Deep Green Crystals

« February 2004 | Main | April 2004 »

March 28, 2004

Searching for someone?

Try the MESA search engine. Meta E-mail Search Agent. You can find almost anyone there. Also I just found some very private information using searchsystems.net. Watch out how you choose your e-mail names and what information you give to on-line sites if you don't want people tracking you. For the totally paranoid, there is always Anonymizer. I have used it quite successfully.

Posted by Martin at 7:18 PM | Comments (0) | TrackBack

My favorite direct from Japan gadget retailers

Dynamism.com
iCube.us
Japan-direct.com
Kemplar.com
TKNY.com

Posted by Martin at 7:13 PM | Comments (0) | TrackBack

March 26, 2004

AOL SPAM filters failing

This week AOL was crowing about how great their spam filters were and how spammers are moving on to other "less well protected" isps. They claim spam is down from 2.6B to 1.9B messages.

But a closer look reveals that their tactics are heavy handed and causing some users great concern! Slashdot | Dealing with False AOL Spam Reports?
AOL does have a fair number of small businesses that use their e-mail infrastructure to send and receive all company communications. These are being marked as spam! How long do you think these subscribers will stay with AOL? More rats fleeing the ship...

Posted by Martin at 1:50 PM | Comments (0) | TrackBack

Secure e-mail now

A couple of readers have asked if there are any easy to implement mail encryption schemes available to an individual today. Unfortunately the catch here are the words "easy to use". Of course most mail clients support public/private key pairs (most based on PGP), but the set-up is a hassel. If you like pulling fingernails, read how to configure Outlook here. You have to pay for the keys and provide a high level of authentication (your first borne) to get the highest level certificates. And then of course everyone you send mail to needs to do the same thing. Key pairs are a very heavy weight solution to the problem and I do not believe will ever be widely adopted.

There is hope on the horizon though for a lighter weight keyed encryption. It is called Identity based encryption. The major proponent is Voltage Security. The promises are good, but this one fails another test: "today". It is not yet available. And it looks like they will first sell to government and enterprises with no option for a single end user product. Of course there are other secure messaging providers to the enterprise like Tumbleweed, PostX and a long list of others. But again, those sell to the enterprise or into verticals.

There are "secure e-mail providers" that will sell you a new acocunt that is "secure" to various degrees. A Quick search of Google for "secure email" results is a long list. But you need another e-mail address. And different services offer different levels of "Security".

Another approach is to basically not send the e-mail to another client, but rather to a secure server, and forward the receipient a mail with a HTTPS link in it to the message in a browser which requires authentication, passwords and all that. This approach is lighter weight than key pairs, but takes you out of your traditional mail client. And again, most solutions are for enterprise. One Portland company doing this is Kryptiq. They started out as a generic secure e-mail company, then focused on health care as a vertical to get deeper into the workflow. Again, not for consumers.

Now wouldn't it be nice if there were a client plug-in that just worked without alot of central set-up and was seamless to others? In other words if someone outside the system sent you a mail, you would get it. If you sent a mail "securely" to someone without the system, they could sign-up or get it very easilly. Or request a non-encrypted copy if they didn't want to sign up?

Ok, I am working on it.

Posted by Martin at 1:44 PM | Comments (0) | TrackBack

All designated sender schemes blow chunks...

Props to Technology Review for getting my synapse's connecting on this one. All the designated sender schemes out there basically attack the problem of forging domain headers. That way you can't say you are from Yahoo and not really be. But spammers are free to buy as many domains as they want and keep sending mails from there. I still believe that a combination of client and server techniques are required.

Here is the meat of their arguemnt:

"Yahoo!, Microsoft, and the SPF working group are all backing competing proposals that have been characterized as “designated sender." (America Online has endorsed and is experimenting with the SPF version.) They all attempt to give a receiving e-mail server a way to determine whether the "From" address on an incoming message has been forged.

These anti-spam methods, if widely adopted, would certainly devalue one important tool in the spammers’ current repertoire. We should keep in mind, however, that spammers have many tools. The best these techniques can do is to keep a spammer from using your domain (or AOL’s, or Yahoo!’s) as a "From" address. Spammers could legally acquire thousands of valid domains at little cost, provide valid SPF and Caller ID records for them, and discard them when they drew the attention of spam-fighting organizations.

Such designated sender techniques have other drawbacks as well. One problem is that legitimate mailing lists would become difficult to operate. Another is that e-mail forwarding services, such as those supplied by MIT alumni and other affinity groups, would be broken. "

Posted by Martin at 1:04 PM | Comments (0) | TrackBack

Radicati pontificates on SPIM

Wired News: Spam Monster Eyes Another Target: SPIM. The Radicati Group is trying to get out ahead as an analyst by identifing SPIM (Spam on IM) as a trend and quantifying it. I use two IM clients today and don't recieve any spim. I used to use ICQ which was all SPIM so I got off. AOL and MSN seem relatively free. But I know it is coming....

I personally receive more SMS spam than SPIM. What is SMS Spam, SPASMS?

I like it SPASMS....

