Saturday, August 26, 2006

Surfer magazine picturesque web promo works

Surfer magazine has started using an excellent promotion channel to
get people to link from their mags to their web site... many of their
inspired wave double spreads have been provided as desktop backgrounds
with the link discretely advertised in the corner of the page.

Why should this idea be limited to pics of waves. Wired mag is full of
inspirational, thought provoking artwork and pictures, every one of
them an excellent opportunity to build the readers association/
loyalty...

My only request. Keep the promotion to a minimum (IE a little
reference or copyright in the corner) no one likes to feel like their
monitors desktop is an advertising billboard.

Wired Magazine as paper... yes.

I discontinued my subscription to Wired because it got tangled in my
mail and triaged as does all my mail into specific time slots...
picking up an issue at the corner store somehow has more of a sense of
occasion.

Interestingly, I always spend more time in one session looking through
the paper version than I ever would looking at the RSS feed for the
Wired online. Even more interesting is the fact that the focus the
paper version lends to each article means that the full import of a
story or a new idea is felt so much more strongly. The commitment to
the time to thumb through the magazine results in a more thoughtful
open minded perusal by the reader.

The music industry… past, present and future

I'm no expert but I think the music industry started when Edison
recorded the first vocal performance by an opera singer. But that's
technology. The industry as we know it has always been about control.
Control of distribution, the talent and promotion (i.e. the way people
hear new music).

This all worked very well when the promotion channels were few and
highly subscribed. Two or three regional radio stations, three or four
television channels and talent eager to sign the next ten years of
life away for the opportunity make it big in the next year. This all
added up to maximum profits at minimal cost and high efficiency in
distribution and promotion.

The excellent book "The Long Tail" proves that with more diverse media
promotion options (take MySpace by itself) and the ability for talent
to self distribute, the industry is facing a sharply down turning
future.

A few things that have contributed to the change of affairs for the
industry is the miscalculation that the MP3 file format represented an
opportunity to resell and expand their market when in fact Mp3s are a
poor cousin to Cd's just as cassettes where a poor cousin to LP's… you
have to ask how many Cd's would they have sold if they offered the MP3
versions for an extra dollar or two and included them on the CD? How
much goodwill would they have generated?

Another bad choice in my mind was to not get in quickly with an MP3
based album format including digital sleeve and liner notes. In the
mid 90s I remember seeing a digital album format done by a mob from
South Africa… it was really cool and could easily have been integrated
into the popular players of the day. On this point I think they really
missed the boat.

Now onto a touchy subject… singles. Most musicians hate singles.
Albums capture a body of work. A time in the bands life. They help
songs grow on you. Take Led Zep 4. Rock and Roll grabs you. Levee
breaks pounds. Stairway.. well. But how many punters have all of these
in their play lists, yet in context they say so much about the music
of that album.

Lastly lets look at copy protection (including DRM). A dirty subject.
Yes, only because of how it was used. Either to stop the CD to MP3
onslaught, or to try and get people to pay yet again for a CD they
only bought a few years ago by re-releasing in MP3 at no greater gain
in fidelity. Its such a temptation to use technology to force
customers to pay again.

Maybe DRM enabled music would be entirely dominant if the music
industry wasn't completely arrogant in its use. Firstly, if DRM
enabled versions were transparent to use (i.e. self registering) and
easily accessible (i.e. on the CD alongside the Redbook audio
versions) the whole confrontational mp3 thing could have been avoided.

Secondly DRM can be set with softer, kinder policing settings so that
people could copy their music to as many devices as they would
reasonably own and only stop massive copying when 30 or 40 copies
start appearing at diverse and disparate locations… such tolerance or
as we call it at Uniloc "throttling" is a no-brainer.

Phew. Sorry to be so long winded but its an important subject to me.
The future? Every day it looks less and less likely that the record
industry as we know it today will be there.

Thursday, August 17, 2006

Dr Dobbs lives

When I first started Uniloc back in 92 I remember somewhere along the
line picking up a copy of Dr Dobbs, the programmers programmer
magazine. After making the rounds of all the usual technology haunts
(slashdot etc) I'm back at the trusty Dobbs website now as
authoritative as ever.

Just wish they'd allow custom search with RSS feed as the subject
matter of the site is so diverse and low level it's hard going using
the category RSS feeds to find articles and news that I'm really
interested in...

