Random Thoughts

Today I attended the Internet Summit Austria 2009 held by the Internet Service Providers Austria association at the Austrian Academy of Sciences. The motto of the event was “We are Internet”, referring to the fact that the Internet is created by people and used by people.

ISPA chairman Andreas Koman opened the session with statistics about Internet use in Austria and an overview of current developments and challenges.

Claudia Bandion-Ortner, minister of justice, admitted her preference for paper files and reminded the audience that the Internet is not an area unregulated by law. There are legal issues specific to information technology, such as data theft and violation of data privacy rights. While fraudsters and other criminals use the Internet, most crimes are media neutral. One area that is closely linked to the Internet, though, is child pornography. Bandion-Ortner referred to the controversial German pilot for blocking access to illegal sites. Needless to say, the same filter technology could be used for censoring access to legitimate information or enforcing intellectual property rights.

Volker Grassmuck delivered a keynote about the reformation of intellectual property law in the digital age. Established “common sense” can block creativity and innovation. Some ideas worked well although most people would have assumed they wouldn’t:

• Shared space pioneered by Hans Moderman–“If you treat people like idiots, they will behave like idiots.”
• Shared code with the Free Software Foundation (FSF)
• Shared profits with the micro-payments of the Grameen bank– “People behave in a trustworthy way when they are trusted.”

Grassmuck touched on aspects of the digital age, the 40th birthday of the ARPANET and the 10th birthday of Napster this year, and the end-to-end principles in system design laid out by Saltzer, Reed and Clark at the MIT. Laboratory for Computer Science in 1984. The network is a universal transport mechanism, intelligence and innovation are at the ends of the network. “Today’s optimization is tomorrow’s bottleneck.”

On net neutrality Grassmuck mentioned a speech by FCC chairman Julius Genachowski and a refined view on the issue, with net neutrality but with network management to handle congestion or spam and with provisions for law enforcement, and transparency which would allow blocking or throttling certain types of traffic as long as customers are made aware.

There is no one solution that satisfies the needs of content producers, consumers and intermediaries. Working models will require a combination of an agreement between creative professionals and society, markets, free licenses, public subsidies and a “cultural flat rate”.

One of the conference gifts was, ironically, a USB stick with a locked down installation of Firefox using the Tor network to ensure privacy.

The keynote was followed by a lively discussion about intellectual property rights, including but not limited to compensation for the creator of content. The composer Johanna Doderer and the author Gerhard Ruiss pointed out that they want to maintain control over what happens with their works and reminded the audience that creative professionals are typically paid by how often their works sell. Georg Hitzenberger of Play.fm and Bettina Kann of the Austrian National Library outlined some of the challenges with obtaining rights for use in digital media and making content available. For example, the digital Web archive maintained by the Austrian National Library has unreasonably strict access requirements in selected locations only, one person at a time. Franz Schmidbauer touched on legal aspects and the adequacy of intellectual property rights enforcement.

MEP Eva Lichtenberger made an interesting comment about giving young people the ability to purchase digital media without requiring a credit card, quoting the large amounts spent on ringtones where suitable payment solutions are offered by telecom providers.

After the lunch break, Peter A. Gloor gave an entertaining presentation about “Coolhunting by Swarm Creativity” (that’s a lot of buzzwords for a title), explaining how their system combines different inputs–the wisdom of the crowd in the form of the Web, the wisdom of the swarms in the dynamics of fora and blogs, the knowledge in news and Wikipedia–to understand networks, trends and content. “Experts are right – in 50% of the cases. You never know which 50% you have.” swarmcreativity.net and ickn.org have good information about the concepts and the Condor software for non-commercial use.

Two panel discussions about social networks and business on the Internet concluded the agenda.

Labels: austria, events, technology, web2.0

Redirects are often discussed only in the context of search engine optimization (SEO). Here is a good example how redirects affect users as well, and why it is important to choose your redirects wisely.

The Central Intelligence Agency (CIA) in 2006 began serving its Website encrypted in an effort to improve security and privacy of the communication.

This is a clear case for a 301 redirect from the unencrypted URL http://www.cia.gov/page to the equivalent encrypted URL https://www.cia.gov/page. Instead, except for the homepage and very few other pages, all requests get redirected to a splash page informing visitors about the site changes:



Not only is this a bad idea for search since all those links out there on various sites now transfer link weight to a splash page which is marked as non-indexable. It is also an inconvenience to users who need to navigate to the specific content or go back to the previous page and try again with an edited link.

