tim bray, on search: metadata

Tim Bray has been running series on search that I’ve finally gotten around to reading. Nice series — gives a basic tour of the technology, the hard problems, and one person’s opinions on what works and doesn’t.

I especially liked his article on Metadata. Whether it’s Yahoo’s directory or Google’s PageRank, metadata is what really makes the difference on results. Metadata is hard to come by, so you should take every chance you get to collect it. But don’t expect it to come cheap and don’t expect your users to create it just for you.

carol coye benson on federation and liability transfer

Carol Coye Benson of Glenbrook Partners has a article, Liability and Federated Identity: Much Ado About Nothing on why Federated identity probably may not live up to expectations: they will likely never provide a basis for transferring liability for between the parties to an on-line transaction. But, as she points out, this probably won’t matter.

This is the thing I think most security wonks miss — it’s tilting windmills to try to make risks disappear or to transfer them all away. But this doesn’t mean you can’t do business. It just places a burden on you as the business manager to understand the risks and how they affect the prospects of turning a profit. Its perfectly reasonable to take an informed risk, and often significantly cheaper than trying to eliminate the risk altogether.

pricing technology

TJ’s Weblog “Technology, Venture Capital and Entrepreneurship”: pricing technology is a nice summary article on the approaches to setting prices companies use and the companies that off products to support it.

This a topic in which I have an interest. At one point, some colleagues and I, were trying to get a company funded that would have done dynamic pricing of online goods for the entertainment industry — I still think its an idea that has some merit. At the time (3 years ago), the VCs we talked to felt that it was ahead of the market.

theory and practice of ssl

This article on the practical problems with SSL is right on the money. Not only is SSL solving the wrong problem, it’s doing it poorly.

The problems here aren’t completely unique to SSL. All PKI based systems (including those incorporated in WS Security and SAML) suffer from them to greater and lesser degrees.

I’m always surprised that security folks still start with X.509 certs as their primary use case. Too hard and too expensive for too little real reduction of risk.

Belkin Highjacks Browser, Delivers Ad

Wow, and I was just starting to think of Belkin as a semi-respectable peripheral vendor. Apple should rethink its affiliation with them after this. Not cool.

[marketingwonk] The innocuous box on your network known as the router may not be so innocuous after all. A Belkin wireless router has been found to highjack your browser and redirect you to a page that promotes Belkin’s parental control service. Every eight hours an offer for a free six-month trial is delivered to your browser. This is no technical glitch. Belkin openly admits the offer was programmed into the box. Steve Hall comments.

The question is – did they openly advertise this behavior on the box?!? I would want my money back.

shirky debunks the semantic web

In The Semantic Web, Syllogism, and Worldview, Clay Shirky debunks the notion of semantic web — the short of it is the problem of semantics is hard; the trivial use cases that have been proposed to date don’t scale and aren’t that useful any way. Spend a couple of months studying the history of knowledge representation (from artificial intelligence, back through math and philosophy) and you’ll find that this is problem with a long history and little progess.

One thing in Shirky’s article that’s not quite right: He gives an example of how syllogisms fail that’s not quite right:


Consider the following assertions:
- Count Dracula is a Vampire
- Count Dracula lives in Transylvania
- Transylvania is a region of Romania
- Vampires are not real

You can draw only one non-clashing conclusion from such a set of assertions — Romania isn’t real.

You wouldn’t conclude Romania isn’t real unless all the predicates had been “is a”. This does, however, highlight another problem of semantics: how do you come to a shared, complete, and consistent set of predicates well defined inferential properties.