When Akamai missed earnings estimates yesterday, they not only cited a slowing economy but also U.S. broadband bandwidth as a reason for poor earnings and forecasts. This brings up the serious issue of broadband infrastructure in the U.S. and the repercussions of ignoring a system that needs to be upgraded.

Akamai CEO Paul Sagan stated that unless broadband speeds increase, growth will taper off because consumption will have no room to grow. And according to a study conducted by Nemertes Research in 2007, US broadband will reach maximum capacity in 2010 unless there is a 60%-70% increase in infrastructure investment. It’s really surprising that none of our leaders actively speak out on the subject since it has the ability to weaken the role of the U.S. in the world economy.

From this map of average broadband speeds by country, we can see where the U.S. lies when it comes to global broadband speeds.

As you can see, average broadband speeds in the U.S. are around 5 megabits per second, compared to 1st place Japan, which is around 60 megabits per second. Even Canada, a country much larger than the United States in regards to land area has a faster average connection. So, why the mediocrity when it comes to average broadband speeds, especially considering it’s the most prosperous economy in the World?

The first reason could be attributed to the leap frog concept. The United States was one of the first countries to lay down internet infrastructure, so now it will be the oldest. Countries who have more recently adopted newer broadband technologies will have the edge when it comes to speed and bandwidth. The second reason could be contributed to influential leaders and politicians not comprehending the severity of broadband infrastructure in the country right now. For example, neither presidential candidate considers broadband policy a major part of their campaign platform.

Serious investment into broadband infrastructure will be needed or else more companies like Akamai will start complaining about not being able to grow domestically because of bandwidth constraints, and look for other markets.

Facebook has announced the launch of a new, more structured type of news feed. The service essentially categorizes information from the old feed into separate tabs, enabling users to view activity they find interesting rather than sifting through the clutter. The feed toolbar features four tabs at the moment, including feeds for top stories, status updates, photos, and posted items. Users are also able to comment on individual updates within each feed.

Though the content provided is nothing new, the structure and commenting capabilities open up entirely new possibilities for Facebook. For instance, the status feed could eventually become an aggregation point for status updates between Facebook and Twitter accounts. As more and more people connect their Twitter accounts to Facebook they will find that the status feed provides a much more manageable way to view a large amount of updates. Furthermore, the commenting system allows for a level of interaction that Twitter is yet to provide. It also enhances the photo sharing experience, which is arguably one of Facebook’s most attractive and successful features.

Though this is a breakthrough for Facebook, it only scratches the surface of what they could do with the news feed. A separate feed monitoring application use could increase the viral nature of apps and boost application development across the network. Advanced filters, allowing users to follow the activity of a select group of their friends or family, much like FriendFeed’s “Rooms” feed, could make the experience much more meaningful. There are loads of possibilities.

If the service ends up being a hit it will divert attention from personal profiles, and transform the Facebook experience to one of live updating; something that is very similar to FriendFeed. Facebook has started to resemble the social aggregating service more and more as of late, starting when they began to integrate items from social media sites like Flickr and del.icious a few months ago. Though the news feed is another step in that direction, FriendFeed still collects from a much larger array of services and provides many features that Facebook is yet to replicate. However, if Facebook continues to extend into this space then FriendFeed may need to revamp its service to avoid loss of new users. Until then all eyes are on Facebook.

The clock on the NBCOlympics.com site reads 7 days, 12 hours, 31 minutes, and 29 seconds until the start of the Olympics, but the clock countdown on watching NBC Olympics On the Go on the Mac is T minus never. That’s because On the Go is sponsored by Lenovo and powered by somebody called TVTonic, and when you click to install TVTonic you get this notice:

Software Compatibility Notice
We’re sorry, your computer isn’t compatible with NBC Olympics On The Go, powered by TVTonic. Please read the system requirements for more.

If you would like to download the installer software anyway, you may click here to download it.

Perhaps the suggestion to download the software anyway is to accommodate dual boot users, but I imagine running Parallels would avoid the whole Mac error screen anyway. What’s surprising is that Microsoft has made much of the fact that NBC’s Olympic coverage will be augmented by an enhanced experience with multiple camera angles, interactive data, and various extended features, powered by the cross-platform Silverlight technology. Just to maintain the confusion, TVTonic offers an option to Watch the Introduction video that requires Silverlight.

Meanwhile, back over on the main site, the countdown continues. You can watch videos and peruse results and schedules, all powered by the afore-mentioned Silverlight, and all the while being upsold to DirectTV packages of extended coverage. There are no indications of how special Silverlight programming will be scheduled or announced, and no features like On the Go’s “subscribe to your favorite events for automatic delivery to your PC.” Not an auspicious debut for the Silverlight strategy of reaching what Microsoft thinks will be some 100 million desktops by the time the Olympics end.