Even the old URL for the World Factbook, arguably one of the most popular resources on the site, no longer goes to the desired World Factbook homepage directly.

The CIA press release states: “We believe the inconveniences of implementing SSL for the entire website will be offset by increased visitor confidence that they are, in fact, connected to the CIA website and that their visits are secure and confidential.”

The effort to increased security and privacy is commendable, and encrypting all communication with the agency certainly isn't a bad idea. Doing so without the inconveniences would be even better though, and perfectly feasible, too.

Labels: networking, seo, technology

For two decades, the European Union carefully regulated the size and shape of fruit. Often this has been quoted, and rightly so, as an example of the over-regulation by the commission.



Announced in November 2008, the return of the curvy cucumber will become effective on July 1, 2009. Now all those cucumbers and carrots will be “allowed” to grow in all shapes and sizes again (not that they cared too much about EC directives anyway).

Standards usually make life convenient. Just imagine what driving a rental car would be like if manufacturers implemented their own concept of speed and steering controls (too bad that other controls like air condition and radio aren't standardized and often not self-explanatory). Or withdrawing money from the bank without standardized bank cards and ATMs. Or connecting to networks if they weren't all using the same protocols.

Regulating the size and shape of fruit and vegetables, on the other hand, doesn't make life more convenient unless you like to see the cucumbers lined up nicely in the fridge. To me, this is mostly an indication of an unhealthy desire to control everything, including Mother Nature. More than two decades ago, the movement which eventually became the Green party started questioning large technology projects, be it nuclear power plants or ecologically questionable hydropower plants. Many of the environmental and energy related issues still need to be addressed. But, at least we have the curvy cucumber back.

Labels: business, technology

When it comes to usability, disagreeing with Jakob Nielsen is usually not an option. After all, he has been called king, czar, guru or Web usability for a reason, and his Alertbox offers invaluable advise most of the time.

Disagreeing with Jakob Nielsen on security is easier, especially when he advocates to remove password masking as a means to improve usability and claims that this doesn't lower security.

While not offering a high degree of protection, the password masking does a pretty good job for most situations. Certainly, a determined and skilled criminal would be able to observe which keys are pressed, or use other attack vectors to intercept my Web interactions. I am often surrounded by trustworthy people who still shouldn't know my passwords, don't care about my passwords and even politely turn their eyes away while I am logging in. Whether showing someone a Website or doing a demo to a larger audience, accessing protected areas of a site in a semi-public environment like a desk-sharing area at work or logging in from a mobile device, those little stars or dots protect my passwords well from becoming exposed.

Security and usability should not be conflicting objectives; in fact usability is an important aspect for any security system, or users will work around usability issues and use it in unintended ways, like copying and pasting passwords from a text file as Nielsen mentions. An extra checkbox to enable password masking just adds complexity to the user interface and may confuse users more than not being able to see their password.

Typing passwords on mobile devices (or foreign keyboards, for that matter) can be challenging. Some smartphones like the iPhone or the Nokia N95 show the letter as typed but then quickly replacing it with an asterisk, which is a reasonable compromise.

Instead of cluttering Web forms with additional checkboxes, web developers should demand that browsers and mobile devices provide an option to remove password masking when desired by the user. This would maintain the current level of security by not exposing the passwords to people looking over users' shoulders and address the usability issue for those who have difficulty typing their password and would benefit from visual feedback.

Until then, use this JavaScript bookmarklet to unmask password fields as needed:

for(var i=0;(var a=document.getElementsByTagName("input")[i]);i++){
  if(a.getAttribute("type").indexOf("password")!=-1){
    a.type="text"
  }
}
window.focus();

(all on one line, or simply drag the Unmask passwords bookmarklet link to your bookmarks).

PS. More ways to reveal passwords in a controlled manner can be found in Martin Brinkmann's blog post Reveal your saved Passwords in Firefox.

Labels: technology, usability, webdevelopment

While shopping on Amazon the other day, I noticed a subtle yet still noticeable hint that I had bought the very same article already in October 2007.


At first glance, the notice would appear to drive customers away from buying; however Amazon.com has a long-standing reputation for innovation in online commerce and good customer service (although I have been less satisfied with their handling of e-mail correspondence lately) so this didn't come as a complete surprise.

