Last summer, I brought you the story of how the Domain Name System (DNS) was under threat and how many of the world’s top tech companies were working together to solve it. Unfortunately, not everyone has updated the software on their servers to fix this flaw. While it’s not as big of a threat as it was last summer, it still poses a danger to the web. Almost a year ago, I explained a flaw in the encryption system that you use to securely connect to online banking sites and to safely purchase goods from Amazon, eBay, and many others. Today there’s more news about ways for that encryption (https) can fail.

The new attack is what’s known as a “man in the middle” attack. What this means is that some evildoer, or someone who just wants your money, watches your network and waits for you to go to your bank’s website. When you do that, the evildoer inserts himself in the middle of the communication and can start adding to the information that’s going back and forth. This allows him to do all sorts of nasty stuff from stealing your online banking information to tricking your browser to download malicious software onto your computer. Ideally, this is one of the things that the encryption is supposed to prevent. If all the communication between you and the server is protected with encryption, no one can insert themselves into your conversation. However, there is a flaw in the design of the protocol which allows this to happen at a crucial moment.

The flaw was came to prominence a few weeks ago, but many researchers said that the flaw was so difficult to exploit that it wouldn’t be a serious security threat. Then, a few days ago, a Turkish student used the flaw to steal some user names and passwords for Twitter. Fear not, he was not being malicious, but simply proving to the security community that this is a serious flaw that needs to be taken seriously instead of simply being dismissed. Twitter has since made changes to prevent the same thing from happening again and industry groups have begun meetings to determine a more permanent fix for this problem. These meetings have been going on since September, but it’s unclear if a solution has been found yet. This, like the other security problems I’ve written about before, will be fixed soon, but it will take a long time for the fix to go into wide use. It’s also a reminder that even our best and brightest will make mistakes sometimes with wide ranging impacts on our economy and the way we communicate.

image by http://www.flickr.com/photos/23905174@N00/

Just a few hours ago, John Allen Mohammad was executed by the Commonwealth of Virginia for his role in the DC Sniper shootings in 2002. He was, most surely, a deeply angry and disturbed man who committed truly atrocious acts. I hope his death brings peace and closure to the family and loved ones of his victims. However, I also wish that Tim Kaine, the governor of Virginia had stayed the execution.

I lived through the terror of the DC Sniper shootings just 3 months after moving from Oklahoma City to Washington, D.C. It was a scary welcome to a new city and made my seriously reconsider if I wanted to go to high school in a place where something like that could happen. However, the response of the people in and around DC was uplifting. Everyone banded together and did everything they could do to support each other. So that time was simultaneously a time of hope and fear for me and many in the area. Obviously, though, we all wish that these tragic murders had never happened at all.

I understand that for many, executing the person responsible for the death of their loved one is comforting and helps them come to terms with that death. It’s not a sentiment that I can imagine feeling myself, but I know that it’s important to others. I think there are a lot of great arguments against the death penalty, everything from its enormous cost to the discriminatory way it’s often applied. More importantly, though, I think we as a society lose an essential part of ourselves when we come together to condone the killing of a member of our society. After the series of violent slayings committed by Mr. Mohammad, we have chosen to respond with more violence instead of with grace and peace. I hope in the future we can stand up as a community and denounce violence in all its forms, whether it’s committed by individuals or collectively.

So I ask everyone to light a candle tonight and, if it’s within whatever your spiritual tradition you follow, pray for John Allen Mohammad, Lee Boyd Malvo (the kid who worked with Mohammad), and the families and loved ones of the victims and the perpetrators. I hope they can all find peace and comfort tonight.

Too Much TV by Elliot Trotter

Today, June 12th, is the last day that analog television will be broadcast in the US. We’re going all digital, baby. As covered previously, the frequencies that analog TV was broadcast on have already been auctioned off to companies for whatever they want to use them for (with a few open access provisions). Digital TV requires either a new TV or a converter box with the US government has spent over $2 billion helping people buy. However, there are still about 2.2 million homes in America that haven’t made the switch yet. A lot of TV stations are going to keep their analog signals running messages about the digital switch for a few months or years to help make sure everyone knows. Honestly, only missing 2.2 million houses in the whole country is pretty impressive. Everyone who has cable or satellite TV isn’t affected by this, just those relying on broadcast TV. The question is, does this really matter?

