I upgraded word press – the version I was using had an injection vulnerability.
Google’s reports eventually pointed me to the offending page where I found an i frame tag embedded in one of my articles.
It looks as if this blog has been flagged by google’s stop badware service.
I can imagine this is causing a lot of people problems since a site may be blacklisted if a comment with a link to a “badware” is posted on a blog.The site is not showing up on the reports. So I have absolutely no idea what’s causing the problem, though I suspect a code injection. But I really don’t have enough time to crawl through all my code. What a pain in the ass. http://www.stopbadware.org/reports/container?reportname=http://twmdesign.co.uk/theblog/&sa=X&oi=interstitial&ct=stopbadware
Today, I was at Waterloo station and needed the loo so I threw my 30pence (yes it has gone up) into the turnstile and sat down with my copy of New Scientist for a nice read.
Men seem to have a particular relationship with the jon, that women might have some difficulty understanding. I, like many others simply have to have something to read. I’ve gotten through some great pieces of literature over the years, but In times of desperation, anything will do. However, given the choice of the Daily mail or the ingredients on the back of a bottle of head and shoulders features heavily then wonderful nomenclature of sodium benzoate, and Methylisothiazolinone suddenly become great works of literature.
After a few pages of an interesting article on evolution, the cubicle resonated with the sound of the door rattling, followed by the words “police, open up”.
A little perplexed, i said that I was a little busy and wasn’t ready to come out just yet. When I finally opened the door, there were four police officers (i think two of them were community support). They informed me that I was suspected of taking drugs in the cubicle and that I had been reported. They said that they wanted to take me aside to ask a few questions.
By this time, I was a bit nervous – fearing an afternoon of body cavity searches. But I asked if i could wash my hands first, to which they agreed.
We them moved up the step to the concourse, talking a little about what I do and were I was from and by the time we got to daylight, the main officer said that after talking to me, he doesn’t believe there was a problem. He said “I had a look over the cubicle next to you and could see that you were just reading”. I was completely taken aback by this apparent violation and immediately exclaimed “you were watching me take a dump?”.
When I asked them about their grounds for suspicion, the stated some bullshit about my coat dangling by the door, which was a sign that drug dealers used.
I’m not up on recent law changes, but certainly to conduct a body search there should be “Reasonable grounds for suspicion”, but it’s hard to interpret the law when it comes to spying on men with their pants down reading something other than the london lite.
This is a big deal for me, I’m not happy that my last bastion of privacy has been violated so casually. I think that the guy from This life, on Couplings puts it most eloquently:
Moto have invested in VirtualLogix (real time virtualisation company) .
A lot of people are wondering why the hell anyone would want to run two OSes on a mobile device. Something that the majority of the public don’t do on a desktop, let alone a portable.
I don’t think moto are seriously going to allow the user to switch between OSes on the fly (the royalties would be crippling).
Virtualisation has been in use in mobiles for a long time. But it’s trendy right now innt.
Many 3G solutions on the market are 2 chip – that is one chip for the RTOS(e.g nucleus) and one for the Applications OS (Symbian/Ms mobile/linux).
Now obviously 2 chips are more expensive than one, and so there is a BOM cost penalty. However the effort to port the signaling stack to 3 different OSes is really astronomical.
So one solution is to to virtualise the device. That is, presenting the ARM chip to two OSes, with a Hypervisor taking care of OS context switches and message passing.
This means you can :
use the same RTOS (which has gone through type approval) with any application OS you fancy *on the same chip*
have one team responsible for the whole 3G stack delivery to all phones in an organisation (no expensive ports)
isolate and test the signaling stack as a black box. (No need to worry about mixing 3g and application threads)
Create better separation so that you can produce 3G/EDGE versions
Increase security since the RTOS can have a different memory region and is closed to 3rd party applications
Ease RT performance – you can verify RTOS deterministically since you are not tweaking priorities of *all* threads in your system each time you add a new feature.
Bear in mind that before Montavista released its Real time patches to the linux kernel, this technique was the only way of doing single chip handsets on linux.
