Tuesday, December 31, 2002
Monday, December 30, 2002
Monday, December 23, 2002
Sunday, December 22, 2002
"Most of all I found that Volkswagen has a ton of credibility for being willing to play by Chinese rules. This was the story I heard often (in relation to software as often as automotive). Chinese people, I was told, are sick of foreign companies coming in, exploiting the Chinese people, and then leaving with the loot. Other companies just try to siphon off as much as possible while leaving Chinese industry hollow, but Volkswagen is willing to work as equal peers with the local manufacturing outfits. Volkswagen was willing to recycle old models for the Chinese market and sell at Chinese prices, Volkswagen was willing to play the same hustle that Chinese manufacturers play, and so on. In contrast, the people I talked to seemed to think of the Japanese automakers as arrogant and exploitative. The way I see it, the Germans are just doing a much better job of doing business with China, because they have taken the time to understand the market."
Tuesday, December 10, 2002
Tuesday, November 12, 2002
Monday, November 11, 2002
Friday, November 01, 2002
"The Petstore" Study: .NET beats J2EE in terms of performance, scalability and developer productivity
This is a critical analysis of the benchmark written by Rickard Öberg.
Another article analyzing the benchmark at The Register.
Wednesday, October 23, 2002
Saturday, October 19, 2002
In general, mainstream support includes the various options and programs you have access to today, such as no-charge and paid incident support, support for warranty claims and hot-fix support to address specific problems, which is sometimes referred to as quick-fix engineering. Extended support can include support charged on an hourly basis or paid hot-fix support. In order for you to be eligible for paid hot-fix support, you must buy an extended hot-fix support contract within 90 days after the mainstream support period ends.
In addition to mainstream and extended support, an online self-help option will be available for at least eight years from the general availability date for most products. The general availability date will be determined by adding three months to the date that MS releases a product to manufacturing.
So, how is this whole thing going to pan out for NT 4.0? Your mainstream support for 4.0 will last through Dec. 31, 2002. That is six years and not five years after the general availability of 4.0. But the extended support for 4.0 will only be one year instead of two and lasts until Dec. 31, 2003. This is consistent with the dates they gave in 2001, and complies with the seven years of combined mainstream and extended support MS promises in its new plan. Now, keep in mind that hotfixes are another story all together. It is now clear that NT 4.0 will have free security hotfixes until the end of 2003. No more hotfixes for a platform will be an immediate invitation for hackers to start attacking that platform ferociously. So, you have to plan with this! The message is: "move over to W2K before Dec. 2003 or start paying for hotfixes".
Sunday, October 13, 2002
Saturday, October 12, 2002
Saturday, October 05, 2002
Sunday, September 22, 2002
This website has some strong opinions about how job interviews should be conducted and how they shouldn't. The basic idea is to let the prospect demonstrate his ability to do the job and don't spend too much time with his past jobs or questions like "what are your greatest strengths and weaknesses" or "where do you see yourself in 5 years". This article adds some strong views about these "stupid" interview questions. I think some of these theses are too single-edged, but it's thought-provoking anyway!
Saturday, September 21, 2002
Very interesting website about personality types based on the psychology of C.G.Jung and Isabel Briggs Myers. There are 16 different personality types described and for each of them the impact on career, relationsships and personal growth is explained. There's an online test consisting of 60 questions you can take for $5.
Sunday, September 08, 2002
In this article Scott Ritter, former UN weapons inspector in Iraq, claims that Iraq has no nuclear, biological or chemical mass destruction weapons any more. According to Ritter, the attack on Iraq is scheduled for mid October.
Monday, August 12, 2002
This is a nice fiction article on the semantic web. Will it work? Maybe. Who's going to build the taxonomies?
Thursday, August 01, 2002
Wednesday, July 03, 2002
I will be moving to Frankfurt August 1st.
Allgemeine Informationen für Wohnungssuche in Frankfurt gibt's hier.
