Every time we're told that increased costs go to "infrastructure," we get the same crappy 6Mbps download speeds, downtime every Sunday night, no-show service calls, and human-unfriendly telephone support.
As a former owner of a dialup ISP, I completely understand the "5%" rule.
However, a 15-40GB limit is clearly not intended to curtail those users.
The "problem" users are up in the 200GB/mo region, not a measly 3-7 DVD ISOs.
This is nothing short of a preemptive attack against companies like NetFlix, Apple, Packet8, Vonage, etc. who offer DVD/HD downloads, VOIP, videoconferencing, and other services that compete with the incumbent's own services.
Note that the new bandwidth cap does NOT include the VOD or VOIP services you buy from TWC.
Again, I'm ok with fair and non-putative metering. I pay a larger water bill because my swimming pool has a leak. I pay a larger electric bill because I have an old house and I like it cool.
But my water company simply charges me based on usage. There are no caps and no punitive pricing brackets. And they aren't trying to sell me pool maintenance services that come with "free" pool re-fills.
If someone could hack into the ISP's DNS server, it wouldn't matter where the fake code is being requested from.
And, frankly, they could do a lot more dangerous (and easy pay-off) things than just redirect requests for a Javascript library--such as redirecting ebay, paypal, etc. to a phishing site.
Do you *honestly* think that Google is going to modify the code for Prototype and slap some AdSense/Analytics goodies in there?
The library developers would have their hide if they attempted such a thing!
And I'm NOT wrong about cookies. Your site's cookies are not sent in the HTTP request, they would only be accessible via JavaScript--and again, without Google modifying the source code of these libraries to be malicious, they wouldn't be privy to those cookies.
Not that cookies store anything useful these days... almost everyone with serious server-side code uses server-side persisted sessions, so the only cookie is the session ID.
These are static releases of library code written by others.
Google would only be able to execute Javascript on your user's page if they modified the source code of the library you were loading from them. Which would be a BIG no-no.
(Google does have a "loader" function available, but also just allows you to include the libraries via a traditional script tag to a static URL.)
Otherwise, cookies are NOT cross-domain and wouldn't be passed with the HTTP request, unless you were silly enough to CNAME your "js.mysite.com" to "ajax.googleapis.com".
Oh no! If Google decides they don't want to spend the $10/year this will cost them anymore, I might have to change a header and footer script! Or *gasp* use a search-and-replace to fix the URLs!
I'm *so* scared.
Google is supporting web apps and offering to host the nasty boring bits that need strong caching. How very evil of them.
And if Google is hacked, we're ALL screwed a hundred different ways. The average web developer *using* these libraries is more likely to have a vulnerable server than Google.
This will enable web developers to support richer, cross-browser apps without the full "hit" of additional HTTP connections and bandwidth.
Users gain the benefit of faster rendering on every site that uses these libraries--both due to proper caching, and because their browser can open more simultaneous HTTP connections.
If Google goes down, change your header/footer scripts. BFD.
In an age where Flash/Silverlight/etc. are supposed to be the "next big thing," I'm glad at least one company is not abandoning HTML-based apps.
I'm reading the CAN-SPAM Act right now, and though I'm not a fan of spam regardless of the source, I'm not sure a MySpace PM, tag, photo comment constitutes an "electronic message" under that law.
SMTP by its nature is VERY vulnerable to abuse (false headers, having to accept and filter from unknown servers, etc.), so a law protecting it is reasonable.
This is similar in concept to fax-spam. Sure, you could build a fax machine that would only accept incoming calls from a "white list," but it would create as many problems as it solves. And, yet, having to accept unknown callers results in the owners of the fax machine wasting resources receiving and processing the spam calls.
However, a "message" between members of a private web site such as MySpace is only as vulnerable as Tom and his minions choose to implement it.
If MySpace doesn't like spam, they should change their system to not encourage it. Unlike SMTP, they control the whole system and can add reasonable protections. Thus, there is no need for a specific law to "protect" them against spammers.
And, in fact, MySpace now has a number of protection options to keep spammers and random strangers away from your message box--protections that your ISP doesn't have for your POEM (plain old e-mail) account.
