November 26, 2007

FreeRice - charity or profit center?

Many people have discovered FreeRice, the fun little website where you test your vocabulary, see some advertising, and have some rice donated to the world's hungry - paid for with a fraction of the funds taken from the advertising revenue.

It is definitely innovative, and at first cut, sounds like a good idea. But is it legitimate? I'm not talking about whether the rice actually gets donated. There is no proof given, but even assuming that it does get donated as promised, is this site moral - or is it a personal profit center based on deceit and greedy taking of the public's good will and time? There has been a bit of discussion on this topic, but not very much considering how much traffic this site is seeing (10's of million's of pageviews per day).

So what is the issue? The problem is that the actual value of the daily donation is tiny and the potential revenue is huge. I've seen estimates on the web that show profits ranging from about $10K to $150K. Mine put it at about $100K (see below). But the main point here is not legal, it is ethical and social.

If the sole premise of a site's existence is to do charitable work, then it must do so honestly. As with other charities and organizations that manage other people's resources, it should disclose what percentage of income is actually given as charity, how much is administrative overhead, and how much is profit. It doesn't matter that the source of the funds doesn't come from the customer's cash. It still comes from the customers - just through their time and attention rather than their dollars. And the ethical requirements of charitable work are different than pure business.

The standard bar for understanding ethical behavior is full disclosure. If the site said what was really going on, and people continue to choose to participate, then the site has cleared the bar and will reap the world's good will. But without saying what is really going on, we have to assume there are nefarious purposes, and significant personal benefit taken from the charity of others. That kind of behavior may thrive for a while, but can't last as charitable work that is honest will take over - and it can't happen soon enough.

My estimate:
200,000,000 approx donated grains (Nov 15, 2007)
25,000 grains per pound
8,000 donated pounds
$5,600 donated dollars (assuming $0.70 per pound)

$5 assumed CPM
(thousand ad impressions)
20,000,000 Impressions
20,000 thousands of impressions
$100,000 revenue

October 24, 2007

ICDL Going to Mongolia

I'm going back to Mongolia next week to finish the job I started last year. The International Children's Digital Library (ICDL -, which I am the technical director of, is working with the Mongolia Ministry of Education, Culture and Science on a World Bank-funded project to help improve literacy, and a culture of reading for pleasure.

While the larger project is centered around traditional paper books, there is a surprisingly foresightful effort looking at digital technology. Last trip, I set up an ICDL server in Ulaan Baatar - available at This time, I'm going to set up some servers in rural schools and to do teacher training (with graduate student Sheri Massey) to explore how technology can be used in places far off the grid.

While Mongolia is slowly wiring up the country, a significant number of soums (i.e., towns) may have electricity, but have no internet. We decided that since we know the internet is coming (eventually), and they were buying computers anyway, we would set up the ICDL on a server in each school, and use the local network to provide access to the 200 new books (plus many of the existing ICDL books) to the children in these schools.

I'm afraid that as crazy as it seems, the only way to set this kind of thing up is to go out there with software (and many, many backups) in hand, and set things up myself. We've got our system configured to now also run on Windows servers with standard distributions of Apache, Tomcat and MySQL. And we've got things set up so it all starts up nicely when the computer starts. And we can even update the library by sending a disk out there, and having someone press a special button (or so we hope).

Installing this software without recurse to help if things go wrong is a bit daunting. Especially because these schools are all 1-2 days drive on cold dirt roads from the Capital and each other. I'm really, really hoping I don't have a bad technology week.

And, of course, I won't be able to blog about the trip until afterwards since I'll have no connectivity - but I'll be sure to have lots of stories when I come back on November 12th.

September 20, 2007

A Great Computer Scientist - Randy Pausch

You may not know Randy Pausch, but you should. He is truly a great computer scientist - but unfortunately, one who is dying. He was scheduled to give a CS Distinguished Seminar at UMD last year, but had to cancel on account of his illness.

On Tuesday, he gave his "last lecture" at CMU which Allison & I attended. Given that he is brilliant, a wonderful showman, and forthright - and expecting to die before long with advanced pancreatic cancer, it was a talk that is hard to describe the gravitas of - whether you know Randy or not.

