Clearly saying 2008 is a bit nebulous here in February, but since rival Yahoo has recently released its Live service, there’s a little more pressure to play catch-up.

YouTube’s also had Webcam functionality since late 2006, which incidentally popped up at the same time as Streams, a product that lets YouTube users chat with one another while watching a video. It’s part of YouTube’s labs section, TestTube.

“Live video is just something that we’ve always wanted to do, we’ve never had the resources to do it correctly, but now with Google, we hope to actually do it this year.”

[via NewTeeVee]

In some cases it’s not a bad thing to be fashionably late. Just ask Steve Chen, co-founder of YouTube.

Earlier this week, while sporting a furry coat at a warm, packed YouTube party in New York City, Chen managed to spill some juicy details about the company’s plans while talking to Sarah Meyers, the host of vodcast Pop17. Chen confirmed that live video was coming to the service in “2008″ and that the company has wanted to feature it for some time, but have only recently been able to get the ball rolling because of having higher resources as a part of Google:

Jon Williams of Kaplan Test suggested in his keynote, as Dirk Hohndel captures, that the more happy he is with his commercial open-source software, the less likely he will be to pay for it. Why? Because his developers will acquire the expertise over time to support themselves and because the product will mature to the point that support will be less necessary.

The vendor can respond in two ways: Innovation and proprietization (made up word). By innovation, Jon suggested that continual development of the product keeps it buggy (my word, not his) and out in front of his developers, such that support remains relevant. Vendors can also offer services like the JBoss Operations Network that make maintenance of the software easier.

A combination of both is optimal, but Dirk is right that it’s a bit depressing, this prospect of the customer leaving just when you’ve made them the happiest.
There is no clear leader in commercial open source anymore.

It used to be Red Hat, hands down. But Red Hat has been hands off for so long that the commercial open-source vendors have learned to fend for themselves. Microsoft and Sun have been far more interested in engaging with these vendors than Red Hat has (for various motivations). Red Hat has made some middling efforts to engage with its commercial peers, but it has not shown much desire to extend its market leadership into becoming the hub of the open-source ecosystem.

There have been good reasons for this absenteeism. Red Hat has been 100 percent focused on building its business. But Red Hat Exchange was an acknowledgement that its business, in part, also depends on the success of other open-source companies. A market of one is not very interesting.

My hope is that Jim Whitehurst will spend the time to engage with other open-source companies. We need Red Hat’s leadership. We need its channels. But we also have much to offer. No open-source company can afford to be an island unto itself.
Competition within the commercial open-source community is heating up.

This revealed itself in the open-source database panel (with deeper analysis at The 451 Group’s blog), but it’s also evident in the market wrangling between Novell and Red Hat, Pentaho and JasperSoft, Zimbra and Open Xchange, etc. While I think it’s fair to say that none of these companies spend a lot of time angling specifically against their open-source peers, it’s also true that they’re ready to do so when necessary. This is good. This is healthy. Let competition flourish.
With Microsoft and patents, the spirit may be willing but the flesh is weak.

If there were an easy answer to how to keep its patent power against the HP’s, Oracle’s, IBM’s, etc. of the world and still engage the open-source community, I think Microsoft probably would have done it. It certainly will never be able to make much money directly from its patent licensing.

Oracle, Red Hat, IBM, Novell, and others have contributed patents to the Open Invention Network. That’s how you fix the downstream problem. Microsoft is trying to have its cake (patent club at the ready) and eat it, too (engage open source). But it can’t have it both ways. It really is an either/or. For it to be relevant in 21st-century software battles, it’s outdated patent strategy won’t win it any friends…or markets.
As Jim Whitehurst pointed out in his keynote, we really need to do a better job of bringing enterprises/customers into the open-source development community.

Stuart Cohen’s Collaborative Software Initiative is an interesting way to get there, but every vendor needs to be focused on this. We need to find efficient, protected ways for enterprises to engage with vendors, communities, and their peers. They are a massive development pool that still largely develops in isolation. That needs to change.
We are still in commercial open source’s infancy.