Oh well, guess I’ll watch the Introduction video again.

I’m a big fan of negative gestures, something I’ve talked about over a long period of time. What I mean by that is the power that can be derived from not saying something, not liking something, not tipping a hat to something, etc. I’ve used (jokingly with a smidgen of truth) the John Dvorak test, where if John comes out strongly against something (blogging, podcasting, Twitter) it’s likely a buy signal.

Factor in that John is a serial instigator whose editorial model is to stretch the truth to elucidate a more fundamental underlying truth. This also pays well historically for John. But nonetheless Dvorak is one of my most reliable negative signals. To reiterate for those who haven’t followed my theories on attention and gestures, negative nodes produce a much greater opportunity for ruling out memes and threads of discussion than most modern aggregators, which use last-in first-out UIs or explicit voting to push things up the priority list. Negative thought leaders wipe out large swaths of nonsense across many domains.

Aggregating those negative gesturers would further improve efficiency, by triangulating various attitudes into a synthetic consensus. The Gillmor Gang is such a mechanism. These supernodes are fairly static in their evolution, as it takes time to acquire and maintain some sense of stability among these volatile creatures. Witness how difficult it is to keep Arrington amused long enough to get into an enterprise discussion, or Calacanis engaged enough to have him not retire from yet another sector of new media.

The only option to increase the flow of negative nodes into the system is to move vertically, or deeper into the disciplines that underly the vendor and startup sports that attract most of the raw attention. It is here that the Open Web Foundation appears on the scene, a honeypot for attracting negative gesturers. The brainchild of David Recordon and emergent standards artists such as Chris Messina, the group seems to have a strategy of reusing lessons learned in the emergence of OpenID and OAuth as a series of best practices to inform a wider range of ad hoc open standards.

In doing so, it has attracted the vitriol of Dare Obasanjo, the brilliant Microsoft engineer who has gone from being the most outspoken Redmond blogger to the most partisan one. Obasanjo retired from the blogosphere some months ago, seemingly frustrated with the Vallywaggish nature of the conversation at the time, and has recently reemerged first on Twitter and then again on his blog. In addition to his knowledgeable commentary on issues of sustained interest to him, he has added a curious tone of anger that mostly finds its target in Microsoft competitors, most consistently Google.

Dare’s recent post on OWF follows a Twitter pointer at a Google Groups discussion by many of the players. Obasanjo sounds neutral: “Open Web Foundation is not a standards body.But it wants to do the same things they do only hipper.” But his post almost immediately delves into the kind of political insinuations that seem to fuel his return to blogging, quoting “Google evangelist Dion Almaer as rationalizing the need for yet another “standards” (Dare’s quotes) organization by providing “justification for why existing Web standards organizations do not meet their needs.”

Specifically, Almaer mentions “pay to play” orgs such as the W3C and Oasis, as well as what Dare calls OWF spin about “one off organizations like the Open ID foundation and the WHATWG that are dedicated to a specific technology.” It now becomes clear that Obasanjo thinks there’s no need for a newer hipper replacement for the Internet Engineering Task Force (IETF), which he suggests already has proved its worth by providing RFCs for the browser content transport (HTTP) and what he calls the RSS reader that consumes his Atom feed.

Never mind that “RSS” is a specification that never would have seen its successful penetration into all manner of media and platforms if not for ad hoc support from people like Dare Obasanjo, who in his previous incarnations was a singular balanced voice in calling for rational and fair analysis of the benefits of open technology (XML) and its derivatives. Take this post from 2004:

The value of RSS is fairly self evident to me but it seems that given the amount of people who keep wanting to reinvent the wheel it may not be as clear to others. As someone who used to work on core XML technologies at Microsoft, the value of XML was obvious to me. It allowed developers to agree to use the same data format for information interchange which led to a proliferation of a wide and uniform set of tools for working with data formats. XML is not an optimal format for most of the tasks it is used for but it more than makes up for this with the plethora of tools and technologies that exist for processing XML.

Understand the context and particularly the political risk Dare was incurring with his unbiased view – this was not an evangelist talking openly inside Microsoft about technologies not controlled by Redmond but an engineer whose voice stood out markedly from most who came before and since. He concluded:

We need less data interchange formats not more. It is better for content producers, better for end users and better for developers of applications that use these formats. Existing problems in syndication should focus on how to make the existing formats work for us instead of inventing new formats.

Vive la RSS.

