On a smartphone, passwords are even more irritating than ever, especially on a soft keyboard that’s so sure it knows what you want to type that the default is to correct what you actually wrote. That’s only a trimester if the phone has as big a vocabulary as you do.

For instance, when I started writing this on my Samsung Blackjack II with xt9, what I typed in the previous sentence was ‘timesaver’ - before xt9 ‘ corrected’ it… xt9 gives you the option to stick with your actual typing as long as you notice the change and the equally aggressive correction on the iPhone does the same (though I’ve never managed it myself), but it’s one more way that passwords are more likely to trip you up than keep you secure. Let alone that the UK now has the worst information theft figures in Europe, even though the French have the least secure passwords.

Switching to information cards where claims like who I am and whether I’m over 18 are encrypted, hashed and sent on demand to replace simple username and password makes logging on simpler and more secure, and makes it possible to add extra authentication. After complaining about Microsoft not issuing secure ‘managed’ cards I’ve been told to wait a few days for a major announcement; it might be the Equifax over-18 I-card service https://equifaxicards.com/imover/overview.do (only for the US at the moment, but it’s the first major public verified information card and it will soon be followed by cards to prove your credit rating, contact details or membership).

So that leaves getting sites and services to accept information cards - and being able to use them on any computer. They’re built into Vista, Windows 7 and any PC with IE7, plus there are open source plugins for Firefox and Safari.  And now there’s a completely unofficial implementation for the iPhone - which you can’t use.

Developed by Markus Sabadello, who works at Parity, it’s in two parts. The I-Card Manager (http://www.iphoneicards.com/)  shows up as an app in the usual place and lets you access cards you have stored with Parity’s free AZigo online card storage service (www.azigo.com- this is the easiest way to share cards between different PCs that you use) and see what details are on each cards.

There wouldn’t be any problem putting the iPhone I-Card Manager on the AppStore, but it’s no use without the iPhone I-Card Selector. This is a plug-in for Mobile Safari that lets you click the i-card login on a Web page and pick the card you want to submit.

And as Apple hasn’t published an SDK for writing browser plugins and won’t distribute them through the AppStore, you have to jailbreak your phone to install it.

Although there was huge enthusiasm at the Internet Identity Workshop where Markus demonstrated his application (and a petition was set up to send to Apple), the general consensus was that Apple would wait until the standard had actually taken off to integrate it. That’s a shame because, as I say, a phone is where typing a password is the most painful and relieving that pain would be an excellent way of pushing the adoption of information cards.
-Mary

Simulating the big bang and colliding particles at the speed of light takes a lot of space, makes a lot of data - and it isn’t going to blow up the planet.

The Large Hadron Collider has been running quietly for a week and no tiny black holes have made their way out through the giant concrete end caps yet, so the world is probably safe.

The collider itself is a vast confection of superconducting magnets and we were lucky enough to go down into the caverns last year while it was still being constructed. The scale of the shaft and the cavern are impressive enough; ATLAS is just one of the detectors on the ring and the structure dwarfs the engineers putting to together.

We’ve put together a look at the detector using Microsoft’s Silverlight DeepZoom technology.

An experiment like the Large Hadron Collider also produces a lot of data: 15 million gigabytes a year, streaming out of CERN to a worldwide computing grid at 2GB/second through an HP ProCurve infrastructure. The mainframes and supercomputers that processed the data in decades past have been replaced by rows of PCs. The cavernous computing centre looks like an old school gym; half of it is full of familiar tower cases, the other half is filling up with racks and blades and tape library robots as CERN builds its own mega-data centre.

You need a special invitation - or a research project - to get into the caverns at CERN, now that the LHC is switched on. But you can book a tour to see one of the other particle accelerators, decelerators and colliders where researchers try to recreate the first seconds after the Big Bang - or you can head down to the basement to see the Tim Berners-Lee’s first Web server.