Monday, August 14, 2006

Brute force attacks focussed on small to mid size companies

CIO India notes:
CIO India - More 'Brute Force' Attacks on SMBs, says Security Software Vendor: "'Prior to this, what we noticed out there being directed at mid-sized companies was the more broad-based sweeps or scans, which means that there were certain well-known vulnerabilities that were being targeted, but they were being broadly targeted,' Smith said. 'That means that the bad guys were broadly sweeping a bunch of companies ... for these general vulnerabilities and when they found those vulnerabilities they would find a way in.'

Now, however, hackers are targeting their attacks at specific services like File Transfer Protocol (FTP) and are employing the brute force password cracking technique, Smith said."
This growing problem is a big for us at Uniloc... one idea we are really exploring is an adaption of Apples old keyring methodology. The idea being one unlock code that unlocked a "keyring" of other passwords. In Apples case it was an ingenious way of storing network logons and passwords.
 
In our version of the above we are using the keyring psychology to manage extra long passwords for everything from bank accounts to network logons to customer accounts on merchant accounts. The concept is fairly simple but the solution is harder to execute in real life... but we are making progress.
 

Sunday, August 6, 2006

Where did Cyclical Unlock codes come from?

I was recently asked how I came up with the idea of "Cyclical Unlock Codes". Well its pretty simple association that frequently ends up being the inventors best friend.
 
To start off there has been a school of encryption called "compound encoding" where rather than applying an encryption algorithm to individual chunks of data at a time, the data itself is used to encrypt the next chunk of data. This means that you really don't know if you have decrypted any data until you have used the reverse algorithm pretty much to the whole chunk of data you want to protect.
 
Cyclical unlock codes is the same idea where the first parts of the unlock code are used with different algorithms as the code is built by the computer to make the relatively short length of numbers (which is more convenient for a human to use and repeat) much more secure.
 
So there... simple... it does sound complicated doesn't it.

Boing Boing: Circuit City offers DVD ripping service

Boing Boing: Circuit City offers DVD ripping service: "A Circuit City store is offering 'DVD transfer service' to an iPod at $10/disc. This seems like a natural service for a store that sells iPods to offer, except that ripping DVDs is illegal under the Digital Millennium Copyright Act (DMCA). It's not that making a copy of your DVDs for your iPod is illegal -- that part's all right. It's breaking the flimsy anti-copying locks on a DVD that's against the law -- the DMCA prohibits breaking any lock, even if you're doing it for a lawful purpose. Link "

Yet another example of why anti-piracy measures need to be more intellegent. From the beginning we at Uniloc have opted for "fair use" capable version of copy control software. For example should you be able to let your Dad see a movie you recommentd to him via broadband? Yes. Should he have a copy that he can share with others? No. Thats fair use... common sense. Unfortunately DRM has become the means for content owners to charge you a new license for every device you want to use for playback and that's plain wrong.

Larry Brilliant on Smallpox, SARS and bird flu

Larry Brilliant on TED Talks:

"TEDPrize winner Larry Brilliant is an epidemiologist who presided over the last case of SmallPox on the planet."

Includes success factors and strategy of eradicating Smallpox as well as polio (5 countries left to go) as well as estimations on what will happen when Bird Flu strikes... estimated to happen within 3 years.

Suns CEO's blog is interesting read

Today his blog featured:

"Lunch with Prime Minister Tony Blair...
I had lunch with Tony Blair today. (And yes, I have been waiting all afternoon to type that.) "

Full of interesting tidbits like that SUN's first two letters refer to Stanford University (alluding to the link between innovative companies and universtities in close locale, and a survey of all the CEOs visiting with the PM... all of them where public shool educated.

New threat from 'suicide' virus | Tech News on ZDNet

ZD Net reports from Australia:

"According to Denehy, techniques used not only include 'the obvious ones' such as encryption and rootkits but also 'compression bombs'--which are compressed files that try to make life difficult for forensic tools by attempting to expand to an infinite size when executed."

This is a new twist on a strategy that has really not been exploited fully by hackers, that of impersonation of legitimate applications. Anti-virus tools use checksums at differnet locations in a file to assess the legitimacy of a file against known results from verified software. If this procedure is known then hackers can get their malicious software to look, feel and act like legitimate software.

Saturday, August 5, 2006

SightSpeed - worthy of a Skype rethink?

Just when I am really settling in on using Skype along comes Sightspeed.

Why consider it?

The video images are very smooth and... "Create video clips and post them as Video Blogs!" they even host your videos with links to blog them. I dont know whether its time for you to see my beak on this page yet, but it sure makes things interesting... kind of like an automated videomail to youtube to blog play. Very interesting.

Skyping from hospitals - Skype Blogs

The Skype Blog states:

"The Estonian daily Postimes reports that Estonian hospitals are increasingly equipped with wifi networks so that the patients can use their time at hospital productively with a laptop."

