James Galvin

Damien has a fairly thorough rant about online advertising. Covers just about everything, from the ugliness of Google Ads to the deception of Pay Per Post (that’s these guys).

I always had similar feelings about advertising on blogs… I don’t have a problem with other people who do it, but I never would have considered baiting my users with spammy links on this site in return for few quid a week. I changed my tune this summer as I was consistently getting over 1000 unique visits each day - nearly all of which were search referrals landing on a couple of posts I made a over year ago about the RPG “Oblivion”. Some of the search terms were bordering on disturbing! Just as an experiment, I tacked Google ads on three old posts that were getting hit a lot by the search engines - in a couple of weeks I made enough for a few months hosting. I will admit, the temptation is there to do some more prominent advertising. This is effectively free money.

Evil Angel: Internet ads are so common these days, is anyone really inconvenienced by an oul banner or two?

Good Angel: Don’t listen to him. Would you try to sell stuff to your friends down in the pub?

Well, Good Angel, now that you mention it… I probably would. Don’t worry just yet, I’m not likely to start bombarding you all with animated smileyface banners just yet. The bulk of my traffic still comes from people searching for Night Elf porn, and it would not be worth fiddling with the layout just to claw in the extra $0.07 a week.

One of the most effective ways to achieve anonymity online is by using TOR - the Onion Router. A minority of volunteers run servers which make the service possible. It is risky, because, if you run a server, it could be your IP that is logged when somebody does something illegal.

The TOR website has an abuse FAQ that asks “So what should I expect if I run a server?”. The answer they give is:

If you run a Tor server that allows exit connections (such as the default exit policy), it’s probably safe to say that you will eventually hear from somebody. Abuse complaints may come in a variety of forms. For example:

* Somebody connects to Hotmail, and sends a ransom note to a company. The FBI sends you a polite email, you explain that you run a Tor server, and they say “oh well” and leave you alone.

Alexander W. Janssen tells a different story:

I was arrested. They scared my wife. They consfiscated all my equippment. They stopped the investigation. I’m sitting on a pile of bills from my lawyer no one except me has to pay. I’ll sue for compensation, but I don’t think that this will lead anywhere. I’m now accused of something else.

Michael Arrington has announced the relaunch of a more localised Techcrunch, Techcrunch UK - sometimes referred to as Techcrunch UK & Ireland. It’s good to see a place which will bring more coverage to Irish tech news, but it is disappointing to see the owner (of all people) referring to it as “Techcrunch UK”. Yes, I’m being a bit picky about this, but I’ve seen it cropping up so often lately, it is not a good precedent to set. I have no problem with people lumping the UK and Ireland in together - it makes a lot of sense. But at least the likes of Yahoo UK & Ireland give us our own subdomain!

I heard good things about Facebook and its open API, supposedly a major step in the evolution of social networking and the internet, but to me it feels like we’re going backwards. As I decline my 4th invitation to install the latest “Brain-guzzling Shoggoths” app added by an enthusiastic new Facebook user, I’m reminded of the old days - periodically changing my email addresses in order to escape from the mailing list of some vague acquaintances and their chain letters/campaigns to put an end to the horrors of Bonsai Kitten. Some time in 2005, the internet heaved a collective sigh of relief when people finally got the message and stopped forwarding on those “>>> 30 reasons why Jesus was Irish” mass-emails, and yet here I am bombarding my contacts with an invitation to Warbook - a scaled-down clone of those old webgames that I stopped playing eight years ago. 1997 has come back to haunt us. All we’re missing is Longwave Radio Atlantic 252 grinding out Mmmbop on loop. Shudder…

“It’s all about communication and interaction - you can keep in touch like never before”, they say. In 1997, we used to idle on IRC channels, occasionally slapping someone with a trout. These days, nobody even takes the courtesy to use a trout anymore. The only reason IRC is dying out is because you can’t advertise on it. I could be immersed in World of Warcraft, or some expansive telnet-based MUD from the 90’s, but instead I’m playing Duck Hunt in the browser window beside my profile. We have so many options for organised discussions, from powerful forum software to IRC and the likes of Tangler, but here we are restricting ourselves to 400 pixels of HTML tucked nicely above a big flashing ad banner.

It makes me wonder, will the novelty wear off, or is this the future? Back in the “beforetime”, people would speculate about the newest superchair with built in microwave-slash-toilet that allowed a user to control his entire life from the comfort of the living room. Now, as long as he keeps his profile up to date, he doesn’t even need to be himself anymore. The internet is a big place with some great applications, and we are too content to sit on the sofa.

