Live from Austin!

Lack of Information at North Pole Leads Google to Draft New Privacy Policies

MOUNTAIN VIEW, Calif. – December 15, 2009 UTC – As the holiday season continued, Google Inc. today announced that it is modifying its privacy policies in a new two-part Google Santa initiative.

The inspiration for the Google Santa project came from the realization that Santa has very little information to go on when judging whether people are naughty or nice. Now, thanks to Google’s advanced data mining systems, Santa will be given access to your search history, a log of all the web sites you visit which use Google Analytics, any passwords needed to access them from your Google Toolbar, the contents of your Gmail account, and complete transcripts of any Google Talk IM conversations made in the last year.

“Santa has a clear need for this information,” said Google founder Sergey Brin. “His intuition is unmatched, but his ability to sniff out naughty people will be dramatically improved now that he can search your e-mail and check whether you’ve visited any naughty web sites.”

“Do no evil,” added Google CEO Eric Schmidt, “Because otherwise we will find out, and we’ll tell Santa.”

Google also announced phase two of Google Santa, to launch in January. A new area of the Google Shopping site will enable users to sell coal in a global marketplace.

“By aggregating individual users’ stock of fossil fuels,” explained Google co-founder Larry Page, “we will enable ordinary people to participate in the global energy economy by selling their pieces of coal to their local electricity company.”

“In addition,” he added, “a modest 70% cut of the proceeds will be used to purchase carbon offset credits, making the overall operation carbon neutral, and helping me feel better about my personal Boeing 767.”

About Google Inc.

Google’s innovative web technologies log the lives of millions of people around the world every day. Founded in 1998 by Stanford Ph.D. students Larry Page and Sergey Brin, Google today is a top web property in all major global markets. Google’s targeted advertising program, which is the largest and fastest growing in the industry, provides businesses of all sizes with measurable results, while recording the browsing patterns of users across almost the entire World Wide Web. Google is headquartered in Silicon Valley with offices throughout North America, Europe, Asia, and the North Pole. For more information, visit www.google.com.

Once upon a time, Apple developed an amazing OS with a revolutionary graphical interface. They started selling devices which would run this OS. The devices were practically sealed units, and the OS would only run on Apple’s hardware. If you wanted to develop for the devices, you had to pay money to join a developer program.

Some other companies approached Apple and asked if maybe they would license the OS and software to run on third party hardware. Apple considered the matter, and decided that they were so far ahead in user interface and technology that the competition would never catch up. They decided to go it alone, Apple versus the entire rest of the industry.

The year was 1985. The devices were Macintosh computers. The companies who wanted to license MacOS were Philips and Sony. The people who decided that Apple could afford to go it alone against an entire industry were Jean-Louis Gassée and Steve Jobs.

Denied the Mac OS, the rest of the industry settled on MS-DOS, PC-DOS and DR-DOS layered on top of one of a number of competing BIOS programs cloned from IBM’s original PC BIOS. Thus there was basically an open ecosystem of devices from many vendors, running OS variants from multiple vendors, but all able to run the same software, more or less. (I recall that the gold standard at the time was Flight Simulator–if your PC and DOS couldn’t run that, they were considered not-really-compatible.)

Apple continued to innovate throughout the 80s and early 90s, but they couldn’t out-innovate every other company combined. If you wanted a pocket-sized PC, you could get one; but there was never a pocket Mac. If you wanted a PC that was portable or had a color screen, you could get one years before you could get a Mac with those capabilities.

The same was true in software. The larger install base of PCs, and the cheaper and easier development process, meant that lots of weird niche programs appeared for the PC that didn’t appear for the Mac. That’s why even today, with the resurgence of OS X, it’s still hard to do CAD, circuit board design, 3D rendering or HAM radio stuff on a Mac. Some solutions exist, but few compared to on Windows.

Ah yes, Windows. Sure, Apple’s UI was years ahead to start with, but over time the rest of the computing world caught up. Windows is still not quite as slick as the Mac, but it’s good enough–the UI alone is no longer a compelling reason to get a Mac.

My feeling is that Apple is repeating the exact same mistake all over again with the iPhone, and then some. At least the Mac was an open platform.

