Subscribe to
Posts
Comments

Archive for May, 2009

More on Google Wave

From Shannon Clark, from a mailing list, with permission (and a very few light edits because of its original mailing list context):

I just got back from Google IO – but couldn’t hangout as long as I wanted to this afternoon, but I did talk with some of the Wave team.

It is not yet released, they have published dev docs and are taking signups for people who are interested and they are working on opening it up as quickly as possible.

From what I’ve seen so far, it indeed looks exceptionally cool – and is very important to the future of the web.

It is also, and this is a key point, tied closely to the release and support of HTML 5 – so watch how that progresses in Chrome & Safari – Version 4 of Safari is in beta and available easily btw (and watch for the release of Firefox 3.5) – when those are released out of dev into prod supporting HTML 5 I’d predict we’ll see Wave (and likely other surprisingly powerful applications) start to get released that take advantage of HTML 5’s features.

In particular the “Web Worker” feature which allows for a web page to do background processing is pretty key – potentially I suspect also a security concern (though I hope this is not the case) but more practically it means that web pages can do even more intensive processing without killing your ability to switch tabs & keep working (some other moves Google is proposing would enhance this capabilities even further)

The other features are also pretty nifty

– a standard data store to allow for offline applications (without a plugin like Google Gears being required),

– standard ways to do geolocation (where the browser/OS chooses which tools to use to calculate it, the web page only gets the data if you give it permission to do so),

– a video tag also removing yet another plugin being needed – it also allows multiple video elements of a page to manipulated by CSS & Javascript – Google demoed a YouTube page where every thumbnail could play on mouseover – all while loading very quickly) – see http://youtube.com/html5 if you have a dev release which is HTML5 compatible

– a canvas tag which is an area that is pixel level addressable by javascript – allows for really smooth applications to be built & developed

– in talking with people at Google they definitely intend to open source the client & eventually probably the server – currently the whole app is over 1M lines of code which they are reviewing to ensure they can in fact open source all of it (my guess is the would rewrite sections they can’t open source currently – stuff that perhaps uses a licensed library etc)

The plan is for companies or organizations to be able to run their own Wave servers – which might then do federation.

That said, from the conversations it sounds like they have found issues and complications with Federation so that may be a feature left out early on (which isn’t a big deal for the initial releases if Google will be hosting all of the first Waves).

Look carefully at some of the posts about Wave – in particular the distinction between Gadgets & Robots. Gadgets being stuff like the existing OpenSocial apps (which will mostly all work directly) – chess games & other rich, usually social applications which will be embedable into a specific wave.

Robots on the other hand are much like old IRC robots – but can do much more than just respond to a chat/hold a conversation – they will also be able to modify a wave much as any other user – so they could do automated spell checking/translation, could modify/enhance content which is posted (making stocktickers links or the like), and can serve as bridges with other systems – so one of the first Google wrote links specific tweets into a Wave.

Very cool stuff

[Tags: ]

Initial reaction to Google Wave: Maybe transformative

I’m excited about Google Wave, based on TechCrunch’s description of it, and my own fervid projections of what I’d like it to be. If I’m understanding it correctly — and the likelihood is that I’m not … take that as a serious warning — this could be bigger than Facebook and MySpace in terms of how it terraforms the Net.

Social networking sites were hugely important because they addressed a huge lack. The Web knows how pages are linked, but it knows nothing about the relationships among groups of people. SNS’s added that layer. And the smartest of the social network sites treated themselves as platforms on which other apps could be built. Google Wave goes back to the Internet’s most basic layer: people talking with one another. While there are obviously lots of apps and protocols enabling the back and forth gesticulating we call “conversation,” there’s been nothing underneath them all that recognizes that they’re all different ways of doing the same basic thing: IM doesn’t know about email doesn’t know about Usenet doesn’t know about chat doesn’t know about Facebook messaging doesn’t know about Twitter. Each of these ways humans have invented to talk with one another is treated as its own separate app, as different as playing a zombie-killing game and marking up x-rays. In fact, many years ago, a few of us tried to generate interest in what we called threadsML, which we hoped (vainly) would be a standard way for conversations to be shared, stored, and moved around.