I have a family member going in for an extended stay and it would be great to say hello via Skype rather than doing the call in/ extension/ nurse thing... what a great idea... tip-o-the-hat to Estonia.

Stealing Free Wireless

Bruce Schneier makes the following comment:
"What do you do when you find someone else stealing bandwidth from your wireless network? I don't care, but this person does. So he runs 'runs squid with a trivial redirector that downloads images, uses mogrify to turn them upside down and serves them out of it's local webserver.' The images are hysterical. He also tries modifying all the images so they are blurry."

What we really need is a simple tool in our tasktray that tells us when a new computer comes onto our network, gives us a look to see who it is and lets us blackban them or not.. simple... I feel like getting someone on rentacoder to do it right now.

Hackers Add Ajax to Bag of Tricks - Network Security - NewsFactor Network

It had to happen. Newsfactor reports on new AJAX hacks that are showing signs of hacking exploits:

The hot new technology behind slick Web pages has suddenly become the hot new tool for cybercriminals. The technology, Ajax coding and Web tools, enables popular Web sites such as Google Maps and MySpace.com to come alive.

Brute force attacks. Current estimates.

This page shows the current state of the power required to brute force attack passwords of verying lengths.
http://www.lockdown.co.uk/?pg=combi&s=articles
Things are hotting up very quickly.

Ray Ozzie... a breath of fresh air

What big shoes Ray has to fill at Microsoft, now being one of two replacements for Bill Gates as technical lead for the company.
He is promoting interesting concepts such as an intellegent clip board for exchanging data over the web. It could make exchanging data on the web as easy as exchanging data between apps using the desktop clipboard.
 
His blog is at:

Friday, August 4, 2006

Testing... one, tsoo... one, tsooo

Ever since we revamped the company website weve been talking about putting up an official Uniloc blog. And now, less than 10 months later, voilĂ . Oh well, we are only a small team. But I guess other Unilockers have been a little busy.

Anyway, I'm happy the blog's up. We're going to post some good stuff here - regular blog things: What we had for lunch. What the weathers like in southern Orange County. And perhaps, news about Uniloc, and our thoughts on whatever crosses our horizon. Oh, and we have email feedback too. So we hope to hear from you, as well.

Ric Richardson
Blog Evangelist and Uniloc Founder

Microsoft Windows Genuine Advantage and upgrade to Windows Product Activation (WPA)?

This article from Arstechnica writer Ken Fisher quite rightly positions Microsoft's new Windows Genuine Advantage program as an upgrade to Windows product Activation.

The guts of the change are that it appears Microsoft has decided to implement phone home constant monitoring of the license state of your PC.... Basically Activation with automated checking at intervals set by Microsoft.

Two major problems seem to be floating to the surface as the story progresses:

  1. People are tagging the system as Spy ware and quite rightly since the user is never asked permission to contact Microsoft... the communication takes place in the background without the users consent which is by definition spy ware and ;
  2. The tolerance schema Microsoft is using seems to be constantly trigger false positives meaning that the software thinks it is on a new machine and is asking the user to re-activate in a wildly disproportionate rate of occurrence.

Both problems can be linked to what may be a intentional decision to tighten up Microsoft's license policy. If tolerance is set too tight then every little change in the hardware is assumed to be a new PC rather than someone doing a peripheral upgrade... and the new found demand to know if you are licensed or not at any given time of day or night also is a side product of a much more aggressive attitude to casual copying.

Interestingly from my perspective this is all directly linked to Microsoft's short length unlock codes... let me explain...

One of the best ways to get a free copy of Windows is to brute force the unlock code using over-the-phone activation. Basically this means someone sits with a script that tries every combination of unlock code until one works... viola! Then all you need is to distribute the Windows serial number and the unlock code and you have a free copy.

This works as long as the software never communicates with the server to check how many licenses are activated against the serial number... as soon as the server sees that the unlock code has been abused, the game is up... thus Microsoft's new phone home system!

We solved this problem some time ago at Uniloc when we invented cyclical unlock codes... by making the unlock codes for over-the-phone activation far more complicated without making it longer we avoided this spy ware nightmare and also limited the overhead of the continual communications that the new WGA system entails.

Wednesday, August 2, 2006

Own your own last mile to the web

Robert Cringely hits the nail on the head this week by suggesting that communities band together to get their own fiber connections to their home... cutting out the Telco's/ cable companies... so true... I have been waiting for 6 months for fiber to arrive at my place deep in the heart of orange county and still wait to be charged $75 per month when according to him I could be paying less than $20 per month to get my own connection... where do I sign up?