Replace the word “syndication” in the last sentence with “open standards” and we might see how Dare could support what OWF is trying to do. Surely there are many reasons to doubt the effectiveness of Yet Another Standards Group, but surely the folks who have squired OpenID and OAuth through the thickets have the right to be given a chance to share their experiences and hard-won successes with the rest of the community. That is, without a partisan and petty attack such as the one Obasanjo leaves as his contribution:

I can understand that a bunch of kids fresh out of college are ignorant of the IETF and believe they have to reinvent the wheel to Save the Open Web but I am surprised that Google which has had several of it’s employees participate in the IETF processes which created RFC 4287, RFC 4959, RFC 5023 and RFC 5034 would join in this behavior. Why would Google decide to sponsor a separate standards organization that competes with the IETF that has less inclusive processes than the IETF, no clear idea of how corporate sponsorship will work and a yet to be determined IPR policy?

That’s just fucking weird.

For the same reasons that RSS emerged. Because it needed to. Obasanjo is consistent across the years in his desire not to reinvent the wheel, but today he refuses to support not reinventing the OpenID/OAuth wheel because it has Google’s fingerprints on it, among others. That’s just fucking weird.

Open source wiki developer MindTouch has recently announced Kilen Woods, the newest version of its collaboration and knowledge management platform. The version is the companies latest attempt to beef up their wiki collaboration interface.

Users now have access to an expanded set of adapters to various systems and web-services including Salesforce, SugarCRM, LinkedIn, MySQL, Microsoft Access, VisiFire, PrinceXML and several more. With access to a greater number of useful applications and databases users are able generate more comprehensive workflows and mashups for their enterprises.

The platform requires some technical acumen, but for the most part it simplifies some very complex interactions. For example, users are able to drag and drop directory structures from Windows to MindTouch and the hierarchy will be automatically created as wiki pages. Users can also publish an entire email thread from Microsoft Outlook to MindTouch Deki in a single click.

Kilen Woods will be available for download for free later this month. The wiki and knowledge management space has many strong offerings, notably those from Atlassian and Socialtext. The differentiator with MindTouch is their new mashup and integration services, allowing enterprise users to aggregate data and information from other platforms into a single solution. The other vendors achieve similar results by using plugins that have been developed either in house or via third-parties, while MindTouch is focusing on developing these servies as a core part of their offering.

Update: Corrected pricing information. MindTouch Deki is free.

Atlassian has announced the availability of their JIRA Studio suite as a hosted Saas service. JIRA Studio is a hosted integration of popular Atlassian products starting with the JIRA issue tracker and Confluence, their wiki and knowledge management product. Atlassian has partnered with Contegix to provide the hosting for the new suite of applications.

The JIRA Studio solution includes issue tracking, wiki software, SVN repository management, a single-sign on server and continuous integration. The solution as a whole is a development community and/or development suit in a box – providing almost all the tools that are required for software management. JIRA is a well known and established issue tracker, with custom workflow and a number of other features that sets it apart from competing products. Atlassian have built their suit out around the issue tracker, and overall it provides a unique and customizable environment.

Mike Cannon-Brookes, the CEO and co-founder of Atlassian commented that it was the partnership with Contegix that allowed them to enter the hosted application and Saas space. Atlassian has to date built a base of over 12,000 customers in 104 countries by licensing their collaboration and development tools. The partnership with Contegix and the new hosted solution allows the company to acquire new customers who are seeking an instant install without hosting and administrative overheads. Pricing is set at $25 per user per month, available in blocks of five licenses (so $2500 per annum). Bulk pricing rates are available beyond 100 users.

Contegix are an enterprise hosting platform that offer a 100% uptime guarantee. Their hosted service is fully managed and supported – allowing companies to focus on their product or solution rather than the hassles of hosting. At the OSCON conference, Atlassian and Contegix are offering a 5 user license of JIRA studio for free to anybody who attends a demo at their booth in the hall. For those of you not at OSCON, a live demo instance of the JIRA studio is available here.

Microsoft announced today that they have acquired data warehousing application provider Datallegro for an undisclosed amount. The acquisition was run out of the Data and Storage Platform division at Microsoft, with an intention to integrate the Datallegro application into Microsoft SQL Server and the data application suite.

Microsoft are rapidly building out their data services offerings and have made a number of acquisitions as part of their strategy to compete in the enterprise market. Microsoft recently also acquired Zoomix, an Israeli company that provides automated data intelligence. The data and storage division at Microsoft is growing rapidly, and with the upcoming release of Microsoft SQL Server 2008 and an agressive marketing push they should be able to steadily chip away market share from Oracle in the enterprise market.

Datallegro was founded in 2003 by Stuart Frost and Mark Thacker in California. They just raised 19.6 million dollars in their D round in May. The round was led by an affiliate of the Hillman Company, with Adams Capital management, Focus Ventures, Intel Capital, JAFCO Ventures, Palomar Ventures and Venrock Associates joining.

It hasn’t been a month yet and the parachutes are floating at Microsoft. Kevin Johnson’s sudden move to Juniper Networks comes less than 24 hours before the Microsoft analysts meeting. This is the new Microsoft, where Steve Ballmer and Ray Ozzie start running the company. It’s also the beginning of the end for the classic power centers at Microsoft – and not a moment too soon.

