In this issue:

• New IT Conversations (Sound Advice)
  • Craig Newmark: Craig's List
  • Steve Webster: The CAN-SPAM Act
  • More Transcripts! (Now you can read IT Conversations)
  • The IT Conversations Studio
• Everything Else
• David Chappell: Kill the OSI Model
• Taran Rampersad: Reaction
• Novell: Linux Indemnification Program
• Subscription and Contact Info

Craig Newmark: Craig's List. In 1995, he was sending his friends in San Francisco e-mail messages with lists of local events. With his friends' encouragement, this became Craig's List, which has now expanded to Boston, Seattle, New York and 19 other regions. Nine years later, Craig's List now gets 500 million page views and 4 million unique visitors every month. The staff numbers 14, and the site runs on about 30 Linux boxes. Craig says his success is based on "a culture of trust." When I asked about his business model, he just laughed.

A self-described nerd, Craig has become somewhat of an international celebrity. He has been asked by San Francisco mayor-elect Gavin Newsom to join the mayor's transition team. "In San Francisco City, people have given up because they seem to feel that their leadership has told them that it doesn't matter if they're doing a good job. It doesn't matter that much if they get things done." Craig's mission -- should he decide to accept it -- is to recommend how the use of computer systems and the Internet can better serve the public. "So far, it looks pretty good," he says.

And coming soon to a theatre near you -- no kidding -- "24 Hours on Craig's List." That's right -- the movie! Look for it to premiere at South by Southwest or the San Francisco International Film Festival. [A new IT Conversation. Streaming and downloadable MP3s and a transcript are available]
Posted Monday, January 05, 2004 10:14:09 PM

Steve Webster: The CAN-SPAM ACT. At the last minute, the U.S. federal government pre-empted stronger state legislation by passing the CAN-SPAM Act. It may not put a dent in spam, but it will place new requirements on every email message sent by companies, even those from individual employees. It's not just about bulk email.

Email guru Steve Webster of iPost explains your obligations under this new law, effective January 1, 2004, and your options available for compliance. (Hint: You may need to run all your company's outbound email through a company-wide opt-out filter.)

The new act creates significant liabilities for companies, but will it stop spam? Steve says no. Unlike junk faxes, he explains why legislation isn't the complete answer for unsolicited email. Although laws like CAN-SPAM solve part of the problem, the ultimate solution, he says, will require a change to the underlying email protocols, including broad adoption of digital-authentication technologies.

"Ten years from now, we can't have spam because e-mail with wither and die," Steve says. Listen in to find out what individuals and companies can and should do, and the roles of ISPs in eliminating spam and finding and prosecuting those who send it. [A new IT Conversation. Streaming and downloadable MP3s and a transcript are available]
Posted Tuesday, December 30, 2003 8:20:39 AM

More Transcripts! We're continuing to work our way through the backlog of interviews in our archives. Here are the transcripts we've added since the last newsletter:

• Phil Becker - Digital ID World
• John Hagel - IT Strategies
• Paul Bausch - Amazon Hacks
• Anne Thomas Manes - Web Services and Open Source
• John McDowall - Design Web Services
• Eric Newcomer - Transactions

The IT Conversations Studio

We're often asked about our recording setup. Since we produced our first IT Conversation in June 2003, we've continuously upgraded our equipment and processes, and if you listen to our shows in chronological order, you'll have no trouble hearing the differences.

The photo shows part of our studio. For highest quality, and because we're four miles from the telephone company's central office, our studio telephone lines (since 9/16/03) are digital ISDN and are connected to a Telos-ONE digital hybrid through an Adtran Express 3000 terminal adapter. The caller and studio audio (from Electro-Voice RE20 dynamic microphones, as of this month) pass through a Behringer UB802 mixer and a Behringer Pro-XL MD2600 noise gate, compressor, limiter, and de-esser. As of this month, we've been recording digitally on a PC at 24 bits and 96kHz through an Echo MiaMIDI interface. We also record a backup direct to audio CD using the Marantz CDR300 shown above.

For post production we normalize the tracks using Sony SoundForge 7.0 and clean them up with Sonic Foundry Noise Reduction. We then resample down to 44.1kHz and 16 bits, then edit, EQ, and mixdown with Flavio Antonioli's n-Track Studio. Finally, we take our 44.1/16 files back to SoundForge where we use Wave Hammer and other tools to master for compressed 16-bit, and convert to MP3 format using the Fraunhofer IIS encoder. Of course, after listening to IT Conversations squeezed into 32kbps/22,050Hz MP3s (to keep filesizes small), you probably wonder if it's worth all this trouble. Well, it really does help, but it's too bad you can't hear our beautiful originals!

