Digital convergence is all about sports

What will it take to put a PC in most living rooms? I have seen the hairy edge of digital convergence, and it is spelled S-P-O-R-T-S. It is ironic, in a way. But before I get to the reasons, first let me tell you a story from my own experience.

When I moved into my new home in St. Louis earlier this month, my wife and I had the big Where Do We Put the TV discussion. Of course, we started out by saying that we weren’t going to have it in the living room, but faster than you can say “What?” we had changed our minds and that is where it is today. I don’t quite understand this process, but have come to accept it as a fact of life.

I should state up front that I am not a big TV watcher – there are few if any broadcast programs that make it on my “Must See TV” list where I reserve a portion of my evening to watch it – Stewart and Colbert are about it, and they haven’t quite gotten on my schedule since the move. Mostly, we tend to watch Netflix videos.

My wife tends to have the TV on as environmental filler, but when she does sit down in front of the box, it is usually on one of the design-oriented channels like HGTV or Fine Living. She likes listening to the Today show, even post-Katie.

We ended up getting DirecTV, after some recommendations from my step-son who knows the gear. It costs a bit more than cable, but what tipped the scale in its favor for me was the music programming. Of course, we haven’t really begun to tap into that yet, what with one thing and another. We got the DVR model that is Tivo-like, but not quite Tivo, so we can pause, fast forward, and record our favorite shows, or so the literature says. I haven’t had the time to figure it all out yet, but my wife is happy, and my step-son stops by from time to time to show us a few new features when he thinks we are ready to learn a few New Things About Our TV. This leads me to Convergence Fun Fact #1:

CFF#1: The kids know this stuff better than the grown-ups. It is their demographic, their medium, and their touchstone after all. So listen carefully when they explain stuff the first time.

It pays to have a kid nearby to help with the installation and setup and training of the parents in the use of their new TV equipment. Those of us that are firmly planted in the IT tradition can learn from this experience, and finally understand what our users have been dealing with all these years with recalcitrant PCs. But I digress.

Then my life got more complicated, when I got a chance to test a new HD LCD TV from HP – that is a lot of initials. I thought, okay, let’s see where this baby will end up in the house and what if anything we can watch with it.

Well, the unit came with HP’s Digital Entertainment Center that is basically a PC combined with an HD DVR that runs Windows Media Center. Of course, it ended up in the living room, replacing the old tube TV that we had formerly planted there. My wife thinks of it as a huge black box that has too many wires coming out the back and offending her design sensibilities. And that leads me to Convergence Fun Fact #2:

CFF#2: If it is going to be in the living room, you have to Hide The Wires if you want to gain spousal design approval.

My wife was not happy with all the extra gear that we now “needed” to watch our Super Big TV. What, you are going to listen to the crappy speakers that come with the TV? No way, we need an amplifier and nice speakers! Well, they do sound a heck of lot better, but that means running those damn wires all over the place.

The second issue with HD specifically is: where is the content? There are over-the-air HD channels, and you can also bump up your TV subscription (on either the dish or cable providers) to include a few HD channels. This is where I begun to understand the problem. Convergence Fun Fact #3:

CFF#3: People don’t want to watch HD versions of the news, or soaps, or other normal programming. They want to watch sports.

Seeing what the actors look like in HD isn’t flattering. It so happens that the first HD program that I was able to get was a soap opera, and you could see the lines on the actors faces and other makeup imperfections just as clear as if they were standing in front of you in real life.

But the biggest problem is now we have 17 different boxes to power on to watch TV, and they have to be powered on in a certain order and with a certain remote control. And running Windows as the core OS of a DVR is just lunacy: I don’t want to deal with the blue screen of death, or spyware, or not having enough RAM to run my TV – I want it to just work. One night, my wife watched for several uncomfortable minutes as I tried to play a DVD on the HP DVR – there was something wrong with the disc, and eventually we gave up and watched it on one of our laptops in bed. All the while, she is mumbling how life has gotten so complicated that she can’t even operate our TV anymore and what is she supposed to do when I am not around to provide the necessary tech support?

Note: my wife is no techie novice. She has learned that when there are problems with the satellite box how to reboot that. And it takes almost as long to reboot that box as your average PC. Convergence Fun Facts #4, #5:

CFF#4: The TV can’t depend on any software to work.

CFF#5: The DVR should work effortlessly with the remote, and not depend on navigating 100 on-screen menus.

Comparing the HP DVR that runs on Windows with the DirecTV DVR that runs on whatever is no comparison. To do the same tasks is about five times more complex on the Windows box.

You can see where this is heading. Microsoft and the rest of the computing world are desperately trying to fit a square peg into a round hole. It won’t work. But let’s say Bill and his crew can work miracles and fix all of these issues. There is one remaining problem with convergence, and it has nothing to do with the technology per se.

Most of the geeky guys (and they are mostly guys) I know aren’t into sports at all, or if they are, they were watching the World Cup, the Winter Olympics or something outside of the baseball/football/basketball American Axis of Evil. And this, quite frankly, is the problem with digital convergence, and why we are still mostly talking about it rather than reaping its benefits. All of the HD sports programming is firmly inside this axis. You can watch HD versions of college sports, pro sports, and of the 5,000 channels available to us of programming on our dish, 4,900 of them are devoted to sports (or so it seems).

Until geeks get more interested in sports, or until there is compelling HD content outside of the sports axis, convergence won’t happen. It is pure and simply this. Convergence has nothing to do with all the Fun Facts mentioned above, or how many Microsoft software engineers it takes to make Windows Media Center stable, or how many ways I can record programs digitally and pause and fast-forward through commercials on my DVR. It is all about sports. If you are in a household with a sports fan, you will have convergence, with a nice TV and all the digital trappings to follow your teams. You will deal with the extra wires, the kid to program your box, and your 17 remote controls with 16 of them to just turn that particular box on and off.

If you are in a household with the average geek, you will be forever damned to be upgrading your gear, experimenting with some bits and pieces with the latest firmware upgrade and network improvements, trying to figure out remote control IR codes, and a complaining family that wondered what happened to their “ordinary” TV that normal folks just sit in front of and turn on and off with a single remote from the couch.

Speaking of security

I was recently interviewed on RSA’s Speaking of security podcast, which is available from this link. It was fun to participate and talk about how blogging and podcasting are changing the communications world.

Paypal phishing scam — beware!

If it can happen to Paypal, it can happen to you. Netcraft reports that their anti-phishing toolbar detected a cross-site scripting technique that a Korean hacker placed onto the Paypal main site that gathered user data. This one was pretty sneaky in that you get the valid Paypal SSL certs and appropriate warning messages, then the exploit takes over and presents you with the phony pages.

While I am not a big fan of the Google/Yahoo/MSN toolbars cluttering up your browsing landscape, this may be a reason to download and install the Netcraft version. Netcraft, for those of you that don’t know, is a fine upstanding company that produces those wonderful Web server population surveys for many years.

I Miss LA!

So thanks to Tara, I found out about watching some great short films at TurnHere.com. The site has a bunch of great personal travelogues mostly about New York and LA, my two former residences, and San Francisco.

I miss the zaniness of LA, the ability to almost always be caught in traffic at random non-rush hour times, the air so thick you can cut it with a switchblade, being amongst Planet Siliconia where the amount of plastic surgery is greater than what people elsewhere spend on their house payments.

But there are lots of special spaces in LA that I frequented when I was there, and the trick is to learn new ones now that I am in St. Louis. This morning I went for a short bike ride in Forest Park, before the humidity had reached crushing levels.

Anyway, the site has plenty to watch and keep you occupied for hours. Some very talented people out making some short films of cool places.

