If *I* Was Amazon

There has been a lot of requests from one or two people for "parental controls" on the Kindle e-reader, and even more for controls on the Kindle Fire. The problem is that different people have different concerns: for some, it's avoiding accidental (or unauthorized) purchases of any kind, for others it's blocking access to erotica or other genres and still others are have more general concerns about all kinds of content available to the device's web browser.

A common suggestion for dealing with unauthorized purchases is the application of yet another password for authorization in a pre-purchase state. I see two problems with this: first, Amazon's business model revolves around making purchases easy - they even have a patent on one-click purchasing, so there are clear commercial arguments against it. Secondly, the questions on the Amazon Kindle customer forum indicate that people often forget passwords and get confused over which password to use when (a point I've already addressed in the context of wi-fi configuration).

Blocking access to the Kindle Store on a per-genre basis is also fraught with problems. First is the fact that, in order to increase their visibility to potential purchasers, publishers will list their books in as many genres as possible. It's entirely likely that, in the face of widespread filtering, erotica publishers would move many of their titles - especially free samples - into "romance" or similar genre classifications. In response, users might start to block multiple genres and before long, we'll have an unwieldy interface and more load placed on Amazon's servers (and slower response times, too).

If I was Amazon (and I'm not, but I do have some insights, since I teach a course on e-commerce technologies) my top priority would be allowing multiple sub-accounts. A sub-account would represent one person and their reading devices, while the master account would be used for billing and administrative purposes (adding/deleting sub-accounts, authorizing/disabling purchasing by sub-accounts, etc.). This would not require any modification to the Kindle firmware - all the development would be at the server end - but it's non-trivial.

The number one goal for this would be to attract education and corporate accounts, e.g. teacher/librarian could purchase books and then distribute to students' Kindles, etc. As a revenue-generating enhancement to Amazon's product offerings, this is far more likely to get done.

Now, this would require negotiation with the publishers as it would break the current model where one account = one reader = one sale. It would open the possibility of a new bulk-purchasing or -renting model for institutional accounts, with corresponding pricing. However, for small group use - e.g. sharing within the family - it's not a huge extension to the notion that a single book can be on six devices; it just means the six devices could be six different people within one family. Nonetheless, it does have legal/marketing ramifications which would require a) rewriting of existing T&C/licenses, and b) a small leap of faith on the part of publishers.

After these enhancements have been introduced, Amazon would have a flexible platform which would meet many of the needs of concerned parents, who could then selectively purchase books for their children's sub-accounts. It would also meet the needs of couples who often want to share their books and have long done so with paper books.

However, I don't see any kind of "rating"-based or genre classification-based parental controls system as being practicable, at least with current technology.

More Detail

 The way I see it, you would allocate devices to accounts - just like we do now - but with the definite understanding that an account represents a person (after all, that person can log in with their email address and password to manage their account, within the limits set). Then we'd allocate the accounts to the "master" account, which is also associated with a payment device (i.e. credit card).

Then the master account could do things like creating collections and granting the sub-accounts access to each collection, enabling sub-accounts to buy or not, etc. Creating collections would be more versatile and easier than allocating individual books to sub-accounts, although I think that should be possible, too. The archive for each sub-account/person would contain just those books in those collections to which they've been granted access.

Here is what we software architects call a use case, in a parental controls context: Mom creates the master account, adds credit card information and then creates sub-accounts for Alice, Bob and Carol. Since these are sub-accounts and have no credit card, they have purchasing disabled by default. Then she creates a "YA" collection and buys a few carefully-selected books which she puts in there, and then grants A,B, and C access to the "YA" collection. They can choose to download those if they want, and they probably will. Carol is 18, mature and trustworthy, and so Mom might grant Carol the right to buy books and add them to the YA collection, too, using the master account credit card (Mom always gets the "Your Amazon.com purchase" email so she knows what's going on").

