The T-Files


Sun, 15 Jan 2012

140 characters can be a lot more than 140 bytes

Now that I have three Twitter accounts, I have to say I am very grateful that the 140 character limit is indeed a 140 character limit, and not a 140 byte limit. While that makes no difference for ASCII people, and only a tiny difference in the German language (umlauts), this is great for Chinese or Japanese tweets. For those, every character takes three bytes, but still counts as just a single character. In languages with such a rich "alphabet", you can say so much more in the short space of a tweet.

Sun, 25 Dec 2011

The Humble Indie Bundle #4

If you are looking for a last-minute Christmas gift for yourself or others, or just some computer game entertainment for the holidays, consider the Humble Indie Bundle, the fourth installment of which is currently available, but only for two more days.

A collection of twelve games created by independent developers, offered in an innovative pay-what-you-want model that also supports charity (Child's Play and the American Red Cross). Includes full and non-DRM downloads of all titles for all three major PC operating systems, plus soundtracks and Steam keys.

  • Gratuitious Space Battles
  • Cave Story+
  • Jamestown
  • Bit.Trip Runner
  • Super Meat Boy
  • Shank
  • NightSky HD
  • Crayon Physics Deluxe
  • Cogs
  • VVVVVV
  • Hammerfight
  • And Yet It Moves
Tue, 20 Dec 2011

iTunes in the German Cloud

I was quite surprised to find the new iTunes Match icon which must have appeared sometimes last week. Given the fight that the various groups representing rightsholders in Germany continue to put up against all kinds of Internet content services, I had not expected that to materialise for a long while (if ever). But it seems that for 25 Euro per year you can now officially put your library of non-iTunes-purchased music into Apple's digital locker, allowing you to stream it to all your fruity devices or just upconvert low-quality CD rips to 256kb DRM-free tracks.

Being not much of a music listener, iTunes Match itself is not a service I am interested in, but along with it comes iTunes in the Cloud, the ability to re-download songs previously purchased from Apple. Remember the broken track I got in October? Probably not, but I do. I was now able to click on a nice little cloud symbol and that got me a new version of the file, and this time it was complete. Happy. Plus I still have the voucher for another free song that I got from customer support. Double happiness.

Sat, 12 Nov 2011

I want myCloud

I like cloud computing. It makes computing hardware and network resources a commodity much like electricity, available to anyone, anytime, anywhere, freeing you, your programs, and your data from depending on particular physical devices. The network is the computer. That was Sun Microsystems' vision, and we can see it becoming a reality now.

Unfortunately, the more popular consumer-grade cloud services are all proprietary offerings, which undermines the commodity aspect quite a bit. You end up with vendor lock-in and loss of control over your processes and data. Depending on the kind of service and how well it integrates with others, this can become a real problem. Something like Dropbox is still relatively easy to replace, because you can at any time take your files elsewhere. But even with Dropbox you have the problem that all those programs that you have been using with it probably support only Dropbox and no other service. And trying to leave Facebook for another network while still being able to continue to chat with your friends and bringing all your posts and photos along seems downright impossible. You may not ever want to feel the need to migrate away from Dropbox or Facebook, but what if your cloud company goes out of business? Happened to me when drop.io was acquired.

In addition to lock-in, there is also the problem of centralisation, which also seems contrary to what cloud computing and the Internet itself stand for. If everyone has all their personal data stored at Amazon, Apple, Facebook and Google, the consequences of those services going down, losing data, leaking data, or being forced to disclose data could be disastrous. And with companies who let you use their services for free, you have to wonder in how many ways they monetize your information behind your back. Remember, if you are not paying for the product, you are the product.

So what I would like to see instead is open standards for interoperability between these cloud services. It should be like email: Every email application in the world is expected to be able to talk to every email service provider, and all email service providers are expected to deliver messages to customers of other email service providers. As a result, there a lot of email service providers, no single provider has everyone's email, you can choose the one you trust, you can have multiple email accounts for different purposes, you can even run your own email service (which most companies actually do).

When Apple's iCloud service was still in the rumor-mill, there was speculation if it would take the form of an updated Time Capsule device, something that people would buy and put into their home network and that would serve as a hub for synchronisation and backup between their devices. Especially since iCloud is more geared towards keeping all your devices in sync with each-other (as opposed to sharing content with other people), that seemed like a good idea. Taking this a little further, I'd love to have all my devices form an ad-hoc private network over whatever connection is available to them, with a dedicated hub being optional and not really central, and the ability to just use a Mac mini or something hosted in the cloud (but completely under my control) to run this hub. Instead, they built a massive data center, and when it goes down, Siri won't talk to you anymore.

Sat, 29 Oct 2011

Mini, the Third

I brought back my third Mac mini from our recent trip to Japan (it is cheaper there than here in Shanghai). Unlike its predecessors, it is not going to be a replacement machine, but an addition: I am going to continue using my MacBook Pro as my main computer (especially for work) for the foreseeable future, but its hard disk has been filling up, and the new mini's first main purpose is to offload our media libraries.

Hardware
Nice things come in small packages. The mini was quite compact to begin with, so that the new one is only half the size of the other two is not a big deal for me, but I do appreciate that they have done away with the external power adapter, which used to be almost the same size as the computer itself, and thus rather inconvenient. Probably as part of the shrinking process, but maybe just because Apple just wanted to kill it, there is no optical drive anymore. I cannot remember when I have last used the drive on my MacBook Pro, so that is probably not a problem. The three use-cases that come to mind are installing the operating system, watching DVDs and ripping audio CDs. The first does not apply anymore, since Apple no longer ships disks and has replaced the process with a combination of recovery partitions, memory sticks, Time Machine backups and downloads. For everything else, one should be fine as long as there is at least one other computer with a drive in the household. A welcome addition is the SD card slot on the back.
Magic Trackpad
The first thing I noticed after turning on the machine was that it did not detect my USB mouse. That is a pretty bad situation, because you cannot do anything with a Mac without being able to move the pointer. It is also a complete mystery to me, since at least the basic functionality of USB mice is very standardized, and the same mouse works just fine on the MacBook Pro. Fortunately, I also bought a Magic Trackpad, which seems to be getting a prerequisite with the ongoing move towards gestures. There was another unexpected hurdle connecting it, though, as I was prompted for a Bluetooth peering code. A Google search (which I would not have been able to do without another computer at hand) had the solution (just type 0000), but why this dialogue is necessary is unclear to me. It must have been a bug, because it is not mentioned at all in the Trackpad's manual. Not quite the unboxing experience you want from Apple products.
Time Machine migration
There is a Migration Assistant that you can use to get your data from your old Mac to your new one. It has a number of options, including restoring everything or individual users' data from a Time Machine backup. I used this to migrate Cissy's user account and it worked like a charm: The new user account was created, all data was copied and everything looked just like on the old machine, from account icon to desktop background to open tabs in Firefox. From my own account I manually copied just the iTunes library off the backup disk. That also worked without problems. I want to do the same thing with the iPhoto library (another seventy gigs that the MacBook Pro could do without), but before that I will have to set up Time Machine backups on the new mini. I cannot quite decide if I want to enable backup encryption. While that is of course something that I have been wanting for a long time, the feature is new in Lion, and I would not be able to share the encrypted disk with Snow Leopard.
Lion
I cannot say much about the new operating system version yet, because my main Mac is still on Snow Leopard (and will probably stay that way), and I have only really used the new computer while I was setting it up (my day-to-day interaction with it at the moment is limited to updating my iPod every morning). Cissy does use the computer a lot, and has offered no complaints, but she practically lives in Firefox and hardly sees the OS at all. From what I have seen so far I like the new approach of showing applications full screen and using a three finger swipe to switch between them. Of course, this will probably not work for all kinds of applications, and there is currently no good way to integrate this in a multi-monitor setup. As for "natural scrolling", the reversed scroll direction is less confusing than I feared. If you are switching to Lion exclusively, this should not be a problem at all. Even if you are using going back and forth between Lion and older Macs or non-Macs, you'll pretty soon figure things out. It definitely helps to use a trackpad only on Lion, and a scroll-wheel mouse otherwise.
Standing desk
Our standing desk construction unfortunately does not accomodate a monitor, so we had to revert back to a more traditional arrangement for now. We replaced the chair with a yoga ball to make amends.
Fri, 30 Sep 2011

When Silk meets Fire (bad things happen)

This week, Amazon introduced their new Kindle lineup, and as part of that also showcased the browser that they have developed for the Kindle Fire. It is called Silk, and has the remarkable property of being the combination between a client-side component (which runs on the tablet) and a server-side component (which runs on Amazon's cloud infrastructure). If this idea takes off, it will be another disruptive technology innovation coming from a company that no one is probably mistaking for a book seller anymore. Unfortunately, Silk is a very dangerous development.

Silk works by offloading a lot of work that a browser has to do from the tablet in your hand to Amazon's servers in the cloud. Instead of your machine making all these network requests to the various websites you are visiting, it will be maintaining just a single connection (like a thin, but strong thread of silk) to Amazon. A server there will download the pages for you, caching them, resizing videos and images to fit your screen and bandwidth, parsing the HTML, executing the JavaScript. While not technically correct, a good analogy would be that the browser actually lives with Amazon, and it just sends you screenshots, similar to working via a Remote Desktop connection.

Amazon claims (and there is no reason to doubt them) that this will increase your browsing speed, providing you with a better experience. The problem, of course, is that using Silk, Amazon will be a middle man between you and all your websites. They will know what you are looking at, and they will be reading everything you type. Silk even breaks the end-to-end encryption of SSL: When you connect to a secure site, Amazon will do that on your behalf. If you do online banking using Silk, everything will go through Amazon. In addition to just watching, they could theoretically also change what you are seeing, block certain sites, throw in some extra banner ads (none of which they are going to do of course).

Amazon openly admits that they will collect and analyse all this data. They say it will be done only in an aggregated fashion that will not allow data to be traced back to individuals. Even if that is their honest intention the very existence of this system and its effect on the formerly very decentralised Internet is extremely scary. But nothing about it is illegal, big corporations and governments must love the possibilities offered by this centralisation, and most people will either be indifferent or actually prefer this to regular Internet access if it delivers on the promised improved experience, so it is quite likely that other companies will follow suit and this mode of operation could become prevalent.

I suppose Amazon has now officially joined Facebook and Google in the League of Creepy Companies. Everyone is pointing fingers at China, where the state monitors all Internet traffic, but it seems to me that free markets in free democracies are on the way to producing very similar structures.

Fri, 09 Sep 2011

Mac App Store, Keynote

I have been shunning the Mac App Store so far. When it was new, I launched it once and then immediately removed it from my Dock. I did not like that Apple and their 30% cut gets between me and the developer, that there are no free trials, that you need both an iTunes account (even though the application may be free) to download applications and a local System Administrator account to install them (even though they could be installed into your home directory rather than system-wide, which is the way I prefer to install things), and that a single company gets to keep track of all my applications (that part is even more disturbing with the Kindle store, by the way, because they can track what I read, and judging from the recommendation mails Amazon sends out they are making good use of that information).

But of course, this system is gaining popularity rapidly, and it has a lot of advantages, too. Installing applications from the App Store is much safer than a random download from the Internet, both because Apple vets the applications, and because they (will very soon) enforce sandboxing, which prevents applications from doing bad things. You do not need to care about making backups of the install media or keeping track of license keys: Everything is tied to your iTunes account and can be re-downloaded at any time. Prices have come down a lot (probably mostly because of increased sales volume, maybe also because of increased competitive pressure), both for the applications per se, but also if you have multiple computers, because per-seat licensing is gone: you can install the applications on as many computers you want (with some exceptions in the Pro area).

And of course, there is no real alternative anymore when it comes to Apple's own software.

I just bought Keynote, Apple's answer to Powerpoint, because I need to prepare a presentation for next week. I have been doing these things with OpenOffice so far, but was getting increasingly annoyed by that program's sluggishness and ugliness. I had not bought any office productivity software since Claris Works back in the day, iWork (Keynote, Pages, Numbers) seemed a bit pricey at $79 considering how rarely I really need it, not to mention Microsoft Office. Keynote goes for a reasonable 16 Euro in the App Store, and I happen to have enough in iTunes credit that I cannot spend on iOS apps anyway until I replace my lost iPod, or apparently on music.

Thu, 11 Aug 2011

CoffeeScript

CoffeeScript is a nice little programming language that compiles into Javascript. It exists to make life easier for Javascript programmers, and it achieves this by removing a lot of clutter and adding some nice syntactic sugar. At the same time, it stays close enough to Javascript to avoid the "impedance mismatch" other systems like GWT often suffer from: It does not change how anything works, there is no need for a special runtime library, you can call into (and be called from) any "regular" Javascript code, and the resulting Javascript is still readable and corresponds very closely to the CoffeeScript it was compiled from (which is good when you need to debug it). In fact, you are supposed to understand the transformations it does, and why. The Principle of Least Surprises is in effect, and the programmer stays in control.

Less clutter: CoffeeScript does away with most of Javascript's braces, parentheses, and semicolons. Especially when defining functions (which you will do a lot for example when working with callback-driven frameworks like node.js) and object literals, this really reduces the amount you have to type a lot. At the same time, this also reduces the amount you have to read, so once you get used to it, it should be easier to understand as well. The one thing that I am a bit uncomfortable here is that whitespace (in the form of indentation and line breaks) becomes significant, just like it does in Python. I found that it does actually align nicely with how I want to layout my code anyway, but I am a little worried about some hard-to-understand errors this might cause.

Syntactic sugar: CoffeeScript claims to have taken inspiration for these constructs from Python and Ruby, but I'd like to point out that those in turn have inherited them from Perl. In any case, it is very nice to have multi-line strings, string interpolation, array slicing, trailing if statements, and keywords like not or unless. There are also constructs to work with Javascript's prototype-based object system, with the frequent issue of context changes (this not being what you want it do be), and for looping over lists:

shortNames = (name for name in list when name.length < 5)

alert message for message in ['foo', 'bar', 'baz']
Tue, 21 Jun 2011

Internet Banking 101

I did not want to write about Bitcoin again so soon, but there has been some feedback to my previous posts, and quite a storm of bad news about it recently, so here we go. I almost promise to shut up about it after that.

When I wrote last week about Bitcoin's greatest threat being part of its user base, I was talking about anti-social tendencies and religious frenzy. Allow me to add incompetence to the list.

One would assume Bitcoin mostly appeals to cryptography and computer nerds, and that as a result its early adopters would be "security literate" and understand the implications of a system that stores money in a file on a computer, and that builds upon completely unregulated transactions among completely unregulated and largely anonymous parties. One would further assume that this is even more the case for individuals who hold significant amounts in their digital wallets. The events last week suggest otherwise.

First there was the case of the man who had 500.000 $ worth of bitcoins stolen. He had been storing his wallet file containing 25.000 bitcoins (traded at around 20 $ each at the time) in an unprotected hard disk on a Windows computer that was connected to the Internet and that he extensively used for other purposes as well, including (one has to presume) chatting, browsing, and gaming. The computer was subsequently hacked and the coins transferred away. While the Bitcoin client allows this usage (in fact, it is the default) and no measures are taken in software or otherways (such as by means of warning messages) to protect the wallet, the blame really has to lie with the stupidity of the user. Any significant amount of bitcoins should not be lying around in an unencrypted file on a regular computer. It should be sitting on an encrypted memory stick in a safe, with multiple backups, and only ever be connected to anything for the short time it takes to initiate a transaction. What this user was doing was equivalent to placing a pile of cash on the table in an unlocked room with the windows (pun intended) open.

And then there was the MtGox meltdown. MtGox (which used to stand for Magic: The Gathering Online Exchange) is (or maybe was) the largest (practically the only significant) service for exchanging bitcoins to US dollars. It accepts (completely unregulated, unlicensed, unaudited and uninsured) deposits from traders in bitcoin and dollars, and allows them to trade among each-other between the two currencies. Over the last weeks there have been complaints from users about their accounts having been hacked, the blame for which MtGox put on the users.

Last week, it has been revealed that MtGox was vulnerable to CSRF attacks, which made it possible to initiate MtGox transactions by having the account owner click on a seemingly unrelated link. This is of course a terrible security hole for any website, and unforgivable for a financial site, but on the other hand, it only works if you stay logged in to MtGox while browsing other websites. You should have learned in Internet Banking 101 that you always log out immediately after you have done your banking business. Using a dedicated browser for online banking is not unheard of, either.

And then on Sunday, the bomb struck: The whole user database of MtGox had been stolen and leaked on the Internet as a file containing all user names, email addresses and password hashes. Most likely using this file, someone accessed an account on MtGox containing 500.000 bitcoins, sold all of them, thereby driving the exchange rate down from 17 dollars to one cent within ten minutes. After that MtGox shut down, and will only resume trading after the security problems have been fixed, all users re-authenticated, all passwords changed, and all trades after the fraudulent one rolled back.

The effect this massive trade had on the exchange rate is a topic all in itself. I do not have a problem with it, and I do not think it is strictly necessary to prevent massive fluctuations by shutting down the market (which is what would happen in a stock exchange for example). The rate recovered soon afterwards. A trade of such huge proportions will of course move the market quite a bit. In fact, I would really like to see a legitimate sell-off from the couple of people that hoard the thousands of bitcoins back from the early days. Otherwise all the talk about Bitcoin being one big Ponzi scheme is not without base. If Bitcoin is supposed to grow, there needs to be more liquidity and the coins need to be in the hands of people who want to transact with them (as opposed to speculators). The "founding miners" should cash out now (and if that brings the price down to 10 cents again, so be it).

To get back to the security topic: In no way can the incompetence of MtGox be excused here. But how can there be an account with 500.000 bitcoins? That is almost eight percent of all coins in existence! Unless you really wanted to trade all of them very soon (and that does not make sense, because MtGox only allows withdrawals of up to 1000$ a day), they should be sitting on the encrypted memory stick in your safe. And why would you trust MtGox enough to deposit such a huge amount of money with them? Again, they are a non-audited, non-insured, non-regulated very small shop unlicensed as a depository institution, running their trading system on software put together for swapping fantasy trading cards. What if one of their employees (if they even have one...) decides to run with it?

And looking at the leaked password file, what is up with all those people that use their username as their password, or even just the word "password"? It takes mere seconds to expose those passwords, and they are known all over the Internet now (or at least with people that collect other people's passwords). My name is on that list too (I checked), but my password can probably not be decrypted easily, because I use a password generator program that makes passwords very hard to guess. And even if my password gets disclosed, that would only have affected my MtGox account (where I do not keep more than I am comfortable with losing), because the password generator also makes sure I have a different password for every site. A lot of people with weak passwords probably use the same password for their email account (conveniently listed in the same file) and other online services. We only learned about this because of the big brouhaha at MtGox. There are many more such password lists being passed around in criminal circles that the account owners (and service providers) never hear about. Think about that next time you set up a password for some forum site or greeting card service.

Wed, 15 Jun 2011

Bitcoin considered harmful?

Ben Laurie, who is a core contributor to OpenSSL and a security researcher for Google, has put forth some criticism against Bitcoin, the crypto-currency that has recently gained some amount of popularity. Part of it may be sour grapes, because Bitcoin seems to be taking off much more than previous systems, some of which Laurie was involved in. But he does make a good argument against the proof-of-work technique that Bitcoin employs.

Suppose I take 20 £5 notes, burn them and offer you a certificate for the smoke for £101. Would you buy the certificate?

This is the value proposition of Bitcoin. I don’t get it. How does that make sense? Why would you burn £100 worth of non-renewable resources and then use it to represent £100 of buying power. Really? That’s just nuts, isn’t it?

Laurie co-wrote a paper in 2004 called Proof-of-Work Proves Not To Work. At the time, proof-of-work was an idea being floated to combat email spammers: Mail would only be delivered if the sender performed a number of expensive calculations first. The paper points out that in addition to negatively impacting legitimate bulk-mailers, the whole approach falls flat when the people sending spam are the same people that control huge amounts of computing power through the botnets that they use to send spam.

In Bitcoin, it is not the case that anyone who wants to transfer coins has to engage in the expensive proof-of-work calculations. Only the so-called miners need to do that, a minority group that gets to sign off on the transaction records. It is not possible for miners to fake transactions, all they could potentially do is refuse to include transactions into the official record (the block chain, or cause a lot of confusion by forking the block chain (thereby facilitating double-spending). Proof-of-work is supposed to make sure that there are always enough independent miners that do not collaborate with each-other for nefarious purposes. What Laurie is saying that this will not work too well, because a nasty attacker could undermine this equation by throwing a large botnet at the problem, and that in order to make that unfeasible, you would need a large number of honourable entities to spend a really huge amount of computing power on mining, which does in fact burn electricity to no end. Considering that in the end you need to trust that a majority of participants be honest anyway, you could build on that trust to come up with a cheaper solution to the distributed consensus mechanism.

According to this reasoning, Bitcoin either does not work at all, or it does so at much too high a cost. Maybe someone can come up with an alternative way to agree on the block chain that is either less expensive or performs calculations with some meaningful side-effects (such as decoding genomes or something). That seems to be difficult without giving up the completely anonymous (or rather pseudonymous) and decentralised nature of the system.

Even more troubling than this, however, is the reaction these or other objections receive on the Bitcoin forums, where large parts (or at least the most vocal parts) display an almost religious frenzy, antisocial tendencies and inability to engage in reasonable arguments. In the minds of the general public technologies like email encryption and Bittorrent are often associated with criminal behaviour, which must have hurt their adoption. Looking at the forums, Bitcoin might be headed to an even worse image.

Mon, 25 Apr 2011

Not-so-amazing Amazon

Last week a "networking event" knocked out Amazon's Virginia data center, and that outage took a large number of other companies' web sites with it, showing the extent to which the Internet at large has come to depend on Amazon's cloud computing infrastructure.

I don't think the idea of cloud computing itself will be seriously called into question because of this (although it certainly did not help it took four whole days for Amazon's engineers to bring everything back up, and there have been complaints about the company's lack of transparency about the incident). Many of the sites that were knocked out would probably not have existed without it in the first place, and if you put all your online eggs into the Virginia basket you have now learned a valuable lesson. While it entails extra effort and cost, it is possible to build a cloud-based service that can survive the loss of a whole data center. Even using just Amazon's offerings, you get to choose from several "availability zones" spread over five data centers (Virginia, California, Ireland, Singapore, Tokyo). Just like the Internet itself, the cloud can be made very resilient to component failure.

It also does not seem like Amazon's position itself will be weakened, either. The consensus seems to be that it was their fault that their service went down, and that they could have communicated the situation better, but that it was not their fault if someone completely depended on them. It would have been that someone who either deemed that risk acceptable or did not do their homework.

At least there was apparently no data lost, and thus in a way, no real harm done (but of course, making backups would have been your own responsibility, too).

Wed, 06 Apr 2011

Bitcoin crypto currency

Bitcoin is a peer-to-peer digital currency. Peer-to-peer (P2P) means that there is no central authority to issue new money or keep track of transactions. Instead, these tasks are managed collectively by the nodes of the network.

For a detailed introduction to Bitcoin I'd like to refer you to their website, a recent omega-tau podcast (also featured on Thilo's Tech Radio, focussing more on the technological and mathematical aspects), or a recent EconTalk podcast (focussing more on the economic aspect), let me just point out a few properties of Bitcoin that make this so exciting for me:

  • Hard as gold: While Bitcoin is obviously a virtual currency, it is in a way much more real than "regular" money, in that every Bitcoin is a scarce mathematical object, of which only a limited number exists, and which cannot be faked. In that regard, Bitcoin is a lot like gold. In fact, the process of discovering new Bitcoins (which happens at a controlled and decreasing rate of currently 50 coins every ten minutes) is even called "mining".
  • Works like cash: Your Bitcoin wallet is a file on your computer containing private keys necessary for the cryptographic calculations necessary to spend your Bitcoins. Whoever holds that file, controls the wallet (so you'd better encrypt it). Unlike cash, however, it cannot be found again once lost: If you lose your wallet file, your Bitcoins are essentially destroyed (so you'd better back it up).
  • No central bank: Because Bitcoins are like gold, it is not possible for anyone to create new money out of thin air in order to try to manipulate economic developments. You do not have to trust Angela Merkel or Ben Bernanke to make the right decisions in this area. It would be possible to change the rules of Bitcoin, but a majority of its users would have to agree to use the updated software, otherwise it just doesn't happen.
  • No local banks: You do not have to go to any kind of service to open an account for you wherein to store your money in order to be able to participate in the Bitcoin economy. Everyone can run their own bank, being responsible (and solely responsible) for his own Bitcoins. All you need to do is download a piece of software. (This currently works very well, but it requires everyone to receive and maintain a copy of the whole transaction history of the whole network, which will hit a scalability wall once the system becomes more popular. At one point, there will be intermediaries necessary, but the general idea stays the same).
  • Anonymity: A Bitcoin account is autonomously created by their owner. It is just a long number, not associated publicly with any particular person or organization. You have to disclose the number to the person you want to receive Bitcoins from, so depending on the type of transaction, they may be able to associate that number to you. But you never have to use the same receiving account twice, so this information is not too useful for tracking purposes (you do have to use the account again when you want to withdraw the Bitcoins it contains).
  • Transparency: While you can choose to obfuscate the relationship between yourself and your accounts, you can also go the opposite way and publicly announce the account number. This allows two things to happen: Anyone can send you Bitcoins without having to contact you first (thereby protecting their own anonymity), and anyone can see exactly how many Bitcoins you are receiving and spending from that account. Both sounds like a good match for charitable organizations or political parties.
  • Accessible to research: All Bitcoin transactions happen publicly for everyone on the network to see (this is necessary for everyone to be able to verify how much coins are in every account). This means that you have an accurate record of the coin flows in the system, much more accurate than you'd have with traditional currencies.
  • Very cheap transactions: Sending Bitcoins around is free right now. This works because the massive computational efforts required to keep it running are compensated by "mining": Every ten minutes someone will underwrite all transactions that he saw in the last ten minutes, thus making it official, and in return will receive 50 Bitcoins that are newly minted in the process. This will eventually go away and be replaced by transaction fees, but those will be minuscule compared to what we have in mainstream e-commerce now. The reduced transaction costs enable all kinds of new micropayment services that would otherwise not be feasible.
  • Last, but not least, it is very clever, and very cool: As someone interested in cryptography and distributed systems, I have to appreciate the beauty of the Bitcoin system. The concept of using digital signatures to state your intent to transfer money from your account to somewhere else has been around for some time, but the way Bitcoin uses the idea of a Proof of Work to solve the problem of preventing you from going around and spreading the same signature many times (thus double-spending) without a central clearing house is ingenious. What it basically does is make sure that somewhere on the network someone gets to decide which of your transactions are "official", and that someone is randomly selected, so that you cannot fake this seal of approval (short of separating your victim from the network for an extended period of time, or by controlling a majority of computing power in the whole system, all without the victim being alarmed by that).
Wed, 30 Mar 2011

Amazing Amazon

You have got to love the way how (and the pace in which) Amazon, Apple, and Google bring amazing advances in technology into the hands of the people, with no concern for the vested interests of other big companies, whose business models they obsolete in the process, or of entities that would like to stay in control of how information flows to wide audiences. This is getting to a point where it has significant benefits regarding economic efficiency and informed democracy.

And unlike Apple and Google, Amazon was not even seen as a technology company, they used to be a book seller. But it was them that brought electronic book readers (and thus arguably tablet computers) into the mainstream, and now they are selling more eBooks than printed ones. I am not sure if that actually saves trees, but it very well might. It was also Amazon that made cloud computing viable by providing access to their internal IT infrastructure to anyone who wants to use it, enabling hundreds of small startup companies to get going.

In addition to these innovations, Amazon is also not shy to pick up where Apple and Google left off and thus pressure them into improving their respective offerings. Apple had tricked the music industry into allowing large-scale online music distribution, but when iTunes started to become the dominant channel for all music sales (not just online), the studios became scared and looked for alternatives. As a result Amazon was able to offer a music download store with lower prices and without the onerous restrictions that Apple had been forced to put into their files, restrictions that are now also gone from iTunes.

This month Amazon launched an Android Appstore, competing both with Google (whose Android Marketplace now has a powerful alternative run by people who know how to operate a store, have a huge media catalogue and a massive existing customer base), and with Apple (by potentially providing for the same end-to-end, device-to-software-to-media-store integration that only Apple's platform currently has). You currently need to enable the Amazon Appstore with "eight easy steps", but that will go away as soon as handset makers and network operators build it right into the phone. They launched Amazon Cloud Storage, which gives everyone five gigabytes of free storage, and Amazon Cloud Player, which allows them to stream music from that storage, as well as stream all the songs they purchase on Amazon. There have been rumors of iTunes planning to provide streaming access to your iTunes purchases (but probably not to otherwise obtained music), and of a Google Music Store, but Amazon has now scooped them both.

It is very interesting that they offer to stream music that you have not bought in their store, but that you manually uploaded from somewhere else. That is of course, what people want, but I have to think that the music industry hates the idea. They even hate the idea of being able to stream music that you did buy from them, they would much rather have you buy it over and over again for every device. But not being able to access this data whenever, wherever you like is unnatural given the technology we have. iTunes has shown that people are willing to pay for content that they could also obtain for free (and ripping a friend's CD is not even illegal) if there is a real benefit to it (convenience, legal peace of mind, wanting to support the artist). The Amazon Cloud Player will also show that many people would rather do a one-click-purchase of 79 cents to get a song on their mobile phone immediately, rather than going back home to find the CD or illegal download and upload it into their Cloud Storage.

I am also hoping that Amazon will try to offer this service on Apple's devices. It is clearly against Apple's current guidelines and stated intent to disallow any media purchases that cannot also be done using in-app-purchases in their own store, where they would get a 30% cut (not that I can see how their system could handle something as big as the Amazon catalogue). If they kick out Amazon, they will look really bad, a popular service will be available everywhere (Macs, PCs, Android, Blackberry, Kindle, probably feature phones) except on iOS, and there may well be an antitrust investigation. If they let them in, they will have to either give up on their in-app-purchase requirement for everyone else as well, or admit to having a double standard in enforcing this rule only against weaker parties that have no leverage against them (which will make them also look bad), or maybe compromise in reducing the cut for in-app-purchases to something a regular payment processor (like VISA) would charge. Either way, the outcome of this confrontation can only be good for consumers.

Sat, 19 Mar 2011

House of Cards

For a lot of people, on-demand Internet-delivered video services like Netflix, Hulu or iTunes have replaced TV channels as their source for movies and serialized dramas. Until now, these services have been, if not content, so at least willing to put up with, being a second-tier provider, offering programming weeks or months after it made its first appearence in cinemas and on television (and with holes in the catalogue to protect the interests of the traditional outlets).

This could be about to change: Netflix have just announced that they have acquired the exclusive rights to the American remake of the BBC mini-series House of Cards, currently being under production by David Fincher, and starring Kevin Spacey. They made this deal directly with the show's producers, bypassing other distributers, and House of Cards will be shown only on Netflix, starting late next year.

It will be interesting to see if it stays exclusive after the first season has been released. For this high-profile landmark project, it actually might, but for less spectacular deals that are sure to follow, there is really no reason to prevent DVD rentals and TV re-runs. I could see how Netflix would not want to allow it on Hulu or iTunes, though (but I suppose that these agreements are only for a certain time and after that the production company can negotiate new deals).

I am also wondering if Netflix will also deliver House of Cards on DVD in addition to Internet streaming. Given that the company name is Netflix (and not DVD-in-the-mail-flix), and seems to have regarded their initial DVD subscription model as a mere stopgap until broadband availability was good enough for Internet distribution, they will probably not take any special efforts in this area, but the production company most likely has plans for a DVD release anyway, and they will certainly go along with that.

From a (in my case very hypothetical) viewer's perspective, one also has to wonder if they will follow the usual model of releasing a new episode every week, or just throw out everything as soon as they can. From a marketing perspective, scheduled and focussed weekly releases seem to make a lot of sense for first-run content, and the production process itself probably does not allow anything significantly different anyway, so I'd say they'll stick with that.

And finally, most interesting of all will be how successful Netflix will be with this, and how many of these deals they (and Hulu and iTunes and Amazon and Google) are going to make in the near future.

Tue, 15 Feb 2011

The thousand and one reasons to love Perl: [21] The Aliasing Foreach Loop

Like many other languages, Perl has a foreach loop to iterate over lists of things:

foreach ( @my_list ) {
    # do something with each element, available as $_
}

# optionally give the current element a name
foreach my $x (@my_list){
	# do something with each element, available as $x
}

The interesting part here is that you access list elements not through a regular variable, but through an alias for the value in the original list, which means that you can change the element in the list:

my @my_list = qw[ ax bx ];
foreach ( @my_list ) {
    # change x to y in each element
    s/x/y/g;
}
print @my_list;
# prints "ayby"
If you wanted to do that in Java, for example, you'd have to give up on the foreach loop and go back to explicit (and verbose) iterators:
for (String s : strings){
    // does NOT update the original collection
	s = s.replace('x', 'y');
}

// you have to do something like
ListIterator<String> it = strings.listIterator();
while( it.hasNext()){
   it.set(it.next().replace('x', 'y'));
}
Tue, 08 Feb 2011

Android Invasion

We signed up last month for China Telecom's special New Year plan, which for the same monthly fee that we are currently paying increases our home internet connection bandwidth from four to ten Mbps, and also includes 30 hours per month on their WiFi hotspots throughout the country (which would have been great for my iPod Touch, sniff), as well as a mobile phone with plenty free domestic talk time.

Today we went to pick up the handset, and it turned out to be a Huawei C8500, i.e. an Android phone (has a camera, GPS, WiFi tethering, and a Micro SD slot), with an apparently unlimited data plan (I am going to need two or three independent confirmations before I believe that). First impressions on the bus ride back home make it very likely that it will banish both the Newpad tablet (which I am already quite annoyed with) and my current non-feature, non-camera Samsung phone to the lowest desk drawer (and maybe retire the clickwheel iPod to Cissy's parents again as well; I wonder if the phone supports the remote control buttons in my headphones).

Mon, 07 Feb 2011

Life without my iPod Touch is possible

Or so I tell myself.

February is not a good time to go shopping at the Apple Store, because in just a few weeks Steve (or maybe this year Tim, or Phil, or Jony) will show up with a whole new lineup. So I've decided to make do with what we have floating around the house. My two main uses for the Touch have been

  • listening to podcasts, and
  • checking email and other news on the toilet (I'd do that in bed, but the WiFi signal does not carry that far).

For podcasts, my second-generation Shuffle has still not recovered from its ride in the laundry machine, so we have recalled Cissy's five-year-old fifth-generation iPod, which we had given to her parents (who also have my fourth-generation Nano), after she got her current sixth-generation Nano. So iPod-wise, we are covered. And can it be mere coincidence that its 30GB hard disk exactly fits my entire music (2009 songs) and photo (15745 pictures) libraries?

As for my tablet needs, Cissy frequently brings back interesting swag from customer visits, most recently a Lenovo S10 netbook, a silver bar (!), and a seven-inch Android Newsmy Newpad NP711, so I am going to play around with that now, at least until I can decide whether to invest in fixing its battery, which unfortunately appears completely broken, remaining at a 1% charge, even when plugged in (which pretty much rules out checking email and other news on the toilet for the moment).

Mon, 31 Jan 2011

Java ME

Last weekend, I started working on a Java ME project. This is a new technology for me, and since mobile and tablet computing is really hot now, and I am familiar with "regular" Java, I am quite interested in this. But my excitement is severely dampened by doubts about the future of the Java Micro Edition itself.

