Tuesday, November 22, 2005

The $100 publicity device

It's one of those stories that people just can't resist: self-publicist and acclaimed guru Doctor Nick - sorry, Nicholas Negroponte - pops up in Tunis at the WSIS Summit promising $100 PCs for the world's starving children.

Rather than critique the stunt itself, it's also instructive to take a look at what happened in the media, which was simple: it was taken as gospel. You know that guru-worship has reached ridiculous heights when someone showing a not-particularly-functional prototype is written up as if he'd launched a commercial product, which was how the show-and-tell was swallowed at the first pass.

By the third day or so, a very few media outlets had started to pick over the entrails and decided it wasn't such a hot story after all. As far as I can tell, The Inquirer (http://www.theinquirer.net) was the first to pour scorn on the idea.

But that's not going to be enough: the lack of scepticism at the beginning has created an international belief that Doctor Nick's done it again - a stroke of brilliance from the guru, save the world and feed the starving, how do you nominate people for the Nobel, and so on.

Media guru-worship is bunk; it's the inverse of "ad hominiem", where all you need to turn bad ideas good is to have the endorsement of a guru. So I've long since given myself a guru-ectomy.

There are a great many questions any journalist could have asked if he or she hadn't been sleepwalking at the time. But to me, the outstandingly obvious one is this: Why would authoritarian kleptocrats spend money buying up PCs for their citizens at the same time as denying them food, suppressing communications, and repressing information or debate?

Some context is instructive here. Journalists attending the summit were seeing first-hand the effects of government Internet censorship in Tunis, which is by no means the worst offender on the "control citizens' access to information" league table. The Register (http://www.theregister.co.uk) reported hilariously that a Swiss tourist information site (www.swissinfo.org) was being filtered out of the Tunisian Internet.

But a huge part of the premise of the $100 laptop is that it gives the villager in the third-world access to the Internet, yet neither Doctor Nick nor the waiting acolytes in the press can say "but what if the government blocks their access?", in which case the village child got a $100 western doorstop.

I would also have asked for evidence supporting the article of faith that you can't get an education without a computer - and by evidence, I mean real, peer-reviewed, non-industry-supported, independent research, not an arrogant American metaphor about sharing pencils around a classroom.

This piece of world-wide blue-sky media dog-whistling was nothing more than a publicity stunt.




Wednesday, November 09, 2005

Sony's Rootkit Gets the Go-By From Australian Journalists

By now most people with a vague interest in stories about computers know that Sony tried to distribute copy-protection software with the characteristics of a rootkit with music CDs. The result was that playing the CD on a home PC would install the software; the software would hide itself; and it was difficult and dangerous to uninstall.

What's fascinated me about the story is that it had almost no play in the Australian IT press.

If I look at Google News, I find that this morning (7.15am, October 9, Sydney time) there are around 249 stories posted about the rootkit.


Filter the Google News to location:Australia and the number drops to a mere handful. Just how many is a little difficult to fix because small variations in search terms change the result, but fewer than 20.


At first glance, it looks like it got a run in most publications: The Sydney Morning Herald (http://www.smh.com.), Smart House (http://www.smarthouse.com.au), The ABC Online (http://www.abc.net.au), ZDNet (http://www.zdnet.com.au), Linux World Au (http://www.linuxworld.com.au), IT News (http://www.itnews.com.au), Australian IT (http://www.australianit.com.au), ARNnet (http://www.arnnet.com.au).


However, with only two exceptions I can see, the coverage was entirely syndicated, either from a wire or from international mastheads.


The locals were Smart House and the ABC. That's it.


Now, on efficiency terms, that might seem like a "so what?" After all, there's no reason to rake over the story when the US has already covered it, right?


There are three reasons to give the story local treatment.


1) Was the software distributed in Australia? If the answer is "yes", it gives rise to all kinds of journalistic fun, such as whether the software breaks the law here, what product liability issues may arise, and so on.


2) Sony's attitude to copy-protection has already brought it to prominence in Australia, where mod-chips have been declared legal by the High Court after a long battle initiated by Sony.


3) Some of the wire pieces were nothing more than press release rewrites anyhow, like the wire story saying "Sony hoses down hidden file fears" (a poor choice of syndication since by the time it ran, the patch it referred to had already been found wanting).


As a postscript to this story, the original rootkit discoverer, writing at http://www.sysinternals.com, found that the software was "phoning home" after installation.


Now: Australia has many, many people who are expert in security or privacy, and whose profile ranges between media-savvy and media-tart. Comment was available, local angles were certainly available - only the media, it seems, were not available.

Saturday, October 01, 2005

They Drop Like Flies in Korean Cafes!

It's easy to understand why a daily might give space to a suspect wire story on its Web page: there are too many wire pieces and there's too little time.

However, it's fair to say that the wires have a very, very long tradition of falling prey to urban legend. One of my favourites, "Man Dies in Internet Cafe", has made its annual appearance again, with a wire story spending more than a month floating around and getting picked up by dailies as gospel.

Funny story: I mentioned the mythology to a journalists' Website, who gave it a paragraph. One of the Australian news organisations, or should I say News organisations, went ballistic and the story was un-posted. Well, let them go ballistic at me if they take exception to this post on this blog...

In 1969, the late AP Herbert - a long-time humourist (writing for Punch, I think) whose speciality was making fun of English law - described how his "Negotiable Cow" (a piece of silliness which discussed the laws relating to cheques, and whether a cheque could be written on a cow) escaped via a BBC comedy to traverse the wire agencies and finally land in The Memphis Press - Scimitar as straight news.

More recently - just a couple of years ago in fact - a US county was made fun of throughout the world because it allegedly maintained "Klingon translators" among its mental health services.

This story, again, was a blooper run by the wires. There never was a position for Klingon speakers - it was a programmer's joke which took off on the wires and became an ineradicable belief.

There are still people who run the story along by trying to "document" the scandalous waste of taxes in America because so many public sector organisations are hiring Klingon interpreters.

Here's another which falls into the "reasonable cause for scepticism" category. A couple of years ago, mobile phone batteries all over the world were exploding in pockets. Manufacturers solemnly issued warnings that users should never install after-market batteries (just like "use only Toyota original parts, I guess!), and investigations were promised.

At the time, with CommsWorld still live, I received the "no imitation parts" press release from a manufacturer and promised an exchange: if they could supply a photograph of a blown-up battery, I would run the story.

Not only did I never get the requested photograph, but after a very long time, the story took an unexpected turn. AMTA issued a statement saying that while some fake batteries had been observed to overheat, no batteries exploded, and there were never injuries - at least in Australia.

Actually, a moderately-competent chemist would have sufficed for debunking that piece. "Are there any potentially-exploding chemicals in batteries?" "No." "Oh. Thanks." Or you could ask yourself: in our paranoid world, just how long would anyone be allowed to sell potential explosives as a ubiquitous consumer product?

On to deaths in Internet cafes.

Urban legends on the wires tend to have very predictable characteristics.

They're always located "somewhere else". In recent years (although it's been around since 1981), people have preferred to die of game-playing in South Korea, Taiwan or Vietnam. It's never happened in America, Britain, Australia or New Zealand. Even the geographical details can be hints; in the "man dies" story of two years ago, the event was placed in "Kwanju, 260km south-west of Seoul" - which according to my Atlas moves Kwanju into the Yellow Sea by about 50km (interestingly, but of no particular significance: this year's cafe death happened not only in the same country as the victim of two years ago, but within a fairly short commute. I have to conclude that the southern end of South Korea has very dangerous Internet Cafes.)