In the field we sometimes record on a Sony MZ-N10 MiniDisc recorder (shown on the right side of the photo) fed by Audio-Technica ATR35s lavalier microphones.

The web site runs on a Linux server with Apache and mySQL. Server-side scripting is done in PHP, and we use the Smarty template package with home-brew caching and content-management software. MP3 streaming is done using a SHOUTcast server.

David Chappell: Kill the OSI Model. "Everybody uses the seven-layer model -- but it's time to stop. We need to kill this beast." David suggests a 4-layer model consisting of (top down): Application, Transport, Network, Subnetwork.

I won't try to defend ISO's OSI model as-is, but I think David's model oversimplifies some important discrete technologies, some of them related to hardware. (Remember, we still need hardware!) The OSI model's Physical Layer describes the cables, connectors, and electrical signals. The Data-Link Layer typically describes "frames" such as those of Ethernet or ATM which are built upon the physical-layer electronics. I don't know of any important network technolgoy that doesn't have a frame structure. This is where, for example, we get MAC-level addressing and CRCs in Ethernet. The OSI Network Layer adds end-to-end datagram (i.e. connection-less) communications through a routing infrastructure. This is where the Internet Protocol (IP) and IP addresses are introduced. The TCP part of TCP/IP, which supports connections, sits atop this in the Transport Layer. If you're an engineer working at the Physical or Data Link layer you certainly care about the distinction, so I can't support David's desire to combine OSI's lowest two layers.

To some extent, the upper-layer problems David describes are due to the fact that some of the OSI terminology has been co-opted in the same way as the term "hacker" has been redefined by those who have entered IT since...well, since it became known as IT. For example, HTTP is the HyperText Transfer Protocol, but it's generally referred to as a transport protocol. Well that's a problem now, isn't it, since HTTP typically sits atop TCP, which is also a transport protocol. To make matters worse, TCP supports a form of state management: a connection. Yet the higher-level HTTP doesn't make use of TCP's connection IDs, so it is itself a stateless protocol. Just think of all the effort we go to to re-create the state management which could just as easily have been inherited from TCP by HTTP. We've got to use cookies, session IDs in URLs, etc. It could have been a whole lot easier--the Web could have used TCP connections as sessions, just as FTP and other protocols do.

So I agree with David in part: The OSI model doesn't accurately reflect the way our communications systems are build. But OTOH, I don't think his short-stack version represents it any more accurately. (BTW, I, too, used to teach the OSI model, but unlike David, I think it was a huge improvement as a way for humans to describe, specify, and build networks. I still find it very helpful in explaining the segregation of protocol responsibilities, even if the definitions aren't consistent across all protocols.)
Posted Tuesday, January 13, 2004 12:19:43 AM

Taran Rampersad Reacts. Regarding confusion between HTTP and TCP, Taran wrote, "Dead on. It's one of the most confusing parts of the Microcomputer Networking class for students, and it's probably one of the hardest parts to teach these days because it just doesn't map well.

"What's the answer? Well, for starters, it would be good if there was a model that explained how things ACTUALLY work. Then Revision the OSI model to that. It sounds simple, but it ain't."
Posted Thursday, January 15, 2004 5:42:58 AM

Novell: Linux Indemnification Program. Following H-P's lead, "Indemnification is offered for copyright infringement claims made by third parties against registered Novell customers who obtain SUSE LINUX Enterprise Server 8 and who after January 12, 2004, obtain upgrade protection and a qualifying technical support contract from Novell or a participating Novell or SUSE LINUX channel partner."
Posted Tuesday, January 13, 2004 6:40:11 AM

Loosely Coupled--Now Available as a PDF (at a 63% Discount)

Entire book: US$14.95 Major parts (4 total): US$5.95 each Individual chapters (21 total): US$1.95 each

As an alternative to the hardcopy edition, you can now download my latest book in PDF format at a substantial discount using PayPal or BitPass. From the time you purchase the eBook version, you have 7 days during which you can download the content up to 10 times. The PDF files can be printed, but the text cannot be copied or modified.

Amazon.com Review of the Week: