Slashdot Mirror

Nerval's Lobster writes: In a posting that recently attracted some buzz online, .NET developer Justin Angel (a former program manager for Silverlight) argued that the .NET ecosystem is headed for collapse—and that could take interest in C# along with it. "Sure, you'll always be able to find a job working in C# (like you would with COBOL), but you'll miss out on customer reach and risk falling behind the technology curve," he wrote. But is C# really on the decline? According to Dice's data, the popularity of C# has risen over the past several years; it ranks No. 26 on Dice's ranking of most-searched terms. But Angel claims he pulled data from Indeed.com that shows job trends for C# on the decline. Data from the TIOBE developer interest index mirrors that trend, he said, with "C# developer interest down approximately 60% down back to 2006-2008 levels." Is the .NET ecosystem really headed for long-term implosion, thanks in large part to developers devoting their energies to other platforms such as iOS and Android?

SmartAboutThings writes Since the first version of Windows, Microsoft has offered the operating system on a initial fee purchase. But under new management, it seems that this strategy could shift into new monetization methods, a subscription-based model being the most probable one. At the recent Credit Suisse Technology Conference from last week, Chief Operating Officer Kevin Turner was speaking (transcript in Microsoft Word format) to investors about the fact that Microsoft is interested in exploring new monetization methods for its Windows line of products. The company might adopt a new pricing model for the upcoming operating system, as it looks to shift away from the one-time initial purchase to an ongoing-revenue basis.

onyxruby writes "Microsoft may finally be ready to put Windows RT out to pasture. After ignoring pundits, the public, and a staggering $900 writedown, the subsequent lack of sales for the second edition of the RT have finally gotten the message through. Speaking at a UBS seminar, Microsoft VP Julie Larson-Green said, 'It just didn't do everything that you expected Windows to do. So there's been a lot of talk about it should have been a rebranding. We should not have called it Windows (.DOCX). How should we have made it more differentiated? I think over time you'll see us continue to differentiate it more. We have the Windows Phone OS. We have Windows RT and we have full Windows. We're not going to have three.'"

Frequent contributor Bennett Haselton writes: "Hotmail and Yahoo Mail are apparently sharing a secret blacklist of domain names such that any mention of these domains will cause a message to be bounced back to the sender as spam. I found out about this because — surprise! — some of my new proxy site domains ended up on the blacklist. Hotmail and Yahoo are stonewalling, but here's what I've dug up so far — and why you should care." Read on for much more on how Bennett figured out what's going on, and why it's a hard problem to solve.

On December 7th I sent out a normal batch of emails to the Circumventor mailing list, where I send out new proxy sites for getting around Internet filters. I registered seven new domains and sent each domain to one seventh of the list; the list contains about 420,000 addresses, so each one went to about 60,000 people. (Each new site is only sent to a random subset of the list, so that a blocking company can't just subscribe one address to the list and block all new sites as soon as they're mailed out.)

The list is also comprised of 100%-verified-opt-in addresses, meaning that a new subscriber has to reply to a confirmation message in order to be added to the list. That's considered the gold standard for responsible mailing, but major email providers keep finding new ways to block the emails as "spam," which sometimes provide interesting insights into how the filters work behind the scenes.

After the last mailing, for example, all of my newly registered domains got disabled by the registrar because two of the domains had been incorrectly blacklisted by the Spamhaus Domain Block List. It took two days to discover the problem and then several hours to trace the problem to Spamhaus, although once I found Spamhaus's automated form I was able to get the domains un-blacklisted immediately. So the registrar re-enabled the domains a few hours later, although the traffic to the domains never returned to its previous levels. Spamhaus, meanwhile, continues to claim the DBL is a "zero false-positive" list, and has yet to acknowledge the error or contact me to help get to the bottom of how it happened. Well, they know how to reach me.

At least this time around, my domains didn't get disabled. Instead, the messages rolled out for a few hours with no problem (replies from users indicated that at least some hotmail.com and yahoo.com users were receiving them), until bounces abruptly started coming in from hotmail.com and yahoo.com addresses saying:

----- Transcript of session follows -----
... while talking to mta5.am0.yahoodns.net.:
>>> DATA
<<< 550 Message Contains SPAM Content
554 5.0.0 Service unavailable

After pummeling my address with bounce messages (to the point where my own Gmail account started bouncing because it was getting hammered with so many bounce messages from Hotmail and Yahoo), when the dust finally settled, I tried reproducing the error by sending test messages from my server's IP address to a test Hotmail account. It turns out that out of the seven different URLs that I had been mailing to our users, four of the domains in those URLs would generate a "550 Message Contains SPAM Content" error when sent from my IP to a Hotmail address, and the other three did not. The message didn't have to contain the banned domain in the From: address; the message would get blocked if it even mentioned the domain anywhere in the message body. (This only happened when sending from my own IP address at peacefire.org. It didn't happen if I tried sending a message from my Gmail account to a Hotmail address, even if the message contained one of the four banned domain names, so the issue probably won't reproduce if you try sending a test message yourself.)

But interestingly, Yahoo Mail started bouncing my messages at about the same time — out of the seven domain names, the same four domain names were being bounced by Yahoo Mail as by Hotmail, also with the error "550 Message Contains SPAM Content." That's far too unlikely to be a coincidence, so it looks as if Hotmail and Yahoo Mail are using a common secret blacklist of domain names that cause a message to be blocked as spam. (As it happens, the other three domains were also being bounced by Yahoo Mail with the error "Message Contains SUSPECT Content" — as opposed to "SPAM Content" — while those three domains were not blocked by Hotmail at all. That of course is aggravating, but the real clue lies in the fact that both Yahoo Mail and Hotmail were giving "SPAM Content" errors to the exact same subset of domains.)

I don't want to publish the list of all seven domain names here, so as not to make it too easy for censorware companies to block them all, but one of the four blacklisted domains was 'golflanding.com.' (All of the new domains I register are nonsensical two-word combinations, since those are the only .com domains that are likely to be (1) still available and (2) easy to remember.) As soon as it seemed like Hotmail and Yahoo Mail were working off of a common blacklist, I checked to see if Spamhaus had screwed up again and listed our domains, but none of the seven domains were on Spamhaus's lists.

I looked up golflanding.com on the blacklistalert.org service, which checks against all major spam blacklists, but no hits were listed there either (except for on some defunct services which haven't been updated in years).

So if Hotmail and Yahoo Mail are both using the domain blacklist, perhaps it's a list compiled by one company and then licensed to the other, or perhaps it's a third-party list not widely known to the public. (Hotmail uses their own SmartScreen filter, but I've found nothing online about Yahoo using it as well.) It's conceivable that one or more of the domains might have gotten blacklisted as a result of Hotmail or Yahoo users clicking their "This is spam" button. However, Hotmail allows newsletter publishers to view data about what percent of their messages to Hotmail users are being flagged by users as "spam," and when I looked up the stats for our IP, they showed a "complaint rate" of less than 0.1% (usually the rest of people hitting 'Junk Mail' to unsubscribe from the list). Assuming that the complaint rates are similar for Yahoo Mail, it's unlikely that the domains got blacklisted as a result of user complaints, unless the blacklist trigger has a ridiculously low complaint threshold.

Neither the Hotmail postmaster site nor the Yahoo postmaster site mention anything about a list of domain names that could cause a message to be blocked for mentioning the domains in the message body. Yahoo Mail does provide a support form for newsletter publishers to send inquiries about why their mail is being blocked; I submitted that on Saturday and started a thread with email "support," although so far their response has just been to copy and paste articles from the Postmaster site, with tips like "Send email only to those that want it." Each time, I reply saying, No, this is not the problem, the problem is that the domains in the messages are getting incorrectly blacklisted, and each time, support cheerfully sends me another article. If I'm not literally talking to a bot, I might as well be.

I opened a similar ticket with Hotmail, and they sent me a form letter saying that the emails were being blocked because of SmartScreen, and that as a matter of policy, they would refuse to fix any errors being made by the SmartScreen filter. Waiting to see if I get a reply from a human next.

So why should you care? Well, for one thing, if you care about users in China and Iran being able to receive proxies to get around their Internet blockers, right now Hotmail and Yahoo are thwarting these proxies more effectively than those countries' own censors are. Yes, these are real people who really do write back to me after a mailing goes out, telling me about how they were able to use the proxies to receive banned political information, and sometimes how long the proxy lasted before the censors blocked it. This week, they had to do without.

But more importantly, this is an example of a general problem: That there are certain types of issues, like blocking of legitimate mail by spam filters, where the "free market" does not deliver the best experience to consumers, and the costs get passed on to everybody. Sometimes the problems could be solved with some effort, but the effort does not get made, because people believe that the free market will solve the problem, or that it already has.

In theory, if consumers have enough information about different companies and their services, the companies can compete to provide the best product to users. The problem is that if one type of information is systematically hidden from users — in this case, the fact that their mail provider is blocking mails from reaching them — then the "theory" falls apart. Since spam getting into your inbox is a visible problem, but missed email messages are an invisible problem, Hotmail's incentive is not to give the user the best experience, but rather to err on the side of blocking legitimate messages — even if the user might prefer to get slightly more spam, than to miss one important email that they were waiting for.

This means we're not just talking about a few messages getting caught in filters, which could happen even in an efficient marketplace. We're talking about a permanent equilibrium where the user gets a sub-par experience by default — a trade-off that causes them to miss more messages than they want to — and senders have to pay the cost of overcoming the marketplace inefficiencies. (Which means if the sender is a business you buy from or a charity you support, the costs get passed on to you.)

Pretty much the entire financial cost of sending email, is attributable to the failure of the "free market" to motivate email providers to deliver non-spam emails into their user's inboxes. If a company or organization uses an email list hosting company like AWeber or Constant Contact to email their users, they pay a fee of about $1 per month for every 100 users on their list (which would run me about $4,000 per month). That fee doesn't go towards bandwidth — even a 1-million-subscriber list, emailed once a month, would use less than 3 GB per month of bandwidth, which is what GeoCities was was giving away for free 10 years ago. What you're paying for is the fact that AWeber and Constant Contact have friends in the right places at Hotmail, Yahoo, and Gmail, so if your mails are getting blocked, they know the people to call to fix the problem. If you run your own list instead of paying a hosting fee to AWeber or Constant Contact, you'll end up paying other costs indirectly, through loss of income when your messages don't reach recipients, or in time and money spent trying to fix the issue. (I have to take this option anyway, since I send different URLs to different random subsets of my list, which is not supported by AWeber or Constant Contact.)

On the other hand, if the market actually "worked" — if email providers did reliably deliver non-spam messages to their users — a company or charity could run their own list for virtually zero cost, and would be able to keep all of that money. (I incur no up-front fees for running my own list; all of the costs are the time spent trying to get Yahoo, Gmail, and Hotmail to stop blocking it.) So every time you donate to a charity or buy from an online retailer, a little bit of that money goes towards the cost of that organization having to fight past marketplace failures in order to get their email to you.

I don't think there's an easy algorithmic solution, like crowdsourcing Facebook complaints or using random-sample voting on Digg. Generally, I just think we need more awareness of the fact that, under certain conditions (including those surrounding email deliverability), the "free market" is virtually guaranteed to arrive at a non-optimal solution. One manifestation of that awareness would be if Hotmail, Yahoo Mail, and Gmail created public points of contact where legitimate email publishers could find out why their emails were blocked, and had real humans responding to the messages and fixing the problems. By default, the imperfect information in the marketplace leads toward an equilibrium that errs on the side of blocking too much legitimate email, so anything that pushes the equilibrium back towards more legitimate messages getting delivered will improve the experience for users and lower costs for senders.

Besides, there's a more basic ethical issue here. If you're Hotmail and you tell your users that you're providing them with "email accounts," then those users expect those accounts to work — including having the ability to receive mails from mailing lists that they've signed up for. Helping legitimate emails get through to users is not just a matter of addressing a marketplace inefficiency, it's a matter of honesty.

Larry Lessig's book "Code is Law" describes how default choices built into the architecture of the Internet and other environments — the "code" — can steer our behavior in ways that we might not choose otherwise. I'm making essentially the same point in saying that some problems are not fixed by market forces, because people are not aware of the problem at all. I think the evidence and the reasoning are straightforward in this case, but it's hard to convince people who have adopted it as an axiom that whatever the free market arrives at, must be the solution. My favorite single sentence in Lessig's book was, "Put your Ayn Rand away." I could imagine the years of pushing against dogmatic fanaticism that led him to write that sentence, and I knew how he felt.

Frequent contributor Bennett Haselton writes: "Hotmail and Yahoo Mail are apparently sharing a secret blacklist of domain names such that any mention of these domains will cause a message to be bounced back to the sender as spam. I found out about this because — surprise! — some of my new proxy site domains ended up on the blacklist. Hotmail and Yahoo are stonewalling, but here's what I've dug up so far — and why you should care." Read on for much more on how Bennett figured out what's going on, and why it's a hard problem to solve.

On December 7th I sent out a normal batch of emails to the Circumventor mailing list, where I send out new proxy sites for getting around Internet filters. I registered seven new domains and sent each domain to one seventh of the list; the list contains about 420,000 addresses, so each one went to about 60,000 people. (Each new site is only sent to a random subset of the list, so that a blocking company can't just subscribe one address to the list and block all new sites as soon as they're mailed out.)

The list is also comprised of 100%-verified-opt-in addresses, meaning that a new subscriber has to reply to a confirmation message in order to be added to the list. That's considered the gold standard for responsible mailing, but major email providers keep finding new ways to block the emails as "spam," which sometimes provide interesting insights into how the filters work behind the scenes.

After the last mailing, for example, all of my newly registered domains got disabled by the registrar because two of the domains had been incorrectly blacklisted by the Spamhaus Domain Block List. It took two days to discover the problem and then several hours to trace the problem to Spamhaus, although once I found Spamhaus's automated form I was able to get the domains un-blacklisted immediately. So the registrar re-enabled the domains a few hours later, although the traffic to the domains never returned to its previous levels. Spamhaus, meanwhile, continues to claim the DBL is a "zero false-positive" list, and has yet to acknowledge the error or contact me to help get to the bottom of how it happened. Well, they know how to reach me.

At least this time around, my domains didn't get disabled. Instead, the messages rolled out for a few hours with no problem (replies from users indicated that at least some hotmail.com and yahoo.com users were receiving them), until bounces abruptly started coming in from hotmail.com and yahoo.com addresses saying:

----- Transcript of session follows -----
... while talking to mta5.am0.yahoodns.net.:
>>> DATA
<<< 550 Message Contains SPAM Content
554 5.0.0 Service unavailable

After pummeling my address with bounce messages (to the point where my own Gmail account started bouncing because it was getting hammered with so many bounce messages from Hotmail and Yahoo), when the dust finally settled, I tried reproducing the error by sending test messages from my server's IP address to a test Hotmail account. It turns out that out of the seven different URLs that I had been mailing to our users, four of the domains in those URLs would generate a "550 Message Contains SPAM Content" error when sent from my IP to a Hotmail address, and the other three did not. The message didn't have to contain the banned domain in the From: address; the message would get blocked if it even mentioned the domain anywhere in the message body. (This only happened when sending from my own IP address at peacefire.org. It didn't happen if I tried sending a message from my Gmail account to a Hotmail address, even if the message contained one of the four banned domain names, so the issue probably won't reproduce if you try sending a test message yourself.)

But interestingly, Yahoo Mail started bouncing my messages at about the same time — out of the seven domain names, the same four domain names were being bounced by Yahoo Mail as by Hotmail, also with the error "550 Message Contains SPAM Content." That's far too unlikely to be a coincidence, so it looks as if Hotmail and Yahoo Mail are using a common secret blacklist of domain names that cause a message to be blocked as spam. (As it happens, the other three domains were also being bounced by Yahoo Mail with the error "Message Contains SUSPECT Content" — as opposed to "SPAM Content" — while those three domains were not blocked by Hotmail at all. That of course is aggravating, but the real clue lies in the fact that both Yahoo Mail and Hotmail were giving "SPAM Content" errors to the exact same subset of domains.)

I don't want to publish the list of all seven domain names here, so as not to make it too easy for censorware companies to block them all, but one of the four blacklisted domains was 'golflanding.com.' (All of the new domains I register are nonsensical two-word combinations, since those are the only .com domains that are likely to be (1) still available and (2) easy to remember.) As soon as it seemed like Hotmail and Yahoo Mail were working off of a common blacklist, I checked to see if Spamhaus had screwed up again and listed our domains, but none of the seven domains were on Spamhaus's lists.

I looked up golflanding.com on the blacklistalert.org service, which checks against all major spam blacklists, but no hits were listed there either (except for on some defunct services which haven't been updated in years).

So if Hotmail and Yahoo Mail are both using the domain blacklist, perhaps it's a list compiled by one company and then licensed to the other, or perhaps it's a third-party list not widely known to the public. (Hotmail uses their own SmartScreen filter, but I've found nothing online about Yahoo using it as well.) It's conceivable that one or more of the domains might have gotten blacklisted as a result of Hotmail or Yahoo users clicking their "This is spam" button. However, Hotmail allows newsletter publishers to view data about what percent of their messages to Hotmail users are being flagged by users as "spam," and when I looked up the stats for our IP, they showed a "complaint rate" of less than 0.1% (usually the rest of people hitting 'Junk Mail' to unsubscribe from the list). Assuming that the complaint rates are similar for Yahoo Mail, it's unlikely that the domains got blacklisted as a result of user complaints, unless the blacklist trigger has a ridiculously low complaint threshold.

Neither the Hotmail postmaster site nor the Yahoo postmaster site mention anything about a list of domain names that could cause a message to be blocked for mentioning the domains in the message body. Yahoo Mail does provide a support form for newsletter publishers to send inquiries about why their mail is being blocked; I submitted that on Saturday and started a thread with email "support," although so far their response has just been to copy and paste articles from the Postmaster site, with tips like "Send email only to those that want it." Each time, I reply saying, No, this is not the problem, the problem is that the domains in the messages are getting incorrectly blacklisted, and each time, support cheerfully sends me another article. If I'm not literally talking to a bot, I might as well be.

I opened a similar ticket with Hotmail, and they sent me a form letter saying that the emails were being blocked because of SmartScreen, and that as a matter of policy, they would refuse to fix any errors being made by the SmartScreen filter. Waiting to see if I get a reply from a human next.

So why should you care? Well, for one thing, if you care about users in China and Iran being able to receive proxies to get around their Internet blockers, right now Hotmail and Yahoo are thwarting these proxies more effectively than those countries' own censors are. Yes, these are real people who really do write back to me after a mailing goes out, telling me about how they were able to use the proxies to receive banned political information, and sometimes how long the proxy lasted before the censors blocked it. This week, they had to do without.

But more importantly, this is an example of a general problem: That there are certain types of issues, like blocking of legitimate mail by spam filters, where the "free market" does not deliver the best experience to consumers, and the costs get passed on to everybody. Sometimes the problems could be solved with some effort, but the effort does not get made, because people believe that the free market will solve the problem, or that it already has.

In theory, if consumers have enough information about different companies and their services, the companies can compete to provide the best product to users. The problem is that if one type of information is systematically hidden from users — in this case, the fact that their mail provider is blocking mails from reaching them — then the "theory" falls apart. Since spam getting into your inbox is a visible problem, but missed email messages are an invisible problem, Hotmail's incentive is not to give the user the best experience, but rather to err on the side of blocking legitimate messages — even if the user might prefer to get slightly more spam, than to miss one important email that they were waiting for.

