Lonely hill: Apple’s stand on encryption

Rich Mogull of Securosis writing in TidBITS: Why Apple Defends Encryption. Great article summarizing the forces that drive Apple’s defense of encryption and resistance to introduction of a back door (briefly: their business model does not rely on compromising privacy, they understand that there is no such thing as a back door that cannot also be used by attackers, and it may be a personal issue for Tim Cook).

Rich’s analysis, which I agree with, aligns with another recently published article about the disparity in ranged weapons adoption in Europe in the Middle Ages. The question: why did it take the French and Scots nearly a century to adopt the cheaper, easier, and more effective longbow, instead continuing to rely on the more challenging crossbow? Answer: precisely because those technologies were cheaper and easier to adopt, they were blocked by the rulers of less politically stable states, who feared arming citizens with the weapon might lead to revolution. Only in more politically stable England was the longbow adopted.

There’s a clear analogy between restricting access to longbows and the current state desire to insert backdoors into consumer encrypted communications. What’s striking is the political difference in who’s doing the restrictions on crypto technology. It’s not just failed or unstable states (though there are plenty of those who seek to circumvent crypto), but also major global powers like the United States and India. I’m not sure whether that says more about the threat posed by crypto, or about the United States.

On the legality of peeping Toms

Boing Boing: Free Stanford course on surveillance law. Now I know what I’ll be doing in my spare time this month, and you should too. 

At last month’s inaugural Black Hat Executive Summit, I learned a few things that surprised me about how existing US law applies to “cyber,” and I expect to continue to be surprised by this course. Probably unpleasantly, but who knows?

Ten years ago (soon): BloggerCon

Dave reminds us that it’s almost ten years to the day since the first BloggerCon. I was highly invested in blogging at that juncture of my life, having tried and largely failed to figure out where I fit inside Microsoft, and so I managed to combine a recruiting trip back East and attendance at the first day of BloggerCon.

I liveblogged much of what I saw of the day. I’m sure most of it is redundant with the other coverage, but in retrospect it’s interesting to read through the coverage and see how much of it was on target, or just off-target. I think the biggest bit that surprises me is the collective failure to imagine that blogging, per se, was just one manifestation of a million ways for individuals to share ideas and feelings with the world, or that most people would be most interested just in sharing those ideas and feelings with a few friends and family.

Watch out, Rudolph

We haven’t taken down our Christmas tree yet. Sometimes I fantasize about just sticking the whole thing away, decorations and all, and hauling it out next year ready to go. But these guys did one better: they launched it. On 32 model rocket boosters (Estes D boosters, to be exact). Watch:

(Okay, it’s not really a tree, but who cares? It’s still one of the funniest things I’ve seen in a long time.)

Merry Christmas from Google: Cavalier Daily in Google News

A nice Christmas present from the Googlemind: if not a complete run, then a pretty good sampling of the full archives of the Cavalier Daily and its predecessor College Topics, the long standing student newspaper of the University of Virginia.

The boon to a researcher of the University (or the Virginia Glee Club) cannot be overestimated. Just in a few minutes I found:

If Google News’s presentation of archival newspapers leaves something to be desired (I find it much more difficult to manage searching through a single issue than with the UVA library’s search interface), there is still a real treasure trove here, and not just on the Glee Club but on just about ever other topic.

LongURL Mobile Expander slows me down

A reminder that addons, extensions, and other bolt-on software capabilities aren’t free:

It was a maddening bug. On my machine, and mine alone, our web based application slowed to a crawl when I chose a particular option. No one else could recreate the bug.

As I was showing the bug to the developer, we had a hunch, checked my add-ons, and turned off about half of them. The problem went away. Now I had a hunch about where the problem was. I turned on all the add-ons except LongURL Mobile Expander. The web application was working properly again, and I had my culprit.

I’m not a JavaScript developer so I’m not sure, even looking at the source code, why there was a problem. I wonder whether the issue was the fetch of the list of supported services, which seems to happen on every onload() event — possibly on our Ajaxy web app, the lookup was firing more than once per page? (Update: No See below.) All I know is that it’s turned off for good for me.

It’s kind of a shame, because LongURL performed a useful function: with it installed, when you hover over a link to tinyurl.com, bit.ly or one of the other URL shortening services, it looks up the link and shows you the destination in a tooltip–so you can tell if you’re going to get RickRolled, essentially. Useful, but not at the cost.

Update: the developer who looked at the issue with me does speak JavaScript, and he says the issue is not the fetching of supported services (happens once, then cached). Instead, the real issue is that the script re-parses the web page’s document object model each time a new node is added. This is what just about every AJAX app does all the time, which explains why the problem is only visible on apps like ours–or Facebook, as one rater of the add-on points out.

Web-wide citations?

