Blind Alley Graffiti.

Say what you will about the tidal wave that is social media: it’s over-hyped, a fad halfway through its 15 minutes, that <insert social network, platform, app> surely won’t be around in a few years’ time.

But take a look below at the steep curve of the user growth rate in all age ranges and demographics, and the continuing pervasiveness of social networking into every facet of work, play and life in general. It’s hard to argue that social media hasn’t changed forever how we interact and connect online. See for yourself: (click image to enlarge)

via searchenginejournal.com

Download this gallery (ZIP, null KB)

Download full size (174 KB)

October 1, 1932: Third game of the World Series, with the Yankees taking on the Chicago Cubs at Wrigley Field. Two strikes, two balls. The Cubs are one strike away from stopping the greatest slugger who ever lived.

Babe Ruth points to centerfield. That’s where the ball was going to go. The pitcher grips the ball, winds up the pitch and fires a curve ball. With a swing and the crack of the bat, the ball sails in that direction. Going, going, gone. He homers the ball 440 feet into centerfield, just as predicted.

—

CONVICTION

This is possibly the finest example of conviction ever displayed. Babe Ruth’s conviction is illustrated in two parts — telling people you’re going to do it — then doing it.

This should mean a lot to you if you’re a startup founder. That’s because telling people you’re going to do it means believing it and getting others to believe. If you are hiring or looking for a cofounder, my number one advice is to look closer at the people you already know and trust. Few teams seem to push on this nearly enough. 

It seems as though people are afraid of transferring their idea into other people’s brains. But that’s the entire point of what we’re trying to do — when trying to put a dent in the universe. People close to you are always the best people to try to recruit. As an added benefit: If you can’t get your best friends to join, maybe you actually are crazy or wrong. This is your best way and sometimes only way to tell. 

I know you are thinking… people have their own stuff going on. Close friends have jobs and sometimes their own startups. But let me tell you — if you really know this other kind of world that you have in your head is going to exist, then you are doing them a huge disservice not to tell them about it.

If you can infuse your belief into others, then you will succeed. We all know that true believers can move mountains. Small armies of true believers can conquer mercenary armies of any size. This is why small teams of half a dozen people can take down goliaths.

Download this gallery (ZIP, null KB)

Download full size (104 KB)

OBLIGATORY STEVE JOBS REFERENCE: Steve Jobs has called himself a recruiter in interviews. This is not surprising. Everything past the first earliest stage of the garage is about care and feeding of the organization. The company. Steve Jobs is a master at making true believers, and true believers can do truly great things.

As for Babe Ruth… I consider him one of my most revered startup heroes.

Download this gallery (ZIP, null KB)

Download full size (141 KB)

via garry.posterous.com

A new worm called Morto has begun making the rounds on the Internet in the last couple of days, infecting machines via RDP (Remote Desktop Protocol). The worm is generating a large amount of outbound RDP traffic on networks that have infected machines, and Morto is capable of compromising both servers and workstations running Windows.

Users who have seen Morto infections are reporting in Windows help forums that the worm is infecting machines that are completely patched and are running clean installations of Windows Server 2003.

“In a new windows 2003 R2 server, I’m noticing every few minutes, svshost.exe [sic] is opening a ton of outgoing TCP 3389 connections.  I ran an a/v scanner over it and it’s clean.  Can it be hacked already???  has anyone seen this before?,” one user asked in Microsoft’s TechNet forum.

On Sunday, the SANS Internet Storm Center reported a huge spike in RDP scans in the last few days, as infected systems have been scanning networks and remote machines for open RDP services. One of the actions that the Morto worm takes once it’s on a new machine is that it scans the local network for other PCs and servers to infect.

“A few weeks ago a diary posted by Dr. J pointed out a spike in port 3389 traffic.  Since then the sources have spiked ten fold.  This is a key indicator that there is an increase of infected hosts that are looking to exploit open RDP services.” SANS handler Kevin Shortt said in a blog post.

Researchers at F-Secure said that Morto is the forst Internet worm to use RDP as an infection vector. Once it’s on a new machine and has successfully found another PC to infect, it starts trying a long list of possible passwords for the RDP service.

”Once a machine gets infected, the Morto worm starts scanning the local network for machines that have Remote Desktop Connection enabled. This creates a lot of traffic for port 3389/TCP, which is the RDP port,” F-Secure Chief Research Officer Mikko Hypponen said in a blog post.

”Once you are connected to a remote system, you can access the drives of that server via Windows shares like \tsclient\c and \tsclient\d for drives C: and D:, respectively. Monto uses this feature to copy itself to the target machine. It does this by creating a temporary drive under letter A: and copying a file called a.dll to it. The infection will create several new files on the system including \windows\system32\sens32.dll and \windows\offline web pages\cache.txt. Morto can be controlled remotely. This is done via several alternative servers, including jaifr.com and qfsl.net.”