Posted by Martin at 12:56 PM | Comments (0) | TrackBack

.TM domain registar implements SPF

The Register reports that the domain registar of .TM domains has implemented SPF. They are trying to maintain the "exclusiveness" of their domains. Here is how they explain it works.

SPF (Sender Policy Framework) itself is a very simple yet effective method of cutting down spam. Internet domains already have MX records tied in with their basic DNS information that say which mail servers receive email for that machine. All SPF does is provide MX records for the domain’s mail servers that send email.

As such, when an ISP receives an email, it looks at the domain, looks up the DNS record and if the mail server it came from is not one mentioned in the MX records, it either deletes it or pushes it to one side for review. Since a large number of spam messages are “spoofed” in order to make it look as though the email is coming from elsewhere, such a system would reduce the number of spam as well as make tracking down spammers easier.

Posted by Martin at 12:52 PM | Comments (0) | TrackBack

March 24, 2004

Brightmail files to go public

Spam fighting is getting interesting.
Brightmail.

Posted by Martin at 1:09 PM | Comments (2) | TrackBack

March 22, 2004

PEW says Can-SPAM has had no effect yet

Can Spam Stop Legitimate E-Mail Marketers? - BizReport says 53% of PEW study people since Jan 1 have said they have seen no change in their SPAM volume. Now the FTC has not started enforcement yet. But it does show that the spammers are flaunting the law. The question is if they are making hay while the sun shines and will all shrivel up when the enforcement starts, or what?

Posted by Martin at 3:08 PM | Comments (0) | TrackBack

Spam tactics roundup

ZD Net just did a fairly good roundup article on the major ISPs (Msft, AOL, Yahoo) guys efforts to fight SPAM. Technology solution to slicing spam lags - News - ZDNet. The upshot is that we have a balkanized set of proposals all incompatible and coming at the problem from slightly different angles. All three of the majors are focusing on the piece that I have pointed out though, which is authentication. SPF is a server authentication technique. Yahoo DomainKeys is sender/message header authentication. Microsoft's Caller ID from microsoft also uses DNS for authentication but targets the author or header and is better (they say) at authenticating forwarded mails than SPF.

A good article to get a roundup of current proposals. But you won't find any magic potion here.

Posted by Martin at 3:03 PM | Comments (0) | TrackBack

The central MT anti-spam tactics page

I knew with a little searching I would find such a place. .:: SPAM FIGHTING TECHNIQUES TO PROTECT YOUR BLOG ::.. Here are 10 or so tactics to reduce spam on your MT blog. All different approaches. I just implemented the rename your comment cgi script tactic. haven't gotten any more spam (in last 4 hours). If I start to get it again, I will probably try some of the others. I don't like the blacklist thing (it has already gotten corrupted once) so I will probably un-install that and try something new if they get through.

Posted by Martin at 2:26 PM | Comments (0) | TrackBack

Wow, blast from the past

I am trying a new beta search engine Eurekster. Like most people of course one of the searches I try is my name. One of the top results was a Business Week article from 2000 about how I bought my VP of Sales an $18K Harley. Those were the dayz... Nice picture though.

Posted by Martin at 2:15 PM | Comments (0) | TrackBack

Thoughts on Identity

I have been thinking about identity managementy systems lately. I asked one of my trusted sources on such things, Eric Lindvall. He had some good pointers and thoughts about user/server authentication...

don't know if you've found these, but they're somewhat helpful
different points of view:

http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=631
http://www.pgp.com/company/ctocorner/

i assume you know about these guys:
http://www.voltage.com/technology/ibe.htm

if you're ready for some heavy reading, this hase some interesting
ideas:
http://www.hpl.hp.com/techreports/2003/HPL-2003-18.pdf

this is a general interesting list of whitepapers:
http://itpapers.zdnet.com/search.aspx?cid=22&tag=tu.sc.ont.dir1&x=40

what are people going to use encryption for?

is it ever going to come to a point that the email that goes between
my mother and i is encrypted? even if it were just clicking a button
on and off, would it even be worth doing?

it's just my general impression that people don't seem to feel they
have much to hide in general, and i would have to think part of that
is because they don't.

would the world be a safer place if everything was encrypted? likely,
but i don't think that it'll really happen until it's just an
automatic feature in hotmail (where it detects that you're talking
with someone who accepts encrypted email and automatically turns it
on).

the only problem with that, is that if you don't have the user
conciously aware that they are using encrypted data (if you don't
require extra or more stringent passwords to get at your private key,
etc) it basically defeats the purpose of most of the encryption: if
you can just type in the name of their dog as their password and get
into their email, which automatically shows you the decrypted versions
of their emails, what good did it do that it was encrypted?

so.. things are marginally improved -- people can't sniff email in
transit and see everyone's messages. so that's good.. but.. i don't
know who will pay for that incremental improvement.

e.

Posted by Martin at 1:46 PM | Comments (0) | TrackBack

The Apprentice: Omarosa's ouster...

This week it finally happened. Omarosa is gone. I will get to the how and why, but at this point I want to reflect on the process and how closely (or not) it is "reality". All of these "reality" shows are victims of a critical flaw: They are TV shows. What we see is edited and organized for OUR ENTERTAINMENT. Now, the Apprentice appeals to me for some business reasons (a chance to understand how The Donald makes decisions), but at times it is clearly conflicted between making good business decision and making good TV. Good drama. Early on in the show, I think that was clearly part of what kept Sam around so long. He was entertaining. After he left, it was up to Omarosa to be entertaining. And she was in a chip on my shoulder, holier than though, Louis Farrakhan sort of way.

This has been stuck in my outcue for two weeks. It is now old news. Basically I am happy to see her gone. And dumbfounded at how much celebrity you can create in this world with little substance.

Posted by Martin at 1:44 PM | Comments (11) | TrackBack

The fine is 497M euros

Reuters | Latest Financial News / Full News Coverage Wow. And ship a windows without windows media player. To be appealed of course. But Wow.

Posted by Martin at 1:02 PM | Comments (0) | TrackBack

Bundle o' BioIT links

I have been surfing looking for software ideas in the BIO IT space. Here are a bunch o links to interesting products and efforts that I have not had a chance to dive into, but want to at some point.

http://www.drugdisc.com/europe/default.asp?src=eu706
http://www.hum-molgen.de/bioinformatics/
http://cs.rockefeller.edu/index.php3?page=toolkit-rucs.sci_progs
http://highwire.stanford.edu/cgi/search/

And some on alternative energy software.

http://www.energywatchdog.com/
http://www.abraxasenergy.com/pocketcontrols.php
http://www.abraxasenergy.com/activity_loggers.php
http://www.capterra.com/energy-management-software

Posted by Martin at 12:52 PM | Comments (3) | TrackBack

Spam Spin

I was intrigued by the Corvigo acquisition by Tumbleweed, so I read the press release and came across this little tidbit.

Corvigo's Linux-based anti-spam appliance, MailGate, was rated #1 against major competitors in real-world testing by InfoWorld in February, 2004. (http://www.infoworld.com/article/04/02/13/07TCspam_1.html) Tumbleweed can now offer customers the broadest, most flexible options for stopping spam with either the MailGate hardened Linux-based appliance, or Tumbleweed's Email Firewall, a globally scalable Windows-based enterprise software solution. In addition to award winning anti-spam capabilities, Tumbleweed's Email Firewall offers an integrated set of anti-virus, intrusion detection, content filtering, email relay, encryption and authentication capabilities.

So I go read the article:InfoWorld: Exclusive: CipherTrust, Corvigo, and MessageLabs lighten the spam load: February 13, 2004: By Logan G. Harbaugh: Security. It is a round-up article. Not a shootout. They don't pick a winner. But Corvigo says they won and leveraged that claim into an acquisition. Wow.

Posted by Martin at 12:40 PM | Comments (0) | TrackBack

Another blow against Blog Spam

TypeKey is Six Apart's identity system for blog commenting. Basically they are trying to get a the root of Spam before it kills blogs. SPAM is an authentication problem. If you check authentication of a person before they write something against a central database and that database is kept clean of offenders, then you can stay pretty clean. That is the problem with SMTP today, no authentication. I will try this one out on my blog.

Posted by Martin at 11:33 AM | Comments (0) | TrackBack

New Technorati site!

Technorati: Searching the World Live Web Want to know what is going on in the blogsphere? Want to know your place there? Want to track keywords? All can be found here....

Posted by Martin at 10:04 AM | Comments (0) | TrackBack

March 18, 2004

Roundup of Hybrid SUVs

Autobytel Research just published a round up of the three announced and soon to ship hybrid SUVs. Being a 100% SUV family (not counting the motorcycles and Segways) I am waiting in eager excitement for these. I don't like the Lexus styling at all. The Ford is passable and the Toyota is a year later than all the rest. I will drive the Ford and let you know what I think. But I like size and may wait for the Tahoe.

Posted by Martin at 11:27 PM | Comments (0) | TrackBack

Power to go

Just bought one of these little beauties: Statpower XPOWER-75 Single-Outlet 75 Watt DC-AC Mobile Power Inverter. You can basically use it to power anything that doesn't pull alot of resistance (like a hairdryer) out of the cigarette lighter in your car. Wish I had this before I bought a special airmatress for camping that ran on 12 volt itself. I could have just used my existing aerobeds. Oh, well, now I have computer power in the car, and don't need a special car charger for my cell phone.

Posted by Martin at 11:00 PM | Comments (1) | TrackBack

Another survey tool

Thanks to a Kevin, a faithful reader for a pointer to: SurveyMonkey.com - Powerful tool for creating web surveys. Online survey software made easy! I am currently trying BlogPolling. I haven't had much time to play with it, but 8 people have taken the poll in the first week, so somebody is reading! Next poll I will try with Survey Monkey...

Posted by Martin at 10:49 PM | Comments (1) | TrackBack

Yet another wireless connectivity standard from CEBIT

Wireless alliance touts 'magic touch' RFID technology - ZDNet UK News. Nokia, Sony and Philips announce the Near Field Communication (NFC) alliance which basically uses an RFID chip for authentication of the client (rather than pure software like Bluetooth or 802.11) and then data can be passed using existing wireless protocols like Bluetooth. To me this just looks like a tightening up of the security model for device to device transactions, not a new protocol. But what do I know...

eat'

Posted by Martin at 10:22 PM | Comments (1) | TrackBack

The virtual (ebay) spawns the physical (stores)

eBay drop off stores are the latest in a line of eBay extensions. Tired of spending alot of time managing your eBay aucitons? Just take your stuff down to Isold It or AuctionDrop or QuickDrop and they do everything for you and send you a check. Now it is not cheap, somewhere between 30 and 40% of the sale price, but it may be worth it. I have sold alot of stuff that I otherwise would have just taken to the dump. The time spend packing, shipping, and answering e-mail probably ate up any profits. It was really just to save it from the landfill. This seems like a business any number of people who already have stores could get into like GoodWill, PawnShops, etc. But they probably won't. And people will love the idea.

Maybe I should buy a franchise...

Posted by Martin at 9:46 PM | Comments (0) | TrackBack

Ember launches 802.15.4 compliant EmberNet

Ember - Embedded Wireless Networking
I have been tracking these guys for some time. While 802.15.4 (ZigBee) is not yet a totally baked standard, these guys have been selling a protocol stack, chipset and SDK to enable developers of mesh networks. Everyone is looking for a mesh network idea. Don't know if these guys are too early. Doesn't look like there are many companies shipping solutions with the Ember stack. Their customer scenarios are all just that and mostly highly specialized situations like industrial environments hostile to other network protocols or military applications.

In thinking about when I can buy Zigbee products, it doesn't look like any time soon. For some simpler home applications, Zensys has product shipping today that are much easier to install than X10 and cheaper. They aren't Zigbee compliant, but they work today.

Posted by Martin at 8:33 PM | Comments (0) | TrackBack

March 15, 2004

Groove wins Homeland Security deal

Slashdot | Dept. Of Homeland Security Chooses Groove, P2P Ray has got to be happy. He wants to take P2P into a real productivity application in the enterprise. I heard that Swan Island Networks was working with HSD as well, I wonder if they are a part of this or separate. Their SWARM technology is for secure file sharing. Sounds similar.

Posted by Martin at 10:48 PM | Comments (0) | TrackBack

Supersize your RSS

The Blogsphere is a wonderful place. These guys: FeedBurner - The spark for syndication success will add all sorts of stuff to your RSS feed to improve them. They basically route your rss from your blog server through their servers and add stuff. Like converting the different RSS formats and Atom. And inserting your AMazon associates ID to Amazon links. And tracking lots of stats. I think there are 100 ways to add value to RSS by pulling it through your servers. Very interesting concept.

Posted by Martin at 10:21 PM | Comments (0) | TrackBack

VA meets anti-SPAM

Early this year the FTC made another run at open proxies: PCWorld.com - Vulnerable Servers Warned. They estimate over 1 Million open proxies. I wonder if the Can/SPAM law puts some of the liability for SPAM on open proxies? What would be the effect on the spam problem if it did? Could this be an opportunity for the Vulnerability Assessment guys? I hope so.

Posted by Martin at 4:06 PM | Comments (0) | TrackBack

Another RSS reader off the list

Just un-installed SharpReader RSS Aggregator as well. I read a number of reviews that picked it as a simple, sturdy reader. It is that, but that is not what I need. Does a couple of things funny.
1. The pop-ups for new posts that come out of the task bar are too big. They include a summary of the message. I just want the headline.
2. I actually liked the auto-discover features, they auto discover most RSS feads without alot of screens (good thing).
3. auto lookup of linkcosmos in Technorati was great!
4. No integration with publishing. This was the killer for me. If I am reading a post that I like and want to link to it on my blog, I want easy integration.
5. My Firewall (Zone Alarm) also complained every time I started SharpReader asking if I really wanted to set up as a server. I thought this was client software. I don't know why they are setting up a server, but I don't want that.

Posted by Martin at 3:30 PM | Comments (1) | TrackBack

Two RSS readers off the list

I have been testing different RSS readers lately. Two have fallen off the list:

1. Pluck: RSS Reader & Power Search. At first I liked the idea of reading RSS in the browser, but after trying it I hated it. I want to read in a separate application, or maybe inside Outlook. Not IE. Also, after you install it, it is not abundantly clear how to access it. It does not always load in IE. You don't get a toolbar, you get (sometimes) a sidebar. Out of sight, out of mind. Nix.

2. RSS Reader.
This was an early favorite of mine because it was free all day all the time. But the features just aren't there. I guess that is one thing you get when you pay for software. Adding channels was hard, no autodiscover feature. Drag and drop of XML tags not available. Simply not rich enough yet.

What is left? FeedDemon and NewsGator.; both require payment (pain!), but are full featured enought that I may actually pay after the trial. I like the 30 day trial on FeedDemon, 15 days on Gator seems short sighted. NewsGator needs to change their name, my spyware software keeps trying to delete it as the "evil" gator. I am addicted to the auto generated newspaper feature within a channel group in FeedDemon. I also like the integration with publishing in w.Bloggar. They carry the URL there seamlessly. Very neat.

Posted by Martin at 3:23 PM | Comments (1) | TrackBack

Another tatic against Spyware

Props to Rich for : Tong Family Blog: Dummy Files for Spyware. The concept is simple, you want to use applications that are funded by spyware? Just replace the files that actually do the bad work with ones that don't do anything bad and trick the application into believing it is whole when it is not! Great idea!

Posted by Martin at 9:36 AM | Comments (0) | TrackBack

Trying out Blogpolling

I have been looking for a quick and easy way to add polls to my blog and am gunna try this one: BlogPolling Voting System :: Free Polls for your Website or Weblog Go vote on the SPAM poll today!

Posted by Martin at 9:22 AM | Comments (1) | TrackBack

March 12, 2004

Terminator 0.1

Ever wanted a little help walking around? The guys at Bezerkley have a robotic exoskeleton for you: What the BLEEX Is That?


Designed for firefighters, rescue workers, combat soldiers and others who might have to move heavy loads in the course of their duties, BLEEX is an exoskeleton that lets the average person carry much more than normally possible. It is also the first step (punn intended) to the Terminator.

Posted by Martin at 8:35 PM | Comments (0) | TrackBack

Wow that was fast Cisco

Just days after Gartner blasted Cisco for not having enough security in the network, Cisco to buy security start-up


The company is putting down $5 million in cash to acquire tiny Twingo Systems for its technology designed to protect corporate networks from weak spots (the end point devices activity logs) in remote access. Twingo basically has a client that cleans up a device after an SSL VPN session so that any cookies, passwords, or cache data from the session is erased after sign-off. Neat little trick.

Posted by Martin at 8:27 PM | Comments (0) | TrackBack

The dangers of riding on top of Microsoft

CNET is reporting that a recent Office update (SP3) clogs spam filters


Basically, Microsoft is trying to program around viruses that grab the Outlook address book or intercept e-mail messages. But SPAM programs have to intercept and read messages as well. So in fixing one problem, Microsoft has caused a raft of others. Cloudmark is already working closely with Microsoft on a fix that should be out within hours.

Posted by Martin at 8:20 PM | Comments (0) | TrackBack

The worlds fastest electric car

The guy who developed the Rocket Book is trying to commercialize high performance electric sports cars at tzero home. Gunna drive one Wend. Wait for the review!

Posted by Martin at 2:57 PM | Comments (0) | TrackBack

Be a romance novel star...

Ever wanted to be the subject of a book, but couldn't get around to writing it yourself? Hey, that is what search and replace is for. A couple of steamy romance writers have taken this concept on the web with yournovel.com. Actually quite an interesting idea and a nice use of the technology. They already have a bunch of books written. Romance novels in different geographies and two flavors: "Wild" and "mild". Each has two main characters, man and woman. Want one about you and your wife/husband? For $50 bucks, the site will run search and replace and print your very own copy. Neat trick eh?

Posted by Martin at 11:58 AM | Comments (0) | TrackBack

Broadcom has new chip for home NAS

I have been searching for an affordable home NAS solution. To date I have basically cobbled together my own from old PCs and stuff. But now Broadcom has a chipset that should drive the cost of stand-alone NAS into the consumer range. Thanks to Linley Group for this:

Last week Broadcom announced production availability of a new storage controller, the BCM4780. Based on a 300MHz MIPS core, the 4780 targets network storage (NAS) products for the home or small office that can retail for as little as $99 (excluding the necessary hard drives), enabling secure file- and printer-sharing. Unlike Broadcom's home-gateway processors, the 4780 includes all software for a production-ready NAS device. In million-unit volumes, the part lists for $20.

The 4780 reuses many building blocks that appear in Broadcom's home-gateway processors: a 10/100 Ethernet MAC, 200Mbps AES crypto engine, and USB and PCI interface blocks; multichannel SATA functionality, however, is left to a third-party PCI device. Unlike IDT's RC32434 processor, the 4780 lacks authentication hardware for digital rights management (DRM). Even with these shortcomings, the 4780's bundled software makes the offering distinctive. Installation is simplified by auto discovery, together with support for Windows, Mac, and Linux environments. Support for RAID 0, 1, and 10, real-time encryption, and up to four hot-swappable drives brings enterprise-class features to the home and small business. And support for multiple video streams (up to three HDTV streams or seven DVD streams) enables the killer app for network-attached storage in the digital home: a video jukebox.

The NAS offering complements Broadcom's extensive home-targeted product portfolio--cable, satellite, and DSL modems; WLAN clients; gateway processors; and video decoders. As transistor budgets grow, Broadcom's aggressive integration strategy is bringing enterprise technology to the digital home, enabling new product categories. Broadcom is likely to see stiff competition from AMD, Intel, and Marvell; it will fare well if it continues to favor the whole-product approach exemplified by the 4780.

Posted by Martin at 11:45 AM | Comments (0) | TrackBack

New approach to light-weight identity

Tried PKI type authentication systems? Fun huh? What if you could enter some simple piece of information like your e-mail name and get authenticated to the same level. Without a big set-up routine? Now you can with Welcome to Voltage Security, Inc.

The basic approach of Identity based authentication versus certificate identification is to basically match some personal characteristics about you (either through questions, or stored) against a trusted database (like your credit history). Given enough data points you can approach authentication and validation levels of PKI. Some even say surpass. Especially when you start asking questions that are VERY hard to spoof like: What is the current balance of your Visa card? What are your two last addresses? What are the last three purchases on your Amex? Transaction based information is the hardest for a criminal to get. Profile information, even things like social security numbers, are actually pretty easy to get. My last three credit card purchases are hard to get. And they change frequently.

I have a feeling that these kind of identy systems are much more the future of authentication than certificate models.

Posted by Martin at 11:37 AM | Comments (0) | TrackBack

Surrender to SPAM

Ludwig finally breaks...
Really funny.

Posted by Martin at 11:24 AM | Comments (0) | TrackBack

SPAM is an identy problem

There is a bevy of proposals to solve SPAM at the authentication level. Read a good overview of them here. At the end of the day, the openness of SMTP is its greatest weakness. The thinking goes that if you set up some user/server authentication system then e-mail clients can do a better job on deciding which e-mail they want to receive. A problem today with spam filtering techniques is that there are many different rules applied to e-mail at the receiving end to determine if it can come it. And those rules are applied to to data (the e-mail) that cannot be validated as to it's authenticity, origin, or sender. So you guess. Spam filters vary on their ability to guess well. With more trusted data in the message, these systems could make more informed decisions. But that still doesn't solve the issue that everyone has different tolerances for what gets through and what doesn't. People who favor white lists today (not reading mail from anyone they don't already know), are also probably the people with Telezappers and signs on their front door saying "no soliciting". User's tolerance varies, therefore the systems must vary, be configurable. A key to any system is improving the ability to verify content, origin and sender of any messages. Most current proposals are proprietary in some way. This is too important a piece of the new economy to entrust to one vendor. Why can't we all just get along...

I am betting that a market based solution from a small, unthreatening company will be what gets traction.

Posted by Martin at 10:23 AM | Comments (0) | TrackBack

March 10, 2004

Helsinki PHD weighs in on SPAM and P2P

Slashdot pointed me to a paper by a Helsinki PHD about P2P and SPAM on the internet today. Very long. But a good state of the art type piece.

Posted by Martin at 9:03 PM | Comments (0) | TrackBack

Cisco slammed by Gartner...

Cisco was slammed by Gartner this week for not doing enough to manage malicious packets. Gartner claims that 30% of all packets traversing the net are of some malicious nature, spam, virus, or intrusions. That number actually surprised me. I guess it shouldn't since way over 50% of all e-mail is SPAM. Gartner points out that since Cisco probably touches nearly every packet on the internet, they could be doing a much better job of filtering. Hummmm.....

Posted by Martin at 8:49 PM | Comments (0) | TrackBack

PicoStation

PicoStation Your Station For Wireless Mobile Blogging - Start Have a wireless phone with a camera? Download this little app and start a cell photoblog. I don't have one (use blackberry), but I may get one. The CEO started 4TH Pass and is a very creative entrepreneur.

Posted by Martin at 8:33 PM | Comments (0) | TrackBack

Ray Lane on the future of Silicon Valley

Trouble on Silicon Valley's doorstep | Newsmakers |CNET News.com

Posted by Martin at 8:15 PM | Comments (0) | TrackBack

A step closer to metered broadband today

I have been thinking for awhile that all you can eat broadband may be short lived. Today, the Seattle regulator of broadband had some harsh questions for Comcast. Apparently they are sending nastygrahams to people who use "excessive bandwidth". But they won't say exactly what that is. They say less than one person in 1,000 use too much. They give examples of behavior that could put you on the lists, but don't say exactly how much is "too much". This is one of the unintended consequences of broadband penetration and especially P2P applications. People actually use them! I bet if someone (Comcast probably does this) actually tracked the average bandwidth consumption for a new broadband user over time, it is up and to the right. There are just ever more interesting ways to use that connection.

It is interesting to remember the maturation of dial up pricing. It started out with per minute pricing. This is for very slow connections remember. Like Cell phones. Then it moved to all you can eat. Then back to what I call "all a regular person should eat" like the AOL 1025 minutes offer. There is an architecture reason for the ISP wanting people to sign on and off like that. For every subscriber, they need a modem at their end and a dedicated phone line. There own fewer modems and phone lines than they have subscribers. Broadband connections, thankfully do not suffer from the same architectural limitations, using software at the server head end. There the limitation is how big the pipe out of the server to the rest of the internet is. And remember, typical broadband connections today are and order of magnitude or two (10-20X) faster than dial up. You can simply drink WAY more bits.

I have seen a number of business plans from start-ups that begin with an assumption of large fixed price pipes to homes with spare processing and disk storage. These start ups want to do everything from distributed enterprise storage to streaming media networks to SETI like applications using all those "wasted" or "idle" resources. The problem with most of these ideas is that only the computer resources are actually sunk, fixed costs. A broadband network is designed with certain bandwidth usage patterns in mind. There will ALWAYS be way more subscribers than the system has capacity for. When applications at the edge (like P2P, web hosting, bulk emailing) start to take up more of the bandwidth, things go out of whack. And Comcast sends you a nasty graham. I hope Comcast has their printer well stocked with paper, because the number of people actually using their connections heavily is only going up and to the right.

When the nasty grams stop working, the next step is metered usage.

Posted by Martin at 8:01 PM | Comments (1) | TrackBack

More lawsuits by big ISPs and Microsoft on SPAM

Today lawsuits were filed by Microsoft, AOL, Yahoo and Earthlink under the new Can-Spam law. It is the first time these four (who make up the vast majority of non-enterprise mailboxes) sued under the new law. They have sued before under various local laws. It will be interesting to see how the stick part of the strategy actually works. The SPAMMERS will try the first ammendment trick and many others to stay in business. I did my own little test of SPAM around the new year and saw a slight drop off, but that apparently was seasonal. Talking with the guys at Cloudmark, they have seen a steady up and to the right trend in spam. No slowing down or leveling off in sight.

Posted by Martin at 7:42 PM | Comments (1) | TrackBack

March 8, 2004

Symantec ups the anti in Spam wars

Techweb > News > Symantec, spam, virus, Microsoft Exchange, > Symantec Updates Anti-virus, Anti-Spam Support for Exchange 2003 > March 8, 2004. Symantec has always been the best positioned to extend their anti-virus stuff to the spam space. They just rolled out some of that today. While I haven't tested their product (and neither have the reviewers) they say they are using a number of next generation techniques that are closing the gap with some of the early leaders like Cloudmark. In the past Symantec has had scaling problems with their SPAM engine. And this time they are utilizing many of the new features in Exchange 2003 which is yet to be broadly deployed. But the hoards are a 'comin.

Posted by Martin at 7:26 PM | Comments (0) | TrackBack

Some more home automation companies to consider

I will be looking into each of these and making comments on them.

ZigBee Alliance
X10
Leviton
Intermatic
Lutron
Echelon's LonWorks
Dust, Inc
Crossbow

Posted by Martin at 9:29 AM | Comments (0) | TrackBack

March 5, 2004

Segway at Pike Place Market Foundation auction

Ok, so I just bought a Segway P series for donation to the Pike Place Market Foundation travel auction. Come by and bid! We can start a Segway polo team...

Posted by Martin at 8:04 PM | Comments (0) | TrackBack

My mother recommends reading...

The Rise of the Creative Class. Supposed to tell you to invest in creative people instead of bricks and mortar. As a VC I could tell you that. I would invest in people all day long over anything else.

Posted by Martin at 7:36 PM | Comments (0) | TrackBack

Intel announces new power management for servers

Intel has finally realized that server power consumption is outpacing data center capacity and that ever faster CPUs increase TCO when they run hot all the time. New Server Power-Management Technologies Address Power and Cooling Challenges. Of course Intel is focusing on regulateion of processor power consumption (product called DBS policy). A second piece they talk about is ACPC which is basically a throttle on the power supply from pumping out too much power. The user can set a maximum draw from the power supply and if the computer starts working too hard, asking for too much power, an interupt is sent. Now I don't know what that means in practice. Does the server stop running? Does it just slow down the processes and disk, etc. to reduce demand on the power supply? Does it tell the OS to kill processes? This could get tricky. The last piece is EPTM which is basically an data center power management console to run servers with ACPC and DBS. Now I bet Intel can do the DBS pretty well. The ACPC is scary. The data center software they will not get right for sure.

None of these technologies address any other devices in the data center including routers, APC supplies, monitors, etc. Neither do they sound very smart about the applications and actual usage paterns of the equipment. Then there is the whole issue of install base. I wonder what the replacement cycle for intel based data center servers is?

Posted by Martin at 7:25 PM | Comments (0) | TrackBack

Details of Microsoft's Caller ID system

I found the technical specifications on their web site. Caller ID for E-Mail Technical Specification One little mentioned factoid is that of course Microsoft claims some patents on the "fundamentals" of the idea. Portions of the patents are available royalty free, but not without strings attached. Then of course the valuable parts won't be free. Here is the really fun part:

"Microsoft and its Affiliates hereby grant you ("Licensee") a fully paid, royalty-free, non-exclusive, worldwide license
under Microsoft's Necessary Claims to make, use, sell, offer to sell, import, and otherwise distribute Licensed
Implementations, provided, Licensee, on behalf of itself and its Affiliates, hereby grants Microsoft and all other
Specification Licensees, a reciprocal fully paid, royalty-free, non-exclusive, worldwide, nontransferable, nonsublicenseable,
license under Necessary Claims of Licensee to make, use, sell, offer to sell, import, and otherwise
distribute Licensed Implementations."

Basically Microsoft gets all the code you write on top of their stuff for free. A real incentive to create something eh???

Posted by Martin at 2:40 PM | Comments (0) | TrackBack

Spam turns 10...

The Register has a thoughtful historical account of SPAM. One thing they point out is that the first SPAM was actually to USENET user groups. SPAM effectively killed those groups. Now it is threatening e-mail, the killer application on the net.

I was at a presentation last night where Rob Owens, the Security analyst for Pacific Crest Securities, said that he believes the SPAM market is going to be double the web filtering market (today around $300M) very soon. And in the end maybe bigger than Virus. He recalled the beginning of Virus. People said that it was a niche idea and boot viruses weren't really that malicious. Little did they forsee all the ways to exploit vulnerabilities. The SPAMMers have just gotten started innovating...