The urban legend often involves unnamed characters. Hence we have a victim for whom only the first name is given, if any (imagine the editor asking the journalist to track down someone called Lee or Kim in South Korea!); "police officials" and "government officials" without names, and unnamed witnesses.

Another characteristic is that any additional research adds no facts, only local commentary. The BBC's coverage of this story, more than once over the years, is a wonderful example: every time "man dies" hits the wires, the dear old Beeb suffers corporate amnesia and sends someone to quiz medical experts in Britain, computer games experts, market experts - anything except for confirming the original facts of the story. Well, once the Beeb managed to do a "local colour" piece, and even ran a photo of such astonishingly poor quality that you have to wonder whether someone was stringing them along.

Urban myths love the moral angle: the British have a strange legal system (cheques and cows); public officials are wasting our money; fake phone batteries are dangerous; too much computer gaming is bad for you. Quite often, the moral angle is married to the kind of society where governments believe the media has an obligation to uphold public behaviour.

It's also worth observing that urban legend participants are generally cut-out stereotypes: nobody ever died in a Korean Internet cafe without being an unemployed 20-something who lives at home.

And, of course, the best urban legends happen when the wires crib the local media and get facts scrambled along the way...

Media Advocacy

The question you never ask about a blog is whether anyone's reading it. They're not and they don't, unless of course you proactively point someone at it. Well, I have kids and a job and all sorts of things to keep me busy other than this.
But after a long silence, there are a couple of things which warrant some words, and this is the only outlet.
First, there was this piece of silliness about the matter of "computers in education".
http://newsletters.silicon.cneteu.net/t/81893/642015/71164/0/
Teachers fear computers in the classroom
IT interferes with 'genuine' book-based learning, study finds
By Andy McCue
Tuesday 13 September 2005
Silicon.com
"Schools are failing to take advantage of IT in the classroom as teachers worry computers will interfere with traditional book-based learning, according to a new academic study."
IT journalists work from the presupposition that their job is advocacy rather than journalism. Because they're there to promote the industry - if not individual advertisers, then at least the entire sector - they forget any kind of healthy scepticism.
As a sceptic, I will note the following aspects of this kind of story.
1) Saying "failing to take advantage" presupposes a benefit. The study also gives the impression that all subjects are equal in the face of IT - that is, whatever you're doing, you can do better with a PC in front of the student.
2) The journalist doesn't mention the considerable industry sponsorship behind the study. Does that taint the research? I don't know one way or the other - but it taints the reporting of it.
3) The research came to the stunning conclusion that "creative subjects" "suffer worst" at the lack of computers. Why would a painter, to pick one, be "suffering" without a computer? Why is it a surprise to the researcher?
4) Another revealing quote: "many teachers simply lack the confidence to take the risk of using technology in their subject areas". "Risk" is not an obligation. And, of course, it could be that the teachers themselves are making an informed judgement.
Of course, the naysayers don't get a look-in. It was a single-source story written from the press kit.

Wednesday, June 15, 2005

Grafedia: Conditioning users to insecurity

The press release view of Grafedia is that it's a new social phenomenon.

Fine. I've never held the sort of rosy view of the world which expects a perfectly comprehensive and accurate description of something in a press release. But one of the jobs that media can claim as its own should surely be sufficient knowledge and scepticism to identify the whole of an elephant even if the press release only describes its leg?

Apparently not.


Grafedia, if I were to believe the cargo-cultists and gullibles on the promotional side, is one of those new things that demonstrate the "interface between the e-world and the real-world".

Here's how it works: you see an address written in chalk on the footpath or stuck with tape to the power pole; you use your mobile to send a message to the address; and you get something (like "pop art on the mobile phone", now there's something worth having...) by a return message.

Inspired by nothing more than a press release, outlets like CNN (http://www.cnn.com/2005/TECH/ptech/06/13/cell.phone.markers.ap/index.html), Wired (http://www.wired.com/news/culture/0,1284,66992,00.html), CNet (http://news.com.com/Photos+Grafedia+sightings/2009-1026_3-5694946.html?part=rss&tag=5694946&subj=news) and others have tossed out their critical brains and gone with the "wow" angle.


Umm - getting a message in return for a message hardly seems wow to me, but that's another matter.


Have these guys forgotten that viruses are spread by users who open messages from unknown sources?


Have they forgotten that sending messages to unknown places is a good way to end up on spam lists?


Ignoring for a moment that Grafedia is just another one of those lame attempts at breaking through the marketing noise by painting footpaths, it's really dumb to create a "social phenomenon" whose side-effect is to condition users to behave in an insecure manner.

Sunday, April 24, 2005

News Limited Eats the Fruit of the Idiot Tree

Since we're giving some attention to News Limited outlets, why not this piece of drivel:
http://www.theadvertiser.news.com.au/common/story_page/0,5936,15065935%255E913,00.html
In what might have been an otherwise reasonable story about mobiles substituting for landlines we get this:
"Fixed lines face a further challenge from wireless technology offered by three big players, Unwired, Personal Broadband Australia and BigAir, as well as 80 smaller operators."
Well.
First, the number is wrong. "80" operators underestimates the wireless local loop market by about 50%.
Second, the three big players mentioned are big only in terms of wireless broadband Internet services. By comparison to the Telstra fixed line network, they're insignificant. Totalled together, they've got far fewer than 50,000 end users. Even as ISPs, they're small. As carriers, they're still junior. Calling them big doesn't make it so.
(As it happens, I like the idea of the wireless local loop. Stupid throwaway journalist hype, I don't like).

A Lesson in Ignorance: Don't Even do Easy Research

It's a while since I poked fun at The Australian, but this story is just irresistible.
http://australianit.news.com.au/articles/0,7204,15044655%5E15306%5E%5Enbv%5E,00.html

Avoiding the crime of stealing a story wholesale for the blog, the essence is a very thin piece of information: the long-awaited (by some) Enum trial in Australia is starting at last.

With a very thin press release to go on, the Oz's journalists decided to pad. Padding is fun for a journalist: you get to load a story up with your own assumptions and soapboxes in the name of giving the story context.


Nearly every technical fact and market factoid used to pad The Australian's Enum story is wrong.

Running through them from the top. First, we're told that the purpose of Enum is "to accelerate the uptake voice over IP technology by consumers."

Wrong. The purpose of Enum is to translate ITU phone numbers to IP addresses and back, to produce a single, standard numbering system across VoIP and PSTN phones. Consumers ought never notice it.


The Oz says Enum was developed by the ITU. Wrong again. It is a quite-old IETF RFC.


We're told that Enum signals the start of the Internet phone boom, which is just silly.


"Electronic number mapping will mean the VoIP technology will become as reliable and easy to use as an existing home telephone," The Oz says. Again, nonsense. How the phones call the numbers is irrelevant to ease of use (an Internet phone can already have an identical keypad and dialling behaviour) or reliability (which depends on stuff like broadband infrastructure, gateways, power, and not at all on Enum).


Then we go to the inevitable Gartner analyst: "Mr Johnston said the current business model of internet voice services was priced at 1c to 3c a minute, whether the call was across the street or across the world."


This is wrong. VoIP-to-PSTN call prices are well above 3c per minute for most terminating destinations. Gartners numbers, I will repeat, are just dead wrong. My bet is that Gartner is reapplying a small US call rate data set to the rest of the world, without researching local prices and without the benefit of an exchange rate calculator. And the Oz? Lazy as hell. It's published plenty of stories about VoIP operators, and they mostly put their call rates in easy-to-reach places. But even with two journalists wrapping polystyrene around the press release, nobody could check a call rate to challenge the Gartner mythology.