Lessons Learned from Large Network Testing

Last week I was out at my old alma mater, Stanford University. I was working with the central network administration group and having a lot of fun. The Stanford network is immense: there are more than a thousand servers, probably in the high thousands at last count. And more than 75,000 assigned IP addresses, with some of them actually being used too! Ironically, we were doing our testing in the same building where I first set up Network Computing’s Real World test labs about 15 years ago, and where the first router was invented about 30 years ago. With all that history surrounding me, it was great to be down and dirty in the lab.

My purpose was to test a bunch of SSL VPN products for Information Security magazine. While I won’t give away the results of the test — you’ll have to wait until the article is printed this fall — I will provide some of the lessons learned while working through the tests for those of you that are about to evaluate these products for your own use. The lab just had a few machines to do the test, but what was important was being around all these folks that were responsible for such a large network, and understanding the issues through their eyes. Here is my top ten list.

1. Assemble a team before you even think about testing anything. SSL VPNs touch a lot of different places across the enterprise. At Stanford, I was lucky enough to work with six or seven very experienced people who understand their piece of the puzzle intimately. You’ll need folks who understand desktop, server, firewall, authentication, and security issues. And sometimes, you’ll need to gather them all in the same room to resolve some thorny problems.
2. What and how you authenticate your users is critical. We were using existing Radius and LDAP servers coming from Stanford’s Active Directory repository. The biggest problem we had was setting these up correctly to work with the different products. But even once we got things cooking, the issue remains on how you specify your users credentials, and what rights you give them once they get authenticated. This has nothing to do with the eventual VPN product that you pick, but you need to be aware of this before you buy anything and make sure that your directory can contain this information, or you can import it there via some XML trickery.
3. Where your authentication servers are placed in your network is also an issue. Some of the VPN products we tested wanted to see these servers on the protected, interior network. This meant moving the servers from wherever they were on the Stanford infrastructure, which wasn’t gonna happen.
4. Migration issues. Stanford has this crazy quilt of firewall rules and existing VPNs that won’t be easy to transition to a newer SSL situation. Make sure that you haven’t hard-coded something into your own infrastructure that won’t be easy to translate into the various rules and schemas used by your SSL VPN.
5. Applications, browser and client operating system versions, and server configurations matter. Make sure you find all the applications that remote users will be running over the VPN, and test them across the various combinations of browser and OS combinations, both with and without the network extension clients. That is a lot of regression testing.
6. If you have a lot of Macs, Linux users, or machines running Windows prior to 2000, prepare for some grief here. Most of the products prefer you run Win XP/2000 clients only. Stanford’s network is about half Windows and half other things, so this was a big issue for them. But even if you have just a couple of non-Windows users, they could be at the top of the corporate food chain and require access from their machines.
7. If you are going to get involved in using the endpoint checking routines that the VPNs offer, do your testing with appropriate link latencies included for the average DSL and remote user. A lot of these routines send a bunch of bits back and forth across the link pre- and post-login, and these can significantly increase the login times for users while they are inspecting each machine for anti-virus, firewall and other configuration tests. Latency matters. If you can’t simulate it, make sure you go to a few slower-speed networks, such as your local coffee bar, and try the connections out.
8. Think about who is going to administer these boxes once you bring them in. Many of the products we tested didn’t fare well when it came time for multiple people to be admins and having different departments be responsible for different subsets of users or access rules. Few of the products enable this scenario very easily.
9. If you operate a huge network like Stanford, you probably want a box that supports true active/active failovers on a clustered configuration. Most of the vendors require some additional load-balancing product to enable this configuration.
10. Finally, don’t get lost in the admin interface. They are all complex beasts, but remember what you are trying to do is allow remote access. Keep sight of that goal as you plow through the various menus.

Check out my SSLVPN page for links to other product reviews, and stay tuned for the piece in InfoSec this fall.

Cute JVC MP3 Player

If you don’t want to buy an iPod for political or other reasons and still want a very lightweight and inexpensive MP3 player, the latest model from JVC might be the way to go. I tested the 1 GB XA-F107P, which lists for $150 (the same price as a Nano) and found it a great piece of gear.It is more compact than a Nano, about the size of a large walnut. It has a rechargeable battery that lasts all day, great for taking with you on long flights. Speaking of which, it really saved my sanity last week on such a flight when I was seated in front of Loud Rude Businessman Who Like To Yell.Operating the unit is very simple: the menu choices are obvious, the controls well placed. You turn it on with the play button, and turn it off with the stop button. It has a bright screen that shows you the song title and other controls that is easy to read even for this pair of old eyes. The sound is fabulous, either with the supplied ear buds or with the noise-canceling headphones that I use to block out those loud seatmates. Transferring files is also simple: you connect it via USB cable to your computer and drag and drop the files from your desktop. The cable is also what charges the unit’s battery, so there aren’t any other cables to lose or use. With a gigabyte of storage, you can fit several hundred songs on the thing, depending on the compression level you used to rip them. It also plays both MP3s and WMVThe one thing missing from the unit is a built-in microphone. There is a line-in port however.

If you don’t own a Mac – or if you don’t want to deal with iTunes and iThis and iThat, the JVC unit should be on your short list of media players. It also comes in a variety of colors to suit your fashion needs.

Let us now praise vacuum tube radios

Mike Pusateri's Cruftbox is one of my guilty pleasures. Mike runs an IT shop at Disney TV in beautiful downtown Burbank and has a wonderful blog where he takes apart and puts together all kinds of stuff. He is one of these people that are fascinated with the world around him, and has a very drole sense of humor that makes reading his posts fun too.

Here is a post about an old vacuum tube radio that he found at a garage sale. For those of you that are too young to appreciate this, vacuum tubes were the things that did what ICs do now, only using a heap more power and a heckuva lot bigger. What really made this post for me wasn't just that he picked up an old radio, and that it worked just fine, but that the radio included a schematic diagram of its components. They did that back in the day, you know — included the docs as part of the overall package. Something that our current electronics vendors could learn from.

Bach recursion

And now, as Monty Python like to say, for something completely different. I was emailing a friend about acronyms such as PINE and GNU and MUNG, acronyms that contain themselves as part of their abbreviation once you expand them out.

PINE, for example, means Pine Is Not Elm. Both are early Unix email readers that flourished in their day and had rabid fans who disliked the other software. Recursive acronyms are the ultimate insider’s geek track because you have to know enough to understand the joke. But they also play with an important computer science topic, and that is why I am typing this entry this morning, for those of you that are interested in exploring this further.

Of course, Wikipedia has a listing for the topic of recursive acronyms, and a nice list that they have compiled too, some of which I haven’t heard in a long time. Okay, you might say, so time to get a life, Strom.

This got me thinking about Gödel, Escher, Bach: an Eternal Golden Braid, a book by computer science professor Douglas Hofstadter. The book is a fascinating look at recursion and self-referential things, tying together some Big Themes such as mathematical expressions, music, and puzzles.

Take for example the Escher picture of two hands drawing each other, or how a fugue is structured to return back to the same musical theme. Then there is the artfully arranged Crab Canon, which is like a palindrome in the shape of a dialogue between two characters that reads the same top to bottom or bottom to top.

And for all you managers, the book contains Hofstadter’s law:

It always takes longer than expected, even when taking Hofstadter’s Law into account.

Think about that for a minute. Or take even longer.

Those of you that got all excited with the various crypto puzzles in DaVinci Code should take a look at this book. I read the book when I was just out of grad school, shortly after it was published and found it one of the more thought-provoking things I have ever read. I still have it on my shelf and look at from time to time, although sad to say my math retention isn’t what it used to be, and I am sure that I would have trouble with some of the theorems now.

NB: I also write a monthly column for the Tokyo-based Daily Yomiuri, and portions of this story were published in both print and Web editions today. I should have credited John Langdon for being, as he says, “The missing link between
Hofstadter and Dan Brown.” His book, Wordplay, has both a contributor from Hofstadter and Langdon claims it also inspired Brown to use his ambigrams in Angels & Demons. You can find out more about Langdon’s wonderful constructions here. 

Being master of one’s domain ain’t easy

Working with some beginning podcasters has made me realize that collecting all of what you need for protecting and
promoting your own cyber-brand isn't easy these days.

By now, most of us have the dot com routine down when we
want to establish a new brand: We go to our favorite
registrar (mine now happens to be GoDaddy.com), and
reserve that domain name the moment the idea crosses our
craniums what the right name should be. Amazingly, there
are still a few dot com names left these days.

But you might not be aware that there are other names that
you should purchase as well as the dot com. Podcasters
should probably also get a .TV domain name (those folks in
Tuvalu are happy about this), and there are also .BIZ and
.INFO names too that make sense under certain
circumstances. And if you are really desperate or have
some extra cash, you can purchase a .NET or .ORG too. I
would steer clear of the .US domains, they have never
taken off and are too much trouble to type in.

I have maintained for years that the best domain names are
aurally-pleasing, meaning that you can say them to someone
and they can remember the name and more importantly,
remember how to spell it without you having to spell it
out for them.

If you use another registrar, make sure you check out
their Web control panel interface before you plunk down
your cash on these new domains. I have seen some pretty
miserable interfaces that make it difficult to do basic
tasks such as forwarding your domain to your existing Web
site, and adding email addresses that also forward to your
existing accounts. What I like about GoDaddy (well, maybe
I am just used to their setup) is that these tasks are
fairly straightforward, and they don’t charge extra for
the forwarding details (some of their competitors do).
They also make it easier to make bulk changes without
having to go through repetitive steps.

Being master of your domain isn't the only thing you have
to worry about these days. The next issue is how you make
use of email lists. You want to make sure that you
register your brand name with as many of the popular free
service providers as you can, and certainly at least with
Google and Yahoo Groups. It doesn’t cost anything, and
took about two minutes apiece to get them set up. Both are
great places to host your mailing list and keep track of
your clients too. While we are talking about email, you
might want to sign up for a free account with Google's
Gmail service and use the same name as your brand for this
identity too. You'll need to find a friend who can send
you an electronic invite or else sign up from your cell
phone. This is all about extending your brand, and making
it easier for people to find you. I will have more to say
about Gmail in a future edition, but I have been very
happy with their service for the past year and have really
gotten to like it since being out on my own.

While you are at it, even if you haven't started blogging,
you might want to reserve your brand name ahead of time in
this arena as well. Two of the more popular blogging
service providers are Blogspot.com and WordPress.com.
Again, these are free services, and it takes just a few
minutes to sign up and register your name, but you might
as well grab this piece of cyber real estate before
someone else does.

I have been using WordPress for my blog, of course.

The changing face of endpoint security

So if you are in corporate IT, you know you have a large portion of mobile and roaming end users carrying laptops around the world. You know their potential for infection is huge, and what's more, you know you have to invest in technology to secure your end-points and keep your local networks from being hammered from zero-day attacks.

But all this knowledge is a dangerous thing. While Microsoft, Cisco, and numerous other companies have made plenty of promises that help is on the way, no single company has a best-of-breed endpoint solution. What's more, the architecture and marketing wars on this issue are just heating up, with no sign of stopping.

There are three major architectural efforts underway to define some sort of standards in endpoint security. The first is the Trusted Computing Group's Trusted Network Connect (TNC), composed of dozens of industry heavies around a bushel full of open standards. Next is Cisco's Network Admission Control or NAC. Finally, and the least developed of the trio, is Microsoft's Network Access Protection or NAP. NAP is yet to be implemented in any product, and is full of promise for Vista and Longhorn Server, the next versions of Windows.

At Interop last month, I saw signs that endpoint security is the latest rave, with promises everywhere that one vendor’s product will solve all your problems.

You can read more about my thoughts in an article I wrote for Information Security magazine on the topic entitled, "Which Way?"  (registration required)