Andy Hertzfeld put up preview of his Chandler prototype.  So far I am not very impressed.  It looks just like Outlook.

Dear Jeremy,

I would like to ask you to put following two features into Flash that will impact both Macromedia and the Web tremendously.  Here are the features:

1. User Control over Flash Content Feed (aka Slap Button)

It's simple, give web surfers a button somewhere on the browser toolbar that will disable flash content from the particular site currently  being viewed. If more than one site is involved, disable them all.  If flash content is being blocked already, the button should provide some feedback showing there is flash content available, so those who enjoy being annoyed can do so.

2. Cryptography Support

Add crypto support to Flash that can be used for encryption/decription, digital signature, strong authentication, and other cryptographic applications.  The business world needs zero-install clients with cryptographic features: online payment companies, banks, financial institutions, law firms, hospitals, acounting firms, B2B companies, auctions.  The list goes on an on.

Need a document signed?  Just convert the PDF to Flash and embed digital signature code that uses Flash's built-in crypto functions.  Encrypted web-based mail (see Identity-based Encryption) and secure web-storage also become possible using Strong Flash.  New online payment technologies like Verified-by-Visa, MasterCard SecureCode, PayPal, and Bill Me Later as well as B2B e-commerce technologies can also take advantage of Strong Flash to strongly authenticate transactions without requiring the users to install software.  PassPort and Project Liberty can benefit as well.

Best,

Don Park
Docuverse

3D-Secure (used in Verified-by-Visa and MasterCard SecureCode) is extensible in two ways:

1. <Extensions> element – this element can be used to transmit vendor specific elements as well as standard extensions (there is none at this moment).
2. Custom message type – you can send new request/response message pairs like PAReq and PARes to either an ACS or the DS.

Both ACS and DS are supposed to be able to withstand hacker attacks, so it should be fairly safe to send unknown messages to them.  Worst that can happen is logging.  Same applies to custom elements dropped into <Extensions>.

This means it should be all right for each 3D-Secure vendor to start defining new message types and extensions.  Of course, neither Visa or MasterCard will be happy with this, but these vendor extensions will allow 3D-Secure to evolve and survive far beyond what can be achieved by a central committee dictating each and every new 3D-Secure message types and extensions.

A very useful 3D-Secure extension is Form Fill.  Why bother asking users to filling all the payment fields when all you really need is the credit card info?  Just ask user to provide the card information and press the Buy button.  If the card issuer supports form-fill, cardholder information necessary to complete the transaction will be returned in the Extensions.  If not, ask for them.  Since the user approved the transaction already by entering their PIN, they will be more likely to complete the transaction.

Another useful 3D-Secure extension is Digital Identity.  Have the user login or sign-up for membership by entering their credit card info.  If the ACS supports Digital Identity request, whatever information user allowed the card issuer to share with the merchant will be returned when asked by the merchant.

Extensions like these can and will make 3D-Secure the online payment protocol for the next twenty years.

Some open sourcers want software to be commoditized.  While commoditization could drop prices initially, marketing and branding may come into play.

Robb Beal questions OSAF's status as a charitable organization and brings up an interesting point:

With a free product, you largely don't have to compete on other aspects. (Or, put another way, users tend to discount the quality of a non-free product when there's a free alternative.)

This corresponds with my thoughts on quality and functionality thresholds.  While both factors matter, their impact drops off after a certain point.  Once free software achieves sufficient level of quality and functionality, there is no room for commercial software.

If I am completely happy with what I have been using, why would I want to switch to something new that provides features I care little about?  .  Even if the new software cost only $1, cost of migrating data and training weights in.

A lot of open source projects take donations, usually via PayPal.  I have no idea how much donations are being made, but a glimpse into AbiSource.com's tip jar appeared in an Register article about a PayPal fraud.  I am disappointed by the amount and frequency of donations as well as PayPal charging transaction fees for open source donations.  AbiSource makes AbiWord, a well-known cross-platform word processor.

As I mentioned before, I am not against proper use of open source.  I have open sourced one of the first implementations of W3C DOM API to good effect.  While it has not been upgraded to support DOM Level 2 and SAX Level 2, it included HTML API support which popular DOM implementations are just starting now.  I have also used open source products such as OpenSSL, Eclipse, Perl, Python, and various Apache products.

My issue is with the word 'proper'.  Open source extremists belive all software should be open source.  Extremists on the other end believe that source code, like dirty underwear, should be kept proprietary.  I would like to believe that most people fall somewhere between those positions, within the galatic plane of our software galaxy, the Milky Way.

To get a better understanding of open source and its effects, I am going to post my thoughts and observations on open source until I run dry.  Here are some to start with.

Monopoly – is it possible to have a monopoly in open source?  Can an open source project or group grow popular enough to cause other open source projects to suffer from lack of resource and exposure?  Is Apache a glimpse into the future of open source?

Legality - if I build commercial software using open source components which 1000 people contributed to, am I liable in some way?  Can open source licenses stand up in the court?

Genie - open source is like a genie in a bottle, once its out, its difficult to put it back.

As I have other thoughts in the future on the subject of open source, I will post them.  I ask you to do the same.