· · Internet
TLS Wiretap Fear
· There is a hot lengthy argument going on in the IETF’s TLS Working Group which has been making me uncomfortable. It’s being alleged that there is an attempt to weaken Web security in a deep fundamental way, which if true is obviously a Big Deal ...
On Password Managers
· It has come to my attention that people are Wrong On The Internet about password managers. This matters, because almost everybody should be using one. Herewith background, opinions, and a description of my own setup, which is reasonably secure ... [24 comments]
· Or should be that be JsonPath? Whatever, it’s a tool I’ve been using lately and generally like. But it could use a little work ... [6 comments]
New Home Network
· Holiday project: Redesign the domestic infastructure. Looking for: Network and storage gear. Got any advice? ... [22 comments]
Validating State Machines
· This morning we released AWS Step Functions, a Serverless Distributed Cloud Microservices Polyglot Workflow Orchestration Coordinator thingie. It’s cool; you want to read about it, visit Jeff Barr’s joint. Step Functions uses state machines specified in a JSON DSL called the States language. This piece is about the two validators I wrote for States documents, one of which is interesting ... [1 comment]
The Fixing-JSON Conversation
· Last week I suggested some modest JSON improvements, and conversation ensued. Obviously, much was “He’s Wrong On The Internet (again)” but lots was juicy and tasty, and worth considering further ... [10 comments]
· I’ve edited a couple of the JSON RFCs, and am working on the design of a fairly complex DSL, so I think I can claim to have dug deeper in the JSON mines than most. We can easily agree on what’s wrong with JSON, and I can’t help wondering if it’d be worth fixing it ... [36 comments]
· Gosh, it seems that my employer’s at-work culture is the talk of the Internet. Don’t know if I should share on the topic, but I feel the urge and bloggers with the urge gotta blog ... [9 comments]
· I use iTunes at home, and otherwise Google Play music, which really isn’t terrible. Since the Net is echoing with screams about Apple’s cloud-music problems, now might be a good time for a few words on the subject ... [3 comments]
· I spent a couple days this week in eastern Washington State with a lot of senior Amazon engineers, all trying to discern and inscribe coherent form on the roiling surface of global-scale cloud tech. This piece is here so I can publish one pretty picture and four wise words about what it means to be an engineer ... [1 comment]
RFC 7493: The I-JSON Message Format
· The Olde ASCII is at rfc7493.txt. I’ll put a nicely-formatted HTML version here as soon as I pull a few pieces together. This is really, really simple stuff and should be about as controversy-free as an RFC can be ... [13 comments]
· More reportage from inside the AWS factory. Looking for leaks or marketing? Nope ... [2 comments]
· No, I’m not going to become an “Amazon Blogger” (that territory is well-covered) but I have at-work stories, neither leaks nor marketing ... [3 comments]
Keys in the Cloud
· I just landed a nifty new feature for OpenKeychain. It’s simple enough: If you want to communicate privately with someone, you need their key. So, just like when you’re looking for anything else, you type their name or email or whatever into a search box and find it on the Internet ... [1 comment]
Hangouts to Slack
· I converse with people every day on all sorts of different online channels; I guess I’m sort of a chat connoisseur. Since I don’t have a work team these days, the only big group chat that consumes any time at all is my local Ingress faction community. It’s been on Google+ Hangouts for over a year, but they just moved over to Slack ... [4 comments]
· You should be able to exchange messages privately using the Internet. My profession should be working on making this easy for everyone, including non-geek civilians who shouldn’t need to understand cryptography ... [12 comments]
Pervasive Monitoring Is an Attack
· That’s the title of RFC 7258, also known as BCP 188 (where BCP stands for “Best Current Practice”); it represents Internet Engineering Task Force consensus on the fact that many powerful well-funded entities feel it is appropriate to monitor people’s use of the Net, without telling those people. The consensus is: This monitoring is an attack and designers of Internet protocols must work to mitigate it ... [8 comments]
· Most server-side APIs these days are JSON-over-HTTP. Developers are generally comfy with this, but I notice when I look at the JSON that it’s often, uh, what’s the tactful term these days? Let’s say “generously proportioned”. And I see clumsy code being written to walk through it. The options for dealing with this are interesting ... [28 comments]
· Surveillance on the Internet is pervasive and well-funded; it constitutes a planetary-scale attack on people who need the Net. The IETF is grappling with the problem but the right path forward isn’t clear ... [11 comments]
· I attended to pitch in on JSON and OAuth work, and because it was here in Vancouver. But this meeting was really about defending the Internet from those attacking it. Which is worth everyone’s attention and deserves more explanation than I’ve seen in the mainstream media ... [4 comments]
HTTP Encryption Live-blog
· The IETF HTTP Working Group is in a special place right now. It held a meeting this morning at IETF 88 on encryption and privacy; the room was packed and, just possibly, needles that matter were moved ... [10 comments]
Security in Internet Protocols
· IETF 88 is going to be a pretty hot meeting, what with the world learning about lots of ugly attacks against everyone’s privacy and security. At the end of the day this is a policy problem not a technology problem; but to the extent that anything can be done at the technology level, a lot of the people who can do it are here. So I think these discussions matter, and I’m going to do some rare semi-live-blogging to relay interesting news as it develops ... [4 comments]
· As sort of a 2% project, I’m helping out over in the IETF, working on a revision of the JSON spec ... [7 comments]
· It took like five minutes to get it set up. It works. It’s great. It’s only doing 5% of what it could ...
