$words[rand()]

A post today on Slash­dot got me think­ing about adver­tis­ing. Specif­i­cally adver­tis­ing on the inter­net, but also adver­tis­ing in general.

The arti­cle linked off the Slash­dot post was writ­ten by a man named Jim Lynch, a long time writer in tech­nol­ogy media both dig­i­tal and print. Mr. Lynch is appar­ently annoyed by a new fea­ture in Apple’s just-released Safari 5 web browser called Reader. Reader is a fea­ture that, when selected by the user, attempts to detect “arti­cle” con­tent on a web page and dis­play it in a sim­ple for­mat which is larger and often eas­ier to read than the nor­mal web site lay­out. It also attempts to detect multi-page arti­cles and auto­mat­i­cally dis­play fur­ther pages as you scroll down, effec­tively cre­at­ing a “print” view for sites which may lack such things.

What both­ers Mr. Lynch basi­cally comes down to adver­tis­ing. When using Reader, if it works prop­erly all ads are stripped out of the con­tent. More impor­tantly for some, the auto­matic load­ing of the next page means cost-per-impression ads get many less views as they would only show on the first page before the user clicked the Reader button.

I under­stand the key point behind his com­plaint, web sites cost money to run and that has to come from some­where. This site costs me about $275 a year between domain reg­is­tra­tion and server space, and it’s fairly low vol­ume (under­state­ment of the cen­tury, I aver­age less than 40 pageviews a day not count­ing spi­ders). I pay this out of pocket, since for my use the domain is for my email and the VPS is just a place for me to exper­i­ment. As far as I’m con­cerned I’d be pay­ing for them both any­ways, so why not put some­thing there? Obvi­ously that rea­son­ing doesn’t tend to apply out­side the range of per­sonal blogs and the costs are much higher when you start talk­ing real traf­fic lev­els requir­ing real servers rather than a vir­tual slice of one.

Unfor­tu­nately, I can’t help but not feel the slight­est bit of sor­row for adver­tis­ers and those run­ning adver­tis­ing when they com­plain about their ads being blocked. They’ve for the most part brought this on them­selves, by design­ing their ads to be as intru­sive and annoy­ing as pos­si­ble. Web pub­lish­ers have been just as badly a part of the prob­lem, inject­ing ads as if they were con­tent, allow­ing nui­sance ads with auto­play audio/video or var­i­ous popup/under/over win­dows, and in some par­tic­u­larly annoy­ing cases using the con­tent as the ad with Intel­liTXT and the like.

We’ve already seen what the abil­ity to skip ads has done to the tele­vi­sion indus­try. For years they thrived on annoy­ingly loud and repet­i­tive ads which seemed to rely on the “any pub­lic­ity is good pub­lic­ity” the­ory. As soon as the DVR became com­mon the ad mar­ket pretty much fell apart on any­thing peo­ple weren’t watch­ing live. Now that exten­sions like Adblock for Fire­fox and Apple’s new Reader are mak­ing it easy for the aver­age user to dodge ads (rather than us geeks who have been doing it for years) the inter­net ad com­mu­nity fears the same thing happening.

All I have to say is that the inter­net ad indus­try needs to learn from the suc­cess­ful tele­vi­sion ad campaigns.

First and fore­most, DO NOT PISS OFF YOUR POTENTIAL CUSTOMER!!!!!!!!!
If an overly loud and annoy­ing ad comes on the radio or TV, I’ll turn the vol­ume down or change the chan­nel if I don’t really care for what’s on while mak­ing a men­tal note to avoid the adver­tiser if pos­si­ble. The same applies to inter­net ads. If your ad stretches over the con­tent I’m try­ing to read, starts play­ing audio out of nowhere, makes half the words on the page pop up prod­uct links, or oth­er­wise inter­feres with my read­ing of the con­tent I will go out of my way to avoid your prod­uct where pos­si­ble. If ad block­ing is avail­able, I’ll turn it on imme­di­ately when any of those hap­pen and may make a note to avoid the site where it was seen as well.

Sec­ond, draw my eye the right way. You do not have to be loud, either lit­er­ally with audio or fig­u­ra­tively with bright/flashing col­ors. Use your space to make me inter­ested in what you have, then if I actively click on it you can load your con­tent of choice. This is more for adver­tiser rather than pub­lish­ers, but due to point one pub­lish­ers would do well to enforce point two.

Third, be rel­e­vant. If I’m read­ing a site about cars, an ad for purse built to carry small dogs is most likely irrel­e­vant. Again this is for both pub­lish­ers and adver­tis­ers. Ad net­works which do not tar­get based on con­tent are out­dated and should be dropped imme­di­ately from both sides.