I think it very likely that business models and deployment models around open source will change over the years. We are nowhere close to optimizing how we sell, develop, and deploy open-source software. Not even remotely. The answers as to how will come from customers, not vendors. That’s what makes it such an exciting market to be in.

We clearly have a lot of work to do in 2008 to advance open source. Where there’s work, there’s money. Good times for open source.

Having had a day to ruminate about the Open Source Business Conference 2008, a few key takeaways suggest themselves. It was by far the best OSBC yet, with a far more diverse audience and speaking faculty that we’ve had before. This naturally leads to a diverse set of “conclusions” arising from the event:

commentary

It’s true that it’s easier to treat Web-based apps as a work in progress: a company can upgrade the entire user base to a new version of Flickr, say, just by updating the software on the central servers rather than having to cajole millions of users to install a patch. But there comes a point where labeling something as beta gives the impression that the project’s backer is scared to make a commitment to prospective users or customers.

Royal Pingdom was mystified by Google’s criteria for beta labeling, and I have been, too.

Here’s Pingdom’s full list of Google beta projects:

• Alerts

• Blog Search

• Book Search

• Google Chrome

• Finance

• Google Health

• Patent search

• Product Search

• Scholar

• Video

• Custom Search

• Calendar

• Docs

• Gmail

• Knol

• Orkut

• Talk

• Translate

• Google Pack

• Base

• Image Labeler

• News Archive Search

Google told me a few months ago the beta tag would come off Gmail “soon,” but clearly the company is leery of doing so.

“Of the 49 Google products we could find, 22 are in beta. That’s 45 percent,” not including Google Labs projects, according to a Wednesday blog post at Pingdom, a Web site performance monitoring company. “We’re so used to seeing the little ‘beta tag next to the various Google product logos that we almost don’t register it anymore. We even had to double-check that Gmail really still was in beta.”

Google has an infamous propensity to keep projects in beta for an unusually long time, and now somebody has gone to the trouble of quantifying just how widespread the testing tag is at the Internet giant.

A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous.

The U.S. National Security Agency is also participating in the “IP Traceback” drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.

The potential for eroding Internet users’ right to remain anonymous, which is protected by law in the United States and recognized in international law by groups such as the Council of Europe, has alarmed some technologists and privacy advocates. Also affected may be services such as the Tor anonymizing network.

“What’s distressing is that it doesn’t appear that there’s been any real consideration of how this type of capability could be misused,” said Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, D.C. “That’s really a human rights concern.”

Nearly everyone agrees that there are, at least in some circumstances, legitimate security reasons to uncover the source of Internet communications. The most common justification for tracebacks is to counter distributed denial of service, or DDoS, attacks.

But implementation details are important, and governments participating in the process — organized by the International Telecommunication Union, a U.N. agency — may have their own agendas. A document submitted by China this spring and obtained by CNET News said the “IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet) and etc.” It adds: “To ensure traceability, essential information of the originator should be logged.”

The Chinese author of the document, Huirong Tian, did not respond to repeated interview requests. Neither did Jiayong Chen of China’s state-owned ZTE Corporation, the vice chairman of the Q6/17’s parent group who suggested in an April 2007 meeting that it address IP traceback.

A second, apparently leaked ITU document offers surveillance and monitoring justifications that seem well-suited to repressive regimes:

Steve Bellovin

(Credit:
Declan McCullagh/mccullagh.org)

A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author.

That document was provided to Steve Bellovin, a well-known Columbia University computer scientist, Internet Engineering Steering Group member, and Internet Engineering Task Force participant who wrote a traceback proposal eight years ago. Bellovin says he received the ITU document as part of a ZIP file from someone he knows and trusts, and subsequently confirmed its authenticity through a second source. (An ITU representative disputed its authenticity but refused to make public the Q6/17 documents, including a ZIP file describing traceback requirements posted on the agency’s password-protected Web site.)

