Check out this article, Who Profits from Security Holes?, by Benjamin Edelman, a Harvard Ph.D. candidate who specializes in practices and economics of spyware. As a test, he used a fresh copy of Windows XP to visit a single web page (he didn’t say which) and logged what spyware was installed on his computer. At least 16 programs were installed that he could identify and probably more than his spyware detector didn’t find. There’s a link to a screen-shot video of the experiment. It’s a pretty alarming scene.

Edelman takes aim in particular at 180 Solutions, a spyware maker that’s been openly lobbying lately to improve the image of so called “search marketing” vendors (that’s one of many euphemisms this group uses). 180 Solutions drapes itself in the cloak of legitimacy by claiming that distributes only permission-based programs. However, Edelman finds that 180 is as bad as anyone at installing spyware without the user’s permission. This guy has done his homework.

Wired has an interesting story on Neopets, the online fantasy world that kids can’t get enough of. My daughter was seriously into this community for a long time, though she’s since graduated to more mature things. What always impressed me about Neopets is that it’s a pure grass-roots phenomenon. Without benefit of a TV show, comic book or any “traditional” media support, Neopets has grown to 2.2 billion page views a month and more than 20 million users. Neopets-branded merchandise sells in Target stores. This is a complete Web phenomenon, Web 2.0 before there was a term for Web 2.0.

What’s particularly amazing is that the average user spends 6.5 hours per month on Neopets. It is the ultimate sticky site.

The Wired piece does find controversy in a concept the Neopets makers call “immersive advertising.” Activity areas on the site are increasingly designed by sponsors who pepper the scenery with product placements. There’s debate over whether kids who are already coping with obesity should earn points by watching cereal commercials but I suspect this is no different than the infomercials kids watch on TV these days.

Microsoft is releasing the beta of Windows Live Local on Thursday at noon EST. Located at https://local.live.com, the service offers a supposedly higher quality service than Google Maps by integrating photos taken from low-flying airplanes of major US metro areas. In theory, you should be able to pinpoint locations much more accurately with Live Local than with Google Maps. You can then get detailed driving instructions without having the exact address.

This is an exciting time for search. I’m looking forward to Microsoft and Google facing off for supremacy in this area. We users are bound to be the big winners.

Network World has a story today about a phishing exploit that was so realistic that even Ebay’s anti-spoofing team believed it was authentic. The blogger who first reported the incident says that he reported the suspicous e-mail to Ebay but was brushed off, even though there were several characteristics of the message that just didn’t make sense. That’s a pretty depressing commentary on the state of phishing, considering that Ebay is probably the most exploited domain the phishing world. I’m sure just about everyone has seen a convincing come-hither message purportedly from Ebay that really referenced a server in Eastern Europe somewhere.

I think 2006 will be the year that phishing takes center stage in the media coverage of computer security. It was all about spyware this year, but spyware is a slippery and often hard-to-define concept. Phishing, at least, you can understand. Unfortunately, phishing is also one of the most effective identity theft tactics there is. I was personally taken in by a phishing attack several years ago before I realized my mistake and had to scramble to change my Ebay password. And I’m presumably a lot more savvy about this stuff than the average user.

If phishers are good enough to fool even the trained investigators at Ebay, I think we’re in for a long year of creative and effective attacks.

Editors at the New Oxford American Dictionary have selected “podcast” as their word of the year. Runners up were “bird flu,” “persistent vegetative state” and “trans fat.” Not exactly great company :-).

It seems an appopriate choice, though. This has been the year the MP3 player transitioned from gadget to necessity, at least for tech-savvy commuters. Podcasts are proliferating like rabbits right now and, while I don’t expect most of them to live very long, the trend has clearly taken hold. The MP3 player is a legitimate new communications platform, perhaps the first one in 10 years (I’d say the cell phone was the last new platform). That’s something to celebrate because new platforms invariably create create a launchpad for innovation. For example, there’s a new company that will specialize in transcribing podcasts and selling ads against the transcriptions. It’s just the beginning, folks.

