Discourage junk mail by encouraging worker revolt

Friday, Oct 2, 2009 8:06 am
William Barnes

office_panel_8

This is a brilliant idea. It is a 16 page booklet that you put in the postage paid reply envelopes you get with junk mail. The booklet illustrates how to start a worker revolt. Eventually, the manuals will be tucked away in the cubicles of junk mail companies around the world. Dissent will slowly build and then one day the workers will unite and, in accordance with a single plan, overthrow their evil junk mail sending masters. I assume.

Read the booklet

Two ideas someone should steal from me

Tuesday, Sep 22, 2009 7:48 pm
William Barnes

I’m never going to get around to creating these web services myself, so somebody steal the ideas and do it for me… and send me a cheque if it works out for you.

Request a VCard by Email

A VCard is an XML (I believe) file that contains information about you (a virtual business card). It could contain things like your name, email, phone number, picture and address. I was thinking that it might be useful to have my phone number on my website, but I don’t like the idea of just listing it for anybody to copy down. This is where my web service comes in. I create a VCard at the website and place a link to it on my site. When a visitor needs my phone number, they go to this other website and enter their own email (free email addresses would probably need to be banned). The VCard is emailed to them. This would allow somebody to get my number easily but, in most cases, also let me know who is requesting it.

The other one

I forgot what it was. Honestly, I knew what it was just a few minutes ago. We got new carpet put in the house and I’m fairly certain that it is frying my brain. The whole house smells like a carpet store and I’ve had a headache and allergies for days. Maybe it will come back to me if I sleep a bit. ‘Tis late. I’ll probably remember the other idea when I’m driving on the highway and can’t write it down.

Graduate Guess Who

Sunday, Dec 28, 2008 12:18 am
William Barnes

hasbro-guess-who

Guess Who is a game where each player has a board with a bunch of pictures of people with different features. Each player draws a card with a picture of one of these characters on it and by asking question about the features (“Male or Female?”, “Does he have red hair?”, “Does he wear glasses?”) they try to guess who the other player drew.

Do this with college graduation photos and you have a wonderful gift to give to a graduate.

Owning your network

Thursday, Dec 11, 2008 12:47 pm
William Barnes

I know I’m not the first to lament the imprisonment of our social graphs. It was quite a trendy topic last year and last year I came up with a solution (only semi-original). Listening to the last episode of Net@Nite, I heard Amber and Leo hit quite close to my idea (then veer off) so I decided to write it down. I don’t claim that it is totally original–Google, Facebook, Google, and Google have come up with similar-ish ideas–but I think the scope is somewhat broader than they have in mind. All of these solutions still leave your data walled up on their servers.

The Problem

The basic problem is that I have accounts on countless social networks. I have Facebook, MySpace, LiveJournal, Digg, Twitter, Pownce, Jaiku, Flickr, and tons more that are abandoned completely. I have at least two websites. On each network I have different groups of friends, different profile information, different statuses. I’m in high school on some, undergrad on others, and law school on a few. Each one likely has a different email address for me. This is my online identity. I’m the digital equivalent of a schizophrenic. And I’m sure it’s not just me. No doubt there are few people out there who have only a single social network, but there must be enough that have too many.

The further problem is that according to Facebook I have 200 or so friends. Most of these people are probably also on other networks, but I don’t know that. I have no way of moving my list of friends from one site to another. If I leave Facebook, then I lose this list. I have no control over something that is inherently mine (this was the trendy topic of last year: ownership of your own list of friends).

Solution?

A lot of the work towards a solution has already been done. OpenID, Google Friend Connect, and Facebook Connect allow you to login to other sites with a profile established someplace else. There exist open standards for transmitting friend information like XFN and FOAF. But it’s not enough.

