A Consuming Experience

Blogging, internet, software, mobile, telecomms, gadgets, technology, media and digital rights from the perspective of a consumer / user, including reviews, rants and random thoughts. Aimed at intelligent non-geeks, who are all too often unnecessarily disenfranchised by excessive use of tech jargon, this blog aims to be informative and practical without being patronising. With guides, tutorials, tips - and the occasional ever so slightly naughty observation.

Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语

Add this blog to Del.icio.us, Digg or Furl | Create Watchlist for this blog

Add this blog to my Technorati Favorites!


Lessig recording: Corruption 2.0 - the next problem technology must solve

Wednesday, May 07, 2008
Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语
Add this post to Del.icio.us, Digg or Furl | Create Watchlist




Recording of talk by Prof Lawrence Lessig at the Institution of Engineering & Technology, London for the Society for Computers & Law (free download under a Creative Commons licence, of course!) - just click the arrow to play it online:
Prof. Lessig on Corruption 2.0 (see the main page with links to the intro speech etc):
"In this lecture, Professor Lessig builds upon the work of Oxford Professor Jonathan Zittrain to identify a critical dynamic in policy making affecting the Internet, and how technologists have become central to that dynamic. The threats to privacy, security, and the proper protection for copyright are not technical, but political. The remedies to those threats will not just be political, but in an important sense, also technological. Professor Lessig describes this dynamic, and describes the emerging movement in the United States to address it."

"The essence of what he concludes is that the Internet is under threat from those with special interests to protect or those, especially in government, who seek increased control... One of the elements that underpins the argument is the considerable evidence that supports the view that government decision makers are either stupid or corrupt. Not blatantly corrupt in a Third World bribe way but ready to do what one US politician was advised to do - ‘lean to the green’, ie towards the source of campaign funds. Subtle corruption arises too from the acknowledged effectiveness of lobbying – Mickey Mouse has better funded lobbyists than open source and it shows. With the odd exception, one tends to concede that politicians are not stupid so how does one explain the worldwide trend towards retrospective extension of copyright terms when there can be no conceivable advantage to the wider public interest – it won’t, as Professor Lessig observed, persuade George Gershwin to write more music nor will it turn Cliff into Elvis. Or how to explain the US’s Federal Nutrition Board embrace of 25% sugar as being consistent with a balanced diet?.." (from Eastham writeup)


See also Laurence Eastham's report of the lecture. I'm still listening through it myself, but it sounds excellent.

You can buy or download Prof. Zittrain's book "The Future of the Internet - And How to Stop It" book which sets out the ideas referred to in the quote above and in the talk.

Labels: , , ,

| Links to this post | Post a comment or view 0 comment(s) | Subscribe to all comments on all posts

Zittrain "The Future of the Internet - And How to Stop It" book & download

Sunday, May 04, 2008
Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语
Add this post to Del.icio.us, Digg or Furl | Create Watchlist





Jonathan Zittrain virtually needs no introduction: world-renowned expert and visionary on the internet and the law / society, professor at Oxford's Oxford Internet Institute and co-founder of Harvard's Berkman Center for Internet & Society, his book "The Future of the Internet - And How to Stop It" just came out on 1 May.

I was lucky enough to be at the book launch in London, chaired by ORG head Becky Hogge, last week at the RSA. His lively, witty and informative talk at the launch was superb - and you can now play or download the MP3 audio podcast of Zittrain's talk at the launch of "The future of the internet". The webcast will be out in a week or two, I gather (unless the RSA people were meaning just the podcast). Watch it if you can, if only for the fun slides of happy Bill Gates mugshots and a hamster-powered shredder, and of course what Prof Zittrain said in relation to those slides - but you can hear all that on the podcast. I'd not come across Cats That Look Like Hitler, though I'd heard of couch surfing before! More seriously, see the BBC report on the talk, which sums it up well.

(Digression: another reason to catch the webcast - for anyone who has to do public speaking or lecturing, viewing it should be de rigeur. This is the way to use slides in a talk, instead of inflicting death by PowerPoint on the audience.)

You can:
A full review will follow once I've finished reading it, but he makes very good points, clearly and entertainingly. I'll just quote from the synopsis for now:
"...IPods, iPhones, Xboxes, and TiVos represent the first wave of Internet-centered products that can’t be easily modified by anyone except their vendors or selected partners. These “tethered appliances” have already been used in remarkable but little-known ways: car GPS systems have been reconfigured at the demand of law enforcement to eavesdrop on the occupants at all times, and digital video recorders have been ordered to self-destruct thanks to a lawsuit against the manufacturer thousands of miles away...As tethered appliances and applications eclipse the PC, the very nature of the Internet—its “generativity,” or innovative character—is at risk.

