.”

I love the idea of using the Bible as the test file. Reminds me of Larry Lessig’s report of coming into his office in Stanford one morning to find the network police waiting for him, grimly announcing that it had been discovered that he had P2P software installed on his computer. Larry explained that he used P2P as a way of distributing his own publications — intellectual property that he owned. The idea that there might be legitimate uses for P2P had clearly never occurred to the management.

And that’s in Stanford!

Later: Ed Felten has also commented on Comcast’s traffic shaping practices.

“Hi darling, I’m on the plane”

Posted on by

Oh no. BBC NEWS | Technology | Mobile phone use backed on planes

Passengers could soon be using their mobile phones on planes flying through European airspace.

Plans have been developed across EU countries to introduce technology which permits mobile calls without risk of interference with aircraft systems.

Regulators around Europe are calling for consultation on the potential introduction of the technology.

If given the go ahead, the service would allow calls to be made when a plane is more than 3,000 metres high.

Individual airlines would need to decide if they wanted to introduce the technology, if the green light is given by national regulators.

Bah!

Bogus email ‘agreements’

Posted on by

I’m perpetually irritated by the ludicrous legalese that organisations force employees to tag onto the end of email messages. Here’s a typical example:

This e-mail and all attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender and delete the e-mail and all attachments immediately. Do not disclose the contents to another person. You may not use the information for any purpose, or store, or copy, it in any way.

Up to now, my standard reaction has been to mutter “Oh Yeah! You and whose army?” But I’ve just noticed that Cory Doctorow, Whom God Preserve, has had a better idea. He has decided that ridicule is the best defence against this nonsense. His boilerplate legalese reads:

READ CAREFULLY. By reading this email, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies (“BOGUS AGREEMENTS”) that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

I’m going to add this to my email signature options so that anyone who signs off with legalese will have the compliment returned, in spades.

Later: Hmmm… I’ve obviously touched a chord here. Lovely email from James Cridland pointing me to his personal legalese:

Terms and conditions of receipt of email

These terms and conditions apply to emails sent to the above email addresses or any containing ‘james’ before the @ sign and ‘cridland.net’ after the @ sign. Unsolicited email is herein defined as email which is not the result of demonstrable prior contact using or quoting such an address. No guarantee of confidentiality is given, or honoured, on receipt of unsolicited email, irrespective of any terms and conditions block contained therein. It is illegal to send EU citizens unsolicited commercial email without the users’ explicit (opt-in) permission, according to The Directive on Privacy and Electronic Communications (2002/58/EC). This site owner reports all such mail direct to your ISP.

That’s the stuff! I feel better already.

The Storm ‘worm’

Posted on by

Bruce Schneier has a sobering briefing on what he calls “the future of malware”.

Although it’s most commonly called a worm, Storm is really more: a worm, a Trojan horse and a bot all rolled into one. It’s also the most successful example we have of a new breed of worm, and I’ve seen estimates that between 1 million and 50 million computers have been infected worldwide.

Old-style worms — Sasser, Slammer, Nimda — were written by hackers looking for fame. They spread as quickly as possible (Slammer infected 75,000 computers in 10 minutes) and garnered a lot of notice in the process. The onslaught made it easier for security experts to detect the attack, but required a quick response by antivirus companies, sysadmins, and users hoping to contain it. Think of this type of worm as an infectious disease that shows immediate symptoms.

Worms like Storm are written by hackers looking for profit, and they’re different. These worms spread more subtly, without making noise. Symptoms don’t appear immediately, and an infected computer can sit dormant for a long time. If it were a disease, it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will eventually come back years later and eat your brain.

Storm represents the future of malware. Let’s look at its behavior:

1. Storm is patient. A worm that attacks all the time is much easier to detect; a worm that attacks and then shuts off for a while hides much more easily.

2. Storm is designed like an ant colony, with separation of duties. Only a small fraction of infected hosts spread the worm. A much smaller fraction are C2: command-and-control servers. The rest stand by to receive orders. By only allowing a small number of hosts to propagate the virus and act as command-and-control servers, Storm is resilient against attack. Even if those hosts shut down, the network remains largely intact, and other hosts can take over those duties.

3. Storm doesn’t cause any damage, or noticeable performance impact, to the hosts. Like a parasite, it needs its host to be intact and healthy for its own survival. This makes it harder to detect, because users and network administrators won’t notice any abnormal behavior most of the time.

4. Rather than having all hosts communicate to a central server or set of servers, Storm uses a peer-to-peer network for C2. This makes the Storm botnet much harder to disable. The most common way to disable a botnet is to shut down the centralized control point. Storm doesn’t have a centralized control point, and thus can’t be shut down that way…

There’s more, and none of it is pretty.

Not that we really have any idea how to mess with Storm. Storm has been around for almost a year, and the antivirus companies are pretty much powerless to do anything about it. Inoculating infected machines individually is simply not going to work, and I can’t imagine forcing ISPs to quarantine infected hosts. A quarantine wouldn’t work in any case: Storm’s creators could easily design another worm — and we know that users can’t keep themselves from clicking on enticing attachments and links.

Redesigning the Microsoft Windows operating system would work, but that’s ridiculous to even suggest. Creating a counterworm would make a great piece of fiction, but it’s a really bad idea in real life. We simply don’t know how to stop Storm, except to find the people controlling it and arrest them.

This is the other side of the end-to-end coin.

The looming Google threat

Posted on by

Microsoft used to be the big threat, but it’s fading as the importance of the platform erodes. I’ve been saying for years that Google will be an even bigger public-policy problem than Microsoft ever was. Jeff Jarvis seems to agree and explains why:

Consumers, as we used to be called, won’t support media and journalism with their money. Advertising will. We will become entirely dependent on advertising. And what happens when Google controls the majority of online ad revenue in this country? They’re headed there, for as a TechCrunch commenter points out, Google’s online ad revenue and share of revenue are growing faster than online advertising as a whole.

On the one hand, we should be grateful to Google for enabling the support of much new media. On the other hand, we should fear teh the vice in which Google holds our privates. That’s where media power is consolidating — not in old conglomerates (some of which now depend for a good bit of revenue on who? — on Google.)

I’m not blaming Google for getting to this point. Big, old media handed them this opportunity on a platter. Google was the one company that truly understood the economics of the open network. It understood that it could grow much bigger enabling than controlling. We in media should have followed that model. We should have asked WWGD. What would Google do?

So what do we do now? We need new networks that identify and create new marketplaces for new value — greater value than the coincidence of words on a page, which Google sells. We need to create our own high-value networks (e.g., hyperlocal news). We need open networks that compete with the closed aspects of Google; openness is water to the witch of an opaque network like Google’s.