Although it may seem wasteful, there are some organisational reasons why virtulising systems can lead to far less complex code. The ability to characterise and verify a crucial part of a system is really important. I know that in a development team of a few 100 staff, a problem which disrupts the whole system such as the multimedia team bumping up a realtime thread does not have to take out important threads in the RT telephony stack. On an integrated system, your whole organisation has to be aware of which threads are allowed to be at what priority. RT verification is not a skill that every engineer has (no, really).Since signaling stacks are usually well characterised, it’s usually possible to state that the OS will never use more than 10% CPU for example. The latency of the RTOS then determines the minimum latency of the application OS with good predictability.
One other possible reason for virtualisation is compatibility. By this I mean having the freedom to deploy a new BC breaking version of the OS, or even a completely new OS, but retain compatibility with old applications (simply by including the old OS ROM on storage). With mobiles shipping with a few GB of NAND, storage space is becoming less of an issue (a typical phone ROM is ~128MB).
(Updated with links and expanded personal view 16/04/08)
Advertising is all about extracting money, but they missed a trick by not charging for tonight’s “Town hall event”.
I loved the format of the town hall event, it was often chaotic with people talking over each other responses cut short (perhaps obeying the Roberts Rules of order might have helped).
Perhaps a meeting reminiscent of a scene from “there will be blood”, Kent Ertugrul (CEO of PHORM) hoping that a few walk troughs and an general appeal that this technology would benefit the UK economy, would take some of the heat away and allow him to resume tapping the precious oil.
Civil liberty pitched against opportunist corporation. This is a fairly unusual meeting outside of a court of law, but probably a necessary PR for a company who’s investment was in jeopardy.
What’s the problem?
I think there are concerns with the technology and the precedence it sets for similar services. But these issues alone would not have been so inflammatory if it wasn’t for the panic caused byt he ISP retrospectively announcing that Phorm was already active, already profiling blissfully unaware users.
As badphorm.com puts it:
“Naturally the ISP’s are not too keen on telling their users this, they’d much rather feed us all platitudes about how it’ll help combat phishing and how the targeted adverts will be so much better than the random ones we see today. In fact, they didn’t even announce it to the UK press, we had to find out about it from the New York Times!”
What is phorm?
A advert brokering system targeted to ISPs.
Why is form different?
Advert slots on participating web sites show adverts based on who is looking at the web site rather than the content of the web site being viewed. I.e a user who is browsing a medical site might get an advert for a BMW rather than for Viagra (if they had been surfing a lot of car web sites previously).
The idea is that by sitting on the ISP’s computer scanning each page a user views, Phorm can find words which link to a predefined marketing persona, or hat as Phorm call them.
Lets say that Phorm keeps a top 5 of most useful hats, with a suitable aging algorithm. Then when visiting a site with a Phorm billboard (a participating site which could be anything from a big organisation to a tiny blog). The adverts are shown and rotated from the top 5 – effectively following you around the web. This is seen as providing a much more direct and relevant way of advertising to users.
It’s not really clear how specific the categories are, and a lot of the talk was contradictory. At one point alluding to the catogaries being as s broad brush as the old ’self-actualisers’ or ‘aspirationals’ lifestyle segments – while a oncrete walk through provided by Phorm’s CEO, showed how a specific advert for “luxury paris hotel” was generated based on the user previously surfing on travel sites related to paris and more expensive hotels. The linkage of specific details there – location, price range and service implies a lot more personal context captured than the simplistic hat’s model proposed in the introduction.
Phorm’s pitch:
- Revolution in privacy (compare with incumbent search engines)
- Your choice, always your choice to opt in or out
- Subsidising Internet connections is the only way to achieve infrastructure and low cost – Phorm provides the best solution
- Opt in not a problem – Permission based advertising is ‘the new black’ – unsolicited adverts perceived as a menace
Opposition
- Phorm does good job with the issues of data protection – no real problems with storage of user’s details, but privacy is compromised
- Phorm management appear open, and engage with academics and lawmakers.
- Issues with mission creep. Commercial company would always be under pressure by its shareholder/VC to bring in revenue. The placement of the technology in the ISP (easy access to IP addresses), could prove too irresistible?