Good user experience design is all about delivering value to the customer, and to the business too:

• The customer may have bought the product earlier and order another copy as a present, which was actually the case for me.
• Some products, such as blank CDs/DVDs, lend themselves to repetitive orders. Knowing that this is the same product ordered before is reassuring to the customer, which means more business with fewer clicks.
• In the unlikely case that a customer accidentally orders the same product twice, chances are that she would return the product for a refund, incurring shipping and handling cost for the business; therefore not shipping the product in the first place is not only the most customer friendly, but also the most cost effective solution.

On a related note, Amazon.com has also been innovative in offering pay-as-you-go Web infrastructure, and IBM recently announced plans to deliver software through their Amazon Web Services platform.

Links:

• Amazon.com
• Amazon.de

Labels: business, ibm, kudos, technology

Google generally does a pretty good job warning users about suspicious Web sites assumed to contain malware, but their algorithm seems to have gone overboard now. This morning every search result shows a warning that the site may harm my computer:

Labels: google, technology

Google search nicely reminded me that digital storage is still all about ones and zeros:

Labels: ibm, technology

Want to explore how organizations can transform themselves into truly global enterprises of the future? Ready to collaborate with technology and business thought-leaders?

Join the InnovationJam™ 2008.

Labels: business, innovation, technology

Does the world need another Web browser? Probably not, most people are reasonably happy with Firefox (or SeaMonkey), Safari and Internet Explorer, and a wide range of less known specialized browsers.

But then of course it's hard to ignore a new browser when it's launched by Google. Matt Cutts quickly blogged about the Google Chrome announcement and conspiracy theories, and the search engine guessing feature in particular caught my interest.

www.ibm.com has supported OpenSearch for years and it's good to see a browser finally making good use of the OpenSearch description and providing access to custom search engines using keyboard navigation. With the OpenSearch definition for IBM Search enabled, typing ibm.com Green IT selects IBM Search as the preferred engine for that search:



The same can be achieved in Firefox with keywords, albeit not as easily.

Rendering of XML content including RSS news feeds leaves much to be desired. Hopefully Google will add full XML rendering support and integrate a feed reader soon.

Incognito browsing is another neat idea, it won't help much to preserve your privacy but could be useful for testing when you don't want all the test pages to clutter your browser history.

One prerequisite for me using Chrome is support by RoboForm which keeps track of all my accounts and passwords. RoboForm does not work with Safari but hopefully with Chrome being open source will support this browser. Web development tools that work with Chrome will be the other deal breaker.

In the meantime I will continue to experiment with Chrome and see what else Google's latest brainchild has to offer.

Labels: technology, webdevelopment

The latest Microsoft DNS patch improves security too well. The update appears to be incompatible with Check Point's hugely popular ZoneAlarm firewall and possibly other firewall products, and results in complete loss of Internet access.

After a lengthy failed attempt to diagnose a family member's “my Internet no longer works” problem over the phone I saw the BugTraq alert “Microsoft DNS patch KB951748 incompatible with Zonealarm” late at night. Sure enough, uninstalling the update nicely resolved the problem.

The other possible workaround, turning off the firewall completely, would be more risky than living with the spoofing vulnerability until this incompatibilty gets fixed.

Labels: technology, windows

Who the heck is Charlie O'Donnell? I don't know, but somehow (more precisely, from Ed Costello's bookmarks on del.icio.us) I stumbled upon his blog post An experiment: Who's really out there and how do you measure influence?

When Feedburner reports 2686 readers, does that mean 2686 folks actually read the blog, or once subscribed to it and never came back? So Charlie is running an experiment to determine who's actually reading, how people find out about the blog etc. and as an aside get really popular. This is social marketing at its best, so let's pass on the word and see just how popular we can get this.

Link to the post: http://www.thisisgoingtobebig.com/2008/07/an-experiment-w.html

Labels: metrics, technology

The Mozilla project released Firefox 3 on June 17 with an attempt to set the world record in software downloads per day.



While I consider raw traffic numbers only mildly useful and the hunt for traffic records somewhat old-fashioned (when IBM did run the Olympics Websites we would report record traffic numbers, and with the technology available back then the numbers were impressive, but that was in the 1990ies) I gladly did my part to set the world record. I mean, how often do you get a chance to be part of a world record, even if your contribution is only 1/8290545.

I even installed Firefox 3 :-) and for most parts have been satisfied with the result. The only complaint I have is that the installation overwrote the previously installed Firefox 2 despite placing the new version in a different directory, and sure enough some extensions were considered incompatible and therefore disabled.

Multiple Internet Explorer versions can coexist on the same machine thanks to the wonderful Multiple IE installer, can we please get an easy and automated way to run multiple versions of Firefox without fiddling with profiles?

