December 21st, 2007

Demo: ClusterSeven's Enterprise Spreadsheet Manager tightly monitors spreadsheet integrity

Posted by David Berlind @ 6:49 am

Categories: General, Government, IT Management, Legal, Reviewcasts, Software Infrastructure, Video

Tags: Monitor, Spreadsheet, Cell, Productivity, David Berlind

How many times have you stared at the bottom line of a spreadsheet that’s full of formulas knowing exactly what figures should be there, only to find that there’s a different set of numbers staring back at you than the ones you expected. You know there’s an offending cell somewhere, but the spreadsheet is too complex to find it and, with some deadline looming, out of exasperation, you start replacing formulas with hard coded numbers just to get it fixed, at least until after the deadline when you’ll have more time to figure out what went wrong. What’s the harm? Right? After all, the people looking at the final product might only be looking at a printout or a PowerPoint slide.

Well, given today’s compliance laws, the harm could be huge because of how those numbers can easily bubble up into an quarterly or annual earnings report. If such over-ridden cells end up corrupting some bigger picture report, the results could be disastrous (literally and figuratively). To help organizations and auditors keep spreadsheets from inadvertently (or even purposely) running amok, ClusterSeven has come up with a solution called Enterprise Spreadsheet Manager (ESM). In the attached video, ClusterSeven’s vice president of product marketing Ralph Baxter demonstrates how ESM can be configured to keep a watchful eye over any cell or range of cells in any spreadsheet.

As the contents of those cells change, ESM keeps track of when the changes were made, what the new values are, and who made the changes. In other words the audit trail is extremely tight. As you can see in the demo, one of the cool things ESM does is it monitors if cells are switching from their original programming type to another: for example from a formula to a hard-coded number (a sure sign that a spreadsheet and anything that depends on it could end up in a state of corruption).

ESM also graphically presents trends in cell and spreadsheet integrity. The advantage, which Baxter shows at the end of the video, is that those charged with compliance or auditing can build a single graph that includes trend lines for dozens or even hundreds of spreadsheets. Where a cell exceeds company-set thresholds for integrity (eg: varies from some number by a certain percentage, or a formula is suddenly overridden with hard-coded numbers), the trend-line fluctuates from its steady state wildly (making it easy to spot). Why would this be helpful? Well, if your annual report doesn’t look right but it depends on data coming from 100 or 1000 spreadsheets scattered throughout the organization, a single graph that monitors the integrity of all the spreadsheets that feed into that annual report can help spot the needle in the haystack that’s causing the problem. Otherwise, auditors and financial analysts might have to manually sift through every spreadsheet — a process that could take days or weeks.

All this whizbang functionality would be of limited help if it couldn’t be attached to an alerting mechanism. According to Baxter, there are ways to connect it to e-mail, internal LAN-based alerts (like Netsend) and SMS. ESM supports other spreadsheets beyond Excel (Google Spreadsheets for example). It also doesn’t come cheap with the average starting price ranging between $50K-$100K. But for some large companies where compliance is king, that could be pocket change given the sort of risk it mitigates. Finally, it requires the installation of two servers: Windows Server and Microsoft’s SQL Server 2005.

December 17th, 2007

Chartered to protect the henhouse, has the FTC turned into a fox?

Posted by David Berlind @ 3:47 pm

Categories: General, Government, Legal, Security

Tags: ZIP Code, Bureau, Database Company, FTC, E-mail, Government, Databases, Online Communications, Enterprise Software, Software

I rarely get e-mail from the USA Today’s Byron Acohido (who from time to time interviews me for my opinions on tech). But today, Acohido drew my attention to a story that he has co-authored with Jon Swartz under the headline FTC under fire as credit bureaus sell consumers’ data.

The story draws attention to a complex Web of potentially conflicting interests involving Federal Trade Commission Chairman Deborah Platt Majoras, the law firm she used to work for, her husband who still works for it, how that law firm represents one of the big three credit reporting bureaus, and whether or not the FTC has morphed into an agent of the credit reporting bureaus’ success from the consumer guardian that The People have entrusted it to be.

While the targets of this follow-the-money like inquest deny any impropriety, I can certainly understand the position of Robert Kuttner, author of The Squandering of America: How the Failure of Our Politics Undermines Our Prosperity who, who in response to the USA Today inquiry, said:

Federal agencies that are supposed to be looking out for the consumer are really protecting the companies that do bad things the agencies were set up to prevent.

I felt precisely this way when virtually all the real teeth were removed out of the proposed legislation that eventually turned into the Can Spam Act. At one point, the legislation included language that prevented senders of bulk commercial e-mail from sending that e-mail to anybody but those individuals with which they had pre-existing relationships. In other words no blind prospecting or solicitations of your inbox.

But, arguing that benefits of unsolicited commercial e-mail (aka SPAM) outweighed the harms, lobbyists for the advertising and marketing industry fought tooth and nail to get that piece of the legislation removed and succeeded. It my mind, it was the ultimate selling-out whereby the government ended up representing the interests of big business rather than those of us in consumer-land who must endure those harms — the worst of which today is that we have no idea whether our e-mails are reaching their intended recipients due to over-zealous spam filters on the other side. It’s a mess.

