FryUp: Gootube Refluence

New Zealand's USTube, Telecom promises separation and investment and Microsoft buys some intarweb kewel

Top Stories

— Gootube refluence

— More degrees of separation

— Microsoft off its Facebook

Gootube refluence

Ahhh... so there's now a NZ YouTube site? Excellent, excellent. Hang on though, it's just a New Zealand channel, hosted in the US:

$ ping

PING ( 56 data bytes

64 bytes from icmp_seq=0 ttl=243 time=224.376 ms

64 bytes from icmp_seq=1 ttl=243 time=230.637 ms

64 bytes from icmp_seq=2 ttl=243 time=218.629 ms

$ ping

PING ( 56 data bytes

64 bytes from icmp_seq=0 ttl=243 time=192.988 ms

64 bytes from icmp_seq=1 ttl=243 time=192.416 ms

64 bytes from icmp_seq=2 ttl=243 time=192.575 ms

Hmm. And the Aussies get much more content too. Nice one, Google.

YouTube NZ Channel

YouTube launches NZ channel

Chris Keall Live

YouTube's Kiwi content a fizzer

More degrees of separation

As expected, Telecom made the deadline for providing a draft on the operational separation it'll undergo. The draft separation document is a short two-pager, but the real meat is in the undertakings from Telecom. That document runs to 133 pages, and was presumably read with extreme care by Cunliffe's mandarins a while ago, as the document is dated October 25, but our comms minister is already talking about a "sea-change in Telecom's approach to the separation process" and so forth.

The public can also submit its views on Telecom's separation plan, and I suggest you do just that. It's very important to get it right this time, because there probably won't be another chance.

That said, there are positive signals emanating from Fortress Telecom. New CEO Paul Reynolds is promising $1.4 billion investment in broadband over the next five years, reaching not just the larger cities but also smaller towns. Compare this to how the Old Guard at Telecom threw the toys out of the cot and canned DSL investment in the provinces after the Commerce Commission didn't rule exactly the way the incumbent wanted.

Maybe there is hope after all?

Telecom NZ: Draft Separation Plan

Telecom NZ: Draft separation undertakings

Microsoft off its Facebook

One point six per cent of Facebook is worth US$240 million, according to Microsoft, desperate as it is to buy some intarweb cool that it seems unable to generate itself.

That's the actual reason for the perhaps somewhat surprising investment, which on the face of it makes little business sense - Facebook does turn a profit, but it's only in the US$30 million range.

I'd be very surprised if a takeover ended up costing Microsoft anything like the full US$15 billion valuation. In fact, if Microsoft has any sense, it'll remain a background investor without any real say in Facebook. If it gets too involved, Facebook will lose its cool and sour Microsoft's investment.

Even so, it'll be good money eventually for the Facebook founders, and good on them for getting there.

Time: Why Microsoft overpaid for Facebook

XKCD: Getting out-of-hand


Robert X Cringely

True Lies and Data Breaches

Arnold Schwarzenegger was always better in the bad guy roles. Now it seems he's gone back to his strengths. Earlier this month the Governator terminated the Consumer Data Protection Act (AB 779), a law designed to force California merchants to follow good data security practices and, when they don't, make them financially responsible for cleaning up the mess. This piece of legislation passed the California legislature by an overwhelming margin only to get shot down by Ahnuld, who apparently does not shop at TJ Maxx, Marshalls, or any of the other budget emporiums owned by The TJX “our data security is as cheap as our prices” Companies. It was the TJX data fiasco that inspired the legislation in the first place. The back story: Two years ago, a group of enterprising hackers camped out in a parking lot outside a Marshall's store in Minnesota, cracked the paper-thin WEP security used by the store's wireless network, and began siphoning off credit card numbers. Tired of shopping retail, they went wholesale — planting keyloggers inside TJX's central database to capture employee logins, setting up their own TJX accounts, and getting customer information direct from the source. When they were done, they'd stolen at least 45.7 million credit card numbers — a new high (or low) in the world of consumer data breaches. The actual count could be much higher, though we'll never know exactly how high; TJX deleted most of its records before the store realised it had been hacked. The hackers left a bunch of their own files on TJX's network, but TJX can't read them because they're encrypted. In other words, TJX didn't know or care enough to encrypt its records, but the hackers did. The depth of TJX's stupidity is hard to fully describe (though the Wall Street Journal did a fine job of capturing it here.) Unfortunately, they're not all that unique. Many retailers are having a hard time implementing basic security measures. Arnie says the law is too big a burden on small merchants, and that the credit card industry already has its own data security guidelines — the Payment Card Industry Data Security Standard. The old 'industry self regulation is better' argument rises again, like a cybernetic assassin after it's been steamrolled by a semi. The flaw in Arnie's ointment? The PCI DDS was created when the five biggest credit card companies merged their security standards in December 2004. But TJX got hacked in July 2005, and it didn't even realise it was hacked until December 2006. So much for self regulation. Personally, I think a cash disincentive for screwing up is a good thing. Small merchants with low sales volumes get a smaller disincentive, big merchants who hand customer information to hackers on a silver platter (or in TJX's case, a cheap plastic one) get hammered. This is unfair? Companies that violate the PCI DDS can get fined for infractions, but exactly who imposes the fine and how much the guilty parties have to pay is shrouded in secrecy. Of course, TJX will pay in other ways. It's proposed a $200 million settlement to compensate consumers for identity theft, but mostly in the form of store vouchers and a three-day 'customer appreciation event' next year. That's like mugging somebody, then offering to take them to dinner using the money you just stole from them. TJX is being sued by banks that don't like paying US$25 per customer to replace their credit cards because the retailer can't be bothered to upgrade its Wifi security. The FTC might also levy a fine at some point. Still, this would all be a lot simpler — and involve fewer attorneys — if there were a law that said, you spill that data, you pay for cleaning it up. Oh right, there was one, but somebody killed it. This isn't over. The bill passed with a veto-proof majority and will likely return in altered form. A Federal version of the same bill may appear eventually. As in Hollywood, stories this compelling always produce a sequel. Or to quote an aging movie icon: I'll be bock.