Labels: technology, webdevelopment, windows

A colleague recently showed me a strange problem with Microsoft Office: When inserting a hyperlink in a PowerPoint presentation, one of the available options is linking to another page in the same document:



This seemed to work nicely for most slides but not for the particular slide he was trying to link to, and PowerPoint would not even show a preview in the hyperlink dialog box:



The programmer in me quickly scanned through the slide looking for “suspicious” elements, the only thing that caught my attention though was an innocent looking comma.

Turns out the comma is indeed the culprit, and the bug is well-documented in the Microsoft knowledge base: The hyperlink to a slide does not work when a comma is contained in the title of a slide presentation in PowerPoint.

Removing the comma, placing the hyperlink and then adding the comma back does seem to do the trick. Or, just don't use a comma.

Labels: technology, windows

Video cassette recorders (VCR) have a long-standing reputation for being difficult to use (searching for VCR and usability returns some 90,000 results on Google).

In the early days setting the timer right may have been challenging, and too often the program would change or fall behind and the tape would contain a different program, or a cut off film. Then came the Video Programming System (VPS) and ShowView, which made programming VCRs easy and greatly increased the likelihood of recording the desired program, and later Programme Delivery Control (PDC).

Everything seemed fine until last year when a decision was made to discontinue analog TV broadcasting in Austria and switching to Digial Video Broadcasting (DVB-T). The television system had maintained backwards compatibility with the great many enhancements over the years, from black-and-white to color, from mono to stereo and dual channel audio. This time, however, new equipment would be needed in the form of DVB-T receivers, and of course that means one for each TV set and recorder.

Our first attempt with a twin receiver bought on EBay was a dismal failure. The device seemed malfunctioning and vendor support was non-existent (more precisely, we were unable to locate the vendor, which seemed to have gone out of business). We happily lived for a few weeks without television.

Eventually we got a nice Sony HXD-870 HD/DVD recorder with built-in DVB-T tuner and at first were quite happy. Setting up the device was easy (except for the fact it did not recognize Austria as a country) and we were back to receiving and recording TV programs.

Although the new recorder supports VPS/PDC it does so only from analog sources, which are no longer available, but not from the digital signal despite the fact that the VPS signal is sent digitally as well. The new Electronic Program Guide (EPG) is convenient, but there is no way to tell the recorder to start when the program starts. Instead you can manually tweak the time range to increase the likelihood of recording the full program.

If that wasn't bad enough already, when we switched to daylight savings time, or summer time as it's called here, the program guide appeared to be off by one hour and so were all recordings. There is a timezone menu but toggling daylight savings time on and off did not seem to make any difference.

The Sony support Website was less than helpful. The only firmware upgrade was for the UK version of the recorder and fixed an unrelated problem that we hadn't encountered.
Fortunately a kind soul owning the same device came to rescue and shared instructions how to overcome this bug by switching to a different time zone and then rebooting the recorder. We have since been running on Helsinki time and had mixed success in recording programs.

With all the advances in technology and three-letter acronym features, we are essentially back to the functionality in the early days of video recording, manually setting times and hoping for the program to stay on schedule.

Why can VCRs not just work?

Labels: technology, usability

Time has come to say Goodbye to my Silicon Graphics Indy workstation. It has been a difficult relationship for years, and I finally offered my Indy on EBay.


Introduced in 1993, the Indy for a long time was the workstation to have, powerful and good looking, too. When EuNet, PING and Computerwelt offered a fully equipped Indy workstation as the reward for the best Austrian Website, my good friend Peter Wansch and I submitted The WWW Entertainment Package, a collection of classic board games ported to the Web from the like-named OS/2 games package that Peter had developed.

I had just learned the basics of writing CGI scripts and managed to get four games up and running. Although playing games over the Web was kind of slow in the pre-JavaScript, pre-AJAX era the gaming site was very well received and generated both lots of traffic and nice feedback from gamers around the world, too. We asked people to register for free access, we made it easy for them to vote and we spent a considerable amount of time answering e-mails and encouraging games to vote.

To make a long story short, we won. In hindsight, we had a pretty good Website that was actively used and would continue for years, but some other submissions were pretty slick, too. I guess we didn't just win for having the best product, we won because of good marketing.

The news reached me while participating at the WWW3 Conference in Darmstadt and while I had been hoping for this when it happened I could hardly believe it—we did it!

