Visitors Items
June 29, 2006

T3 6/29: Avery Lyford on IT Services for SMEs

Talks, Visitors By: ams

We’re looking forward to a roundtable discussion about new opportunities for innovation in delivering IT services to small and medium enterprises. While there are IBMs and Accentures at the high end, did you know that Geek Squad (IT support for consumers) has grown from a tiny Minnesota startup to a billion-dollar-a-year unit of Best Buy within a decade? (Don’t believe me? Check out their very own Wikipedia entry!)

For more examples, see the book Blueprint to a Billion, which analyzed all the companies that made it to $1B in revenue in the last 25 years across all industries and synthesized the common elements. There are some very interesting findings; Avery was deeply involved in researching it.

On another front, discussion may also veer off into the latest developments in identity standards for the Internet (and open source implementations of same). Avery has been working with Mike McKay who was been deeply involved with
issues of identity and security for years as former VP of architecture for
Novell and VP of development for Intertrust.

Avery Lyford was an Entrepreneur-in-Residence at vSpring Capital and now is CEO of DigiSense Inc. Highlights of his career include a stint at Kleiner, Perkins-backed Linuxcare as CEO, and management consulting at McKinsey & Company. He also serves on the Board of Directors of the Churchill Club, a Silicon Valley institution since 1985.

May 11, 2006

T3 5/11: Stefan Groschupf on Extending Nutch

Talks, Visitors By: ams

CommerceNet is glad to welcome a visitor from the Nutch development community, Stefan Groschupf. He’ll be presenting a few slides and leading a discussion at our next Thursday Tech Talk, May 11 at our offices at 169 University Ave. We’re looking forward to hearing his thoughts on approaches to indexing microformats, too…

Stefan designed and
built his first search engine for a university library in Germany at the age of 19. By
21, he founded Media Style, Inc., a computer engineering
company specializing in text-mining, search and e-commerce

Over the past 10 years he has consulted on Internet and
database projects for BMW, Intel, Siemens and Hoffmann La Roche. He
is an active member of the Open Source community working on
distributed file-sharing and map-reduce implementation projects. He has also contributed the plugin
architecture and metadata support to Nutch, the leading open source
search engine.

He is also the founder and lead architect for “weta”, an open source
grid computing project.

Currently Stefan works as Chief Architect for and also
consults for other Silicon Valley startups in the vertical
search engine arena.

April 20, 2006

T3 4/20: Thomas Vander Wal on Folksonomy

Talks, Visitors By: ams

In a last-second coincidence of timing, information architect and Web standards guru Thomas Vander Wal (and, by the by, coiner of the term “folksonomy“) came by to share his latest thoughts on how personal tags can become shared culture. He presented some of the thinking and prototypes behind InfoCloud. Keep a close eye on that startup and his blog on the topic.

March 30, 2006

T3 3/30: The Battle Against Phishing: Dynamic Security Skins

Talks, Visitors By: ams

We are please to host Rachna Dhamija, a security researcher at Harvard and former student of Doug Tygar’s at Berkeley, on an extremely timely topic: novel approaches for helping users secure their own experiences online.


To design systems and interfaces to shield users from fraudulent
websites, it is important to know which attack strategies are
successful and why users are deceived. In this talk, I will present
empirical evidence about phishing attack strategies that are
successful at deceiving general users. We conducted a usability study
in which 22 participants were shown 20 web sites and asked to
determine which ones were fraudulent. The best phishing sites fooled
90% of participants. We found that 23% of the participants did not
look at browser-based cues such as the address bar, status bar and
the security indicators, leading to incorrect choices 40% of the
time. We also found that some visual deception attacks can fool even
the most sophisticated users. These results illustrate that standard
security indicators are not effective for a substantial fraction of
users, and suggest that alternative approaches are needed.

I will present a new scheme, Dynamic Security Skins, that allows a
remote web server to prove its identity in a way that is easy for a
human user to verify and hard for an attacker to spoof. We use two
novel interaction techniques to prevent spoofing. First, we propose a
browser extension that provides a trusted window dedicated to
username and password entry. We use a photographic image to create a
trusted path between the user and this window to prevent spoofing of
the window and of the text entry fields. Second, our scheme allows
the remote server to generate a unique abstract image for each user
and each transaction. This image creates a “skin” that automatically
customizes the browser window or the user interface elements in the
content of a remote web page.