City Map Frankfurt
Datenbanken Wohnungsmarkt Frankfurt im Internet:
Frankfurter Rundschau online - Anzeigen (Erscheinungstermin des Anzeigenteils vom Wochenende: Freitag mittag in der Ausgabe "FR am Abend". Ab ca. 14 Uhr im Straßenverkauf sowie am Rundschauhaus Große Eschenheimer Straße 16.)
Friday, June 28, 2002
From the abstract: "Certain aspects of the Open Source development method, e.g., community building, open discussions for requirements and features, and evolvable and modular designs are having fundamental and far reaching consequences on general software engineering practices. To leverage such Open Source methods and tools, we have defined an innovative software engineering paradigm for large corporations: Progressive Open Source (POS). POS leverages the power of Open Source methods and tools for large corporations in a progressive manner: starting from completely within the corporation, to include partner businesses, and eventually complete Open Source. "
Wednesday, June 19, 2002
I've been looking for a way to create PDF documents without paying the $250 for Adobe Acrobat. Printing to PDF is especially interesting when using OpenOffice and sending you documents to others who might not yet have OpenOffice installed.
I've tried 602 Print Pack, but was disappointed. The quality of the printed document is not as good as the original, and http links to do not work if you view the created document on the screen.
Win2PDF looks much better. Printing quality looks like the original, and links do work. It's $35. If you are running Terminal Services, e.g. for remote admin purposes, the evaluation copy will tell you that you need the "Terminal Services Edition" which is $350. I'm waiting for feedback on this from the vendor of this product.
Monday, June 10, 2002
Thursday, May 30, 2002
John Robb makes an interesting point: he thinks the "New Economy" has really arrived, but it's generally not about higher corporate profits, but higher wages and lower consumer prices (which, combined, mean lower corporate profits ...). Both of this is driven by the availability of information on the Internet ("the monster.com effect").
Monday, May 27, 2002
This interesting paper describes Progressive Open Source (POS), a software engineering paradigm that tries to leverage the power of proven Open Source methods and tools within "normal" software engineering organizations and with their partners. "Corporate Source", i.e. shared corporate source code and by this means code review / shared code ownership are central to this approach.
The software reuse community has long promoted the notions of interface-exposing and implementation-hiding component-oriented software reuse. However, implementation hiding has a strong limitation: an interface can never completely specify its implementation.
Similarities between the typical scientific process and the Open Source process can be noted: the primary motivation for people involved in the process is a quest for knowledge and peer recognition. Through this "psychological trick" the main obstacle to collaboration, communication and sharing between different teams/departments/subsidiaries can be overcome: NIH (not invented here).
About half of the users now access the Internet from more than one location. Despite the implications of this for service design, many systems assume that users remain bound to a single computer.
Monday, May 20, 2002
Sunday, May 19, 2002
Ten Risks of PKI
The authors of both articles challenge the widespread assumption that PKI and digital certificates provide a safe method of authentication "out of the box". The second article is co-authored by Bruce Schneier, the author of "Applied Security".
In 2001 Verisign, the market leading digital certificate issuer, issued a certificate for the name of "Microsoft" to someone who pretended to be working for Microsoft, but in fact, was no Microsoft employee at all.
How do I know that I can trust a digital certificate? The trust evaluation mechanism that is implemented in Windows verifies that a certificate is signed by a "trusted" signer. A list of "trusted signers" is pre-installed in Windows. On my WindowsXP system this list currently contains 109 "Trusted Root Certification Authorities" - most of them I've never heard of, and of course I have no idea what policies and processes each of these "authorities" have to identify persons or legal entities they issue certificates for (each certification authority describes these polices in its CPS - Cryptographic Practice Statement, however these are large documents that read like a combination Law Review and Computer Programming Essay, and are therefore - intentionally or unintentionally - not understandable by most people).
