Live Mesh – initial thoughts

Experimenting with the tech preview of Live Mesh was a curious experience – my first reaction was a mixture of “that’s cool!” and “so what?” – the kind of private techie moment where you do something pointless but technically impressive. So I ended up remotely controlling the laptop on my right from the netbook on my left and filmed it and er… blogged it and er…. so what?

Well the “what” isn’t very developed yet, but the thing that really jumps out at you (and the reason I sound a bit, surprised, in the vid) is how easy it is – this is consumer grade technology. Give a 7 year old a Windows Live id and administrative permissions over their equipment and they’d have it meshed in about 10 minutes per device – *that* easy – you just keep clicking “ok” until it works.

So I’ve got my Mesh now – big deal. What can I do with it? Well, I can connect into my work PC from anywhere and sync any files that I have access to on my local desktop to anywhere. As an experiment I logged into my work machine via the Mesh, browsed to a network location that contains the most confidential files I have access to (network config stuff) and tried to sync it – no go: the server they’re hosted on isn’t part of my Mesh. So I copied the folder down to my desktop (Mesh has allowed me to log-on authenticated to the domain) – right clicked, and bingo.

Cool – I work remotely, I can never know when I might need this information so I’ll add it to my Mesh, problem solved! Except. I set up the EeePC that’s part of my Mesh in a rush. It’s like my personal machine isn’t it – not connected to the domain, so……. I didn’t set a password on it ;) Boot it up – hit return and you’re in (not now of course, but you get my drift).

In security terms I think of this as “leakage” – there’s no intention to distribute the information outside it’s proper audience, it just ends up in places where it’s no longer protected by the mechanisms that we put in place to keep it restricted – and once it’s “free” of those restrictions you’re just trusting in luck to keep it safe.

Of course this isn’t new – pod slurping – usb keys – staff taking home or printing out confidentially supplied information all produce the same potential for leakage, but it seems to me that Live Mesh raises the bar a bit and challenges what I’ve always thought of as a security principle, which is:

“if remote access becomes trivial, then local access controls become meaningless”

These are initial thoughts because I’m still trying to understand the pragmatic utility of Live Mesh in a Cloud based world. I can see that it’s Groove v2 – but I never “got” Groove. I can see that as a domestic technology it will make it easy for people with Windows Live ID’s to share files in “private” (but why wouldn’t you just put your pictures on flickr?) and I can see people having fun with remote access “just because they can” but apart from that?

Bottom line is that I think it’s toxic to Microsoft’s enterprise security model – if there is anything that is going to convince you that storing precious information in a stand alone file format that can be copied willy-nilly around the globe is a bad idea, it ought to be this. Put your *secrets* in a safe place – and that safe place is the Cloud, not the Mesh.


lingro – marvellous translation/learning service

There are tons of translation services out there but Lingro, I think, is a little slice of genius. You paste a url into it’s search bar – as below:

Lingro search bar

It then opens the page with all the text (including the hyperlinks) clickable for translation – so if there’s a word you don’t recognise – click on it and you get a pop-up (quickly too) with a translation into the language you’ve chosen, and an audio snippet of the word in it’s native tongue. This is what it looks like:

Lingro pop-up

The little slice of genius comes because it remembers what words you’ve clicked on – so as you work through a document/page it’s automatically building a wordlist of the words you didn’t know. You can review them in that browser session without having to sign up – and you can sign up in 20 secs without even giving an email address. Once you’ve signed up you can save your wordlists – organise them into groups and test yourself with a flash-card game. You get a quick flash of the full definitions – then you can test yourself with cards that flip between word and definition.

Lingro flash cards

A single Lingro flash-card

It’s only available for English, Spanish, French, German, Italian and Polish at the moment (though they are adding languages) and it was a bit wobbly on a couple of sites I tried it with (mainly because they had a very cluttered structure), but all in all I’d say it’s just about a perfect Web2.0 service – light-touch, does one thing well, doesn’t make you jump through hoops: and you can upload txt, docs or pdf’s to it if you want help with something not on the web. Bravo Lingro!

Africa’s Web 2.0 Sites

Excellent clickable photo of Web2.0 start-ups based in Africa put up by a group Blog called Black Looks – highly recommended. As is the way when something like this gets widely blogged some of the sites may have been knocked off-line by the attention, but I’d expect them to be back up again by Monday :)

Logomap of African Web2.0 startups

(picture will open in Flickr – where it *is* clickable)

via Read/WriteWeb

Zamzar – file conversion

Zamzar is an online service that converts a humongous number of different file formats – it’s worth trying out if someone sends you an attachment that you can’t open – or you need to convert between different office/av/audio/multimedia formats.

The caveat is that it shouldn’t be used to convert confidential files/documents, as the converted file is left on their servers on a publicly accessible page for a day (it’d be pretty unlikely that anyone would find it, but still.)