Read/Write Web

Subscribe to Read/Write Web feed
Updated: 3 days 9 hours ago

Weekend Project: Start Guarding Yourself Against Heartbleed

Sun, 04/20/2014 - 14:11



It’s a dangerous world out there, now made a little scarier thanks to Heartbleed.

A small coding error in OpenSSL, a massively adopted open-source protocol, the Heartbleed flaw managed to go undetected for two years as it tore security holes across huge swathes of the Internet. 

That’s enough to strike fear into the heart of any modern Web-using person—which is practically everyone in the developed world. And yet, most people I’ve spoken to still haven’t changed their passwords or taken other steps to make hackers’ jobs more difficult. 

If you’ve also been putting this off, or simply don't know where to start, dedicate a little time this weekend to this checklist of tasks that can help protect you against Heartbleed. 

Stopping The Bleed

Anxiety has been running high ever since the security flaw was made public on April 7. In less than two weeks since then, legions of Website administrators, app developers, security pros and others have been scrambling to address this mess. Although some companies say they’ve now patched it, plenty still haven’t. It will likely take years before the Heartbleed threat can be considered largely neutralized. 

Until then, users find themselves in a weird place. Since the onus is on tech purveyors to lock things down, there’s not much individuals can do—except make it harder for hackers to target them and actually use that data. That’s why experts urge people not to frequent Heartbleed-vulnerable sites, and change their passwords across their various accounts. 

This suggestion sounds reasonable; unfortunately, trying to remember every site, service and app you use and manually checking them, one by one, before changing logins is a tedious process. And, in itself, it's prone to human error. After all, there’s bound to be some site or service you forget about. 

Sure, you can go to extremes by locking everything down—you can even take yourself totally offline—but realistically, that’s not going to work for most of us. So let’s focus on the simpler things you can do with the biggest security payoff. 

Step 1: Make A List Of Important Sites And Accounts

Start by corralling your top-priority accounts—anything that touches your financial or medical data, email and messaging accounts, online identities (including social media), or anything else you wouldn’t want strangers to access. 

  • The sites that come to mind first will likely be your most frequently used applications, which means they're probably important to you in some way, so jot those down. 
  • Browse through your desktop and phone applications, and call out any apps or accounts that sync your data to the Internet. (Note: Intranets, VPNs and other proprietary cloud services may also be vulnerable, but you’ll want to follow administrators’ guidelines for that. Don’t include those in this list.)
  • If you’re an Apple OS X user, look at the apps and sites listed in Keychain, which holds usernames and passwords. The Keychain is located in the Utilities folder within your Applications folder.
  • If you use a password manager, take note of those accounts as well. (If you don’t use one, see below.) 
  • Parse your browser bookmarks, for Web accounts you access directly. 

Basically you want to consider any app, Website or service that requires login credentials and goes to, or through, the Internet. Keep in mind that some store passwords and log you in automatically. 

Step 2: Check Which Apps or Sites Are Vulnerable To Heartbleed See also: 7 Heartbleed Myths Debunked

Now that you've compiled your list of sites and services, you'll need to check which accounts are actually vulnerable to this bug. Then you'll go through and change passwords. It sounds straightforward, but it's not, partially because there’s disagreement about how to actually do this. 

Some experts say you should change all your passwords immediately. Emmanuel Schalit, chief executive of password management service Dashland, urged users to quickly change their passwords for all critical accounts—like banks, PayPal and email—and then change them again once those sites actually plugged the holes. 

Others—like Rik Ferguson, vice president of security research at Trend Micro—advise holding off on changing passwords for affected sites until they’ve implemented the fix.

Ferguson tweeted that changing one's password “while the vuln[erability] is probably under widespread exploitation isn’t a good suggestion,” adding, "Changing now increases your risk of exposure in the short term as the vuln[erability] is now public." 

The latter suggestion appears to be the predominant wisdom, but either way, it's necessary to check each one of your important sites and note which are vulnerable to this bug. CNET offers an ongoing Heartbleed status list for popular sites, but there are other tools that can help: 

  • Browser users can install extensions like Chromebleed (Chrome) or Heartbleed-Ext (Firefox) or Netcraft (Chrome, Firefox, Opera), to see if sites they’re visiting are affected and get browser notifications. 
  • Android users can check on their device’s Heartbleed risk using Lookout’s Heartbleed Detector app, or use Bluebox Heartbleed Scanner to evaluate both the operating system and installed applications. There’s also a Heartbleed app for Windows Phone, though it’s simply a URL checker. Apple says iOS is not vulnerable to Heartbleed. 
  • Check URLs directly with an online Heartbleed checker, like the ones by Filippo Valsorda or LastPass

For Android users, we may just be scratching the surface. According to Google, most gadgets that run its mobile operating system are safe from Heartbleed exploitation, except those that run Android 4.1.1. But Lookout claims that a few Android 4.2.2 devices could be affected

A representative from the company, which compiled data from 100,000 of its app users, told me that 5.4% of users running 4.2.2 had the affected version of OpenSSL with Heartbeat—the specific extension that carries the Heartbleed flaw—enabled. These mobile devices could be running custom versions of the Android software, but for peace of mind, you can use Lookout or Bluebox’s mobile apps to check your handset. 

Step 3: Change Your Passwords

The final step is changing your passwords for every site that’s no longer vulnerable to Heartbleed, especially those were initially at risk but have now patched the hole. 

There are three common ways to deal with passwords, but the first two of these are incredibly insecure: Many create the same easy-to-memorize login for every site, or set different passwords and store them in a text file for easy access. But we recommend you keep your passwords diverse and store them all in a password manager. 

Here's what you need to bear in mind when changing passwords: 

  • For optimal security, you want long passwords with random numbers and punctuation.
  • Passwords are more secure if there are no actual words in them.
  • Vary your passwords for each account. Every single one of them. 
  • Can't remember them all? Few could. So rely on password managers instead—that's what they're there for. In fact, not only can they store your logins, but they can suggest new ones, too, which would take care of all of the above.

There are plenty of password management apps and services—like LastPass, Dashlane, 1Password, Keeper, Roboform, Lookout and PasswordBox. They're basically highly encrypted password vaults that work across different devices—whether iOS or Android, Windows or Mac. And most of these services feature password generators that can toss out different, hard-to-guess logins for every account. LastPass even has a Heartbleed checker built-in. 

Note: If you're a small business owner or running a team, you may need a more robust, collaborative password manager with administrative functions instead. In that case, something like Meldium or OneLogin may be up your alley. 

Other Considerations

You can change all of your passwords now, or only some, subtracting those services that are still vulnerable. Either way, you’ll still need to stay on top of the Heartbleed status for affected sites, so keep one or more of the tools listed above on hand. You'll also want to keep your desktop and mobile apps updated so you always have the latest security updates. 

Finally, if you haven’t done so before, activate multi-factor authentication wherever you can. It’s a secondary security protocol that usually involves sending a code or password to another device, like your smartphone, before allowing account access. On sites that offer it—including many online banking services, and email and social networks like Gmail, Twitter and Facebook—you can typically enable the feature from the settings page after you log in. 

Unfortunately, even this extra layer of security isn’t foolproof. Nothing really is, though, short of shutting down our accounts and going totally offline. But even then, our information is often saved online in some way. So even though end users can't fix this hole—it's up to the Web's architects to shore up the leaks in the Internet's foundation—we can do more than just sit idly by. We can and should create more obstacles for the intruders who would exploit it. 


Images courtesy of Flickr users Rachel Hofton (feature image), Horia Varlan (puzzle), cali4beach (image cropped) and Alonis (heart lock).

Amazon's Fire TV Still Needs Fixing, Stat

Sat, 04/19/2014 - 14:04



Despite Amazon’s lofty ambitions to reimagine the multimedia center, its Fire TV streaming box entered the streaming-video fray earlier this month with a frustrating, fractured search engine. Amazon is taking some steps to fix the Fire's flaws—but so far it's not close to solving its biggest problems.

See also: Review: The Amazon Fire TV Is Kind Of A Mess

True, Amazon customer reviews of the device are generally positive—five-star reviews account for roughly for almost half of nearly 2,400 reviews so far; the average review is 3.9 stars out of five. The Fire TV also ranks first in Amazon's list of best-selling electronics products; Google's Chromecast is #2.

But the device's poor search experience was, in my opinion, the most frustrating aspect of the Fire TV. The good news is that Amazon looks to improve on that over the next few months. On Thursday, the retail giant announced the Fire TV will expand its voice-search capability to more channels such as Hulu Plus, Crackle and Showtime Anytime. Currently, Vevo is the only third-party service to integrate its full catalogue into Fire TV’s unified voice search, which users can access via a microphone in the Fire TV's remote control.

Amazon also touted a number of coming attractions for Fire TV. One feature, “Prime Browse,” will show you which movies and TV shows are available on the company's Prime Instant Video service, which provides "free" streaming of some movie and TV offerings for Amazon Prime subscribers. It's also promising to add Amazon MP3, the company’s free music app for Android, to the device.

Amazon is apparently still working toward release of its FreeTime parental-control function. And it continues to tout plans for "more games" on top of the 100 available titles from developers like Sega, Double Fine, Disney and its own Amazon Game Studios.

What Amazon Is Still Missing

Despite all these planned improvements, the Fire TV's overall experience still needs a lot of work. Voice-search support for a few new channels is certainly welcome—but there's still no sign that voice search will extend to Netflix, the most popular streaming service out there.

And Amazon still hasn’t fixed the Fire TV's biggest search problem: Fire TV owners must still search each video channel separately. That's right—there's still no way to look for a particular TV show or movie across all the channels you can stream on the device. The Fire TV badly needs a unified search engine that can offer consumers a better way to find and stream programs—one that doesn't just recommend shows for purchase or rental through Amazon when a search comes up empty, as the Fire TV does now.

Half-baked seach notwithstanding, Fire TV still has a lot going for it—a giant ecosystem of games, movies, shows and music from Amazon, a super speedy interface, intelligent options for kids’ programming and gaming, and a collection of streaming channels that will only grow over time. It’ll even feature a number of exclusive original series from Amazon Studios, which could put it on equal footing with Netflix—except that Netflix doesn’t own any proprietary hardware.

But as I mentioned in my Fire TV review, speed and openness mean little when the glue that holds everything together—search—is garbage. It’s still an arduous task to find the programs you’re looking for on Fire TV, and frankly, it’s not fun.

And while it's true that no other streaming device has really solved the universal search problem either, very few of the Fire's competitors have promised the mind-blowing streaming-video experience Amazon touted for the Fire TV. It's time for Amazon to put its money where its search is.

