Sprint blocking Cogent network traffic...

It appears that Sprint has stopped routing traffic (called "depeering") from Cogent as a result of some sort of legal dispute. Sprint customers cannot reach Cogent customers, and vice versa. The effect is similar to what would happen if Sprint were to block voice phonecalls to AT&T customers.

Here's a graph that shows the outage, courtesy of Keynote :

Rich Miller at DataCenterKnowledge has a great summary of the issues behind the incident, which has happened with Cogent before. Rich says:

At the heart of it, peering disputes are really loud business negotiations, and angry customers can be used as leverage by either side. This one will end as they always do, with one side agreeing to pay up or manage their traffic differently.

I think this is particularly Radar-worthy because it provides an example of the complex issues around Net Neutrality . In this case customers are harmed and most (especially Sprint wireless customers) will have no immediate recourse.

(continue reading)

Kaminsky DNS Patch Visualization

Dan Kaminsky has posted the details of the widespread DNS vulnerability. Clarified Networks created this visualization of DNS patch deployment over the past month:

Red = Unpatched
Yellow = Patched, "but NAT is screwing things up"
Green = OK

Encouraging results from Peer-to-Patent

Congratulations to the organizers of Peer-to-Patent, which is carrying off one of the most audacious experiments in Internet activism in our day. A lot of ink has been spilled about Barack Obama's application of social networking techniques to presidential campaigning (and to Ron Paul's successful fund-raising before that) but Peer-to-Patent makes those achievements seem entirely run-of-the-mill.

The premise behind Peer-to-Patent, which many observers called impractical, was that thousands of experts in technical fields would flock to the site to read patent applications (if you've ever read one, you'd hike the stakes against success several notches right there) and would find prior art that would lead to rejection or restrictions on patent claims.

Well, it's working. A report released by the non-profit project in PDF format reports the data from surveys and an analysis of patents handled during the first year of the project. The sample is small (23 patents) but bears some impressive fruit.

(continue reading)

Service Monitoring Dashboards are mandatory for production services!

Google App Engine went down earlier today. GAE is still a developer preview release, and currently lacks a public monitoring dashboard. Unfortunately this means that many people either found out from their app and/or admin consoles being unavailable or from Mike Arrington's post on TechCrunch.

Google has a strong Web Operations culture, and there are numerous internal monitoring tools in use across the company, along with a smaller set available to customers. It's suprising that Google launched a developer platform without providing something beyond an email group, although they are by no means the first to do so.

Service Monitoring Dashboards are mandatory for production services and platforms!

• If you launch a platform that people pay you money for, you need to have a real time service dashboard. Ideally this should be decoupled from the rest of your infrastructure.
• Don't rely on platforms that lack service monitoring dashboards for production.

Many companies are initially reluctant to provide this kind of monitoring to the public, and only do so in reaction to an outage. However, it seems that every company that offers such a dashboard uses it as a source of competitive advantage.

The best example of this is trust.salesforce.com which they launched after series of outages in 2006. Amazon (eventually) launched a status dashboard for AWS, and added RSS feeds for specific services which I think is pretty cool.

Javier Soltero at Hyperic points out

1. The reports of service outages arrive long after anyone who depends on the services can possibly do anything to mitigate their effect.
2. The services themselves seem incapable of providing any visibility into the circumstances that might lead to future outages.

[...]Even TechCrunch points out that the Google Apps blog doesn’t even mention the outage. Other clouds rely on blogs such as this one, this one, or maybe even this one (from our good friends at Mosso). These are all places where outages can be discussed, but not the right means for people to find out whether it their application that crashed, or the cloud that it depends on.

(Updated:Niall Kennedy pointed out that GAE is still a preview release, and I agree that my original wording was wrong. My intent is to emphasize the importance of providing a public service dashboard and so I've edited accordingly.)

The wiretapping accusation against P2P and copyright filtering: evidence that we need more user/provider discussion

I would by no means argue with celebrated law expert Paul Ohm when he suggests that cable companies and other ISPs might be breaking the federal wiretap law by doing deep packet inspection. This was the recent news from a WIRED reporter blogging from Computers Freedom & Privacy.

I will leave it up to the lawyers to decide whether the wiretap law was passed with the intent to keep providers from reducing traffic that strains their bandwidth, or from complying with requests from movie studios to prevent the unauthorized exchange of first-run films. I'll also let lawyers decide whether the ISPs are shielded by exemption that allows them to protect their service.