A slightly battered NexT cube with a hand-written label peeling off from the front of the case, the memo of the original World Wide Web proposal lying over the keyboard; if there was a coffee cup in the display case, you’d expect Sir Tim to come back and sit down at any minute. Also behind glass is one of the first Cisco routers to make it to Europe; it’s a hefty beige box that cost $10,000 back in 1984.

Tours start in the dramatic wooden Globe of Science and Innovation, but take a minute to stand in the main reception area across the road. The coloured lights shooting through the concrete floor flash every time cosmic rays are detected; that bright blue could be a solar flare or a supernova.

-Mary

If you run Vista and you’ve allowed Java to update itself recently, you’ll be getting an infuriating dialog box every time you open a new browser window, including a new tab or a popup window, saying that unsigned code wants to run and that it can’t run in protected mode (the low-rights mode that Internet Explorer uses). The SSVAGENT.EXE referred to is Java’s update agent, which runs every time the browser runs - and Sun apparently can’t tell the difference between a new Internet Explorer process and a new tab running in the existing process.

If you actually use any Java applets, you may also get an error telling you there are several Java Virtual Machines running. 

It’s bad enough that Sun has, for at least the second time, put out software without a digital signature proving where it comes from, the most basic security check on code for the end user. It’s equally annoying that the suggestion from Sun is that you just click ‘Allow’ every time until the bug gets fixed in Java 6 Update 10 (’officially released later this summer’) and that Internet Explorer doesn’t let me say ‘Don’t ever allow this to run’.

But how about an update agent that runs every time you run your browser? That’s not very respectful of my resources, or my bandwidth. Other applications have periodic checks for updates and they only run when I’m not buys doing other things (Vista has an API for this, so even if you have umpteen different notification systems running, they can all find out when you’ve stopped to think or turned away to pick up the phone and do their updates, checks and maintenance without slowing you down). Why does Java need to check for updates so obsessively?

The Java control panel doesn’t think it needs to check that often; the default setting appears to be check monthly. So why does it hook into Internet Explorer to run the update agent all the time? Personally, I’m turning off the updater altogether, although that’s not a decision you’ll want all your users to take.

I can’t tell you exactly where the Java control panel hides itself; I couldn’t find anything in the All Programs list so I typed ‘Java’ into the search bar on the Vista Start menu and it offered me the Java control panel without having to dig for it. On the Update tab clear the check box for ‘Check for updates automatically’ and stick to your decision when Java asks if you won’t reconsider and click ‘Check Monthly’ instead because that’s the setting you started with. You may have to quit and restart Internet Explorer to prise Java’s hook out of the code and then you can go back to having browser windows open without a security warning that you train yourself to ignore.

That’s the problem with dialog boxes where it’s OK to just click yes, and one of the interface issues with Vista’s User Account Control. Any time there’s a dialog that’s in your way, the temptation is to click Yes just to get rid of it. Ask users if they want to do this unsafe thing, if they really want to, if they really really really want to and they’ll click Yes with less and less hesitation. Years of popups and confirmation dialogs have trained the user like a monkey in an experiment; click here and get what you want.

But you have to have confirmation for some things (Format C:? Record Battlefield Earth? Delete your wedding photos? Install an application just because you clicked on a URL?).

The real problem is that the PC has no idea of context or common sense; I navigated to the home page for the Kevtris game by typing in the URL, so when I click the download link and then click Run I really do want to install the game, but if I clicked an ad link in my email and it goes straight to installing a Trojan I really don’t want to. The PC has to leave intelligent decisions up to the user, and that means dialog boxes and confirmations when there’s anything that could be suspicious. Not remembering to sign the code for your application? That’s either suspicious, downright penny-pinching ($25 for a certificate) or shows you don’t have a good sign-off process for your developers. Either way, yes, I do want my browser to warn me about you.
-Mary

BT shareholders should stop worrying about the cost of fibre. Everyone wants fast broadband and the current plans aren’t so expensive that they’ll take years to pay off.