The Internet’s current trajectory is one of lost opportunity. Its salvation, Zittrain rgues, lies in the hands of its millions of users. Drawing on generative technologies like Wikipedia that have so far survived their own successes, this book shows how to develop new technologies and social structures that allow users to work creatively and collaboratively, participate in solutions, and become true “netizens.”"


And, while I shouldn't gloat, I managed to get a signed copy of the book, with a little personalised message, yay! Ultra-intelligent, sharp, funny, a fab speaker as well as writer, and a lovely man too - don't you just want to hate him? (/fan mode).

Go read the book and join the group annotation of the book!

Tags: , , , , , , , ,

Labels: , ,

| Links to this post | Post a comment or view 0 comment(s) | Subscribe to all comments on all posts

How to secure BTHomeHub, SpeedTouch, other routers; & don't click dodgy links!

Saturday, January 26, 2008
Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语
Add this post to Del.icio.us, Digg or Furl | Create Watchlist




If you use for your home broadband connection:
be warned that your router could be at risk of being attacked and controlled by bad hackers. (Your router or residential gateway is the box you use for your computer's broadband connection, usually connected between your computer and your DSL or ADSL copper phone line.)

Here's a list of some suggested security tips in the form of "do's & don'ts" - the scary stories after the list should be enough reason to take the list seriously and to take the precautions mentioned!

Don't -

Don't visit other websites while you're logged in to your router's main control page (or indeed perhaps any other passworded webpage), particularly if you have the LinkSys or Alice Gate router mentioned. This issue shouldn't be a problem unless you visit a very specific kind of dodgy site (e.g. through clicking an innocuous seeming link from an email or another webpage), but why take the risk?

If you need to login to your router, for safety's sake don't have other webpages are open in the same browser (or indeed perhaps any other browser), and don't even think of surfing to anywhere else until you've logged out of your router interface.

Do -

1. Password protect your router

Make sure a password has to be entered to reconfigure your router, and also change the password from the standard default password that came with the router to a secure one that you've made up.

BT recently prompted their users to change the password, but I don't know if that was as standard, or only if you tried to visit your router configuration page (and how often do most people do that?)

Later below is a practical guide on how to change the password on the BTHomeHub.

2. Deactivate UPnP

If your router has UPnP (Universal Plug & Play), disable it (unless you need to use it of course) - again, I give a step by step howto below on how to disable or deactivate UPnP on the BT HomeHub router. It should be similar for other kinds of routers, you just need to hunt around the settings and keep trying different options, hopefully the screenshots below will help.

Heise Security also recommend changing the default subnet - "usually 192.168.1.0" - to another one like 192.168.23.0. Now here, I can guess what they're getting at (change the default settings to something less common so the bad guys can't figure it out so easily), but I'm less sure what they mean - change the default gateway's IP address? The IP addresses of the individual computers on your network? Anyone know?

3. Use Firefox with NoScript

Use the free Firefox browser to visit sites (rather than e.g. Internet Explorer), but in conjunction with the free NoScript add-on which blocks many kinds of attacks (including cross site scripting vulnerabilities in router logins, mentioned below).

NoScript is very easy to use and lets you selectively allow only the websites you trust, do if you don't have Firefox already, consider with NoScript; and also see how to configure Outlook to open emailed links in Firefox automatically, instead of IE).

4. Be suspicious of links in emails, bulletin boards or forums, websites, chatrooms etc

Be very careful about clicking links sent in emails, posted on message boards or websites or in chatrooms etc - it may look innocent (and of course the bad guys will try their best to make you think it's legit or worth clicking), but if it sends you to a dodgy site, they can take over your browser, router, and your computer, without your realising it. Ahem, this means in particular links to porn or "software crack" sites or other illegal content offered for "free" - TANSTAAFL! Only click links you absolutely trust. Bad guys can spoof emails so that they appear to come from your friends or family. Remember the key "Don't"!

If you absolutely have to click an unknown link, as mentioned above make sure you're not logged in to your router at the time. Indeed, a Gmail vulnerability - since fixed - meant that if you clicked certain malicious links while you were logged in to your Gmail account (in another browser tab or window), the attacker could then read all of your Gmail, even if you later logged out of Gmail, via a technique known as CSRF (cross site request forgery). So if you've the slightest doubt about any link, make sure you're not logged in to any passworded site before you click it, and indeed you might want to close every other browser tab & window before you click it, and make sure you visit that link using only Firefox with NoScript.