Next, The Australian tells us that "VoIP ... technology has been used primarily by large businesses and government organisations."


Bulldust. Nonsense. Just an invented throwaway line. VoIP is bottom up; it was adopted by individuals first. Penetration in businesses is, in fact, remarkably low (although growing). Three years ago, to pick an arbitrary date, there was no business VoIP to speak of, just a lot of moderately geeky enthusiasts making Internet phone calls.


"Instead of going through a telephone exchange, calls are switched to and from an internet provider, who then sends them down the internet connection to the home."


The end statement of the story says it all. The Internet connection goes through some sort of exchange (that's where DSLAMs are), but the Oz doesn't know it. PSTN terminated VoIP calls go through exchanges, but the Oz doesn't realise it. The Oz instead prefers to give us the mythical Internet cloud which exists with no other infrastructure at all.


What a stupidly inadequate piece of work: no research, no knowledge, and no analysis of the one interviewee with whom the story was discussed.

Wednesday, April 13, 2005

Take one dead horse, one whip, and one empty space to fill...

This must be the nonscoop of the month ...

http://www.theage.com.au/news/Outsourcing/Actors-union-shouts-cut-on-digital-film/2005/04/11/1113071894581.html
"Actors' union shouts 'cut' on digital film"

Wow, the Herald is up to the mark and racing ahead of time. This is one month old. Not a couple of days, or even a week.

To my knowledge, the story first emerged in the middle of March with a story on Boing Boing, http://www.boingboing.net/2005/03/14/aussie_actors_guild_.html.

It then got discussed for a while on an Australian mailing list.

When it was beaten to death, it fortunately fell into the silty bottom of a Jurassic swamp, got covered by layers and layers of sediment, the calcium of the bones became mineralised, while the long and majestic march of geology created new rocks and mountains, seas dried and lands changed, and finally ...

... the story gets discovered, exhumed, and exhibited as "news" by the Herald; complete with the original Boing Boing angle intact, which says that the actor's union is standing in the way of progress (I'm not so sure about that line. I like free publication and freedom of creativity. I don't like new forms of contract, which is what the Creative Commons license is...).

(I ought to apologise for the long absence. Call it illness, exhaustion, or merely a crisis of motivation (ie, slacking), but the fingers haven't had any words in them of late. Things seem to be back again now, though...)

Thursday, March 24, 2005

Syndicating the Scare Story

From the Associated Press comes this world-syndicated sensation:

"Hackers gained personal information of 59,000 people affiliated with a California university - the latest in a string of high-profile cases of identity theft."

We have here pretty much a full house of tabloid assumptions. Something happened to a computer so it was hackers, and they gained personal information so it's a case of identity theft.

One of the worst things about the invention of the jargon "identity theft" is that unlike the old "fraud" or "obtaining money by deception", "identity theft" can be thrown around willy-nilly. Even when no fraud is committed, you can run the tabloid line.

"Hackers gained access to the victims' names and Social Security numbers."

"We still have no indication that the information was used for anything other than somebody wanting to have illegal access to this server," Wills said. "Typically, on a college campus that can be to download files, music and games. There's still no indication they were looking to take personal information."

Hang on ... ID theft and "no indication they were looking to take personal information" in the same event? I suppose consistency is too much to ask for...

The wire piece then jumps from "no indication" of ID theft to create a forced link to the "big picture":

"Identity theft is considered the nation's fastest-growing crime and last year more than 9.9 million Americans were victims."

It then recites other computer break-in stories.

By the time I wrote this, the story had been syndicated like mad: more than 150 news sites carried the AP story. Dozens of journalists even had the hide to slap their bylines on the piece, although they did nothing to deserve it.


Once you have a piece like this get cred through syndication, the next thing that happens is that a battalion of camp-followers will then jack on the back of the big story – essentially exploiting the news value for their own publicity. The US has replaced "reds under the bed" with terrorists. So it's no surprise that the AP story has now given birth to a clutch of piggyback pieces in which security experts of all kinds try and spook us with stories of terrorism and ID theft.

And all on the back of one trashy syndication from the AP.

Monday, March 14, 2005

Howler of the Week

The Sydney Morning Herald (gee, Fairfax quality control is out the door lately) has this utter gem in a story about a Green's proposal to add Kids Helpline to Telstra's USO obligations:

"The amendment would include the number for Kids Helpline, the only national 24-hour phone counselling service for young people in distress.

"People should know that a fully privatised Telstra will shed this sponsorship in the future. It needs to be legislated upfront so that shareholders know that this is an ongoing community responsibility that Telstra will have," Senator Brown said."

Premise wrong, facts wrong, nobody checks anything do they?

(The link won't work because of the SMH's attitude to subscriptions. Try Google News with Greens Helpline and Telstra.)

Sunday, March 13, 2005

Redefining "Most"

Just a snippet. I have put a fuller version of this on CommsWorld but I find it amusing that Telstra's plan to put in 500,000 ADSL2+ ports has been re-interpreted by the Sydney Morning Herald, here as being ADSL2+ to most households.
Half a million out of eight million isn't "most" of anything. It's just a piece of thoughtless, throwaway hype designed to lend excitement to what was an otherwise mundane reiteration of yet-another story about what a CEO said in a speech.

Saturday, March 12, 2005

The SCADA Cyberterror Beat-Up

One of the more irritating habits of the IT industry in Australia is that US vendors believe they can ship American assumptions over to Australia and apply them, pretty much without adjustment, to their view of the Australian market (analysts do this as well. I well recall that in the 90s, a Gartner analyst told Australians with a straight face that ADSL was no good because it didn't work well on phone lines strung between poles. He apparently didn't travel far enough from the CBD to observe that Australia's phone lines are underground).

This week I noticed that ISS is talking up the dangers to SCADA systems (that is, the industrial control systems which take care of things like power stations, water and gas). It found a ready audience in the Australian here:

""We are going to see a serious outage because of a SCADA attack this year," he says. "It's not a matter of if, it's just a matter of when."

The threat arises because SCADA systems are increasingly being integrated with other business systems over the internet and through wireless technologies."

Well, I'm going to disagree with ISS's local MD, Kim Davies on this one.

First, when utilities in Australia integrate SCADA with business systems, they don't do so over the Internet.

Second, when utilities decide to replace the copper (which they overwhelmingly own themselves, avoiding wherever possible even using leased lines from Telstra), they're doing so by installing their own fibre.

Examples of this include Powercor in Victoria, Ergon in Queensland, and others really too numerous to mention. One of the reasons people keep putting forward utilities as competitors to Telstra is because they already own infrastructure. They're not using the bloody Internet.

Really.

Wireless is another matter. There has been a growth, away from the cities, in small utilities, at the local level, using wireless systems to connect up small plant. But even if that's a vulnerability, it's not the Big Scary Cyberterror that the security people are talking up. The effects are local and manageable.

And those wireless systems are probably not Internet-integrated.

Is there an issue with SCADA? Yes, and quite a straightforward one. If you're going to update the SCADA system, you should ignore what the vendors, snake-oilers and Internet-integrator-sales reps tell you, and keep them on private networks. Forever.

Well, that wasn't so tough, was it?

So why beat-up the SCADA story? Well, you see, there is a special working party set up in the government to look at SCADA (it's holding meetings later this year). Critical infrastructure has heavy government involvement. Vendors see the infrastructure sector as a huge untapped market for stuff like firewalls. And the ministerial advisers generally have a very thin understanding of technology.

