Monthly Archives: November 2007

apple, itunes, multimedia

Camera, Flash, Action: review of the LG Viewty

I’ve reviewed LG’s new camera phone here. I found this an interesting device because it has a Flash UI, one that for the most part works very well. It also has an excellent camera. No wi-fi, which is a shame.

The Viewty is bound to be compared to the iPhone, because both have touch screens. The Viewty is cheaper and has more features (though it is missing a few as well), but to my mind its biggest handicap is that it lacks the polish and attention to detail which typifies Apple’s products.

Back in 2004 I reviewed the iRiver H140, a great MP3 player that was superior to Apple’s iPod in several respects. It had both digital input and output. It had a better battery. It had FM radio. It had a remote with controls and an LCD display. It had a built-in microphone and a mic input – I still use it for recording today.

The H140 was a modest success, but nothing in comparison to the mighty iPod. Why? It wasn’t just the marketing, or the looks, though both were factors. Another issue was that the H140 and its successor the H320 have perplexing controls that almost seem designed to catch you out. The iRiver also came with PC software that didn’t seem to do anything at all, though in fact it inserted some right-click options into Windows Explorer. It was a far cry from the slick iTunes/iPod integration.

The Viewty pays more attention to usability than the H140, but there are enough niggles – like the dangling stylus holder, the awkward jog wheel, or the error-prone LG PC Suite – that you wonder if these lessons have been learned.

On the positive side, the Viewty is an excellent phone, camera, and portable entertainment device. It proves that the Flash UI concept works, and that the day will come when I no longer need to take a standalone camera to conferences and the like – paying attention, Canon?

PS does anyone know how to take screen grabs from the Viewty? If I can figure it out, I’ll post some examples of the UI.

Technorati tags: , , , , ,
Uncategorized

Another crack at the online office suite

1 Comment

The creator of Hotmail is having a crack at the online office suite market with Live Documents.

I’ve signed up but not received an invite yet. Of course I’ll take a look, but two things caught my immediate interest:

1. Uses Flash and Flex:

Built using RIA technologies such as Flash and Flex, Live Documents allow users to view and edit documents within any common browser on any operating system from anywhere.

2. Connected Desktop Client:

Live Documents gives you continuous two-way syncing of your documents and edits; between your PCs and the web and vice versa.

Sync is a big deal and would make this more interesting to me than, say, Google Docs in its present incarnation.

There’s integration with Microsoft Office and (in preparation) Open Office.

Technorati tags: , , , ,
blogging, microsoft, software development

.NET history: Smack as well as Cool

2 Comments

Microsoft’s Jason Zander comments on my piece on the early history of ASP.NET:

  • The CLR was actually built out of the COM+ team as an incubation starting in late 1996.  At first we called it the “Component Object Runtime” or COR.  That’s why several of the unmanaged DLL methods and environment variables in the CLR start with the Cor prefix.
  • There were several language projects underway at the start.  The C++ and languages teams both had ideas (Cool was one of them), and in the CLR we wrote Simple Managed C or SMC (pronounced ‘smack’).  We actually wrote the original BCL in SMC.

He says these are corrections though they seem more like supplementary information to me. I don’t have any inside knowledge of this history other than what people who should know say to me (though I do also have my own recollections of what was said publicly). He may be reacting to the idea that the CLR came out of the VB team, which Mark Anders kind-of implied.

One of the reasons I love blogging is that multiple authors can have a crack at getting the facts right. A great personal example is when I asked the question Who invented the wizard; and a good candidate came forward over a year later. If you see something inaccurate or misleadingly incomplete on this site, please do comment or let me know by email.

Technorati tags: , , ,

internet, microsoft, software development, web authoring

Microsoft vs Mozilla Javascript wars

My comment is here.

Note this debate is not only about the merits of different versions of Javascript/ECMAScript. It is also about power and responsibility. However you spin it, and however far Adobe and/or Microsoft succeed with Flash/Silverlight/AIR, I think we can agree that the browser has an important role for the foreseeable future. It is also likely (though less certain, I guess) that Internet Explorer will continue to have a large market share. The company does have a responsibility not to hold back the Web, and that surely includes not obstructing the evolution of a high-performance Javascript runtime.

