"Lik-Sang did not contest this case (i.e. they did not turn up and therefore incurred no legal costs). We have been awarded substantial costs against Lik-Sang which have not been paid," the statement claims. "We would therefore strongly deny that our actions have had anything to do with this website closing (we assume the legal entity is still trading), and would suggest that this release is sour grapes on behalf of Lik-Sang which is aimed to belittle Sony Computer Entertainment and the British judicial system that found against them."
The mention of "substantial costs" suggests the size of the judgment may have been what caused Lik-Sang to close its doors.
Good thing data centers are obsolete, 'cause Sun's data center is having some problems handling a Slashdotting. Here's what I get from the featured link:
"System Maintenance in Progress
The blogs.sun.com team is currently working on some system improvements which require us to briefly disable our normal blogging services. We are working quickly and expect to resume services very shortly.
Thanks,
The Blogs Team."
This would only be a problem if data centers were still relevant. Sheesh.
You'd be amazed at how technically sophisticated some of these phishing crews are becoming. They've all got botnets in which they wield large numbers of compromised computers. If a bot can be trained to sign up for a Blogspot blog and autogenerate SpamSense blogs, they may find a way to vote for/against sites on this system as well. Bot nets are perfect for online voting, as they can send a steady stream of votes from different IP addresses. That's why blogs have such trouble with comment spam - it's coming from 50 different IP addresses.
This weakness was first described at the CRYPTO conference in August, and a technical explanation of the exploit was public on Aug. 27, Open SSL issued its advisory and patch on Sept. 5 and the Netcraft article cited by ZDNet has been online since Sept. 7. So while this is a potentially problematic security issue, it's not brand new, has been patched by OpenSSL and quite a few vendors have issued patches as well.
IANAL, but I worked as an editor at daily newspapers for many years, and as part of that process got to sit through more than few briefings from media company lawyers about libel and defamation. Laws vary from state to state, but the key issues for newsroom employees in defending a contested story usually focus on "absence of malice" (i.e. the reporter wasn't "out to get" the subject) and the amount of care taken in the process of preparing and editing the story, and that there wasn't "reckless disregard" for the accuracy of facts.
The lawyer's letter makes it appear that the New Yorker was provided with accounts contesting key parts of the article prior to publication. How the competing accounts on a contested fact are reviewed and balanced is often significant. If the subject of a story or their advocates contest a fact prior to publication, the practice is normally to include their version of events out of fairness to the source. The lawyer is alleging that the New Yorker didn't do this. Is this a legitimate editorial decision or an actionable error? That's one for the lawyers. It will be interesting to see if the New Yorker responds in print.
Phishing crews have been targeting web site vulnerabilities to deploy spoof sites for several years. In its year-end 2005 Phishing by the Numbers report, Netcraft noted that more than 600 phishing spoof sites were hosted on compromised forums and content management systems in 2005. In January hackers increased their targeting of PHP-based CMS and blogging apps, and were able to distribute the Windows WMF malware through a customer support forum on AMD's web site. There's nothing cutting edge at all about this.
... all those spam blogs on Blogger networking with one another. They're very social about it, too.
It seems to me that the survey doesn't boost the cause for social networking, but leads to the opposite conclusion - that even the 10 largest social networking sites added together don't add up to the traffic seen by Yahoo or Google. Count me underwhelmed.
Setting aside issues of the Right Media submission of its own service and the confusing introduction.... is this a useful product for bloggers and niche sites? I saw the TechCrunch story last night and followed the link. It isn't really an auction so much as a service that optimizes an ad stream that chooses among available ads from several networks to find the one that will pay the best. This concept isn't new... Right Media has been using it with larger clients, and the domain monetization crowd has been doing this forever (see Moniker's Traffic Club service).
This isn't a serious competitor to AdSense for niche publishers. Here's why: all the networks it aggregates are focused on large publishers. Most require a boatload of page views to participate, and serve low-paying run-of-network ads to their smaller publishers. The great thing about AdSense is it allows you to serve relevant, effective text ads on sites like mine that get only 10,000 visitors a month. AdSense was designed to work well for small publishers AND huge ones. That's why it's been effective.
RMX Direct is trying to create a service that can bridge that gap. My bet is that it will monetize better than dealing directly with a single big-ass ad network, but less well than AdSense.
This issue has a been a hot topic at conferences for data center professionals, with a lot of debate about timetables. Several facility designers are advocating DC distribution as the solution to the current power/cooling challenges. Corporate data center managers like the cost savings projections, but want to see it work in someone else's facility before they put their neck on the line and pitch a DC conversion to their bosses. That's the real value of the Livermore project discussed in TFA - it provides a working model.
Right now the cost of power is remaking the landscape of the data center industry. Yesterday there was another announcement of a huge data center in central Washington State. Sabey will invest $100 million in a facility right up the street from where Microsoft and Yahoo have data centers under construction. It's all about cheap hydro power. Both Microsoft and Yahoo have contracted for more than 40 megawatts of power from the local utility. That's why DC is one of the solutions that will begin to get serious consideration.
Mosso uses server clusters lets you run both ASP and PHP on the same setup for $100 a month. No root access, but an interesting blend of features. Might be more accessible than VPS, which is the other choice between shared and dedicated. It's owned by Rackspace Managed Hosting.
Skilled computer techs who will do residential site visits are hard to find, so instead people default to a choice that they believe will insulate them from the worst-case scenarios. Most non-geek users have trouble assessing whether or not a computer consultant is capable or will muck up their machine even worse. Rather than taking the risk that they'll hire some dimwit or crook, they go to Best Buy (or CompUSA) and pay extra for their service in the belief that this gives them options if the repair goes badly. The crooked consultant can disappear with their money before the "fixed" computer blows up. It's not that easy to move the Best Buy store, so the guy is likely to return and demand satisfaction.
Jakob Nielsen was once an important voice on usability issues, but that's only true today if you use Lynx or some other text browser. He recently tried to apply his expertise to the topic of "banner blindness" (the tendency of Web users to ignore ad banners) and how it was also undermining contextual ads like Google's AdWords. A lot of bloggers and site owners were concerned about this, given Nielsen's reputation and his use of EyeTracker (a really cool tool) for the research. It turns out his work on "text box blindness" tested pages designed with poorly positioned text ads that were so lame they failed to even follow Google's own heatmap for optimizing ads. Note that the ad in Nielsen's test page is in the least effective spot on the Google heatmap. All he proved was that people who don't pay any attention to ad placement won't get any clicks. Good thing Jakob's not relying on AdSense for his income.
"The first rule of the Data Center is - you do not talk about the Data Center. The second rule of the Data Center is - you DO NOT talk about the Data Center."
Like Google, Wal-Mart is crazy secretive about a mega-data center in Joplin, Mo., which caught the attention of the local media. The Wal-Mart rep: "This is not something that we discuss publicly. We have no comment. And that's off the record."
Maybe all that technology will be able detect the traffic going to mortage.com, which just sold for $242,000. Yep. So many people miss the "g" that the traffic to the domain is worth a quarter million dollars. Go figure.
A follow-up story in GameDaily's media column does a good job outlining why this is problematic. Their final point is a really good one - now that there's some level of confirmation of what we've always suspected, what's gonna change? An excerpt:
"Now is the time for the blogs, the fervent fan sites and news aggregators to step up. The game blogs and alternate videogame news sources should do everything possible to keep this story alive while maintaining their own integrity. If these compromise stories are distasteful to their core alternative videogame readership, then they should become a focal point for change. These guys should do everything possible to keep this story rolling, because they provide alternatives that aren't wholly supported by the game makers themselves."
There's way too many people drinking the blogging/web 2.0 Kool-Aid these days. It it's "business" blogging, it should be about the bottom line. The Amazon CTO's questions are good ones, and Scoble and Israel didn't offer meaningful answers until afterward. It does sound a bit like he ambushed them, though... the blogger boosters arrived for a fun chat to promote their book, and found a business meeting breaking out. It'll probably help Scoble sell more books.
Of course, this was only the second-best drama in the Blogosphere this week, running second to the scantily-clad Strumpette and her run-in with Edelman PR.