In Ballmer’s internal memo, he names names, starting with Apple in a rare acknowledgement that Curpertino is causing some actual pain to the North. Of course, says Ballmer, it’s not PCs where Microsoft outsells 30 to 1. It’s the user experience, the roundtrip between software and hardware that grates. Ballmer says the new plan is to change the relationship with hardware vendors. The same goes for mobile.

OK, how does that work? How do you maintain what Ballmer calls choice without retaining the compromises that come from not controlling the end to end user experience. Answer: by abstracting the differences between devices via a virtualization layer that developers can (must) write to. Yes, it’s the Mesh word.

How do you encourage (force) developers to toe the line? Take a page from Apple’s iPhone and App Store, by mandating control of the application layer via the communications infrastructure. Apple has carefully constrained the enterprise tools by using battery life and its implications to hold off developers until MobileMe has the kinks worked out and provisioning under control. That’s why the Push Notification Service is not coming until September at the earliest.

Even Google has to wait in line with the rest – no Gmail push because if that were available today I would jump immediately. Push Gmail solves the social graph problem by carrying IM notifications over email to set up the conversation, making Track available to any application or set of services without getting in the carriers’ faces. Calendaring and event notification become email triggers, setting off server-side workflow and transaction processing based on rules defined by behavior.

Extrapolate that carrot-stick approach to the Microsoft situation and match the pieces up: Social notification (Mesh) is the carrot and Silverlight is the stick. By separating Windows and Windows Live from all the sucker bets Redmond has been making on search, Ballmer gives Sinofsky and his research and business cohorts room to merge the desktop and Live parts into Windows 7 aka the Live Desktop.

Meanwhile, developers are shown the way to earn money now – by blending social graph and cross-platform rich-enough apps just as Jobs gave iPhone devs Webkit apps to hold them off until the APIs were ready. Don’t think so?

We’ll introduce new approaches that move beyond a white page with 10 blue links to provide customers with a customized view of their world.

Customized how? By mining the user’s social graph. Their world? The behavioral gestures they emit to describe their interests, in a real-time stream of XMPP information that ranks incoming offers based on the signals of the affinity groups housed in Track and Follow clouds. Look at the most viral iPhone apps: Twitterific, Evertone, Jott, Pandora. Tell us what you like, we’ll give you more of that based on who “you” are.

The Microsoft reorg appears to give Sinofsky and the other Windows guys a bump up the org chart, but another way to look at it is that Johnson’s Platform and Services division has actually lost power by being split in two. By contrast, Stephen Elop’s uber Office and Muglia’s Server divisions remain unchanged and therefore more powerful in the overall scheme of things. Online Services gets a new head count in the Senior Leadership team, not drawn for the current hemorrhaging crowd but from somewhere outside the company or perhaps a profitable area internally.

Contrast Microsoft’s out-of-character precipitous move the day before the analyst’s meeting with Facebook’s confident stealing of a page from Google’s book with a revised Facebook Connect and a reward-based developer program. It’s hard not to see Facebook as emulating Apple in precisely the same way Microsoft may be moving toward. Reformulating the out-of-control poke and bite application space as a Web-wide application layer creates a carrot (identity leveraging) and stick (tiered dev status) just like – you betcha, the App Store.

To recap, in less than 30 days since Bill left the building, the Windows guys are tethered to whatever the Live Desktop will become, Ballmer is firmly in charge, and Ozzie is steadily making inroads by standing very still in the center of the Mesh and letting the various Presidents whittle each other down to size.

Drizzle is a newly announced fork of the open source MySQL project. The developers of the project are taking MySQL back to its roots as a light-weight web application database by removing many of the features introduced in MySQL 5. The fifth version of MySQL was in development for years as some users demanded features such as views, stored procedures, transaction handling, clustering and more. The early releases were bulkier and not as stable as the ultra-popular version 4 of MySQL, and now somebody has forked the codebase into a new project to take the database server back to what it was.

For most web application developers, only a basic database system is required. The original popularity of MySQL was because of its simplicity and ease of use. Postgres was always a full-featured open source database server that offered all the enterprise features of competing commercial systems. MySQL was a lighter alternative which was easy to install and learn, but a lot of that simplicity was lost as the development of MySQL progressed towards competing in the enterprise.

Drizzle would seem to have an instant user audience and developer base amongst those longing for the old MySQL. These developers are likely low to medium-end web application developers using a scripting environment and don’t require or don’t need an advanced database system. MySQL was a key part of the default LAMP stack that pioneered simple web application development which went on to open a whole new market. While MySQL 5 can be componentized and customized, developers seeking a smaller and lighter-weight database can revert to Drizzle, at least until the MySQL team see the demand and offer something themselves.

