Slashdot Mirror

surfingmarmot writes "An HBO executive has figured out the problem with DRM acceptance — it's the name. HBO's chief technology officer Bob Zitter now wants to refer to the technology as Digital Consumer Enablement. Because, you see, DRM actually helps consumers by getting more content into their hands. The company already has HD movies on demand ready to go, but is delaying them because of ownership concerns. Says Zitter, 'Digital Consumer Enablement would more accurately describe technology that allows consumers "to use content in ways they haven't before," such as enjoying TV shows and movies on portable video players like iPods. "I don't want to use the term DRM any longer," said Zitter, who added that content-protection technology could enable various new applications for cable operators.'"

Timogen writes to tell us Wired is reporting that a research team is reporting that they have found a way to "controllably couple qubits" bringing us one step closer to quantum computing. "In classical computer science, bits -- or binary digits -- hold data encoded as ones and zeros. In quantum computing, data is measured in qubits, or quantum bits. As such, a qubit can have three possible states -- one, zero or a "superposition" of one and zero. This unique property theoretically makes quantum computing able to solve large-scale calculations that would dwarf today's supercomputers. But qubits in isolation are not very useful. It's only when they can be connected to one another that large-scale processing becomes possible."

Fahrvergnuugen writes "Wired is running a story about how an ex-lover of the missing wife of accused spouse killer Hans Reiser has confessed to killing eight people unrelated to the case. While Reiser will still stand trial for the murder, this development will undoubtedly complicate things."

cyberianpan writes "Wired is carrying commentary on the story that Brussels police have begun an investigation into a citizen's allegations of rape in Second Life. For reasons of civil liberty & clarity we'd like to confine criminal law to physical offenses rather than thought crimes but already threats, menace & conspiracy count as crimes. Could we see a situation where our laws extend?"

CoolVibe writes "From the abstract in the talk: "World-renowned Science Fiction writer and futurist Bruce Sterling will outline his ideas for SPIMES, a form of ubiquitous computing that gives smarts and 'searchabiliity' to even the most mundane of physical products. Imagine losing your car keys and being able to search for them with Google Earth." It's a very interesting lecture given by Bruce Sterling about something we might see in the near future. The lecture can be viewed here on Google Video."

netbuzz noted that Bruce Schneir's latest column discusses the security industry where he points out that "The primary reason the IT security industry exists is because IT products and services aren't naturally secure. If computers were already secure against viruses, there wouldn't be any need for antivirus products. If bad network traffic couldn't be used to attack computers, no one would bother buying a firewall. If there were no more buffer overflows, no one would have to buy products to protect against their effects. If the IT products we purchased were secure out of the box, we wouldn't have to spend billions every year making them secure."

bricko noted a story of our modern journalism world gone so wrong it makes me sad. "Editor-in-Chief Harry McCracken quit abruptly today because the company's new CEO, Colin Crawford, tried to kill a story about Apple and Steve Jobs." The link discusses that the CEO was the former head of MacWorld and would get calls from Jobs. Apparently he also told the staff that product reviews had to be nicer to vendors who advertise in the magazine. The sad thing is that given the economics of publishing in this day and age, I doubt anything even comes of this even tho it essentially confirms that PC World reviews should be thought of as no more than press releases. I know that's how I will consider links from them in the future. But congratulations to anyone willing to stick to their guns on such matters.

I was surfing through my usual tech sites for the latest news when I came across an article on Wired News. It turns out Steve Case is not alone in the quest to fix the health care system. I guess I don't get what the big attraction for these guys are.... I know the US's health care system is messed up, but I'm not sure technology can fix all of the aches, pains and dysfunction in our current system. I don't get why they don't just join a major company's board or start a hip/trendy start-up....

Game|Life is posting about a new agreement between Valve and an outfit called Tournament.com that will allow for an official Counter-Strike/Half-Life 2 Multiplayer game competition service. It sounds a lot like online poker tournaments, where players ante into a pot and the winner walks away with the results. "Another option is a perpetual, ongoing game that players can drop into at any time. If you get killed, you lose $1. If you kill another player, you get $1. When your virtual 'wallet' is out of money, you're done playing. Until you add some more funds with a credit card or PayPal, that is. For now, Tournament.com is strictly small stakes. Entry fees for the example tournaments were $3.60 for each of six players, with an $18 pot split between first, second, and third place. Company representatives said they're considering high-roller tournaments, but want to make sure the service has been fully field-tested, and potential cheating methods blocked off, before big money starts getting thrown around." One of the findings of the SOE White Paper was that some people are perfectly happy making money off of their gaming hobby. How long before we see similar livelihoods via this service?

anti-human 1 writes to tell us Wired is reporting that DARPA is developing a new optics system to help soldiers identify threats earlier. "The most far-reaching component of the binocs has nothing to do with the optics: it's Darpa's aspirations to integrate EEG electrodes that monitor the wearer's neural signals, cueing soldiers to recognize targets faster than the unaided brain could on its own. The idea is that EEG can spot 'neural signatures' for target detection before the conscious mind becomes aware of a potential threat or target. [...] In other words, like Spiderman's 'spider sense', a soldier could be alerted to danger that his or her brain had sensed, but not yet had time to process."

denebian devil writes "Wired.com has obtained a copy of updated US Army rules (pdf) that force soldiers to stop posting to blogs or sending personal e-mail messages without first clearing the content with a superior officer. Previous editions of the rules asked Army personnel to "consult with their immediate supervisor" before posting a document "that might contain sensitive and/or critical information in a public forum." The new version, in contrast, requires "an OPSEC review prior to publishing" anything — from "web log (blog) postings" to comments on internet message boards, from resumes to letters home. Under the strictest reading of the rule, a soldier must check with his or her superior officer before every blog entry posted and every email sent, though the method of enforcing these regulations is subject to choices made by the unit commanders. According to Wired, active-duty troops aren't the only ones affected by the new guidelines. Civilians working for the military, Army contractors — even soldiers' families — are all subject to the directive as well, though many of the people affected by these new regulations can't even access them because they are being kept on the military's restricted Army Knowledge Online intranet. Wired also interviewed Major Ray Ceralde, author of the new regulations, about why this change has been made."

denebian devil writes "Wired.com has obtained a copy of updated US Army rules (pdf) that force soldiers to stop posting to blogs or sending personal e-mail messages without first clearing the content with a superior officer. Previous editions of the rules asked Army personnel to "consult with their immediate supervisor" before posting a document "that might contain sensitive and/or critical information in a public forum." The new version, in contrast, requires "an OPSEC review prior to publishing" anything — from "web log (blog) postings" to comments on internet message boards, from resumes to letters home. Under the strictest reading of the rule, a soldier must check with his or her superior officer before every blog entry posted and every email sent, though the method of enforcing these regulations is subject to choices made by the unit commanders. According to Wired, active-duty troops aren't the only ones affected by the new guidelines. Civilians working for the military, Army contractors — even soldiers' families — are all subject to the directive as well, though many of the people affected by these new regulations can't even access them because they are being kept on the military's restricted Army Knowledge Online intranet. Wired also interviewed Major Ray Ceralde, author of the new regulations, about why this change has been made."

denebian devil writes "Wired.com has obtained a copy of updated US Army rules (pdf) that force soldiers to stop posting to blogs or sending personal e-mail messages without first clearing the content with a superior officer. Previous editions of the rules asked Army personnel to "consult with their immediate supervisor" before posting a document "that might contain sensitive and/or critical information in a public forum." The new version, in contrast, requires "an OPSEC review prior to publishing" anything — from "web log (blog) postings" to comments on internet message boards, from resumes to letters home. Under the strictest reading of the rule, a soldier must check with his or her superior officer before every blog entry posted and every email sent, though the method of enforcing these regulations is subject to choices made by the unit commanders. According to Wired, active-duty troops aren't the only ones affected by the new guidelines. Civilians working for the military, Army contractors — even soldiers' families — are all subject to the directive as well, though many of the people affected by these new regulations can't even access them because they are being kept on the military's restricted Army Knowledge Online intranet. Wired also interviewed Major Ray Ceralde, author of the new regulations, about why this change has been made."

If you were to just look at downloadable content this week, Wii and 360 owners would have a lot to cheer about. Virtual Console downloads include the (under-appreciated) Legend of the Mystical Ninja and the original Castlevania. Xbox 360 owners can finally sink their teeth into the board-game spectacular that is Settlers of Catan. Classic titles Millipede and Centipede will also be on offer via Xbox Live Arcade. Unfortunately, there are some less cheery things to discuss as well. Virtual Console sales are down, apparently, and some analysts are questioning whether Nintendo's success may be bad for the industry overall. As for the 360 ... the Elite may be bringing back some old problems. 'Red Rings of Death' have already been reported with the just-released consoles, and DRM issues with Live Arcade titles on the 'upgraded' system are making some new owners frustrated.

The following was written by frequent Slashdot editorial contributor Bennett Haselton. He writes "Recently author Annalee Newitz created a bit of a stir with the revelation that she had bought her way to the front page of the story-ranking site Digg. Since Digg allows any registered user to go to a story's URL and "digg it" in order to push it upward through the story-ranking system, it was inevitable that services like User/Submitter would come along, where a Digg user can pay for other users to cast votes to push their story up to the top. User/Submitter says they are currently backlogged and not taking new orders, but they say the service will return and will soon feature services for manipulating similar sites like Digg competitor reddit. Even if the new U/S features are vaporware, it probably won't be long before other companies offer similar services. But it seems like all of these story-ranking sites could prevent the manipulation by making one simple change to their voting algorithm."

Before getting to that though, what's at stake? The revelation that Digg could be trivially manipulated did not cause the site to be overrun with bogus stories all at once -- most of the links on the front page still look interesting. Newitz said that her story, which was deliberately chosen to be as lame as possible, got buried by users soon after it hit the front page, which is how Digg cleans spam stories out of the system. However, she also said that in the time that the story was on the front page, the story got about 35,000 hits, whereupon her server crashed and the traffic was thereafter divided with two other mirror sites; presumably if the server had stayed up, she would have gotten about 100,000 hits, all for an initial expenditure of $100, which is orders of magnitude cheaper than buying advertising any other way. (If she had done the same thing with a good story instead of a deliberately lame one, presumably the traffic gains resulting from word-of-mouth and repeat visitors would have been even higher.) As long as the benefits outweigh the cost, more and more unscrupulous users are likely to pay for such services, and since the service provided by User/Submitter is easy to copy, probably similar services will spring up to drive the price down even further. If nothing changes, then eventually sites like Digg and reddit will be flooded with nothing but paid stories. Most of the stories on the front page will probably still be interesting (why would you pay to promote a link, unless it was good enough to draw repeat visitors and get the most value for your money?), but everybody who didn't pay for votes would eventually get crowded out.

One Good Samaritan, Jim Messenger, managed to shut down one Digg manipulation service called Spike The Vote, by buying it out (for a paltry $1,275 - they must have wanted to get out fast) and then turning over to Digg. He warned people that the moral was: Don't sign up for Digg manipulation services, since Digg might get your information from them and then you'll be banned. Actually, I think the moral is simpler: if you're going to try anything like that, do it from a throwaway account that you don't care about losing if you get caught. (Or, only sign up with manipulation services which publish a privacy policy promising never to share your information, especially not with sites like Digg. Then if Digg buys them out, then the site has violated their privacy policy and Digg as the new owner inherits the liability for that, so you can sue them, right?) But as the idea spreads, it will probably become impractical to play whack-a-mole by shutting down manipulation services as they keep springing up. Any time the cost of providing a service (clicking on a few buttons) is small compared to the benefits of receiving the service (100,000 hits in 24 hours), a market will exist for it one way or another, whether you're talking about drug-smuggling, prostitution, or selling Digg votes.

However, I think there's a way to fix it, and here it is. Have you ever seen people put a link in their profile to their HotOrNot picture, saying "Go here and vote me a 10!!"? Similar to the people who send links to their friends and say, "I just posted this, please Digg this for me!" The difference is that on HotOrNot, it doesn't work. On HotOrNot, you can cast votes for a picture in one of two ways. The first way is to go directly to the URL for someone's picture; the second way is to load the front page, where a random picture from the database is selected at random, and vote for whatever picture comes up. The catch is that the votes that you cast by going directly to someone's picture, are simply ignored in calculating the average score for that photo. The only votes that are counted are the votes cast for random pictures displayed on the front page. So if you want to manipulate the voting for your own photo, you'd have to load the front page hundreds of thousands of times waiting for your own picture to come up repeatedly, which is hard to do without being detected.

To enable an algorithm like this on Digg and reddit, the sites could present users with a sidebar box that displays random stories from the pool of recent submissions. (reddit already has a serendipity feature that users can use to select a random story from the available pool, which could be leveraged for this purpose.) Once a story has collected, say, 100 votes -- or whatever number is considered sufficient to provide a representative random sample of how the story appeals to people -- then on that basis the story can either be buried or promoted to the top, where it would be seen by, say, 100,000 people. The elegance of this system is that bad content would only be seen by 100 people on average before it's buried, whereas good content would be seen by all the 100,000 people who view it on the front page, so the average user sees 1,000 pieces of good content for every 1 piece of crap. Even if 75% of users ignore the random story box completely, that just means you have to display it to 400 users instead of 100 before you have enough data points for a good random sample.

I suggested essentially the same algorithm for how an open-source search engine could work without being vulnerable to gaming even by those who understood all of its inner workings. The main difference, of course, is that Digg and reddit actually exist now. Digg declined to comment on the possible merits of such an algorithm; reddit's Steve Huffman said that the idea sounded interesting, although even if the idea got full buy-in, naturally any proposed change would take a long time to bring to fruition.

But it seems that an algorithm similar to this one would be the only way to prevent cheating on sites like Digg that sort content based on user votes. So it's ironic that HotOrNot, the only site I know of that is using a variation of this algorithm and hence is probably the most secure against cheating, is also the one where cheating is least likely to be a problem. Getting a high placement on Digg might enable you to make some money, but getting a highly rated picture on HotOrNot isn't going to make you rich (unless it helps you meet a millionaire who is using the site to find his third wife). Also, making HotOrNot meritocratic doesn't give people an incentive to improve the "content" that they submit, because up to the limits of what can be done with hair and wardrobe, you can't make yourself that much more attractive. With Digg and reddit, on the other hand, I might work harder at submitting a good story, if I knew that it worked in a perfectly meritocratic fashion that pushed good stories right to the top.

If you do this, you don't need any of the other countermeasures listed in Annalee Newitz's follow-up piece "Herding the Mob", such as analyzing user account history for suspicious behavior. As long as most users in the system are legitimate, most of the users in your random sample will be legitimate as well, and their voting will be representative of what most of the community would think. A story could also get a high score within a specific sub-area of the site like the sports page, but kept off of the main site front page, if the story got a high score from a random sampling of sports-oriented users but a low score from a sample of everyone else.

You could even sub-divide the topical areas further, down to a level of granularity like "Would Barack Obama make a good president?" A site called Helium is currently trying something like this -- users can submit essays on subjects like "Racial inequality or oppression: Do they truly exist in todays society?", and vote on how to rank other essays against each other. The voting works on the random selection principle that I'm advocating here -- users are presented with a pair of randomly chosen essays from a given category (not necessarily the same category for which you submitted an essay) and told to vote for the better one, so there's no way to tell all your friends to go to the link for your essay and give it a high rating. The main limitation though is that while the votes can push you to the top of a particular sub-category, that won't cause your article to "break out" and get to the front page of the site -- Helium says that those front-page articles are chosen at random by employees from the among those articles that are highly rated within their narrow category, so just being good is not enough. And if you want to write something that doesn't fit into any existing categories, you have to create a new category for your essay like I did, which will then be a category containing one essay that nobody else ever sees. Perhaps both of these limitations could be overcome by adding the option to rate randomly selected essays on a scale of 1 to 10 -- thus providing a way to rate essays that exist alone in their own category, and also a way to find the best essays across the entire site, rated against each other.

If Digg or reddit adopts a model that uses the random-voter-selection method, then there's the issue of how to handle the votes cast by users under the current system -- the ones who go to a story link and click "digg it", which is what makes the existing system vulnerable to gaming. Digg could do what HotOrNot does, and just ignore those votes outright, but users would probably view this as deceptive. Perhaps Digg could say that votes cast by self-selected users (the ones who go straight to the story link) are counted along with votes from randomly-selected users, unless the average of the self-selected votes is significantly different from the average from the randomly-selected votes, in which case the self-selected votes are ignored. Hopefully this would satisfy most users and preserve the "community" feel of the site, and only a spoilsport would point out that counting the self-selected votes only if they agree with the randomly-selected votes, is exactly the same thing as ignoring the self-selected votes entirely.

I asked the owner of User/Submitter what he thought about this. He was willing to talk with surprising candor (except about things like his real name) and spoke as if he'd like nothing better than for Digg to make changes to their service that would block his system from working. To both Annalee Newitz and me, he said, "We find it interesting that Digg still allows anybody to view any user's diggs. By way of this 'feature,' User/Submitter is able to verify that our users actually digg the stories they're given. Without this feature, Digg users are given complete digging privacy, and User/Submitter cannot exist." Some have expressed skepticism that the Digg cheaters really want Digg to fix the problem. But as a security tester, I can understand that mentality. If you report a problem, and a company doesn't fix it, eventually you get tempted to publicize the problem to draw attention to it. And if they still don't fix it, and it's a fairly benign security hole that merely enables some pranksters to get some undeserved attention, why not build a service around exploiting the hole, if will highlight the problem and encourage it to get fixed?