It’s been quite a while since there was a large-scale Internet worm attack. Once upon a time, worms such as Blaster, Code Red and SQL Slammer were all the rage and found success clogging networks with enormous amounts of scanning traffic and other activity. But those kinds of events have become an anachronism as attackers have turned the attention to for-profit attacks.

via threatpost.com

Video gaming is a big topic for web browsers as well as HTML5, but there are few enthusiast gamers who are taking this scenario serious. Can a Joystick API and a 3D Client change the perception?

On Friday I noticed that Google is heavily pushing New Game, a game developer conference that is focused on HTML5-based gaming content – and, of course, content that runs in web browsers. The fact that such an event already exists and that there is game content being developed in HTML5, is quite stunning by itself. However, Google also noted that a sandboxed native client (NaCl) with 3D (in addition to 2D) will be available in Chrome soon, which will allow the browser to connect to traditional C and C++ code via its integrated Pepper API.

Interfacing a web browser with traditional game content that will run under a hardware-accelerated surface is an intriguing concept. A quick look through the Chromium revision log reveals that Google has been very busy over the past three days working on NaCl 3D: the first implementation was announced late Wednesday with Chromium build 98083 and additions/revisions followed with builds 98158, 98169, 98456, 98464, 98504, 98508 and 98534. From what we can tell, the first functional integration took place with build 98508 (released late Friday) when the 3D API was actually included in Chromium (attached via Pepper API.)

There is yet another game-related development, as Chrome developer Scott Graham proposed on the Webkit discussion group to add a JOYSTICK API to Chrome. This API would be intended to allow Chrome to interface with joysticks and gamepads, Graham pointed out that Mozilla is also working on such an idea and noted that a prototype spec is in the works. There is a discussion surrounding this topic, which is centered around the question if this feature should be implemented before there is a W3C draft.

Also, Simon Fraser, a Safari developer at Apple, compared the addition of a Joystick API as a “piecemeal” that may end up as a “horrible mishmash” if such an approach is taken for every input device. He suggested an API that would enable more than just on type of input device and stretch the API to products such as “remote controls” and “assistive devices” as well. Google’s Dimitri Glazkov voiced concern about a W3C draft and speculated that it may take too long for the W3C to react: “[…] I am also sure that “W3C time investment” is a code word for years of soul-sucking bureaucratic drudgery. As such, I don’t think you meant we should be using W3C process as the measuring stick for doing things “right” in WebKit. There would not be WebKit if we did.”

Nevertheless, Scott Graham started a discussion thread on W3C’s website to begin collecting feedback. His post, however, refers mainly to Mozilla’s work and not to Chrome and simply states that Google would like to add a Joystick API to Chrome. There was no W3C feedback to his post at the time of this writing.

Of course, such an idea will live and die with content and the question is whether there will be quality content that calls for such input devices in browsers. HTML5 games today look a lot like flash games and experiments, but it seems as if game developers are already looking into HTML5 as an enthusiast gaming platform that may transform video games into a type of service. For example, Codemasters said that it is developing the Formula 1 racing simulation F1 Online, based on the Unity game engine. F1 Online is scheduled for a Q1 2012 release. Sounds like Google may have a good reason to create such an API.

Imagine this: Chrome and Firefox could be running all your video games in the future through a cloud service. And this could even get more interesting as Chrome could become available on Android in the near future.

Google is going to take over the world.

Here’s something to liven up your weekend: a video of the Raspberry Pi running Quake 3. We’re still working on ironing a few kinks out (specifically, there seems to be a library issue which means our framerate, while good, isn’t quite as spectacular as we know it can be; we’re working on it as I post this) – but this is what test boards are for, and we’re making great progress getting the boards running smoothly.

I know some of our forum members are interested in building custom cases for your own Raspberry Pis, and have been asking about the heat that the board generates when it’s working hard. We feel you should be fine with the sort of thermoplastic cases that some of you are hoping to make using 3d printers: the chip doing all the work in this clip was still under body temperature after I’d filmed this demo four times, and feels surprisingly cool to the touch. This is also, of course, great news for power consumption. I hope that some of you can come to one of the conferences we’ll be participating in over the next few months (details will appear here on the blog and on the forums later when we’re confirmed) and have a look for yourselves.

Obviously, the Raspberry Pi isn’t intended as a gaming platform, but it’s very satisfying to let the Broadcom BCM2835 application processor off the leash (yes, I’m allowed to give you the part number now) and see what it can do in this sphere nonetheless. As Eben notes in the clip above, we’re hoping to show you a video of a bunch of us playing Q3 Deathmatch on some networked Raspberry Pis in a few weeks’ time – just because we can.

via raspberrypi.org

Wow. Pretty impressive for a tiny chip.

English has never been one of my strong points (as is fairly obvious by reading my blog), so my latest side project might surprise you a bit. Inspired by the results of tarsnap’s bug bounty and the first pull request received for a new project(slashem - a type safe rogue like DSL for querying solr in scala) I decided to write a bot for github to fix spelling mistakes.

The code its self is very simple (albeit not very good, it was written after I got back from clubbing @ JWZ’s club [DNA lounge]). There is something about a lack of sleep which makes perl code and regexs seem like a good idea. If despite the previous warnings you still want to look at the code https://github.com/holdenk/holdensmagicalunicorn is the place to go. It works by doing a github search for all the README files in markdown format and then running a limited spell checker on them. Documents with a known misspelled word are flagged and output to a file. Thanks to the wonderful github api the next steps is are easy. It forks the repo and clones it locally, performs the spelling correction, commits, pushes and submits a pull request.

The spelling correction is based on Pod::Spell::CommonMistakes, it works using a very restricted set of misspelled words to corrections.

Writing a “future directions” sections always seems like such a cliche, but here it is anyways. The code as it stands is really simple. For example it only handles one repo of a given name, and the dictionary is small, etc. The next version should probably also try and only submit corrections against the conical repo. Some future plans extending the dictionary. In the longer term I think it would be awesome to attempt detect really simple bugs in actual code (things like memcpy(dest,0,0)).

You can follow the bot on twitter holdensunicorn .

Comments, suggestions, and patches always appreciated. - holdenkarau (although I’m going to be AFK at burning man for awhile, you can find me @ 6:30 & D)

via blog.holdenkarau.com

This is pretty cute.

English has never been one of my strong points (as is fairly obvious by reading my blog), so my latest side project might surprise you a bit. Inspired by the results of tarsnap’s bug bounty and the first pull request received for a new project(slashem - a type safe rogue like DSL for querying solr in scala) I decided to write a bot for github to fix spelling mistakes.

The code its self is very simple (albeit not very good, it was written after I got back from clubbing @ JWZ’s club [DNA lounge]). There is something about a lack of sleep which makes perl code and regexs seem like a good idea. If despite the previous warnings you still want to look at the code https://github.com/holdenk/holdensmagicalunicorn is the place to go. It works by doing a github search for all the README files in markdown format and then running a limited spell checker on them. Documents with a known misspelled word are flagged and output to a file. Thanks to the wonderful github api the next steps is are easy. It forks the repo and clones it locally, performs the spelling correction, commits, pushes and submits a pull request.

The spelling correction is based on Pod::Spell::CommonMistakes, it works using a very restricted set of misspelled words to corrections.

Writing a “future directions” sections always seems like such a cliche, but here it is anyways. The code as it stands is really simple. For example it only handles one repo of a given name, and the dictionary is small, etc. The next version should probably also try and only submit corrections against the conical repo. Some future plans extending the dictionary. In the longer term I think it would be awesome to attempt detect really simple bugs in actual code (things like memcpy(dest,0,0)).

You can follow the bot on twitter holdensunicorn .

Comments, suggestions, and patches always appreciated. - holdenkarau (although I’m going to be AFK at burning man for awhile, you can find me @ 6:30 & D)

via blog.holdenkarau.com

This is pretty cute.

via gplus.com

via richpearson.posterous.com

Editors Note: This is a guest post written by Geoff McQueen, the cofounder of AffinityLive, a business management platform for professional services. McQueen recently moved to San Francisco from Australia.

Who doesn’t get excited about the consumer web? Google, Facebook, Twitter, Zynga, Foursquare. Billions in revenue, Hollywood movies, overturning indistries, and curing boredom. So it is natural then as a startup entrepreneur that you’d first think about doing a consumer web product. But as someone who’s been a tech entrepreneur for a decade outside the Valley, the one thing we’re not told is that unless you’re in one of four or five places on the planet, you’re almost certainly doomed to fail in the consumer web.

Why? Because consumer web plays, for all their allure, require two ingredients you’re not going to find in Sydney, Vancouver, London, Johannesburg, or pretty much anywhere else: they need big markets and big money.

Big Markets

In the United States, if you want to reach a million users in a consumer play, you need to convince one in 260 people to use your product. In China, you’ve got to get just under one in 400 people to get on board. But if your startup is pitching to users in the UK, you’ve got to achieve more than 5 times the penetration of the US. The same goes for France—it might be close to the UK, but as a market it might as well be in another galaxy. Germany is only slightly better. And in my homeland, Australia, you’ve got to achieve almost 20 times the penetration as in the US—to get to a million users, you need to be able to convince 5 people on that bus you caught to the city to use your product—profitably, and scalable across the entire market.

