Lunch at Buck’s

I had lunch at Buck's today.  Believe it or not, it was my first time.  Despite countless lunches with VCs, I somehow never had lunch there.  Joining me were Bill Harris and Louie Gasparini, respectively Chairman and CTO of PassMark Security.  Although I didn't eat much as usual, I really enjoyed the lunch.

Bill, who was CEO of PayPal and Intuit, had great stories to tell.  The ability to tell stories well is a valuable skill I wish I had but don't.  All I can manage is react intelligently or project voice to forcefully pound in a message or two.  That's second class IMHO compared to the ability to paint and animate a picture with voice.

Anyhow, I'll have to try the artichoke next time.  Robert, remember that lunch you owe me?

What’s wrong with Sem@code

When I posted about Semacode yesterday, I had a vague feeling something was missing and bugged me rest of the day until I realized it while in the ZZ land.  It's that a Semacode maps to a URL which is a silly thing to do in the post-Google era.  Websites, particularly small websites likely to be pointed to by Semacode, tend to disappear over time and it's mostly read-only, meaning only those who own the website or are members of the website can add information to it.

Semacode should be just be a string (it could be a set of keywords or even just numbers) unique enough to be used as a reliable coordinate in the online search space so that looking it up at a search engine will return only the links directly and deliberately mapped to the coordinate.  This way people can add information about the object at the coordinate without restrictions.  If it happens to be a restaurant, they can even post a bad review on their own blogs and it will still show up on cellphones after Semacode is scanned.

The Big Idea here is that you don't really need a URL if you have good search engines.  For wiki-fans, it's like turning the entire web into a wiki of sort by using search services like Google to weave a wiki page out of pages across the Net.

Think different people.  It's all right if it has been done before as long as it hasn't been done by you.

MP3 Phone Battle in Korea Heating Up

While the patent fight over MP3 phones in Korea is ongoing, the conflict between the Korean music industry and cellphone makers is about to reach the boiling point (Korean).  While the Korean music industry is trying to ban MP3 phones in Korea, LG Telecom wants LG phone users to be able to download and play any MP3 files.  As in most such conflicts in Korea, neither side is prepared to lose.

Whether MP3 phones are banned in Korea or not, both sides have to worry about downloadable third-party software capable of accessing other music networks and playing other formats.  If they cripple the device so that downloaded software can't access the cellphone's audio, then Korean phonemakers will lose the competitive edge over models from other phone makers.

Only possibly workable solution I see is Play Tax.  The idea is to charge music listeners using audio devices by the minute and compensate the music industry.  Differentiating music and conversations can be done by a chip on every device that can output hi-quality sound.

Tired

I am getting tired of making execuses for our troops in Iraq.  I know it's just a few among hundreds of thousands there who were responsible for the ugly deeds.  I also know that it was the zealots in the military intelligence willing to do anything to get information and irresponsible army commanders more interested in avoiding political conflicts than doing the right thing.

But the road to understanding how those soldiers can do what they did, even if coerced, leaves rest of the hundreds of thousands American soldiers in Iraq naked.  Could other groups of them have behaved better under the same circumstances?  Sadly, my answer is no.  Only consolation is that armies of other countries would not have done any better if they were traumatized through the same tragic events as US have.  Some consolation.

I am not sure which is worse.  Death of thousands of American citizens and Destruction of a famous American landmark or stunning blows to our pride like this.  The former enraged me, the later left me hollow.  I know that most of the pride was more wishful thinking reinforced by the hero-worshiping media, but it's shocking still to be stripped of it.

Update:

I thought this Washington Post editorial titled Mr. Rumsfeld's Responsibility was a good read although it didn't say what I was hoping it would say.

The lawlessness began in January 2002 when Mr. Rumsfeld publicly declared that hundreds of people detained by U.S. and allied forces in Afghanistan "do not have any rights" under the Geneva Conventions.

This was what I was hoping the editorial should have said:

Regardless of law and origin, people are not born with basic human rights nor are they deserved, earned, or gained by agreement, but they are given by those who value their sanity and the risk they face in absense of such gift to their enemy.