Wave, as I understand it, is a platform underneath the multiple modalities of human conversation. It doesn’t care if you’re emailing, IMing, or throwing photos at one another. The structural object is the conversation; the means of conversation is just a detail. [Note: I think.] The fact that you said “No way!” using IM when talking in realtime with a friend who’s reading the same email thread with you no longer will mean your expostulation will have to be treated as a separate app, just as when talking in the real world, we don’t count our hand gestures as something apart from the conversation just because we make them with our hands instead of with our mouths.

So far, Google is (unsurprisingly) doing the right and smart thing, opening it up to developers early on, using the open XMPP protocol, and open sourcing the Google Wave Federation Protocol. If this is to be more than just another app for talking, Google has to treat it like an open platform. The first sign of lock-in will scare away the very folks Google needs if Wave is to be more than just a shiny new set of tin cans and string for those who want to talk with other Google users.

There’s lots that could go wrong. And my understanding of Wave is so preliminary that I’m sorry to be so far out on the limb. But I’ve been waiting on this limb for a long time, frustrated that conversations are splintered by medium when they should be joined by topic and social group. Wave is the first thing I’ve seen that offers a genuine hope for getting this right by starting with the most fundamental social object we have: people talking with one another.

I think.

[Tags: ]

[berkman] Chris Soghoian on privacy in the cloud

Chris Soghoian is giving a Berkman lunchtime talk called: “Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era,” based on paper he’s just written. In the interest of time, he’s not going to talk about the “miscreants in government” today.

NOTE: Live-blogging. Getting things wrong. Missing points. Omitting key information. Introducing artificial choppiness. Over-emphasizing small matters. Paraphrasing badly. Not running a spellpchecker. Mangling other people’s ideas and words. You are warned, people.

Pew says that “over 69% of Americans use webmail services, store data online, or other use software programs such as word processing applications whose functionality is in the cloud.” Chris’ question: Why have cloud providers failed to provide adequate security for the customers. (”Cloud computing” = users’ data is stored on a company server and the app is delivered through a browser.)

He says that providers are moving to the cloud because they don’t have to worry about privacy. Plus they can lock out troublesome users or countries. It lets them protect patented algorithms. They can do targeted advertising. And they can provide instant updates. Users get cheap/free software, auto revision control, easy collaboration, and worldwide accessibility. Chris refers to “Cloud creep”: the increasing use of cloud computing, its installation on new PCs, etc. Vivek Kundra switched 38,000 DC employees over to Google Docs becore he became Federal CIO. “It’s clear he’s Google-crazy.” Many people may not even know they’ve shifted to the cloud. Many cloud apps now provide offline access as well. HTML 5 (Firefox 3.5) provide offline access without even requiring synchronizers such as Google Gears.

Chris says that using a single browser to access every sort of site — from safe to dangerous — is bad practice. Single-site browsers avoid that. E.g., Mozilla Prism keeps its site in its own space. With Prism, you have an icon on your desktop for, e.g., Google Docs. It opens in a browser that can’t go anywhere else; it doesn’t look like a cloud app. “It’s a really cool technology.” Chris uses it for online banking, etc.

Conclusion of Part 1 of Chris’ talk: Cloud services are being used increasingly, and users don’t always know it.

Part 2

We use encryption routinely. SSl/TLS is used by banks, e-commerce, etc. But the cloud providers don’t use SSL for much other than the login screen. Your documents, your spreadsheets, etc., can easily be packet-sniffed. Your authentication cookies can be intercepted. That lets someone login, modify, delete, or pretend to be you. “This is a big deal.” (The “Cookie Monster” tool lets you hijack authentication cookies. AIMJECT lets you intercept IM sessions; you can even interject your own messages.)

This problem has been wn since August 2007, and all the main cloud providers were notified. It took Google a year to release a fix, and even so it hasn’t been turned on by default. Facebook, Yahoo mail, Microsoft, etc. don’t even offer SSL. Google says it doesn’t turn it on by default because it can slow down your computer, because it has to decrypt your data. But Google does require you to use it for Google Health, because the law requires it. To get SSL for gmail, you have to go 5 levels down to set it.