Given that the economics of most consumer web plays are based on selling access to an audience, if you’re not in a big market, you’re pretty much screwed. Which is why unless you are in Silicon Valley, New York, Shanghai, Mumbai or perhaps São Paulo the deck is stacked very much against you.

Big Money

If the consumer web requires big scale, achieving scale requires big money. Sure, the cloud and lean startup principles have cut the capital requirements a lot, but to succeed you need to get to millions of users, with dozens or hundreds of staff, with little to no real income (since your users aren’t paying you).

Most venture money isn’t dumb, so if you want to raise consumer web funds, you’ll need to head to one of the handful of places in the world to get it. This isn’t a bad thing—it is just reality. Entrepreneurs all over the world bemoan how hard it is to raise capital, yet we are reading constantly about the bubble.

Of course there’s an exception here if you were to create the next Facebook, Twitter or Foursquare and grow it virally, but that’s really a one in a million shot on its own, and even those companies required serious levels of funding to scale before they were able to pull in revenue.

The Alternative

Of course, the most obvious solution to this problem is to move to one of the few places in the world where you stand a chance of building a consumer web business. But it isn’t possible for every entrepreneur in the world to do that, and places like Silicon Valley have their own pitfalls, like trying to hire an engineering team when Google, Facebook and others are waging a war for talent.

If you’re thinking about what to do for your next venture, my opinion is that you are better off looking to businesses as your users. Here’s why.

Businesses Spend Money

The biggest reason why business customers make a great market for your startup is that they have money, and aren’t afraid to spend it to solve a real problem. There are lots of unsolved problems in business today in areas such as sales, marketing, finance, operations, management and more where technology can be disruptive and highly valuable.

As we all know, consumers have pretty tough expectations of value when it comes to parting with money—one of my favorite consumer services, TripIt, costs less for a year than the price of the cab to the airport for one flight, and still a very small minority of people pay.

On the other hand, businesses have a stronger ‘investment’ mentality when it comes to their decision making. The nexus between money spent and value received is still largely intact, and if a business finds an online product or service valuable and starts to rely on it, not paying for it can make them worry that it is unreliable or going to disappear on them without notice.
A target market with problems that need solving and a willingness to pay doesn’t necessarily mean there’s an opportunity for startups.  Tech giants like Microsoft, Oracle, HP, Adobe and many others have massive advantages of incumbency over new, smaller, emerging players. But changes in the expectations of businesses—thanks ironically to the consumer web—are making it much easier for a startup to take on the big boys.

Innovation Expectations

While the power of incumbency and size might be true for the big corporates, in the small and medium segment—which is a much bigger market—there’s an opportunity to run circles around the big guys. With the possible exception of SalesForce, almost all of the incumbents are hamstrung by bloated and high-cost sales models, monolithic, bureaucratic product development and release cycles, and in many cases the innovators dilemma.

While saying they can’t move as fast as a startup is a truism, what matters is whether their customers want them to move faster. And in my experience, they absolutely do.
Business people are consumers too, and they’re being spoiled by the pace of innovation they’re experiencing in their personal lives. The smartphone wielding-CEO, who adopted Facebook without “training” and “change management”, and who uses Skype to talk to his travelling daughter, is the norm, even if he or she still types with two fingers. Business people like this aren’t happy to wait 18-24 months for the next major release from Microsoft or Oracle to catch up with personal tech they’ve been using for a couple of years already.

These new expectations about the pace of innovation are making it much easier for startups to compete.

New Distribution Platforms

All of this sounds good, but aren’t business web plays expensive too? You’ve got to build sales, marketing and distribution, which surely costs a ton, right? Not necessarily. There are an increasing number of emerging platforms for the business web which are helping startups scale without the traditional enterprise sales and marketing costs.

The Google App Marketplace and Salesforce App Exchange as distribution platforms are making it easier for developers and startups to connect to markets in the same way the mobile markets do. They make going to market at scale more affordable than ever.

Additionally, the disruptive effect of the Cloud technology and SaaS business model has meant value added resellers (VARs) around the world are having to rethink their business models. Smart ones are basing their businesses on consulting, support, and training rather than just selling licenses at a margin; the lower prices and subscription revenue model means VARs can’t survive just by clipping the ticket on a sale.

The smart VARs are actively looking to develop partnerships with startups so they can offer their solutions to clients. For a startup, this provides the opportunity to distribute their services and cultivate the kind of face-to-face sales and support network many businesses want in a very fast, capital efficient way.

What about mobile?

In some ways, mobile apps have more in common with business web plays even though they’re mostly targeted at consumers. Users are conditioned to pay for apps. Often they’re solving a problem, whether it be productive or entertaining. Mobile of course has built-in distribution, which is why we’re seeing so many successful mobile plays from outside the traditional startup hubs; Rovio from Finland, Firemint from Melbourne and dozens more examples bear this out—geography doesn’t have to be as much of a disadvantage in mobile either.

