Monday, April 03, 2006
The State of Web 2.0
Now that Web 2.0 has had its mainstream media coming-out party in both Newsweek and Slate recently (here and here), I thought I'd take some time this afternoon and try to get a real sense of the prevailing winds. Before I go further, I would ask all of you with innate dislike of the term to please hold it in for the length of this piece and actually read it. And everyone, please share your thoughts in the comments below. Also note that this is my personal assessment of Web 2.0 and is not official in any way. Please take everything I say here with a grain of salt but know that the facts presented here are as accurate as I could make them.Invariably, Web 2.0 is a term you love to hate or hate to love but either way, you'll know you'll get folk's attention by saying it. I've been lucky enough to talk to quite a fair number of people around the country about Web 2.0 in the last few months and hear what they think of it. An overall picture has begun to emerge out of these conversations. We'll get to what exactly Web 2.0 is again in a moment. But one important ingredient, perhaps the key ingredient, is that it describes the inversion of control of information, processes, and software wholesale over to the users of the Web. This is because users now generate the majority of content these days and they also provide the attention that drives almost everything online financially (particularly advertising). And all of us have a uniquely equal access to the global audience of the Web; each and every one of us now has our own world-class pulpit (in the forms of blogs, wikis, and other mechanisms) that is amazingly the equal of any other person on the Web. Web 2.0 has also been successful in spawning almost ten related sub-movements that range from Identity 2.0 to Democracy 2.0.
Torrents of online software for work, collaboration, and community
It turns out that the most popular posts I write by far are my Web 2.0 product summaries. My first one (The Best Web 2.0 Software of 2005) has had well in excess of 500,000 readers that I know of and has been translated into over a dozen languages. This not only shows the people power of the Web but also the widespread popular interest there is in good online software. Each Web 2.0 software list (the other two are here and here) was also a compelling example of a Web 2.0 meme known as harnessing collective intelligence; the user supplied comments on each post had far more good software listed in them than the main post did and were added purely by interested and enthusiastic readers who felt some site or another was missing.
Now, it does seem the social aspect of Web 2.0 is the the biggest roadblock for acceptance with technical people in the software industry. When I speak to people about Web 2.0, it's invariably the programmers and technicians, the on-the-ground folks that get their hands on the code and hardware that seem to think Web 2.0 is the most content free. Yet when I talk to the architects, CTOs, CIOs, and business people at the helm of things, they are already seriously considering the implications of Web 2.0 and are often deep in strategic thinking about it. Thus, I get little debate about Web 2.0 with the crowd most involved with strategic thinking in software and business, which makes some sense. Web 2.0 is not a technology, it's a way of architecting software and businesses and companies see the value in the Web 2.0 way of doing business. Also, sites and software that embody the tenets of Web 2.0 continue to appear.
The disconnect between the technicians and the architects and CTOs seems to come particularly from the social aspect of Web 2.0. It's this piece that often flips the "bozo bit" of technical people, who often have engineering background that demand explanations in terms of technology and often don't appreciate the social dimension. Web 2.0 just doesn't have that technological bent other than liking Web services, Ajax, and radical decentralization, which bring the services, content, and rich experiences to mass audiences. Web 2.0 is really a set of related forces, design patterns, and business models that are increasingly emerging onto the world stage. And these elements frequently defy detailed technical quantification, despite Tim O'Reilly's consummately well written description of Web 2.0 last year. It also has not helped that numerous folks have tried to co-opt the term for their own marketing and investment reasons, often without properly understanding what Web 2.0 is.
OK, one more time, what is Web 2.0 again?
For those who don't follow it all the time, it might even be hard to remember what all the pieces of Web 2.0 are (and keep in mind, these elements are often reinforcing, so Web 2.0 is definitely not a random grab bag of concepts). Even compact definitions are sometimes a little hard to stomach or conceptualize But the one I like the best so far is Michael Platt's recent interpretation just before SPARK. Keep in mind, the shortest definition that works for me is that "Web 2.0 is made of people." However, it's so short that important details are missing and so here's a paraphrase of Platt's summary.
