Open Letter to Jeremy Allaire

Dear Jeremy,

I would like to ask you to put following two features into Flash that will impact both Macromedia and the Web tremendously.  Here are the features:

1. User Control over Flash Content Feed (aka Slap Button)

It's simple, give web surfers a button somewhere on the browser toolbar that will disable flash content from the particular site currently  being viewed. If more than one site is involved, disable them all.  If flash content is being blocked already, the button should provide some feedback showing there is flash content available, so those who enjoy being annoyed can do so.

2. Cryptography Support

Add crypto support to Flash that can be used for encryption/decription, digital signature, strong authentication, and other cryptographic applications.  The business world needs zero-install clients with cryptographic features: online payment companies, banks, financial institutions, law firms, hospitals, acounting firms, B2B companies, auctions.  The list goes on an on.

Need a document signed?  Just convert the PDF to Flash and embed digital signature code that uses Flash's built-in crypto functions.  Encrypted web-based mail (see Identity-based Encryption) and secure web-storage also become possible using Strong Flash.  New online payment technologies like Verified-by-Visa, MasterCard SecureCode, PayPal, and Bill Me Later as well as B2B e-commerce technologies can also take advantage of Strong Flash to strongly authenticate transactions without requiring the users to install software.  PassPort and Project Liberty can benefit as well.


Don Park

Weapons of Ass Destruction

Apparently, Reverse Cowgirl has similar sense of humor or taste as I do.  She featured box cover image of adult movie Weapons of Ass Destruction as a demonstration of her image blogging.  [Via Marc and Adam Curry]

I doubt North Korea is developing Weapons of Ass Destruction, but that's the kind of arms race I like.  Given South Korea's fast advancing plastic surgery technology, Koreans have a good chance of kicking ass in a pleasant way.  <g>

UserLand Radio improvement suggestions

Here are some suggestions for improving UserLand Radio.

Category post to e-mail – I subscribe to many mailing lists.  Discussion topics of those mailing lists frequently overlap with my blog categories.  For example, my Online Payment category and the 3d-secure mailing list.  When I post a message on either one, I usually post on the other as I have done with my Extending 3D-Secure post.  So, an optional Radio feature that automatically does this would be convenient.

Category post to Usenet – same as above except post is made to Usenet.

Private Category to Public Categories – while most news aggregation is happening at the client end, there is room for intermediate news aggregation that aggregates posts from multiple blogs. User can set this up by specifying one or more post destinations, each corresponding to a Public Category.  This feature leads naturally to introduction of editorialized news and invited columnists.

Syndicated News Filters/Prioritizer – I subscribe a good set of RSS feeds, but I am usually interested only in certain topics.  It would be nice to be able to filter or sort news by requiring presence or absence of certain words and phrases for each subscribed RSS feed.  Also, it would be great if I received regular reports of words and phrases my RSS feed subscribers are interested in.

Extending 3D-Secure

3D-Secure (used in Verified-by-Visa and MasterCard SecureCode) is extensible in two ways:

  1. <Extensions> element – this element can be used to transmit vendor specific elements as well as standard extensions (there is none at this moment).
  2. Custom message type – you can send new request/response message pairs like PAReq and PARes to either an ACS or the DS.

Both ACS and DS are supposed to be able to withstand hacker attacks, so it should be fairly safe to send unknown messages to them.  Worst that can happen is logging.  Same applies to custom elements dropped into <Extensions>.

This means it should be all right for each 3D-Secure vendor to start defining new message types and extensions.  Of course, neither Visa or MasterCard will be happy with this, but these vendor extensions will allow 3D-Secure to evolve and survive far beyond what can be achieved by a central committee dictating each and every new 3D-Secure message types and extensions.

A very useful 3D-Secure extension is Form Fill.  Why bother asking users to filling all the payment fields when all you really need is the credit card info?  Just ask user to provide the card information and press the Buy button.  If the card issuer supports form-fill, cardholder information necessary to complete the transaction will be returned in the Extensions.  If not, ask for them.  Since the user approved the transaction already by entering their PIN, they will be more likely to complete the transaction.

Another useful 3D-Secure extension is Digital Identity.  Have the user login or sign-up for membership by entering their credit card info.  If the ACS supports Digital Identity request, whatever information user allowed the card issuer to share with the merchant will be returned when asked by the merchant.

Extensions like these can and will make 3D-Secure the online payment protocol for the next twenty years.

Robb Beal on OSAF, 501c3/6, and Quality

Robb Beal questions OSAF's status as a charitable organization and brings up an interesting point:

With a free product, you largely don't have to compete on other aspects. (Or, put another way, users tend to discount the quality of a non-free product when there's a free alternative.)

This corresponds with my thoughts on quality and functionality thresholds.  While both factors matter, their impact drops off after a certain point.  Once free software achieves sufficient level of quality and functionality, there is no room for commercial software.

If I am completely happy with what I have been using, why would I want to switch to something new that provides features I care little about?  .  Even if the new software cost only $1, cost of migrating data and training weights in.