Yes, it goes back to my Selfish Pig philosophy.  We must give these rights out of our own selfish need to preserve of our sorry ass morals.

Sem@code

Semacode is an interesting implementation of an old idea reborn yet again (remember the Cat fiasco?) to take advantage of increasing number of camera phones to link real world to the cyberspace.  Check it out.

2D Graphics Libraries

While platforms these days have fairly good 2D graphics support like Quartz on OSX, GDI+ on XP, and , and Gnome Canvas, developers like me often have to use third-party libraries for whatever reasons.  On Win32, for example, GDI+ support is missing in legacy platforms which means either giving up on fancy graphics, redistributing GDI+ binaries, use a third party library, or writing one yourself.  Writing one yourself is fun (I have done it a couple of times over 20 years) but, unless it offers some unique features, you'll always end up migrating to a third party library.

BTW, Flash has an excellent 2D graphics engine but it's lacks an API so it's like a sports car without a driving wheel.  Yes, you can embed the Flash ActiveX and generate SWF on-the-fly but it's unwieldy for dynamic interaction and even handling gets tricky.  Embedding Adobe SVG ActiveX is just as unwieldy if not more.

While there are proprietary 2D engines out there, typically written by a few guys at a small company, they tend to disappear within a couple of years, either bought by companies (i.e. Apple, Adobe, Macromind, and Microsoft), or abandoned out of lack of interest or workable revenue model.  Besides, they charge fairly steep fees so I tend to avoid them.

Out of all the freely available 2D libraries out there, Libart stands out in features and quality.   It offers fast anti-aliased rendering and it's use in Gnome Canvas over the years means most of the bugs have already been stepped on.  Libart is also used to drive librsvg, a SVG engine, and Java 2D, Java's graphics API, although Sun made extensive changes to tap hardware acceleration.  While Libart can and has been used cross-platform, it's not exactly cakewalk to use in non-Linix platofrms.  Cairo has some interesting features and rising interest could mean it will replace Libart someday, but it's still in development.

Third-party 2D graphics library I really like these days is Anti-Grain Geometry (AGG) which, although dormant for the last two years, has been rejuvenated with the released of version 2.1.  AGG is written in C++ and uses templates extensively like ATL does.  AGG is lightweight, very fast, flexible, and full of features.  It even comes with a partial implementation of SVG viewer as an example.  AGG supports Win32, X11, and SDL as is.  It doesn't yet support features variable stroke effects like Creature House's Expression 3 engine and Fractal Design's Painter support but then it's just me being unreasonable. 🙂

I should note that subpixel graphics was first done 20 years ago in Word Handler to display 70 columns of hi-res text on Apple II.  Silicon Valley Systems, the company that published Word Handler, was based just 5 minutes from where I live now and I enjoy fond memories of working there every time I pass by the old office on El Camino.  I guess everybody remembers their first job.  LCD screens were just starting to replace LED on calculators at the time, so Steve Gibson and Microsoft ClearType can claim to be the first to use subpixel graphics on LCD screen.  Lenny Elekman, where are you now?

Update:

I thought I should put this excerpt from the AGG doc, which is still being written, for those who are expecting GDI+ or Quartz like API from AGG.

Anti-Grain Geometry is not a solid graphic library and it's not very easy to use. I consider AGG as a “tool to create other tools”. It means that there's no “Graphics” object or something like that, instead, AGG consists of a number of loosely coupled algorithms that can be used together or separately. All of them have well defined interfaces and absolute minimum of implicit or explicit dependencies.

In fact, AGG is just a bunch of C++ template classes which little or no documentation to guide you except the examples.  Don't wade into AGG unless you know what you are doing.

Master and Commander

I finally saw the movie Master and Commander today.  While the movie was very well made, I didn't enjoy it as much as I enjoyed the books.  Also I felt Russell Crowe portrayed Captain Aubrey too differently.  Aubrey I know is more stoic, drier character who gains respect by doing.  Russell Crowe's Aubrey was wittier and flimsier.  Maturin was also too young and seemed too inexperienced.  Still, I enjoyed the action at sea although I wish there was more battle scenes and ships manuevering.

