Nothing disappoints me more about the evolution of the personal computer than the PC's lack of ubiquitous security.
There's no technical reason why PCs can't provide strong security. Improving security costs money, which provides a business reason not to do it, but the way I see it, the costs associated with insecure computing have long since eclipsed the costs of making systems more secure.
It's also true that there's always a way around any layer of protection, which is sometimes taken as another argument against improving security. As the argument goes, you have to be able to access your own data; if someone else wants access, they can always force you to get it for them.
But that's like saying that because anyone can force you to unlock your front door, you shouldn't have a lock on it.
The right answer, I think, is to seek the point at which the security of a system establishes a balance between the costs and inconveniences of providing the security and the risks of having the security violated. In my opinion, the PC is nowhere near that point.
We need several key security improvements in the personal-computing experience:
Secure storage
To my way of thinking, security starts with secure storage. I assume most of us have sensitive information on our PCs. Since PCs can be stolen or attacked while nobody's watching, we need a way to protect our information. "Storage" in this context can include hard drives, the PC's main memory, and even removable media like USB drives and DVD-ROMs.
Properly done, storage security can be almost invisible. It shouldn't take much more than entering a password to unlock the storage device; for extra security, you could be required to use some kind of security token. But once you're in, and as long as you remain physically present, your machine can operate normally.
The same weaknesses that contribute to unreliability (see my earlier post, "Wrapping up Speeds and Feeds, part 2: Reliability") make PC storage insecure. Recent history shows how vulnerable PCs are to malware. Once a malicious program is in your machine, it can find personal data in memory or on disk and send it over the Internet to the attacker. Reliable execution can be associated with secure execution, and that's a good thing too.
Hardware can create security holes, too. The IEEE 1394 peripheral interface (also known as FireWire and i.Link) is a notorious weakness. It can provide unlimited access to system memory and, indirectly, all connected storage devices, even those configured with full-disk encryption.
Strong process and object isolation--the same techniques I recommended to improve reliability--can help improve storage security, too. These methods apply directly to memory security, and by extension, to mass storage.
Secure communication
Because most of the data on our PCs arrives there from somewhere else, communications security is also important. I remember being disappointed in the late 1980s that emerging Internet e-mail standards did not allow for secure e-mail, but I assumed that this omission would be quickly rectified.
When Phil Zimmerman's Pretty Good Privacy arrived a few years later, I figured it was only a matter of time before all Internet e-mail was encrypted by default.
But some of the critical technology, notably the RSA public-key cryptography algorithm, was patented and not really available at consumer-friendly price points. When the RSA patent was released to the public domain in 2000, I figured the end of insecure e-mail was finally in sight.
But here we are, eight years later, still waiting.
It wouldn't take much for someone to introduce a mainstream e-mail service that is secure by default. Apple, for example, could provide almost invisible security for MobileMe e-mail using nothing more than the existing open standards created for that purpose. Any e-mail provider could do the same thing. What are they waiting for?
In fact, there's no longer any technical or commercial barrier to cryptographic protection of all of our Internet communications. Every Web server could provide HTTPS support in preference to standard HTTP, but very few allow this. Almost every insecure Internet protocol has a secure alternative, but most of these are not well-supported.
This lack of security is quite serious and quite expensive. Many credit card theft rings have intercepted card numbers being transmitted over Wi-Fi networks. Many individuals have fallen victim to identity theft because someone intercepted their traffic on public Wi-Fi networks.
There are ways for individuals to protect their Internet communications. One is to use VPN (virtual private network) software, which is built into most PC operating systems these days. Until consumer ISPs provide VPN endpoints for their customers to use when away from home, however, this option is mostly limited to business users. Also, a VPN only protects traffic between you and the other end of the VPN connection; from there to whatever Web sites or other services you access, your connections are not covered by the VPN.
Secure identification
Many sites on the Internet require some form of log-in before giving access to personal information. This process is separate from the communication method itself.
HTTPS, for example, doesn't require any kind of user identification; it just protects a single session. VPNs protect the link from the user's machine to some remote site, but in themselves don't usually give access to systems at that site.
Ideally, the remote system should be convinced who the user is, the user should be convinced what system is being accessed, and the whole process should be strongly secured by open industry standards.