If, for example, you tell them that you're using IP, they will understand this to mean the Internet, whether or not there is any Internet connection in existence.

In other words, the vendor community ever since 911 has seen the infrastructure sector as a feast, if only they can get invited to the party.

Beating up a story in the Oz is a pretty good way to get things moving...

Tuesday, March 08, 2005

Keeping the Industry's Secrets

When a segment of the media gets too close to its industry, you get some strange outcomes. One of those is that the press tries to respect the secrets of the industry, instead of trying to uncover and report them.

Over the last 24 hours, the wires have started lighting up with reports of a new malware, Serchmeup, which downloads a slew of exploits into the target machine. The journalists don't notice that the name given by virus experts is the same as another malware that's been around for more than a year, which is bound to create confusion, but that's trivial.

What's not trivial is this: Searchmeup infects users who visit a malicious Website. In other words, the attacker has a URL with a public face, which exists only to slap users with the dangerous download. That site - or those sites - also have IP addresses and registrations and all the other details assocated with hosting a Web site.

So what do the journalists tell us about the sites which are distributing Searchmeup?

Nothing. Not a sausage. Not a single word. They're respecting the secrets of the sources; for some reason, the antivirus companies want to distribute the warning about Searchmeup without telling people where it is so they can stay away.

Even a little curiousity would have been nice to see.

Sunday, March 06, 2005

Correlation Equals Cause

VoIP is one of those hot-button technologies. All you have to do is stick it in a press release, and the media's critical facilities go out the window. Instead, the hacks and proxy publicists will not only run with the press release, they'll also run up a heap of bromides inserted into the stories using the Disruptive Technologies Phrase Grabber.

Hence when Telstra (Australia's incumbent telco) said it's trialling a consumer VoIP service, the press in Australia went nuts. But in seeking to wrap their own commentary around the story, the flacks also tossed reality out the window.

For example:
"The announcement comes as existing VoIP products from relatively small telecommunications players begin to proliferate and eat into Telstra's PSTN voice calls market. Telstra's revenue from fixed line voice calls has been on a steady decline for some time, while its broadband revenue continues to grow." (here).
(My emphasis.)

Stan Beer goes on that:

"In addition to voice over broadband, Telstra plans to offer users enhanced VoIP services such as click-to-call, email notification of voice mail, a self service web interface for management of calls and functions and multimedia services such as video conferencing."

In the normal course of events I don't expect great technical accuracy in how media reports telecomms. But since the Beer Files bills itself as the "most informative" source, let's go hog wild. Voice-over-broadband is not identical to Voice-over-IP, since you can deliver a PSTN service on a broadband connection (as Optus can be argued is doing with voice on its HFC network, or in the business space as PowerTel definitely does with Voice-over-DSL).

Most VoIP services, which Beer says are offered by "small telecommunications players", are arguing long-and-hard to convince the world that they're not telcos. And most of the "enhanced VoIP services" he lists are not specific to VoIP (although I can't blame a journalist for believing years of inaccurate puffery). They are CTI - computer telephony integration - functions, and can be done on non-VoIP environments.

But the howler is in the assumption that Telstra's revenues are already suffering at the hands of VoIP.

Note, by the way, the contradiction in the author's remark: although the VoIP market is a new phenomenon, PSTN revenues have been falling "for some time".

Let's grab Telstra's last results announcement: did the PSTN call revenues fall?

Yes.

Have they been flat or falling for some time?

Yes.

Has VoIP been a competitive market long enough to explain this?

Yeah, right.

The PSTN decline predates the VoIP revolution. The usual explanation is "mobile substitution", and it's no coincidence that mobile revenues are growing faster (up $156 million last half-year) than PSTN call revenues are falling (down $89 million in the same period).

It's fine to think that VoIP is a future threat. To treat it as a phenomenon that's already on the Telstra balance sheet? I doubt it.

Friday, March 04, 2005

Two Obvious Questions that the AFR Didn't Ask

I can't post a link to the story, because the Australian Financial Review is one of those odious subscription-only publications. Well, it's got a rich readership, I suppose...

So instead, I'll give you the gist: private investigators in Australia are complaining that privacy laws are making it hard to collect debts.

This got a bit of discussion on the Link newsgroup, which represents some really good brains, and it became clear that this was an example of lazy reporting.

The nature of the reporting is that given a survey and a spokesperson, you don't need to question the content. Hence two howlers made it to print which really should have been caught.

The first is this:
"As a result [of new privacy laws], millions of dollars in fraud and bad debt are going
unchecked. In the six years to 2002, $22.4billion was written off in bad
debt by companies."

Wrong. As was pointed out by Electronic Frontiers Australia's Irene Graham, there's no difference in bad debt written off by business before and after the passage of Australia's Privacy Act. Looking up the numbers would have taken the journalist a moment, but why bother when it's given out for free in the survey?

But the screaming howler came when a private investigator said he "used to pay $5 to do a "rego check with the NSW Roads and Traffic Authority to confirm the residential address of a "target". Under the Privacy Act, this data can no longer be disclosed."

Roger Clarke - a prominent privacy researcher at the Australian National University - pointed me to this link. It's a directory of reports by the NSW Independent Commission Against Corruption, and among the publications, you'll find the "report on unauthorised release of government information".

The PI was right. Investigators used to be able to get "rego checks" (for readers outside Australia, getting the name and address to which a car is registered) for $5.

It was not, however, an RTA service. It was a rort which went on from at least 1984 to 1991. And it was eventually found to be corrupt under the laws of the time.

Here's a quick pullout from the ICAC report:
"Mr James paid Constable Watharow. Initially payment was on a fee for service basis, with motor traffic information at the rate of $5 per inquiry, and criminal history information $20 per inquiry. Later a retainer was substituted. This grew from $100 to $500 per month." (Chapter 2).

The "rego checks for a fiver" trade died out not because of the Privacy Act, but because 13 years ago it was exposed as corrupt, and a whole host of government agencies had to rework their procedures to stop it happening.

The AFR story rested entirely on two premises: first, that bad debt is rising because PIs can't collect debts; and second, that the Privacy Act is what stops PIs from finding debtors. Both assumptions were wrong.

The journalist need only have asked: "Can you show me the before and after numbers?" and "When were rego checks legal in NSW?" and the PI industry's PR would have been unspun.

I wish I had a silver cup to send the AFR: this could be the howler of the year...

Tuesday, March 01, 2005

Objectivity or Scepticism?

To continue the thoughts from my last post about the bad science of the Global Consciousness Project, the question is: "why does bad science journalism matter?"

The reasons are many, but I'm going to stick to a few, which cluster around one key issue: the public can't make good decisions on bad information.

Who are the heralds of that information? The journalists. But we keep reporting on things we don't understand, pretending that we do understand them, and indulging ourselves in the belief that expertise is not necessary to technical reporting.

Some journalists are disciplined enough not to make fools of themselves.


Some are not: they repeatedly get into deep water because they can't distinguish between fact and hype.


The worst journalists are knaves. They know they lack the skill to assess the facts of a technical story, but they don't care. The GCP story is a case in point: it doesn't matter that the "science" has been repeatedly debunked, the journalist is writing entertainment dressed up as science.


Why worry? Because people then treat the semi-fact as fact, and make decisions based on it.


Why did people believe in the "new economy" for example? Because journalists repeated its tenets so often, even though the balance sheet evidence showed it to be a nonsense from the start.


Often, a journalist's response to being challenged over this kind of story will be to talk about "objectivity", but frankly, objectivity is a crock. Give me, in all kinds of reporting, the position of sceptic: the journalist who demands more than a string of quotes to make a story.