What followed then was a huge disappointment. We learned that we would not receive the machine at the official ceremony at Café Stein but only a few weeks later, and what's worse in a different configuration: The 5 GB harddisk that was originally advertised may seem small today but would have been perfectly adequate back then, what we got instead was a machine with a much smaller harddisk, barely sufficient to hold the base operating system and multimedia tools, and no CD-ROM drive to install software from.

Filesystem                 Type  kbytes     use   avail %use  Mounted on
/dev/root                   efs  439704  408189   31515  93%  /

Now the Indy came with great connectivity already, including Ethernet and ISDN ports, only my home office had neither and upgrading the machine with more memory, a larger harddisk and a CD-ROM drive (from Silicon Graphics only, others would not boot!) was too expensive an option. We could have sold the Indy, probably for a good price. Seriously though, if you got an Indy, would you sell it? (Don't answer, please.)

So for many years this marvel of technology has been putting on dust and remained unused. When I booted the Indy today it started up nicely, only issuing one warning message: “WARNING: clock gained 1856 days”

The auction has a few more days to go and already has six bids. It is about time that someone starts using this machine, and time for me to say Goodbye. It has been a difficult relationship, and yet I will miss this electric-blue colored pizza box.

PS. At the age of fifteen the Indy is still a modern computer. For some really old computers, have a look at the Old Computers online museum.

Labels: personal, technology

While standing in line at the supermarket today, I overheard a lively discussion between the cashier and a customer who complained about not getting the discount price advertised on the rack.

This supermarket chain runs a fairly elaborate customer loyalty program, with some discounts applying only to members of the program. There used to be some problems in the past with keeping the signs and the computer systems in sync but not this time. There was no technical problem here, just an oversight on the customer's part.

The customer eventually agreed that the discount wasn't applicable, since she was not and did not want to join the customer loyalty program, and decided to return the tomatoes, mumbling something along the lines of "Everything is getting so much more complicated, no wonder that this world blows itself up."

Now I wouldn't consider the customer loyalty program a serious threat to the world, and actually enjoy the benefits offered, although it means knowingly giving up some privacy in exchange for discounts. (I will gladly post my grocery shopping list here too if someone is interested :-))

Scanner cash registers and storing membership information electronically on the ATM card are certainly vast improvements in usability and convenience over the old manual cash registers (I do remember checking my weekly grocery bill for errors back when I was a student, a rather slow process given the long list of just prices, but it was worth the effort more than once) and collecting discount coupons.

Those of us working in a technology industry should remember though that not everyone will want to or have the ability to adopt new technologies, and those who opt out must not be left behind.

Otherwise, this world will blow itself up ...

Labels: technology, usability

Tavis Ormandy has posted a potential security exposure with DNS entries for "localhost" in zone files on Bugtraq. While the impact of this exposure seems minimal, I would rather err on the side of caution, and this should be fairly easy to fix.

"localhost" DNS records in a domain should not be confused with the ".localhost" TLD defined in RFC 2606 Reserved Top Level DNS Names, and should be configured on nameservers. I haven't been able to find a requirement in the RFCs to have a "localhost" entry in a domain, nor can I think of a compelling reason for keeping the entry as long as nameservers for a domain are properly configured to handle queries for "localhost.".

RFC 1912 Common DNS Errors explains how to configure the localhost and 0.0.127.in-addr.arpa zones:

The "localhost" address is a "special" address which always refers to
the local host.  It should contain the following line:

           localhost.      IN      A       127.0.0.1

The "127.0" file should contain the line:
           1    PTR     localhost.

and recommends to not define "localhost" with the domain name appended.

Thoughts on removing "localhost" from zones, anyone?

Labels: security, technology

Choosing a hosted service for blogging was a matter of a few minutes, and it didn't involve working through feature lists and comparison charts.

I started playing with Blogger and within minutes had a basic template and publishing to my Web server working. The template language looked sufficiently flexible, and the backing by search giant Google made this an attractive choice too.

WordPress would have been next on my review list. The hosted options are probably comparable, with WordPress offering some advanced features for a fee. Anita Campbell has published a great article about moving a blog from Blogger to WordPress, citing a number of good reasons why the latter is a much better option, although Blogger was “simple to set up and use”. Good enough for me.

One minor limitation I noticed is that Blogger only creates a single XML feed but no category feeds, which can be created easily using the rich Blogger data API.

The only complaint I have about Blogger is the incorrect rendering of ampersand and angle quotes:

• Ampersand: &
• Angle bracket open: <
• Angle bracket close: >

They are represented correctly as entities in the XML feed, but rendered as plain characters in the HTML version. This looks like a bug that should be easy enough to fix.