So, why doesn’t Google provide SSL bu default? Because it takes “vastly more processing power,” and thus is very expensive for Google. SSL isn’t a big deal when done on your computer (the client computer), but for cloud computing, it would all fall on Google’s shoulders. “If 100% of Google’s customers opt to use SSL, it sees no new profits, but higher costs.” “And Google is one of the better ones.” The only better one, in Chris’ view, is Adobe, which turns it on by default for its online image editing service. [Here’s a page that tells you how to turn on SSL for a Google Accounts account.]

Chris thinks that cloud computing security may be a type of “shrouded attribute,” i.e. am attribute that isn’t considered when making a buying decision. But, Chris says, defaults matter. E.g., if employees opt employees into a 401K, no one opts out, but if you leave it to employees to opt in, fewer than half do. Facebook, for example, seems to blame the user for not turning privacy features off. “Users should be given safe services by default.”

Part 3: Fixing it

Chris draws analogies to seatbelts and tobacco legislation. He recommends that we go down the cigarette pathway first: Raise publice awareness so that they demand mandatory warnings for insecure apps. E.g., “WARNING: Email messagew that you write can be read, intercepted or stolen. Click here to turn on protection…” [Chris’ version was better. Couldn’t type fast enough.]

Or, if necessary, we could pass regulations mandating SSL. T he FTC could rule that companies that claim their services are safe are lying.

Q: [me] How much crime does this enable?<br
A: The tools are out there. But there’s no data because intercepting packets leaves no traces.

Q: How about OpenID?
A: The issue of authentication cookies is the same.

Q: Should we have a star rating system?
A: Maybe.

Q: The lack of data about the crime is a problem for getting people to act. Maybe you should look at the effect on children: Web sites aimed for children, under 18 year olds using Facebook…
A: Good idea! Although Google’s terms of service don’t allow people under 18 to use any of their services.

Q: People also feel there’s safety in numbers.

Q: How much more processing power would SSL require from Google?
A: Google custom builds its servers. Adding in a new feature would require crypto-co-processor cards. I don’t think they have those. They’d have to deploy them.

Q: There are GreaseMonkey scripts that require FB to use SSL. Worthwhile?
A: FB won’t accept SSL connections.

Q: Google Chrome’s incognito mode? Does it help with anything?
A: It helps with porn. That cleans up your history, but it doesn’t encrypt traffic.

Q: The vast majority of people where I live don’t lock their house doors. And [says someone else] people don’t lock their mailboxes even though they contain confidential docs.
A: Do you walk around with your ATM PIN number on your forehead? Your bank uses SSL because it’s legally responsible for electronic break-ins, whereas Google isn’t.
A: The risk is small if you’re using a wired ethernet connection or a protected wifi connection.

Q: With seatbelts and smoking, your life’s at risk. For Gmail, the risk seems different. There aren’t data, screaming victims, etc. It makes the demand for regulation harder to stimulate.
A: The analogy doesn’t work 100%. But I think the disanalogy works in my favor: It’s hard to have a cigarette that doesn’t harm you, but it’s easy to have a secure SSL connection.

Q: Shouldn’t business care about this?
A: Yes, CIO’s can make that decision and turn on encryption for the entire org. Consumers have to be their own CIOs.

[from the IRC] Maybe the govrnment wants Google to be insecure to enable snooping.
A: Allow me to put on my tin foil hat. Last year the head of DNI said that the gov’t collects vast amounts of traffic. We don’t know how they’re doing it, which networks they’re collecting data from. If Google and AT&T, etc., turned on SSL be default, the gov’t’s job would be much harder. Google has other reasons to keep SSL off, but it works out to the gov’t’s benefit.

Does Adobe’s online wordprocessor, Buzzword, offer SSL for its docs?
A: Don’t know. [It does] [Tags: ]

WolframAlpha and the rush to racism

The article in Gizmodo that says that WolframAlpha is racist is ridiculous. Yes, if you search at WA for “dumb,” you get a graphic “synonym network” of associations that leads to “black,” but can we please apply the most basic rule of sympathetic reading and come up with the much more plausible explanation: The network goes from “dumb” to “dim” to a bunch of words related to “dim,” including “black.” This makes WA as racist as Google’s “wonderwheel” for “dumb” leading directly to “dumb blondes” makes Google sexist.

(BTW, those WA synonym trees are pretty useless, at least in Firefox, at least on my computer; hovering over a node doesn’t reveal which word it represents. Maybe it’s just my furshlugginer configuration.)

[Tags: ]

Data.gov – Symbolic of what’s right with the Obama administration

Wired.com reports that Data.gov has opened to “mixed reviews.” Puhlease. It’s nowhere near what it will be, but OH MY TOASTY GOD, our government is now committed to making public data available in open formats to anyone who wants it. As if it were normal! As if it were obviously the right thing to do! In open formats, people!

So, sure, let’s keep an eye on it. Let’s make sure the news permeates every government department. But first let’s swoon in delight.

[Tags: ]

Timegliding the Rosenberg case

The Rosenberg spy case, which was a touchstone for the left and the right — or the pinkos and the McCarthyites, as it’s thought of in the Culture Wars — has been made more understandable by the Cold War International History Project by the creation of a Timeglide time line. It’s useful as a supplement to a narrative and as a way to drill down, although by itself it’s not the optimal way of telling the story, nor is it intended to be. (It may also work better for people with brainage opposite to mine.)

I’m not an expert in the case, so I can’t judge its accuracy or completeness. But it’s got lots of links to sources. And it’s a very nice way of organizing a mass of time-based materials.

[Tags: ]

WolframAlpha’s big problem

After a day of poking at the awesome WolframAlpha and watching some of the reactions around the Web, a major problem has emerged. WA is fantastic if it has what you’re looking for. But if it doesn’t, it looks like it’s failed, as in: “What? It can’t tell me how much energy it would take to move Henry VIII one kilometer, expressed in cheeseburger-calories? What a piece of crap!”

Google doesn’t have this problem. If you get no hits, it’s almost always because you’ve so egregiously mistyped something that no one else on the planet has ever posted anything with that same typo. Or, it’s because you’ve put an odd phrase in quotes, which requires taking the special action of, well, putting things in quotes. Almost always, Google succeeds at what it does (find pages that contain particular text), even when it fails at what you want (find a particular answer).

WolframAlpha, on the other hand, is like a roomful of idiot savants. Each knows a scary amount about a topic. And, unlike a such a roomful, WA also knows how to recombine and compute what each of the savants knows. But if the room doesn’t have the savant you’re looking for, you get back nothing but a “Huh?”

The eclecticism of WolframAlpha is its selling point. But the delight that it knows things you would never have guessed at means that you can have trouble guessing what it knows about. The question is whether general users will go back enough times to be trained on the sorts of questions it can answer. If not, WA will remain an awesome tool to specialists but will not become the broad, general-purpose tool it wants to be.

It would, however, be a completely awesome addition to Google…a path I suspect Stephen Wolfram does not want to take.

[Tags: ]

[berkman] David Bollier on the commons

David Bollier is giving a Berkman talk on governing the commons. David is the author of Viral Spiral: How the Commoners Built a Digital Republic of Their Own. His talk: “How shall we govern the commons?”

NOTE: Live-blogging. Getting things wrong. Missing points. Omitting key information. Introducing artificial choppiness. Over-emphasizing small matters. Paraphrasing badly. Not running a spellpchecker. Mangling other people’s ideas and words. You are warned, people.

His book looks at the arc of the development of open access and commonses. [What the heck is the plural of “commons”?] The commons is a new sector, and how we govern it is an urgent issue. Benkler, Zittrain, Lessig, and Bauers have addressed this, David says.