Kontagent is an application that integrates tightly with platforms such as Facebook to offer widget and application developers a high level of analytics data. Current analytics packages for social network applications or widgets offer nothing more than pageview stats or simple user numbers (such as what Facebook publishes itself) while Kontagent is able to bury itself deeply into the platform and extract detailed user and conversion data. Kontagent, which is currently in private beta, has been in development for over 12 months now and is currently being used by a small number of high profile companies in tracking their application usage and adoption on Facebook.

We tried out Kontagent and looked at all the data it was collecting, and were impressived with the results. You can narrow down visitor information based on geographic location, age groups, sex and many other variables. All of that data is being taken out of the Facebook platform and fed into the analytics engine. The larger widget companies such as Slide and RockYou have similar deep analytics at their disposal, but Kontagent is about even up the playing field by allowing the smaller developers to get access to similar technologies. One of the most interesting statistics is virality, which tracks the number of average users each new user invites and over what period of time.

From an integration perspective, there are both client and server components that must be tied together. On the backend, Kontagent provides an API (and a library in PHP) that is used to send data back to its servers. On the frontend a Javascript include is used to send client data back. Integration is a bit more complex than a standard analytics engine, but if offers much richer and more interesting data. For an average developer, integration should take an hour or two, and shouldn’t require long-term maintenance within the application itself.

Kontagent was founded by Albert Lai, who previously was the founder of BubbleShare and Jeff Tseng. They have raised a small round of funding from valley-based sources and their team is split between San Francisco and Toronto, Canada. Their intention with the product is to make it available for free to low-end developers, while charging a fee for commercial applications. Currently Facebook is supported by in the near future support for MySpace will roll out as well as other platforms. Users interested in participating in the private beta can submit their details on the website.

The news is full of transitions. Chad Dickerson returns to his East Coast after years at Yahoo! and InfoWorld. Steve Jobs faces concerns about his health as Apple prepares to ripple their product line. The social media community is caught in a crossfire between market force power plays and standards body jockeying.

We don’t know how any of this will turn out, but history as always suggests clues as to direction and results. The history of the technology community is never just about youth and drive, nor experience and watchful waiting to strike. It’s a combination, the subtle alchemy of a Jobs denying the logic of first video and then the phone, then suddenly launching one after the other. The locked down protection of access to outside iPhone development, then the leveraging of an outside SproutCore framework to rapidly leapfrog Mesh and Silverlight with MobileMe.

Dickerson helped engineer the Beck concert in the middle of Yahoo’s campus, a gift to the developer community that led to Brickhouse and a strong signal of cluefulness that continues to this day, albeit under Google’s clever repackaging with a series of Campfire announcements and Google I/O, and Facebook’s second F8 developer conference later today. These company-specific announcements have seen a mixture of company officials, engineers, and a surprising number of free-range activists from the ad hoc standards world.

People like David Recordon, who will announce a new open web initiative at OSCON on Thursday, and Joseph Smarr of Plaxo(soon to close as a ComCast acquisition) pop up all over the Valley at these proprietary events to lend support, validation, and not a little positioning of themselves arbiters of “what’s fair” as the social media leaders try to coopt a growing sense of the value of user control of data.

Rewinding to similar points in the consolidation of Web services and RSS, it’s instructive to realize that the tortoise often beat the hare in pushing back progress until the native power of these standardizing technologies achieved enough momentum to warrant the peace with honor necessary to force the big vendors into adoption. Adam Bosworth cleverly used Microsoft’s need to grow into a Web strategy and IBM, Oracle, Sun, and others’ desire to create an alliance around XML to get initial exploratory buy-in from Gates, then brought the rest in for feedback, then turned around and forced Gates to jump in for real to stay ahead of the competition.

This time Google has the whip hand with Friend Connect, calling Facebook’s initial bluff and forcing yet another restatement of the Facebook tight wire balancing act between protecting its cloud and user privacy from the data portability meme. But do users really want portability or just the utility of leveraging their identities and those of their peers around the Web with as much elasticity as possible.

Did the heavy handed Web Services Interoperability (WS-I) conspiracy between Microsoft and IBM really win the day, or lightweight easily consumable services such as RSS that almost a decade later now for the backbone of Microsoft’s forthcoming Mesh architecture. SOAP and REST, the rise of XMPP – over and over again the inexorable drip drip drip of simple is as simple does keeps winning.

It’s always seductive to couch these waves of evolution and disruption in anthropomorphic terms, putting pants on Disney characters and watching well-meaning adventurers sweet-talking bears only to get eaten by them in the end. There’s billions at stake in this social media sweepstakes, and while we appreciate the folks who venture in with good intentions and youthful vigor, it’s important to put some money on those who understand how Moore’s Law makes simple powerful no matter how innocent and fragile it appears at inception. The early bird gets the worm, but who gets the bird may count for even more.

