If you are using Java Swing to build your GUI, you should be using jGoodies Looks (SWT-like clean Java Look & Feel library), Forms (layout library), and Animation (animation framework).  They are free, open source, and, best of all, great looking.  When I say great looking, I mean Audrey Hepburn good looking: clean, crisp, and neat.

I have yet to see a better way to minimize the mess most Java programmers call GUI.  If a stray pixel doesn't bother you like a thorn does, you need jGoodies badly.  jGoodies is also a member of java.net's JavaDesktop community.  Go check it out.

"It's like flicking a booger at…spam" is the motto of Mailinator.  The idea is to make up a mailinator e-mail address when a website ask you for an e-mail address.  Mailinator will create the account on-demand (i.e. website sends a confirmation message) and self-destruct after a few hours.  Cute except it is a self-destructing idea, the kind that gets killed by its popularity.  I'll leave it up to you to work it out.

The idea is similar in a way to IBE (Identity-based Encryption) so I mixed the two ideas to get…you guess it, Booger Security.  IBE protected data that self-destructs.  Actually, I neglected to mention a brain storming session I had on my way back from a client today.  I thought about IBE and how it might be used in non-email applications.  By the time I passed University Avenue on 101, I had one.

IBE can be used to protect all or parts of webpage contents, extending security envelope beyond web server farms, all the way to application server and, for some applications, even to the databases.

Web servers are where the security battle is raged most furiously, not the firewall.  Crazily enough, all kinds of passwords and private keys are still routinely stored on those web servers.  Web servers are also where the SSL tunnel usually ends.  Are you getting the picture?  It's like a AD&D game where you fight through a level to find a key into the next level.

IBE could solve some of that problem by encrypting sensitive user information to and from the user.  There is also some caching opportunity also if user information changes slowly.  Anyway, the idea is not mature yet so allow me to concentrate on the Booger Security idea.

Imagine a Wiki, Booger Wiki (BK) if you will, where users post encrypted messages to individuals or groups of friends and collegues.  It could be IRC, IM, or even USENET posts.  Anway, a smart IBE-client should be able to monitor all these incoming protocols and decrypt messages it can.  Voila.  Secure messaging webpages in one fell swoop.  There is a horde of UI issues that needs to be solved, but the idea is effective enough to give Department of Homeland Security and NSA excuses to increase their budget.

Between University Avenue and Redwood City, I was too busy flicking to think.

Altova, the XML Spy folks, has a SOAP debugger.  Interesting.  I found it by clicking on one the AdSense ads that appeared on my frontpage.  Cool.

If my post on Voltage Security peaked your interested in IBE (Identity-Based Encryption), check out O'Reilly interview with Terence Spies (cool last name for a security startup VP ;-), VP of Engineering at Voltage Security.  If you are math-enabled or just want to roll your eyeballs, this page is a good starting point.  BTW, some parts of Voltage's IBE technology is patented.  But this shouldn't surprise anyone since VCs are not likely to invest in a patentless security company.

No doubt about it, popularity of popup blockers is rising above the ignorable level for those who use it for legitimate reasons.  Google Toolbar and Mozilla/Firebird are two primary causes.  Content-rich services like AOL, MSN, and Yahoo are likely to add fuel to the fire with controlled popup blocking which will block everyone else's but their own and their partner's.

While I hate annoying popup ads like everyone else, I feel that blocking all popups amounts to throwing the baby out with the bathwater.  Popup is a very useful tool in UI designer's toolbox and it would be a shame to lose it or resort to using complicated pseudo-popups, artifacts that just looks like a popup window.

For now, I am advising everyone to avoid using popups until we can find a cheap solution.  One solution I am looking at now is the use of copyright law to discourage use of popups for advertising by businesses.  The idea is simple:

Copyright and restrict use of a unique string or image that popup blockers can use to recognize legitimate popups.

The ultimate cause of popup ads is money.  And, where there is money, there is usually someone who can be sued.  While I hate unnecessary litigations, I prefer simple social solutions to complicated technical solutions.  There is a major flaw in this solution though.  There is no powerful industry association like RIAA to stab the legal jeopardy straight into the heart of popup advertisers.

I used to visit Microsoft Research site regularly because they had some really interesting papers and projects there.  Since blogging, I haven't been back (blogging sucked up all my spare time), but thanks to some .NET bloggers aggregated at weblogs.asp.net, I found these two great papers.

Is It Just My Imagination? by Suzanne Ross

Suzanne describes a way to use inkblots, meaningless smears of ink psychologists use, as visual hints to evoke passwords.  In a way, this technique is somewhere between what you know and who you are.  Cool.  This is how it works.  Show users a series of computer generated inkblots and collect their responses.  From each response, take the first letter of the first word and last letter of the last word.

sad angel

Neat idea.  I spent a great deal of time thinking about visual passwords and this paper's psychological angle was like a fresh breath of air for me.  Unless I read it wrong, Suzanne seems to be recommending ten inkblots for both password generation and verification to get 20 character password.  I think that is too much for verification phase.  I would, instead, show fewer but random squence of those ten inkblots.

While I can see many possible problems with inkblot scheme, one-track mind for example, but the core idea is interesting and worth further studies.

Thanks to Frans Bouma

Distributed Computing Economics by Jim Gray

Yup.  That is Jim "Transaction" Gray, whose thick book sits prominently on my bookshelf.  There are many books I regret buying and his is not one of them.  In this paper, Jim talks about the cost of computing and how it affects where location of computing.  Good read.

Thanks to Randy Holloway.