Scary stories

1. Clicking on malicious link, with un-passworded router

Mexican users were sent an email with a link, supposedly to an e-greeting card. When they clicked that link, attackers used the user's email software behind the scenes to change their router settings (if it was a particular kind of router popular in Mexico), so that if the user later tried to go to a well known Mexican banking site, they were sent instead, invisibly, to the bad guys' phishing site - which they'd set up to look just like the real banking site.

So the user would unknowingly enter their user logon / password details for the banking site, and then of course the criminals had got their banking login details. This is
a form of "drive by pharming". Now in that case, no password was needed to reconfigure the router, so the baddies were able to take it over.

(See
Heise post for details. Making use of a HTTP GET request, if you must know!)

2. Clicking on malicious link, while logged in to router (LinkSys WRT54GL, or Alice Gate 2 Plus WiFi model, others?)

Click on a dodgy link while you're logged in to your router's configuration page, and attackers can turn off your LinkSys WRT54GL firewall, turn off your Alice Gate 2 Plus wi fi encryption, and generally open your computer up to all kinds of attacks. And also make other changes to your LinkSys router too, e.g. like perhaps like the Mexican attack above if you visit banking or similar sites.

As & when LinkSys come up with a fix (they haven't yet), obviously you should upgrade!

(See
Heise posts and Neohapsis for technical details.)

3. Clicking on malicious link, with UPnP active on router (it's active by default on the BTHomeHub, and perhaps SpeedTouch routers)

Making use of cross-site scripting (XSS) holes in the login dialogue of BTHomeHub etc routers, attackers could change your router settings via UPnP in order to get through your firewall and change other router configurations, and perhaps also expose you to phishing attacks to get your banking login details, as in the Mexican example.

Note that even if you're using Firefox with NoScript, this particular attack may still work if there are special Flash applets on the malicious site - unless you've disabled UPnP.

(For techie details see Heise post and GnuCitizen posts.)

How to change your router password and turn off UPnP (BTHomeHub)

If you have a BTHomeHub router:
  1. Make sure all other webpages and tabs are closed, just in case!

  2. Go to your router configuration page, usually http://bthomehub.home/

  3. To change your password

    1. On the left, click Basic Config, and enter your existing user name and password when prompted. (The default user and password for the HomeHub is admin and admin!)


    2. Then under Basic Config on the left, click Admin Password:

    3. Enter your old then new passwords, and click Change Password, and that's it. Don't forget your new password!


  4. To disable UPnP

    1. On the left, click Advanced


    2. Then click "Continue to advanced" (and enter user / password again if prompted)


    3. Under Configuration on the left, click Application Sharing


    4. Under Application Sharing on the left, click UPnP


    5. UNtick "Use UPnP", and click Apply.


And be safe out there!

Labels: , , ,

| Links to this post | Post a comment or view 0 comment(s) | Subscribe to all comments on all posts

BarCampLondon3 video: self-publishing via Lyx & Lulu

Sunday, January 20, 2008
Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语
Add this post to Del.icio.us, Digg or Furl | Create Watchlist




This video of a BarCampLondon3 presentation in November 2007 may be of interest to writers, journalists and aspiring writers.

It's a guide to the art of self-publishing - how to publish and distribute your own (hard copy) book, or indeed thesis or dissertation, DIY, using various tools and services such as the open source Lyx word processor, GIMP for cover / illustrations, and self-publishing website Lulu. It's by Victoria Lamburn, who's published quite a few fiction books of her own.

There's a detailed overview of Lyx and its advantages - it's LaTex-based WYSIWYM (what you see is what you mean) and, in her view, produces better typography, control of fonts etc than Word or Writer - in terms of kerning, ligatures etc - basically how to get your book to look professional, presentationally, even if you're not a typesetting expert.

There are tips e.g. on the image you want to use for your cover, the benefits of submitting to Lulu in PDF format, and a short overview of Lulu and its options (such as privacy settings you control, with limited access only to your work; size of the book, etc), tips on submitting to Lulu including the importance of keywords (tags), and the potential of much better profit margins for the author than with conventional publishers. Different distributions are available e.g. through well known online booksellers like Barnes & Noble, Amazon, or you can choose to exclusively distribute and market it yourself, etc.