"Certificates provide an attractive business model. They cost almost nothing to make, and if you can convince someone to buy a certificate each year for $5, that times the population of the Internet is a big yearly income ... It's no wonder so many companies are trying to cash in on this potential market. With that much money at stake, it is also no wonder that almost all the literature and lobbying on the subject is produced by PKI vendors."
While certificate providers pride themselves in their nuclear weapon safe data centers, the main weak link in the security chain is in fact somewhere else: how do they verify the identity of the person or legal entity they issue the certificate for, and how do they authorize the correctness of additional content of the certificate? Organizations that can naturally make authoritative statements are banks for their customers, goverment institutions for citizens, or companies for their employees. But today these institutions are often not the ones issuing the certificates. The certificate issuers are large global corporations like Verisign, that do not really know for whom they issue their certificates.
The whole current concept of pre-installed Trusted Root CAs in browsers seems to be flawed. It does not make sense to trust all these organizations "by default". In fact, today's server SSL certificates main purpose is to enable an encrypted connection, but not really to establish the identity of a website or merchant (with hosted shops the certificate often carries the name of the hoster, not of the merchant, and it's questionable anyway if SSL CA's really can make authoritative statements if someone legally owns a DNS entry or not). So we can have SSL encryption without any of those pre-installed Trusted Root CA's. For authoritative statements about the identity of a certificate owner I would trust government-issued certificates (for individual persons) or the official commercial register for companies. Further I would want to trust certificates that a company I regularly do business with has issued for their employees (but I may not want to add this company to my list of trusted root CA's!)
Abuse of private keys can also be an issue. Viruses or Trojans could steal the private key and even when the key is stored on a SmartCard it could be abused to sign things the key owner isn't aware of. With today's digital signature laws that could mean you would have to prove that you didn't sign something that has been signed using your private key. However that's probably a similar situation like when you have a perfect fake of your conventional paper+pen signature. But a mechanism to declare a private key as invalid seems to be absolutely required. Certificate revocation lists (CRLs) are supported by most systems but rarely checked in realtime when a certificate is validated for performance reasons.
Interesting bilingual (German and English) website. Some of the top neglected issues of 2001: Monopolization of the drinking water supply, CNN-self censoring about the war against terrorism, alcohol industry jointly responsible for frequent cause of death among juveniles.
Wow. Incredible visual effects, scenery, characters. And even an interesting story. Some things remind me of Lord of the Rings. The problem of power and it's danger of destroying character. And Natalie Portman as Senator Padmé Amidala is great :-) more (IMDB)
Tuesday, May 14, 2002
Saturday, May 11, 2002
Sunday, May 05, 2002
Potential MS-Office Replacement: OpenOffice.org
Yesterday I downloaded and installed OpenOffice.org. I must admit that this stuff by far exceeded my expectations. I expected some buggy, slow software, with lots of nice MS-Office functionality missing, and odd user interface. Well, not so. This stuff is surprisingly fast (I think it's faster than MS Office), didn't crash so far, nice UI, reads MS-Office documents without messing them up too much, I found every functionality I've looked for so far... word processing, spreadsheet, presentation, drawing. What's missing is the Outlook piece, i.e. Email, Calendar, ToDo, Contacts.
Today I've been doing some Research on Cross-Platform Email Server and Client Software.
- Postfix (Open Source, sendmail replacement, i.e. SMTP only)
- QMail (Open Source, sendmail replacement, i.e. SMTP only, MySQL support for account DB)
- Courier (Open Source, ESMTP, IMAP, POP3, LDAP, SSL, and HTTP; GNU GPL, see also http://sourceforge.net/projects/courier)
- Stalker CommunigatePro (Commercial License)
What's really nice is the modular architecture of Postfix/Qmail and Courier. You can use Postfix/Qmail to receive/send email and store the Email in user directories in a standard "Maildir" format. Then you can use other software to provide IMAP, POP3 or HTTP access to this data.
