Lessons from the Sony CD DRM Episode is finally out and it's a most excellent piece of scholarship from J. Alex Halderman and Edward W. Felten. Let's hope it has the desired effect.

I've just been reading Sifry's Alerts: State of the Blogosphere, February 2006 Part 2: Beyond Search It occured to me that if Chris Andersen can create a speaking career out of "The Long Tail", somebody ought to be able to do the same out of "The Fat Middle"! There is a rich mine of discussion to be had about what it means and how to exploit it.

Just briefly, The Short Head is getting shorter and lower but the incumbents are usually unassailable in the medium term. And even though they've got all the concentration of money, getting your hands on it is hard work. The Long Tail is getting longer and longer while individual entries get less and less attention. If you can build systems that can handle the volume of entries and make money from the small sales per entry, there's gold out there. But it's damn hard to get at. And you need to be Amazon or eBay to exploit it. Where most of us work and where most of us end up when we're moderately successful is The Fat Middle. If you can pick a good niche and dominate it, there's relatively easy money to be made. It's also the area where the most churn happens, entries are boiling up out of the Long Tail, finding their place in the Fat Middle and then falling back again all the time.

So there you go. A quick search for "The Fat Middle" and thefatmiddle.com turned up almost nothing. You read it here first, if it gets traction, remember me!

SKMap(ww)-Global Map
Puts your Skype presence on a Google Map [from: del.icio.us]

Scobleizer Kim turns Microsoft toward open source? The Scobleizer says, somwhat tongue in cheek,

Kim Cameron, what are you doing (he just announced that he got Microsoft’s InfoCards working on WordPress and PHP and is having a conversation with lots of people in the community)? You trying to ruin Microsoft’s reputation? By listening to folks like Marc Canter?

I left this comment.

Here's a radical idea, specifically about InfoCards but applicable to anywhere MS is involved in trying to set standards. Take a leaf out of Google's book and LibJingle. Sponsor and fund a few open source programmers to produce open source libraries in all the major platforms that might implement InfoCards. Some people (Marc!) seem to think that it's not Microsoft's problem and *we* need to do the work. But actually Microsoft needs widespread implementation if InfoCards isn't going to be something that's used by Microsoft properties only. And what better way to get that widespread implementation than to seed the community with tools that they can use.

There's a tricky line here for MS to walk. Supporting other platforms may bite into your own platform sales. But lack of support of other platforms may limit the success of your global initiatives. Can you look past the first to see the benefits of the second?

I've recently had an email conversation on this subject with a Microsoft person. He raises the issue with directly funding implementations, in that there's a risk of it tainting the open-ness of the protocol if all the work appears to be from Microsoft. But isn't this to completely misunderstand the nature of open source work? Even if MS fund the work, if it's open source, it's open source. Others will build on it. More importantly others *can* build on it.

Lessig estimates that in the book world, there are approximately 18,000,000 books, 16% Public Domain
9% in Copyright and In Print, 75% in Copyright but Out Of Print. I wonder what the equivalent figures are for Music.

It seems to me that just as in books there is a large body of music that is in copyright but is unavailable to buy anywhere. This also seems like a golden opportunity for somebody like Amazon to have a print on demand service on CD and for a legal AllOfMp3 style site that sells only back catalogue, deletions and out of print music.

Kim Cameron's Identity Weblog » Julian Bond on Canter and InfoCard

I have good news. I’ve now been able to put together some mods for Wordpress that allow my site to accept infocards.

The mods were written in PHP, and Johannes Ernst - who I’ve been speaking with at the Berkman Identity Workshop - has asked me to publish the code on my blog. So I will. And I’ll explain how it works.

I realize InfoCards aren’t exactly ubiquitous right now, so you won’t be able to try it out immediately. But this weekend I’ll be posting a link to a video of the user experience.

This is tremendous news. Let me be the first to congratulate Kim. And I promise to put Mr Cynical back in the box.

I went along to *Mashup last night, Sam Sethi spoke about Microsoft's Live products (coming soon). As tends to happen at these things, my muttered "Oh Good Grief" was a bit too loud and I got asked to ask a question by the moderator. I said how ironic it was that we were at a presentation to talk about mashing 2 web application APIs together to create a 3rd when what we were being presented with was one Microsoft future product working with another Microsoft future product. I then questioned whether Infocards was actually open which was what had prompted the original "Good Grief". Marc Canter leapt in and did his aggressively optimistic thing and mentioned "Cynical Brits" (which I take as a compliment!) before throwing in a bit later a battle cry of "OPEN STANDARDS".

So anyway, Marc's blogged all this, and I added the following as a comment.

It’s so hard to have this conversation. I really, really hope that Infocards is open enough that it’s *possible* to write a LAMP based Identity Provider and Service provider that uses and interoperates with other Infocard systems. I don’t expect Microsoft to help with this, but I don’t really understand why they can’t. If Infocards were an open source standard, you’d see sample code and libraries being built by the community for multiple platforms. But because the source is a company, we apparently can’t expect them to also be the community or put effort into kickstarting the work. So the task falls on us. We end up having to do all the work with no help beyond reading the specs because we find it interesting. But I worry that the end result is that the LAMP community will not bother precisely because the spec came from Microsoft. The conclusion then is that Infocards is exactly the same as Passport. A reasonable identity system that only ever gets used inside Microsoft’s garden. The garden may have no walls but there’s still nobody else in it. What would be worse than this would be if Infocards has an open spec but the spec requires technology that only Microsoft has. Then it really doesn’t matter whether it’s open or not, it’s still impossible for anyone else to implement. For the record, I think that’s where it’s going. Like I said at the start I really, really hope I’m wrong.

I’ve thrown down a gauntlet in front of Kim Cameron. “Explain how InfoCard will get implemented on LAMP systems”. That doesn’t mean Kim has to do it, or that Microsoft has to do it. It’s only asking Microsoft how they think it will get done and by implication whether they’ll do anything to help. 9 months later, I’m still waiting for an answer.

The deeper question in here is how much any of these BigCos can open up and involve and support the development community when they are “in the business of taking care of themselves”. Google’s work with XMPP and Yahoo’s API groups are hopeful signs that people in those companies can see the self interest in supporting and listening to 3rd parties. Can Microsoft do the same thing? Or is the limit of their openness to use open standards? Although even that is a huge step which should be applauded.

Sam Sethi said some things that suggest that he does get it. And he’s a consultant working back in his old company not an employee. But I’m afraid the presentation seemed to be a classic MS presentation of futures, most of which were “Me Too” products, sprinkled overall with plenty of FUD. I’ve sat through too many of those not to be just a tiny bit cynical.

There's some things I want to see here:-
- A stable complete OpenID library for PHP.
- OpenID supported in Drupal

There's one question I don't understand:-
- Why doesn't one of the half a dozen other web bigCos with millions of customers produce an open Identity standard? Google, Yahoo!, AOL, eBay You've got a golden opportunity here.

And there's one thing I'll wish for:-
- One of the portal companies to turn the MyXXXX page inside out and create a TheirXXXX page. An AboutMe system that aggregates what I do for other people to read, instead of an Aggregator that collects together things for me to read about the outside world. So instead of trying to keep my eyeballs stuck to their property, use my content to bring new eyeballs in to their property.

Properly Chilled - Downtempo Music & Culture
What it says! So chilled, it's positively Arctic. [from: del.icio.us]

Here's a puzzle for you. Why don't Amazon get into the digital download business. Surely they have the most to lose of anyone if we all stop buying DVDs and CDs?

There's a conversation to be had about brand, attention, long tail and what the hell is happening out there. I confess I don't fully understand it.

We know that the production of content is being democratised, spread and made cheaper every day. We jokingly talk about every person on the planet having a blog, podcast, music for sale, even video for download but each one only having an audience of about 2 people; themselves and their mum! At the same time the global brands retain most of their power and consolidation constantly reduces their numbers. We see the long tail graph of retail changing with the short head getting narrower and lower while the long tail gets taller and longer. Choice in retail is becoming overwhelming; for every product we thought we wanted there are now 5 competitors that are largely indistinguishable. It really is no longer necessary to go through the big media intermediaries just to get published. In business, SMEs are getting smaller and more numerous while the FTSE100 and Public Sector suck in more and more employees. Anyone can advertise now with a small budget, but you have to go through one place, Google.

This is producing a real fragmentation of our society. Remember when you could reasonably talk about "Middle England" and it actually meant something? Or when the whole country had watched last night's episode of Eastenders/Dr Who/Big Brother or the Forsythe Sage and you could reasonably expect to talk about it while making coffee in the office kitchen?

And yet in this maelstrom, we still cling to thinking that there are only a few winners who become famous (grabbing the attention of the majority) and if you don't manage that you've failed. And the media companies especially, still cling to a business model where one blockbuster pays for 100 "failures".

The problem then is how to get enough attention in your business and to set realistic goals. I well remember during the DotCom bubble when we all thought we were going to be "as big as eBay". This fed the VC bubble and the belief that you had to pour in money to fund a burn rate with the goal of becoming a household name. Now the barriers to entry have dropped so much that we have successful entrepreneurs (and ex-VCs) recommending bootstrapping, staying small, and getting out early. This in turn feeds more framentation.

Are the days of "Everyone will be famous for 15 minutes" now being replaced by "Everyone will be famous for 15 people"? And the business problem is then how do I find the 15 people who will give me attention and let me make a reasonable living? [from: JB Ecademy]

Apple - QuickTime - Download - Standalone QuickTime Player
It's been really annoying me that you couldn't install or upgrade Quicktime without also installing iTunes. So it was good to finally discover the page for the standalone player. [from: del.icio.us]

RADIO.BLOG.CLUB
Driving a coach and horses through fair use by letting visitors to your blog listen to MP3s you upload via PHP, Flash and a bunch of pre-assembled code. [from: del.icio.us]

music_search.swf (application/x-shockwave-flash Object)
And then search all the music uploaded by radio.blog users and play it. The celestial blog jukebox... [from: del.icio.us]

via Google Talk Blog

Yay! GoogleTalk just became a full Jabber Peer Server. All Jabber users can now chat with Googletalk members and vice versa.