Vendor liability for ignoring patents... who should pay?

Wired writer Bruce Schneier makes this valid point:

http://wired.com/news/columns/0,71032-0.html?tw=wn_index_23


"Make Vendors Liable for Bugs Security Matters" Security is at its best when those with the capability to fix security holes are also the ones who get hurt by them. Surprisingly, this isn't the way it works now. Commentary by Bruce Schneier."

But why stop there... what about legal liability? What if the vendor is knowingly abusing a patent protected technology? Can customers of such a vendor take out a class action suit? Should end users really be expected to find out if the product they are using is infringing a patent?
Any comments?

The noble spirit behind patent laws

Patents... legal jousting and intellectual corporate power plays are what comes to mind but... whatever happened to the original ideal... namely a guy/ girl comes up with a valid new idea and the government does the right thing in protecting their right to make a living from the invention without letting all comers just steal the idea and leave them in the dust... especially is this the case when the one wanting the idea for their own is a corporation with consolidated funds and manpower of thousands of investor and employees...

The other fly in the ointment is that the idea of an inventor taking their invention from concept to mass sale is increasingly unrealistic... with the specialized skills and large resources needed to be competitive in any of today's markets, the inventor can at best expect to get the idea into a commercial product and either sell it to a distribution or roll out partner and stand aside while hopefully retaining some equity in the products future success....

Somewhere in all this there is a simple guiding principle... inventors should not use the government to enforce a monopoly that can dictate any price it wants on industry and consumers (assuming the invention is just that indispensable)... on the other hand if someone or a corporation intentionally ignores patent protection, then they ought to be treated as criminals as bad a gang that breaks into a jewel shop to steal diamonds... unfortunately today such behavior is seen as a commercial decision not as a moral one... I promise to get off my soap box for the next contribution :-)

The USPTO. An example of how NOT to do PKI...

I have started the process of getting secure access to my patent portfolio on the US patents web site... what a glorious pain in the rear this is...

1. Get an ID number (by mail with apdf form to fill out)
2. Get a notorized application for a PKI certificate... more mail and pain
3. Use two seperate passwords emailed or physicallly mailed to obtain the initial PKI certificate authentication...

All this, when I can fill out one form and have a password mailed to me by most banks to do wire transfers of over 100k per transaction! What a nightmare...

BluRay Crack?

Dan Ackerman of c|net published a bit of a long shot hack to work around BluRays copy control software.

Its more like an automation/ script kiddy outline that shows how to exploit BluRay video players on PCs that fail to stop someone from getting hi-res screengrabs from each frame in a movie and re-assembling them as a full motion video file.

All the same it won't be long before a full AACS (the scrambling software for BluRay) crack floats to the surface. Unfortunately it is a sitting target with no dynamic anchoring features.

Crossing the Chasm getting easier?

A real insightful book is Crossing the Chasm by Geoff Moore. As he suggests (and quite rightly in my mind) the gap that kills a lot of companies occurs between the tail end of the early adopters and the beginning of the early majority in the marketing bell curve.

After spending a bit of time grappling with the impact of blogs and web news it occured to me that early adopters can reach and influence so much more of the early majority customer base that it theorectically means that Geoff Moores "chasm" is on its way to closing... As a tip-of-the-hat to Mr Moore it is probably true that the world has become more geared to niche customer groups and the days of mass marketing are numbered.

That being said it may also be true that if you can get and keep the attention of a small but strong group of vocal early adopters, you are bound to make it all the way to the lucrative early majority stage of the curve without falling into the chasm that swallowed many a fledgling company just a few years ago.

Tooing and froing with Seth Godin

Earlier today new age marketing guru Seth Godin kindly entered into a cycle of emails to try and convince him to add his considerable insight into some of Uniloc's developer relations campaigns... what amazed me is his responsiveness. He often got back within hours and sometimes minutes, even responding at 2 in the morning (ie 5 his time). How does he do it? That level of commitment to responding to people must really generate a lot of goodwill for him. At first I thought he must use ghost writers but every answer rang true of him... truly amazing.

Caddy + Led Zepellin + Visit = Sweet

Earlier today I received word that the brains and instinct behind GM's Caddy/ Led Zep adverts is paying a visit to Uniloc in the near future... it will sure be interesting to see what that kind of instinct does with some high technology.

For those of you like me who connected with the idea of a Caddy interupting a ballroom full of Mercedes to the tune of Led Zeps Rock and Roll, here is a link to the video.