While the audience (an overflowing room of 500 or so), was obviously distraught - Randy focused on the lessons of his life. What he was proud of, what was difficult - focusing on what it took to achieve his childhood dreams. And he talked a lot about the satisfaction he has taken in focusing on undergraduate education and broadening the students interested in computer science (through Alice, his very popular 3D system that offers an introduction to programming) among other things.

You may not have the pleasure of getting to know Randy in person, but I promise that you will not be disappointed if you spend the 1.5 hours to watch his talk. Here is a wall street journal article about it.. The weird thing is that the hyperbole in this article is actually understated. The talk was far beyond anything I've heard before.

The full video of his talk is here:

Randy's personal page and treatment blog is here:

August 17, 2007

FolderShare in slow motion

More than any other software in recent history, FolderShare has changed my work habits, dramatically improving my mobility and the reliability of my data. It is simple file synchronization software that makes all the files (and subfolders) in a folder stay the same across machines across the internet. Adding, removing, moving, or changing a file in one machine results in a near-instantaneous matching change on all synced computers. And it even works on Macintosh (sort of).

FolderShare is amazing because it enables me to go back and forth between my desktop computer at work, my laptop, and desktop at home. (I also use it to collaborate on important shared projects with other people). And by replicating my files across multiple computers, it is a free and simple backup solution. It even gives me the ability to remotely delete files were my laptop to get stolen.

FolderShare was created by ByteTaxi, a startup a few years back, and acquired by Microsoft November 2005. And sadly, Microsoft has not done one single thing since then. The website has not changed. The product has not changed. Actually, that's not true - it got a bit worse. When Apple upgraded their OS some months back, encryption to Mac stopped working, and now the only way you can sync to Macs is to completely disable encryption on all synced computers - pathetic.

Well, they did add a newsgroup, but they don't respond to users. Has Microsoft learned anything about Web 2.0? About the speed of the Web? About being innovative? They acquired an awesome product, and are slowly smothering it to death. Yes, there are rumors that it will re-emerge as a new Live service, but when I saw how pathetic Live's new SkyDrive service is, I came close to losing my last bit of hope. If FolderShare wasn't the best solution of this kind out there, I would have given up on it (and probably Microsoft) long ago, but it is still great (modulo the Mac encryption problem).

So, Microsoft, please, please - be more responsive. Yes, you're a big company - but do you really think sitting on a great innovation for coming on 2 years without any communication to your users is the caring for your users? Has your confidence eroded all awareness of the impact of your actions on people's perceptions and feelings about Microsoft as an entity?

I won't be that surprised if Live does come out with something good here eventually, but I'm afraid that even if the product is revived, my opinion of Microsoft has suffered.

July 1, 2007

iPhone design trade-offs

There is plenty to like about iPhone - and we all already know about that. And there are some obvious challenges (i.e., slow network, lack of physical keyboard, no OTA syncing of calendar & contacts). But a lot of important, yet more subtle challenges have not yet been reported widely yet. These are largely due to trade-offs given the lack of not only the keyboard, but also D-Pad, Home and Back buttons, and soft keys that are so common on just about every other phone. So, how does this impact usability? Let's take a look by comparing to some other comparable devices for a variety of tasks.