Monday, February 21, 2005

How a Mistake Becomes a Fact

First, you create a story, then you keep it going not by facts or confirmation, but by repetition. And if you remember the infamous "Internet traffic doubling every X days" myth of the late 1990s, eventually anyone who nay-says the original "fact" is the outsider.

When it emerged at the Senate Estimates last week that CSIRO had spent $9 million over four years on a Web site (it had not, but more on this later), the usual suspects had a field day.

The story was wrong; it arose only because a senator repeatedly said that CSIRO had spent the money on a Website. As was transparently clear from the response from CSIRO, the money (spent over four years) went on:

- a new content management system being deployed across the whole organisation (that’s a lot of seats for software licenses, with more than 6,000 staff);

- the Website itself, which consolidates a couple of hundred of existing Websites; and

- the most expensive piece of the puzzle: multi-millions each year on communications links.

According to CSIRO, in response to the gleefully ignorant Labor senator last week, communications cost $1.8 million last year. Considering that CSIRO, as a scientific research organisation, is very hungry for bandwidth, and considering that it’s involved in setting up stuff like 10 Gbps wide-area links, my feeling is that it’s doing an outstanding job of getting value for money on the comms part of the puzzle.

As for the rest: the new content management system, new consolidated websites and so on are costing not “more than nine million” but less than $3 million – over four years.

But the problem is this: the statement that CSIRO is spending $9 million on a Website, wrong though it is, has been made, put in a headline, and it’s stuck there on the public record.

That makes it all right for Australian IT to make this statement:

Government website projects have had a troubled history, with the most recent example being the revelation that the CSIRO's revamped website would cost the agency a massive over $9.47 million by the time it went live in April.”

Wrong. CSIRO’s Website is not costing the agency “a massive $9.47 million”. The story is http://australianit.news.com.au/articles/0,7204,12293815%5E15319%5E%5Enbv%5E15306,00.html"> here.

But it’s on the record, and reciting from some other journalist’s mistake is easier than reading the long and tedious transcripts from Senate Estimates hearings.

In another year's time, this "fact" will have the same currency as the WorldCom "traffic doubling" fact - and it will be entirely the fault of the press.

Saturday, February 19, 2005

Pseudo-Science Reporting: How to Sell Fakery

This is going to have to be broken into a couple of blog entries, because it's going to be long.

On Red Nova, you can find this story about the "Global Consciousness Project", in which random number generators are believed to be predicting the future:

Today's entry is going to dissect aspects of the story itself; I'll follow it up with another entry drawing the threads together.

I haven't reproduced the story in full, but extracts are followed by my commentary in italics.

DEEP in the basement of a dusty university library in Edinburgh lies a small black box, roughly the size of two cigarette packets side by side, that churns out random numbers in an endless stream.
At first glance it is an unremarkable piece of equipment. Encased in metal, it contains at its heart a microchip no more complex than the ones found in modern pocket calculators.
But, according to a growing band of top scientists, this box has quite extraordinary powers. It is, they claim, the 'eye' of a machine that appears capable of peering into the future and predicting major world events.

Who is the growing band of scientists, other than those directly involved in the project? The author frequently refers to respectable outside opinion, but hasn't found any respectable outsider.

The machine apparently sensed the September 11 attacks on the World Trade Centre four hours before they happened - but in the fevered mood of conspiracy theories of the time, the claims were swiftly knocked back by sceptics. But last December, it also appeared to forewarn of the Asian tsunami just before the deep sea earthquake that precipitated the epic tragedy.

Note the disconnected connection; that the sceptics knocked back the claim because they were influenced by the mood at the time, rather than any considerations of science. Not only is it near to a conspiracy theory, it's also a reversal of science, in which every experiment should be approached with scepticism.

Now, even the doubters are acknowledging that here is a small box with apparently inexplicable powers.

Are the unnamed doubters the same people as previously debunked the September 11 story? Who are the converts?

'It's Earth-shattering stuff,' says Dr Roger Nelson, emeritus researcher at Princeton University in the United States, who is heading the research project behind the 'black box' phenomenon.

'We're very early on in the process of trying to figure out what's going on here. At the moment we're stabbing in the dark.' Dr Nelson's investigations, called the Global Consciousness Project, were originally hosted by Princeton University and are centred on one of the most extraordinary experiments of all time. Its aim is to detect whether all of humanity shares a single subconscious mind that we can all tap into without realising.
Very early in the process? The GCP has been trying to produce results that other scientists believe for many, many years.

Although many would consider the project's aims to be little more than fools' gold, it has still attracted a roster of 75 respected scientists from 41 different nations. Researchers from Princeton - where Einstein spent much of his career - work alongside scientists from universities in Britain, the Netherlands, Switzerland and Germany. The project is also the most rigorous and longest-running investigation ever into the potential powers of the paranormal.

Note the irrelevant reference to Einstein: there is no relationship between Einstein's cachet and Dr Roger Nelson. Calling the project "rigorous" is meaningless unless we hear what makes it rigorous; the roster of scientists isn't enough. The story then quotes its first outside source, one Dick Bierman in Amsterdam who is cited as a physicist; but the author ignores that Bierman is also a participant in the GCP.

Next, a little of the GCP's basis is explained: a random number generator which is supposed to produce a flat distribution - an equal number of ones and zeroes. The GCP belief is that deviations from that distribution are inexplicable by "ordinary" science, and therefore must be paranormal.

This has many problems as a hypothesis: the journalist goes to no effort at all to find out whether the basic assumption, that the GCP's random number generator is actually random.

During the late 1970s, Prof Jahn decided to investigate whether the power of human thought alone could interfere in some way with the machine's usual readings. He hauled strangers off the street and asked them to concentrate their minds on his number generator. In effect, he was asking them to try to make it flip more heads than tails.

It was a preposterous idea at the time. The results, however, were stunning and have never been satisfactorily explained.

It was not repeated. Even those "in the circle" dismiss it: the experiment was criticised as useless in the Journal of Parasychology as far back as 1992.

But then on September 6, 1997, something quite extraordinary happened: the graph shot upwards, recording a sudden and massive shift in the number sequence as his machines around the world started reporting huge deviations from the norm. The day was of historic importance for another reason, too.

What external evidence have we of correlation? What evidence that the line was usually flat? Did the journalist view the graphs for a large chunk of the relevant year? Did the journalist view anything at all?

For it was the same day that an estimated one billion people around the world watched the funeral of Diana, Princess of Wales at Westminster Abbey.

A total of 65 Eggs (as the generators have been named) in 41 countries have now been recruited to act as the 'eyes' of the project.

And the results have been startling and inexplicable in equal measure.

For during the course of the experiment, the Eggs have 'sensed' a whole series of major world events as they were happening, from the Nato bombing of Yugoslavia to the Kursk submarine tragedy to America's hung election of 2000.

All these correlations are applied to the graphs after the event. This is bad science: if you can predict where you're hitting the golf ball, and the prediction works, that's science; if you hit the golf ball and then say "that's where I meant it to go", it's not science.

Also, the journalist has not asked about the periodicity of fluctuations: what is the normal repeat rate of the wave? Where is the proof of correlation between different devices?

This is a particularly important point: if there is some observable "waveform" in the deviation of the random number distribution, it proves only this: the numbers aren't random.

I'll skip the next section, in which the journalist relates claims that the "eggs" predicted September 11; because it adds no new information.

To make matters even more intriguing, Prof Bierman says that other mainstream labs have now produced similar results but are yet to go public.