It is disappointing that Microsoft says so little about IE8, presuming it exists. If the company sticks by its undertaking to leave no more than two years between IE releases, we should expect it no later than October 2008, less than one year away. It would help web developers to know more about what will be in it.

amazon

Long-term implications of the Kindle

2 Comments

Thought-provoking post by Danny Bradbury:

Is a butt-ugly $400 electronic prison for books going to get America reading again, or cause those kids to suddenly get interested in Thomas Pynchon? Survey says no. If publishers are driven by anything to look at new and innovative ways to deliver content, that problem will be what drives them. And if they do figure out a way to deliver content in different forms more suitable to the net generation, it’s unlikely to look anything like a book. Which is unfortunate, given that Amazon just invested in a device designed to mimic it as closely as possible.

Curious thing, the book. So easy to digitize; so hard to digitize well.

Technorati tags: , ,
security

15m UK bank details lost – but what’s the risk?

6 Comments

The UK is in a panic right now because data containing 15m recipients of child benefit has been lost. It’s a serious incident and the chairman of HM Revenue and Customs has resigned.

Even so, I’m a little confused. I watched TV news over lunch and several identity theft experts came on and warned us to scrutinize our bank statements with extra care because of what has happened.

So what is in these records? We don’t know, yet, though the BBC says:

names, addresses, date of birth and bank accounts

Now, none of these experts has explained to me how Mr Fraudster takes these details and translates them into cash extracted from my bank account. Perhaps he approaches my bank, posing as myself, and asks to withdraw money? He would have to produce some kind of additional fake identity to do so. Perhaps he embarks on a more complex fraud involving, say, a change of address and a replacement debit card? Fair enough, but it is non-trivial.

Further, how difficult is it to obtain such details anyway? Names and addresses are easy enough to find; so are dates of birth. Nor are bank account details normally regarded as highly confidential. They are on every cheque you sign. Some companies include bank details on their invoices or on their web site for all to see.

I’d have thought that credit card details were far more valuable to criminals, especially when they include things like expiry dates. But they won’t be part of these records, surely, and nor will passwords or PIN numbers, unless there is a lot that we have not yet been told.

I don’t mean to diminish the seriousness of the incident. This is a huge amount of confidential information to lose. But I’d like a bit more explanation about why these details are so dangerous in the wrong hands, before I rush out and close all my accounts.

Security expert Bruce Schneier would I think call these details “semi-secret”. His consistent message is that you should authenticate the transaction, not the person. See his (old) post on Identity Theft in the UK.

Update

Here’s the official advice:

What can an ID fraudster do with this data?
No password, security details or card details have been compromised, so a fraudster cannot access your bank, building society or card account. However, HMRC is advising customers that if they use any personal data, like child’s name or date of birth in their password, they may wish to consider changing their password.

If this data were in the hands of a fraudster – and at present there is no evidence that it is – this type of information might help them to commit account takeover fraud, although additional information would be needed. There is also a risk of a fraudster using those details to set up other credit or financial agreements, e.g. mobile phone accounts.

Further postscript

As it happens, I was at a meeting this evening and spoke to someone who works for a bank. He says there are several risks. A smooth-talking fraudster might persuade a cashier to release funds, though it would be a failure of policy. We also discussed direct debits. These are vulnerable, because the bank might not be involved in checking the authenticity of the instruction at all. In both cases though, these are existing weaknesses in the system. It’s possible that heightened risk of fraud could result in better procedures, so some good may come out of it.

Another thought: surely a smart thief would have copied the data and returned the CDs to the envelope. That way, nobody would know. Put another way, how much data theft occurred without it ever coming to light? It just happens that this one is very large and very public.

Technorati tags: ,
borland, codegear, delphi, internet, software development

Is CodeRage the future of tech conferences?

CodeRage 2007 starts next week. It’s a technical conference covering CodeGear’s products, including Dephi, JBuilder, C++ Builder and 3rdRail, the new Ruby on Rails IDE.

The conference is both free and virtual.

A virtual conference is no substitute for human contact. I’ve learnt this paradox over many years: even if the same content is freely available on the Web, there is substantial benefit in physical attendance. You are more focused, you learn more, you can easily ask questions, and you pick up all those indefinable signals from others who are attending.

Equally, the global fuel crisis and concern about the environmental cost of travel surely means that virtual conferencing is an idea whose time has come. Another benefit is that it includes an array of people for whom a typical tech conference is just not feasible, for financial or other reasons.

