3D-Secure (used in Verified-by-Visa and MasterCard SecureCode) is extensible in two ways:

1. <Extensions> element – this element can be used to transmit vendor specific elements as well as standard extensions (there is none at this moment).
2. Custom message type – you can send new request/response message pairs like PAReq and PARes to either an ACS or the DS.

Both ACS and DS are supposed to be able to withstand hacker attacks, so it should be fairly safe to send unknown messages to them.  Worst that can happen is logging.  Same applies to custom elements dropped into <Extensions>.

This means it should be all right for each 3D-Secure vendor to start defining new message types and extensions.  Of course, neither Visa or MasterCard will be happy with this, but these vendor extensions will allow 3D-Secure to evolve and survive far beyond what can be achieved by a central committee dictating each and every new 3D-Secure message types and extensions.

A very useful 3D-Secure extension is Form Fill.  Why bother asking users to filling all the payment fields when all you really need is the credit card info?  Just ask user to provide the card information and press the Buy button.  If the card issuer supports form-fill, cardholder information necessary to complete the transaction will be returned in the Extensions.  If not, ask for them.  Since the user approved the transaction already by entering their PIN, they will be more likely to complete the transaction.

Another useful 3D-Secure extension is Digital Identity.  Have the user login or sign-up for membership by entering their credit card info.  If the ACS supports Digital Identity request, whatever information user allowed the card issuer to share with the merchant will be returned when asked by the merchant.

Extensions like these can and will make 3D-Secure the online payment protocol for the next twenty years.

Some open sourcers want software to be commoditized.  While commoditization could drop prices initially, marketing and branding may come into play.

Robb Beal questions OSAF's status as a charitable organization and brings up an interesting point:

With a free product, you largely don't have to compete on other aspects. (Or, put another way, users tend to discount the quality of a non-free product when there's a free alternative.)

This corresponds with my thoughts on quality and functionality thresholds.  While both factors matter, their impact drops off after a certain point.  Once free software achieves sufficient level of quality and functionality, there is no room for commercial software.

If I am completely happy with what I have been using, why would I want to switch to something new that provides features I care little about?  .  Even if the new software cost only $1, cost of migrating data and training weights in.

A lot of open source projects take donations, usually via PayPal.  I have no idea how much donations are being made, but a glimpse into AbiSource.com's tip jar appeared in an Register article about a PayPal fraud.  I am disappointed by the amount and frequency of donations as well as PayPal charging transaction fees for open source donations.  AbiSource makes AbiWord, a well-known cross-platform word processor.

As I mentioned before, I am not against proper use of open source.  I have open sourced one of the first implementations of W3C DOM API to good effect.  While it has not been upgraded to support DOM Level 2 and SAX Level 2, it included HTML API support which popular DOM implementations are just starting now.  I have also used open source products such as OpenSSL, Eclipse, Perl, Python, and various Apache products.

My issue is with the word 'proper'.  Open source extremists belive all software should be open source.  Extremists on the other end believe that source code, like dirty underwear, should be kept proprietary.  I would like to believe that most people fall somewhere between those positions, within the galatic plane of our software galaxy, the Milky Way.

To get a better understanding of open source and its effects, I am going to post my thoughts and observations on open source until I run dry.  Here are some to start with.

Monopoly – is it possible to have a monopoly in open source?  Can an open source project or group grow popular enough to cause other open source projects to suffer from lack of resource and exposure?  Is Apache a glimpse into the future of open source?

Legality - if I build commercial software using open source components which 1000 people contributed to, am I liable in some way?  Can open source licenses stand up in the court?

Genie - open source is like a genie in a bottle, once its out, its difficult to put it back.

As I have other thoughts in the future on the subject of open source, I will post them.  I ask you to do the same.

This is my itemized response to Larry Lessig's comments about my post on OSAF. 

Before I begin, let me comment on Dave Winer's role in all this.  In the blogspace, it is difficult to get exposure because search engines like Google are not designed to keep pace with blogs.  Popular blogs like Dave's provide much needed exposures for eccentric hermits like me.  When he posted a juicy part of my post on OSAF, I knew he was just trying to give me exposure and nothing more.  I attributed his short comment to his open mind and not some hidden anti-open source agenda.  So all the Dave this and Dave that in respect to OSAF is uncalled for.  Besides, I don't like it when someone else receives what is rightfully mine, even if they are rotten tomatos. <g>

I don't see how anyone could on principle oppose having the source code for a program available.

