Cesar Menendez has a blog post entitled Zune and DRM (or "My Bad; I mis-Blogged") where he addresses some of the concerns around the Wi-Fi sharing features of the Zune. He writes

I misspoke (mis-blogged) on last week’s post. We don’t actually “wrap all songs up in DRM:” Zune to Zune Sharing doesn’t change the DRM on a song, and it doesn’t impose DRM restrictions on any files that are unprotected. If you have a song - say that you got “free and clear” - Zune to Zune Sharing won’t apply any DRM to that song. The 3-day/3-play limitation is built into the device, and it only applies on the Zune device: when you receive a song in your Inbox, the file remains unchanged. After 3 plays or 3 days, you can no longer play the song; however, you can still see a listing of the songs with the associated metadata.

So, to answer the direct question, Zune doesn’t have “viral DRM.” And mea culpa on telling everyone that we impose DRM.

In reading this, it seems that although Cesar has clarified the implementation the behavior [to end users] is still the same whether the music files are wrapped in DRM or the Zune knows that any song it gets over Wi-Fi can no longer be played 3 plays or 3 days without having to alter the files. I'm curious to see what the answers are to some of the questions asked by Joshua O'Madadhain about the 3 play/3 day feature since this is currently the most interesting feature of the device.

PS: I finally got to play with a Zune device at work and I like what they've done with album art in the music experience. The wider screen for watching videos is also a nice touch. I did have some difficulty with the controls because I kept trying to treat the D-pad as a scroll wheel due to my over-familiarity with the iPod. Check out the videos of playing music and videos on the Zune and Zune to Zune music sharing on Youtube if you want to see what it's like.

 

Julien Couvreur has a blog post entitled Cross-document messaging hack where he writes

The Dojo and Windows Live Platform teams have both recently released DHTML hacks that allow two iframes in different domains to communicate, bypassing the notorious same-domain policy implemented in browsers. I'm surprised by the relative lack of response in the AJAX blogosphere, as this opens lots of possibilities for mashups.

The basics:
The hack relies on dynamically created iframes, using the fragment identifier to leak/communicate information to the other domain and timers to check for iframe changes.

For example, if you have page A containing an iframe B in a different domain, then B can create a new iframe and load it with a url in the same domain as A. The url that is loaded doesn't generate a request to the server if it is properly cached and only the fragment identifier is used to pass changing information. Page A can now get the DOM handle on the new iframe and successfully retrieve the information transmitted in the url by B.

Although the hack goes around the same domain policy, you should realize that it does not constitute a significant security threat, as it requires both frames to cooperate. Additionally, this mechanism allows for control of which domains can work together.
...
The applications:
...
Windows Live goes into a more specific proof of concept, with the Windows Live Contacts Gadget, an embeddable contact picker. It explores the problem of cross-domain interactions deeper than the Dojo work, specifically around authentication, access control and privacy.

Like Julien, I'm surprised that there hasn't been more discussion about this technique in the AJAX blogs. I first learned about this technique from Yaron Goland while he was working with Danny Thorpe and others on the Windows Live Contacts Gadget. With this technique I can embed a widget gadget hosted on my domain on a page from another domain and then later on exchange data or otherwise communicate between the widget gadget and the hosting page.

This is how the Windows Live Contacts Gadget allows you to embed a control that opens a portal to a user's Hotmail address book and then communicates the contacts the user has picked back to the hosting page. It's a really sweet hack.

 

It looks like Kurt, Samir and the rest of the Windows Live Expo team has been busy the past couple of months. From the blog post entitled on their team blog we learn

The team has spent the past 2 months working on features that were either gathered from end user feedback or were part of our long-term roadmap, so we are excited to share our work with you. As part of this update we wanted to highlight the following new features:

Integrated payment service:  Paypal’s 150 million registered users can now easily reference their account in order to complete secure person-to-person transactions on Windows Live Expo.  Buyers can purchase items from sellers on Expo with a credit card thru Paypal or using their Paypal debit accounts. Additionally, sellers can specify their preferred method of shipping and declare the cost for doing so.