  • Make a call to a contact:
    • BlackBerry 8800 (~2 secs): Start typing from the home screen, scroll down to filtered item and press action. I have 992 contacts. I can get to just about anyone in 4 or 5 keys, a scroll, and a click. Windows Mobile is also about the same as this, but it responds a lot more slowly.
    • iPhone (~4 secs): Press Phone. Press Contacts. Press the first letter of the last name on the right side of the contacts. But since these letters are tiny, you usually have to drag up or down a few times to get to the right letter. Now flick up or down to visually search for the person you are looking for. Press the person. Press the # you want to call. iPhone is not only slow, but painfully distracting.
  • Look at photos:
    • iPod: Flipping through a lot of full-screen photos is unbelievably fast. As you spin the wheel, photos fly by. I can probably scan 20 per second. It is also physically easy and doesn't require much attention. Just fling you finger around the wheel. I can do this to look at tons of photos.
    • iPhone: Looking at photos on the iPhone is undeniably beautiful and pleasing - but to flip between full-screen photos requires a flick for each one. The fastest I could manager was about 4 per second, and that required a lot of finger movement. I wouldn't want to do this for more than about 20 photos.
  • Read text on the web: Much has been made of reading web pages on the iPhone. Everything that is advertised is true - but they forget to mention one thing. If your eyesight isn't terrific, you'll have to take advantage of the beautiful two-finger zooming-in feature - even after you've zoomed in to an article. But if you do that, then you'll have to horizontally scroll back and forth to read each line. This is an unimaginably bad experience. In other mobile browses, content is laid out vertically. They certainly have their own problems, but once you get to reading an article, you can set the font size, and just press the space bar or down arrow to scroll down one page at a time. On the iPhone, if you can't read the natural size, you are just going to have a really lousy experience.
  • Things to do: Part of the fun of computing is that there is just so much darned stuff to do - from little flash games, to java downloads, to rich apps that you pay to download. And the wonder of "widgets" is that the public makes them, so there are lots of options to choose among (i.e., see what's coming soon from ZenZui). But with the iPhone's closed platform, no Flash and no Java - you're pretty much stuck with what Apple gives you. Sure you can watch a few YouTube videos. But there are about half dozen I know of and actually searched for - whoops, those weren't available. They nicely give you a bunch of Web bookmarks to all kinds of sites – so I visited some kids sites with my 8 year old daughter. Whoops, all the ones she cares about use Flash, and they don't work. So I can read on the Web, and do iTunesy stuff. Don't get me wrong, that's pretty great - but not great enough. For the iPhone to be truly great, they have to open the platform.
  • Finding an email: Amazingly enough, there is no way to search for email.
  • Finding some music: Amazingly enough, there is no way to search for music. Hierarchies and tags are great - but sometimes you know what you are looking for, and the fastest and cognitively easiest way to get it is just to type a unique word in the title. Oh well, you're out of luck.

Now if it weren't for the fact that Apple has Spotlight on the desktop, I might think they hadn't learned about search yet. Instead, it's almost as if Apple has tacitly agreed that typing on the iPhone really is so bad that they don't want to frustrate users by having them search for stuff. Or maybe they really want you to think of this as an entertainment device, so efficiency shouldn't be that important - and the act of forced browsing will help you discover stuff you didn't know you had on your device. Or maybe they just didn't get to that yet, and we'll see it in an update before long. Cross your fingers.

June 25, 2007

Plaxo Makes Me Scared

Web services that offload the burdon of tedious repetitive tasks offer a wonderful promise. And things like having to update your address book every time any one of your contacts changes something just seems like one of those things that the modern Web ought to solve. And in fact, it does. Plaxo offloads this burdon to each individual to maintain their own contact information – rather than the hundreds of individuals that know that person.

Seems like a good thing, right? Well, almost – except for the details:

  • It puts the burdon of maintaining your understanding of someone else's address on that other person. Plaxo sends me a reminder email to "check" if I've updated my information every now and then – even if I never change anything, and even if I don't use Plaxo. This looks like a convenience feature for you, but I see it as actually being Plaxo's excuse to send advertising to everyone in your address book at your request with your credibility and (literally) your face. Do you really want to be supporting their advertising?
  • Plaxo says they will maintain great privacy of my contact information, but should I believe that? From their privacy policy, "Plaxo will not sell, exchange, or otherwise share Your Information with third parties, unless required by law or in accordance with your instructions." In other words, because you want to maintain a personal database of information about me, the government now has instant access to all of my personal information immediately.
  • If Plaxo's servers get broken into, all of my contact information is available to the world.
  • You should be aware that Plaxo explicitly maintains the right to spam you. From their privacy policy, they maintain the right: "To provide you with information about Plaxo products, services, news and events through the Software, the Site or e-mail;"
  • Plaxo can change their policy at any time – and instantly start selling all of everyone's information at will. If they are sold, for example, there is no reason to expect that a buyer wouldn't do so if it was profitable.

Plaxo is not unique – there are lots of places that centralize personal information (think Google). But this one worries more than others because they focus on personal information, and the relationship between individuals, and have an explicit business model and policy of actively and repeatedly soliciting non-customers. They also are unique in shifting the burdon from the user of information to someone else – without their permission.