Bellovin said in a blog post this week that “institutionalizing a means for governments to quash their opposition is in direct contravention” of the U.N.’s own Universal Declaration of Human Rights. He said that traceback is no longer that useful a concept, on the grounds that few attacks use spoofed addresses, there are too many sources in a DDoS attack to be useful, and the source computer inevitably would prove to be hacked into anyway.

Another technologist, Jacob Appelbaum, one of the developers of the Tor anonymity system, also was alarmed. “The technical nature of this ‘feature’ is such a beast that it cannot and will not see the light of day on the Internet,” Appelbaum said. “If such a system was deployed, it would be heavily abused by precisely those people that it would supposedly trace. No blackhat would ever be caught by this.”

Jacob Appelbaum

(Credit:
Declan McCullagh/mccullagh.org)

Adding to speculation about where the U.N. agency is heading are indications that some members would like to curb Internet anonymity more broadly:

•  An ITU network security meeting a few years ago concluded that anonymity should not be permitted. The summary said: “Anonymity was considered as an important problem on the Internet (may lead to criminality). Privacy is required but we should make sure that it is provided by pseudonymity rather than anonymity.”

•  A presentation in July from Korea’s Heung-youl Youm said that groups such as the IETF should be “required to develop standards or guidelines” that could “facilitate tracing the source of an attacker including IP-level traceback, application-level traceback, user-level traceback.” Another Korean proposal — which has not been made public — says all Internet providers “should have procedures to assist in the lawful traceback of security incidents.”

•  An early ITU proposal from RAD Data Communications in Israel said: “Traceability means that all future networks should enable source trace-back, while accountability signifies the responsibility of account providers to demand some reasonable form of identification before granting access to network resources (similar to what banks do before opening a bank accounts).”

Multinational push to curb anonymous speech

By itself, of course, the U.N. has no power to impose Internet standards on anyone. But U.N. and ITU officials have been lobbying for more influence over the way the Internet is managed, most prominently through the World Summit on the Information Society in Tunisia and a followup series of meetings.

The official charter of the ITU’s Q6/17 group says that it will work “in collaboration” with the IETF and the U.S. Computer Emergency Response Team Coordination Center, which could provide a path toward widespread adoption — especially if national governments end up embracing the idea.

Patrick Bomgardner, the NSA’s chief of public and media affairs, told CNET News on Thursday that “we have no information to provide on this issue.” He would not say why the NSA was participating in the process (and whether it was trying to fulfill its intelligence-gathering mission or its other role of advancing information security).

Toby Johnson, a communications officer with the ITU’s Telecommunication Standardization Bureau in Geneva, also refused to discuss Q6/17. “It may be difficult for experts to comment on what state deliberations are in for fear of prejudicing the outcome,” he said in an e-mail message on Thursday.

U.N. “IP traceback” documents

China’s proposal obtained by CNET News says “to ensure traceability, essential information of the originator should be logged.”

Leaked requirements document says governments may need “to
identify the source of the negative articles” posted by political adversaries.

Korean presentation says standards bodies should be “required to develop standards or guidelines” to facilitate unmasking users.

Verisign executive’s summary summarizes presentation saying protocols must have “a strong traceback capability, and establishing traceback considerations in developing any new standards.”

When asked about the impact on Internet anonymity, Johnson replied: “I am not fully acquainted with this topic and therefore not qualified to provide an answer.” He said that he expects that any final ITU standard would comport with the U.N.’s Universal Declaration of Human Rights.

It’s unclear what happens next. For one thing, the traceback proposal isn’t scheduled to be finished until 2009, and one industry source stressed that not all members of Q6/17 are in favor of it. The five “editors” are: NSA’s Richard Brackney; Tian Huirong from China’s telecommunications ministry; Korea’s Youm Heung-Youl; Cisco’s Gregg Schudel; and Craig Schultz, who works for a Japan-based network security provider. (In keeping with the NSA’s penchant for secrecy, Brackney was the lone ITU participant in a 2006 working group who failed to provide biographical information.)