I noticed the other day that the market didn’t take well to the news that BT is really moving forward on plans to roll out fibre across to the UK to drag broadband speeds into the 21st century (think 8Mbps DSL is fast? - check out Korea, or Paris where they’re laying 30Mbps fibre). Cable coverage in the UK is a joke (NTL bought the cheapest demographic data it could find for high population density and ended up cabling multiple occupancy council estates where it couldn’t get licenses to offer a service and running out of money before it got round all the consumers and small businesses that actually wanted cable modems).

Now the analysts at Point Topic have done some interesting sums. BT’s proposal to cover 40% of the homes in the UK for £1.5bn works out at £150 per household - a lot less than the £800 each in previous calculations for doing all 25 million households. And making that pay dividends to all those worried shareholders will only take about £3 per household, according to Point Topic, because BT will be making savings on operating costs. Fibre means new services to sell; we might finally be able to get seamless roaming between landline calls, mobile calls and VOIP - it’s all IP underneath, after all. Some of the bandwidth will doubtless get eaten up by pay-for IP TV services.

And the regulator will need to keep an eye on who you can buy fibre from or we’ll be back to a monopoly faster than you can tell Sid pirated content isn’t the only reason anyone wants a fast connection (when did you last use an MSDN CD instead of downloading the ISO?). The industry has been asking OFCOM to promise it will be able to make money out of fibre as if it was something new and different. There may more trenches to dig in remote areas - although you can blow fibre down an existing conduit with compressed air - and you have to get the termination right, but it’s not rocket science. As Tim Johnson at Point Topic puts it, “by and large BT’s shareholders should be able to finance the investment, carry the risk and reap a good profit in return.”

Bandwidth; it’s a business, not a right, but it should be good business all round.
-Mary
 

I wouldn’t be surprised to open a packet of cornflakes  and have a 3G USB dongle fall out, they’re getting so common. They may be convenient but they’re not the most efficient way to get a 3G connection on a laptop. A notebook with a built-in antenna gets 25% better bandwidth (because the better the signal, the more data throughput you get). And given that most 3G cells have only a 1Mbps pipe connecting them to the Internet , you need all the throughput you can get. 

The rumblings about EU regulation of SMS and mobile data costs carry on in the background along with OFCOM’s proposals for a voluntary code of conduct for ISPs to make sure your DSL line gives you the speed you’ve paid for, and OFCOM has also been making noises about checking out what speeds mobile broadband really offers. It’s a nice idea and it might concentrate the attention of the operators on the issue, but the speed you get depends on a mix of your handset, the Internet backhaul of the base station, how many other people are using data on the same base station - and the weather, so it’s hard to be precise.

I was impressed by the independent tests that Vodafone was trumpeting last month claiming they have the fastest HSDPA network. They’re claiming up to ten seconds faster to download a 2MB MP3 file (13.54 seconds) and four times faster to open a Web page (6.7 seconds). Anecdotally, Vodafone does feel faster than T-Mobile and Orange in the areas of London we visit, on EDGE and on HSDPA. With BT’s announcement today that it’s dropping backhaul pricing, if the mobile operators put in connections from the base stations to the Internet that are as fast as your connection from your phone to the base station, we’ll start to see which side of the network really needs to speed up.

I expect better battery life is also going to be better when you’re using built-in 3G than when you’re going through a USB port. The voltage won’t be much different but you can have much more sophisticated power management - and of course if you have a better signal, you don’t have to keep turning the radio up to try and improve things.

So Lenovo’s Centrino 2 announcements caught my eye today. Either the growth in the dongle market means Ericsson has dropped the prices of its 3G modules (scale, competition or a mix of the two) or Lenovo has decided that 3G is the best way to fight off the buzz around ultra-cheap machines like the Eee PC and Aspire One that cut features along with the price. Whichever it is, Lenovo is dropping the price premium for built-in 3G from around £100 to around nothing: from August 4th notebooks with a mobile broadband module will cost, and I quote, ”approximately the same price as those without”.