The iPhone didn’t do anything that other phones couldn’t already do; what it had going for it was an incredibly slick UI. But Apple has locked down the iPhone and made it painful to develop for, with mandatory code signing and a bureaucratic approval process. They’ve prohibited entire classes of innovative application, and have a single hardware form factor. Want an iPhone with a replaceable battery, a flip-open form factor, or a hardware keyboard? Hard luck. Want to run Google Voice, a file server or the cult game DopeWars on your iPhone? Apple says no.

Android phones are now reaching iPhone-like levels of slickness. Android phones are being released by HTC, Samsung, Motorola, LG, Sony Ericsson, Kyocera, and others. There are also non-phone devices running Android, such as the Archos tablet. Every major US cell phone network has Android devices on the way. The dev kit is free, and runs on every major platform. There are also a lot more Java developers around than there are Objective-C programmers.

So once again, I foresee Apple becoming a niche player. It might not get as bad as the days when the Mac had a single-digit percentage of the market, but I don’t see how they’re going to beat 15-20% with closed, locked-down hardware from a single vendor, when they couldn’t even beat MS-DOS with an open Macintosh OS.

Apple haven’t even beaten BlackBerry yet, in spite of the BlackBerry OS’s glaring defects–perhaps because of Apple’s refusal to ship a phone with a keyboard, an ironic move given that Steve Jobs famously ridiculed the Apple Newton by saying “Apple makes computers, computers have keyboards”. In some social circles it may seem like everyone has an iPhone, but the reality is somewhat different.

I’ve been thinking these thoughts for a while, but recently Gartner agreed with me, predicting that Android will come to dominate the iPhone and BlackBerry, because of its openness. Apple isn’t doomed; they can continue to turn a healthy profit with a small slice of the market, as they’ve proved with the Mac. But the iPhone’s days as the hot device where the innovation happens are numbered. Right now it has a lot of software–but then so did the Mac at first, but that changed by the 90s when Mac market share dropped to 5%.

I’m a Mac user. I like the iPhone UI. If they sold the phone completely unlocked, I’d probably have one now, in spite of the lack of keyboard. But instead, I’m looking ahead and predicting that my next phone will run Android. In particular, the Verizon Droid looks interesting. Time to experiment with the dev kit…

Yanked from Slashdot:

On my Mac I just changed permissions on the /Library/Google/GoogleSoftwareUpdate and ~/Library/Google/GoogleSoftwareUpdate folders to 000, and Google Earth no longer reinstalls the updater or asks me to do so.

Excellent.

From the contract you have to agree to:

When you provide your information through Google Health, you give Google a license to use and distribute it in connection with Google Health and other Google services. However, Google may only use health information you provide as permitted by the Google Health Privacy Policy, your Sharing Authorization, and applicable law. Google is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder ("HIPAA"). As a result, HIPAA does not apply to the transmission of health information by Google to any third party.

And it’s still solving the wrong problem.

One of the problems of working in tech is it can get annoying when you see lots of money being spent solving the wrong problems, or implementing completely ineffective solutions.

Take credit cards and RFID, for example. There’s a big push in the US to include RFID in every card. I’ve had a card with RFID for just over a year now. The benefit to me? Theoretically, I can hold the card against the card reader, instead of having to swipe it through the slot.

That’s it.

And I say "theoretically", because in the half dozen times I’ve tried it at local stores that have the equipment, it has only worked once. In every other case, I’ve had to fall back to swiping the card through the slot instead.

This is dismal. Why the hell are companies like American Express spending millions of dollars on this RFID crap that doesn’t even work, when magnetic stripes are far more reliable and get the same job done?

If they wanted to spend money on an actual problem, they could implement two-factor authentication like PayPal are doing and wipe out fraud. I’ve seen credit cards with displays built in, it’s quite possible.

Instead, they started checking expiry dates. Then when all the merchants started recording the expiry dates in their databases and the criminals got lists of card numbers with expiry dates, they added 3 or 4 more digits to the the card and called it a Card Verification Number. Now vendors are recording those, and in another year or two the criminals will be passing around card number lists with expiry date and CVN, and we’ll be back to square one.