It would be beneficial if Mom didn't have to create the sub-accounts, but could simply nominate an existing account as a sub-account. This would make upgrades easier, particularly since some families (like ours) already have separate accounts for each person. In this case, the linked "child" account could perhaps have an option to retain ownership of its own books, or to transfer some or all of them to the "parent" account. By doing this, I could create a "family" account, then my better half and I could link our accounts under it, transfer those Peter Robinson "Inspector Banks" novels we've independently bought to the "family" account, and share like we did with all the paperbacks for many years. (I defy any publisher to tell me this would be an unreasonable thing to be able to do!)

And of course, Mom and Dad's "Adult Fiction" collection would be off-limits to the kids - only Carol has even thought what that might be and doesn't *ever* want to conjure up *those* images again. (I'd name that collection "Parenting Manuals" anyway.) Visibility of collections to which access is not granted is an open issue - if Alice and Bob want to know why they can't have access to the "Adult Fiction" collection, Mom (or Dad) should have an explanation necessary. I rather like that. If the kids are studying "Human Reproduction" at school and want a book about it, then Mom (or Dad, but I bet it's Mom) will have to be involved in selecting an appropriate book and putting it in the correct collection.

I would would allow a "master account" to configure the one-click purchase option on the device/sub-account to operate in one of three ways:

• buy (in other words, the current operation)
• do nothing (one-click purchasing disabled, for use in schools and institutions)
• add product to a wish-list

Now everyone wins. Parents could disable one-click buying altogether - the kid either doesn't get the option or can click uselessly on the button. Or they can let little Bob and Carol click to let Mom & Dad know they really want something - Mom can review and approve (i.e. "gift") the purchase, or use the wish-list to choose birthday and Christmas presents. Amazon is happy because kids can use the wish-list to exert "pester power", increasing Amazon's sales. And the existing status quo is maintained for master accounts or perhaps disabled by default on sub-accounts.

Amazon already has the code to add things to wish-lists with a single click - their internal systems are based on what IT people call a "service-oriented architecture" anyway, so this wouldn't be too expensive to set up. Way better than the "stick a password on it" approach. 

For the classroom, the collections idea could be used to group all the books to be used by a particular class, or to group all the books suitable for a particular age group, or related to a particular topic, etc. An obvious related convenience would be the ability to create "classes", i.e. groups of sub-accounts, so that all the kids in 3B could be referred to as "3B" and then "3B" is granted access to collection "3B" plus collection "Plants & Animals" and so on.

Obviously, the sub-accounts in a school would not be able to buy books, but they could certainly download the books from the archive collections to which they have been granted access. The teacher or school librarian would have buying authority for the master account.

This would make Kindle use in the classroom significantly more attractive to schools. At the moment, a few brave teachers are literally collecting all the Kindles, taking them home, and then one-by-one turning on wi-fi, downloading the right books, turning off wi-fi and then taking the Kindles back to school the following day - an onerous task that I'd consider above and beyond the call of duty. With the scheme I'm outlining, the Kindles could remain in the school, with all management being done via the web interface for the master account. The kids themselves would connect via wi-fi and download the books they need.

By the way, I've used the term "sub-account" but really this is just the existing Amazon account, with some extensions. What I'm describing is two things, from a technical perspective - the establishment of a parent-child relationship between the existing Amazon account structures, plus the addition of some access control functionality, with the ability of the "parent" account to set the access controls or permissions for the child account. Accounts could even have many-to-many parent-child relationships - for example, an individual's account might be a child of a "Family" account for household sharing, but also a child of a "Book Club" account which allows the members to share access to a book they're reading and discussing. In essence, this is a generalized architecture to manage sharing of digital content with controls to meet the needs of both publisher and customer, in a variety of situations.