Good Internet Baseball
· I was in OpenID meetings at Microsoft all day Tuesday, and started driving home to Vancouver at 4PM. This a fairly painful route at that time, but the Blue Jays and White Sox, via MLB on the Nexus 7, reduced the pain considerably ... [4 comments]
· I just learned (maybe everyone else already knew) that it’s legal to have duplicate keys in JSON text. But please don’t ... [5 comments]
Private By Default
· As of now, this blog’s primary address is https://www.tbray.org/ongoing; note the red “s”. That means your communication with it is private, which I think is the way the whole Internet should be ... [24 comments]
On the Deadness of OAuth 2
· Wow, did Eran Hammer ever go off. His noisy slamming of the OAuth 2 door behind him has become a news story. I have opinions too ... [8 comments]
· David Weinberger points out in Will tablets always make us non-social consumers? that tablets imply a less-interactive “lean-back” relationship with the Internet and thus the world. It’s possible we can fix this by just uncrippling the keyboard; I can’t really have a conversation with the world if I can’t jam text in fast, interrupting bursts of high-word-flow with flurries of local edits. I sure don’t want to live in a lean-back world. [7 comments]
4G Performance Silliness
· I was scanning the mobile-tech news and saw a story on a performance shootout between the LTE implementations from Verizon and AT&T; I skipped by the link and can’t find it now, but that’s OK because I’m here to debunk it ... [12 comments]
Telus Android Island Internet Win
· For Net access from our cottage on Keats Island, we checked alternatives and ended up getting a Internet stick from Telus Mobility, plugging it into my old BlackBook, and having that broadcast WiFi. It worked, but not brilliantly, with big latency and regular outages ... [2 comments]
· Which is to say, 50,000,000 bits per second to our home. It feels great ... [15 comments]
Anniversaries & Ideologies
· I took my little girl to the Sunday toddler drop-in at the local community center and thought about this weekend’s birthdays: Wikipedia’s tenth and the IETF’s twenty-fifth ... [5 comments]
Let Your Data Go
· It’s like this: If you send data to someone over the Net, you can’t control what they do with it. At least cost-effectively. Or, if you want a good outcome ... [14 comments]
· Compared to my laptop, the iPad lacks a keyboard, software development tools, writers’ tools, photographers’ tools, a Web server, a camera, a useful row of connectors for different sorts of wires, and the ability to run whatever software I choose. Compared to my Android phone, it lacks a phone, a camera, pocketability, and the ability to run whatever software I choose. Compared to the iPad, my phone lacks book-reading capability, performance, and screen real-estate. Compared to the iPad, my computer lacks a touch interface and suffers from excessive weight and bulk ... [59 comments]
· It so happens that my name on is the front page of Namespaces in XML 1.0, a technology which is pretty broadly disliked. Well, it seemed like a good idea at the time. But I think we’ve learned some useful things since then and can make some good consensus recommendations for people doing this kind of thing, especially if they’re using JSON ... [5 comments]
Tab Sweep — Tech
· Herewith gleanings from a circle of browser tabs facing inward at the world of technology. Some are weeks and weeks old: Amber Road, Clojure, tail recursion, cloudzones, deep packet inspection, and key/value microbenchmarking ... [5 comments]
· Since I’m working on this stuff these days, a lot of cloud-flavored news drifts across my radar. Here’s some of it ... [3 comments]
Modeling Is Hard
· In A post-mortem on the previous IT management revolution William Vambenepe writes, on the subject of standardization: “The first lesson is that protocols are easy and models are hard.” I agree about the relative difficulty, but think when it comes to interoperation, protocols are very difficult and shared models usually impossible. A couple of examples occur to me ... [9 comments]
· There’s a study out from McKinsey, Clearing the Air on Cloud Computing; many readers will have seen the commentary here & there around the Web. I’d recommend taking the time to page through the 34 well-put-together pages of the original. Its conclusion is deeply wrong ... [7 comments]
· I work at Sun because I like computers, so whenever we announce some, that’s a big day for me. Today’s iron is built around Nehalem. There are a couple of blades, a bunch of rack-mounts, plus 10GE and Infiniband switches (I have seen more than one internal Ethernet-vs-Infiniband fistfight; juicy stuff for geeks. My personal bet is on Ethernet). There will be tons of press releases and so on starting at the Sun homepage linked above, but for the real poop you need bloggers; the people who built these boxes and ran the benchmarks. Tushar Katarki has aggregated them in Sun rise over Nehalem. Let’s cut Tushar some slack on the cheerleading, he’s been working on these for a while and has earned the right to a little rah-rah; and he links to real bloggers ... [6 comments]
Sustaining the Internet
· I spent Thursday evening and Friday at a meeting called “The Future of the Internet and Sustainable Development Consultation”, hosted by the International Institute for Sustainable Development (IISD), an advisory organization funded by various bits and pieces of the Canadian government. This particular exercise is aimed at producing advice for Industry Canada, which has some reasonable concerns about the Internet, Canada, and the world. Data point: Canada, once second in the global Internet connectivity scorecard, is now nineteenth and falling fast. Which isn’t good ... [3 comments]
C1 in NY
· CommunityOne, that is. Just a few weeks from now: March 18th and 19th in Manhattan. I’ll be there talking about my Android work, and I’m also working very intensely on some other things we may, with luck, show the world. The program looks genuinely interesting; I’ll be there all day to take it in.
