Runlevel4

AdSense Approval Delays: How Long Is Too Long?

2009-06-11T22:49:00.000-07:00

Have you been waiting -- and waiting, and waiting some more -- for Google AdSense to approve your application? Join the club.

Many AdSense applicants wonder how long it will take Google to review their applications. According to Google, it's an easy question to answer: The review process should take less than a week.

A lot of applicants also worry whether Google will deem their sites worthy of an AdSense account. They can rest easy: The approval process is clear and straightforward, and most legitimate Web publishers can meet Google's standards quite easily.

The real mystery is why Google isn't more realistic about its approval process. As quite a few applicants can attest, that one-week estimate is wildly optimistic.

(Full disclosure: I have a dog in this hunt. I applied for an AdSense account more than a month ago, and I'm still waiting to hear from Google.)

The AdSense program is wildly popular, and the review process is clearly very labor-intensive. Google tries hard to ensure that its ads don't appear on sites that don't meet its terms of service. And the only effective review method still involves real people actually checking out new applicants' sites, one at a time.

So the delays are understandable. Google's failure, however, to keep AdSense applicants informed about these delays is inexcusable.

The problem is that so many AdSense applicants are waiting months to get approved, yet Google sticks to that ridiculous one-week estimate. Applicants who go looking for more information or for someone to contact at Google wind up getting dumped into the AdSense "help system," which consists mostly of forums where other AdSense users try to answer their questions.

Google employees rarely, if ever, venture into the AdSense forums to provide any officially-sanctioned feedback. That leaves other AdSense users to inform frustrated applicants that they may have to wait three or four months for a response.

Worse still, many applicants assume that Google rejected their applications and didn't bother to notify them. As a result, Google runs the risk of doing exactly the thing its review process is designed to prevent: Ruin the credibility, and thus the effectiveness, of its AdSense system.

It's time for Google to step up and communicate clearly with AdSense applicants. At a minimum, this should include:

Revising that official one-week review estimate to something more realistic. If it takes Google four months to review a typical AdSense application, then the company should say so.
Adding a question to the AdSense support FAQ that gives new applicants some realistic guidance about how long they will wait for a response.
Reviewing the AdSense support forum to address applicants' concerns that they have been forgotten, overlooked, or rejected without notice.
Occasionally sending email to applicants, assuring them that their applications are still in line for review -- and that they will, indeed, get a response eventually.

Google can accomplish all of these tasks relatively quickly, without squandering too much time and effort. The payoff -- reassuring countless frustrated, confused AdSense applicants -- will be significant.

Or Google can keep playing these silly games and deny the problem. And eventually, AdSense will pay a very real price.

The RIAA's Head Weasel Speaks His Piece

2009-06-01T17:57:00.000-07:00

ArsTechnica recently gave RIAA General Counsel Steven Marks space to talk up his organization's goon-squad anti-piracy tactics:

It is a fascinating and challenging time to work in the music business. The record industry is swept up in a sea of change and we have embraced it. It’s a new day for the business and a new day for fans—25 years ago, it was just radio and records, but today’s music marketplace is dramatically different, with hundreds of different fully licensed digital music services and models.

Yet even with this emerging legal landscape, the rights of artists, songwriters, and record labels deserve protection. Unfortunately, there are those who seem to overlook that fact, including a Harvard law school professor, his class, and their client Joel Tenenbaum, a defendant in one of our illegal music downloading cases.

Marks is referring here to an earlier Ars piece, in which Harvard Law Professor Charles Nesson basically declared war on the RIAA. Nesson, along with many of his students, are now representing Tannenbaum pro bono.

This is funny stuff, although not really in a "ha ha" funny kind of way. The RIAA, after all, represents an industry that "embraced" change only after Napster, BitTorrent, and millions of consumers chain-whipped its business model into a bloody pulp.

Today, the RIAA's "embrace" of change includes a lingering obsession with digital rights management schemes and some curious ideas about how to price digital versus physical content. Also, let's not forget the music industry's kinky habit of suing dead people, old ladies with a thang for Snoop Dogg, and various other hardened copyright criminals.

If the RIAA wants to lift its leg on music buyers and tell them it's raining, that's their prerogative. After all, this is the industry that put the term "payola" into the history books. I just hope they don't think that anyone capable of fogging a knife takes them seriously at this point.

Cesar Millan's Critics: Just A Bunch Of Bad Dogs?

2009-06-01T13:55:00.000-07:00

Cesar Millan -- the "Dog Whisperer" -- is a pop-culture phenomenon. He is also controversial among some dog trainers and behaviorists. But are Cesar's critics barking up the wrong tree?

This article on the controversy, "Dog Whisperer, Dog Psychology and Cesar Millan," offers an interesting critique of Millan's methods:

With the recent popularity of a television show about problem dogs, the controversy over which methods are the most humane and effective ways to address behavior problems in dogs has been renewed and is dividing dog lovers all over the world.

While behaviorists, trainers and other dog professionals recognize that the show is exposing dog owners to the possibility that their dogs' behavior can be changed, the show gives the false impression that behavior can be changed within a matter of hours. Professionals are also concerned about the methods used, as many of those methods are known to incite or increase aggressive behaviors.

This article will explore the controversial issues and will attempt to separate fact from marketing. Wherever possible, additional links or book recommendations are provided as reference or to elaborate on the preceding issue. We strongly recommend those who disagree with this article read the links and/or books provided before contacting us.

I suspect there's a good reason why author Lisa Mullinax asks people to do their research before "contacting us." She probably gets more than her share of angry email. That's not fair; while I disagree with her conclusions, her arguments are well-reasoned, and her concerns are obviously sincere.

I can't, however, say the same about some of the other anti-Millan coverage you'll find online.

Consider this excerpt from a trite little hit piece published on Esquire.com:

"My position is, Millan is a poseur," Claudia Kawczynska, editor in chief of The Bark magazine, says of the ex--dog groomer. "He is a hairdresser, not the real guy in terms of being an expert. He doesn't have credentials. And it is shocking to me how easily people are ready to fall for it."

With approximately two million strays euthanized in the U. S. each year, Kawczynska sees reason to worry: "He is doing a disservice to the real experts in the field," she says. "He gives quick fixes, but they are not going to be a solution for most families with problem dogs."

Mullinax argues that Millan's critics aren't just jealous, and they aren't obsessed with defending their professional turf against a self-trained newcomer. Yet Kawczynska's venomous complaints that Millan is a "haridresser" who lacks "credentials" suggest otherwise.

And then we have this New York Times screed, in which guest columnist Mark Derr portrays Millan as a loose-cannon sexist pig, pushing a quick-fix sham on a bunch of dimwitted dupes:

Mr. Millan brings his pastiche of animal behaviorism and pop psychology into millions of homes a week. He’s a charming, one-man wrecking ball directed at 40 years of progress in understanding and shaping dog behavior and in developing nonpunitive, reward-based training programs, which have led to seeing each dog as an individual, to understand what motivates it, what frightens it and what its talents and limitations are. Building on strengths and working around and through weaknesses, these trainers and specialists in animal behavior often work wonders with their dogs, but it takes time.

Mr. Millan supposedly delivers fast results. His mantra is “exercise, discipline, affection,” where discipline means “rules, boundaries, limitations.” Rewards are absent and praise scarce, presumably because they will upset the state of calm submission Mr. Millan wants in his dogs. Corrections abound as animals are forced to submit or face their fear, even if doing so panics them.

Much of what Derr says in this article is demonstrably wrong: Millan frequently uses both praise and rewards. And while Millan can be politically incorrect, he isn't likely to upset anyone who isn't already a humorless blowhard.

Mark Derr really tips his hand, however, when -- like Kawczynska -- he attacks Millan for promoting quick-fix tactics. In fact, Millan does no such thing.

In many cases, "Dog Whisperer" segments actually show the elapsed time Millan needed to complete a task that might otherwise look quick within the context of a one-hour TV episode. If anything, the fact that Millan requires a half hour or longer simply to approach and a fearful dog demonstrates the time, patience, and effort this process requires.

Here, too, one suspects that Derr's real problem has more to do with jealousy, or at least with resentment. Or perhaps he's engaging in yet another condescending effort to protect idiots who can't separate TV and reality from hurting themselves. It's a noble but typically misguided cause.

I disagree as a rule with Cesar Millan's critics. It's a position I share, by the way, with the professional trainers, behaviorists, and vets who endorse Millan's approach. Having said that, I think many of those critics, including Mullinax, deserve both respect and careful consideration, given their professional commitment and their obvious concern for animal welfare.

Unfortunately, they're going to have a hard time getting it when they're forced to share the limelight with so many embittered, mud-slinging attack dogs.

Digital Audio: Why Be Normal?

2009-05-31T12:50:00.000-07:00

Time to move ahead with the next installment in my nine suggestions for building a killer digital audio library. Today, let's look at an important, and often misunderstood, digital audio principle: normalization

Dynamics: Good News, Bad News...

Many audio tracks deliver a great deal of dynamic range. In theory, audio dynamics are an arcane concept. In practice, however, you can understand it simply by listening to any song that starts quietly and then builds to a full, in-your-face, window-shaking climax.

When people describe a song as "dramatic," they are often talking about the feeling they get from music with a big dynamic range.

Sometimes, however, dynamics can actually get in the way of your listening experience.

Maybe you're listening to music on a set of earbuds in a noisy environment. A song comes on with a slow, quiet introduction that you love, and you crank up the volume to hear it. Then the guitars kick in, and suddenly you're fumbling for the controls, hoping that your eardrums aren't actually bleeding.

Or maybe you want to hear the same song without annoying your cranky downstairs neighbor. You can keep the volume on your stereo turned down and miss hearing the introduction, or you can crank it up -- and keep the remote in your hand so that you can turn it back down before the "big" part of the song makes the floor shake.

Or you can adjust the track to reduce the difference between those quiet and loud passages, making it much easier to set a consistent volume level.

Smoothing Out Those Musical Mood Swings

That's what normalization does for you. In more technical terms, here is how Wikipedia explains the concept:

Audio normalization is the process of increasing (or decreasing) the amplitude of an entire audio signal so that the resulting peak amplitude matches a desired target. Typically, normalization increases the amplitude of the audio waveform to the maximum level that does not introduce any new distortion other than that of requantization.

Specifically, normalization applies a constant amount of gain to the selected region of the recording to bring the highest peak to a target level, usually 98% (-0.3 dB) or 100% (0 dB)[citation needed]. This differs from dynamics compression, which applies varying levels of gain over a recording to fit the level within a minimum and maximum range. Normalization applies the same amount of gain across the selected region of the recording so that the relative dynamics (and signal to noise ratio) are preserved.

Many digital audio management and playback tools give you two ways to normalize your tracks. In most cases, you'll want to give one of them a wide berth.

The method to avoid normalizes an audio track by permanently changing the output signal. This is a one-way process: When you normalize a signal by altering it, you can never restore the track's original dynamic range.

That's a show-stopper. You should never do anything that might degrade the audio tracks in your lossless archive.

ReplayGain To The Rescue

But what if you had a tool that could analyze an audio track, decide how much to adjust it, and then store that information in the file instead of actually changing the audio signal itself? When you want to apply normalization, the tool could call up that data and apply the changes by adjusting the output volume on the fly.

When you don't want to apply normalization, you could simply turn off the tool and enjoy the full dynamic range of your original, unchanged audio track.

This is what a standard called ReplayGain does. Let's go back to Wikipedia for some more technical background:

Replay Gain is a proposed standard published in 2001 to normalize the perceived loudness of computer audio formats such as MP3 and Ogg Vorbis. It works on a track/album basis, and is now supported in a growing number of media players. Although the standard is formally known as "Replay Gain", it is also commonly known as "ReplayGain" or "replaygain." It is sometimes abbreviated "RG".

Replay Gain works by first performing a psychoacoustic analysis scan of the entire audio file to measure the perceived loudness and peak levels. The difference between the loudness and the target loudness (usually 89 dB SPL) is calculated; this is the gain value. Typically, the gain value and the peak value are then stored in the audio file as metadata, allowing Replay Gain-compliant audio players to automatically attenuate (or in some cases amplify) the output so that such files will play back at similar loudness to one another. This avoids the common problem of having to manually adjust volume levels when playing audio files from different albums that have been mastered at different levels. With lossy files, another benefit of Replay Gain scanning is that the peak information can also be used to prevent loud songs from clipping. Finally, should the audio at its original levels be desired (i.e. for burning back to hard copy), the metadata can simply be ignored.

Replay Gain implementations usually involve adding metadata to the audio without altering the original audio data. While the Replay Gain standard specifies an 8-byte field in the header of any file, many popular audio formats use tags for Replay Gain information. FLAC and Ogg Vorbis use the REPLAYGAIN_* comment fields. MP3 files usually use ID3v2 or APEv2 tags.

If that's too much information, don't sweat it. All you need to know is that ReplayGain delivers all of the benefits of normalization without any of the drawbacks. It's a popular, widely-supported standard, it's flexible and effective -- and it never makes permanent changes to your audio tracks.

Putting ReplayGain To Work

Now that you know why RG is such an important tool, you have to deal with another issue: Finding an audio player that supports it.

Dozens of audio players work with ReplayGain. MediaMonkey -- my personal pick, and one of my favorite apps of any type -- has an "Analyze Audio" option that will determine a RG level and save that data to each FLAC as a metadata tag.

(MediaMonkey also has a "normalize track" option, and it's smart enough to warn users that normalizing will permanently alter their audio tracks. There is a reason to normalize some files, but we'll discuss that in a moment.)

Many other popular audio players, however, don't support RG. Apple's iTunes player, for example, has a feature called "Sound Check" that does roughly the same thing as ReplayGain. The problem is that Sound Check doesn't do as much as RG, doesn't do as good a job at what it does do, and isn't much good if you use anything besides iTunes and an iPod.

(ArsTechnica has a good article that explains why Sound Check is inferior to ReplayGain. It also discusses a Mac OS X app called iVolume that solves at least some of these problems if you're dead-set on using iTunes to manage your music library.)

It probably won't surprise you to hear that Windows Media Player doesn't support ReplayGain, either. Then again, WMP doesn't offer native FLAC or OGG support, does enforce Microsoft's revolting DRM technology, and does a terrible job at managing large audio libraries. It isn't a serious digital audio tool -- period -- and I won't waste any more words on it in this guide.

The Exception To The Rule: When To Normalize

So, when should you use normalization instead of ReplayGain? When you want to transfer tracks to a portable media player.

Actually, that isn't always true. Portable players from about a half dozen vendors, including most Apple iPods, support Rockbox: open-source software that replaces a player's factory-installed firmware (the built-in software that runs the player). Rockbox allows players to handle RG metadata; adds support for more than 20 audio formats, including FLAC and OGG; and loads lots of other neat features.

The downside is that only one manufacturer -- SanDisk -- has expressed any interest in the Rockbox project. The others, including Apple, don't officially support Rockbox and generally take a dim view of users who replace their factory firmware with it.

If you don't want to take the plunge with Rockbox, or if your portable player doesn't work with it, then you can still employ a regular, permanent normalization process to your audio tracks before you transfer them.

In most cases, you will want to stock your portable player by making lossy copies of your master FLAC audio tracks. In MediaMonkey, for example, I maintain a separate archive of duplicate MP3 tracks to play on my iPod. When I create these MP3s, I use the MediaMonkey "normalize" option on them, so they will have a dynamic range that is more suitable for listening with earbuds.

Sure, it's a bit more work to keep all of this straight, using ReplayGain when it's appropriate and normalization when it isn't. But like most of the other steps in this guide, the work you put into this process up front will pay big dividends over the years to come.

NEXT TIME: Why DRM spells bad news.

Wikipedia Gives Scientology 'Socks' The Hook

2009-05-31T10:33:00.000-07:00

Wikipedia is going nuclear in its battle against Church of Scientology "sockpuppets."

From The Register:

In an unprecedented effort to crack down on self-serving edits, the Wikipedia supreme court has banned contributions from all IP addresses owned or operated by the Church of Scientology and its associates.

