Tim Anderson’s ITWriting

The digital home is in an anarchic phase right now. The general public has woken up to the idea of a home music server, and I’m seeing this widely discussed in all sorts of forums, but there are several competing standards and plenty of things that don’t quite work. Getting a seamless and satisfactory experience everywhere including desktop computers, portable devices and in the living room can still be a challenge.

For myself I’ve experimented with a number of setups, including Apple iTunes, Microsoft Windows Media Center, and Logitech SqueezeCenter. My interest is mainly in music rather than video; and I’ve settled for the moment on a Linux server running Ubuntu and SqueezeCenter, with CDs ripped to FLAC. I like FLAC because it is open source and lossless, which I hope means I won’t ever have to rip the CDs again; unlike lossy formats FLAC can be converted to other file types if necessary without compromise.

SqueezeCenter works great with Logitech’s Squeezebox, as you’d expect. The Squeezebox goes anywhere in the house, plugs into a hi-fi, and lets you select music either with a remote, or using a web UI on any device with a web browser, or using Logitech’s Duet smart remote. But a Squeezebox is expensive: what if you want access to the music server in more than one room? Well, you can play music from SqueezeCenter on any PC that can play an MP3 stream, but it is a bit fiddly. What about using a games console like a PlayStation 3 or Xbox 360?

This has been a spare-time project for me for some time. There are actually a zillion ways to stream music to a PS3 or Xbox 360, and some of them actually work. SqueezeCenter isn’t one of them; but there is no problem using other servers which access the same files. My own choices are somewhat limited, as I want something that runs on Linux and works with FLAC. Neither PS3 or Xbox plays FLAC natively, so the server has to transcode on the fly to a format the console can play.

My first stop was Fuppes, a strong project that in theory does exactly what I need. Fuppes is a DLNA server, which is the nearest thing to an agreed standard in this area, though not supported by Apple (why not?). I believe Fuppes would be fine if I stored music as MP3, but the transcoding aspect seems problematic. It used to mostly work on the PS3, but after a Sony firmware update I got nothing but “unsupported data” messages, and I never got it working on the 360, despite playing with many different builds and configuration options.

This weekend I tried Mediatomb instead, another Linux DLNA server with transcoding support. It was the usual Linux circus. I prefer to use standard packages where possible, and I noticed that Mediatomb has an official package for Ubuntu 8.04 “Hardy Heron”. My server was on 7.10 “Gutsy Gibbon”, so this seemed a good reason to upgrade. Did the upgrade easily enough, then installed Mediatomb. It took an age to index my FLAC files, following which I went to the PS3 and tried it. No go; “Unsupported data”.

Then I looked at this thread.  This informed me that the PS3 needs a big endian PCM stream; and further, that the version in the Ubuntu repository does not work. So I removed it; downloaded the source with Subversion; compiled and installed; made the suggested configuration changes; and lo, it all works.

The good news is that performance is great, both in sound quality and in the speed of browsing the server. It is more responsive than a Windows Media Center from the PS3. The bad news is that the UI on the PS3 is basic. There is no search facility, you have to scroll to find what you want. Another annoyance is that you cannot search for one song while playing another; as soon as you go back to searching, the music stops. Third gripe (maybe the fault of Mediatomb): everything is case-sensitive, so unless your tagging is perfect you might have several entries for the same artist. Still, it’s a big advance on Fuppes and nothing working at all.

For me, it started with Amazon affiliates. Before that, you mostly saw the Amazon brand on the Amazon site. After that, seemingly every web page you went to had Amazon somewhere on it.

Now we are into mash-ups and widgets; but inevitably it seems to be the big brands that dominate. Instead of going to the site, the site comes to you. It’s even worse if you install one of their toolbars: Google, Yahoo, MSN, eBay.

At the IE8 briefing the other day, we were shown the Accelerator – Smart Tags revisited – and Web Slices. The Accelerator is especially intrusive, because it behaves as if it is embedded in the site you are visiting. You go to an ad-free site (in the UK) like the BBC, select some text or right-click, and suddenly your screen is festooned with links to all the usual suspects: Microsoft, eBay, Google, Amazon.

It feels claustrophobic; an oppressive encirclement by brands.