Lulu can also be used for distributing music via CDs and videos via DVDs. It does seem to really empower the creative in relation to controlling and setting your terms for distribution, pricing, etc - and seems a relatively economical way to get your work out there, too. To me, services like Lulu are one of the great developments have come out of the rise of the Internet.



Labels: , , ,

| Links to this post | Post a comment or view 0 comment(s) | Subscribe to all comments on all posts

BarCampLondon3 video: data portability

Monday, January 14, 2008
Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语
Add this post to Del.icio.us, Digg or Furl | Create Watchlist




This video from BarCampLondon3 in November 2007 is of BarCampLondon organiser extraodinaire Ian Forrester, talking about the the dream and goal of data portability - standardisation of identity and other personal data and its exchange (and controlling its sharing and privacy), notably the laudable Dataportability.org initiative which seems to be increasingly gaining momentum, with lots of the great & the good of the Net already involved, such as Ian himself. To quote from their site:

"Philosophy As users, our identity, photos, videos and other forms of personal data should be discoverable by, and shared between our chosen (and trusted) tools or vendors. We need a DHCP for Identity. A distributed File System for data. The technologies already exist, we simply need a complete reference design to put the pieces together.

Mission Mission To put all existing technologies and initiatives in context to create a reference design for end-to-end Data Portability. To promote that design to the developer, vendor and end-user community."

Of course, cautious paranoid that I am, a major point to my mind is total user control of privacy settings - it's my personal data, I'll only want to use a system that lets me control, easily but quite precisely, exactly which people or groups will be able to access exactly which information about me. Which is the opposite of Facebook -I'm now on it but I admit I don't like it and rarely visit, as Facebook make too much of your data too public by default, which is scary, and opting out is too hard. Both are deliberate, I'm convinced. They also they claim to be able to re-use, as much as they like, for whatever they like, it seems to me, all YOUR data that YOU put on their site. Although to be fair Google seem to claim much the same thing and there's a lot less fuss about that.

Anyway, back on track, I'm sure we'll be hearing a lot more about data portability in future, particularly with increasing convergence of Internet and mobile.



Labels: , , ,

| Links to this post | Post a comment or view 0 comment(s) | Subscribe to all comments on all posts

BarcampLondon3 video: monetizing the long tail - voluntary economies

Monday, January 07, 2008
Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语
Add this post to Del.icio.us, Digg or Furl | Create Watchlist




The next video I uploaded from BarCampLondon3 is of a session on voluntary payments as a business model, and how it can help creators make money from the long tail using the Internet as a distribution channel - donations, tips, free downloads with people paying only what they think something is worth, the experiments by band Radiohead (who in late 2007 released their "In Rainbows" album initially on a voluntary payment basis, with both financial and chart success); writer Stephen King's online downloads experiment with electronic serialisation of "The Plant"; touching on the Creative Commons movement, etc.

The session was by Reinier Zwitserloot. (He's involved with Tipit.to). Again I've embedded the slides underneath to make the video easier to follow.




Personally, I have to say I'm rather sceptical of the pure "voluntary payment" business model. I'd agree with those who feel that that sort of model would only work properly (in terms of decent returns for the "selling" creator, provider or publisher), in relatively affluent and stable economies. I suppose in that context it's worth considering as a possible way to monetise the long tail, the huge numbers of niche products or services which individually appeal only to narrow interests.

But I'm doubtful that creators can make much money in tougher economic conditions. People from poorer societies who can barely afford the basic fundamentals of living - food, water, shelter - are unlikely to voluntarily pay for something which is available for free; why pay if they don't have to, if they need the money for something where they do have to pay?

I also agree that where the "voluntary" payment is to be made more publicly, e.g. taking something from a basket and leaving the money for it in a place where others can see who is or isn't leaving money (as opposed to a download in the privacy of their own home), there will be a degree of social pressure on "takers" to pay.

I'm a Creative Commons fan myself (and this blog's contents are licensed under CC), but it isn't strictly a "free" or even "voluntary payment" business model - free for private non-commercial use only, and strictly commercial exploiters have to pay, not just pay only if they want to. Still, I know many creatives don't believe in CC in terms of their making a living, and think that it only helps increase exposure for people who are already famous. We shall see how things develop...