Keep it coming, Google.

Researcher: Sony BMG rootkit still widespread | The Register : "The data shows that this is most likely a hundreds-of-thousands to millions of victims issue," Kaminsky said.

The data might also show how widespread piracy has become. The 52 music titles released with the XCP software were only released in North America, he said. However, the network apparently affected by the Sony BMG issue covered 135 countries. About 4.7 million discs were manufactured and about 2.1 million had sold, according to Sony statements.

"The global scope is the big mystery here," he said. "It is fairly likely that a lot of the discs were pirated."

Oh, the irony! Malware DRM designed to restrict copying spreads widely due to copying causing a global problem for the owners.

"I don't see the federal government suing a big company like Sony," she said. "The fact that military networks have likely been affected by this won't change that."

Right. So being a big company puts you above the law. No change there then.

OSx86 Project - Apple Gives Developers New iMacs; Implements EFI (Updated) : The Extensible Firmware Interface (EFI) is an updated BIOS specification developed by Intel. Designed for use with trusted computing, it allows vendors to create drivers which cannot be reverse engineered. It also allows operating systems to run in a sandbox, delegating networking and memory management to the firmware. Hardware access is converted to calls to the EFI drivers. The EFI BIOS is used to select the operating system, replacing boot loaders.

The EFI is important as it may be a component that Apple uses to lock OS X to their hardware.

My highlight. And so it begins. XP allegedly won't run on EFI hardware but Vista will. So here's the start of the push to get us to upgrade all our hardware so that "unbreakable" DRM can be applied to new content, software and operating systems.

So are you going to opt out? Will your next PC run Linux?

Scripting News: 1/11/2006 : It seems Azureus can handle much of the hosting problem

Azureus is dead. Long live uTorrent.

Boing Boing: Steve Jobs (?): Apple discards information transmitted by iTunes

Shock Horror! Of course the problem here is that Apple did all this without telling anyone and without giving value back to the customer and without directly engaging them. What they should have done is to buy Last.FM and integrate it into iTMS. Not least because Last.FM are a lovely bunch of guys working out of a loft in the East End of London.

Yet another classic Cluetrain moment. Apple have an opportunity to build community and dialog around what people actually listen to in iTunes. And all they can think of to do is display advertising.

I'm repeating myself, but I just left this on Burningbird's blog about debating DRM.

A couple of quick thoughts.

1) Several jurisdictions around the world simply do not have the concept of “Fair Use”. For instance in the UK, the copyright notice on CDs forbidding copying means exactly that. By copying for your own personal use you are breaking the terms of the copyright. So unfortunately we have to consider DRM in a global context. Which is particularly troublesome when >500k DNS servers were found world wide with an XCP rootkit infected PC behind them.

2) “we only have to turn our little eyeballs over to iTunes to generate an “Oh, yeah?” Does iTMS make any money directly? Isn’t it rather a loss leader that bolsters the sale of iPods? What is unknown is whether the iPod would have been just as much of a success without Fairplay and iTMS. I rather think it would have been.

3) The most cogent argument I’ve seen against DRM is that it leads to spyware. Give someone the encrypted text, the algorithm and the keys and you can’t control what they do with the plain text. In order to try to control them, you have to install spyware. And since no informed computer user will knowingly install spyware you have to trick them into it. So if it can always be circumvented, DRM will never work to stop counterfeiters. So by adding it, you do nothing to stop genuine piracy, while upsetting and hurting your genuine customers. Does that make any sort of business sense?

4) Why do the tech companies want to be in the content distribution business? The existing content distribution companies are hurting, their business models no longer work, and they are surrounded by a whole range of disruptive technologies that are changing the marketplace irrevocably. So why would any tech company want to get a piece of that failing action? The content owners appear to have this blind faith that DRM will save their existing business model and the tech companies, far from pointing this out, are actively encouraging them. Why? From an anti-DRM stance, every one of them including Apple, and now including Google, are part of the problem.

5) Perhaps what we really need is for DRM to fragment completely into a large number of incompatible “standards” with ever more ridiculous terms and activity. Maybe then the market will decide and back the one player that turns it’s back on DRM. On that basis, Sony is a god send. Go ahead. Screw up. Please.

6) I will not buy any DRMed content unless there is a ridiculously easy work around. So I’ll happily buy a multi-region DVD (available from any store in the UK) and buy region encoded DVDs. But I won’t buy a “not a CD” ever again and I will never buy a crippled, low quality download tune when there’s a dodgy Russian alternative that serves up uncrippled high quality at a 5th of the price.

Freedom to Tinker » Blog Archive » CD Copy Protection: The Road to Spyware
I need to keep a reference to this. It's an extremely cogent argument as to why DRM always leads to Spyware. Remember the Cryptographic argument. You can't give someone the encrypted text and the keys and then control what they do with the plain text. [from: del.icio.us]