I recently started a new wiki project, which I’ll discuss in more detail later. Like the Brackbill Wiki, this one is based on the same software that powers Wikipedia, MediaWiki. It’s a powerful site building tool if you want something that’s collaboratively edited.

However, don’t assume that all the power of Wikipedia is in any other MediaWiki site. Case in point: citations. I love the citation templates on Wikipedia, together with the reference templates, because they make it drop dead simple to do professional citations, which if you’re trying to construct a reference work are kind of important.

But the citation templates that power Wikipedia aren’t in the default MediaWiki package; they’re templates that live specifically in Wikipedia’s content. And while Wikipedia’s liberal license policies allows reuse-by-copying, that means you have to keep up with bugfixes yourself. It would be one thing if it were just one template, but by my count I had to copy no fewer than 66 templates to get web and book citations, and their associated documentation pages, working. That’s nuts.

What would be nice, of course, would be to have a nice, robust markup strategy that would do proper footnote citations on any site, not just a wiki. The anchor tag is kind of the degenerate version of it–very powerful but also lacking in some of the stuff you want for a formal citation, such as the date the item was last accessed.

The death of tr.im, or why you are your own product manager

The recent flap over the impending death of tr.im reminds me of a discussion I had at the Berkman Center when I crashed one of their meetings back in 2004. The question was, do you use external services with your blog? That is, do you host your images on Flickr or a related service? Do you outsource comment management? These days, the question is do you host your own videos or do you let YouTube do it; or do you use a URL shortener.

Fundamentally, these are strategic questions like the ones that product managers face every day. The question is “Build, Buy, or Partner?” and it’s a question about how you add functionality to your product offering. In this case, the “product offering” is your public presence on the Internet–which is to say, in public, on-the-record discourse. As the question is conventionally understood, “build” means build it yourself, “buy” means acquire the functionality via some sort of purchase of rights, and “partner” means make a business arrangement where the partner delivers the functionality directly. In web development terms:

  • Build: You can build most of the functionality that people use on the web, from photo galleries to URL shorteners, yourself if you are a reasonably competent programmer.
  • Buy: You are acquiring via a license (even a free one) functionality from a third party and providing that functionality to your users. Can include purchased software or free software, whole packages or plugins.
  • Partner: You are using third party services directly–embedding photos and video from someone else’s server, using a third party URL shortener, etc.

So how do you decide to build, buy or partner? You can ask yourself the same questions that product managers everywhere ask:

  1. Do I have the capability to create this functionality?
  2. Do I want the responsibility of maintaining this functionality and adding to it over the long run?
  3. Is this functionality a core part of what I do? Do I derive some sort of competitive advantage from it?
  4. How much control over the final product do I want?
  5. Can I afford to have the content go away?

If you can do #1 but not #2, buy might be a better option than build. If the answer to #4 is “a lot”, partnering is not an appropriate option.

Let’s look at some people’s reactions to the event in this light:

Dave Winer had chosen the “partnership” model with tr.im (in the sense described above, that he is using their services and building atop them), building a lot of functionality on top of their APIs. He sees tr.im’s collapse as an argument to eliminate URL shorteners altogether, or at least to require that they provide a portability option. Portability is a way that you can escape Question #5, a safety clause if the partner goes out of business or if you don’t like what they’re doing with your content. I think that shortened-URL portability is in this analogy the equivalent of source code escrow and other safety provisions in conventional software contracts–it’s your escape hatch to make sure your personal data isn’t threatened. This is a perfectly sane request if you’re entering a real partnership relationship, where you’re adding value to the other party’s offering.

By contrast, Jeffrey Zeldman went the “buy” path, installing a WordPress URL shortening plugin to share pointers to his own content. For him, having short links to his content that work indefinitely is too important to risk having “the third-party URL shortening site [go] down or [go] out of business.”

Looking at it through the build-buy-partner lens, it’s also easy to see why WordPress has become such a dominant platform. The ability to add third-party developed plugins to add functionality provides a wide variety of options to add new functionality and allows you more options than simply blindly partnering with another organization, without any assurance that they’ll continue to support you.

Why go down this path at all? Why worry about the longevity of what are almost certainly transient services? One way to look at it is this: at the end of the day, your web presence is your product, and you are its product manager. You are responsible for the strategy that determines how the world views you. And in that light, it makes sense to borrow some strategies from product management to plan that strategy. Others use the formulation “You are your own CEO”; as your own CEO, consider that what people interact with online is not you but a product.

Stupid breakage of the day: Ubiquity and MobileMe

This morning I tried to log into MobileMe, which has mostly been working well recently, and got an unsupported browser screen telling me I needed to be running Firefox 2 or later, or Safari. Only problem was I was running Firefox 3.0.5.

I figured it was a bug in MobileMe’s browser check logic, so I used some JavaScript to check what my browser was reporting as its user agent:


It told me I was running

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2008120122 Firefox/3.0.5 Ubiquity 0.1.4

Looking at the user string, I wondered if all the addons at the end, in particular the Ubiquity one, were breaking the browser check. So I disabled Ubiquity and restarted the browser. But the user agent string still showed Ubiquity.

I had just updated to the newest Ubiquity release this morning and was starting to think that something in the add-in was causing the problem. So I uninstalled it … and the user agent string was still the same.

Now I was curious. Did it leave a setting behind that the uninstall didn’t clean up? I looked under the hood in the browser preferences at about:config and searched for Ubiquity, where I found a very interesting preference under general.useragent.extra.ubiquity. There didn’t seem to be an option to delete the key, so I simply set its value to an empty string.

Doing the browser check now reported

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2008120122 Firefox/3.0.5

And I could log into MobileMe again.


  1. Uninstalling an add-in doesn’t always totally uninstall it.
  2. You might be better off without Ubiquity.
  3. Apple needs to fix the MobileMe browser check (aka Trampoline).

Using an AirPort Express with FiOS

As I mentioned yesterday, there were a few unfinished items left after the FiOS installation yesterday. I got two of the items taken care of this morning, but I was a little disturbed at what I had to do to make things work.

After the installation was complete on Sunday, I connected to the administrative web page of the Actiontec router that Verizon had provided (and which is required with the Verizon TV package). I reconfigured the router to take over the network name (SSID) that I had been using on my AirPort Extreme, changed the security to WPA2, and set the passphrase to the one I had been using previously. Our laptops and my iPhone picked up the change, but my AirPort Express units (which provide wireless printer support and AirTunes) didn’t. They’re first generation AirPort Express, and do 802.11G and 802.11b only.

After some pulling my hair out this morning, I found a thread on the Apple support message boards that suggested that the original AirPort Express was incompatible with the Actiontec version of WPA2. I changed the Verizon router to use regular WPA and told the AirPort Express to use WPA/WPA2 for authentication. After rebooting, I finally got a good connection (green light) with the Express. My second Express didn’t need any reconfiguration–I simply unplugged it and plugged it back in, and it worked.

So there’s that. What’s left is getting my hard drive, with all my music, back on the network. I may have to run an Ethernet drop into the living room over Christmas. Or try one of the tricks for supplanting the Actiontec for wireless.

(It’s more than a little annoying, btw, that I had to use regular WPA instead of WPA2. WPA2 is a much more secure protocol and WPA has been cracked.)

Google Chrome 1.0 (.154.36)

Well, that was fast. Google Chrome went from new to 1.0 in about 100 days:


But is it ready? And why so soon?


I expected Google to add more features over time, since the merely architectural improvements of the browser didn’t seem to meet the critical differentiator threshold to justify launching a new browser. But that didn’t really happen. And in fact, Google seems to be launching Chrome with some rough edges intact. Check out this snippet of the WordPress 2.7 login screen (right).See those black edges around the box? That’s a rendering bug in Chrome’s version of WebKit. (The black corners aren’t there in Safari.)

So: Google is rushing a new browser that they “accidentally” leaked just 100 days ago, a browser that has significant speed but demonstrable rendering flaws, into an already crowded market. Why? And why launch two days after previewing the Google Native Code plug-in, a web technology that seems a far more significant leap forward?

My guess: they’re scared of having their thunder stolen, maybe by Firefox. The new Mozilla JavaScript engine, TraceMonkey, appears to be running neck-and-neck with Google’s V8. And when the major feature in your browser is speed, you don’t want to risk being merely as good as your better established competitor. So maybe releasing Chrome ahead of Firefox 3.1 (which still has no release date, and at least one more beta to go) was simply a defensive move to make sure they aren’t competitively dead before they launch.

Remix culture: NASA’s bootleg Snoopy from 1969

I had read about NASA’s use of Snoopy and the Peanuts characters as unofficial mascots for Apollo 10 (it was well documented in Charlie Brown and Charlie Schulz, which sat on my Pop-Pop’s bookshelf alongside the Peanuts Treasury), but don’t remember seeing this. Courtesy Google Image Search and the LIFE archives:

As good an argument for the Commons as I’ve ever seen. The irony is, of course, that it sits in Google Images with no reasonable licensing in place. Even this bootleg image is claimed as copyright LIFE magazine.

Google LIFE archive: where’s the usage rights?

I’m impressed by the new LIFE photo archive at Google Images–it’s a truly significant work of digital content. But it’s missing one important thing: a usage policy. The images are marked (c) Time Inc., so it’s clear they aren’t public domain. But is there any way to purchase usage rights? The only reuse provision seems to be a framed print purchase.

Compare it to what Flickr does with the images in its commons, or anywhere else for that matter–a clear licensing agreement, selectable by the poster, that explains how images can be used. The LIFE archive may be visually striking, but it would be much more valuable if the images could have a life beyond Google’s servers.