Licensing

Which raises the issue of licensing. For family use, I could make a pretty convincing argument that it would simply legitimize and make manageable what people have been doing for years by putting multiple Kindles on one account and sharing books under the "six devices" rule, and hence would have minimal impact on publishers' revenues, while creating goodwill. In some jurisdictions, such as Australia, copyright law already recognizes the right to make copies of some digital content for personal use within the household. However, I can't see any way of getting this done without publisher involvement - remember, we customers don't buy ebooks, we buy a licence to read them and the current license does not provide for what I'm describing. And the same mechanism should apply to all other forms of digital content - I've been describing this in terms of books, but it can and should apply to movies, music and apps.

Licensing should ideally be handled on a per-device basis, like now, with the notion of a "site license" as currently used for software. A family could probably be accommodated within the existing "six-device" limitation we have today - a large family might have 8 sub-accounts, but 6 of those are the kids, and so there wouldn't be more than 6 copies of the "YA" collection books in use at one time (after Mom has returned her copy to the archive). Effectively, the publisher really has to agree to the terms of the licence and set a realistic price - from that point on the technicalities of enforcing the licence is all down to Amazon, so the publishers needn't get involved.

Obviously, a "site license" for a school would require enough simultaneous device-copies to accommodate an entire classroom plus teachers, etc. although not all copies of all books need be in use at any one time. Amazon already has a book lending mechanism which can be used to remove books from a Kindle after the loan period has expired, and this could be used within an institutional environment to provide library-style functionality, with a certain number of books "loaned out" at any one time and automatic "recall" if a new borrower requires a book after the loan period has expired.

If I Was a Publisher

If publishers don't get to grip with these kinds of requirements, they're going to starve. I believe specialist textbooks publishers can already do it, although I don't know what their terms are. Ultimately, though, the economics of market forces are going to to corral the publishers into the right direction, because if the publishers don't respond, this will create an opportunity for new agents and publishers to move in and provide representation and marketing services to existing trad-pubbed authors, in part by getting to grips with these challenges and opportunities. Competition will then force the remaining traditional publishers to break ranks and - there's no better way to say it - get real.

If the publishers fear the market dominance of Amazon, then they should seize the initiative in doing what I described above: offer innovative licenses which allow sharing and within-account lending, whether for institutions (big $$$), families (smaller $$$) or whatever. And then let online retailers - whether new entrants or established players like B&N, Amazon, etc. - compete to provide the best implementation, service and functionality within the terms of those licenses.

More on the Kindle for Academia

In recent weeks, the Kindle world has been focused on the new devices Amazon has announced - the Kindle Touch and Touch 3G, the low-end Kindle 4 and the new Kindle Fire "fondleslab" (to borrow The Reg's neologism for tablets). However, Amazon has quietly been beavering away, working on what I believe is its core strength - the server end of the e-reader ecosystem.

A few evenings ago, I wanted to look up the title of a book I'd read, and rather than do it on the Kindle itself, since I was sitting in front of my computer composing an email, I thought I would do it by logging in to the web back end: https://kindle.amazon.com/ , which contains the list of books in what Amazon now refers to as your "Library", rather than "The Archive". This change makes sense - the Archive is all the books you've bought from Amazon which are not on the Kindle, but rather warehoused at Amazon, while "The Library" is all the books you've bought, regardless of where they happen to be.

There are some interesting features on the Kindle site, like the "Daily Review":

Daily Review is a tool to help you review and remember the most significant ideas from your books. It shows you flashcards with either your highlights and notes or the Popular Highlights from one of your books.
Only books that you have marked as "read" are eligible for review, and Daily Review will take you through all of your read books, one per day. 

I don't have enough finished books with highlights to make this particularly interesting - at the moment it's just reminding me of some fairly obvious facts from a Java Pocket Guide - but the potential is there as a pre-exam review tool. It's a fairly simple flash-card style tool, but the fact that the cards are built automatically from your book highlights means it's painless to set up.

Figure 1 - The "Your Highlights" page, showing "Read more at ..." links

But what really caught my eye was the "Your Highlights" page, which lists highlights and notes - and more particularly the link under each highlighted section of text - it uses a "kindle:" protocol in the URL, like this: "kindle://book?action=open&asin=B0035IID08&location=2129". Unfortunately, when I first tried this (with K4PC Version 1.7.1), it didn't work. Clicking on a link leads to the dialog shown below, directing me to Customer Service - who weren't much help. Version 1.8.3 wasn't much better.

Figure 2 - The "Unable to Open Item" dialog.

However, I just (March 30th, 2012) got version 1.9.2 (38420), and the feature now works. This is rather neat; it means that students can now use an online interactive database of notes which automatically link to the book.

Link URL's typically look like this:

kindle://book?action=open&asin=B006ORT3KG&location=951

In this case, the ASIN is for the Kindle edition of Schneier, B. (2012). Liars and Outliers: Enabling the Trust that Society Needs to Thrive (1st ed.). Wiley. (I just dragged that citation straight from Zotero), while the location argument points to a quote about non-kin cooperation. Without the location argument, the book opens to the previous location.

This is rather neat; it opens the possibility of new browser-based applications which can link directly to your Kindle library on the PC.

Once the Kindle app has registered itself in Windows as the URL handler for the kindle: protocol, it can be used from within other applications as well. I've tested it with EverNote, and it works just fine. I've also tested it in the URL field of the Zotero bibliographic database, and it works fine there, although that's not what the field is really intended for. However, although Zotero's note editor supports links, it currently provides no way of following them. Hopefully, that situation will change.

With its https://kindle.amazon.com/ site, Amazon has the beginnings of something much more useful for academic Kindle users, but the kindle: protocol provides intriguing possibilities for hacking on various applications which will make the Kindle app (and the Kindle) much more useful.

Oh - one other nice little "easter egg" - but this one doesn't involve the server end of the equation: if you highlight some text in the Kindle for PC application, you can now copy and paste it, complete with a citation. And best of all, in version 9, this feature finally works for international users!

The Solution to Management Jargon

The older I get, the more I value - in fact, treasure - clear and precise communication. Some (not all) jargon terms like "solution" and "space" are sure-fire indicators of vagueness in both speech and thinking (or even no
thinking at all).

"Solution" is a particularly egregious example; the speaker (particularly if a sales-type) should really say "product". This ignores the fact that a product is almost never a complete solution to a business problem and that changes to processes, policies and training will also be required. This is a recurring theme in the information security business, so we should all know it, though actually walking the talk turns out to be difficult in practice. Perhaps sticking a quote from Bruce Schneier on the wall will help: "Security is a process, not a product".

Of course, the sales-type is appealing to the prospect's desire for an easy fix to a problem, and so the choice of the word is semi-deliberate. And perhaps there once was something to the notion that vendors should attempt to fit their products to customer problems, but that is a custom more honoured in the breach; I don't recall ever hearing a salesperson say, "Actually, our product isn't an exact solution to your problem. Perhaps you should talk to [name of competitor]".

"The chief cause of problems is solutions"
  --- Eric Sevareid, 1970

Very true, and some of my best consulting assignments have not been fixing up problems, they quite literally have been fixing up "solutions".

In the vast majority of cases, a product may be a component of a solution, or it may be a tool used in the creation of a solution. But it's not a solution in and of itself. In fact, the use of the term is symptomatic of pandering to over-inflated user expectations, and we all know what that leads to.

I strongly recommend that people who use the word "solution" try to get by without it for a while and see how much their critical thinking skills improve. It very often represents abstraction to the point of having lost all semantic content, and can easily be replaced by the word "product", "thing" or "sales opportunity". Or even "over-priced and bug-ridden pile of junk that is going to create even more work".

