UPP and Sash

Several people on my daily blog run are talking about Universal Personal Proxy (UPP) and Web Intermediaries.  What they are talking about is an old idea that probably got started when the Web was first invented.  IBM Sash is almost exactly what they are talking about.  Sash uses JavaScript and DHTML so web developers don't have to learn new languages like Python.  It has a cool IDE for writing weblications.  There is even a Linux port of Sash.  What really intrigues me is why it hasn't taken off.

First off, a typical user has no idea what it is, where it is, and how it does what it does.  A powerful bundle of functionalities means little when it has no space in the user's mind.

Second, transition between a user to a developer is too sharp.  One has to download a large toolkit and myriads of extensions.  Web developers need only a text editor and a FTP client.  Even Python comes with mostly everything in one download.

Third, there is no synergy between weblications.  Having one thousand individual services is less attractive than ten related services that fits within a single paradigm.

There are other problems I see.  Later perhaps.

Blog Guest

While blogging is popular, bloggers are still small in numbers and varieties.  There is a large body of potential bloggers who current do not blog for one reason or another.  This is where the Blog Guest idea can play a major role. Blog Guest is a blogger you invite to add contents to your own blog.  While the original Blog Guest idea emphasized cross-posting from fringe bloggers to hub blogs with an eye toward healthy distribution of unique view points and blog traffic, I think the idea is better applied to making it easy for would-be bloggers to join the blogging culture.  With blog softwares and services supporting Blog Guest feature, each blogger can invite his or her friends, family, and collegues to have their own space within his or her blog.  There are many benefitial side effects from bringing your real-world micro-community into the blogspace with you, but I will leave that for later posts.

Standard Crypto API Chaos

I have been looking at several crypto APIs and the picture is not pretty and getting worse.  At this time, most developers I know are ignoring standard APIs like GSS, CDSA, and PKCS#11 as well as platform APIs likeWin32 CryptoAPI.  Popular open source libraries like OpenSSL and Crypto++ rule.  Architecturally, I like CDSA and GSS.  CDSA is nice because it is open source, has fair documentation, and well designed.  Unfortunately, CDSA is not being pushed strongly by Intel and supporters.  Netscape announced support and then abandoned it.  NSA seems to consider it important as an interoperability hub of sort, but favors GSS according to some presentations I found.  GSS is also well designed, but there is no readily available Win32 implementation nor adapters.  CDSA has adapters for OpenSSL and PKCS#11.  With GSS, I am not even sure where to get C header files.  If there is enough call for it, maybe I'll put together an open source GSS library (OpenGSS?).  Otherwise, I'll probably use CDSA with minimal leakage across the project.

Neverwinter Christmas Nights

I have always enjoyed games.  Beside being fun to play, games are fun to develop and game market is one of the most interesting ones.  Yes, competition is fierce and profits are hard to come by if you are relying entirely on creativity, but there is more respect for craftmanship in the game market than in any other markets.  Being recession-proof also doesn't hurt either.  Just look at Electronics Art.

This Christmas, I am playing Bioware's Neverwinter Nights (NWN) which is considered the first true electronic adaptation of Dungeon & Dragon pen-and-paper game system.  With it, you can create your own D&D modules using drag-and-drop and host it on Internet.  Dungeon Master (DM) is supported as well.  You can also craft and script practically anything so you can see what a bazooka will do to a dragon.  Some have taken the spicier route, introducing string bikini and bouncing body parts.  Its an amazing game that is a must for D&D players.

NWN takes a small group approach to multiplayer games than massive multiplayer approach taken by EverQuest or Ashlon's Call.  Since NWN game servers can be linked together to form a massive world, one can say NWN takes the distributed approach where EverQuests takes the centralized approach to multiplayer gaming.  True difference is in the way Dungeon Masters brings the game alive.  Ho Ho Ho.

Tao Contract

This afternoon of Christmas Eve, I woke up with a lingering image of a solution that could make legal documents more user friendly.  The image was the symbol of Tao (aka Yin-Yang symbol and used in Korean Flag) shown below.

The idea is to supplement legal clauses (syntax, body, yin) with clearly stated intent of the clause (semantics, heart, yang).  Tao Contracts, legal documents using this approach, should be much easier to understand with little room for misinterpretation.  Legal clauses and intentions should be placed near enough for visual association but far enough to distinguish them apart.

I think the reason I had the dream was because I have been working on digital signature technologies lately.  Digitally signing a document is easy, but digitally signing heart and soul is not…

Merry Christmas to Everyone

I have not sent a single Christmas card during my 40 years on this planet and the lazyness has become a principle of sort along way.  So don't expect a card from me in the mailbox.  However, I wish everyone a very Merry Christmas.  Since the economy couldn't possibly get any worse next year, I'll see you all smiling from cheek to cheek next year.

Origin of the most popular four-letter word

Thanks to Marc Canter, I learned where the word F.U.C.K. came from.  Its actually an acronym that stands for "For Unlawful Carnal Knowledge" and was used in old England as a technical term to charge anyone caught in illegal cohabitation, obviously a very common offense.  When I first came to America 26 years ago, I couldn't speak a word of English.  The very first word I learn at my Junior Highschool was — you guessed it — fuck.  The word was so useful that I could spend a whole week with just that word and meaningful silences.

PGP 8.0 SDK Problems

SDK is not released yet, but libraries are included in PGP 8.0 installation.  So I spent a few hours trying to make it work with my PGP code written for an older version of the SDK (v1.7.8).  Two immediate problems, SDK library file name have changed and quite a number of functions have been removed.  I guess they don't care about backward compatibility from the developer's perspective.  So I am halting my PGP work until PGP 8.0 SDK is released.

Carol on Shared Authentication

I have always thought that security companies are too focused on technology and generally clueless about what users and markets want.  Bruce Schneir, for example, discovered that security is a process and not some magical mixture of technologies.  Its great that he was able to shift from technological perspective to operational perspective.  Carol Coye Benson writes from marketing perspective, a step beyond operational perspective, on shared authentication.  She is right on the ball.