 |
There was an unusual amount of buzz around yesterday’s opening keynote by Richard Rosenblatt, CEO and chairman of Demand Media. Certainly an interesting guy - the former CEO of Web phenomenon MySpace now making Waves in the hosting world after co-founding Demand Media, and acquiring eNom and Bulkregister last year to create, among the company’s assets, the second largest domain registrar in the world. Attendees arriving for the keynote all but filled out the very, very large grand ballroom here at Navy Pier, a fact that reinforced, for me, the unusual level of interest in the keynote. 
The presentation itself was a show of the sort that doesn’t often find its way onto the stage at events like these - bringing a healthy dose of jokey showmanship and what appeared to be a loosely-rehearsed bit with late night TV host Carson Daly (a Demand Media spokesperson). Ostensibly focused on its title, “Next Generation Web: What Lies Ahead for Hosting,” the enjoyably brief (I would estimate approximately 20 minutes) keynote was, despite Rosenblatt’s claims to the contrary, basically a run-through of what Demand Media does. The conflict, however, was forgivable in that Rosenblatt appears to believe very firmly that what Demand Media does is, in fact, what lies ahead for hosting. 
Demand Media’s most notable offering, at the moment, is a repackaging of the .tv domain as a sort presence-building product via video and social networking technology, through the site ChannelMe.tv. The company offers a $25-per-year package that includes a .tv domain and a template-based package for constructing a personal video channel (in the vein of an evolved MySpace) using social networking tools and functions for “grabbing” video content from other sources (such as YouTube). The company’s plan for profiting from these channels involves directing traffic to Demand Media-owned properties featuring particularly targeted user-generated content (a gardening-oriented social network was one example). While the ideas Rosenblatt presented didn’t quite cause the building to crumble around us, they were forward-thinking enough to catch the attention, and the admiration, of some very savvy Web hosting industry folks. Later that evening, more than one person assured me that Rosenblatt gets it. By that, I imagine these people mean that he doesn’t view hosting as it was or as it is, but how it ought to be. Not surprisingly, quite a few of the people I’ve spoken to at HostingCon have ideas about how hosting ought to be. Rosenblatt’s opinion certainly is worth noting. His point is that there is a whole market of consumers, and even businesses, that is now used to dealing with hosting without ever realizing that they’re dealing with “hosting.” They use services like MySpace, Flickr, Facebook, YouTube or any of dozens of others, to host their content on the Web, without ever paying for it, and without ever deciding on a disk space allotment or worrying about bandwidth. Selling services to this market is an undertaking entirely separate from selling a dedicated server to a developer. To illustrate, Rosenblatt played a promo clip from the ChannelMe.tv site during his presentation. In the video, Daly describes the product with phrases like “naming your channel” and “grabbing video” never once mentioning, said Rosenblatt, that he’s selling you a domain name. During the question period after the speech, somebody asked how much bandwidth the service used. Rosenblatt said he didn’t know, and implied that he didn’t care. Obviously, he was joking. But his point was evident: It doesn’t matter. Not to the customer’s he’s after - who don’t think in terms of hosting and bandwidth, but in terms of profiles and networks. Validating that vision, he said, is the fact that Demand Media has sold more than twice as many .tv domains in the last three months than VeriSign sold all of last year.
Not entirely sure about this one. I saw a press release from a company called WeBuyHostingCompanies.com, a newly launched organization designed to help small Web hosting providers unhappy with the extent of their success in the business to sell their companies. The press release points out: According to ResultsAbout, a quality online content provider that is a division of About, Inc., there are more than 170 million Web hosts on the Internet. SearchEngineWatch.com, a Web source for search engine marketing, estimates that there are six billion Web sites on the Worldwide Web. If those sites were divided equally among every host, each hosting company would be home to only 35 sites. Obviously, that equality doesn't extend to all, explaining why so many small hosting companies can't make a go of things. The site is the project of an individual who is not named, either in the announcement or on the site (but who is referred to as “he” at one point). The service’s operator, apparently the operator of a hosting provider himself has “contacts aplenty,” which amount to a list of willing buyers waiting to make offers on small, ailing hosting companies. Apparently, the site has cash reserves of its own that enable it to turn around a sale in the space of a week. All in all, not an earth shattering idea. But it’s by no means a bad idea. Funny. This was the paragraph where I was going to start pointing out things that had me doubting the legitimacy of the service (the strange single-page Web site, the general lack of contact info). But between the last paragraph and this one, I spoke on the phone with Ralph Smith at Fat Jack Hosting, the company responsible for WeBuyHostingCompanies.com. Now I’m a little more up to speed. Fat Jack is looking to incorporate some of the smaller hosting companies that never took off into its own business. Not exactly the broker I was envisioning. The site launched unofficially last week, and officially today. Smith says the offers are already coming in, and the company has completed one acquisition so far. The largest host offered so far was one with 100 customers. I suppose if you’re interested in getting out of the hosting business, this might be worth looking at. I’m going to follow up with Ralph in a week or two and see how this project is going.
