Liberty Alliance: Freedom to Conspire?

"Scott" reported on a couple of commentaries on "Liberty Alliance" by Doug Kaye and Patricia Seybold.  Both commented on LA 1.0 spec as being marketing-oriented and did not offer much to the consumers.  I agree completely and that is why I like LA.  Let me explain.

LA is an unusually large group of influential companies from most segments of the online market.  With the exception of Apache Foundation, each of those companies are profit driven meaning they seek to profit from LA initiative, either by increased revenue or cost saving.  Consumers and privacy issues are secondary to these companies, meaning those issues matters only if it affect their primary concerns: profit and growth.  So it is not a surprise to me that LA 1.0 spec addresses consumer and privacy concerns only from "what can we get away with?" point of view expressed in marketing smoothtalk.

What I like about LA is that it is a very large and very diverse group, not unlike realworld LA.  What I am looking forward to is how the group leadership will change in the future.  Sun has no real impact in security nor customer markets, so leadership change is likely in the near future.  What I am predicting is that juxtaposition of diverse self-interests will eventually centered around customers concerns because these issues are really all they have in common other than the need for profit.

FYI, current LA President, Eric Dean from United Airlines, resigned as of Friday.

PowerVenture.com

Speaking of job market, I registered PowerVenture.com exactly 3 years ago from yesterday.  When I registered the domain name, my intention was to create a new type of VC company, one that invests people instead of money.  My reasoning was that most [software] startups spend majority of money they receive from VC on labor, around 60 to 75%.  So I figured, why not invest labor directly instead of money?  Three years ago, this argument didn't have much leverage because there were still enough VC money available.  So I shelved it.  Today, VC money is tight but there are lots of talented people available so PowerVenture.com could take off.

This is how PowerVenture.com works from the perspective of a company seeking investment.  First you submit your business plan and labor requirements.  After initial review process, candidates from labor pool are selected and offered the opportunity to do some work for the company in return for some money and equity combination (i.e. $50/hr + 50 shares/hr.)  15% of that goes to PowerVenture.com.  You also have the option to put your equities into an equity pool, sort of a mutual fund to reduce risk.  PowerVenture.com also investes the equities it received into the pool and manages it.  Some might argue that there are engineers available at $50/hour, but startups need top quality people and you can't get them at that rate.

Anyway, this is what I have buried three years ago.  Its nice digging up old bones.

RSS Soap Opera

"Dave" has finally picked up the mop to clean up RSS fork mess, starting with a roadmap to RSS 2.0.  For a brief history of that mess in the making, see Mark Pilgrim's story.  My opinion is that if you change RSS into something entirely different from what it used to be, you shouldn't call it RSS.

Adding namespaces to 0.94!

"Dave" asked for opinions on his approach to supporting non-RSS elements in RSS feed.  His approach is to simply say "it's okay for an RSS feed to include elements not defined in the spec."  It sounds like a commonsense solution although I would also add a line describing how elements not defined in the specs should be handled.  They should obviously be ignored, but there could be elements that contain RSS elements so one must say whether to ignore contents of elements not defined in the spec.  My recommendation is: ignore unknown elements and their contents.

Microsoft admits to being Clueless Swiss Cheese

Brian Valentine, a MS Senior VP in charge of Windows development team said

"I'm not proud," Valentine said, as he spoke to a crowd of developers here at the company's Windows .Net Server developer conference. "We really haven't done everything we could to protect our customers … Our products just aren't engineered for security."

Even worse, Microsoft is clueless to the techniques used in recent attacks against Win2K.

"As of August 2002, the PSS [Product Support Services] Security Team has not been able to determine the technique that is being used to gain access to the computer," the company wrote in its security bulletin posted on August 30.

So Microsoft is a Clueless Swiss Cheese.  One spot of good news is that Microsoft finally raised the severity rating of recent SSL Cert vulnerability to critical and released a patch, a patch that everyone should install ASAP.

I have recently issued an advisory to 3D-Secure (aka VbV) implementors to protect against this vulnerability by hashing the 3D-Secure PIN before submitting it to the issuer.  Yup, supposed security of SSL made sending password in plaintext seem reasonable.  Complacency is not just a bug, but a queen bug.

Diet Pills for NET Apps?

I have been using .NET for about a year now, playing and exploring mostly.  Its good stuff except for some minor showstoppers like memory footprint.  For example, I wrote a XUL engine for .NET.  Binary itself is less than 100K, but its memory footprint is 10 meg.  Its not my code either because a HelloWorld application requires similar memory footprint.  Either there is a trick I am missing or .NET is just for large applications and servers.  If anyone has a diet pill for .NET, let me know.

Instant News and Instant Spam

One-to-many IM application like Instant News is vulnerable to spamming and other abuses.  An obvious article titled "Consumers to Marketers: Don't IM Me" discusses public opinions on IM spamming.

When it comes to delivering advertising via instant messaging (IM), marketers and broadband-service providers should take a hard look at what they're doing, according to a study from broadband-software developer BroadJump Inc. Spam is a no-no, and banner ads largely go unnoticed as consumers see the IM space as very personal.

This is a hard problem to get around without digital identify.  For example, spam filters are not accurate with only individual sentences as context.