Alas, that isn't how it works.
Most Web sites use their own authentication systems, requiring users to keep track of a separate set of log-in credentials for every secure site they visit. Although there are a few open standards for this purpose such as OpenID, they are nowhere near universal.
Few Web sites provide any way for the user to authenticate the site itself. The Extended Validation Certificates offered by some certificate authorities help a lot, though they are relatively expensive and not easy to get. Modern Web browsers recognize these certificates and turn the address bar green to indicate that the site certificate matches the displayed address.
These certificates still don't provide a direct negotiation between the user and the server based on some previous agreement, however, so there are still some risks involved, such as users mistyping domain names and getting a site masquerading as the one they intended to reach, or having the server taken over by malware.
While it's entirely appropriate for many servers to know exactly who their users are, I also think there are times when users should be entitled to some privacy. Just as there are multiple levels of identification, there should be multiple levels of anonymity.
The details of this option can get a little tricky. I think it ought to be possible to have a Web site for government oversight, for example, where whistleblowers can participate with almost complete anonymity. Of course, such a site could become a magnet for libel, and that wouldn't be useful.
A more practical kind of anonymity is already practiced by many Web sites, where user credentials are accepted uncritically but access logs can still be used to track down the IP addresses of users who violate the site's terms of service (or the law). This is fine, as far as it goes, but it isn't really secure anonymity. It can be fairly easy to associate an IP address with a name depending on the user's other online habits.
There are anonymizing services available online that can act as go-betweens to protect against this kind of investigation, but these services can also provide cover for libel, and again, that isn't very useful.
I think there's room for a new open standard to anonymize Internet communications in a way that is secure against casual investigations yet fully accountable if abused.
Security is a big topic, of course, and I've really just scratched the surface here. (Not to mention the risk of oversimplifying some important issues.) Suffice it to say that there's plenty of room to make personal computing far more secure, and that this improvement is, in my opinion, long overdue.
Personal computers have become much more reliable over the last 10 years or so, mostly due to the introduction of advanced operating systems with memory protection and hardware abstraction. The hardware itself has gotten better too; uncorrectable random errors are rare in PCs and extraordinarily rare in server-class systems.
These and other improvements have largely eliminated machine crashes. Blue-screen errors on Windows and kernel panics in Linux and Mac OS X still occur, but much more rarely.
Error-reporting services have become common, helping software developers figure out what went wrong. Most large developers now issue regular patches to fix newly discovered bugs, making systems more reliable between major releases.
All this progress is wonderful, of course, but our PCs still aren't reliable in the way that other consumer products are reliable. Machine crashes are still possible, and any bug can bring down an individual application.
Automobiles, for example, can fail in many ways, but they are still much more reliable than PCs. The risks associated with vehicle failures have been greatly reduced by decades of design refinements. Would you feel safe if PC technology controlled the steering and brakes in your car? Conversely, wouldn't you be more confident in your PC if you knew it was as reliable as your vehicle?
Can you rely on your system to display this 370-megapixel image?
(Credit: European Southern Observatory (ESO))PCs are also fragile in response to change. I know I'm always a little nervous the first time I install a new device driver or run a new application. Even without software changes, opening an unusually large image can induce some trepidation. Consider this 370-megapixel image of the Lagoon Nebula available from the European Southern Observatory Web site; how confident are you that all of your image-viewing programs would survive the attempt to open it?
And worst of all, PCs are fragile in response to attack. The kinds of problems that are sometimes created accidentally by software bugs are relatively easy to create on purpose.
Minimizing the frequency and consequences of these problems would require tremendous effort from everyone in the industry. Almost every bit of PC hardware and software would have to change. One part of the solution is an extension of the same techniques that make today's PCs more reliable than older models: more hardware-based isolation of one function from another.
The minimal isolation of today's systems is very convenient for software developers, making it easier to write code and achieve high levels of performance. More isolation means more complexity and more overhead, but it improves reliability.
Developers are taking the first steps in this direction already, for example, with the process isolation features of the Microsoft Internet Explorer 8 and Google Chrome browsers. But there's much more that can be done.