News broke out across the world yesterday that Bosnian Serb war-time leader Radovan Karadzic had been captured after 12 years on the run. Karadzic had adorned the top of the Interpol most wanted list for over a decade, commanding a reward as large as that offered for Al Quaeda terrorists such as Osama Bin Laden. What was most surprising about the arrest was that Karadzic had been living in Belgrade amongst the public, even working as a new energy practitioner.

Under his new name of Dr Dragan Dabic he had a website where he outlined his services, complete with an email contact address. What is even more surprising is that the email contact leads back to a Gmail account and username which has been registered for at least two years. For years authorities searched wooded areas of Bosnia, caves, underground complexes and monasteries and the whole time the answer to the thorn in their side was within a US-hosted email account.

Accounts of the arrest from Serbian authorities and the media claim that the local police were tipped off to an approximate location by a foreign intelligence agency. This lead to a day-long house to house search in the suburbs of New Belgrade, an old communist-era planned suburb full of filing-cabinet like concrete structures that served as homes for the party elite during the Tito era. While it is not entirely clear and details are likely to never be revealed, the pattern of having an approximate location and then relying on a detailed search suggests that a technology trail was traced either through a cell phone or an IP address.

Google has responded to our request to comment on suggestions that the company may have provided information leading to the capture of the suspect via his Gmail account by saying:

“Users can sign up for Gmail accounts without providing any information about their identity, and Google does not seek to determine the identity of Gmail users. We do not publicly share information about which users or email addresses are or are not the subject of law enforcement requests.”

While users do not have to provide their details on an account, it was apparent in this case that the real identity wasn’t associated with the account (that would have been too easy). Google are refusing to confirm or deny that Karadzic was using a Gmail account, and thus are not going to confirm or deny if the account hosted with Google played a role in his capture.

Google has previously (along with Yahoo and other web companies) played a role in assisting both the US and foreign governments with tracking down users in criminal cases. In one specific case Yahoo CEO Jerry Yang was criticized over the role Yahoo played in relaying information to the Chinese government that resulted in the arrest and detention of a ‘dissident’ blogger.

It is well known that other fugitives make innovative use of technology to communicate while remaining hidden. For instance the Taliban and Al Quada are known to use satellite telephones in Afghanistan and Iraq to co-ordinate their activities, along with public email services with simple steganography tools (the ability to hide messages within images, video or sound files). These technologies and the web are a double-edged sword for authorities as on one hand it is known that in the USA and throughout Europe there is a level of communication monitoring, while on the other terrorists and fugitives use the same tools to keep themselves concealed and to continue operations.

The big questions arise when it comes to the privacy of users, especially with the growing trends of both web applications and cloud services. In each of the known cases to date, the information was provided volunteeringly by the respective corporation as opposed to being processed through courts and international laws. The companies hosting these services are taking a role of arbiters of justice by involving themselves in both international politics and the internal politics of foreign nations.

Note: we removed the Gmail username that was linked to the Karadzic identity he used on his website

Chris Saad, a co-founder of the Data Portability project has posted that tomorrow at OSCON a new Open Data Web Foundation will be announced by David Recordon and others.

The goal of the new foundation is to set out the actual data specifications, legal structures around data portability and in helping to evangelize set formats. Saad says that the initiative is different to the Data Portability project in that it is details oriented around specific technology and legal implementations rather than the broader evangelizing effort that has come out of Data Portability:

It seems like the foundation is well placed to provide a much needed level of oversight and legal protection for fledgling open standards. These standards will ultimately contribute to the ‘data portability’ vision of an inter-operable, standards-based web of data.

While Saad is diplomatic in his response, I can’t help but think that the efforts around standards and data portability being split into multiple groups is the ultimate definition of irony. The Data Portability project has seen great results today with companies such as Google, MySpace and Facebook participating and backing its charter. The results to date have been applications such as Friend Connect and an overall establishment of goodwill between companies who previously competed with their own data and user silo’s.

A long running problem in messaging and consistency from advocates of both open source and standards has been the duplicate and overlapping efforts. The best recent example was the split within the RSS camp that resulted in a new Atom syndication format, which in the long-term did not manage to displace RSS and instead divided evangelism efforts. While a similar split along technology lines does not exist in the case of the new Open Data Foundation and the Data Portability project, it would seem that a more united and single-branded front would be more appropriate considering the shared agenda of both camps.

The division of labor seems to be that the new Open Data Foundation will focus on technical specs and formats as a form of umbrella group covering protocol specific efforts such as RSS, Atom, OpenID, oAuth etc. We don’t have the details of what is being announced yet, but the initial response from Saad does not bode well for an initiative that has managed to achieve so much in so little time.