[Update: Oh hey, as Simon points out, it’s free.]
· I spent some time looking through the just-emerging web OS technical documentation, and it quickly became apparent that Palm’s approach is radically different from both Android’s and Apple’s. Since they’re all here at more or less the same time, running the same Web browser on roughly equivalent hardware, this represents an unprecedented experiment in competitive software-engineering approaches ... [17 comments]
What’s “Cloud Interop”?
· I’ve seen verbiage on this echoing around the Net while the various Cloudy festivities go on down in the Bay Area. You could spend a lot of time partitioning and taxonomizing the interop problem, but I’d rather think of it from the business point of view ... [6 comments]
Cloud Interop Session
· I spent Tuesday at the Cloud Interop event organized by Steve O’Grady and David Berlind. Scientists say that even a negative result is useful in advancing knowledge; I’d go further and say that a wait-and-see attitude in the heat of a hype cycle is often optimal. By those criteria, this was successful. My attendee count peaked at 51 ... [3 comments]
The Shape of the Cloud
· There’s an interesting argument going on about the business-structure futures of the Big Cloud that everyone assumes is in our future. Some links in the chain: Hugh Macleod, Tim O’Reilly, Nick Carr, and Tim again. A few points about this seem obvious; among other things, Amazon Web Services is reminding me powerfully of Altavista ... [9 comments]
· Google’s DeWitt Clinton, in a comment on my Get In the Cloud piece, asserts that both Google App Engine and Amazon EC2/S3 are already lockin-free by my definition. That’s not quite consistent with the word I’m hearing on the street. I’d appreciate testimony and pointers from others, because this is a really important issue ... [14 comments]
· These days, I’m gloomier and gloomier about the prospects for the mobile Internet; you know, the one you access through the sexy gizmo in your pocket, not the klunky old general-purpose computer on your desk ... [32 comments]
New TLD Fun
· I’m not sure whether this free-TLD idea is a good or bad thing in the big picture, but you can have some idle fun thinking ’em up; it’s almost poetic:
.geek, .nerd, .aspergers
.vancouver, .condo, .rain
.dot, .sun, .web
.pr, .fanboy, .whore
.plane, .train, .auto
.good, .bad, .fail
.pwns, .sucks., .rocks
.rock, .jazz, .blues
.mojo, .mofo, .homo
.school, .college, .job
.nba, .epl, .afl
.bondage, .discipline, .spanking
.fast, .slow, .stop
.beginning, .middle, .end [11 comments]
Not an OS
· Last Thursday I tweeted: “I strive to maintain an open mind when nontechnical people talk about the ‘Internet OS’ or ‘Web OS’. Sometimes it's tough.” I got some grumbles by email and I think the subject is worth more discussion. Let me be more specific: Neither the Internet nor the Web is much like an OS. And even if it were, that’d be the wrong way to think about what’s going on right now ... [24 comments]
· That S3 outage sure concentrated people’s minds. And almost simultaneously, EMC announces that they’re getting into cloud storage. It’s obvious to me that we’re nowhere near having worked out the economics and safety and performance issues around where to put your data. There are some areas of clarity; geek über-photog James Duncan Davidson, in The Economics of Online Backup, shows that for a person with a ton of personal data, the online option is really unattractive. And you do hear sotto voce rumbles about going online in the geek hallways, for example “Amazon web services: 3x the price, 0.5x the reliability, and lower scalability than DYI. Buy only for the low capex and lead time.” That’s from Stanislav Shalunov, who by the way is a damn fine Twitterer. The big questions remain open. [3 comments]
· Preparing for that July trip to Berlin, I was worried about getting online; Lauren poked around a bit and suggested Boingo. It was a huge success; I got an hour or two in at Heathrow going and coming, and the little German hotel was also on Boingo. I’d sort of thought, when we got back, that I’d cancel, since it seems to be more a European than US thing. But it keeps showing up here and there, probably enough to be cost-effective. In particular, O’Hare airport, which has ong been T-Mobile (expensive and slow) or nothing, now has a network that named “Concourse” which uses Boingo and is damn fast, I think maybe the fastest WiFi throughput uploading pictures to ongoing I’ve ever seen. So if you’re traveling a lot, you might want to check it out. [3 comments]
· I read my non-Sun email through GMail these days. It’s amusing to watch the ebb and flow of spam, as the bad guys figure out a way through the defenses, then Google patches that hole; repeat forever. But there could be a lot less. If I could pick the character sets I can read, then it’d be automatic that anything in Chinese or Cyrillic or Hebrew or Arabic or Farsi or Devanagari is spam. Plus, anything that mentions lottery in the title or the body, even once. Plus, anything where the title is of the form “From XXX XXX”. That’d catch at least 75% of what’s still getting through. [14 comments]
· Lauren has a problem: it’s “about what to name the thing that names names”. [3 comments]
OpenID Patent Covenant
· Sun just announced a Patent Non-assert Covenant on OpenID; chapter and verse and FAQ here. Simon Phipps has a useful write-up. But what really impresses me is the text of the covenant itself; four short paragraphs of simple, almost jargon-free, English. Why can’t we do this more often? I’m told that our own Eduardo Gutentag gets the credit. [Ed. note: I’ve been asked a couple of times now why don’t do one of these for Atom, too. Good idea, I should have been working on it and I’ve been procrastinating.] [3 comments]
· Mostly technology-centric, this time ... [4 comments]
· Today we announced something, and let’s stick with the code-name “Neptune” because officially it’s called the Sun x8 Express Dual 10 Gigabit Ethernet Fiber XFP Low Profile Adapter, which just rolls off the tongue, doesn’t it. I have to say it’s about the butchiest-looking NIC I’ve ever seen. Now, normally I would have bypassed the opportunity to blog, because I’ve never actually even seen a 10G wire or plug, and have no idea what the trade-offs are and what makes a good one. But our Ariel Hendel wrote Russian Dolls, the first paragraph of which discusses love, soccer, and beer, and which includes a remarkable photograph; it is actually about Neptune. Speaking as a geek who likes fast networks and good writing, I think it’s wonderful. [1 comment]
· Ladies and gentlemen: in this corner, in the Mavericks colors, Mark Cuban! And in the other corner, in the geek threads, Bram Cohen! Both fighters score, but this judge gives the first round to Bram. (And I think to myself: what a wonderful world.) [1 comment]
On Email Clients
· As I wrote recently, Mac Mail lost some of its memory in a crash and, when I restored things, stopped working. I was keeping it running so I could go search for things, and then one day I accidentally clicked “Get new mail” and it did, so I guess it’d worked through its issues, whatever they were. Now that all my non-IMAP mail is on GMail, I can switch clients back and forth a bit; so herewith, comparative remarks on GMail, Thunderbird, and Mail.app ... [25 comments]
· For years, I’ve had two email addresses; the current job and the long-term personal one. The latter is unfortunately one of the world’s most public, appearing among other places on the front of the XML specification, and thus gets a lot of spam. I mean really a lot. Which was causing some pretty severe pain, but I’m using the Gmail dodge, and that helps quite a bit ... [24 comments]
· Unifying theme: none. Item: Excellent Rails-vs.-Django study. No axe to grind, apparently. No obvious winner, which is news given the Rails hype. Item: Dana Blankenhorn’s Means and ends in open source; very thought-provoking. My guess is that the immense licensing fees driving the bloated sales infrastructures at Oracle, SAP, and friends are small in relation to the whole software acquire/deploy/maintain monetary pie, so the size of the whole industry isn’t likely to change that much. Item: Irving Wladawsky-Berger, grand IBM technology poo-bah, speculates about the future of the 3-D Web in An Unusual Meeting. Speaking as one who’s made two concerted efforts to build a 3-D representation of the Web, I sure hope he’s right. Item: I can read Takashi’s cat’s mind. He’s 100% focused on how he can get in between Takashi and the computer. (Takashi’s amusing post is about “Engineer's 2.0 day-life in the midafternoon”.) Item: From Clay Shirky, Social Facts, Expertise, Citizendium, and Carr; a careful, level-headed thought piece on what it means to be an expert, in the context of Wikipedia and Citizendium. Item: From “jbischke” at Learn Out Loud, a handy list of The Top 10 Arguments Against DRM; we already knew most of this stuff, but it’s useful to have it pulled together, well-argued and in one place. Item: Everyone’s blogging Test your musical skills in 6 minutes!; I only got 72.2%, sigh. [11 comments]
· Check out Scoble on Cisco’s HD telepresence. I think he’s underestimating the impact. I’m on the road every month, sometimes two or three times, and I hate the airlines and the whole travel system with the heat of a thousand suns. Plus, I probably cost Sun the best part of $100K a year in travel expenses. Suppose you have a population of employees like me; cutting travel costs in half for six of us would cover the $300K price point. Plus, think of the extra efficiency we’d get from not spending all those endless hours in lines at airports. Of the travel I do, some part is actually need-to-be-there stuff; but if the HD telepresence prices can be brought down a little and the virtual meetings cranked up a little, this stuff is not that far from having slam-dunk ROI. [7 comments]
· A few days ago, our CEO Jonathan Schwartz sent a letter to SEC Chairman Christopher Cox calling for SEC financial-disclosure regulations to allow for publishing material financials on the Web. It’s obviously a good idea, but there are some implementation issues. (Hey, I’m an engineer, I can’t help it.) ... [12 comments]
Back to the Land
· Every year I spend a few days on a family member’s farm in Saskatchewan; this is usually followed by many photos of cows and Prairie landscapes here on ongoing. The Internet there is dial-up but usable, with the application of some discipline. Only this year, I fired up my recently-repaired Mac and it told me that my internal modem did not exist. Repeated reboots failed to make any progress, and I couldn’t really get to the Apple knowledge base. That’s OK, all I really need is email and I could use the secure-webmail interface for that. Only for some reason, that wasn’t working; incomprehensible error messages about something being misconfigured. Ouch; so I filed a trouble ticket and called my boss’ admin and asked her to drop me a voicemail if anything super-important went across our group alias. Then when I called back to check my messages, my personalized Sun 1-877 number gave me a busy signal. Clearly, some heavenly power did not want me interacting with work. So I closed the computer with an emphatic “snap” and went to take a crap, and the toilet backed up.