Lead image by Dave Smith for ReadWrite

Americans Are Bullish On Technology's Distant Future, Less So Its Present

Fri, 04/18/2014 - 17:49



Despite the number of popular dystopian novels written over the years, Americans have continually been optimistic when it comes to the future of technology. At least, the distant future of technology. We're far less sanguine about the technology that threatens to upend our lives today or tomorrow, as a new Pew Research survey suggests.

In 1988, the Los Angeles Times took a break from crushing traffic (no, not really) to anticipate they'd have robotic maids and holographic conference calls in just 25 years. That prediction didn't come to fruition, but it hasn't stopped people from dreaming of a distant future where humans can teleport from one place to another, or control the weather, even as we anguish over near-term technological realities of "Glassholes," inbox overload and more.

Following this trend, Americans are currently bullish on lab-grown organs, computer-generated art and other plausible advances in technology, with 59% expecting that technology will make our lives better.

Why is it that technological advances always look best at a distance?

The Rich And Educated Love Technology's Future

Especially, that is, if you're rich, educated and male. Right or wrong, based on Pew's survey, if you are rich, educated and male, you are more likely to be bullish about technology.

Just 52% of those making under $30,000 feel that technological innovations will make their lives better, while 67% of those making over $75,000 expect those same innovations to improve their lives. In other words, those that make more money tend to feel more optimistic about the future of technology.

For those that have high school degrees and maybe a little college education, 56% of those people see technology improving their lot. That number rises to 66% among those holding a college degree. Perhaps given superior access to technology makes the relatively affluent and educated more bullish on its potential.

Interestingly, while one's faith in technology tends to correlate with one's income, it doesn't correlate with age. Those 65 or older feel roughly the same buoyant feelings about technology's potential as those under 24, or in between. But if we just look at males with college degrees, suddenly we're looking at a population in which 79% feel that technological advances will make their lives "mostly better."

And what does that future look like? Well, given the recent advances in biological engineering, it's not surprising that we see lab-grown organs as a distinct possibility, even if we can't quite see a future of "Beam me up, Scotty!" Bizarrely, we seem to be evenly split on whether computers will generate art (novels, paintings, etc.) that rivals what humans produce, with 51% believing this will happen in the next 50 years, while 45% think it will not.

Though apparently Americans already read the sort of drivel that a computer could write. Twilight, anyone?

Not So Bullish On Near-Term Technological Advances

While we seem to be happy about the distant future of technology, we're ironically much less so about near-term, highly plausible advances. We imagine a future with all the benefits of technology, and none of its downsides.

As Aaron Smith, a senior researcher at Pew and the author of the report, notes:

[We] are especially concerned about developments that have the potential to upend long-standing social norms around things like personal privacy, surveillance, and the nature of social relationships.

To wit, roughly half of Americans think it would be a bad thing if “most people wear implants or other devices that constantly show them information about the world around them,” reflecting a distaste for a future filled with Google Glass. On other probable advances, Americans are even less enthusiastic:

And while Americans may like the idea of a certain technology, the survey suggests they'd prefer someone else try it out first:

In other words, we love technology, but we're not completely sure if the forthcoming advances are what we actually want.

What is it that we're looking forward to most? When asked what advancements people would really like to see, the most popular answers included travel improvements like flying cars and bikes, or even personal spacecraft; time travel and health improvements that extend human longevity or cure major diseases.

Given that Google appears most likely to give us self-driving and, perhaps, flying cars—paid for, in part, with our personal data—a conflict is brewing between what we want and what we'll get.

Why Are We So Bad At Predicting The Future?

That said, we're pretty poor at predicting the future, anyway. So as much as we want time travel, we're probably not goign to get it. Not how we expect, anyway. How bad are we at predicting, exactly? Well, Freakonomics co-author Stephen Dubner argues "even experts are only nominally better than a coin flip." (For those paying attention at home, that's not very good.)

Harry McCracken nails the reason in commenting on this 1981 cover of Byte magazine:

We tend to think that new products will be a lot like the ones we know. We shoehorn existing concepts where they don’t belong. Oftentimes, we don’t dream big enough.

McCracken then goes on to point out the flaws in our current thinking about smartwatches:

Much of the thinking about smartwatches involves devices that look suspiciously like shrunken smartphones. That’s what we know. But I won’t be the least bit surprised if the first transcendently important wearable device of our era–the iPhone of its category–turns out to have only slightly more in common with a 2014 smartphone than it does with a 1981 computer.

In other words, we fail to predict the future because we're completely constrained by our past. 

A Future That Looks Like Her?

Whatever our near-term imaginings, like keyboard-less desktops à la Her, the future will likely not be what we expect. In 1988, the Los Angeles Times predicted a future of robotic dogs and supersonic jets as the norm. While some predictions have been close, most were simply wishful thinking based on the immediate problems of the day.

The one thing that likely will remain true, however, is our enduring ability to see technology fixing all our future problems ... despite doing a somewhat dismal job of managing this in the present.

Image courtesy of Shutterstock

5 Important Things To Consider If You're Still Running Windows XP

Fri, 04/18/2014 - 14:07



Microsoft has finally tied its good old dog, Windows XP, to a tree ... and bashed its head in with a shovel. After 13 years of loyal service, Microsoft has finally cut off support for Windows XP, which means the company won't be issuing further security updates for it. But plenty of people are going to keep using Windows XP anyway; it's still operating in machines everywhere, from ATMs and point-of-sale systems to computers at government agency and large corporations.

Fortunately, there are still several ways to stay protected now that XP is vulnerable to new attacks and zero day bugs that won't be patched by Microsoft.

See also: Goodnight, Windows XP: Microsoft Terminates A Surprisingly Durable Operating System

The largest and laziest companies and governments agencies are putting off the inevitable and paying Microsoft for additional support. For instance, the U.S. Treasury Department is paying Microsoft because it was not able to finish the migration to Windows 7 at the Internal Revenue Service in time, and has reportedly paid millions for new patches. The British and Dutch governments are both paying for XP extended support as well.

These companies and governments have had years to consider how to plan for the death of XP and now they have to pay the piper. Extended support is not offered to smaller businesses and for those whose personal machines are affected, only for large businesses that strike a custom support agreement (CSA).

As an individual or small company, you are not going to be able to get extended support from Microsoft. You probably do not want it anyway. Your best bet? Buy some new computers.

If new hardware is not an immediate option, here are five things you need to know about the end of Windows XP, plus one option to consider.

What End Of Support Means

Microsoft has moved on to Windows 8 as the core of its OS business, so it will no longer provide software updates to XP machines from Windows Update. Technical assistance will no longer be provided by Microsoft, and Microsoft Security Essentials downloads are not available. Anyone who has Microsoft Security Essentials already installed will continue to get anti-malware signature updates for a limited time. 

"Microsoft will continue to provide anti-malware signatures and updates to the engine used within our anti-malware products through July 14, 2015," a Microsoft spokesperson said in an email.

The signatures are a set of characteristics used to identify malware. The engine leverages these signatures to decide if a file is malicious or not. The Malicious Software Removal Tool (MSRT) will also continue to be updated and deployed via Windows Update through July 14, 2015. Windows XP will not be supported on Forefront Client Security, Forefront Endpoint Protection, Microsoft Security Essentials, Windows Intune, or System Center after April 8, 2014, though anti-malware signature updates can still be delivered by these products through July 14, 2015.

Along with security, Windows Update also provided XP users software updates, such as new drivers. That will not happen anymore, so hardware may become less reliable over time.

Watch Out for Heartbleed

The dangerous Heartbleed bug does not effect Windows machines (as far as is known at this point), but it does attack websites that XP machines connect to. No security patches for Windows XP means the Heartbleed vulnerability creates another layer of danger. Websites that have not updated their OpenSSL certificates could be targets of Heartbleed and it is possible that information from an unprotected laptop could be exposed.

3rd Party Security Software That Supports Windows XP

A bit of good news is that Windows XP users are not completely helpless, because Microsoft will allow downloads of existing patches it has already released. Microsoft's Windows Update will still be the home for existing patches. Anti-virus software is readily available off the shelf and it's a good idea to grab one of those as well.

Avira and AVG are two capable and free tools that could help. Avast 2014 Free Anti-Virus is another free tool that gets good reviews, as is Kaspersky Internet Security 2014. In many cases the paid software will be more feature-rich than its free brethren. Keep in mind most of these tools themselves will quit supporting Windows XP by this time next year, so these are really only temporary fixes.

What About Embedded Systems? 

Windows Embedded devices, like scanners, ATMs and other commercial products, also run a version of Windows XP, but they have a different support cycle than the desktop version. Official Microsoft support for these products continues in many cases, for some up until April 9, 2019, according to Microsoft. Windows XP Professional for Embedded Systems is the same as Windows XP, and support for it is finished just like for most people on XP. Windows XP Embedded Service Pack 3 (SP3) and Windows Embedded for Point of Service SP3 will see extended support until Jan. 12, 2016.

Windows Embedded Standard 2009 will be supported until Jan. 8, 2019, and Windows Embedded POSReady 2009 will live on until April 9, 2019. These were released in 2008 and 2009, and that explains why they are seeing much longer support. Note to Windows Embedded product suppliers: don't let these end dates sneak up on you like it seems to have for so many Windows XP desktop users. Plan ahead and prosper.

Update To A New Windows Version

If you opt to update old hardware (as opposed to just buying a new computer), the process is a bit more involved because it entails manually updating all of the operating system for every computer in the company. Nor is it free. It’s not free, but Microsoft does offer a tutorial on upgrading Windows XP to Windows 8.1, the most up to date Windows version. Windows 8.1 has hardware requirements (generally, 1 GB of RAM and at least 16 GB of storage as the lowest compatible devices) so some older machines simply won’t be able to run Win 8.1. 

Any time you update an operating system, it is a good idea to back up all your data and files. Windows XP offers and emergency backup function, but it is best to just save everything to an external system or the cloud ahead of time. The emergency backup functions is the Windows.old folder and it saves some files for 28 days, so those who didn’t back up or save their data can retrieve it.

Switch To Linux

Anyone ready to ditch Windows altogether who doesn’t want to spend the money on a Mac can also opt for the open source Linux operating system. It’s free, but does require more technical know how with a steeper learning curve. All personal data and files will have to be saved or backed up or they will be erased upon switching. Part of the fun with Linux is there are 58 separate varieties, known as distributions, on the website. 