Although BT is now referring to the still-in-draft 802.11n proposal as a standard and putting it in the shiny new BT Home Hub (the rotating ten foot model of it at the BT event last night was a little scary), the n debacle drags on. At this rate, we might have HSDPA built into more laptops than 802.11n…
-Mary

Sure the iPhone is cool, but how many people are buying a smartphone just to get Web access at work?

A lot of our friends who blog using LiveJournal (probably the most community-oriented blogging platform) have commented recently that they’re losing access to LiveJournal and other sites at work - so they’re buying a smartphone so they can carry on accessing them.

I keep wondering how much of the recent jump in smartphone Web browsing is down to phones being almost good enough, networks being almost fast enough and data plans being almost cheap enough - and how much of it is annoyed or paranoid people being forced to put their social network in their pocket to stay in touch during the working day.

Some people are losing access to IM as well, which is stupidly counter-productive because it’s a fantastic work tool. Blocking IM is like not providing a telephone. I’m less certain about work use of social networks and blogs, because although they have some work benefits like networking, it’s often the employee rather than the company that gets the benefits - I might be networking to find a contact for my current project but if I move on, that contact isn’t much use to my company. And while I could see your status on Facebook, I could see it on IM as well, without the potential distractions. And let’s face it, Facebook is 99% distraction…

The Telegraph reported last year that 70% of UK companies agree with me and are blocking sites like Facebook. But I - and they - might well be wrong. Dell announced today that it’s giving all employees access to Facebook, MySpace, LinkedIn, Bebo, Orkut, Flickr, Twitter, FriendFeed, Plurk and other social sites because productivity issues pale into insignificance besides being out of touch with your customers. Dell opened up to Facebook weeks ago so staff could join in a competition it was running, but given how hard Dell is trying to look like a company that listens to customers, it’s useful for employees to be able to defend the company, solve user problems or just hear what its customers are saying to their friends. Passionate Dell employees are to feel more appreciated than the British Airways employees who defend the company in Facebook groups on their own time.

Marc Smith at Microsoft Research has spent years tracking online interactions - not to accuse people of wasting time, but to understand online social dynamics. He thinks Dell has the right idea because it’s finding out more about itself and “self awareness is such a powerful tool for businesses.” You could spend a lot of money on surveys, focus groups, BI tools and company meetings to find out what customers think of you and communicate that around the company. Or you could let everyone rub shoulders with customers and find out first hand.

If you want your employees keeping your users happy online, on top of not blocking their access, Smith suggests thinking of ways to give them credit for the time they put in helping them. Microsoft in Brazil was worried when all the discussion on a once-popular area of the official site went away; it turned out it had moved to a newsgroup that was tracked by Smith’s Netscan tool, because people liked being able to see when they contributed the most answers. If employees want access to Facebook, turn that into a business benefit by tracking who helps the most customers. Some supervision is going to be a good thing, along with a policy on what people can and can’t say; you can go into detail, or you can stick with something simple like the Microsoft blogging policy, which states that you have to be smart to work at Microsoft so don’t do anything stupid online.

But even if people are reading Facebook and LiveJournal and other sites for fun rather than work, I’m pretty sure management rather than censorship is the solution. This is nothing to do with the technology and everything to do with management and motivation. If you trust your users to have a phone on their desk and not spend the whole day talking to friends, can’t you trust them not to waste the day chatting in IM pr throwing food on Facebook?

People who lose a day to reading non-work Web pages of any kind - whether it’s Facebook or the BBC News or eBay or cat macros or anything else - are goofing off and you should be able to tell that through your normal management procedures. If you can’t tell whether someone is doing a good job by what they deliver, counting up the time they spend not working isn’t the answer, but monitoring is better than saying to your employees that you don’t trust them to behave professionally. Now that the work-life boundaries are not so much blurred as completely muddied, someone who spends an hour after lunch staying in touch with friends probably spends an hour after dinner catching up on work too.