IMHO, the spammers should be prosecuted criminally for computer intrusion (for phishing accounts), not sued in civil court.
I wonder what Comcast's network would look like if they spent as much money improving bandwidth as they apparently do "shaping" (damaging) the traffic already on their wires.
I'm in Beaumont, TX and have been a happy RR customer for a few years now. They kick ass over Bell's DSL service.
But since I'm looking into a few online movie rental/purchase solutions (Dish, Apple, NetFlix, etc.), I could see myself becoming one of the affected users.
I'm ok paying for my heavy-use times, just as I am with my cell phone, provided FOUR things happen:
1. NET NEUTRALITY. They can charge me to eat cake, but no more whining about the baker's "free ride."
2. EMAIL ALERTS. I don't want to go check some lame "bandwidth meter" every few days.
3. NON-PUNITIVE RATES. If I go over one month, bump me up a tier that month, DON'T charge me some ridiculous "punishment" rate for exceeding my tier.
4. BI-DIRECTIONAL. Current pricing is based on "average" current usage, so if I'm out of town a lot one month and I end up downloading less than the average bear, I should get the "grandma downloading recipes" (lower-tier) rate that month, automatically.
Unfortunately, I don't see any candidates supporting the "Big Switchgrass" lobby (lol) with federal grants and subsidies.
The government is *ALWAYS* ten years late on supporting technology, and usually picks the wrong one. Same situation with PV, hybrid cars, and nuclear power... about the time some lobbyist gets enough "representatives" to sign on to some legislation that makes their life easy, a new start-up or breakthrough makes them obsolete.
One more reason to vote for someone who believes that open markets will drive innovation a lot faster than corporate/agricultural welfare, and that states can be more responsive when government needs to have a role.
I know, I'm yet another rabid Ron Paul supporter. But at least if we elect him, hemp will have a chance to compete with switchgrass. Which will be great, except your car will have the munchies and will insist on calling you "dude" and "bro" when your door is ajar.;)
When your application doesn't work, refactor the code. When the government doesn't work, refactor the system.
Reproducing or even bringing WINE up to consumer level would be a monumental task. I don't think their strategy is to support Windows apps across-the-board.
My guess is that Apple has a secret project to integrate just enough of WINE/Crossover into OS X to support Microsoft Office, in the event that Microsoft backs down on its commitment to provide Office for Mac.
Microsoft screwed them over before on its promised releases of Office, and Office is a de facto requirement for corporate workstations.
Yes, iWork, OpenOffice, and Office-under-Parallels are good alternatives, but they are NOT feature-complete or performant, and are a much harder sell than "and it runs Microsoft Office too!"
The solution to social networks and spam is the same: *trust networks*.
Not identity, TRUST.
As in, you can't send me an email unless someone *I* know vouches for you. Or someone they know, etc., with degrees of separation up to my level of comfort.
I don't need to know you personally (or even know your real name) to trust you as someone who won't spam me, and I can probably trust your trusted contacts as well. With 3-4 degrees of separation, the people allowed to contact me via IM, email, telephone, etc. would likely include almost EVERYONE who would legitimately need to contact me, while including no spammers.
Sure, social engineering is always possible with such a system, but if my buddy Joe (or his buddy Frank) is an idiot and has a habit of trusting spammers, I should simply be able to mark him as "untrustworthy."
Now, how does this apply to the TERRORIST-PREDATOR-HACKER problem?
First off, predators are experts at social engineering, and even full government vetting would only prevent *registered* predators from obtaining accounts, not the ones who've never been caught. We can't even get the terrorist no-fly database right, so I have ZERO confidence that social networks could ever be predator-free.
So, for your children's accounts, use the trust system to your advantage by only marking yourself and other trusted adults/groups as contacts that can either contact your kid directly or that can be used as trust verification contacts. Doesn't solve the uncle/teacher/priest problem, but should be a perfectly reasonable way to keep your kids from being contacted by people you don't know.
I bought my iPhone this past weekend (dumb move in retrospect, I should have waited until Wednesday).