So I'm going to go out on a limb and say the U/S guy sincerely wants Digg to be more secure. However I disagree with him about his proposed fix, that of hiding a user's digg history. First of all, it won't stop anyone who creates a multitude of accounts all under their control -- you can use Tor to make it appear that you're coming from many different IP addresses, and build up a history of "legitimate" votes before using your votes to push sites deliberately. (Be sure to use different browsers, or vary your User-Agent header if you know how to do that, so that a series of votes from identical browser types doesn't give you away.) If your service does work by paying other users to cast votes, then you could still audit whether they're casting their votes honestly -- for example, create a test story, use 5 sockpuppet accounts to digg it 5 times, then tell your confederate to digg it. If the number of diggs doesn't go up to 6, then you know they're not honoring their end of the deal, and kick them out of the system. As long as most confederates think there might be some chance of getting caught if they don't play along, most of them would probably cast the votes that they were paid for, since it costs them nothing to do so and they wouldn't want to jeopardize their stream of easy money.

I asked the owner of User/Submitter if his service could defeat the random-sampling algorithm I described. "It would slow down our service," he answered, "but certainly wouldn't eliminate it because eventually a U/S User will have an opportunity to vote on a U/S Submission by way of chance." But I don't see how this would beat the algorithm -- some U/S voters would still get to vote on the story, but as long as there are far more legitimate voters than U/S voters, then a random sampling will almost always contain far more legitimate voters. The U/S owner also said, "Randomized voting privileges would be unnecessarily confusing, frustrating, and fragmenting. Not to forget: unfair and undemocratic." Well, you could keep it from being "confusing" or "frustrating" by keeping the existing interface (with the possible addition of a randomly-selected-story box), so that the only changes would be in how the votes are handled under the hood. "Fragmenting"? If anything, it seems to me that the existing Digg/reddit algorithms would be more fragmenting, keeping users within their existing communities of friend who vote for each others' stories; a random-selection box would give stories with "crossover appeal" a greater chance of success, bringing them to the attention of users who might otherwise never have seen them. As for "unfair and undemocratic", presumably this is a reaction to the fact that the votes of 100 users decide what everyone else sees. But it's already the case with Digg that the votes of a small number of users decide what content becomes popular. At least with a random sample of users, it would be the case that the vast majority of the time, the voting outcome would be the same as it would have been if the entire site had voted, due to the magic of representative sampling.

So, I'm putting this suggestion out there for the same reason that Jim Messenger bought out Spike The Vote -- because I don't want sites like Digg and reddit to be manipulated by the abusers. In fact, if they used this algorithm, they would become more meritocratic than they are now, because the systems would strictly favor the highest-rated content, instead of content written by people who have informal networks of friends who can all go digg their stories for them. If I were to design the user rating system to make it cheat-proof, these are the exact details of what I would do:

• Wherever they decide to post the "random story sampling" box (on the front page, or on a link off to a separate page, etc.), have it work so that as soon as new stories are submitted, they can be rotated into that box and displayed to a random set of users, until it's reached its total of 100 votes or however many are required to get a random sample.
• You can have "shutout voting" to kill off stories early that are obvious spam or otherwise really useless, without going through the full 100 votes. (For example, if 90% of the first 10 votes are negative, then stop collecting votes.) This decreases the number of users "inconvenienced" by really obvious spam and other garbage.
• For someone to submit content that gets rotated into that voting process, have them submit a Turing test (read numbers off of a graphic and type them in), or something similar. This prevents spammers from submitting spam content over and over just to have it viewed by those initial 10 voters. If they have to type in a number each time, it's not worth it.
• When users give votes to a story, give them the option to say why they voted the way that they did. (This is especially valuable if they're giving negative votes, then the submitter would know what to improve.) Personally I think the comments would be more valuable if each user can't see other users' comments, at the time they submit their own comments; this prevents the "me too" effect where everybody echoes the first two commenters. (When I ask for independent comments from people, and they almost all say the same thing without seeing each other's comments, that's when I know they have a point!)
• To prevent an attacker from having their own username hit the random-voting page over and over in hopes of voting up their own content, make sure that each user account is only allowed to vote on a given piece of content once (even if they found the content through the random-story page).
• Require a Turing test for new user signups. This would prevent an attacker from registering a huge number of accounts just to hit the random voting page with different users over and over, in hopes getting to vote on their own submitted content eventually.

Then after running this system for a while, look through some collected data to determine if the system could be more efficient. For example, do you really need a sample of 100 votes every time? Suppose you determine that in 99% of cases, you get the same result just from tabulating the first 50 votes, as you would have gotten from tabulating all 100 votes. Then you could modify the system to collect only the first 50 votes, and then make a decision.

Suggestions for improvement? Flaws (hopefully not fatal)? Everyone who cares about keeping community sites like Digg free from abuse, and who wants to create a path for the best content to rise to the top, let's put our heads together and see what we can think of. The above is intended merely as a jumping-off point, and although I've worked it over and I can't see any specific points to improve efficiency, that's probably just because I've been looking at it too long. And if you Digg this story for me I'll give you 1,000 times as much cash as I gave my Mom last Mother's Day.

The following was written by frequent Slashdot editorial contributor Bennett Haselton. He writes "Recently author Annalee Newitz created a bit of a stir with the revelation that she had bought her way to the front page of the story-ranking site Digg. Since Digg allows any registered user to go to a story's URL and "digg it" in order to push it upward through the story-ranking system, it was inevitable that services like User/Submitter would come along, where a Digg user can pay for other users to cast votes to push their story up to the top. User/Submitter says they are currently backlogged and not taking new orders, but they say the service will return and will soon feature services for manipulating similar sites like Digg competitor reddit. Even if the new U/S features are vaporware, it probably won't be long before other companies offer similar services. But it seems like all of these story-ranking sites could prevent the manipulation by making one simple change to their voting algorithm."

Before getting to that though, what's at stake? The revelation that Digg could be trivially manipulated did not cause the site to be overrun with bogus stories all at once -- most of the links on the front page still look interesting. Newitz said that her story, which was deliberately chosen to be as lame as possible, got buried by users soon after it hit the front page, which is how Digg cleans spam stories out of the system. However, she also said that in the time that the story was on the front page, the story got about 35,000 hits, whereupon her server crashed and the traffic was thereafter divided with two other mirror sites; presumably if the server had stayed up, she would have gotten about 100,000 hits, all for an initial expenditure of $100, which is orders of magnitude cheaper than buying advertising any other way. (If she had done the same thing with a good story instead of a deliberately lame one, presumably the traffic gains resulting from word-of-mouth and repeat visitors would have been even higher.) As long as the benefits outweigh the cost, more and more unscrupulous users are likely to pay for such services, and since the service provided by User/Submitter is easy to copy, probably similar services will spring up to drive the price down even further. If nothing changes, then eventually sites like Digg and reddit will be flooded with nothing but paid stories. Most of the stories on the front page will probably still be interesting (why would you pay to promote a link, unless it was good enough to draw repeat visitors and get the most value for your money?), but everybody who didn't pay for votes would eventually get crowded out.

One Good Samaritan, Jim Messenger, managed to shut down one Digg manipulation service called Spike The Vote, by buying it out (for a paltry $1,275 - they must have wanted to get out fast) and then turning over to Digg. He warned people that the moral was: Don't sign up for Digg manipulation services, since Digg might get your information from them and then you'll be banned. Actually, I think the moral is simpler: if you're going to try anything like that, do it from a throwaway account that you don't care about losing if you get caught. (Or, only sign up with manipulation services which publish a privacy policy promising never to share your information, especially not with sites like Digg. Then if Digg buys them out, then the site has violated their privacy policy and Digg as the new owner inherits the liability for that, so you can sue them, right?) But as the idea spreads, it will probably become impractical to play whack-a-mole by shutting down manipulation services as they keep springing up. Any time the cost of providing a service (clicking on a few buttons) is small compared to the benefits of receiving the service (100,000 hits in 24 hours), a market will exist for it one way or another, whether you're talking about drug-smuggling, prostitution, or selling Digg votes.

However, I think there's a way to fix it, and here it is. Have you ever seen people put a link in their profile to their HotOrNot picture, saying "Go here and vote me a 10!!"? Similar to the people who send links to their friends and say, "I just posted this, please Digg this for me!" The difference is that on HotOrNot, it doesn't work. On HotOrNot, you can cast votes for a picture in one of two ways. The first way is to go directly to the URL for someone's picture; the second way is to load the front page, where a random picture from the database is selected at random, and vote for whatever picture comes up. The catch is that the votes that you cast by going directly to someone's picture, are simply ignored in calculating the average score for that photo. The only votes that are counted are the votes cast for random pictures displayed on the front page. So if you want to manipulate the voting for your own photo, you'd have to load the front page hundreds of thousands of times waiting for your own picture to come up repeatedly, which is hard to do without being detected.

To enable an algorithm like this on Digg and reddit, the sites could present users with a sidebar box that displays random stories from the pool of recent submissions. (reddit already has a serendipity feature that users can use to select a random story from the available pool, which could be leveraged for this purpose.) Once a story has collected, say, 100 votes -- or whatever number is considered sufficient to provide a representative random sample of how the story appeals to people -- then on that basis the story can either be buried or promoted to the top, where it would be seen by, say, 100,000 people. The elegance of this system is that bad content would only be seen by 100 people on average before it's buried, whereas good content would be seen by all the 100,000 people who view it on the front page, so the average user sees 1,000 pieces of good content for every 1 piece of crap. Even if 75% of users ignore the random story box completely, that just means you have to display it to 400 users instead of 100 before you have enough data points for a good random sample.

I suggested essentially the same algorithm for how an open-source search engine could work without being vulnerable to gaming even by those who understood all of its inner workings. The main difference, of course, is that Digg and reddit actually exist now. Digg declined to comment on the possible merits of such an algorithm; reddit's Steve Huffman said that the idea sounded interesting, although even if the idea got full buy-in, naturally any proposed change would take a long time to bring to fruition.

But it seems that an algorithm similar to this one would be the only way to prevent cheating on sites like Digg that sort content based on user votes. So it's ironic that HotOrNot, the only site I know of that is using a variation of this algorithm and hence is probably the most secure against cheating, is also the one where cheating is least likely to be a problem. Getting a high placement on Digg might enable you to make some money, but getting a highly rated picture on HotOrNot isn't going to make you rich (unless it helps you meet a millionaire who is using the site to find his third wife). Also, making HotOrNot meritocratic doesn't give people an incentive to improve the "content" that they submit, because up to the limits of what can be done with hair and wardrobe, you can't make yourself that much more attractive. With Digg and reddit, on the other hand, I might work harder at submitting a good story, if I knew that it worked in a perfectly meritocratic fashion that pushed good stories right to the top.

If you do this, you don't need any of the other countermeasures listed in Annalee Newitz's follow-up piece "Herding the Mob", such as analyzing user account history for suspicious behavior. As long as most users in the system are legitimate, most of the users in your random sample will be legitimate as well, and their voting will be representative of what most of the community would think. A story could also get a high score within a specific sub-area of the site like the sports page, but kept off of the main site front page, if the story got a high score from a random sampling of sports-oriented users but a low score from a sample of everyone else.

You could even sub-divide the topical areas further, down to a level of granularity like "Would Barack Obama make a good president?" A site called Helium is currently trying something like this -- users can submit essays on subjects like "Racial inequality or oppression: Do they truly exist in todays society?", and vote on how to rank other essays against each other. The voting works on the random selection principle that I'm advocating here -- users are presented with a pair of randomly chosen essays from a given category (not necessarily the same category for which you submitted an essay) and told to vote for the better one, so there's no way to tell all your friends to go to the link for your essay and give it a high rating. The main limitation though is that while the votes can push you to the top of a particular sub-category, that won't cause your article to "break out" and get to the front page of the site -- Helium says that those front-page articles are chosen at random by employees from the among those articles that are highly rated within their narrow category, so just being good is not enough. And if you want to write something that doesn't fit into any existing categories, you have to create a new category for your essay like I did, which will then be a category containing one essay that nobody else ever sees. Perhaps both of these limitations could be overcome by adding the option to rate randomly selected essays on a scale of 1 to 10 -- thus providing a way to rate essays that exist alone in their own category, and also a way to find the best essays across the entire site, rated against each other.

If Digg or reddit adopts a model that uses the random-voter-selection method, then there's the issue of how to handle the votes cast by users under the current system -- the ones who go to a story link and click "digg it", which is what makes the existing system vulnerable to gaming. Digg could do what HotOrNot does, and just ignore those votes outright, but users would probably view this as deceptive. Perhaps Digg could say that votes cast by self-selected users (the ones who go straight to the story link) are counted along with votes from randomly-selected users, unless the average of the self-selected votes is significantly different from the average from the randomly-selected votes, in which case the self-selected votes are ignored. Hopefully this would satisfy most users and preserve the "community" feel of the site, and only a spoilsport would point out that counting the self-selected votes only if they agree with the randomly-selected votes, is exactly the same thing as ignoring the self-selected votes entirely.

I asked the owner of User/Submitter what he thought about this. He was willing to talk with surprising candor (except about things like his real name) and spoke as if he'd like nothing better than for Digg to make changes to their service that would block his system from working. To both Annalee Newitz and me, he said, "We find it interesting that Digg still allows anybody to view any user's diggs. By way of this 'feature,' User/Submitter is able to verify that our users actually digg the stories they're given. Without this feature, Digg users are given complete digging privacy, and User/Submitter cannot exist." Some have expressed skepticism that the Digg cheaters really want Digg to fix the problem. But as a security tester, I can understand that mentality. If you report a problem, and a company doesn't fix it, eventually you get tempted to publicize the problem to draw attention to it. And if they still don't fix it, and it's a fairly benign security hole that merely enables some pranksters to get some undeserved attention, why not build a service around exploiting the hole, if will highlight the problem and encourage it to get fixed?

So I'm going to go out on a limb and say the U/S guy sincerely wants Digg to be more secure. However I disagree with him about his proposed fix, that of hiding a user's digg history. First of all, it won't stop anyone who creates a multitude of accounts all under their control -- you can use Tor to make it appear that you're coming from many different IP addresses, and build up a history of "legitimate" votes before using your votes to push sites deliberately. (Be sure to use different browsers, or vary your User-Agent header if you know how to do that, so that a series of votes from identical browser types doesn't give you away.) If your service does work by paying other users to cast votes, then you could still audit whether they're casting their votes honestly -- for example, create a test story, use 5 sockpuppet accounts to digg it 5 times, then tell your confederate to digg it. If the number of diggs doesn't go up to 6, then you know they're not honoring their end of the deal, and kick them out of the system. As long as most confederates think there might be some chance of getting caught if they don't play along, most of them would probably cast the votes that they were paid for, since it costs them nothing to do so and they wouldn't want to jeopardize their stream of easy money.

I asked the owner of User/Submitter if his service could defeat the random-sampling algorithm I described. "It would slow down our service," he answered, "but certainly wouldn't eliminate it because eventually a U/S User will have an opportunity to vote on a U/S Submission by way of chance." But I don't see how this would beat the algorithm -- some U/S voters would still get to vote on the story, but as long as there are far more legitimate voters than U/S voters, then a random sampling will almost always contain far more legitimate voters. The U/S owner also said, "Randomized voting privileges would be unnecessarily confusing, frustrating, and fragmenting. Not to forget: unfair and undemocratic." Well, you could keep it from being "confusing" or "frustrating" by keeping the existing interface (with the possible addition of a randomly-selected-story box), so that the only changes would be in how the votes are handled under the hood. "Fragmenting"? If anything, it seems to me that the existing Digg/reddit algorithms would be more fragmenting, keeping users within their existing communities of friend who vote for each others' stories; a random-selection box would give stories with "crossover appeal" a greater chance of success, bringing them to the attention of users who might otherwise never have seen them. As for "unfair and undemocratic", presumably this is a reaction to the fact that the votes of 100 users decide what everyone else sees. But it's already the case with Digg that the votes of a small number of users decide what content becomes popular. At least with a random sample of users, it would be the case that the vast majority of the time, the voting outcome would be the same as it would have been if the entire site had voted, due to the magic of representative sampling.