Another way to improve reliability is to verify that data and addresses are consistent in range and format with the original intent of the software developer before they are used by the program. Making these checks in software can help; the incidence of failures related to accidental and deliberate buffer-overflow conditions has been dramatically reduced in this way. There's plenty of room for new hardware to help in this process too.
There's also work to be done in making it easier to recover from failures, since true hardware failures are inevitable. This is another area where some high-end systems are way ahead of the PC. Fault-tolerant machine architectures have been around for a long time in the aerospace industry, for example.
Historically, fault tolerance has never been practical on the PC because PCs always had only one of each critical subsystem: one processor, one bank of memory, one display channel. Today, PC processors and graphics chips have multiple cores and multiple memory interfaces, creating the potential for redundant operation where it's most needed.
Recoverability also implies backups--not just of the contents of disk drives, but even of the live data in memory through checkpointing. And disk backups can be improved too, by making the backup process an integral part of all disk I/O. Modern file systems use journaling to increase reliability; this technique can be extended to allow recovering from errors long after they occur.
There will be a heavy price to be paid in complexity and performance for all of these techniques, but the currency for this payment is transistors, and Moore's Law gives us more of those in every new process generation. We need to consider how we want to allocate these transistors. Over time, I believe reliability should account for an increasing portion of them.
Mobile data traffic is doubling every nine months, according to Cisco Systems. By 2013, mobile traffic will hit 2 exabytes--2 million terabytes--per month.
For some vendors, the growth rate is even higher. AT&T says its network load has been growing by 4.5x per year for the last two years, in large part (I assume) because of iPhone sales. You may have read about AT&T's pledge to spend over $12 billion this year to expand its wireless and broadband networks, including new 3G spectrum with better coverage and trials of 4G service.
At the Linley Group's Tech Processor Conference this week in San Jose, Calif., we learned what effect this growth is having on equipment makers, especially the companies making the microprocessors that go into network gear.
According to that same Cisco study, the problem goes well beyond iPhones. A 3G-equipped laptop "can generate as much traffic as 450 basic-feature phones" and 15 times the traffic of an iPhone or BlackBerry.
Networks have also gotten smarter, so network processors have much more work to do. Instead of just hundreds or thousands of clock cycles of work per packet on the network, new functions like firewalls, intrusion detection, and antivirus scanning to keep smartphones and laptops safe can require 100,000 cycles of processing on each packet.
Factoring in the growth in the network itself, Michael Coward of Continuous Computing, a company that sells equipment, software, and services to the telecom market, said that network operators need to achieve a 1,200x boost in processing performance between the systems deployed in 2008 and those that will be needed in 2013.
... Read moreHow would you like a single-chip microprocessor with more than four times the performance (on some applications) of Intel's best Core i7?
Then consider that up to 32 of these chips can be directly connected to form a single server, achieving four times the built-in scalability of Intel's next-generation Nehalem-EX processor.
That's IBM's widely anticipated Power7, which it described at last week's Hot Chips conference. But if you're interested, you'd better be prepared to spend a lot more than four times as much per chip. IBM isn't talking about pricing, but large Power servers can cost more than $10,000 per processor.
IBM's forthcoming Power7 server processor has eight cores, manages 32 threads, and includes 32MB of on-chip embedded DRAM cache. Power7 also has the highest levels of off-chip bandwidth ever achieved by a microprocessor.
(Credit: IBM)What makes the Power7 so powerful? Each chip has eight cores, and each core supports four-way multithreading. There's 32MB of level-3 cache on the chip, made using embedded DRAM (eDRAM) cells. Most CPUs use SRAM for cache because it's generally easier to combine with high-performance logic, but DRAMs--with only one transistor per bit--offer compelling density advantages. IBM spent years developing a new kind of eDRAM that would work with SOI (silicon on insulator) manufacturing processes, and the Power7 is the most advanced product to use the new technology.
Interestingly, the Power7 cores run much more slowly than those in the Power6 processor, which I wrote about here in 2007 ("Live from Hot Chips 19: Session 1, IBM's Power6"). The Power6 was designed to run very fast using a long CPU pipeline in order to deliver the highest possible performance on each thread of execution.
Maybe that strategy didn't work out as well as IBM hoped, because the Power7 returns to a more traditional microarchitecture with a shorter pipeline and much lower clock rates--though IBM didn't say exactly what those rates would be.