Email Clients supporting IMAP and LDAP:
- Mozilla (Open Source, currently RC1, no calendar)
- Ximian Evolution (Open Source but Linux only, includes calendar, an Exchange 2000 connector is available for $69 per seat)
The well-known programs Eudora and Pegasus Mail are both available for Windows and MacOS only, Ximian is available on Linux only. So there's only Mozilla left, however it does only email and news, no calendar. That's really a bit sad. In summary, if the calendar is a must, you have to use Exchange Server 2000 as back-end and then Outlook for Windows clients and Ximian with Exchange Connector for Linux clients. If you can live without the calendar (at least for a while), use Mozilla with any IMAP/LDAP back-end and hope that Mozilla will add the calendar soon.
Nick Denton says in his article that a company where people do not work very long hours, only work 4 days a week (i.e. 80%) and "have a life besides their job" should be more efficient and productive. He claims that people work more disciplined and effective if they have to get everything done by 5:30pm, e.g. to relieve their kids from childcare. Secondly, they focus on getting their job done instead of "satisfying their psychological needs" through their job - meaning they are more flexible mentally regarding changes in their job, less interested in politics and endless fruitless discussions just to prove they were "right", etc.
It sounds convincing, however I'm not sure if it really works. Dave Winer believes it doesn't.
Wednesday, May 01, 2002
Monday, April 22, 2002
Saturday, April 20, 2002
Tim Berners-Lee defines the Semantic Web as "A new form of Web content that is meaningful to computers" and believes it will "unleash a revolution of new possibilities". This is a very broad definition and includes any kind of machine-machine communication, any kind of "Webservice".
Andy Oram's article at O'Reilly Network focuses on using semantic web technology for knowledge management purposes, i.e. for "intelligent" retrieval of information from the overwhelming amount of content that is available on the Web.
The semantic web people are trying to formalize semantic and by that means make it machine-processable. Is this the right approach? Andy Oram points out that formalizing semantics basically means reducing semantics to syntax. And the more you delve into formalizing a semantic system, the more complex it gets. By the point you have formalized enough to make the system somewhat useful, it's so complex that it's hardly possible to handle it any more.
While Tim Berners-Lee's semantic web tries to offload the filtering work to machines, Andy suggests that the filtering can only be done by people, and we should then leverage technology to access this filtering work that has already been done. Google is doing this by evaluating the links that have been set by people between web sites, for its page ranking system. Imagine e.g. you could configure Google to personalize the page rank computation by taking your personal amount of trust in differerent web sites or even authors into account. Amazon's "customers that have purchased this book also purchased these ..." is another example of machine-reaping of semantic filtering work that has been done by humans. It was a human who was interested in subject A, bought book B and then decided that book C may be interesting as well. The machine did not understand anything of the content of the books and why the people bought them. Weblogs are another powerful source of filtering work that has been done by people.
Wednesday, April 17, 2002
"Product development is no longer about creating a product but about creating a platform, or more precisely a modular architecture."
"My view is that we are living in the early years of a third revolution that will transform strategies and management processes. The first was the Industrial Revolution, the second was the information revolution, and the third (now underway) is the design revolution. The design revolution is basically about realising that there is not a direct trade off between product variety and product cost. Through modularity you can achieve very high levels of product variety, while at the same time achieving low cost for development as well as cost savings in production. Modularity is pushing out the productivity frontier in product creation and is changing the rules of competition. What some companies today are already doing with modular design is changing a lot of assumptions in management about what is possible. The first company in an industry that understands how modularity lets you approach the market in new ways and implements a modular strategy can rewrite the rules of competition."
Monday, April 15, 2002
Nice interview with Ray Ozzie about moving from email to online cooperation and providing a solution for spam as a by-product.
This quote of him is particularly funny: "The catalyzing event getting me off my butt (to start Groove) was watching my son play "Quake." I still have this feeling that if we could get businesspeople collaborating as effectively as people do in gaming environments, we'd have something."
