JustinFlood.com

The Apple rumor mill starts in earnest. iPhone rumors abound!

Ahh It’s that time of year again. The summer months are upon us once again. The weather grows warm, beaches are opening, love is in the air, the blogosphere is happily twittering, and it’s time for his holy Steveness to come out on stage and restore a child-like sense of wonder to our lives.

That’s right, Apple’s WWDC conference, and it’s coveted Stevenote is just a few short days away. On June 9th the press will descend upon the Moscone Center for what will of course be a hotly speculated-upon event. As per usual the rumor mill has already started going and speculation is running rampant for what we might see.

So, I figure, why not throw my hat in the rampant-speculation ring?

Let’s get the obvious out of the way: The an updated iPhone is coming. That much is pretty obvious at this point. We’ve seen mockups, and accessory templates, and alleged “leaked” photos left and right. So, what’s new about it?

Well the most widely confirmed fact is that it is indeed 3g. That’s right, expect the new iPhone to have some seriously sexy, battery-killing, super-fast data service. That is, if your AT&T area supports it. This is one of those things that was an obvious omission from the original iteration of the iPhone, though I can figure out why. 3g is a serious battery killer. You think your iPhone with wifi on is bad? Wait till you see this! Apple left it out of the original phone to see if it was really necessary. If the EDGE data was okay, they wouldn’t have to worry about critics crying that the phone had terrible battery life. Now that we’ve collectively demanded it, Apple is giving it to us knowing all well that we can’t complain if it kills our battery life. We’ve brought it upon ourselves. Of course I have a feeling you’ll be able to shut it off when you don’t want to use it and go back to the slower, but battery conserving EDGE connection.

Another recent but widely reported rumored feature is GPS. Now this would be interesting. With a real GPS solution built into the phone, Apple could absolutely take a big chunk out of the third-party auto GPS market. The iPhone has a big beautiful touch screen and an external speaker. Put some beautiful Google built GPS mapping software with a 3d turn by turn view like other GPS devices, have a holster that you can suction to your windshield, and you have a device that makes even the sexiest Garmin Nuvi look kind of lame in comparison.

Having a GPS module would also allow for a lot of really interesting location aware pieces of software. Imagine if you will, a location-enabled Flickr application for this new iPhone. You could be touring a monument or museum, and Flickr would automatically pull up any other highly rated photos taken from your location. It would give you an opportunity to see places from a different point of view.

You could also have a location aware social network like Brightkite, letting you know where your friends are at the time and what they’re doing. Imagine if you will that your friends went to a bar that you weren’t familiar with. One of your friends sends you an invite over the network, which is texted to your phone. The service knows both where you and your friends are, and automatically allows you to RSVP and puts together turn by turn directions for you. It also opens avenues for location based shopping tools. You could take a photo of a barcode of an item at a store, which will be identified as a certain SKU. A search of the SKU is done and you will be given the stores in your area that might have a better price.

Going even more advanced, Imagine that there are 15,000 people in your area with GPS enabled iPhones. Many of them will probably be driving. Now if all of these iPhones report their location to a traffic service, you could see real-time data on which roads are moving more slowly than others and the Mapping service could route you to the fastest road in real-time.

These are just a few things that came to my mind when thinking about the possible GPS on an iPhone, and I’m sure there are even cooler things that people could do with it. Needless to say that this could VERY possibly become a killer-app for the iPhone.

Another rumored feature is a possible front-facing camera for videoconferencing. Phones with this feature are already popular with European and Asian cellphone users, but it has yet to break into the American market. But the concept of it is just too cool to pass up. iChat AV on the iPhone would really be the Jetsons’ come to life. Would I use it? Not much, but it’s still neat.

What else will it do? Make my breakfast? Do my laundry? Unlikely. But look for it to be slightly thicker with a slightly curved back to hide the thickness. Why? Bigger battery? Chipset takes up more space? Who knows, but that’s what we’ve all heard.

Also, obviously expect the release of iPhone version 2 software with third party app and exchange support, along with a slew of really neat Apple built apps to go along with it. Price will probably be the same, but AT&T might have a subsidy scheme in the pipeline. Availability? Either that day or VERY shortly thereafter. They want to make this a HUGE launch to get to that 10,000,000 unit goal.

So getting the iPhone out of the way. What else is in store for us?

This is where it gets tricky. There are a lot of strange rumors running about tablets and iphone nanos, and new macbooks, and macbook pros. So what do I think?

Well to me it seems pretty likely that at the VERY least we’ll be seeing a MacBook Pro redesign, but probably also the standard MacBook as well. They haven’t done a significant redesign of the Pro laptop line since the PowerPC days and it’s getting long in the tooth. I would expect the MacBook and MacBook Pro to follow design cues from both the current iMac and the MacBook Air. All having the scrabble tile style keyboards, probably black and backlit across the line. Expect aluminum bodies, and glossy LED screens. Perhaps an iMac style black to the edge screen bezel. All in all, expect to possibly see some new laptops.

Which brings me to the most interesting of the possible releases, the one I think is kind of far fetched. An Apple Tablet computer. Now, don’t get me wrong. they’re working on one for sure. I am a firm believer that the entire line of Apple devices is going to go the way of the iPhone at some point, but somehow I just don’t see this year’s WWDC as being the place to release such a device.

What I think is more likely is an announcement and first look on MacOS 10.6. I fully expect 10.6 to be fully multi-touch capable, and sporting a UI that is more finger friendly. Expect them to do some demos showing off multi-touch iPhoto and Google Earth and it will be all good. get the developers involved in writing really great, really rich multi-touch apps for the Mac, and then they will take care of the hardware end of the spectrum sometime towards the end of the year. Apple is not known for showing off prototype hardware though, and this is where I can’t figure out how they’re going to manage this.

If they do release a device this year, expect it to me much more like a larger iPhone than a Mac, but possibly with more desktop quality apps like iPhoto and Pages for use on the bigger (lets say 9″ for good measure?) touchscreen. This would make sense as long as the SDK will allow these touch apps to run on full OS 10.6 when that is released. It will be interesting to see how Apple makes this transition.

Though like anything else they do, you could even expect they’d throw the baby out with the bathwater, announce OS 11 and the end of the physical mouse and keyboard across the whole line. You just never know. And that is why, we as bloggers and journalists love to speculate. The press train is leaving the station, time to get on board! See you at Moscone!

FBI Investigating MediaDefender for DoS-ing Revision3

Apparently the Denial of Service attack that crippled and shut down the popular online media/podcast portal Revision3 has been traced back to a company called MediaDefender, who intentionally or not, targeted Revision3’s legal use of BitTorrent for distributing it’s media, by attacking it’s bittorrent servers with such a high level of traffic that it brought the entire infrastructure of the company down. The FBI is now investigating.

There isn’t even anything I can say. The actions by MediaDefender, whether intentional or not are absolutely disgusting to me. Please read further to see Jim Louderback’s blog post from the Revision3 blog about what happened.

Inside the Attack that Crippled Revision3

on May 29th, 2008 at 07:49 am by Jim Louderback in Polemics

As many of you know, Revision3’s servers were brought down over the Memorial Day weekend by a denial of service attack. It’s an all too common occurrence these days. But this one wasn’t your normal cybercrime – there’s a chilling twist at the end. Here’s what happened, and why we’re even more concerned today, after it’s over, than we were on Saturday when it started.

It all started with just a simple “hi”. Now “hi” can be the sweetest word in the world, breathlessly whispered into your ear by a long-lost lover, or squealed out by your bouncy toddler at the end of the day. But taken to excess – like by a cranky 3-year old–it gets downright annoying. Now imagine a room full of hyperactive toddlers, hot off of a three hour Juicy-Juice bender, incessantly shrieking “hi” over and over again, and you begin to understand what our poor servers went through this past weekend.