That means there are lots of choices of different looks and feels of operating systems. Some popular versions are Debian, Ubuntu and Fedora. Look for distributions with good documentation and be sure to check the hardware requirements for compatibility.  

Image of Microsoft chief operating officer Kevin Turner by Owen Thomas for ReadWrite.

The Future of Social Media Is Mobile Tribes

Fri, 04/18/2014 - 14:07



Guest author Matthew Brian Beck is a journalist and advertising strategist based in New York City.

The next big thing is getting smaller and smaller.

Historically, our social media experience has been chained to the first-screen browser and the one News Feed to rule them all. We've been saturated with bloated content from overpopulated streams. We've been bombarded with updates and notifications from friends and family we love, pages we Like, accounts we follow, colleagues we connect with, and acquaintances that can't even remember where we knew them from—we just couldn't keep up. We felt an impulsive urge to clean house, to make our feeds less cluttered and more manageable.

But as our daily Internet consumption moves away from the desktop (and even the laptop), the landscape of social media is seeing a dramatic shift in native platforms and user behaviors. Smartphone hardware has matured. Wireless data networks have advanced. Mobile-first design has gone mainstream. But content oversaturation and deterioration of meaningful interactions is still a concern. That problematic intersection has birthed a new zeitgeist: Mobile tribes.

We crave interpersonal interaction, the basic human need to connect and communicate with each other. The basal layer of social media has remained unchanged, but the chief characteristic of tribes is the tendency to categorize membership in distinct groups, movements, cultures and ideologies—to band together in subpopulations of shared interests, tastes, demographics and marketplaces. Yet, within tribes is the free will to exercise personal choice over who we connect and communicate with. That's where mobile comes in.

The Age Of The Mega Platform Is Over

In the post-PC era, we're increasingly finding content and connections exclusively on our phones.

The first generation of social media touted "networking", but the next generation, raised in always-on connectivity, will embrace ephemerality and digital tribalism. Those users will abandon the major social networks and migrate to more granular mobile villages with simpler ecosystems. They will follow a small circle of close friends on Instagram, pin with a small handful of followers on Pinterest, message with a girlfriend or schoolmate on WhatsApp or Snapchat, or follow a co-worker's check-ins on Foursquare. Or, they will build the next platforms and apps that don't exist yet.

Every platform will be socialized, but every user base will be judged on quality of life, not sheer numbers. Big data will not matter as much as small relationships. Media and content will become less fragmented and centralized, more native and branded to the single-channel niche apps they appear in and the mobile tribes they appeal to.

Even Facebook, the big-box chain of social networking, realizes its problem of content oversaturation and the trend towards granularity and mobile tribes. The company has doubled down on developing its mobile suite (where most of the company’s active power users live, and where the ad dollars are most brisk) and "unbundling the big blue app," according to CEO Mark Zuckerberg.

"I think on mobile, people want different things," Zuckerberg told The New York Times. "Ease of access is so important. So is having the ability to control which things you can get notifications for. And the real estate is so small. In mobile, there's a big premium on creating single-purpose first-class experiences."

Brands, companies and startups that build social products, services and devices must build for app-only tribes in the future. They must think like the end user, one that has always grown up with a smartphone and a few favorite apps. These new platforms will be connected for (and by) app-only mobile natives—carefully curated and tightly managed for the community, but also streamlined for productivity and responsiveness. They must know and respect the user, and his or her mobile tribe.

Because on the Internet, there's just too much stuff to see, people to meet, food to Instagram, and not nearly enough time for it all.

How Technology Is Making It Great To Be A Music Fan

Fri, 04/18/2014 - 13:04



I’m a music junkie. Like many of you, my life is often accompanied by a soundtrack. I’ve got playlists for working out, and just plain working. Music for when I’m feeling on top of the world, and music for when I'm down in the gutter. Songs that make me think, and songs that bring back memories. Music is important to me—and probably to you as well.

But despite the importance of music, technology is really what allows it to be such a huge part of our lives. So how is tech going to shape the future for music fans like me and you? I needed to find out.

I connected with the band Switchfoot—known for the songs "Meant To Live" and "Dare You To Move"—to see if and how they are embracing technology to make their music more enjoyable to fans. What I found is that they're using tech to give their fans more: More access, more content and more control.

This isn’t a story about artists making more money. It’s a glimpse into what the future has in store for people who love music. People like you and me.

Why Switchfoot?

There’s no scientific reason for the choice. I wanted to pick an artist, so I picked one I was a fan of. As it turned out, the way these guys use technology to connect with their followers probably represents a decent cross-section of how artists in general are using tech to engage with fans. Switchfoot has a wide range of experiences that makes it a worthy envoy: The band has been independent, it's been signed to a major label and it's won a Grammy.

Within minutes of our first conversation, I could tell this band was using technology in innovative ways—especially to create closer connections with fans. According to Switchfoot’s bass player Tim Foreman (who majored in computer science and handled the band’s early Web development) the band’s music—and it’s use of technology—is all about connectivity.

“We’re part of this greater creative community that includes our fans," Foreman said. "We want to make them co-conspirators with us. They’re just as much a part of this as we are. For us as a band, it’s all about the conversation, and to that end we’re always looking to eliminate barriers between us and the people that listen to our music.”

Building Bridges

RebelMouse is a tool Switchfoot uses to simultaneously break down barriers and fuel the conversation. Implemented on one of the band’s websites,, RebelMouse pulls together tweets, Instagram photos and videos into a single unified hub. As social as social media is, not every fan has an account on every platform. With RebelMouse, fans on one network but not another—Twitter, but not Instagram, or vise-versa—suddenly have access to a treasure trove of content.

As empowering as the band’s social media strategy is, Switchfoot has gone even further to include fans in its journey—literally. Switchfoot has used services like WeDemand! to give fans a chance to help shape the touring schedule.

WeDemand! works by allowing fans to raise social support for bringing their favorite artists to areas that may normally be overlooked. Aside from demanding a show, fans can also leave comments for the band on the site. A glance at the band’s WeDemand! page shows a large group of commenters requesting a show in Omaha.

See also: Can Technology Predict The Grammys?

Band-to-fan communication is commonplace in the music industry, but fan-to-band communication is finally becoming more common. Switchfoot has also tried to encourage and enable fan-to-fan communication as well: When group messaging service GroupMe was brand new, the band encouraged fans that purchased tickets to download the app in order to communicate with each other while attending concerts and festivals.

A messaging app may not sound like the type of tech a band would be on the lookout for—and in truth, it isn’t always a natural fit—but Switchfoot is always looking for benefits that aren’t necessarily obvious.

“One of the interesting things I’ve discovered is that many times the primary use of technologies or services is not actually the primary benefit for us," Foreman said. "For instance, we’ve used LivingSocial to promote some of our album and tour stuff. Most people are just focused on the sales numbers, but for us, that’s not really the main equation there. What’s often overlooked is the fact that they have this huge mailing list. So whether you sell 100 or 10,000 tickets, you’re reaching millions of eyeballs. I think a lot of technology and services out there have a second layer that is beneficial but often overlooked.”

Some services do offer obvious benefits, and the band has those covered, too. Will Call is an app that offers fans a better concert experience by helping them coordinate with other friends at the show, buy merch from their phones without having to face frenzied crowds, and even discover more concerts to attend. Switchfoot has been an early adopter of the Will Call service, which is currently only available in San Francisco, New York and Los Angeles.

An Organized Strategy

Switchfoot doesn’t just stumble across new technology and decide to use it willy-nilly. Bruce Flohr, the band’s manager and an executive at Red Light Management, is dedicated to finding new tech that fits with the band’s desires to connect with fans.

So what’s his strategy? Flohr says he’s not just looking for the next Snapchat or Twitter.

“We’re trying to find things that make sense for our fans," he said. "We look at things that fit into our fan’s lifestyle and try to work with technologies in that space.”

Flohr said it all comes down to one simple test: “The first question I ask is, ‘Would I use this?’ Because if it’s too complicated, then it’s very hard to get the early adopters on board.”

One piece of technology that passed Bruce’s test was Square, the payment platform led by Twitter co-founder Jack Dorsey. At Switchfoot’s latest BroAm charity surf event in San Diego, volunteers were sent out with Square-equipped iPads to collect donations from the crowd of 11,000 people.

Though Square made it easy to collect donations for the band, the iPad has become instrumental for Switchfoot in other ways, including the way the band records.

“The iPad has become this incredible multi-instrument that let’s you do things that aren’t possible any other way,” Foreman said. “It’s exciting. Just the tactile nature of the iPad allows you to play certain instruments that don’t exist. You can sample things and manipulate them in ways you couldn’t otherwise and we did a lot of that on the new record.”

Foreman said many musicians tend to favor old gear like amps and guitars, but the bassist insisted Switchfoot enjoys exploring new tech.

“I think it’s exciting to kind of let go of that for a second and be freed of those constraints and look at everything as an instrument and a possibility,” Foreman said.

The Internet Isn't Always Friendly

There have been times when technology has gotten in the way of the band’s connectivity to its fans.

About 10 years ago when the band was signed with Columbia Records, the label was experimenting with copy protection. One of the band’s albums—Nothing Is Sound, which debuted at No. 3 on the Billboard 200 albums chart—was included in the experiment… without the guys' prior knowledge. Foreman explains:

See also: 10 Music Services You May Not Know About—But Should

“We got our copy of the album a couple of days before it was released to the public and saw this big disclaimer on the back and found out that it had this protection that didn’t allow you to put it on your iPod (which at the time was already a huge deal). And we were just so offended that they would put out this message that basically tells our fans that we don’t trust them. We felt it was the most disingenuous thing that could possibly be put on our album.”

At that point, Foreman's background in computer science kicked in and he posted a hack on the band’s message boards to let fans circumvent the copy protection to “use the music they purchased and owned how they wanted.” According to Wikipedia, the workaround was quickly deleted by Sony.

Giving Fans What They Want

By now you’ve probably picked up on an emerging theme. We’ve already seen how the band has used services like RebelMouse to surface and amplify fan-generated content, but technology is also allowing the band to produce more content themselves.

In the future, harnessing, organizing and interpreting community information will help the band determine what kind of content to produce.

See also: How To Stream Music With Google Chromecast

“Data can help the band give the consumer what they want," Flohr said. "More and more we’re finding they might not want an entire album’s worth of material once every two years. They may want more material sooner and better experiences on the live side.”

Did you glaze over that last statement or did it sink all the way in? Because it’s important.

You, me, us, as music fans—we may be literally shaping what our favorite artists will produce in the future. We, the consumers, are really the ones being empowered, thanks to all of this technology.