I remember the week I discovered Usenet (my supervisor introduced me to it the first time we discussed my MSc thesis). I don’t remember much else I did that week; it was a huge distraction and I plunged straight in for hours on end. And at the end of the week I looked at how much time I’d wasted and thought ‘I’d better not spend too much time on this, I have work to do’.

Plus, once you’ve pushed them onto a mobile device that uses 3G rather than your Wi-Fi then you’ve lost all chance of tracking what they’re up to - and maybe they’re no longer as passionate about defending your company online either.
-Mary

I’m guessing that most of you  have already emailed your MEPs with a message roundly condemning the stealth attempts to pass legislation that will allow media companies to disconnect ordinary people from the Internet permanently just for the suspicion that they may be filesharing.

If you haven’t may I join my voice to those urging you to do so? It won’t take long (thanks to the folk at MySociety.org) and it will help preserve your rights online as well as saving the small and medium sized ISPs that do so much to keep Internet access prices competitive. It’s that last bit that’s key to IT professionals - the measures that the legislation proposes are too expensive and complex for most ISPs to implement, which will mean you’ll be left dealing with with just BT and Virgin for your business internet access - and I can guarantee that your monthly connectivity bills won’t go down as a result…

Here’s my letter. Don’t send exactly the same one - it’s your thoughts and words that matter:

I am writing to you as a constituent asking you to exert whatever influence you have with members of the IMCO and IMTR committees of the European Parliament to vote against amendments 2, 3, 4, 5 and 7 that have been introduced into the Telecoms package.

These amendments were introduced under the influence of industry lobbyists whose interests are in the attempted maintenance of obsolete business models that have become unsustainable; not only that, but they are an attempt to subvert earlier rejection by Parliament of explicit legislation to the same ends. The proposed measures are disproportionate, unworkable in practice, violate privacy and personal data security and would lead to entire families being denied access to the internet through the presumed guilt of one member. The European Parliament has already voted against them - they should not be passed by hiding them inside other important and much needed legislation.

Not only are they disproportionate, putting the onus on ISPs to detect and implement the measures required by the amendments is both an unfair measure and technically unfeasable. Many UK ISPs are small or medium sized businesses, and do not have the funds required to invest in wholesale tracking of their users’ actions. The amount of work required to implement these measures is large, and the techniques complex. The only organisations able to do this will be the incumbent carriers, reinforcing what is a de facto monopoly by putting small ISPs out of business.

There is, in fact, no way of identifying the difference between legitimate and illegitimate traffic in the manner described in the amendments. Many users use the same tools that are used to download copyright violations to install Linux, or get updates from Microsoft. If the tools proposed by the legislation aren’t perfect these innocent users will be tarred with the same brush as anyone violating copyrights. Even if it is possible to determine the type of data being accessed, it’s impossible to determine the actual state of the rights associated with it, or the intentions of the rights holders.

Innocent users also face the risk of having their home networks hijacked by third parties without their knowledge - and losing access as a result of third party actions. I’m more technically aware than most people, but it still took several weeks for me to find that someone elsewhere in my street was using filesharing software over my wireless network. Most home users don’t have access to the tools or the skills to find and identify these situations, yet the proposed legislation will make them liable for whatever happens on their home wireless networks.

I’m a technology journalist by trade, but I come from a technical background and helped found one of the UK’s first national ISPs, and also helped build the online presences of many major high street brands. The Internet has provided a boost to the economy, and these measures will reduce access to the Internet and by closing down small ISPs will increase the costs to the very users the European online economy needs.

The committees are scheduled to vote on this package tomorrow, 7th July, and I urge you to do what you can to have these amendments rejected and, failing that, to vote against the package yourself should it be presented for a vote by the Parliament as a whole.

I’m sorry that I’m sending this message with less than 24 hours to go, but I only found out about this today myself: so please do what you can to prevent these egregious and dangerous measures being codified into European law and to ensure that the European Parliament continues to represent the interests of its electors, even where those conflict with the short-term advantage of multinational corporations and their lobbyists.

