Premium Content Available

In the next few days, you’ll be introduced to Technosailor Premium Content. It’s premium because you have to do something to get it. In many cases, that something is paying a fee. Not in this case. This premium content is completely free. You might think I’m going to collect your email address or make you register for something. Again, not in this case. The only hoop you have to jump through is subscribing to my feed.

The more the internet evolves and people consume content different ways, the more important it is that feeds exist and are used. In this case, I’m providing select content to only subscribers to this site’s feed. Dave Taylor has a great write up on how to subscribe to RSS – in case you’re not sure how to do that. Add Google Reader to your list. In most cases, subscribing is as simple as entering the URL for this site.

You might wonder what kind of content will be available? Lots of stuff. Premium stuff. Cutting Edge stuff. I can say there won’t be tons of Premie content but there will be enough that if you’re not reading, you’re missing out. Already, I have several interviews lined up. I’ll also release any plugins or code I write as premium content, so you’ll want to subscribe.

I’ll also throw out an olive branch for those of ou who simply don’t want to subscribe to the feed because you like to come to the site or something. After two weeks as premium content, everything will be available on the site. You’ll be late. You might miss it. Google won’t, but you might. So make sure you subscribe.

Google Video Security Flaw: FALSE; MySpace Flaw: Confirmed

Tamar Weinberg writes a post declaring that “Google Video Flaw Raises Privacy Concerns By Exposing Usernames and Passwords“.

Nice linkbait, but completely false. The real weight of this flaw lies solely on MySpace (I know, there are apparently no security issues with MySpace, but I digress). In fact, if you examine the headers of a MySpace login, it is obvious to see that MySpace itself is transmitting username and password in plaintext in the headers.

Most people don’t look at headers. Why should they? They are the communication vehicles of browsers and server and not users. However, an examination of these headers by sleuthful individuals can find out all kinds of useful information.

Let’s look at the MySpace header that contains the username and password:


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
http://login.myspace.com/index.cfm?fuseaction=login.process&MyToken=c7fd399e-2c28-4615-889e-dbf5c2cea71b

POST /index.cfm?fuseaction=login.process&MyToken=c7fd399e-2c28-4615-889e-dbf5c2cea71b HTTP/1.1
Host: login.myspace.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://myspace.com/
Cookie: MSCulture=IP=208.54.95.129&IPCulture=en-US&PreferredCulture=en-US&Country=US&timeZone=0&ForcedExpiration=0&USRLOC=QXJlYUNvZGU9MCZDaXR5PSZDb3VudHJ5Q29kZT1VUyZDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzJkRtYUNvZGU9MCZMYXRpdHVkZT0zOCZMb25naXR1ZGU9LTk3JlBvc3RhbENvZGU9JlJlZ2lvbk5hbWU9; NGUserID=a2825a9-4920-1181671731-2
Content-Type: application/x-www-form-urlencoded
Content-Length: 165
Login=&email=myemail%40hotmail.com&password=mypassword&ctl00%24Main%24SplashDisplay%24ctl01%24loginbutton.x=0&ctl00%24Main%24SplashDisplay%24ctl01%24loginbutton.y=0

The interesting part is right at the bottom where, if you look, my (now fake) username and password are displayed.

Update: To be fair, Facebook is guilty as charged as well.

Update 2: As does many other pieces of software. This highlights a deficiency in the HTTP protocol. HTML Password fields should be encrypted before transmission. Why is this not the case? What good reason can anyone give me why this should not have been fixed in, oh, 1996?

Federal Judge Ruling Issues In New Era of Non-Privacy

Never before has any judge declared that the memory footprint stored in RAM on computers was evidence. Now one has. CNET reports that the Motion Picture Association of America (MPAA) has asked the courts to rule that the small memory footprint that is stored in BitTorrent servers when users download videos from Torrent servers is evidence that can identify individuals downloading movies and television shows illegally.

The ruling passed down from the Central District of California orders TorrentSpy (and likely other Torrent companies) to begin tracking IP addresses from RAM.

The curious part about this ruling has nothing to do with the MPAA or TorrentSpy. The real issue, and much bigger, is the precedent set by the lower court. If this ruling is to stand, for the first time ever, temporary data in RAM would be considered under the law “Storage” and subject to subpoena. It does not take a whole lot of imagination to extrapolate how government and complainants can get access to information that they really shouldn’t have access to.

The Electronic Frontier Foundation, the online champion of privacy and freedom on the internet, is casting tentative support behind this sentiment. EFF attorney, Fred von Lohmann, states in an email to me, “We tend to agree. We’re looking into the case and may file an amicus brief in the coming weeks.”

Safari OS To Become the New Standard

I was not one of the folks who had the pleasure of being at WWDC07 today, however I followed closely what was being said through the variety of websites who were live blogging Steve Jobs’ keynote.

I was expecting a little more in the way of announcements today but got very little of that. Cool insight into what Leopard will look like in October and much needed improvements to .Mac. The biggest “read between the lines” moment came when Jobs announced that there is no SDK for the iPhone and, in fact, Safari 3 would be released for Windows (available for free download now for both Mac and Windows users) and would be deployed in its fullness on the iPhone.

What does this mean? It means that Apple has single handedly created the OS of the future and it is Safari. Notably, don’t ignore Google who seems to be Apple’s latest bed-buddy, and is poised to benefit the most from this move – particularly since there has been long standing rumor of the Google OS which has been vaporware so far but could very well blossom on the Safari Platform.

Yes, I did say Safari Platform. If the “read between the lines” moment was the intuitive announcement that there is no SDK for the iPhone and, in fact, web apps are the means of deploying iPhone software, and in fact Safari will be available to the vast majority of folks, there is no reason to believe that Safari is not the new OS platform.

“We have been trying to come up with a solution to expand the capabilities of iPhone by letting developers write great apps for it, and yet keep the iPhone reliable and secure. and we’ve come up with a very sweet solution,” said Jobs.

This capability is being exposed through the full version of Safari that will run on the iPhone, said Jobs, using Web 2.0-style technologies like AJAX that will enable developers to create content that “looks and behaves exactly like apps,” integrated with the iPhone and iPhone services.

“They can make a call, they can send an e-mail, they can look up a location on Google Maps,” Jobs added for emphasis. What’s more, distribution is simple because developers can put them up on their own servers, update the code themselves, and incorporate the built-in security that Web 2.0 applications provide.

“They run securely on the iPhone, so they don’t compromise its reliability or security. And guess what? There’s no [software development kit]. You’ve got everything you need, if you know how to write apps using existing Web standards,” Jobs said. (Macworld)

There is no barrier to entry to building software for the next generation smart phone and considering that the iPhone is locked into only AT&T here in the U.S. as the sole provider of the device for the next 5 years, it’s not unreasonable to assume challengers from other manufacturers and providers will emerge. In fact, Verizon Wireless is already talking about their own device in the fall.

If the challenger devices don’t have the same features as the iPhone, how are they challengers? Expect new mobile browsers that display “the real web”, and perhaps even device that ship with embedded Safari (don’t know the legalities of that so feel free to correct me on that!).

If Web apps are the future, there’s really no reason to assume that everyone won’t follow suit and that *ahem* Google *ahem* won’t be marketing Gmail, Documents and Spreadsheets, YouTube, Google Calendar and the plethora of other web based software that is already available to smart phone users.

Before you know it, Apple and Google will have created the world’s first OS in such a format.

Your thoughts?

Washington D.C. Area New Media Conference

For those of you in suburban Washington, I’ve been asked to be a panelist at the New Media Nouveaux Conference in Tyson’s Corner on July 13. The topic is “Futurists, what’s coming next?” and I’ll be sharing the stage with Sean Gorman, CEO of FortuisOne and Brian Williams, CEO of VigetLabs. The entire conference is branded, “How to Make Your Audience Fall Madly, Deeply, Crazy in Love With You, Your Message and Your Company.” Incidentally, that tagline wins the award for most thorough descriptive sentence.

See you there!

Update: Readers of this blog who have made more than 5 comments somewhere along the line, and who come to the event, should introduce yourself (You should introduce yourself anyway!). Those who have commented at least five times are eligible to recieve $100 in iTunes music from yours truly.

Hosting the Carnival of Maryland

Just a word to let you all know that I am hosting this week’s Carnival of Maryland. The Carnival is spearheaded by members of the Maryland Blogger Alliance, a loose confederation of bloggers from Maryland that began as political blogs banded together a few years ago and today represents a much broader cross-section of the Maryland blogosphere. Explore other MBA sites.

If you are from Maryland, think about submitting your entry for the Maryland blog carnival via the blog carnival submission site. Entries must be in by Saturday, June 16.

Facebook or MySpace?

My Art of War entry the other day caused quite a stir. Notably, it caused a stir with the readers of b5media blog BuzzNetworker where Kevin Palmer, the author who has developed a professional public profile using MySpace takes issue with my sentiments regarding Facebook’s success. He has successfully stirred the pot and many more commenters came out in support of MySpace than Facebook.

I’ve issued a challenge
. It’s really simple. Record a video and tell me why you prefer MySpace over Facebook. Keep it under a minute.

If I get a significant amount of input, I’ll publish the results as a video and you can say you were made into a movie star because of this blog (yeah, right!). Just to clarify, I need an actual file emailed to me. Feel free to publish to YouTube but if I don’t get a file, I can’t use it. :)

The YouTube Video Revolution

It was announced the other day that YouTube would begin serving H.264 video format on all their YouTube videos. This is an announcement that was made in conjunction with Apple regarding video formats for their Apple TV which uses Apple’s Quicktime format.

If you’re not familiar with H.264, it is a high definition video encoding protocol which allows for resolution scaling. It is the format used in Quicktime and video purchased on iTunes that allow HD crisp display on tiny iPod video screens and that allows for unpixelated resolution scaling on normal televisions.

It is the revolution of video but it’s not really new. It has become more known with the advent of iPod videos.

The plan is that all new videos will be encoded as H.264 starting sometime in the middle of June. There will be a significant quantity of YouTube content which will be available immediately for AppleTV users and new content will become available as YouTube users upload new content and as YouTube processes through their archives converting older content to the H.264 codec.

The big losers here are Microsoft and Adobe. Currently, all YouTube videos are played in a Flash video player (FLV). The move to a standardized codec means that proprietary solutions lose out. Adobe’s Flash? Gone. Microsoft’s Windows Media Player? Need to download a codec. Who wants to work for their videos?

H.264 can be played in most industry standard players. Quicktime, of course is the big one, making the deal a winner for Apple. AppleTV users are immediately benefited. iPhone users will benefit. Other players – VLC, MPlayer, and others.

From a business perspective, this deal continues to enhance the Google-Apple position that places the duo in stiff competition with Microsoft. The pair creates a highly distributed media network – Google with software and deliverables via the internet, and Apple with hardware multiplicity – iPod, Intel Macs, Apple TV, etc.

Meanwhile, Microsoft continues to promote their proprietary infrastructure cemented by Windows Media Center/Vista, the XBOX 360 and the Zune with restrictive access to non-Microsoft media distribution (no H.264/Mpeg-4 support built into Windows Media Player) . Incidentally, why does the Zune only integrate with a single OS media player while the iPod integrates with a cross-OS iTunes? Fascinating.

The Art of War: Facebook’s Strategic Plan for Ultimate Victory

Have you heard of MySpace? I had, once upon a time. Now, it seems to be off the grid. Facebook on the other hand has been making a progressive march to the sea and is taking no prisoners. In February of 2007, Facebook reported 18M users, up from 7.5M 7 months earlier. (Edited) Toronto claims 1 in 10 Torontonians as Facebook users (approximately the size of the Baltimore City population).

Facebook’s success has not been overnight. When it began, it was created as a closed social network for primarily high school and college students. Users would be able to join Facebook if they had a valid email address from a registerd University or other school. There was a smaller percentage of workplace networks where users could join if they had a valid company email address, but by and large these networks were much smaller due to reluctance of companies to join the social media revolution and risk employee productivity losses. Continue reading

Video Interview at Mesh

Loren Feldman and I sat down for an interview while at Mesh. Loren is probably my favorite new media guy ever. Says what he thinks and is highly entertaining, if sometimes mildly disturbing. Check out this video with him and I sitting down and talking about b5media, Macs and other stuff. Thanks Loren!