The future of being a music fan is sounding pretty good right now, but it’s also looking better visually thanks to the welcome onslaught of quality video content heading our way. It’s only natural: As the makers of our devices and the networks that connect them build their pipes to be larger and more connected, there will only be more demand for water ("content").

Water, Water, Everywhere

There are plenty of ways fans can get extra content these days, especially with all the "behind-the-scenes" goodies out there.

Flohr told me how music fans can use services like SoundHound to ID songs and unlock second-screen experiences with exclusive video content from the band. There's GoPro footage taken on-stage, brief five-minute video podcasts with tour updates, and even webcam setups in recording studios—Switchfoot has kept busy producing this video content, and last year, it even made a feature-length film to accompany the band's latest album. The two projects share the same name: Fading West.

The Fading West movie is a chance for fans to further immerse in the band’s story. “The smart artists realize that they are storytellers and Switchfoot is a perfect example of that,” Flohr said. “Fading West is not a music documentary, it’s not a concert film. It’s a story of the band’s passion of both music and surfing and how they’ve been able to incorporate both into their lives and how both have influenced their career.”

The film adds new depth to the group’s music and history, but after I watched it, I also felt like I’d gotten to know new friends. The film made me laugh, it made me sad, and it showed me things I didn’t expect to see. In short, it was great content. Content that my device—and inner fan—both craved. Content I’d like more of. (Fortunately for me, the YouTube lifestyle network focused on extreme sports called "Network A" partnered with Switchfoot to release some exclusive behind-the-scenes footage.)

Switchfoot's movie—and the pipes that allow it to be delivered to new and existing fans around the world—have gone a long way toward helping the band’s fans feel more connected to the group.

“I feel like the sense of community at our shows has never been greater because of the film,” Foreman said. “I feel like we were really vulnerable and honest in it and showed a different side of ourselves that people hadn’t seen. And I think letting people in on that just kind of furthers that sense of community. It adds to the intrigue and brings people along with us.”

The Great Frontier

I was a bit surprised to discover Switchfoot isn’t just using technology; the band is helping drive its development, too. While the band hasn’t built any tech tools from scratch yet and probably won’t fund any new products angel investor-style, Flohr said he “could see the band developing new technology in partnership with a tech company where they help as early adopters and by doing R&D... And it would not surprise me if what they helped develop was not necessarily IP but maybe hardware.”

There’s a good chance your favorite artists will use some of these same tools and community-building techniques to engage fans as well, if they aren’t already.

“It’s like anything,” Flohr said. “Good ideas get repeated over and over again. Even though you might be first to market with technology, if it works you open the floodgates.”

So what kind of technology is the band looking into adopting next?

“We’re looking into [Bitcoin]," Foreman said. "I like the idea of straight peer-to-peer interaction. I think that’s something we’ve tried to do whether it’s online or offline—you know, like hanging out with kids after the show. It’s kind of the same concept of trying to eliminate barriers.”

Music will always be about bringing people together, but it's clear that technology’s role will only help to amplify these community conversations to drive more—and better—content. And that's something anyone can nod their head to.

Images courtesy of Shutterstock; Switchfoot images by Chris Burkhard

Read All About It (On Your Wrist)

Fri, 04/18/2014 - 12:01



Every time ReadWrite publishes a story, I get a jolt. Literally. And I don’t mind, because that good vibration may point us toward the news industry’s wearable future.

Even when I’m away at a conference or traveling on business, I want to stay on top of ReadWrite’s newsroom. So when I joined the publication a year ago, I signed up to get a text message when we tweeted a story. Soon afterwards, I turned off my phone’s vibrate feature: There were just too many notifications for me to get shaken up every time one came in.

See also: Pebble's Eric Migicovsky On How To Build A Smartwatch People Want

Yet when I began testing a Pebble smartwatch recently, I started getting those vibrations again. The Pebble’s best feature is how it carries notifications automatically from your phone to a screen on your wrist. I found I didn’t mind the gentle buzz it gave me for every tweeted headline.

Awash In News

Already, we live in a sea of headlines. Twitter has defined this mode of information sharing. We have all become bureaus of the world’s largest wire service, passing on 140-character bites of news to our subscribers. 

If you haven’t tried out a smartwatch like the Pebble, you do have a device that can give you a glimpse of what it’s like. Take out your smartphone, and look at your lock screen. Now imagine the stream of updates you see condensed down to a screen that fits on your wrist. That will be the primary experience of using a smartwatch: Consuming bite-sized, timely bits of information, all day long.

The publishers who are using push notifications today are most prepared for the wearable world. Like Twitter messages, notifications have size limits. Android is more generous than iOS, but whatever the platform, we need to get ready for a world of constraint

Brevity is the soul of wit, and self-indulgent headline writers will seem witless on wearables. 100 characters or less will be the rule of thumb for headlines readers will thumb through.

Wearables will come in all shapes and sizes—but as a medium for news, short will rule.

The Rules Of The Wrist

One startup that seems wrist-ready is Circa News, which strings news stories together as a series of facts, only updating them as events warrant. I’ve admired its timely, well-written notifications, which keep me updated on fast-moving stories like the situation in Ukraine. It’s always kept those alerts, which it calls “pushes,” under 120 characters.

Circa employs its own editorial staff, rather than reformatting stories from other publications originally written for print or the desktop Web. It also has its own content-management system, which allows it to adapt quickly to new media. Already, Circa is preparing to launch on four different wearable platforms, a company representative tells me.

Meanwhile, Pebble has a number of apps in its online store targeted at news consumption, from feed readers to watchfaces that display breaking-news alerts. One app lets people read top stories from Hacker News, the developer-friendly discussion site, right on their wrists. One intriguing concept Pebble and other smartwatch makers could pursue is a “read it later” feature on headlines broadcast on the watch—tap one button, and the story’s saved for leisurely reading on your tablet or desktop.

Twitter May Be Flying In The Wrong Direction

Most publishers won’t be able to adopt Circa’s model of a content-management system and an editorial staff tuned for wearable devices. For them, doubling down on Twitter may be their best strategy. Twitter’s character constraint makes it ideal for wearable devices—as long as the company doesn’t break the purity of its product by trying to turn itself into Facebook and saturating its stream with photos and videos that won’t play on your wrist.

Some will gripe that the pithiness of wearable media will cheapen our culture. I don’t think that has to happen. Instead, by pulling news alerts and other short snippets of information out of our pocket and onto our wrist, wearable platforms for news may turn our larger screens into more contemplative environments. If we’re not endlessly scrolling through TweetDeck on our desktop, we’ll have more time to read the stories behind the headlines we glanced at earlier in the day. In the end, tiny screens on our wrists, tied to the cloud, means more time and space for learning about the world around us—and that’s good for everyone.

Lead image via "Knight Rider"; photo of smartwatches by Kara Brodgesell

Why Does Facebook Want You To Broadcast Your Location To Your Friends?

Thu, 04/17/2014 - 22:35



Facebook is trying to get you to share even more information, this time by beaming your location to your friends all the time.

The optional feature, called Nearby Friends, is built to help you find people around you. You can tailor the options to prevent specific friends from seeing your location. Nearby Friends alerts you to when friends are in your area, and allows you to share your precise location with them for a set period of time. On the upside, it might inspire some friends to meet up in the real world. 

The success (or lack thereof) of place-based social apps like Highlight show us that most people are perfectly happy keeping their location to themselves, unless they want to explicitly share it with friends. Running into someone on the street is just not the same when you know they’ve been following your location online in the hopes of a “surprise” connection.

A Nosey Friend Who’s Trying Too Hard

Facebook, like an overbearing acquaintance who keeps asking about your weekend plans, has made a habit of asking its users for their location—and doesn't seem to get the message when it’s snubbed.

In 2011, Facebook rolled out a Foursquare-like check-in feature called Facebook Places in its mobile app. Most users ignored it, and Facebook eventually killed it, opting instead to let users include location in photos and status updates.

A year later, the company attempted a similar feature that let anyone see your location, including complete strangers. Facebook quickly pulled the short-lived “Find Friends Nearby,” after many people raised privacy concerns.

The company is ready to try again, and this time is quick to point out the feature is optional and only shows your location to people you want to see it. 

But the question remains: Do we really want our Facebook friends to know where we are at all times? 

There are already numerous services that let people share their exact location with friends, and in more intimate settings. Apps like WhatsApp, GroupMe, and Path let you share your location on a map with individuals or small, defined groups. Foursquare check-ins can be broadcast to both Twitter and Facebook, or shared to the smaller set of friends you have on that service.

With all these services, users are actively sharing their location, with a fairly strong idea of who will receive the information and when they'll see it. But with Facebook’s new feature, users will be passively sharing their whereabouts, not knowing who is looking for them, or when they’ll be found. 

Our Facebook accounts are no longer just for friends—the average user has 338 “friends,” many of whom they’d rather not accidentally run into at the grocery store. Sure, you can create specific lists with whom you share your location, but it’s likely those same people would be the ones you want to spend time with, and are likely in contact with on other apps, or even—gasp—in real life.

A Battery Of Complaints

There’s one more downside that Facebook is likely loathe for users to think about.

The new feature will require users to turn on location services for the Facebook app, if they haven’t already done so. That will likely cause a huge drain on battery life. One former Apple Store Genius Bar employee recommends disabling Facebook location services as the best way to save your iPhone’s battery.

Until Facebook delivers proper value to its users in exchange for learning their location—information that’s obviously valuable to advertisers—it’s not clear why anyone should make this tradeoff.

There’s an obvious better way for Facebook to encourage users to share their location in a way that’s useful to them: Facebook Messenger. The current system has a very crude way to share one’s location, by clicking an arrow. All that does is inform the other user of your current city, which is useless if you’re trying to get together with a friend. Adding a way to share one’s specific location, down to a specific business, office, or other venue, with a specific group of people is an obvious move, and would keep Facebook Messenger competitive with other messaging apps. It would also put users in full control, since they would select exactly who to share location with and when.

One reason why Facebook might not be doing this is that its directory of places is not yet fast, accurate, or complete enough to be useful. WhatsApp, which Facebook recently purchased for $19 billion, uses Foursquare's database, not Facebook’s, and Instagram, the Facebook-owned photo-sharing service, is testing a switch from Foursquare to Facebook with apparently poor results.

Rather than alerting people to nearby friends and hoping for the best, Facebook ought to fix its own places directory and let users share their location in a way they’ve shown they want to. It seems so obvious—but for the world's largest social network, maybe locating a clue is harder than we think.

