No Such Weblog

This blog hasn’t seen updates for a while. Much of my blogging these days has moved over to my posterous (RSS feed).

I’m sitting in the ICT 2010 plenary session on “Driving Societal Change, Opportunities for All.” One of the themes in the discussion is how many of the best people want to go to Silicon Valley, and why Europe perhaps isn’t as competitive in ICT as we’d like it to be.

After a great start, some of the panelists were slowly running out of steam and trying to console themselves by talking about Europe’s quality of life and better social equilibrium (and some of them were ratholing about the fashion industry). But kudos to Hermann Hauser (of ARM fame) and Stefanie Hoffmann (the young woman entrepreneur on the panel, from AKA-AKI in Berlin) for trying to drive the discussion toward some of the inconvenient truths: Entrepreneurial culture, intellectual culture, the ability to take entrepreneurial risks without betting one’s life on them. This panel could have used much more of that discussion.

But the session format itself shows off one of the problems that the panel belabors: Researchers, developers, innovators, policy-makers, entrepreneurs (current and future) have come to Brussels to attend this conference. Presumably, we’re hoping that many of the smartest minds in Europe’s ICT industry are sitting in the room now. But there are no microphones to permit an interaction between audience and panel, and within the audience. There is no wi-fi that would at least let people interact online, in the background.

Instead of giving the participants in this conference the space and the means to participate and interact, this part of the conference format makes us watch TV.

I’m in Brussels for the ICT 2010 conference. The day kicked off with a number of great keynotes and a panel discussing how to turn the potential that European research and developing has into products and start-ups. Some themes: We need a culture that pampers entrepreneurs; ICTs and electronic communication are essential for sustained global growth at a time of constrained resources; enterprises need to embrace the Web as consumers have. The two stars of the morning were the European Parliament’s Silvana Koch-Mehrin, calling for the use of the Internet for better and more immediate citizen participation in the political process, and Neelie Kroes, commissioner for the Digital Agenda.

Alas, that opening session was also an opportunity lost: While Kroes was (as always) embracing the Internet’s participatory culture and tweeting full steam ahead, the conference organizers were concerned with keeping the audience focused on the speakers, and therefore didn’t provide Internet access to the audience. What could have started a conversation on Twitter and other social networks about the future of European ICT research and development ended up being a conversation in front of an audience, leaving the twitter walls right in front of the great auditorium strangely misplaced.

At some point not too long ago, I gave facebook a gmail address. Its reaction has been annoying ever since: First, it tried to tell me just how many people had joined Facebook thanks to me (incidentally, another case of manipulation right there — the real answer to that question is “zero”), and that it would be really great if I’d hand over access to my gmail address book (which isn’t anywhere near as interesting as the one on my phone, which I’m also not going to “synchronize” with Facebook).

More recently, the tactics have become more devious: Two random contacts are shown (who, facebook claims, have found their “friends” on facebook this way), and facebook seemingly advertises its “friend finder” (which I used a long time back). But — behold! — when I click “find friends”, what comes up is Google asking me to authorize facebook to read my Google address book.

Dear facebook: If you want my data, in-my-face devious behavior like this is the last thing that’s going to get it to you.

Update: How interesting. Now that I’ve deleted that gmail contact address, facebook is asking for my email address and password right away. No kidding.

Robin Wilton (@futureidentity) has dragged me into a discussion around privacy and SSIDs.

Like probably about anybody else who has ever played with software like Kismet (many years ago), I’m more amused than concerned by Google’s oh shit moment around wi-fi data collection: If you’re out to map wireless networks, then separating collection of packets from evaluation is a very natural thing to do. In other words: I buy that Google simply screwed up on this one.

Now, Robin takes the discussion further and asks whether there’s a privacy violation in logging SSIDs (and, perhaps more importantly, BSSIDs) from the streetview cars, and what the usefulness of that data is in the first place.

My take is that there are some immensely useful services that can be offered using this sort of data collection — it enables geolocation based on just observing what Wireless networks a device can “see”. (E.g., wi-fi based geolocation is the only one that my laptop is able to perform.) The data that’s interesting for that sort of observation isn’t the content of a packet. Instead, it’s what network I can see from where.

Therefore, making that observation (while throwing away any payload you may accidentally get to see) strikes me as harmless, and not a privacy (or other) violation: To begin with, the data isn’t even tied to an individual in most cases. And collecting that data passively isn’t interfering with my use of my network, either.

Now, that isn’t to say that all sorts of organized wardriving are automatically legitimate: I might get concerned if an organization doing that sort of exercise was joining networks, figuring out what ISP they use, and perhaps even correlating IP addresses with real identities — probably within the realm of the feasible for an organization like Google. I could see how people might feel violated if they ended up on a map with open access points that directs others to use their network — the distinction being that this sort of service might cross the line between casual use of an open wireless network by third parties and systematic use. But do we have any reason to believe that this sort of thing has happened in the StreetView case?

Yes, Google made a fairly bad mistake, and confessed it publicly when they hoped nobody was listening. Yes, the degree of intrusion that comes with wardriving depends on what the wardrivers do with the networks they see.

But let’s not throw out the basic measurements that enable wi-fi based geolocation services along the way!

 

Yesterday’s earthquake in Haiti was devastating. And while I’m watching the reports come in in horror, I can’t help but think about the roles that the Web and more traditional news media are playing in telling the world about this tragedy.

The picture above is a screenshot from the Guardian’s blog on the tragedy. The photo credit to “AFP/Getty Images” for a “Twitter image” is a striking example of just how strongly social networking sites are disrupting the breaking news focused part of journalism — as are the CNN and The New York Times newsrooms’ lists of twitter users they follow for information. Media is moving away from having exclusive access to first-rate sources, instead its role is curating sources, online, for everyone to see. And interviews (through skype) are negotiated on twitter, in public.

In Network Effects, the Economist compares the Web’s effect on news with the telegraph’s, and concludes:

The internet may kill newspapers; but it is not clear if that matters. For society, what matters is that people should have access to news, not that it should be delivered through any particular medium; and, for the consumer, the faster it travels, the better. The telegraph hastened the speed at which news was disseminated. So does the internet. Those in the news business use the new technology at every stage of newsgathering and distribution. A move to electronic distribution—through PCs, mobile phones and e-readers—has started. It seems likely only to accelerate.

The trouble is that nobody knows how to make money in the new environment. That raises questions about how much news will be gathered. But there is no sign of falling demand for news, and technology has cut the cost of collecting and distributing it, so the supply is likely to increase. The internet is shaking up the news business, as the telegraph did; in the same way, mankind will be better informed about his fellow humans than before. If paper editions die, then Bennett’s prediction that communications technology would be the death of newspapers will be belatedly proved right. But that is not the same as the death of news.

When I still worked on mutt, I didn’t really pay that much attention to our competition at the time, and had no idea just how sorry the state of e-mail software is these days. Eventually, Apple Mail lured me into the world of GUI e-mail software, and so I’ve been trying some of those programs for a while.

Therefore, a few observations.

Apple Mail is, in typical Apple fashion, very simple on the surface, seems optimized for casual use, and holds up surprisingly well for heavy users as well. It’s at times a CPU hog, but mostly responsive. A recently acquired bad habit concerns its plain text e-mail: The program used to send nicely formatted “format=flowed” e-mails that look good in mailing list archives. More recently, it has started to send the equivalent of really long lines (one per paragraph) — that’s rather bad style, looks bad in archives, and is just plain unnecessary.

When Thunderbird 3 came out, I figured I’d give it a try. The UI suggests that it’s optimized for heavy use, the plaintext e-mail produced is pretty. But things like the absence of useful behavior on flaky networks, lack of clear error indications (Apple Mail does that better!) didn’t bode well. And then it started indexing. And started indexing. And started indexing. For a few hours. Thanks for trying, Thunderbird!

Next try, Postbox, a commercial and pretty-looking piece of software based on Thunderbird. The indexing problem seems mostly solved (or perhaps they’ve moved it to a background thread so it doesn’t block the software for hours at a time); there’s a really nice “conversation” view for browsing long threads (evidently inspired by Gmail) which usefully pulls together messages across several folders (yay!), and it’s overall more responsive than Thunderbird. But, alas, a wrong click somewhere, and it spends some minutes to change a flag on all messages in an inbox (seriously, how long can it take to flip one bit for 10,000 messages, on current hardware?). “Reply in plain text” from the conversation view, and you see placeholders form a template that isn’t filled in. Import from Apple Mail, and you’ve got the results of a few obvious mailbox parsing errors in front of yourself. Ick! And, again, bad behavior with flaky connections, to the point of having to restart the software to actually make it fetch new mail. On the way out, I was’t able to export things into mbox format folders — another case of “how hard is this, again?”

