If you thought you could just throw in an off-the-shelf XSLT engine into your software to enhance your output capabilites, you need a security wake up call. XML has its own set of potential security issues that must not be overlooked and XSLT is no exception.
Prajakta Joshi shows how to perform XSL transformations securely in Secure XSL Transformations in Microsoft .NET. If you are not a .NET programmer, ignore the .NET bits and concentrate of the issues.
The world is giving up on popups because of spams. Will we someday be forced to give up e-mails because of spam? What about forums, chatrooms, and instant messaging? Comments and trackback are also starting to come under assault from spammers. Where is the line in the sand?
I used to feel comfortable with reliability of e-mails. When I send something to somebody, I felt reasonably sure that it will be delivered and read. That is no longer true today even with wide use of spam filters. When I send an e-mail now, I no longer feel sure of it being read by the receipient.
Of about 300 e-mails I get each day, about 200 are deleted. Out of 200, about 175 gets classified as spams or likely spams by my spam filter. Since there are so many, I tired of scanning the headlines to catch false signals long time ago. Wham. They are wacked even though I know that no spam filters are perfect and aggressive filters signal falsely as much as 17%.
25 spams that pass through the filter undetected are found by glancing at the sender's address and the subject of each e-mail. Are they really spams? I have grown to care not. If I don't recognize the sender or the subject line looks overly chummy like "Did you get my mail yesterday?", they are wacked without hesitance. Foreign e-mails? I wack them without mercy.
Constant avalanche of spams have de-sensitized me to the point where I no longer care if I delete legitimate e-mails. Next step is accepting only digitally signed e-mails from known sources. I don't think we are too far from that. Spam filters actually seem to promote de-sensitization. More reliable the filter is, more complacent the user gets. When was the last time you looked inside the spam and suspected spam folders?
Taking my own attitude about e-mails and spams into account, I expect everyone to be doing pretty much what I do. When I observed how my wife and son handle e-mails, I found that they are even more brutal than I am. They don't even look at the subject line, relying only on the sender's address. If they don't recognize the address, it is deleted without even a glance.
Now, step back and think about how much businesses around the world have come to depend on e-mail to do business, communicating with each other, their partners, and customers. Then think about what the loss of e-mail reliability means. Already, my friends in spam-suspect countries like Korea and China are having difficulty reaching me by e-mail because their messages are thrown into the spam pile. This has direct impact on the ability of companies in these countries to do business.
We are in serious boo-boo, Toto.
Update #1: The message I was trying to convey in this post is not that we need better spam filters. The message is that spam is not only annoying like dinner-time telemarketing phone calls, it is hitting businesses below the belt by degrading a major communication channel.
I never been to the Burning Man, but I know what I am willing to trek to a desert to see: Monster Bot Wars, car size to building size robots battling each other. Of course, sand and bots don't quite mix too well…
I visited #joiito IRC channel last night to chat. During the chat, I started brainstorming about useful software for cellphones using mosquito vanquishing software from Korea as an example. I started with a voice-recognition software that rings the cellphone when it recognizes a keyword. Others like Roji-san joined in with on-command-recording of voice and video.
After I left, I realized that you don't even need fancy voice-recognition. All you need is a cellphone with buttons and sound under software control. To use your cellphone to make a Great Escape, just download a piece of yet-to-be-written software and set the delay time (let say 1 minute). To use it, just put your hand into your pocket and press a button. After 1 minute, the phone rings and you say "Excuse me, I have to take this. [after ten seconds] I am sorry, I have to leave, it's an emergency."
Maybe not as innovative as mosquito vanquishing program, but useful to far wider audience. I refreshed and upgraded my J2ME development tools today to prototype this. Lots of fun on the way although I got a deadline looming that won't leave too many spare hours.
Thanks to Clay Shirky, I found Mike Reed's Flame Warriors, ongoing attempt to classify participants of online discussions. It's absolutely hillarious and illustrations are usually perfect.
Here is an example:
Big Dog and Me-Too
"Big Dog is a bully who doesn't hesitate to use his superior strength to intimidate other combatants. Big Dog may be smart, articulate or just plain mean, but in any case he is a remorseless fighter, brutally ripping into even the weakest of combatants. Once Big Dog securely fastens his powerful jaws on a hapless victim, Me-Too will join the attack. Me-Too is far too weak and insecure to engage in single combat, and must ally himself with Big Dog or a pack of other Warriors to bring down his quarry."