This means we're not just talking about a few messages getting caught in filters, which could happen even in an efficient marketplace. We're talking about a permanent equilibrium where the user gets a sub-par experience by default — a trade-off that causes them to miss more messages than they want to — and senders have to pay the cost of overcoming the marketplace inefficiencies. (Which means if the sender is a business you buy from or a charity you support, the costs get passed on to you.)

Pretty much the entire financial cost of sending email, is attributable to the failure of the "free market" to motivate email providers to deliver non-spam emails into their user's inboxes. If a company or organization uses an email list hosting company like AWeber or Constant Contact to email their users, they pay a fee of about $1 per month for every 100 users on their list (which would run me about $4,000 per month). That fee doesn't go towards bandwidth — even a 1-million-subscriber list, emailed once a month, would use less than 3 GB per month of bandwidth, which is what GeoCities was was giving away for free 10 years ago. What you're paying for is the fact that AWeber and Constant Contact have friends in the right places at Hotmail, Yahoo, and Gmail, so if your mails are getting blocked, they know the people to call to fix the problem. If you run your own list instead of paying a hosting fee to AWeber or Constant Contact, you'll end up paying other costs indirectly, through loss of income when your messages don't reach recipients, or in time and money spent trying to fix the issue. (I have to take this option anyway, since I send different URLs to different random subsets of my list, which is not supported by AWeber or Constant Contact.)

On the other hand, if the market actually "worked" — if email providers did reliably deliver non-spam messages to their users — a company or charity could run their own list for virtually zero cost, and would be able to keep all of that money. (I incur no up-front fees for running my own list; all of the costs are the time spent trying to get Yahoo, Gmail, and Hotmail to stop blocking it.) So every time you donate to a charity or buy from an online retailer, a little bit of that money goes towards the cost of that organization having to fight past marketplace failures in order to get their email to you.

I don't think there's an easy algorithmic solution, like crowdsourcing Facebook complaints or using random-sample voting on Digg. Generally, I just think we need more awareness of the fact that, under certain conditions (including those surrounding email deliverability), the "free market" is virtually guaranteed to arrive at a non-optimal solution. One manifestation of that awareness would be if Hotmail, Yahoo Mail, and Gmail created public points of contact where legitimate email publishers could find out why their emails were blocked, and had real humans responding to the messages and fixing the problems. By default, the imperfect information in the marketplace leads toward an equilibrium that errs on the side of blocking too much legitimate email, so anything that pushes the equilibrium back towards more legitimate messages getting delivered will improve the experience for users and lower costs for senders.

Besides, there's a more basic ethical issue here. If you're Hotmail and you tell your users that you're providing them with "email accounts," then those users expect those accounts to work — including having the ability to receive mails from mailing lists that they've signed up for. Helping legitimate emails get through to users is not just a matter of addressing a marketplace inefficiency, it's a matter of honesty.

Larry Lessig's book "Code is Law" describes how default choices built into the architecture of the Internet and other environments — the "code" — can steer our behavior in ways that we might not choose otherwise. I'm making essentially the same point in saying that some problems are not fixed by market forces, because people are not aware of the problem at all. I think the evidence and the reasoning are straightforward in this case, but it's hard to convince people who have adopted it as an axiom that whatever the free market arrives at, must be the solution. My favorite single sentence in Lessig's book was, "Put your Ayn Rand away." I could imagine the years of pushing against dogmatic fanaticism that led him to write that sentence, and I knew how he felt.

Frequent contributor Bennett Haselton writes: "Hotmail and Yahoo Mail are apparently sharing a secret blacklist of domain names such that any mention of these domains will cause a message to be bounced back to the sender as spam. I found out about this because — surprise! — some of my new proxy site domains ended up on the blacklist. Hotmail and Yahoo are stonewalling, but here's what I've dug up so far — and why you should care." Read on for much more on how Bennett figured out what's going on, and why it's a hard problem to solve.

On December 7th I sent out a normal batch of emails to the Circumventor mailing list, where I send out new proxy sites for getting around Internet filters. I registered seven new domains and sent each domain to one seventh of the list; the list contains about 420,000 addresses, so each one went to about 60,000 people. (Each new site is only sent to a random subset of the list, so that a blocking company can't just subscribe one address to the list and block all new sites as soon as they're mailed out.)

The list is also comprised of 100%-verified-opt-in addresses, meaning that a new subscriber has to reply to a confirmation message in order to be added to the list. That's considered the gold standard for responsible mailing, but major email providers keep finding new ways to block the emails as "spam," which sometimes provide interesting insights into how the filters work behind the scenes.

After the last mailing, for example, all of my newly registered domains got disabled by the registrar because two of the domains had been incorrectly blacklisted by the Spamhaus Domain Block List. It took two days to discover the problem and then several hours to trace the problem to Spamhaus, although once I found Spamhaus's automated form I was able to get the domains un-blacklisted immediately. So the registrar re-enabled the domains a few hours later, although the traffic to the domains never returned to its previous levels. Spamhaus, meanwhile, continues to claim the DBL is a "zero false-positive" list, and has yet to acknowledge the error or contact me to help get to the bottom of how it happened. Well, they know how to reach me.

At least this time around, my domains didn't get disabled. Instead, the messages rolled out for a few hours with no problem (replies from users indicated that at least some hotmail.com and yahoo.com users were receiving them), until bounces abruptly started coming in from hotmail.com and yahoo.com addresses saying:

----- Transcript of session follows -----
... while talking to mta5.am0.yahoodns.net.:
>>> DATA
<<< 550 Message Contains SPAM Content
554 5.0.0 Service unavailable

After pummeling my address with bounce messages (to the point where my own Gmail account started bouncing because it was getting hammered with so many bounce messages from Hotmail and Yahoo), when the dust finally settled, I tried reproducing the error by sending test messages from my server's IP address to a test Hotmail account. It turns out that out of the seven different URLs that I had been mailing to our users, four of the domains in those URLs would generate a "550 Message Contains SPAM Content" error when sent from my IP to a Hotmail address, and the other three did not. The message didn't have to contain the banned domain in the From: address; the message would get blocked if it even mentioned the domain anywhere in the message body. (This only happened when sending from my own IP address at peacefire.org. It didn't happen if I tried sending a message from my Gmail account to a Hotmail address, even if the message contained one of the four banned domain names, so the issue probably won't reproduce if you try sending a test message yourself.)

But interestingly, Yahoo Mail started bouncing my messages at about the same time — out of the seven domain names, the same four domain names were being bounced by Yahoo Mail as by Hotmail, also with the error "550 Message Contains SPAM Content." That's far too unlikely to be a coincidence, so it looks as if Hotmail and Yahoo Mail are using a common secret blacklist of domain names that cause a message to be blocked as spam. (As it happens, the other three domains were also being bounced by Yahoo Mail with the error "Message Contains SUSPECT Content" — as opposed to "SPAM Content" — while those three domains were not blocked by Hotmail at all. That of course is aggravating, but the real clue lies in the fact that both Yahoo Mail and Hotmail were giving "SPAM Content" errors to the exact same subset of domains.)

I don't want to publish the list of all seven domain names here, so as not to make it too easy for censorware companies to block them all, but one of the four blacklisted domains was 'golflanding.com.' (All of the new domains I register are nonsensical two-word combinations, since those are the only .com domains that are likely to be (1) still available and (2) easy to remember.) As soon as it seemed like Hotmail and Yahoo Mail were working off of a common blacklist, I checked to see if Spamhaus had screwed up again and listed our domains, but none of the seven domains were on Spamhaus's lists.

I looked up golflanding.com on the blacklistalert.org service, which checks against all major spam blacklists, but no hits were listed there either (except for on some defunct services which haven't been updated in years).

So if Hotmail and Yahoo Mail are both using the domain blacklist, perhaps it's a list compiled by one company and then licensed to the other, or perhaps it's a third-party list not widely known to the public. (Hotmail uses their own SmartScreen filter, but I've found nothing online about Yahoo using it as well.) It's conceivable that one or more of the domains might have gotten blacklisted as a result of Hotmail or Yahoo users clicking their "This is spam" button. However, Hotmail allows newsletter publishers to view data about what percent of their messages to Hotmail users are being flagged by users as "spam," and when I looked up the stats for our IP, they showed a "complaint rate" of less than 0.1% (usually the rest of people hitting 'Junk Mail' to unsubscribe from the list). Assuming that the complaint rates are similar for Yahoo Mail, it's unlikely that the domains got blacklisted as a result of user complaints, unless the blacklist trigger has a ridiculously low complaint threshold.

Neither the Hotmail postmaster site nor the Yahoo postmaster site mention anything about a list of domain names that could cause a message to be blocked for mentioning the domains in the message body. Yahoo Mail does provide a support form for newsletter publishers to send inquiries about why their mail is being blocked; I submitted that on Saturday and started a thread with email "support," although so far their response has just been to copy and paste articles from the Postmaster site, with tips like "Send email only to those that want it." Each time, I reply saying, No, this is not the problem, the problem is that the domains in the messages are getting incorrectly blacklisted, and each time, support cheerfully sends me another article. If I'm not literally talking to a bot, I might as well be.

I opened a similar ticket with Hotmail, and they sent me a form letter saying that the emails were being blocked because of SmartScreen, and that as a matter of policy, they would refuse to fix any errors being made by the SmartScreen filter. Waiting to see if I get a reply from a human next.

So why should you care? Well, for one thing, if you care about users in China and Iran being able to receive proxies to get around their Internet blockers, right now Hotmail and Yahoo are thwarting these proxies more effectively than those countries' own censors are. Yes, these are real people who really do write back to me after a mailing goes out, telling me about how they were able to use the proxies to receive banned political information, and sometimes how long the proxy lasted before the censors blocked it. This week, they had to do without.

But more importantly, this is an example of a general problem: That there are certain types of issues, like blocking of legitimate mail by spam filters, where the "free market" does not deliver the best experience to consumers, and the costs get passed on to everybody. Sometimes the problems could be solved with some effort, but the effort does not get made, because people believe that the free market will solve the problem, or that it already has.

In theory, if consumers have enough information about different companies and their services, the companies can compete to provide the best product to users. The problem is that if one type of information is systematically hidden from users — in this case, the fact that their mail provider is blocking mails from reaching them — then the "theory" falls apart. Since spam getting into your inbox is a visible problem, but missed email messages are an invisible problem, Hotmail's incentive is not to give the user the best experience, but rather to err on the side of blocking legitimate messages — even if the user might prefer to get slightly more spam, than to miss one important email that they were waiting for.

This means we're not just talking about a few messages getting caught in filters, which could happen even in an efficient marketplace. We're talking about a permanent equilibrium where the user gets a sub-par experience by default — a trade-off that causes them to miss more messages than they want to — and senders have to pay the cost of overcoming the marketplace inefficiencies. (Which means if the sender is a business you buy from or a charity you support, the costs get passed on to you.)

Pretty much the entire financial cost of sending email, is attributable to the failure of the "free market" to motivate email providers to deliver non-spam emails into their user's inboxes. If a company or organization uses an email list hosting company like AWeber or Constant Contact to email their users, they pay a fee of about $1 per month for every 100 users on their list (which would run me about $4,000 per month). That fee doesn't go towards bandwidth — even a 1-million-subscriber list, emailed once a month, would use less than 3 GB per month of bandwidth, which is what GeoCities was was giving away for free 10 years ago. What you're paying for is the fact that AWeber and Constant Contact have friends in the right places at Hotmail, Yahoo, and Gmail, so if your mails are getting blocked, they know the people to call to fix the problem. If you run your own list instead of paying a hosting fee to AWeber or Constant Contact, you'll end up paying other costs indirectly, through loss of income when your messages don't reach recipients, or in time and money spent trying to fix the issue. (I have to take this option anyway, since I send different URLs to different random subsets of my list, which is not supported by AWeber or Constant Contact.)

On the other hand, if the market actually "worked" — if email providers did reliably deliver non-spam messages to their users — a company or charity could run their own list for virtually zero cost, and would be able to keep all of that money. (I incur no up-front fees for running my own list; all of the costs are the time spent trying to get Yahoo, Gmail, and Hotmail to stop blocking it.) So every time you donate to a charity or buy from an online retailer, a little bit of that money goes towards the cost of that organization having to fight past marketplace failures in order to get their email to you.

I don't think there's an easy algorithmic solution, like crowdsourcing Facebook complaints or using random-sample voting on Digg. Generally, I just think we need more awareness of the fact that, under certain conditions (including those surrounding email deliverability), the "free market" is virtually guaranteed to arrive at a non-optimal solution. One manifestation of that awareness would be if Hotmail, Yahoo Mail, and Gmail created public points of contact where legitimate email publishers could find out why their emails were blocked, and had real humans responding to the messages and fixing the problems. By default, the imperfect information in the marketplace leads toward an equilibrium that errs on the side of blocking too much legitimate email, so anything that pushes the equilibrium back towards more legitimate messages getting delivered will improve the experience for users and lower costs for senders.

Besides, there's a more basic ethical issue here. If you're Hotmail and you tell your users that you're providing them with "email accounts," then those users expect those accounts to work — including having the ability to receive mails from mailing lists that they've signed up for. Helping legitimate emails get through to users is not just a matter of addressing a marketplace inefficiency, it's a matter of honesty.

Larry Lessig's book "Code is Law" describes how default choices built into the architecture of the Internet and other environments — the "code" — can steer our behavior in ways that we might not choose otherwise. I'm making essentially the same point in saying that some problems are not fixed by market forces, because people are not aware of the problem at all. I think the evidence and the reasoning are straightforward in this case, but it's hard to convince people who have adopted it as an axiom that whatever the free market arrives at, must be the solution. My favorite single sentence in Lessig's book was, "Put your Ayn Rand away." I could imagine the years of pushing against dogmatic fanaticism that led him to write that sentence, and I knew how he felt.

First time accepted submitter FredAndrews writes "A Private User Agent W3C Community Group has been proposed to tackle the privacy of the web browser by developing technical solutions to close the leaks. Current Javascript APIs are capable of leaking a lot of information as we browse the Internet, such as details of our browser that can be used to identify and track our online presence, and the content on the page (including any private customizations and the effects of extensions), and can monitor and leak our usage on the page such a mouse movements and interactions on the page. This problem is compounded by the increased use of the web browser as a platform for delivering software. While the community ignores the issue, solutions are being developed commercially and patented — we run the risk of ending up unable to have privacy because the solutions are patented. The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality. Note, this work cannot address the privacy of information that we overtly share, and there are other current W3C initiatives working on this, such as DNT."

isoloisti writes "Three UK economists got access to national data on bank robberies. The conclusion is that robbing banks pays, but not very much. Average take is about $19k per person per robbery. But, there's a 20% chance of being caught per raid. To make an average income, a robber needs to do two jobs per year, and has greater than 50% chance to be in the slammer after 2 years."

New submitter WIGFIELD7458 writes "This appears to be a major change in plans that will save the Computer Science Department. Thanks to everyone in the Gator Nation and beyond for speaking out! The battle isn't over yet, but this is very encouraging news. I would urge the students, faculty, and alumni of UF to continue to express your support for the essential academic mission of your university."

Frequent Slashdot contributor Bennett Haselton writes "An estimated 200,000 Hotmail users currently have their auto-reply set to a message spamming an advertisement for Chinese scam websites, which sell "discounted" electronics. Presumably the spammers compromised a large number of Hotmail accounts to pull this off, but wouldn't it be pretty easy for Hotmail to query for which users have that set as their auto-reply, and turn the auto-reply off for them?" Read below for Bennett's thoughts.

After a recent mailing that I sent out to a subset of my proxy mailing list, I got back 18 auto-replies from Hotmail users, all substantially similar to this:

Dear friend:
We are an electronic products wholesale .Our products are of high quality and low price. If you want to do business , we can offer you the most reasonable discount to make you get more profits. We are expecting for your business.

Please visit our website: www.wedosale.com

Email: wedosale@vip.188.com .
MSN: wedosale@hotmail.com .

Looking forward to your contact and long cooperation with us!

Our mainly products such the phones, PSP, display TV, notebook, video, computers, Mp4, GPS, xbox 360, digital cameras and so on.

Welcome to visit our website!

Some of the spam auto-replies advertised different websites, and the wording varied between the different auto-responses, but they were all similar advertisements for Chinese electronics "retailers." (And so, I assume, the websites are all fronts for the same company -- if multiple spammers had independently hacked Hotmail users' accounts to set their auto-replies, it would be vanishingly unlikely that those spammers would all happen to be electronics hawkers.) This was from a mailing that I sent to a set of subscribers that included about 26,000 users with "hotmail.com" e-mail addresses. If 18 out of 26,000 users in my sample have had their accounts hacked to send spam auto-replies, then this must be happening to a large number of Hotmail users -- not a large proportion (only one in 1,500, in my sample), but with about 300 million Hotmail users, that would still be a large absolute number.

The same spammers have apparently been spamming through Hotmail auto-replies for at least 11 months, according to this post in the Windows Live Help community forum from January 2009. At first, some pundits seemed to have assumed that spammers had created these accounts themselves and subscribed the accounts to people's lists, in order to spam the list owners (and, if it's a list that accepts subscriber posts, broadcast the spam to the other list readers). However, looking at the addresses in my proxy mailing list that were sending the spam auto-replies, I noticed that (1) our records show that the auto-reply-spamming subscribers joined the mailing list by various means, signing up through different Circumventor websites, not indicative of how a spammer would have joined the list by automated means, and (2) many of their email addresses are associated with legitimate-looking Myspace and Facebook accounts. Thus it looks as if these were real users who joined the list legitimately, and then got their accounts hacked by the spammers, who set those users' accounts to send the spam as an auto-response.

(If you happened to look at the spammers' www.wedosale.com website, at this point you might be thinking: I don't want to give money to spammers, but can I really get a Blackberry for only $295? Couldn't I just order from the website, and then if the goods don't show up or they're not as advertised, I can dispute the charge on my credit card? Well, I signed up for a dummy account on the www.wedosale.com page and got as far as the order page, and the only payment types that they accept are wire transfer, Western Union, and Moneygram -- precisely those types where you cannot get the money back or dispute fraudulent charges. If you've already gone and ordered a Blackberry, don't hold your breath.)

If my 26,000 users were a representative sample of the 300 million current Hotmail users, then with 1 out of 1,500 users in my sample being "infected," I could estimate that about 200,000 Hotmail users (1/1500 times 300 million) are currently set to send spam auto-replies. Hotmail claims to process 3 billion non-spam e-mails per day, for an average of about 10 non-spam e-mails per Hotmail user. That's the average for all users; what's the average for the infected users? Some factors would tend to lead to a lower average for infected users -- if they have lots of friends sending them mail, it's more likely that one of their friends would have told them about the auto-reply spam and told them to turn it off, so perhaps the users still sending the spams are the ones who don't receive a lot of messages from their friends. On the other hand, some of the infected accounts may be receiving more (non-spam) e-mail than average; one reason people sometimes abandon webmail accounts is that they're getting too much mail, even from newsletters like the Circumventor list that they had legitimately subscribed to. So, figuring that factors in both directions roughly cancel out, if each infected user is receiving the average number of 10 emails per day and sending 10 auto-reply spams in response, that's still a total of 2 million outgoing spams per day shilling for nonexistent Chinese iPhones.

These are just back-of-the-envelope calculations, but even I'm overestimating by a whole order of magnitude, that's still 0.2 million auto-reply spams per day, or about 70 million spams that will be sent by this one company through Hotmail's servers in the coming year, if Hotmail doesn't stop it. (And closer to a billion spams in the coming year if I'm not overestimating.)