On the internet, computers say hi with a special type of packet, called “SYN”. A conversation between devices typically requires just one short SYN packet exchange, before moving on to larger messages containing real data. And most of the traffic cops on the internet – routers, firewalls and load balancers – are designed to mostly handle those larger messages. So a flood of SYN packets, just like a room full of hyperactive screaming toddlers, can cause all sorts of problems.

For adults, it’s typically an inability to cope, followed either by quickly fleeing the room, or orchestrating a massive Teletubbies intervention. Since they lack both legs and a ready supply of plushies, internet devices usually just shut down.

That’s what happened to us. Another device on the internet flooded one of our servers with an overdose of SYN packets, and it shut down – bringing the rest of Revision3 with it. In webspeak it’s called a Denial of Service attack – aka DoS – and it happens when one machine overwhelms another with too many packets, or messages, too quickly. The receiving machine attempts to deal with all that traffic, but in the end just gives up.
(Note the photo of our server equipment responding to the DoS Attack)

In its coverage Tuesday CNet asked the question, “Now who would want to attack Revision3?”Who indeed? So we set out to find out.

Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000. Interestingly enough, that’s the port we use for our Bittorrent tracking server. It seems that someone was trying to destroy our bittorrent distribution network.

Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a “torrent”, which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or “tracker”. You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.

Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It’s a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.

But someone, or some company, apparently took offense to Revision3 using Bittorrent to distribute its own slate of shows. Who could that be?

Along with where it’s bound, every internet packet has a return address. Often, particularly in cases like this, it’s forged – or spoofed. But interestingly enough, whoever was sending these SYN packets wasn’t shy. Far from it: it’s as if they wanted us to know who they were.

A bit of address translation, and we’d discovered our nemesis. But instead of some shadowy underground criminal syndicate, the packets were coming from right in our home state of California. In fact, we traced the vast majority of those packets to a public company calledArtistdirect (ARTD.OB). Once we were able to get their internet provider on the line, they verified that yes, indeed, that internet address belonged to a subsidiary of Artist Direct, calledMediaDefender.

Now why would MediaDefender be trying to put Revision3 out of business? Heck, we’re one of the biggest defenders of media around. So I stopped by their website and found that MediaDefender provides “anti-piracy solutions in the emerging Internet-Piracy-Prevention industry.” The company aims to “stop the spread of illegally traded copyrighted material over the internet and peer-to-peer networks.” Hmm. We use the internet and peer-to-peer networks to accelerate the spread of legally traded materials that we own. That’s sort of directly opposite to what Media Defender is supposed to be doing.

Who pays MediaDefender to disrupt peer to peer networks? I don’t know who’s ponying up today, but in the past their clients have included Sony, Universal Music, and the central industry groups for both music and movies – the RIAA and MPAA. According to an article by Ars Technica, the company uses “its array of 2,000 servers and a 9GBps dedicated connection to propagate fake files and launch denial of service attacks against distributors.” Another Ars Technica story claims that MediaDefender used a similar denial of service attack to bring down a group critical of its actions.

Hmm. Now this could have been just a huge misunderstanding. Someone could have incorrectly configured a server on Friday, and left it to flood us mercilessly with SYN packets over the long Memorial Day weekend. If so, luckily it was pointed at us, and not, say, at the intensive care unit at Northwest Hospital and Medical Center But Occam’s razor leads to an entirely different conclusion.

So I picked up the phone and tried to get in touch with ArtistDirect interim CEO Dimitri Villard. I eventually had a fascinating phone call with both Dimitri Villard and Ben Grodsky, Vice President of Operations at Media Defender.

First, they willingly admitted to abusing Revision3’s network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only – to improve performance and stability. That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit.

Second, and here’s where the chain of events come into focus, although not the motive. We’d noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender’s servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of “Hi”s brought down our network.