Closing out the longest-running court case in Wikiland history, the site’s Arbitration Committee voted 10 to 0 (with one abstention) in favor of the move, which takes effect immediately. . .

According to evidence turned up by admins in this long-running Wikiland court case, multiple editors have been "openly editing [Scientology-related articles] from Church of Scientology equipment and apparently coordinating their activities." Leaning on the famed WikiScanner, countless news stories have discussed the editing of Scientology articles from Scientology IPs, and some site admins are concerned this is "damaging Wikipedia's reputation for neutrality."

This is the first time Wikipedia has banned an entire organization by blacklisting its IP addresses. The group's arbitration committee decided that the ban is the only way to control rampant Scientology "sockpuppeting" tactics.

It's a controversial move among some core Wikipedia editors. And I'm sure Wikipedia knows its ban isn't likely to keep Scientology sockpuppets entirely at bay.

According to one ex-Scientologist quoted in the Register article, a number of Church staffers work full-time combating -- and, if possible, censoring -- Web sites that publish unfavorable coverage. Given the Church's size, financial clout and technical expertise, it is sure to take measures to get around the ban.

The Church could, for example, take a cue from the RIAA, which employs goon squads that monitor P2P networks behind a screen of constantly-shifting IP addresses. Many of these addresses belong to contractors rather than to the RIAA or its member record labels, making them even harder to track.

There are, however, ways to deal with these unwanted visitors. Tools like PeerGuardian, for example, enable users to maintain a constantly-updated blacklist of IP addresses that belong to anti-piracy snoops, government agencies, and other unwelcome guests. The result is a game of cat-and-mouse where attackers move to new IP addresses, gain a temporary advantage, but then land once again on a blacklist.

PeerGuardian generally gives file-sharing users quite a bit of protection; anti-piracy groups that monitor P2P networks need time to build a case against suspected violators, and blacklists make their job difficult. Wikipedia has a somewhat different, more challenging, problem: Scientology sockpuppets working from new, unblocked IP addresses will need minutes, not hours or days, to cause trouble.

I also hope Wikipedia is prepared to deal with denial-of-service attacks, because you can bet they're going to happen.

Wikipedia users who dislike the blanket ban will argue that it's unfair to single out Scientologist sockpuppets in this manner. In 2006, a tool designed to trace the IP addresses of Wikipedia editors revealed that scores of corporations and PR firms have tampered with Wiki entries to delete negative or controversial coverage.

The question, then, is whether to apply the Wiki death penalty against Scientology when companies like Raytheon and Dow Chemical engage in the same practices.

There's no doubt this could turn into a slippery slope if Wikipedia decides that blanket bans are an easy answer to a tough, very complicated, problem. Then again, given the sheer scale of the Scientology sockpuppet activities, it's hard to argue that any other organization even comes close, no matter how hard they might try.

Last.fm: RIAA Data-Sharing Charges Are "Slander"

2009-05-29T18:28:00.000-07:00

Wanna watch a train wreck as it happens? Follow me.

Earlier this year, a TechCrunch blog post spanked Last.fm for allegedly handing over user data -- including IP addresses -- to the RIAA. The charges were a PR disaster for Last.fm, as outraged users deleted their profiles and jumped ship to competing services.

The fact that the RIAA supposedly requested the user data simply compounds the problem; if there is an organization that music fans despise more than this litigation-crazed bunch of dirtbags, I don't know about it.

Worse yet, the allegation implies that Last.fm, which is a UK-based company, violated EU consumer privacy laws by exporting confidential user data to a U.S.-based organization.

If the charges are true, the fallout could prove fatal to Last.fm. But are they true?

Both Last.fm and parent company CBS Interactive insist that the TechCrunch blog post is a bunch of bull. Last.fm co-founder Richard Jones denounced the charges as "utter nonsense" and said he was "pissed off" that TechCrunch saw fit to publish them.

CBS Interactive also denied the charges, albeit in a rather curious manner. Here is how a second TechCrunch blog post, published last week, reported the company's roundabout rebuttal:

Before posting Erick [the author of the original blog post] reached out to the RIAA, Last.fm and parent company CBS for comments. The only response was from CBS - “To our knowledge, no data has been made available to RIAA.” The CBS spokesperson, Katie Gunion, subsequently emailed us to say “would you please attribute the statement to Last.fm, it is currently reading as though CBS issued the statement” Gunion’s email lists her title as Public Relations, CBS Interactive, and her first statement did not name Last.fm (this is important, see below). A subsequent statement by Shannon Jacobs, VP of Communications at CBS: “this is a last.fm issue, as far as I am concerned. It is not a corporate issue. This is a last.fm issue, not a corporate issue. The posting represents last.fm’s response.”

TechCrunch editor Michael Arrington put the following spin on CBS Interactive's buck-passing PR tactics, based in part on an email from what he says is an anonymous inside source:

Here’s what we believe happened, based on our sources: CBS requested user data from Last.fm, including user name and IP address. CBS wanted the data to comply with a RIAA request but told Last.fm the data was going to be used for “internal use only.” It was only after the data was sent to CBS that Last.fm discovered the real reason for the request, say our sources. Last.fm staffers were outraged, say our sources, but the data had already been sent to the RIAA.

Arrington and TechCrunch aren't backing down from their original allegations. In fact, they're rubbing salt in the wound by suggesting that the EU should haul Last.fm into court and by offering to provide legal counsel for their inside source, who supposedly got canned after blowing the whistle on CBS Interactive and Last.fm.

Yet Last.fm and CBS Interactive aren't backing down, either. Last.fm system architect Russ Garrett insists that the service "wouldn't risk a lawsuit to pander to the RIAA's requests" and accuses TechCrunch of slander. Garrett also questions the veracity of Arrington's "inside source" at CBS Interactive, due to the fact that he would have to personally approve transferring user data to any outside organization.

Earlier this week, the Wall Street Journal received yet another denial from CBS Interactive. If the company's last response was ambiguous, this one certainly isn't:

Both CBS and the RIAA have already stated quite clearly, for the record, that absolutely no individual user or listener information was supplied to the RIAA by Last.fm or any division of CBS Corporation in the past, nor do we plan to do so in the future. The story posted by the Web site was based on an unnamed tipster. No inquiry was made to CBS or Last.fm about the veracity of the anonymous source. Those who consult such blogs should be aware of the standard by which such postings are sourced and published

Keep two points in mind here: First, this is a life-and-death struggle for Last.fm, which simply cannot survive if it's tarred as a stool pigeon for the RIAA's file-sharing goon squad. Second, given the fact that UK libel laws are stricter than U.S. law, Last.fm is definitely throwing down the gauntlet when it describes the TechCrunch blog posts as "slander."

How will this nasty little fight end? Your guess is as good as mine. But if TechCrunch can't back up its allegations, Arrington's inside source won't be the only one looking for a lawyer.

The Hot New Netbook Trend: Built-In Malware

2009-05-22T21:08:00.000-07:00

Windows netbooks ship with some fascinating new features these days. . . like pre-installed malware.

Computerworld.com has the full story:

After discovering attack code on a brand new Windows XP netbook, antivirus vendor Kaspersky Labs warned users yesterday that they should scan virgin systems for malware before connecting them to the Internet.

When Kaspersky developers installed their recently-released Security for Ultra Portables on an M&A Companion Touch netbook purchased for testing, "they thought something strange was going on," said Roel Schouwenberg, a senior antivirus researcher with the Moscow-based firm. Schouwenberg scanned the machine -- a $499 netbook designed for the school market -- and found three pieces of malware.

"This was done at the factory," said Schouwenberg. "It was completely brand new, still in its packaging."

Where do you start with a fiasco like this? For starters, it provides fresh ammo for people who want to strip away some of the product-liability exceptions IT vendors currently enjoy.

Kaspersky's solution, by the way, is a real winner. The company suggests that netbook buyers who are concerned about pre-installed malware run an anti-virus scan before connecting their new systems to the Internet. This is a colossal pain, since it involves updating the anti-virus software on a separate PC, transferring the updated version to a buyer's new netbook, and then running the scan.

Fortunately, Kaspersky's researchers didn't find a rootkit on the infected netbook. Most anti-virus scanners can't detect rootkits at all, and victims might never discover that some dirtbag is busy uploading their passwords and bank account information.