Perhaps I’m missing out on something big, but for me, Facebook has only one major attraction - the ability to find and get back in touch with your former next-door neighbour’s pet goldfish. But, aside from a few gimmicky applications, is this any different from BeBo and all the rest?

The web was a more interesting place in 1997, when we all tried our best to make those Geocities templates work. We collected brightly flashing animated gifs to decorate the page - yes, it was ugly, but at least we were putting some thought into it! Facebook says you no longer need to make that effort. You paint yourself blue and white and line up along the wall with your copy of Scrabulous like everyone else. All together now:

“This is my profile. There are many like it but this one is mine. My profile is my best friend. It is my life.”

The social networks help people find each other, but it is the internet that brings them together. In the future, as open standards are further developed and syndication improves, I hope that there can be some engine that will reunite you with all your buddies, without requiring you to sell your soul to an advertising machine. We should be branching out to use the best software that is available to us for each task, rather than settling for primitive technology simply because it’s where our friends are.

It’s time to raise the bar in internet security, and this needs to start with the likes of Paypal. Since I began using the internet in 1996, it has been the same old story - plenty of advice about strong passwords and good security policies, but attitudes have still not changed. Good advice will get us nowhere - this was proven many times over, when the ILOVEYOU worm was followed up by Sircam and a thousand other bizarre email attachments that people insisted on opening.

Today I created a Paypal account for “casual” online sellers (there’s a pun in there somewhere but it is beyond my ability, unfortunately). Paypal requires a minimum of 8 characters in your password, and if you try to use “password” it replies: “Password contains a forbidden word”. This is a start, at least. So then instead, I use ‘qwertyui’. It is not difficult for a hacker to work off a list of the most common 8- or 9-letter passwords. How many Irish people do you think use ‘liverpool’ as their password? It might be safer to take the responsibility out of the user’s hands altogether, and force them to learn a random password, but that would most likely lead to sticky notes on the monitor.

A safer solution is to get people used to long pass phrases (15+ characters), with numbers, special characters, and letters in upper and lower case. If you make it difficult enough, then maybe they won’t be inclined to use the same password with every mickey mouse unencrypted database they sign up to, which can only be a good thing. I really don’t think Paypal are going to lose customers just by making it slightly harder to log in. Look at Bank of Ireland’s Banking 365, as an example: to log in, you need a seemingly random 6 digit user ID that nobody knows AND a 6 digit pin that nobody knows AND the answer to a security question that most people could find out. This is a major contrast to Paypal’s login: an email address that everyone knows, and potentially a weak password that most people could guess. And still you get groups of phishing victims who try to sue 365 Online for inadequate security.

Remember, this is not just some web forum or Wordpress blog you’re signing up to, it is more or less an online bank. You are leaving significant sums of money and your credit card details, flimsily protected by 8 letters. If I went through all the eBay sellers who were selling Liverpool merchandise, and attempted to log in to their Paypal using their email address and the password ‘liverpool’, how many accounts would I have access to?

As for the two security questions, here is a screenshot:

There is a serious oversight here. On one hand, Paypal give you two solid, difficult security questions that only you and your close family could answer (Last 4 characters of driver’s license and Last 4 digits of social security number), but then they undermine it with two questions so blindly obvious that you wonder why they bother with security questions at all? Which two security questions do you think the majority of the users are going to select? Definitely not the one that means they have to go rummaging for their driver’s license, and trying to remember their social security number.

I was never a fan of security questions anyway, simply because of the fact that anyone who knows me can find out the answer to just about any of them. I always lie, which kind of defeats the purpose. What about the people that don’t lie? How difficult would it be to log onto their Facebook and find out their dog’s name or city of birth? Why don’t Paypal just allow me to put in two secondary passwords, instead of answering dumb questions? Or why not allow me to define my own security questions, like some sites do? Better yet, why not get rid of security questions altogether - if you forget your password, you can phone up the support team, and they can ask you a bunch of security questions in the old fashioned way.

“But it doesn’t matter if they can answer my security questions, because they don’t have access to my email!” exclaims the Man in the Yellow Hat, giddily. I’m not the person to say how secure or insecure your email is, but from my days as a Linux sys admin, I did notice a couple of things:

• Do you send your password in plain text? If you’re not using SSL or TLS to connect POP3/IMAP server (most people are not), it could be painfully easy for someone on your network to get your password using a sniffer
• Is your DNS safe? I once emailed an Irish ISP and asked them to change the MX records for a decent sized domain - about 300 users actively using the email. They were very nice and friendly, and swiftly complied with my request, neglecting to ask for my credentials or a fax or phone call to verify the request. I was a new employee at the company and they had no way of knowing that I was authorised to make this change. I could have been anyone, and I could have configured my mail server to forward on all emails to the real mail server, so that the company would never even know they were being intercepted.