Update: A previous version of this article incorrectly stated Nearby Friends displays your precise location at all times. You don't see the exact location on a map unless your friend has chosen to share their location with you, you just see if they are nearby.

Images courtesy of Facebook

Taking My Diet To The Next Level

Thu, 04/17/2014 - 19:29



ReadWriteBody is an ongoing series where ReadWrite covers networked fitness and the quantified self.

Quantifying your activity and nutrition, as I’ve done for years, can only take you so far. Sometimes gathering the numbers just tells you the same bad news you can see in the mirror. Here it is: After dropping 12 pounds last year, I’ve been stuck around 195 pounds for months.

I'm still very active, going on runs with my dog around Telegraph Hill, spiking my heart rate with gym workouts, and trying different training techniques while I continue to test new fitness gadgets and apps. It's pretty clear what I need to tackle next: what I eat.

And I have a short-term motivator: I've signed up to take my colleagues through a boot-camp exercise program in a month. My co-instructor is a former MMA pro. I’m feeling the heat.

Beyond Food Logging

As much as I love MyFitnessPal, an app in which I log everything I eat, it doesn't feel like a good meal-planning tool. I use it for accountability, recording what I eat as I go. Rigorously admitting my food slip-ups keeps me aware of my food habits and where I can improve them. I don't want to tinker with that part of my routine.

What I need is an app that plans my meals, generates a shopping list, and helps keep me on track.

Ideally, it would look ahead at my calendar. For example, this week, I packed five days’ worth of morning meals, forgetting that I had two breakfast meetings planned. Push notifications to remind me to eat at the right time would help—especially since the timing of meals may be a factor in weight loss.

And there's always the unexpected, like the leftover Chinese food I'm having for lunch today. An ideal meal-planning app would adjust on the fly for the occasional overindulgence.

The Ultimate Food App Hasn’t Been Invented Yet

The last thing I want is connectedness: I want an app that automatically populates MyFitnessPal with my planned meals as I eat them, that consults RunKeeper or MapMyFitness to get an eye on my calories burned through exercise, that picks up my sleep habits from my activity tracker, that pulls menus from restaurants when I schedule a meeting, and that outputs a shopping list I can import into grocery-delivery services like AmazonFresh, Postmates, or Instacart.

From what I've seen, there are plenty of meal planners that focus on organizing recipes. What they lack is contextual awareness of the vast amounts of data I throw off in my quantified life. Somewhere out there, someone must be building the perfect next-generation food-planning app, one that factors in my schedule, exercise, sleep, and other measurable habits. If you are, let me know.

In the meantime, I’ve got some old-fashioned work to do, with a familiar set of tools to rely on. I’ll let you know how it goes.

Dropbox Buys Loom For Photo Sharing, HackPad For Collaboration

Thu, 04/17/2014 - 18:44



Dropbox is having a busy Thursday.

The file sharing giant has acquired Loom, a photo sharing app that offered mobile users up to five gigabytes of free storage. Loom announced the deal on its company blog.

Dropbox recently announced an update to its photo sharing capabilities with its Carousel feature, and the Loom team will likely join Carousel as the home for syncing and sharing the ever increasing amounts of photos people take on their devices.

Unfortunately, the acquisition means Loom will be shutting down its own service within a month. Loom is not allowing any new signups, and the company informed customers that the service will officially shut down on May 16. Current customers can choose to export their photos to Dropbox, where they'll automatically receive the same amount of cloud storage they had with Loom, or they can opt for a .zip file that contains every image they've ever uploaded to Loom's servers.

Also joining Dropbox—by way of acquisition—is a company called HackPad, a wiki-style collaboration and note-taking tool that could also boost Dropbox's own recently launched internal collaboration tools.

Unlike the Loom acquisition, Hackpad will continue to remain open to existing and new customers, and the company said it will be working with Dropbox to "bring new offerings to the market."

Image of Gentry Underwood of Dropbox by Adrianna Lee for ReadWrite

Suddenly, Mobile App Install Ads Are Popping Up Everywhere

Thu, 04/17/2014 - 18:28



Developers love them, advertisers love them, and companies are raking in cash—all thanks to the little buttons in mobile advertisements that urge you to download an app.

See also: How Post-IPO Twitter Could Make Billions Without Alienating Users

Twitter is the latest company to introduce these new mobile advertisements. Today the company announced that developers and advertisers can urge mobile Twitter users to download applications through these so-called app install ads, and reach up to one billion mobile devices through the MoPub Marketplace, the advertising startup the company acquired last year

At first glance, this may look like Twitter’s latest copycat move on Facebook. But that doesn’t give app install ads enough credit. 

Mobile Is Eating The World

More than 85 percent of the time we spend on our mobile devices, we’re using one app or another. But finding good apps is still a problem for the majority of smartphone users, in part because app store search leaves something to be desired. So how do developers get people to notice their apps? Serve them up where people are spending all their time—in other apps. 

Facebook launched its own mobile app install ads in October 2012, and the product has been huge both for marketers and Facebook’s bottom line. Last year, the number of installs driven by Facebook’s ad program ballooned to 245 million, and accounted for hundreds of millions in revenue for the company, according to BuzzFeed.

Though Facebook remains mum on the exactly how lucrative the ad program is, CEO Mark Zuckerberg admits it’s been quite successful. “We’re finding that people also really want to buy a lot of app install ads, and that’s grown incredibly quickly and is one of the best parts of the ad work that we did over the last year,” he told the New York Times in January.

Yahoo is experimenting with similar ad products, too. In March, the company confirmed it was testing ads that sell users on apps in hopes of appealing to more developers and brands. So far the company hasn’t fully rolled out the ad program, but it’s likely we’ll see it in the coming months.

Some people might argue they have all the apps they need, but app install ads could drive even bigger traffic in markets that are just now buying smartphones—developing markets that tech giants are especially interested in. As more people get their hands on cheap smartphones, specifically in emerging economies, the business of pushing apps into consumer hands is only going to grow in importance.

Twitter is rolling out the new ad product today, and marketers can set up app install ad campaigns that target both mobile Twitter users and thousands of apps in the MoPub Marketplace on

Image courtesy of Twitter

How To Ensure Your Homebrew OpenVPN Server Isn't Vulnerable To Heartbleed

Thu, 04/17/2014 - 18:22



The Heartbleed bug has made April into a difficult month for Internet users, as we scramble to change our passwords and protect ourselves from the most pervasive security threat in ages. 

But if you've set up your own virtual private network (VPN), which gives you a secure channel back to your home network even on insecure public networks, you don’t have to worry, right? Unfortunately, that’s not necessarily true. 

See also: Building A Raspberry Pi VPN Part One: How And Why To Build A Server 

OpenVPN is an open source service that makes up the backbone of many independent VPN servers, including the one I built for a ReadWrite tutorial. Since OpenVPN uses OpenSSL as its default cryptography library, it can be vulnerable to the Heartbleed bug. That means a dedicated hacker could conceivably steal the master key that encrypts all connections to a particular OpenVPN server, essentially shredding its security (although doing so doesn't sound particularly easy).

Users that followed our ReadWrite tutorial probably aren't vulnerable to Heartbleed, and in fact, may be safer than the average user. That's because:

  • We published our tutorial after the discovery of Heartbleed, so anyone who followed it should have installed the Heartbleed-patched version of OpenVPN.
  • We used a TLS-auth key, considered by some VPN builders to be an unnecessary security step. Generated in step eight of the tutorial, the pre-shared hash-based message authentication code (HMAC) key doesn’t just ward off DOS attacks, but also any bad actor who doesn’t know your private key. Even the OpenVPN wiki page on Heartbleed says the a TLS-auth key can make you less vulnerable.

Still, there are many reasons it’s a good idea to check your VPN for Heartbleed vulnerability, just in case. Fortunately, one programmer, Stefan Agner, has already developed an open source program that tests OpenVPN for you. You can access Agner's code on GitHub.  

Here’s how to download his program and test your OpenVPN-powered VPN for the bug: 

1) First, you need to access wherever your VPN lives, whether that's on your computer, a server, or a Raspberry Pi like in the tutorial. So in my case, I used SSH to access the Raspberry Pi where my VPN was built. 

See also: 5 Pointers To Supercharge Your Raspberry Pi Projects

2) Once you’re in, the first thing you need to do is make sure you’re using the right version of Python. This script requires Python 2. So type:

python -V

If it results in a version that starts with a 2, you are set. If not, you’ll need to install the latest version of Python 2 with:

sudo apt-get install python 2.7.3

3) Now you need to clone the Heartbleed test GitHub repository. Obviously, you need git installed. You can type “which git” to check if you have git already installed, and if so, which version. If it isn't already installed, you can type:

sudo apt-get install git

As long as it's the device on which your VPN is installed, any directory will do for this clone—I just used the default folder on Raspberry Pi. When you've picked one, type in the command:

git clone

4) Now it’s time to finally input the test command. Go into the folder you just installed:

cd heartbleed_test_openvpn

Then, run the command, calling your internal IP address—the same one you used to connect to on SSH. For me, that was, as shown in the example. Yours is probably different. 


5) If your VPN is not vulnerable and you have a TLS-auth key, nothing will show up at all. The program is attempting to take advantage of Heartbleed and if it can't, the program won't work. It's the one time you want your program to fail. 

If your VPN is vulnerable, a fake Heartbleed attack will pop up. If it turns out your VPN is vulnerable, the only thing to do is to install the latest version of OpenSSL (Or OpenVPN, if that’s the backbone you’re using). 

Let us know if this works for you, and we'll do our best to lurk in the comments section to see if we can help troubleshoot. Best of luck.

Real-Time Data Streaming Gets Standardized

Thu, 04/17/2014 - 17:51



One of the advantages of open source is that it can accelerate standards adoption on a level playing field. If there is a big enough problem to solve, smart people can attract the best minds to work together, investigate and share the solution.

That said, standards bodies often become little more than a parlor game for incumbent vendors seeking to position the standard to their market advantage.

In other words, there's lots of talk, but not much code.

In such a scenario, it's easy to end up with implementations of a standard that each works differently due to unclear or ambiguous specifications. I recently sat down with Viktor Klang, Chief Architect at Typesafe, one of the lead organizers of, an open source attempt to standardize asynchronous stream-based processing on the Java Virtual Machine (JVM). 

Klang and his group—along with developers from Twitter, Oracle, Pivotal, Red Hat, Applied Duality, Typesafe, Netflix, the team and Doug Lea—saw the future of computing was increasingly about stream-based processing for real-time, data-intensive applications, like those that stream video, handle transactions for millions of concurrent users, and a range of other scenarios with large-scale usage and low latency requirements.

The problem? Lack of backpressure for streaming data means if there's a step that's producing faster than the next step can consume, eventually the entire system will crash.

ReadWrite: What is driving this shift in computing to reactive streams today?

Viktor Klang: It’s not a new thing. Rather, it's more like it was becoming a critical mass as more people started using Hadoop and other batch-based frameworks. They needed real-time online streaming. Once you need that, then you don’t know up front how big your input is because it’s continuous. With batch, you know up front how big your batch is.

Once you have potentially infinite streams of data flowing through your systems, then you need a means to control the rate at which you consume that data. You need to have this back pressure in your system to make sure the producer of data doesn’t overwhelm the consumer of data. It’s a problem that becomes visible once you start going to real-time streaming from batch-based.

Users have been asking for more “reactive” streams for a long time, for building their own network protocols or for their specific application needs. Any time you need to talk to a network device, you want to use this abstraction. Anything that has an IP address.

With, we’re trying to address a fundamental issue in a compatible way to hook all these different things together to work while being inclusive. Long-term, the plan for this is to build an ecosystem to build implementations that can be connected to other implementations and then have developers building more things on top of it. For example, connect Twitter’s streaming libraries with RxJava streaming libraries, and pipe into Reactor, Akka Streams, or other implementations on the JVM.

RWWho are key members today?

VK: Certainly Typesafe jumped in early, since we have an open-source software platform that deals with a lot of what the industry calls "reactive application challenges." We were thrilled to have Twitter join, the Reactor guys from Pivotal, and Erik Meijer from Applied Duality, as well as Ben Christensen and George Campbell who work at Netflix. Red Hat’s in there with Oracle, and we also have some critical individuals like Doug Lea, inventor of “java util concurrent,” driving all concurrency stuff in the JVM. One of the goals of the project is to create a JSR for a future Java version.

Everyone pulls their weight. It’s just really hard to get engineering time from people at this level.

RWStandards don’t tend to be very popular with developers. How are you trying to approach this to attract more key people?

VK: You’re right, the average developer is about as interested in standards as cats are in water. Jokes aside, however, we start with open source. I think of this project as a non-standard standards thing. We are inverting the usual process. We have created a spec, a test suite that verifies the spec and we created a description of why the spec is what it is and why it isn’t what it isn’t. We’re really creating solutions, picking them apart, and confirming they do what they say they do and using this process to create the best specification.

RW: It sounds like developers in this case are also addressing an ops or a dev ops problem?

VK: As a developer, you can make life really difficult for your ops guys. This is about getting it right so your ops guys don’t come over and mess you up. Previously they’d have to make sure you don’t feed the system more information than it can process, so you’re not blowing up resources, making sure the processing is always faster than the input. It’s really tricky to do that for variable loads.

RWWhat are some examples that might inspire your core audience of Java developers?

VK: What’s a hard case for an enterprise Java developer? If you have a TCP connection with orders coming in and you need to perform some processing to it before passing it on to another connection, you need to make sure you aren't pulling things off the inbound connection faster than you are able to send to the outbound connection. If you don't, then you'll risk blowing the JVM up with an OutOfMemoryError.

For web developers, it could be streaming some input from a user and storing it on Amazon S3 without overloading the server, and without having to be aware of how many concurrent users you can have. That’s a challenging problem to solve now.

Image courtesy of Shutterstock

The Kill Switch Proposal: Why U.S. Carriers Win Either Way

Thu, 04/17/2014 - 13:43



Cellular carriers in the U.S. want you to think they have your best interests at heart. That, hey, if your smartphone gets lost or stolen, they will have your back. At least that's what those carriers would have you believe with a new smartphone "kill switch" proposal from the CTIA, the largest U.S. trade organization that supports the cellular operators. 

Unfortunately, the CTIA's new proposal looks a lot more like it is covering its bases to avoid state and federal regulation than going out of its way to altruistically help users of lost or stolen smartphones.

The CTIA is putting the onus of anti-theft software on the platform makers and device manufacturers. The biggest carriers—Verizon, AT&T, T-Mobile and Sprint—are able to ride on the technology of others while hiding behind the CTIA for policy protection. In the end, nothing will drastically change for smartphone users in the U.S. The carriers win by protecting the lucrative smartphone insurance business while letting other companies do the heavy lifting.

The Voluntary Agreement

For the specifics, the CTIA announced the “Smartphone Anti-Theft Voluntary Commitment” on Tuesday, which is a new policy that promises consumers that smartphone makers and carriers will protect them if their devices are stolen.

The idea is that smartphones will be sold with pre-installed anti-theft software. Just about every company that matters in the U.S. mobile industry has signed the voluntary agreement, including Apple, Google, Microsoft, Samsung, HTC, Motorola, Huawei, AT&T, T-Mobile, Verizon and Sprint.

The anti-theft software will come at no cost to consumers and comes with four capabilities:

  1. The ability to remotely wipe the primary user’s data on the smartphone when it's lost or stolen.
  2. The ability to render the smartphone inoperable to anyone other than the primary user. This would entail locking the smartphone so it cannot be used without inputting a password or PIN.
  3. The ability to prevent the reactivation of the device without the primary user’s permission. This would include unauthorized factory resets (which is normally easily available to anybody that finds a device and can bypass the locked screen security, if there is any).
  4. Reverse the inoperability and restore the user’s data if they recover the device. 

The voluntary anti-theft agreement goes into effect for all devices manufactured after July 2015.

The Kill Switch

To a certain extent, this voluntary anti-theft agreement is the smartphone kill switch that legislators have been asking for. According to William Duckworth, an associate professor at Creighton University, Americans spend about $580 million a year on replacing lost or stolen devices. Americans also spend nearly $4.8 billion in insurance on their gadgets. The concept of the kill switch is not just a gift from manufacturers and carriers to consumers—it is big business.

According to a survey by Duckworth of 1,200 smartphone users, 99% said that they think their carriers should be able to employ a kill switch on their lost and stolen devices and 83% said it would help deter smartphone theft. Really, why steal a smartphone if you can’t use it, reset it or resell it?

See also: How A Smartphone Kill Switch Could Save Consumers A Ton Of Money

The question facing the voluntary agreement is if it will actually deter people from stealing smartphones. Thieves are, by definition, crafty people. At the very least, they are persistent. Thieves may go on stealing phones anyway because there is no guarantee that a user will even turn on the anti-theft mechanism provided by the new voluntary agreement.

How the anti-theft software will be implemented also remains to be seen. The operating systems all have their own versions of remote wipe plus cloud backup plans, like the ability to “Find My iPhone” and restore the phone's data from iCloud, or from the Android Device Manager from Google.

Will Apple, Google and Microsoft build these anti-theft deterrents as default, no-cost features? Will it come from third-party security vendors like Lookout or Boxtone? How will the pre-installed anti-theft software work with current mobile device management software, like that from Good Technology, BlackBerry or Samsung's Knox security suite?

For the carriers and the CTIA, all they really need to do is is let the manufacturers and platform providers do what they have been doing to protect users, all the while maintaining the status quo. For the carriers, the status quo is highly profitable.

The CTIA's Song And Dance

Industry insiders figured the CTIA would fight against the notion of a kill switch, mostly because it has two board members that are part of the lucrative smartphone insurance trade. Duckworth estimates consumers could save nearly $2 billion by purchasing a less costly insurance policy if a kill-switch policy was implemented. 

What the CTIA is doing here may be a pre-emptive strike. As a trade group, its primary duty is to protect its members and help create policy while avoiding regulation. The CTIA was not necessarily against a kill switch, but it wants the policies set on its own terms and not signed into actual law by either state or federal governments. Government regulation can be costly to companies, especially those in the infrastructure business like the cellular operators.

By coming up with its own voluntary agreement and getting all the major players on board, the CTIA can thwart actual government regulation while still protecting its members. And by getting the smartphone manufacturers and the platform providers (Apple, Google and Microsoft) on board, the CTIA is able to spread the responsibility of the anti-theft mechanism to corporations outside of the carriers, its primary constituents. 

Microsoft's Data Culture: It Just Might Work

Thu, 04/17/2014 - 13:04



No one would accuse me of being a Microsoft shill. Having grown up in Linux, I have a longstanding antipathy to Microsoft's machinations against open source (which have been thawing of late, thankfully). But after more than 10 years of raging against the Redmond machine, I've also developed a profound appreciation for Microsoft's ability to make difficult technologies approachable to average users. 

I'm therefore encouraged by Microsoft's foray into Big Data. Given surveys indicating that enterprises still don't have a clue as to what to do with their data, it's very possible that Microsoft's penchant for end-to-end, easy-to-use solutions could make Big Data consumable by the masses.

Raising A Data Culture In Redmond

Microsoft has a long history of data, providing data management tools to front-office workers (Excel) and back-office database administrators (SQL Server), consumer-facing services like Bing and Hotmail, not to mention its new work with Hortonworks to offer Hadoop. Given this history of data, Microsoft CEO Satya Nadella called out Microsoft's ability to make Big Data accessible:

Developing the ability to convert data into the fuel for ambient intelligence is an ambitious challenge. It requires technology to understand context, derive intent and separate signal from noise. Building out a comprehensive platform that can enable this kind of ambient intelligence is a whole company initiative that we are uniquely qualified to undertake. 

Of course, Microsoft's plans at the present are merely visions. And visions can take a looooong time to realize. Anyone remember when Oracle first announced Fusion? How about when it finally delivered? Still waiting?

To Microsoft's credit, its vision is still very cool, especially given the rampant confusion over Big Data, as Gartner discovered:

Could Microsoft do better than the existing vendor tools or open-source projects? Definitely, maybe.

A DNA Of Ease-Of-Use

Consider what Microsoft did for system administrators—or developers. Microsoft made managing networks or servers much easier by building excellent tools so you didn't have to be a UNIX gearhead to get a good job and be productive. The same is true of Microsoft's effect on enterprise development: The company built developer tools that made it really easy for good developers to be great, and average developers to be good. 

If anyone could make Big Data accessible to rank-and-file employees, Microsoft can.

And that's what Microsoft wants to do. As Microsoft corporate VP Quentin Clark noted, "[Microsoft's] view is that it takes the combined effect of three elements to bring big data to a billion people: robust tools that everyday people can use, easy access to all kinds of data sets, and a complete data platform." Nadella furthers this—he said he looks forward to a time "when every employee can harness the power of data once only reserved for data scientists and tap into the power of natural language, self-service business insights and visualization capabilities that work inside familiar apps such as Office."