An article posted on the PC World Web site this week pointed to the explosion in phishing sites last year, and examined the potential phishing threat now and in the future.
According to the article:
"In November 2006, the last month for which data is available, the Anti-Phishing Working Group found 37,439 new sites, up an astounding 709 percent from the 4630 sites in November of 2005."
We've seen lots of news regarding the launch of extended validation certificates from the SSL certificate authorities, and the Web hosting businesses that sell their products.
Extended validation certificates, for the behind-the-SSL-times out there, are the result of a standard for improved validation developed collaboratively by certificate authorities in a group called the CA/Browser Forum.
According to VeriSign (one of the companies involved in developing the standard):
"To issue an SSL Certificate that complies with the standard, a CA must adopt the extended certificate validation practice and pass a Webtrust audit. The validation process requires the CA to authenticate the certificate applicant's domain ownership and organizational identity, as well as the individual approver's employment with the applicant, and authority to obtain the Extended Validation SSL Certificate."
At the beginning of this year, Web browsers including Internet Explorer 7 and Opera began offering support for the new standard, highlighting the address bars of validated sites in green.
Of course more validation is a good idea. And of course added validation will make certain specific phishing attacks ineffective and phisihing in general more difficult to pull off.
But how effective will EV certificates be in general?
A report cited in a ZDNet article, also posted this week, says that studies have shown that EV certificates may be limited in their effectiveness at the moment.
According to this article:
"According to a recent usability report released by Microsoft and Stanford University, new Internet security tools such as EV SSL certificates have limited potential to defend against fraud by identifying the source of content displayed on a Web browser."
Specifically, they rely on the user at least somewhat - to understand the certificates and their use. And without being educated on the operation of SSL certificates, a user might not be equipped to recognize an EV cert in action. And it seems to me, the kind of user that would be unaware of SSL technology is the same user that would probably be most likely to fall victim to a phishing scam in the first place.
It would also stand to reason that "extended validation" was made necessary in the first place because ordinary or standard validation was less than 100 percent effective in stopping sites from being spoofed.
Phishers are already in the business of identity theft and fraud. And underestimating their ability to commit fraud would be an obvious mistake. Whether they'll be able to defraud certificate authorities to acquire EV certs of their own, or find some other way around the technology is the question. I wouldn't be quick to bet against them.
I also spoke this week to Scott Cutler, executive VP at email and spam filtering firm AppRiver.
(I'll discuss the interview further in a separate blog post)
He had a lot of interesting things to say about the cat-and-mouse game that takes place between spammers (and phishers) and the companies that work to protect users from them.
But among the most interesting impressions I took away was the awareness that anti-spam operators have of the abilities of spammers to circumvent just about any barrier we can put in their path.
While it may have once seemed that the spam problem was on its way to being "solved," anti-spam operators these days are operating from the assumption that spammers already have their next step planned.
Spamming and phishing, while often part of the same package, are not the same thing. And a SSL certificate is, of course, a completely different style of defense from a black list. But it's often the same people on the other side of those defenses, and their resources are remarkable.
It may be that the question is not "how effective will extended validation certificates be?" but "how long will extended validation certificates be effective?"
Tags:  extended validation ssl,  phishing
Never a dull moment in Sealand, it seems.
The Times reported this week that the 6,000 square-foot abandoned gun tower located in Europe's North Sea, occupied and declared sovereign in 1967 by British war veteran Roy Bates - was for sale.
No doubt it's the nature of the thing that invites dramatic results. A lawless "nation" the size of a very large house located outside the jurisdiction of any larger, more established country is the kind of thing that gets outlaws salivating over the devious possibilities.
One possibility was the "offshore data haven," which was realized by the company HavenCo in 2000. HavenCo set up a colocation facility on the platform, suggesting that international copyright and intellectual property laws did not apply, or were not enforced, in this particular country. Legal problems, uptime issues and other complications plagued the company, which appeared by 2003 to be coming apart.
HavenCo appeared to be in operation as recently as July, when a fire on the platform required one security guard to be rescued by the Royal Air Force. Presumably, he was guarding something.
This morning, BoingBoing.net pointed out that Pirate Bay, a torrent tracking site that, judging by the name, just might be up to some illicit activity of its own, is working on a plan to buy Sealand. It set up the BuySealand.com site, and is offering citizenship to anyone who donates money to the cause.
If it fails to raise the Sealand asking price, Pirate Bay has other plans:
"Plan B: If we do not get enough money required to buy the micronation of Sealand, we will try to buy another small island somwhere and claim it as our own country (prices start from USD 50 000)."
It's probably worth pointing out that the reason Sealand's sovereignty has never really been challenged is the fact that it operates well under the British government's radar. I'm sure in the 60s, letting a crazy man live on an abandoned platform and refer to himself as a "prince" probably seemed a lot easier than, you know, going to get him.
And by the sounds of it, HavenCo was so poorly and unreliably run that it never mounted much of a credible threat to liberty and justice around the world.
I'm sure the day somebody sets up a noticeably illegal operation on Sealand, the British government will pretty quickly demonstrate the extent of Sealand's "sovereignty" (note: the extent is zero).
Anyhow, I'd better spend all these Sealand dollars before the country closes down.
Tags: sealand, havenco, pirate bay
Dotster issued a press release today revealing that it has completed the long process of assembling its crack team of nice-looking gals, the "Dotster Dots."
Here at theWHIR, we have dutifully covered the process, in part because of the amusing deviation from the more common day-to-day Web hosting hustle. But don't discount our genuine interest in the fairly bold message of a technology company ascribing to the fairly outdated concept of the "spokesmodel."
Yet, as interested as I was in the project, my overall response to the announcements could generally be summed up as "really? Really?"
Granted, Go Daddy did once famously parlay its work with a bona fide bimbo into some serious mass-media attention. But that seemed from the start like a "lightning doesn't strike twice" kind of circumstance that even Go Daddy has been unsuccessful in recreating (see slide number 6). And Dotster's announcements seemed to indicate that it was going more in the "classy lady" direction.
For whatever reason, I developed the impression that when I actually was able to see these women, I'd be able to "connect the dots," so to speak, and come up with a better understanding of exactly what Dotster aspires to in all of this.
Fortunately, the company's most recent announcement was accompanied by the posting of plenty of fun talent-search stuff, including an apparent collage of the Dots themselves.
Unfortunately, I am left with more questions than before. For instance: do they have actual super powers, or are they just regular action heroes?
I get the feeling Dotster has a sense of humor about the whole thing. At least a little bit. They posted some pretty silly clips from the talent search.
But for me, the question is whether there really is a need on Dotster's staff for six fairly attractive women who don't appear to have any real training or experience relevant to Web hosting, regardless of their ability to drop science.
Dotster is obviously going after a very mass-market Web hosting audience with its MyInternet service - a domain name and Web site package pitched in the strictest layman's terms - which brings me back to the question of how you market Web hosting effectively to people who don't know they want Web hosting.
The problem with Dotster's approach, I think, is that the company isn't giving its customers much credit. Pretty girls and tricky "less than a dollar a day" math may get a consumer's attention, but I doubt it will build a solid foundation for any long-term loyalty.
Consider me skeptical.
Tags: dotster, spokesmodels
Of course, spam is always an issue in general. It's something I'm always aware of, both peripherally in terms of the Web hosting business, and personally, with regard to my own in-box.
But the fact that spam is more of a problem now than ever before has specifically been brought to my attention, anecdotally and editorially, in the last few weeks.
One of our newest bloggers, Ravi Agarwal (who happens to be CEO of a hosted Exchange company) posted last week about the massive spike in the volume of spam email over the past few months:
"At groupSPARK Exchange Hosting, we've noticed that our inbound spam has pretty much doubled over the last two months."
I also had the opportunity last week to speak to Scott Culver, an executive vice president at spam filtering (and hosted exchange) company AppRiver, who had plenty to say about kind of advances in technology that are enabling spammers to make sure their disruptive email becomes ever more voluminous and more deceptive.
Obviously, in the past year or two, the numbers of computers infected with software that makes them available to be used in botnets has increased the power of spammers to deliver sheer volume of messages exponentially.
Spam, even if it doesn't reach the end-user's in-box is a serious cost issue for ISPs, both on its way in an on its way out.
Companies like AppRiver and groupSPARK certainly do their in blocking spam. And they do good work. But the simple reality of the relationship between spam and anti-spam ensures that the anti-spam operators are always reacting to spam, which makes it difficult to make any headway against the source.
It seems to me that spam is enough of an epidemic, and there are enough people and organizations negatively affected by spam, that there ought to be some greater, organized offensive against some of the sources of spam.
Here's one: ignorance.
At its most basic level, spam relies on the reality that there are people out there who are willing to accept the reality that some well-meaning stranger is emailing them out of the blue to sell them something that will enhance their genitals. Or to inform them that they just won a contest that they don't remember entering. Or that banks ever email their customers asking for details. And that unsolicited email is the chosen method for communication of any of these people.
And one might assume that these people watch television - I'd bet a lot of them watch American Idol. How about a program of public service announcements? What about some government involvement? I'm sure ISPs would kick in some funding if they thought the program could really put a dent in the volume of spam (and it only stands to reason that reducing the willing audience for spam would reduce the number of people capable of making a living off sending it, and therefore the volume of it overall.)
I spoke to Scott Cutler about this a little bit, and he admitted that the folks at anti-spam companies (understandably) have little time to work out things outside of the realm of simply blocking the mail itself.
And I don't mean it as disparaging when I point out that it really isn't foremost in the interests of anti-spam companies to reduce the volume of spam. That's really the realm of people who deal in bandwidth.
And yes, I understand that spam will never go away entirely. Certain snail-mail scams that have been understood as such for decades still appear to be going strong. And the most successful spam, it appears, preys on that special cocktail of naiveté, insecurity and greed that seems to be one of humanity's greatest failings, and one of its most plentiful resources.
All I'm saying is, hey, let's try something else.
Tags: spam, anti-spam, groupspark, appriver
| |
|
|