Could a Linux netbook fall prey to the same stupid mistake? Not likely, since the malware apparently originated on a USB key drive used to install driver updates on the affected netbook. Linux isn't immune to malware, but it's safe to say that it takes a lot more to infect a desktop Linux system than a dirty USB stick.

I'm not surprised Kaspersky failed to point out this fact. Although the company has insisted for quite a while that Linux and Mac OS X will fall prey to the same malware that afflicts Windows systems, Linux and Mac users are still waiting for doomsday to dawn on them.

Don't hold your breath.

Laptop Data Theft: A Preventable Crime

2009-05-20T19:41:00.000-07:00

Laptop computers get lost and stolen all the time -- it's a fact of life. But it's time to throw the book at companies that still don't understand how to protect the data stored on these systems.

Almost every week, yet another high-profile laptop data theft makes the news. While there is no easy way to keep a laptop PC safe, it is absurdly easy to ensure that the data on a lost or stolen laptop never creates a security risk.

A few months ago, bMighty.com published my comprehensive guide to using a tool called TrueCrypt. This application can protect the data on a hard drive with encryption that is, for all practical purposes, unbreakable. It can encrypt individual files, an entire disk or disk partition, or even an entire desktop operating system.

TrueCrypt is an open-source application that enjoys a stellar reputation among security professionals. Anyone, including businesses, can download and use it completely free of charge. And TrueCrypt is incredibly easy to work with, even for non-technical users.

Other data-encryption tools, both open-source and proprietary, are also available. Many of them are quite good. So why do we keep reading about colossal acts of stupidity like this? Or this?

If you keep important personal data on a laptop, what happens to that data is your business. But honestly, it's hard to feel sorry for someone who can't take a common-sense security measure -- and pays the price as a result.

Businesses, however, are a different matter entirely. At this point, when a business laptop gets stolen with sensitive, unprotected data on it, there are two criminals: the thief who stole the laptop and the company that failed to protect its customers by using a data-encryption tool.

Here's a suggestion. Set up a certification program for companies that protect laptop data with robust, effective encryption tools. Companies that participate can fund the program themselves and agree to random audits of their laptops.

When a certified business loses a laptop, indemnify it against lawsuits related to the missing -- but protected -- customer data. Currently, for example, a small business that fails to protect its customers' data properly could face years of Federal Trade Commission audits. If a company can prove that the data on a stolen laptop was properly encrypted, reward it by making it exempt from such punitive measures.

Does that sound too complicated? Actually, I think it sounds a lot less complicated than some other laptop data-protection schemes that make headlines but have absolutely no chance of making a real difference anytime soon.

And what about companies that still don't get the message? Throw them to the wolves. They deserve what they get.

Digital Audio: Why File Formats Matter

2009-05-17T14:25:00.000-07:00

It's time to discuss the next of my nine suggestions for building a digital audio archive. Today, let's look at the process of choosing a permanent format for your ripped music tracks -- and at why that format should use lossless compression

'Lossy' Versus 'Lossless' Audio Formats

A lossless audio format does exactly what the name suggests: It creates a copy of a music track that contains the same amount of information as the original. Most CD ripping tools, for example, start by converting each audio track to WAV format -- an uncompressed, lossless format that enjoys nearly universal support.

The problem is that an uncompressed lossless audio track can be very large. A typical music track in WAV format, for example, often runs to 60 or 70 MB.

File compression helps to solve this problem. You already use file compression technology whenever you open a WinZip software archive or store digital photos in JPEG format. Whether a compression scheme works with software, images, audio, or some other format, it serves basically the same purpose.

Like other file compression methods, compressed audio file formats take two different approaches to getting the job done. Without getting too technical here, I think it's very important to understand how each of them works.

Formats that make a music file smaller by permanently discarding some data are known as "lossy." Lossy formats such as MP3 and Ogg Vorbis can shrink the size of an uncompressed music track by 90 percent or more.

Lossless compression formats, by comparison, shrink a music file by using special algorithms that don't actually throw away any data. These formats, including FLAC and APE, don't deliver the same amount of compression, but they can still shrink an uncompressed WAV file by 50 percent or more.

Lossy formats serve an important purpose. When you are using a portable music player, for example, storage is often at a premium; lossy formats allow you to pack as many tracks as possible into a limited amount of space.

When it comes to building a permanent, audiophile-quality digital music library, however, it's a terrible idea to rely on lossy audio formats.

Lossy Formats = Lost Opportunities

As I mentioned above, a "lossy" format makes audio files smaller by discarding a certain amount of digital data. Depending upon the format used, the compression tool, the playback system, and other variables, it can be very difficult to hear the difference between a lossy and lossless audio track.

This fact, however, doesn't outweigh the biggest drawback of any lossy audio format: It works by permanently throwing away data.

There are at least three reasons why this is a problem. First, keep in mind that technology will continue to evolve -- and improve -- over time. If a new and improved lossy format takes the world by storm in a few years, it won't do you much good if your music library is already compressed using one of the current lossy formats.

Here's the reason why: The process of converting, or transcoding, an audio track from one lossy format to another always degrades the sound quality. In many cases, transcoding between lossy formats even once will leave you with a track that sounds noticeably worse. Once this happens, you must either live with the degraded track or re-acquire it from a CD or other original source.

Second, storage capacity will continue to get cheaper and more plentiful. While most portable devices still don't include enough storage to hold a large number of lossless audio tracks, that will almost certainly change. Sooner or later, the biggest reason why people use lossy formats -- limited storage capacity -- will turn into a non-issue.

Finally, there is a philosophical issue involved here. It won't matter to a lot of people, but it should matter to you, since it cuts to the heart of what it means to build a truly first-rate, audiophile quality digital music library

A permanent archive, by definition, is something that will serve you tomorrow, next month, and even many years from now. Just as tearing pages out of books is a lousy way to make room in a library, ripping audio files using lossy formats is an inherently destructive, wasteful approach to building a permanent music archive.

Finding Lossless Music: Vote With Your Wallet

Are there exceptions to this rule? I can think of at least one.

Many online music retailers still sell a lot of music in lossy audio formats. Worse still, many of these lossy formats are proprietary and poisoned with digital rights management (DRM) schemes. (I'll explain in a future post why it's a mistake to buy music that uses DRM.)

The best way to avoid this problem is to buy or acquire only music that is available in a lossless, DRM-free format. If you plan to buy a whole CD, for example, consider buying (and ripping) an actual CD rather than buying the same tracks in a lossy format from an online retailer.

While some online music retailers now offer songs in lossless, DRM-free formats, they are still few and far between -- and they almost always offer lossless music only from smaller, independent record labels. The best way to change this is to vote with your wallets: When you buy online, try to do business with stores that offer music in lossless formats.

Why FLAC Is The Answer

From the start, I settled on a particular lossless, compressed audio format for my music library: FLAC.

In a recent post, I discussed why open-source formats like FLAC are a great choice for building a truly free, flexible long-term archive. Yet FLAC isn't your only option here; other lossless formats, including the Monkey's Audio APE format are also worth considering. I settled on FLAC because it is an open-source format, it delivers decent compression, and it enjoys relatively widespread hardware and software support.

(Hardware support for FLAC is getting especially good these days, especially compared to APE, which isn't quite as good at delivering on-the-fly track seeking and playback.)

If you own an iPod, a Zune, or some other popular digital music player, you will find that most of them only support proprietary lossless audio formats -- when they support any lossless formats at all. That is a minor inconvenience; as I will discuss in a future post, many music-management tools make it easy to generate lossy tracks on the fly for use in a portable music player.

Think of the difference this way. When you take a great digital photo and want to create a thumbnail image, would you throw away the original to do it? Of course not! While that thumbnail might be good for certain purposes, it would look terrible on a big-screen monitor or an expensive photo priniter.

Instead, you would simply make a smaller, low-resolution copy of the original. That's a good way to think of the difference between your lossless music archive -- tracks that sound great on even the most expensive stereo system -- and the lossy copies that you create for your iPod or other portable players.

Want To Know More?