IBM did, however, promise that the Power7 would be roughly four times as fast as the Power6, chip for chip. Since it has four times as many cores, each of the new slower-clocked cores must still deliver about as much performance as those in the previous generation.
Chip-level performance must always be matched by off-chip connections lest the incoming data or outgoing results be bottlenecked by a too-slow channel. Accordingly, the Power7 is equipped with eight I/O channels for DRAM, each of which connects to an off-chip buffering device that splits the channel into two 64-bit DRAM interfaces. All together, IBM says the Power7 has 180 GBps of DRAM interconnect that can sustain over 100 GBps of effective memory bandwidth.
There's another 50 GBps of peak I/O bandwidth and a staggering 360 GBps of peak bandwidth used to let each Power7 chip communicate with others. The DRAM connected to each chip is thus shared across larger systems.
Combining these figures, IBM says a single Power7 has 590 GBps of total off-chip bandwidth. This isn't the real number, since many of those bytes are used for error-correcting codes and other overhead, but it's still pretty impressive.
So is Power7's die size: 567 square millimeters for 1.2 billion transistors. That's nearly a square inch! IBM says that if the 32MB L3 cache had been manufactured using SRAM, the transistor count would have been 2.7 billion instead.
Still, Power7 wasn't the only high-end chip talked about at Hot Chips.
Rainbow Falls, a record for core count
Sun Microsystems was there to describe its forthcoming Rainbow Falls chip, which I assume will be marketed as the UltraSparc T3. The chip has 16 cores, each of which is reportedly able to manage 8 threads.
Sun's primary Rainbow Falls presentation focused on details of Rainbow Falls' internal and external interconnects; a second talk described the cryptographic coprocessors present in each of the chip's cores. These coprocessors--one for modular arithmetic (commonly used in public-key cryptography) and a cipher/hash unit to accelerate bulk ciphers like AES and secure hash algorithms--provide many times the performance of pure software implementations.
Fujitsu was also at Hot Chips to describe its eight-core, 2GHz Sparc64 VIIIfx processor, the latest in a long series of impressive designs from the company. Fujitsu quoted a peak performance figure of 128 GFLOPS (billions of floating-point operations per second) with a typical power consumption of just 58 watts. It did not, however, provide sustained performance or worst-case power consumption figures.
AMD, Intel vie for high-volume servers
Few of us will have direct exposure to the IBM, Sun, and Fujitsu chips. A pair of presentations from Advanced Micro Devices and Intel described products that will be much more widely available.
AMD launched its six-core Opteron processor code-named "Istanbul" earlier this year (see Brooke Crothers' coverage from June). Next year the company will begin shipping a new Opteron model currently code-named Magny-Cours (after a racetrack in France). Magny-Cours will consist of two Istanbul chips in a single package, with twice as many DRAM interfaces to support the new processor's increased performance.
AMD also teased the audience with another mention of a new processor core design that has been under development there for several years: "Bulldozer," which is now targeted at 32nm process technology. This new core will incorporate new x86 instruction-set extensions which will probably not be adopted by Intel (a strategy that reminds me of AMD's old 3DNow extensions).
But saving the best for last--best, that is, from the perspective of anticipated sales--Intel's talk on Nehalem-EX showed just how far Intel has been able to push the technology envelope for high-volume servers.
Nehalem-EX is an eight-core version of the existing quad-core Nehalem design. The new chip also has 24MB of L3 cache done in old-school SRAM. By my calculations, about 60 percent of the chip's 2.3 billion transistors are in this cache alone.
Nehalem provides four links to external DRAM buffer chips supporting two DDR3 DRAM interfaces each (much like the Power7 solution) and four QuickPath Interconnect links that provide direct "glueless" connections for up to eight-processor systems (64 cores, 128 threads). Intel is also working on an external Node Controller chip for systems with up to 2,048 Nehalem-EX processors.
The aggregate bandwidth numbers for Nehalem aren't as mind-boggling as those for Power7, but they're still far beyond anything available for PC-architecture servers today. Based on the presentation, I estimate Nehalem could boast over 85 GBps of peak memory bandwidth and 100 GBps of chip-to-chip bandwidth, some of which must be allocated to I/O.
I expect the raw number-crunching performance of the Nehalem-EX cores to be roughly on the same level as Power7's cores. The lower ratio of bandwidth to processing power for Nehalem-EX reflects a different design target, not a design shortfall--and most importantly, a much lower selling price. There will presumably be versions of Nehalem-EX priced similarly to existing Xeon MP products, which currently top out at $2,301 each in small volumes, but that's a very reasonable price to pay for the market's most advanced x86 server processor.
As described in an article by CNET's Greg Sandoval yesterday ("Discovery hits Amazon with Kindle patent suit"), the parent company of the Discovery Channel (Discovery Communications) has filed a lawsuit against Amazon.com, claiming that the Internet retailer's Kindle e-book reader infringes Discovery's U.S. patent 7,298,851, titled "Electronic book security and copyright protection system".
I read through this patent in some detail, and honestly, it looks formidable. It was filed in 1999 as a "continuation in part" from patent applications dating back to 1992. Among the prior-art disclosures listed are 52 U.S. patents or applications, 34 foreign patents or applications, and 15 nonpatent publications. It has 171 claims, three of which are independent. Those are all signs of a strong patent.
Just some of the logos of the 100-plus broadcast networks owned by Discovery Communications.
(Credit: Discovery Communications, Inc.)I'm inclined to believe that the eight years of pendency and all that prior art is evidence of a mighty battle between the inventors and the U.S. Patent and Trademark Office--a battle that Discovery Communications eventually won when the patent was granted.
Claim 1 in the Discovery patent is long but reasonably straightforward:
1. A method for encrypting, sending, and receiving electronic books upon demand, comprising: creating a list of titles of available electronic books; transmitting the list of titles of available electronic books; selecting a title from the transmitted list of titles; communicating the selected title to an electronic book source; supplying a selected electronic book corresponding to the selected title to be encrypted; supplying an encryption key; encrypting the selected electronic book using the encryption key; supplying the encrypted selected electronic book; supplying a decryption key; and decrypting the encrypted selected electronic book using the decryption key.
For this claim to cover the Kindle, each step in this process has to be performed by the Kindle, Amazon's servers, or the Kindle's user (as appropriate). There are many steps, but most of them are necessary, or implied by other steps, so the total complexity of this claim isn't really that bad.
I could quibble about some of this claim language, but it does seem to describe the process used by Amazon and other e-book sellers. If that's true (and only Amazon can really say for sure, at this point), Amazon's best hope to invalidate this claim may be to find some as-yet unnoticed e-commerce patent or publication that describes the same process, as applied to some other kind of electronic content, then base an obviousness claim on that, uh, discovery.
The real issue here isn't so much whether this method is or isn't obvious; I think it is. It's that the patent has been examined in light of so much prior art that it has acquired a reasonable presumption of novelty and nonobviousness. Amazon would find it very difficult to say anything in the listed prior art invalidates this patent because the Patent Office has already said it doesn't.
The vast majority of the dependent claims built on Claim 1 are not relevant, and if Claim 1 were invalidated, I doubt that they'd matter. Claims 96 and 129, the other independent claims, are weaker than Claim 1, and it seems less likely to me that they are being infringed, but as always, courts can make unexpected decisions.
I bet we'll be hearing a lot more about this suit because it's going to affect a lot of companies that haven't actually been sued yet, including at least Adobe Systems and Sony, both which seem to use something like this process. Sony sells e-books for its Reader, and Adobe's Digital Editions software may be covered by this patent.
And I'm sure that there must be other companies that should be concerned, though the precise manner in which e-books are sold is crucial in this case, and different companies have different implementations.
One of my quibbles with the patent's Claim 1 is that it doesn't describe the situation in which the e-book itself is pre-encrypted, and the only thing that happens at the time of purchase is encrypting the book's decryption key. That distinction could become a major issue in the lawsuit.
Another quibble is that the claim seems to require that the whole e-book be encrypted with a single key, which may not always be the case. The patent's specification does mention cases in which only a portion of the book is encrypted or decrypted; these mentions, though minor, may also prove significant.