· At Java One, I purchased the “conference gadget”, a SavaJe Jasper S20. Since it supports most of Java SE, I thought I’d check out whether a competent Java developer who knows nothing about mobile issues could make it do anything interesting. It’s kinda cute, and it’s an OK phone on my local GSM network. However, the software development pack runs only on Windows. It’s got a camera and shoots video, but when I plugged the USB into my Mac, the Mac said “unable to use that disk” and then crashed a few seconds later. I have never had a USB device fail like this on any computer before. Also, the phone’s preferences menus are lame and limited, so on the screen, I can’t keep the network operator name from over-writing the Date/Time display. Finally, my network provider requires some slightly odd GPRS settings (e.g. funny DNS port numbers) and the phone doesn’t have a way to set those, so I can’t connect. I reported this on the SavaJe developer forums, and some badly-programmed bot pretending to be a “SavaJe Developer Services Engineer” mindlessly pointed me at the directions to the phone’s GPRS setup screen, when I’d specifically stated that that screen didn’t do what I needed. SavaJe might turn out to be a good idea, but they’re doing their best to cover that up. [Update: As of sometime over the weekend, an actual human seems to be having a look at the situation, over at the SavaJe developer forums. So let’s see...] [Update: Got a nice email from Larry Kaye, Manager of Developer Services over at SavaJe. Very to-the-point; yes, they know about most of my issues, are working on them. That’s all anyone can ask for in a bleeding-edge developer-release product. Will report further.]
How to Send Data
· I’m sure this has long since dawned on all the really smart people, but it’s really starting to become fifty-foot-letters-of-fire-in-the-sky obvious: if you’re sending anything across the Net, why would you ever send it uncompressed? And if you’re sending something to any audience other than the whole world, why would you ever send it unencrypted?
Fat Pipe, etc.
· I gather that David Isen gave a rousing talk at the recent O’Reilly Emerging Telephony Conference, which involved chanting a little mantra about how network providers should behave: Fat Pipe, Always On, Get Out of the Way! David generously credits me with inventing the phrase, which is true, see Fast and Always On, an otherwise-forgotten fragment from March 2003. David’s performance art got noticed. I’m not entirely a fan of David’s poetry, but the Freedom to Connect event that he was promoting looks darn interesting.
WaPo Still Screwing Up
· The Washington Post has noticed the brewing storm over the two-tier Internet; Doc Searls gets the long-term credit for starting the storm brewing. The WaPo piece, The Coming Tug of War Over the Internet, is clueless, at a trivial level in alleging that the debate is happening “on obscure blogs”, but most of all in the outrageous claim that “Companies like Google and Yahoo pay some fees to connect to their servers to the Internet, but AT&T will collect little if any additional revenue when Yahoo starts offering new features that take up lots of bandwidth on the Internet. When Yahoo’s millions of customers download huge blocks of video or play complex video games, AT&T ends up carrying that increased digital traffic without additional financial compensation.” While the details of the deals by which the big boys buy bandwidth are closely-guarded secrets, the notion that any of them can dramatically increase their net traffic without paying for it, that notion is just wacko. I’ve sent Christopher Stern, the author, an email, but this silliness is already on the streets of Washington in a few hundred thousand dead-tree instances. The difference between blogs and the mainstream media is that when we screw up, we can mostly repair the damage. [Update: Five days later. No answer to my polite, friendly email. No change in the article. So this “journalism” thing... it’s a profession where you can just make random shit up and print it whether it’s right or wrong, and ignore feedback, and you just don’t do those “retraction” or “update” or “apology” things? Seems like a flawed, short-lived business model to me.]
· I couple of years back I wrote about the advantages of using iTunes or XMMS to soak up Ambient Internet Brain Goo. These last couple of days I’ve been learning how to partition the disks and install multiple operating systems, some of ’em pretty bleeding-edge, on my Ultra 20, which involves quite a bit of waiting and irritation. I owe my continued sanity to HBR1; as far as I’m concerned they’ve got the best brain goo going.
· This week’s splogstorm and the endless flood of email spam are two symptoms of the same disease. When you allow people to add content to the Net for free, the economic incentives to fill all the available space with with spam are irresistible, and fighting back is difficult, maybe impossible. This works because, while the payoff per unit of spam is low, the cost is zero. Well, we can solve all these problems at once. It wouldn’t be free, but it would be cheap and it wouldn’t be that hard. It’s called “Internet Stamps” ...
GAIM & Adium, Good Stuff
· I succumbed to peer-group pressure and gave Adium a try; it’s a Mac instant-messaging client, wrapped around the Gaim code, that supports more or less every IM system on the planet. I’m very impressed, it’s good stuff. Gaim is very solid, and as for the OS X wrapping... well, iChat makes native AOL look klunky and primitive, and Adium makes iChat look sloppy and space-inefficient; it gets the job done and gets out of the way. Also, if you want to whisper secrets, it supports OTR encryption. I can’t push pictures through it or do video chat, so iChat will still get used sometimes. But, as of now, you can talk to me on AIM, Jabber, Yahoo!, and probably even MSN pretty soon. [Update: MSN too, tim dot bray at sun dot com (uh, do I know anyone on MSN?); I’m now superultramegaconnected.] Adium: highly recommended. [Update: There’s an irritating bug, Adium from time to time makes it look like I’ve dropped off AIM even though I’m still there. I’ll have to go poke around and see if the developers know about this.]