To do so, I had to break contract with Verizon for two lines, but the total monthly package at AT&BigBrother was the *same* price as my old Verizon package, but had 300 extra minutes, 200 SMS, and the unlimited data on my line (the iPhone). Also spent $100 to hook my wife up with a phone, figuring she would inherit my iPhone when v2 came out.
Today, I walked into the AT&T store, showed my receipt, and got a $200 credit on the iPhone purchase since it was purchased within 14 days. No hassles, and it was a credit directly against my bill, not toward future purchases.
So I turned around, returned the wife's cheapy-phone, and got her one of the last $300 4GB iPhones. Now I'm paying $20 more a month than I was with Verizon (since I had to add the data package for her iPhone).
Apple has, for now, won me over on service and design. After my Mac Pro purchase a year ago (a BIG switch for me, since I used to build my own PCs and my career is.NET/SQL Server development), we upgraded my wife to a 15.4" MBP last month, and they've now "suckered" me into two iPhones.
Made my first Keynote '08 presentation last night, in a fraction of the time it would have taken in PPT, and Steve Jobs will have another $200 or so next month when Leopard comes out.
So, I guess that makes me a fan-boy. Anyone wanna buy my old Audiovox XV-6700?
...sheep outnumber foxes...followers outnumber leaders...SUV owners outnumber hybrid owners...more people voted for major parties in the primaries than third parties...more people watched a new reality TV show last night than a new special on the History Channel...more people watched TV last night than picked up a newspaper...it's easier to paint the kitchen walls than to replace the cabinets, floor, and appliances....a $99 OS upgrade is cheaper than a new $1500 computer...more people buy new computers in at the local big box store than hunt for an Apple dealer or shop online
Sheesh. This is "news" now?
Also, the methodology used for this statistic is telling: "web visitors." The user's OS is becoming so inconsequential that it is measured in terms of people using said operating systems merely to access cross-platform, web-based applications.
Uhm, yes, actually. If I lose a book somewhere, the finder has a way to contact me.
My web site URI, home address, email addresses, and phone numbers are all published. I'm not a celebrity, so I don't consider these "private" information.
If iTunes were storing biometric information, passwords, SSN, etc. in the files, that's a problem, but this is equivalent to writing your name on a CD or engraving it on some piece of equipment you might resell someday.
I write my name in books when I buy them, and I've never considered the "privacy concern" of erasing it when selling the book, because the buyer already knows who I am. We wanted DRM-free music, we got it. The only people complaining are the cheap bastards who want to share the files over P2P.
Can we please start complaining about privacy issues that actually matter, like the fact that iPhone users' only service option is the same monopoly that was and is spying on the majority of all of our Internet traffic, without a court order or Congressional oversight?
I'm as disappointed as anyone at the lack of an SDK. Apparently AJAX isn't good enough for their own Mail and Google Maps apps, but it's a Really Sweet Solution for everyone else.
But there is a silver lining: Safari will presumably support SVG, as it does now on OS X and Windows.
You can stuff a lot of rich functionality into a small SVG+AJAX application vs. a web app that requires HTML, CSS, PNG, Prototype/JQuery, etc.
In other words, the bandwidth problem is real, but there are some options.
Identity is really the easiest part of the problem.
But reputation is easy as well. The problem with most proposals is that they are focused on organizational reputation rather than personal reputation.
Reputation, however, is relative and contextual. We don't need Slashdot vouching for us, we need people in our own address book / social network. Then we can vouch for our friends/family in various ways ("this person isn't a spammer", "this person knows a lot about cars", etc.).
But the real power of a personal reputation system is that it is transitive. If I trust that Alice is not a spammer, and Alice trusts that Bob is not a spammer, I can to some degree also trust Bob, and so can my friends, etc. A few degrees of Kevin Bacon there and you've got a real system.
Such a system allows for anonymity as well. I don't need to use my real name if I can generate some other identity and foster trust in some other community. As long as the identity token itself is secure, they don't need to know my name, they just need to know I'm not a troll, I'm insightful (hint hint), etc.
My vision of such a system would use SMTP as the transport mechanism for requesting and relaying trust between parties. Mail agents would handle the requests automatically, like calendar-enabled mail programs do now, and it is a fully-distributed system. Mail clients would also cache trust from their own "friends," like DNS, to better respond to requests.