 New high quality job listings: Expo now allows users to search and browse thousands of local and national job listings which are supplied by our partner CareerBuilder.

 Featured ads: The new featured ads area (provided by AdMission) allows you to generate a lot more interest in your listing by offering a fun, rich media experience that highlights your classified listing. The featured ads module will initially appear in the real estate and autos sections (example).

I chatted with Samir about the addition of integrated payments and a job listing service a few weeks which led an interesting line of thinking on my part. Besides identity, the most important pillar of social software is reputation. In Windows Live, we are building all these notions of a user's reputation which don't really overlap but tell you more about the user. For example, a user who Hotmail considers a spammer (i.e. has a bad reputation as an email user) may also be an awesome seller on Expo to whoever responds to his V1@gr@ spam (i.e. has a good reputation as a seller). Then there are the various notions of expertise being built up in Windows Live QnA. A person who is great at answering questions about Marvel and DC Comics may suck at answering other kinds of questions. How should all these aspects of a users reputation be represented in our various services? Should they be unified in some way? Is it interesting to be able to click on my profile and get an overview of all aspects of my reputation in Windows Live? Do we need a Reputation Metasystem to go along with the Identity Metasystem so we can enable federated/interoperable reputation systems?

Anyway, I digress. Check out Windows Live Expo, the newest changes to site make it an even more compelling service than before.

 

A couple of days ago, I mentioned that I'd like to talk to folks at startups working on gadgets widgets. Since then a couple of folks have expressed interest in the idea.

In his post WidgetCon Om Malik writes

Dare wants to talk to widget creators. I think it is a great idea. I am happy to host Dare in SF, and perhaps we can put together an informal event to talk widgets. You know I love that stuff. Niall, say what? Anyway else wants to jump in and play along, please do. Meebo & Rock U team…. what do you think?

The folks from Meebo and RockYou both expressed interest in a comments to Om's post.

Marc Canter also jumps in with a post entitled Widgetcon where he writes

Om likes the fact that Dare wants to talk to startups about widgets.  He even thinks there should be a conference.
...
We’re watching these three kinds of constituents all use the same technology - and try and shoehorn their technology and business models into them.  Whether they’re called Konfabulators, widgets, gadgets, modules, blog objects - it really doesn’t matter.

It’s happening, it’s all good and we’d love to attend any sort of event around this.

I know my friends at AOL would love to attend too - and if I were a betting man, I’d say Yahoo would be on-board, as well as NetVibes and Pageflakes.

Now the question is “can we get Google to show up at such an affair?”

THis would be a PUBLIC event - right dudes?  None of this clique shit - right?

Maybe we can even get Microsoft to pay for some Alaskan King Crab legs - like the old days?

I've pinged some folks at work about this and I'm sure there'll be a couple of heads from Microsoft who'd be down with attending. I'm not from the area so I'd suck at organizing something like this from Seattle so I'll just follow Marc and Om's lead on this. I'll also ping some of our developer marketing folks to see if we can spring for food if enough people are down with attending.

To make this "Web 2.0", maybe someone should create an attendee list wiki. ;)

 

A number of recent events in the digital music space has made me start coming around to Cory Doctorow's way of thinking on DRM. Specifically, I've been debating on whether to get a Zune as my next digital music player once I'm done with my current music player. One of the issues that has come to mind is highlighted in Charles Miller's post entitled The greatest trick where he states

Meanwhile, once you’ve started buying music on iTunes, unless you start illegally breaking the DRM locks, your next DAP is going to have to be an iPod, and the one after, and the one after.

Remember when the iTunes Music Store was launched, and Apple’s public line on FairPlay was: “Yes, it’s DRM, but we fought so hard with the recording industry to make sure we can let you burn CDs and play music on multiple devices!”

The greatest trick Apple pulled was to build a market where lock-in is mandated, but convince the world that this was something they did reluctantly, at the behest of the villainous recording industry.

Like most iPod users, I don't have a ton of music that was purchased from the iTunes music store but I still don't want to end up losing that music once I switch devices. Thanks to proprietary DRM, a portion of my music library is forever tied to Apple's family of digital audio players.