An Echoing Silence
· This weekend, I’m being reconfigured; to be precise, the vast crowded commons of Sun email is all being reconfigured, and this is my weekend to leap the gap from before to after. So my Sun email is inoperative till Monday or so; if you need to contact me electronically, a quick Y! or G search will turn up another perfectly good address.
· Yep, it works with iChat. Yep, I’m signed on (my gmail address should not be hard to deduce). Yep, XMPP as a protocol probably has the legs to beat any other single candidate. Yep, it’s dumb that the chat services don’t interoperate. Nope, I don’t necessarily trust G’s benevolance, but yep, it’s good not to have all my eggs in an AOL basket. [Update: further thoughts.]. Item: Uh, anyone can run a Jabber server, is this news story no more than “Google runs one too?” Item: Ars Technica is dismissive. Item: Hey, Apple; why do I have to have two buddy lists, one for “classic” iChat and one for Jabber? Item: All these names I don’t know are pinging me, wanting to add me as buddies. For the first few, I accepted, then sent a message “Do I know you?” So far, nobody’s answered, so I removed them. [Update again: Interoperation between iChat and any non-Mac GoogleJabber client is shaky-to-absent. I tried to use Nitro, a native Jabber client, and it wentup in smoke.]
Down & Out in Tulsa
· If it seemed like ongoing wasn’t there, it wasn’t. My host has a dire tale of cascading failure, but the weird thing is, when the site was down, traceroute showed the packets cascading into Williams Communication, where they struggled from Palo Alto to Santa Clara to Denver to Dallas to dusty death in Tulsa, Oklahoma. How unfortunate.
Holy Gigabytes, Batman!
· In April, ongoing served a total of 84.5 gigabytes of data to the world. Pardon me, but that just seems totally mind-bogglingly ridiculous.
· So I just made my first Skype call, from a hallway in Makuhari to Lauren’s cellphone in Vancouver. She was busy, so it was just “Hi, talk again later.” But it worked and it cost me €0.02, which seems pretty fair.
· The Net today is standing on slightly firmer foundations than it was a few weeks back. On December 15th, the W3C issued Architecture of the World Wide Web, Volume One as a “Recommendation”, i.e. as close as they get to calling anything a standard. If you read it, there’s a lot of focus on URIs (Uniform Resource Identifiers, as in what we usually confuse with the Universal Republic of Love). Today saw the final publication of the URI specification as RFC3986, also known (even more impressively) as IETF Internet Standard #66; some of the IETF’s most widely-deployed protocols never make it to “Full Standard” status. I’m hopelessly biased because I helped write both of these documents, but I think that each is individually important and that the combination is really important. Most people can’t possibly imagine how much work it is to grind these things out, and how many revisions it takes to get one right. I originally wrote all of what is now Section 6 of RFC3986, and I think there are very few sentences in there that haven’t been updated a few times, almost all for the better, and almost all the work was done by Roy Fielding, who deserves a deep bow from us all. The Internet and the Web aren’t things and they’re not places, they’re a mesh of agreements that allow us to talk to each other and to be less stupid. These two documents are important links in that mesh.
· The arrival and insanely-fast growth of syndication/RSS technology brings a New Thing to the Internet. Until recently, there was only one messaging architecture known to work at Internet scale. That was store-and-forward, as in how email works: I send my message to a computer near me, which stores it and sends it to another computer near you (with retries and so on as appropriate), which stores it, and you retrieve it from that computer. Syndication has proven that a different model, post-and-poll, scales up too. It works like this: I post some data which contains either messages or message pointers to a public place, and you poll periodically to see what’s new. The difference is that store-and-forward supports anybody-to-anybody message traffic, while post-and-poll assumes separate communities of senders and receivers. People who are designing message interchange frameworks that might need to become Internet-scale should consider this, and be careful of architectures that don’t fall into one of these two baskets, because nothing else has yet been shown to work. [Update: Somehow I forgot to credit Mark Hapner of Sun who pointed all this out to me, presenting it as something obvious, not a discovery; but then I realized that it hadn’t been obvious till he did so.]
· I’m on vacation for a week in Saskatchewan; lots of family here, so we do this regularly. Anyhow, my Mom in Regina uses dial-up, which mail volume has made impracticable for me. So, I was pretty well resigned to being mostly Net-free. Except for, I’m sitting in Mom’s living room here in a nice ordinary residential neighborhood and I turn on the computer to check something and here’s this WiFi network named “jamaville,” the signal is only really stable in one corner of the living room, but hey, I’m on-line. I told my Mom the name and she drew a blank on all the neighbors and even called one who’s kind of high-tech, no idea who it is. The word doesn’t even show up in Google (that is, it didn’t until today). So whoever you are, Jamaville, thanks and my apologies for leeching a little bandwidth for the next couple of days. Hmm, if WiFi is showing up in random locations in small Prairie cities, doesn’t that mean it’s pretty soon going to be basically everywhere? [Update: Follow-up on Google propagation weirdness and content-replication lameness.] ...
