Aruberusan News

What is “security”? Well, not in broad sense, that is, but in software security? What does it mean: to develop secure software? What do we understand to fall into the realm of software security?

I tell you what I mean when I say “software security”. For me, the software security means to bring the intent of the original designer to the customer.

This is very simple. The designer had some idea in mind when designing the software. He had some intention for the software to function in a particular way. That mental picture is translated into design, brought over into development, translated into source code, translated into binary, delivered, installed and configured at the csutomer’s site. And our task is to ensure that what operates now at the customer’s site reflects exactly what developer had in mind. If it does not – we have a breach of security.

I know that this is a very broad definition and it encompasses many areas traditionally thought to be Read more…

Someone asked me to provide feedback on an article regarding The Future of NFC Payments (yes, capitalized, like in “Big Future”). I do not cherish the idea of giving up my contact details for a brochure download, so I did not read the actual paper. I cannot imagine why people would not want their ideas to be widespread. I think it is silly to force people to register when you want them to read your articles, for they will simply read it elsewhere.

Anyhow, back to the subject of mobile payments with NFC – that’s what the paper claims to be about. I do not really know what they said inside but seeing “NFC was hailed as one of the biggest trends for mobile operators for 2011″ in the blurb is enough to get an idea of what might be on the inside.

Now, let’s be clear that mobile payments are a fighting ground for two large forces: the banking industry and the mobile service industry. Both of them deal with a lot of customers and a lot of cash. And none of them would willingly give up the payment transactions stream to another. One, the banking industry, owns the terminals and the networks, the payment infrastructure. The other, the mobile industry, owns the handset and the SIM card, the means of payment.

So, until I hear that those two – mobile operators and banking associations – came into some sort of an agreement between themselves on some terms regarding the mobile payments, I am not going to lose my sleep over any imagined mobile payments trends, with or without NFC, this year.

Mind you, there is always a chance for a small handset manufacturer like Apple to come up with a painfully obvious scheme that Nokia simply cannot afford…. But that is another story.

I stumbled upon an article in PopSci (Popular Science?) on-line publication titled Everything You Need to Know About Near Field Communication. My opinion is that many of the things described there reflect a lot of wishful thinking on the part of the smart card industry players. Especially where they go on about “everything has just started to come together”, which is exactly the same thing they were saying for the last five years or so. I was on the inside, I should know.

I think that for the more inclined to actually understand the technology in easy words, I would suggest simply reading the original NFC White Paper written by myself years ago and published by Ecma International. Trust me, nothing much has changed in the meantime, all concepts still apply today as they applied then.

One of the buzzwords I dislike is “Corporate Responsibility”. It is overused, abused and never means what it is supposed to when you hear it from the top managers. However, it is important. Rather, the concept that it used to mean is important.

I spent a few months in Russia now and I am shocked and disgusted at how business is done there. That is the place where you go if you want to learn what the consequences of irresponsibility on a grand scale are.

Nobody feels responsible for anything there. The only king of this newly capitalistic country is money. Everybody dreams of making money quick. Some people make the money quick. Some don’t. But for everyone the main theme remains – just make money, no matter how, no matter what the consequences are, never mind the “after”.

What is the result? Well, most, or, perhaps, all of the business is based on making or buying something dirt cheap and selling it high. Most products are made in China or are counterfeit. Everything is made of the cheapest materials and with the cheapest technologies.

Can you imagine the life in a disposable world? Disposable furniture, disposable cars, disposable roads, disposable buildings, clothes, everything. Food is mostly dangerous for health, as is water and air. Every service you get is done as if you are a really annoying beggar, not a paying customer. All products you buy start falling apart as soon as unwrapped.

And it really matters nothing if you have a little or a lot of money. What you buy with a lot of money is still counterfeit and the same horrifying quality. There is no way to buy for yourself a higher life level, unless you ship everything you need from abroad, like some rich people there do – they just fly all their food and necessities from Germany.

And this is the result of one thing – corporate irresponsibility. Yes, they make money, a lot of it. But, when everyone provides shit to everyone else, what help is all that money?

I find it disturbing how even the most normal appearing people are falling for the cheap-cheap-cheap mantra of the day. Take the telephone services. My friend, who would always check the quality of everything he buys and make sure that it is of at least fairly acceptable level, falls for the “we have it cheaper than everyone else” internet and telephony package. Result is very predictable: half a year of wasted time, miserable service, lost money.

Why does this happen? It seems easier to accept the “everything is equal anyway” lie when you cannot assess the quality expertly in advance. It is probably difficult to assess the quality of a used car for a non-specialist, but at least you can see the rust. When you only see the colorful brochures, it becomes near impossible to judge the quality of a future service. And it is, oh, so easy to judge the amount of money you pay.

When you select the services next time, remember, it is not only the money you pay. The service you receive should also be taken into account. You are not just paying money, you are paying money for the service. Make sure the service is worth your money.

Wasn’t I saying it all along? The net result of abandoning DRM (Digital Rights Management) would be positive for most companies. Various studies show this again and again from different perspectives. This time it is a behavioral study of an Oxford economist Karen Croxson discussing the potential customer behavior and result of the piracy on the net sales. And the conclusion is still same: piracy does not hurt sales, even helps sometimes.