The Web’s poor security makes this worse. After a couple of bad experiences, users are more inclined to stick with what is tried, trusted and well-known.

In the early days of the Internet, it was possible to think that the inherently low technical barriers to entry would benefit small players and make it hard for a few entities to dominate. It is hard to believe that now.

Virus propagation follows an evolutionary pattern – the ones we see are the survivors, that have the right balance of technical ingenuity and social psychology to get themselves installed. I therefore conclude that lots of people have clicked Continue on sight of the following dialog, which you get if you follow a link on the CNN Daily Top 10 spam email doing the rounds right now (I have had it over 20 times):

In FireFox it is even cruder – just a link to a viral executable, click OK or cancel.

What gets me is that this is such an obvious virus. Here’s several clues:

• The URL for the page is not cnn.com
• The supposed Flash placeholder image is obviously faked. It says “Flash Player 0” is installed
• The English is poor
• This doesn’t look anything like IE’s normal behaviour when installing a new ActiveX control (it isn’t of course, it is just asking you to download an EXE)
• Image missing on the dialog
• The dialog doesn’t even mention Flash
• I’ve not actually checked, but I’d be astonished if the executable is signed, so the user will have to pass further warnings unless they are running an ancient version of Windows
• Of course I already have Flash 9 installed

I also presume from the success of the virus that either lots of people don’t have current a/v software installed, or it didn’t work because it was not updated in time.

Why is this virus succeeding? I imagine because it is trading on two respected brands – CNN, and the fact that most people are happy to install Flash and know it is OK to do so (the real one, that is).

Shows what a tough job the security guys have. You have to assume people will click OK to almost anything.

Desktop Keeley is a new Adobe AIR application from UK tabloid newspaper The Sun. If you are foolish enough to pass this dialog:

then you can benefit from:

Gorgeous Keeley is here to ease you through your day, putting a smile on your face and providing up to the minute sport info, showbiz gossip and news updates direct to your desktop.

She is too. No dull rectangular Windows; Keeley pops right onto your desktop. The default preferences reveal the target readership:

Keeley has a variety of animations and – credit where it’s due – the application is nicely done. From time to time she pops up and scribbles “Get back to work” on your screen. According to journalism.co.uk it broke Sun’s download records in three days.

Now if Microsoft had done Bob like this…

Seriously – what with Adobe Reader 9 and now this, AIR is everywhere, or will be soon.

Not that there’s anything wrong with a CD, when done right. Still, if you pay extra for something like a Linn Studio Master, at 96kHz / 24 bit resolution, you expect something which has better-than-CD audio quality (44.1kHz / 16 bit), even though some experts argue that you cannot hear the difference.

One audio enthusiast opened his Studio Master download in a sound editor and couldn’t make sense of what he saw. The conclusion, after some discussion: most likely the signal passed through digital conversion at 44.1KHz at some point in the recording process, making true 96kHz / 24 bit resolution impossible.

It would be interesting to know how many SACD or DVD Audio releases suffer from similar limitations.

Thawte is a supplier of digital certificates. I’ve used the company to purchase certificates for code-signing.

Today I received an email inviting me to complete a customer survey. I think it is genuine: if I look at the email headers, the source domain belongs to a marketing company called Responsys which lists Verisign as a customer. Verisign owns Thawte.

I clicked the link to do the survey. Immediately I was asked to give my username and password into a web page owned by Taylor Nelson Sofres plc which is a market research company. Again, looks genuine.

What username and password? Well, I’m presuming it’s the credentials for my Thawte account that are being requested. Either that, or it’s a very broken survey.

I don’t get this. An authentication company sends me an (unsigned) email asking me to hand over my credentials to a third-party marketing company?

Could it be a phishing scam from someone who has hacked into these domains? It’s possible – I’ve emailed Thawte to complain so I may discover if this is the case.

Or just another example of woeful security on the Internet?

Update: just received an email apology from Thawte:

I wanted to reach out and apologize. The partner survey that was sent out to all recipients will be resent later on today with the correct link which will not require you to supply a user name and password.

Agreed, that you should not supply login credentials to a third party website.

Faulty survey, or a hasty change of mind? Let’s assume the former.

We all know what Web 2.0 means. Google, Flickr, Facebook, Yahoo, mash-ups usually with Google Maps or Flickr, Salesforce.com, and anything but Microsoft. But what does it mean for everyday businesses, like some of the small businesses I talk to from time to time? Some are sceptical. One I can think of sells a successful software application but does not even run a support forum - why make it easy for others to discuss and publicise flaws and problems in your product?

I was interested therefore in a recent book by Amy Shuen, called Web 2.0: A strategy Guide. A foreword by Tim O’Reilly says, "it is the first book that really does justice to my ideas". It was O’Reilly who popularized the Web 2.0 concept - and yes, it is anO’Reilly book.

Shuen writes enthusiastically about network effects, using Flickr, Netflix, Google, Facebook, LinkedIn, Amazon and Apple (iPod/iTunes/iPhone) as case studies. I enjoyed it, but the problem with this kind of book is the chasm between these few web giants and everyone else. Another problem is the tendency to ignore the Web 2.0 graveyard - thousands of start-ups that fail, or moribund and/or spam-infested blogs and forums. Since there are more failures than successes, it would be sobering to investigate these rather than riding a wave of Web 2.0 hype. Nevertheless, it is a thought-provoking book with an extensive bibliography, and not a bad starting point for investigating Web 2.0 concepts. I liked the “five steps to Web 2.0”, which begin with finding collective value and end with perhaps the most important, which is what Shuen calls “recombining innovations”:

New-style click-and-mortar, online-offline network partnerships focus on bridging and building new networks rather than replacing or disrupting the infrastructures of offline companies.

I’ve also received a short Web 2.0 book by Marco Cantù, called The Social Web. It is a brisk tour of the sites and concepts that form today’s online communities. Typical readers of this blog probably won’t find anything new here; but I liked the common-sense tips on things like blogging and creating interactive web sites.

I would argue that almost all businesses either are, or should be, “click-and-mortar” entities. Whatever business you are in, a useful question is: what proportion of purchases in your sector begin with or include a Google search? If the answer is significant, you are in the Web 2.0 business.

That does not mean SEO (Search Engine Optimization) is the answer to everything. I am an SEO sceptic. All too often, SEO is lipstick on a pig. Optimise your web site for users, not robots. Further, it is no good trying to get users to interact with you, if you are not willing to interact with them. Surprisingly, I see this all the time. I suggest spending less time worrying about high Google ranking, and more time worrying about what users find when they do land on your site.

The case studies that interest me most are where old-style businesses have found ways to engage successfully with Web 2.0 innovations. For example, I’ve written about kitchons.com, which services domestic appliances and tunes its business via Google ads. I came across another example today: a financial company which lets you put an image from Flickr on your credit card. Clever.

Web 2.0: A Strategy Guide by Amy Shuen (ISBN: 978-0-596-52996-3). O’Reilly $24.99.

The Social Web written and published by Marco Cantù. $17.39 print or $8.70 electronic, from Lulu.

Chris Green, editor of IT Pro, has written about analysing professional writers in terms of “costs per unique user visit”. He says:

I honestly believe that in the not too distant future, online publications in all sectors, not just technology, will have to adopt a results-driven approach to freelance commissions in order to maximise revenue and to achieve maximum return from their freelance budgets.

The most likely outcome will be that publications begin paying writers purely on how much traffic an article pulls in. Also likely is that commissioning editors will need to take a more frequent and brutal approach to deciding which freelancers to commission regularly and which to drop from their rotation, based on the kind of metrics I am currently looking at.

I write for several publications, print and online, and in every case I am paid per word. If this prediction is accurate, how will this affect me and others who write for money?

Green says writers will have to work harder at pulling in readers. He talks about search engine optimisation (SEO), link seeding, cross-linking, encouraging comments, and supplying photos and even videos as well as words (no doubt to the fury of pro snappers).

If writers are paid per view, clearly they will have more incentive to do such things. Best tread carefully though. Link seeding done badly is spamming. Encouraging comments done badly is trolling. SEO done badly is keyword madness.

Further, there must be a reason why writers rarely write their own headlines. Publishers decided long ago (in print and online) that writing attention-grabbing headlines, which is a kind of SEO, is a job best done by specialists. So is snapping pictures, designing page layouts, and marketing the results. Giving the writer more of these roles doesn’t make sense except for low-budget publications like, errm, blogs. It also gives writers less time for their core competency, which is researching and writing.

Another problem is that not all traffic is equal. If a publication is ad-funded, then the traffic that counts most is that from potential purchasers, those who approve budgets or click ads. Click ratios are easy to measure, but profiling readers per-article is harder.

I agree that the Web is changing journalism, mostly for the better. One of my reasons for starting and persevering with this blog is that I value its immediacy, the feedback from readers, and the comments from those about whom I blog. The quality of the writer-reader interaction is immeasurably better than in the old days of occasional letters printed ages after publication.

Further, I don’t think any writer should mind being paid in some sense by results. Book authors have always had to put up with (or enjoy) this approach.

The problem is how to measure those results. Pay per view sounds good; but it punishes writers who happen to get commissioned for less popular subjects. If those subjects are nevertheless ones that the publication wants to cover, that suggests scope for bargaining.

What about measuring quality? The Register now lets readers rate some articles from one to ten. Nice if you get a good score; but is this more a measure of excellence, or of what readers agree with?

Kudos to Chris Green for throwing this open for debate.

Depressing but illuminating video by Greg Calbi of Sterling Sound on the decline in audio quality thanks to the loudness wars, how his hand as an engineer is forced, and how music today is fatiguing in a way that it never used to be.

It’s a couple of years old but as far as I can tell nothing much has changed.

A couple of weeks ago a fake UK web site called Zavvi Direct garnered thousands of orders for the elusive Wii Fit. Its success was based on several factors:

• Ads on eBay and Google made it easy for potential customers to find
• The Wii Fit shortage meant that customers were looking beyond their usual suppliers – hence eBay and Google – and perhaps taking less care than usual
• Anyone selling Wii Fit at normal retail price is guaranteed a ready market, since it sells on eBay and Amazon marketplace at a premium of around 80%
• Crucially, customers thought the site was run by Zavvi, formerly Virgin Megastores.

In fact it was nothing to do with Zavvi; as far as I’m aware nobody has received their goods and it is under investigation by police.

I wrote this up for today’s Guardian. It was interesting to me because of the number of customers – known to be in the thousands – and as an example of Internet insecurity. As far as I know, none of the phishing filters built into browsers like IE7 or Firefox picked this one up – it’s not exactly a phishing site of course, but nevertheless was not what it appeared to be.

Now put this together with ICANN’s decision to expand the number of top-level domains – the bit after the last dot or couple of dots. It is already near-impossible to register all the possible, plausible variations of a domain name. In the Zavvi Direct case, the fakers got zavvidirect.co.uk, zavvidirect.com and zavvisports.co.uk. They could have used hyphens; they could have used .net or .org; they could have combined zavvi with other words such as games, gadgets, electronics, fast, quick, online, web. Now companies like Zavvi face the possibility of zavvi.gadgets, zavvi.direct, zavvi.electronics, zavvi.directsales, zavvi.shop or even shop.zavvi.

I am not sure that ICANN’s decision is wise. Currently its possible at least to pre-register the most obvious names; now even that will be harder to achieve.

Still, it’s arguably not that much worse than the current situation. Further, the key players in this are not the domain registrars but the search engines. Nobody would have typed zavvidirect.co.uk into their address bar; they all went to Google or eBay. If these companies made more stringent checks, fewer people would be caught out. Note that all the customers I spoke clicked on paid ads, not pure search results.

In mitigation, while the Internet has caused this kind of problem, it also helps to solve it. Zavvi Direct customers soon found help on online forums – again through Google – such as Rpoints and MoneySavingExpert. These communities quickly waved red flags, their users received good advice about the best way to attempt to recover their money, and banks will be under pressure to act consistently.

In this particular case, it looks likely that most or all customers will get their money returned. Too late for the Guardian article, a spokesperson for Royal Bank of Scotland, which also owns NatWest, told me this:

In this specific case we can confirm that all RBS group card holders who are affected will be receiving refunds and that’s going to show on their accounts in a matter of days from now.

I was told that this will be automatic; so if you were a would-be Zavvi Direct customer and paid with an RBS card, sit tight for a week or so before complaining further.

Update: there’s more background on Zavvi Direct in this ComputerActive article.