Central Identity

First, you need a central identity site. With good standardization, this could be hosted by anybody. It could be your Facebook profile, MySpace, Google, or some other service that pops up. And if you’re the sort who likes lots of control over their identity or just likes to play, you could host it yourself with some open source platform that would surely pop up. I will refer to the URL for this site as your CI. So, for example, my CI would be something like ‘webarnes.ca’ or ‘facebook.com/profile.php?id=28116640’ (I’m sure Facebook could come up with a prettier URL).

Your CI has to have tools for managing your friend list and your profile information since it’s going to be the location where the authoritative version of your graph is stored. It should have a display of activity on your different networks (like FriendFeed). So when I log in to my CI, it should inform me about wall posts on Facebook and @replies on Twitter. Some of the networks will be complex enough that I have to go there to use them, but I want a central dashboard to let me know when I need to go.

Signing up

When you sign on to another social network, you should have the option of making it your CI or making it subservient (a more PC term might be more appropriate) to a CI hosted someplace else. So assuming I’m using ‘webarnes.ca’ to host my CI and I want to sign up for Facebook. I tell Facebook where my CI is and we do that little handshake that you should be familiar with if you’ve used OpenID or Facebook Apps. My CI gives Facebook permission to access my profile information (and I should be able to select exactly what I want to share) and lets it download an XML list of my friends (all identified by their own CIs). Facebook goes through its database to find out if any of my friends have accounts and automatically adds them. In theory, my friends should have me listed as friends at their CI, so it shouldn’t even require authorization.

Now I’ve signed up, filled out my profile and added my friends in half a dozen mouse clicks and a line of text. What next?

Finding friends

Let’s say I find a friend on Facebook that I haven’t met elsewhere. I add him, he accepts (his name is John Smith). Facebook then pings my CI with this new information. My CI adds this new guy to this list and then starts contacting all the other social networks I’m a part of (it knows this because I linked them at sign up). Soon John Smith is added to my friends list at Flickr and wherever else. The way this works could be customized by different CI hosts. Perhaps I want to log in to my CI and selectively add John to only MySpace and LiveJournal; I don’t want to add him on Twitter perhaps. There might be some networks–like Twitter–where you don’t necessarily want to add everyone you know. That should be possible.

Blogging and status-ing (for lack of a better term)

Streams of information on different sites could be published as RSS feeds. They could be pushed to your CI and disseminated to your other profiles. A status change on Facebook might also change my status on MSN or MySpace. A blog post on WordPress would show up as a note on Facebook. Ideally comments on all of these would be synced back to my CI (because it is so very annoying when people comment on my Facebook notes instead of on the original blog post). There would be some privacy issues to work out, I’m sure, but it could be done.

Summary

This probably won’t happen. It’s too complex for most people. But it could be done behind their backs. Why should I have to confine myself to Facebook because most of friends do? My Facebook profile could easily be a mirror of a profile someplace else. Facebook would compete by providing the best central identity site. I really wish it would happen.

I apologize if this was a bit rambling. I might post some more ideas in the future that are more in depth and clear. I just felt the need to write something about since I’ve been thinking on it for so long.

Image source: terinea

DNS Spoofing

Saturday, Aug 16, 2008 8:29 pm
William Barnes

I have been thinking about the big deal in security at the moment: DNS spoofing. Everybody, it seems, is all caught up in trying to figure out how to add more bits. They want to make DNS replies harder to spoof.

It seems to me that they are missing the problem. The problem is the way DNS servers handle in-bailiwick additional records. If I request an NXDOMAIN from an ISP, I can be reasonable assured that a request will be made by the ISP to Google’s nameservers (which are probably already cached). I can then spam the ISP DNS server with fake replies hoping I stumble on the right combination of port and transaction ID. My replies will include a record for my NXDOMAIN and also an additional record giving new IP address for Google’s nameservers. From then on, the ISP will turn to my provided IP rather than Google. Eventually I can provide it with fake records for www.google.com and other useful subdomains.

My question: why should the ISP overwrite the information it has already cached? Additional records should be ignored unless they are needed for the current query (as in the case of glue).