Jargon - whether technical or management-related - tends to aggregate, encapsulate and hide lots of assumptions for convenience. That's why it's used. And I know from experience that teasing out those hidden assumptions can be extremely rewarding, whether it's being done for risk analysis or product evaluation. Sometimes, it's true, we use jargon as a marker of group membership - to sound like a consultant or technical expert. Many of us are quite capable of playing that game in order to gain initial acceptance by clients & colleagues, but can take it one step further - when we steer the conversation into a deeper level in order to get beneath the veneer of jargon, and find that our interlocutor is still spouting buzzwords and acronyms, then we know to be on our guard. The probability of problems down the track due to hidden assumptions is quite high.

Words like "solution" do to your brain what fast food does to your body.

Just like that Big Mac, jargon phrases have had a lot of processing before they get to you, and contain lots of hidden connotations that aren't always good for you.

The problem is endemic, and has spread to small businesses, presumably because they want to sound like big businesses. My wife recently told me about a small store a couple of suburbs over from us that sells equipment for people who mess about on boats - what used to be called a "ship's chandler" - but now describe themselves as suppliers of "boating solutions". Barf. Pittwater, just north of Sydney, is something of a boating paradise and opportunity for lots of pleasure, not problems that require solutions.

The word "solution" should be taken round the back, late at night, and shot in the head, then rolled up in old carpet and dumped by a deserted highway where the hyenas can dispose of the remains. It is a lazy and unproductive little toe-rag that over-promises and under-delivers, contributes nothing to society and can usually be seen loitering around the scene while mortgage financiers, bank CEO's, consultants, salesmen and other ne'er-do-wells abscond with misappropriated cash from idiots who believe that they can buy stuff that will do their jobs for them.

The Infamous "Packet Scheduler Miniport" Problems

Like many people, I've had the problem with the "Packet Scheduler Miniport" appearing in the Device Manager with a yellow exclamation mark against it. Even worse, the Lenovo ThinkVantage Toolbox on my laptop picked up on this and put a similar exclamation mark on its icon in the taskbar - a constant reminder that all was not right with the system.

Googling for this turned up various suggestions - none of which worked, although it appears that a lot of people have had problems with this. But I eventually got it sorted out. Here's the deal:

This particular driver is used by the "QoS Packet Scheduler" in the TCP/IP stack, which reserves some bandwidth for any applications that require priority quality of service. The general fix is to open the properties for any network connection and then select this service and uninstall it. This should remove the driver, although it might be necessary to "Scan for hardware changes" in the Device Manager to get the display to update.

Problem is, that wouldn't work for me. However, opening up the properties for this driver revealed a curious fact: the version number shown for the driver was 5.1.2535.0 (same as for many other Microsoft-supplied basic drivers like CD-ROM, etc.) while the version shown for the psched.sys driver file was 5.1.2600.5512.

So, off to regedit to search through the registry for the string "2535". It appears many times, mostly on other drivers, but wherever it appeared as a DriverVersion string for PSCHED entries, I changed it to the file version number of 5.1.2600.5512. Just to be prudent, I then rebooted - I'd wasted so much time on this problem already that a reboot was a small price to pay, then went in to my network connections and uninstalled the "QoS Packet Scheduler", and immediately, in the background, the yellow-asterisked Miniport entry disappeared from the Device Manager.

Reinstalling the "QoS Packet Scheduler" service hasn't caused any problems, either - the Miniport doesn't appear in the regular Device Manager display, but shows up with the other miniports when "View -> Show hidden devices" is selected. This is because those miniports don't normally appear unless they are malfunctioning.

So now you know - the problem is entirely down to the driver version number in the registry not matching the version number in the driver file. Make them agree, and all will be well with the world. I suspect the problem is that XP SP3 updated the driver file, but did not correctly update the registry DriverVersion entries.

I hope this helps others who have had this error niggling at them.