In contrast to other proposals, our scheme places a very low burden
on the user in terms of effort, memory and time. To authenticate
himself, the user has to recognize only one image and remember one
low entropy password, no matter how many servers he wishes to
interact with. To authenticate
content from an authenticated server, the user only needs to perform
one visual matching operation to compare two images. Furthermore, it
a high burden of effort on an attacker to spoof customized security

More information is available at

March 23, 2006

T3 3/23: Justin Erenkrantz

Talks, Visitors By: ams

UC Irvine graduate student (and current Google intern) Justin Erenkrantz will be visiting CommerceNet Labs for our first Thursday Tech Talk in a while. He’s going to discuss his latest work on integrating Subversion with Serf, an advanced HTTP client library. More details at

Justin R. Erenkrantz is currently a PhD student at the University of California, Irvine in the Donald Bren School of Information and Computer
. His research interests are in software engineering – specifically
REST-based software architectures. His advisor is Richard Taylor.

He is also a member of the Apache Software Foundation. He has contributed to the development of
the Apache HTTP Server, Apache Portable Runtime, flood, and Subversion

January 26, 2006

T3 1/26: zLab Visitor Gordon Mohr

Talks, Visitors By: ams

Gordon is an entrepreneur, researcher, and hacker, and we’ve invited
him to CommerceNet Labs for a free-ranging discussion of challenges
he’s encountered working on one of the largest-scale web
projects out there, The Internet Archive, and several prior
startups. A related topic is “How can open-source and
decentralizing technology projects be organized, managed, and
(most importantly) funded?”

  About Gordon Mohr
  My employer, The Internet Archive
  My project, Heritrix Crawler
  My other weblog, @OReillyNet
  My community metadata project (& company), Bitzi

December 8, 2005

T3 12/8: Dan Moniz on web architecture

Events, Talks, Visitors By: ams

Dan Moniz will speak about a novel approach to social networks and online communities, based on composable services and a software stack to support new social applications. Additionally, he will discuss a user-friendly “Web 2.0” model for building compelling and community-driven tools.

November 3, 2005

T3 11/3: TagCamp Wrapup w/Kevin Hughes

Talks, Visitors By: ams

CommerceNet’s own itinerant Webmaster Kevin Hughes flew in from Hawaii on Saturday morning for TagCamp, and by that afternoon he’d already whipped up an intriguing study on the parts-of-speech used for tags and a stab at reversing the mix to automate suggesting tags for articles… come by our new offices on 169 University Ave to see a reprise of that talk and a ‘trip report’ on the success of TagCamp — 120+ attendees (!)

“This presentation explores the results of the lexical analysis of various tag collections as well as normal text. What can we learn from human-generated metadata to help make automatically-generated metadata set more usable, correct, efficient, and most importantly, humane?” — from Kevin’s slides on Lexical Analysis of Tag Collections for the Improvement of Tag Auto-Generation

October 20, 2005

T3 10/20: Emerging Internet Identity Standards (XRI/XDI)

Talks, Visitors By: ams

This Thursday’s Tech Talk will be the first one in our new offices at 169 University Avenue. As usual, attendance is open to all.

oOTao‘s Andy Dale will talk about XRI/XDI, the developing OASIS standards, and how they fit into the broader digital identity landscape.

Biography: Andy Dale is the founder and president of ooTao a San Francisco Bay Area based software development company. Andy has worked developing software for over 10 years as a company principle and team leader. Andy spent the first several years of his career working with a team of actuaries building benefit tracking systems that were widely deployed by local governments and school districts. Andy then moved into the general custom development realm where he was involved in projects as diverse as a Procurement System for Gap Inc to helping to develop and deploy parts of the CitiBank On-line Banking System that are now used worldwide. Andy has had years of success working with large multinational organizations such as: CitiBank, Bank of America, Monsanto, Gap and IBM as well as small technology innovators such as Identity Commons, Envoii and 2idi. Currently Andy spends much of his time consulting as a Senior Architect to many organizations in the areas of Secure Distributed Data Management and Visualization. Andy is also an active member of the OASIS XDI Technical Committee and an Eclipse Committer working to help advance the Eclipse Trust Framework.

Kudos to Identity Woman for introducing us to Andy.

June 1, 2005

CommerceNet Summer Internships

Visitors By: ams

We’re looking for three motivated students to explore the frontiers of electronic commerce this summer in Palo Alto. Graduate students in computer science, economics, and business are eligible to apply for internships to collaborate with CommerceNet, extend their own current work, and explore how startups apply innovations in practice. Advanced undergraduates with strong software development skills are also eligible to intern as members of technical staff. In either case, demonstrated interest in entrepreneurship is a plus.