This degrades well, since the emails can contain manual instructions for those whose mail clients don't have this feature. Or their Internet providers can help with server-based responses, so the mail client doesn't even need to be involved in most cases.
With such a system, spam would mostly be a thing of the past. I can limit incoming email to only people in my Address Book, people in theirs, etc. out to some limit of degree. Chances are, that will quickly encompass everyone likely to want to send me a legitimate email, and bounce away people with no legitimate friends (spammers). The system would self-correct when accounts are compromised or people unwittingly trust spammers, and if a friend of mine is too naive and adds spammers to his list constantly, I can stop trusting his list.
We really do need a ubiquitous identity-trust system, something that uses existing protocols to share trust and integrates with IM, email, online forums, auction sites, etc. But the problem itself isn't that hard.
Just like software firewalls, this is just snake oil for feeble-minded people who don't realize that firewalls are for blocking access *between* networks, not for closing ports that shouldn't be open in the first place on individual machines.
Nothing new here. Google already tracks *which* search results you click on, not just what you search for (and not just for the ads--they use a redirection to track the click). And a huge number of sites already use Google ads, so they know when you visit *those* pages as well.
My concern is that Google's data retention period is still far too long. 90 days should be sufficient for having personally-identifiable logs around to detect click-fraud, respond to court-ordered subpoenas, etc. Same goes for libraries, video rentals, non-returnable purchases, tollway passes, public security cameras, etc.
Here in the US, we really need a stronger definition for the Constitutional concept of "papers and effects" to include data hosted or trafficked through services like Google, email/IM servers, etc. where some reasonable expectation of privacy is assumed.
Slashdot Mirror
I live in Beaumont, and I'm a RR customer.
Every time we're told that increased costs go to "infrastructure," we get the same crappy 6Mbps download speeds, downtime every Sunday night, no-show service calls, and human-unfriendly telephone support.
As a former owner of a dialup ISP, I completely understand the "5%" rule.
However, a 15-40GB limit is clearly not intended to curtail those users.
The "problem" users are up in the 200GB/mo region, not a measly 3-7 DVD ISOs.
This is nothing short of a preemptive attack against companies like NetFlix, Apple, Packet8, Vonage, etc. who offer DVD/HD downloads, VOIP, videoconferencing, and other services that compete with the incumbent's own services.
Note that the new bandwidth cap does NOT include the VOD or VOIP services you buy from TWC.
Again, I'm ok with fair and non-putative metering. I pay a larger water bill because my swimming pool has a leak. I pay a larger electric bill because I have an old house and I like it cool.
But my water company simply charges me based on usage. There are no caps and no punitive pricing brackets. And they aren't trying to sell me pool maintenance services that come with "free" pool re-fills.
If someone could hack into the ISP's DNS server, it wouldn't matter where the fake code is being requested from.
And, frankly, they could do a lot more dangerous (and easy pay-off) things than just redirect requests for a Javascript library--such as redirecting ebay, paypal, etc. to a phishing site.
Do you *honestly* think that Google is going to modify the code for Prototype and slap some AdSense/Analytics goodies in there?
The library developers would have their hide if they attempted such a thing!
And I'm NOT wrong about cookies. Your site's cookies are not sent in the HTTP request, they would only be accessible via JavaScript--and again, without Google modifying the source code of these libraries to be malicious, they wouldn't be privy to those cookies.
Not that cookies store anything useful these days... almost everyone with serious server-side code uses server-side persisted sessions, so the only cookie is the session ID.
These are static releases of library code written by others.
Google would only be able to execute Javascript on your user's page if they modified the source code of the library you were loading from them. Which would be a BIG no-no.
(Google does have a "loader" function available, but also just allows you to include the libraries via a traditional script tag to a static URL.)
Otherwise, cookies are NOT cross-domain and wouldn't be passed with the HTTP request, unless you were silly enough to CNAME your "js.mysite.com" to "ajax.googleapis.com".
So, don't put confidential information in your GET requests, and they won't be part of the referrer sent to Google. Duh.
Oh no! If Google decides they don't want to spend the $10/year this will cost them anymore, I might have to change a header and footer script! Or *gasp* use a search-and-replace to fix the URLs!