Ubiquity memory issues on Firefox

I may have to stop using Ubiquity for a while. I’ve used it exclusively because it, plus the share-on-delicious script, provides a great keyboard-only way to tag web pages for Delicious, simply by ctrl-space and typing share Delicious bookmark description tagged delicious tags entitled title“.

Alas, there are definite memory issues with Ubiquity or with the script. I currently have three tabs open in Firefox and the memory is more or less stable at 112,988K. If I invoke Ubiquity and start typing:

share This is a sample Delicious post that's not too different from one I would normally do, except a bit shorter and more fictional. tagged ubiquity entitled foo ubiquity test.

then suddenly memory usage spikes up to 571,028K !!! The memory use gradually falls back down, but it climbs steadily and precipitously while I’m typing, and there’s a point beyond which Firefox becomes unusable. Maybe I’m a canary user because I’m a touch typist, and I’m typing faster than Firefox can garbage collect memory? I still can’t believe that Ubiquity could be consuming so much, though.

(Update: apparently I’m not alone.)

What blogging is (revisited)

I checked out a new people search engine (123people.com) on a link from Lifehacker and, of course, searched for myself. I was surprised to see a lot of discussion about an old piece I had written after the first Bloggercon, a two post thought stream called “What is a blog” and “Blogging and empowerment” that gave a technical definition of what a blog was, and then a sociological definition.

The responses, apparently for a high school class at City Arts and Tech in Digital Design (!–to Ted Curran, if you’re out there, drop a comment–would love to know how you incorporate blogging in your teaching), were interesting and made me go back and look at what I wrote again. Here are a few excerpts:

  • Peter Luc: “A blog can just be about anything you want it to be, from your daily lives to what you feel about something. Anyone can create a blog and start blogging right away… A lot of people use blogs to tell others what is going on in the world like what they see with their own experiences. This can replace the sites that people usually go to to check the daily news….Blogging has to do with relationships when you make it a personal blog. A personal blog to me can be like 2 people blogging about what they do in a day and the 2 people can share their day with each other. It’s kind of like when you pass notes during class to different people, but instead this is web based so you won’t get caught. :)”
  • Rukiyah Sanders: “Due to the increase in technology over the coarse of these past few years we are able to do so much we weren’t able to do back then.”
  • Brandon House: “There are no rules in blogging, one can make up things with their own mind. people have the freedom to express what they must. I believe that freedom of speech is one of the most powerful weapons and tools you can give to an individual with a mind.”
  • Holden Way-Williams: “i guess it shined some light on the mysteries of blogging, but for the most part it was not too helpful. blogging is very simple. you go online, and you write on this thing and everyone around the world can read it… the article was not interesting. the information was not very useful, and the guy who wrote it was pretty boring.”

Well, Holden, you got me. It was pretty boring. I was trying to make a real point, but got tangled up in the mechanics of blogging rather than focusing on the real thing.

Here’s what blogging is: It’s a person writing his thoughts down and sharing them with people online. For person, you could substitute a middle schooler or your grandma, or the CEO of a hospital. For sharing them with people, it could be the writer’s friends, or it could be somebody who’s Googling for something unrelated and comes across it months or years later.

What’s changed, in the five years since I wrote the original piece, is you don’t have to have a dedicated website of your own to blog. You can do it on Facebook or Myspace, or in short thoughts on Twitter, or in one of a million other places. The thing about Facebook that some folks don’t like is that the wider Internet can’t get the benefit of your thoughts, which is probably OK if you’re blogging to your girlfriend or boyfriend but might not be OK if you want people other than your friends to get into a discussion with you about something or learn what you thought about something.

For me, now, blogging is an investment in the future. When I write something in my blog, I make a bet that I’ll be interested in going back and using it again later, or that someone else will find it useful. It’s a bet that usually doesn’t pay off; I would guess that no-one has read three quarters of the stuff on this site. But sometimes it pays off big–like when a class of high school students thinks seriously about what I wrote about blogging, and you get to learn from what they thought about what you said.

And you get to learn that they take blogging for granted. Which is, in and of itself, pretty cool. When I was in high school, I didn’t have a public forum like blogging. (And I had to walk uphill, both ways.)

Not to slight anyone: here are other responses from Max Bizzarro, Roselle, Sschafra, Nataly, J. Pascual, Mara, Jessica Tang, Tatyana K, Hawkman, SJ, Noel, and Maureen. Hawkman’s response is maybe my favorite: “The fact that someone could have so much faith in a new idea as a means of solving age old problems is kinda funny, because there have been dozens of technologies that would supposedly solve such problems, but the results were never definitive.” Yes, you’re right, but on the other hand blogs were one of the things that helped get Barack Obama elected.