Another great case of solving the wrong problem was in the news today. Google is going to spend money allowing people to put all their medical records on the Internet. This is in response to an earlier announcement from Microsoft of a similar HealthVault service.

C|net says it’s a "laudable goal". No, it’s not, it’s a stupid idea. Let’s go through some of the reasons why it’s stupid.

Firstly, as soon as you centralize your health records in this way, you have a single big target for criminals to attack. Right now, if some hospital screws up and exposes a bunch of medical records, the chances of my being affected are very remote; it’ll only be the few thousand people who used that hospital who are in trouble. If everyone’s medical records are stored on Microsoft’s servers and they screw up, tens of millions of people could be affected.

Secondly, you have a single point of failure. Microsoft’s service goes down, and suddenly nobody can check in to the ER. Yeah, great idea.

Thirdly, if you’re running a hospital, you don’t want to have your computers that are used for medical records connected to the Internet, for reasons that should be blindingly obvious to everyone. So in practice, hospitals will need extra Internet-connected computers to obtain the health records from these services, and they’ll then end up printing them out on paper like before. Either that, or they’ll take the risk and put their medical records processing systems on the Internet. So, ‘no benefit’ or ‘reduced security’, you choose.

Fourthly, a centralized record of all health information makes selective disclosure difficult or impossible. Right now, if I go to the drugstore, they have the medication I’m taking in a list and can flag possible drug interactions. That’s it, but that’s all they need. In the glorious future, they ask for my central database ID, and the guy at the counter can browse the results of my STD tests, see if I had therapy for alcoholism, and so on.

Now, it’s possible that Google are going to make an effort to allow compartmentalization of the information, with need-to-know disclosure. They’re smarter than Microsoft, they might have worked out why it’s a good idea. But it’s a hard thing to do. When I go to a drugstore for the first time, how is it going to be handled? Will I have had to log on to Google at home first and list the information that I want to allow the drugstore access to? Or will they have a web browser in the store so I can do that? (If not, what if I forgot something important?) If they have an in-store system that I log in to to allow them access to my info, how am I going to know I can trust it not to record my keystrokes?

This selective disclosure requirement is why a single national ID card for all government services is a bad idea. It’s why combining all the cards in your wallet into one universal card is a bad idea. And if we look at your wallet, we can see the obvious alternative: put the medical records on a card.

With the "medical records on a card" approach, there’s no central point of failure. There’s no way for criminals to get fifty million people’s medical records at once. There’s no need for hospital computers to be connected to the Internet. And selective disclosure can be done simply by having more than one card–a pharmacy card with my prescription drug list, perhaps a mental health card, and a full medical history card for my doctor. In fact, that’s pretty much what I already have, since several US pharmacies issue regular customers with pharmacy cards so they can check for drug interactions. All we really need to do is standardize the cards, put data chips on them to increase capacity, and get card readers in the hospitals.

Oh, sure, I can lose my card. I can also disclose my Google login, though, and I’m betting average mouth-breathers are far more likely to choose bad passwords or write them down or tell them to phishers than they are to lose a credit card.

But no, we’ll spend money on the dumb solution instead, perhaps because it’s really all about control. Solving the problem sensibly wouldn’t give any company control over fifty million people’s medical records, and that’s what this is really about.

Update: Via Slashdot, a WSJ story on the perils of a single centralized healthcare database : a woman’s insurer gets access to her mental health records because they’re stored in the same place as her regular healthcare information, and decide she’s probably malingering and deny her claim.

In mid November, our contract with AT&T (formerly Cingular) expired. We switched to T-Mobile and got BlackBerry Curve phones.

I was a BlackBerry skeptic for a long time. I didn’t think I wanted a phone with a full QWERTY keyboard. This changed when we looked at the phones available. It turned out that the Curve was only marginally wider than the average phone, perhaps a centimeter or so. It’s otherwise comparable to mid-range phones in size. It ends up being pretty much as portable as our Sony Ericsson Z520a phones.

The BlackBerry UI is best described as “retro”. The icons look like 1990s Windows, the text fonts look like 1980s Atari ST, and the general method of navigation most resembles Palm OS. This is both a good thing and a bad thing. Starting with the good, the UI is clearly designed from first principles to work well on a handheld device. The central trackball handles scrolling, pointing and clicking. It sits easily and naturally under the thumb. You can do pretty much everything with one hand, including browsing the web and checking e-mail.