'They don't want to be ridiculed so they won't release their findings,' he says. 'So I'm trying to persuade all of them to release their results at the same time. That would at least spread the ridicule a little more thinly!' If Prof Bierman is right, though, then the experiments are no laughing matter.

The entry of conspiracy theory always arrives in these kinds of stories: the evidence exists but the mainstream is covering it up.

They might help provide a solid scientific grounding for such strange phenomena as 'deja vu', intuition and a host of other curiosities that we have all experienced from time to time.

They may also open up a far more interesting possibility - that one day we might be able to enhance psychic powers using machines that can 'tune in' to our subconscious mind, machines like the little black box in Edinburgh.

A new premise is introduced as established fact: stating that machines could enhance psychic powers presupposes that such powers really exist. This is a con-artist technique - since the black box exists, things related to the black box exist.

There's nothing in the rest of the text worth discussing. Next, I want to draw out the principles behind this kind of journalism - because it infests much more than pseudo-science writing.

Thursday, February 17, 2005

Flogging a Dead Angle

Unwired has killed its VoIP trials according to AustralianIT.

Why am I not surprised? Because pretty much the same news was given by the same source last December.

Here is the premise for yesterday's story in the Oz:

"WIRELESS internet provider Unwired has killed off a planned voice over IP (VoIP) offering for its Sydney broadband subscribers.

Announcing the company's financial results, Unwired chief executive David Spence said that it made more sense to provide a prioritised packet service for users of soft VoIP services such as Skype and Engin than to continuing developing its own application."

Last year, the Oz said:

"WIRELESS broadband provider Unwired has abandoned a public voice over IP (VoIP) trial that had been scheduled to take place this month."

The only difference is that this time, the company confirmed what the company didn't deny last year...

There is another angle to all this, though: VoIP was mostly an invention by the media anyhow.

When Unwired went live last June, its CEO told the assembled media that it would consider offering voice services - but he did not say "VoIP". What he said (I was there and I'm quoting from my own notes from the press conference) was this:

"Spence played down both the timing and the nature of the voice services, saying only that some kind of voice offering would be on offer by year-end. Voice, while bundled, would almost certainly be delivered on extra bandwidth rather than “riding” on a customer's existing service."

Unwired at that time seemed to have a better opinion of offering a competitive PSTN product than a VoIP service (no matter the underlying technology). It talked about trialling services, but it wasn't committed to those services being VoIP.

Since then, nearly every statement Unwired made about voice services tried to damp down the VoIP angle. Hence, in talking to ZDNet last year in October , VoIP was stamped on the story by the author, while David Spence only talked about "voice".

Earlier, in August, ZDNet took the VoIP angle this way:

"Spence said the company was currently in negotiations with local carriers to connect its wireless network with public telephone exchanges and acquiring number ranges to be allocated with the service."

Here...

Notice the reference to "number ranges"? That suggests a PSTN service to me, but the VoIP angle was irresistable even though the interviewee didn't say "VoIP".

VoIP, you see, doesn't have number ranges as such.

But the author has his eye fixed on the VoIP angle, and will reiterate it at every opportunity, force-fitting the angle to the quote.

To nutshell the problem: it no longer matters what underlying technology a carrier uses to deliver voice calls. If the phone can (a) take incoming calls from any phone, and (b) make outgoing calls to any phone, then it's a phone service. There's really only one country which is dead set on an artificial distinction between phone services based on transport - and that country is the US.

Unwired certainly would never have bothered much with trying to out-Skype Skype. Why would it? It needs to make money; a VoIP client doesn't generate revenue; and anyway, Skype users can call other Skype users on Unwired just as easily as on any other Internet service.

If Unwired was/is considering telephony, it wanted either a value-add to make its network more attractive (in which case a Skype lookalike is a dead-duck), or it wanted paid calls (even at a low rate), in which case a Skype lookalike is a dead duck.

The Optus balance sheet tells you what's attractive about voice: money. It's the economy, stupid...

Wednesday, February 16, 2005

ComputerWorld Columnists, Again

Another week, another filler column from ComputerWorld which puts forward silly suggestions based on an insane premise. If ComputerWorld fields aggrieved that I'm picking on it, it should make itself a smaller target...

This time, the columnist (Frank Dzubeck of Communications Network Architects, whose Website says "Index of /") asks "Can the Internet Ever be Trusted?" and calls for the formation of a Trusted Internet Group just like the doomed-to-fail Trusted Computing Group;
here.

I won't dissect the Trusted Computing Group in detail, because that needs a few thousand words.

Let's answer the "can the Internet be trusted" question first: No.

You can't trust the Internet, and you never could. That's not because of the particular problems - insecurity, spyware, phishing and so on - but because the Internet is far too abstract to be trusted.

You can only give someone trust based on knowledge and judgement, and for most people knowledge and judgement about "the Internet" is too remote to form the basis of a decision about trust.

Trusting "the Internet" is simplistic and irrational, and a new high-tech fix won't change that.

The question is: whom and what can you trust? The answer: Knowledge and process.

I'll start with process first, because it's the part that "the industry" (a nebulous thing at best) controls. The problem with Internet commerce in 2005 is that too many companies have created inadequate processes; they've then encouraged people on the basis of "trust in the brand" to use these processes for commerce; and finally they've abused the processes to make them untrustworthy, all while jacking up at any suggestion that things aren't just rosy in the garden.

To take a bank as an example.

The only way to trust a bank's process is if the client software can only talk to the bank's servers. Anything else is vulnerable, regardless of the presence of specific exploits. Banks decided that convenience was more important, so they wilfully created browser-based banking even though they knew it was less secure than "own client" banking.

"The Internet" is not at fault - it's the process that's broken.

Banks then - frequently - write the browser software so that it doesn't show the URL in the address bar (undermining the "knowledge" part of the trust equation). A bank which writes its software this way is teaching users to trust in the absence of knowledge - which is so irresponsible it beggars description.

Then, in the name of cheap communications, banks routinely use e-mails to put sales pitches in front of their customers, and routinely use links from the e-mails to their product sites - and have kept doing so even after the phishing scams became widespread.

This encouraged people to put their trust in bad processes - but it's not "the Internet" which is at fault and it would not be fixed by a "Trusted Communications Group".

As a member of the Link mailing list said, if you say "Can the Post Ever be Trusted?" you quickly see how stupid a question is posed about the Internet.

To propose a solution which removes knowledge and responsibility from users, and which at the same time relieves participants from the need to create good process, is beyond stupid. And to propose that yet-another industry cargo cult can push out the answer on parachutes?

That's not solution, that's just more problem.

But what would I expect from a network consultant with a slash for a home page?

Friday, February 11, 2005

VoIP didn't kill Telstra, Again!

One of the fondest bits of the telco journalist’s utopia in Australia is that there’s a technology just around the corner which will destroy Telstra.

Telstra is about as popular in Australia as Microsoft. The enthusiasm for “get Telstra” stories is so strong that it overrides any consideration of factual rigour.

The story de jour is from Gerry Barker of the Age.

"As Telstra is groomed for its final leap into full privatisation, its biggest cash cow, the vast fixed-line public telephone network, is under threat. On one hand is Voice over Internet Protocol, VoIP for short, which promises calls to anywhere in the world for as long as you like, all included in the monthly broadband internet charge."

(http://www.smh.com.au/news/Breaking/Fixed-phoneline-business-under-threat/2005/02/09/1107890275785.html?oneclick=true#)

The caveats on "free" calls are too broad for me to deal with comprehensively, but: VoIP services only offer "free" calls to other members of the same network. PSTN termination has to be bought. And many of the broadband phone services charge their own monthly fees in addition to the broadband charge, and many or most VoIP services offer no indialling from the PSTN.

"VoIP is now cutting thousands of dollars a month from phone bills for big corporations, including banks, municipalities and the Victorian Government."

True, but the internal use of VoIP for the PABX has nothing to do with the consumer's use of VoIP. Corporate VoIP doesn’t much erode the PSTN – it erodes Frame Relay, which is right now the most common way to interconnect dispersed PABXs.

The author then tells us that VoIP is difficult because it involved "converting a sound into packets of data that are sent to the internet, routed through various servers, reassembled at their destination and converted back into sound."

That's the easy part. We've been digitising voice on the phone network for decades (OTC engineers were very excited at the first digital exchanges in the early 80s).

What makes VoIP difficult is not the transmission, but trying to replicate the stability and ubiquity of the PSTN.

Then we have the obligatory Skype worship. Skype, says the author, "allows computers to connect to telephones".

Mostly, not.

Most Skype conversations are between computers, with the SkypeOut service (allowing you to buy PSTN call minutes) brand-new. And whom do you think gets money when you buy a Skype call to a Telstra phone? Some of it goes to Skype, some to the minutes reseller in the middle, and some to…

Yep. Telstra, again.

Even if you make a “free” call on VoIP, the carriers will get something: money from the ADSL link, or perhaps Internet transit fees for the ISP traffic.

Of course broadband will erode "fixed line telephone" revenues, but consumers will still need some way to get their packets onto the VoIP network. That's going to mean, for most Australians, an ADSL connection over the copper customer access network. That network is mostly owned by Telstra - which means it will derive revenue from VoIP, because customers will have to pay for their ADSL service.

"Telstra is expected to have its entire network equipped to handle VoIP traffic by the middle of this year."

Wow. And to think that 1997 demo at Netcomm used the Telstra network with no Telstra enablement whatever…

(PS: if you want to run VoIP, read the Skype EULA first. Then go and sign up with someone who doesn’t want to own your soul…)

Thursday, February 10, 2005

VoIP Security: the Story Overlooked in the Rush to Reprint the PR

When the VoIP Security Alliance was formed, the press release put (as Puck might put it) a girdle around the earth several times over.

And with the ready-made news story right there in the wire filler, nearly nobody saw any need to add value to the story by noticing that Skype and Vonage, the biggest brands in VoIP, have left industry standing at the altar like abandoned bridegrooms at a Moonie mass wedding.

Wired was the exception here: it spoke to the two VoIP firms, got their dismissal of the need for VOIPSA down and reported them, and left it at that.

Other than Wired, though, IT journalism worldwide was more or less content to stick with the simplistic. Going no further than the VOIPSA media release, which mentioned VoIP spam and eavesdropping, the top-and-tailers of the IT press view went no further.

This also means they were happy to take their lead in punditry from these two examples of threats; they assessed the need for VOIPSA according to their view of eavesdropping and VoIP spam, and looked for nothing more.

But the worst of it was the way the race to post the syndicated wire piece gave the world a nearly instant single view of VoIP security and VOIPSA. Around 60 stories were visible to Google News this morning; most of them identical and, through no fault of the VOIPSA press release, promoting a restricted of VoIP security.

Wired demonstrated that it wasn't that hard to call Vonage and Skype and get their comments; although the reflexive love for VoIP meant the Wired story didn't reflect much in the way of hostile, or even difficult, questioning.

Still, because it was the best of an otherwise inadequate bunch of reports, the Wired story is here:

http://www.wired.com/news/technology/0,1282,66512,00.html?tw=wn_tophead_1

Certainly more worthwhile than any press release reposts.

Wednesday, February 09, 2005

New Scientist Suckered by "News to Me" Syndrome

One of the most fatal traps for the journalist to fall into is "news to me": where someone considers a story as newsworthy because they hadn't heard of it before.

It's a particular vulnerability of anyone writing about technology, because tech journalists come to the story expecting it to be new. The very first thing the new IT journalist needs to learn is that most of it isn't news; it's just that they haven't seen that particular slideshow before.

Most of all, though, you get "news to me" syndrome when people outside, or on the periphery, of IT dip a toe into a story that sounds interesting, or listens to a phone call from someone, and they lack the background to nip the "news to me" syndrome in the bud.

It gets really sad - tragic and inept - when "news to me" bites a credible source, only to result in other news outlets recycling old news because one news outlet did so.

Here's the "news to me" syndrome in spades from no less a source than New Scientist:
http://www.newscientist.com/article.ns?id=dn6968
...in which the author hasn't heard of Zombies before (that is, virus-hijacked home computers being turned into spam sources), so he writes it up as "news" because some self-publicist (in this case Spamhaus) says it's news.

It's a story at least a year old, as this source from CNN clearly demonstrates:
"Your computer could be a 'spam zombie'
NEW YORK (AP) -- Next time you're looking for a culprit for all that junk mail flooding your inbox, have a glance in the mirror.
Spammers are increasingly exploiting home computers with high-speed Internet connections into which they've cleverly burrowed."

(Published in 2004; link at http://www.cnn.com/2004/TECH/ptech/02/17/spam.zombies.ap/)

But, of course, New Scientist is a credible source, so if NS gets suckered by the "news to me" syndrome, all judgement from all sources goes out the window. Hence this CNet News piece:
"Zombie trick expected to send spam sky-high
Published: February 2, 2005, 11:25 AM PST
By Dan Ilett and Jim Hu
Special to CNET News.com
Spam levels are about to skyrocket, according to experts who warned this week that spammers have developed a new way of delivering their wares."

What's really sad about this is that CNet already knew about zombies, at least a year ago. So it's been double-whammied: not only did it not notice that the "news" story from New Scientist wasn't news, it didn't even notice that it had already been running stories about zombies.

The supposed news was that zombies are learning to spoof the address of the mail server at the ISP, rather than using the mail address of the home machine as the "from" address for spam.

Nonsense; this isn't news.

Spoofing isn't new; choosing the address you spoof isn't new. Nor is the discovery of a mail route any particular rocket science. Nor does it need any esoterica about getting the virus to "send a network query to the ISP to discover the address of its mail server".

Here's the easy way to discover the mail route between the spammer and the zombie:
1) infect target computer;
2) the first message the target computer sends is back to its source;
3) analyse the return message to retrieve the ISP's mail address.
Step (3) could easily be automated.

So: have we a new development? Not particularly. Have we news? No. It's just that New Scientist, which is not an IT magazine and never will be (it's a great science title, I love it, but it's not an IT rag) didn't have the onsite skills to tell the difference between "news" and "news to me".

It would be easy to criticise Spamhaus for deceiving New Scientist, but that's a bore. Spamhaus was merely playing a PR game; one of the many tasks of the journalist is to pin the balloon. If you can't, you aren't in the game.

Monday, February 07, 2005

A recipe, and a reason for it.

My own recipe for pancakes is seriously "gold code", having been the Sunday breakfast for about 15 years. It only fails for people who can't follow four-step instructions.

Put two cups of plain flour and four teaspoons of baking powder into a food processor, and spin it for about five seconds.
Put in two eggs, run the food processor for about 15 seconds.
Put in a pint of buttermilk (Australian buttermilk works better than English, I know from experience in both countries), whizz for about 30 seconds.
Cook on a not-too-hot frypan oiled with Canola spray. How thick and large you like your pancakes is your own decision.

The reason I mention this is because you can substitute sour skim milk for the buttermilk, if you're in the wrong country or if there's no buttermilk on the supermarket shelf.