It's like a Online Behavior Pattern repository. I wonder why there is no Idiot in the list though.
While searching for on-demand server-side Java compilers for cellphone, I ran into an interest project at MIT Media Lab by accident. Simply titled Tiny Projector, Stefan Marti documents his work on building prototypes of his solution to limited display problems inherent in mobile devices.
"The basic idea of TinyProjector is to create the smallest possible character projector that can be either integrated into mobile device, or linked dynamically with wireless RF connections like serial low range transceivers." – Stefan Marti
Stefan provides plenty of diagrams and pictures of circuits, models, and his solderworks. He looked like he was having hell of a fun time doing it. Starting from July 2001 to May 2002, his project progressed from this:
To this:
What was the difference? Cellphone users won't have to twirl their cellphones! Aside from the coolness of the idea, the paper is a fun look at how technologies get developed at personal level. I enjoyed reading it.
Sun engineers talk about how they are addressing web service performance issues using ASN.1 to encode XML in this Fast Web Services article. According to the article, so called Fast is 4 to 10 times faster depending on the complexity of SOAP request and response being exchanged.
Binary XML is one of the first problems I tackled when I first discovered XML many years ago. Since then XML spec was published and SOAP was introduced. I was intrigued by SOAP because it shared many characteristics with Inter-Application Communication (IAC) work "Dave" and I worked on for Frontier ages ago. Looks like the Wheel turned again and now we have Fast Web Services.
My opinion is that, while there will be some web applications which are practically only with Fast Web Services, the performance gain will be lost on most web applications. Just look at how we have gotten used to squandering memory and bandwidth as availability increased.
Faster performance could encourage finer-grained web services which amounts to fetching a document one word at a time. Even worse, fine-grained web services increases load on the server-side, not only on web servers, but application servers, database servers, and directory servers. This is one case where common sense differs from reality.
While thre are ways to avoid these problem, solutions require skills, experiences, resources, and mindshares not readily available in the Lazy Web. To best use Fast Web Services, consider it after design and implementation phase and either before or even after deployment so that your design don't end up with a built-in dependency and unavoidable waste and abuse stemming from the dependency.
FeedDemon could have been good, but it's UI sucks at the moment. It introduces metaphors without feedback nor justifications. On top of metaphors like Listing and Newspaper, it built too many menus and commands that looks all too similar.
In the latest version, I end up with many default channels like Amazon category feeds without an apparent means to remove them. I tried the menus in vain but ended up trying to delete one at a time and then gave it up. I could careless if there was some dialog somewhere.
If I can't find it, it doesn't exist.
KidzMail looks good (via Gadgetopia). It would have been even better if it was web-based and provided e-mail service as well like like Hotmail so kid-appropriate filters can be come pre-installed. Even better, expand the functionality to include other activities including blogging, IM, games, trading, and, especially important, education.
Kid's perspective affects not the UI but the functionality itself. Take a common functionality like spellchecker. Instead of merely underlying misspelled word and a way to correct it, each misspelled word is an oppotunity to educate the sender AS WELL AS the receiver. Instead of correcting it, the program can use crayon like coloring to mark it and then provide correction on the side with a line drawn to the bottom where definition and related information is shown.
A weighted dictionary can be used to teach words kids are not likely to know so new words can be introduced incidentally as well as via suggestions as the kid is writing a message.
Education is a under-developed country in the software world. Although education can benefit greatly from correct application of technology, all we do is shove more hardware at them instead of coming up with better software and interfaces that widens the teaching opportunities.
Take for example, GameBoys. There are millions of these things and kids are absolutely attached to them, yet there are very few educational software for GameBoys. Even a simple software like electronic flash cards could do wonders to kids. To do this, all one needs is a GameBoy cartridge capable of running Java (i.e. JemBlazer) and a means of communication with a nearby PC like USB, Bluetooth, or even Wi-Fi.
I spent a good part of yesterday playing EverQuest. It was partly a day-long vacation for me and an opportunity to study a phenomenon. Installation was easy enough and graphics was adequate, but EQ user interface really sucked.
I couldn't believe how bad it was even after all this time. Windows popping up every where, weird keyboard and mouse controls, confusing map, text colors too dark to see read, the list goes on and on. All the 3D UI lessons learned by the game and simulation industries over more than a decade seemed to have been thrown out.
Manual was pretty useless also and, even worse, there was little free online information about EQ. Everyone was selling information, equipment, and items instead. Pretty weird, I must say.
Don Park's Weekly Habit 