But I can't help observing that the same kinds of deep inspection that Ohm decries (and that permits China and other governments to censor content) is also used for spam and virus filtering. Superficial traffic analysis could perhaps, someday, identify spam and viruses, but it's currently critical to check for the signatures of malicious content. Would Professor Ohm like to personally handle the 2000% increase in email he'd get if he forced his ISP to stop filtering?

On the other hand, I wonder whether web mail services such as Hotmail, Yahoo! and Google would be guilty of wiretapping if they check traffic. After all, they are not delivering traffic to another system as Comcast is; they are terminating the traffic on their own systems, where their users access it. I'd think they have a much stronger defense, partly because the data is technically on their own systems, and partly through the claim that they need to run filters to protect these systems from viruses, or even just excessive traffic.

These dilemma suggest to me that the relationship between ISPs (or mail service providers) and customers has to change, and perhaps that the wiretap statute has to adapt. What we want is that most perplexing of legal solutions: to screen out malicious behavior and impacts that users don't like, while leaving positive and desired behavior alone.

(continue reading)

Yochai Benkler, others at Harvard map current and future Internet

Harvard's world-renowned Berkman Center for Internet & Society is celebrating its tenth anniversary with a conference called Berkman@10. I'll report here on today's sessions, which were organized as a fairly conventional symposium (although as loosely as one could run it with 450 attendees). Tomorrow will be set up as an unconference, where the audience defines most of the topics and self-organizes into small-group discussions.

• Whither peer production--wither peer production?
• The conscious commons
• What will a Harvard for six billion people look like?
• Designing for cooperation
• Seeding and modeling
• The dilemma of openness
• The Berkman Center broadens

(continue reading)

Book review: "The Future of the Internet (And How to Stop It)"

Most of us in the computer field have heard more than our fill about the free software movement, the copyright wars, the scourge of spyware and SQL injection attacks, the Great Firewall of China, and other battles for the control of our computers and networks. But your education is stifled until you have absorbed the insights offered by comprehensive thinkers such as Jonathan Zittrain, who presents in this brand new book some critical and welcome anchor points for discussions of Internet policy. Now we have a definitive statement from a leading law professor at Harvard and Oxford, who combines a scholar's insight into legal doctrines with a nitty-gritty knowledge of life on the Internet.

You can read Zittrain for cogent discussions of key issues in copyright, filtering, licensing, censorship, and other pressing issues in computing and networking. But you're rewarded even more if you read this book to grasp fundamental questions of law and society, such as:

• What determines the legitimacy of laws and those who make and enforce them?
• What relationship does the law on the books bear to the law as enforced, and how does the gray area between them affect the evolution of society?
• What is the proper attitude of citizens toward law-makers and regulators, and how much power is healthy for either side to have?
• How can community self-organization stave off the need for heavy-handed legislation--and how, in contrast, can premature legislation preclude constructive solutions by self-organized communities?

Core questions such as these power Zittrain's tour of technology and law on today's networks. "The Future of the Internet" takes us briskly down familiar paths, offering valuable summaries of current debates, but Zittrain also tries always to hack away at the brambles that block the end of each path. Thanks to his unusually informed perspective, he usually--although not always--succeeds in pushing us forward a few meticulously footnoted footsteps.

(continue reading)

You Become what You Disrupt - (part two)

Google's GrandCentral (Radar coverage) was down over the weekend resulting in missed calls and other phone problems for its users.

This is very similar to the the two day Skype outage last year where I said that "You Become what You Disrupt". I've spoken about this issue several times, most recently at the Princeton CITP "Computing in the Cloud" workshop.

The problem is that it's not particularly clear at what point a disruptive innovation becomes a utility. As innovators it's important that we recognize that this point will arrive and prepare for it. I believe that we have a responsibility to be good stewards of the technologies we create, and to take responsibility for protecting people who come to rely on those technologies to live their daily lives. When we fail to do that, we may find ourselves being cast as either fools or villains who must be regulated and controlled.

Ultimately, I think we will evolve a set of safety standards very similar to building codes. For instance, it appears that a multi-datacenter strategy would have prevented the GrandCentral outage. (As I've said many times before: Datacenters are a Single Point of Failure!)