The commons is an ancient, new, and misunderstood paradigm, David says. It dates back to the medieval grazing of cattle. It’s a social system for managing shared resources. It was also a source of collective purposes, and custom and tradition. He recommends “The Magna Carta Manifesto” that looks at the struggle for the commons, with the Magna Carta being an armistice. The public domain was the closest we had to a commons until around 2000. The public domain was viewed by copyright traditionalists as a junkyward because the only people in it were things that had no commercial value. The first law review article on the commons didn’t occur until 1981. He cites Jack Valenti, a rich quote about a public domain work as “soiled and haggard, barren of its previous virtues.” Richard Stallman showed the efficacy and virtues of free software. He showed that incompatible code leads to a tower of Babel. The problem with Stallman’s Emacs Commune was that everything had to feed back to a central source (Stallman) and there was no governance. The General Public License gave legal protections to the Commons. Then the Net took off. We got new infrastructures for building commons, technologic, legal, and social.

Garrett Hardin who wrote about the “tragedy of the commons” later acknowledged that it didn’t apply to commons that have governance. The commons is generative (to use Jonathan Zittrain’s term). “The commons is a macro-economic and cultural force in its own right.” So, how shall we govern it? “This area is terribly under-theorized.” Elinor Ostrom set forth 8 design principles to allow a commons to be governed as a commons, e.g., clear boundaries, appropriateness to the local area, monitoring, transparency, graduated sanctions against free riders and vandals…

Ostrom once showed David a photo of a chair occupying a shoveled out space during a snow storm with a chair occupying it until the person who shoveled it comes back. Ostrom says that that’s a commons because, “It’s a shared understanding by the neighborhood about how to allocate a scarce resource.” David says a commons arises when a neighborhood decides to manage a resource in an equitable way. One thing this shows is a conflict between commons governance and government, since the mayor tried to ban this practice.

He says we need a new taxonomy of digital commons. How do you protect the integrity of the shared resource and the community itself. He points to some distinctions:

Open vs. Free raises questions of business appropriation vs. community control, digital sharecropping vs. commons governance, monetization or maintenance as an inalienable resource.

Individual choice vs. Community. Creative Commons may undermine commons building because it allows opt in or opt out. The GPL is a purer type of commons: There’s a binary choice: you’re in the commons or you’re not.

Building within the house of copyright or challenge property discourse? Niva Elkin-Koren, for example, thinks CC encourages self-interest and doesn’t build out a coherent commons vision. [Paraphrase of a paraphrase! Reader beware!] The Global South views CC as depending on Western law and as a type of derivative of private property. Fair Use activists, on the other hand, want us to grapple wit hte prevailing practices in copyright law.

Commons vs. Markets. Or at they friends? It depends. There’s a spectrum. Open platforms. Innocentive (drug queries where answerers get a bounty). Democratizing innovation, a la Eric Von Hippel. Magnatune (a “respectful interface between the commons and the market”) or the Grateful Dead allowing home-made recordings. Market-oriented non-profits.

The commons is, David says, a “new social metabolism for governance and law, with economic and cultural impact.”

Q: How about more examples? How about Huffington Post?
A: Open platform with some participation. But how about: WikiTravel is an interesting mix. DailyKos: A user-generated community of commentary. Internet Archive. Flickr. Jamendo library of CC music. Blip.tv.

Q: (doc searls) You offer an organic metaphor, whereas we think of the Commons as a space. Will it take?
A: Who knows. But it presents it as a relationship.
Doc: I wonder if there’s a relato-sphere that isn’t metabolic. A metabolism burns energy. It creates gas.
A: A legal system is a conversation about shared power [he quotes someone I missed, and I’m paraphrasing] Q: But metabolism also implies homeostasis. A: Its organic property is why commons sometimes outperform markets. Charlie Nesson: Don’t confuse law in principle (we all live under the law, a set of shared values) and as a social environment (a mediated discourse in which people are assisted in relating by its structure).

Q: What about the international aspect of commons.
A: Cf. “Global Legal Pluralism.” There’s a case to dealing with this locally rather than doing it top-down through nation states. There are certainly tensions as you expand this trans-nationally.

Q: (wendy seltzer) The question of governance is partially a horiztonal dividing of what’s been shared and a vertical set of relationships to maintain the platform. Does this get towards how we can push for open platforms on which we can build commons?
A: Lessig once said he saw the amassing of a constituency for a commons as an important political strategy for assuring an open Internet. The commons is a verb, a commoning.