Wi-Fi and the Kindle

A lot of people are running into trouble getting their Kindle to connect to wi-fi networks - generally problems with "passwords". In many cases, it's confusion over exactly what password is required. Let's look at typical home wireless networks first:

Home Wireless Networks

Most people set up their home network using one of two different types of device;. They might have a wi-fi access point like the NetGear WG602, particularly if they already have some other devices to provide their Internet connection. Or they might have a wireless router, like the NetGear DG834G, which combines the wireless access point with a router (and perhaps also an ADSL or cable modem), all in the one box. Now, to the "passwords":

A home network wi-fi access point has two (2) different "passwords"; a wireless router has three (3). These are:

1) the administration password
2) the wireless network encryption key
3) the login name and password to authenticate to your ISP

Taking each of these in turn:

1) Admin password. This lets you log in to the access point or router through a browser interface and administer it (change settings, etc.) When you log in to the device, you will see something like the screenshot below. Your Kindle and other network devices do not need to know this password.


Fig 1. The login prompt for a NetGear WG602 wireless access point

2) Wireless encryption key. This is used to encrypt the wireless traffic so that bad guys can't sniff it and see what you're doing, or join your network and use your Internet connection to download pr0n, leaving you with explaining to do when the Feds come knocking. The key is really a long binary number, but because humans aren't very good at choosing - let alone remembering - long binary numbers, wireless devices also have an option that will turn a passphrase (not necessarily word) into the key. All devices that connect to the wireless network have to use the same key or passphrase, including any Kindles.

This passphrase is set when you configure the wireless side of your router, as shown here. Other things you should note are your network name or SSID, and the type of encryption in use - I recommend WPA2 with Pre-Shared Key (WPA2-PSK) as WEP and WPA are easily crackable.


Fig 2. Wireless settings on a NetGear DG834G wireless ADSL router.

For WPA2, the key is 256 bits long, and some routers will let you directly enter it as a string of 64 hexadecimal digits (that is, the digits 0-9 and a-f [upper or lower case]). However, you can enter a passphrase of up to 63 characters, and the router's logic will combine that with your network name (technically known as the SSID) in order to generate the 256-bit key. Because the SSID is also used in this process, it's a good idea to choose an unusual SSID (not the default, for sure) and then a passphrase of as few as 16 characters will keep you adequately secure.

Keeping the passphrase short is a good idea when you have to enter it into devices like the Kindle, where the keyboard isn't the greatest or there's no keyboard at all. Entering the 64-hex-digit key directly probably isn't a great idea, because not all devices can support that - it's best to stick with the passphrase technique.

But remember: it's still generating an encryption key, and it's best to keep calling it that to distinguish it from the other passwords involved.

[For the technically-minded, the way the router generates the key is using an algorithm called PBKDF2 (Password Based Key Derivation Function 2), which applies the keyed HMAC-SHA1 function 4096 times over, using the SSID as salt, which makes rainbow tables attacks infeasible].

If you didn't set up your encryption key (good grief, why not? It's your network!) then you might find the default value on a label attached to the bottom of the device. But it's good practice to come up with your own passphrase/key.

3) Routers also have a username and password which authenticates the router to your Internet service provider via your cable or ADSL connection. No other devices need to know this information.

So there you have it. Make sure all these bits of information are written down somewhere and stuck in the book where you record all your important computer information. And, notice, the Kindle only needs item 2), the WEP/WPA/WPA2 encryption key, which you will usually enter in the form of a passphrase (though I still insist on calling it a key. Because that's what it is).

To set up the Kindle, press "Home", "Menu" and then select "Settings". The Kindle may ask if it's OK to turn wireless on - click "OK". A list of visible wi-fi networks will appear, and you should see your own, with the SSID that you set up on your access point or router. Select it and you will be prompted to enter the WPA2 passphrase discussed above. Your Kindle should now connect.

Your network might not appear because it is set to not broadcast its SSID (a weak security measure). If that's the case, then use "enter other Wi-Fi network" to enter its SSID and password. Generally, the Kindle will detect the type of encryption being used, but you can also click on the "advanced" button and set that manually.

Public Networks

Many coffee shops, libraries and other public spaces now offer free wi-fi to customers. Generally, the Kindle will connect automatically - just use "Home", "Menu", Settings", "Wi-Fi Settings" and look for the network by name.