Cofounder Craig Walker writes: "I wanted to write a quick note to all the GC users and apologize for the service interruption this morning. We had a power issue at our current colo facility and it knocked us off line for a few hours. Unfortunately I’ve been up in the mountains with the family this weekend and had no cell/internet coverage so couldn’t respond earlier. I did want to let you know that we were able to restore the service by noon today and are working extremely diligently to make sure this won’t occur in the future. We’ll do a better job keeping you informed in the future, not only about service related issues but also about upcoming features, soliciting your feedback, and generally making sure that you, the GC user, is well informed as to what’s going on with the service."

Will better industry standards, best-practices, and independent certifying authorities emerge for these new utilities without innovation-stifling regulation? I hope so.

(continue reading)

Amazon improves EC2 (by embracing failure)

Amazon just announced two big improvements to EC2:

• Multiple Locations
  Amazon EC2 now provides the ability to place instances in multiple locations. Amazon EC2 locations are composed of regions and Availability Zones. Regions are geographically dispersed and will be in separate geographic areas or countries. Currently, Amazon EC2 exposes only a single region. Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same region. Regions consist of one or more Availability Zones. By launching instances in separate Availability Zones, you can protect your applications from failure of a single location.
  
  
• Elastic IP Addresses
  Elastic IP addresses are static IP addresses designed for dynamic cloud computing. An Elastic IP address is associated with your account not a particular instance, and you control that address until you choose to explicitly release it. Unlike traditional static IP addresses, however, Elastic IP addresses allow you to mask instance or Availability Zone failures by programmatically remapping your public IP addresses to any instance in your account. Rather than waiting on a data technician to reconfigure or replace your host, or waiting for DNS to propagate to all of your customers, Amazon EC2 enables you to engineer around problems with your instance or software by quickly remapping your Elastic IP address to a replacement instance.

Datacenters and geographic regions are Single Points of Failure (SPOF) too.  Failure Happens, and it's far better (and cheaper) to build services that are resilient to failure than to try to prevent them from happening.  This is a big step in the right direction.

Update: RightScale posted an excellent overview of how this works.

The "New Privacy"

There was a great session on Online Privacy on NPR's Science Friday today, including a guest spot by Emily Vander Veer, the author of O'Reilly's Facebook: The Missing Manual. You can subscribe to the podcast or download today's episode directly.

The discussion here is yet another independent confirmation of the new definition of privacy that's emerging in American culture. We used to fight for the right not to reveal information about ourselves. The "new privacy" is about fighting for the right to spread your personal information all over very public forums but still control how it's used. It's an almost Escher-esque redefinition of language. To quote my own earlier writing: "If you paint something on the city wall, don't expect it to be hidden."

Daniel Weitzner made a big point on the show of the parallels between protection for the kind of information we display on Facebook and legislation to protect medical and financial information. He missed a crucial difference: the medical and financial information protected by those laws prevents information that must be revealed in one context (to your doctor or banker) from leaking out into other contexts. But, if you posted your bank and credit card details and medical records on a public web site for the world to see, people might accuse you of being stupid, but they wouldn't claim that we need tighter legislation on the use of information.

Network neutrality: how the FCC sees it (Part 1 of 2)

The mere announcement of an FCC hearing on "broadband network management practices" was a notch in the gun of network neutrality advocates. The achievement was reinforced by the line-up at Harvard University's law school today. The Comcasts and Verizons were outnumbered and outmaneuvered by the left wing of the network neutrality movement, which included such leading lights as Yochai Benkler, David P. Reed, and the honorary host of the event, Representative Edward Markey, who heads the House's Subcommittee on Telecommunications and the Internet.

Yet to a large extent, the panelists and speakers were like petitioners who are denied access to the king and can only bring their complaints to the gardeners who decorate the paths outside his gate. I believe that the FCC commissioners see distinct limits to what they can accomplish, and that their compromise will come out much closer to the current practices of the Comcasts and Verizons than to the more idealistic calls for an Internet that we should have had seven or eight years ago.

I feel a natural pull toward network neutrality, which I knew for many years in slightly different versions and different terms (common carriage, the layered protocol stack, the end-to-end principle, the stupid network) before the current buzzword emerged. But I soon realized that the subject was a thornbush from which it is hard to untangle a solution, and wrote a major analysis two years ago that I really think still stands as an accurate representation of the issues.

But where do industries, the public, and the government stand today? That's what I'll explain in this article. I'll drill down tomorrow in another article about some interesting details at the hearing.

(continue reading)

US Judge censors WikiLeaks.org by ordering DNS records removed

The BBC and many others report that the international whistle-blower website WikiLeaks.org has been taken down as of this morning. Judge Jeffery White ordered that the WikiLeaks.org domain be removed at the request of Julius Baer Bank & Trust. Not only does the judge order that the site be removed, he orders that the whois privacy protections be turned off and, of course, that the log files be handed over.

Court Orders can be used as an effective Denial of Service attack and can circumvent otherwise strong privacy protections.

(continue reading)

Amazon S3 / EC2 / AWS outage this morning...

Many of Amazon.com's Web Services were down this morning with some customers reporting outages lasting over three hours. Sites that depend on services that depend on EC2 or S3 are down as well.

Failures like this happen in every system, and anyone that promises otherwise is foolish or lying (or both). Amazon does not promise that their systems won't fail, they offer service credits when S3 does fail in accordance with their Service Level Agreement. (see: earlier Radar post, video of my panel discussion about SLAs and regulation)

Nick Carr mentions what happened after the Salesforce outage in 2006:

[...] I feel compelled to point out the inevitable glitches that are going to happen along the way. How the supplier responds - in keeping customers apprised of the situation and explaining precisely what went wrong and how the source of the problem is being addressed - is crucial to building the trust of current and would-be users. When Salesforce.com suffered a big outage two years ago, it was justly criticized for an incomplete explanation; the company subsequently became much more forthright about the status of its services and the reasons behind outages. Given that entire businesses run on S3 and related services, Amazon has a particularly heavy responsibility not only to fix the problem quickly but to explain it fully.

Nick is referring to trust.salesforce.com which is currently the gold standard of availability reporting for Software as a Service providers. I hope this incident provides both pressure and incentive for other services to adopt similar standards soon.

Updated: David Ulevitch of OpenDNS added:

we've been providing a similar site to Trust.Salesforce.com since we launched -- and we find that the milage it brings us in user trust far outweighs the embarrassment of whatever we have to put up there. Our site's version is at http://system.opendns.com.

(Disclosure: OpenDNS is a Minor Ventures company along with Swivel where I am an Advisor.)

Phil Gross of Intuit Quickbase points to http://service.quickbase.com adding:

[...] We have found that being as clear and upfront as possible when there are issues goes a long way towards keeping customers happy, and it's also just the right thing to do. One thing to remember, if other companies are thinking about developing a similar service, is *not* to host your service page with your main web host or data center. Our service page is at our disaster recovery center, in a completely separate region of the country, so that if there were a network outage, we could still get the word out, and update on when we'd be back up.

My friend Scott Ruthfield points out DoubleClick's dashboard at http://qos.doubleclick.net/

Updated: Official update posted on the on AWS forums:

Here’s some additional detail about the problem we experienced earlier today.

Early this morning, at 3:30am PST, we started seeing elevated levels of authenticated requests from multiple users in one of our locations. While we carefully monitor our overall request volumes and these remained within normal ranges, we had not been monitoring the proportion of authenticated requests. Importantly, these cryptographic requests consume more resources per call than other request types.

Shortly before 4:00am PST, we began to see several other users significantly increase their volume of authenticated calls. The last of these pushed the authentication service over its maximum capacity before we could complete putting new capacity in place. In addition to processing authenticated requests, the authentication service also performs account validation on every request Amazon S3 handles. This caused Amazon S3 to be unable to process any requests in that location, beginning at 4:31am PST. By 6:48am PST, we had moved enough capacity online to resolve the issue.

As we said earlier today, though we're proud of our uptime track record over the past two years with this service, any amount of downtime is unacceptable. As part of the post mortem for this event, we have identified a set of short-term actions as well as longer term improvements. We are taking immediate action on the following: (a) improving our monitoring of the proportion of authenticated requests; (b) further increasing our authentication service capacity; and (c) adding additional defensive measures around the authenticated calls. Additionally, we’ve begun work on a service health dashboard, and expect to release that shortly.

Are there any other companies that provide similar reporting on their availability and performance?

Understanding the undersea cable cuts... (updated: "fifth cable cut")

The Fiber Cuts in the Middle East are getting a lot of attention. The economic damage is real and the geopolitical issues are extremely complex (which is why I edited my earlier post).

From an operations perspective these kinds of outages are nothing new, and underscore why having "many eggs in few baskets" is such a problem. I believe we will see similar incidents when we have the first multi-datacenter failures where multiple providers lose significant parts of their infrastructure in a single geographic area. (Remember: location is a basket too!)

To really understand the current issue, I recommend Neal Stephenson's incredible (and lengthy) Wired article from 1996 entitled "Mother Earth Mother Board":

[...] It sometimes seems as though every force of nature, every flaw in the human character, and every biological organism on the planet is engaged in a competition to see which can sever the most cables. The Museum of Submarine Telegraphy in Porthcurno, England, has a display of wrecked cables bracketed to a slab of wood. Each is labeled with its cause of failure, some of which sound dramatic, some cryptic, some both: trawler maul, spewed core, intermittent disconnection, strained core, teredo worms, crab's nest, perished core, fish bite, even "spliced by Italians." The teredo worm is like a science fiction creature, a bivalve with a rasp-edged shell that it uses like a buzz saw to cut through wood - or through submarine cables. Cable companies learned the hard way, early on, that it likes to eat gutta-percha, and subsequent cables received a helical wrapping of copper tape to stop it.

[...] There is also the obvious threat of sabotage by a hostile government, but, surprisingly, this almost never happens. When cypherpunk Doug Barnes was researching his Caribbean project, he spent some time looking into this, because it was exactly the kind of threat he was worried about in the case of a data haven. Somewhat to his own surprise and relief, he concluded that it simply wasn't going to happen. "Cutting a submarine cable," Barnes says, "is like starting a nuclear war. It's easy to do, the results are devastating, and as soon as one country does it, all of the others will retaliate."

As the capacity of optical fibers climbs, so does the economic damage caused when the cable is severed. FLAG makes its money by selling capacity to long-distance carriers, who turn around and resell it to end users at rates that are increasingly determined by what the market will bear. If FLAG gets chopped, no calls get through. The carriers' phone calls get routed to FLAG's competitors (other cables or satellites), and FLAG loses the revenue represented by those calls until the cable is repaired. The amount of revenue it loses is a function of how many calls the cable is physically capable of carrying, how close to capacity the cable is running, and what prices the market will bear for calls on the broken cable segment. In other words, a break between Dubai and Bombay might cost FLAG more in revenue loss than a break between Korea and Japan if calls between Dubai and Bombay cost more.

The rule of thumb for calculating revenue loss works like this: for every penny per minute that the long distance market will bear on a particular route, the loss of revenue, should FLAG be severed on that route, is about $3,000 a minute. So if calls on that route are a dime a minute, the damage is $30,000 a minute, and if calls are a dollar a minute, the damage is almost a third of a million dollars for every minute the cable is down. Upcoming advances in fiber bandwidth may push this figure, for some cables, past the million-dollar-a-minute mark. [Link]

Update Feb-06 @ 08:52 GMT: I am aware of five cable segments that are experiencing problems, including one that was reported on January 23rd which had a repair already underway. I don't think this is a "fifth cut" as some people are starting to report, and I'll post an update if that changes.

A lot of needless confusion and worry could be avoided if FLAG Telecom and the other carriers involved would provide timely and useful updates on their website. It appears that they are doing a good job of restoring connectivity, but they are terrible job of telling an increasingly concerned public exactly what is going on. This kind of confusion resulted in false reports that "Iran was completely offline", which was corrected by the Renesys blog team after the story spread to influential blogs, Slashdot, Digg, and the mainstream media.

Failure Happens: Transcontinental fiber-optic submarine cables

The Guardian published a summary of the ongoing impact from the transcontinental fiber-optic submarine cable cuts along with a map from Telegeography.com:

According to reports, the internet blackout, which has left 75 million people with only limited access, was caused by a ship that tried to moor off the coast of Egypt in bad weather on Wednesday. Since then phone and internet traffic has been severely reduced across a huge swath of the region, slashed by as much as 70% in countries including India, Egypt and Dubai. [...]

"It will depend on how bad the damage is, but they'll find the sections in question and bring them up onto a ship for repair before sinking them again," said Mauldin. "It could take a week or possibly two weeks."

The fibre optic wires in question - called Flag Europe-Asia and Sea-Me-We 4 - are some of the most vital information pipelines between Europe and the east. The latter, which runs in an uninterrupted line from western Europe to Singapore, had only recently been opened after a mammoth £500m, three-year installation project. Between them, the two lines are responsible for around 75% of all connectivity in the Middle East and south Asia.

(continue reading)

Privacy 2007: Hiding in the Crowd

Each year I pick out a pressing topic in Internet policy and write a year-end article summarizing trends in that area for an online newspaper called the American Reporter. It has just published my article "Privacy 2007: Hiding in the Crowd," which may interest Radar readers although it was aimed at more of a lay audience. I also gave the article a more permanent URL.

My favorite iPod accessory is my EFF Membership...

If you are searching for accessories for your new iPod or other music player, please consider membership in the Electronic Frontier Foundation (EFF). The EFF helps people fight abusive file-sharing lawsuits and is working to provide ways for artists to be paid for their work. The EFF helps ensure we have fair use of our media, which makes membership the ultimate iPod accessory.

'Computing in the Cloud' workshop hosted by Princeton University - January 14-15

Marc Hedlund and I will be speaking at the 'Computing in the Cloud' workshop hosted by the Center for Information Technology Policy at Princeton on January 14-15. The sessions look very interesting and registration is free.

Panel 1: Possession and ownership of data - In cloud computing, a provider's data center holds information that would more traditionally have been stored on the end user's computer. How does this impact user privacy? To what extent do users own this data, and what obligations do the service providers have? What obligations should they have? Does moving the data to the provider's data center improve security or endanger it?

• Joel Reidenberg, (home page), Professor of Law, Fordham University
• Timothy B. Lee, blogger at Technology Liberation Front and adjunct scholar, Cato Institute
• Marc Rotenberg, Executive Director, Electronic Privacy Information Center

Panel 2: Security and risk in the cloud - How does the move to centralized services affect the security and reliability of users interactions with technology? What new threats are likely to emerge? How might provider behavior, user behavior, or government policy need to change in response to those threats? How does the open source ethos work in a cloud computing environment?

• Marc Hedlund, founder and chief product officer, Wesabe.com
• Mihai Christodorescu (home page), researcher at IBM TJ Watson Research Center
• Benjamin Mako Hill researcher at MIT Media Lab and Free Software Foundation

Panel 3: Civics in the cloud - How and where can cloud computing best improve public knowledge and engagement in political issues? What has been achieved so far? What is possible in the long run? What moves by private actors, and what policy changes, might do the most to harness the power of cloud computing for civic engagement?

• Josh Tauberer (home page), founder of Govtrack.us
• Andrew Page, associate director, MAPLight.org
• John Wonderlich, Program Director, Sunlight Foundation

Panel 4: What’s next? What new services might develop, and how will today’s services evolve? How well will cloud computing be likely to serve users, companies, investors, government, and the public over the longer run? Which social and policy problems will get worse due to cloud computing, and which will get better?

• Andrea LaPaugh (home page) Professor of Computer Science, Princeton University
• Reihan Salam The Atlantic Monthtly
• Jesse Robbins O'Reilly Radar

Updated on 1/21/08. Here is the the video of my panel:

Reputation: where the personal and the participatory meet up (installment 4 of 4)

(Installment 1, installment 2, and installment 3 were published previously on Radar, and are still there with numerous comments. The entire article can be viewed on my web site.)

Economic motivations and economic effects

Bauwens pointed out that most online work, like other peer-generated information, is done by volunteers without financial remuneration. This is clearest in expressive communities such as YouTube. In commons-oriented production, such as Linux and Wikipedia, everyone derives a shared benefit without money exchanging hands. (Most Linux kernel hackers are now paid to do their work, but most companies who pay them don't get their investment back directly by selling Linux.)

Money becomes a factor in peer production when it gets integrated into a company's value chain, as with Amazon.com rankings or the kinds of user innovation networks researched by Eric von Hippel. Bauwens recognized that people will "cash in" their reputations at some point, but urged sites to try somehow to maintain some distance between the systems that solicit ratings and the material rewards for such ratings.

(continue reading)

Reputation: where the personal and the participatory meet up (installment 3 of 4)

(Please read installment 1 and installment 2 before this installment.)

Portability: the problems

Although portable reputations, like single sign-on, appear to be Internet's golden future (both in terms of user participation and commerce), they're not likely to happen.

(continue reading)