Q: The vast majority of free software projects are very hierarchical. The freedoms it lists are individualistic. Our rules on collective governance are based on highly individualistic control. How do we move forward.
A: The preponderance of SourceForge communities are small. How do you scale up governance? It is a key issue and I don’t know the answer.
Charlie: David Hoffman writes about this. It’s about creating a border that keeps out the griefers. That’s essential.
A: They have to be organically grow…

Q: [ethan zuckerman] The old idea of the commons was that we were independent homesteaders who can make our own butter. But the openness of the code doesn’t help most people. And it gets worse. A lot of the interesting communities are on closed, commercial platforms. The attempts to have a constitutional moment on Facebook are pathetic. How can you bring your thinking about governance into commercial spaces? Can that be done?
A: That’s the right direction. We have to find respectful relationships among private businesses and commons. Maybe we need new revenue models.

Q: [darius] The tragedy of the commons has devastated my country, Poland. Not because there was no governance. The structures were didn’t align public interest and private incentives. Intellectuals assumed people would contribute for free. You haven’t mentioned motivations…
A: Self-interest is far broader than traditional economists have regarded it. We need to devise structures that can be hearty and sustainable that serve the public interest.

Q: To what degree is power concentrated in different commons? Usually a small group holds veto power. E.g., most open source projects have lead developers. To what degree do you need a de facto leader?
A: You need de facto structures. And you do sometimes get concentrated monopolies where forking isn’t really an option.
Ben: Some large open source projects are governed democratically. E.g., Debian.

Q: [me]
A: I think you have a fragmented view. Trying to amass a unitary view of the commons is doomed to failure beause all of them have rootedness in the local
<
me: Do we need a meta rule that says here’s how we maximize local control of commons?
A: That’s the direction we need to go in. But that’s a political frontier we haven’t gotten to.

[wendy seltzer] Is there a natural limit to the size of commons?
A: Maybe, but there are all sorts of technological prostheses…
wendy: When you tie this to communities…
A: There may be a type of speciation.

Q: Something like BitTorrent — a true commons where people are sharing resources — suggests that there’s an outside of the fence direction…
A: Commons has some way of integrity of its asset.

Q: Commons can fail. What are the most common failure modes?
A: Not having adequate enforcement of boundaries, etc. Part of what’s so fascinating is watching commons proliferate, and dealing with the theory later.

Q: [charlie nesson] I think of the commons as everything you can reach for free. There are forces that want to capture the potential of the commons. What we’re looking for is the engine that makes the commons itself robust enough to resist that. I think of the law as the instrument of enclosure. The root to building that robustness is not litigation. We have to build up a force. The question comes down not to how we govern the commons, but how do given enterprises build self-sustaining business models on a gift economy?
A: Yes. We’re trying to build our space, our own republic.

[I missed a bunch. Sorry. Check the Berkman webcast site to find the webcast.] [Tags: ]

Robin Chase on the smart grid, smart cars, and the power of mesh networks

Pardon the self-bloggery-floggery, but Wired.com has just posted an article of mine that presents Robin “ZipCar” Chase’s argument that the smart grid and smart cars need to be thought about together. Actually, she wants all the infrastructures we’re now building out to adopt open, Net standards, and would prefer that the Internet of Everything be meshed up together. (Time Mag just named Robin as one of the world’s 100 most influential people. We can only hope that’s true.)

The article is currently on Wired’s automotive page, but it may be moved to the main page today or tomorrow.

[Tags: ]

WolframAlpha vs. Google

David Talbot at Technology Review has run the same queries through Google and WolframAlpha. (WA isn’t yet open to the general public, i.e., to you and me.) The queries tend to be of the sort that WA will be better at: comparisons and computations. WA comes out well, but be sure to read David’s writeup of comments on his article.

The overall conclusion is, I think, that it’s going to take a while for WA to train us on the sorts of questions it can answer and how best to ask those questions.

(Some me-centric links: Live blog of Wolfram’s presentation at Harvard. Video of that presentation. My podcast interview with him. My too-early assessment of WA.)

[Tags: ]

Next »