Comments on Sandoval's article point out that e-books and e-book readers were on the market before the 1999 filing date of the Discovery patent application, but that doesn't mean that they used any of the methods described in the patent's claims. For example, they may not have encrypted the e-books. It's also possible that some of those older patent applications, going back to 1992, might establish an earlier priority date for the Discovery patent's claims, though that's less likely.
At any rate, I'll be keeping my eye on this one.
Amazon yielded to the inevitable on Friday when it announced (in this statement) that it would no longer enable the text-to-speech feature on its Kindle 2 e-book reader by default; publishers can make the call.
Instead, publishers may enable the text-to-speech feature on a title-by-title basis, if they believe that choice is in their best interest.
Amazon's Kindle 2 e-book reader
(Credit: Amazon.com)I have been sorely tempted to write a response to some of the factually incorrect and even grossly deceitful pieces I've seen written about this issue since the Kindle 2 was launched, but fortunately, Amazon has made that unnecessary. Nevertheless, there are still a few points worth making.
Amazon's latest statement on the issue opens with a flat declarative statement:
Kindle 2's experimental text-to-speech feature is legal: no copy is made, no derivative work is created, and no performance is being given.
Amazon may believe that this is true, or it may just be taking this position as a way of defending its original position.
But the truth of this position is not so clear to me. I have two issues with it:
First, the Kindle 2's text-to-speech function is certainly copying and transforming the original work into a derivative of the original, and performing this new work for the listener. That can be fair use, or it can be a crime.
Under U.S. law, fair use depends on at least four factors:
1. the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
2. the nature of the copyrighted work;
3. the amount and substance of the portion used in relation to the copyrighted work as a whole; and
4. the effect of the use upon the potential market for or value of the copyrighted work.
Reading a book to your child is fair use. Discussing a book in a book club is fair use. Buying one copy of a book and reading the whole thing to an audience is not.
My opinion: the Kindle 2's text-to-speech function, as originally proposed, failed on all four counts. It had a commercial purpose (to help sell the Kindle 2); it applied to commercial copyrighted works in their entirety; and it would have cut into the market for commercial audiobooks. Now that Amazon has backed down, the legality of this feature may never be judged by a court.
If it is a violation, it's certainly true that the violation is being committed by the operator of the Kindle 2, not by the device itself. But as the U.S. Supreme Court observed in deciding Sony of America v. Universal City Studios (1984), also known as the "Betamax case," the manufacturer of a device may be guilty of contributory copyright infringement, if the use of the device is inherently infringing.
Sony was cleared in that case because its Betamax VCRs could be used to make legitimate copies, and Sony had no control over unauthorized use.
But Amazon does have that kind of control over the Kindle 2. The Kindle 2 knows when it's working with commercial, copyright-protected e-books purchased from Amazon, and it can behave accordingly.
If technically enabling an audio production of a book, as if it were an audiobook, is a violation of U.S. copyright law, as I believe it is, the Kindle 2's text-to-speech function--enabled for those books--has no "substantial noninfringing use," the key criterion of the Supreme Court's decision.
My second problem with Amazon's position is that it's utterly irrelevant. The simple legality of text-to-speech functions is not the important issue here.
Amazon isn't just some random company making an e-book reader. It's one of the world's largest booksellers. Amazon sells books from every major publisher in the United States. Amazon even has two subsidiaries that make audiobooks (Audible and Brilliance Audio).
How could Amazon have been so stupid as to introduce an e-book reader with a feature that undermines a major portion of its business?
Never mind the relatively poor quality of the text-to-speech function on Kindle 2. It's obviously not on par with a performance from a professional reader. The Kindle 2 can't show emotions or do character voices. And never mind whether the Kindle 2's text-to-speech function will ever actually diminish audiobook sales.
It's enough that Amazon disregarded the wishes of the authors and publishers providing the content that justifies the very existence of the Kindle. That was stupid.
So now Amazon has figured that out and will do the right thing, going forward. I hope that most publishers will leave the text-to-speech function enabled. I believe that's the right choice for most books and that it won't interfere with audiobook sales enough to matter. But it's the publishers' call to make, not Amazon's, and now they get to make it. Good.