January 3, 2007

In defense of Challenge-Response spam detection systems

Like a lot of people, I get a lot of spam. And in the past months, it has gotten a lot worse. On average, I get well over 1,000 spam a day, and that is after spamassassin has already processed it and deleted what it detects without me ever even seeing that. Of those that get through, Outlook puts most in the Junk E-email folder, leaving me about 100 a day to delete - intermixed with my 50 or so legitimate emails a day.

In terms of actual time lost, it is not great. Maybe 2 seconds per email to delete or 2*100=~3 minutes plus a couple of minutes to look through the junked email to salvage good ones (of which I typically find about 1 per day) for a total of maybe 5 minutes a day.

But in terms of mind share and detraction, this is huge. It means that I am continuously distracted all day long by the dregs of society - pornography, rampant commercialism, and fraud. This is the worst kind of distraction, not only taking my mind away from my flow of concentration, but doing so in a way that I do my best to avoid in every other aspect of my life, and that I would not even consider letting my 7 year old daughter have access to.

So, after giving up on all the standard solutions to spam, I signed up for SpamArrest, a commercial "challenge-response" spam detection system. This works by requiring everyone that wants to send you email to first follow a link to a website and prove they are human by reading a word in a warped image and typing it (i.e., a CAPTCHA). The reason this approach works is that:
  • Each sender only has to do this once for me. The system remembers that person for the future.
  • I can preload the system with all of my contacts and anyone I've sent email to in the past so that everyone I already communicate with won't have to validate themselves, and won't know I am using this system.
  • New people that send me email have to use this system once, and legitmate senders are usually willing to go through this step.
  • I can authenticate senders unlikely to do this (like various large e-commerce sites).
  • I can let email lists through by setting them up indivdually.
  • Spammers that send me email are almost never willing to go through this step, and so I never see their email. The reason that spammers aren't willing to do that is because they are computer software and can't, or because they are human and don't want to spend the time. In fact, most spam is sent by "spambots" which are other people's computers hijacked for the sole purpose of sending spam. This email is sent with forged email return addresses, so they never even receive the request for validation.

So, if this is such a panacea, why isn't everyone using it? Well for one thing, you have to pay for it (about $3/month). But lots of people think this approach is a bad idea in principle, and have been arguing against it. However, while I agree that it does have problems, it is better than any current alternative, and I'm not going to wait around suffering while I wait for better solutions. So, let me respond to one complaint about challenge-response systems. I'll summarize the complaints and respond here.

Concern #1. Spammers will forge mail to me with someone else's return address thus sending my challenge to the poor forgee's email box.

Looking at the actual spam I receive, the vast, vast majority has false return addresses. And of the legitimate ones, most of those very likely come from spambots running on machines that have been infected. The owner of those machines have a lot more serious problems than deleting my challenge to them. In fact, it may tip them off to the fact that they are infected. And of the few third party legitimate emailers who get my unwanted challenges, I apologize. But that is still a tiny, tiny fraction of the total spam in the world. I'll gladly stop when there are better solutions. And I won't get mad if I occasionally get unwanted challenges from others (which I do, and which is a tiny, tiny minority of the total spam I receive).

Concern #2. If a challenge-response person emails me, then both our systems will challenge each other, generating even more email traffic.

So what. We each accept each other's challenges and we're done. We only have to do this once per person. And again, this one-time extra 2 emails is so tiny in the wide world of spam, that it is a totally irrelevant argument.

Concern #3. Challenge-response systems are easy to defeat since all someone has to do is forge the From address as someone that I already trust.

This is the easiest to respond to. Yes, in theory this is true, but in practice, spammers don't know who I trust. And in the past 4 days, I have received 4,491 emails of which 165 have been classified as good. Of those, about 30 were spam, but all of those spam were sent through mailing lists that I trust, not from forged From addresses. This does bring up a legitimate problem which is that popular mailing lists may become targetted as spoofed return addresses. But again, in practice, this has not happened yet. So I'm not going to avoid using a system because it theoretically might not work at some point in the future.

The bottom line is that challenge-response systems are not perfect, and probably won't work as well if everyone uses them. But for now, they work much, much better than anything else short of a human spam deleter (now there's a good business opportunity!). And if they stop working better than alternatives, then I'll switch to whatever works better.