A week ago we reported that Apple had finally filed suit against Mac clone maker Psystar. Apple claimed that Psystar was trading on the Apple brand and illegally releasing the Mac OS X operating system on clone hardware. Today we have learnt via Macblogs of a new clone maker, Open Tech, who are planning on filling the void that is likely to be soon left by Psystar.

Open Tech are taking more precautionary measures than Psystar, who traded openly from Florida, by setting up their company and domain hosting in the tiny atoll nation of Tokelau. The atolls, a former British Protectorate, measure only 10 square kilometers (5 square miles in funny units), have a population of 1,500 and an annual GDP of only $1.5M USD. It seems that the domain registry business associated with their .tk TLD has increased their annual GDP by 10% a year.

Domain name and host information reveals that the website is hosted in Germany and the company behind the domain is registered in The Netherlands. It may be that the company operates in Europe but has shielded itself behind a tiny nation in the Pacific.

The fact that Open Tech is setting up in such an esoteric location is a sure sign that they expect the wrath of Apple to come down hard and are taking precautionary measures. The website claims that their product range will retail soon, with a starting price of $620 USD for a clone machine with about four times the power and storage of a similarly-priced Mac mini. There is no information on where manufacturing takes place (I doubt they are setup on one of the Atolls) nor who is behind the company. We have sent an email to their PR contacts to get more information and will be updating this post accordingly.

The good computer hackers are similar to war veterans in that they spend hours talking about how great the scene used to be “back in the day”. I first heard similar stories way back in 1995 but today it is actually somewhat true as the final HOPE conference has now been held, Black Hat is now a corporate event, the good e-zines are long gone and hacking is now associated with Russian crime gangs.

Now is a good time to go back and list the top 10 hackers who shaped both the computer and security industries and who have left their mark.

1. Shawn Fanning – What was once an IRC handle became synonymous with the free exchange of music files. Along with Jordan Ritter and Shaun Parker changed the music industry forever and set the course for the next decade of online media. Managed to turn a cool rock metal band into a bunch of whining babies and had his high moment when he appeared on the MTV music awards wearing a Metallic t-shirt. ADM were also the best and most consistent group ever (wikipedia).

2. Robert Morris – Discovered the buffer overflow and exploited both sendmail and fingerd with the first ever internet worm – now known as the Morris Worm. Went on to become a co-founder of ViaWeb with Paul Graham. Downside is that his story was responsible for Dade Murphy and the Gibson OS, but it also bought us Angelina Jolie. (wikipedia)

3. VallaH - jolt.c and the ping-of-death kept kids around the world amused for years and big corporations on their knees. The first smart denial-of-service attack.

4. Gordon Lyon / Fyodor – Created Nmap, the
first tool in every hackers arsenal that has since gone on to make cameo appearances in both The Matrix and the Bourne Ultimatum. Nmap pioneered OS and service fingerprinting. Also behind insecure.org. (wikipedia)

5. Kevin Mitnick – Most famous real-life hacker who could have used a few tips on how cellular triangulation works. Imprisoned by the government without charge for years and restricted with a gag order thereafter. FREE KEVIN became a hacker freedom call for years. (wikipedia)

6. The Mentor – Wrote the Hacker Manifesto which was published in Phrack magazine. Inspired kids worldwide to hack to learn (myself included). Phrack magazine deserves a mention as it was the best and most consistant e-zine in the past two decades. Ran for 65 issues until 2005.

7. Karl Koch / August Diehl – German hacker in the 80s who drove himself insane with cocaine abuse, obsession over the number 23 and paranoia over the Illuminatus. (wikipedia)

8. Electron / Richard Jones – Aussie kid who wrecked havoc all over the world with nothing more than a modem. Arrested by the Australian Federal Police in 1990. Went on to become a security researcher and consultant.

9. Kevin Poulson / Dark Dante – Phreaked his way to a new Porsche with a radio contest on an LA station. Arrested and jailed and went on to become a journalist and editor at Wired. (wikipedia)

10. Adrian Lamo – showed the world (literally) that you can take down large websites with just URLs (such as Worldcom). Now also a journalist. (wikipedia)

What is amazing is just how many of the same guys who used to sit on IRC day and night discovering security holes and breaking into servers for fun ended up shaping and influencing the IT industry as a whole. There are hundreds of thousands of hackers who you have never heard about, mostly because they never got caught, who went on to start companies and attain high positions within corporations.

There are times when the full disclosure of a security vulnerability works well for everybody, and there are times when it does not. One such case where it hasn’t worked out well is with the DNS security vulnerabilities recently ‘discovered’ by security researcher Dan Kaminsky. Some weeks ago after he called a press conference with the organizers of the Black Hat conference vendors rushed to work out the details of the bug (he was intentionally vague with the details) and release patches. The full details of the attack were supposed to be revealed by Kaminsky at Black Hat on the 6th of August, but in the interim the full details of the attack have leaked – exposing a large number of the DNS servers on the web to poisoning attacks.