So, I'm putting this suggestion out there for the same reason that Jim Messenger bought out Spike The Vote -- because I don't want sites like Digg and reddit to be manipulated by the abusers. In fact, if they used this algorithm, they would become more meritocratic than they are now, because the systems would strictly favor the highest-rated content, instead of content written by people who have informal networks of friends who can all go digg their stories for them. If I were to design the user rating system to make it cheat-proof, these are the exact details of what I would do:

• Wherever they decide to post the "random story sampling" box (on the front page, or on a link off to a separate page, etc.), have it work so that as soon as new stories are submitted, they can be rotated into that box and displayed to a random set of users, until it's reached its total of 100 votes or however many are required to get a random sample.
• You can have "shutout voting" to kill off stories early that are obvious spam or otherwise really useless, without going through the full 100 votes. (For example, if 90% of the first 10 votes are negative, then stop collecting votes.) This decreases the number of users "inconvenienced" by really obvious spam and other garbage.
• For someone to submit content that gets rotated into that voting process, have them submit a Turing test (read numbers off of a graphic and type them in), or something similar. This prevents spammers from submitting spam content over and over just to have it viewed by those initial 10 voters. If they have to type in a number each time, it's not worth it.
• When users give votes to a story, give them the option to say why they voted the way that they did. (This is especially valuable if they're giving negative votes, then the submitter would know what to improve.) Personally I think the comments would be more valuable if each user can't see other users' comments, at the time they submit their own comments; this prevents the "me too" effect where everybody echoes the first two commenters. (When I ask for independent comments from people, and they almost all say the same thing without seeing each other's comments, that's when I know they have a point!)
• To prevent an attacker from having their own username hit the random-voting page over and over in hopes of voting up their own content, make sure that each user account is only allowed to vote on a given piece of content once (even if they found the content through the random-story page).
• Require a Turing test for new user signups. This would prevent an attacker from registering a huge number of accounts just to hit the random voting page with different users over and over, in hopes getting to vote on their own submitted content eventually.

Then after running this system for a while, look through some collected data to determine if the system could be more efficient. For example, do you really need a sample of 100 votes every time? Suppose you determine that in 99% of cases, you get the same result just from tabulating the first 50 votes, as you would have gotten from tabulating all 100 votes. Then you could modify the system to collect only the first 50 votes, and then make a decision.

Suggestions for improvement? Flaws (hopefully not fatal)? Everyone who cares about keeping community sites like Digg free from abuse, and who wants to create a path for the best content to rise to the top, let's put our heads together and see what we can think of. The above is intended merely as a jumping-off point, and although I've worked it over and I can't see any specific points to improve efficiency, that's probably just because I've been looking at it too long. And if you Digg this story for me I'll give you 1,000 times as much cash as I gave my Mom last Mother's Day.

The following was written by frequent Slashdot editorial contributor Bennett Haselton. He writes "Recently author Annalee Newitz created a bit of a stir with the revelation that she had bought her way to the front page of the story-ranking site Digg. Since Digg allows any registered user to go to a story's URL and "digg it" in order to push it upward through the story-ranking system, it was inevitable that services like User/Submitter would come along, where a Digg user can pay for other users to cast votes to push their story up to the top. User/Submitter says they are currently backlogged and not taking new orders, but they say the service will return and will soon feature services for manipulating similar sites like Digg competitor reddit. Even if the new U/S features are vaporware, it probably won't be long before other companies offer similar services. But it seems like all of these story-ranking sites could prevent the manipulation by making one simple change to their voting algorithm."

Before getting to that though, what's at stake? The revelation that Digg could be trivially manipulated did not cause the site to be overrun with bogus stories all at once -- most of the links on the front page still look interesting. Newitz said that her story, which was deliberately chosen to be as lame as possible, got buried by users soon after it hit the front page, which is how Digg cleans spam stories out of the system. However, she also said that in the time that the story was on the front page, the story got about 35,000 hits, whereupon her server crashed and the traffic was thereafter divided with two other mirror sites; presumably if the server had stayed up, she would have gotten about 100,000 hits, all for an initial expenditure of $100, which is orders of magnitude cheaper than buying advertising any other way. (If she had done the same thing with a good story instead of a deliberately lame one, presumably the traffic gains resulting from word-of-mouth and repeat visitors would have been even higher.) As long as the benefits outweigh the cost, more and more unscrupulous users are likely to pay for such services, and since the service provided by User/Submitter is easy to copy, probably similar services will spring up to drive the price down even further. If nothing changes, then eventually sites like Digg and reddit will be flooded with nothing but paid stories. Most of the stories on the front page will probably still be interesting (why would you pay to promote a link, unless it was good enough to draw repeat visitors and get the most value for your money?), but everybody who didn't pay for votes would eventually get crowded out.

One Good Samaritan, Jim Messenger, managed to shut down one Digg manipulation service called Spike The Vote, by buying it out (for a paltry $1,275 - they must have wanted to get out fast) and then turning over to Digg. He warned people that the moral was: Don't sign up for Digg manipulation services, since Digg might get your information from them and then you'll be banned. Actually, I think the moral is simpler: if you're going to try anything like that, do it from a throwaway account that you don't care about losing if you get caught. (Or, only sign up with manipulation services which publish a privacy policy promising never to share your information, especially not with sites like Digg. Then if Digg buys them out, then the site has violated their privacy policy and Digg as the new owner inherits the liability for that, so you can sue them, right?) But as the idea spreads, it will probably become impractical to play whack-a-mole by shutting down manipulation services as they keep springing up. Any time the cost of providing a service (clicking on a few buttons) is small compared to the benefits of receiving the service (100,000 hits in 24 hours), a market will exist for it one way or another, whether you're talking about drug-smuggling, prostitution, or selling Digg votes.

However, I think there's a way to fix it, and here it is. Have you ever seen people put a link in their profile to their HotOrNot picture, saying "Go here and vote me a 10!!"? Similar to the people who send links to their friends and say, "I just posted this, please Digg this for me!" The difference is that on HotOrNot, it doesn't work. On HotOrNot, you can cast votes for a picture in one of two ways. The first way is to go directly to the URL for someone's picture; the second way is to load the front page, where a random picture from the database is selected at random, and vote for whatever picture comes up. The catch is that the votes that you cast by going directly to someone's picture, are simply ignored in calculating the average score for that photo. The only votes that are counted are the votes cast for random pictures displayed on the front page. So if you want to manipulate the voting for your own photo, you'd have to load the front page hundreds of thousands of times waiting for your own picture to come up repeatedly, which is hard to do without being detected.

To enable an algorithm like this on Digg and reddit, the sites could present users with a sidebar box that displays random stories from the pool of recent submissions. (reddit already has a serendipity feature that users can use to select a random story from the available pool, which could be leveraged for this purpose.) Once a story has collected, say, 100 votes -- or whatever number is considered sufficient to provide a representative random sample of how the story appeals to people -- then on that basis the story can either be buried or promoted to the top, where it would be seen by, say, 100,000 people. The elegance of this system is that bad content would only be seen by 100 people on average before it's buried, whereas good content would be seen by all the 100,000 people who view it on the front page, so the average user sees 1,000 pieces of good content for every 1 piece of crap. Even if 75% of users ignore the random story box completely, that just means you have to display it to 400 users instead of 100 before you have enough data points for a good random sample.

I suggested essentially the same algorithm for how an open-source search engine could work without being vulnerable to gaming even by those who understood all of its inner workings. The main difference, of course, is that Digg and reddit actually exist now. Digg declined to comment on the possible merits of such an algorithm; reddit's Steve Huffman said that the idea sounded interesting, although even if the idea got full buy-in, naturally any proposed change would take a long time to bring to fruition.

But it seems that an algorithm similar to this one would be the only way to prevent cheating on sites like Digg that sort content based on user votes. So it's ironic that HotOrNot, the only site I know of that is using a variation of this algorithm and hence is probably the most secure against cheating, is also the one where cheating is least likely to be a problem. Getting a high placement on Digg might enable you to make some money, but getting a highly rated picture on HotOrNot isn't going to make you rich (unless it helps you meet a millionaire who is using the site to find his third wife). Also, making HotOrNot meritocratic doesn't give people an incentive to improve the "content" that they submit, because up to the limits of what can be done with hair and wardrobe, you can't make yourself that much more attractive. With Digg and reddit, on the other hand, I might work harder at submitting a good story, if I knew that it worked in a perfectly meritocratic fashion that pushed good stories right to the top.

If you do this, you don't need any of the other countermeasures listed in Annalee Newitz's follow-up piece "Herding the Mob", such as analyzing user account history for suspicious behavior. As long as most users in the system are legitimate, most of the users in your random sample will be legitimate as well, and their voting will be representative of what most of the community would think. A story could also get a high score within a specific sub-area of the site like the sports page, but kept off of the main site front page, if the story got a high score from a random sampling of sports-oriented users but a low score from a sample of everyone else.

You could even sub-divide the topical areas further, down to a level of granularity like "Would Barack Obama make a good president?" A site called Helium is currently trying something like this -- users can submit essays on subjects like "Racial inequality or oppression: Do they truly exist in todays society?", and vote on how to rank other essays against each other. The voting works on the random selection principle that I'm advocating here -- users are presented with a pair of randomly chosen essays from a given category (not necessarily the same category for which you submitted an essay) and told to vote for the better one, so there's no way to tell all your friends to go to the link for your essay and give it a high rating. The main limitation though is that while the votes can push you to the top of a particular sub-category, that won't cause your article to "break out" and get to the front page of the site -- Helium says that those front-page articles are chosen at random by employees from the among those articles that are highly rated within their narrow category, so just being good is not enough. And if you want to write something that doesn't fit into any existing categories, you have to create a new category for your essay like I did, which will then be a category containing one essay that nobody else ever sees. Perhaps both of these limitations could be overcome by adding the option to rate randomly selected essays on a scale of 1 to 10 -- thus providing a way to rate essays that exist alone in their own category, and also a way to find the best essays across the entire site, rated against each other.