In response to a question about the eventual result, Schultz, one of the editors, replied: “The long answer is, as you can probably imagine, this subject can get a little ‘tense.’ The main issue is the protection of privacy as well as not having to rely on ‘policy’ as part of a process. A secondary issue is feasibility and cost versus benefit.” He said a final recommendation is at least a year off.

Another participant is Tony Rutkowski, Verisign’s vice president for regulatory affairs and longtime ITU attendee, who wrote a three-page summary for IP traceback and a related concept called “International Caller-ID Capability.”

In a series of e-mail messages, Rutkowski defended the creation of the IP traceback “work item” at a meeting in April, and disputed the legitimacy of the document posted by Bellovin. “The political motivation text was not part of any known ITU-T proposal and certainly not the one which I helped facilitate,” he wrote.

Rutkowski added in a separate message: “In public networks, the capability of knowing the source of traffic has been built into protocols and administration since 1850! It’s widely viewed as essential for settlements, network management, and infrastructure protection purposes. The motivations are the same here. The OSI Internet protocols (IPv5) had the capabilities built-in. The ARPA Internet left them out because the infrastructure was a private DOD infrastructure.”

Because the Internet Protocol was not designed to be traceable, it’s possible to spoof addresses — both for legitimate reasons, such as sharing a single address on a home network, and for malicious ones as well. In the early part of the decade, a flurry of academic research focused on ways to perform IP tracebacks, perhaps by embedding origin information in Internet communications, or Bellovin’s suggestion of occasionally automatically forwarding those data in a separate message.

If network providers and the IETF adopted IP traceback on their own, perhaps on the grounds that security justifications outweighed the harm to privacy and anonymity, that would be one thing.

But in the United States, a formal legal requirement to adopt IP traceback would run up against the First Amendment. A series of court cases, including the 1995 decision in McIntyre v. Ohio Elections Commission, provides a powerful shield protecting the right to remain anonymous. In that case, the majority ruled: “Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority.”

More broadly, the ITU’s own constitution talks about “ensuring the secrecy of international correspondence.” And the Council of Europe’s Declaration on Freedom of Communication on the Internet adopted in 2003 says nations “should respect the will of users of the Internet not to disclose their identity,” while acknowledging law enforcement-related tracing is sometimes necessary.

“When NSA takes the lead on standard-setting, you have to ask yourself how much is about security and how much is about surveillance,” said the Electronic Privacy Information Center’s Rotenberg. “You would think (the ITU) would be a little more sensitive to spying on Internet users with the cooperation of the NSA and the Chinese government.”

Just kidding.

Of course, as all of Silicon Valley likely knows by now, Wikipedia’s major domo is getting razzed over at Valleywag. The geek gossip site got its hands on a breakup note and IM text Wales apparently sent to ex-squeeze, Rachel Marsden.

The Wales’ post was par for the course since Valleywag revels in the online agony of others. (Owen, I’m a kung fu expert, so do yourself a favor and keep me out of your headlines. ) But the correspondence came to light just as The New York Times decided to publish a piece about the suicide last month of Paul Tilley, who had been the creative director of DDB Chicago.

The Times piece examined whether nasty comments made by a couple of bloggers played any role in this tragedy. That struck me as odd. Were readers supposed to learn that the blogosphere resembles a rude locker room–or worse? Not much of a revelation. But the piece appeared to suggest that cruel words posted on the Internet may have been enough to drive Tilley over the edge. It reminded readers that a 13-year-old girl killed herself in 2006 after being insulted and dumped by an “online boyfriend” on MySpace.