- The Web and all its connected devices as one global platform of reusable services and data
- Data consumption and remixing from all sources, particularly user generated data
- Continuous and seamless update of software and data, often very rapidly
- Rich and interactive user interfaces
- Architecture of participation that encourages user contribution
I also wrote a review of the year's best Web 2.0 explanations a while back and it goes into these elements in more detail if you want it. But there's a lot more to Web 2.0 than these high level elements would indicate. A key aspect not mentioned here, though I cover it in Sixteen Ways to Think in Web 2.0, is the importance of user ownership of data. The centrality of the user as both a source of mass attention (over a hundred million people, probably 2 or 3 times that many, are online right now) and an irreplaceable source of highly valuable data, generally encourages that the user be handed control of the data they generate. If control over their own attention data is denied them, they will just go to those who will give them that control. This gives some insight into the implications of Web 2.0 concepts, which were mostly gathered by examining prevailing trends on the Web. Forrester is calling the resulting fall out of these changes Social Computing and it'll be interesting to see what the effects of the widepsread democratization of content and control will ultimately be a generation from now.
Lest we forget, the online software world, best exemplified by the things we see released on Michael Arrington's terrific and popular TechCrunch and Emily Chang's informative and comprehensive eHub, is just in its infancy; we have decades to go. And that's becaue the Web will be the primary place where the most useful software will be. Part of this move to the web is because just about everything will ultimately be connected to the Web anyway. And note that the innovation and power in software is already coming these days from the online, connected world. Part of it is the unpleasant aspects of our existing software experiences. People are very tired of synchronizing their data between work, home, and family computers, upgrading and patching their software, and worrying about security and backups. Ajax has been a force here (covered here in my popular State of Ajax) by allowing the creation of online software that is as good as native software (yes, a few limitations still exist, but can increasingly be worked around). Ajax is much more powerful because its connected status: it can reach people and information around the world. Ajax Desktops, as described by Richard MacManus and others are just a small example of the potential. These desktops are attempting to leverage people's scarce attention by providing a single collapsed view of everything they care about, from bookmarks to weather.
So, what's happening with Web 2.0?
Tim Leberecht has done some of the best summarizing of the mainstream media's recent coverage of Web 2.0. Essentially that Web 2.0 is largely an attempt to make money off of people by riding on their bring-your-own-content (BYOC). In a certain limited sense, this is true and there are indeed people attempting exactly this. Peer production has been very successful for certain Web 2.0 companies, particularly ones like Digg, Flickr, and Del.icio.us. Unfortunately, there is a profound paucity in this way of thinking, like in any quick-buck thinking. In a way similar to how open source software (OSS) democratized and decentralized control of software creation, commoditizing it relentlessly along the way, Web 2.0 sites is doing same thing with the control structures of society and business. Web 2.0 represents the unyielding shift towards putting the power to publish, communicate, socialize, and engage, using an almost-dizzying array of methods, in online two-way discourse and interchange. The Web is the medium, but it's powered by people.
A somewhat discouraging summary of Web 2.0 was recently written and posted recently at Basement.org. While I don't believe they sampled enough sites (and hey, I try to do the same thing below), their end point is correct. It's much less about Ajax and tag clouds and much more about being irresistably immersive. People have to want to stay in the community they find online, and if it's not there, they won't be there either. I think a lot of Web 2.0 software sites will wither and die on the vine because of this problem: namely not building the right social draws and retainers into their designs. But for every one that does fail, two more will take their place. The tools for creating online software are making it easy enough that TechCrunch could review online software between now and the end of time and miss most of them. But the majority of online software isn't really Web 2.0; they are missing the important pieces that really matter. David Linthicum recently worried about this in his Infoworld column, wondering if Web 2.0 the term could kill Web 2.0 itself. I don't believe it's a real concern. Why? Because the real Web 2.0 software floats to the top like a cork and the techniques are just too powerful and are easy enough to discover on your own, using the tools we have now.
As for other significant Web 2.0 trends, Web 2.0's techniques are starting to bleed into the enterprise, something I call Enterprise Web 2.0. The heavyweight and ponderous techniques for enterprise architecture and even SOA are just not anywhere near as vibrant as very similar approaches out in the wild. The mashup community on the Web is extremely active, even though still in its infancy. It won't be long before you see a lot of the lightweight Web 2.0 development techniques and tools, like Ruby on Rails, become mainstream in corporate software development. We are seeing surprisingly active interest in the conference circuit, with a large number of sessions about SOA, Ajax, and Web 2.0 in the enterprise in the next few months. Gartner has even coined the phrase for a SOA model that is compatible with the Web 2.0 world: Web-Oriented Architecture or WOA.