I'm covering a lot of ground in this post, and I hope it's accessible even to non-technical readers. If you're looking for more detail on the concepts I discuss here and don't want to wait until I revisit them (hint, hint), here are some links to get you started.

- Wikipedia has a chart comparing every significant audio codec against a number of common criteria. Also check out these 2006 studies comparing the performance and efficiency of leading lossy and lossless audio formats.

- If you're looking for advice or disucssions on almost any audiophile-related topic, the HydrogenAudio forums are likely to have what you need. It's an immense and somewhat unwieldy resource, but it's also the best of its type on the Web.

- Finally, Start here if you want to know more about FLAC, including pointers to information about current software and hardware support.

NEXT TIME: Why Be Normal?

Sizing Up Software: The Uninstaller Says It All

2009-05-15T18:37:00.000-07:00

Recently, I had a run-in with an . . . interesting piece of software. While I wouldn't install it on any PC that I didn't plan to drop off at a landfill, I think it has some valuable lessons to offer.

IncrediMail is a desktop email client. Its most notable feature is its ability to add colorful backgrounds, emoticons, animation, and other multimedia effects to a user's email. It also makes heavy use of HTML-formatted email.

It's a popular application. I can't figure out why, because it is an absolute disaster in every way that matters.

When Software Attacks!

I could tell you how IncrediMail bloats the size of the email it creates to unbelievable proportions. I could mention that anyone looking for a job -- or simply trying to be taken seriously -- should think twice about sending email crammed with dancing smiley-faces.

I could also point out that IncrediMail's Terms of Service and software End User Licensing Agreement are the subject of a hot debate. (You can also read about issues with IncrediMail's EULA here. The site that published this page was apparently forced to remove it, but you can still find it courtesy of the Internet Archive's Wayback Machine.)

Finally, I could let you know that users who purchased the paid version of IncrediMail routinely complain about the company's support and business practices. That includes a rash of complaints about unauthorized charges to their credit cards for "subscription renewals" they did not purchase in the first place.

If you really want to size up a piece of software, however, just focus on one crucial detail: its uninstaller.

Any legitimate application won't just provide an uninstaller. It will provide an uninstaller that actually works.

IncrediMail's IncrediMess

IncrediMail is notorious for making a complete mess when it installs on a user's system. That might explain why its uninstaller is comically ineffective. Then again, it might not.

All software installers make changes to users' systems. They may install files and folders, change configuration settings, and alter the Registry on Windows systems. A really good application keeps these changes to an absolute minimum, and when appropriate, it allows users to choose whether or not to make them at all.

An application, for example, that wants to change your browser's default home page or search engine should always ask you to approve these changes.

IncrediMail makes a staggering number of changes when a user installs it. According to one source, its installer creates nearly 2,200 Windows Registry keys and installs 800 files. Another states that IncrediMail adds over 1,600 new Registry keys and more than 3,100 new values.

Still another source, after using a software utility to track the changes IncrediMail made to a test system, logged a jaw-dropping 15,000 lines of changes. The open-source Mozilla Thunderbird email client, by comparison, logged just 300 lines of changes during its installation process.

So IncrediMail makes an ungodly mess. But the real trouble starts when you ask it to go away and clean up after itself.

Microsoft's own support site has a page devoted to fixing the Windows Registry after IncrediMail breaks it. The fix involves manually editing the Registry -- a potentially dangerous task -- and still doesn't completely eliminate IncrediMail from your system.

Legitimate software doesn't behave this way -- ever.

It's not that hard to turn up problems before you install a piece of software. Even a cursory Google search will provide the information you need. When you see so many users complaining so bitterly about a product like IncrediMail, it's time to turn around and walk away.

Digital Audio: Playing For Keeps

2009-05-15T00:01:00.000-07:00

I can rattle on all day about the finer points of building a high-quality digital audio library. In fact, I probably will.

For now, however, let's get down to basics. Follow these suggestions, and you can avoid many of the mistakes that turn good intentions -- and countless hours of hard work -- into an audiophile train wreck:

Always keep secure audio archive backups.
A lossy archive is a lost cause.
Don't normalize -- analyze.
Avoid DRM like the plague it is.
Whenever possible, avoid proprietary audio formats.
Don't assume that all CD ripping tools are alike.
Tag audio files as carefully and thoroughly as possible.
Invest in a quality PC sound card.
Never transcode lossy audio formats.

I'll cover each of these points in detail in separate posts. Today, however, let's start at the top of the list.

Back it up -- or give it up.

There's a word to describe people who spend countless hours ripping, tagging, and organizing a digital music archive without making regular backups: fools.

That's harsh, but it's the truth. It's one thing to load your iPod with a bunch of quick-and-dirty MP3 rips. It's quite another to move your entire music library to a permanent, carefully maintained digital archive. The latter is a project that can take months or even years to complete -- and a power surge, malware attack, or hardware glitch can put you back at square one in the blink of an eye.

Devising and sticking to a regular backup plan is an essential step for any digital music archivist. Don't plan to do it later; do it now, before you rip another CD or tag another file. Get some quality backup software, learn how to use it, and configure it to back up your audio library (and preferably all of your digital data) on a regular basis.

How often you schedule backups is up to you. Think about how often you update your library, consider how much work you stand to lose, and then plan accordingly.

Once you get this far, you're halfway home -- but only halfway. The other half of your backup scheme should include a practical, effective disaster-recovery plan.

If something awful happened to your computer -- a robbery, for example, or perhaps a fire or natural disaster -- could you still restore digital audio archive? That's what "disaster recovery" means, and it's the reason why system backups are only as secure as the place you store them.

Some people upload their backups to a secure remote server; others copy their backups to removable hard drives, DVD, or other portable media and then store them in a fireproof safe or stash them at a remote location. There are lots of ways to do the job; pick one and stick with it religiously.

My own backup plan involves three lines of defense against a data-loss disaster. First, I store my archive on redundant sets of hard disks. This setup is known as a mirrored RAID; if one disk set fails, the other set still holds an identical, intact copy of the same content.

Second, I back up my archive to a completely separate computer system. Finally -- and perhaps most important -- I back up changes to my archive once a month to DVDs that I keep in a fire- and waterproof safe.

It's not a cheap set of backup solutions, but at least I'm buying some serious peace of mind. There are other, often much less expensive, ways to do the job -- what matters is that you put together a plan that meets your needs and then stick to it religiously.

NEXT TIME: Why a lossy audio formats are a lost cause.

Proprietary Software: Know When To Say When

2009-05-14T18:12:00.000-07:00

In some cases, proprietary software is well-designed and thoroughly tested. In others, it gives vendors an easy way to mask incompetent work. Guess what happens when taxpayers foot the bill for companies that take the second approach?

The software used in breathalyzer tests has been the subject of more than one legal challenge. Back in 2005, a Florida court ordered one vendor to turn over its source code for analysis after a group of DUI defendants challenged the validity of their breathalyzer test results.

Two years ago, the defendant in a New Jersey DUI case asked the court to order a similar analysis of another company's breathalyzer software. The software maker, Draeger Safety, had argued unsuccessfully that such an analysis would unfairly compromise its Alcotest 7110 source code.

Draeger had cause for alarm -- but not because competitors might pilfer its source code.

Here is what Base One Technologies, the company assigned to review the Alcotest source code, had to say about Draeger's software:

The Alcotest Software Would Not Pass U.S. Industry Standards for Software Development and Testing: The program presented shows ample evidence of incomplete design, incomplete verification of design, and incomplete “white box” and “black box” testing. Therefore the software has to be considered unreliable and untested, and in several cases it does not meet stated requirements. The planning and documentation of the design is haphazard. Sections of the original code and modified code show evidence of using an experimental approach to coding, or use what is best described as the “trial and error” method.

The Alcotest, Base One concluded, "should be suspended from use until the software has been reviewed against an acceptable set of software development standards."

Among other problems, Base One found more than 19,700 defects in Draeger's source code -- including errors in three out of every five lines of code.

Is Draeger's software any more reliable today? Only the company knows for sure, and I doubt it's talking.

Shoddy breathalyzer software, however, simply illustrates a more general problem. When companies make bad software purchasing decisions, the market ultimately holds them accountable for their mistakes. It's an effective way of sorting out the relative benefits of proprietary versus open-source software, as the thriving open-source business model continues to prove.