Grodsky admits that his computers sent those SYN packets to Revision3, but claims that their servers were each only trying to contact us every three hours. Our own logs show upwards of 8,000 packets a second.

“Media Defender did not do anything specific, targeted at Revision3″, claims Grodsky. “We didn’t do anything to increase the traffic” – beyond what they’d normally be sending us due to the fact that Revision3 was hosting thousands of MediaDefender torrents improperly injected into our corporate server. His claim: that once we turned off MediaDefender’s back-door access to the server, “traffic piled up (to Revision3 from MediaDefender servers because) it didn’t get any acknowledgment back.”

Putting aside the company’s outrageous use of our servers for their own profit, and the large difference between one connection every three hours and 8,000 packets a second, I’m still left to wonder why they didn’t just tell us our basement window was unlocked. A quick call or email and we’d have locked it up tighter than a drum.

It’s as if McGruff the Crime Dog snuck into our basement, enlisted an army of cellar rats to eat up all of our cheese, and then burned the house down when we finally locked him out – instead of just knocking on the front door to tell us the window was open.

In the end, here’s what I know:

• A torrential flood of SYN packets rained down on Revision3’s network over Memorial Day weekend.
• Those packets – up to 8,000 a second – came primarily from computers controlled by MediaDefender, who is in the business of shutting down illegal torrent sites.
• Revision3 suffered measurable harm to its business due to that flood of packets, as the attacks on our legitimate and legal Torrent Tracking server spilled over into our entire internet infrastructure. Thus we were unable to serve videos and advertising through much of the weekend, and into Tuesday – and even our internal email servers were brought down.
• Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act.

Although I can only guess, here’s what I think really happened. Media Defender was abusing one of Revision3’s servers for their own purposes – quite without our approval. When we closed off their backdoor access, MediaDefender’s servers freaked out, and went into attack mode – much like how a petulant toddler will throw an epic tantrum if you take away an ill-gotten Oreo.

That tantrum threw upwards of 8,000 SYN packets a second at our servers. And that was enough to bring down both our public facing site, our RSS server, and even our internal corporate email – basically the entire Revision3 business. Smashing the cookie jar, as it were, so that no one else could have any Oreos either.

Was it malicious? Intentional? Negligent? Spoofed? I can’t say. But what I do know is that the FBI is looking into the matter – and it’s far more serious than toddlers squabbling over broken toys and lost cookies.

MediaDefender claims that they have taken steps to ensure this won’t happen again. “We’ve added a policy that will investigate open public trackers to see if they are associated with other companies”, promised Grodsky, “and first will make a communication that says, hey are you aware of this.”

In the end, I don’t think Media Defender deliberately targeted Revision3 specifically. However, the company has a history of using their servers to, as Ars Technica said, “launch denial of service attacks against distributors.” They saw us as a “distributor” – even though we were using Bittorrent for legitimate reasons. Once we shut them out, their vast network of servers were automatically programmed to implement a scorched earth policy, and shut us down in turn. The long Memorial Day weekend holiday made it impossible for us to contact either Media Defender or their ISP, which only exacerbated the problem.

All I want, for Revision3, is to get our weekend back – both the countless hours spent by our heroic tech staff attempting to unravel the mess, and the revenue, traffic and entertainment that we didn’t deliver.

If it can happen to Revision3, it could happen to your business too. We’re simply in the business of delivering entertainment and information – that’s not life or death stuff. But what if MediaDefender discovers a tracker inside a hospital, fire department or 911 center? If it happened to us, it could happen to them too. In my opinion, Media Defender practices risky business, and needs to overhaul how it operates. Because in this country, as far as I know, we’re still innocent until proven guilty – not drawn, quartered and executed simply because someone thinks you’re an outlaw.

- Jim Louderback
CEO – Revision3

UPDATE
We’ve received several requests for some technical data to illustrate the specifics of the attack. So we’ve provided a text file with some more “under the hood” data.

