Friday, 16 October 2009

Links for Oct 16, 2009

Google CEO Schmidt: "Android adoption is about to explode"

Hyperbole aside, Android is clearly strategic enough for Google to aim for at least the #2 spot in the smartphone platform wars. But that's not the company's only target for the OS.

WeFollow acquired

Albeit "acquired" by another company run by the founder, Kevin Rose. WeFollow is a Twitter user directory.

Twitter opens beta test of "Lists" -- allows users to categorize the people they follow

Tuesday, 13 October 2009

Links for Oct 13, 2009

Microsoft/Danger may be able to recover lost Sidekick data

Despite saying yesterday that the data are probably lost forever, Microsoft's Danger subsidiary seems to be changing its tune. T-Mobile will be hopeful that the feat can be pulled off.

ViVu raises $3 million for interactive video conferencing

Competes with WebEx and GoToMeeting.

Gist now offers free iPhone application

Gist merges data from email, Facebook, LinkedIn, Twitter, and more.

Google Docs now has shared folders

Most request new feature.

Monday, 12 October 2009

Links for Oct 12, 2009

Death of email predicted (yet again)

This time it's the Wall Street Journal that's not thinking straight. Email is still good for what it's good at; what we're seeing is other applications that are better at doing things that email is unsuited for, but previously was the least-worse way of doing. Email was the hammer, so those tasks looked like nails.

Searchtastic: yet another 'real-time' Twitter search startup

Twitter denies rumors that it's adding video functionality

Death of Sidekick/Hiptop platform predicted, as Microsoft loses users' data

Microsoft has lost all users' personal information for the T-Mobile Sidekick service (aka Danger Hiptop). Little hope of recovery. Looks like there was a disk failure in its Danger subsidiary, and no working backups.

Thursday, 8 October 2009

Links for Oct 8, 2009

FBI finger 100 phishers in Operation Phish Phry

Phishers arrested and charged in Southern California, Las Vegas, Charlotte, N.C., and Egypt. First such joint investigation between Egyptian law enforcement and U.S. agencies, including FBI, USAO, and the Los Angeles Electronic Crimes Task Force.

Ray Ozzie says Google is biting off more than it can chew with Wave

Trying to replace email, IM, with a new paradigm is too hard, says Ozzie, based on his experience with Notes and Groove. It's even more of a challenge because people don't understand what Google Wave is, he opines.

Wednesday, 7 October 2009

Links for Oct 7, 2009

Google testing ''Cloudboard'', a server-side clipboard

Allows users to copy/paste data between Google services, such as Docs and Gmail.

Tuesday, 6 October 2009

Links for Oct 6, 2009

Windows Mobile 6.5 gets poor reviews

Increasingly, it seems the race for smartphone platform is between iPhone, Android, Palm, and BlackBerry.

SlideShare Business announced

SlideShare experimenting with new revenue models

Links for Oct 5, 2009

Amazon EC2/EBS DDoS drills hole in Bitbucket

Amazon's EC2/EBS cloud infrastructure isn't invincible against distributed denial of service attacks, it seems. Code hosting service Bitbucket blames its recent 19+ hours of downtime on an Amazon DDoS. Offers harsh feedback to Amazon's support organization.

AVG fights back against Microsoft's free AV with version 9

AVG's free product is an important route to market for the company. Microsoft's Security Essentials is a threat. Version 9's enhanced link scanner and claimed performance improvements should help counter it.

Vonage app. for iPhone and BlackBerry

Important VoIP provider enables access from important smartphone platforms. Perhaps surprising that Apple allowed this, but FCC investigation into Google Voice refusal motivates Apple to be seen to play fair.

All major smartphone platforms to get full-featured Adobe Flash, except iPhone

Flash isn't just for video and silly games. It's also a serious cross-platform development tool. Apple would probably wait until hell froze over to allow it on its platform, as the App Store is a strategic control point.

Friday, 2 October 2009

Links for Oct 2, 2009

Google makes FriendConnect easier to install on your Web server

The war for consumer-focused federated identity rages on. The latest battleground is ease of use for webmasters. Google and Facebook are playing leapfrog.

IBM/Lotus challenges Gmail/Google Apps with LotusLive iNotes

IBM/Lotus wants you to reconsider "Going Google". It's now offering a SaaS/cloud hosted email service, with similar functionality to Google Apps' Gmail -- but undercutting Google's price.

Thursday, 1 October 2009

Links for Oct 1, 2009

Six Apart announces TypePad API and Pownce relaunch

API opened up and branded TypePad Cloud Platform; Pownce relaunched as TypePad Motion.

Cisco to acquire Tandberg

$3 billion buys respected Norwegian vendor of videoconferencing products.

Wednesday, 30 September 2009

Links for Sept 30, 2009

All is well with bank email privacy problem, luckily

Bank sends sensitive info to wrong person by email; asks Google to delete it; asks court to force Google to delete it; Google says message was never opened; Google deletes message; further legal wrangling averted.

