As I May Think...

Akela Talamasca wonders on the Second Life Insider blog why there is such a disparity between the number of Second Life "residents" and those who are logged in at any one time.  Certainly, when less than 1% of the total resident population is online, one must wonder if there is a problem with Second Life. While there are many possible explanations, one may be that Second Life, like every "metaverse," "virtual world," or MMORPG, suffers from the demotivating effects of network latency, packet loss, or general "lag." We've learned to use our networks for things that they aren't quite ready for yet...

Today, Chinese state media announced that the number of blogs in China went over 34 million during August. That's more than existed in the entire world until very recently... Of course, as is the case in most areas, the Chinese have found that about 70% of existing blogs are actually dead or dormant... The article claims that 17 million people in China consider themselves to be "Bloggers" and about 75 million regularly read blogs.

A slow stream of publications is revealing some of the inner workings of Google but there is much less documentation of Amazon and other GAYME sites. Now, a paper summarizing Peter Bodik's recent Master's Thesis, based on research at Ebates.com and Amazon, provides some insight into the challenges of operating large scale web services. Bodik's paper, Advanced Tools for Operators at Amazon.com, was presented at HotAC'06 in June but seems to have so far attracted surprisingly little attention in the Blogosphere. [Greg Linden of Findory and Robin Harris of StorageMojo have recently commented on the paper.]

Bodik and his co-authors identify the main challenges facing operators at Amazon:

• Failure propagation
• Lack of global dependency knowledge
• Overwhelming amounts of low-level information

While these challenges are similar to those faced by any system operator, traditional large scale system operators who "work in large corporate data centers, usually administering third-party software that doesn’t change very often." An enterprise environment usually has a much more stable base of software and operators than does a place like Amazon where "hundreds of software developers, working also as operators, administer rapidly changing software." Thus, while in a traditional environment, a small stable set of operators might build up enough experience to be able to understand and troubleshoot the running software, at a place like Amazon, both the software and those who are attempting to operate it are constantly in flux. In order to address these situation, a number of experimental tools have been developed and are described in these papers.

In a comment, Phil Aaronson correctly guesses that I was pleased to read in Google's Chubby paper that:

[Chubby's] ability to provide swift name updates without polling each name individually is so appealing that Chubby now provides name service for most of the company's systems.

As many know, I've often argued against the horrible waste that comes from polling for RSS and Atom syndication files. But feed syndication isn't the only application area where polling is overused. As Google demonstrates, polling simply doesn't scale for any system doing thousands or millions of DNS lookups per second. (Phil and I ran into many problems with overloading DNS servers while working on Web Traffic Analysis systems at Accrue Software...)

Seekers after the inner secrets of Google have  undoubtedly been frustrated by the fact that several of the papers describing Google's internals refer to a distributed lock management service (Chubby)  but provide little information on the lock service's design or implementation. For example, the recently released paper on BigTable refers frequently to Chubby but points to a paper by Mike Burrows to be presented at OSDI'06 in November -- still two months away! Well, sometime in the last few days, Google published a pre-print of Burrows' paper. For the inside story on Chubby, and thus more to the story of BigTable, the Google File System (GFS), etc. see the paper: The Chubby Lock Service for Loosely-Coupled Distributed Systems .

Is /. secretly inserting DRM codes into their email messages? Has Microsoft hidden email DRM code in Outlook? Read on to discover the truth!...

I subscribe to the daily email summary of Slashdot stories and have noticed lately that I can't "copy and paste" parts of the messages I receive. Often, I can "cut" or "copy" text from the top of the Slashdot email but I can't copy or cut text that appears later on in the message. On digging into this odd behavior, I've discovered that recent Slashdot messages are sprinkled with embedded digital codes that disable some copying functions in Outlook. The effect is DRM-like copy-protection!

"Playing with Alexa" today, I stumbled across a fairly striking case of cannibalization... Many may remember that on May 8, 2006 Gabe Rivera's popular Memeorandum site spun out it's technology section as TechMeme. It is well known that Techmeme has been successful in rapidly gaining a very respectable readership. But, what may not be as well known is that much of Techmeme's gain seems to have been at the direct cost of its parent --- Memeorandum. The "Alexa Rank" chart below tells the tale in graphic detail.

Microsoft is neither judge, jury, nor legislature. Yet, they seem confident that they have the power to define, by fiat, what is "fair use" in digital media. The MS Zune iPod killer will apparently encourage users to believe -- incorrectly -- that fair use permits "three free plays" of copied media files. Thus, just as the Zune makes it mechanically easier for people to illegally copy digital media files between devices, Microsoft will be inducing them to do more illegal copying by confusing them about what is and is not permited by the law. Of course, at the same time that the Zune will encouage and induce illegal copying, it will also tend to make perfectly legal copying more difficult -- if not impossible.

One may argue that our legislatures have been slow in addressing the copyright issues that arise from the spread of the Internet and other new media, however, it can't be acceptable for a corporation, impatient for the resolution of some issue of public policy, to further their business goals by simply taking on themselves the roles that we assign exclusively and properly to our nation's law makers.

Yet another study demonstrates that Diebold's voting machines are incompetently designed, easily hacked and a threat to voter confidence. This time, it is researchers at Princeton who did the work. On their site, they provide a detailed paper, a video, and other materials describing a problem that others, such as Bev Schultz have been railing about for years. Of course, in a Forbes article, Diebold's marketing manager objects to the study... Notably missing, however, is any proof by Diebold that *any* competent and independent study disputes the long string of reports and studies that have condemned Diebold's voting technology and corporate management. There is a stink about this company whose CEO once promised that he was "committed to helping Ohio deliver its electoral votes to the president [Bush] next year" even though one would expect the CEO of a voting machine company to work hard to maintain some appearance of impartiality in elections...

Although many have talked about possible responses to and defenses against the scourge of Phishing sites,  it wasn't until today that I actually saw a site begin to actively fight back. Sometime recently, Yahoo! made a small but terribly important change to their login screen which  I think will soon become widespread. Certainly every bank with an online site should copy Yahoo! instantly...

Successful phishing relies on the fact that phishers know that real web sites look like and can easily produce fake (phishing) sites that look just like the real thing. But, now you can customize your Yahoo! login screen so phishers can't possibly know what you think the Yahoo! login screen looks like. They can't know what it looks like because the real Yahoo! screen will display a "secret" shared  only between you and Yahoo!. This secret, which is  either a bit of text or an image, is something that you choose and then send to Yahoo! for display whenever you're logging in to the real Yahoo!. Once you've shared you secret with Yahoo!, then whenever you see a Yahoo! login screen that doesn't display the secret, you should be alerted that you may be on a phishing site.

I've put some example Yahoo! login screens in the right margin. At the top, you'll see what the new default login screen looks like at Yahoo! Below that, you'll see examples of the same screen modified to show either a text secret or an image secret.

I'm sure that others who follow events on the web more closely than I have will be able to say that they've seen this sort of thing before. Certainly, I'm aware that the technique has been discussed for quite some time and that there have been previous uses, but this is the first time I've actually seen it used on a production site that I use. Wonderful!

While there are many other things we can do in the battle against phishing and while this technique is known to have some weaknesses, I still hope we see use of this technique spread across the net like wildfire. Every bit helps.

bob wyman