I know this doesn’t prevent DNS spoofing, but it does significantly lower the value of the attack. You may be able to plant a record for as7230hf.google.com, but you won’t be able to overwrite their nameservers.

Maybe I’m missing something. Maybe there really is a critical reason to allow a nameserver to tell you that it isn’t where it is. But I don’t think so.

Improving Tabs

Sunday, Jul 6, 2008 2:00 pm
William Barnes

Tabs are great. Nobody wants to have a window for every document they currently have open. However, they’re not perfect. Every implementation I’ve ever run across has the same flaw: when you have too many tabs they scroll off to the side. This is especially annoying when editing source code. I often have 10 or so files open at once, but Quanta’s tab bar will only display about 5 or 6. So when I want to switch files, I have to click the arrow multiple times until the tab I want scrolls into view. Annoying.

Tabs Before

Here’s my idea:

Instead of having buttons to scroll back and forth, have a button that extends the tabs vertically. So if you have three times as many tabs as can be displayed, it should show three rows of tabs. The extension should float on top of the document rather than resizing the chrome.

Rows of tabs

I used Firefox as an example because I figured it would be most familiar to potential readers, but this could (and maybe should) be used in any tab bar implementation.

I should also note that Firefox has a little vertical arrow that gives you a dropdown list of your tabs. This is ok, but it means a second kind of UI element for users to interact with and eventually, you will run out of vertical space as well. Plus, I find it more tiring to move the mouse vertically than horizontally. Maybe I’m just weird.

Why a bandwidth cap won't work

Sunday, Jun 29, 2008 1:41 pm
William Barnes

Background

ISPs pay for capacity. They pay to have the ability to deliver a certain amount of data per second. They do not pay for the amount of data transferred. If an ISP is capable of transferring 1Tbps (terabit per second, to pick a number) over its network, then its costs are the same whether it transfers 324,000TB (terabyte, as data is measured in bytes whereas transfer is measured in bits for marketing reasons) or 1MB. So an ISP is not primarily limited by the amount of data it can transfer, but by how fast it can transfer that data.

The problem comes in when ISPs oversell their bandwidth. They have made the bet that not everybody will want to download at full speed at the exact same time. So while our hypothetical ISP has a capacity of 1Tbps, it may actually sell 10Mbps to one million customers for a total of 10Tbps. Now, this works out. Most people use the internet in short bursts. They download a web page, or they download a file which takes just a few minutes. But then you have the people that ISPs call bandwidth hogs. These are people that download huge files all the time. If one tenth of hypoISP’s customers do this, then none of the “regular” customers will be able to reach full-speed.

Response

To counter this, ISPs want to introduce caps. Caps would discourage users from downloading constantly because they would then reach their limit before the month is up.

Better Response

Caps are short-sighted. They try to reduce the impact of heavy users by making them use less, but the problem is not the amount people download. ISPs are not reaching their practical limit (imposed by their maximum speed) and probably never will. The reason: peak hours. Most people are online during the day and the ISP has to have enough bandwidth to supply the peak demand at that time. During off-peak hours, the ISP has plenty of unused capacity.

Rather than applying a monthly limit to the amount you can download, ISPs should enforce rules to discourage bandwidth hogging during peak hours. To manage their network in the long-run they should be trying to encourage good habits in their consumers. This isn’t served by monthly caps. If I have a limit of (let’s say) 60GB, I will download whenever I feel like downloading (and I will probably overuse at the end of the month).

A few ideas

  1. Have a cap that only counts during peak hours.
  2. Have “happy hours” at night when usage is lowest
    • During happy hours the ISP could increase the maximum speed to compensate for the loss of daytime downloading time, for example: if you have a 10Mbps connection, you can get up to 20Mbps overnight
    • Make a speed increase dependent on bandwidth use during peak hours: you only get the speed boost if you used less than 500MB during peak time