The consumer web, with its bigger markets and consumer appeal will of course continue to get most of the headlines, particularly in the techo chamber of Silicon Valley. But while we’re obsessing about the next social location photo platform, companies like Australia’s Atlassian, Chicago’s 37 Signals, London’s Huddle, New Zealand’s Xero and hundreds of others will keep booking hundreds of million in revenue from business customers all over the world. Which is why I encourage you to look to businesses as your market when you’re doing your next startup.

Photo Credit/Flickr/eleaf

via techcrunch.com

Here’s the very first announcement from Linux Torvalds revealing an operating system called Linux that won’t be “big and professional like gnu” (see the mailing list thread here):

From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds)
Newsgroups: comp.os.minix
Subject: What would you like to see most in minix?
Summary: small poll for my new operating system
Message-ID: <1991Aug25.205708.9541@klaava.Helsinki.FI>
Date: 25 Aug 91 20:57:08 GMT
Organization: University of Helsinki

Hello everybody out there using minix -

I’m doing a (free) operating system (just a hobby, won’t be big and
professional like gnu) for 386(486) AT clones. This has been brewing
since april, and is starting to get ready. I’d like any feedback on
things people like/dislike in minix, as my OS resembles it somewhat
(same physical layout of the file-system (due to practical reasons)
among other things).

I’ve currently ported bash(1.08) and gcc(1.40), and things seem to work.
This implies that I’ll get something practical within a few months, and
I’d like to know what features most people would want. Any suggestions
are welcome, but I won’t promise I’ll implement them :-)

Linus (torvalds@kruuna.helsinki.fi)

PS. Yes – it’s free of any minix code, and it has a multi-threaded fs.
It is NOT protable (uses 386 task switching etc), and it probably never
will support anything other than AT-harddisks, as that’s all I have :-(.

It’s strange to think that it’s been around that long now. Windows was released in 1985 and Mac OS in 1984. I wonder what 6 or 7 more years will do for Linux and the various desktop environments…

via thelinuxdaily.com

Oh, how far we have come along.

How much would you pay for a piece of imaginary real estate? Anshe Chung has made millions renting it. Maybe your investment portfolio needs to include more fake property. A decade ago Ailin Graef was just another player in online games with a virtual avatar named Anshe Chung. Now the young entrepreneur’s China-based company manages online video game property worth millions in US dollars. How? In some online worlds, like Second Life, in-game currency (in this case, Linden Dollars or L$) can be sold for real money. Ailin/Anshe started making virtual money by designing and selling virtual fashion items for her fellow avatars. She leveraged that into virtual real estate investments. Today, Anshe Chung Studios has 80+ employees managing thousands of rental properties, helping design new 3D virtual chat rooms, and making tons of money on virtual to real currency exchanges. Anshe was the first person whose virtual property exceeded a real world value of 1 million dollars, and Anshe Chung Studios is perhaps the single largest third party developer of virtual property ever. Hers is a model for a new kind of online mogul: not one who makes the games, but someone who works inside the system to make a killing. Anshe Chung is a digital life mogul. Who wants to be next?

Anshe Chung is the online persona of Ailin Graef, world’s first virtual millionaire and a developer of digital property.

Each online video game has its own way of handling currency. Some just give you points, some allow you to perform repetitive tasks to earn coins, and many will allow you to trade virtual goods and currency back and forth. The true goldmines (so to speak) are those games where the currency can be exchanged for real world money. Second Life allows its users to readily exchange L$ for US dollars or Euros, etc. Entropia actually sets the rate to a fixed amount. Either way it means that the activities you do in the video game can translate to an actual income. Some people, like Graef/Chung see that as an opportunity to make a fortune.

Graef started off in mid 2004 designing small scale animations/styles for virtual fashion. “Give me a few fake bucks, I’ll give you this nifty alternate design for a normally bland accessory.” (Something like that.) Anshe Chung Studios continues to make customized goods you can buy to dress your avatars in several online worlds.

Here’s what 21,000 L$ (about $80) per week can get you. Not a bad island, even if it is virtual.

Once you start accruing virtual currency, however, investment opportunities outside of fashion begin to arise. In some virtual worlds, like Second Life, you can buy land to modify and develop. That’s what Graef did, and soon “Anshe Chung” was managing vast tracts of land in Second Life. And the scope of that real estate continues to expand. Today you can go to Azure Islands, some of the custom built and designed landscape built by Anshe Chung Studios, and get yourself your own parcel to rent starting at around L$ 821 or $3 USD per week. The really fancy plots go for as much as 13000 L$ a month (about $50), and the prices just keep going up from there (check out the picture to see what $80 a week will buy you). Anshe’s tenants may simply want a fancy place for their avatars to live online, or they could be more business minded. Virtual dance clubs and other meeting places can draw in good business by having the right landscape and design. It’s not just Second Life selling to Anshe Chung Studios who’s selling to users. There are many more tiers in the economy as everyone in Second Life, Entropia, IMVU and the other online worlds find places to live their virtual lives.