Read More >>

Continuing on a common theme for me, I want to talk about some of the news from the Electronics Entertainment Expo (E3) last week. As always, for full disclosure: I work for a video game company for a living, so take what I say with a grain of salt and, of course, these opinions are mine and not those of my company or anyone else. E3 is the video game industry’s annual trade show and has a long, storied history of being ridiculous and over-the-top. Those are great stories, but I’m more interested in all the talk of new controllers this year for all three major consoles. So if you’re interested in the cool and crazy stuff that Nintendo, Sony, and Microsoft are doing, read on. Read More >>

Some of you may have heard of Dr. Horrible’s Sing-along Blog that Joss Whedon (of Buffy and Firefly fame) released on the Internet last summer. It’s a great short movie that pretty much creates a new genre, the super villain musical. It also has several actors in it that are very well known in the sci-fi community, but are less well known outside it, with the possible exception of Neil Patrick Harris. It was made during the writer’s strike last year, so the goal was to create something new and interesting and to release it for free online using a new-media-style business model to make money. You can still watch Dr. Horrible on Hulu for free, so if you’ve got 45 minutes, this is an excellent use of your time. However, I heartily suggest getting the DVD, though, because in addition to a lot of normal, cool bonus material, it also has Commentary the Musical. That’s right, it has a normal commentary track and an additional commentary track that is, itself, a musical about making a musical. Now, the creators have posted Commentary the Musical on YouTube, but that doesn’t really do it justice as it’s much better when played along with the movie. It does a really wonderful job of making fun of itself, the movie, musicals, commentary tracks, and the movie industry while still having some insightful moments. So if you’ve got some spare time, make sure you check out both Dr. Horrible and Commentary the Musical.

The week before last, the folks who run The Pirate Bay were on trial for violating copyright laws in Sweden. The Pirate Bay is one of the largest and most popular Bit Torrent sites. They host millions of torrent files that allow people to connect with each other and share music, movies, video games, and other media. That’s right, they don’t actually have any illegal music or movies on their servers, they’re just showing you how to talk to other people who do. But what, you ask, does this trial have to do with Larry Page and Sergey Brin, the founders of Google? Read on to find out.

Read More >>

I think this qualifies as old news at this point, but I wanted to talk about it anyway. Back in March was the Game Developer’s Conference (GDC for short) in California. It’s a week long event that show cases the state of the art in game development. People come from all over the world to hear the best in the industry explain how they’re doing all the cool stuff they do. It’s also a chance for companies to recruit new employees and show off new games and technology. There were a lot of cool and not-so-cool things that came out of GDC this year, but one that got a lot of attention is OnLive. OnLive is a service where you buy games that run on the company’s servers. You have a controller at home and the button presses get sent to the server. The server does all the hard work that your computer or Xbox usually does and then sends the video back to you kind of like YouTube. The idea is that it will allow people to play the newest games without shelling out big bucks for a high end computer. Plus it would eliminate piracy in games because they all run sever side.

This isn’t an impossible dream and it’s something that I think is likely to happen eventually. However, several other companies have tried this in the past and failed pretty badly. There are 3 big hurdles that I see standing in the way this time just like they have in the past: attracting publishers, latency, and bandwidth.

The play experience (see latency and bandwidth below) has to be good before many publishers will sign up to release their games on the service. It’ll also be a hard sell to publishers before many gamers sign up for the service and it’ll be a hard sell to the gamers before many publishers sign up. Most consoles make it past this chicken and egg problem, though, and I imagine OnLive can, too. As publishers get more concerned about piracy and gamers come out more and more vocally against DRM in their games, options like this will become more attractive to both sides as a good middle ground. OnLive currently has a lot of good press and appear to be much farther along than previous companies were. So I think they’ll have a much easier time selling themselves to gamers and publishers.

Now to the harder problems: latency and bandwidth. These are the two measures of the network connection you have at home. Think about sending a letter to a friend. Latency would be how long it takes for the letter to get from your house to their hands. Bandwidth, on the other hand, is how much you can jam into the envelope before it bursts open and the postal service rejects it. Your ISP (Comcast, Qwest, etc.) usually advertise their bandwidth, not their latency. In this case, though, latency will be extremely important. If you have a connection with latency (that is, it doesn’t take the letter very long to reach your friend) then it’ll be similar to playing on your own computer. High latency, though, will mean that there could be a long delay between when you press the button and when the server notices that you pressed the button. In a fast, action-packed game, reaction time can be very important and high latency will really mess that up. Similarly, bandwidth problems could cause the video coming back to be choppy, making it hard to figure out what’s going on or what you need to do to make it to the next level. These are not insurmountable problems, but the Internet backbone in America just isn’t likely to be up to the task of doing this. OnLive will have to have large servers in every major city and in most smaller cities to make this even begin to work. And, of course, it will only be available to people with fast Internet connections (6 Mbps or more) which are often hard to find away from heavily populated areas. Most other industrialized nations have much better network infrastructure than we do, so OnLive would probably do fine there. Here in America, though, it’s going to be rough at best.