Some Apparent Web 2.0 Trends
- An Increasing Attention Scarcity: There isn't enough atttention, or users that supply it, to go around. Particuarly there's just too many channels vying for it or existing channels are still dominate the majority of attention. This will affect the viability of new online entries and force them to create innovative ways to acquire attention.
- Online Social Communities Are A Winning Model - It's unclear what the monetization is (other than advertising) or the cost of successfully starting one, but many of the fastest growing and most popular places heavily use social software techniques to draw and keep users. And some begunnung are to acquire valuations in the billions. (Some Examples: SecondLife, MySpace, FaceBook.).
- The RIA Model Works - Ajax was just coined last year but it looks like it's here to stay and then some. Using nothing more than what you find in the browser, Ajax can create great Web platform ready clients that are as good as native clients. To see the potential, check out the radically advanced Hive7 using nothing more than Javascript. Expect that XUL, WPF/E, and Flash will give Ajax a bit of a run for its money later this year though.
- The Mashup Phenomenon Will Mature or Wane - Part of the problem appears to be the tools but also the usefulness. Most mashups aren't more than a feature or two. More sophisticated ones are coming, but if compelling mashups don't materialize in bigger numbers, the technique could lose mindshare as a model for building composite online software made up from the services of multiple Web sites.
- Traditional Software Vendors Will Struggle in a Web 2.0 World - Microsoft and Google will likely figure it out, though it's not a sure thing either. Microsoft has serious product line baggage and Google has healthy challenges in managing its growth and maintaining a sharp focus on strategy. Google's latest products don't seem to have their famous edge, for example. The smaller, nimbler Web 2.0 startups might continue to be a great source of innovation but it might make sense for Google to acquire startups and immedatiely spin it off to avoid the "big company effect."
Finally, here is a quick traffic analysis of some of the Web 2.0 companies I've covered in my articles. Note that some are successful almost beyond description, at least in terms of user adoption. MySpace is probably the best example. It's actually going to run out of available users on the Web fairly quickly at its present growth rate (over a million new accounts every 4 days). Interestingly, some of the more well-known Web 2.0 companies are actually started to see a leveling off effect. Whether this is because of stiff online competition or boredom with the service, I can't say, though I would wager there have been effects from both.
In any case, there will be a Web 2.0 conference again this year and the Web 2.0 Journal was launched earlier this year (disclaimer: I am Editor-in-Chief). A new round of Web 2.0 software has also had tremendous successes (MySpace, Flickr, and many others) )and a great many people all over the world are actively trying to figure out how to make use of the Web 2.0 concepts before they experience the disruption it could cause their organizations. Apparently, as frequently unloved as the label is, Web 2.0 is here to stay. Remaining predictions: 1-The hype is going to ramp down quite a bit this year. 2- People will focus much more on using the ideas and ignoring the Web 2.0 hypesters more often. And 3- A lot of folks will still hate the term Web 2.0.
source:http://web2.wsj2.com/the_state_of_web_20.htm
Prisoner of Redmond:Yet Another Way Paul Allen Isn’t Like You or Me
Paul Allen is one week older than me. I have more kids but he has more toys -- a LOT more toys -- including professional football and basketball teams, SpaceShipOne, lots of planes and a HUGE boat. Allen is an enthusiast of epic proportions, but one of my fondest images of him was from the 20th anniversary party for the Altair 8800 computer (arguably the first PC), when Paul Allen-the-billionaire wanted some fast food late at night and -- not having a car -- WALKED through the drive-through as part of a long line of cars.
There was a time when Paul Allen, not Bill Gates, was the boss at Microsoft. When it came time to visit Albuquerque to demonstrate that first BASIC interpreter to the folks at MITs, Allen made the trip, not Gates. It was Paul Allen, not Gates, who was later offered the job as head of software for MITs -- a job I have in the past characterized as the single most expensive position in the history of employment because accepting that job meant that Allen got only 36 percent of Microsoft’s founders shares, compared to Bill Gates’ 64 percent.
There’s an irony in that stock differential, and it is that Gates argued HE was working 100 percent for Microsoft while Allen was working for both Microsoft and MITs, Microsoft’s only customer, and therefore deserved less stock because of his divided duties. The irony is that shortly after they divided the shares, Gates went to MITs founder Ed Roberts asking for a job, too, which Roberts gave him, paying $10 per hour. A more aggressive Paul Allen would have demanded a share adjustment at that point, but the real Paul Allen let it slide. “I made out okay,” he told me when I asked about it.
Four years later, when Microsoft had left New Mexico for offices in a bank building in Bellevue, Washington, and Jack Sams came from IBM looking for an operating system for the secret Project Acorn -- the IBM PC -- Allen was still the guy in charge. Sams mistook Gates for the office assistant. Though both Gates and Ballmer took part in those first talks with IBM, Sams recalled that the authority figure was definitely Paul Allen.
These roles changed over time, of course, and what clearly precipitated the change was Paul Allen’s health. He contracted Hodgkins Disease, a form of cancer, in 1982 when Allen was in charge of the development of MS-DOS 2.0, a complete rewrite of PC-DOS 1, which was itself mainly derived from Seattle Computer Products’ Quick and Dirty Operating System (QDOS) that Microsoft had acquired when Digital Research was unable to come to terms with IBM about using CP/M for the original PC. QDOS was simply not a very good product, and DOS 2.0 was intended to overcome the earlier products’ many problems. It would also eliminate that nascent rumor that QDOS was riddled with code “borrowed” from CP/M.
So DOS 2.0 was the most important Microsoft product to date and vital to cementing the company’s relationship with its biggest customer, IBM. It was also by far the most complex product in Microsoft’s young history, which again is why Paul Allen was put in charge. As development continued, Allen’s health began to deteriorate, so much so that the IBM team was worried that Allen might not survive. “He looked like death,” Sams told me. “But still they pushed him.”
In the Boys’ Club that was Microsoft in those days, maybe the concept of mortality was too abstract, maybe Allen’s poor health wasn’t as obvious to those around him every day as it was to the IBM team that visited from time to time. To his credit, Allen stayed long enough to finish the job, delivering DOS 2.0 then leaving the company forever, eventually to have a bone marrow transplant that cured him completely.
But during one of those last long nights of working to finish-up DOS 2.0, something happened. I have heard this story from two people, each of whom was a friend of Allen’s and in a position to know. Each told me the same story the same way. I am not staking my reputation on the accuracy of the story, but I am saying I have it from two good sources. Paul Allen certainly won’t confirm or deny it, so I’ll just throw it out for you to consider.
During one of those last long nights working to deliver DOS 2.0 in early 1983, I am told that Paul Allen heard Gates and Ballmer discussing his health and talking about how to get his Microsoft shares back if Allen were to die.
Maybe that’s just the sort of fiduciary discussion board members have to have, but it didn’t go over well with Paul Allen, who never returned to Microsoft, and over the next eight years, made huge efforts to secure his wealth from the fate of Microsoft. He sold large blocks of shares on a regular basis no matter whether the price was high or low. Then in October and November of 2000, just as he was finally leaving the Microsoft board, Allen did a series of financial transactions involving derivative securities called “collars,” that are a combination of a right to buy and a right to sell the stock at different prices such that both his upside and downside financial potential are limited. By the end of 2000, though Allen technically still owned 136 million Microsoft shares, his wealth was for practical purposes separate from that of Gates, Ballmer, and the rest of Microsoft.
I confirmed this with Peter Newcomb, the editor at Forbes whose job includes keeping track of the world’s 400 richest people and their money. Calling-up Allen’s financial information on his computer screen, Peter pointed to the sports teams, valued together at about $1 billion, the huge investment in Charter Communications, Allen’s Dreamworks stake, another $1 billion in real estate, and, oh yes, that Microsoft collar. “He’s worth a total of about $14 billion at this moment and while he has more than 100 million residual Microsoft shares,“ Peter said, “does Paul Allen care what happens to Microsoft? Only tangentially.“
Peter and Forbes were available in this case through the help of Rich Karlgaard, the publisher of Forbes, who is an old friend.
What do you do when your wealth is immense but completely tied to people whom you inherently do not trust? If you are Paul Allen you watch your tongue and spend eight years getting out from under that burden.
My reason for bringing up this topic at this time is because it will all shortly be back in the news as Microsoft goes to court later this year in what might well be its last-ever anti-trust trial. Remember those 19 states and the District of Columbia that settled over time for software vouchers and promises from Microsoft to no longer do evil? Well only Iowa remains, represented by a lady lawyer from Des Moines named Roxanne Conlin whom I have met. Roxanne is not in any way impressed with Microsoft vouchers, no matter how many there are. Looking for real money for the people of Iowa, Ms. Conlin is about to dredge-up all this old news and put a new spin on it.
Based purely on character (or lack of it), I confidently predict that Microsoft is going down. It should be interesting.
source:http://www.pbs.org/cringely/pulpit/pulpit20060330.html
CUTEST WEB SITE EVER DISCOVERED!!!
source:http://slashdot.org/article.pl?sid=06/03/31/1738258
Q&A with the father of Java
Mr. Gosling was born near Calgary in 1955 and went to high school and university in the city. He joined Sun in 1984 and is now a vice-president and chief technology officer of the company's developer products group.
This week, he gave an hour-long talk about Java and the computing world as part a conference for developers put on by Sun Microsystems Inc.
Dave Ebner of The Globe and Mail sat down with Mr. Gosling for half an hour after his speech. Casually dressed in a red track jacket, an orange Sun T-shirt and blue jeans, Mr. Gosling talked about the future of Java, the end of oil and "third world" North American phone companies. The conclusion: Unleash the creative weirdoes and good things will happen.
Q: What's a big challenge facing programmers?
A: People in this business tend to fixate on the technology side of things. The technology side is actually really easy. You can predict what's going to work technologically and what's not going to work.
The thing that's hard — and the thing that most people don't want to admit is the hard part — is the social experiment. What is it that people want? Go back a couple years. If you had tried to say that ringtones was going to be a multibillion-dollar business, you would have been laughed out of the room.
Q: You turned 50 last year. What are your goals for the decade ahead?
A: These days I'm doing what I can to steer the Java world in an interesting direction, whatever that turns out to be.
Q: Java's about a decade old. How long does it live? What comes next?
A: Well, I'm sure something will come after it but when and where and what that will look like, I'm not sure. Java is evolving. It's sort of embedded in the social experiment that is the Internet. There's been tremendous adoption of Java for building large-scale enterprise apps. It's worked tremendously well there. There's been all kinds of growth lately in cellphones and more and more embedded systems. It's all about making the environment around us more intelligent. A lot of the evolution we've been pushing is around the tools. That in conjunction with making the whole development process easier. Making sure we can push these things as far as we can.
Q: Was it a surprise that Java caught on so quickly?
A: Oh yeah, it shocked the hell out of me.
Q: What was the spark? The fact that Java was embraced in universities?
A: That certainly helped, but the adoption in university came afterwards. It came out in '95 and people started using it for all kinds of things. For the university world, it has this interesting property. On one hand, it's easy to use and education-friendly as Pascal had been historically. And on the other hand, it's got an upside. You can do adventurous things.
The core of the revolution in the education world was about the fact that it fit all their didactic requirements and it also gave people a career path. There was something they could do with it. With Pascal, if it was the only thing you knew, it wouldn't get you anywhere.
Q: Is it a disappointment at all that Sun didn't see as many money benefits from Java as it might have?
A: We've benefited hugely. If we had attempted to garner 100 per cent of the revenue in the Java world, it would have never have taken off. The world is filed with cool technologies that went nowhere because the owner of the technology strangled it.
Q: Is programming more exciting today than when it was when you were studying for your doctorate at Carnegie Mellon University (in Pittsburgh) in the late 1970s and early 1980s?
A: I don't know about more or less. It's certainly different. When I was starting, computer programming was an unusual thing to do. It had this strangeness about it that was enticing, but the kind of things you could do were pretty limited. These days, the fact that your average high-school student has on their little desktop computer more compute power than the biggest supercomputer that Cray ever built, I think is pretty damned exciting.
Q: You get back to Calgary often?
A: Several times a year, most of my family is here. My mom, my brother, my sister, 10,000 nephews.
Q: How'd you get started in the city?
A: When I was a teenager, I stumbled into this by accident at the University of Calgary, where they had a project that was working on the ISIS-2 satellite. That was an unusual and weird thing. A friend of my dad's took me on a tour of the university. I thought it was really cool. Being a sharp-eyed kid, and they were stupid enough to use combination locks rather than key locks, I learned how to break in to the data centre there and taught myself how to program. Then I met a bunch of the people from the ISIS-2 project and they need somebody who could write code and who was cheaper, so they hired me. That was a lot of fun.
Q: When you first started coding, did it immediately feel right?
A: At some level, the thing that gets it for me is building stuff. I'm as happy with a hammer and nail as I am with a keyboard. For me it's building stuff and the thrill I get when something actually emerges and works. The thing about computers that feeds into that is that building sophisticated stuff is a lot easier in the computer world than dealing with protons and neutrons. It's so much easier to whack together stuff in software.
Q: What's your view on the state of computer education in Canada?
A: I actually don't know enough to say anything really profound. At the time I graduated, when I was doing my undergraduate at the U of C, I was actually mostly doing grad courses. It was going to be really difficult to do a grad degree at the U of C. The only place that was slightly interesting was Waterloo. I applied to a whole lot of grad schools, all over the place, but only got one acceptance and that was Carnegie Mellon.
Q: What do you see for Calgary's future?
A: Calgary's got this incredible boom on, but it can't last. If it doesn't diversify its economy, it's going to be dead in 30 years — or whatever the number is. Nobody's saying the amount of oil and gas is infinite. The only argument is how long it's going to be until it's gone.
Q: In your presentation, you mentioned phone companies in North America, calling them "third world" for the lack of advances in mobile networks compared with elsewhere, like Japan. You even called the United States a "stone age country" when it comes to telecom. Are things improving?
A: They're moving — but at glacial speeds. I have to admit I don't have as much contact with them as I used to have, mostly because my stomach just isn't up for it. It seems to be more a matter of the old guard dying off than any enlightenment happening.
Q: Has North America's extensive fixed-line networks held back the jump to massive mobile development?
A: No. The place it's been most advanced and most interesting is Japan, and Japan has at least as much old-line infrastructure as North America. … They [NTT DoCoMo] came up with this scheme of encouraging third parties to develop lots and lots of services in the hopes that that would drive network usage. They came up with a methodology where you could be a software developer for their network. What it took the join was essentially nothing. So, you get two guys and a dog going off to do a game. The game would get popular and the way that popular culture works it explodes really quickly. People were going from napkin to millionaire in two months. This started this huge feeding frenzy of developers, writing all kinds of software, making it really easy for people to get at. It really hinged on having this mechanism from the phone company that allowed third-parties to do all kinds of stuff, to get great diversity.
I don't know how many times I've been in conversations with people [in North America] where they go, "Well, we think DoCoMo was stupid for giving up all that revenue. We want all of it. We're going to have our developers develop all the games." I actually had somebody from Telus say to me, "You know, we did this analysis and we decided that there are eight apps that people need on their cellphones. So we're having our developers develop those eight apps." And it's like — (Mr. Gosling scrunches his face with incredulity) — the person just so deeply doesn't get it.
First, the kind of apps that phone companies generate tend to be mind-numbingly bad. And you can't actually predict what's going to be successful. In a lot of these things that are truly social experiments, you got to try stuff. You've got to have the creative weirdoes out there. And by and large, creative weirdoes don't work for big phone companies. You've got to figure out a way to tap into the creative weirdoes.
Q: At Sun, are you closely involved in managing the company?
A: Not really. I'm pretty high up in the ranks, I'm a vice-president, but I have the luxury of being able to stay away from stuff. Sun's kind of a funny company when it comes to management. A lot of the oil companies are very hierarchical and Sun, on paper, we have a hierarchy, but as somebody once said, "Sun doesn't have an org chart, it has e-mail." Sun is more of a debating society than an organized corporation.
Q: Any concluding comments?