According to the story:

In February, the National Association of Mortgage Brokers lambasted the FTC for giving the credit bureaus tacit approval to keep selling listings — called “trigger lists” — containing personal and financial data of prospective borrowers. Some unscrupulous lenders used trigger lists to contact people who recently filled out a loan application, and then pitched them subprime mortgages, higher-priced loans aimed at people with spotty credit histories but also marketed to borrowers with good credit.

I have been wondering for a while why, during the earlier part of this year, I received so many solicitations promising to beat my current mortgage rate and how these outfits that I never heard of managed to get a hold of the data that was intimate to me. Now I know. In other words, this is unquestionably one of those data stories involving the thorny question of who gets to control what happens to our personal data when. What this story demonstrates (that’s not readily apparent to the naked eye) is the role that the government can play in protecting us, or perhaps giving the companies it’s protecting us from the carte blanche they want to take advantage of us.

Earlier today, in response to a blog post I wrote earlier this year about the waning anonymity of cash (and how we are sometimes accosted for personal information at the point of sale the way Radio Shack used to do) and how I didn’t mind terribly being asked for my zip code, one ZDNet reader wrote to me:

I used to think this information was used so that stores could figure out where there customers were coming from. But I’ve learned a lot about data aggregation companies like Axciom, Experian, etc. and I’ve learned exactly how the zip code is used.

The zip code is most useful to the retailer when you use a credit card. Because they have your name from the card, and also have your zip code now, you are generally findable on the massive consumer databases housed at Axiom, InfoUsa, etc. For instance, there is probably only one Keith Goodman in my zip code of 20001. The retailer now has a valuable piece of information that they can sell to a consumer database firm: your purchase history. I don’t think they sell the information about the specifics of what you are purchasing, but the general category you purchased. For instance, if you buy something at a sporting goods store, the store probably reports to the database firms that you are “A purchaser of sporting goods.” Don’t be surprised if you start getting LL Bean, Cabellas, and similar catalogs since the consumer database firms are selling your purchase history to buyers.

Well. Now I have a little bit more insight into why trees are dying to fill my mailbox (snailmail box) with catalogs that I never requested. And they are. I have back pain to prove it (back pain from carrying a recycling bin full of heavy stock catalogs to the curb). All of these stories (including the recent FaceBook Beacon debacle) fall into the same category of APD Syndrome: Abuse of Personal Data. The question is, what will be that next evolutionary step that resets things so that we have the final word on such sensitive information.

December 4th, 2007

Did the W3C acknowledge CDF's potential as an office format (vs ODF) in newly public e-mail?

Posted by Dan Farber @ 12:10 pm

Categories: General, Government, Legal, Office 2.0, Open Source, Personal Technology, Software Infrastructure

Tags: W3C, Microsoft Corp., E-mail, OpenDocument Format, IBM Corp., CDF, Edwards, OOXML, OpenDocument Format (ODF), Emerging Technologies

Last week, after interviewing most of the players involved in a controversy regarding the future of the OpenDocument Format (a controversy mostly rooted in the confusion of two nearly identical but very different acronyms: ODf and ODF), I noted that some of those players — IBM, the World Wide Web Consortium (W3C), and the principals of the now-defunct OpenDocument Foundation (ODf: an organization that, despite its name, was never the official or even un-official chaperone to the OpenDocument Format standard) — had very different recollections of certain conversations.

On one side were the principals of the shuttered ODf (again, an organization that’s not to be confused with “the Format”) who claim that in conversations or e-mails, both IBM and the W3C have, independently of each other, validated the notion that the W3C’s Compound Document Format specification (CDF) could play a role in storing and retrieving productivity (a.k.a. “office) documents (word processing, spreadhsheets, presentations, etc.).

Gary Edwards and Sam Hiser, two of the principals behind the former ODf (Foundation) — an outfit that was once a proponent of ODF (Format) — now claim ODF to be inviable as a global open standard for office documents and that CDF is the better strategic target as for such a standard. They claim that, in private conversations with IBM officials, they learned of how IBM shares this vision; so much so that a derivation of CDF (what Edwards call CDF+) is one of the linchpins to Big Blue’s grand strategy when it comes to the office productivity and collaboration tools coming out the company’s Lotus division. They also claimed that despite public comments to the contrary, the W3C also agreed that CDF could serve in a capacity that ODF (Format) has been designed for.

Both IBM and the W3C went on record with me last week to say that Edwards and Hiser’s version of events were grossly misleading. As a result, near the end of my analysis, I wrote:

As for the differences over what was said, I don’t want to say anyone is a liar. I wasn’t in the room or party to the relevant threads. So all I have to go on is what everyone on both sides of the debate is telling me. I can repeat that here (which I’ve done) and leave the decision as to which one of the three following things is true to you: (1) Hiser and Edwards are accurately representing their interactions with the W3C and IBM and the people they communicated with like IBM’s Heintzman and the W3C’s Schepers are part of a well-organized conspiracy to discredit them, (2) Hiser and Edwards are purposefully misrepresenting the content of their communications, (3) it’s all a big mix-up — an honest misunderstanding.