OnLive managed to capture some lightning in their bottle this year at GDC. They got a lot of attention and became somewhat of a media darling. They still have a lot of work to do, though, before their service is ready for consumers. Given the long history of similar failures, though, I’m going to believe this one when I see it.

For full disclosure: I hear that a couple of the people who founded OnLive used to work for the company that owns the company I work for. I’m sure they’re nice folks, but I’ve never met them and don’t even know their names. So feel free to take what I’ve said with a grain of salt (pepper is also allowed) if you’d like to.

I’m not even going to bother to comment on whether or not the teabagger’s protests on Tax Day make sense. I just want to talk about how ridiculous the naming of everything is. The people at these protests decided all on their own to refer to themselves as teabaggers. If you don’t know the awkward, sexual connotations of that word, feel free to Google it (you probably don’t want to do an image search, though). That was already pretty funny, a lot of serious adults walking around publically talking about how much they like to teabag. What really takes it to the next level, though, is that these protests were organized by a right-wing think tank headed by Dick Armey. That’s right, Dick Armey organized mass teabagging. I mean really, how is anyone supposed to take American politics seriously after that?

There is one essential way that computers and the Internet have changed our society that, even now, few people truly grasp and understand. As the price of storage has come down, we save more and more of the data we produce. After all, why would you delete anything when you could just spend $40 and get another 100 gigabyte hard drive? The same goes for big companies, too. As the cost of storage has gone down, they’ve had less and less incentive to delete information about the people they’ve done business with. In fact, new data mining techniques make that data potentially very valuable. What happens, then, if everything you do online, every email you write, every purchase you make, and every website you visit gets recorded somewhere for several years or even forever. But even more than that, as security cameras become more and more common your movements are recorded, too, and the companies and governments that do the recording may keep those videos as long as they want. That is the world we live in today, but the implications of this reality are not well understood.

Read More >>

During the 2008 elections, my interest in the candidate’s positions on net neutrality became somewhat of a joke amongst my friends. To most people, the importance of net neutrality are not obvious. I’ve covered it pretty extensively here on The Melon, but now we have a real world example of a large Internet Service Provider (ISP) violating network neutrality.

Recently, a company called FairPoint agreed to take over Verizon’s residential Internet business in Maine, New Hampshire, and Vermont. Verizon wanted to sell this portion of their business because it was heavily in debt and not creating good profits for the company. Verizon sweetened the deal by offering to give FairPoint $50 million over the next few years. However, it’s still unclear exactly how FairPoint plans to pay off the debt and start making money. At least part of that plan will become clear to their customers after the service switches over.

Starting February 6th, customers of FairPoint (previously customers of Verizon who were given no choice whether or not to switch) will no longer be able to access Yahoo! Mail, Hotmail, MSN Mail, or AOL email. Well, they’ll be able to access it, but only by going through FairPoint’s portal to those sites. This portal will certainly include additional ads, but could do other things like store copies of your email or scan it to place ads related to your email. FairPoint could even intentionally slow down access to these sites to encourage their customers to switch to FairPoint’s email which is much cheaper for FairPoint to provide. That’s frustrating and annoying for their customers, but most people would probably find it fairly innocuous, although I’m sure their customers aren’t happy about it.

Still, what if FairPoint doesn’t stop there? They need to pay off that debt and make money. Next, they could  prevent users from using any search engine other than their own or limit access to banking websites. Since bandwidth is what’s expensive, they might charge users an additional monthly fee to get access to YouTube or other video sites.

The reason taking a stand on net neutrality is so important is that it’s a very slippery slope to the more ridiculous ideas like making users pay extra money to visit certain websites or, even worse, charging websites extra money to make sure that customers of that ISP can see that website’s content. Both of those severely disrupt innovation and the online economy. To remain competitive and allow people to come up with new, cool uses for the Internet, it needs to remain neutral. FairPoint’s disruption of webmail is a first step down the path to an Internet that’s not free (as in beer or speech) and it’s important to put a stop to it quickly, similar to the response to Comcast’s disruption of BitTorrent. It will take Congress passing laws to ensure the Internet remains free, but it’s up to customers of the ISPs and users of the Internet to demand fair, high-quality service until that happens. Anyone now stuck with FairPoint should switch to another company on February 7th and refuse to pay any fees associated with early termination of their contract because FairPoint is going to violate that contract on February 6th. My bet is that it will take 2 weeks for a class action lawsuit to be filed.

image credit http://flickr.com/photos/markrabo/