Labels: google, technology

When we spent our summer vacation in Sicily in 2004, I often wondered why some road signs in Sicily listed detailed information about the relevant laws and even the specific section and paragraph of the act.

Since 2006, the immission control act Immissionsschutzgesetz-Luft (IG-L) has been enacted in Austria, which allows authorities to impose certain restrictions on production facilities, traffic, and outdoor combustion to reduce immissions when pollution thresholds are exceeded.

The act requires that immission control related speed limit must be signposted with reference to the act. On previous trips between Vienna and Salzburg I had complained about the unnecessary distraction by additional signs; after all I don't usually care why a speed limit has been put in place, although there is evidence that drivers are more likely to adhere to environmentally motivated speed limits (source: Luftreinhalteplan Stuttgart), and lower speeds generally mean lower emissions (source: Land Tirol: Tempo 100).

One set of road signs around Linz looks especially bizarre: a combination of lifting the 100 km/h speed limit and introducing a 100 km/h speed limit for immission control, and vice versa in the opposite direction.

Recently some of the roadsigns were replaced with large over-the-road displays which allow for dynamic speed limits depending on weather conditions, traffic flow and pollution levels, which is goodness. I wonder though how many drivers will have a clue what the big white letters IG-L next to the speed limit signs mean ...

Labels: technology, travel

So I have finally started my blog. While the blogosphere continues to grow at an amazing speed, some bloggers of the early days have already switched back to a static homepage they update every now and then, or gone completely offline.

Why now? No particular reason really. I have been playing with the idea of creating a blog and have written up a few blog posts locally without publishing them, just to see how I liked it and what I would have to say. (A few of those early secret blog posts still sit on my hard disk and will eventually show up here retroactively.)

Looking back, I first maintained plogs (for “paper logs”) some 20 years ago when Andrea and I were traveling around in Europe by train. Each of us would write down the experiences of the day, where we went, what we liked and disliked, just about anything that came to mind, in a small booklet. When we were both done with writing, we would read each other's notes, which was great fun.

The intended readership of these plogs was one person. The esteemed readership of this blog may be about the same size currently. By coincidence, Bernhard just started blogging too, so that makes us two late adopters and ensures each of us has at least one reader. Onward.

Next, there was a technology decision to be made: install blogging software or use a hosted service. Ed Costello had shared his experience with getting Movable Type working on pair Networks servers, reading through the steps and given that I wasn't planning to spend more than an hour or two in getting things running I chose to go with a hosted service, Blogger, and have been pretty pleased with it.

Labels: personal, technology

DNS blacklists (DNSBL) provide information about characteristics and past observations of IP addresses and have been used in filtering spam for more than a decade. In short, a spam filter may check one or more DNSBL services to determine if the network address from where an e-mail is delivered is trustworthy or suspicious.

Besides listing addresses of known spam sources or virus-infected machines, there are lists for criteria such as network type (dial-up/cable/DSL) and configuration issues (open relays, RFC non-compliance).

One of my colleagues recently had e-mail to a client rejected by their mail gateway with the error message "554 Your Host 32.nn.nn.nn was found in the DNS BlackList at uk.countries.nerd.dk."

When he asked for help with this, my first thought was that one of our addresses had, rightly or wrongly, been listed as a spam source. However, after looking around countries.nerd.dk it became clear that the recipient was blocking all mail that appeared to come from certain countries according to the countries.nerd.dk database despite the disclaimer on that Website that "countries.nerd.dk is NOT a list of spammers, it is an IP-to-country DNS mapping service."

What's worse in this case is that the mapping was incorrect: The whole 32/8 netblock is declared to be based in the UK: "32.0.0.0/8 :127.0.0.2:Your IP is in uk, rejected based on geographical location". There may be some UK based addresses in that netblock but others are located in North America and possible other places too, and similar geographic mapping services managed to get the location of the particular mail server (almost) right.

Although many open source and commercial mail filters rely on DNSBLs, there has been valid criticism, and even lawsuits against DNSBL operators. The main concern I have is that administrators may rely on a single DNSBL service to mark messages as spam and reject them without understanding the service's reliability and limitations.

Labels: spam, technology

Last Wednesday, my home office phone line all of a sudden stopped working. The telecom provider tried to reset devices along the route to my home to no avail, so they promised that someone would look into the problem and call me back within 48 hours (on my other line, of course).