Spams, Phishing, and Trojans

This Netcraft article titled Phisher Kings compares growth of phishing with that of spamming (via Payments News).  It's not surprising to me since I think phishers who rely mostly on social engineering used to be spammers.  However, phishers using trojans, like the one described in this Code Fish Spam Watch article, are not.  They are hackers using e-mail to find their victims.

Using trojans to harvest passwords and credit card numbers is, fortunately, not as deadly as it might seem at first glance.  Why?  Because trojans require more technical knowledge, higher cost of maintenance, and higher cost of labor necessary to mine the returned data.  It's all glory and little in return.

In comparison, phishers with spamming background tend to focus on what really matters, the ROI numbers.  Instead of wasting days and weeks to write and finetune trojans, they use a web page editor to create their lures and receive their loots in ready to use form.

There is a more dangerous group of potential phishers we need to keep an eye out for: telemarketers.  While most spammers operate blindly, telemarketers leverage information to choose and attack their victims more intelligently.  Phishers with telemarketing background are more likely to be spear-phishers, phishers who target rich victims with tailored attacks.

When they come for you, they will know your name, where you live, what finanicial services you are using, and more.

42nd

Today is my 42nd birthday and I have yet to wake up.  I like to run away alone to some quiet corner of the world on my birthdays, but haven't been able to since I got married.  I wish I could be standing somewhere in Tibet right now, completely lost and grinning for no reason at all.

I want to be somewhere where I don't have to think about things like Bush, Iraq, Google, or Atom.  And I want to be there without hours of jet engine noise.  Maybe I want to get there in a merchant ship, puking across the Pacific and telling passing whales 'sorry but you piss in there too, don't ya?'

Why do I like to get away on my birthdays?  Well, I do get into a really weird mood in the first place, and I want to remember all of my birthdays by eccentric events.  Living the everyday life is like living in a mine, you can't tell what time it is without a watch.  It's like being told the wind outside is 30mph instead of feeling the wind on your face.  Being alone and somewhere I never been before lets me feel the 'wind' of life as it passes by.

Oh, heck.  Maybe when I retire, I'll pickup my travelling stick again.  Until then, bitching is all I'll be doing.

Secure UI: 9-Block Phishmarks

When I originally came up with the idea of phishmarking, I was thinking of using fractal patterns.  Unfortunately, fractual patterns are rarely simple symmetrical designs so they are more difficult to remember.  So while I was looking for a different approach, I remembered Jared Tarbell's 9-Block Pattern Generator at Levitated.net which basically does what quilt makers have been doing for ages but with simple shapes that can be used to build a shape that is easy to recognize even at small size.

It uses following 16 shapes, rotations, colors, inversion, and some rule for symmetry to generate astonishing number of designs.

Below is my implementation of 9-block phishmarks being used in browser toolbars.  Note that phishmarks are anti-aliased because the display area on the toolbar was too small.  Cool, eh?

Pretty and Safe!

BTW, Jared told me that 9-block pattern generation algorithm can be used without a license although his Flash code is under GPL.  Jared also has other interesting graphics generators that could be used for phishmarking although I am not sure about licensing.  For example, Bone Piles and Combinatorial Critters are pretty interesting although they will require more real estate and more complex coloring schemes.

9-block quilts are very interesting although not enough to make me want to take up the sewing needle.  Heh.  Anyway, if you want to find out more, here are some links to get you staretd:

Update:

To be more precise about how many unique patterns can be generated, above implementation uses 17 bits for the pattern (3 bits for the middle shape and 7 bits each for corner and side shapes) plus foreground and background colors.  Taking limits of human vision and color restrictions, I would say this implementation of 9-block phishmarks can generate around a billion easily recognizable unique patterns.  That's enough, I think, against phishing.

If not, adding a few more shapes will be enough to assign a unique design for every single person on earth.  Hmm.  Wouldn't it be interesting to assign one to each last names so they can be used as 'house' symbols?

Update #2:

Please read the post about PassMark patent that could affect this and other phishmarks.