Sometimes such networks require you to indicate acceptance of their terms and conditions, and they do this by getting you to click on a button on a web page. Until you do this, the wi-fi connection will not work. In some cases, the Kindle detects this and will pop up a little message that asks you if you want to use the browser to connect to the network - you should do this and read the resulting page, then navigate to and click on the button.

Company networks, university wi-fi networks and others may also require you to have an account and log in, via user name, student ID and password. Again, the Kindle usually detects this and will offer to start the browser. It attempts to load the Amazon home page, but this will be redirected to the enterprise network authentication page, and you will need to navigate to the right fields and enter your credentials in order to log in. Once this has been done, the browser then usually proceeds to load the Amazon page; at this point, you can either continue web surfing or press "Home" and proceed to sync, download books or whatever you need to do.

The important point is that for some, semi-private, networks you cannot sync and cannot download books, periodicals, etc. until you have authenticated through the browser. So if the Kindle is not downloading properly, it's generally a good idea to see what the browser is showing.

Other Problems

Generally, attention to the above points - especially correct setup of a WPA2 key - will get your Kindle connected. However, occasionally it may fail to connect. Here's some general advice:

Disable MAC filtering. It does no good at all from a security perspective, since an attacker can observe which MAC (Media Access Control) addresses are in use on your network and set his device to use one of them, thereby bypassing that particular defense. Really, it does no good and just makes work for you, the network owner.

If you have an older N-type router or access point, make sure that you upgrade to the latest firmware for it. Many manufacturers announced and shipped "N" devices before the IEEE 802.11n standard was ratified, with the intention of fixing any incompatibilities later, with firmware upgrades. Also make sure that it supports both 20 and 40 MHz channel widths - 802.11b/g devices use 20 MHz only, so if the router is set to 40 MHz only, it will not be compatible. So make sure that you've upgraded the firmware. In some cases, I'd guess that a firmware upgrade alone won't do the trick, and the answer might be to disable "N' mode (configure the router to use only 802.11-g and/or 802.11b), or to buy a new router or access point. It might also be worth disabling "N" mode as a test.

Update (13/1/2012): It seems that the Kindle 4 and Kindle Touch use an Atheros AR6103 wi-fi chip. Looking at the "Product Bulletin" for that chip, it appears to implement only a small subset of the IEEE 802.11n standard. There are several new technologies that make 802.11n so much more effective: operation on both 2.4 GHz and 5 GHz bands simultaneously, use of multiple streams simultaneously over multiple MIMO (Multiple Input / Multiple Output) antennas, and the use of 40 MHz channel widths. However the AR6103 only utilises a single stream, and appears to utilise 64 QAM encoding over a single 20 MHz channel only. As a result, it achieves a maximum data rate of 72.2 Mbps only, which is not much improvement over 802.11g's 56 Mbps.

Worse still, it looks like this partial implementation of the 802.11n standard is what is "confusing" many routers and access points, so that the Kindles cannot associate with them. As described above, firmware upgrades, at least enabling b/g compatibility or even disabling "n" operation might be required, as might disabling 40 MHz-only channel widths.

As to what's in the Kindle Fire, I'm still in the dark. It seems to be a Texas Instruments WiLink 6.0 chip, but whether it's a WL1271 (b/g/n only) or the less likely WL1273 (a/b/g/n) is still unknown.

Hopefully, this will help folks get their Kindles connected.

Under the Cover of the Amazon Kindle Collections Feature

The Kindle is a lovely reading device - light, highly legible, convenient. One of its features is its ability to organise books into multiple collections, including the ability to have books in more than one collection. Although the Kindle runs Linux, it can't be using subdirectories and (sym)links for this purpose, so how does it work?