I’m sure there are hundreds of reasons not to trust in the security of your email account, but those are the two that taught me to take nothing for granted.

Any company that stores credit card information should be legally obliged to set a minimum security standard. I believe there are laws like this already in existence, does anyone have the details? I’m guessing they need to be either stepped up or actually enforced. It could be so easy to make a positive change in the general attitude, but as long as big sites like Paypal are happy with sub-par security policies, then we will always believe that typing more than 6 letters in a password is an unnecessary inconvenience.

The Forrester has compiled a list of the 100 oldest .com domain names.

Head over to Irish Election for the latest updates as the votes are being tallied up. The site has really come into its own now, enhanced by technologies like twitter and mySay (allows you to phone up and leave a voicemail which will instantly be available on the web) which are made for times like this. Here are instructions on how to contribute.

Somebody called Stephen gave an update on Cork North Central about an hour ago, which you can listen to online here.

I installed the new plugin from Wordpress.com - a very nice addon. Slightly worried about what I’m seeing though, as the first hit to come through was a search referral for “Night Elves having Sex” and it got worse from there.

Slashdot links to these survey results which show a 24.1% usage rate of Firefox in Europe. I’m happy to see that Ireland emerges slightly above average, with a rate of 24.9%, and experiencing a hefty increase. Slovenia grabs gold, with a score of 44.5%, followed by Finland on 41.3%. For some perspective - the UK came in at 18.0%, while North America has 15.1%.

When you consider that other browsers like Opera and Safari must surely rack up at least another 5% between them, there is no justification in this day and age for Internet Explorer Only websites and login systems, which unfortunately are all too common. I don’t have a copy of Windows, and lately I have had to borrow somebody else’s PC to get access to some sites which choose to exclude half of Slovenia and a quarter of the rest of the world. Hopefully these developers will wake up to the fact that Firefox is no longer just a thorn in the side like their old pal 640×480, and restricting to IE only is simply unforgivable. In the meantime, does anyone know a quick fix for emulating Internet Explorer 7 in Linux?

I spent some time today setting up a new TV the old fashioned way, scanning through the frequencies with the remote control. I confess that I was gripped by an eager anticipation as RTE 1 materialised on the screen - a residue of the excitment from the old days when one guy would be up on the roof adjusting the aerial, while the fella in the living room shouted up the chimney whenever the blob of dots on the screen began to resemble Gay Byrne. Somehow its still a surprise when TV3 and TG4 pop up on the box.

If you had asked me in 2001, I would not have predicted that six years later we would still be fiddling with bunny ears and coat hangers in Ireland, trying to tune in Network 2 without losing RTE 1. In the rising tide of media centre PCs and wifi enabled gaming consoles, surely this next six years will see major changes in the way we watch the television. TV over the internet has been a long time coming, but at last, it is safe to say that we’re nearly there.

The first step is modernising is increasing the definition, and just about everyone I know bought a HD-ready LCD TV this year, but none of them have actually gone so far as to watch anything in high def. Extra hardware requirements and monthly subscription costs for a couple of HD channels on Sky renders that service impractical. And with BlueRay still volatile in its infancy, I expect that only those of us rich enough to own a Playstation 3 will be experiencing that in the short term. This is why I see Zudeo Vuse, from Azureus, as being a great service. “A radically new way to discover and watch popular TV shows and hard-to-find videos - Hi-def and full screen” is exactly what the doctor ordered, and with BBC having pledged tons of content, this is a resource that is destined for very big things.

There has been plenty of news lately about Babelgum - a next generation TV provider with a Long Tail philosophy who recently set up shop in Dublin. Babelgum sounds promising, but it has been overshadowed a bit by Joost who are that bit closer to launch. I was pleased to receive my Joost invitation today, apparently they have been very busy fine-tuning it for me. They’ve even given me this here image which makes me so proud:

There’s no Linux version just yet, but they have released a client to run on my new Macbook Pro. I had a very quick tour of the software earlier, and it is impressive to say the least. The problem with beta software is that it doesn’t always work, and this is exactly what is stopping me from examining the service further. The Joost support forums are hopping at the moment with people unable to connect, and unfortunately one of them is me. First impressions - it looks great, but in a country where our ISPs think 128k upload is standard for broadband, do we have the bandwidth for it? I’ll come back to that…