Happy New Year

I would like to wish all my friends a happy new year. 2009 is looking to be a tough year but I am hoping this year will become a landmark year. Fingers crossed.

If I had to make some predictions, I think we’ll finally see non-fluff applications for Twitter, Facebook, iPhone, and other ‘virtual platforms’ this year because millions of user-base and relatively low launching cost make those platforms very compelling to developers during the recession.

Merry Christmas

Not much to be merry about but it’s the tradition so let’s be merry anyway. I tend to like end of the year because I tend to get moody and reflective which usually leads to creative thoughts.


I am refreshing my understanding of statistics. While it’s not my favorite part of math, I need to firm up what I know for an idea I am tinkering with. I spent most of last week revisiting NLP (natural language parsing) technology and business. In summary, nothing revolutionary technology-wise but blooming business intelligence application has fertilized the market wide and far. It’s still an imperfect technology but, thankfully, my interest is well within practical range.


Since my last post, base level moved up a level from DOW 8000 to DOW 8400 and less predictable (to me, at least). So I’ll be watching more and trading less except when extremes are reached.


I am hoping to have some news to share in January.

Facebook Disconnect

Launch of Facebook Connect is a perfect example of how amazingly forgetful tech media can be. Despite regular appearance of phishing related news, there is no alarm being raised about glaring phishing vulnerability in Facebook Connect, just the usual armchair-general’s strategy bravos and hypes.

First, there is zero phishing protection in Facebook Connect as it is implemented now. What they need, at the very least, is something like Bank of America’s SiteKey.

Second, overall security of Facebook Connect sites depend on each and every one of them being secure. Is TechCrunch secure? Maybe. What about others? Is perpetual security audit a requirement for Facebook Connect?

Third, I don’t buy “there is nothing to phish for in Facebook” argument. Not until Facebook makes it clear to all Facebook users, developers, and partner sites aware of the dangers.

Disclaimer: I worked on the technology behind SiteKey while at PassMark which was acquired later by RSA/EMC and rebranded as Adaptive Authentication (AA). The core of the team that built SiteKey/AA now works at SafePage, company I co-founded a year ago.