If Digg or reddit adopts a model that uses the random-voter-selection method, then there's the issue of how to handle the votes cast by users under the current system -- the ones who go to a story link and click "digg it", which is what makes the existing system vulnerable to gaming. Digg could do what HotOrNot does, and just ignore those votes outright, but users would probably view this as deceptive. Perhaps Digg could say that votes cast by self-selected users (the ones who go straight to the story link) are counted along with votes from randomly-selected users, unless the average of the self-selected votes is significantly different from the average from the randomly-selected votes, in which case the self-selected votes are ignored. Hopefully this would satisfy most users and preserve the "community" feel of the site, and only a spoilsport would point out that counting the self-selected votes only if they agree with the randomly-selected votes, is exactly the same thing as ignoring the self-selected votes entirely.

I asked the owner of User/Submitter what he thought about this. He was willing to talk with surprising candor (except about things like his real name) and spoke as if he'd like nothing better than for Digg to make changes to their service that would block his system from working. To both Annalee Newitz and me, he said, "We find it interesting that Digg still allows anybody to view any user's diggs. By way of this 'feature,' User/Submitter is able to verify that our users actually digg the stories they're given. Without this feature, Digg users are given complete digging privacy, and User/Submitter cannot exist." Some have expressed skepticism that the Digg cheaters really want Digg to fix the problem. But as a security tester, I can understand that mentality. If you report a problem, and a company doesn't fix it, eventually you get tempted to publicize the problem to draw attention to it. And if they still don't fix it, and it's a fairly benign security hole that merely enables some pranksters to get some undeserved attention, why not build a service around exploiting the hole, if will highlight the problem and encourage it to get fixed?

So I'm going to go out on a limb and say the U/S guy sincerely wants Digg to be more secure. However I disagree with him about his proposed fix, that of hiding a user's digg history. First of all, it won't stop anyone who creates a multitude of accounts all under their control -- you can use Tor to make it appear that you're coming from many different IP addresses, and build up a history of "legitimate" votes before using your votes to push sites deliberately. (Be sure to use different browsers, or vary your User-Agent header if you know how to do that, so that a series of votes from identical browser types doesn't give you away.) If your service does work by paying other users to cast votes, then you could still audit whether they're casting their votes honestly -- for example, create a test story, use 5 sockpuppet accounts to digg it 5 times, then tell your confederate to digg it. If the number of diggs doesn't go up to 6, then you know they're not honoring their end of the deal, and kick them out of the system. As long as most confederates think there might be some chance of getting caught if they don't play along, most of them would probably cast the votes that they were paid for, since it costs them nothing to do so and they wouldn't want to jeopardize their stream of easy money.

I asked the owner of User/Submitter if his service could defeat the random-sampling algorithm I described. "It would slow down our service," he answered, "but certainly wouldn't eliminate it because eventually a U/S User will have an opportunity to vote on a U/S Submission by way of chance." But I don't see how this would beat the algorithm -- some U/S voters would still get to vote on the story, but as long as there are far more legitimate voters than U/S voters, then a random sampling will almost always contain far more legitimate voters. The U/S owner also said, "Randomized voting privileges would be unnecessarily confusing, frustrating, and fragmenting. Not to forget: unfair and undemocratic." Well, you could keep it from being "confusing" or "frustrating" by keeping the existing interface (with the possible addition of a randomly-selected-story box), so that the only changes would be in how the votes are handled under the hood. "Fragmenting"? If anything, it seems to me that the existing Digg/reddit algorithms would be more fragmenting, keeping users within their existing communities of friend who vote for each others' stories; a random-selection box would give stories with "crossover appeal" a greater chance of success, bringing them to the attention of users who might otherwise never have seen them. As for "unfair and undemocratic", presumably this is a reaction to the fact that the votes of 100 users decide what everyone else sees. But it's already the case with Digg that the votes of a small number of users decide what content becomes popular. At least with a random sample of users, it would be the case that the vast majority of the time, the voting outcome would be the same as it would have been if the entire site had voted, due to the magic of representative sampling.

So, I'm putting this suggestion out there for the same reason that Jim Messenger bought out Spike The Vote -- because I don't want sites like Digg and reddit to be manipulated by the abusers. In fact, if they used this algorithm, they would become more meritocratic than they are now, because the systems would strictly favor the highest-rated content, instead of content written by people who have informal networks of friends who can all go digg their stories for them. If I were to design the user rating system to make it cheat-proof, these are the exact details of what I would do:

• Wherever they decide to post the "random story sampling" box (on the front page, or on a link off to a separate page, etc.), have it work so that as soon as new stories are submitted, they can be rotated into that box and displayed to a random set of users, until it's reached its total of 100 votes or however many are required to get a random sample.
• You can have "shutout voting" to kill off stories early that are obvious spam or otherwise really useless, without going through the full 100 votes. (For example, if 90% of the first 10 votes are negative, then stop collecting votes.) This decreases the number of users "inconvenienced" by really obvious spam and other garbage.
• For someone to submit content that gets rotated into that voting process, have them submit a Turing test (read numbers off of a graphic and type them in), or something similar. This prevents spammers from submitting spam content over and over just to have it viewed by those initial 10 voters. If they have to type in a number each time, it's not worth it.
• When users give votes to a story, give them the option to say why they voted the way that they did. (This is especially valuable if they're giving negative votes, then the submitter would know what to improve.) Personally I think the comments would be more valuable if each user can't see other users' comments, at the time they submit their own comments; this prevents the "me too" effect where everybody echoes the first two commenters. (When I ask for independent comments from people, and they almost all say the same thing without seeing each other's comments, that's when I know they have a point!)
• To prevent an attacker from having their own username hit the random-voting page over and over in hopes of voting up their own content, make sure that each user account is only allowed to vote on a given piece of content once (even if they found the content through the random-story page).
• Require a Turing test for new user signups. This would prevent an attacker from registering a huge number of accounts just to hit the random voting page with different users over and over, in hopes getting to vote on their own submitted content eventually.

Then after running this system for a while, look through some collected data to determine if the system could be more efficient. For example, do you really need a sample of 100 votes every time? Suppose you determine that in 99% of cases, you get the same result just from tabulating the first 50 votes, as you would have gotten from tabulating all 100 votes. Then you could modify the system to collect only the first 50 votes, and then make a decision.

Suggestions for improvement? Flaws (hopefully not fatal)? Everyone who cares about keeping community sites like Digg free from abuse, and who wants to create a path for the best content to rise to the top, let's put our heads together and see what we can think of. The above is intended merely as a jumping-off point, and although I've worked it over and I can't see any specific points to improve efficiency, that's probably just because I've been looking at it too long. And if you Digg this story for me I'll give you 1,000 times as much cash as I gave my Mom last Mother's Day.

armb writes with a link to a Wired Blog entry about irregularities found in Diebold databases from the state of Ohio. The election in question here is November 2006, and the corruption of the entries may raise doubts about accurate tabulations. "Vote totals in two separate databases that should have been identical had different totals. Although Diebold explained that this was part of the system design for separate vote tables to get updated at different times during the tabulation process, the team questioned the wisdom of a design that creates non-identical vote totals. Tables in the database contained elements that were missing date and time stamps that would indicate when information was entered. Entries that did have date/time stamps showed a January 1, 1970 date. The database is built from Microsoft's Jet database engine. The engine, according to Microsoft, is vulnerable to corruption when a lot of concurrent activity is happening with the database, such as what occurs on an election night when results are uploaded and various servers are interacting with the database simultaneously."

CNN has a report on the Wii's success in the games marketplace right now, referring to their sales dominance as 'creaming the competition'. The article tries to break down exactly why Nintendo's console has sold so successfully, discussing the system's marketing, engineering, and philosophy. "Next, engineers settled on a new approach for the Wii's looks. Just as the DS shunned the Game Boy name to appeal to a broader audience, the Wii would adopt a sleek white exterior instead of the toylike loud colors used on the GameCube. Even CEO Iwata got involved in the design process; at one point he handed engineers a stack of DVD jewel cases and told them the console should not be much bigger. Why so small? To work with the motion-sensitive wireless controller Nintendo planned, Iwata reasoned, the console would have to sit directly beside the TV. Make it any larger and customers would hesitate to leave it there. " Their sales strategy is working in spades. CVG reports that at least one analyst thinks that Wii demand won't be met until 2009. This past weekend Chris Kohler had an interesting comment on the 'ambassador programs' Nintendo ran in advance of the Wii's launch, and how that might tie in to the system's financial success.