Yours sincerely,

Simon Bisson

Remember you have a voice and a point of view, and it’s one that deserves to be heard.

–Simon

For years, we’ve been saying that Google would be mad to build its own operating system. It should leave the thankless task to Microsoft and Apple and Linux distributions; you can debate how good a job they do, turn and turn about, but the scale of what a desktop OS needs to do and the range of devices it needs to support is far broader than what you need to do in a browser or on a smartphone. I still don’t think Google has any plans to create its own OS, but it’s pushing beyond the browser as a development platform with Gears and App Engine and the like. Microsoft has a whole range of platforms in the browser, out of the browser and around the browser, from Windows and WPF to Silverlight to SharePoint to Office to SQL Server – to name just a few of the platforms Bill Gates touched on in his last ever keynote at Microsoft TechEd this morning.

Silverlight is a lot of things, from Microsoft’s answer to Flash to Microsoft’s answer to Web based applications. Leave aside the video plugin side of it; the fact that Silverlight 2 (beta 2 due at the end of this week) runs .NET and programs written in dynamic languages on Mac and Linux as well as Windows is the most interesting part. And it’s not just for consumer Web apps; Facebook and Hotmail users aren’t happy with line of business apps in dreary basic grey when they get to work, and Silverlight is an easy way to spruce those up without slaving over a hot CSS schema for hours.

Adobe’s Air tackles much the same problem; how do you make powerful applications for the Web that work online and off, that look good and that work without installing anything (once you have the initial plugin or runtime). Air builds on Flex, so if you’re already writing Flash, you’ve got a head start. But there are a lot more .NET developers writing business apps, so although Microsoft demos consumer apps like the Crossfader social video sharing tool it talked about today, most Silverlight apps might show up at work, using Workflow Foundation and making data from SQL Server look good.

Silverlight is a subset of .NET and Windows Presentation Foundation, so developers are using familiar skills and Visual Studio plus Expression Blend for designers, who get to work on the live project, not in Photoshop mockups.  The visual development tools also appeal to disenfranchised Visual Basic developers who’ve been wondering what Microsoft has done for them lately….  Microsoft VP Soma Somasegar said Crossfader is being built by six developers and two designers in three months, which is more like Internet time than standard Microsoft time scales.

If Silverlight’s so good, why would anyone be creating Windows applications at all? Bill Gates finished his Q&A trying to balance that question. “Yes, you’ll be able to do amazing things in Silverlight, but there will always be things that you can do in Windows Presentation Framework that you can’t do in Silverlight. Why is that so? Well, it’s so because with WPF we get to assume we have the full power of the PC; we’re not just running in a browser environment. So, take things like 3D type things, virtual world type things, take things like ink recognition or playing video back at arbitrary speeds. WPF will, because it can connect in to all of Windows, expose those services and let people do new things.

“We need to keep the Silverlight download to be fairly modest. So, if you think of what that will be versus the entire Windows environment, we have a much bigger runtime to call on. So, we’re not saying that those get absolutely merged, but we will have exactly the right relationship. And even as you’re in Visual Studio or in the Expression tools, you’ll be able to say I want to author for the Silverlight piece and to let you know that if you’re sticking to the things that work in that world.

“Silverlight will probably have almost everything WPF has today, but WPF will keep getting richer and richer as we go forward.”

That’s the Microsoft dream and it’s one direction things could go. Google is pushing in completely the other direction. Last week at Google IO, Chris Prince and Aaron Boodman (better known as the designer of the Greasemonkey Firefox extension) were explaining why they don’t want you to think of Gears as taking Google applications offline. Yes it does that, but actually Google wants it to give Web apps to have access to all the capabilities of your PC the way desktop apps do. Why shouldn’t the browser get the power of your 2GHz processor and your 300GB hard drive? Why shouldn’t they be able to send you notifications in another window or show a progress bar? Why can’t you access USB drives from inside Gears or use a GPS to tell the Web app where you are?