On a related note, I just noticed that Napster is for sale which isn't a good sign. Before this is all over, it is likely that one or more online music services will disappear as a natural effect of competition in the marketplace. In this case, what happens to the music libraries of all the people who have purchased DRMed music from these services? When I buy a CD, I don't have to worry about losing my music if the record label goes out of business. Thanks to DRM, I now have to worry about the long term viability of the company's products before buying music. I now have to make music purchasing decisions based on whether I think iPod/iTunes or Zune/Zune Marketplace will be around in 5 years. That sucks.

I'm definitely not buying DRMed music anymore. Ripping from CDs is the way to go.

 

Twice this week I've had someone mention that even though they like Windows Live Local, they can never remember the URL. I have to admit that I sometimes end up typing http://live.local.com instead of http://local.live.com. It wasn't until this morning that I remembered that there is an easier to remember URL for accessing the site

http://maps.live.com

Brilliant. Now if only we could change the product name to Windows Live Maps. After all, Google renamed Google Local to Google Maps because of end user confusion. Anyway, kudos to the team for building such an awesome site. I've been playing with the recently released people search feature and I it's pretty sweet. This continues to be my favorite Windows Live service.

 

From the press release entitled MSN Launches Beta of Soapbox on MSN Video we learn

REDMOND, Wash. — Sept. 18, 2006 — MSN today announced the U.S. beta release of Soapbox on MSN^® Video, a user-uploaded video service that makes it easy for people to express themselves by uploading, discovering and sharing personal videos with the Soapbox community and others around the world. Soapbox will be available on MSN Video and will be deeply integrated throughout Microsoft Corp.’s portfolio of online services, including Windows Live™ Spaces and Windows Live Messenger.

“Soapbox delivers on a critical component of the MSN growth strategy of deepening audience engagement by enabling people to participate in the content experience,” said Rob Bennett, general manager of Entertainment and Video Services for MSN. “By adding a user-uploaded video service, we are rounding out our existing investments in commercially produced and original content on MSN Video.”
...
Availability

The beta of Soapbox on MSN Video is available on an invitation-only basis in the U.S. Those interested in participating in the beta can sign up for the waiting list now at http://soapbox.msn.com. Access to the beta will expand over time by enabling existing beta testers to invite a limited number of friends.

I'm on the invite list for the beta but I haven't tried out the site yet. However there is a brief overview of the site at TechCrunch in the post Microsoft SoapBox Just Launched by Mike Arrington. He writes

Om Malik says, via a commenter, that “Soapbox autodetects your browser + platform and streams WM for IE/Windows users, but Flash for Firefox/Windows and Firefox+Safari on Mac.” LiveSide says videos up to 100 MB in size can be uploaded in AVI, ASF, WMV, MOV, MPEG 1/2/4, 3GPP, DV file formats

I'll try out the service myself later this week and see if I can get any invites to share with folks who are interested in giving it a shot once they give us invites.

 

I saw the following entry entitled Premiere Cancelled on Weird Al Yankovic's MySpace page where he writes

I'm very sorry to say that the AOL "First View" Premiere of the "White & Nerdy" video has been cancelled.

Apparently, the video has already leaked online, and AOL doesn't feel comfortable doing a "World Premiere" promotion for a video that a number of people have seen already. (I can understand songs leaking, but a video? How'd THAT happen?)

Anyway, it's really a bummer... it would have been great promotion for the album... but hey, life goes on.

I was just watching the video on YouTube which now seems to have been taken down. It sucks that Weird Al is losing a promotional opportunity because his video leaked onto YouTube. I just might go ahead and pickup this CD as a show of solidarity.

The song is sweet, you can hear it for yourself at http://www.myspace.com/weirdal.

 

Niall Kennedy has a blog post entitled Authenticated and private feeds where he writes

Examples of private feeds intended for 1:1 communication include bank balances, e-mail notifications, project status, and the latest bids on that big contract. Data in the wrong hands could be dangerous, and many companies will stay away from the feed syndication space until they feel their users' personal data is secure.