Public-sector software buyers, however, must address a very different set of priorities. For starters, they are ultimately accountable to the taxpayers whom they serve and whose money they spend. Open-source software, by its nature, gives the public a window through which to assess the value of the software their public servants purchase.

In addition, as the Draeger case shows, the public sector must maintain the highest possible standards when it comes to public safety issues. Isn't transparency the best way to ensure government agencies are actually meeting these standards?

Many open-source software advocates and government watchdogs point -- with good reason -- to problems with e-voting software as an example of what can go wrong when the public sector relies too heavily upon proprietary software. As the Draeger case proves, however, this this is a problem that extends far beyond the nation's voting booths.

Microsoft's Funky New Math Doesn't Add Up

2009-05-13T22:31:00.000-07:00

How much are you really paying for that stylish iPod? Microsoft has some thoughts to share on the subject.

Geek.com blogger Christian Zibreg writes:

Microsoft is clearly focusing its anti-Apple advertising campaign solemnly on pricing issues alone, hoping the tactic would strike a chord with consumers who see their wallets shrink in this recession. . .

That said, I had to scratch my head hard over the latest Zune advertising.

The ad . . . has “certified financial planner” Wes Moss pointing out that, at a buck a song, filling a 120GB iPod with à la carte tracks from the iTunes Store would set you back a whopping $30,000. The ad concludes with the argument that it only takes $14,99 a month ($179,88 a year) to get the same amount of songs (”and millions more”) with Microsoft’s all-you-can-eat subscription service dubbed Zune Pass, first unveiled mid-November 2008.

Zibreg, however, isn't sure Microsoft's math adds up:

Adopting Microsoft’s school of thinking, I could as well argue that it would take 250 years and $44,970 to fill a 120GB Zune with songs that would remain mine once I stop paying monthly subscription fees. Here’s how.

At $14,99 a month, Zune Pass subscription service lets you download any song you like, as long as you keep paying a monthly fee, but you can also keep forever ten songs you get to choose each month. Stop paying and you lose all songs you subscribed to, except a growing selection of ten songs you chose each month. These rules of the game mean it takes 250 years to gradually fill the capacity of a 120GB Zune with songs that you actually own, not rent - or $44,970 in monthly subscription
fees.

Unlike Microsoft, Zibreg admits his numbers game doesn't play very well in the real world. People fill their music players with content from all kinds of sources. Mostly, however, they fill them with tracks ripped from their own CD libraries or acquired from...ahem...unsanctioned online outlets.

The biggest problem here, however, is Microsoft's willingness to compare iPod apples with Zuni lemons. Those a la carte iTunes tracks download DRM-free; they're yours to keep, and you can play them anywhere, on any device.

As Zibreg points out, most of those Zuni tracks are DRM-protected and tied to a monthly subscription fee. Miss a payment, and your music library turns into a digital pumpkin patch.

Microsoft's advertising assumes you don't care whether the tracks you "buy" come shackled with DRM. Or maybe it simply assumes you don't know the difference. Either way, it's another reason why the Zuni is still a product that can't even play second fiddle to the iPod, much less call the tune.

West Point War Gamers Win Big With Linux

2009-05-13T18:44:00.000-07:00

Last week's New York Times covered a recent war gaming session at West Point. These war games, however, involved a very different set of weapons.

The Army forces were under attack. Communications were down, and the chain of command was broken.
Pacing a makeshift bunker whose entrance was camouflaged with netting, the young man in battle fatigues barked at his comrades: “They are flooding the e-mail server. Block it. I’ll take the heat for it.”
These are the war games at West Point, at least last month, when a team of cadets spent four days struggling around the clock to establish a computer network and keep it operating while hackers from the National Security Agency in Maryland tried to infiltrate it with methods that an enemy might use. The N.S.A. made the cadets’ task more difficult by planting viruses on some of the equipment, just as real-world hackers have done on millions of computers around the world.

Scroll down almost to the end of the article, and you'll find a crucial bit of information that puts the cadets' exercise in a very different light. It turns out their choice of operating system was entirely up to them:

Brian McCord, part of the team that installed the operating system, said he was chosen because his senior project was deeply reliant on Linux. The West Point team used this open-source operating system, freely available on the Internet, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems.
“It seems weird for the Army with its large contracts to be using Linux, but it’s very cheap and very customizable,” Cadet McCord said. It is also much easier to secure because “you can tweak it for everything you need” and there are not as many known ways to attack it, he said.

I'm not sure how Sun got lumped in with Microsoft as a purveyor of a "proprietary" operating system. Sun's OpenSolaris, unlike Windows, is free to use, modify, and redistribute under an OSI-approved Open Source license.

More to the point, the West Point team had a lot riding on its choice of operating system. They faced NSA-trained attackers who have probably forgotten more dirty tricks than most hackers will ever learn. And it's safe to assume that the cadets weren't just trying to save a few bucks on a Windows Server license.

Complain all you want that Linux is over-hyped or that it doesn't offer any real-world security advantages over Windows. The West Point exercise was about as "real world" as IT security ever gets. And the results speak louder than any marketing campaign ever could.

Upcoming: Building A Digital Audio Libary

2009-05-10T14:34:00.000-07:00

Looking to build a digital audio archive that will sound great and last a lifetime? Stay tuned, because I'm going to cover this topic in detail during the weeks to come.

Over the past few years, I ripped our entire CD library to disk. It was an immense task: I now maintain an archive of more than 12,000 tracks on a PC disk array, all of them properly transcoded and tagged. One of our PCs is designed specifically to function as a music server; after a great deal of trial and error, and quite a bit of research, I settled on an audio card, music management software, and other components that meet our needs.

In a series of upcoming posts, I'll share what I have learned with all of you. The tips I'll provide aren't the only way to build and manage a digital audio library. But I consider them the best possible solution for us, and I think they will benefit quite a few other people, as well.

There are plenty of online sources for this type of information. I'll try to add value here by sharing my own thought process, rehashing some of the mistakes I made along the way, and explaining exactly why I made my decisions.

Perhaps most important, I will do my best to present all of this information in a clear, concise, helpful manner -- something so many other sites try, and often fail, to do.

Stay tuned! We'll start the series in a few days with Part One of what I think of as my "Ten Commandments" for any serious digital music archivist.

Digital File Formats: Playing For Keeps

2009-05-10T14:05:00.000-07:00

For years, a debate has raged over the benefits of open operating systems and software. Neither, however, matters to me as much as the question of open file formats.

LinuxToday.com blogger Carla Schroeder recently summed up the problem in a nutshell:

"Digital storage is fragile. I'm sure this not news to you. If you have any computer files from the 1990s can you still read them? Are they on a readable medium? In a readable format? It is a chronic problem for businesses, but I think it's a more significant problem for normal, everyday people."

The Problem With Legacy Formats

My own digital archives suffer from the same problem. I have a box of Zip disks that hold backups from a Macintosh G3 desktop system I purchased nearly a decade ago. The Mac and its built-in Zip drive are long gone; the disks, as a result, are useless.

Fortunately, I transferred the most important data -- including years of work-related archives -- to DVD before discarding my old G3. Yet I had overlooked other Zip disks that contain less important, but still potentially interesting, content.

Even if I had transferred those files, however, I would have faced other challenges making use of them. My old Eudora mailbox backups, for example, would have posed a problem. I quit using Eudora years ago, and I'm not sure whether the current version would open my legacy mailbox files -- or, for that matter, whether older versions of Eudora (most of which are still available for download) will operate properly on a modern PC.

I have written off this data, at least for the time being. But I took these lessons to heart when I designed a permanent archive for our digital photo and music libraries.

RAW Deal

Let's consider the photo archive first. Until January 2008, we used a point-and-shoot digital camera that stored photos in JPEG format. So far, so good: While patent trolls have attempted to claim JPEG as their intellectual property, none have succeeded.

In other words, JPEG is likely to survive indefinitely as an archival format. It enjoys near-universal software support and backing from a dedicated, well-organized standards-making body.

In 2008, however, we bought a DSLR camera. Our Pentax K10D, like any similar camera, can store photos in either JPEG or RAW format. It also, however, offers users a choice of RAW formats: Its own proprietary format or the Adobe DNG format.

