I got too many ideas and not enough resources to implement them all. If there is a ready team of 10 top notch engineers whom I can point at will, I'll be in heaven. I suppose I can split some of them off but the juiciest part is a set of interlocking ideas. Argh.
Month: March 2004
XML 1.1 Bible
Latest edition of XML Bible by XML and Java guru Elliotte Rusty Harold is out. Elliotte also has two excellent XML and Java news pages that he updates daily with news and commentaries.
I visit them everyday and so should you if you are into XML or Java.
Making a Living in Year 3004
I usually wake up with odd thoughts as if dream overflowed. This morning it was what it would be like to make a living in year 3004. Frankly, it wasn't specifically 3004, but some time far in the future when people no longer had bodies and lived entirely in the cyberspace. Since it is difficult to predict when and if civillization would reach that state, I just added a 1000 to now. Hey, it could happen. 😉
If I don't have a body, a lot of expenses disappear. Will there still be reasons to work for a living in 3004? Of course, you need to run somewhere which will cost money. Rich folks will live on dedicated machines with layers of protections against failures and viruses. Poor folks will have to make do on cheap shared machines.
What about copyrights, privacy, and piracy in 3004? I sure wouldn't want people copying me or reading my bits. What about desirable experiences? Taste of a perfect cup of coffee can be played over and over if I get a copy. Will our coffee come with DRM to limit replays? What about companionship and sex? Will guys choose to buy the Perfect Wife 7.0 or turndown the lonelyness meter?
If people can change their mind or appearances at will, what will the impact be? Hey, how much you want for that set of splines buddy?
Will morality become just a club? What is the point if you are just bits? If a copy of me sleeps around and then 'resync' with the original, is that cheating? Isn't that more like watching a movie? Will there be room for President Carter's dirty thoughts in the future? I know what you played last night and I want it erased from your mind!
You see what I mean by 'odd'? Heck, it's entertaining too.
Secure UI: Site Seals
In How Not to Get Hooked by a 'Phishing' Scam, the FTC offers this guidance:
Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.
Unfortunately, credibility of the "lock" icon is questionable (via Payments News). Arguably, the "lock" icon is even harmful because, as users come to depend on it presence, they become more vulnerable when it's spoofed.
Trust is a double-edged sword.
With the "lock" icon undersiege, e-commerce companies are looking at other types of protections such as VeriSign Secure Site Seal and GeoTrust True Site which work by including a javascript fragment from a site seal server which inlines a site-specific image or an animation like the ones below.
Since these javascript fragments are executed inside the target page, they can examine domain the page was served from, ensure that they are being served from an approved site, and prominently display an attractive site-specific image that offer assures the users visually. The image can also be click-on to display information about the SSL certificate used in the HTTPS session.
Do these services offer any real protection? No. Because they rely so heavily on the visual, they are wide open to Visual Spoofing. Both the 'seal' image and the popup can be spoofed with a notepad and an image editor. Clever tricks inside the included javascript fragment are useless because they are not included.
IMHO, they are more dangerous than the "lock" icon because they loudly invite the users to trust and depend on presence of images which can be easily spoofed. The main problem is that those images are site-specific which appears to offer more protection than the generic "lock" icon. But since hackers typically engineer site-specific phishing attacks, the appearance of improved protection turns into a liability that invites the hacker to leverage to their advantage.
I will post about possible ways to implement site seals with anti-phishing features in the near future. Meanwhile, be sure to read my other posts on the subject of secure UI.
OhmyDon on OhmyNews
My post from May of last year got published in the English edition of OhmyNews which debutted recently. Cool. Only problem is that they made me look sleepy in the picture on the front page. I am gonna have to come up with a better picture soon. Maybe I should use the nose picking one Joi took.
Tiger vs. Dictator
I have updated my Coup d'eta post with a picture you might enjoy.
Java StAX Parser Reference Implementation
According to Chris Fry, StAX JSR lead from BEA, reference implementation of StAX API previewed last November will be open sourced and made available at Codehaus shortly.
Quick update, I'm in the process of moving the RI to codehaus, should take a couple weeks to get all the wrinkles ironed out, then everyone can start fixing bugs 🙂 - from stax_builders mailing list
Good. Thanks Chris.
Bloglines
I have been hearing a lot about Bloglines lately so I checked it out today and found this blog in their list of Most Popular Blogs. Cool! Here is the Bloglines page for this blog where you can subscribe via Bloglines.
UI Design Tip: Think Inversely
Since today's theme turned out to be UI design, here is a general UI design tip that offers a nice bang for the buck: Think Inversely. A good time to think inversely is when you have a question. For example, instead of just asking what to show in the UI, ask what should not be shown. Why? Because each addition you make to the UI is a potention source of confusion and distraction for the user.
Bush Against Science and Health
Read this article by Robert F. Kennedy Jr. Now even pig farmers are getting a piece of the action.
Don Park's Weekly Habit 