Leave it to Playboy to put its own brand on podcasting. The company has announced “bodcasts,” promising to deliver “free audio programs every weekday, including ‘Ask Hef Anything,’ ‘Joke of the Day,’ delivered by a Playboy model, as well as video advice from sexy Cyber Girls.

All in good taste, of course. 🙂

Judging by the traffic statistics, a lot of recent visitors to this blog are interested in open source software adoption and why it isn’t proceeding faster in the corporate mainstream. For them, I’ll point to John Terpstra’s excellent three-part series on SearchOpenSource.com about his frustration in trying to buy a Linux-ready laptop at a major computer retailer. It’s one of the best-read stories ever on the three-year-old SearchOpenSource.com site.

Terpstra documents how his efforts were frustrated by salespeople’s unfamiliarity with Linux, the lack of commercial software and device drivers for Linux and the fact that the salespeople tended to be trained to sell only a Windows solution to buyers. He expresses frustration at a retailer’s lack of awareness of open-source options and compares the process of buying a Windows PC to that of buying a Linux box. If you’re an open-source fan, this column will make you see red. But it should also reveal some essential truths.

I’m not a big advocate of conspiracy theories in technology, so I don’t think Microsoft has engaged in some kind of coordinated campaign to shut Linux out. I do think, however, that Microsoft has done an exceptional job of educating its channel to sell the Microsoft solution. This is one area in which the vendor has consistently excelled. And Microsoft has continued to invest in channel education even as it has solidified its monopoly on the desktop. Give the company credit: it has effectively shut out any option to Windows at the street level.

The lack of a dominant Linux advocate in the retail channel hurts the open-source cause in this case. Microsoft has the hearts and minds of retailers and there is no one with comparable throw weight in the open-source market to balance Redmond’s efforts. If Linux is to be successful on the desktop, it must be because consumers demand it and because software makers write the applications and device drivers to support it. The latter is a chicken-and-egg problem. Software makers won’t write the apps until the demand is there. And the demand won’t materialize unti the apps are in place. In the meantime, we have an uneasy standoff.

BTW, the OSDL working group has just released a survey on Linux adoption on the desktop. The results reveal that desktop Linux users want the same thing as desktop Windows users: office productivity applications and device drivers. There is no particular bias for one platform over another as long as the platform delivers superior value for the dollar. Linux’s challenge continues to be to convince application developers that it is a reasonable alternative to Windows without being able to deploy the massive marketing dollars that Microsoft brings to the task. Score one for Microsoft. It is exceptionally good at exploring Windows’ advantage at the street level.

The Massachusetts Software Council wants to put together a panel on corporate blogging and is looking for prominent business people in the Boston area who maintain blogs. They don’t have a clear fix on the topic just yet, but I expect it’ll related to how businesses can understand the blogosphere and use blogs as communication devices. If you know someone who’d be a good speaker, please comment on this post or send me an e-mail. Thanks!

It’s Sunday, so let’s lighten it up a bit :-).

The best gadget I’ve purchased in a long time is a Garmin GPSMap 60C handheld global positioning receiver (about $300). I’ve always been fascinated by the idea that you could pinpoint your position on the planet to within a few feet but I didn’t anticipate the value it would have in everyday life.

On a practical level, having a GPS in the car is saving me time and aggravation. I never get lost any more because I know almost immediately when I’m off track. I’ve also started experimenting with finding shorter routes to places I routinely visit, which has cut down on time and gas consumption. I can even plan longer trips by punching in coordinates before I leave and then following the route the unit calculates (you need to invest in special software for this). You can look up the coordinates to any address on the globe, BTW, at Maporama.com.