Of course, in the era of Internet refrigerators, you'd be in real trouble because there's no more sour milk, as this author writes:


Soon the family refrigerator may read the RFID tags of its contents, then alert you to fetch another carton of milk, toss an out-of-date product or cut back on cholesterol consumption. In Italy an appliance maker has designed a washer that can read RFID-tagged garments and process them accordingly. "It's going to be huge for industry," predicts futurist Paul Saffo. "RFID will start to arrive in 2004, and it will unfold over a decade, and we will wonder how we ever lived without it." (Time Magazine, 2003)


A shill? Maybe, but a shill given the imprimatur of Time Magazine a little while ago.
(For those who see Time as the epitome of disinterested journalism, I will remark that Texas Instruments was very pleased with this story as an example of media placement.)

I really wonder if the journalists who crib these sorts of examples from industry press releases, or run them as quotes from conference presentations, understand how stupid it sounds?


Underneath a superficially-plausible scenario is a set of assumptions which renders the whole idea into comedy - but the combination of a triumphalist view of technology (rampant in IT journalism) and a blinkered mindset which can't see the assumptions means an uncritical and positive press for what is, objectively, arrant nonsense.


The cargo cult of the reminder refrigerator assumes:


- that someone too dumb to read a use-by date will have their lives changed by showing it on a screen instead of on the package;


- that someone too forgetful to remember the milk will change their ways because the refrigerator told them to buy it;


- that refrigerators store only packaged goods with a manufacturer's use-by;


- that the use-by date is a binary (the milk expired at midnight!);


- that the use-by date suffers no dependencies except the product's time spent in the home refrigerator (arrant nonsense - take a look at an overstacked freezer in the supermarket one day);


- that the support infrastructure exists and can be trusted;


- that there's no variation in the contents of the refrigerator from one week to the next, nor any need nor opportunity to select between different brands (what boring lives these visionaries must lead!);


- that there's no supply-side variation in product availability;


- that tag data will remain static; and


- that there's no use for sour milk (see the recipe above).


Because the assumptions go unchallenged, the "use-case" survives.

It's a revealing commentary on the lives of the futurists, the marketing genii driving development, and the writers who fall for it all: what we see is a bunch of male geeks, academics, marketing wonks and tech writers who, to a man, are so inept that they can't buy milk without Mumma Fridge's help. Not only do they fail to see the indignity in this, they work hard to bring it about.

To me, and most certainly to my slow-food enthusiast wife, the "RFID Refrigerator" is a classic case of functionality without utility.


Even if the technology does what its shills tell us, that functionality has no relevance to our lives.


The Cargo Cult
Whenever the IT media is pushing functionality-without-utility, you can bet it's because the utility exists not for the consumer, but for the industry.

The RFID refrigerator is a good example: it needs a huge support infrastructure provided by the IT industry. It needs ubiquitous tagging; those tags need huge amounts of software with vast development consulting among customers; it needs lots more silicon in lots more places; it would create an eternal demand for support services.


In short, the RFID refrigerator is a story cooked up and endlessly hawked around the media for the sole purpose of selling not the fridge, but the rest of the stuff wrapped around it.


It matters not at all that consumers will lose rather than win.

People buying refrigerators will be asked to give up:

- privacy (by accepting ubiquitous tagging);


- autonomy (Mamma Fridge nagging me about the milk);


- freedom of choice (I'll bet that the automated fridge restocking services will be favoured with exclusive contracts with premium brands);


- information (one of the great ripoffs of Internet shopping is the frequent pretence that the e-tailer is the cheapest option);


- personal freedom (because once you start putting software in consumer products, you start replacing "ownership" with an EULA).


Moreover, the fridge depends on consumer-side infrastructure. It needs access to the broadband connection (more Ethernet or WiFi to sell), security from the Internet connection (more firewalls and more software), and so on.


To examine a few of the assumptions I listed earlier, in terms of "benefit to industry":


-
that refrigerators store only packaged goods (an industry benefit, not a consumer benefit);

-
that the use-by date is a binary (an industry benefit, not a consumer benefit);

-
that there's no variation in the contents of the refrigerator from one week to the next, nor any need nor opportunity to select between different brands (an industry benefit, not a consumer benefit).

Moreover, any change in tag data which renders today's use-by inoperable generates income for the industry.


All of these things are to the benefit of the industry, but not to the consumer. Nearly all of them would cost money for a "service" which falls somewhere between incremental and useless.


In other words, the consumer is being sold a shiny gadget, the refrigerator, as a distraction from what he or she is losing.


The thing is it's so easy to think of the downsides of the cargo cult. Here I am on a Sunday morning in Sydney, knocking off lists of "what's wrong with the idea" in a few minutes while my wife takes a shower.


Any journalist who can't manage to think of these things without help is stupid, lazy, or glare-blind.


Wednesday, February 02, 2005

Editors Need to Control Even Their Contributors

Well, well. The very thing I like most about Mozilla, its security, is according to a Jupiter Research dude writing for ComputerWorld (here: http://www.computerworld.com/securitytopics/security/story/0,10801,99142,00.html)
its biggest problem.

I've been using Firefox myself for ages, having finally swapped from Netscape and being a long-time IE refusenik.

However, that's the home persona. At various offices, I've had to live with IE because of IT departments which (quite correctly) run "no downloads" policies.

The central premise of the Jupiter article is that you can't use the browser as the access point to other applications if you can't run ActiveX controls (or more likely, if you've spent a bucket on developing your own in-house ActiveX controls, you don't want to have to replace them).

Well, it's about time enterprises had to rethink the "browser for everything" attitude.

The only reason people en masse made Port 80 the default for application access was convenience: if you wrote a proper client to access applications, you had to put in the work; and moreover, the proper client might need its own path through the firewall. Instead, people were stupidly encouraged to make Port 80 carry everything - ensuring that it's well-nigh impossible to secure Port 80.

Microsoft was the cheerleader in this (well, Microsoft and a bunch of journalists and analysts who don't put "is it secure" at the top of their quiz-list).

Firefox (which had the author done some research can run ActiveX via a plug-in) is more secure because it gives users more fine-grained control over what the browser can and cannot do; security at the cost of convenience. A good thing.

So much for the technical thumbnail. What really interested me was the undeclared authorial interest in promoting Microsoft.

Check this URL:
http://www.jupiterresearch.com/bin/item.pl/research:concept/1093/id=95525/

You get the picture? The author's expertise is telling Jupiter's customers how to align themselves with the Microsoft vision. "Jupiter's Microsoft Monitor Research Service helps vendors prepare for market opportunities created by new Microsoft initiatives."

When I posted about a Vunet story a couple of days ago, I wrote about access - if you can't get access in a media-managed spin-doctored world, you'll never get the scoop. And even if the scoop is a staged interview, that word "exclusive" is still good for the eyeballs.

Well, the same is true for an analyst - even more so, because access is one of the foundation stones of the analyst's billable hours.

Is an analyst depending on access Microsoft's plans and futures going to write in favour of
Firefox? Not on your nelly - even if the premise, that ActiveX is Good for Everyone, is so silly as to inspire laughter all the world over.

So the analyst wrote a column, and the interest was there for all to see with just a little Googling.

The astonishing lapse is on behalf of ComputerWorld in the US.

Here's a secret: an editor can always take a contributed article and throw it back at the author. I know this, because I've done it myself; and some of the editors I've worked with are the misery of any contributor who tries to please them.

To let twaddle like this article, thinly argued on a shaky premise, through without anything but correcting the spelling and punctuation, is an inexcusable lapse of judgement.