This is in marked contrast to the iPhone, which pretty much requires two-handed operation. Windows Mobile devices suffer from having a desktop UI squeezed into a handheld form factor, and also require two hands, and often a stylus. Symbian is designed for phones, but the UIQ interface for smartphones uses a stylus. Overall, then, the BlackBerry works better than other phones I’ve tried when you’re standing in an airport with a coffee in one hand.

On the downside, it’s hard to find the icon you want in a hurry, because of their visual clutter. Perhaps a replacement UI theme would help; I’m a little tempted to grab the theme designer and start working on one, but it’s Windows only. The fonts were initially problematic too; nowhere near as nice as Apple’s, and they took some getting used to.

But when it comes time to reply to an e-mail, niggling issues with fonts were forgotten as I got to grips with the keyboard. Yes, it requires both hands, or more accurately both thumbs. It’s not as fast as a full size keyboard, but it’s faster than Palm Graffiti or Windows Mobile pen input, and much faster and less frustratingly error-prone than I found the iPhone’s on-screen keyboard to be. Unless Steve relents and allows a Son of Newton to use the Newton’s non-cursive text recognition, I can’t see it being bettered.

Textual messaging is where the BlackBerry really shines. It’s quite possible to thumb out fairly lengthy e-mail responses, or even update your web site. As far as IM, there’s support for Google Talk and AIM built in, as well as Yahoo Messenger, Windows Live Messenger and ICQ if you know anyone who still uses only those. There are third party clients for non-Google Jabber and other protocols, and in addition, there’s BlackBerry’s own BlackBerry Messenger, previously called PIN messaging.

If you have a friend who also has a BlackBerry, PIN messaging is definitely the way to go. The manual doesn’t cover its benefits, so I’ll digress a little here. Unlike other IM systems, PIN messaging is tied to the BlackBerry device by a unique ID. You connect with another person initially by sending them an invite via their BlackBerry-specific e-mail address, or any other address they access via BlackBerry e-mail. When they reply, their device records the device ID you sent, and sends you theirs.

The primary benefit of PIN messaging is that it’s push-based. The recipient doesn’t need to be logged in. If their phone is switched off, the message will be queued until they log on.

The second benefit of PIN messaging is that it’s reliable. Unlike SMS, messages don’t get randomly dropped. In addition, you get delivery confirmation automatically for every message: when you hit enter, the line you typed appears in the transcript with a small icon next to it indicating that the message is going out over the network. When your device receives positive confirmation that the recipient’s device has displayed the line you sent, the icon changes.

If that’s not enough, there’s a third benefit over IM or SMS: there’s a separate “ping” option. So you can set up your regular notification to be something discreet, and know that your spouse can ping you to set off something more noticeable if necessary.

Other than that, PIN messaging has the usual file transfer, allows you to send voice memos, and looks and behaves like regular IM. For us, it has completely replaced SMS, not least because it doesn’t cost 15¢ a message.

One interesting feature of the BlackBerry is that as well as individual icons for each messaging system, there’s also a unified inbox that shows IM, SMS and e-mail in one place. This makes sense, as they all have pretty much the same UI on the Curve; the protocol is almost an irrelevant detail. I believe that if you attempt to send pictures via SMS, the phone automatically uses MMS, but I haven’t tried it.

Web browsing is a mixed bag. The built in BlackBerry browser has two modes, mobile mode and “desktop” mode. Although there are references to WAP, the browser copes with both, the mode just determines how the page is formatted for display. In mobile mode it works like a typical phone browser, in desktop mode it tries to deal with things like tables, CSS and JavaScript. Overall it makes for a pretty good browsing experience, as phones go. (If you haven’t tried browsing from a phone, the main issue isn’t usually layout–it’s latency. Each page request takes a ridiculously long time to send, compared to a desktop system. I assume this is something to do with the mobile network.)

An alternative is Opera Mini, which takes the “thumbnail of page with moveable active area” approach to web browsing. It works surprisingly well with sites that the built-in browser can’t cope with, like zagat.com. (Yeah, good move, make a web site of restaurant reviews that doesn’t work with a phone browser.)