For recreation, the GPS opens a few new doors. I’ve started geocaching, which is kind of an online global scavenger hunt that has turned out to be way more fun than I thought it would be. Not only do my kids and I get a kick out of finding the secret treasure hidden in forests and cemeteries but the activity has taken me to nature preserves, walking trails and public parks that I didn’t even know existed. I’ll even take the GPS on the road with me and take a break for an hour here and there to geocache in another city. Such a geek I am…

Travelers can download specialized maps of routes and locations around the globe to create a sort of digital TripTik. If you have a lousy sense of direction, you have to get one of these things. It will make your life so much easier.

I’ve been interested by commercial applications of GPS since I first noticed a unit being used as a range-finder on my golf cart years ago. GPS are already routinely used in fleet management applications. You can imagine why UPS would value this information but there are other cool ideas as well. A friend contacted me just the other day who works at a small company, Everyday Wireless, that specializes in tracking school buses. School administrators and nervous parents can pinpoint the location of a bus at any time and display it on a web page. Any parent who’s stood in the cold with their child for 20 minutes waiting for a late bus can relate to this application. I’ve long wondered what would happen if you could shrink the size of a GPS receiver to something that could fit in a cell phone or a tooth. Imagine the uses of a technology that could track anything’s position on earth to within a few feet. Imagine the abuses if privacy limitations weren’t respected.

One more GPS-related item in my morning ramble: I listened to an interesting podcast of a presentation by Todd Young of Rosum Corp. This startup has figured out a way to use broadcast TV signals to pinpoint locations in dense urban areas or inside buildings where GPS doesn’t work. I have no idea how effective this technology really is, but the founder of Rosum is one of the inventors of the GPS system. For sheer innovation, this idea is tough to beat.

USA Today had an interesting op-ed piece this week by a retired journalist who wrote about the experience of being libeled on Wikipedia and being unable to do anything about it. John Siegenthaler, Sr. said his bio (which no longer appears to be listed on Wikipedia) was spurious and riddled with factual errors. It said he spent 13 years in the Soviet Union, started one of the country’s largest PR firms and – hold on to your hat – was once suspected of involvement in both Kennedy assissinations. All not true.

Siegenthaler tells of the tortuous process he endured to have the biography taken down and his frustration at being unable to identify the author of the spurious information, an ordeal made more difficult by the protections of the Communications Decency Act. The Wikipedia information was also picked up and reprinted without question by Reference.com and Answers.com.

Siegenthaler’s experience is an anomaly, I’m sure, and the vast majority of information on Wikipedia is no doubt correct. But it is a stark reminder of the vulnerability of the Internet to misinformation. Wikipedia has gotten a lot of justifiable praise for creating a workable structure for community information gathering. The fact that the service works at all would have been fairly mind-boggling five years ago.

But the Siegenthaler story is a reminder of the vulnerability of the open-content model to manipulation. The Wikipedia disclaimer page includes a stark warning that “None of the authors, contributors, sponsors, administrators, sysops, or anyone else connected with Wikipedia in any way whatsoever can be responsible for the appearance of any inaccurate or libelous information or for your use of the information contained in or linked from these web pages.” Kinda scary, huh?

We’re entering what could be called the Age of Search, where information is freely available and, increasingly, freely editable. Google and other search engines will provide you with a rich list of facts but they do little to distinguish between the credible and the suspicious. In the Age of Search, critical thinking becomes a more vital skill than fact-finding. There’s an interesting podcast interview with Vinod Khosla, venture capitalist and co-founder of Sun, that makes a case for this. Khosla observes that his children have come to regard information as a commodity that’s easily available and freely shareable. The challenge for this new generation, though, is to exercise the critical thinking skills to separate good information from bad.

Google’s technology doesn’t do all that good a job of that. For example, a search on the phrase “How high is Mt. Everest?” turns up at least five different answers (it’s generally recognized to be 29,035 ft.) . It’s the searcher’s job to figure out which response to believe.

The profusion of search technology only makes this more important. I think we’re going to see an explosion of search options in the next few years. Perhaps there’s an opportunity for someone to invent a critical search engine that contains an algorithm for evaluating the reliability of information.

Thanks for Peggy Rouse, editor of the reference site whatis.com, for alerting me to this story.