This statement simply demonstrates naivete only a good-hearted person might have.  I would love to have Larry live next door, but I wouldn't be happy if he was my accountant.  Principles are like those cute Japanese characters with summarized body parts.  I like them but don't put them on my dinner table.  Unless a software publisher has compelling reasons to make source code available, it makes no sense to do so.  Source code is not something you fire and forget like a sidewinder.  You have to document it, support it, deal with changes, and monitor license abuses.  On principle, KFC should on have no opposition to selling raw chickens let alone their recipe.  On principle, Snow White and Seven Dwarves were just friends (hmm.  I wonder where this came from…).

If there were a way to assure coders — especially independent coders — got paid even though the source of their code was open, then it would be hard to oppose open code. And while it might seem odd to imagine how that is possible, we should recognize that our economy already has about a billion ways in which it secures payment to creators without locking up the creativity. Some of those would be bad (moving music back to the patronage system, for example); but not all of these would be bad. And if we could devise a way for coders to get paid, including coders independent of companies like IBM, while allowing the source code to be free, then this legitimate concern of good-souled skeptics could be met.

I really wish Larry lived next door to me so I can have lunch with him whenever I feel the Hand above the World is resting on the flush handle.  I read Professor Terry Fisher's working paper on the music industry and found no workable solution that can be applied to the software industry.

The situation in the music industry is a case of homicide with music lovers, drunk with new technology, killing the musicians, publishers, distributors in mass.  Fair use is a joke.  I don't deny that publishers and distributors are greedy son of b**ches, but a homicide it is nonetheless.  When MP3 became popular, I stopped buying CD cold turkey.  Since Napster died, I switched to radio for new songs instead of returning to buying new CDs.  Why?  Because I was no longer in habit of going to music stores occasionally to buy CDs.  Sure, I could buy music online, but I never got into habit of doing that either.  Lazilly, I seat back and listen to old CDs, LPs, and tapes or turn on the radio.  Watching the music industry go up in smoke with RIAA fumbling around it like the Three Stooges is hilarious and scary at the same time.

The situation in the software industry is a case of suicide in progress.  Within the industry, its the service sector killing the product sector with unfair cross-subsidies.  Most of the open source projects so far has been for consumption within the industry.  They were usually software tools and components one uses to build software with.  Linux is both a tool for developers as well as a component for server products than a consumer product.  The level of expertise and tolerance within the software industry was high so the quality didn't have to be high for open source projects to be useful.  Lower quality justified giving them away and charging nothing in return.  The Cathedral and Bazaar worked in that context.

For almost all of my 20 years programming, I have built consumer products and provided consulting to companies building consumer products.  In all of these efforts, I have bought tools and components.  Under onslaught of open source and free tools and components, I am buying less tools and components.  While open source proponents will say this is a good sign, I say open source killed developer tools and components market in return for nothing.  You see, if the tools and components are good enough for me to use in place of commercial tools and components, I don't need books and consultants to use them.  Am I glad with availability of free slaves?  No, because open source is starting to encroaching into the consumer market, the market I am making a living off of.

Documents about Chandler talks about various "killer features".  Killer features are intended to kill something.  If Chandler kills Outlook, we'll have Chandler where we used to have Outlook.  Nothing really changed except now no one is making a dime instead of the Bully making all the money.  The consumers will love it of course and learn to take free software as the norm.  How dare you charge money for what should be free?  The service sector will eventually get nothing in return because consumer software will be so easy to use and customize that they won't need any help.  The book industry will live a little longer.  No wonder Tim O'Reilly is so strongly pushing open source and free software.  How about free books too Tim?

Frankly, I don't know where the software industry is going.  I know Microsoft is causing serious harm, but I also understand their position which is "you can't punish us for being successful."  Understanding or not, I am willing to sacrifice my sense of fairness in return for the well-being of the software industry.  I think the appropriate solution is to break them up and implement preventive steps such as a) requiring software companies to place file format in the public domain, b) outlaw harmful bundling, and c) strengthening industry associations to maintain the well-being of the software industry.

I say, let us sue Microsoft for the damage it is doing to us instead of ripping our heart out to replace it with paper hearts.  Give me back my good old capitalism where I can kick ass without feeling guilty.