This file represents every packet we identified as being part of the DoS for a period of time less than .02 *seconds* on Monday morning. If you count, there’s a total of 96 packets. (We removed 12 legitimate packets from the trace). We used a combination of tcpdump and wireshark to gather this information. (this particular trace is from tcpdump)

View the text file: rev3packettrace.txt

---

Tags: blog
This entry was posted on Thursday, May 29th, 2008 at 7:49 am and is filed under Polemics. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Netflix predicts it’s core business will be gone in 5 years

Today the CEO of Netflix, Reed Hastings basically pulled the plug on his own core business saying that the current business model of disc distribution will have peaked in 5 years time. This makes it obvious as to why Netflix is beginning it’s headlong push into digital distribution, and is starting to focus on it’s set-top offerings like its $99 Roku Netflix box. Quoting Mr. Hastings from Reuters:

We think the by-mail business is very strong but will probably peak in the next five years. Our key challenge is growing earnings per share and subscribers while funding streaming which should give us years of subscriber and earnings expansion.

It’s EXTREMELY rare for the CEO of a company to so publicly denounce it’s most lucrative business. And Netflix has hardly taken control of the digital distribution market, so I’m not sure what Mr. Hastings was trying to accomplish with this, though I do absolutely agree with his point.

I’ve been a Netflix subscriber now for quite some time, and I really enjoy their service. However in recent months I’ve found myself renting less discs from them and using the streaming service on my laptop more. Though there’s less in the way of content online, I’ve found that the quality of the rented discs has declined significantly as of late. I’ve had pausing issues caused by scratching in nearly every movie I’ve rented in the past three months. Because of this, I’m seriously considering picking up the Roku box. Though I might wait for something a bit more full featured.

The main issue with Netflix’s current streaming service is a general lack of NEW material. While the number of TV shows on there at the moment is pretty high, including the most recent episodes of popular NBC shows like “Heroes”, the number of popular movies is extremely low. As of the last time I checked, the only two movies on the Netflix top 100 that you could stream were “March of the Penguins” and “Little Miss Sunshine”. Good movies of course, but there are other things that I’d rather watch.

The platform itself also has it’s issues, currently only visible on Windows PCs and the Roku box, there isn’t much in the way of help for Mac users other than to run a Boot Camp partition of Windows to watch Netflix. Running it through virtualization software like Parallels or VMware is an exercise is frustration. The video and audio both stutter regardless of how much RAM or processor power you’re using.

If Netflix wants to dominate this market, they have to get their player on to every possible device it could run on. It needs to be on PCs , Macs, Linux Boxes, Media Center PCs, Xbox 360s, PS3s, AppleTVs, TiVos, iPhones, Windows Mobile Phones, and anywhere else that people like to consume media. Considering that there are tens of millions of Netflix subscribers currently, and that unlimited streaming is included for anyone with a $9.99 plan or over, it certainly gives Netflix a head start.

Once either Netflix support is added to an Xbox360 or PS3, or it’s integrated with a standalone blu-ray player, I’ll be picking up a Netflix box of my very own. And I for one welcome our possible new media streaming overlords!

Hell, it’s better than Apple dominating the market? Right?

Skyfire mobile browser recieves $13 million in funding

For those of you who don’t yet have an iPhone (like me), and are using a phone running Windows Mobile 6 (also like me) Skyfire is currently your best bet as a mobile browser. Much like the iPhone’s Safari browser, it renders websites like you would see them on your PC. You can zoom in to a page with a double tap and navigate around in a similar method to Mobile Safari. Instead of relying on your phone’s processor to render the pages, Skyfire uses a novel idea. The skyfire uses server-based rendering of the page, which is rendered to what I’d imagine is a basic Jpeg image of a page with hotspots that you can click on. This allows for faster and better quality page rendering than you’d get with something like pocket Internet Explorer.

Unfortunately, on my T-Mobile Shadow, the beta version is slow, and takes a long time to load a page, but it does support flash. I’d imagine that on a 3g phone performance would be far better. Even with these speed problems, it has absolutely become the default browser that I use on a daily basis, as the quality of the page rendering is far superior to that of anything else on the platform.

So, when Techmeme referenced a GigaOM article that Skyfire had recieved $13 million in venture funding, I was really happy for the little browser that could. I’m hopeful that Skyfire could solve some of it’s speed issues with more and faster servers, as well as optimizing the code so that it runs faster on some of the slower Windows Mobile phones, and you could see Skyfire becoming the dominant browser on the Windows Mobile side of things. The beta versions have been getting faster as the updates come, so I’m hopeful about this.

I had also heard rumors that Skyfire would be the default browser in the non-carrier specific version of HTC’s super-sexy Touch Diamond. That phone is 3g, and has a superfast processor as well as a GPU. I’d imagine that a tailor made version for that phone would be 100% the equivalent of Apple’s Mobile Safari. Possibly even better seeing that Skyfire does support Flash and Flash Video.

If you have a Windows Mobile 6 phone, I definetly urge you to sign up for the Skyfire beta. You won’t regret it.

Microsoft unveils multi-touch Windows 7. World says “meh.”

Last night at the “All Things D” conference, Microsoft made a special announcement that they would be giving a sneak-preview of the “all new” Windows 7 UI. Like many others in the blogosphere, my interest was piqued. What had Microsoft cooked up? Would it pull them out of the rut they were in with Vista? Would it be mind-blowingly awesome?

The answer was a resounding no. At least to me. Here’s a video from the conference:

Multi-Touch in Windows 7

I’ll be honest. I didn’t want to say that. In fact I decided not to go with my gut instinct and to sleep on it before I gave my opinions. Unfortunately, there isn’t much positive I can say. It looks as if rumors are stating that Microsoft has dropped support of it’s new kernel in Windows 7 in favor of keeping the same architecture as Vista, and what they’ve added instead is a version of the Apple Dock, and some of the multi-touch functionality from Microsoft Surface.

Now, on the surface (pardon the pun), this seems pretty cool. I appreciate the fact that Microsoft is finally pushing the multi-touch technology into the mainstream OS. It opens up a lot of opportunity for some really neat software. Unfortunately, something tells me that most of the stuff they showed will end up being either marginalized or removed completely before Windows 7 ships, the same way that Vista shed features like a cat in summer. Microsoft will more than likely state that consumer PCs are not yet multi-touch capable in sufficient numbers, and remove most of the features out of the version of the OS that most OEMs will ship while they will split Windows 7 into any number of confusing and expensive SKUs ala Vista.

Imagine if you will “Microsoft Windows 7 Home Premium for Multi Touch Tablet PCs”.

Yeah.

Not to say that the new UI isn’t interesting. Crunchgear leaked a bunch of screenshots prior to the conference which actually seemed pretty neat, if not a little too busy. Unfortunately, the UI layout in those screenshots was all over the place, they all seemed to be from different iterations of the OS. Microsoft admitted that these were early renderings and were not what you should expect to see come release time.

Time will tell how Microsoft manages to thread the needle between people who are used to the Windows UI, and people who are looking for something new and different. So far it’s a decent but unremarkable start. Sounds perfectly like Microsoft to me.

Microsoft to unveil “all-new” Windows 7 UI tonight!

Welcome back from the long weekend! Looks like we’re heading into some big news!

So apparently Microsoft is getting ready to unveil the first version of the redesigned Windows 7 User Interface apparently designed by a former member of the Adobe Lightroom UI team. This will be happening at the “All things D” conference, and both Steve Ballmer and Bill Gates will be doing the presentation. The way this is being layed out, we’re probably looking at a SIGNIFICANT revision here, because even the official Microsoft statement used the terms “all-new”

What do you think we’ll see? Could this be the renaissance of Microsoft, we will know shortly. In the mean time, heres a mockup from Gizmodo. Which personally I think is ridiculous: