Buhjillions

You may have heard about the Comcast/Level 3 dispute around the ‘tubes by now.  If not, then a few links for background are in order.  They each give a summary, so pick your favorite.

NY Times – Media Encoder Blog
Ars Technica
Susan Crawford

My summary is this:

Level 3 runs a major Internet backbone as well as what’s called a content delivery network.  Now, the backbone is designed to deliver traffic from one geographic location to another — a set of large, long-distance, high-bandwidth links for moving traffic from one area to another.  The content delivery network specializes in serving up data for people that request it, ideally by placing large data centers with speedy links near the people it will be delivering to.  Well, the content network that Level 3 runs got a big, high-profile expansion when Level 3 partnered with Netflix to be the provider for their new streaming movie service.  This means that Netflix will run its service out the Level 3’s data centers, depending on it to put the data where it can be quickly accessed by its customers, i.e. over home-broadband connections.

This is where Comcast comes into the picture: Comcast is the largest broadband provider in the US.  Now, prior to the Level 3/Netflix deal becoming public, Level 3 had what’s called a “peering” agreement with Comcast for the traffic.  This meant that Level 3 could send data to Comcast’s network and Comcast could send data to Level 3’s network for free.  This is a common relationship for networks of similar size and function.  Shortly after the Level 3/Netflix deal was announced, Comcast decided to end its peering relationship with Level 3 on the grounds that, with the Netflix deal, Level 3 would be sending Comcast much more data than Comcast sent it.  They’re demanding Level 3 pay fees to send data from now on.  From the Comcast blog:

Now, Level 3 proposes to send traffic to Comcast at a 5:1 ratio over what Comcast sends to Level 3 …  We are happy to maintain a balanced, no-cost traffic exchange with Level 3. However, when one provider exploits this type of relationship by pushing the burden of massive traffic growth onto the other provider and its customers, we believe this is not fair

And, some commentary:

In order to understand this issue, I think we need to be careful to make a distinction between different types of data when it crosses from one network to another.  Data originates in a network – there has to be some host that is sending it.  Call this the source network.  Where the data ends up is the destination network.  Sometimes these will be the same network and sometimes they’ll be in networks that are directly connected to one another.  But, since the Internet is world-wide, often to get from source to destination, the data will need to be routed across one or more transit networks.  This is what Level 3’s backbone is.  The content delivery network is primarily a source.  Comcast probably has elements of all three.  Its customers, both residential and business users are sources and destinations.  And, because it’s nationwide, it probably does transit for other, smaller networks.

We don’t know what portion of the data Level 3 and Comcast had been exchanging fit into each of these types.  Presumably Level 3 wasn’t the destination for much of the data Comcast sent it, since its business is transit and content delivery (i.e. sourcing data).  What is clear, though, is that the majority of the increased data Level 3 wants to send to Comcast is bound for Comcast’s own customers who want to stream Netflix.

That’s why Comcast’s reasoning seems suspect, at best.  You could expect Comcast to ask for compensation if Level 3 was using it as transport — Comcast doesn’t get any benefit from being used like that.  However, Level 3 will only be serving up more data to Comcast if Comcast’s own customers request it.  If Level 3 refused to pay and Comcast shut down the connections, it’s Comcast’s own customers that would suffer! Netflix traffic would have to be routed through other networks that do have agreements with Comcast.  It would be like driving from Minneapolis to St Paul by way of Chicago.  Level 3 is making Comcast’s broadband customers’ Internet connections more valuable, and Comcast is demanding that Level 3 pay for that privilege.

Obviously, this would be a dumb thing for an Internet Service Provider to do. That is, threaten to make the service they provide less useful.  But, as I’m sure you’re aware, Comcast isn’t just an Internet Service Provider: they’re also the largest cable TV provider and streaming video is a huge threat to that.

The “most emailed” story in the NY Times today is about the prices and costs of sending text messages from a mobile phone.  Mobile phone companies charge an arm and a leg for these–in terms of markup on costs it has to be the single most lucrative service they offer.  US carriers charge 20 cents per text, and UK carriers charge 10p for pay-as-you-go text messaging, which doesn’t seem like much until you consider how little data they’re actually carrying.

Text messages are limited to just 160 characters, which can be encoded into just 140 bytes.  To give you an idea of just how little that is, I compared it to the size of the web-version of the NY Times story linked above.  Just the basic HTML (i.e. no images) is 89,986 bytes (or about 88 KB).  That’s about 642 text messages, which is more than my monthly allowance.  Including images, this figure jumps to 858,333 bytes, or 5,360 text messages, more than I send in several years.  On my iPhone, my monthly plan includes unlimited Internet data, and I can download the NY Times article (over the relatively poky GPRS connection) in about 20 seconds.  Yet my plan only includes 500 text messages: an amount of data that could be transmitted in a second over standard connections.

A space scientist at the University of Leicester calculated that sending text messages cost more per byte than data from the Hubble Space Telescope.  It’s all to create the illusion of scarcity so the carriers can keep charging their exorbitant fees.  I remember seeing signs in India for text messaging at 0.08 Rupees per text, about 2 tenths of a cent.  This means US carriers charge 100 times more for their text messages.

The NY Times article goes into a little more technical detail to explain that text messages are actually packed into what’s called the control channel, used to send instructions back and forth from handset to cell towers.  These channels get used whether there are text messages or not, so an increase in volume adds little to operating costs.  The messages don’t appear on the high-bandwidth channels used to transmit voice, further supporting the conclusion that text message pricing has nothing to do with the actual costs of carrying the data.

Fortunately, as the NY Times article explains, Herb Kohl, the chairman of the Senate antitrust subcommittee has taken the first steps in attempting to get the carriers to account for their behavior, and several lawsuits have been filed accusing the companies of price fixing.  All I have to say is, “about time.”

The Oxford Bodeian Library‘s collection is one of the main tangible things that makes Oxford a world-class research institution.  The troves of primary sources, obscure titles, and first editions make it a mecca for historical and literary research.

This is a promise which I don’t think the Oxford Libraries live up to in practice, because the University has not invested enough in updating the tools people use to find what they’re looking for.  The ability to quickly and efficiently find information in Oxford’s catalogs is hampered by outdated and poorly designed interfaces, and incomplete records.  The experience is not worthy of the excellent collection and international reputation the Libraries have.

We live in a world of speedy full-text search of almost the entirety of the Web, accessible instantly from any computer and many mobile phones.  As a result, libraries have a tough act to follow to make finding printed materials as quick and cognitively intuitive.  The databases libraries maintained about their collections seemed monstrous in a time before Google, but they are now very limiting: title, author, some keywords, and a bewildering string of letters and numbers aren’t much data for smart search to chew on.  Web search engines also exploit links between different pages to form their results, but collections databases are relatively flat.  Full text search might be coming, but there’s truckloads of books to scan between now and then.

So no, I don’t expect the library website to be as good as Google, but I don’t think that complete and humane are unreasonable expectations.

By complete,  I mean that I expect all records from all collections in the Oxford University Library Services to be accessible by web-based search.  As it stands, for example, Oriel College Library’s catalog is only available via telnet.  Unless you were a nerd before 1995, (or use the libraries at Oxford) you might never have even heard of telnet.  Telnet is a text-only interface designed in 1969 as one of the very first internet standards.  It’s slow, clunky, unintuitive, and there’s no way to save anything you’re doing and come back to it.

I could go on for pages about what makes websites humane, but the redesigned SOLO (Search Oxford Libraries Online) interface is a big leap forward from the previous system.  Standard web-browser behaviors, like using the forward and back buttons or saving results as bookmarks don’t break it.  It has advanced search features like boolean operators and the ability to search particular libraries.  Unfortunately, if the material is not on the shelf (which it isn’t always clear about) it simply plunks you back into the old, ugly, inhumane system to request it from the stacks.

As a scientist, I don’t often research using books. I’m much more likely to look up journal articles, which unless they are old or obscure, are very likely to be online.  Every once in a while, though, I’ll want a paper which isn’t online, and it’s good to know that the library has my back (old and obscure is Oxford’s specialty).  I’ve noticed that when using search tools by Ex Libris, a little button appears beneath many results that says “Find It Oxford.”  Ex Libris know what stuff Oxford has in its catalog and clicking it takes me to an Oxford page.  Unfortunately, this is in the old, ugly interface, and it dead-ends: giving me information about the holding but not allowing me to do anything with the information, like request it from the stacks.  If I want to do any of that, it’s back to top level interface (but at least this time, title in hand).

So, things are looking up, but Oxford’s Library access is still sub-par.  Its number one priority, at this point, should be getting all books and all the libraries available to be searched via SOLO.  The first thing researchers care about is completeness.  They can’t trust a tool that they know won’t give them all the results.  Then, it should cut the last vestige of the old system away and build a humane system for stack requests.

The icing on the cake, for me, would be seeing the full text of every title they have whose copyrights have expired accessible via the internet.  They’re partnering with Google, starting in 2005 for book scanning, but, as far as I can tell, library users have yet to see any of the benefits.  The Oxford website claims this will take three years, but my opinion of “official” Oxford timelines sinks the longer I am here.

There’s another problem with passwords which deserves its own post: what do you do when you forget one?  It’s bound to happen, right?  With so many passwords floating around in our heads, we inevitably forget one entirely or forget which password goes with which account.

Sites can’t just tell you to get lost when you can’t remember, so they need a Plan B to authenticate that it’s really you, and not some attacker.  Now, if you have an existing relationship with the entity you’re trying to reset your password, it makes it much easier.  If I forget my login password at work, I walk down to IT and either talk to someone in there that knows me, or show somebody my ID card.  They reset my password, and I’m off to the races.

But most sites on the internet don’t know me and haven’t issued me any kind of physical token I can use to prove that I’m me.  So, they punt.  They fall back on one of two methods: security questions, which are the slow-pitch softballs of the security world, or they simply pass the buck to somebody else to authenticate you, namely, your email provider.

Security questions are basically another form of password; information which is nominally secret, but much easier for you to remember.  The age-old bank security question of your mother’s maiden name, or the name of your first pet, or your elementary school.  Because these are usually questions about your past, they’re easy to remember, but also very easy for an attacker to guess or find out the answers.  The well publicised break-in on VP candidate Sarah Palin’s Yahoo Email account provides a good example of why security questions aren’t really secure at all, if the alleged first person account of the break-in is to be believed:

The intrusion, according to this account, was carried out via Yahoo’s password reset feature. Though the original post has been deleted, it was copied and reposted to several other blogs.
In the post’s telling, the exploit took no more than 45 minutes and simply required searching the Internet for basic personal information, such as Palin’s zip code, birth date, and where she had met her husband.

Of course, being a VP candidate is sure to have made it easier to find the biographical information required for this attack, but the point is that the answers to security questions aren’t usually well kept secrets, and enough digging by a determined attacker can punch right through them.

Many sites forgo questions and use the strength of your email authentication.  They send you an email with a temporary password, or a code to enter to be able to create a new password.  This means that your email account should be the most sacred of all your passwords—strong, unique, and changed often—because if it is compromised an attacker will have “the keys to the kingdom” of many of your other accounts.  Of course, this style of authentication doesn’t help email providers like Yahoo!, Gmail, or MSN/Hotmail.

And, in this respect, Information Cards are no better.  They can be lost in a computer crash, accidentally deleted, or not transferred to a new computer.  This means that sites that use them still need to punt on security in exactly the same way.  There are such things a “managed information cards,” which are issued and secured by a trusted third party.  If the user has an existing relationship with the third party (their employer, for example), they can be reissued access in a more secure way.  But this is really no different than resetting a site password via your work email account (on which you can gain access securely).  In both cases you and the site agree that if you lose your credentials, then you both should trust your employer to securely deliver you new ones.

Photo is Eric Tipton from the Duke University Archives.  Licensed under Creative Commons.

Maybe Microsoft should move its headquarters to 1 Infinite Loop.

This morning, while trying to send out some mail in Microsoft’s Outlook 2007, I noticed that after nearly 10 minutes, the message I tried to send was still sitting in my Outbox.  When I clicked “Send/Receive,” like ya do, Outlook decided to get stuck in an infinite loop of trying to send, failing, and then trying again without any kind of warning, I racked up dozens of sendmail tasks in the “Send/Recieve Details” dialog in a few seconds.  I had to kill Outlook from the taskbar.  This was no ordinary glitch: I tried restarting Outlook, switching back and forth from Offline Mode, and sending from a different account, to no avail.

Creating a new message, readdressing, and copying and pasting my email contents into the new message seemed to work.  Although, I can’t help but wonder if several of my friends got multiple (hopefully not dozens!) of copies of the email.

Then later, it happened again!

Long story short, after some furious google searching, I found some hints of explanation.  It seems that sometimes (perhaps due to ActiveSync tomfoolery) the Address Book in Outlook gets corrupted, and some display names are orphaned, no longer associated with an email address.  When you address an email to one of these orphaned names and click send, it sets Outlook into this infinite loop.

This is a pretty huge failwhale on Microsoft’s part on several levels.

Firstly, the Address Book, “what about it?” you ask.  “Isn’t that just your Contacts folder?”  As far as I can tell, no.  The Address Book is some vestigal part of Outlook code which is what is actually invoked to translate names into email addresses, rather than just using the Contacts database directly.  No one ever opens their Address Book, so far as I can tell (although there is a shortcut for it: Ctrl+Shift+B).  Everyone manages their contacts and email addresses in the contacts folder, and behind the scenes Outlook relies on some software scorcery to keep the two in synch.  Obviously, this breaks from time-to-time.  From a humane computing perspective, this is particularly cruel—creating two places to keep email addresses when one would do. Then, allowing the synchronization break without any warning until it causes a problem like:

The Infinite Loop: Seriously, Microsoft, when a display name pulls up a null from the Address Book, the best you can think to do is just try the whole send-mail process over again?  No error message, no looking to the Contacts folder for the address, no prompting the user for how to handle this, just keep banging your head into the wall.

And not only that, but the most information I can find about it on Microsoft’s site is from a post in October 2007 to Microsoft’s forums.  This means that this bug has been burning people for nearly a year with no visible action on Microsoft.  No Knowledge Base article explaining a work around, just some forum posts to wade through to try and pick the most appropriate solution.

For those who came via google or elsewhere looking for a solution, I’ll explain what I did to (hopefully) clear it up.  Basically, we’re going to manually clean up the Address Book.  This will be fine if there are only a few entries that need cleaning; I had about 2 dozen, If there are lots that are b0rked on yours, you might want to try some ideas listed in this thread.

1. Go to Offline mode (File -> Work Offline), and delete any offending messages from the Outbox.  Save the text first, so you can resend, by copying and pasting into Notepad or similar.
2. Open the Address Book (note: this is not the same as the Contacts folder).  Tools -> Address Book, or Ctrl+Shift+B.
3. You should see a list of names, display names, and email addresses.  Corrupt entries will be any that have the email field left blank.  Note that any Contacts you have which don’t have email addresses saved should not appear on this list at all, so anything with a blank email address is a corrupted entry.
4. Find a corrupted name, and then close the Address Book, go to your Contacts and open the entry for the name you found.  You’re going to copy the email address to the clipboard (Ctrl+C), clear the email field, then save the contact without an email address.  Then reopen the contact and paste the email address back in place (Ctrl+V), and save again.  This should recreate the entry in the Address Book with the correct email address.
5. Rinse, repeat until all corrupt entries are fixed.  (You can ignore Distribution Lists, they won’t have an email address listed.)

Shame on you, Microsoft, for wasting over an hour of my time diagnosing and repairing Outlook from a bug that should have been fixed months ago.

Uniform Resource Locators, commonly known as URLs are the address system for finding things on the internet.  Unfortunately, they’re often not very humane.  Can you imagine having to type this lovely example into your browser (much less trying to remember it!)

http://scitation.aip.org/getabs/servlet/GetabsServlet?prog=normal&id=PRLTAO000100000020200502000001&idtype=cvips&gifs=yes

Yikes! (This, by the way, is the URL of our new physics paper) Getabs? Servlet? prog=normal?  WTF?

This blog, powered by WordPress, does a little better:

http://buhjillions.wordpress.com/2008/07/15/inhumane-urls-and-why-oxford-university-fails-again/

The blog’s domain, followed by the year, month, and date of the post, and finally the title.  Not bad for something generated by a computer each time I sit down and write a new post.  WordPress also gives me the option of writing the URL myself, but I never bother.  Why?  Because people have designed systems to deal with this problem, or have otherwise learned to cope.  People create bookmarks for places they want to get back to, or remember instead of the URL, the path that they took to get there from other websites, or enough keywords that they locate it again via Google.

Still, the one part of a URL which people actually do try to remember is the domain name, the something.whatsit.com.  It is the part which is often spoken aloud, in conversation or in radio and TV adverts.  People remember the domain names, and good ones are worth a lot of money.

Which is why doing inhumane things with your domains is an inexcusable offense.  Consider the difference between typing ox.ac.uk and www.ox.ac.uk in your browser bar.  That’s right, one dumps you to an ‘address not found’ failwhale, and the other gets you to the University of Oxford’s homepage.  Why doesn’t ox.ac.uk redirect to www.ox.ac.uk just like every other website on the internet?

Fail Whale.

I requested this ‘feature’ on a feedback form from the OUCS website (located at www.oucs.ox.ac.uk).  The response?

“I’m afraid that this isn’t possible in the Oxford environment.”

That’s right folks.  Whatever crazy hosting technologies we’re packing here at the 2nd best university in the world (12th best in technology), they aren’t capable of issuing an HTTP redirect.  What kind of shady bub’s business are we running here? I’m not sure if I should be reassured that it isn’t just OUCS being too lazy to set up the redirect.

Oxford, I’m not sure how you’ve managed to rest on your laurels for this long and not drop completely off the top 100 list, but it’s high time that you get your shit together.

(Postscript: Although I mention OUCS in this post, I’m not necessisarily pointing the finger of blame directly at them.  Maybe OUCS needs to sober up to what it really takes to run a world-class information technology department, or maybe the University governanace needs to actually give them the resources they need.  How high up the org chart this issue goes, I don’t really know.)

I’m a student at the University of Oxford, and as is standard practice, they provide a email system for staff and students. It’s called Herald, and I assume it’s a home-grown email server that has evolved from code written in the 1980s.

It’s a piece of crap.

I kid, I kid! Admittedly, that’s probably dropping a little too much hate on its poor aged lines of God-knows-what language. It has basic features and gets the job done… most of the time.

But the internet means so much more to so many more people these days, and Herald isn’t equipped to let people make the most of it. Take webmail, for example: ugly, testy, difficult—these are words which spring to my mind when I think of Herald webmail.  You’re stuck sending and receiving in plaintext, and the interface is offensively bad.  It was never supposed to be this way—Herald was designed to be used via your email client of choice, a hulking server hiding in the shadow of a more carefully crafted interface.  But since the early days of Hotmail, Yahoo! mail, Netscape and the rest, webmail has been a primary avenue of accessing email.  Some people prefer it that way, and its easy to see why: one interface to learn which can be used on any computer with an internet connection and a browser, and no obnoxious setup steps (IMAP or POP3? SMT-what? SSL-port-who?).  And since gmail came on the scene a few years back, there’s simply no reason to believe that webmail can’t be a pleasant experience.  Something is deeply wrong when free webmail services outclass what’s provided to you by the people you pay £10,000 a year.

But still, armies of my classmates here at Oxford use Herald webmail as their primary email.  They hate it, even if they don’t realize it.  I know this because it shows.  They use Facebook to send messages to one another.  That’s right, Facebook.  Facebook, with it’s terrible message editor, iron-fisted threading, and walled-garden take on communication.

But I’ve just been informed of a project in the works at Oxford’s computing services to change all that, and finally move beyond email and into the realm of internet collaboration.  These services have existed for some time now, and what Oxford is proposing isn’t anything groundbreaking—but they’re a hell of a welcome (if overdue) change.

I’ll blog more about them soon.