And it's actually worse than that, because these spams are less likely than average to be filtered, since they're coming from Hotmail's servers. Normally you'd think that the content-based module of a spam filter would have no problem catching a message like the one at the top of this article, especially if millions of similar messages have been spewed out over the past year. However, messages from Hotmail's servers, regardless of content, are less likely to be blocked, since their network has a good reputation for sending little spam overall (due to measures such as requiring users to fill out a CAPTCHA when signing up, blocking each account from sending more than 500 messages per day, etc.). When I sent messages to the infected Hotmail users from my Gmail account, to see if the auto-responses would get through Gmail's spam filter, Gmail's blocked only half of the replies. When I mailed all the users again from my Hotmail account, the results were strange -- most of the users' accounts sent back no auto-reply at all, not even a reply that got routed to my junk folder. (Why would Hotmail accounts not send an auto-reply in response to a message from a Hotmail user? Please post if you have any idea what's going on there.) However, of the infected Hotmail accounts that did send a spam auto-reply, 100% of those auto-reply spams were delivered to my inbox. (Apparently, Hotmail's spam filter usually assumes that messages from other Hotmail users can't possibly be spam.) Only Yahoo Mail's spam filter, when I sent a test message to the infected users from my Yahoo Mail account, blocked all of the auto-replies as junk mail.

For the infected users on my mailing list, I sent them a link to a set of instructions I'd written about how to set and un-set their Hotmail auto-reply and how to change their Hotmail password, with the hopes that they'd eventually see the message and follow the steps. 18 users rescued, 200,000 to go.

So this is basically what's happening, but it still leaves some unanswered questions, such as: Why Hotmail accounts, but not Yahoo Mail, GMail, or AOL accounts? I've never noticed any auto-reply spam sent from any accounts at any of those other services. Whatever the spammers did to gain control of so many Hotmail accounts, if it was profitable for them, why didn't they do the same thing for Yahoo Mail? And, why did only one spammer do this? If they're sending between 1 and 10 million spams per day for free, they're probably making money at it. Whatever they did to hack those accounts, why wouldn't other spammers figure out the same method and copy them?

Presumably the Chinese spammers stole large numbers of passwords from Hotmail users either via a huge phishing attack, or through a security hole in Hotmail or some other part of the Windows Live service. If it was done via a security hole in Hotmail that the spammers discovered, then that would explain why the spammer's methods only worked for Hotmail accounts, and also why no other spammers have copied their techniques. (A phishing attack, on the other hand, would be easy to modify for other webmail services, and would also be easy for other spammers to emulate, so that's not consistent with the observed evidence so far.) I also found this post from blogger Stuart Shelton describing how his account was hacked by Chinese spammers -- and from the blog post, it's clear that he's very tech-savvy and would have been unlikely to fall for a run-of-the-mill password phish. If the attack happened even to people who know what they're doing, that seems to make the security hole explanation more likely.

Perhaps others can come up with some theories about what happened. It's easy to come up with guesses, but the hard part is to reconcile them with the fact that it has only affected Hotmail users so far, and no other spammer seems to have figured out how to copy the same technique yet.

But there's a much simpler question too: Why doesn't Microsoft just turn off the auto-replies for these users' accounts? They can query to see exactly which users have these messages in their auto-replies, and then un-set the auto-reply automatically. Yes, I know that even for a simple database operation like that, there's always more to it when you're managing hundreds of millions of accounts across multiple servers -- but if it will stop this one sender from sending between 50 million and 500 million spams (that in many cases will bypass people's spam filters) from Hotmail's servers in the coming year, isn't it probably worth it?

And even if it wasn't a phishing attack this time, sooner or later some other spammer will probably capture tens or hundreds of thousands of Hotmail accounts using a phish or some other method, and try spamming through auto-replies as well. So if Hotmail "fixes" this batch of auto-reply spam for practice, then the next time it happens, they'll know exactly what to do to take care of it.

I've written some columns where I strongly believed every word but expected a lot of opposition, some where I wasn't sure if I was right and just wanted to see what people thought, and . But I rarely argue something that I think is a no-brainer. Hotmail should un-set the auto-replies for those users whose accounts are spamming for nonexistent Chinese electronics knockoffs, before those accounts send another several hundred million spams in the coming year. Am I smoking crack?

Then again, maybe expectations for Hotmail shouldn't be set too high. I use SpeakEasy for my mail provider, and on about November 19th I found that all messages sent to hotmail.com addresses from SpeakEasy's servers were being bounced with an error message rejecting them for "spam-like characteristics."I called SpeakEasy and they confirmed that they knew Hotmail was blocking all mail from their users (although for "security reasons," SpeakEasy couldn't tell me what they were trying to do about it). The block wasn't lifted until about November 28th, when my messages started getting through again.

If SpeakEasy, which has been in business for 15 years, has annual revenues of $60 million, and was bought in 2007 by Best Buy, can't even get through to Microsoft in less than 10 days to tell them to stop blocking all mail from their servers, then Microsoft should first fix their postmaster trouble ticket system, so that people are not blocked from writing to their friends and family members at Hotmail for a week and a half. Then get to work on the spam auto-responders.

suraj.sun sends along this quote from an Associated Press report: "Opening a government meeting on auto safety, the Obama administration reported Wednesday that nearly 6,000 people were killed and a half-million injured last year in vehicle crashes connected to driver distraction, a striking indication of the dangers of using mobile devices behind the wheel. The Transportation Department was bringing together experts over two days for what it's calling a 'distracted driving summit' to take a hard look at the highway hazards caused by drivers talking on cell phones or texting from behind the wheel. ... Driver distraction was involved in 16 percent of all fatal crashes in 2008. Eighteen states and the District of Columbia have passed laws making texting while driving illegal and seven states and the district have banned driving while talking on a handheld cell phone, according to the Insurance Institute for Highway Safety. Many safety groups have urged a nationwide ban on texting and on using handheld mobile devices while behind the wheel."

suraj.sun excerpts from a tantalizing Engadget post: "Phoenix is showing off a few interesting things at IDF, but the real standout is their new Instant Boot BIOS [video here], a highly optimized UEFI implementation that can start loading an OS in just under a second. Combined with Windows 7's optimized startup procedure, that means you're looking at incredibly short boot times — we saw a retrofitted Dell Adamo hit the Windows desktop in 20 seconds, while a Lenovo T400s with a fast SSD got there in under 10."

Frequent Slashdot contributor Bennett Haselton writes "A judge rules that IP addresses are not 'personally identifiable information' (PII) because they identify computers, not people. That's absurd, but in truth there is no standard definition of PII in the industry anyway, because you don't need one in order to write secure software. Here's a definition of 'PII' that the judge could have adopted instead, to reach the same conclusion by less specious reasoning." Hit the link below to read the rest of his thoughts.

US District Court Judge Richard Jones's recent ruling in Johnson v. Microsoft has been much ridiculed for saying that IP addresses are not "personally identifiable information" (PII) because they identify computers, not individual users. Legions of critics have pointed out that this is like saying home addresses are not PII because they identify houses, not people. And it was pretty silly for Jones to say that "the only reasonable interpretation" of PII would be to exclude IP addresses from the definition — when, as the plaintiffs pointed out, Microsoft's own website defined PII to include IP addresses. (Microsoft has since removed from that definition from their online glossary and replaced with a link to their privacy statement.)

But the open secret in the privacy tech industry is that nobody knows exactly what "personally identifiable information" means anyway, and nobody cares, either. This is not because industry leaders don't care about privacy and security. They do. But being a good, privacy-conscious software architect has nothing to do with nit-picking the details of what counts as PII. If you're designing the new Hotmail, you should just know that passwords should be encrypted when users log in over the Web, that third parties should not be able to query the Hotmail database and harvest e-mail addresses, that users shouldn't be able to extract personal data such as birthdates that are associated with another user's e-mail address, etc. If you don't instinctively know those things already, then memorizing a definition for "PII" is not going to make you a good security-conscious programmer.

Conversely, the major security threats facing Windows users — malware infection through security holes in Windows and Internet Explorer — have nothing to do with the definition of PII or the finer points of Microsoft's privacy policy. There may even be public relations gurus at Microsoft who are glad to see the "IP addresses as PII" controversy in the headlines, if that relatively minor privacy issue distracts the public from the vastly more serious threats posed browser security holes.

There are indeed published definitions of "PII" — the US Office of Management and Budget Memo 07-16 defines PII as:

"information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc."

But that doesn't pass the test of what makes a good definition, which is: If two different people read that definition, and then you gave them an example of a piece of data (such as the school that someone graduated from), would they usually be able to agree on whether that data counts as "PII?" How about IP addresses? From the written definition alone, there's no way to tell for sure.

I actually worked as a contractor at Microsoft at the onset of the PII craze, and in order to commence working on what would eventually become Windows Live, we all had to watch a streaming video about PII, what it was, how to secure it, etc. Near the beginning, the narrator gave some examples of PII, including e-mail addresses, and mentioned that PII should be encrypted when transmitted over the Internet. (I'm not violating any confidentiality; these standards were all publicly released later.) Full of first-week-on-the-job idealism, I looked up the narrator in the company directory and earnestly typed out an e-mail raising some points, such as: Doesn't Hotmail display your e-mail address over an unencrypted connection when you're signed in to Hotmail? And anyway, because the standard e-mail protocols always transmit To: and From: addresses unencrypted over the Internet, how would it ever be possible to "encrypt e-mail addresses in transit" anyway? Wouldn't it make more sense to specify that individual e-mail addresses can be transmitted in the clear one at a time, but if we're ever transferring a large number of them in bulk, it would be wise to encrypt the list, to reduce the chance of it falling into the hands of a spammer?

Then the video kept rolling, and making more statements that seemed to contradict earlier ones, or that were too vague to give me any idea of what I was actually supposed to do in a given situation, and eventually I got the point: We do care about privacy and security. But, there is no algorithm that can determine unambiguously what counts as "PII" or what you're supposed to do in order to safeguard it. You just have to use your common sense and ask around if you're not sure. The main point of the video is to reinforce how important this is, not to impart any actual information.

So Judge Jones could have picked from many possible definitions of "PII," and nobody would be able to call him "wrong," as long as the industry doesn't know what it means, either. What he was really trying to decide was whether Microsoft violated its promise "not to collect PII" during the Windows Update process, because the IP addresses of users doing the downloads were visible to Microsoft's servers. The plaintiffs made some other claims in Johnson v. Microsoft that I think have more merit (basically, arguing that the "Windows Genuine Advantage" anti-piracy tool should not have been foisted on users without their consent as part of the Windows Update process), but on this particular point, I think they were bound to lose on the claim that collecting IP addresses during a download was a privacy violation. After all, if the judge had ruled in their favor on this point, Microsoft would have had to discontinue Windows Update in order to comply with the ruling, and I don't think anybody wants that.

So, maybe Judge Jones just decided that he didn't want to be known as the judge who outlawed Windows security updates, so he determined in advance that he was going to rule that Microsoft did not violate users' privacy by collecting IP addresses during Windows Update. Then he worked backwards from there to find reasoning that supported this conclusion. That's not really how it's supposed to work, but at least he could have had good intentions.

Unfortunately, the reasoning that he hit on was the absurd argument that IP addresses are not PII because they identify computers, not the people who own them. Here's something that he could have said instead:

"I'm not counting IP addresses as PII, because in order to find out who was using an IP address at a particular time, you have to subpoena the ISP. That's what makes them different from names and home addresses, which can be matched to individual people without a subpoena. As long as Microsoft isn't subpoenaing ISPs to find out who was using a particular IP address, for all practical purposes they are not 'personally identifiable.'"

Judge Jones actually started out in that direction by quoting from another case, Klimas v. Comcast Cable Communications, Inc., where the court wrote, "We further note that IP addresses do not in and of themselves reveal 'a subscriber's name, address, [or] social security number.' That information can only be gleaned if a list of subscribers is matched up with a list of their individual IP addresses." And that list matching up subscribers with the IP addresses they were using at a given time, can only be obtained with a subpoena. Jones could have quit while he was ahead and stuck with that reasoning, and he would have avoided all the ridicule that came from his statement about IP addresses.

Or maybe Judge Jones could have just said,

"Look, you don't have a standard definition for PII anyway. You adapt it to each individual situation, in order to determine what privacy protections should be built into each program, by using your common sense. So that's what I'm doing to do in this situation too. And my common sense tells me that having IP addresses visible to Microsoft's servers during the Windows Update process, is not a privacy violation, because that's how downloads work."

That's as good a definition of PII as any. Now let's get back to the real work of stopping Russian porno spammers from pwning our machines in the first place.

theodp writes "Microsoft's new Windows ad made its debut during the Grammy Awards on Sunday. It stars a 4-year-old cutie named Kylie (Silverlight required) showing how easy it is to use Windows Live Photo Gallery to edit and share photos. And while it's impressive that little Kylie is able to transfer a snapshot of her pet fish from her camera to a PC, color-correct it, and e-mail it to her family, what's truly amazing is that the toddler was also apparently able to read, understand, and accept Windows Live's Terms of Use and Privacy Policy. (But minors can't legally execute contracts, can they?)"

bsharma is amongst the hordes of people wanting us to share the news that long beleaguered retailer Circuit City has finally decided to close for good, asking for court approval to close the remaining 567 US stores. "Whalin said management mistakes over the past few years combined with the recession brought down Circuit City. 'This company made massive mistakes,' he said, citing a decision to get rid of sales people and other mismanagement. What's more, given the credit market freeze, Whalin added that no manufacturer wants to sell to any retailer who doesn't have money to pay for the merchandise. At the same time, Whalin said there's still a very slim chance that one or more firms that have expressed an interest in buying Circuit City could still buy it out of bankruptcy over the next few days."

wertigon writes "Windows Live ID just became yet another OpenID-provider. While the cynical me wonders how long it'll be before Microsoft transforms OpenID to something proprietary, they have undoubtedly put even more weight behind the OpenID initiative. So, how long before I can use my OpenID to post on Slashdot?" Patches are always welcome, wertigon ;)

theodp writes "You probably saw media coverage of Bill Gates showing off touch-screen technology to his CEO play group last week. With the introduction of the iPhone and iPod Touch, touch (and multi-touch) technology — which folks like Ray Ozzie enjoyed as undergrads way back in the early '70s — has finally gone mainstream. The only question is: Why did it take four decades for its overnight success? Some suggest the expiration of significant patents filed during '70s and '80s may have had something to do with it — anything else?"

Pioneer Woman writes "Microsoft announced plans to introduce a Web-based service for driving directions that incorporates complex software models to help users avoid traffic jams. The system is intended to reflect the complex traffic interactions that occur as traffic backs up on freeways and spills over onto city streets and will be freely available as part of the company's Live.com site for 72 cities in the US. Microsoft researchers designed algorithms that modeled traffic behavior by collecting trip data from Microsoft employees who volunteered to carry GPS units in their cars. In the end they were able to build a model for predicting traffic based on four years of data, effectively creating individual 'personalities' for over 800,000 road segments in the Seattle region. In all the system tracks about 60 million road segments in the US."

mlimber writes "Dr Dobb's Journal has a peek at what is new in Microsoft's Visual Studio 2008. Most of the features discussed in the article are related to .NET, web development, and the IDE itself. However, Herb Sutter, Microsoft software architect and chair of the ISO C++ Standards committee, blogged about some developments on the C++ front. This includes a significantly enhanced MFC for GUI building, and the inclusion of TR1 (library extensions published by the C++ standards committee, most of which have also been incorporated into the next C++ standard)."

mlimber writes "The New York Times is running a story about multicore computing and the efforts of Microsoft et al. to try to switch to the new paradigm: "The challenges [of parallel programming] have not dented the enthusiasm for the potential of the new parallel chips at Microsoft, where executives are betting that the arrival of manycore chips — processors with more than eight cores, possible as soon as 2010 — will transform the world of personal computing.... Engineers and computer scientists acknowledge that despite advances in recent decades, the computer industry is still lagging in its ability to write parallel programs." It mirrors what C++ guru and now Microsoft architect Herb Sutter has been saying in articles such as his "The Free Lunch Is Over: A Fundamental Turn Toward Concurrency in Software." Sutter is part of the C++ standards committee that is working hard to make multithreading standard in C++."

narramissic writes "Microsoft is tying its Windows Live services directly to Vista — a move that should sound vaguely familiar, as it is precisely what the company did to make IE ubiquitous among Internet users. 'A new unified installer for Windows Live services will help users download Wednesday's updates of photo-sharing, mail, instant messaging, online safety and other services, the company said on its Windows Live Wire blog. The new installer also will automatically update those services on Windows Vista and XP going forward.'"

A couple of days ago Microsoft labs released a demo of their new Photosynth software on the web. Photosynth allows the aggregation of social picture networks (a la Flickr) into a completed image in addition to allowing a level of depth to image browsing previously unavailable. There is also a very impressive video of the demo available.

Lord Satri writes "This week, Microsoft announced their new Live Maps, in addition to supporting Firefox on Windows for 3D, now supports the GeoRSS standard. They join Google which recently announced the support of GeoRSS and KML mapping in their Google Maps API. In short, GeoRSS is a standard supported by the Open Geospatial Consortium that incorporates geolocation in an interoperable manner to RSS feeds. The applications are numerous. With Yahoo!'s support of GeoRSS, all the major players are in and the future looks bright for this emerging standard. As for KML, Google Earth's file format, this new Google Maps integration is not unrelated to the recent announcement of internet-wide KML search capabilities within Google Earth. From the GeoRSS website: 'As RSS becomes more and more prevalent as a way to publish and share information, it becomes increasingly important that location is described in an interoperable manner so that applications can request, aggregate, share and map geographically tagged feeds. To avoid the fragmentation of language that has occurred in RSS and other Web information encoding efforts, we have created this site to promote a relatively small number of encodings that meet the needs of a wide range of communities.'"

AlanS2002 sends in a link from a local Utah newspaper covering the SCO-IBM trial. The Deseret News chose to emphasize SCO's claim that IBM hurt SCO's relationship with several high-tech powerhouses, causing SCO's market share and revenues to plummet. "[A]n attorney for Lindon-based SCO said IBM 'pressured' companies to cut off their relationships with SCO. And 'the effect on SCO was devastating and it was immediate'..." As usual Groklaw has chapter and verse on all the arguments in the motions for summary judgement.

An anonymous reader wonders: "My University has begun a migration of student email services to Windows Live Mail. All students will be forced onto the system by the end of the semester, but it doesn't support POP or IMAP. Because of that limitation, the only freely available mail client it supports is Windows Live Desktop, which is only available on Windows and I'm worried its ads might be vulnerable to malware just like the ones in Live Messenger. I depend on my mail client and I am concerned about this, because we're not allowed to forward our mail but are responsible for information received there from the University and classes, I'm not on a Windows machine, and I don't have the time to regularly check for web-mail, during the day." What are the pros and cons of such a move for a mid-sized or large college? If you were in charge of the communications of a such a university, would you outsource [please note the vendor neutrality, here] your e-mail? Has anyone else's tech department migrated to Windows Live Mail? Why did they make that decision, and how did it work out for the students? For those of us who have already switched our accounts with no way to revert, what ways exist to get around the lack of POP and still use a client? Is there any hope we can get the University to change back or Microsoft to implement POP before the semester's end? How does your University manage their email?"

AlanS2002 writes "Groklaw is hosting an article by Brendan Scott which looks at the misconceptions surrounding the BSD license. From the article: 'We observe that there exists a broad misconception that the BSD permits the licensing of BSD code and modifications of BSD code under closed source licenses. In this paper we put forward an argument to the effect that the terms of the BSD require BSD code and modifications to BSD code to be licensed under the terms of the BSD license. We look at some possible consequences and observe that this licensing requirement could have serious impacts on the unwary.'"

AlanS2002 writes "FreeBSD 6.2 has been released to mirrors. The release notes for your specific platform are also available. FreeBSD is an advanced operating system for x86 compatible (including Pentium and Athlon), amd64 compatible (including Opteron, Athlon64, and EM64T), ARM, IA-64, PC-98, and UltraSPARC architectures. It is derived from BSD, the version of UNIX developed at the University of California, Berkeley. It is developed and maintained by a large team of individuals. Additional platforms are in various stages of development."

An anonymous reader writes "Today as we were biking around our neighborhood in a small city we saw a strange vehicle slowly driving around. It appeared to be an SUV, bristling with cameras mounted on the roof, and pointing just about every possible direction. The first time we saw it, all we could see was that it had a sign on the side, something about Windows. The second time we saw it, we stared at it so hard that the driver stopped and we had a chance to ask him what it was all about. He said he was driving around, filming streets, and that there were people doing this all over the world, and getting data from the air too. It was going to be available on the Web. I asked him if this was Microsoft's answer to Google Earth, and he indicated that it was. There seems to be very little about this on the Web, and I found no mention of Microsoft's collection of this sort of detailed street level data. The Windows site appears to be http://preview.local.live.com/, although since I use a Mac it didn't work properly. I'm not sure I want my neighborhood viewable on the Web from ground level. And are they going to edit all the people out? I don't see how they could."

Lord Satri writes "Microsoft has announced the launch of Virtual Earth 3D. There are numerous screenshots to be seen, as well as a Google Earth comparison from Spatially Adjusted. You can read the Google Earth Blog on why he thinks it's not a threat to Google. C|Net's coverage and the official press release provide lots of concrete details of the product. You can also read more from the development side or see the CBS report on Virtual Earth 3D. My main gripe: Windows and Internet Explorer 6/7 only. From the official press release: 'When people visit Live Search, type a query into the search box and click the "Maps" tab, they get their search results in a map context that offers the option to explore the area using two-dimensional views (aerial and bird's-eye) or three dimensional models with Virtual Earth 3D. This new technology compiles photographic images of cities and terrain to generate textured, photorealistic 3-D models with engineering level accuracy.'"

Lord Satri writes "Microsoft has announced the launch of Virtual Earth 3D. There are numerous screenshots to be seen, as well as a Google Earth comparison from Spatially Adjusted. You can read the Google Earth Blog on why he thinks it's not a threat to Google. C|Net's coverage and the official press release provide lots of concrete details of the product. You can also read more from the development side or see the CBS report on Virtual Earth 3D. My main gripe: Windows and Internet Explorer 6/7 only. From the official press release: 'When people visit Live Search, type a query into the search box and click the "Maps" tab, they get their search results in a map context that offers the option to explore the area using two-dimensional views (aerial and bird's-eye) or three dimensional models with Virtual Earth 3D. This new technology compiles photographic images of cities and terrain to generate textured, photorealistic 3-D models with engineering level accuracy.'"

Lord Satri writes "New around the corner, Microsoft Live Labs' Photosynth, will 'take a large collection of photos of a place or object, analyzes them for similarities, and displays them in a reconstructed 3-Dimensional space.' There's a demonstrational video and a 'smart photos' example page. From the site Very Spatial: 'The word is that Photosynth will be available for free, at least at first, but no word yet on an exact release date.' I must admit, seems like Photosynth may offer interesting features with an clean interface. This tool will directly compete with Stitcher, and to some extent, Google SketchUp. The virtual world reconstruction tools market is getting crowded, and competition is good. Microsoft doesn't yet have software to tie a photo library with Windows Live Local (Google does), but don't be surprised if it comes to life."

Lord Satri writes "New around the corner, Microsoft Live Labs' Photosynth, will 'take a large collection of photos of a place or object, analyzes them for similarities, and displays them in a reconstructed 3-Dimensional space.' There's a demonstrational video and a 'smart photos' example page. From the site Very Spatial: 'The word is that Photosynth will be available for free, at least at first, but no word yet on an exact release date.' I must admit, seems like Photosynth may offer interesting features with an clean interface. This tool will directly compete with Stitcher, and to some extent, Google SketchUp. The virtual world reconstruction tools market is getting crowded, and competition is good. Microsoft doesn't yet have software to tie a photo library with Windows Live Local (Google does), but don't be surprised if it comes to life."

Lord Satri writes "New around the corner, Microsoft Live Labs' Photosynth, will 'take a large collection of photos of a place or object, analyzes them for similarities, and displays them in a reconstructed 3-Dimensional space.' There's a demonstrational video and a 'smart photos' example page. From the site Very Spatial: 'The word is that Photosynth will be available for free, at least at first, but no word yet on an exact release date.' I must admit, seems like Photosynth may offer interesting features with an clean interface. This tool will directly compete with Stitcher, and to some extent, Google SketchUp. The virtual world reconstruction tools market is getting crowded, and competition is good. Microsoft doesn't yet have software to tie a photo library with Windows Live Local (Google does), but don't be surprised if it comes to life."

WinBreak writes "Marketwatch is reporting that, nine months after their announcement, Microsoft and Yahoo! are finally ready to roll out beta IM clients of MSN Messenger and Yahoo! Messenger that will be able to talk to each other." The Windows Live Ideas and Yahoo! Messenger pages have more information; the companies say that the resulting user community will be the world's largest, at around 350 million accounts, and that they'll be using SSL to encrypt the traffic between the systems.

V-man writes "Microsoft has just launched Windows Live Messenger with free PC-to-PC phone calls and PC-to-phone calling as a pay service provided by Verizon Web Calling. Of course, most people doing PC-to-PC and PC-to-phone calling are probably using Firefox...too bad the Launch Page isn't Mozilla friendly."

prostoalex writes "Reuters is reporting on the new release of Yahoo! Messenger, which will allow third-party applications and plugins to run within the Messenger environment. From the article: 'Initial partners include 30 Boxes, a calendar-sharing site that competes with Google Calendar, commodities trading site Hedgestreet.com and Pando.com, which offers a service for sharing videos or other files via BitTorrent technology. More than 100 mini-programs will be available initially.' The application is currently available in beta. Relatedly, Microsoft is removing the beta warning label from Windows Live Messenger and promises better voice communications, landline calls and future integration with Yahoo! Messenger."

novus ordo writes "Microsoft has launched the Windows Live Search. Among the reports, Microsoft Search Senior Product Manager, Justin Osmer says that "The beta, and a revision expected in a few months, will challenge market leader Google."" I like the more dynamic image searching tool. It seems really slow- I'm not sure if that's the dynamicness (is that a word?) or just standard launch lag.

Microsoft Windows still dominates the desktop. But in many other areas, including Web servers and supercomputing, Microsoft is just one player among many, and often a weak player at that. On the gaming side, despite the latest xBox getting all kinds of media buzz as "the" console to buy, Sony's Playstation outsells the xBox at least two to one, and many analysts expect Sony to widen that gap even more when Playstation 3 comes out in the Spring of 2006. On the Internet, MSN and MSN Search are so far behind AOL and Google that it isn't funny. And even on the desktop, Linux keeps getting stronger, while Mac OS X is commonly accepted as more reliable, secure, and user-oriented than Windows. So why do we keep saying Microsoft is a monopoly? Microsoft (Slowly) Moves Away from Monopolistic Behavior

If a major IT user tells a Microsoft salesperson that he or she is thinking about switching to Linux, Microsoft will usually come back with a cut-price offer, something the company never used to do. Microsoft also now sells something called Windows Starter Edition in some parts of the world -- supposedly for as low as $37 or $38 (US) in Thailand, including a basic version of Microsoft Office. In other words, Microsoft is starting to compete on price, which is not monopoly-style behavior.

This does not mean Microsoft has suddenly adopted a "let's all love one another" attitude.I believe Microsoft is getting more concerned about interoperability not out of goodness, but because of market pressure. But in the long run, as long as Microsoft stops treating every other operating system and file format as some sort of devilspawn, life is a little easier for those of us who would rather not use their products, and that's what really matters.

Microsoft Explorer No Longer Rules the Online World

A majority of desktop computer users may still run Microsoft's Internet Explorer browser, but it no longer has 95% market share. In a 2002 book, and again last year in an online article, I warned Web designers not to make IE-only sites, just as in the (distant) past I'd warned them not to make Netscape-only sites. Some listened. Some didn't.

Firefox adoption may have slowed in 2005, but it certainly hasn't stopped. Opera has become enough of a force that we hear rumors about first Google, then Microsoft, buying it. In any case, whether MSIE is currently running on 90% of all desktops or on only 70% (as a few surveys indicate), it is becoming less popular every month. Now Microsoft has decided that Explorer is no longer fit for Mac users, so its market share will drop even more. Sure, there's a new version of Explorer coming out, but it isn't going to help the millions of "legacy" Windows users who don't want to buy XP. If they want modern browser functionality, they must switch to Firefox, Opera or another non-Microsoft browser.

'The Network is the Computer'

I don't think this is quite true today, if by "the network" we're talking about applications delivered over the Internet instead of over well-maintained LANs. Back in October I explained why I don't think Internet-delivered applications are quite "there" yet. More recently, Salesforce.com had an outage that angered many of its (claimed) 350,000 subscribers. Worse, ZDNet blogger Phil Wainewright pointed out that Salesforce.com compounded the problem, and possibly made users leery of all Internet-delivered applications' claims of "99.9% reliability," by poor communication with its users.

Most of the Web 2.0 (and even Web 3.0) stuff that's getting so much hype these days is not OS-dependent. You can run things like Google Maps on Linux, Mac OS, Unix, and even Windows, using any standards-compliant browser you choose.