Google filed its name off Gears so that it has more chance of becoming a standard, either as part of HTML 5 or by becoming ubiquitous as a plugin in its own right. Personally, I’m not going to be installing it on any machine I use.

It’s not just because it has no way to limit the amount of disk space it’s going to take for its local database (used by MySpace to give you search across the whole site without having to take up space on their data centre for those pesky index files). It’s only partly because it’s going to be able to use your GPS or other tools to get your location and there is currently nothing to warn the user and no options for choosing if and when Gears can get your location. Google seems committed to harmonizing with whatever standards HTML 5 includes for the things that Gears does, and I’m not the one who will have to detail with duplicate APIs from Gears and HTML 5 to do the same thing – that’s a problem for Web developers to juggle. And the fact that Web sites like YouSendIt already have real progress bars without needing me to download a plugin is a quibble rather than a complaint.

Mainly, I won’t use it at this point because of how Chris Prince explains why he thinks Web apps are so good in the first place. “Everything in the browser is inherently safe,” he said at Google IO. “There is no cost to install a Web app, you’re not afraid to click a link, and you can navigate away with no fear it will take over your machine.” Compared to the near-paranoia that’s is Microsoft’s attitude to the Web, from the phishing filter to the way IE doesn’t get the same privileges as a desktop app to the security-first attitude that permeates the company, calling the browser ‘inherently safe’ seems a little laissez faire to me.

Adding binary data files to JavaScript will certainly make for more powerful apps. Some of them might be Trojans; if Gears gets everything Google talked about that would be able to scrape files off a USB stick, record you talking with the audio APIs, add in your physical location and do whatever you can think of with it all, good or bad. If I’m not too busy playing with whatever features the Web app disguising the Trojan has I can navigate away from it – but if it’s using Gears to run offline, has it gone away?

The browser sandbox limits the features on my system that Web apps have access to. That’s a pain when you want to build a better app in the browser – but it’s a security measure if you want to build a better way of attacking my system. I asked Chris Wilson of the Internet Explorer dev team if I was being paranoid – he was the one who’d raised the issue about privacy with the GPS location in Gears at the end of the session. Maybe, he suggested - but with the number of security issues it raises, Gears isn’t going to be installed by default with IE any time soon…

One of the highlights of the Future in Review conference is the chance to go to the supercomputing visualization lab at the University of California in San Diego, CalIT2. It’s run by Larry Smarr, who used to run the National Computing Supercomputing Applications where told one of his graduate students, Marc Andreessen,  to write a visual browser for the World Wide Web Tim Berners-Lee was working on over at CERN. When they showed NCSA Mosaic off, “everybody told us nobody needed it”, he says.

Given how wrong, that turned out to be, it’s worth keeping an eye on what Smarr thinks is important – bandwidth and pixels. Not content with the bandwidth of Internet2, he’s been putting together a multigigabit network connecting universities around the world for sharing data and collaborating over video conferencing. And making video real enough to suspend your disbelief means a lot of pixels; the 60-foot screen in the CalIT2 lecture theatre has four times the resolution of HD, the standard digital cinema will use when the movie theatres work out how to make money from it. To kick off the evening, Smarr invites Microsoft’s Curtis Wong to show off the 12 terabytes of images in the new World Wide Telescope, a map of the sky that zooms from star fields to galaxies to the solar systems coalescing inside them out of dust, fading into infra-red and wavelengths that show more structures.

The 30″ screens on most desks around the lab are dwarfed by the 200 megapixel video wall - eleven rows of five 30″ Dell screens crammed side by side to make one giant display with 100 times the resolution of HD. There are displays that wrap around the edges of a small room, stretching over your head and powered by eight HD projectors, that show us the surface of Mars in 50 million pixels rather than the 2 million pixels from the Word Wide Telescope.
 