Labels: , , ,

| Links to this post | Post a comment or view 0 comment(s) | Subscribe to all comments on all posts

Broadband speed claims: Ofcom acts

Friday, December 21, 2007
Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语
Add this post to Del.icio.us, Digg or Furl | Create Watchlist




Have you ever been misled by broadband providers' advertisements claiming to offer broadband speeds of "up to" X Mbps - then found that in fact your download speed is much less than that, or that your upload speed is just pitiful?

Misleading ads like this have been all too common in the UK; people sign up, tempted by the lure the ISPs hold out of faster speeds, not realising that with many ISPs you'll probably get less than the fastest advertised speed if you're further from the exchange, or that with other ISPs your speed could be significantly reduced depending on how many other users sharing your service are online. That's only in the small print, or not stated at all.

UK consumers and consumer bodies have been increasingly exercised about this kind of misleading ad, particularly for supposedly ultra high-speed services.

Take upload speeds, for instance. For domestic broadband, usually upload speeds are much slower than download speeds, e.g. for BT Broadband the advertised download speed is 8MB but the upload speed is a mere 256Kbps (and it's impossible to find any info on upload speeds on the BT site itself). Originally advertisers were claiming high speeds all round, without making it clear that upload speeds weren't hugely better than on a dial up package. So much so that in mid 2005 the UK Advertising Standards Authority issued advice to marketers to "either do not use unqualified speed claims (unless the package is faster for both downloads and uploads) or be specific about the advantage, e.g. “Faster download” or “Upload speeds of up to XMB”," having upheld complaints on that front against NTL, BT and AOL.

Then in September 2006, the ASA upheld complaints about "up to 8 meg" speed ads on TV and in the national press by Bulldog (though the ASA felt "up to" was fine in ads for 1 Mbps and 2 Mbps services, "where the user would not achieve the maximum speed because of factors such as the number of people on line but where the attainable speeds were close enough to those advertised so as not to affect the customers' experience in any meaningful way" - the highlighted buzzwords were used again earlier this year in a Sky vs Virgin advertising spat).

They again upheld complaints about "up to" speed claims against Wanadoo UK in October 2006, and against Be in January 2007.

The ASA even issued general advice to advertisers in March 2007 on that broadband ads should include a prominent statement along the lines of “top speeds vary significantly, in particular because of a user’s distance from the local exchange”.

The UK comms regulator Ofcom have been aware of the issue for some time, mentioning it e.g. their September 2007 consultation on Future broadband - Policy approach to next generation access in the context of the importance of appropriate information being made available to consumers so they can make informed purchasing decisions about next generation network products and services.

In their November 2007 consumer experience report and policy evaluation Ofcom noted falling consumer satisfaction with broadband in the UK , one area of complaint being that advertised headline broadband speeds do not reflect actual speeds delivered.

Their December 2007 International Communications Market report also noted that in the UK fully a quarter of respondents felt that they received a service that was less than the advertised speed of 8Mbit/s or higher - the UK (along with Japan) had the biggest gaps between perceived advertised/headline and actual speeds - and

In October 2007 the chair of the Ofcom Consumer Panel Colette Bowe wrote an open letter on broadband speeds to the Chief Executives of leading UK ISPs. And now finally, in their response to proposals in a letter by the Ofcom Consumer Panel, Ofcom have said that they'll be talking to internet service providers early in the New Year about:
  1. ISPs providing consumer specific information prior to sale on the estimated maximum speed a customer’s access line can support (using BT Line Checker and/ or equivalent).

  2. ISPs providing consumers with data early within the contract period on the actual (rather than estimated) maximum speed being achieved.

  3. ISPs offering consumers the choice to move, penalty free, onto a different speed package based on the information provided
Other things mentioned in the letter, to help consumers:
  1. To help consumers choose the most appropriate ISP for their needs, Ofcom have also started a project to identify the most useful indicators to consumers for comparative Quality of Service information, and they'll consider what's the best way to provide this information to consumers.

  2. Ofcom are also going to publish, in summer 2008, a consumer guide with advice on how best to maximise the quality of a broadband connection within the home.

Ofcom further said:
"We are keen that any measures are implemented in the shortest time frame possible. At this stage, we have not ruled out the possibility of using formal powers if we consider it would be more effective in delivering our objectives."

In other words, "This has gone on long enough. Better sort this out fast, you ISPs, or we'll make ya do it!" Which is good news for us consumers. I hope they make ISPs provide (pre and post contract) info on download speeds as well as upload speeds, and allow contracts to be cancelled if the promised speeds are not met - not just moved to a different package with the same provider. Let's wait and see...

Labels: , , ,