Thursday, September 18, 2003

A Conversation with Jim Gray

An excellent interview.

useit.com: Jakob Nielsen on Usability and Web Design

I stumbled across this site on web usability. Something that gets left out of a lot of requirement specifications. Is usability a functional or non-functional requirement?

Perhaps they represent principles that drive out both requirement types.

Sunday, September 14, 2003

Skype - VoIP Redux

So, FreeWorldDial work well from home, but not behind the corporate firewall. Today on /. I came across this new application (Skype) that combines instant messaging with VoIP. It is what msn could be, if they didn't require pay-for-use subscriptions. Software install was fine, but will it work well with firewalls and VPNs? I'll give it a try and let you know.

Monday, September 08, 2003

Update on VoIP

My original purpose for experimeting with VoIP was two-fold. 1) to talk to my daugther who just went off to college on the other side of the continent, and secondly to improve on my effectiveness while tele-commuting. The first objective looks like it will be a 'win' once she gets her high-speed (and always on) connectivity set-up.

The second objective was somewhat reliant on being able to tie into into the corporate VoIP phone network - over the VPN. This looks to be a challenge. It seems that so far, the best I will be able to achieve is Direct IP dialing. So does this put me any further ahead than using Sametime or Netmeeting? I think the answer is 'no'. To be practicable I would need to know the IP address of the recipient, that would likely be established via a sametime chat. It appears that I should focus on audio calls using sametime and getting everybody I know signed up for that.

Saturday, September 06, 2003

Everyone Needs a Personal Server

So I saw this on slashdot "Everyone Needs a Personal Server". I was kind of upset with myself. A long time ago - about when we started developing cell phone applications, I thought that this might be the way to go.


My thinking at the time was that rather than trying to jami everything into one device, spread them out a little. A palm-like device for display, an ear bud for sound, a little black box that would provide compute power and communications (I was thinking bluetooth at the time), and disk storage. So this is kind of like that.


I am sure I was the only one who thought of that too! ;-)

Wednesday, September 03, 2003

Experimenting with Voice Over IP (VoIP)

Looking for ways to work better from remote locations, I have been exploring Voice Over IP solutions. So far I have signed up with Free World Dialup . I am phone number 57902 . It is a free service.

I have been using xten-lite as the softphone (SIP agent). It was very easy to install. The quality has been good so far with the biggest variable being the speakers and microphone used by the other end. Some feedback has occured with they are in close proximity.

The biggest limitation so far is that FreeWorldDialup is not useable from behind the corporate firewall - at least I haven't figured out a set of workable parameters as yet. Perhaps it won't be needed - that is if the new IP telephone system allows connectivity over the VPN from computer based softphones.

So if you want to play around, install a phone and sign up for FWD, and gve me a call - FWD# 57902.

GSM Security Cracked

News item at Yahoo News says that Israeli researchers have cracked the GSM protocol and can listen in on GSM phone calls, and can also impersonate other callers. Iur first major concern would be "What about our HDML applications? Are our customers exposed?" I think the answer is "no", primarily becuase we would still be running TLS encryption on top of GSM.

Tuesday, September 02, 2003

Secure Web Sites versus keystroke loggers

So how do you create a website that is safe from keystroke loggers and then like when the user may be using a public terminal and you can't secure the terminal. So far my bottom line conclusion is - you can't. (underlying assumption is that you don't wish to require millions of customers to buy special hardware like a security token). If any infiltrator can install a software keystroke logger, they could also install their own version of the browser, and with it any subversions they wish.

But what could be done to make things more difficult.
A virtual keyboard for entering a password (click keys with mouse)? This would help, unless the infiltrator is intercepting gui events and can dicipher what the mouse events correspond to. Also would be exposed to video camera over the shoulder.

One-time-passwords? Every time you logon you are provided with the password to use next time. Although that would work (mostly), it wouldn't be very popular - customers would forget.

Mouse based signatures. There is new research on this from the UK which suggests that mouse ballistics could work well as a 'signature'. Would have to devise a means to use it from a web application.


What do you think?