Even Microsoft is trying to get into the Web 2.0 game. I got a press release from their PR people that included this sentence:"And if you enjoy taking a drive to check out your neighborhood’s Christmas lights visit this great Windows Live Local developer application at http://msnsearch101.com/searchmap."

I found this online utility's behavior strange and primitive, not nearly up to the standards of Google Maps and some of the mashups based on it. "Ah," I thought, "that's probably because I'm trying to use it with Linux and Mozilla." So I turned to my one Windows (XP) computer and checked the site with both Firefox and Explorer. For some reason the map background didn't load at all in Firefox, on Windows, and its behavior in Explorer, on Windows, was just as clunky as it was in Mozilla, on Linux.

If this is supposed to be a sample of what Windows Live Local can do, I don't think Microsoft is headed for any kind of monopoly -- or even much market share -- in the online map business. Not only that, it makes me wonder how good their promised Microsoft® Office Live is going to be. If even a quarter of the rumors we've heard about Google and Sun joining up to produce a Webified version of OpenOffice.org are true, I suspect Microsoft is going to be a distant also-ran in the (inevitable) Internet-delivered office software business, too.

Hundreds of Thousands of Competitors

It's fun to play the "Google is cooler than Microsoft" game and talk about how Google, not Microsoft, has become the hot place for top-end programmers to work if they want to make their mark on the world, but even Google can only hire a tiny fraction of the world's software development talent. There are over 100,000 Open Source projects on SourceForge.net (which is owned by the same company that owns Slashdot), and SourceForge.net is but one of many Open Source and Free Software hosting services out there. There are literally millions of programmers working on Free and Open Source Software, plus countless others working on personal proprietary projects.

We've all heard -- probably too many times -- the old saw, "If you have enough monkeys banging randomly on typewriters, they will eventually type the works of William Shakespeare." This may or may not be true. But it is certain that if you put millions of programmers in front of millions of computers and let them do whatever they want, some of them will turn out brilliant, world-changing work. Even if 999 out of 1000 of our putative programmers work on established projects or never finish what they start, that still gives us thousands of potential world-changing software projects, most of which won't be developed by Google (or Microsoft) employees.

I've been to India, and the smartest programmers I met there weren't working for outsourcing mills but worked for themselves. I'm sure there are plenty of self-employed programmers in China, Brazil, Kenya, and almost everywhere else on this planet, too, and there are certainly plenty of them here in the United States. And, all over the world, millions of programmers have day jobs doing routine work for corporate employers to put food on the table, and do their "real work" at home, at night.

Neither you nor I nor Google's management nor Microsoft's management know what might be going on right now in the mind of a brilliant Saudi woman with a computer science degree who can't work outside her home because her country's laws keep her from mixing with men who aren't related to her. There may be a poorly-dressed young man coding furiously in a Beijing Internet cafe, while you read this article, whose new operating system will make all current ones obsolete -- and you may not learn about his work until it shows up in a Chinese-made $100 laptop computer.

When Bill Gates and his friends started Microsoft, it was one of very few companies that sold nothing but personal computer software, and the others were so small that Microsoft managed to buy most of its competitors -- or at least license their best work or hire away their best programmers. Back then, programmers were scarce and expensive, as were the computers they programmed on. Now there are both programmers and computers all over the world, linked together by the Internet. The Internet not only helps programmers collaborate with each other across geographic boundaries, but allows them to distribute their work without shipping physical products.

The only reason to have a software company's employees work in an office these days is control, both of employees' schedules and of what they work on. Self-motivated geniuses have no need of offices and may even resent being asked to show up at one on a regular schedule, which means that many of the world's best programmers will never work for Google, Microsoft or any other company. Instead, they'll start their own software companies or, in many cases, Open Source-based consultancies.

So Microsoft doesn't face a few dozen competitors, as it did in the 1980s, but hundreds of thousands. And these competitors are spread all over the world. This kind of competition is a lot harder to co-opt, buy out or fend off than competition from a single company, a la Netscape, or even from a group of companies as substantial as IBM, Sun, Oracle, and their computing industry peers.

Competition has Forced Microsoft to Improve its Products

Microsoft may no longer be able to hire all the top programmers it wants, but there is already plenty of talent among its 60,000-plus employees, and they have done some excellent work in recent years. Windows XP is immeasurably better and more stable than Windows ME or Windows 98. The next generation of Explorer will have many of the modern browser features that those of us who use Firefox or Opera have gotten accustomed to. Microsoft Office may not have some of the features OpenOffice.org users take for granted, like a built-in graphics utility, the ability to act as a front end for industrial-strength free databases like MySQL, and the ability to save your work in 30+ different Open and proprietary formats, including PDF. But Microsoft Office today is a lot better than it was 10 years ago, and the next version may even use a sort-of free XML file format that may not be as open and standardized as the OASIS Open Document Format used by OpenOffice.org, but is less closed and less proprietary than previous Microsoft file formats.

A true monopoly would not need to make these improvements in its products. It would give you whatever it wanted, at whatever price it wanted to charge. It would not be selling cut-down versions of its products at cut-rate prices in developing countries -- many of which, you may note, are rapidly turning into "software developing" countries.

Without Linux, combined with Apple's move to BSD-based Mac OS X, I doubt that Microsoft would have put much development effort into Windows. They sure didn't do much with Explorer between the time they crushed Netscape and the time when Firefox started making a big splash, did they?

The U.S. antitrust case against Microsoft wasn't about the company being a monopoly (which courts agreed that it was at the time), but about illegal misuse of that monopoly. That case was settled in a way that left Microsoft essentially unharmed, but with a judge overseeing its actions for five years, a time period that is going to end before long.

The Age of the Software Monopoly is Over

IBM tried to create a monopoly in the business desktop computer business, but failed to hold onto its market-leading position as dozens, then hundreds, and later thousands of competitors made better/faster/cheaper PCs. Even today, while Dell is the world's largest personal computer vendor, if you add up all the market share reports from major computer vendors in this C|Net article, you'll see that they account for around 60% -- not 100% -- of total sales, with smaller companies getting the rest. (And some of those companies are *really* small, like the one-man Bradenton, Florida, shop where my sailing buddy Gene just bought his latest home computer.)

The personal computer hardware business has become totally demonopolized, decentralized, democratized, and internationalized. If you have enough mechanical ability to assemble components neatly (and enough sales ability to get people to buy what you make), you can get into it yourself with a very small investment, just as Michael Dell started out reselling computer components and assembling systems in his college dorm room.

Starting a software business takes even less investment. If you're a competent programmer -- or you have a friend who is a competent programmer and you are a whiz-bang marketing person -- you have everything you need to get going. You can either produce and sell proprietary software or customize (and probably install and maintain) Free or Open Source Software for corporate clients. If the Internet is your primary sales and distribution channel, you don't need to live and work in expensive IT business hotbeds like Silicon Valley or Boston, either: JBoss, for example, is based in Atlanta, Georgia; and Digium, the company behind Asterisk, is in Huntsville, Alabama.

There are software businesses springing up all over the place. Most of them are tiny, and few of them will ever get big enough that analyst firms like Gartner or IDC will track their market share (or even notice them). But there are so many of them being started that, in aggregate, they are becoming a more significant market force than any single big software company, even Microsoft.

This doesn't mean Microsoft will be replaced next year by 100,000 startups. The company will still be around, it will still get lots of press, and -- assuming it embraces (but does not keep trying to extend and extinguish) Open Standards -- it will still be a powerful force in the software world.

But no matter what Microsoft does, it will never have a software monopoly again. Nor will any other company. The barriers to entry in the software business have become too low for that to happen, and too many skilled software developers are learning that they can earn at least as much working for themselves as they would by working for big software companies.

Small is Beautiful was a fine book title in 1973. Today, it's a fine description of the software industry's future.

-----

Have something important to say to the Slashdot community? Email roblimo at slashdot period org the complete article (or an article proposal).

dualcore writes "PC Magazine is reporting that Windows is going live with a 'new online local search and mapping service.' The interface is pretty close to Google Local, but with subtle enhancements, such as right-clicking anywhere on the map brings up a context menu or the way you can click on a point on the map to select it for directions. The final word on which service is better remains to be seen but this competition will certainly benefit the end-users."

Chris Gondek writes "The Register has a story reporting that Microsoft has released a free beta of its upcoming anti-virus application. According to Microsoft, the new anti-virus application known as Windows OneCare Live is 'like taking your PC in for a tune up at the service station'. Microsoft announced in May that it would be releasing an anti-virus application based on software developed by GeCad, a Romanian anti-virus company that Microsoft purchased several years ago." More details from InformationWeek.

daria42 writes "In a press conference this morning, Bill Gates said Microsoft plans to launch Internet-based complements to its core products, dubbed 'Windows Live' and 'Office Live'. Windows Live is a set of Internet-based personal services, such as e-mail, blogging and instant messaging. It will be primarily supported by advertising and be separate from the operating system itself. Office Live will come in both ad-based and subscription versions that augment MS' Office suite. The programs won't replace the paid software but instead seem aimed at diminishing Google's ad revenue. Windows Live already appears to have 'gone live' in a preview format on the web."

Ross Finlayson writes "In a message posted to the IETF general mailing list, Bob Braden reminds us that, on January 1st, 2003, 20 years will have passed since "the most logical date of origin of the Internet [...] when the ARPANET officially switched from the NCP protocol to TCP/IP". And the rest is history..."

Ross Finlayson writes: "According to this upcoming news release, a University of Southern California has re-analyzed the data from the 1976 Viking Mars lander's soil experiments, and has discovered evidence (including circadian rhythms) that he concludes strengthens the case for life being present on Mars. The scientist also noted the difficulty in gathering the experiment's original data: 'The data were on magnetic tapes, and written in a format so old that the programmers who knew it had died.'"