Why all the fuss over something that’s seemingly so obscure in nature? Especially when it involves just two people out of the thousands that stand behind ODF (Format) at organizations like OASIS (the consortium that oversees ODF’s technical evolution) and the Open Document Alliance? The stakes are unbelievably high. In fact, if there’s one industry battle that could be classified as a modern day Armageddon, the war between the backers of ODF (Format) and Microsoft which has put forth an alternative to ODF called Office Open XML (OOXML) is it.

In one corner are companies like IBM, Sun, Google, and Red Hat that believe the key to loosening Microsoft’s grip on the desktop lies in the file formats behind Microsoft Office. The way the thinking goes is that if the world’s addiction to Microsoft’s file formats can be broken, then so too can the world’s addiction to Microsoft Office and from there, then the addiction to Windows — thereby paving the way for organizations and consumers to consider competing productivity and collaborative solutions such as IBM’s Lotus Symphony, the open source-based OpenOffice.org, Sun’s StarOffice (essentially, a commercial implementation of OpenOffice.org), and Google Apps, all of which are compatible with Microsoft’s Windows but none of which require it.

For example, Google Apps which includes a word processor, a spreadsheet, and a presentation solution runs in a browser, thereby freeing customers to choose among desktop operating systems. Conversely, although Microsoft offers Mac-based versions of Microsoft Office, most businesses that standardize on Microsoft Office also run it on Windows because of how the Mac version often lags in support of important features. Case in point? Although the OOXML file formats are now natively supported in the last three versions of Microsoft Office for Windows (2003, XP, and 2007), not only doesn’t the current version of Mac Office support it natively (Mac Office 2008, due in 2008Q1, is scheduled to natively support OOXML), Microsoft’s only solution for bridging compatibility in Mac Office — a downloadable converter — is still in beta (v0.2).

Although Microsoft is loathe to acknowledge the threat that ODF (Format) poses to its franchise, actions speak louder than words. While the company has contributed resources to an open source-based ODF conversion utility, it doesn’t natively support ODF in any version of Microsoft Office. Should Microsoft choose to support ODF in Office, it would be Read the rest of this entry »

December 3rd, 2007

Amazon 'Kindled' thoughts: Should Bradbury's Fahrenheit 451 be renamed to Fahrenheit 1981?

Posted by David Berlind @ 11:03 am

Categories: Entertainment, General, Hardware Infrastructure, Legal, Personal Technology, Security, Software Infrastructure, Web technology, Wired & Wireless

Tags: Amazon.com Inc., E-book, Kindle, Montag, Fahrenheit 1981.4, E-books, Personal Technology, David Berlind

As you can see from this past Friday’s “unboxing” video, I received for review a Kindle ebook from Amazon. In that video (and its accompanying blog post), I had some initial thoughts on the Kindle and now that a full weekend has passed I have a lot more to say. For those of you who have managed to get your hands on one (amazingly, Amazon is already sold out of the $399 device), you will notice the following dictionary-esque definition definition printed on the inside cover of the Kindle’s packaging.

In the Berlind household, the Kindle inspired a lot of discussion. My wife has a voracious appetite for books about raising children. I honestly think she has ordered and read every one that’s in print from Amazon.com. She often has three or four books “going” at any given point in time. In this respect, the idea of an ebook like the Kindle is perfect for her. Just the thought of being able to carry so many books in her purse without having to actually carry so many books made her giggle with delight.

One point; ebooks aren’t new. There are other ebook technologies from companies like Sony and Adobe. But Amazon has far deeper and longstanding business relationships with book publishers than does anybody I can think of in the book publishing industry and personally, I think this gives the Kindle a huge advantage over everything that came before it to become a near defacto standard for the market. That’s both good and bad. It’s good because it’s about time that some company is able to bring an ebook to the market that will get accepted by the masses. It’s bad because right now, it’s not clear just how much Amazon will open the platform up over time. For example, as a Kindle owner, will I be able to buy ebooks from other merchants or open ebooks that are formatted differently? For good reasons, librarians have serious issues with proprietary ebook technologies. The whole point of a library is public access to books. The Kindle helps open the same debate about books that the OpenDocument Format raised about the government’s public documents: should the public be required to have a certain technology to access a book or a document?

Anyway, what better way to test the Kindle than to hand it to someone with an appetite for books like my wife. In one or more separate blog posts, I’ll write about our findings. But before I get started on those (and going back to the librarian issue), I want to focus on the one “finding” that led us to a really interesting conversation about the public’s access to books and ideas.

Although Ray Bradbury vehemently denied it, many people believe that the classic book Fahrenheit 451 is about government censorship through book burning. The book’s title represents the temperature at which paper burns.