Very simply, actually. The collection data is stored in a text file, in JSON format. It's easy to view, too - here's how (instructions for Windows, but easily adapted for users of other platforms):

Plug your Kindle into your PC via its USB cable. Use "My Computer" to navigate to it - it mounts as F: on my desktop box. The collections are stored in the "system" folder, which is normally hidden - to view it, in Windows Explorer choose "Tools" -> "Folder Options...", then select the "View" tab. In the "Advanced Settings" box, select"Hidden files and folders" / "Show hidden files and folders"as shown below:


Click on OK to close the dialog. You should now see the various folders on the Kindle: "audible", "documents", etc. and "system", slightly fainter to indicate it's normally hidden. Open "system" and you'll see various files one shouldn't normally tinker with, including "collections.json". You can open this file with WordPad to see its contents - be warned, it's pretty ugly, but we can do something about that, as you'll see - by right-clicking, choosing "Open" and selecting "Select the program from a list" and then "WordPad" from the resulting dialog (probably best to uncheck "Always use the selected program to open this kind of file" at this stage.

To make sense of what you see, use an online JSON viewer: http://jsonviewer.stack.hu/ You can select all the text in the WordPad window (Ctrl+A), then copy (Ctrl+C) and paste (Ctrl+V) the text into the JSON viewer's text area. It still looks pretty ugly, but click on the "Format" button at the top and it looks a lot better:



Click on the "Viewer" tab and you'll see a much better representation of your collections. As you can see, each collection has a locale string appended to it, and then there's an array of items, each of which is typically the ASIN number of the book. This is correlated with the ASIN strings in the filenames of the book files themselves, in the "documents" folder.




This structure only allows for one level of collections - no nested subcollections. However, JSON - which stands for JavaScript Object Notations is a very simple format to handle in many programming languages, making it easy to write programs which could read the "collections.json" file, allow you to rearrange it in various ways and then rewrite it. There's not much more one can do with this, unfortunately - the Kindle software would get very upset if you tried to change the JSON structure. But it's not terribly complex, and in the future, Amazon probably could extend it without too much trouble. And the fact they are using an open standard like JSON means that any utilities could be adapted to any future formats without too much trouble.

For more details on JSON, see http://www.json.org/.

Fun with lastb

So, I have a few servers on the Internet, and a couple of them have a /var/log/btmp file (the others don't, so they haven't been collecting this stuff). The btmp file collects bad login info, which can be displayed with the lastb command. Although I rate-limit SSH connections to those machines to 3 per minute before blocking the connecting IP address, they still some of the usual SSH bf bot login attempts, so the file has grown over the last year or so. I wondered what names the Bad Guys thought might get them in. A quick bit of pipelinery (lastb | cut -f1 -d' '|sort|uniq -c|sort -nr|less) later, here's the top 20 or so names on the machines:

Machine 1 (mail gateway and squid proxy):
968 admin
892 sales
863 test
781 staff
596 guest
197 fluffy
194 oracle
188 user
162 info
154 www
137 data
136 web
129 http
128 support
128 jeff
127 mike
126 john
126 install
126 cvs
124 tim
123 steve
117 demo
91 eaguilar

Machine 2 (mail gateway and web server):
355 admin
258 staff
118 sales
103 test
83 guest
54 eaguilar
53 user
47 globus
39 cisco
33 t1na
28 oracle
24 PlcmSpIp
24 lesbell
23 webmaste
23 a
22 alexis
16 mlmb
14 nagios
14 adam
13 lpd
12 raimundo
11 supporte
11 administ

OK, so it's obviously a bad idea to create accounts like admin, staff, test and sales, especially with weak passwords. And there must be a lot of Jeffs, Mikes, Johns and Tims out there.

But "fluffy"? I mean, really, who ever has a Unix account called "fluffy"? And who is this "eaguilar", who rates so highly? Not to mention "PlcmSplp" (and the lower-case variant, "plcmspip"); I guess it must have worked somewhere, once, or it wouldn't be on their list.

Looking at the log generally, it's interesting to see account names like "218-214-" (obviously derived from a reverse DNS lookup on the machine's IP address), not to mention snippets of HTML.