Posted by Martin at 2:33 PM | Comments (1) | TrackBack

March 4, 2004

ESCOs drive energy conservation spending

I am starting to look at ways to sell software into the conservation market. One group of people growing at 25% a year selling all sorts of solutions into those trying to conserve energy are the ESCOs. Basically the system integrators of the business. Good article on background here. I wonder what those companies are valued at?

Posted by Martin at 12:55 PM | Comments (0) | TrackBack

March 3, 2004

Whidbey design goals revealed

I am thinking alot about how to take advantage of the architecture shift coming with Longhorn. On the dev tools side, there is an interium step from Visual Studio 2003 called Whidbey. Whidbey basically uses existing architectures but is more productive. Next step after Whidbey is Avalon which leverages all the new file systems, databases, forms, etc. The design goals for Whidbey (out early next year) are:

Reduce coding for common tasks > 50 %
Full access to .NET framework
Dramatically reducing programming errors at design time
Simplifying data access
Improving the RAD debugging experience
Delivering high-end features for advanced Visual Basic developers

These would be a big improvement. Microsoft continues to be the best, most integrated development platoform. So a 50% coding reduction is coming soon. What if another 50% comes in 2007? How many developers will be using Linux and it's tool set when they have to write 5-10x the code?

Posted by Martin at 12:54 PM | Comments (0) | TrackBack

Tired of Tech?

Start a chocolate company. That is what Timothy Childs did with www.cabaretchocolates.com. I met Timothy at an event last week where he was handing out free samples. Then for my participation on the panel I got a free box of the little devils. I do have to admit it is the best chocolate I have ever tasted! For awhile after LOUDeye I was thinking of starting a chocolate company. May still do it. Sounds like fun.

Posted by Martin at 10:20 AM | Comments (0) | TrackBack

March 2, 2004

Microsoft won't solve spam anytime soon

Gartner has finally said what I have been saying. Microsoft's proposed solutions to SPAM won't be ubiquitious or have an effect any time soon. And they are tilted in the direction of an exchange/outlook upgrade cycle. We need more now. And backwards compatability. That is Cloudmark.,

Posted by Martin at 2:57 PM | Comments (0) | TrackBack

A micro portal

One of the themes we have been batting around at Ignition is the idea of micropublishing. Do Blogs allow you to publish authoratatively on multiple subjects for a fraction of the cost of New York Times? Yea, probably. Along this idea is single purpose sites that do one thing REALLY WELL. Think the old time wasters we love. Along this vein is a site that tells you what glue to use when you want to glue any one thing to another thing. This to That (Glue Advice) I can see this as a web service. I am going to use it tonight actually.

Posted by Martin at 2:29 PM | Comments (2) | TrackBack

March 1, 2004

Will Throttling save us from spam?

Techweb > News > New Products Try To Spurn Spam > New Products Try To Spurn Spam > February 18, 2004. A couple of products have come out recently trying to change the economics of spam. These are in the mode of "slow 'em down". The idea is if you find a mail server which seems to be spitting out "too many mails", then just throttle down it's bandwidth to a trickle. You can do this on the entry points of the network, or you can try to do on your own edge just before your SMTP server. These tactics are more of the same heavy handed, sledgehammer variety that create lots of false positives. The ultimate form of this is to just unplug yourself from the net. And I am not sure these throttling techniques actually cost the spammer any more resources. If I am doing it on the edge of my network, chances are that the mails are all cached in the network between the spammer and my IP address. So the real cost is in the transit points. If you put the chokepoint closer to the spam source, they just move them. If spam sources were easy to find, this would be an easy problem. It is not.

Posted by Martin at 12:21 PM | Comments (0) | TrackBack

Time to test the external hard drives

Tong Family Blog: Disk Benchmarking Thanks Rich for the pointer to a good test tool!

Posted by Martin at 12:12 PM | Comments (0) | TrackBack

US is still the largest offender in sending SPAM

Spam's 'dirty dozen' exposed



The United States, Canada, China, South Korea and the Netherlands are the top five birthplaces of spam worldwide, according to a new analysis by Sophos. Maybe laws can make a difference.

Posted by Martin at 9:26 AM | Comments (0) | TrackBack

A truly accurate lie detector?

'Brain fingerprinting' touted as truth meter Why can't science just figure out a way to read brain waves directly? Go around all this language stuff. Be able to tap into things in the brain that the conscious has problems getting to. Well we may be getting closer. Apparently there are things called P Waves that the brain gives off. By measuring the curve and shape of these, one (with the help of alot of math) can figure out if the brain remembers something that the eye is seeing or not. You can imagine how useful this could be in a legal case. Say you flash 30 pictures in front of a suspect. 15 of them are details relevant to the crime. 15 are not. The brian of the person who performed the crime would recognize the details of it. Someone who hadn't been there would not. Apparetnly a Seattle company called Brainwave Science is working on commercializing just such an invention. Wow, it is getting harder to be a criminal every day.

Posted by Martin at 9:08 AM | Comments (1) | TrackBack