Fourth, don’t try to shove too many ads in my face. I myself start get­ting annoyed when there’s more than 3 – 5 ads on the screen at one time, depend­ing on the amount of con­tent and such. Sites that split arti­cles in to a huge num­ber of short pages in order to increase impres­sions for ad pur­poses fall in to the same cat­e­gory (and I believe these sites are the great­est rea­son for the Reader fea­ture). Divid­ing arti­cles in to mul­ti­ple pages is fine, but don’t do it unless you have at least as much infor­ma­tion on a page as an aver­age mag­a­zine. Two para­graphs and a few pic­tures are not a page.

The short ver­sion is pro­vide ads that don’t annoy the reader and prefer­ably are some­thing they might actu­ally want and you won’t have as many block­ing them. If the rel­e­vance goes up, more peo­ple will click on them too. As for the rest, those who have already decided to install full ad block­ers, those are gone already. You won’t get them back, it’s just too nice. Down­load Fire­fox, install Adblock Plus, and sub­scribe to one of the pop­u­lar fil­ter lists like Easylist. Now turn it off and browse to a few pop­u­lar news sites. Turn it back on and reload those pages. If you don’t agree that this is a much cleaner and more enjoy­able way to browse the inter­net you’re blind.

To whom it may concern:

Over the past two days there has been a lot of talk about your new data plans, par­tic­u­larly the removal of the “unlim­ited” option. While I believe there should be a third tier for the heav­ier users, I can under­stand the rea­sons for mov­ing to an entirely metered struc­ture and do not have any prob­lems with that part. Where I do have a prob­lem is the addi­tional $20 per month charge for users of inter­net tethering.

Before I make my points, let me quote one of your Senior Vice Pres­i­dents, Mark Collins, from his inter­view with GigaOm on the day the new plans were announced.

That capa­bil­ity is enabling some­thing you can’t do today. You can use one device and get mul­ti­ple con­nec­tions so it’s more use­ful to you. You’re going to use more data so the price is based on the value that will be delivered.

This is in response to the ques­tion “What about the $20 teth­er­ing fee? It looks like a con­ve­nience charge.”

That capa­bil­ity is only enabling some­thing you can’t do today because you locked it out in the first place. My AT&T-branded LG CU500 could not tether until I had a teth­er­ing plan, but my unlocked and unbranded Sony K850i could just fine with­out any spe­cial teth­er­ing plans. The Apple iPhone 3G and 3GS both have sup­ported teth­er­ing offi­cially since the release of the 3.0 firmware released nearly a year ago, but this was dis­abled on mod­els sold in the US because you did not want to allow it. Teth­er­ing is not some spe­cial fea­ture you are doing work to enable and deserve to be paid extra for, it’s a fea­ture all of our data-capable phones have built in which you have actively engaged in defeating.

I won’t argue the state­ment that it makes my phone and data plan more use­ful, but again this is a fea­ture that both have inher­ently had from the begin­ning and you have actively sought to remove. If I went to rent a four door sedan and found that the pas­sen­ger side and rear seats had been removed unless I paid an extra fee to have them rein­stalled, I and any other rea­son­able per­son would think that is out­ra­geous. Unfor­tu­nately you are able to take advan­tage of the fact that 99% of your users are not technology-savvy and thus do not know how much they’re being screwed.

The last part of that response is the most illog­i­cal of them all. “You’re going to use more data,” so the price increases with­out the amount of data I’m allowed to use chang­ing in the slight­est? How is me using 2GB in one month on a smart­phone dif­fer­ent from using 2GB in one month teth­er­ing to even a dozen lap­tops? Data is data, one type doesn’t put any extra load on your net­work ver­sus another.

Extra charges for teth­er­ing were accept­able when the alter­na­tive options were smartphone/dumbphone-only unlim­ited pack­ages, since yes, a teth­er­ing user is likely to use more data over­all. How­ever, if I’m already buy­ing a bucket of bits how does it mat­ter at all if I choose to use those to feed my smart­phone directly or down­load some­thing to my laptop?

To close, I have been a cus­tomer of AT&T since port­ing in from T-Mobile’s then ter­ri­ble cov­er­age in 2005. In that time I have at peak car­ried two voice lines, one iPhone data, and one Lap­top­Con­nect at the same time. I know that does not make me any­thing spe­cial, but I’m sure it’s more than most of your sin­gle non-business or fam­ily cus­tomers. I have also defended AT&T as hav­ing the best net­work for geeks due to your use of open GSM tech­nol­ogy and until recently high­est mobile data speeds. As you might guess, I will not be doing this any longer and I will be empha­siz­ing the prob­lems I have with your change to any­one who may ask about your ser­vice. I had been eye­ing the Sprint/HTC Evo 4G for a time while debat­ing mak­ing the switch, I thank you for help­ing me make my deci­sion. You can expect to see my num­ber port out in the near future.

Sin­cerely,
Sean Harlow

Sent via e-mail to Ran­dall Stephen­son, CEO and Mark Collins, VP of Voice and Data

If you are see­ing this post, your DNS servers have updated and noticed that my old VPS on JaguarPC is no longer where they should look. My blog and other ran­dom shit has now been moved over to Lin­ode, where they don’t block IRC and other things I run on my box.

Today I had Steam start throw­ing an error that it is being run in com­pat­i­bil­ity mode when I had never set such a thing, nor were either the short­cut or EXE itself flagged for com­pat­i­bil­ity mode. Thanks to a lit­tle googling, I found this thread on the Steam forums which finally had a solution.

Open the reg­istry edi­tor (if you don’t know how to do this, you should not be mess­ing around in the reg­istry) and browse to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers. Look for entries in those keys men­tion­ing steam.exe and delete them. Restart Steam and you’re set!

Got back home from the Day­ton Hamven­tion around 8 PM last night. I went there plan­ning on buy­ing an entry-level HT, but I ended up get­ting attracted to shiny things and bought a Yaesu VX-7R rather than my intended tar­get of some­thing in the FT-60R range. Made a few con­tacts on the trip back, unfor­tu­nately I don’t remem­ber many calls or names, the only ones I can recall are Ron (W8RON) and I think another guy both Ron and I talked with was named Kyle, I can’t remem­ber his call.

So I’m finally on the air the “proper” way rather than just being tied to Echolink. Woo!

–KD8JQS

This morn­ing I rebooted my test box run­ning VMware ESXi 3.5 to com­plete the upgrade from Update 3 to Update 4. The hyper­vi­sor came back up, but no guests were run­ning and when I popped open the VI Client it indi­cated that there were no data­s­tores con­fig­ured and it could not find any of the vir­tual machines I had in inven­tory. It saw the inter­nal disks and that they were for­mat­ted VMFS, but would not allow me to do any­thing other than for­mat them over again.

Nor­mally this would have sim­ply annoyed me since I would have lost my test VMs, but they don’t take long to build so I’d have just for­mat­ted them and gone on with my day. Unfor­tu­nately within the last week we had tem­porar­ily moved a crit­i­cal application’s VM to this box and we had not prop­erly recon­fig­ured backup. I could restore from the week old backup, but there would be hell to pay.

Since the VMFS par­ti­tions were clearly vis­i­ble I felt I had a chance, but I’m still new to ESX/ESXi so my first step was to flip over to my always run­ning irssi ses­sion (if you use IRC and do not use screened irssi, go Google it now and enjoy) and ask for help in #shsc and #vmware. #shsc always has a few guys who work on large VMware installs idling, and of course #vmware is obvi­ous. While wait­ing for any input from IRC, I went to Google for my next step. I knew ESXi has the capa­bil­ity to be accessed via SSH, but it’s dis­abled by default, so I looked up how to turn it on. A few min­utes later after bring­ing a mon­i­tor over to the machine and reboot­ing it I had SSH access and could go through sys­tem logs from the com­fort of my laptop.

In /var/log/messages I found two entries ref­er­enc­ing my SATA con­troller which looked inter­est­ing:
May 5 14:34:35 vmkernel: 0:00:06:39.406 cpu0:3616)ALERT: LVM: 4482: vmhba000:0:0:3 may be snapshot: disabling access. See resignaturing section in SAN config guide.
May 5 14:34:35 vmkernel: 0:00:06:39.408 cpu0:3616)ALERT: LVM: 4482: vmhba0:0:0:1 may be snapshot: disabling access. See resignaturing section in SAN config guide.

This infor­ma­tion, after a quick trip to Google, led to VMware’s SAN con­fig­u­ra­tion guide which ref­er­ences sim­i­lar issues occur­ring on SANs, so I tried enabling the res­ig­na­tur­ing option and mag­i­cally my data­s­tores reap­peared. After renam­ing them back to their orig­i­nal names and turn­ing the res­ig­na­tur­ing option back off I had all my data and was able to down­load the disk images and VMX files so I was safe in the event of a major problem.

At this point, I could see my VMs but the VI inven­tory was still con­vinced that they were on the “old dri­ves”, so after a bit more time on Google I dis­cov­ered the Import fea­ture within the data­s­tore browser and I was able to bring the VMs back in and get them boot­ing up.

Screen­shot show­ing my data­s­tores and two VMs running

After con­firm­ing that the VMs I really needed were boot­ing and oper­a­tional, I shut every­thing down to move the server back to its spot in my rack. For­tu­nately every­thing came right back up so the pres­sure was now off.