Earlier this week, Nadella started to lay out more specifics to his Big Data plan. According to Nadella, the idea is to "take an architectural approach that brings together Excel on one end and SQL Server and Hadoop on the other end." It's still not a very concrete course of action, but it points to a future where Big Data is what everyone uses, not some special thing that an enterprise enlists PhDs to tackle.

From the front-end data analyst to back-end data infrastructure, Microsoft seems to have a holistic view of Big Data—one that seems very promising, given the company's history of making complicated technology accessible to the average system administrator, office worker, or developer.

But will it work? That is, of course, the trillion-dollar question. Microsoft, for all its problems over the years, has the right DNA to answer "yes."

Lead image courtesy of Shutterstock

Google Eyes A Creepier Glass—A Camera-Bearing Contact Lens

Thu, 04/17/2014 - 11:50



Imagine the Google Glass headgear, which currently makes some camera-shy onlookers nervous, shrinking down to near-invisibility—say, into a super-thin transparent layer that sits on the cornea. Google certainly has, as we now know from a recently published patent filing from October 2012.

The notion of smart contact lenses itself isn't particularly new. Earlier this year, in fact, Google introduced the "moonshot" idea of an eye-worn lens embedded with a wireless chip for health monitoring.

But this latest concept could be way smarter than that, as it would—in theory—allow wearers to snap photos with just the blink of an eye.

Here’s Looking At You, Kid See also: Google X Marks The Spot On 'Smart' Contact Lenses

Back in January, Google announced its Google X experimental lab was testing a glucose-reading contact lens for diabetics. The project had nothing to do with Google Glass, the tech giant claimed. And yet, it was hard to ignore that Glass founder Babak Parviz was a co-founder on the contact project.

Parviz is also listed as a co-inventor in the newly disclosed Google patent filing brought to light by Patent Bolt—likely No. 20140098226, titled “Image Capture Component On Active Contact Lens.” He's similarly listed on several other related patents.

The “image capture component” is exactly what it sounds like: a camera. The idea is to embed a minuscule camera right on or in the lens that would be controllable through blinking gestures. According to the filing, it would be “configured to generate raw image data corresponding to a gaze of a wearer of the contact lens...."

In other words, when the user’s gaze shifts, the view of the camera would follow right along without compromising the wearer’s vision. In some cases, it might even take the place of sight. For instance, blind pedestrians using Google's smart lenses could get a warning—like a voice alert from their Android smartphone—when they approach a busy intersection.

The camera would work in concert with a control circuit and a sensor—whether a photodiode, a pressure sensor, a conductivity sensor, a temperature sensor, an electric field sensor or a micromechanical switch. The sensor would determine the eye’s orientation and status, which could be key for other functions.

Taken together with Google’s other related patents, the company seems to be looking at advanced eye-tracking that can trigger functions in, say, an Android phone, Google Glass, smart television, gaming or audio system, or car navigation.

If this invention ever comes to market—and that’s a huge “if”—we might see people turning pages in their ebooks by just blinking, or flipping through their music library by fluttering their eyes.

That all sounds great, but it won’t work without power, and you can’t stick a battery pack on a contact lens. To tackle this, Google figures a separate transceiver could transmit power wirelessly, or the sensors could somehow generate the necessary energy. Of course, anything can sound cool on paper. The big question is whether users would feel comfortable with having a power source or receiver on their eyeballs.

Well, that’s one of the big questions.

Eye Spy

In the past, variations on eye control typically depended on hi-definition cameras pointed at the user. But this approach takes the opposite tack, by building the sensors and cameras into the lenses themselves.

This could allow for an unprecedented level of accuracy. If it works well, and if it ties in with existing and emerging technologies, then it could genuinely change quite a few games—fields from medical to law enforcement and military. The stakes could be high for individuals as well.

The first adopters would probably be tech enthusiasts pining for cutting-edge human-to-computer gesture control—or harboring deep-seated Six Million Dollar Man bionic-eye fantasies. But think of what it could do for people suffering with limited mobility or sight impairments.

A primary issue with this appliance, however, could have to do with those miniature camera components. This is, after all, a world in which Google Glass wearers get targeted for attacks. And the system, as proposed, would be capable of facial recognition. If people are uncomfortable with face-worn cameras pointing at them, how will they feel if teensy, undetectable cameras show up in contact lenses?

It’s very possible they may never have to face that scenario. Tech companies often file one-off patents for all sorts of things that never see the light of day. On the other hand, this is no random occurrence. Google has applied for at least seven related contact lens patents, which may suggest that Parvik and his company are serious about making Google smart contacts a reality. 

Feature image courtesy of Google; patent image via Patent BoltSix Million Dollar Man image screencapped and slightly altered from the DVD release (via YouTube user jamiesurgener)

How Arduino And Raspberry Pi Can Enhance Your Connected Home

Wed, 04/16/2014 - 14:17



ReadWriteHome is an ongoing series exploring the implications of living in connected homes.

The connected home, the ultimate ideal in technology-driven luxury, promises easy living by passing along our drudgery to computers.

But it’s not perfect.

Even if you’re willing to shell out for expensive devices for your house, are you willing to trust them? There’s always the concern that when a middleman is involved, you’re relinquishing at least some control of your own domain.

See also: Hacking The Connected Home: When Your House Watches You

In that case, why not roll your own connected home?

Arduino, a microcontroller board, and Raspberry Pi, a fully functional mini-computer, are both cheap solutions for harnessing the Internet of Things at home. Unlike your regular computer, both devices are very good at reading the world around them. That’s because they both include plenty of inputs and outputs for sensory add-ons to test light, temperature, humidity and more. 

These DIY sensors and components are cheaper and easier to use than ever. With minimal coding knowledge, you can copy and paste open-source Python scripts to tell your house which tasks to automate. And since you’re retaining total control of your connected devices, you can double down on security measures to your heart’s content. 

Here are some of the ways to implement connected home features on a DIY device like Arduino or Raspberry Pi. 

Arduino Projects See also: Arduino Rising: 10 Amazing Projects For The Tiny Microcontroller

The Arduino isn’t a fully functional computer, so you’re going to need to connect it to a computer first to program it, and it'll need to run off a battery or outlet after that. But at half the size of the Raspberry Pi, it’s a small and unobtrusive sensor for your home. 

  • Make an Arduino safety alarm. Connect the device to a beeper and a bell to warn you of an intruder or a fire. The creator of this open-source project said he successfully scared off an intruder by using this device. 
  • Build an thermostat that connects to your air conditioning unit, or, if you’re in the United Kingdom, your combination boiler. Both projects include an LCD screen so you can monitor and adjust the temperature. It's not as cute as Nest, but totally custom. 
  • Monitor your home while you’re away with an Arduino-powered "Internet of Things" camera. You can install an Eye-Fi SD card in an Arduino Uno to program it to take photos and then push those photos to a site or device of your choice. 
  • Get the most out of an Arduino by programming it to control central heating, lighting and security in your house. This tutorial uses Home Easy, a wireless home automation tool that enhances Arduino’s connected capabilities significantly.
Raspberry Pi Projects See also: 12 Cool Projects For Your Raspberry Pi

Raspberry Pi can double as a second PC. Just give it a screen and a keyboard and you can use it to program itself. That means you can either run it in the background as it collects data off of the sensors you’ve installed, or you can use it as an Internet of Things control hub. 

  • Never forget to feed your pets again; let Raspberry Pi do it. This dual pet feeder could work for dry cat or dog food, and can be assembled in four to six hours. Have a pet that’s more scaly than furry? Try our IoT fishtank tutorial
  • If you have more time than money, make Pi into an automated sprinkler system. The creator set it up with wireless so he could control it through a simple SSH login. Read more about how to login with SSH here
  • Build an app to control your lights from your computer screen. Raspberry Pi’s general purpose input output (GPIO) pins emulate pressing on and off switches. That way, instead of physically visiting the light switch, you can activate your lights with one click of your mouse. 
  • Last but not least, if you’re a DIY genius you might as well build a Pi home automation center that wouldn’t look out of place at Starfleet. There’s no tutorial for this Star Trek inspired control panel that monitors doors, windows, lights, weather and more, but watch the video below and see just how polished a DIY solution can look:

Photo by Lauren Orsini for ReadWrite

The Rear-View Camera Is No Longer Just An Option For Cars—It's The Law

Wed, 04/16/2014 - 13:04



ReadWriteDrive is an ongoing series covering the future of transportation.

Here’s something gruesome to consider: More than 200 people are killed every year when cars are reversing—most of these deaths are children. Back-up accidents also injure more than 15,000 people each year.

These factoids get more tragic when you consider that it’s usually a parent behind the wheel, and the cost of preventing nearly all of these accidents is a cheap piece of technology: A $50 camera.

Take heart. The U.S. National Highway Traffic Safety Administration (NHTSA) took a big step on March 31 to prevent those horrific accidents when it ruled that all new cars must be equipped with back-up cameras by May 2018.

Auto companies usually dig in their heels and fight against any new mandate that adds cost to a vehicle. But in this case, the cost is modest—about $150 if both a camera and screen are required, and just $50 for a car that already has a dashboard screen.

“There’s a reason we have a timeline now,” said Thilo Koslowski, a Gartner analyst for vehicle information and communication technology. “Most manufacturers are planning to put displays and screens in the cars anyway. The cost of doing this is less than one-percent of purchase price of your average new vehicle.”

Inevitable Migration

The Volkswagen XL1 concept car doesn't have side-view mirrors or a direct window view to the side. Drivers rely strictly on a camera and monitor.

There's a well-established process of flashy new car technology eventually migrating to more proletariat vehicles. In the case of safety technologies, it started decades ago with air bags, pre-collision warning systems, and electronic stability control—first seen in brands like Mercedes or BMW models as costly options, and then finding its way to Ford, Chevy and the like.

These days, when everybody loves geek gear, consumers are only too happy to pay another fifty bucks for something cool like a back-up camera.

“Heads-up displays used to be luxury,” Koslowski said. “Now, it’s in cars from Toyota and Mazda.”

Koslowski believes more futuristic features—like self-parking and 360-degree cameras for parking assistance—will also become commonplace. That’s because these technologies, usually developed by tier-one automotive suppliers, are designed and priced at a premium when introduced in low volume. Then, these features ramp-up to larger quantities and the cost drops as they go mainstream.

“This is all planned,” he said. “It doesn’t happen by accident.”

We are already at mainstream levels with back-up cameras, which are found in approximately half of today’s new cars. Even more models have screens, due to an insatiable consumer desire for entertainment, navigation and connectivity features.