Really, if one abandons DRM and lets go of the piracy hype, the result must be positive. Here is the list of things to consider:

1. The customers that buy your product would buy it anyway.
2. The customers that would not be buying your product will not buy it anyway
3. The customers that are influenced by the “ease to copy” and decide to copy instead of buying are extremely marginal in number.
4. The experience with your product, the rumors, the hype, the word-of-mouth advertisement would generate many more customers than you might lose in the previous category.
5. Customers loyal to you are not annoyed by your silly DRM schemes.
6. You do not need to waste money and time on the DRM.
7. People who spent time breaking your DRM schemes and making bad publicity went to do the same for your competitors.

And the list goes on and on. I cannot think of any logical (as opposed to “feel good” or “appear good to the boss”) reasons to fight piracy and create DRM schemes. Happily I am now only annoyed by DRM as a customer and I can vote with my wallet for the products with good sense and reason.

I spent a lot of time recently thinking about toys. Well, it all started not so recently, in fact, but recently this idea that I am toying with is not letting me rest. So I spend more and more time thinking about toys.

If you never noticed, the toys in the shops are somewhat different from what we used to have a good twenty years ago. Drop by some time at the toy shop and have a very good look around just by yourself. Check out the toys. See anything strange? No? Check the material and where they are all made. Maybe that’ll give a clue.

Once, toys were not so abundant. When I grew up, the toys were something very special. You did not even get a toy every birthday, although the parents tried. They were expensive and they were good. And you cherished and wanted them. And they were a pleasure to hold and, oh, so carefully, to play with.

Then the industrial revolution in the toy world happened. First, there became to be many, many more toys and they became cheap. And that was wonderful. Kids could now have all the toys in the world. Well, most of them, and at least in Europe. The toys, let’s put it another way, became quite affordable. I suppose anyone could afford to buy toys for birthdays of their kids at least. Most parents bought many more toys than necessary, to tell you the truth.

And then something not so benign happened. And we did not notice it in the beginning but by now it is, oh, so apparent. The toys are made in China. The toys are made of the cheapest possible plastic. They are made without any regard to design and quality. They are not at all pleasant to take into your hands. And not pleasant or fun to play with. And they break after half an hour.

In a word, there is something awful in the toy industry. It literally went down the drain. There is probably no toy factory in the world that makes good toys anymore. The toys are bought by hundreds and quickly end up in the landfills. What is the point of such toys? They are more than useless, they are harmful.

And to get to the point, I am toying with an idea of a toy factory. I want our children and grandchildren to play with high quality toys. I want them to enjoy the toys and cherish them as I cherished mine so long time ago. Otherwise, as they grow, they will not learn to cherish things that they earn and all of their life may get filled with things that belong to a landfill, making their life a landfill. And that would be sad.

A well-known expression used an abused millions of times over the history of the mankind says that the weapons do not kill people, other people do. The meaning is, of course, that the knife is just a tool and it is up to the hand wielding the knife to put it to use – good or bad.

In fact, all of the technology is like that. The technology can be put to serve people or it can be used to deceive people. I think that recently most technologies are used to deceive people and more and more technologies and techniques arrive every day that serve this same purpose. They could be put to good use, serving people and helping us on our evolutionary path but, no, they are not. Instead, they are all abused.

I used to argue and fight against such uses of technology (that I consider to be rather abuses) but to no avail. And now I realize that it is no use fighting against it. As Antoine de Saint-Exupery says, you never fight “against”, you always fight “for”. So it is necessary to fight for the proper uses of technology, put all those resources to the service of people with their full understanding and consent.

I think this is something worth fighting for. I think this is what my company will be doing. Fighting for the right uses of technology, making it serve people, not deceive.

The government declared a “smog alert” here today. It will last for a week if anything from the past is an indicator. The purpose of the “smog alert” is to reduce the speed on the roads, especially the highways. Highway speed is limited to 90 km/h on days when “smog alert” is in force.

Local radio just gave a good summary of facts about the today’s situation:

• The smog is caused by a cloud of particles (pollution) brought to us by wind from the east, it is not originating in the country.
• The morning traffic jam was exceptional with roughly 400 km of jams covering the country (against the usual 100 km).
• The number of accidents was something extraordinary as well, although they did not provide specifics.
• Traffic jams happened even in places that never see traffic jams and without visible cause (like road works or an accident).

Managing a country is similar to managing a corporation, the basic rules are the same. So there is nothing wrong with the businessmen looking at the governmental decisions from the business point of view. What do we have?

The smog was not caused by any internal source in the country. The wind is blowing, so the emissions from inside the country are blown away and new pollution from outside is blown in.

Ok, fine, we still want to reduce the pollution at least a bit. Well, the emissions at various speeds for various cars is a very complicated subject and nobody will tell you what the cumulative effect of the speed increase or decrease will be. There are just no such data. But one thing we definitely know for sure is this:

Emission rates are higher during stop-and-go, congested
traffic conditions than at free flow conditions operating at the same average
speed. — U.S. EPA, “Automobiles and Ozone.” Fact Sheet OMS-4

So the result is that we increase the pollution while lowering the safety of the traffic (remember accidents). That is not a good business decision. In companies, people should get fired for this kind of decisions. In the government, unfortunately, this is not the case.