Now my con­cerns shifted. If this hap­pened once, what’s to stop it from hap­pen­ing again? I needed to fig­ure out why it hap­pened. For­tu­nately at nearly the exact moment I started think­ing about this IRC came through for me. “jidar” in #shsc linked to this thread on VMware’s forum with lit­er­ally the exact same symp­toms. A few posts down was a link to this page which again matched my expe­ri­ence exactly and says that U4 updated a num­ber of SATA dri­vers includ­ing the one for the ICH9 con­troller in my Pow­erEdge and changed the way they appear to the hyper­vi­sor, which led to it not rec­og­niz­ing the dri­ves for what they are.

Right now I’m mod­er­ately annoyed at an update that’s not even enough to earn it a minor ver­sion num­ber bump on a piece of soft­ware intended for enter­prise use hav­ing a change with the poten­tial to cause this, but on the other hand I don’t expect any­one who really cares about reli­a­bil­ity to be using SATA local stor­age. Ah well, I learned a bit about nav­i­gat­ing around ESXi’s internals.

Over the com­ing weeks I will be spend­ing one week each with a num­ber of PC-based router/firewall prod­ucts installed as the pri­mary NAT gate­way at my apart­ment. I will be review­ing them based on over­all per­for­mance, inter­op­er­abil­ity with my SIP-based VoIP ser­vice, QoS capa­bil­i­ties, VPN capa­bil­i­ties, and any extra fea­tures that make them stand out from the crowd.

The test plat­form will be a Dell Pow­erEdge SC430 with a 1.6 GHz Intel Xeon dual core proces­sor and 4GB of RAM. The cur­rent list of soft­ware to test is as follows:

• pfSense 1.2 (Stable)
• pfSense 2.0 (Alpha)
• Untan­gle Open Source 6.1
• Vyatta Com­mu­nity 5

I will also be test­ing “appli­ance” type routers based on what is avail­able to me, which cur­rently is as follows:

• Linksys WRT54GL (Linksys firmware 4.30.12)
• Linksys WRT54GL (Tomato 1.23)
• Linksys WRT54GL (DD-WRT v24 SP1 Mega)
• Linksys WRT54GL (Open­WRT Kamikaze 8.09)
• Cisco 1841 (IOS 12.4(23))
• Watch­guard Fire­box X Edge
• Edge­wa­ter Edge­marc 4500 (VOS 9.1.2)

The Watch­guard is cur­rently unknown due to not hav­ing the pass­word for it and I may cut down the list of Linksys firmwares, but all of the rest will be tested.

Hard­ware or soft­ware sug­ges­tions for fur­ther test­ing are appreciated.

Sjur Usken and San­dro Gauci have dis­cov­ered a major flaw in the SIP imple­men­ta­tions on a wide range of IP phones. The short expla­na­tion is that the phones do not ver­ify where a proxy authen­ti­ca­tion request is com­ing from and hap­pily return the SIP authen­ti­ca­tion infor­ma­tion. It is hashed and salted, but the salt is cho­sen by the attacker, so a set of rain­bow tables would make crack­ing it triv­ial. For full details, check out Sjur’s blog post (which spread fairly rapidly around the VoIP world) and his lat­est post show­ing the trace as he attacked a Cisco 7940 I set up for this purpose.

Until the phone ven­dors release fixed firmware (if they do) the only way to defend your­self from this is to not have phones exposed on pub­lic IP addresses. If they have to be for some rea­son (we all know SIP and NAT really don’t get along, and proper SIP aware NAT devices cost a fair bit) set fire­wall rules that pre­vent the phones from speak­ing SIP to any IPs that aren’t part of your VoIP sys­tem. Alter­na­tively, in the event that every sin­gle phone on your sys­tem is sta­t­i­cally addressed, the reverse could be done at the reg­is­trar side. It wouldn’t stop the attack­ers from find­ing the pass­word, but it would pre­vent them from using it in any way.

The impli­ca­tions of an attacker gain­ing the SIP authen­ti­ca­tion infor­ma­tion are of course severe, once they have that they can imi­tate the attacked phone and make calls to any num­ber of regions poten­tially cost­ing thou­sands of dol­lars in the course of a sin­gle night.

Just a few sec­onds ago I finally cleared the check­box in Adium for my ICQ account. It was my longest-lasting instant mes­sage ser­vice account, hav­ing been active since 1998 or so, and I started using multi-service IM clients like Miranda, Tril­lian, and Adium entirely because I wanted to keep using ICQ even though most of my friends were on AIM instead.

Times have changed of course, as far as I’m aware I have one con­tact on ICQ and I haven’t used it to talk to him since AIM started to sup­port offline mes­sages. Look­ing at my Adium chat logs, since Decem­ber of 2006 I have not sent a sin­gle mes­sage on ICQ and the only mes­sages I’ve received are spam. With that in mind, it’s time for it to go.

Turned off the Twit­ter digests, those were just silly and annoying.