Sunday, April 14, 2002
HT stands for "human transporter", a totally new kind of vehicle ...
Interesting article - Joel summarizes the .NET migration strategy of his company:
1) Why migrate at all? Answer: .NET is a big advance in productivity, especially ASP.NET
2) We don't have enough experience with .NET sofar, so we don't build things in .NET yet which we ship to our customers. Instead we focus on internal applications.
3) The 20 MB CLR runtime is not deployed to most customer's computers yet. Bundling it with our products increases the download size/time, so fewer customers might try out our software - not a good idea. We wait for 75% penetration of the runtime.
Tuesday, April 09, 2002
Sunday, April 07, 2002
Interesting technology: "moving the web from point-to-point, synchronous RPC to asynchronous, event-driven publish/subscribe communications".
"...browsers can be updated automatically, rather than having to be constantly refreshed to get updates – [this] represents a fundamental architectural change to the Internet...it will likely affect the way all software is produced in the future."
The architecture is based on "MicroServers" implemented in Jscript on the browser/client side, EventRouters and Gateways to legacy systems.
Saturday, April 06, 2002
In this article Kevin Werbach explains the idea of open spectrum. This idea challenges the assumption that wireless spectrum is a scarcity that must be spit up, licensed and restricted in use to prevent interference. With spread spectrum technology (e.g. CDMA) however many devices can use the same frequency without interference. This is accomplished by intelligence in the receiving devices. The idea of open spectrum is to open up a significant amount of spectrum for common use.
Thursday, April 04, 2002
Incredible. A webmail client with drag and drop, auto-complete and just everything what fat desktop email clients do. Fast.
How do they do this? No client-side Java or ActiveX-Controls, they only use things that are built into IE 5.0 and later, i.e. DHTML. Behind the scenes they use SOAP to talk to their server. I'll try to investigate more.
This is an interesting site about cutting edge DHTML: WebFx.
Friday, March 29, 2002
Thursday, March 28, 2002
This is what the Lord says: "Let not the wise man boast of his wisdom or the strong man boast of his strength or the rich man boast of his riches, but let him who boasts boast about this: that he understands and knows me, that I am the Lord , who exercises kindness, justice and righteousness on earth, for in these I delight," declares the Lord .
Tuesday, March 26, 2002
This is an interesting tool, however unfortunately the pricing is prohibitive. It allows you to view the desktop screen of your customers via the Web. The customer only needs http/web access. He points his web browser to a specific address. A small ActiveX control is downloaded which then sends (streams) the customer's screen content over the web to the support technician. Both users can share mouse and keyboard control. I tried it and it did work very well.
Sunday, March 24, 2002
Web site with a lot of information on these topics, i.e. international shipping and trade.
Saturday, March 23, 2002
Thursday, March 21, 2002
Scientology forces Google to remove links to critical web site.
Update 3/22/2002: some pages of the Scientology critics site xenu.net are back in the Google index.
Tuesday, March 19, 2002
This is a "classic" article about value creation in networks. The value of broadcasting networks grows linear with network size, transaction network value grows with the square of the network size (this is Metcalfe's Law) and group forming network (GFN) value grows exponentially with network size. The notion of "potential connectivity" is introduced. I think this is a brilliant article.
Monday, March 11, 2002
"The word entrepreneur is associated with success and adventure. From my life, the only thing I can tell you that's consistently associated with entrepreneurship is failure, and the only thing consistently associated with invention is frustration," he said. "There is a long road between the idea and the reality."
Friday, March 08, 2002
The Cyperposium web site has webcasts online from this year's conference. I did particularly like the ones with Esther Dyson (EDVentures), Matthew Szulik (RedHat) and Bruce Claflin (CEO of 3COM). There's also archives from last year's conference with a session held by Tim Koogle (CEO of Yahoo).
Esther Dyson talks about her difficult job of "making CEO's listen". "It's good to tell the truth, with one exception. You shouldn't tell people you are smarter than they are, even if it's the truth ... especially if it's the truth!". She believes that an important job of a CEO is to "absorb uncertainty".
Tuesday, March 05, 2002
This article makes the point that while open standards are essential to create industries and markets, and it makes sense to build products on open standards, it's usually a bad idea to base a company's business model on open standards.
"Think ASCII and TCP/IP. Think Web browsers and servers. Think SQL and ODBC. All revolutionary once upon a time, all beneath notice today. No sane business would position around any of them. Yet that is precisely what many of today's Java-centric and XML-centric vendors are busily doing... The problem with basing business strategy on open standards is that, like a fire stoked with home furnishings, it eventually leaves everyone homeless ... In the long run, when the dust settles and everyone is in agreement, open standards offer no differentiation and erode competitive advantage along the axis that has been standardized. Survivors are forced to rethink their strategies and offer value in wholly new ways ..."
Monday, March 04, 2002
Most interesting is not the crash itself (although it appeared suddenly on a system which was running the final WinXP version fine for 4 months) but what happend afterwards. Look at this PDF file.
Two days later I actually got an email from Microsoft stating that "the analysis of this crash has been completed". Wow. They point me to a Knowledge Base article which states that either my hardware or antivirus software may be the issue. Hm. I don't think so ...
What's so interesting about this whole thing is that, besides online update, it's another "brick in the wall" to make people actually believe that software is not a product, but also a service, and consequently make them continuously pay for it ...
Friday, March 01, 2002
Interesting article on Microsoft's MyServices/Hailstorm strategie. I think they might have to start over this whole thing. The use cases they showed us at the PDC in LA were all not very convincing. And of course there is this big issue with hosting everything in a central system under control of Microsoft.
Tuesday, February 26, 2002
Another very interesting tool:
"The Octo Site Compiler compiles a complete WEB (ASP) application into one file, linking it together with the ASP-compatible WEB server. The result is an EXE file that will act as a dedicated server for the WEB application. You can redistribute this executable to your customers, without asking them to install PWS, IIS or any other WEB server. As a matter of fact, the customers don't have to know that your application is WEB-based - they will see it as a normal application."
This seems to be a great application e.g. if you have to do software testing on a variety of operating systems and browser versions. It allows you to run Win 3.1, Win95, Win98, WinME, WinNT Workstation, WinNT Server, WinNT Enterprise, Windows 2000 and WinXP on a single machine side-by-side without rebooting.
Monday, February 25, 2002
Saturday, February 23, 2002
This is an awesome good article. This article explains why much of the next generation of software may be (web-)server-based, what that will mean for programmers, and why this new kind of software is a great opportunity for startups.
I don't agree on everything Paul says in this long article but on a loooot of it ...
A related Microsoft article, naturally of the opposite view: The death of the browser
Friday, February 15, 2002
They present the version 1.0 of their architecture and protocoll specification for Instant Messaging and Presence Services (IMPS). The aim is to make Instant Messaging and Presence Services work across PCs, PDA's and mobiles.
Wednesday, February 13, 2002
"Macromedia plans to make Flash a tool for building applications rather than just animations—and to make the Flash player—rather than the browser itself—the primary target for robust Web application development."
This is a similar direction like MS is taking with .NET smart clients.
I'm sceptical. Very sceptical.
"If your customers gladly held your inventory, shipped your products, and did all your marketing, you'd make money online too. Only question: Can eBay keep growing and not destroy the social capital that is its unique competitive advantage?"
This is an interesting article on eBay's amazingly successful business model.
Friday, February 08, 2002
Thursday, January 31, 2002
America Online could do in the early 21st century what Microsoft did at the end of the 20th: control the flow of key technologies.
This is another good article on the fundamental technical, political and business relevance of the e2e principle.
Wednesday, January 30, 2002
Monday, January 21, 2002
I just read today's article from Brent about many weblogs having no RSS support. I don't know how many people actually already consume RSS feeds - I don't do it yet but will eventually give it a try, here's a nice list of RSS readers. Perhaps Microsoft should make this a standard feature of the next IE?
Anyway, my own site now provides an RSS feed, see the orange RSS button on the right side below. It was very easy to add this, even there is no direct RSS support in Blogger, which is the tool I use to create the content on this site. I just went to this page, followed the instructions ... and it works!
Thursday, January 17, 2002
Sunday, January 13, 2002
I've added a search function to this website today. I didn't install anything on my server/webspace, rather I've chosen a hosted solution. It was surprisingly easy and the integration is nice. I've chosen FreeFind, which allows you to upload your own template even in it's free version.
Tuesday, January 08, 2002
Monday, January 07, 2002
Saturday, January 05, 2002
He disagrees in many ways with Theo Kanter.
Alan Reiter emphasizes that carrier operated cellular networks will continue to be the first choice for voice communication and should be coupled with wireless data networks.
Theo Kanter proposes VoIP and says circuit switching and resource reservation capabilities of conventional carrier networks are unnecessary overhead ("because bandwidth is not a fundamental problem"). Secondly he claims that because session initiation functionality (i.e. "calling someone") is built into the carrier networks they severely limit the way the network can be used.
On Jan 7th I received the following clarification on this from Theo Kanter:
This entry of CB's weblog (http://www.cburkhardt.de/) cites my research and indicates that Alan Reiter and I have opposing views. I think this is an oversimplification as it assumes my statements about simplifying transport and hence also enabling the delivery of multimedia services to mobile users that are no longer *bundled* with the method to gain network access can be simply interpreted as that carrier operated cellular networks are going to go away. What is safe to say is that voice *will* be carried by packets in the backbone, as it consumes very little bandwidth on top of all other multimedia and data traffic. Then it is a matter of choice for the consumers, whether they are interested in more than voice. If they are only interested in voice, then they can get a voice service over a circuit-switched access exactly as it is done to today. This process of technology replacement is already taking place and part of the roadmap towards 3G. The controversy lies is how to deliver voice as part of a mix of multimedia and data services. My statements (bandwidth-reservation and circuit-switching have no future) concern the alternative methods of transport and that other ways of delivering these services exist, which incidently also challenge the current business model of operators of cellular voice services. The correctness of my assumptions are further emphasized by current developments in e.g. the Nordic countries where a mixed wireless broadband infrastructure (3G/WLAN) is being deployed. This indicates that we will see *new* types of operators and that the old ones have to adapt and this change is what we are observing at this moment. Hope that this sheds some light on the alleged controversy.
Friday, January 04, 2002
Tuesday, January 01, 2002
The Event-Driven Internet
Digital IDs, Privacy, and Freedom - The Rules for a "Certificate-Rich" World Aren't Yet Written
Rich Kilmer: "I just picked up three new Java iButtons, and three USB readers that look to the OS like smart card readers. They have a Win2000 login integration, and a great Java API (to JavaCard 2.0). The Java iButtons do 1024-bit RSA key generation/signing, SHA-1 hashing, and triple-DES encryption. They can store 30 X.509v3 certs with 1024 bit keys (and/or hundreds of usernames and passwords). You can write apps that run on the iButtons (like wallets) and they can communication to a desktop (or PDA) app. If I were AOL I'd send one of these to every one of my users and blow MS Passport away!"
I've been working on web-based SSO (single-sign on) for two years now. I don't believe that the whole world will ever trust a single Microsoft SSO system. Federation of different SSO systems sounds nice in theory, but has lots of trust and implementation problems, too. I still believe that digital certificates are the right solution. However they should not be stored in my computer, I should rather be able to physically carry them around with me. This requires a hardware solution like the one Rich described above. I wonder if ProjectLiberty will go into this direction ...