Technical analysis from Dr Richard Clayton
The full report can be found here: http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf
But basically he points out that the mechanics of the idea isn’t very good:
1. Keyword scanning is a rubbish way of matching, it’s what search engines used to do before google – he provided the most popular words on a guardian page which came up with words such as “offensive”
2. By placing the PHORM server right in the path of the users, it creates a point of failure (e.g DNS table poisoning) which wasn’t there before
3. Forging cookies is dodgy and might even be unlawful
The odd twist and turn emerged – The opposition stated that the Guardian had backed out of a Phorm deal due to fear of brand tarnish. This was denied by Kent(Phorm CEO), who stated that Phorm hadn’t yet lost a single account, but Kent’s view was immediately challenged challenged by a gentleman in the audience who stated that he worked for the guardian and was sure that the Guardian was not using the service.
Here is my take.
I believe that banner/strip adds in other’s websites simply do not work. I find it hard to hold this view while being aware of Google’s overflowing coffers. But as a user, the ad-sense sprays complete nonsense at me to the point where I have learned how to blank the ads out completely.
I’ve trained my brain to ignore adverts, and a few examples might help to illustrate
After breaking my leg in a car crash – ad sense (within the gmail page) suggested that I get insurance. Thanks!
After buying a load of C++ books for my team in work, Amazon’s ‘new for you’ thinks that that’s all i’m interested in now. It’s aging forgot about my Pablo Neruda, my Dostoyevsky, my Paris lounge by night vol 4 and my Feynman lectures.
I totally understand how google’s search sponsored links are revenue generating, but not adsense.In general I’m suspicious of any software which tries to pre-empt what I want to purchase or do. Just because I’m searching for photos of Kylie, doesn’t mean I want to buy her CD or DVD. Keywords alone cannot provide a revolution in targeted advertising.
Most of my smaller purchases in the past few years – my books, CDs, software, Films are products that have been sold to me by bloggers. I’ve spent a lot of time refining the selection of blogs that I tune into, choosing ones which reflect my current tastes and interest and killing subscriptions to blogs which have become stale or uninteresting. For me the list of my blogs provides a pretty good lump of data to mine for things which interest me, and I’m happy to purchase things in my own time based on my own reading. I view a lot of junk sites which only mildly interest me, or that I followed by mistake.
The problem with this sort of purchasing by recommendation pattern is that there is no room for a broker to make a cut. It’s not easy to understand the model, hard to centralize and monetize. I do find product reviews useful – but only if I know something about the person who is reviewing.
Despite my personal view, it’s pretty clear that anyone who takes even a fraction of the google advertising pie will become immensely rich, and this greed has so many companies and opportunistic individuals licking their chops. Phorm and Facebook’s were the first company to push ahead to satisfy their shareholders. So it’s important that we have this debate – on line advertising is different- the first solutions are likely to be flawed.
I was watching Adam Curtis’ “Pandora’s box” the other day. Curtis’ films are excellent slices through history often dealing with how technology and ideals have spiralled, in tragicomedy at the hands of those in power.
Pandora’s box was made in 1992 and provides a great mix of journalistic documentary making with a seemingly endless supply of amusing archive footage.
Part two of the series is about the struggle of the British government to understand the money system at a time when both inflation and unemployment were growing simultaneously. An outcome which ran contrary to the then prevailing Keynesian principles of using inflation to control employment.
Interestingly, Keynes simplistic view of the flow of money in the economy had few variables and so was a very accessible way of viewing the macroeconomic landscape.
An early computer which modelled the flow of money was designed in the 1920s by engineer turned economist Bill Phillips. Usually called the Phillips machine, but also known as the MONIAC(Monetary National Income Automatic Computer). It was based on modelling the flow of money using water.
From the wikipedia entry:
“Water is pumped into the top of the machine & then filtered down though a central column & then through pipes & chambers. The amount of money is represented by how much water is in a tank. The net flow of the system gathers at the bottom & is pumped back to the top to restart the cycle. Different variables can be changed by tuning valves & other piping.”
Designed initially as an education tool to promote the economics of the time, it was used by academics and practising economist. It sounds quite clunky but it’s an elegant metaphor based visualisation of a set of variables which its users responded to intuitively.
I Believe there to be a MONIAC at the British science museum.
Just when you think you have got to grips with computer security, some twisted nut comes up with a curve ball. Article in wired magazine
Some one had maliciously posted comments on an epileptic support forum which contained embedded javascript designed to trigger a siesure. From a sociopathic point of view, it’s a fascinating use of an established vector. Comments are often written with the intent to cause emotional harm, but this attack creepily bridges into the physical world.