When my wife first giggled at the idea of being able to carry so many books in her purse without having to physically carry so many books, it lead to one of those green conversations and how good for Mother Earth a successful ebook entry into the marketplace might be. Think of all the trees that could be saved.

But that led me to another thought. Might a successful ebook be the first step towards a world where many if not all new books are never printed on paper? Why not? Right? Well, today, the “why not” is that not all books are well-suited to something like the Kindle. For one, any book that relies on color to get its message across (biology textbooks, guides to gardening, children’s books, coffee table books, etc.) would be ill-suited to the Kindle which can’t support color. But we’ll get there. Along the way, there may very well be some books that never come out on paper just the same way so many ideas, articles, and stories are already told on exclusively in bits (on the Web).

While reading the first book she purchased through the Kindle (Hidden Messages: What Our Words and Actions Are Really Telling Our Children), my wife mentioned how she could see the Kindle as a replacement for paperbacks, but not hard cover books. Her reasoning was that there’s something about the experience of holding a hard cover book in your hands and reading it that can’t be reproduced with a paperback or an eBook. It probably has to do with the publisher’s choice of paper stock, but I agree; hard cover books are cozy. Paperbacks are less so and the Kindle is not even close.

Books, particularly hard cover books, have another thing going for them: permanence. Yes, they can be burned. But one thought I had, in the context of how Earth-friendly ebooks are, is that it would take a really really long time before some government could deprive its people of thoughts and ideas through burning books. To burn them all, the government would first have to find them all. The minute any citizenry, even a fictitious one, gets hip to the idea that their government is attempting to rid the culture of information not under its control, that citizenry moves to preserve that information. From the Wikipedia’s entry on Farenheit 451:

…..Beatty says that all firemen are bound to steal a book at one time or another and that they can turn it in or burn it within 24 hours. Montag argues with his wife over the book, showing his growing disgust for her and for his society. It is soon revealed that Montag has hidden dozens of books in the house, and he tries to memorize them so their contents can be preserved,…

Perhaps you can already anticipate where I’m going with this. What if some of those books or all of them were only available in digital form and tied to some sort of digital rights management system (a form of which is undoubtedly running as a part of Amazon’s Kindle infrastructure). Instead of hunting down all the books, the censor would need little more than a mouse click. And for good measure, maybe the censor might destroy the public networking infrastructure. Fahrenheit 1981.4 is the temperature at which copper melts.

Not that I think the world would ever get there, but suddenly, the same technology that holds promise to ease many burdens including those on Mother Earth is also the technology that lowers the barrier to censorship. Conversely, once books are digitized into bits, it’s easier for those bits to sneak into highly censored societies.

That is is just one conversation that the Kindle inspired over the weekend. Feel free to jump in with your comments below.

November 29th, 2007

OpenDocument Format community steadfast despite theatrics of now impotent 'Foundation'

Posted by Dan Farber @ 1:17 pm

Categories: General, Government, IT Management, Legal, Office 2.0, Open Source, Software Infrastructure, Web technology

Tags: W3C, OpenDocument Format, IBM Corp., OpenDocument Foundation, ODf, Matusow, OpenDocument Format (ODF), Emerging Technologies, David Berlind

When in mid-October 2007, the OpenDocument Foundation (ODf, yes, that’s a little “f” that’s not to be confused with the OASIS- and 400-member strong OpenDocument Alliance-backed big F-ODF: the OpenDocument Format) announced that the World Wide Web Consoritum (W3C)-backed Common Document Format (CDF) was the heir-apparent to what it believed was a dead-on-arrival OpenDocument Format, many confused the ODf to be one in the same with the ODF and the latter to have one foot in the grave. Given the striking resemblance between the names and acronyms of the Foundation and the Format, that mistaken obituary was an easy one for casual observers to write. Especially given the way Microsoft, the company whose Office empire is probably more threatened by ODF than most people realize, capitalized on the confusion by spreading its own FUD on the story.

But that and other FUD couldn’t be further from the truth. Based on dozens of interviews that I’ve conducted over the last few weeks, the OpenDocument Foundation, whose three principals are Sam Hiser, Gary Edwards, and a legal eagle who goes by the nickname “Marbux,” went out on a very thin limb where no one else — not the vendors behind ODF, not OASIS (the consortium that hosts the technical committee responsible for the standard’s development), and not the World Wide Web Consortium (chaperone to the Common Document Format [CDF] standard) — was willing to join them.

Not only does it appear as though they were on a thin limb with their opinions that ODF should be buried and that CDF should take its place, they crawled out even further when they publicly disclosed that the W3C and IBM shared those opinions as well. Any statements corroborating the ODf’s position from either organization, particularly IBM given the millions of dollars it has invested and continues to invest in ODF, could very well have cast a dark shadow on the productivity document standard that just recently earned its stripes as an international standard from the International Organisation of Standardisation (ISO). It’s an honor that Microsoft’s competing Office Open XML (OOXML) has so far been denied (but it is up for reconsideration next year).

