Open Letter to Jeremy Allaire

Dear Jeremy,

I would like to ask you to put following two features into Flash that will impact both Macromedia and the Web tremendously.  Here are the features:

1. User Control over Flash Content Feed (aka Slap Button)

It's simple, give web surfers a button somewhere on the browser toolbar that will disable flash content from the particular site currently  being viewed. If more than one site is involved, disable them all.  If flash content is being blocked already, the button should provide some feedback showing there is flash content available, so those who enjoy being annoyed can do so.

2. Cryptography Support

Add crypto support to Flash that can be used for encryption/decription, digital signature, strong authentication, and other cryptographic applications.  The business world needs zero-install clients with cryptographic features: online payment companies, banks, financial institutions, law firms, hospitals, acounting firms, B2B companies, auctions.  The list goes on an on.

Need a document signed?  Just convert the PDF to Flash and embed digital signature code that uses Flash's built-in crypto functions.  Encrypted web-based mail (see Identity-based Encryption) and secure web-storage also become possible using Strong Flash.  New online payment technologies like Verified-by-Visa, MasterCard SecureCode, PayPal, and Bill Me Later as well as B2B e-commerce technologies can also take advantage of Strong Flash to strongly authenticate transactions without requiring the users to install software.  PassPort and Project Liberty can benefit as well.


Don Park

Weapons of Ass Destruction

Apparently, Reverse Cowgirl has similar sense of humor or taste as I do.  She featured box cover image of adult movie Weapons of Ass Destruction as a demonstration of her image blogging.  [Via Marc and Adam Curry]

I doubt North Korea is developing Weapons of Ass Destruction, but that's the kind of arms race I like.  Given South Korea's fast advancing plastic surgery technology, Koreans have a good chance of kicking ass in a pleasant way.  <g>

UserLand Radio improvement suggestions

Here are some suggestions for improving UserLand Radio.

Category post to e-mail – I subscribe to many mailing lists.  Discussion topics of those mailing lists frequently overlap with my blog categories.  For example, my Online Payment category and the 3d-secure mailing list.  When I post a message on either one, I usually post on the other as I have done with my Extending 3D-Secure post.  So, an optional Radio feature that automatically does this would be convenient.

Category post to Usenet – same as above except post is made to Usenet.

Private Category to Public Categories – while most news aggregation is happening at the client end, there is room for intermediate news aggregation that aggregates posts from multiple blogs. User can set this up by specifying one or more post destinations, each corresponding to a Public Category.  This feature leads naturally to introduction of editorialized news and invited columnists.

Syndicated News Filters/Prioritizer – I subscribe a good set of RSS feeds, but I am usually interested only in certain topics.  It would be nice to be able to filter or sort news by requiring presence or absence of certain words and phrases for each subscribed RSS feed.  Also, it would be great if I received regular reports of words and phrases my RSS feed subscribers are interested in.

Extending 3D-Secure

3D-Secure (used in Verified-by-Visa and MasterCard SecureCode) is extensible in two ways:

  1. <Extensions> element – this element can be used to transmit vendor specific elements as well as standard extensions (there is none at this moment).
  2. Custom message type – you can send new request/response message pairs like PAReq and PARes to either an ACS or the DS.

Both ACS and DS are supposed to be able to withstand hacker attacks, so it should be fairly safe to send unknown messages to them.  Worst that can happen is logging.  Same applies to custom elements dropped into <Extensions>.

This means it should be all right for each 3D-Secure vendor to start defining new message types and extensions.  Of course, neither Visa or MasterCard will be happy with this, but these vendor extensions will allow 3D-Secure to evolve and survive far beyond what can be achieved by a central committee dictating each and every new 3D-Secure message types and extensions.

A very useful 3D-Secure extension is Form Fill.  Why bother asking users to filling all the payment fields when all you really need is the credit card info?  Just ask user to provide the card information and press the Buy button.  If the card issuer supports form-fill, cardholder information necessary to complete the transaction will be returned in the Extensions.  If not, ask for them.  Since the user approved the transaction already by entering their PIN, they will be more likely to complete the transaction.

Another useful 3D-Secure extension is Digital Identity.  Have the user login or sign-up for membership by entering their credit card info.  If the ACS supports Digital Identity request, whatever information user allowed the card issuer to share with the merchant will be returned when asked by the merchant.

Extensions like these can and will make 3D-Secure the online payment protocol for the next twenty years.

Robb Beal on OSAF, 501c3/6, and Quality

Robb Beal questions OSAF's status as a charitable organization and brings up an interesting point:

With a free product, you largely don't have to compete on other aspects. (Or, put another way, users tend to discount the quality of a non-free product when there's a free alternative.)

This corresponds with my thoughts on quality and functionality thresholds.  While both factors matter, their impact drops off after a certain point.  Once free software achieves sufficient level of quality and functionality, there is no room for commercial software.

If I am completely happy with what I have been using, why would I want to switch to something new that provides features I care little about?  .  Even if the new software cost only $1, cost of migrating data and training weights in.

I heard the coffin closing

It happened over the past two months while I waited for SUNW to bottom and I don't know exactly why, but I heard the coffin closing on Sun.  Sun is going the way of SGI with a damsel in distress, Java, in its arms.  Where did I put my double-edged sword?

A Glimpse in Open Source Tip Jar

A lot of open source projects take donations, usually via PayPal.  I have no idea how much donations are being made, but a glimpse into's tip jar appeared in an Register article about a PayPal fraud.  I am disappointed by the amount and frequency of donations as well as PayPal charging transaction fees for open source donations.  AbiSource makes AbiWord, a well-known cross-platform word processor.

Thoughts on Open Source

As I mentioned before, I am not against proper use of open source.  I have open sourced one of the first implementations of W3C DOM API to good effect.  While it has not been upgraded to support DOM Level 2 and SAX Level 2, it included HTML API support which popular DOM implementations are just starting now.  I have also used open source products such as OpenSSL, Eclipse, Perl, Python, and various Apache products.

My issue is with the word 'proper'.  Open source extremists belive all software should be open source.  Extremists on the other end believe that source code, like dirty underwear, should be kept proprietary.  I would like to believe that most people fall somewhere between those positions, within the galatic plane of our software galaxy, the Milky Way.

To get a better understanding of open source and its effects, I am going to post my thoughts and observations on open source until I run dry.  Here are some to start with.

Monopoly – is it possible to have a monopoly in open source?  Can an open source project or group grow popular enough to cause other open source projects to suffer from lack of resource and exposure?  Is Apache a glimpse into the future of open source?

Legality if I build commercial software using open source components which 1000 people contributed to, am I liable in some way?  Can open source licenses stand up in the court?

Genie - open source is like a genie in a bottle, once its out, its difficult to put it back.

As I have other thoughts in the future on the subject of open source, I will post them.  I ask you to do the same.