“Gregory K. Brown, a specialist on suicide at the University of Pennsylvania, said that public humiliation could play a role in suicide because “hopelessness is often a major risk factor, and if you’ve been publicly humiliated and your reputation has been tarnished forever, you could see how someone could become hopeless.” Such situations, he added, could contribute to feeling that life is unbearable.

And unlike some other forms of public humiliation, online insults can live in perpetuity. Whether that increases suicide risk, Mr. Brown said, is an open question, adding, “Although it’s plausible that’s the case, we know very little about the role of the Internet.”

Let’s be careful. The Times headline, “After Suicide, Blog Insults Are Debated,” borders on the sensational. That’s not to say it doesn’t get rough out there. Check out the TalkBacks in the piece my colleague Elinor Mills wrote after returning from a interview with Google’s Eric Schmidt. Hiding behind a cloak of anonymity–let alone the distance of a wireless connection–the trolls came out of the woodwork and let the bile flow.

The depth of their animosity floored me. Elinor’s a delightful person, not to mention a hard-working and conscientious reporter. I couldn’t contemplate the demons that drove these folks to jump ugly. But this is cyberspace and people are free to express their opinions. All you need is a keyboard and a connection.

So it was after reading the Times story early Monday morning that I clicked over to TechMeme.

The news led the page where I came across a pointer to a brief piece by Mike Arrington of TechCrunch titled, “When will we have our first Valleywag suicide?”

“So how long will it be before Valleywag drives someone in our community to suicide? My fear is that it isn’t a matter of if it will happen, but when. Valleywag and Nick Denton, though, will likely look forward to the event, and the great traffic growth that will surely follow.”

“There’s a market for this kind of content, obviously. And nothing can stop it except significant changes to our libel and defamation laws. That isn’t something I support. But the valley was a much nicer place to live and work before the days of Valleywag.”

I wonder about that. If someone’s contemplating jumping off the Golden Gate Bridge because of something posted on Valleywag, they’ve got serious issues. Arrington is a frequent target of Valleywag’s barbs and I can understand his frustration. But he’s missing the bigger point. Think back to Cassius’ warning: the fault really is in our selves. If folks failed to click on the stories, I’m sure Nick Denton would have folded Valleywag eons ago.

Maybe the real story is that Silicon Valley types seek out the personal and the salacious because, well, they like it. Chalk it up to too much time spent staring at a computer screen each day.

The best music I ever heard from Starbucks was a compilation of the Rolling Stones' favorite songs.

(Credit: Amazon.com)

Why is anybody surprised? Look at their history in the coffee business. Espresso used to be a niche product that was hard to produce properly and varied widely in quality. Starbucks’ great triumph was turning it into a assembly line product (push-button espresso machines!) with much better margins (sugar and milk!), then packaging it in a non-threatening imitation of cafe culture. The ambience in Starbucks has always been carefully calculated to soothe and comfort rather than challenge or provoke. And I have it on good authority that one big key to their success was getting Pepsi to distribute their bottled coffee drinks to convenience stores nationwide. It was only a matter of time before their music, like their beverages, aimed squarely for the lowest common denominator.

Go to a true Seattle coffee house and you might not feel as comfortable with the black-painted walls and ugly art and urban-weirdo clients. But the coffee will almost certainly be stronger, and you’ll probably hear more interesting music as well–personally, I have Seattle baristas to thank for introducing me to ’70s soul act MFSB, Seattle dance combo United State of Electronica (yes, “State”), and Yann Tiersen’s beautiful soundtrack to the movie Amelie. The best music I ever heard from Starbucks was a compilation of the Rolling Stones’ favorite songs–a solid set, but nothing too surprising or new.

The Internet Crime Complaint Center (IC3) is a partnership among the Federal Bureau of Investigation, the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA) and publishes annual statistics on the complaints it receives throughout the year. It offers assistance to victims and Web sites affected by Internet crime. The information collected by the project also supports active investigations, trend analysis, and public outreach and awareness efforts.

