Колумни

[vardarce]

Тука ќе можете доколку сакате да пренесувате колумни од вашите омилени колумнисти. Јас ќе ги пренесувам колумните на англиски затоа што немам време да ги преведувам, ако некој има желба и време може слободно да ги преведе.

John C. Dvorak

Pathetic European Attack on Google and the Net

For all practical purposes, Google, Yahoo!, and MSN are doing the online publishers a huge favor by expediting the personal research and discovery process, as will anyone who wants to get into this game in the future. This is hardly "helping themselves."
Google makes money by operating a complex software system that includes a specialized ad server. And it needs to spend a lot of money in overhead to sell those ads, too. This is not a free ride. So what's really going on here? Isn't this really about Europeans' simple jealousy and resentfulness? Google is an American company. Yahoo! is an American company. AOL is an American company. Microsoft is an American company. These companies control search worldwide. Balsemão and the Europeans hate the situation, and this is one time they cannot blame George Bush. This time it's their own sluggish reaction time and lack of vision that allowed this situation to happen.
This complaint does point out that the copyright laws are flawed and old-fashioned, though. And these laws must be fixed. By some interpretations, caching a New York Times article on your hard drive is a violation of copyright law, but since the The New York Times is online and the browser in conjunction with the operating system does this caching for you, how is the individual responsible? Should Microsoft be sued for an ongoing broad-ranging copyright breach? Balsemão probably thinks so.
Since every judge in the world probably uses Google to get his work done efficiently, you can be certain that nothing will come from these complaints. Although you never know. I wouldn't be surprised if someone in Europe began to demand that Google be nationalized.

In fact, it's too late for these sorts of complaints. And this particular Balsemão complaint is stupid, naïve, idealistic, and counterproductive. In fact, it's reactionary. How many people who use computers in the 21st century go a single day without hitting the Google site once or twice?

Извор


Is Microsoft Up to Some New Tricks?

This is the week that the Microsoft Xbox 360 game console goes on sale. Whether the new Xbox finally topples Sony from its perch of console domination remains to be seen. The final results may be determined solely by the marketing departments, and it does look as if Microsoft may be pulling out all the stops to get as much attention as possible. This might include some new forms of dirty tricks. I cannot prove the existence of plans for dirty tricks, but if they materialize, they could mark an entirely new online marketing gambit, using reverse psychology combined with the general nuttiness of online communities. If what I am about to describe to you is actually true, then we are witnessing some awe-inspiring genius at work. Some years back, Microsoft practiced a lot of dirty tricks using online mavens to go into forums and create Web sites extolling the virtues of Windows over OS/2. They were dubbed the Microsoft Munchkins, and it was obvious who they were and what they were up to. But their numbers and energy (and they way they joined forces with nonaligned dummies who liked to pile on) proved too much for IBM marketers, and Windows won the operating-system war through fifth-column tactics.
Over time, many of the facts about these tricks were revealed, and ethical considerations have essentially removed these practices from Microsoft's marketing strategies. But what about using the opposite approach—becoming the white hat? Think about tricks used in political campaigns where you set up a phony shop for your opponent and then use that front to make your opponent look like a complete idiot. If done correctly you come out smelling like a rose—a good guy.
Thus we have the odd creation of a Microsoft-bashing site called Major Ynos, which lambastes Microsoft and the Xbox day after day, sight unseen (until a few days ago when its author actually got hold of one—suspicious in itself). When not bashing Microsoft, this guy extols the virtues of the Sony PlayStation 3, also sight unseen. Ynos is, of course, Sony spelled backwards.

Now this site is shilling for someone. The domain is registered by Domains by Proxy, so we can get no real details on who is doing the site. The supposed author is a guy named Mark Creig, who claims to be some sort of console expert and an "award-winning" journalist. There are zero images of this guy on Google and scant information about him. Any Google search shows him to be some pseudonymous character who is variously German or English or American.

Извор

 

[vardarce]

Lance Ulanoff

How Dangerous Is Wikipedia?

I have an admission to make: I have used Wikipedia for serious research. And in all the years I've been doing it, I've never really felt as if I've been led astray. Now, in light of the Chase/Seigenthaler incident, I guess I should just count myself lucky.
Wikipedia is an online encyclopedia that consists of nearly 1 million articles and has been, in large part, created by users. It has information on virtually any topic you can imagine, and—here's where it gets interesting— if it doesn't and you know something about the topic, you can create the first entry (as long as you become a site member) and basically define that subject for the Wikipedia visitors. Wikipedia editors might consider this a "stub"—something that has yet to be perused by the Wikipedia editors and doesn't contain enough information to be considered an article. Moreover, each article or record is not frozen in time. Instead, it can be added to and edited by other Wikipedia visitors—that is the very definition of a "wiki." The premise is that working together we can create an accurate online encyclopedic reference. Aside from the way this encyclopedia is built, the other big difference between it and your more traditional desk-bound volumes is that Wikipedia can include anything. So, random technology personalities such as Patrick Norton (of DL.TV) and PC Magazine columnist John C. Dvorak are in there. I'm guessing fans entered them, and then Norton and Dvorak cleaned up their respective articles. I'm only in there as an external link for Rob Glaser (I interviewed him in 2003).

While writing this, I actually edited the entry so that my name links to an archive of my columns. It took about 2 minutes.

But back to the Chase/Seigenthaler saga. According to CNN, as a joke, a Nashville man named Brian Chase created a biography entry for John Seigenthaler Sr. that described the USA Today founder as having lived in the former Soviet Union for more than a decade and, prior to that, being linked to the assassination of President John F. Kennedy. Aside from the fact that Chase, who lost his job as a delivery-service manager because of the hoax, didn't know that people actually use Wikipedia for serious research, the ease with which he created and entered a fictitious biography and the way it simply became part of the Wikipedia fabric is frightening.

Is the Chase incident an anomaly, or is all of Wikipedia suspect? My gut says the online encyclopedia is still a valuable tool, but it's only slightly less suspect that the millions of information blogs on the Web. They're filled with user-generated posts and comments, and a blog is only as relevant and, to some extent, as true as the number of trackbacks it has. So a highly linked blog is perceived as relevant, and although those who link to it may not see it as "true, verifiable information," Google will play accomplice to help the blog move up the ladder as a relevant result for the given topic. Someone searching on "Iraq War," for example, could find a blog discussion on the topic as a first-page result (Wikipedia's entry is on page 2). People who are less savvy about the Web and blogs will likely visit the blog, read it, and take the information at face value. Someone's opinion then becomes "truth."

Wikipedia, at least, is not designed to host opinion. It is supposed to be fact-based and accurate. If you decide to create an entry or edit one, you'll see this admonition:

"Content must not violate any copyright and must be based on verifiable sources. By editing here, you agree to license your contributions under the GFDL."

Still, anything built by committee has little chance of 100 percent accuracy. I spent hours crawling through Wikipedia this week looking for glaring errors. I couldn't find any.
What the Chase/Seigenthaler fiasco does prove is that people are often ignorant of the consequences of their own actions, and many learned people still have a lot to learn about the Internet. It does not, however, damn Wikipedia. Even so, the popular online research tool will need to take a good hard look at its own vetting procedures to 1) reassure the Web community and 2) prepare for the yahoos hoping to pull their own Chase stunt.

