Version 2.0 of JCLA (Java Language Conversion Assistant) is here.  FYI, JCLA is a VS.NET tool that converts Java source code into C# source code.  You'll need Visual Studio .NET 2003 CDs to install it (it doesn't support older version of VS.NET).  Here are the list of changes from JCLA 1.0.

• Significant performance improvement for larger conversion projects.
• Support for conversion of JavaServer Pages (JSP) and servlets.
• The ability to read all major character-encoding systems.
• Conversion of the Java 1.2 Collections API.
• Improved support for the conversion of applets.
• Fixes to several bugs and omissions in JLCA 1.0.

Considering that JCLA 1.0 was pretty much useless, I hope this version is at least functional instead of taking forever to spit out doubtful cryptic code.  Most importantly, I should be able to trust the code it spits out.

One .NET tool I would like to see is a Language Morpher, a tool that translates .NET code from one language to another and back without mangling or lossing necessary information like names and comments.  VB.NET to C# to Python to Perl to J#.  Cool.

I don't have much hope for such a tool, however, because of all the legacy baggage each language comes with like language-specific standard libraries.  C# is the purest of them all because it has zero legacy baggage.

I drove down to Palo Alto today and had lunch with three of the co-founders of Voltage Security.  Smart guys.  They are a well-knitted team with personalities and perspectives that complement each other well.  I liked that.

Three Volts: Rishi Kacker, Guido Appenzeller, and Matt Pauker

This is how their key product, SecureMail works:

Alice at Company A would like to send her customer, Bob at Company B, a sensitive email that must be secure for compliance reasons. She uses Voltage SecureMail to send the secure email to Bob.

Alice sends a secure email to Bob
After Alice composes the email, she simply hits the Send Secure button, which automatically secures the email, along with any attachments, using Bob’s email address “bob@b.com”.

Voltage SecureMail does not require pre-enrollment of users to receive secure email; even if Bob has never previously communicated with Alice or has never used Voltage SecureMail, he is still able to receive secure email from Alice.

Bob receives the secure email
The first time Bob receives the secure email on his laptop, Bob clicks on a link in the message header and downloads the Voltage SecureMail client. He then proceeds to enroll and authenticate to Company A’s SecurePolicy Suite. The method used to authenticate Bob is completely flexible to the requirements of the enterprise.

Bob decrypts and views the email message
Upon completion of proper authentication, the SecurePolicy Suite will present Bob with his private key to read the sensitive email. Alice and Bob can now communicate securely with Voltage SecureMail.

With his private key downloaded to his laptop, Bob can decrypt and view his received secure email even when he is offline on an airplane. Bob can even read his secure email at a business center using Voltage SecureMail's transparent roaming capabilities.

As you can see, Voltage neatly sidesteps the need to build expensive PKI infrastructures.  Although their biggest weakness is the need to install software on the client, the problem is offset to some degree by the viral aspect of the solution:

Alice infects Bob by sending an encrypted mail that prompts Bob to download and install Voltage client in order to read the encrypted message.  With client installed, Bob can send encrypted mail to others as well, infecting them in the process.

They chose a good name for their company because another way to look at it is electricity (security) flowing and spreading across the Internet via e-mail, charging everyone in the process with higher security.  Voltage Security sounds a whole lot better than Viral Security, no?  <g>

Update #1: I changed "three co-founders" to "three of the co-founders" after reading Scott's post.  There are four co-founders of Voltage as you can see here.

CHICKEN is a Scheme-to-C compiler (via Dave).  Cool.  I haven't done anything in Scheme for years, but looking at this Chicken makes me hungry.  Don't forget to get confused with their performance chart.  It's available under BSD license.

Last week, Adam Smith of Convea asked me to take a look at their product, Convea.  I didn't have time to look at it until now, but I am glad I did.  At first glance, it was a just another open source web-based groupware.  Their list of business and technical benefits made me glaze over like the sides of a cereal box.  Tiny screenshots didn't help much either.  So it wasn't until I tried the demo that I uttered "Wow!" just as I have when I saw Oddpost first time.

They had done a great job of simulating Windows UI cleanly.  Playing with it, it was difficult to keep in mind that this was all done in DHTML, the language of torture if you are a perfectionist.  While overall integration could use improvements, you can easily tell that countless hours of hard work went into it.

Convea is open source and GPL version is available for free.  To lift the GPL curse so you can use it on your commercial website or intranet, you'll need a Standard Commercial License ($1995).  To develop commercial products with it, you'll need a Commercial Services License ($9995).  Oh, it's ASP-based currently although there seems to be talk of PHP and ASP.NET versions.

Disclaimer: Having spent most of past 20 years helping startups, I enjoy helping them get their message out through my blog.  I won't call something bad good, but I felt my readers should be aware of my sympathetic bias toward startups.  Also, if you are a startup and think you have a great product but not enough exposure, let me know.

Update: The demo requires IE 5.5+.

AOL has begun dismantling their Mozilla team (thx Dave).  I am not sure whether I should be happy or sad.

SVG has been dead in the water for some time, but now there are signs of some movement.  Most importantly, Adobe has released a pre-release version of SVG Viewer 6.0.  FYI, SVG Viewer is an IE plug-in for displaying SVG graphics within web pages.  I hope they keep their asses moving so that all the SVG fanatics don't end up looking like fools.  Apache's Batik team has also released the final version of Batik 1.5, a Java implementation of SVG renderer.  You can find source, binaries, and list of changes here.  Yes, it is slow so get a fast machine if you want to sell it upstairs.

If the nonsense above made you wonder what SVG might be, it is an XML-based vector graphics format whose capabilities overlap Flash and Postscript to varying degrees but has a lot more.  As you know, a lot more can be a blessing as well as a curse.  We'll see how the future turns out.  Frankly, I like SVG in the same way as a fireman might smile while watching surfers frolic on the beach as the firetruck rushes by them.

Someday.  Someday.  Hopefully on a Sunday.

3D-Secure is the protocol behind the ongoing change in online shopping experiences for shoppers around the world.  It allows shoppers to protect themselves against credit card frauds by requiring a PIN to be entered to complete online transactions.  Visa's program is called Verified by Visa.  MasterCard's program is called SecureCode.  If you haven't heard of either before, you will for it will eventually become mandatory.

For the past two years, getting all the merchants and credit card issuers to make the transition to 3D-Secure has been slow going as expected.  Now signs of progress made has started to appear.  For example, 35-40% of orders at Good Guys are processed by Verified by Visa (thx to Scott Loftesness).  Even better, the manager of loss prevention at GoodGuys.com said:

"I`ve never had any negative feedback.  Customers say they feel safer shopping with us knowing their card is protected. It makes their lives easier and it makes our lives easier." – InternetRetailer.com

Excellent!  BTW, Good Guys.com is a customer of Arcot Systems, the leading 3D-Secure solutions vendor.

If you are confused about SAML, read Frank Cohen article Debunking SAML myths and misunderstandings.  It is understandably pro-SAML, but it is a good source of handy answers to cover your ass with.

Objective cheerleaders are oxymorons.

No doubt about it, RFID is hot these days.  While the price of passive RFID is still considered expensive (10 cents or so) for low cost applications like tagging Captain Crunch, moderately priced goods can be tagged now and creative applications are starting to appear.

Unfortunately, RFID is being oversold like magic dust.  For example, primary benefits of RFID to stores like Wal-Mart are supposed to be reduction in labor and theft related costs.  But it doesn't take a genius to see that reducing bodycount at stores and increasing reliance on automated systems will reduce eyeballs and increase complacency which will result in increase of both small and large scale theft leaving people to wonder where has all the RFID tagged stuff has disappeared to several months later.

RFID technology is simple enough to be easily worked around by cloaking RF signals with cheap home-made RF shields and/or switching RFID tags.  Attempt to prevent such gimicks will increase cost.  Yet, I have yet to see serious discussions about these issues.  I doubt Wal-Mart has considered them either.  While I don't mind Wal-Mart volunteering to be the guinea-pig, I don't think their customers do.

I hope to see some more reasonable analysis of RFID benefits and problems than all the hype out there now.  If you know of any, please send me the link.