Online real estate is just the beginning. AnsheX is a virtual currency exchange. Do you have USD but want Linden dollars? AnsheX will sell you some. Same for Euros and PED (the currency for Entropia) or IMVU credits and Hong Kong dollars. While AnsheX rates are pretty close to the going rates, they make real world money on each purchase. Customers are willing to buy and sell at slightly disadvantageous rates because they can get the currency in 24 hours or (much) less rather than having to barter or arrange their own deals by hand.

So, you’re a fashion mogul, a real estate developer, and a banker – what’s next for your virtual empire? You might as well step behind the video game. Anshe Chung Studios is one of the major partners with a hand in Frenzoo, a social network and online chat program based in Hong Kong. Create an avatar, spend money (or time or both) dressing them just right, then go and meet other avatars and chat. Frenzoo has a pretty standard formula for success. IMVU is similar and has 50 million+ users and six million items up for sale. Catch the demo video for Frenzoo below and judge for yourself whether it has the same potential:

We’ve certainly seen people make real money on virtual property before. A single piece of territory sold for $635,000 not too long ago. What makes Ailin Graef and Anshe Chung Studios different is that their endeavors highlight the diverse paths one can take to gaining wealth by augmenting the way people play online games. The appearance of avatars, the design of locations, and the facilitation of trade are three big virtual markets and Anshe is tapping them all.

Talk about expanding markets - did we mention that many of these virtual worlds, like Frenzoo, are going mobile?

I also marvel at the value of the secondary markets that Anshe represents. If the actual producers of these virtual spaces are the ones reaping in billions of dollars (as Blizzard is with World of Warcraft) there’s still hundreds of millions to be made as players trade not with the owners, but with each other. Most of those business deals are probably going to be small – probably for virtual property valued at less than $1, but when you multiply that by millions of items for sale and tens of millions of regular users…that’s a lot of cash. The efforts of Anshe Chung Studios exemplifies how these games constitute real economies. Er, virtual economies. Or real virtual economies – look, you get the idea, these games are real revenue generators. Graef accrued a million dollars worth of online wealth way back in 2006. Others have followed and it looks like the future could support a wave of new VR moguls who build their riches on nothing but digital living.

Which isn’t to say it isn’t all some elaborate bubble. After all, when you buy Linden dollars, or an island paradise, or a new broach for your avatar you aren’t owning anything physical. Some day the entire affair could come crashing down. Imagine if people suddenly lose interest in a simulated environment because a new and better one arrives. Your investments could turn out to be worthless.

The same could be said of any investment on Earth.

Take a good long look at the multi-tiered empire Anshe Chung has built, and think of all the people it took playing those games to help her build her fortune. Those millions of players represent a growing part of our population. As online living continues to gain ground, the virtual economies (however temporarily) will thrive as well. There’s money to be made in those digital hills. Ailin Graef was the first virtual millionaire. The first billionaire could be right around the corner.

via singularityhub.com

Like some sort of archangel descended from internet heaven, Google has bathed Stanford University in glorious high-speed goodness as part of the beta test of their new gigabit fiber network. Since the program was announced, the service, which is now being provided free to students and faculty in the Palo Alto area, has caused a lot of people to ask (sometimes beg) that their city be next on Big G’s list for communication salvation. But can Google save us all from crappy internet? And more importantly, is it a good idea to let them?

Jealous?

As it stands, the broadband situation in the United States is pretty dismal, and it’s the big telecoms, cable companies and the federal government who are to blame. Because companies like AT&T, Verizon and Time Warner Cable aren’t sharing the overwhelming majority of American copper wiring that they currently own, costs stay high and speeds stay slow. If you ever wondered why our friends in Europe enjoy blazing-fast internet at a fraction of the cost we pay here, it’s because their governments force the companies to offer shares of this portion of internet tubes — typically known as the last mile — to smaller companies at an affordable cost.

In the UK, for example, British Telecom (BT) used to be the ones dominating the last mile. But the government stepped in and now there are hundreds of providers offering high-speed broadband at insanely low costs. Competition steps in, BT gets money for the use of their copper, and everyone wins.

Engadget’s Rick Karr explains:

(Watch More: Our interview with FTC Advisor and Net Neutrality advocate Tim Wu on information empires)

Google’s mission is different: Instead of working to reform the American duopoly system, they’re building their own network of high-speed fiberoptics—technology that is several times faster than regular old copper networks. But before you get too hung up on dreams of liberation, remember that Google is calling this “an experiment.” They want to find out how these networks can be deployed and how they can empower the next generation of web apps. And while it’s possible this might expand into a kind of 3rd choice for American broadband users, letting Google have the reins may or may not be a great idea.