Citing specific interactions (conversations, emails, etc.) with the W3C’s lead contact for CDF Doug Schepers and Doug Heintzman, director of strategy for IBM’s Lotus Division (where IBM’s collaboration technologies are developed), Edwards claims that both organizations were supportive of his and Hiser’s belief that, at the expense of ODF, CDF should be the strategic target for anyone seeking to store their documents in a file format that was universal, open, and that provided a clear transition path from formats that predispose or lock customers into certain applications like those (formats, applications) from Microsoft.

It is true that Edwards and Hiser interacted with both the W3C and IBM. Unfortunately for them however, this is where Edwards’ and Hiser’s recollections of those interactions varies wildly from those of Schepers (W3C) and Heintzman (IBM).

One thing that’s important to keep in mind about how standards are set (and how decisions are made in technical committees at consortia like the W3C [CDF] and OASIS[ODF]) is that the process often involves vociferous debate among those involved. To the extent that many of the participants who contribute to technical committee meetings are also employees of vendors with some interest in the standards associated with those committees, part of their roles in the process is to represent those interests. Since not all vendors’ interests are aligned, disagreement and debate comes with the territory. They’re to be expected. But so too is a willingness to compromise. At some point, in the name of progress, everyone who participates in the standards setting process knows they may have to give-in on certain issues that may be of import to their employers.

Representing the OpenDocument Foundation, Edwards and Hiser were both participants in the Open Document Format technical committee work at OASIS and respected ones at that. But somewhere along the line, their beliefs regarding ODF and CDF could not be reconciled with the positions of the other committee members. Pretty much everybody I spoke to agreed that this was one of those disagreements that happens in the standards setting process where someone wasn’t going to get their way. It happens. It’s a part of the process. But what happened next is not nearly as common. Claiming that the OpenDocument Format wasn’t nearly as “open” as its supporters claimed it to be, the ODf walked off in a huff.

If IBM or Sun, two of the OpenDocument’s Format’s biggest supporters walked away in such a “huff,” it probably would have meant the end of the OpenDocument Format. But in the bigger picture of the OpenDocument Format, between its backers at both OASIS and in the OpenDocument Alliance, the OpenDocument Foundation’s irreconcilable differences with the rest of community were just that: irreconcilable differences that lacked any potence to affect the momentum or direction of the Open Document Format. Unfortunately for the OpenDocument Format community, the ODf’s “huff” was a molehill that became a mountain when, in addition to the ODf<>ODF naming confusion, Edwards and Hiser not only became very vocal about their convictions (convictions that are voluminously documented in easy to find passages around the Web), they cited the W3C and IBM as having tacitly endorsed those convictions.

This is where Schepers (W3C) and Heintzman (IBM) as well as others in both organizations feel as though Edwards and Hiser are grossly misrepresenting the content of their interactions. According to W3C spokesperson Janet Daly, when Schepers first heard of the Foundation’s interest in CDF, he did what the W3C often does — he reached out to the Foundation with an invitation to further the conversation. According to Daly, “Any time it looks like a third party may be doing interesting work with one of our recommendations (that’s W3C-speak for “standards”), it’s not unusual for us to want to learn more.” But this is where the W3C’s account of that “conversation” and Edwards’ account differ. Whereas the W3C viewed the “conversation” as par for the course outreach, Edwards’ e-mails to me describe the ODf’s interactions with the W3C as more of a relationship that had to be kept secret from OASIS. Wrote Edwards to me via e-mail:

….When the Andy Updegrove published his article (W3C’s Chris Lilley: CDF Not Suitable for Use as an Office Format Can’t Replace ODF), a member of our team sent a copy of earlier eMail exchanges with our W3C contacts to Updegrove arguing that Andy’s article mis-characterized both our relationship with the W3C and, the work we were doing with CDF and WICD. All of which is true.

There were however a couple of problems with this action. For one thing, we were not authorized by our W3C contacts to share these discussions with anyone, let alone the lawyer for OASIS who had already declared a hostility to anything the Foundation might do….

….I hope you can understand our reluctance at this point to discuss this issue in detail or provide evidence certain to compromise the positions of innocent and sincere bystanders.

The implication of Edwards’ note is that the conversations with the W3C had matured far beyond a level of basic outreach and involved a relationship that saw merit in the Foundation’s thinking about CDF as a better strategic format for universal document interoperability than ODF.

The W3C however has a different version of its interactions with the Foundation. The reference to Andy Updegrove’s interview with the W3C’s Chris Lilley (who is also intimately familiar with CDF) is significant. In that interview, Lilley flatly rejected the idea that CDF should be the target in the world’s search for an open, universal file format for productivity applications:

So we were in a meeting when these articles about the Foundation and CDF started to appear, and we were really puzzled. CDF isn’t anything like ODF at all – it’s an “interoperability agreement,” mainly focused on two other specifications - XHTML and SVG. You’d need to use another W3C specification, called Web Interactive Compound Document (WICD, pronounced “wicked”), for exporting, and even then you could only view, and not edit the output.