I’m now back to Apple Mail and will continue to keep a copy of mutt around mail folders that have all my current mail.

I’m sitting in the airport lounge in Luxembourg and waiting for a delayed flight to Zurich — due to a snow storm over there, the incoming aircrafttook a while to leave (if it has actually left, that is).

The Web moment came when I asked the lounge attendant whether she had any news about the flight — and instead of looking at any of the special purpose airport terminals at her disposal, she simply pulled up a Web browser, and asked Google for Zurich airport…

Disclaimer: personal views abound.

I’ve recently been playing around with Google Latitude (the few folks I’d use it with are privacy-conscious enough that they don’t, so it’s boring), and I’ve tried the PicPosterous iPhone app. I’ve also been a close observer of what’s going on in W3C’s geolocation Working Group.

It strikes me that, as they ask for users’ locations, many applications (native and otherwise) start with, well, bad manners. Take PicPosterous: That application wants to turn on the iPhone’s location system before I’ve had any interaction with the app at all. What is it going to do with my location? I don’t know. Is it going to track me? I don’t know. Is it going to keep a trail of where I am forever? I don’t know. Or take Google: When I start up Latitude, I expect to deal with location data. That’s ok. But I don’t expect Google Reader to start tracking me down just because I signed in to a different, location aware service from the same company.

That kind of unexpected behavior really smells like spyware. It makes me want to turn off the GPS (and the other location services) most of the time — which, of course, makes the legitimate location-aware services a pain to use.

Dear developers: Build your applications so they don’t look like Spyware. Don’t surprise me. Be predictable. Put me in control.

• Don’t locate the user unless he’s said so. Take PicPosterous: The purpose of the location gathering is geotagging a picture. Why not pop up a quick dialogue that says “I’d like to geotag this picture. Shall I?” And why not locate me only when a picture is taken? All that would go a long way toward building some trust in the application’s behavior. Or take Google Reader (or Latitude): Why not give me a setting “update my location whenever I use Google applications”, with default “off”?
• If you’re an application that needs to track my location (say, you’re a turn-by-turn navigation tool, or you’re Google Reader and I’ve told you to find me), remind me. Give me a little button to turn off your location function. Again: Don’t surprise me, and put me in control of what you do.
• Tell me what else you do with the data, in plain English. Start out with what the latest draft of the geolocation API spec has to say, and be very clear when you do anything else. Even better, give me an option.

Now, to the user agents: I like minimalistic user interfaces, and I think that a distribution of concerns where responsibility for secondary use rests with the Web application is a sane design approach. But however much I like a simple, non-modal “locate me / don’t locate me” dialogue when I’m asked for my location: Privacy doesn’t end at that first click.

• Even when I click that “remember for this site” option, I’ll probably forget about it in a while. You better ask me again when I haven’t visited the site for a while.
• A web application might behave badly. Remind me whether someone’s locating me right now (how about a little pulsating crosshair?), make it a no-brainer for me to figure out who knows where I am, and make it really easy for me to stop sharing location data — with any of them, or with all of them.
• Give me an option to lie about my current location.

Extension developers to the rescue?

Mark Pilgrim responds to Nah Mendelsohn’s notes on HTML 5 with this remark: Draconian error handling enforced at runtime does not scale to the complexities of modern-day web applications. Ensuring well formedness becomes increasingly difficult when content is dynamically cobbled together from multiple sources, some of which are beyond your control (user generated content, third-party ad servers, and so on).

 To paraphrase: “Web application development is incapable of delivering valid XML. Therefore, we need a more lenient (and more complex) parser. Forget about enforcing syntax.”

 Now, the class of bugs in Web applications that Mark describes is precisely what leads to cross site scripting attacks all over the place. And the more lenient (and complex, and informally specified) the parsing rules, the more likely it would appear that it becomes even more difficult for Web application developers to avoid cross-site scripting bugs, and that it becomes even more difficult to write code that (e.g.) filters user-supplied HTML to some safe subset.

 I guess the redeeming point here is that my argument uses XHTML as a baseline, and that HTML5 – with its defined error handling – improves predictability over the concoctions that parse HTML today.