· Just a couple of data points. I spent an hour talking to Henry Story in France this morning, he’s doing some work on BlogEd and given the obvious pain around Web authoring, maybe we should be looking closer at that. Oh, Henry and I didn’t use the telephone, that would cost money, we chatted face-to-face across eight timezones via iChat AV, which is of course free. Other telephony news: I have a Vonage phone on my office desk, and now Vonage tells me that for an additional C$12.50/month, I can get a SoftPhone. If I do, then my computer will have a phone number... that phrase somehow resonates; I don’t think I understand what it means yet. Meanwhile, Russell Beattie has been telling us about the present and near-future (1, 2, and 3) of wireless. It seems to me that the whole world-wide telephone business has been smashed into little pieces and thrown up into the air, and who can tell what it’s going to look like when it all lands. [Update: Later the same day, the launch of Skype 1.0 for Windows. Hold on tight.]
Stupid Broken Wintel
· Lauren is going on a trip in a few days, and we thought that free videophoning would be nice to have while she’s on the road. She’s got a decent IBM Thinkpad X31 which has FireWire, and AIM is supposed to work with iChat A/V, so this should be possible. You can’t plug an iSight into Windows, so she got an “iBot” FireWire cam from Orange Micro. The Thinkpad has a FireWire port, but it’s a passive four-wire that doesn’t provide power, so she had to get a powered hub (this is already too much work). Then she fired up AIM and... no luck, it didn’t recognize the iBot; it did, however, let us audio chat back and forth. Windows XP saw the camera just fine and you could see the video. We checked the iBot with the Mac, it worked perfectly with iChat. First, she spent some time on the Web Site; no help, but there was a phone number. She called it, pressed the number for tech support and a recording said “for tech support send email to support@.” So she sent the email and got back an auto-responder saying “for tech support go to the Website.” Then she tried it with Yahoo Messenger, and it worked in webcam mode, incredibly slow, but then there was no audio chat. Finally we plugged in our big hand-held videocam and it also didn’t get recognized by AIM. So I’m not sure whether IBM sucks or XP sucks or AIM sucks or the iBot sucks. But it’s the iBot that’s going back to the store tomorrow. (Lauren would happily get a PowerBook except for she finds a touchpad massively unpleasant. Since it is well-known that women have generally more sensitive fingertips than men, I wouldn’t be surprised if she’s not the only one. Earth to Apple...) Sometimes I hate computers.
iChat AV Irritation
· So, I can video-chat to Simon Phipps in his place in Southampton, England just fine. Steve Gillmor can video-chat to Simon too. But Steve and I can’t video-chat to each other. ConnectionDoctor says Steve’s not responding to my UDP packets. NatCheck says nothing’s wrong. I turned off my firewall, but I’m sitting behind a DSL modem and a D-Link router that may be screwing things up. Mark me puzzled. [Update: Flip Russell, who’s been around this track, writes to tell me that here and there around the Internet are routers that just don’t route UDP, and that if one of those is between you and whoever you’re trying to iChat with, audio/video just isn’t going to happen, and there’s probably nothing you can do about it.]
More Spam Damage
· I subscribe to a few IETF-centric mailing lists, including atom-syntax, that are hosted at the IMC; Recently, I posted an Atom-related suggestion (see also here) but the posting never showed up. I checked with Paul Hoffman, who does a fantastic job of running the site (competently-run mailing lists aren’t that easy to come by), and he told me I’d been auto-unsubscribed because my ISP had decided, deferring to the SpamCop Blocking List, that the IMC’s SMTP was a spam source and (temporarily) blacklisted it. This is the second time in a month that I’ve had legitimate emails get bounced this way. I re-subscribed from my Sun address, but apparently, to quote Paul: “If you trust spamcop, you will continue to lose your mail randomly without knowing why.” If you read the SpamCop page linked to above, it looks like SpamCop would agree with Paul’s analysis. Anyhow, now I’ll find out if my ISP will stop applying this filter to my email, and if not, I’ll have to find a new ISP.
· When invitations to LinkedIn and Orkut started coming along, I joined up, and (on Orkut) even proactively signed up to be friends with some people I knew who were already there. But I never figured out what it was all for. Maybe I’m wrong, maybe these are the first symptoms of something big. Today, I look at my inbox and see a few more invites and you know, it just isn’t worth the time to go hit the sites and click on “Yes” or “No.” So if it looks like I’m ignoring your invitation I am; but don’t take it personally.
New Virus, Yow
· This virus that’s going around trying to get you to click on a .PIF because it’s partial or has non-ASCII in it or whatever, it’s hitting my inbox harder than it’s ever been hit before. Maybe we’re watching a record being set; the mind boggles at the thought of the billions of these things that are swooshing around mailspace. The stories say the virus-hounds haven’t figured out what it does yet. Well, I can tell you one thing it does: mail itself to everyone in your address book, faking a signature from someone else in your address book. Er, maybe the world should stop using Outlook. Just a suggestion. [Update: Jon Udell writes me to point at this excellent four-year-old piece; the email client there is Outlook and he still uses it, and the way he uses it makes it safe. He’s right and I was wrong: The problem isn’t Outlook, it’s Windows.]