The attack relies on poor random sequence generation and poor port selection used in parent lookup requests. A DNS server querying up the chain for the response to a request authorizes the response based on the port it is being received on (which is usually easy to guess) and a sequence ID – which is often not very random. An attacker simply sends thousands of ‘response’ packets back to the requesting server after forcing a lookup, and if the correct sequence number is guessed then the server will cache the response for as long as the TTL specifies.

The attack is incredibly simple, and exploits a core weakness in the way that the domain name system operates. This attack is not new either, as a number of other researchers have pointed out. The flaws in the DNS system have long been known, and script for guessing sequence numbers for forged responses have been around for years. DNS poisoning attacks are difficult to detect and can lead to simple large-scale phishing attacks on vulnerable servers.

If you are running a DNS server the best course of action is to contact your vendor or to point your parent requests to OpenDNS, who are not vulnerable to this method. A full description of the attack is included below:

Read More

The Public Interest Registry, operators of the .org top-level domain name, was today granted permission from ICANN to implement Domain Name Security Extensions (DNSSEC). DNS is inherently insecure, which has become more apparent recently with security issues found in most server implementations (to do with easily guessing client ports used for responses) and the lack of a trust mechanism that results in DNS poisoning (the process of injecting a false response to a DNS lookup and redirecting the user to another site)

DNSSEC adds extensions to the DNS protocol that provide a layer of authorization between requesting clients and DNS servers. The extensions provide a way for clients to check the authenticity of a response to protect against both poisoning and other redirection methods used in man-in-the-middle and phishing attacks.

The move could be the impetus for the other TLD managers to also adopt the emerging standard. DNSSec-Deployment, an advocacy website for DNSSEC, estimates that up to 10% of DNS servers on the web today are vulnerable to simple attack techniques that could compromise a visitors web traffic. If DNSSEC works out for the .org group we could see it implemented broadly across .com and .net (with Verisign) and a more secure DNS system for the web.

Continue comments here. The discussion has been very interesting, thank you to everybody. We are taking it all in and organizing the new dev site which will be up in the next few hours.

Forking comment thread here. Thanks!

COMMENTS CLOSED HERE. PLEASE CONTINUE AT NEXT POST

Digg This

Today at Techcrunch we announced that we are building our own web tablet hardware device. This all stems back from a conversation a few weeks ago when we were discussing the ultimate web browsing/cloud computing client hardware. The iPhone is nice but too small, and most laptops are over-powered for the task. With applications on the web most of us just need a web browser most of the time, so the ideal device would be a light-weight small tablet running nothing more than Firefox on a decent screen and with a WiFi connection.

The software development aspects of the project will be managed here from TCIT. Our goal is open source from top to bottom (including the full design, eventually). Leave a comment and we will get in touch with you and send you an account on the project management system we will be setting up (I am also nik at techcrunch on email which might be easier than flooding comments). It would be interesting to hear general feedback and ideas – we really want to open this up to everybody.

The planned stack so far is to run BSD or Linux, with the Gnome desktop. We will probably take the Gnome Onscreen Keyboard project and adapt that as the primary input device (the hardware design includes multi-touch under the LCD screen, I will have the full specs shortly and will post them to the wiki). Then there will be Firefox, running in a stripped down interface mode with a simple system tray showing battery life and wifi (and simple settings for the device). Plugins would include Gears, Flash and probably either VLC or Mplayer with open codecs for media.

Once the stack comes together and we can set the hardware spec in stone, we will do a small manufacturing run and ship some devices out to developers so that we can work on specifics. Once that is done there will be a larger manufacturing run with hopefully a retail price of $300 or less. If you are excited about this as we are, please get in touch.

COMMENTS CLOSED HERE. PLEASE CONTINUE AT NEXT POST

The Live Mesh team at Microsoft announced today that P2P storage between Mesh nodes is now available in the latest client update. Previously storage on the Mesh worked by utilizing the 5GB allocated to each user on the central hosting platform at Microsoft. Users are now able to sync their files between connected nodes automatically.

The new technology works by synching the files between computers, but the metadata is still stored centrally (although it does not count towards a users quota usage). All Mesh objects and folders can be copied between devices directly, except for the Live Desktop. The video below is from the Live Mesh team talking about the P2P technology and how they solve conflict and other issues that have plagued other P2P storage attempts in the past.

David Steere and Trevor Robinson: How Live Mesh P2P Syncing Works

As we wrote previously, the applications currently on Mesh.com are implementations of a broader development platform being built and developed based on open formats and standards. Live Mesh has been available to anybody with a Microsoft Passport for a few weeks now, with Vista and XP clients available for Live Mesh and a Mac OS X client is in the works.