We didn't have to think twice about which format to use. A properly implemented RAW format is far superior to JPEG for long-term, high-quality digital photo archiving.

What do I mean by "properly implemented?" DSLR vendors have an annoying habit of pushing proprietary RAW formats that don't always behave as they should. Many use non-standard, sometimes poorly documented, file headers that deviate from the underlying TIFF standard. A few DSLR vendors even use proprietary RAW formats that encrypt embedded image tags.

As a result, third-party software developers find themselves playing a game of cat-and-mouse with DSLR vendors hell-bent on maintaining proprietary RAW formats. The idea, apparently, is to keep photographers "loyal" to a particular vendor by ensuring that only the vendor's own software tools can properly access the metadata stored in its RAW format.

This is unacceptable. I can't believe that any serious photographer would allow a camera vendor to pull this type of stunt. Yet they do.

Adobe DNG is not a truly open-source format, and not everyone thinks it makes a suitable RAW standard. Yet DNG is fully documented, it is available to third-party developers on a royalty-free basis, and Adobe is in the process of submitting it to ISO as a completely open standard.

As DSLR vendors go, Pentax is one of the best at offering a relatively transparent proprietary RAW format. And I am reasonably sure that Pentax, unlike some DSLR vendors, will still be in business many years from now.

Keep in mind, however, that we're talking about a digital photo archive that already runs into thousands of images. We need these photos to remain accessible for the rest of our lives -- and even well beyond. I'm not about to trust them to a proprietary RAW format. While Adobe DNG isn't perfect, it is the best current option, and its future prospects are healthy enough to satisfy me.

Face The Music: The Benefits Of FLAC

Our digital audio archive presents a similar set of challenges. Over the past few years, we transferred our entire CD library to hard disk. Today, this music library includes more than 12,000 tracks, and it will continue to grow in the years to come.

When I chose an audio format for our music library, I had two key requirements. First, I required a lossless, audiophile-quality format (nothing says "I don't care" like a drive full of carelessly-ripped MP3 tracks). Second, I required a completely open format that would never run afoul of a vendor's proprietary whims or some patent troll's gold-digging efforts.

As a result, I chose FLAC as our archival audio format. Since FLAC is an open-source file format, it will probably outlive most of the companies that offer competing, proprietary lossless formats. For all we know, that includes both Microsoft and Apple.

The point is, I don't have to care how a particular vendor fares in the market or what it decides to do with its intellectual property. FLAC is completely immune to these trends, and I am as confident as I can be that the music I enjoy today will be just as accessible in 30 or 40 years.

Risks We Can Live With

Digital content still carries a measure of inherent risk. Users can reduce those risks considerably by backing up their data. I back up our digital content archives regularly, and those backups are stored in a water- and fireproof safe. As far as I am concerned, those photos are much better protected than many of our traditional, printed photos -- many of which we cannot replace if anything happens to the original prints.

Of course, digital storage formats will continue to change. IDE hard disks are clearly on their way out, and who knows how much support SATA will enjoy 20 years from now. The same is true of today's optical disk formats; with holographic optical storage now entering the market, it will be up to hardware vendors to decide when or if to ensure that future holographic drives support legacy optical formats.

So we can't eliminate the risk. But we can manage it. And one of the best ways to accomplish this, besides taking data backup seriously, is to think carefully about whether you can really trust your data to a particular file format -- no matter how popular or how well-marketed it happens to be.

The Curious Case Of The Missing Malware Stats

2009-05-09T17:29:00.000-07:00

Lately I have been thinking quite a bit about the malware-related statistics one finds online -- and those one can't seem to find anywhere.

A few weeks ago, a New York Times article put this issue squarely on the front burner. Writer John Markoff covered the discovery of an illicit data-snooping scheme, dubbed "GhostNet," that had compromised over 1,200 computers in 103 countries.

While Markoff provided plenty of information about the workings of GhostNet, one important detail was conspicuously absent: The operating systems running on the targeted computers.

As I noted in my bMighty.com blog post covering the incident, one NYT.com reader compared the omission to "covering a plane crash and not mentioning the make and model of the aircraft."

Markoff dismissed the criticism, even as coverage of his article appeared on other IT news sites. He considered information about the OSes targeted in the GhostNet scam irrelevant to the story as he wrote it.

Like many other people, I beg to differ. What really bugs me, though, is the fact that this type of information is extremely difficult to find anywhere online.

Consider McAfee's most recent quarterly threat assessment, which appeared online last week. The headline on McAfee's press release announcing the report trumpeted the news that 12 million new IP addresses have been hijacked by botnets since January. The report itself spends a lot of time breaking down the compromised IP addresses by location, and it provides some other interesting information about the evolving nature of botnet and drive-by malware threats.

Yet the report is completely silent when it comes to breaking down compromised systems by Web server or OS.

How many people find a geographical breakdown of hijacked IP addresses more interesting than information about the kinds of servers running behind these addresses? Not many, I suspect.

I have an inquiry in with McAfee asking them whether they can provide a breakdown of the hijacked IP addresses by operating system. They acknowledged my query but haven't yet answered it.

I subsequently asked Keith Ferrell, an IT security expert and one of my fellow contributors on bMighty.com, whether he was aware of any online sources for this sort of information. He replied that while it was a good question, he couldn't actually think of any authoritative sources for these types of statistics.

Most of you can guess where I'm going with this. I would be shocked if those stats failed to show that a very disproportionate number of compromised IP addresses are running Microsoft operating systems and/or servers.

(Note that "disproportionate" is the key word here.)

Am I missing some obvious sources for the kind of information I'm talking about here? If so, then I clearly am not the only one who didn't get the memo. And these sources should be obvious -- at least as obvious as the geographical breakdowns that so much malware-related coverage play up with banner headlines.

A Closer Look At CNET's Download Champs

2009-05-08T15:56:00.000-07:00

An observant blogger recently posted a screen shot of the top Windows software on CNET download.com. The five most popular downloads as of May 9, 2009 are all anti-virus and anti-spyware tools.

It's a telling image. Free Windows anti-malware apps have knocked some tough competitors out of the top download spots. Some, such as Limewire and WinZip, have been among CNET's all-tme most popular downloads and held spots in the top five for years at a stretch.

Clearly, Windows' susceptibility to malware is a disaster of stunning proportions. It's amazing -- and disappointing -- that so many desktop PC users accept it as a fact of life.

But the blog entry made me even more curious about some of the deeper trends that a site like Download.com might reveal. What kind of software once ruled the download roost? Which applications show the most staying power as years pass, technology advances, and trends come and go?

Unfortunately, CNET doesn't provide much information about long-term download trends. The Internet Archive Wayback Machine does include quite a few snapshots of the Download.com home page, dating from Nov. 1999 to Oct. 2007. No snapshots are available after this point, leaving a notable gap in the archive between late 2007 and the current set of Download.com listings.

Keeping this caveat in mind, here are a few key trends gleaned from the Internet Archive's snapshots of Download.com between 1999 and 2007, along with the current (May 2009) top download listings:

- Traffic: CNET's weekly download figures for its top five downloads have roughly tripled over the past 10 years. The current top application, for example (the free version of Avira), showed about 2.1 million downloads the week of May 9, 2009. The number one product in Nov. 1999 (ICQ) reported about 740,000 downloads.

- Staying power: Winzip has appeared in the most popular download list for 651 consecutive weeks -- more than 12 years. Among the current top 50 downloads, only Acrobat Reader, at 555 weeks, comes close to this figure.

- The current crop of top downloads: AVG was the first of the current group of most-popular AV clients to appear on the chart (223 weeks ago as of 5/9/09). Avast has been present 115 weeks and Avira 84 weeks. The top spyware removal tool, by comparison (Ad-Aware), has been present for 332 consecutive weeks.

- Notably absent: ICQ appeared in almost every Download.com top five list I canvassed between Nov. 1999 (the first available list in the Internet Archive) and Oct. 2007. By May 2009, however, it was no longer even listed in the Download.com Top 50.