A: Lots of folks keep saying, "Oh isn't the Internet kind of done and boring now?" It's feeling to me like it's just barely started. … It feels like we've got a good 20, 30 years of good solid growth before this thing starts to look like or feel like it's matured and stable.
source:http://www.theglobeandmail.com/servlet/story/RTGAM.20060329.gtgoslingmar29/BNStory/Technology/home
A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
source:http://it.slashdot.org/article.pl?sid=06/03/31/228244
MIT spam conference focuses on phishing
“The spam problem will get worse, and the reason is phishing,” says Bill Yerazunis, senior research scientist with Mitsubishi Electric Research Laboratories, and chairman of the conference. Yerazunis estimates between 20% and 30% of all spam messages are phishing attacks that attempt to trick recipients into giving away personal or financial information. “For people who aren’t ‘Net savvy, they could lose their retirement money,” he says.
The response rate for phishing e-mails is much higher than for spam, says Paul Judge, CTO of messaging security maker CipherTrust. So while spammers have to send more and more unsolicited e-mail these days, as anti-spam filters get better at identifying and blocking spam, phishing attacks are well enough disguised that a higher percentage get through such filters, and more recipients click on them, he says.
Not only is phishing dangerous for potential victims, but it is destroying large banks and other companies’ ability to communicate with their customers in the most effective way, Judge continues. “Some of the most powerful entities on earth can’t talk to their customers over e-mail” because phishing has corroded their customers’ trust, he says.
As one of the dozen companies, universities, and laboratories presenting papers at the MIT Spam Conference, CipherTrust focused its talk exclusively on the rising threat of phishing. The company on Tuesday announced its PhishRegistry.org site, a service designed to warn legitimate Web sites when they are being spoofed by phishers.
CipherTrust has developed technology that creates a digital fingerprint of a Web site suspected to be bogus, and of the site it is spoofing, and compares the two looking for a match, says Jonathan Zdziarski, research scientist at CipherTrust. Once a bogus site is identified, CipherTrust feeds that information into its Radar anti-phishing service and also posts a notice at PhishRegistry.org, which Zdziarski defines as a “neighborhood watch for your Web site.”
Fresh from an IETF meeting last week, Sendmail’s Chief Science Officer Eric Allman spoke about the progress being made with DomainKeys Identified Mail (DKIM), a sender-authentication proposal from Yahoo and Cisco that’s wending its way through the standards body, and how it can be used to fight phishing.
In a presentation entitled “So you’ve got authentication now. Yippee,” Allman says that while DKIM isn’t a cure-all to the spam and phishing problem, it presents an effective way for the signer to assert they really did process the message, and to hold them responsible for it.
But DKIM and other authentication approaches won’t work in a vacuum, he says.
“We need to use authentication as input to a larger system; it’s one part of a big toolbox,” Allman says. “If something is authenticated that doesn’t necessarily mean that it’s good.”
While phishing has become a top concern in the spam-fighting community, the battle against simply annoying e-mail is far from over, and a number of papers presented at the conference focused on new ways to identify and block spam. Among these were a proposal to improve Bayesian filter accuracy, a system for generating temporary e-mail addresses so that a person’s preferred address doesn’t have to be given out, spam filters based on adaptive neural networks, a new message-verification platform.
source:http://www.networkworld.com/news/2006/032906-spam-phishing.html?page=2
Jailed Chinese journalist's family mulls filing court action against Yahoo
Zhang Yu, representing the family of Shi Tao, said they were considering taking Yahoo Hong Kong Holdings to court either here or in the United States.
'We believe what (Yahoo) did was illegal so we are considering taking Yahoo to court,' Zhang told reporters, adding that Yahoo had refused to discuss the matter with him.
Shi was sentenced in April last year after posting on the Internet a government order barring Chinese media from marking the 15th anniversary of the brutal Tiananmen Square crackdown on democracy activists.
Yahoo allegedly provided information that proved Shi had emailed the order from his office computer at the Contemporary Business News.
Pro-democracy legislator and lawyer Albert Ho showed journalists a copy of the verdict issued by a court in the central Chinese province of Hunan.
The document said: 'Yahoo Hong Kong Holdings provided materials that confirmed the user's information.' It also gave the IP (Internet Protocol) address of Shi's computer and his work phone number and address.
Ho said a formal complaint has been made to Hong Kong's Office of the Privacy Commission for Personal Data, a privacy watchdog, which told them it will investigate the case.
Shi has insisted he is innocent, arguing that the government order was not a state secret.
source:http://www.forbes.com/work/feeds/afx/2006/03/31/afx2636580.html