A private feed's data could be exposed in a variety of ways. A desktop aggregator's feed content might be available to other users on the same computer, either through directory access or desktop search. An online aggregator might expose a feed and its content in search results or a preview mode.
...
A feed publisher could whitelist the user-agents it knows comply with its access policies. SSL encryption might not be a bad idea either as shared aggregation spaces might not store content requested over HTTPS. It would place extra load on the server as each request requires extra processing, but if the alternative is placing your customer's data in the Yahoo! search index then that's not such a bad thing.

I believe large publishers such as Salesforce.com or eBay would produce more feed content if they knew their customers' data was kept private and secure. There's a definite demand for more content transmitted over feed syndication formats but it will take the cooperation and collaboration of security formats and consistent aggregation practices to really move the needle in the right direction.

How to properly support private and authenticated feeds is a big problem which Niall highlights but fails to go into much detail on why it is hard. The main problem is that the sites providing the feed have to be sure that the application consuming the feed is secure. At the end of the day, can Bank of America trust that RSS Bandit or Bloglines is doing a good job of adequately protecting the feed from spyware or malicious hackers?

More importantly, even if they certify these applications in some way how can they verify that the applications are the ones accessing the feed? Niall mentions white listing user agents but those are trivial to spoof. With Web-based readers, one can whitelist their IP range but there isn't a good way to verify that the desktop application accessing your web server is really who the user agent string says it is.

This seems to be yet another example of where Web-based software trumps desktop software.

 

Via Shelley Powers, I stumbled on a post entitled The Future of White Boy clubs which has the following graphic

Lack of intellectual diversity is one of the reasons I decided to stop attending technology conferences about 'Web 2.0'. I attended the Web 2.0 conference last year and the last two ETechs. After the last ETech, I realized I was seeing the same faces and hearing the same things over and over again. More importantly, I noticed that the demographics of the speaker lists for these conferences don't match the software industry as a whole let alone the users who we are supposed to be building the software for.

There were lots of little bits of ignorance by the speakers and audience which added up in a way that rubbed me wrong. For example, at last year's Web 2.0 conference a lot of people were ignorant of Skype except as 'that startup that got a bunch of money from eBay'. Given that there are a significant amount of foreigners in the U.S. software industry who use Skype to keep in touch with folks back home, it was surprising to see so much ignorance about it at a supposedly leading edge technology conference. The same thing goes for how suprised people were by how teenagers used the Web and computers, then again the demographics of these conferences are skewed towards a younger crowd. There are just as many women using social software such as photo sharing, instant messaging, social networking, etc as men yet you rarely see their perspectives presented at any of these conferences. 

When I think of diversity, I expect diversity of perspectives. People's perspectives are often shaped by their background and experiences. When you have a conference about an industry which is filled with people of diverse backgrounds building software for people of diverse backgrounds, it is a disservice to have the conversation and perspectives be homogenous. The software industry isn't just young white males in their mid-20s to mid-30s not is that the primary demographic of Web users. However if you look at the speaker lists of the various Web 2.0 conferences that seem to show up on a monthly basis (e.g. Office 2.0, The Future of Web Apps, ).

As a service to future conference organizers, I'm going to provide a handy dandy table to help in diversifying your conference. Next time you want to organize a conference and you realize that you've filled it with a bunch of people who look and think just like you, try replacing the names in the left column of this table with those on the right, at the very least it'll make your speaker list look like that of O'Reilly's Web 2.0 conference which not only has people of diverse ethnic backgrounds and gender, but also people with different professional experiences

Replace	With
Mike Arrington	Om Malik
Ben Trott	Mena Trott
Stewart Butterfield	Caterina Fake
Clay Shirky	Danah Boyd
Fred Wilson	Vinod Khosla

You get the idea. Diversifying your conference speaker list doesn't mean reducing the quality of speakers as many racist and sexist motherfuckers tend to state whenever this comes up. 

PS: I'm interested in talking to folks at startups that are building micro applications like widgets for MySpace, any idea what a good conference to meet such folks would be?