- Anti-spyware tools yield to anti-virus apps. Multiple anti-spyware tools were appearing in the top five regularly from mid-2004 until late 2006. While Ad-Aware (332 weeks on the chart) is still in the top five, AV tools rather than anti-spyware now dominate the popularity rankings.

- The changing face of P2P: Before mid-2004, file-sharing tools suich as Kazaa, Morepheus and AudioGalaxy routinely dominated the top five. After this point, Kazaa is notably absent; other file-sharing tools, however, including Limewire and iMesh, remained extremely popular. In addition, the BitComet BT client also grew in popularity as traditional file-sharing tools disappeared (or were forced off) the charts.

- Do you remember? Run back far enough through these archived pages, and you'll find some real blasts from the past. Tools like StayOn Pro (a top five download back in Feb. 2000) were a big deal back when most Internet users still dealt with dial-up connections. Now they are obscure curiosities.

A Few Conclusions

What do I conclude from these trends?

First, it is important to note that most free, high-quality anti-virus tools are relatively new arrivals on Download.com. People were using AV software before this -- a good thing, since Windows malware has been a crippling problem almost since there was a Windows. In the past, however, far more users relied on AV software for which they paid, often in the form of boxed software purchased directly from retailers.

Second, the relative decline of anti-spyware tools is not surprising. Anti-virus tools, including ones available free of charge, now perform many of the same functions anti-spyware tools once performed on a stand-alone basis. Anti-spyware apps are still important, but today, they are more likely to serve as a second (or third) line of defense than as a primary desktop security tool.

Third, while the names have changed (Kazaa may be long gone, but Limewire is still going strong), P2P software continues to hang around the top of CNET's download charts. That has been true for at least the past decade -- lawsuits be damned -- and you can bet it will be true for many years to come.

By the way, I hope all of those Limewire users are downloading their share of those free AV tools, because they are likely to need them. Downloading software off Limewire is a bit like wandering around the bad part of town, licking strange doorknobs -- and then washing your hands to avoid getting sick.

If you feel like taking a walk on the wild side, try BitTorrent instead. And when you do, consider using a real BT client like uTorrent rather than a half-busted toy like BitComet.

The Gory Details

For the truly curious, here is a list of my grabs from the CNET Download.com weekly top five Windows software rankings, courtesy of Internet Archive. I didn't include the exact dates here, and I don't plan to go back to get them :-)

My note-taking skills here also might be suspect. As a rule, I just listed the app by its short name, leaving out suffixes (i.e. "SE," "Lite," or beta-version notation). For quick-and-dirty trend-watching, however, I think this information is more than sufficient, especially when viewed over a span of several years.

Total number of "Top Download" pages reviewed: 44.

From Internet Archive:

May 2009:

1. Avira (84 weeks on chart)
2. AVG (223 weeks on chart)
3. Avast (115 weeks on chart)
4. Ad-Aware (332 weeks on chart)
5. Malwarebytes Anti-Malware (36 weeks on chart)

Some other longevity ratings, as of May 2009:
Limewire: 297 weeks on chart
Winzip: 651 weeks on chart
BitComet: 249 weeks on chart
Spybot: 319 weeks on chart
Adobe Reader: 555 weeks on chart

Oct 2007:

1. AVG
2. Ad-Aware
3. BitComet
4. ICQ
5. WinZip

Jun 2007:

1. Ad-Aware
2. AVG
3. ICQ
4. LimeWire
5. WinZip

Dec 2006:

1. SpySweeper
2. Spyware Doctor
3. Ad-Aware
4. BitComet
5. LimeWire

Oct 2006:

1. Spyware Doctor
2. Ad-Aware
3. SpySweeper
4. LimeWire
5. ICQ

Aug 2006:

1. LimeWire
2. Ad-Aware
3. Spyware Doctor
4. ICQ
5. SpySweeper

June 2006:

1. Spyware Doctor
2. Ad-Aware
3. ICQ
4. LimeWire
5. Morpheus

May 2006:

1. Spyware Doctor
2. Ad-Aware
3. LimeWire
4. ICQ
5. All-In-One SecretMaker

Feb 2006:

1. Ad-Aware
2. Spyware Doctor
3. ICQ
4. LimeWire
5. All-In-One SecretMaker

Dec 2005:

1. Ad-Aware
2. Spyware Doctor
3. ICQ
4. Limewire
5. Spybot

Oct 2005:

1. Ad-Aware
2. Spyware Doctor
3. iMesh
4. ICQ
5. Limewire

Aug 2005:

1. Ad-Aware
2. ICQ
3. Spyware Doctor
4. Spybot
5. iMesh

Jun 2005:

1. Ad-Aware
2. Limewire
3. ICQ
4. Spybot
5. WinZip

Apr 2005:

1. Ad-Aware
2. Limewire
3. ICQ
4. Spybot
5. WinZip

Feb 2005:

1. As-Aware
2. LimeWire
3. ICQ
4. Spybot
5. iMesh

Dec 2004:

1. Ad-Aware
2. Spybot
3. ICQ
4. Winzip
5. iMesh

Oct 2004:

1. Ad-Aware
2. Spybot
3. ICQ
4. WinZip
5. LimeWire

Aug 2004:

1. Ad-Aware
2. Spybot
3. ICQ
4. WinZip
5. ZoneAlarm

Jun 2004:

1. Ad-Aware
2. Spybot
3. ICQ
4. WinZip
5. iMesh

Apr 2004:

1. Kazaa
2. Ad-Aware
3. ICQ
4. Spybot
5. WinZip

Mar 2004:

1. Kazaa
2. Ad-Aware
3. ICQ
4. WinZip
5. iMesh

Dec 2003:

1.Kazaa
2. ICQ
3. Ad-Aware
4. iMesh
5. WinZip

Oct 2003:

1. Kazaa
2. AOL IM
3. ICQ
4. iMesh
5. WinZip

May 2003:

1. Kazaa
2. ICQ
3. iMesh
4. WinZip
5. AOL IM

Apr 2003:

1. Kazaa
2. ICQ
3. WinZip
4. AOL IM
5. iMesh

Feb 2003:

1. Kazaa
2. ICQ
3. WinZip
4. iMesh
5. ICQ Pro Beta

Dec 2002:

1. Kazaa
2. Kazaa (duplicate entry on site)
3. ICQ Pro Beta
4. ICQ Lite
5. iMesh

Sep 2002:

1. Kazaa
2. ICQ
3. WinZip
4. iMesh
5. Morpheus

July 2002:

1. Kazaa
2. ICQ
3. Morpheus
4. WinZip
5. iMesh

May 2002:

1. Kazaa
2. ICQ
3. DivX Pro
4. DivX
5. Morpheus

Mar 2002:

1. Morpheus
2. Kazaa
3. ICQ
4. WinZip
5. DivX Pro

Jan 2002:

1. Morpheus
2. ICQ
3. WinZip
4. DivX Player/Codec

Dec 2001:

1. Kazaa
2. Morpheus
3. ICQ
4. WinZip
5. DivX Player/Codec

Oct 2001:

1. Morpheus
2. Kazaa
3. ICQ
4. WinZip
5. DivX Player/Codec

Aug 2001:

1. Morpheus
2. AudioGalaxy
3. Kazaa
4. ICQ
5. WinZip

Jun 2001:

1. AudioGalaxy
2. ICQ
3. iMesh
4. WinZip
5. Morpheus

Mar 2001:

1. ICQ
2. WinZip
3. iMesh
4. AudioGalaxy
5. Download Accelerator

Oct 2000:

1. ICQ
2. Webshots Desktop
3. Scour Exchange
4. Download Accelerator
5. WinZip

Aug 2000:

1. ICQ
2. Webshots Desktop
3. Scour Exchange
4. Download Accelerator
5. WinZip

Jun 2000:

1. ICQ
2. Webshots Desktop
3. WinZip
4. Download Accelerator
5. Winamp

May 2000:

1. ICQ
2. Webshots Desktop
3. WinZip
4. Download Accelerator
5. Windows Media Player

Feb 2000:

1. ICQ
2. Webshots Desktop
3. Speednet
4. WinZip
5. StayOn Pro

Nov 1999:

1. ICQ
2. Webshots Desktop
3. Winamp
4. WinZip