It’s not size to prove screens can keep getting bigger; Larry Smarr thinks we need the bigger view. “We’ve artificially limited our brain by this stupid million pixels on a screen and we’ve unblocked that.” So how much more can we see; is there a limit? “Reality! You don’t see everything you think you see - it’s not as simple as pixels. There’s a limit to what you can resolve spatially, above 24 frames per second you don’t really see more. But the brain is capable of absorbing about 1gigabit per second, 24 bits deep 16 million colours. ”

From medical images to satellite maps, there are plenty of images to enjoy at that size. You can see the intricate details inside cancer cells or watch winter spread over the world. You can stand inside a building that exists only as a CAD diagram and walk through lifesize doors to see if the layout works. You can step forward to see the hidden sketch under a Leonardo painting, revealed by infrastructure-red photography and displayed so you can see every line. Or you can watch life-size opera live from the Concertgebouw in Amsterdam, or the opening ceremony of the Nobel prize from Japan and fill like you’re almost there. Every candle flame, every reflection, the brocade patterns on every kimono, the expression on every face.

These are the technologies that are coming to office video conferencing if you have the network bandwidth. Smarr advised HP on developing the Halo system and he’s putting in a Cisco TelePresence room at CalIT2 for academics to use for collaborations. The commodity hardware and open source software that powers the high-resolution screens isn’t as expensive as those. Each screen of what Larry Smarr calls the optiputer - systems connected by optical fibre that make up a worldwide computer system - costs about $2,000. But of course the bandwidth is what really raises the price tag.  Cisco TelePresence needs about 10Gbps; the big screen system is over ten times more.

I find it easy to spot most of the phishing messages that hit my inbox, because there’s nearly always an egregious grammatical mistake in there somewhere. Real messages from banks may be full of logical errors (like a regular savings account with a headline rate of 7% that never tells you that actually it averages out nearer 4% because not all of the money gets to earn the high rate for the whole year), but the spelling is spot on.

And spammers are in such a hurry to put up the Web pages they want to earn ad money on, or use for drive-by downloads to increase the size of the botnet they use to spend most of the spam from zombie machines, that they often make stupid mistakes. If you’re checking 100 messages a day in your junk mail filter for anything real that got in there by mistake, I’m not sure if it’s any comfort to remember that spammers are only human. But Google finds it useful.

According to Matt Cutts of Google at Web 2.0, Web spammers often use templates and tools to build their pages. And fairly often they follow the commented-out instruction to ‘type your hidden text in here’ - but never delete that instruction. The tools they use to fill in forms are simplistic too; the captcha you have to complete to leave a comment here is enough to defeat most of them - but so is a box labelled email address with the instruction not to fill it in. When the bot adds whatever email address it’s abusing, you know you can just delete the comment. Simple maths or the instruction to type in a specific word are beyond bots - at least until Jeff Hawkins perfects Hierarchical Temporal Memory.

If you have a site, you need to think of things that raise the blood pressure of the spammers without doing the same to your users. It’s like being chased by any dumb but dangerous pack animal, says Cutts; you only have to run faster than the slowest person you’re willing to sacrifice. If your system is a little different from the default installation of whatever you use, the default attacks are less likely to work and the spammers may move on to slower prey.

Apart from the obvious advice to patch, patch and patch again, Cutts didn’t say much more - because every time you tell spammers how you’re spotting them, they get a chance to stop doing that. A lot of what Google knows about spam comes from the analysis it does of real Web pages, which lets it work out what things go together. If you know that timepiece and chronometer are synonyms for watch, those strangely-worded Rolex spams are easier to stop. You can see this classification in Google Sets and it’s used in Google Spreadsheets. The equivalent of Excel AutoFill does more than days of the week and months of the year, without you having to add the lists by hand; start with red, yellow and blue and Google Sets will add other colours. Start with lion, tiger, bear and you get other animals.

But you might also get wood, tin and cotton. That’s because Google Sets can’t always tell the difference between the list of animal names and the list of animal toys on the Web sites it looks at. It will learn; like spammers it will learn more quickly if someone tells it what it’s got wrong. But at this point, we get into a race between whether the anti-spam tools can learn faster than the spammers…