The IC3 report for 2007 states that the category with the most complaints was online auction fraud, followed closely by non-delivery. But in terms of dollars lost, investment fraud ranked No.1, reporting an average $3,547 per complaint, as opposed to the dollar losses associated with auction fraud, a mere $438 per complaint.

In a press release, FBI Cyber Division Assistant Director James E. Finch said, “What this report does not show is how often this type of activity goes unreported.” So the amount in losses could be much higher than that reported.

An open-source approach to tracking stolen laptops

Get a whiff of Asus’ scented laptops

Plus, unencrypted data on thousands of prisoners in England and Wales goes missing, and while Olympic records were being broken all over the place in the last couple of weeks, QinetiQ claimed Sunday that its propeller-driven Zephyr has set a flight time record of its own.

How the Democratic convention is getting wired

Download today’s podcast

Today’s stories:

Data on 84,000 U.K. prisoners is lost

QinetiQ’s Zephyr breaks flight time record for unmanned aircraft

As we all know by now, it’s an Obama/Biden ticket. But where does the Delaware senator stand on issues of concern to the tech world? CNET News political correspondent Declan McCaullagh, who’s on his way to cover the Democratic convention in Denver, checks in.

Kevin Rose foretells iPod Nano redesign

Joe Biden’s pro-RIAA, pro-FBI tech voting record

Last Thursday, I took a look at Peek, a handheld device that does e-mail, and only e-mail. And by the end of the review, I was left wondering if I was missing something. Do people really want an e-mail-only device? Are there people out there who have cell phones, but want another gadget just for checking e-mail?

That said, I’m willing to admit I’m wrong. If you honestly want something like the Peek despite its cost, please leave a comment saying so. If you don’t, well, leave a comment saying that so I know I’m not alone.

I’ll concede that the only way the Peek makes sense is if you don’t have a cell phone but you want e-mail. Which is fine, but how many people don’t have cell phones these days?

Peek is a device that does e-mail and only e-mail.

Now, this is not to say the device itself is bad. On the contrary, we like the Peek’s ease of use, and the QWERTY keyboard is a joy to type on. I also really like the jog dial on the side, which lets you scroll through messages quickly and easily. Importing your e-mail account is as easy as entering in your e-mail address and password (do note that it uses POP and not IMAP, so you’ll end up deleting e-mail from both in-boxes, which is a pain). The battery life is also pretty good, lasting about two or three days with a typical day’s usage.

And if that doesn’t make you skeptical about it, the Peek costs a whopping $100. plus it has a $20 monthly fee. Sure there are no pesky cell phone contracts involved, but what good is having an unlocked device if it isn’t a phone?

Unless Peek is supposed to be a total substitution for a cell phone, I really don’t see the point. Not to mention that the Peek itself utilizes T-Mobile as its provider (we found a T-Mobile SIM card in our review unit), so I find the whole anti-cell-phone-company thing a little disingenuous.

And it’s not like the Peek has an Internet browser, or an instant-messaging client, or a personal organizer. No, all it does is e-mail. That’s it. It’s not even compatible with Microsoft Exchange, so we can’t say it’d be good for corporate use.

But, well, that’s about it. Peek claims that its value is its simplicity, and we can’t fault them for that. But for such a simple device, shouldn’t it be cheaper?

(Credit:
Corinne Schulze/CNET Networks)

(Credit:
Sony Electronics)

Read our Sony Cyber-shot DSC-T700 review.

The new Sony Cyber-shot DSC-T700 is sort of a combination of two other Cyber-shots: the DSC-T2 and DSC-T300. The T700 rightfully replaces the T300 in Sony’s lineup and has much of that camera’s hardware, including an improved version of its 3.5-inch touch-screen display. From the T2 the T700 gets 4GB of internal memory. The result is an ultracompact pocket camera that doubles as a portable photo album.

Sony Cyber-shot DSC-T700 is part camera, part digital photo album.