Independent car technology expert Doug Newcomb said “any automaker that’s going to have an infotainment experience needs some kind of screen." At the same time, the cost of cameras has significantly dropped in recent years—mainly because camera components have integrated into hundreds of millions of smart phones and mobile devices.

Common Sense, Mandated

To recap in simple terms: Back-up cameras are cheap and they save lives. Unfortunately, that wasn’t enough to get the government or the auto industry to make them ubiquitous. It took a lawsuit by Consumers Union, publishers of Consumer Reports, to get NHTSA to act—even after it blew past deadlines established by the Cameron Gulbransen Kids Transportation Safety Act of 2007. Backup safety regulations were expected in 2011.

Cars with rear-visibility technology already earn brownie points in NHTSA safety scores—the same way the federal safety agency gives higher scores to cars with electronic stability control, autonomous braking systems, early collision warnings and lane keep assist.

“NHTSA and others have shown, statistically, that a lot of lives can be saved by these systems,” Newcomb said.

The side-view camera on the Volkswagen XL1 concept car.

The final rules on the rear-visibility mandate, which applies to cars built after May 1, 2018, requires the field of view from the camera and screen to include a 10-foot by 20-foot zone directly behind the vehicle. The system must meet other requirements including image size, linger time, response time, durability and deactivation.

Now that we’re on course for back-up cameras, perhaps it’s a matter of time before side-view-mirrors are replaced with cameras. One week after the NHTSA ruling on back-up cameras, Tesla Motors applied to the safety agency to allow side-view cameras to replace side-view mirrors—a move that increases the efficiency of cars through better aerodynamics. And they also look pretty cool, to boot.

Images courtesy of Chrysler, Ford, and VW

How Microsoft's Cortana Stacks Up Against Siri And Google Now

Wed, 04/16/2014 - 11:53



Cortana doesn’t want you to know where Master Chief is hiding. But for just about everything else, Microsoft's new voice-controlled personal assistant is ready and available to do your bidding.

See also: Introducing Cortana, Plus 8 Other Things To Know About Windows 8.1

Cortana, a new feature in Microsoft’s Windows Phone operating system, is both a search engine and a helper, just like its counterparts: Apple's Siri and Google Now for Android. Cortana—who says she's female, though not a woman—is Microsoft’s attempt to counter Google's domination of Web search on smartphones while also serving as its counterpoint to the cheeky and informative Siri on the iPhone.

In this way, Cortana—like almost everything in Windows Phone—emerges as a combination of iOS and Android features embellished with some of Microsoft's own unique elements.

Cortana Leans On And Learns From Bing See also: Windows Phone 8.1—The Good, The Bad And The Ugly [Review]

The first thing to know about Cortana for Windows Phone is that it is, at heart, Microsoft’s Bing search engine. At Microsoft Build 2014, one press session bore the title “The Bing Platform”—and it was all about Cortana.

Bing is no longer its own separate app, nor are there any specific Bing features like news or weather. It's now all Cortana, all the time. On Windows Phone, the two are basically indistinguishable.

By using Bing as the backbone of Cortana, Microsoft has made it a lot like the Google Now assistant on Android. Cortana recognizes your interests and uses Bing to mine various information categories to deliver news and contextual information that you are supposed to find particularly useful.

During setup, you can choose among pre-defined interests like health, sports, technology or headline news. You can set your favorite sports teams or neighborhoods where you like to eat and explore. Cortana will then deliver you information based on what you like and where you are, using both Bing and the sensors in the smartphone that help keep track of what you do and where you do it. The information is delivered in Cortana’s notebook, the equivalent of using a homescreen on Android for Google Now.

Where Google Now differs is that it uses a variety of factors to determine what information it delivers users. If you sign in to your Google profile, you can have it access Gmail, search, navigation, calendars … all of Google’s core services. It will also note what websites you visit when you are signed into Chrome and note those in the Google Now feed as well.

Cortana (left) Notebook vs. Google Now news stream.

Developers can tap Bing to power their apps as well, which then can bring third-party customization to Cortana. Only five third party apps have been built for Cortana at the time of launch: Flixster, Hulu, Twitter, Facebook and Skype (which is owned by Microsoft). Cortana has an open software developer kit for interested app makers that want to integrate it into their products.

Cortana's voice-control and language interpretation functions rely on a hybrid of on-device and cloud computation. When you speak to Cortana, your phone will use key speech patterns to interpret what you've said. If Cortana doesn’t understand a particular word, it will reach out to its neural network in the cloud to filter for possibilities. This hybrid approach is designed to let Cortana learn better speech recognition over time.

An Assistant Like Any Other

Cortana straddles the line between what Google Now provides as a search engine and how Siri acts as a personal assistant.

Google Now is an assistant without a personality. It is essentially Google delivering information you might want or need and allowing you to control your phone through voice actions. It wants to tell you stuff before you think you want to know about it. The other day, for instance, Google Now told me that I had to leave for a meeting at 1:57 p.m. to get to a meeting by 3 p.m.

You can set reminders, tasks, timers, send texts or emails through Google Now as well, just like you would with an actual assistant. But for a variety of reasons, Google decided not to make Google Now a search experience driven by a particular character the way Siri and Cortana are.

Siri doesn't provide the precognitive abilities that Google Now or Cortana do, because its fundamentally different under the hood and doesn't have a search engine spine the way the Microsoft and Google offerings do. Instead, Siri hooks through both partner databases and search engines, relying on Wolfram Alpha and Microsoft's Bing (to a certain extent) for computational search power.

Siri provides contextual, relevant information like stocks or sports or weather by creating hooks to third-party databases Apple has partnered with. Siri can also set reminders and alarms, open apps, post to Facebook or Twitter and navigate. Siri set the standard of personal assistants on smartphones, which Google Now and Cortana have now largely matched in different ways.

Cortana has a couple of additional capabilities that set it apart from its rivals—for instance, by personalizing your communications with trusted people. If you establish someone as a member of you “inner circles” within the app, you can then use Cortana's voice control to set reminders by name.

So you could tell Cortana to “remind me to read Rebekah’s essay this evening,” and it would understand who you're referring to. Siri and Google Now have similar capabilities, but Cortana takes it a step further.

Cortana also has a personality all its own. The assistant is named after an artificial-intelligence character in the game series Halo—a guide that gets you through missions and helps along the way. On Windows Phone 8.1, Cortana (which is voiced by the same Halo actress, Jen Taylor), will respond to Halo-related questions. For instance, if you ask where Master Chief (the main character in Halo) is, Cortana will give a variety of answers.

Where is Master Chief?

Cortana also knows that it is a computer. Yes, it will identify as female, but will also give answers such as “I contain multitudes” (a Walt Whitman reference) and “Is there a third option?”

Cortana: Still A Beta

Microsoft’s goal was to imbue Cortana with a personal touch. It combines the semantic search of Google with the personality of Siri while still being fun and dorky in a Microsoft kind of way. Which you may or may not like, depending on your view of Windows Phone and whether you play Halo.

That said, Cortana is still in beta. After using it for a little more than a week, it's easy to see that the assistant is still coming into its own. Cortana's voice recognition is good but often requires precise enunciation (Cortana often confuses itself with Cortado, apparently a city in Italy), it doesn't always connect contacts with data correctly and its navigation sometimes misfires.

It also doesn’t have a touchless command, the way Google Now on Android devices activate when a user says “OK Google.” These types of problems are fairly easy to fix, so Microsoft can presumably work them out ahead of the formal launch of Windows Phone 8.1 later this year.

Lead image of Cortana in Halo 3 by Flickr user Brian, CC 2.0

Atlassian's Geeky Software Carves Out A Big Home With Developers

Tue, 04/15/2014 - 17:54



f you're not a developer, you're not going to understand Atlassian's success. Atlassian employs no salespeople, yet it's doing over $200 million in annual sales, according to a recent report in The Wall Street Journal.

While enterprise software companies struggle to make their wares more consumer-friendly, Atlassian builds software that only a developer could love: It's geeky, not super intuitive and frankly somewhat unpleasant to use for a business user like myself.

Yet it's now worth $3.3 billion. How's that?

Of The Developer, For The Developer

Atlassian co-founder Scott Farquhar told The Wall Street Journal that "These days, people are making decisions based on how good the products are." The definition of "good" may not be the same for developers as it is for the average business user, however.

Wikis, issue tracking systems, Git code hosting, etc.—these are not tools your head of marketing really wants to use. I should know: Every time I have to fill out a JIRA request to get content changed on my company's website, a little part of me dies inside.

Then again, I'm not Atlassian's target market. The developer is. And developers love Atlassian.

In the world of developers, the definition of "ease of use" differs. This is a world that still thinks fondly on the command line. Even among this crowd, however, Twitter's Chris Aniszczyk posits that Atlassian's software may not be the best, but rather the best of a bad lot:

@mjasay best option from the crap pile and they have an great a la carte model where you don't have to buy into the whole stack

— Chris Aniszczyk (@cra) April 15, 2014

I'll take Chris' word since I'm not much of a developer tools power user myself, but it's his latter argument that I find so compelling: Atlassian succeeds, in part, because it treats its developer audience with serious respect.

Giving Tribute To Developers

This reason behind Atlassian's success is echoed by Fintan Ryan of Strand Weaving, who suggests Atlassian tools are "the best of a limited bunch, and relatively configurable."

While the first part of Ryan's comment suggests Atlassian doesn't deserve much credit, it's the second half that really sets Atlassian apart. Developers don't want unnecessary frills that get in the way of productivity. This same desire is what has driven GitHub, AWS and other developer-focused software to succeed. 

That group of tools developers love is a very small club. As it turns out, it's very hard to develop tools a wide array of developers want to use. 

Not only does Atlassian support the things developers already do, but as Operational Results web developer Cody Nolden notes, Atlassian's tools may actually expose problems in team workflows:

They’re very configurable and can match whatever workflow your team uses. I’ve found that when I struggle to use Atlassian tools it’s because of more underlying struggles as a team not knowing what process we follow and we haven’t configured accordingly.

Ultimately, Atlassian succeeds not because it's the best tool among a bad bunch, but because it respects developers' time and concerns. Tools like JIRA are intentionally not flashy. They're utilitarian, not because Atlassian lacks creativity, but because the company cares more about what developers want than what marketing or sales or other groups within a company may want. This shows not only in the software itself, but also in how it's sold: Atlassian is salesperson-free, over-the-web, and costs a reasonable amount of money.

That's a great strategy for appealing to developers.