It really all boils down to how much you’re buying Google’s “don’t be evil” mantra. If any company similar to them were to do this, it would likely attract a lot of backlash from net neutrality advocates, who know well the abuses that can occur when marrying ISPs with content. Google’s current stance seems content on offering fiber through a large number of providers. But considering the absurd lobbying pressure exerted by big telcos and Google’s tendency to cave at the first sign of opposition, there’s no telling whether their mission to restore balance (if that even is their mission) will survive under future policy.

via motherboard.tv

IDG News Service - Twitter is slowly turning on automatic encryption on its website, a move following other major providers of web-based services to thwart account hijacking over wireless networks.

Twitter has offered an option for users to turn on SSL (Secure Sockets Layer) encryption, but said on Tuesday that it will turn the feature on by default for some users. It did not indicate when the option would be turned on by default for all users.

SSL encryption, indicted by “https” in the URL bar and sometimes a padlock in the browser window, is an encryption protocol used to protect communication between a client and a server. It is important to use because unencrypted information passed over wireless networks can be intercepted.

Many websites encrypt a person’s login and password but will stop encrypting further data that is transmitted. A reason for not using SSL throughout a session is that it can occasionally slow interaction between the user and website.

Last year, a freelance web application developer named Eric Butler released Firesheep, an add-on for Firefox that snatches cookies transmitted on unencrypted networks. Web sites drop a cookie, or a small data file, into a person’s Web browser while they are logged into a session. Cookies are also used to “remember” people and keep them logged into the website.

Firesheep used an technique that was well-known but made it very easy for novice hackers to grab cookies and immediately log into a website as another person with just two clicks, known as session hijacking. If Firesheep detected someone logging into say, Facebook, on an open wireless network it would display their photo and name, which could be clicked in Firesheep, hijacking the person’s account.

SSL would thwart such an attack since the cookie would encrypted. Other websites have started to step up their security as well. Facebook allows people to turn on SSL for a person’s entire session in the “Account Settings” under “Security.” In January 2010, Google turned on SSL for everyone using Gmail by default.

via computerworld.com

MIT researchers have devised a protocol to flummox man-in-the-middle attacks against wireless networks. The all-software solution lets wireless radios automatically pair without the use of passwords and without relying on out-of-band techniques such as infrared or video channels.

Dubbed Tamper-evident pairing, or TEP, the technique is based on understanding how man-in-the-middle attacks tamper with wireless messages, and then detects and in some cases blocks the tampering. The researchers suggest that TEP could have detected the reported but still unconfirmed cellular man-in-the-middle attack that unfolded at the Defcon conference earlier this month in Las Vegas.

TEP was devised by a quartet of MIT researchers: Shyamnath Gollakota, Nabeel Ahmed, Nickolaik Zeldovich and Dina Katabi, all with the Department of Electrical Engineering and Computer Science. Their research paper, “Secure in-band wireless pairing,” was presented at the recent Usenix Security Symposium and MIT has its own story about the research online. 

The group says TEP can be used to protect communications between devices, or between devices and base stations or access points, for any type of wireless connection.

Today, two wireless devices create a secure channel by swapping cryptographic keys, typically using what’s known as the Diffie-Hellman Exchange. DHE is a cryptographic protocol designed to let two parties who don’t know each other agree on a shared secret cryptographic key over an unsecured channel. Then, they use the key to encrypt their exchanges. (More on recent recognitions for Whitfield Diffie and Martin Hellman)

But Diffie-Hellman suffers from a well-known problem: An attacker inserts himself between the two parties and, for each one, pretends to be the other, sending each one his own Diffie-Hellman message. Both parties end up sharing their secret key with the attacker, who then has full access to the communications between them.

Passwords can be used to block such attacks, but there are problems. On public networks, users often have the same password. Other networks are protected with very weak passwords, or with none at all. Some use such standards as the Wi-Fi Alliance’s Wi-Fi Protected Setup or Bluetooth’s simple wireless pairing, a kind of push-button approach to secure connections. But these, too, are based on the Diffie-Hellman Exchange and remain vulnerable to the man-in-the-middle attack.

Another solution is to use “non-wireless” or out-of-band channels, such as audio or infrared, to authenticate and secure the channel. But these, the researchers say, can be costly and hard to adapt to small, resource-constrained wireless devices.

TEP begins by analyzing how an attacker mounts a man-in-the-middle exploit: In every case, the researchers say, the attack involves tampering with wireless messages. The researchers say they’ve identified these tampering techniques and can detect when they’re being used. “Since we can [now] detect tampering, we can [now] trust messages which are untampered with,” according to the group’s Usenix presentation.

An attacker can tamper with a wireless message in three ways: by altering a message sent by one party to match his own Diffie-Hellman key; by hiding the fact that Party A has sent a message at all; and by blocking a message from being sent. TEP is designed to defang each of these tampering techniques.

It does this by compelling Party A to follow its message transmission with another: a pattern of energy “pulses” and “silences.” Party A’s wireless radio computes a hash of the original message, creating a sequence of ones and zeros. For each one, the radio sends a random packet; for each zero, it sends nothing — it’s silent. This combined pattern is unique to the original message.

If the attacker alters the contents of Party A’s message, he, too, has to follow up with a new “silence pattern” that corresponds to the altered contents. But the two silence patterns will be different: The attacker “cannot generate silence” from Party A’s “one bits.” Party B can detect that difference and in effect refuse the connection offered by the attacker.

The second type of tampering is when a man-in-the-middle attacker hides Party A’s transmission simply be sending its own packets and creating a collision with it. Party B sees this as a known and common event and ignores the attempted transmission by Party A.

TEP counters this by adding an unusually long, and random, synchronization packet to Party A’s transmission. The packet length in effect causes it to “stand out” as not being a collision. Party B looks for these unusually long energy periods and treats them as an attempt by another party to pair with it. The attacker can’t hide it by generating collisions, and if he sends his own long packet, Party B can detect it as an “unusual message.”

The third tampering technique involves an attacker blocking transmissions by occupying continuously the radio channel, in effect, not giving Party A the chance to “talk” to Party B. TEP counters this by having Party A’s radio time out after a known interval and transmit its message even if the channel is occupied.

“Thus we have a [transmit] message which can’t be altered, hidden, or prevented without being detected at the receivers,” say the MIT researchers.

But there’s a potential flaw in this approach, as they note: TEP uses silent periods to authenticate communications. Other Wi-Fi devices listening on the channel would assume the silences mean the channel is open, and attempt their own transmission in keeping with the 802.11 protocol. To prevent this, TEP uses an optional mechanism in 802.11, called “clear to send” or CTS, which is a frame that reserves the channel for a given transmitter. Other Wi-Fi devices seeing the CTS frame would hold off on transmitting until Party A completes its hash transmission.

Having created this “tamper evident message,” the MIT team created a protocol to implement it as part of setting up a secure wireless pairing between radios, riding on top of the push-button technique adopted via the Wi-Fi Alliance. Party A sends out a request message using the TEP primitive; Party B must reply using the same primitive within 120 seconds. If Party A receives only one reply in that time frame, and via TEP detects no tampering, the pairing goes forward.

But if an attacker tries to insert himself between the two parties, two things can happen to frustrate his attempt. First, Party A sees two replies to the original request, one from Party B and one from the attacker, and refuses to connect. Second, if the attacker tries to tamper with the Party B’s reply message, TEP lets Party A detect the tampering and, again, refuse to connect.

The researchers streamlined this entire process of exchanging tamper-evident messages in order to set up a secure channel. They say that the hash and the longer synchronization packet add less than 23 milliseconds of overhead to the transmission.

John Cox covers wireless networking and mobile computing for Network World.

via networkworld.com

Barriers

Every single one of us will face barriers that, at some point, will seem insurmountable.  In that moment we strive to find meaning, we may even scream out why?  In that moment we may see the universe through the eyes of what we do not have.  Through these eyes we can be led on to a trail that does not move us forward but perhaps backwards.  The barrier is all but a perspective.  It is a point of view we have come to believe and will certainly find the evidence and justifications to make it so. This is part of the Human experience we all share.

There is another side to this experience.  Not so very long ago, just a few thousand years ago, in those darkened caves you and I listened and told stories to our clan.  We created systems to relay experiences, real or imagined, as a way to not only cope with a world we could not understand, but to become closer to the very things we feared.  We all instinctively built these systems to face the barriers we perceived; just around that grouping of rocks, just over that hill and just across that ocean. Some of these stories are still with us, weaved with complex analogies and symbolism.  Some of this has been filtered in a diluted form as myths, legends and fairy tales. In undiluted form they are far more.

The construct in our minds that we call a barrier at times creates such fear that we actually cling to the very thing that is stopping us, the barrier itself. And thus we can become frozen with the justifications.  But just like those stories we all shared in our very ancient caves, today we have the same systems, but perfected to the level of delivering the real experience.

Meet Nick Vujicic

Nick Vujicic is as real as it comes.  When you meet him for the first time you must confront a mix of feelings that are impossible to describe.  Coming at you in quite a number of directions are realities about how you may have viewed the world and yourself.  

• http://www.attitudeisaltitude.com/