Извор


Game Zoned

I've been playing a lot of video games lately—for hours on end, in fact. It's all in the service of the Billboard Digital Entertainment and Media Excellence Awards, which I agreed to judge. The experience has taught me some things about the video game market—and myself.
For example, it turns out I have weak thumb joints. To be a truly good gamer, you need not only a sharp mind and good eyes, but fast, flexible, and inexhaustible thumbs. The more fast-paced the game, the more my thumbs hurt.
I do like a far wider variety of games than I had previously imagined. I used to say that I was a point-and-shoot guy; give me Doom or Quake and leave me alone. But the nominees in the various awards categories I judged cut across virtually every game genre. I tried them all and really liked many of them.
Looking in from the outside, the world of video games appears dominated by ultraviolent, oversexed Grand Theft Auto–style games. Intelligent and avid gamers have always known otherwise. There's a game for every taste. So for every Jade Empire there's an odd, yet totally addictive, Chuzzle. But even games like Jade Empire, Tom Clancy's Splinter Cell: Chaos Theory, and Darkwatch have dimensions that go well beyond cleavage-baring damsels and bone-crushing, head-splitting gore.

I'm not implying that the violence isn't occasionally strong and that the cleavage isn't suggestive. Most of the women in these games are built like Barbie, and people are chopped and stabbed in Chaos Theory, blown to chunky-red bits in Jade Empire, and run through with a blade in Prince of Persia. But almost none of this is gratuitous. It always plays a part in propelling the story forward.
The depth and detail of the stories in these games was another revelation for me. There are back stories in action games like Prince of Persia: Warrior Within, the frightening and fantastical in Darkwatch, and on-going stories and lessons in games, such as Jade Empire, which taught me all about Chi (apparently I don't have enough). Some stories are even true. Two games, Brothers in Arms and Delta Force: Black Hawk Down, are based on real battles 50 years apart. I did have mixed feelings about playing a game—Black Hawk Down—based on one of the bloodiest disasters in U.S. military history.
I was constantly astounded by the level of verisimilitude and quality of the graphics. Madden NFL 06, for instance, didn't inspire me because I'm not a football fan, but it's obviously a dream come true for someone who is. Even I felt the pressure as I tried to get off a pass in the face of a Denver Broncos' blitz. The stadiums and accompanying sounds made the experience as real as watching Monday Night Football (actually almost as real as being a player on the fields during the game). I also had loads of fun with the automobile smash-up game Burnout Revenge and the snowboarding fantasy SSX on Tour.

-Amazing Graphics, Simple Pleasures

Game after console game impressed me with exquisite, detailed touches like the long blades of grass that moved as one of the Jade Empire warriors passed through them. Years ago, game companies would intersperse live video segments to heighten the realism of PC and console games. For a while, B-list television and film stars would show up in these mini-movies. I remember Mark Hamill doing duty in the Star Wars knock-off Wing Commander IV.
Now, the realistically rendered 3D characters effortlessly segue directly from the setup segments (usually there to advance the story or to tell you what to do next) to live game play.
Not all my favorite games were console-based. I also judged a group called Casual Games. These are downloadable games that require 10MB to 15MB and usually aren't as full-featured, graphically innovative or enjoyable as console games. I did, however, find a couple I liked and one that truly hooked me: Chuzzle. It has no characters or avatars and is instead, as the name suggests, a puzzle. You start with a board filled with fuzzy Chuzzles squeezed together in neat rows and columns. You collect points when you find a group of three or more Chuzzles of the same color adjacent to each other. You click on any one of them, they disappear, and more Chuzzles drop into view. The longer you play, the more variations you see: oversized, locked, rainbow colored, and so on. I loved this game.
Most of the big games—console and online—offer multiplayer capabilities. They worked extremely well in Black Hawk Down and Brothers in Arms, but to my surprise it was Guild Wars that really hooked me. The online play is free in this role-playing game (RPG), and getting involved is far simpler than, say, trying to learn Dungeons & Dragons. After installing some fairly significant game software on my hard drive, I created a character and entered the immersive world in a matter of minutes. Before long, I was meeting other players and getting sage advice and direction from the game's built-in guides. I successfully battled Lake monsters but was later killed by a berserk black bear. Unlike some RPGs I've tried, dying in Guide is no big deal, and I was back to life in an instant.

-Weird, Odd, Bad

My gaming experience did have its share of oddities and disappointments. One category I judged, Advergames, was filled with both. These games are designed either to promote a brand or to create a brand extension. Of all I judged, two stood out.
Watch Me Change, developed in conjunction with Fuel Industries, let me create a 3D man or woman (I could even control facial features, eye color, and body type and proportions), dress them in Gap clothing, and then have them perform a striptease right down to their skivvies, all the while doing an awkward, comical dance. You're supposed to package up and send off these electronic strip-o-grams to friends. I found the whole concept kind of weird and gross.
The award for trying too hard and still failing has to go to AXE. The company creates a MojoMaster game that lets you build and use your "mojo" to try and pick up a collection of hot, overdeveloped, 3D women. The game is incredibly complex and also unbelievably stupid, but then this is the company that brought us ads featuring men getting sexually molested in elevators simply because they're wearing AXE antiperspirant.
The awards were handed out last week, but who won is probably beside the point. I think we all have a lot to learn from the gaming market, where some of the biggest risks, best innovations, and strongest bang for your $40 (or less) can be found. Now pardon me while I go exercise my thumbs.

Извор

 

[Acid]

Интересно, интересно!

Само да го смениме насловот во „интернет колумни” :wink:

Се зачитав за Википедија.

 

[vardarce]

John C. Dvorak

Inside Track n24v23

Whatever Happened to 3G Dept.: It was recently reported that Motorola is staffing a wireless research center to develop fourth-generation (4G) cell-phone systems. Whatever happened to the 3G phones? You remember them. They were supposed to deliver high-speed data and we could all hook our computers to them to get on the Net. Oh, and remember all those predictions that by now most of our Internet activity would be done on the phones? Now we have 4G. I'm personally going to wait until 5G before I make my move.

Electronic Books Dept.: I've been meaning to write about the OpenReader initiative that began some time back as a way to get away from all these proprietary formats for electronic books or e-books. If anyone has wondered why electronic books have done so poorly, one of the main problems is with the software used to encode the text and make it read properly on the various devices that have come and gone. It's all incompatible.I myself have read very few long texts on a book reader or even on the computer, but there are enough people who enjoy reading electronic texts to make a market for them. But that market is not about to support a half dozen different companies selling little electronic book readers, each with its own encoding system. The result has been moribund sales. The OpenReader project will be delivering software in a few months. Follow their progress at www.openreader.org. It may make a difference.

Genuinely Interesting Software Dept.: I recently discovered a fascinating spidering program called WebCopier Pro from MaximumSoft ( www.maximumsoft.com ). It works better than any spidering program that I've ever used. One noteworthy advantage is that the defaults seem to be perfect. If you are unfamiliar with these programs, they are used to copy a complete Web site from the Internet to your hard drive or thumb drive or whatever. This is handy if you want to browse, for example, a large museum site on your laptop while traveling in an airplane. You spider the site and put it on the laptop. You'll actually be surprised by how often you'll use this program. When it cranks up, it typically opens five download channels and just grabs everything while transposing URLs so that it will work on the hard drive with links intact. It's very handy, and it's highly recommended. The best version is WebCopier Pro, which sells for $50, including a lifetime of free upgrades.

Pump Up the Power Dept.: If you're looking for an unusual wireless gateway router, check out the Bountiful Router from Bountiful WiFi out of Woods Cross, Utah ( www.bountifulwifi.com ). I was most amused by the company press release, which goes on and on about this $600 device without ever mentioning its most interesting feature. Instead of the milliwatt radio found in most 802.11 gateway routers, this sucker has a full 1-watt radio. This is the legal limit allowed by the FCC for any radio running 802.11. And apparently there are all sorts of other requirements on top of this. As far as I can tell, it took a lot of work just to get this torch approved by the government. This has got to be a fun device for 802.11 hobbyists who want to experiment with antennas and long-distance 802.11. All this may be moot if WiMAX becomes popular. WiMAX is the last best hope to unseat the telco and cable companies' stranglehold on connectivity in the U.S. Its range is in 10-mile segments. Motorola has partnered with Intel to develop mobile WiMAX. This means you could download MP3s while riding in your car! Just make sure to keep your eyes on the road. A good idea and a potential lifesaver. I was wondering when software would start to get distributed by thumb drive. You can get a lot of memory cheap, and it seems like an obvious idea to me. The product here is called RxWise. It's a program based on a database of adverse drug reactions. Millions of people take combinations of drugs that should not be taken together, and this program is one way to check on your and your family's health. Some studies have estimated that adverse drug reactions are the fourth leading cause of death in the United States. The software on a thumb drive is $39.95 and available from the Web site. Or you can skip the thumb drive altogether, and just get the software for $24 with a download. Check it out at www.rxwise.com.

It Never Ends Dept.: IBM recently showed a supercomputer, dubbed Blue Gene/L, rated at 280.6 teraflops (trillion floating-point operations per second). The goal is the petaflop or 1,000 trillion calculations per second. Japan, Inc. has already begun a program to make Japan the first country to achieve this lofty goal. But the even loftier goal set by the Japanese is 10 petaflops by 2011. One use for such computers would be to simulate nuclear explosions without setting off a bomb. Another would be to predict the weather. But I'm reminded of the old joke about the weather computer. The scientist says to the reporter, "Yes, we have invented the perfect weather computer. It can predict tomorrow's weather with 100 percent accuracy. But there's one drawback." "What's that?" asked the reporter. "It takes 48 hours to run the program," says the scientist.

Извор


Inside Track v24n22

The Technology That Will Never Die Dept.: Now the Europeans are hot and heavy into power-line networking and have established the Open PLC European Research Alliance (OPERA, not to be confused with the browser named Opera). They expect to establish a worldwide standard by the end of this year—which is quite a rush job, it seems to me. This technology has one of the bumpiest histories of anything I've ever followed, and still has not resolved its basic radio-interference problems, which occur under too many circumstances. This move seems to be an attempt to slow down the runaway success of 802.11 wireless networks that are harder for central governments to control. That's what this is all about.

Podcasting in Full Tilt Mode Dept.: While it took people some time to figure out exactly what a blog is (the majority of folks who go online still do not know), the same may not be true for the next online fad: the podcast. Named after the diminutive iPod, these are audio files that are meant to be automatically loaded via an RSS feed into an iPod or other MP3 player and appear on the playlist. They are best equated with radio shows and many, in fact, are exactly that. Lots of TV and radio shows have been turned into podcasts for downloading. Ebert and Roeper is available, as is Hardball with Chris Matthews. Yours truly can be heard on the podcast for podcast's sake show This Week in Tech (www.twit.tv). There are an estimated 50,000 podcasts available on an ongoing basis, though that number may be low. Most of them consist of guys shooting the breeze. Others are wannabe talk-show hosts. There is no one kind of show. Most of it is neither very good nor interesting. A true podcast was designed to be an attachment to an RSS syndication feed from a Web site, to which you would subscribe just as you would to a news feed. Recent research has shown that only about 35 percent of knowledgeable users can even figure out how to use an RSS feed, let alone subscribe to a podcast attached to one. The RSS scene became popular during the blog boom, as it allowed bloggers to keep track of each other's postings as they appeared. Before you knew it, there were thousands of feeds. All blogs now have them built in, and most online publications use the technology too. The problem with RSS is there are both a lot of flaky standards and earnest competitors such as Atom and other distribution systems. If using RSS isn't confusing enough, you can imagine how daunting it is to create a podcast and then get it to work with RSS so that people can subscribe to it. It was a far-from-trivial task, until the appearance of the jazzy podcasting kit that you can get from the folks at M-Audio. With a good microphone, the M-Audio Fast Track interface box, and Podifier software, you should be able to get on the air with your ramblings for around $180. M-Audio has a lot of cool stuff for musicians and amateur broadcasters too. Check out the company's Web site, at www.m-audio.com.

Backup Breakthrough Dept.: People who run small businesses know that the best sort of backup is an archival backup on tape. That has always been an expensive proposition, but recently Quantum, the leader in standard DLT tape backup technology, released a sub-$1,000 320GB tape drive, which stores data for $0.12 per gigabyte. The best deal ever! Dubbed the Quantum DLT-V4, this drive comes with excellent software, including special programs for regulatory compliance (Sarbanes-Oxley, anyone?). It's backward-compatible with other DLT systems and can use VS160 media as well. It's available with SATA or SCSI Ultra 160 interfaces. This should be a real winner for the company. Of course, you'll need this sort of backup for the upcoming large hard drives. And you'll need to get a lot of tapes. Hitachi and Seagate have both already announced half-terabyte hard drives, and that means we'll have a terabyte drive by Christmas of next year.

While on the Subject of Hard Drives Dept.: I have to say that I was impressed by an upgrade drive that Hitachi is marketing. This is a 100GB, 2.5-inch, 5,400-RPM notebook drive for those of you who need big storage on your notebook, for movies or whatever. It should work with almost any notebook, and the drive is quite easy to remove and install. It sells for around $140 and includes an enclosure so you can use your old drive as a portable drive. Or you can put this drive in the enclosure and move files to it before installing it in the notebook. Whatever the case, these little USB enclosures are very cool. Kudos to Hitachi for putting one in the box. These enclosures are the rage in Asia, where people also like to buy removable hard drive kits that let you use the larger CD-ROM–size template to slam and remove a hard drive placed in a special interface enclosure. Most small computer shops have these for about $15. Better than dual-boot, and perfect for moving drives from point A to point B.

Извор

 

[vardarce]

Bill Howard

Gadget Evolution

My laptop weighs 5 pounds. My laptop bag approaches 20 pounds. What gives? Well, a big chunk of the total weight comes from handheld devices that weigh well under a pound apiece, but collectively can add up to another 4 or 5 pounds. For a week-long jaunt, for example, I like to pack a laptop, a PDA, a cell phone, a portable media player or a hard drive music player, a flash music player for jogging, a camera, a Bluetooth headset, and a travel router so I can connect anywhere in my hotel room. Adding to the poundage are chargers that can't be replaced by a universal transformer from iGo, Kensington, or Targus. It's time for consolidation, and products out now and coming in the next year will help. Here's my take on devices ripe for morphing.

Cell phones. The cell phone that's just a phone still has reason to exist: Maybe you received a free phone with your calling plan, or perhaps you want an ultrasmall phone. You should at least upgrade to a Bluetooth phone, though, to get a wireless earpiece and hands-free car connectivity. One-megapixel phone cameras are stopgaps when you don't have a real camera along, but you may have to surrender the phone to security in public places where cameras aren't allowed. The cell phone will likely become a music player as well, with the advent of affordable 1GB, 2GB, and 4GB memory cards. Or phones might incorporate small hard drives, which could prove to be one of technology's all-time dumb ideas: Rotating mass storage breaks when you drop it enough times, and who doesn't drop a cell phone? Flash memory can provide enough capacity for most people.

PDAs, smartphones. If you carry a PDA and a cell phone everywhere, why not combine them in a smartphone like the palmOne Treo 650 or a Pocket PC phone? Syncing your whole electronic address book is easier than programming even just a few numbers by hand into a standard phone. Typically, you can't sync your address book or your calendar to a traditional cell phone, and what synchronization you can do requires a $50 cable that's bundled with smartphones. Smartphones are expensive, though—$400 to $700—and data plans can approach $1,000 a year, on top of what you pay for voice calling. If you don't take the data plan, you may pay even more for the phone.

Portable Media Centers. Windows CE–based Portable Media Centers that play music and show photos and videos suffer two flaws: Most people under 25 expected that PMCs would also play games (they don't), and there's no easy way to port DVDs to the PMCs' 20GB hard drives, so you're stuck with recorded TV. Of the handful of available devices, the Samsung YH-999 is smallest and handsomest—but it gets only 3 hours of battery life when showing video, half as much as the Creative and iriver PMCs. A flash card popped into a PDA shows pictures too, and if you can figure out how to rip a DVD to a PMC, you can also rip it to a flash card and play it on a PDA.

Hard drive music players. I like the larger-capacity ones (20GB or more) because they double as portable hard drives for data. But most people find 4GB-to-6GB players have enough capacity. Regardless, in the coming year, more players will have color displays so they can show photos. More players will have FM tuners, voice recording, support for WMA, and USB or flash-card connections, so you can off-load images from a digital camera without lugging a laptop around.

Flash music players. They weigh just an ounce or two, so why not carry one, even when a PDA or cell phone duplicates its features? For $100 or even less, you can get 256MB and possibly 512MB, and for another $25 you can have a 1GB player that holds 17 hours of music (encoded at 128 Kbps).

Laptops. The 12-inch ultraportable with cramped keys and a single drive bay may give way to the 14-inch widescreen notebook, with full keys, room for an optical drive or second battery, and 1,280-by-768 screen resolution. And users of 14-inch-LCD notebooks may go to 15-inch widescreens proportioned to tile two windows side by side. It's too bad there's no utility or hot key that lets you auto-arrange just those two windows, and also that more machines don't have a preboot OS that would let you play digital music with minimal battery drain.

Извор

 

[vardarce]

John C. Dvorak

We Need a New Computer Show

After last week's Consumer Electronics Show, it's apparent to me that Gary Shapiro, the head of the CES, needs to spin off the computer gear and do a show called CES Computers, or some other such thing. This would separate the typical CES home entertainment equipment and weird gizmos from the SATA hard drives, microprocessor manufacturers, wireless gear, and case-mod offerings.Last year I found CES to be so hectic and over-covered that I didn't make any attempt to go this year. Instead, I coded a CES metapage [www.dvorak.org/CES] for my blog that highlighted the best coverage by others. With around 2,500 exhibitors, there were an estimated 6,500 analysts and media members attending the event. This is nearly three people per booth. That made my attendance beyond redundant.With around 900 computer and technology-related trade shows (of all sizes) per annum, you'd think the proprietors would spread things out a little bit. Many smaller shows will have, say, 100 exhibitors but zero media coverage. If the ratio was the same as for CES there'd be hundreds of media people.
One year when I was at TechTV this phenomenon reached an extreme that is commonly seen by broadcasters. The company dropped a cool million dollars on CES coverage. When I asked, some months later, about sending even one freelancer to SUPERCOMM, I was told there was no money for it. In fact, there was no money for any other coverage whatsoever.

This is Big Media at work. I can't entirely blame the decision-makers, but the overkill is too much like a TV network sending Dan Rather to the eye of a hurricane so he can get blown around for a while. It's a waste of money.
CES is like TV's typical hurricane coverage. It even has fleets of buses to move people from the disaster scene to hotels. Reporters are everywhere. All that is missing is the wind in their hair. But I digress.
When we had the major computer shows, starting with the now-defunct National Computer Conference and COMDEX, there was good reason to load up on coverage, since these shows were massive and concentrated. CES has too many exhibitors who are not related to computers. In fact, most of the exhibitors have nothing to do with computers. I'm sure they cannot appreciate all the computer geeks all over the place tire-kicking in their booths. Computer geeks are also gadget freaks and end up wasting a lot of time looking at stereo gear and speakers.

Years ago, before the collapse of COMDEX, the NCC, and PC Expo, I would go to CES about once every three years. You could easily catch up with things. To make it easier, CES had a Chicago show in the summer. COMDEX itself was surrounded by mini-COMDEX shows all over the place, as well as the strong and vibrant N+I and Interop shows. All these things have faded, from both competition and the loss of focus instilled by the distraction of e-commerce and the Internet.
There still needs to be a singular event that can act as the social nexus for the computer business—a must-see show in Las Vegas that everyone has to attend. CES is not it. But the folks at CES have absorbed the audience for this show, and they must find a way to spin it out before they wreck CES itself. People in the computer business should not intermix with normal businesspeople.
I guarantee that if the CES folks announced tomorrow that they will spin off the CES Computer show (or whatever they want to call it) and that it will be held any time from Nov. 1 though March 1 next year in Las Vegas, they would have a phenomenal hit on their hands. That's especially true if they could get the industry publishers such as Ziff-Davis and the big manufacturers such as Microsoft, Intel, and AMD to bless the event. It would be a huge success. At first I thought it might be a good idea to run a split show at the same time as CES, but this won't work. Too many companies such as Toshiba would probably want to remain in the main hall with their big booth, diverting traffic from the spinoff. This has to be a big new show.

If they do not do something like this soon, then computer-gear folks will become accustomed to the CES scheduling and be harder to get rid of. In the process they will wreck CES. After that, another show may emerge, and they'll all bail out at once—and CES will not benefit from any of it.
It may already be too late. I didn't go this year. My podcasting partner Leo LaPorte, who usually broadcasts a KFI radio show from CES, didn't go. Numerous other people say they probably won't go next year. The NCC exhibited this sort of phenomenon before it collapsed.
Since the 1980s and the Atari gaming era, CES has hosted crossover exhibitors from the computer business. Every few years, a slew of computer folks would go to CES instead of the traditional computer shows to dabble with the consumer electronics buyers. Microsoft Bob was announced at CES.
This process has never worked out for CES, and now the folks behind it find themselves stuck with all the computer big shots—like it or not. This has got to end, and end now.

Извор


Inside Track v25n1

Some years ago, when Andy Grove was running Intel, AMD leapfrogged Intel in technology. Grove, according to rumors, got mad and let the engineers know that Intel would never let that happen again. Shortly thereafter, Intel regained the technology lead. But more recently, AMD once again passed Intel, and Intel has been lagging in its attempt to catch up. AMD brought the first true dual-core chips to market, and it's now expected that it will have quad-core shipping by late 2006. This puts AMD, by a conservative estimate, one to two years ahead of Intel. Exactly how AMD gained the technology lead is debatable, but I see it as an element of the Silicon Valley mindset. While I'm normally in agreement with the various litanies floating around the Valley, this one is just off base. Essentially it says that the microprocessor business is going to be forever flat, so companies like Intel cannot keep riding the pony; they must get into something else. Hence, Intel toys around in all sorts of venues not related to microprocessors.
This is not to say that Intel hasn't always done this. Years ago, it even came out with a line of children's toys that included a little digital camera (outstanding for the price) and microscopes. This move was perhaps in response to seeing Texas Instruments become successful with products in various consumer electronics areas. The bigger point is that Intel has not been successful in these ventures.
The problem is that Intel has failed to see that it had evolved differently from companies like TI or National Semiconductor. Somehow it hadn't noticed that it had become a specialist in microprocessors, in the process becoming the world's largest chip company. AMD also fiddles with other stuff but has not bought into the notion that the microprocessor is dead. Now it's the leader. It's focusing on mobile technology and hopes to have some reference designs soon. This is where Intel still leads AMD.

There is great danger here for Intel. Even though AMD seems to have overtaken Intel in many domestic markets and is gaining in others, there is no landslide. But if some software comes along that can actually use the power of a quad-core chip and suddenly an Intel box looks like a pig next to a less expensive AMD box, then things would dramatically shift. The new quad-core from AMD is what I want!

I Thought This Was Weird Dept.: According to research conducted by Burson-Marsteller and the Economist Intelligence Unit, most top-level executives would rather not become the CEO of their company. This applies worldwide, except in Latin America, where apparently everyone wants to be the boss. And this finding seems to be a growing trend. The rationale for it has to do with a nebulous concept called work-life balance. In other words, the CEO does not get to have enough normal fun—whatever that is. I'm not sure myself since I'm too busy writing. It's possible that these well-paying jobs will eventually be peopled only by workaholic jerks. That should have interesting ramifications in the society and economy alike.

What, Me Worry? Dept.: In another survey out of the U.K., it was discovered that a third of PDA and smartphone owners use no security whatsoever. And we're talking about executives here—apparently the same ones who do not want to be the CEO. The problem here is that too many of these devices have a lot of corporate information, address books, company passwords, and other sensitive data, making the company vulnerable when these phones and devices are stolen. In Britain alone, 700,000 phones are stolen a year. In the U.S., the figure is hard to come by but must be well over a million. And apart from the risk of theft, a PDA or a mobile phone can easily fall out of one's pocket. Many are left on counters. At least use the locking codes if you have any sort of information on the devices.

Another Fine Mess Dept.: I was on the New York City subway the other day and looked at the riders around me. Out of ten nearby passengers, six had iPods or other MP3 players and were listening to music. I have seen more and more of this lately: people detaching themselves from their environments and living in their own little world. At least this situation is better than what we had with boom boxes 20 years ago.

There's something interesting about this, which I've been noticing for a few years. Far too many people seem to be blowing their ears out with these things. If I can hear someone's earbuds from 10 feet away in a noisy subway, then these people are going to be hearing impaired or even deaf in no time. This is a huge public-health issue that needs to be addressed. When I was a kid in grammar school, an audiologist would come by every year and test the kids' hearing. I don't think that is being done routinely anymore. And there used to be something called a health class that would -inform kids about these sorts of injuries. That sort of education seems to be missing too. Prediction: In the future we are going to be required to talk a lot louder.

Извор

 

[vardarce]

Michael J. Miller

Government vs. the Free Internet

If the problem of keeping the Internet free, available, and anonymous is difficult in open and democratic societies, it's even harder in more closed societies such as China.

All the major search engines now filter their results at the behest of the Chinese government. They do so because that's "the price of doing business in China," and they typically say that in the long run having the Internet and all that information out there will facilitate a more open exchange of ideas. And China is a big market: The U.S., with 203 million users, is now the biggest market, but it's pretty much saturated. China is second, with 103 million users—less than 8 percent of its population. Google is the latest to give in. Until recently, it didn't have a Chinese site. The Chinese government blocks a number of political sites, but users could at least find out they existed using Google and then try to circumvent the restrictions. But now Google has a Chinese site that eliminates the sites the government doesn't want its citizens to see. There are no great answers here. A Chinese journalist was jailed after Yahoo! turned over his e-mails. Microsoft has blocked antigovernment blogs all over the world, and it's still doing so in China. It's not just search engines that are a concern. All sorts of tech companies make products that can be used for repression: databases that can keep track of what people are doing, firewalls that can block certain sites, and routers that can monitor what people are doing online. It's fruitless to say that U.S. tech companies shouldn't participate in the Chinese market, but what they could do is at least fight for more transparency there—and it would be good to see them come together to suggest proper rules. China isn't the only country restricting the Internet. The U.S. has rules aimed at protecting minors. A number of European countries have restrictions against Nazi or racist content. But these are nothing compared with closed societies. One of the first things the new hard-line Iranian government did was crack down on the Web. Even the U.S. government's asking Yahoo! and Google for large amounts of data makes people more careful with their searches. I worry that even well--intentioned actions to place minor constraints on the Internet are sending a message that restricting information is acceptable. In one sense, the countries that make finding dissident sites close to impossible are pushing that message to an extreme. And that's a bad sign for all of us.

 

[vardarce]

John C. Dvorak

Time to Rescue Old Code


Recently, I suggested in my online column (go.pcmag.com/opensourceosx) that if Apple ever switches to the Microsoft Windows OS, it should put the Mac OS X code in the public domain as open-source. This would keep its usefulness alive and provide good coding ideas that can be used elsewhere. It's time that we stopped reinventing the wheel. It's killing us. In fact, I would like to see all orphaned code brought into the public domain as open-source. Here are some past projects and categories whose code should be pulled out of the filing cabinets and released.

OS/2. IBM moans and groans about Microsoft dominating the desktop. If IBM had put OS/2 into the public domain, who knows how things would have turned out? (One factor with OS/2 and other elaborate packages is that they contain lots of rented or licensed code that can't be given away.) I sure hope someone knows where OS/2's code is. Hey, boys, take it out, and document where it was and what it did. It's nuts to let this code die.

DR-DOS, Wendin DOS, and the DOS clones. The dozen or so DOS clones out there are collecting dust. The likelihood that any of them contain valuable licensed code is nil.

GO-OS. Some years ago, when I first promoted the idea of open-sourcing orphan code, this product was at the top of my list, and it still is. This slick OS was used for one of the most innovative pen-based machines ever, the GO computer. There were a bunch of apps for it that should be released too.

Mainframe and minicomputer systems. There is actually an open-source version of VMS with an active user group. But what about systems like Multics or the Pick OS? Pick, which is still used, would greatly benefit the world, since it pioneered the database as a disk file management system that even Microsoft cannot duplicate.

Word processors and spreadsheets. There are tons of dead word processors and early spreadsheets that were both innovative and snappy. Whatever happened to the source code to Volkswriter? It's a prime example of a once prominent software package that's gone. And what about the code to the original Boeing Calc, a slick 3D spreadsheet from 1986? Even Lotus rolled out all sorts of variants that have disappeared. This code isn't doing the company any good buried in a filing cabinet.

What about Bob? No matter what the cynics will tell you, Microsoft Bob, originally code-named Utopia, was quite an innovative and creative OS executive layer. The company botched the marketing, and that was the end of it. But where's the code? Microsoft should embrace open-source programming and dump its old code into the public domain. Swallow your pride, Bill! A problem with this scheme is that today's commercial developers will think it's a personal attack on them. This has always been a problem with Microsoft and its relation to open-source. This code will help commercial developers by minimizing wheel-reinventing. Microsoft took much of its TCP/IP code from OpenBSD, and it improved Windows in the process. They sure don't complain about that. Who can coordinate the rescue of old code? The Open Source Foundation has done little to encourage the release of more code, preferring to monitor a few new projects, so some sort of archival organization is needed to oversee this. The longer we wait, the more arcane the code gets. But since I'm mostly talking about x86 code in a world that remains x86-centric, we have plenty of time. Everyone will benefit. Let's do it. Get the conversation started.

Lance Ulanoff

Is Windows A-Live?

A few weeks ago, I took the Microsoft bait and switched to Windows Live Mail. It's part of Microsoft's new Windows Live collection of online tools and services. Unlike MSN.com, this isn't primarily a content destination. Instead, it's a place to get your mail, manage your schedule, update your blog (in Spaces), protect your PC, send instant messages, and, well, do a bunch of other cool online stuff.
I'm a little confused by all of this, because the PC Mag staff has, in recent months, been peppered with e-mails, releases, and announcements of meetings regarding Windows Live. It seems that virtually everything the company is rolling out these days is part of the Windows Live "Strategy." There have also been more betas than I can ever remember Microsoft rolling out for any service. Even so, the whole thing feels a bit like everything and nothing all at once. I sense anxiousness in Microsoft's approach. Windows Live is ambitious and even a bit risky. You take risks when you want to succeed, but also when the competition has you a little shook up.
In the desktop application space, Microsoft dominates, but in online services, the competition is a little dicey. Microsoft does have Hotmail, though, and it's easily one of the Web's most popular free-mail services. And this is where Windows Live gets risky. Windows Live Mail replaces Hotmail. So with one fell swoop, Microsoft is systematically killing one of its most popular brand names. Granted, they didn't launch it. Microsoft picked it up for around $400 million in 1998 and, to the Redmond, Washington company's credit, they have not seriously messed it up.
Yes, the company has toyed with cutting down the amount of storage space and has begun killing accounts that had fallen into disuse, but by and large, Microsoft has done the right thing with Hotmail. It even ended up, in response to competition, dramatically increasing the basic amount of storage space for free-mail users, as well as adding spell-checking, junk-mail filtering, and some basic mail-virus protection. The service has millions of users.
I wasn't forced to switch to Windows Live Mail, but I'm guessing that's because the service is still in beta (actually, it was in beta almost 5 months ago —I first saw it as Kahuna). Once the beta period ends, it will be only a matter of time before Hotmail users are warned that "as of XX date, Hotmail will officially become Windows Live Mail." This will come as a shock to unsuspecting Hotmail users, and many will balk at the name change.

There is good news, however. Windows Live Mail is a very competent, full-featured mail client that looks and works a lot more like Microsoft Outlook. There's also no indication that the domain name will change. How could it? Would Microsoft really want to deal with millions of angry Hotmail users whose friends can no longer find them and whose mail is getting bounced back because spam-catchers don't recognize the domain?
A better e-mail service should be good news for everyone, but, as I said before, Microsoft appears a bit too anxious in its approach. The scattered message, the radical switch to a new name, and the decision to call this whole shebang "Windows Live" bespeaks panic. Why Windows? Why not Hotmail Live? Wouldn't that have been the smarter move? Just because we access all these services through a Windows desktop and Internet Explorer doesn't mean this is a "live" version of Windows. Unless Microsoft is trying to tell us that Windows XP is dead. In fact, that could be just what's on Steve Ballmer's mind. Windows remains the dominant OS in the world, but the brand has spent the past 5 years getting knocked around and more and more, Microsoft is seen as a runner-up in the online services wars. Google, for better or worse, is the one with the cachet now, even if none of its utilities are half as complex as one app in the Microsoft Office suite.
Microsoft's trying to tie its most cherished brand name to technology's most flexible platform, the Web. Obviously, it hopes a move like this will breathe life into the tired brand name. Somehow, I doubt it.

Извор

 

[KaiTekk]

5 Ways Google is Shaking the Security World

Whether you're charged with preventing hacks, protecting assets, stopping fraud or defending trademarks, Google and other search engines present a new mix of risks for everybody in the security game.


Ask Google anything—what's happening to GE's stock price, how to get to 881 Seventh Ave. in New York, where Mission Impossible 3 is showing, whatever happened to Brian W. after he moved away in the ninth grade—and you'll get an answer. That's the power of this $6 billion search engine sensation, which is so good at what it does that the company name became a verb.
That kind of power keeps Google on the front page of the news—and sometimes under unfavorable scrutiny, as demonstrated by Google's recent clashes with the U.S. Department of Justice and also with critics displeased by the search giant's stance on Chinese government censorship.
CSOs and CISOs have a different reason to think carefully about Google and the implications of having so much information online, instantly accessible by almost anyone. Although these issues relate to all search engine companies, Google gets most of the attention—not only because of its huge share of the Web search market but because of its unabashed ambitions to catalog everything from images and libraries to Earth, the moon and Mars.
"We always get enamored of a new technology, and it takes us a while to understand the price of that technology," says Robert Garigue, vice president of information integrity and chief security executive of Bell Canada Enterprises in Montreal. For security pros, the price is that Google can be used to dig up network vulnerabilities and locations of sensitive facilities, to enable fraud and cause other sorts of mayhem against the enterprise. Here, CSO examines the ways Google is shaking the security world, and what companies can do about them.
1. Google Hacking (strictly defined)

What it is: Using search engines to find systems vulnerabilities. Hackers can use carefully crafted searches to find things like open ports, overly revealing error messages or even (egads) password files on a target organization's computer systems. Any search engine can do this; blame the popularity of the somewhat imprecise phrase "Google hacking" on Johnny Long. The author of the well-read book Google Hacking for Penetration Testers, Long hosts a virtual swap meet (http://johnny.ihackstuff.com) where members exchange and rate intricately written Google searches.
How it works: The way Google works is by "crawling" the Web, indexing everything it finds, caching the index information and using it to create the answers when someone runs a Web search. Unfortunately, sometimes organizations set up their systems in a way that allows Google to index and save a lot more information than they intended. To look for open ports on CSO's Web servers, for instance, a hacker could search Google.com for INURL:WWW.CSOONLINE.COM:1, then INURL:WWW.CSOONLINE.COM:2, and so on, to see if Google has indexed port 1, port 2 and others. The researcher also might search for phrases such as "Apache test page" or "error message", which can reveal configuration details that are like hacker cheat sheets. Carefully crafted Google searches sometimes can even unearth links to sloppily installed surveillance cameras or webcams that are not meant to be public.
Why it matters: Suppose someone is scanning all your ports. Normally, this activity would show up in system logs and possibly set off an intrusion detection system. But search engines like Google have Web crawlers that are supposed to regularly read and index everything on your Web servers. (If they didn't, let's face it—no one would ever visit your website.) By searching those indices instead of the systems themselves, "you can do penetration testing without actually touching the victims' sites," points out consultant Nish Bhalla, founder of Security Compass.
What to do: Beat hackers at their own game: Hold your own Google hacking party (pizzas optional). Make Google and other search engines part of your company's routine penetration testing process. Bhalla recommends having techies focus on two things: which ports are open, and which error messages are available.
When you find a problem, your first instinct may be to chase Google off those parts of your property. There is a way to do this—sort of—by using a commonly agreed-upon protocol called a "robots.txt" file. This file, which is placed in the root directory of a website, contains instructions about files or folders that should not be indexed by search engines. (For a notoriously long example, view the White House's file at www.whitehouse.gov/robots.txt.) Many companies that run search engines heed the instructions in this file.
Notice we said "many"? Some search engines ignore robots.txt requests and simply index everything anyway. What's more, the robots.txt file tips off hackers about which public parts of your Web servers you'd prefer to keep quiet. Meanwhile, the information that your pen testers found through Google is already out there. Sure, you can contact search engines individually and ask them, pretty please, to remove the information from their caches. (Visit www.google.com/webmasters for instructions.) But you're better off making the information useless.
"The persistence of these caches is impossible to manage, so you have to assume that if it's there, it's going to be there forever," says Ed Amoroso, CISO of AT&T. His solution? Simple. "Let's say you found a file with a bunch of passwords. Change those passwords."
Then, fix the underlying problem. Eliminate or hide information that shouldn't be publicly available. Long term, you'll have to do the heavy lifting too, by closing unnecessary ports or fixing poorly written applications.
Shock waves: 4 (highest). It's up to you to make sure your company isn't accidentally publishing instructions on how to hack its systems.

 

[KaiTekk]

2. Google Hacking (loosely defined)

What it is: Using search engines to find intellectual property. It's Google intel: The researcher uses targeted Web searches to find bits and pieces of information that, when put together, form a picture of an organization's strategy. Unlike, say, launching a SQL injection attack, doing competitive intelligence using public sources is quite legal (and may in fact be good business).
How it works: The researcher scours the Web for information that might include research presented at academic conferences, comments made in chat rooms, rјsumјs or job openings. "Companies leave bread crumb trails all over the place on the Web," says Leonard Fuld, founder of Fuld & Co. and author of the forthcoming book The Secret Language of Competitive Intelligence. One common tactic is using search queries that reveal only specific file types, such as Microsoft Excel spreadsheets (filetype:xls), Microsoft Word documents (filetype:doc) or Adobe PDFs (filetype:pdf). This kind of search filters out a lot of noise. Say you want information about General Motors. Searching for "GENERAL MOTORS" "FINANCIAL ANALYSIS" one day in February yielded 56,400 results. Searching for "GENERAL MOTORS" "FINANCIAL ANALYSIS" FILETYPE:XLS brought up only 34 documents. One of those documents was a spreadsheet from a recruiting agency that contains the current jobs and work history (though not the names) of executives at numerous companies (including GM) who may be on the job market.
Another common approach is searching for phrases that may indicate information that wasn't intended to be public. For this, keywords such as "personal", "confidential" or "not for distribution" are invaluable. These targeted searches don't always hit pay dirt, but they can be fascinating. For instance, on that same day in February, the top hit on a search for "GENERAL MOTORS" "NOT FOR DISTRIBUTION" was a PDF from a credit-rating company with poorly redacted information that could be easily viewed by pasting the text into another document. (Oops!)
A final tactic is to target the organization's site itself for information, such as phone lists, that could be useful for social engineering scams. Researchers might use the site search function and look for the phrase "phone list" or "contact list". (An actual search might be SITE:CSOONLINE.COM "PHONE LIST", and if you run that particular search, you'll find stories CSO has published about why your company's phone directory is better kept under wraps.)
Why it matters: "If it's on Google, it's all legal," says Ira Winkler, information security consultant and author of Spies Among Us. Competitive intelligence of this sort is illegal espionage only when it involves a trade secret—and if something is public enough to appear in Google, can you really argue that it was protected like a trade secret?
What to do: That Google hacking party we mentioned earlier should involve a few site searches for sensitive files, such as financial records and documents labeled "not for distribution." Beyond your own borders, it's a good idea to know what people are saying about your organization, even if there's little you can do about it. "Using search engines to figure out what your public-facing view looks like has become a de facto element in any corporate security program," Amoroso says.
Brand protection companies such as MarkMonitor and Cyveillance will work the beat for you, if you'd prefer. Creating (and enforcing) good policies about employee blogging or the use of message boards and chat rooms can also limit your exposure.
Shock waves: 3 (significant). This kind of competitive intelligence has been going on forever, and it is damaging. The Web means more information gets out, and it's easier to find.

 

[KaiTekk]

3. Google Earth

What it is: A software download that provides highly navigable satellite and aerial photography of the entire globe. (The same images are also available through Google Maps at http://maps.google.com.) The scope and resolution of the photos are eye-popping enough that Google Earth drew ire even as a beta product in 2005. Some people feel threatened that a photo of, say, their backyard is only a few clicks away, and others fear that terrorists will use the images of landmarks or pieces of the critical infrastructure to plot attacks.
How it works: After the user installs the software (the basic version is free at http://earth.google.com), she can zoom to any spot on the planet, often with enough detail to see driveways, if not cars. The virtual globe can be overlaid with information on roads, train tracks, coffee shops, hotels and more. Enterprising researchers are also overlaying Google Maps with everything from locations of murders to public rest rooms that have baby-changing tables. Images are up to three years old and come from commercial and public sources, with widely varying resolution.
Why it matters: The privacy implications of having this information so readily available are certainly worth discussing as a society, but the security risks to U.S.-based companies are low. Much of the information was already available anyway. For instance, Microsoft stitched together images from the U.S. Geological Survey a decade ago with its Terraserver project (http://terraserver.microsoft.com). It just doesn't work as smoothly.
Not only have these types of images long been available online, but they can also be easily purchased from government and private sources, says John Pike, director of the military think tank Globalsecurity.org. There are only a couple of legal restrictions. First, the images must be at least 24 hours old. Second, the U.S. military has what Pike calls "shutter control": the ability to tell commercial satellite companies not to release imagery that might compromise U.S. military operations. To the best of Pike's knowledge, the U.S. military has never invoked this power, nor have the regulations governing satellite imagery changed during the Bush administration's war on terrorism.
"If Rummy's not worried about it," Pike says, referring to Secretary of State Donald Rumsfeld, "it's hard for me to see how anyone can lose much sleep over it."
What to do: If your organization's security plan is based on no one being able to obtain aerial or satellite photography of a facility, then it probably ain't much of a plan. "Anybody who has the capacity to constitute a threat that rises much above graffiti is going to have it in their power to get imagery of a facility," Pike says. "If security managers have something that they don't want to be seen, they need to put a roof on it."
Beyond that, be prepared for cocktail party banter about the risks and rewards of Google Earth and Google Maps. At the U.S. Food and Drug Administration, for instance, CISO Kevin Stine finds Google Earth personally fascinating, and he likes to muse about its potential for use in, say, disaster planning. "From a CISO perspective, I think we need to be aware of these kinds of tools," he says. But for his security group, the only impact he thinks Google Earth might eventually have, if it begins to encompass more business applications, is a drain on bandwidth. In other words, it's a concern about as big as your lawn chairs seen from space.
Shock waves: 1 (minimal). Security by obscurity is so 20th century. Google Earth just illustrates why.

 

[KaiTekk]

4. Click Fraud

What it is: The act of manipulating pay-per-click advertising. Perpetrators inflate the number of people who have legitimately clicked an online ad, either to make money for themselves or to bleed a competitor's advertising budget.
How it works: With pay-per-click advertising, an advertiser pays each time someone clicks an ad hosted on a website. Google, Yahoo and other search engine companies make their money by selling advertisers the right to have their text-only ads appear when someone searches for a particular keyword. There are two ways to manipulate pay-per-click advertising: competitor click fraud and network click fraud.
First, the competitor variety: Let's suppose a company that sells life insurance wants to advertise on Google. The company might bid for and win rights to the phrase "life insurance". Then, when someone runs a Google search for that exact phrase, the company's ad appears next to the search results as a sponsored link. (How close to the top of the list depends on both the price per click and the superpowered algorithms that constitute Google's secret sauce.) Each time someone clicks the sponsored link, Life Insurance Co. pays the agreed-upon price to Google—say $5. With competitor click fraud, an unscrupulous competitor tries to run up Life Insurance Co.'s advertising bill by clicking the link. A lot.
Network click fraud, on the other hand, cashes in on the fact that Google isn't the only company that hosts Google advertising. Suppose someone has a blog about insurance. She can sign up as a Google advertising affiliate and have ads for insurance run on her site. If Life Insurance Co. is paying Google $5 per click, Ms. Insurance Blogger might pocket $1 for each click her site generates. Network click fraud is when an affiliate generates fraudulent traffic in order to boost its revenue.
Google insists it is trying to keep the problem in check. Shuman Ghosmajumder, product manager for trust and safety at Google, says the company monitors for all kinds of what it dubs "invalid clicks," and that it routinely issues refunds to advertisers and closes down fraudulent affiliates. In 2005, Google even won a lawsuit against an affiliate it charged with click fraud. But some advertisers say that Google isn't doing enough to prevent and monitor for fraud because it profits from the fraud. Google faces a class-action lawsuit led by AIT, a Web-hosting company, and is in the midst of reaching a $90 million settlement with Lane's Gifts & Collectibles, a mail-order store. (At press time, the proposed settlement was before a judge.)
Why it matters: Click fraud is following a trajectory that will be familiar to any CSO, and it's a telling example of how sophisticated and profitable electronic crime has become. First, the good guys started looking at server logs to find IP addresses in patterns that indicated fraud. The bad guys responded by creating automated bots that simulated different IP addresses and had varying time stamps. Then, the good guys improved their click-fraud detection tools, with a cottage industry sprouting up that specializes in helping online advertisers monitor for fraud. Queue up "click farms," where the bad guys hire people in other countries to do the clicking in a way that looks more realistic. "It's a cat-and-mouse game," says Chris Sherman, executive editor of SearchEngine-Watch.com.
What to do: The first step is to put tracking measures in place. In a recent survey done by the Search Engine Marketing Professional Organization (Sempo), a trade group, 42 percent of respondents said they had been victims of click fraud, but nearly one-third of respondents said they weren't actively tracking fraud. "The way you monitor it is you look for something that doesn't make sense," explains Kevin Lee, chair of the group's research committee. "If you spent $100 every day last week, and then this week you spent $130 every day and didn't get any more conversions, or whatever your success metrics are," then you might have a problem, he says.
"Usually the engines will catch the obvious fraud, and they won't even bill you for it," Lee continues. But if you have a larger problem, you may need to gather information about why you believe some of the clicks are fraudulent and ask the company hosting the ads for a refund. Ghosmajumder says Google devotes significant resources to a team of investigators who proactively monitor for fraud and also do research about possible fraud reported by advertisers. Google also has engineers working on technical means to identify invalid clicks. According to the Sempo survey, 78 percent of advertisers that have been victims of click fraud have received credit from a paid search provider, and 40 percent of the time it was based on their request.
The question, of course, is whether to bother making a request. Who better than the CSO to help the advertising department figure out whether it would cost more for the company to tamp down on the problem or simply to pay for the fraud?
Shock waves: 2 (moderate). For companies using pay-per-click, this is one to watch. Click fraud has the potential to dramatically reduce the effectiveness of online advertising. But with more than 90 percent of Google's revenue coming from advertising, the company has a serious incentive to keep the problem in check so that advertisers don't lose faith in the pay-per-click model.

 

[KaiTekk]

5. Google Desktop

What it is: A free tool offered by Google that allows users to quickly search the contents of their hard drives. (Similar tools are offered by MSN, Yahoo and others.) The latest version can also be used to share files between computers.
How it works: After the user downloads the tool, it works in the background to index everything on his hard drive, much like Google indexes the Web. All fixed drives are indexed by default, but the user can specify folders to exclude or extra drives to add. The software can be set to return results on text files, spreadsheets, PDFs, Web history, e-mail and more. Once the indexing is done, when the user runs a Google search, items from his own computer appear at the top of the results. Alternately, he can use the tool by itself by opening it on his desktop; he doesn't even need to be connected to the Web.
A new version also has a controversial feature that allows a user to share files between computers. With this setting enabled, Google indexes the files on one computer, pulls them up on its servers, then pushes them down onto another computer (which is similarly configured with the software). Then, a search done on one computer returns results from both.
Why it matters: It's easy to see why people get all prickly about this one. Once the tool is installed and files are indexed, a snoop needs only a coffee break, rather than a lunch hour, to search someone's hard drive for files about, say, Bob Jones's salary. To make matters worse, freewheeling users may not pay attention or understand how to make sure that sensitive documents aren't indexed.
To its credit, Google has tried to improve the standard configuration of the tool. An early version automatically returned results with password-protected files and secure HTTP pages; now, those types of files aren't indexed unless the user changes a setting. "People screamed about that, and Google changed it very quickly," SearchEngineWatch.com's Sherman says. Even so, setting up appropriate exclusions can get complicated. Some companies—as well as many individuals who are concerned about their personal privacy—are also leery of making so much information available to Google.
The new Search Across Computers feature only heightens these concerns. With this feature, Google says, copies of users' personal files can sit on Google's servers for up to 30 days. Google downplays this time frame. Says Matthew Glotzbach, product manager for Google Enterprise, "If both of your computers are on and syncing, [the files are on Google's servers] only a matter of minutes"—the time it takes for Google to pull up the information and push it back down onto the second computer.
But having the information saved on Google's servers at all is troubling, given that search engine companies are routinely subpoenaed by prosecutors. (Google's privacy policy states: "We may also share information with third parties in limited circumstances, including when complying with legal process, preventing fraud or imminent harm, and ensuring the security of our network and services.") In one especially charged case, Google fought a subpoena from the U.S. Department of Justice, which wanted search results to help analyze its enforcement of the Children's Online Privacy Protection Act. A judge reduced the amount of information Google must turn over, and the ensuing debate raised awareness about the amount (and nature) of information that Google has in its stores.
The fact that the software is relatively untested raises additional questions. Last November, an Israeli researcher reported that he had found a vulnerability in Microsoft Internet Explorer that allowed him to illicitly access information in Google Desktop. Google fixed the problem, but legitimate concerns linger. "Anytime you install software from a third party directly on a hard drive of a particular machine, you're potentially opening up holes in the security of that machine," says Matt Brown, a Forrester senior analyst.
What to do: It's time to catch up—something that Brown says is especially important given the fact that Sarbanes-Oxley requires companies to keep tabs on where and how long their information is retained. Consider whether your users actually need desktop search for their jobs. If they do, you'll want to have a hand in how it's configured and used. (Bonus points go to the CSO who makes sure that users understand the privacy implications of all these tools, beyond just telling them to read the privacy policy.)
At the FDA, Stine is in the early stages of looking at the tool. "There have been some requests [for desktop search] here and there, but there hasn't been a user outcry," he says. If (or when) there comes a point when a lot of users have a legitimate need for desktop search, Stine says he'll look carefully at how the technology identifies, indexes and presents information. "We'd have to ensure that we still maintain complete control—at least as complete as possible—over the information," he says.
Fortunately, he'd have plenty of options. Several companies have enterprise desktop search tools that help CISOs keep tabs on the information. Google Desktop 3 for Enterprise, currently in beta, allows administrators to completely disable features such as the Search Across Computers feature. Google says it is working make future versions of this tool easier to manage. "I don't think we anticipated such a concerned or negative response," Glotzbach says. "We've taken to heart the feedback on the Search Across Computers feature, especially in the enterprise context, and we're actively working on making it even easier for the companies to use" in a secure manner, he says.
X1 Technologies, which has partnered with Yahoo, offers a competing enterprise search tool that Brown says is more manageable from an IT perspective. "Part of the problem with these technologies is they get announced and people immediately start downloading," Brown says. "It takes companies a little while to catch on to what's happening."
Shock waves: 4 (highest). Desktop search is an untested technology with a wide potential for misuse. If your users don't need it, don't let them use it; if they do need it, consider enterprise tools that can be centrally managed and controlled.

Future Shocks

Google has shaken us, by holding up a mirror and forcing us to look at what we've put online. "Google provides a lot of capability that can do you harm as well as providing you search capabilities," Winkler says. "What makes it its strength makes it its danger."
The future will make search technology only more dangerous. Bell Canada's Garigue points out that search technology is still in its very infancy, barely scratching the surface of what he calls the shallow Web. "The shallow Web is everything that's public on Web servers," he says. "The deep Web is what's hidden inside databases." From the Library of Congress to Lexis-Nexis' legal and news archives, to Medline's medical databases, the great bulk of information that people access online is still available only to subscribers, not to Google. "Google is the first generation of tools," Garigue says. As those tools get more sophisticated, the shock waves will only grow stronger.