Maps are another strong point. There’s a map application supplied, but I downloaded Google Maps for BlackBerry, which is free and offers pseudo-GPS location by correlating your active cell to its geographical location. Accuracy can be as little as 50m or so in cities, up to 1km in the countryside. The Google Mail application also works well once downloaded.

The BlackBerry OS appears to be Java based, and is pretty solid. It’s more reliable than a Palm; I’ve only managed to crash it once, which is comparable to Linux on the N800 in solidity. Initial bootup (after inserting a battery) is horrendously slow, but once running it seems to use a soft power off which doesn’t require a full boot. The UI is generally responsive at all times, unlike some Sony Ericsson phones. You can put the phone into standby mode by holding down the power switch. In standby the screen and keyboard deactivate, but you can still receive messages and calls. The same hold-down-button action brings the phone out of standby instantly.

The one bug I’ve found so far is in the BlackBerry web browser. After a while the cache gets full and slows browsing down tremendously. The workaround is to empty the cache once a week.

The phone shows a lot of attention to the details of how a mobile device should best operate. For example, an ambient light sensor behind the notification LED turns the screen brightness down in dark areas, and automatically turns on the keyboard backlight. The LED itself has behavior customizable through the notification options; each event (phone call, IM, SMS) can have any or all of a user-chosen sound, vibration, and LED flashes. You can even set different messaging systems to have different notification; for example, I have IM just flash the LED a few times, unless it’s a PIN message from the spouse.

Mac sync is a bit of a sore point. There’s a package called PocketMac that BlackBerry purchased and now give away for free. It worked for me, more or less, but had some annoying bugs. (For example, syncing with a subset of address book records didn’t work, and editing records on the BlackBerry resulted in duplicates.) The solution is simple enough: Mark/Space have a Missing Sync for BlackBerry, which makes everything work, and even syncs user pictures so you can see the face of the person calling you if you’ve given them a picture in OS X.

Overall, it’s the best mobile phone I’ve used. Whether it’s good for you will of course depend on your use cases. If you’re someone who likes to talk to people or use voicemail rather than IM or e-mail, or if you have little patience for customizing software, the iPhone is probably a better bet. It certainly look prettier. But if you prefer text to voice and prefer functionality to prettiness, the Curve beats the iPhone hands down. This may change once they stop crippling the iPhone and open it up to third party applications; we’ll see. For now, I’d pick the Curve again, even if the iPhone wasn’t tied to AT&T.

Update: Oh yeah, the Curve is also a quad band phone. That’s de rigeur, so I didn’t even think it was worth mentioning.

I’ve been testing to see which feed readers support authentication sufficiently to enable you to log in to LJ somehow and hence see LiveJournal protected posts in your web feed reader.

Do work, by prior login: Sage. Akregator. Opera*. Safari*.

Do work, by modifying URL: Mozilla Thunderbird.

Do not work: Google Reader. Bloglines.

Other people report that they work: FeedDemon. NetNewsWire.

*Not tested, but I’m pretty sure they do because the feed reader code is part of the web browser.

In all cases, the basic feed URL is http://users.livejournal.com/sucker/data/atom where sucker is the LJ user ID.

To modify the URL for applications like Thunderbird, place ?auth=digest at the end of the URL; for example http://users.livejournal.com/sucker/data/atom?auth=digest The feed reader software should then ask you for a login name and password of your LJ account, in order to access the feed.

For feed readers that work with prior login, you go to www.livejournal.com in the appropriate browser and log in. The feed reader then picks up protected entries next time it refreshes.

Trying out feed readers

There are tools to export your LJ friends list to OPML. You can then import the OPML into a feed reader, and try out the equivalent of your friends page to see how it looks.

Other solutions

If you’re technically inclined, you can use the LiveJournal authentication proxy. Or if you trust some random guy with your LJ password, because after all you’re only using it to gain access to read stuff, then you can use the hosted version he provides.

This is the approach I’m going to take, as I’m too addicted to reading web feeds on my BlackBerry. So if you’re in the habit of posting friends-locked stuff on LiveJournal, and plan to continue to use LiveJournal, please add _lj_sucks_ as a friend.

When I moved in with rothko, we bought a vacuum cleaner. At the time we were living in a fully carpeted apartment in Malden, MA. Money was tight, so I did some research via Consumer Reports and bought a Sharp vacuum cleaner.

Unfortunately, I overlooked one detail. While excellent on carpets, the vacuum cleaner was entirely unsuitable for hard wood floors. After a couple of years we moved into an apartment with wood floors, and the Sharp took up residency in the basement. But I was loathe to part with it, because it was a perfectly good vacuum cleaner, and vacuum cleaners are expensive.

Then we moved to Texas. The faithful vacuum came with us. It’s still in fine working order, and we now have carpet again, which it does a good job of cleaning. But the problem is, we also have stairs. The trusty Sharp is about as suited to vacuuming stairs as a Dalek. And downstairs is wood floors again.

So for a while now, I’ve had plans to get a vacuum that actually does a good job of hard floors, stairs, and carpet.

Obviously the Dyson range appealed as soon as I saw it. But I heard that the early Dysons were heavy and awkward, and often unreliable. So I waited.

After a couple more years, the Dyson ball was launched, which was more maneuverable. Then this year, the Slim was launched in the USA. It has a smaller version of the ball mechanism in a vacuum that’s light enough to pick up and carry up and down stairs without my back hurting. It also seems as though the reliability issues have been dealt with.

Searching on Google, I saw ads for a company offering “Worst prices on Dyson”, asking “Don’t pick on us”. I wondered whether it was a mistake or a joke, clicked through, and discovered it was an independent retailer in Austin called ABC Vacuum Warehouse. It’s a store I must have driven past dozens of times without ever realizing it was there, partly because it’s in a nondescript shack-like building in front of a warehouse, and partly because the windows are all covered up with blinds so it looks like it has been abandoned. Inside is a small store filled with nothing but vacuum cleaners, accessories for vacuum cleaners, and spares for vacuum cleaners.

At the store’s suggestion we took a look at a Sebo vacuum cleaner as well as the Dyson range. Fine German engineering, but there were a few things I didn’t like. First up, it uses bags and filters. Secondly, the main upright piece detaches from the brush head for cleaning stairs, which sounds good, but I could see it would be annoying and require a lot of bending over to detach and re-attach it. I prefer the Dyson wand, which doesn’t require any bending over at all.

So, DC-18. I took it for a thorough trip around the house this afternoon. It does indeed do a good job on all floors; it’s great on the hard wood floor, will remove the gifts of the pube fairy from the tiled bathrooms, and does at least as good a job as the Sharp on carpet. Time will tell how reliable it is, but so far I’m satisfied: I ended up with a full cylinder of hairy filth.

Google press release:

We recognize the impact that our operations have on the Earth’s climate, and are taking steps to ensure that we are carbon neutral by the end of 2007.

Solving climate change won’t be simple, and there won’t be a single solution that addresses the entire problem at once. We all need to act together to meet the challenge – from the largest corporations and governments to individual households.

Meanwhile in the New York Times:

In the annals of perks enjoyed by America’s corporate executives, the founders of Google may have set a new standard: an uncrowded, federally managed runway for their private jet that is only a few minutes’ drive from their offices.

The Google founders, according to one of their own Google maps, will spend just 7 minutes to get from their offices to the NASA airport where their jet is parked. As the crow flies, the airfield is only 1.7 miles away.

For $1.3 million a year, Larry Page and Sergey Brin get to park their customized wide-body Boeing 767-200, as well as two other jets used by top Google executives, on Moffett Field, an airport run by NASA that is generally closed to private aircraft.

We all need to act together to meet the challenge, eh?

What’s the betting that Google don’t include Larry and Sergey’s burning 5 tons of jet fuel per hour in their “carbon neutral” calculations?

Unearthed via Google Groups: me ranting about phone design and pondering the development of a Mac phone with easy to understand graphical push-buttons. In 1991.

But no, no iPhone for me until it’s opened up and the price is dropped. If I wanted to blow $600 on a piece of overhyped locked-down electronics, I’d get a PlayStation 3.