Time went by, and at Friday night nobody had called, and my phone line still was not working, so I called again. After enjoying some 20 minutes of "All service representatives are currently serving other ..." I spoke to someone who admitted that nothing had been done about my problem, and nothing could be done about my problem as it was now out of hours and technical staff would be back on Monday morning, I would get a call.

You probably guessed the response when I called again Monday morning, the problem ticket was still untouched and we scheduled an appointment for an on-site check this morning. My phone line was still dead and my mood had shifted from annoyed to resigned already. Around 2 a.m. in the morning, just about before going to sleep, for some reason I tried one more time and—my phone line was perfectly fine again! (This is like me feeling much better already when I have an appointment scheduled with a doctor, all the symptoms just go away and I question the need to see the doctor. Electronic devices seem to work the same way.)

The one week phone outage had a positive side effect though: Desperately trying to regain the convenience of a desk phone with a headset and a mute button, I successfully connected my mobile phone to my desk phone via Bluetooth. To my great surprise, this works perfectly fine. I can easily accept mobile calls on my desk phone, and choose between land line and mobile phone for outgoing calls ... nice!

Labels: technology

After several months of battery problems I finally had my Nikon D80 repaired; late autumn seemed like the perfect time, not much outdoor activity and photo shooting opportunities any more, and we had most family visits in October already and I definitely wanted the camera repaired while still covered by warranty. I recently got my camera back with the electrical system repaired, and so far it has been working nicely again.

Today I picked up some photographs which I had taken with my old Minolta Dynax 7xi SLR on November 1, and what can I say, I was very pleased with the results. Not that the D80 is a bad camera, it is an absolutely fantastic piece of technology, fast and easy to use and absolutely suitable for taking great pictures, but there is something about photography the old-fashioned way too besides the differences in resolution, dynamic range, depth of field, etc.

First, with film you don't end up with dozens of very similar pictures because you only take the one or two that look most promising. There are probably as many good pictures in the gigabytes of digital cruft accumulated on my hard drive, only they are harder to find and who really goes through and cleans out all the not-really-that-great-but-still-acceptable pictures taken digitally?

Second, there is the lack of immediate feedback which helps. Yes, that's right. Admittedly, I did miss the nice bright screen showing me what the picture looks like when I shot on film, so I had to make an effort to get everything right instead of going through several iterations, trying to judge picture quality from an LCD screen.

Third, picking up photographs at the store, flipping through prints which bring back recent memories is a ritual I have become so used to after more than two decades of doing it that I do miss it.

(If you want to know more about the technical aspects, Ken Rockwell has written a great article Film vs. Digital explaining pros and cons, with some eye-opening crops of analog and digital photos. Norman Koren has even more technical details in Digital cameras vs. film although the Website has not been updated in years.)

Back in 1998 John Patrick, then IBM's Vice President, Internet technologies, in his keynote speech at the WWW7 conference in Brisbane talked about how Internet technology impacted our lives and would change expectations. If memory serves, one of the examples he mentioned was the 1 hr photo lab and that people would not be willing to wait for a full hour to see pictures, they would want them right away (and students asking for a T1 at work, too).

Less than ten years later, broadband connectivity is widely available and is cheap, or sometimes free, photography is mostly digital and there are few labs offering decent film developing these days.

Neither would I want to go back to 56K dial-up at EUR 30 per month plus charges per minute, nor would I want to pay per picture (prints for a single roll of film cost another EUR 30), nor would I want to miss the convenience of my digital camera, despite my nostalgic, misty-eyed views.

Labels: photography, technology

The amazon.de Web site has had a problem which has bothered me for some time: The search field on the homepage rendered at about half the usual height and text appeared invisible or white on white, so it was impossible to see text:



It wasn't that bad, I am a pretty solid typer and got the search terms right without seeing what I was typing, most of the time; still an inconvenience when trying to modify a search term, especially when the site starting redirecting search responses to addresses that no longer contain the search term, but not bad enough to spend time figuring out what was causing this.

Today one of my colleagues mentioned that he had found a solution to the problem: the PHONETIC.FON file seems to be the culprit, and indeed renaming that file has solved the problem nicely:



(A quick search for PHONETIC.FON sure enough turned up a page Why Do My Fonts in Netscape Navigator Look Funny? in the Netscape Unofficial FAQs.)