Yammer gets significant new blood

Sean Parker was instrumental at Plaxo and Facebook. Now he joins Yammer, the "Twitter for intranets".

Criminals being very clever: editing online bank statements on-the-fly

If your PC is infected with this malware, not only will criminals extract money from your bank account, but it won't show up on your statements. That's because the malware is silently hiding the fraudulent transactions, and patching the balance. Horribly clever.

Yahoo releases YUI 3

YUI is a rich, lightweight framework for writing slick, interactive user interfaces for Web applications. It's widely respected; and version 3 looks like it will add to its reputation.

Google Wave invites being sent to 100,000 preview users

Google's collaboration tool is definitely one to watch, if the demo reel is any guide.

Microsoft releases Security Essentials (née ''Morro'')

This free anti-malware product for PCs replaces OneCare and threatens the established vendors: both free and paid.

Friday, 25 September 2009

Links for Sept 25, 2009

Microsoft's Ballmer apologises for poor Windows Mobile execution

Steve Ballmer speaks at his annual VC summit. Attendees leak his mea culpa via Twitter, reporting that he said Microsoft has revamped the WinMo7 team with new blood.

Thursday, 24 September 2009

Links for Sept 24,2009

Microsoft's Looking Glass approaches launch

Allows marketers to aggregate and monitor social media. Private beta in October.

Finally, BlackBerry has software for MacOS

MacOS users will soon be able to sync their BlackBerrys without using Windows.

More Gmail Outages

Significant issues today for users of Gmail and Google Apps. Centered around users' Contacts. Initial reports said it was for just some users, but it appears most or all were affected.

Wednesday, 23 September 2009

Links for Sept 23, 2009

Google Wave in IE, via Chrome Frame

If you want to use the new Google Wave in Internet Exporer, you'll have to install the Google Chrome Frame addon first. This ingenious plugin replaces the entire rendering area of the browser with code plucked from Google's Chrome browser.

Google Sidewiki

Sidewiki is a universal commenting system for the Web. A new component of the Google Toolbar. Watch out: Digg, Stumbeupon, Reddit, et al.

Skype for SIP to Integrate with Industry-Standard VoIP Kit

Skype currently uses a proprietary voice-over-IP protocol. Integrating with the standard Session Initiation Protocol (SIP) should make it more attractive to businesses.

DateCheck Launched at DEMOfall09

DateCheck is an iPhone app that allows consumers perform background checks on prospective suitors. Its launch has prompted some comment as to privacy implications.

Tuesday, 22 September 2009

Links for Sept 22, 2009

Gelato Comes Out of Stealth at DEMOfall09

Gelato is "stream dating" -- online dating for the Facebook generation. To help users decide if they have things in common, it integrates with your lifestreams from Facebook, last.fm, Twitter, Hulu, Netflix, Flickr, etc.

Foursquare Has Plans to Make Money; Raises Anonymity Concerns

Foursquare is a location-based social network. Allows people with similar tastes to meet up. Allows local business owners to build relationships with repeat customers.

Google's Gmail now Supports ActiveSync Push for iPhone and Windows Mobile

Also works for Google Apps email. It previously only supported ActiveSync for contacts and calendars: users had to use IMAP for email.

Friday, 15 May 2009

FAQ: Suffering Backscatter

Dear Richi, I have about 20-30 returned emails from some entity/person who is somehow using my domain to send out bulk email. How is that even possible?

Sadly, it's trivial for a spammer to forge your address. It's not your Web host's fault.

Some badly configured email servers auto-reply to spam. That's what you're seeing.

If you want to complain to anyone, complain to the people running the servers who are auto-replying to you. Here's a template complaint I've used before...
Hello. You are sending spam to me by bouncing spam to an unrelated person. I did not send the spam to your server: spammers forge the message sender. Hence, your reply goes to an innocent third party.

Perhaps you sent an unsolicited bounce because your mail server is incorrectly configured. Please don't do that. You should *reject* during the SMTP conversation, not *bounce* after accepting the spam message. It is not necessary for your MTA to send a non-delivery DSN -- you should reject at the point of SMTP RCPT with a 553 error or equivalent.

Or perhaps you're auto-replying to spam. Presumably you filter spam before delivering inbound email. In which case, this reply shows that spam is getting through those filters.

It's bad practice to accept a message for a non-existent user. If you accept and then bounce, you're sending spam. For more information, please see http://www.spamcop.net/fom-serve/cache/329.html

If this was an isolated error, there's no need to be concerned that you will be blacklisted as a spam source. It usually takes several complaints to illustrate a pattern of email abuse.

However, I urge you to correctly configure your mail servers.
More info at an old post of mine: I Got 25,000 Spam Messages in Two Days!

Saturday, 2 May 2009

CNN: carbon footprint of spam

Finally, I have the CNN footage.

Amusingly, they mixed up the captions, so Woody got my title...


No video? Click here for the carbon footprint of spam video.

Wednesday, 29 April 2009

A "Monster" Spammer (NYSE:MWW)

Update May 1 3.30 UTC: several listwashing requests.

Dear Monster.com (NYSE:MWW),

You are spamming me. Stop it. Please.

You're sending marketing email to an address that has never given informed consent to receive it.

Not only that, but you're even breaking the spirit, if not the letter, of the U.S. CAN-SPAM Act. While your unwelcome missive does include the proscribed physical address and unsubscribe link, they are displayed in white text on a white background.

Yes, really. (I dare say they'd be more visible if my email client displayed HTML images by default, but like many clients, it doesn't.)

Naturally, it's also in violation of the law in which your UK subsidiary operates. There was no "prior consent" given, within the meaning of the Privacy and Electronic Communications (EC Directive) Regulations 2003. Offenders are liable to a fine of up to £5,000 in a magistrate's court, or an unlimited fine if the trial is before a jury.

Update May 1 3.30 UTC:
I've received a couple of email messages and a Twitter DM from Monster, expressing apologies for the situation. Sadly, these expressions of regret don't extend to actually fixing the spam problem; they appear to be an attempt to listwash.

Sorry, Monster; listwashing is bad practice. My standard operating procedure is to never unsubscribe from a list that I did not subscribe to.

If Monster wishes to solve this problem, it would stop sending email to addresses of people who did not subscribe. I'm open to a public dialogue on this subject: feel free to tweet or comment here, rather than privately emailing or DM'ing.

Today's Tweets

  • 07:32 The swines! Flu panic blamed on Twitter and blogs ping.fm/D7j7T #itblogwatch #swineflu Voices of reason drowned by twits #
  • 08:00 @djtechnocrat Yes, but it was always thus. Twitter makes the whole thing grow faster, whipping ignorance into a huge frenzy. #swineflu #
  • 08:56 I'll be at Infosec on Thursday afternoon only. Currently available for briefings 1.45pm-4pm. #
  • 11:48 @hprice Loudmouth workers leaking data through social networking sites tinyurl.com/d4p7uc #
  • 11:50 Planning to keynote at Inbox/Outbox in mid-June. inbox-outbox.com #
  • 12:11 @hprice LOL #
Thanks: LoudTwitter

Tuesday, 28 April 2009

Today's Tweets

Thanks: LoudTwitter

Monday, 27 April 2009

Today's Tweets

  • 07:54 @markwu Dropbox isn't a backup tool; Mozy is. They solve different problems. richi.co.uk/mozy #
  • 09:26 RT @fdestin Suddenly reminded of ... cartoon: "I used to tweet but I went back to pointless incessant barking" -- bit.ly/ZHfy9 #
  • 12:59 @haiyo Dropbox isn't a backup tool; Mozy is. They solve different problems. richi.co.uk/mozy #
  • 13:55 @haiyo Yes but DropBox doesn't do versioning and recovering deleted files. As for your mozy problems, let @Mozy know. He's good; he'll help. #
  • 14:02 @hprice "piqued" ;-) #
  • 14:43 RT @AllenHarkleroad Debt collector threat over BT bill for £0.00 ($0.00) tinyurl.com/djrs3h #
Thanks: LoudTwitter

Sunday, 26 April 2009

Today's Tweets

  • 20:33 Some thoughts about vendors I met at the RSA Conference ping.fm/IVfZw #
  • 20:39 @LivingInHD Pretty happy with my Viera 50PZ80B plasma, but surprised how poor the blacks are. Quite a lot of light when screen is "black". #
  • 20:44 @berkmancenter Thanks for the linkluv #
  • 23:35 @mengwong thanks /LogicQcwLogiQ^[ZZ #
  • 08:17 WANT: Smart Fourtwo powered by Tesla EV drivetrain ping.fm/bfcKM Hey aftermarket peeps, how about a conversion kit? #
  • 11:21 RT @AllenHarkleroad To Tweet or to Re-Tweet that is the question.... #
  • 11:31 @travelingcircus Hi. Interested in what people are saying about spam (not to mention @spam) #
  • 11:39 @awaken319 No need to be a euro-hater. Of course, some European countries are worse than others. #
  • 11:39 @signatureladyj I only know enough to be dangerous ;-) #
  • 18:45 @hprice Try @Thepeoplefinder for that task #
  • 18:52 @hlslaughter I did a test disaster-recovery of about 185GB. It averaged 500KB/s (would have been faster, but for my 6Mbps DSL). #
  • 18:55 @mozy do you think that @dornquast is being fair? e.g., twitter.com/dornquast/status/1616523717 #
Thanks: LoudTwitter

Friday, 24 April 2009

BoxSentry Ditches Challenge/Response; Fights False Positives

Update Apr 25 6.30am UTC: fix name of product (thanks, Meng)

Singapore-based BoxSentry has historically been known as a challenge/response spam filter vendor. Readers will probably be aware that I'm no fan of C/R.

As time goes by, BoxSentry has gradually de-emphasized C/R, but until recently it was still sending challenges for a small but significant proportion of the spam it received -- and hence was sending unsolicited "replies" to people who had never sent email to the BoxSentry user.

Manish GoelManish Goel, BoxSentry's CEO, confirmed to me that his company no longer uses C/R. That's great news for Internet users. Well done, Manish; I know that I and others have been thorns in your side for a while about this; I appreciate your good humour in our occasional, heated debates!


Manish also brought other news. While beefing up their technology base -- in part to compensate for the loss of the C/R layer -- the company has developed new techniques to better identify false positives.

BoxSentry has wrapped the new techniques in a product it's calling LogiQ. The idea is that it can run alongside a traditional spam filter and automatically retrieve any false positives it finds.

As an illustration, Manish offered a "typical" example: over the test period, a deployed spam filter from one of the well-known vendors delivered 11,500 legitimate messages, but LogicQ found an additional 680 false positives in the filter's quarantine. That's a roughly average false positive rate, in my experience. Not the exactly state-of-the-art, but pretty representative of deployed spam filters. It might equate to one false positive every week per user.

Manish says that 100% of the false positives identified with these new techniques really are false positives -- although they may not catch all of them.

A bold claim; I'm looking forward to digging into the details of the techniques under NDA...

Thursday, 23 April 2009

AVG loves its freeloaders

AVG makes one of the last free AV products. Here at RSA, I talked to this guy, AVG CEO JR Smith, about why his company is sticking with the freemium model...

According to Smith, it's great having the majority of their "customers" who don't pay for the product. It makes lead generation really easy. Not only are they able to up-sell consumer users who download the free version, but many of those consumers also recommend the use of AVG inside of the SMB in which they work.

Add to that the valuable stream of real-time feedback that their users' installations provide about threats on the Web pages that they discover, and one starts to understand why the company is growing at a claimed 80% annually.

Astaro drops its R&D-led roadmap

This is Angelo Comazzetto. A Canadian, of Italian heritage, living in the U.S., working for a German company.

When I met him last year, his business card said something like Evangelist. These days, he's the product manager for Astaro's line of low-cost Unified Threat Protection appliances. Dspite his title change, he's not lost his passionate, high-energy, rapid-fire delivery style ;-)

Some notes from our meeting:
  • "600 new features" in the past year
    • based on win/loss analysis and other customer requests
    • no longer R&D-led roadmap!
    • Versions 7.2, 7.3, 7.4 all "major" releases
  • Now uses Commtouch for anti-spam, Astaro loves them
  • Astaro has dropped Kaspersky: too expensive and inaccurate
  • Moved to Postgres from MySQL
  • Added full https content inspection
    • Several options for deploying the proxy certificates to user PCs
  • Network balancing across several connections
  • Supports the proprietary Cisco IPsec client
    • So can have people move from obsolete Cisco PIX and ASA to Astaro
    • Supports iPhone VPN client (nice demo)

Yubi-who? Easy single-signon, one-time-password auth.

This is Stina Ehrensvärd, the CEO of Yubico.

You may have heard of their product, especially if you listen to Steve Gibson and Leo Laporte's Security Now podcasts. It's called Yubikey: a tiny, single-signon, one-time-password USB device.

It emulates a keyboard. Touch the button and it types this moment's password. So it's something you have; when combined with something you know -- a static password -- you have the simplest form of two-factor authentication.

As you might guess from her name, it's a Swedish company, which Stina told me that it was built around the vision of fixing banking and paypal fraud. The idea is that banks would save money lost to fraud, some of which they could donate to charities.

Which is nice.

BitDefender defends its position in the AV market

What a nice man Florin Talpeş is. The CEO of BitDefender is a pleasant, thoughtful personality.

My guess is he's not going to allow BitDefender to make the same mistake as certain other Eastern-European AV companies, who got too big too quickly and rested on their laurels. Cough-Kaspersky-cough.

BitDefender is very proud of its recent successes in comparative testing. It's touting a meta-analysis of several recent tests, which show the company tied with Symantec for top spot, in terms of malware detection accuracy.

Wednesday, 22 April 2009

Varonis: the jelly-to-the-peanut-butter of net file shares

This isn't my usual area, but I had such an interesting and thought-provoking meeting with Varonis's Johnnie Konstantis that I wanted to blog a few notes...

Varonis produces a management tool to help IT do "unstructured data governance." In other words, it helps people manage the random dumping grounds of opaque files sitting around on shared drives. Compliance and e-discovery are the watchwords here.

Varonis is very proud of its EMC partnership. EMC resells the product to its disk array customers. EMC is also a customer: with 40K users of 420 file servers storing almost a petabyte of data.

More notes:
  • It integrates with ActiveDirectory and ensures that file system permissions adhere to policy.
  • It offers a richer user interface for permissions than Windows itself.
  • You can navigate and drill into Windows server access logs, which is useful for e-discovery.
  • It also helps you ensure your super-users aren't snooping on sensitive data.
  • It helps you find the business owner of data, which is important for e-discovery.
  • It can flag potential permission revocations (e.g., where a user hasn't used that permission in a while, because the user has changed jobs)

Commtouch's new OEM Web security business

At the RSA Conference yesterday, I sat down for a friendly chat with Amir Lev, the CTO of Commtouch.

Commtouch is best known for its OEM anti-spam engine, which is licensed by a long list of well-known email security vendors.

In January, the company launched a Web security service, using a similar architecture and business model as its anti-spam technology. In other words, it's a hybrid of a managed service—cloud-based, if you insist—that maintains a database of known Web pages, plus an OEM engine that queries the database and intelligently caches the results.

Why do it in the cloud? Amir argues that it's hard to categorize the whole Internet, as the database gets huge and the changes are too big to push the updates in a timely manner.

The service categorizes the known threats so that OEMs can produce different types of products. For example, an product focussed on anti-phishing, which will major on the web pages categorized as fake bank portals, etc.

Amir argues that being an OEM is a good place to be, as the industry continues to move to a "soup-to-nuts" UTP model. Commtouch's vendor customers will often specialize in one or two areas and license the rest conventionally.

More controversially, Amir also argues that it's risky to build a strategice relationship with a small, niche company that offers an OEM solution, because if they're bought out, they may lose the OEM strategic focus.

Well, he would say that, wouldn't he?

Tuesday, 21 April 2009

Abaca's radical anti-spam tech wins at Yahoo!

At the RSA Conference, I was almost blinded by the huge grins on the faces of the Abaca reps.

As you may recall, Abaca has a really interesting spin on the spam filtering problem. Finely-tuned mathematics and a big database of receiver statistics give back up some truly impressive claims. As I said last year, I'm reasonably convinced that it's not just a silly FUSSP.

For over a year, Abaca has been working on a deal with Yahoo! to add the technology—which they now call CLX—to the spam filtering mix. A few months ago, I heard unofficially that Yahoo! agreed to roll it out.

Now, Abaca is announcing that the rollout has been hugely successful, and Yahoo! is extremely satisfied with the result. Nice going.

As an update, here's the (claimed) highlights of the Abaca technology:
  • Guaranteed accuracy of at least 99% catch rate (with money-back contract terms)
  • Claimed false positive rate is infinitesimal (I calculate their claims equate to one in a million messages)
  • After bootstrapping with recipient email statistics, no user training is required, but can be individualized by users clicking the Spam/Not-spam buttons
  • By its nature, it's extremely scalable—a single small server can handle 90 million messages per hour
Of course, I can't verify these claims, but it would appear that Yahoo! effectively has.

Equally, I don't know how close to reality the false positive figures are -- at best they're based on user reports alone, which usually tend to significantly under-state the reality. But, again, if the Yahoo! user reports are anything close to 1:1,000,000, then Abaca has something really worth shouting about.

Websense (finally) gets appliance religion

I sat down with the folks from Websense, here at the RSA Conference. Their big news is that they've finally come out with a pre-built appliance.

It's easy to be cynical. It wouldn't be hard to see this as Websense being "late to the party." Naturally, the company doesn't view it that way.

Websense didn't want to simply take its existing software platform and stuff it into a 19" rack. It already has 3rd parties who do that, which it says it's happy with.

Websense saw the need for a complete platform refresh. We're seeing the first fruits of this work in the new V10000 appliance.
  • It's based around a virtualized environment, based on Linux and the Xen hypervisor.
  • First version is simply a Web gateway / security proxy, but future add-ons will include DLP
  • Customers will be able to run multiple instances on one box.
  • A new centralized management platform can control a mixture of appliances and similar functionality provided by the Websense managed service (based on technology from the BlackSpider acquisition).

Tuesday, 14 April 2009

Spam and its Carbon Footprint

All uses of the Internet have an impact on climate change. Sadly, that includes the less-savory uses.

Spammers dumped 60 trillion messages onto the Internet in 2008. As the climate-change consensus becomes overwhelming, it's high time we looked at the environmental impact of spam.

Recently, McAfee commissioned climate-change consultants ICF calculate the carbon footprint of spam. McAfee also asked me to help. We calculated the energy use associated with each stage in the lifecycle of spam, including the energy used to transmit, process, and filter spam.

Globally, the annual spam energy use is 33 billion kilowatt-hours, or 33 TWh—that's as much electricity as 2.4 million U.S. homes use, with the same greenhouse gas emissions as 3.1 million passenger cars using 2 billion U.S. gallons of gasoline.[1]

Two Surprising Conclusions

Far from being a net consumer of energy, spam filtering actually saves an incredible amount of energy. Imagine if all the spam filters in the world were switched off for a day. It would actually increase the carbon footprint of spam by at least five times.[2] In other words, spam filtering saves 135 TWh of electricity per year—that's like taking 13 million cars off the road.

But we could do even better. Imagine if every inbox were protected by a state-of-the-art spam filter. We could save about 75% of the spam energy used today—25 TWh per year;[3] that's like taking 2.3 million cars off the road.

Other Results

The average greenhouse gas emission associated with a single spam message is 0.3 grams of CO2. That's like driving 3 feet (1 metre), but because of the annual volume of spam, it's like driving around the Earth 1.6 million times.[4]

A year's email at a typical medium-sized business uses 50,000 KWh, more than one fifth of which is associated with spam.[5]

Filtering spam is all well and good, but fighting spam at the source can have even better results. Taking McColo offline in late 2008 saved energy equivalent to taking 2.2 million cars off the road, before spammers rebuilt their sending capacity.

Energy use associated with spam is mainly consumed by end-users deleting spam and searching for legitimate email ("false positives"). Only 16% of energy use is from spam filtering itself.

Notes

My role in the McAfee project was to help ICF build a model that accurately reflected where energy was used in producing, transmitting, filtering, and dealing with spam. To this end I provided consultancy and data, plus some analysis of the results.

The data came from my 25 years of experience with email and spam, cross-correlated with data from other researchers (including McAfee and McAfee's competitors).
  1. 33 TWh of electricity use emits 17 million tonnes (19 million U.S. tons) of CO2, equivalent to 3.1 million passenger cars, burning 7.6 billion litres of gasoline (2 billion U.S. gallons), or 2.4 million U.S. homes' electrical usage.
  2. Switching off spam filtering for one day would multiply spam in the average inbox by 5x and multiply false positives by at least 10x. While no energy would be used by spam filters, this reduction is vastly outweighed by the energy used by end-users coping with spam.
  3. Most inboxes are protected by spam filters, but many of them are less accurate than the best filters. Some inboxes are still completely unprotected. State-of-the-art filters can achieve better than 98% effectiveness/0.01% false positives and use less power: assumes 25% power saving over legacy spam filters.
  4. Based on passenger car averaging 20 miles per U.S. gallon; mean equatorial circumference 40,041 km (24,870 miles).
  5. Refers to an organization with 200 average business email users.

Incremental Energy

In any calculation such as this, there's always the concern that we're double-counting energy that would have been used whether or not there was spam. Let me assure you that this isn't the case. I only wanted to be involved in the project if we were measuring this meaningfully.

So the data and calculations were carefully designed so as to only measure energy that is used as a direct result of there being spam. In other words, it is "incremental" energy.

PCs and servers use less energy when idle than when doing "work"—in most cases it's this additional energy that we measured.

More About the Methodology

Some wags have complained that ICF doesn't publish its methodology. They have clearly not read the full report, including the appendix, which helpfully titled, err, Statement of Methodology. Perhaps they're confused by the 8 page summary?

Download Full Report

You can now get the full 28 page version at the usual place.

Radio Interview

ORF interviewed me on Friday. Download it here: richi-on-orf.mp3.

Monday, 6 April 2009

Hidden Risks of Intellectual Property in Email

I was talking recently to a client. We were discussing how organizations use email and the conversation turned to "inappropriate" use.

Ah, no. Not that sort of inappropriate use.

I'm talking about storing confidential information in an organization's email. Perhaps even sending that confidential information to people who have no right to receive it.

Just about every organization has this type of confidential information. It could be customer data or intellectual property, such as future product plans or patentable know-how. Whatever it is, organizations run a huge risk by allowing their users to email it.

And I'm not necessarily talking about attacks on the email system. Even the most sophisticated user can accidentally send the wrong thing to the wrong person.

Even if the information stays inside the organization, it's at risk from malicious insiders—if someone has access to an Exchange server, they can read the entire message database without needing any passwords.

And I'm not talking about a few scraps of information, either. When you look at a typical organization that's reasonably email-centric, a significant number of them might have the vast majority of their confidential information stored in their email—as much as 85% of it.

So what to do about it?
  • You could try educating your users... but that sounds like the epitome of cat herding.
  • You could shut down your email system... but isn't that rather self-defeating?
  • Various vendors will sell you tools for data leak prevention (DLP).
Combined with user education, DLP can do a reasonable job of helping email users "keep it in the family." But it isn't magic; it does need care and feeding.

It does need to be taught what your confidential information looks like, and who should be permitted to see it. And that teaching process isn't just a one-off chore—it needs to be ongoing.

Wednesday, 18 March 2009

Where's Richi?

Yes, I'm not blogging here much these days. So what am I up to?

In addition to my Computerworld daily ramblings and Ferris Researchings, you can mostly find me microblogging on Twitter.

You'll also find me at Facebook, LinkedIn, FriendFeed, and FriendFace.

Here's a full list of contact details.

Friday, 6 March 2009

IT Blogwatch roundup

Here's a catchup of the last two week's of IT Blogwatching. Sorry I missed last week's post: I had a rush job on.


TomTom fights Microsoft to protect GPL?

TomTom logoIn a special IT Blogwatch Extra, Richi Jennings watches the growing disquiet over Microsoft's TomTom patent lawsuit. Not to mention what Darth Vader finds disturbing...

...Read more

Obama: we need a CIO before a CTO

ObamaIn Friday's IT Blogwatch, Richi Jennings watches a surprise Obama appointment: a CIO (confounding commentators' CTO conjectures). Not to mention MeggySeq...

...Read more


Windows 7 allows IE uninstall

Windows 7 screenshotIn Thursday's IT Blogwatch, Richi Jennings watches Microsoft allow users and OEMs to actually remove IE -- sop to Europe or misdirecting canard? Not to mention 3D street art...

...Read more


Skype SILK codec set free-as-in-beer

Skype logoIn Wednesday's IT Blogwatch, Richi Jennings watches Skype open up its fancy new voice encoding technology. Not to mention London Underground: run by people, not androids...

...Read more


New Apple desktops: fanbois drool

Apple logoIn a special IT Blogwatch extra, Richi Jennings watches Apple quietly revamp its entire desktop hardware line. Not to mention Square Root Day...

...Read more


Demonstrators demo at DEMO 09

Demo logoIn Tuesday's IT Blogwatch, Richi Jennings watches bloggers watch the DEMO 09 conference. Not to mention what not to wear...

...Read more


Iran leeches Obama's helo. plans, peer2peer

Marine One (U.S. Marines; public domain)In Monday's IT Blogwatch, Richi Jennings watches the fear, uncertainty, and doubt surrounding the discovery of Marine One blueprints on a peer-to-peer network. Not to mention how extra airline fees may have gone too far...

...Read more


Windows 7 RC on its way

Windows 7 screenshotIn Friday's IT Blogwatch, Richi Jennings watches Microsoft announce tweaks to Windows 7 in time for the upcoming Release Candidate build. Not to mention Darth Walkies...

...Read more


Microsoft "recalculating route" of Linux patents

TomTom logoIn Thursday's IT Blogwatch, Richi Jennings watches Microsoft sue TomTom over its Linux patent "infringement" -- is this the beginning of the end? Not to mention a Mac Mini inside a Disk ][ Drive...

...Read more


Apple Safari 4: better, stronger, faster?

Apple logoIn Wednesday's IT Blogwatch, Richi Jennings watches Apple launch the Safari 4 beta, claiming improved speed and standards-compliance. Not to mention paper computers...

...Read more


Microsoft: "Just kidding; keep the money"

MicrosoftIn Tuesday's IT Blogwatch, Richi Jennings watches Microsoft overpay redundant employees, ask for the money back, then change its mind. Not to mention Error'd...

...Read more


Steve Jobs is "offline"

Apple logoIn Monday's IT Blogwatch, Richi Jennings watches the curious case of Steve Jobs' instant messaging presence (or recent lack of it). Not to mention exploding, flying, and crashing servers...

...Read more

Friday, 20 February 2009

IT Blogwatch roundup for w/b Feb 16th

Here's what I've been up to for those fine folks at Computerworld this week. Yes, amazingly, I've not been fired yet...


HP has "hurd" about a recession

Mark Hurd (source: HP)In Friday's IT Blogwatch, Richi Jennings watches HP CEO Mark Hurd impose pay cuts across the board. Not to mention misheard lyrics...

...Read more

Terry Childs speaks from SF jail cell

Terry Childs (credit: Robert McMillan)In Thursday's IT Blogwatch, Richi Jennings watches former San Francisco network administrator Terry Childs speak out from his jail cell. Not to mention the end of U.S. analog TV...

...Read more


Cisco gets cozy with Trend Micro

HND logoIn Wednesday's IT Blogwatch, Richi Jennings watches Trend Micro slide its security software into routers from Cisco/Linksys. Not to mention how not to cross at a railroad crossing...

...Read more


Facebook TOSses out your privacy?

Facebook logoIn Tuesday's IT Blogwatch, Richi Jennings watches a row erupt over Facebook's new Terms of Service. Not to mention gaming in a world without bad guys...

...Read more


Downgrade to XP is $60: Microsoft sued

Windows XP box (source: Microsoft)In Monday's IT Blogwatch, Richi Jennings watches Microsoft get sued over a fee to downgrade from Vista to XP. Not to mention a special Valentine's Day gift...

...Read more


Friday, 13 February 2009

This Week's IT Blogwatch Roundup

Instead of posting links to these things each day, I'll do a Friday roundup of the week...

1234567890 seconds since 1/1/1970: tonight!

1234567890In a special IT Blogwatch Extra, Richi Jennings watches geeks celebrate 1234567890 night. Not to mention more mayhem from the Improv Everywhere crew...

...Read more

Industry gets serious about Downadup, aka Conficker

Microsoft security  logoIn Friday's IT Blogwatch, Richi Jennings watches an industry cabal get off their collective backsides to do something about the latest 10-million-strong botnet. Not to mention conclusive proof that Google does have a sense of humor...

...Read more

"Ditch XP for Vista," begs Microsoft

MicrosoftIn Thursday's IT Blogwatch, Richi Jennings watches Microsoft cajole and plead with IT customers to stop using Windows XP. Not to mention the oh-so-hysterical Cake Wrecks...

...Read more

IBM floats big blue clouds

IBM logoIn Wednesday's IT Blogwatch, Richi Jennings watches IBM get serious about cloud computing. Not to mention if Apple made batteries...

...Read more


Google PowerMeter... err, powers your power meter

Google.org logoIn a special IT Blogwatch Extra, Richi Jennings watches bloggers watch Google.org watch your power meter (phew). Not to mention Queen vs. Songsmith...

...Read more


Kindle 2 to fan flames for e-books?

Kindle 2In Tuesday's IT Blogwatch, Richi Jennings watches Amazon launch its "new, improved" e-book reader. Not to mention corpulence pedagogy...

...Read more


OLPC throws in the towel

OLPC logoIn Monday's IT Blogwatch, Richi Jennings watches the One Laptop Per Child project give up on making laptops. Not to mention Ice Invaders...

...Read more

Soon be 1234567890



Hat tip: Claudio Gamboa

Monday, 9 February 2009

OLPC throws in the towel

OLPC logoIn Monday's IT Blogwatch, Richi Jennings watches the One Laptop Per Child project give up on making laptops. Not to mention Ice Invaders...

Update: OLPC PR seems to be claiming that Negroponte was misunderstood. Sounds like his talk was a little too "nuanced"...

Friday, 6 February 2009

Snow Leopard leaks: multi-touch; geo-location

Apple logoIn Friday's IT Blogwatch, Richi Jennings watches Mac OS X 10.6 info. emerge. Not to mention Darth, as you've never before seen him...

Thursday, 5 February 2009

SourceForge and such

The SourceForge PR mavens would like it known that Forge.mil isn't based on sourceforge.net, but "CollabNet's SourceForge Enterprise." K?

Windows 7 vuln. in weakened UAC

Windows 7 screenshotIn Thursday's IT Blogwatch, Richi Jennings watches the egg on Microsoft's face, over Windows 7's tweaked User Access Control. Not to mention the man cold...

Tuesday, 6 January 2009

Open letter to The Pink'un: you were snowed

Dear FT editors,

Your January 4th editorial, Surfers should pay congestion charges, made painful reading.

The Network Neutrality debate isn't centred on the ability to buy preferential access to to the Internet. This is a canard floated by parties with an agenda to muddy the waters and obscure the real debate.

The real issue is to prevent vertically-integrated media companies from exercising unfair competition.

Imagine an ISP who's parent company also owned a competitor to Skype, the popular Internet phone service. Network neutrality regulations would seek to prevent that ISP from selectively reducing the quality of service between Skype users.

It has little or nothing to do with CDNs, "selling access to special fast lanes" or "preventing the market from rationing a scarce resource."


Yours sincerely,
Richi Jennings.

Sunday, 4 January 2009

GWAVACon: BrainShare alternative for Novell collaboration community

Are you a Novell GroupWise, ZENworks, or Teaming customer? Are you disappointed that Novell canceled the BrainShare event?

Do you know about GWAVACon? Since 2005, this conference has been focused on the Novell collaboration community. GWAVACon has been held in Dallas, Sydney, San Diego, Munich, and Berlin. This year the U.S. event will be held in Las Vegas: January 25-27.

The events get strong support from Novell and other vendors in the Novell ecosystem. This year the keynote will be given by Juan Carlos Cerrutti, a Novell Vice President. RIM is a key sponsor.

I'll also be speaking at the event (so it's not all sunshine and roses). Many thanks to Richard Bliss for the invitation.

The organizers have three attractive incentives for people to come along:

  1. For those who were attending BrainShare in Salt Lake City, the early-bird deadline was extended to January 8th. This is a $200 discount (but only until January 8th, so move fast).
  2. For those who had already booked flights to Salt Lake City, GWAVACon is offering a discount equal to the airline change fee for those switching flights from SLC to Las Vegas.
  3. For $1695 all expenses are paid. This includes airfare, hotel, and food. This is great for those that have budget for "training" but not for "travel". It includes everything for a single price that's slightly less than a BrainShare pass. (Offer is for those coming from the U.S. only.)

Of course, you can't combine these offers, so choose which one works for you best.