Re:The problem goes right down to the SSL layer
on
Why Phishing Works
·
· Score: 1
I agree that the number scheme would be more effective - for users who can understand and follow the system. The key phrase is "if we teach people to check the SSL number." My experience, a significant percentage of users are unlikely to embrace anything more complex than the green-red system. When it comes to Internet security, the majority of users are just not very teachable. The article that launched the thread is pretty clear about this.
Re:The problem goes right down to the SSL layer
on
Why Phishing Works
·
· Score: 1
Users who ignore brower warnings are, almost be definition, incapable of drawing the distinctions you describe based upon the level or type of encryption. That's why the browser makers are using a color-coded system for the new user interface.
Green = Good
Red = Bad
The browser developers gave a lot of thought to this, and defaulted to the simplest scheme possible.
299 out of 300 ignore browser SSL warnings
on
Why Phishing Works
·
· Score: 1
Users routinely ignore pop-up warnings about invalid SSL certificates. Last May New Zealand's BankDirect inadvertantly let an SSL certificate for its online banking URL expire. Server logs show that all but one of 300 users during the 11-hour expiration period dismissed the warning and logged in as usual.
I suppose it's possible that some users reviewed the expired certficate and made an informed judgment that the site was still safe, but I bet many didn't even look. Phishers know this and regularly construct spoofs using invalid SSL certificates, betting that customers will trust the "gold key" and ignore the browser warning.
The credit card processing gateway StormPay was knocked offline by this type of DNS amplification last month. The traffic peaked above 6 gigabits per second, and continued for weeks.
As previous posters have noted, these attacks have become more frequent in recent months, prompting an advisory from US-CERT (PDF) in December. It's a hot topic on several security lists, and a special focus of SecuriTeam blogger Gadi Evron.
Two observations made in this thread are true, and explain why previews are usually uncritical page-fillers:
1. Previews are by their nature incomplete and journalists hold their fire because it's not entirely fair to trash a work-in-progress.
2. Readers want previews, and their desire for previews can be a decision maker at the newsstand.
The bigger question is this: why even do previews at all? Consumers always want to know what hot products are coming down the pike. But journalists in many industries resist the urge to make previews a core component of their coverage, because it leaves them vulnerable to manipulation by puiblishers. They recognize that reviewing an unfinished product is fundamentally a bad idea, and serves readers poorly. Unfortunately, it's too late for the games industry to put that cat back in the bag. Readers expect previews, and so they're stuck with sucky ones.
The solution is to build new game journalism models in the blogosphere, and for gamers/readers to support them, so whatever new models emerge don't get corrupted by publisher advertising cash.
This morning WNBC News (Channel 4) in New York was touting an upcoming segment on identity theft. It turned out to be a jailhouse interview with a phisher who's doing hard time for grand larceny.
Slashdot Mirror
"Lik-Sang did not contest this case (i.e. they did not turn up and therefore incurred no legal costs). We have been awarded substantial costs against Lik-Sang which have not been paid," the statement claims. "We would therefore strongly deny that our actions have had anything to do with this website closing (we assume the legal entity is still trading), and would suggest that this release is sour grapes on behalf of Lik-Sang which is aimed to belittle Sony Computer Entertainment and the British judicial system that found against them."
The mention of "substantial costs" suggests the size of the judgment may have been what caused Lik-Sang to close its doors.
No rumors? 1 billion blogs fall silent. Is it okay if they just copy American rumors and circulate those?
"System Maintenance in Progress
The blogs.sun.com team is currently working on some system improvements which require us to briefly disable our normal blogging services. We are working quickly and expect to resume services very shortly.
Thanks,
The Blogs Team."
This would only be a problem if data centers were still relevant. Sheesh.
You'd be amazed at how technically sophisticated some of these phishing crews are becoming. They've all got botnets in which they wield large numbers of compromised computers. If a bot can be trained to sign up for a Blogspot blog and autogenerate SpamSense blogs, they may find a way to vote for/against sites on this system as well. Bot nets are perfect for online voting, as they can send a steady stream of votes from different IP addresses. That's why blogs have such trouble with comment spam - it's coming from 50 different IP addresses.