I received an interesting e-mail from a reader over the weekend. Dr. Katherine Gold, a lecturer with the Department of Family Medicine at the University of Michigan, had some questions related to Netbooks (or small notebooks), broadband Internet access, and physical computer security. After some discussion, Dr. Gold and I decided to see if some of you might be able to help answer her questions.
Here's the situation: Dr. Gold is setting up a research project to investigate the benefits of online support groups for low- income women in the Detroit area who have recently suffered the loss of a stillborn child.
Most women benefit from such services, but they tend to be less available to the poor for because they are less likely to have computers and Internet access. Also, these women often have other children to care for, jobs to hold down, and limited transportation options, so they may not be able to take full advantage of Internet access at public libraries or other facilities.
In Dr. Gold's experience, the greatest need for support often comes at night, when such facilities aren't open, anyway.
The bottom line here is that Dr. Gold wants to supply her participants with computers they can keep at home for the duration of the study, along with some kind of Internet connection.
There are several key challenges for this approach: cost, convenience, theft resistance, ease of use, maintenance, and so on.
Dr. Gold and I agree that a Netbook--the original concept of a Netbook, a machine no larger or more expensive than necessary to provide basic Internet access--would provide a good platform for this application. A properly selected and preconfigured system would provide the necessary functionality at minimum cost. A Netbook is both less attractive to burglars and easier to secure than a desktop PC with a separate display and keyboard.
The Acer Aspire One is a small but complete notebook computer.
(Credit: Acer)In fact, when Dr. Gold wrote to me originally, she had already identified what I think is probably the most appropriate off-the-shelf solution: the $99 special offer from Radio Shack for an Acer Aspire One with built-in wireless broadband and Wi-Fi connectivity.
The only drawback to this offer is that it requires a two-year commitment to a $60-per-month AT&T wireless data contract, which adds up to another $1,440 on top of that $99 retail price. That's a lot of money for a study like this, especially when it's scheduled to last only one year.
Dial-up access would be cheaper, but it would preclude testing the therapeutic value of high-bandwidth Internet services such as videoconferencing and would likely interfere with ordinary telephone usage, which makes it a nonstarter in many households.
Dr. Gold provided some statistics on the stillbirth problem: it's 10 = times more common than Sudden Infant Death Syndrome (SIDS), involved in 1 in 100 births in the Detroit area. As one might expect, stillbirth leads to much higher rates of depression and anxiety disorders compared to live birth, and these problems have significant social costs.
Stillbirth is three times more common among African- Americans in Detroit than among whites there, explaining the special value of extending Internet-based therapy to lower-income women.
I suggested that a corporate sponsor might be willing to help defray the costs of the hardware and Internet access, and that was one of the considerations that led us to this post. It seems to me that a study like this could help demonstrate that the value of small notebooks goes well beyond students, and the value of wireless broadband goes well beyond business travelers.
I'd also like to draw attention to something that's always been obvious to me: "rugged" is the corollary to "small."
Smaller notebooks are more likely to be carried around, particularly without the protection offered by a briefcase or backpack, so they ought to be more rugged as well. There are a lot of low-cost small notebooks out there, but there are few, if any, low-cost rugged models.
Ruggedness lends itself to theft resistance as well; the traditional Kensington security slot is less effective on a machine with a flimsy plastic case and a lightweight internal metal frame.
Another thing we'd like to hear about from you folks out there--have you had any experiences with Internet-based theft deterrence and recovery services such as Computrace LoJack for Laptops? Such a service could be a helpful addition to this study and similar applications.
Feel free to comment below, or write directly to me and Dr. Gold. (Addresses obfuscated a little to deter spam.)
I'll post updates as Dr. Gold's project moves along.
It looks like Google is marking all of its search results with this warning: "This site may harm your computer."
If you click on a Google result link in spite of the warning, you get an interstitial page with an additional warning: "Warning - visiting this web site may harm your computer!"
Clicking the warning itself will take you to this page, which explains: "This warning message appears with search results we've identified as sites that may install malicious software on your computer."
The server(s) that hosts that page seems to be getting hammered right now. No surprise. So is StopBadware.org, a site Google refers its users to for more information.
And so is the Google server that provides more detailed diagnostics for sites allegedly failing Google's safety tests, such as this report for the presumably clean Wikipedia site.
Coincidentally, I was reviewing the diagnostics page just yesterday for a site that had been infected by malware. The diagnostics page identified the origin of the malware that Google spotted on the server it was warning about. I wonder what, if anything, Google is saying about all these allegedly infected sites this morning... especially since Google is warning about its own site as well, if your search encompasses one of Google's own pages.
Something, I think, is amiss in Mountain View...
UPDATE: Todd Gardner suggests this problem was caused by an outage at StopBadware.org. If so, Google needs to rethink its fail-safe strategy for this data source.
UPDATE 2: Google seems to be working normally again.
UPDATE 3: According to a comment on this post by CNET user stopbadware, manager of StopBadware.org, and a blog post on that site titled Google glitch causes confusion, the problem was not with StopBadware.org.
UPDATE 4: According to this post on the official Google blog site by Marissa Mayer, Google vice president of search products & user experience, the problem was caused by a bad update to Google's list of malware-infected Web sites. As the post says, "the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs."
Mayer reports that the problem has been fully solved and promises that Google "will carefully investigate this incident and put more robust file checks in place to prevent it from happening again."
It's been an interesting several days since I posted "Is Clear a present danger for football fans?" and "Is Clear worth anything at all?" last week.
After that second post, Steven Brill, CEO of Verified Identity Pass, Inc. (VIP runs the Clear Registered Traveler program) contacted me to dispute my conclusions. Brill was very generous with his time in helping me to understand what Clear does and is trying to do.
That was nothing unusual; I often get followup calls from the companies behind products and services I mention here.
The Clear card
(Credit: Verified Identity Pass)But shortly after the first post, I got a call from Ellen Howe in the public-affairs office of the Transportation Security Administration. Apparently, government bureaucracies can be even more responsive than private companies. (I also know a smart, effective manager in the Corporate Communications division of the Department of Homeland Security, TSA's parent agency. Assuming this isn't purely a coincidence, I hope the rest of the Federal government follows DHS's lead in hiring good people for these important positions.)
Howe was correcting a factual error in my first post, but as I explained in the second entry, correcting the error only strengthened my original argument, which Howe agreed with.
Having discussed the issue at great length with the two involved organizations, I feel I'm in a better position to explain the problems I see with the Clear program. To me, there are two essential assumptions behind Brill's vision for Clear: ... Read more
I received an interesting phone call this afternoon. It was from Ellen Howe of the Transportation Security Administration, regarding my blog post on Monday titled "Is Clear a present danger for football fans?"
Howe wanted to correct an error I made. It seems that TSA is no longer running background checks on applicants for the Clear Registered Traveler program managed by Verified Identity Pass, Inc. (VIP).
I made that mistake based on statements on the Clear website and in local news coverage of the new Clear lanes at San Francisco 49ers games.
The Clear card
(Credit: Verified Identity Pass)Howe said that as for the other issues I raised in my original post, I was "on track with what (I) said," so that was good to hear.
Clear's site still carries many press releases describing the background-check step in its application process, and I can't find any mention there of the termination of this process, which Howe says took effect at the end of July. I found the official notice of the change in the Federal Register for July 30.
Clear's "About" page still says "Clear members are pre-screened," but that's no longer true in any meaningful way.
The only thing Clear does now is checking each applicant's government-issued IDs before generating the Clear card from the applicant's biometric data. Clear knows you're you-- but no longer knows if you're any more trustworthy than anyone else.
Why does VIP allow this misunderstanding to persist? Well, it certainly makes the company and its services look more valuable. That statement about pre-screening also appears in the August 20 press release from Clear announcing that it has received $44.4 million in additional venture funding. I hope the investors learned the truth before transferring their funds.
This change only reinforces my previous conclusions. There is now no reason for security personnel-- at an airport, a sporting event, or anywhere else-- to give any special treatment to Clear members. (That said, I wouldn't criticize anyone for taking advantage of this special treatment. I've often thought about getting a Clear card myself, though I never have.)
So as of now, the Clear service is nothing more than a way to skip to the front of security lines in return for paying a $128 annual fee. That doesn't seem right to me unless the money serves to improve the screening process, but I haven't seen any evidence that this is happening.