The one thing I’d really want your readers to know is that CDF (even together with WICD) was not created to be, and isn’t suitable for use, as an office format.

In a subsequent e-mail to me, Sam Hiser argued that the Foundation’s words had been twisted and that it never suggested that CDF would take the place of ODF. However, in both e-mails to me and posts to the Web, Hiser and Edwards have made it clear that the day that ODF-supporter and Massachusetts CIO Louis Gutierrez resigned was the day that ODF died, in their estimation. In his e-mail to me, Hiser wrote:

It’s unfortunate you’re pointing to the Updegrove|Lilley statements. They are as confusing as can be…Right about now Andy’s bloated corpse may be floating down [Boston's] Charles [River] and Chris [Lilley] is doing his best to shade for his W3C colleagues his 180-degree incorrect statements.

On November 10th, in a public thread on the OpenDocument Fellowship’s Web site, Edwards wrote:

Chris Lilley’s comments are in direct opposition to those we received a week ago from Doug Shepers, the head of the CDF Workgroup. doug however asked that we not publicise his comments until Sir Timothy has had a chance to weigh in.

In my interviews, not only does the W3C reject the reference to W3C director Sir Tim Berners-Lee as a fabrication of the facts and stand behind Chris Lilley’s statements 100 percent, the W3C also remains emphatic that its conversations with the Foundation were never more than cursory in level. In fact, Read the rest of this entry »

November 19th, 2007

Within days of Taser International going on defensive due to one death, another 3 men die

Posted by David Berlind @ 8:18 am

Categories: General, Legal, Personal Technology

Tags: Death, TASER International Inc., Corporate Communications, Marketing, David Berlind

In case you missed my coverage of the consumer-oriented Tasers that were on display at CES earlier this year, you can see our video showing how a hot pink-colored consumer-oriented taser (pictured left) was used to immobilize a CES-showgoer. The consumer-oriented model isn’t as robust as the model used by law enforcement agencies (for example, the consumer version can’t work at the same distances). Now that two men have died in unrelated incidents where a taser was used comes the question as to whether the devices merit another look in terms of their availability to ordinary consumers (let alone law enforcement officials).

It probably couldn’t have come at a worse time for Taser International. Hardly two days had passed since the company went on the defensive to say that the mid-October death of 40 year-old Pole Robert Dziekanski at Vancouver International Airport was unrelated to his being tasered (it was caught on video) by authorities when, yesterday, a Maryland man died shortly after being tasered as well. According to one story I found, more than 200 people have died in the last five years after having been Tasered.

According to a press release issued by Taser International on November 16th:

This tragic incident appears to follow the pattern of many in-custody deaths or deaths following a confrontation with police. Historically, medical science and forensic analysis has shown that these deaths are attributable to other factors and not the low-energy electrical discharge of the TASER(r). Specifically in Canada, while previous incidents were widely reported in the media as ‘TASER deaths,’ the role of the TASER device has been cleared in every case to date — including the widely publicized Bagnell in-custody death in Vancouver where the TASER device was cleared by an inquest jury.

Cardiac arrest caused by electrical current is immediate. The video of the incident at the Vancouver airport indicates that the subject was continuing to fight well after the TASER application. This continuing struggle could not be possible if the subject died as a result of the TASER device electrical current causing cardiac arrest. His continuing struggle is proof that the TASER device was not the cause of his death. Further, the video clearly shows symptoms of excited delirium, a potentially fatal condition marked by symptoms of exhaustion and mania such as heavy breathing, profuse sweating, confusion, disorientation and violence toward inanimate objects.

Despite Taser International’s insistence on the safety and efficacy of its devices versus lethal alternatives, the Department of Justice launched an inquiry in 2006 as the number of post-Tasering deaths reached statistical significance. So far, one DOJ-commissioned study has concluded that, of the 962 taser incidents it tracked, only two involved deaths, neither of which could be directly attributed to Taser deployment. Why that study didn’t focus specifically on the mounting number of incidents where death was involved, I have no idea (that’s what I would have focused on). However, now, with two deaths within a month’s time, Tasers will no doubt get even more scrutiny.

Within 48 hours of issuing its defensive press release this past Friday, Taser International will once again find itself in the spolight. According to The Register:

A 20-year-old man died yesterday in Frederick City, Maryland, after being tasered by a police deputy….The unnamed deputy responded to reports of the altercation shortly before 5am, “found four people fighting outside and deployed a Taser”…the man “fell on the ground unconscious and was given first aid on the scene, then taken to Frederick Memorial Hospital where he was later pronounced dead”….the friend said the deputy “struck Gray with a Taser and administered multiple shocks for several seconds, even though Gray had said, ‘I’m on the ground’.”

(see the update below… in unrelated incidents, two other men died over the weekend after being tasered as well) While no video is available for this particular incident, at the very least both incidents seem to raise questions about the number of shocks required to subdue suspects. In the video incident from Canada, one officer can be heard telling another to “hit” DziekanskiDziekanski was already down on the ground. While that doesn’t appear to be the case with the 20 year-old Maryland man, the witness’ report that he received additional shocks after having already fallen to the ground is also consistent with the way the Taser is designed to work. According to Taser’s Web site, the company’s Digital Pulse Control technology found in its law enforcement units “automatically delivers a 5-second burst for each pull of the trigger.”

I clearly have no idea what I’m talking about when it comes to this sort of technology. But just like with guns and other lethal weapons, I can’t help but wonder if “operator error” can make the difference between life and death. The one question I’m left asking after hearing about these latest two incidents was whether or not the additional shocks could have been the difference between life and death. I’m sure Taser International will say no. But, after filming the way the consumer unit incapacitated a volunteer show goer at CES (and that was in a highly controlled situation), it’s not hard to imagine a tense situation where a Taser operator’s adrenalin is pumping and whoever s/he is trying to subdue ends up getting more shocks than is necessary.

Update: Since first publishing this post, it has come to my attention that two other men have died over the last couple of days after being Tasered. One of these was a 20 year-old in Raton, New Mexico, the other in Jacksonville, Florida.

November 16th, 2007

Dan Egerstad's Tor exit nodes get him arrested and proves a point I made in July

Posted by David Berlind @ 2:54 pm

Categories: General, Government, Legal, Security, Software Infrastructure, Web technology

Tags: Google Inc., Facebook, Password, Tor, E-mail, Online Communications, David Berlind

It’s late at night and you’re using the anonymity feature of the Tor “cloud” to mask the fact that your surfing porn. When you’re done at 3am, you go to bed thinking “Ha! Fooled ‘em again. No one has any idea.”

Think again.

Back on July 11th, I wrote a blog under the headline: Are you the only one with access to that password you recovered? Think again. In that post, I wrote:

A few weeks ago, I was contacted by the CEO of a company whose Web service I’ve been playing around with under non disclosure. She noted that my test account had been inactive for a decent stretch of time and was wondering what was up. “I’ve been real busy” I said. “Besides, I’m not sure I remember my password.” Within seconds, she said “Is this it?” and went on to bark my password across the phone line.

The big deal isn’t that she used an easily wiretapped phone to convey confidential information to me. The big deal is that she had such quick access to my password. We had a conversation about this.

You don’t have to be using Tor to anonymize your surfing habits to understand how the story of Dan Egerstad’s (thanks Bruce Schneier for the link) arrest just proved the point I made back then in spades. According to The Sydney Morning Herald:

IT WASN’T supposed to be this easy. Swedish hacker Dan Egerstad had infiltrated a global communications network carrying the often-sensitive emails of scores of embassies scattered throughout the world. It had taken him just minutes, using tools freely available for download on the Internet.

Without going to deeply into what Tor is, Egerstad was operating some Tor nodes. Anyone, including you or me can do it and pretty soon, all sorts of traffic will start flowing through the systems under your command. Tor dusts up the trail you leave behind. When you browse a Web site through Tor (and many people do), no one has any idea where you or your computer are because of how Tor anonymizes your IP address. But that doesn’t mean the payload is safe. For example, the user IDs and passwords being used to access inboxes on mail servers. Most such access is not done over secure protocols — especially when it’s browser-based access — and Tor does nothing to secure those payloads. You’re IP address might as well be coming from Mars. But if you’re transmitting user IDs and passwords over unencrypted links, does your IP address really matter?

Yesterday, via e-mail, Dave F wrote to me:

I read your posts earlier this year about email security and secure password recovery with interest. Some commenters noted that most web based email systems only provide an SSL connection for the sign-in page and then go to a insecure page to display your emails. I’ve also noticed that you’ve mentioned Facebook recently.

Have you ever noticed that Facebook’s sign-in page is not SSL secured? I’m no expert but it seems to me that our passwords are being transmitted over the Internet in the clear. This concerns me mostly because your Facebook user name has to be an email address. I’ll bet that 90% of web based email users who also use Facebook use the same user name and password for both services. Find out my Facebook password and you can also sign in to my Gmail, Google Finance, Google Calendar, Google Docs and anything else that starts with Google.

Good friggin’ question Dave. One small note of comfort: Some services, FaceBook included, offer an SSL-login option. When going to the login page, try prefacing the URL with “https:” instead of “http:” and see what happens. This works for GMail and Google Apps. It also appears to work for FaceBook’s login page. But for those of us who are unaware of this option (FaceBook certainly doesn’t default to it and I wish it would), most don’t realize is that humans still have access to the path our data takes, even when that path cuts through the Tor cloud. At that point, many of us are blindly entrusting our senstive information to whoever has access to that path.

Egerstad had access to that path for some number of Tor users. The result? He sniffed the wire and found out all sorts of confidential information. He wasn’t caught red-handed in the act. He apparently notified a bunch of countries of his discovery. “Yes yes Daniel… thank you very much… go back to whatever World of Warcraft fantasyland you came to us from and have fun.” So Daniel published a bunch of his surreptitiously gathered data onto the Web. THAT got the governments’ attention. The authorities too. He was arrested. My gut tells me that the theory that he was actually onto hackers (who else would anonymize their access to the email accounts of government officials?) is a good one.

But even more sure is the gut feeling that a lot of us are transferring sensitive data through systems that we don’t know exist, and that are under the control of people who are only human, if you get my drift.

November 16th, 2007

OpenDocument Foundation's 'woes' have little to do with OpenDoc Format's future

Posted by Dan Farber @ 11:22 am

Categories: General, Legal, Office 2.0, Personal Technology, Software Infrastructure

Tags: Drama, Fact, OpenDocument Format, Disagreement, OpenDocument Format (ODF), Emerging Technologies, David Berlind

I’ve been so busy with other stuff that I’ve only peripherally been paying attention to an ongoing meme on the Internet about how the World Wide Web Consortium’s Common Document Format (CDF) had been identified by the OpenDocument Foundation as a superior document format to the OpenDocument Format that it had been backing for so long. On the heels of the controversy, the OpenDocument Foundation was shuttered yesterday.

But in the headline of the aforelinked Ars Technica story — OpenDocument Foundation closes up shop after slamming OpenDocument Format — hides a subtle truth regarding the relationship between the OpenDocument Format and the OpenDocument Foundation: the future of the OpenDocument Foundation has nothing to do with the future of the OpenDocument Format. In other words, any indication by anybody that the OpenDocument Format has been vacated by its supporters is pure FUD. The only reason I say this is because even I fell victim to the wrongful association between the two when, during one of the recent Dan & David Shows, we talked about how it appears as though CDF is the heir-apparent to ODF. Not only is that not true from a pure news perspective, even the W3C’s Chris Lilley (one of the consoritium’s resident experts on CDF) has discounted the OpenDocument Foundation’s theory. Lilley told Andy Updegrove:

So we were in a meeting when these articles about the Foundation and CDF started to appear, and we were really puzzled. CDF isn’t anything like ODF at all – it’s an “interoperability agreement,” mainly focused on two other specifications - XHTML and SVG. You’d need to use another W3C specification, called Web Interactive Compound Document (WICD, pronounced “wicked”), for exporting, and even then you could only view, and not edit the output.

The one thing I’d really want your readers to know is that CDF (even together with WICD) was not created to be, and isn’t suitable for use, as an office format.

Updegrove, who provides legal counsel to OASIS (the consortium that continues to evolve the OpenDocument Format specification), continues in his post to provide the inside scoop on why the Foundation had its change of hearts. I can’t vouch for the story but it basically described as a case of sour grapes. Bites Updegrove:

…..The Foundation has been very clear that it thinks that the OASIS technical committee has taken the wrong direction in its development approach with ODF. Disagreeing with an architectural approach is, of course, an opinion that any member of any TC is entitled to hold. Unfortunately, the Foundation wasn’t willing to take non-acceptance of its preferred approach lying down.

The simple fact is that the Foundation got out voted. No more, no less, no back story – end of story….

….[In publicly announcing that CDF should replace ODF], what were [the OpenDocument Foundation founders] Gary, Sam and Marbux thinking?…..

….the simplest explanation would appear to be simply that when the Foundation’s founders decided to turn out the lights, they decided to poke a sharp stick in the eye of those that had rejected their approach.

If that sounds like too harsh a judgment, we can fall back to the next most charitable one, which is that the founders are so convinced of their own insight that the rest of the world must be wrong – all of those community members in all of those countries around the world that rallied to the ODF cause - must be deluded and not capable of the same clear vision that the founders of the Foundation possess.

The drama is practically made for a soap opera. All that’s missing is some sexual tension that only the new TV series Chuck has successfully managed to blend with geekdom (with apologies to Beauty and the Geek which is enough to make any self-respecting geek vomit). OK, so apart from the soap opera that’s underway, what are the armchair quarterbacks saying?

Well, going back to the Ars Technica story, here’s what its author Ryan Paul had to say:

The heated debate over open document formats continues to escalate, even as businesses in North America exhibit utter apathy about XML-based standards for documents. Despite the raging controversy, PDF remains the single most ubiquitous document format used in industry. As the controversy continues to unfold, it’s likely that Microsoft’s format will win by default, simply because it’s tied to the most popular office software.

ZDNet’s own Mary Jo Foley (not necessarily an armchair quarterback) asked:

As a result of the latest infighting, is Microsoft now all-but-guaranteed that OOXML will sail through the ISO standardization vote in Feburary 2008 because ODF — and its backers — will be in disarray?

Infighting or not, the question of whether OOXML will get the ISO’s imprimatur as an international standard in February 2008 is one that many are waiting to see answered. Was this “infighting” and should it have a material impact on the OOXML? Not if you ask me. Disagreement has always been a part of the standards setting process and the process would irretrievably break down if, every time there was disagreement, the participants simply left the room. The fact that one party has broken away from the process is immaterial to the futures of both ODF and OOXML.