Java ME used to be a dominant platform for smartphone applications before the iPhone redefined the term, back in the day when the coolest phones came out of Japan (rather than Mountain View or Cupertino, or from Foxconn, depending how you look at it). It was the technology behind NTT DoCoMo's i-appli for example. Beyond phones, Java ME is used in all kinds of embedded systems and set-top boxes, most notably Blu-ray players (those fancy menus and mini-games are done in Java).

However, the formerly "smart" Java phones are now called feature phones, and the major smartphone platforms are Apple's iOS (which uses Objective-C, compiled to native binaries), Google's Android (which uses Java as its programming language, but applications get compiled to a competing bytecode format), and the cross-platform HTML5 (which uses JavaScript, a language that despite of the name has nothing to do with Java). The number of Java-capable feature phones shipped may well be bigger than the number of smartphones (especially if you count those that could be made to run Java ME aftermarket), but you can see where those numbers are headed, and even today all the excitement and all the consumer application sales are on the iOS and Android devices. And then there is the exploding market for tablets, for which Java ME does not seem to have a solution, either. RIM, another former dominant player caught by surprise by Apple and Google, and whose BlackBerry phones are Java-based, will launch its own line of PlayBook tablets using a QNX operating system instead.

Java ME is now owned by Oracle, a company clearly based more in the big-iron enterprise software business. Its interest in ME seems to be primarily as a source of revenue in the form of existing licensing agreements, as witnessed by their recent lawsuit against Google over Android, which caused a lot of agitation in the development community. A big reason for Android not using Java ME is probably the fact that it incurs hefty license fees to Oracle, and one can understand that Oracle is angry about Google undercutting their deals with phone manufacturers here, but the patent fight is not going to help Java ME.

In any case, contrary to the established big players' expectation when Apple launched the iPhone into their market and Google did not wait long to follow suit, the mobile computing segment is now exploding and developing quickly, driven by rapid releases from actors more nimble than Oracle seems to be, a company still in the process of digesting and realigning Sun's product lines (an example is JavaFX, which was supposed to target mobile phones as well, but now seems to focus on attacking Flash in the browser and for the desktop).

Sun, 09 Jan 2011

iOS 5 Prediction: Shared Storage Area

In line with my five-year prediction of the end of the user-visible filesystem, the way data is stored on the iOS is completely invisible to the end user. Every application has its own storage area, the contents of which it can present to the user in any way it chooses fit. In particular, you do not find explicit "Save Document" buttons on these apps anymore. Every time you connect to iTunes, everything gets backed up, when you move to a different device, all data moves with you, and since the applications are isolated from each-other (and the operating system) this approach also has immense security benefits.

However, the current situation is only the first half of the solution: It works great in that applications can let the user focus on what he needs to do, rather than having to worry about what files to store his documents in. But it decidedly falls short when trying to work on the same data with multiple applications, devices and/or people. Apple does not really have a good solution for this, but someone else stepped up to the plate, at that is Dropbox.

Dropbox offers a cloud storage service, which allows their users to access files from all their computers, and even a web browser. They can also share files with other people. What made Dropbox so popular is that their client software is very good at managing the underlying complexity: The Dropbox folder appears just like any other (shared) folder on your computer, all the data transfer happens automatically in the background.

Dropbox also had the foresight to offer a developer SDK for iOS and Android, has seen a flood of applications integrating the service, to the extent that, especially on iOS, Dropbox has become the de-facto standard for sharing data over the cloud. Before that, people often resorted to sending things by mail, even between apps. Apple has a similar service (MobileMe), but has completely missed the boat on this (I think Google is doing better in that area with Android).

Here is my prediction:

  • iOS 5 will contain a new feature Shared Storage Area (it will have a cooler name, though).
  • You can set how many GB you want to allocate for it, and that much space will be reserved on your device. You can resize later at any time.
  • All apps can read and write files in the Storage Area. It is intended for sharing data (not for application-managed files), so the UI will be just like the current Send to Dropbox (or Print).
  • Apps that want to use the Storage Area will need to ask you for permission, just like they do now to use the GPS or notifications. This is important for security. It could be fine-grained (read-only, and on a per-folder basis), but I think to keep it simple it will just be on/off.
  • The Shared Storage Area is also replicated (as a folder) on your computer, so you can open and update files there as well. It will be synchronized when you connect to iTunes.
  • If you happen to have MobileMe, there will be over-the-air synchronization with your MobileMe storage.
  • Dropbox will integrate this into their iOS app as well, so it will also synchronize with your Dropbox account.
  • The important new piece that Shared Storage has over Dropbox is that apps on the same device can share data fast and offline (because they can see the changes made to the locally reserved area immediately, without any network overhead).

The only reason I can see for Apple not wanting to do this is that it is too obvious. But the need is there, and they will have to implement it, even if it is in the obvious way, just like they eventually did with copy/paste and printing.

And my hope is that Apple does this without buying Dropbox. Don't want to see the same thing happen to Dropbox that happened to drop.io. The MobileMe integration should be optional and open to substitution.

Sun, 02 Jan 2011

Robert Scoble is now following you on Twitter!

Robert Scoble (@Scobleizer) is now following your tweets (@jajathilo) on Twitter.

I wonder if he reads Japanese (or has time to actually follow the tweets of the 29,142 people he is following).