This weakness was first described at the CRYPTO conference in August, and a technical explanation of the exploit was public on Aug. 27, Open SSL issued its advisory and patch on Sept. 5 and the Netcraft article cited by ZDNet has been online since Sept. 7. So while this is a potentially problematic security issue, it's not brand new, has been patched by OpenSSL and quite a few vendors have issued patches as well.
IANAL, but I worked as an editor at daily newspapers for many years, and as part of that process got to sit through more than few briefings from media company lawyers about libel and defamation. Laws vary from state to state, but the key issues for newsroom employees in defending a contested story usually focus on "absence of malice" (i.e. the reporter wasn't "out to get" the subject) and the amount of care taken in the process of preparing and editing the story, and that there wasn't "reckless disregard" for the accuracy of facts.
The lawyer's letter makes it appear that the New Yorker was provided with accounts contesting key parts of the article prior to publication. How the competing accounts on a contested fact are reviewed and balanced is often significant. If the subject of a story or their advocates contest a fact prior to publication, the practice is normally to include their version of events out of fairness to the source. The lawyer is alleging that the New Yorker didn't do this. Is this a legitimate editorial decision or an actionable error? That's one for the lawyers. It will be interesting to see if the New Yorker responds in print.
Phishing crews have been targeting web site vulnerabilities to deploy spoof sites for several years. In its year-end 2005 Phishing by the Numbers report, Netcraft noted that more than 600 phishing spoof sites were hosted on compromised forums and content management systems in 2005. In January hackers increased their targeting of PHP-based CMS and blogging apps, and were able to distribute the Windows WMF malware through a customer support forum on AMD's web site. There's nothing cutting edge at all about this.
... all those spam blogs on Blogger networking with one another. They're very social about it, too.
It seems to me that the survey doesn't boost the cause for social networking, but leads to the opposite conclusion - that even the 10 largest social networking sites added together don't add up to the traffic seen by Yahoo or Google. Count me underwhelmed.
Setting aside issues of the Right Media submission of its own service and the confusing introduction .... is this a useful product for bloggers and niche sites? I saw the TechCrunch story last night and followed the link. It isn't really an auction so much as a service that optimizes an ad stream that chooses among available ads from several networks to find the one that will pay the best. This concept isn't new ... Right Media has been using it with larger clients, and the domain monetization crowd has been doing this forever (see Moniker's Traffic Club service).
This isn't a serious competitor to AdSense for niche publishers. Here's why: all the networks it aggregates are focused on large publishers. Most require a boatload of page views to participate, and serve low-paying run-of-network ads to their smaller publishers. The great thing about AdSense is it allows you to serve relevant, effective text ads on sites like mine that get only 10,000 visitors a month. AdSense was designed to work well for small publishers AND huge ones. That's why it's been effective.
RMX Direct is trying to create a service that can bridge that gap. My bet is that it will monetize better than dealing directly with a single big-ass ad network, but less well than AdSense.
This issue has a been a hot topic at conferences for data center professionals, with a lot of debate about timetables. Several facility designers are advocating DC distribution as the solution to the current power/cooling challenges. Corporate data center managers like the cost savings projections, but want to see it work in someone else's facility before they put their neck on the line and pitch a DC conversion to their bosses. That's the real value of the Livermore project discussed in TFA - it provides a working model.
Right now the cost of power is remaking the landscape of the data center industry. Yesterday there was another announcement of a huge data center in central Washington State. Sabey will invest $100 million in a facility right up the street from where Microsoft and Yahoo have data centers under construction. It's all about cheap hydro power. Both Microsoft and Yahoo have contracted for more than 40 megawatts of power from the local utility. That's why DC is one of the solutions that will begin to get serious consideration.
Mosso uses server clusters lets you run both ASP and PHP on the same setup for $100 a month. No root access, but an interesting blend of features. Might be more accessible than VPS, which is the other choice between shared and dedicated. It's owned by Rackspace Managed Hosting.
Skilled computer techs who will do residential site visits are hard to find, so instead people default to a choice that they believe will insulate them from the worst-case scenarios. Most non-geek users have trouble assessing whether or not a computer consultant is capable or will muck up their machine even worse. Rather than taking the risk that they'll hire some dimwit or crook, they go to Best Buy (or CompUSA) and pay extra for their service in the belief that this gives them options if the repair goes badly. The crooked consultant can disappear with their money before the "fixed" computer blows up. It's not that easy to move the Best Buy store, so the guy is likely to return and demand satisfaction.
Where's the Think Geek boutique? All those Second Life folks need to get themselves some Slashdot T-shirts.
Jakob Nielsen was once an important voice on usability issues, but that's only true today if you use Lynx or some other text browser. He recently tried to apply his expertise to the topic of "banner blindness" (the tendency of Web users to ignore ad banners) and how it was also undermining contextual ads like Google's AdWords. A lot of bloggers and site owners were concerned about this, given Nielsen's reputation and his use of EyeTracker (a really cool tool) for the research. It turns out his work on "text box blindness" tested pages designed with poorly positioned text ads that were so lame they failed to even follow Google's own heatmap for optimizing ads. Note that the ad in Nielsen's test page is in the least effective spot on the Google heatmap. All he proved was that people who don't pay any attention to ad placement won't get any clicks. Good thing Jakob's not relying on AdSense for his income.
Like Google, Wal-Mart is crazy secretive about a mega-data center in Joplin, Mo., which caught the attention of the local media. The Wal-Mart rep: "This is not something that we discuss publicly. We have no comment. And that's off the record."
Netcraft has been tracking some of World of Warcraft's recent network problems, and has a performance chart that shows the recent problems.
Maybe all that technology will be able detect the traffic going to mortage.com, which just sold for $242,000. Yep. So many people miss the "g" that the traffic to the domain is worth a quarter million dollars. Go figure.
"Now is the time for the blogs, the fervent fan sites and news aggregators to step up. The game blogs and alternate videogame news sources should do everything possible to keep this story alive while maintaining their own integrity. If these compromise stories are distasteful to their core alternative videogame readership, then they should become a focal point for change. These guys should do everything possible to keep this story rolling, because they provide alternatives that aren't wholly supported by the game makers themselves."
Of course, this was only the second-best drama in the Blogosphere this week, running second to the scantily-clad Strumpette and her run-in with Edelman PR.
I agree that the number scheme would be more effective - for users who can understand and follow the system. The key phrase is "if we teach people to check the SSL number." My experience, a significant percentage of users are unlikely to embrace anything more complex than the green-red system. When it comes to Internet security, the majority of users are just not very teachable. The article that launched the thread is pretty clear about this.
Green = Good
Red = Bad
The browser developers gave a lot of thought to this, and defaulted to the simplest scheme possible.
I suppose it's possible that some users reviewed the expired certficate and made an informed judgment that the site was still safe, but I bet many didn't even look. Phishers know this and regularly construct spoofs using invalid SSL certificates, betting that customers will trust the "gold key" and ignore the browser warning.
As previous posters have noted, these attacks have become more frequent in recent months, prompting an advisory from US-CERT (PDF) in December. It's a hot topic on several security lists, and a special focus of SecuriTeam blogger Gadi Evron.
1. Previews are by their nature incomplete and journalists hold their fire because it's not entirely fair to trash a work-in-progress.
2. Readers want previews, and their desire for previews can be a decision maker at the newsstand.
The bigger question is this: why even do previews at all? Consumers always want to know what hot products are coming down the pike. But journalists in many industries resist the urge to make previews a core component of their coverage, because it leaves them vulnerable to manipulation by puiblishers. They recognize that reviewing an unfinished product is fundamentally a bad idea, and serves readers poorly. Unfortunately, it's too late for the games industry to put that cat back in the bag. Readers expect previews, and so they're stuck with sucky ones.
The solution is to build new game journalism models in the blogosphere, and for gamers/readers to support them, so whatever new models emerge don't get corrupted by publisher advertising cash.
This morning WNBC News (Channel 4) in New York was touting an upcoming segment on identity theft. It turned out to be a jailhouse interview with a phisher who's doing hard time for grand larceny.