Wired has a gallery of their Lamest Technology Mascots which features some trollish links including Tux and a certain adorable devil. Also featured is the old Java mascot Duke which I always liked, and of course Clippy who these days pretty much exists only in cheesy Top X lists.

IGN is reporting that the next game in the Final Fantasy series will probably be around for quite a while. If Square/Enix has anything to say about it, we'll be playing the FFXIII family of games for the next ten years. "Although speaking with a Nintendo magazine, Hashimoto brought up Final Fantasy XIII as a comparison for Square Enix's decision to expand upon the FFVII storyline through the Compilation project years after the game's original release. 'Different from something like VII, which we expanded upon afterwards, with Fabula Nova Crystallis FFXIII, we've thought about an expansive world setting from the start. Under the idea of wanting everyone to be sucked into the world for 10 years, we're preparing a number of categories.' He likened this approach to films like Star Wars, Harry Potter and Lord of the Rings." Chris Kohler took the time to point out that, in the same interview, the Square folks stated they're still not entirely convinced about this whole Virtual Console thing. "We feel that the Japanese game market still requires [physical] media. Also, FF and Dragon Quest are played by a wide range of users, from children to adults, so there are limitations when you consider the problems that we would have with billing systems."

Today has seen a bit of commentary on each of the three next-gen consoles, all relatively positive. The PlayStation 3 has seen users for the PSN community crack the 1.3 million mark, according to Next Generation. If you enjoy the Wii's Virtual Console feature, Chris Kohler has you set up today with a rundown on every VC title rumored or released to date. Nintendo's consoles are selling pretty well, too. Microsoft has had something of a mixed day. On the one hand gamers can look forward to Beautiful Katamri coming to XBLA in the states. On the other, an investment adviser has called Microsoft's entire gaming business a 'disastrous endeavor'.

An anonymous reader writes "Wired magazine has an article that explains The Law of Optical Volumes, a formula for spacing the letters on a printed page that results in maximum readability. Wired's new logo (did anyone notice?) obeys the law. Unfortunately, Web fonts don't allow custom kerning pairs, so you can't work the same magic online as in print. Could this be why some people still prefer newspapers and magazines to the Web?"

Bruce Schneier has up at Wired a typically thoughtful piece on how, in the security market as in others, the lemons are winning out over the good products. Schneier harks back to "The Market For Lemons," the 1970s work of economist George Akerlof, to explain why the market's invisible hand pushes most of the best products into the abyss: "With so many mediocre security products on the market, and the difficulty of coming up with a strong quality signal, vendors don't have strong incentives to invest in developing good products. And the vendors that do tend to die a quiet and lonely death."

Both the Virtual Console and Xbox Live Arcade have some interesting offerings this week, and Microsoft has released word of a lot of new things to come via their community service. The day before yesterday saw the release of Punch-Out!!, Virtua Fighter 2, and Bonk's Revenge for the Wii's download service. No Mike Tyson in this version of Punch-Out!!, but it's still (as Kohler puts it) one of the 'best videogames of all time.' On the Xbox side, today sees the release of a 'double header' of games: Gyruss and 3D Ultra MiniGolf Adventures . Gyruss is a Konami arcade port, while Minigolf includes a course editor to distract you from the simple gameplay. As far as new XBLA content goes: The Daily show is already available on the service, along with The Colbert Report, Carcossonne will join Settlers of Catan and (apparently) Talisman in boardgame-to-Xbox ports, and Microsoft is looking for pitches for a television show to be shown exclusively on Xbox live. If you win the TV contest, you get to make it for them.

stacybro writes "There is an article on Wired about the Top 10 most influential Amiga games. As someone who actually programmed on the Amiga way back when, I can attest to how far they were ahead of the clones when it came to graphics and audio hardware. I often wonder where the PC world would be if Amiga or Apple had had the marketing smarts (or maybe it was cut throat attitude) of Microsoft. 'Defender of the Crown (Cinemaware, 1986): Way before the Hollywood-ization of the game industry, Cinemaware evoked the era of classic movies with this game and others, such as Wings and the classic B-movie tribute It Came From the Desert. Cinemaware titles were definitely precursors of the CD-ROM era of flashy titles such as Myst and The 7th Guest. More importantly, they brought strong and realistic characterization and depiction to the world of computer games. Cinemaware is still alive today and currently working on an update of Defender of the Crown.'"

An anonymous reader writes "Aaron Rowe over at Wired has an article about a couple of young scientists at NASA's Ames Research Center working to open source the space program through software development and other ways to allow the public to participate in real NASA programs. According to Robert Schingler, the NASA CoLab project manager, 'CoLab is building an infrastructure to encourage and facilitate direct participation from the talented and interested public...' Apparently, the group holds weekly meetings on their island in the popular online virtual world Second Life."

p3net writes "Shortly before the release of Thunderbird 2.0 RC1, Wired held an interesting interview with Scott MacGregor, the lead developer of Thunderbird. He presents some views as to why desktop email clients still triumph, even in this much-dominated web age. 'Some users want to have their data local for privacy and control. Furthermore, you can integrate data from different applications on the desktop in ways that you can't do with web-based solutions, unless you stick to web solutions from a single provider. For example, you can use your Outlook address book with Thunderbird. We'd like to continue to expand the kinds of data you can share between Thunderbird and other apps (both web and desktop applications).'"

An anonymous reader writes: "On the Wired site, Clive Thompson has up an article that points out a sobering truth: gamers are getting older. Folks who grew up playing videogames like Doom and Quake are now facing parental decisions with their own kids regarding appropriate content. Thompson cites well known gamer dads like Kotaku's Brian Crecente, discussing some of the approaches folks educated in gaming take with their own offspring: '"Everybody knows, as an adult, that the world is not always a nice place," Crecente told me. "But I don't want him to know that yet. I want him to have a childhood." So he disallows games with "realistic" combat, like World War II titles, or Resistance: Fall of Man, but permits highly cartoony shooting, like Starfox on the Nintendo DS -- since he regards it as essentially as abstract as playing cops and robbers with your fingers as guns.' Where do you think gamer parents should draw the line? If you have kids, what approach are you taking to introducing them to gaming? How old is 'old enough' to start fragging?"

Via a Wired Blog, an anonymous reader wrote with a link to a post on the Geek Technique website. There, post author Mark Hoekstra details how to replace an iPod's HDD with flash memory. It's not an inexpensive procedure, as 16 Gigs of flash memory is still a mite expensive, and the post is not a 'how-to'. Just the same, the project took painstaking work and is well worth recognizing. "I guess I can say I found ways of eliminating almost every hard drive out of almost every hard drive based iPod thereby eliminating all moving parts. The only one left is the iPod video which would only need a slightly different adapter. But next to that I've got a gut feeling that one's being upgraded to flash memory by Apple themselves any time soon."

An anonymous reader wrote with a link to a Wired story about a fun play-along-at-home project: Turning Apple TV into a very tiny workable computer. "Apple TV is dead, long live the Mac Nano. Sort of. Just two weeks after Apple released its streaming media box to the public, hackers successfully installed OS X, Apple's desktop operating system, on the $300 device, making it the cheapest PC Cupertino has ever sold. 'The breakthrough is done, OS X runs on Apple TV!' wrote Semthex, the anonymous hacker responsible for the mod, at his website. 'Now we got (the) low-budget Mac we ever wanted.'"

An anonymous reader writes "The 9th Circuit Court of Appeals has ruled in the case of Jerome Heckenkamp, the former University of Wisconsin student convicted of federal computer crime charges in 2004 after hacking into Qualcomm, Cygnus Solutions and other companies, and defacing eBay. Heckenkamp was caught after a system administrator at the university hacked into his Linux box to gather evidence that Heckenkamp had been attacking the college mail server. The court ruled today that such counter-hacks are allowable under the 'special needs' exception to the Fourth Amendment, and upheld the warrantless search."

Wired's Game|Life blog, and writer Chris Kohler, have the news that the PSP will be aiming at teen users in the near future. This from PSP senior product manager John Koller, who connected the recent system price cut to this new initiative. "Going forward, Sony will unveil the 'Dude, Get Your Own' campaign. The idea this year, says Koller, is to 'break out of the home cycle.' A significant amount of PSP users in that 13-17 group play the device at home. 'The teens that are doing this value the ability to utilize the portability,' Koller notes paradoxically. By portability, he clarifies, he means 'I can play it upstairs while my parents are watching the TV downstairs.'"

smileham noted a story about Mozilla developers considering work on a "social networking" Firefox extension called the "Coop" to take up where Flock left off. Also here is a wiki on the subject.

zdude255 writes "Wired is running an article exploring several studies of giving the human brain 'new input devices.' From seeing with your sense of touch to entirely new senses such as sensing direction intuitively, the human brain seems to be capable of interpreting and using new data on the fly. This offers many applications from pilots being able to sense the plane's orientation to the potential recovery of patients with blindness or ear damage. (which helps balance).'It turns out that the tricky bit isn't the sensing. The world is full of gadgets that detect things humans cannot. The hard part is processing the input. Neuroscientists don't know enough about how the brain interprets data. The science of plugging things directly into the brain -- artificial retinas or cochlear implants -- remains primitive. So here's the solution: Figure out how to change the sensory data you want -- the electromagnetic fields, the ultrasound, the infrared -- into something that the human brain is already wired to accept, like touch or sight.'"

Via Game|Life, an article in the Syndey Morning Herald discusses a new study indicating most children are unaffected by videogame violence. Though the study did indicate that children already predisposed to violence or neurotic behavior were over-stimulated by these games, most children showed no difference in behavior as a result of game play. "The study monitored the behavior of children from 10 schools in eastern and southern metropolitan Melbourne before and after playing the violent video game Quake II for 20 minutes, Swinburne's Professor Grant Devilly said. Prof Devilly said only children predisposed to aggression and more reactive to their environments changed their behavior after playing and of those only some showed more aggression."

Via GamePolitics, an exerpt from an upcoming Wired print magazine article on Rockstar's slide from grace. The article outlines a number of the problems we've discussed here on the site, such as their numerous lawsuits, the 'Hot Coffee' scandal, and stock-option problems. At four pages it's only a teaser for the longer article in the magazine, but it's still very much worth taking a look. "The irony is thick: The company that defined virtual criminality is now associated with the real thing. Rockstar and Take-Two executives declined to answer questions for this article, but their rich and troubled story is revealed by official documents and former employees. It seems the blokes forgot that in life, as in Grand Theft Auto, there are repercussions for the choices you make."

Gamasutra has the word that EA has the Lord of the Rings IP locked up through the end of next year. With the additional license for the books under their wing and no competition from Vivendi, they have big plans set for their next game inside the franchise world. "The announcement follows EA's previously announced The Lord of the Rings: The White Council, an open world RPG for Xbox 360, PlayStation 3, and PC. However, with EA making plans for a new The Lord Of The Rings title, the fate of this project, once referred to as the cryptic Project Gray Company, remains uncertain. EA confirmed in early February that the game, while not canceled, had been put on hold." Relatedly, Game|Life notes that one million players will soon be traveling through Middle Earth as the open beta for Lord of the Rings Online gets underway. If you signed up to get in, you probably will. Update: 03/30 04:00 GMT by Z : The text referring to the White Council game was edited on the Gamasutra story, and here as well to reflect that.

katalin writes "Arenanet, makers of the Guild Wars Massive game, have announced the first 'true' expansion pack to the game - Eye of the North. Next year will also see the beginning of a Beta test for a true sequel to the original Guild Wars. The new game will be substantially different from the current offering, with many elements similar to a more traditional fantasy Massively Multiplayer game. It still, however, will not require a monthly fee to play."

Ludvig A. Norin writes "Wired journalist Fred Vogelstein blogs about how he accidentally got hold of a dossier on himself produced by Microsoft's PR firm, Waggener Edstrom. While it's not unusual for PR people to create background files on journalists, it's notable that this one leaked, and got commented by Waggener Edstrom's Frank Shaw and Wired Magazine editor in chief Chris Anderson. Makes for an interesting read — there's lots to learn from the inner workings of the Microsoft PR machinery." Someone please send me mine? I bet it's really friendly!

Ludvig A. Norin writes "Wired journalist Fred Vogelstein blogs about how he accidentally got hold of a dossier on himself produced by Microsoft's PR firm, Waggener Edstrom. While it's not unusual for PR people to create background files on journalists, it's notable that this one leaked, and got commented by Waggener Edstrom's Frank Shaw and Wired Magazine editor in chief Chris Anderson. Makes for an interesting read — there's lots to learn from the inner workings of the Microsoft PR machinery." Someone please send me mine? I bet it's really friendly!

xtaski writes "Wired's 'Cult of Mac' blog offers up video of Novell's spin on the Apple Mac vs. PC ads. The twist: a young lady portraying that winsome third party, Linux. There are two ads available for perusal, and the second is definitely the better of the two."

Via Game|Life, an article on the Variety site that sees something rather novel: a film writer defending games. Unhappy reviews of the film 300 sometimes cite the film's 'game-like' nature as a measure of it's poor quality, and Variety writer Ben Fritz calls those authors out on their poor grasp of modern media. Ron Gilbert, at the Grumpy Gamer site, has a few words of commentary on this issue. Coincidentally Gamasutra chose today to post a discussion of games as art which begins with the phrase "here we go again".

FleaPlus writes "Wired reports on a glove developed by Stanford researchers Dennis Grahn and Craig Heller which combines a cooling system with a vacuum in order to chill blood vessels and drastically reduce fatigue. Besides the obvious military and athletics applications, the technology is also potentially useful for firefighters, stroke victims, and people with multiple sclerosis. The Wired article also describes a number of other human enhancement projects intended to advance battlefield technology. Examples include military exoskeletons, projects designed to increase cognition or decrease the need for sleep, and studies that may one day allow single soldiers to operate multiple aerial drones. Many of these were opposed by the President's Council on Bioethics."

Jay Rosen writes "Assignment Zero is a pro-am, open-platform reporting project. The investigation: crowd sourcing and peer production are a social trend growing well beyond tech. Why is this happening? Partners: NewAssignment.Net and Wired.com, with Newsvine. From the Wired essay: 'We're trying to figure something out here. Can large groups of widely scattered people, working together voluntarily on the net, report on something happening in their world right now, and by dividing the work wisely tell the story more completely, while hitting high standards in truth, accuracy and free expression?' Wired.com: 'We want out readers and our sources to be one and the same. We think it will make for better journalism.'"

Jay Rosen writes "Assignment Zero is a pro-am, open-platform reporting project. The investigation: crowd sourcing and peer production are a social trend growing well beyond tech. Why is this happening? Partners: NewAssignment.Net and Wired.com, with Newsvine. From the Wired essay: 'We're trying to figure something out here. Can large groups of widely scattered people, working together voluntarily on the net, report on something happening in their world right now, and by dividing the work wisely tell the story more completely, while hitting high standards in truth, accuracy and free expression?' Wired.com: 'We want out readers and our sources to be one and the same. We think it will make for better journalism.'"

The Wired blog 26B Stroke 6 reports on the arguments AT&T and the US government made to an appeals court hearing motions in the case the EFF brought against the phone giant for their presumed part in the government's program(s) to spy on Americans. In essence AT&T seems to have argued that the case against the telecom for allegedly helping the government spy on Americans is too secret for any court, despite the Administration's admission it did spy on Americans without warrants.

pease1 writes "Wired and others are reporting that for New Mexico, the fight for Pluto is not over. Seven months after the International Astronomical Union downgraded the distant heavenly body to a 'dwarf planet,' a state representative in New Mexico aims to give the snubbed world back some of its respect. State lawmakers will vote Tuesday on a bill that proposes that 'as Pluto passes overhead through New Mexico's excellent night skies, it be declared a planet.' The lawmaker who introduced the measure represents the county in which Clyde Tombaugh, Pluto's discoverer, was born. For many of us old timers, and those who had the honor of meeting Clyde, this just causes a belly laugh and is pure fun. Not to mention a bit of poking a stick in the eye."

Several readers wrote in with a Wired story about the work Adobe is doing to detect photo forgery. They are working with Canon and Reuters (which suffered massive bad publicity last year over a doctored war photo) and a professor from Dartmouth. (Here is Reuters's policy on photo editing.) Adobe plans to produce a suite of photo-authentication tools based on the work of Hany Farid (PDF) for release in 2008.

An anonymous reader writes "Danger Room, a Wired blog, today cites a study of future electronic snooping technologies from Reuters, written by the Pentagon's Defense Science Board. More than anything, it seems these outside advisers want a surveillance system that would put Big Brother to shame, and they're looking at the commercial sector to provide it. 'The ability to record terabyte and larger databases will provide an omnipresent knowledge of the present and the past that can be used to rewind battle space observations in TiVo-like fashion and to run recorded time backwards to help identify and locate even low-level enemy forces. For example, after a car bomb detonates, one would have the ability to play high-resolution data backward in time to follows the vehicle back to the source, and then use that knowledge to focus collection and gain additional information by organizing and searching through archived data.'"