I’d like to see more of these.

Technorati tags: , , , ,
security, software development

How to write secure (and less buggy) code

Thought-provoking paper [PDF] from Daniel J Bernstein, the author of qmail, covering software security and addressing topics such as premature optimization and bug reduction along the way.

In March 1997, I took the unusual step of publicly offering $500 to the first person to publish a verifiable security hole in the latest version of qmail: for example, a way for a user to exploit qmail to take over another account. My offer still stands. Nobody has found any security holes in qmail. I hereby increase the offer to $1000.

He attributes his success to minimizing the amount of trusted code, in contrast to running code with least privilege which he says is ineffective.

(from Schneier on Security).

microsoft, software development, windows

How Akamai Download Manager hides your downloads (VS 2008 downloaders take note)

23 Comments

Yesterday I downloaded the hot new release in the Microsoft development community: Visual Studio 2008.

At least I thought I did. I used the MSDN “Top Downloads” feature, which promises:

… a more direct way to initiate a download of a limited set of selected products

The service uses a plug-in called the Akamai Download Manager. This guy is annoying, especially if you use Windows Vista. First, it doesn’t seem to work at all. Then you realize that you have to disable the IE pop-up blocker. Next, you try to select a download location but it will not let you. It respects some setting in IE that restricts downloads to “safe” locations. You had better have lots of space in your user directory, otherwise this is not going to work.

Fortunately, I do have lots of space, so even the 6GB or so I was downloading should have been OK. I gave in and let it choose the location it wanted. The next thing you see is curious – see here for a screenshot. A message appears telling you the file has been saved (note past tense, though the download is just starting) to the Temporary Internet Files folder, and invites you to open it. I knew the file could not be downloaded yet, but opened it anyway. You get an Explorer window onto a weird location that claims to be in the Windows folder (it isn’t) and shows a single folder labeled C. If you are like me, you shrug, and close it. Don’t do that.

Why not? Well, after several hours or perhaps overnight, the download completes and you look for your files. Where are they?

I looked in Documents, the supposed location. Not there.

I looked in IE’s Temporary Internet Files folder. Not there.

I looked in my Virtual Store, a feature of Vista that supports legacy software which tries to write to locations like the Windows folder. Not there.

I performed a search of my entire User folder, set to show hidden files and folders. Not there.

Before giving up, I opened an administrative command prompt, navigated to the root folder, and typed:

dir *.iso /s

Ah! There they are, in (wait for it):

C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Username\Documents

where “Username” is the current user.

Why didn’t the Explorer search find it? The problem is, you have to have the option:

Hide protected operating system files (Recommended)

set to unchecked in folder options, passing the dire warning that tells you not to do it.

Why do I normally have this checked? The dire warning doesn’t bother me, but I do mind that having this unchecked shows files like desktop.ini on the Vista desktop. Ugly. So I normally have this checked.

Hey, wouldn’t it be good if Microsoft had a single checkbox in its “Advanced” search: to just search everywhere?

What is this nonsense?

So I found the downloads. But honestly, what is this nonsense? The truth is, Akamai Download Manager is not really Vista-compatible; why is Microsoft using it on its premier developer site, for its premier developer product? Ironically, this is the community most likely to be running Microsoft’s latest and [possibly] greatest.

Further, what it is the message here? That Vista adoption is so modest that Akamai can’t be bothered to fix its utility? Or that Microsoft’s own in-house developers can’t build a decent download manager? Or offer to fix the Akamai one?

Excuse my temper. It is no fun to complete a long download and then lose the files.

Update: I also sent a comment and query to the email address given for feedback. It was msdnreply(at)eu.subservices.com. Guess what? Bounced with “User unknown”.

internet, microsoft, software development, web authoring

REST vs WS*

The REST vs WS* wars get ever more interesting, with Dare Obasanjo from the Windows Live team announcing (or confirming) his conversion to RESTful ways, and Project Astoria demonstrating that Microsoft is now building REST services into ASP.NET and ADO.NET (see here for further comment).

Microsoft is still committed to WS*, but equally seems to recognize that much of the world wants to do REST. I’m glad that pragmatism is winning over dogged determination to stand by technology choices.

Technorati tags: , ,