I'm *so* scared.
Google is supporting web apps and offering to host the nasty boring bits that need strong caching. How very evil of them.
And if Google is hacked, we're ALL screwed a hundred different ways. The average web developer *using* these libraries is more likely to have a vulnerable server than Google.
I asked Google to do this a long time ago:
http://www.tallent.us/blog/?p=7
This will enable web developers to support richer, cross-browser apps without the full "hit" of additional HTTP connections and bandwidth.
Users gain the benefit of faster rendering on every site that uses these libraries--both due to proper caching, and because their browser can open more simultaneous HTTP connections.
If Google goes down, change your header/footer scripts. BFD.
In an age where Flash/Silverlight/etc. are supposed to be the "next big thing," I'm glad at least one company is not abandoning HTML-based apps.
I'm reading the CAN-SPAM Act right now, and though I'm not a fan of spam regardless of the source, I'm not sure a MySpace PM, tag, photo comment constitutes an "electronic message" under that law.
SMTP by its nature is VERY vulnerable to abuse (false headers, having to accept and filter from unknown servers, etc.), so a law protecting it is reasonable.
This is similar in concept to fax-spam. Sure, you could build a fax machine that would only accept incoming calls from a "white list," but it would create as many problems as it solves. And, yet, having to accept unknown callers results in the owners of the fax machine wasting resources receiving and processing the spam calls.
However, a "message" between members of a private web site such as MySpace is only as vulnerable as Tom and his minions choose to implement it.
If MySpace doesn't like spam, they should change their system to not encourage it. Unlike SMTP, they control the whole system and can add reasonable protections. Thus, there is no need for a specific law to "protect" them against spammers.
And, in fact, MySpace now has a number of protection options to keep spammers and random strangers away from your message box--protections that your ISP doesn't have for your POEM (plain old e-mail) account.
IMHO, the spammers should be prosecuted criminally for computer intrusion (for phishing accounts), not sued in civil court.
I wonder what Comcast's network would look like if they spent as much money improving bandwidth as they apparently do "shaping" (damaging) the traffic already on their wires.
Apple has a roughly 8% market share, and other *NIX machines roughly 1%. Within the same order of magnitude.
So, when Linux and FreeBSD users start installing desktop AV software in droves, I'll start worrying about my Macs.
Not to mention zip codes.
Government funding means (hopefully) public-domain licensing. Sounds good to me.
You need to stay the hell out of your parent's business.
When you have a 7-year-old, feel free to lock yourself out of their PC.
I'm in Beaumont, TX and have been a happy RR customer for a few years now. They kick ass over Bell's DSL service.
But since I'm looking into a few online movie rental/purchase solutions (Dish, Apple, NetFlix, etc.), I could see myself becoming one of the affected users.
I'm ok paying for my heavy-use times, just as I am with my cell phone, provided FOUR things happen:
1. NET NEUTRALITY. They can charge me to eat cake, but no more whining about the baker's "free ride."
2. EMAIL ALERTS. I don't want to go check some lame "bandwidth meter" every few days.
3. NON-PUNITIVE RATES. If I go over one month, bump me up a tier that month, DON'T charge me some ridiculous "punishment" rate for exceeding my tier.
4. BI-DIRECTIONAL. Current pricing is based on "average" current usage, so if I'm out of town a lot one month and I end up downloading less than the average bear, I should get the "grandma downloading recipes" (lower-tier) rate that month, automatically.
Unfortunately, I don't see any candidates supporting the "Big Switchgrass" lobby (lol) with federal grants and subsidies.
;)
The government is *ALWAYS* ten years late on supporting technology, and usually picks the wrong one. Same situation with PV, hybrid cars, and nuclear power... about the time some lobbyist gets enough "representatives" to sign on to some legislation that makes their life easy, a new start-up or breakthrough makes them obsolete.
One more reason to vote for someone who believes that open markets will drive innovation a lot faster than corporate/agricultural welfare, and that states can be more responsive when government needs to have a role.
I know, I'm yet another rabid Ron Paul supporter. But at least if we elect him, hemp will have a chance to compete with switchgrass. Which will be great, except your car will have the munchies and will insist on calling you "dude" and "bro" when your door is ajar.
When your application doesn't work, refactor the code.
When the government doesn't work, refactor the system.
Actually, UPS *does* do route-planning using a sophisticated algorithm. It even tries to minimize left turns:
http://slashdot.org/article.pl?sid=07/12/12/1355219&from=rss
Reproducing or even bringing WINE up to consumer level would be a monumental task. I don't think their strategy is to support Windows apps across-the-board.
My guess is that Apple has a secret project to integrate just enough of WINE/Crossover into OS X to support Microsoft Office, in the event that Microsoft backs down on its commitment to provide Office for Mac.
Microsoft screwed them over before on its promised releases of Office, and Office is a de facto requirement for corporate workstations.
Yes, iWork, OpenOffice, and Office-under-Parallels are good alternatives, but they are NOT feature-complete or performant, and are a much harder sell than "and it runs Microsoft Office too!"
The solution to social networks and spam is the same: *trust networks*.
Not identity, TRUST.
As in, you can't send me an email unless someone *I* know vouches for you. Or someone they know, etc., with degrees of separation up to my level of comfort.
I don't need to know you personally (or even know your real name) to trust you as someone who won't spam me, and I can probably trust your trusted contacts as well. With 3-4 degrees of separation, the people allowed to contact me via IM, email, telephone, etc. would likely include almost EVERYONE who would legitimately need to contact me, while including no spammers.
Sure, social engineering is always possible with such a system, but if my buddy Joe (or his buddy Frank) is an idiot and has a habit of trusting spammers, I should simply be able to mark him as "untrustworthy."
Now, how does this apply to the TERRORIST-PREDATOR-HACKER problem?
First off, predators are experts at social engineering, and even full government vetting would only prevent *registered* predators from obtaining accounts, not the ones who've never been caught. We can't even get the terrorist no-fly database right, so I have ZERO confidence that social networks could ever be predator-free.
So, for your children's accounts, use the trust system to your advantage by only marking yourself and other trusted adults/groups as contacts that can either contact your kid directly or that can be used as trust verification contacts. Doesn't solve the uncle/teacher/priest problem, but should be a perfectly reasonable way to keep your kids from being contacted by people you don't know.
I bought my iPhone this past weekend (dumb move in retrospect, I should have waited until Wednesday).
.NET/SQL Server development), we upgraded my wife to a 15.4" MBP last month, and they've now "suckered" me into two iPhones.
To do so, I had to break contract with Verizon for two lines, but the total monthly package at AT&BigBrother was the *same* price as my old Verizon package, but had 300 extra minutes, 200 SMS, and the unlimited data on my line (the iPhone). Also spent $100 to hook my wife up with a phone, figuring she would inherit my iPhone when v2 came out.
Today, I walked into the AT&T store, showed my receipt, and got a $200 credit on the iPhone purchase since it was purchased within 14 days. No hassles, and it was a credit directly against my bill, not toward future purchases.
So I turned around, returned the wife's cheapy-phone, and got her one of the last $300 4GB iPhones. Now I'm paying $20 more a month than I was with Verizon (since I had to add the data package for her iPhone).
Apple has, for now, won me over on service and design. After my Mac Pro purchase a year ago (a BIG switch for me, since I used to build my own PCs and my career is
Made my first Keynote '08 presentation last night, in a fraction of the time it would have taken in PPT, and Steve Jobs will have another $200 or so next month when Leopard comes out.
So, I guess that makes me a fan-boy. Anyone wanna buy my old Audiovox XV-6700?
...sheep outnumber foxes ...followers outnumber leaders ...SUV owners outnumber hybrid owners ...more people voted for major parties in the primaries than third parties ...more people watched a new reality TV show last night than a new special on the History Channel ...more people watched TV last night than picked up a newspaper ...it's easier to paint the kitchen walls than to replace the cabinets, floor, and appliances. ...a $99 OS upgrade is cheaper than a new $1500 computer ...more people buy new computers in at the local big box store than hunt for an Apple dealer or shop online
Sheesh. This is "news" now?
Also, the methodology used for this statistic is telling: "web visitors." The user's OS is becoming so inconsequential that it is measured in terms of people using said operating systems merely to access cross-platform, web-based applications.
Uhm, yes, actually. If I lose a book somewhere, the finder has a way to contact me.
My web site URI, home address, email addresses, and phone numbers are all published. I'm not a celebrity, so I don't consider these "private" information.
If iTunes were storing biometric information, passwords, SSN, etc. in the files, that's a problem, but this is equivalent to writing your name on a CD or engraving it on some piece of equipment you might resell someday.
I write my name in books when I buy them, and I've never considered the "privacy concern" of erasing it when selling the book, because the buyer already knows who I am. We wanted DRM-free music, we got it. The only people complaining are the cheap bastards who want to share the files over P2P.
Can we please start complaining about privacy issues that actually matter, like the fact that iPhone users' only service option is the same monopoly that was and is spying on the majority of all of our Internet traffic, without a court order or Congressional oversight?
I'm as disappointed as anyone at the lack of an SDK. Apparently AJAX isn't good enough for their own Mail and Google Maps apps, but it's a Really Sweet Solution for everyone else.
But there is a silver lining: Safari will presumably support SVG, as it does now on OS X and Windows.
You can stuff a lot of rich functionality into a small SVG+AJAX application vs. a web app that requires HTML, CSS, PNG, Prototype/JQuery, etc.
In other words, the bandwidth problem is real, but there are some options.
Identity is really the easiest part of the problem.
But reputation is easy as well. The problem with most proposals is that they are focused on organizational reputation rather than personal reputation.
Reputation, however, is relative and contextual. We don't need Slashdot vouching for us, we need people in our own address book / social network. Then we can vouch for our friends/family in various ways ("this person isn't a spammer", "this person knows a lot about cars", etc.).
But the real power of a personal reputation system is that it is transitive. If I trust that Alice is not a spammer, and Alice trusts that Bob is not a spammer, I can to some degree also trust Bob, and so can my friends, etc. A few degrees of Kevin Bacon there and you've got a real system.
Such a system allows for anonymity as well. I don't need to use my real name if I can generate some other identity and foster trust in some other community. As long as the identity token itself is secure, they don't need to know my name, they just need to know I'm not a troll, I'm insightful (hint hint), etc.
My vision of such a system would use SMTP as the transport mechanism for requesting and relaying trust between parties. Mail agents would handle the requests automatically, like calendar-enabled mail programs do now, and it is a fully-distributed system. Mail clients would also cache trust from their own "friends," like DNS, to better respond to requests.
This degrades well, since the emails can contain manual instructions for those whose mail clients don't have this feature. Or their Internet providers can help with server-based responses, so the mail client doesn't even need to be involved in most cases.
With such a system, spam would mostly be a thing of the past. I can limit incoming email to only people in my Address Book, people in theirs, etc. out to some limit of degree. Chances are, that will quickly encompass everyone likely to want to send me a legitimate email, and bounce away people with no legitimate friends (spammers). The system would self-correct when accounts are compromised or people unwittingly trust spammers, and if a friend of mine is too naive and adds spammers to his list constantly, I can stop trusting his list.
We really do need a ubiquitous identity-trust system, something that uses existing protocols to share trust and integrates with IM, email, online forums, auction sites, etc. But the problem itself isn't that hard.
Just like software firewalls, this is just snake oil for feeble-minded people who don't realize that firewalls are for blocking access *between* networks, not for closing ports that shouldn't be open in the first place on individual machines.
Nothing new here. Google already tracks *which* search results you click on, not just what you search for (and not just for the ads--they use a redirection to track the click). And a huge number of sites already use Google ads, so they know when you visit *those* pages as well.
My concern is that Google's data retention period is still far too long. 90 days should be sufficient for having personally-identifiable logs around to detect click-fraud, respond to court-ordered subpoenas, etc. Same goes for libraries, video rentals, non-returnable purchases, tollway passes, public security cameras, etc.
Here in the US, we really need a stronger definition for the Constitutional concept of "papers and effects" to include data hosted or trafficked through services like Google, email/IM servers, etc. where some reasonable expectation of privacy is assumed.