Labels: technology, webdevelopment, windows

Samsung deserves credit for smart advertising. Countless times I have spent hours at an airport, desperately crowding around the few power sockets in the wall with a bunch of other folks charging their cell phones, laptops and media players. I even got to the point of bringing warning signs to place around the cable since for some reason the chairs were never closer to the power sockets, and sitting on the floor typing for a while made my wrists hurt.

But now relief is here: I am sitting at JFK airport now, as usual traffic on the SPB was light and I am here way too early, but no more sitting on the floor, looking for power. Throughout the terminal, there are Samsung mobile recharge stations, well-designed poles with power sockets and even a small round table to put the power supplies and other equipment on. No more tripping over wires, no more fierce looks when using power for more than a few minutes ... there is plenty of power now, for everyone. The poles are effective for promoting Samsung products too: The latest Samsung mobile products are featured on the poles, at eye height, not just printed ads but real devices behind a glass cover.

When was the last time you saw advertising that was useful and looked that good?

Labels: advertising, innovation, technology, travel

So after nastiblogging about the iPhone yesterday I managed to get my hands on an iPhone when I was at the Westchester mall yesterday afternoon. What can I say, I still think that the poor battery design, the lack of high-speed Internet connectivity and the limitation to one carrier per country make me think that this isn't a cell phone I would want. But it does feel very, very good. The user interface is amazingly simple and straightforward, no long-winded multilevel menus, no key sequences to remember, the browser works well and rendered www.ibm.com nicely, including the recently added dynamic components. The touchscreen keyboard works pretty well for text thanks to error correction (but otherwise requires some practice and probably even then it won't match the speed of a tactile keyboard).

Labels: technology

The New York Times has two entertaining videos by David Pogue about the new iPhone, the pre-release The iPhone Challenge: Keep It Quiet and I want an iPhone.

What is all this hype about? I guess it holds true that good design is still good business, and Apple certainly knows good design, at least when it comes to user interfaces. Not allowing the user to extend the device or even just change the battery may follow the Apple philosophy that users don't need to care what's inside, but requiring customers to send in the phone, wait three business days, pay $85.95 to get the phone "repaired" as Apple calls it and have all your data deleted during that process is not good design.

Dear Apple folks, please try harder!

Labels: technology

While sitting at Vienna airport and waiting for my flight to New York, a newspaper article about a security startup caught my attention: The Swiss company Wabisabilabi has established a market place for security exposures with the intent to give security experts "fair compensation for their discoveries".

Googling for the easy to remember company name (Vienna airport now has wireless connectivity and unlike other airports this is offered for free, nice!) I stumble across a good number of articles which sound very similar to the press release, I mean, article I just read ... becoming the EBay of zero-day exploits, finally a market place for security issues.

The first two search results are obviously the new site that's going to make the world more secure. Not that they have figured out how to give pages meaningful titles yet:

On to the press release at https://www.wslabi.com/wabisabilabi/news.do -- mistakes happen but finding a typo in the first press release of a company looks odd. Equally odd is their math: "Recently it was reported that although researchers had analyzed a little more than 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be as high as 139,362." Exactly 139,362, huh?

Not much information about the company either, looks like a British Limited company although there is no company registration information on the site (or at least I haven't found it). I guess I will sign up anyway and see what they have to offer.

Labels: security, technology

Apparently IEEE offered some incentive last year for renewing the membership before year end which I had completely forgot about, or not even noticed when I renewed my membership. This morning I received a friendly invitation to claim my free eBook:
"Because you renewed your IEEE membership by Dec. 31, 2006, you are eligible to download an IEEE-USA eBook at no cost!"

Nothing terribly wrong with this, although I wonder why it takes an engineering organization 178 days to send an e-mail with a download link.

Labels: technology

The battery problem I had last week is back and occurring with increasing frequency, so apparently it wasn't the lens mount. Nikon support suggests to have both the camera and battery checked, which probably means a few weeks without the camera. It may be faster to get another battery first (I need a spare anyway for traveling) and see if the new battery works any better.

Labels: photography, technology

So far I have been pretty happy with my Nikon D80, but a weird problem has started to show up more frequently: At first the battery appears full, then after taking one picture the battery shows as almost empty and the camera refuses to take pictures. Turn the camera off and on, and the battery appears full again ... pretty annoying.

Google doesn't find any reports of exactly this issue, but some Websites suggest that this may be a problem with the lens mount. For some reason the lens waggles a little and seems to have been in awkward position causing this behavior, and joggling the lens seems to indeed resolve the battery problem.

Now the lens shouldn't waggle in the lens mount but that's a different story ...

Labels: photography, technology