Get Yer Social Networking Here
· Sometime in December, somebody flipped a big switch and all of a sudden everyone was inviting me to join their Linkedin network. Then suddenly last week the Kozmick Finger pointed at Orkut, and near as I can tell, all the geeks on the planet have spent this weekend busily inviting each other to be Orkut pals. It all seems mostly harmless; mind you, I haven’t actually got any use out of either of ’em. For what it’s worth, all the Orkutians seem to be heavy geeks, while about half the Linkedincrowd is VCs and businesspeople. I don’t think it’s gonna change the world, but I’ve been wrong before. To those whose invitations I’ve declined: sorry, nothing personal, it’s just that I feel I ought to either have spent some face-to-face time with you or been in some substantial online interaction.
Email Tech 2004
· In the last few weeks I’ve upgraded my email environment here and there, and I thought it would be worth passing on hints in the areas of mail-sending service and security ...
On Postel, Again
· Mark Pilgrim has echoed Aaron Swartz’s earlier call for, in general, forgiving parsing of Internet content and, in particular, the application of this “liberal” policy to the parsing of subscription feeds, and in particular particular, to the parsing of the Atom format. Others including Dave Winer have weighed in on the other side. Parts of this no-exceptions message are mistaken and malformed, but I’ll parse it forgivingly and address some interesting related issues ...
· I have an iSight and a nice new Mac laptop. I also have a beat-up old Mac and a decent Canon videocam that I don’t use that much, not having (yet) developed videographer’s reflexes. Anyhow, the Canon has firewire output, so I plugged that into the old Mac and what do you know, it works just fine with iChat AV. So we put the old Mac and the Canon with a little tripod on a desk in a quiet but wired area upstairs and it’s a free videophone to anywhere in the world. Restating for emphasis: whenever I’m anywhere in the world and have an Internet connection, I can have a free videophone call home, that goes on as long as I need to and nobody’s counting minutes or running up a phone bill. Let’s see; free telephone with video, or pay-for-it telephone with no picture. Costly and voice-only, or free with a picture. I think this is what an inflexion point smells like.
DynDNS, Dig It
· This is just a plug for DynDNS.org, who provide all sorts of useful services related to DNS and mail. Basically they take care of a bunch of things that in an ideal world shouldn’t be necessary: If you have broadband but your DNS keeps shifting; if you can’t get to your ISP’s mail-sending SMTP machine; and so on. Some of the services are free, and the rest are ridiculously cheap, and it seems to Always Just Work. Check it out.
· Talking around the table over sushi and beer the other night, we realized we’ve reached an inflection point; a lot of us can really no longer use dial-up effectively on the road. The volume of email (mostly spam, but even the legit stuff) has gotten so high that you just can’t afford the time for the modem to wade its way through it. IMAP plus server-side filtering helps less than you’d think, because IMAP is such a chatty protocol. It was here in Japan, a decade or so ago, that for the first time I was able to dial up and get my email from on the road. At the time it was a huge quality-of-life win and I remember signing off “Emailing ya from Japan, dig it!” Well, I’m blogging from Japan, but it’s through a fast smooth Wifi connection, just open up the laptop and I’m on the air. Two of the people in the room here have Vonage boxes and are getting local phone calls; dig it!
Another Whack at Spam
· What happened was, I was at a table with Jeremy Zawodny, Dave Sifry, and Doug Cutting, which is probably around fifty aggregate years of big-iron experience. So as usual we were bitching about spam, and we had an idea that would shut it down for sure. [Updates: Prior art and an improvement.] ...
· My spam filter is reasonably well-trained against SoBig now, such that only a dozen or two forged-
To bounces a day get through; the price being that I am unlikely in future to notice when my own emails bounce. Also, the endless inventiveness of the spam merchants is alarming, and they manage to get a few past Mozilla’s Bayesian defenses. Two items of note in this space in recent days: First, the ever-inventive Paul Graham suggests that filters automatically dereference every URI in each incoming message; this is really clever because it means that anyone who sends spam is going to incur a real tangible expense, since nobody gets bandwidth for free. Second, Bill Weinman proposes AMTP, for Authenticated Mail Transfer Protocol; a quick reading of the draft reveals no obvious fatal flaws but I’m no expert in this space. Knowing who sent every email would very likely make the problem go away, though.
· I was sitting in the airport using my $6.95/day Wayport connection to read the news, which included a story about the danger of a WiFi bubble. Which leads one to wonder, where do we really need it? ...
Degrees of Viral Separation
· I was nuking a few dozen pieces of Sobig.F dung that had made it through the mail filter, recognizing a few of the names that had been forged in the “From” and “To” fields, not recognizing more, and it occurred to me that each instance of this virus contains an assertion about three people: that one of them knows the other two. There’s a business plan lurking in here ...
· Everybody knows that this week’s virus-storm has hit so hard because everyone runs Outlook; so one way to improve the situation is to not run Outlook. Herewith consideration of some pros and cons, and a look at a few email alternatives, including Eudora, Mozilla, and Pegasus ...
Thinking of Bob
· Bob Metcalfe, that is, who regularly predicted that the Internet would collapse, and famously ate his words—literally, he ground ’em up in a blender and ate ’em, I was in the room—at one of the Web conferences. Well, at the moment I can’t connect to AIM and I can’t connect to Google, and I’m getting a couple dozen echospam per hour (bounces from spam with my address forged) and even though I just turned on the computer after a couple hours downtime, NetNewsWire says “nothing new” which I flatly don’t believe. Probably just something else flailing away at the Wintel monoculture. But I don’t like it.