Saturday, April 23, 2011

Smartphone Widgets

Like the desktop widgets you commonly see on desktops these days, I personally feel that smartphone widgets should be equally important. Why is that so ? We would analyse through deeper into this blog post.

Benefits:
  1. Quick accessing of data and information. (Weather, Currency, News...etc)
  2. General simplicity of use.
  3. Summarised information that is otherwise bulky.
  4. Quick access to other apps or applets.
Cons:
  1. Waste space on the screen.
  2. Looks ugly. (if badly designed)
  3. Leeches additional CPU and Memory (and possibly Network) to continue feeding users with updated information.
The list of Pros and Cons could go on but the above are the general and common Pros and Cons. It really depends on what your aim is and your vision of the smartphone "desktop".

I personally see the smartphone "desktop" or home screens as similar to your desktop "desktop" and therefore, gadgets and widgets providing only the important information should be loaded onto the desktop of smartphones. It is obviously unwise to litter the desktop screens of smartphones with so many widgets that it clutters your desktop space and resource usage (which generates bad user experiences).

Friday, April 22, 2011

Keypair Keyboard

I have recently been frustrated with the small keys a soft keyboard presents itself on iPhone, Android ... BlackBerry's incredibly tiny keypad ... and all the really small key keyboard.

Here, I would present a keyboard I designed called the Keypair Keyboard. It works like the old school cell / mobile phone keypad where you have to hit a key a couple of times to permutate the letters to the ones you wanted. Keypair is different as it has only 2 permutations per key... thus saving you the hassle of multiple permutations. It also have the ability of a full keyboard by allowing you to Cap Lock it on.

If you have additional keys you want, it has multiple soft keypads where you could interchange by sliding or swapping the keypads in between.

The general dimension of the keypads are 6 blocks of key columns and 4 rows. An additional dictionary-enabled word/phrase prediction can be added to the top of the keypad.


These concepts are thought and made by me and no one else helped me. I simply get inspired to create them.

The Keypair Keyboard is a non-patentable, free-for-all, public domain innovation and anyone who wants can use it as long as they don't patent it (thus inhibiting others from using this keyboard).

The concept of Keypair Keyboard is to have a larger and fewer keys so that users would not mis-type their letters. It supports many keypads so you can switch between keypads. For example, one keypad would handle the alphabets of "A" to "Z", while the other keypad would handle "0" to "9" and some basic common symbols". The other keypad would handle the rest of the less commonly used symbols. It should allow users to add keypads and symbols programmatically or through some ways of user interaction.

Below are the two images and I would explain them and their workings.

The above variant of Keypair Keyboard is the "Swipe" variant. What "Swipe" meant is that, to change between different keypads, the users swipe left and right of the current keypad to get access to the next keypad.

The above Swipe variant of Keypair is in the Alphabet keypad. You can see a huge downward pointing arrow on the lowest left of the keypad. The downward pointing arrow is to indicate that the current letters of the alphabet are in capitals and the user could use the downward pointing arrow to down-case it to lower case letters.
The left and right or forward and backward letter selection allow users to select the previous or next possible letter to edit or change. A dictionary-supported word prediction utility is supported to predict words users may want to use.

An example to use any variant of the Keypair Keyboard - type "query". For typing the word "query", I have to tap on the "Q/W" - once, "G/U" - twice, "E/R" - once, wait for a while, then proceed with "E/R" - twice, "T/Y" - twice.

This above is the next variant Keypair Keyboard called the "Plain" keyboard. It does not support swiping actions to change keyboard so it is "plain". You would notice that there is a key on the lowest left side that have two arrows pointing at opposite directions. This key is used to switch between keyboards. This picture contains an error where the Caps lock key is being replaced by the Tabs key.

These concepts are thought and made by me and no one else helped me. I simply get inspired to create them.

The Keypair Keyboard is a non-patentable, free-for-all, public domain innovation and anyone who wants can use it as long as they don't patent it (thus inhibiting others from using this keyboard).

Please respect my creations and in doubts, contact me via my email in my profile.

Wednesday, April 20, 2011

Apple silently logs user data

Read:
From day 1, we should always doubt our private data in third party hands. But now, it is clear that our personal devices are betraying us big time.

Sunday, April 17, 2011

OOo truely liberated

Read: 
OpenOffice.org is now truely liberated from the hands of Oracle and passed onto the LibreOffice / The Document Foundation. Power of the Open Source and Community is always amazing and powerful.

Thursday, April 14, 2011

Credibility of Stop Forum Spam

About the topic

Below is a screenshot from the page to add an IP address for blocking spam:


As you can see, the fields are so little and there is only a text box to allow you some flimsy evidence of forum spamming. Do note that computer forensics is a mammoth task and a pain. How would a small text box for evidence justify or proof wrong doing ?

We know that IP addresses are dynamic and have no credibility at identifying individual users and chances of proxies, secret proxies, accounts compromised .. etc... are very high. Email addresses can be re-made and can be spoofed.

How do you call to credibility of this architecture of preventing forum spams by Stop Forum Spam ?

The operators of Stop Forum Spam wouldn't check anyway, as it would be a trouble to wade through every case to vet... so they would simply just let all pass. 


Possible Routes of Attack
A vector of attack on Stop Forum Spam would be using proxies and gateways privately or quietly hosted or maybe through Tor as well. Fake accounts made with Stop Forum Spam could be created and used. The flimsy way to add "spammers" as shown above, could be falsified and no one would know how true it is. 

How would any staff at Stop Forum Spam verify the accused ? The so called admin of a forum (who is in fact an attacker who falsify his identity), could falsify computer logs and even metadata to show that the accused is really the spammer.


Making The Attack a Step Up

Now, let's apply to real world scenario with a malicious twist. Most forum do not protect themselves with the minimal form of protection via the flawed SSL/TLS connection (by the way, SSL/TLS is already broken), sniffing of passwords and login credentials could be done - especially to forum admin accounts. 

With the login credentials of Super Users of the forums, the attacker could do a database dump of the members credentials and IP addresses and maybe use an automated script to post all the credentials to Stop Forum Spam with some variation of evidences. It is possible that the mass upload of credentials would cause suspicion and the attacker may have already figured that out, so an artificial intelligence in the script could regulate the amount of loaded credentials and falsified evidences.

The attacker may register with different accounts user of the Stop Forum Spam and subsequently, could upload more credentials. 

Finally, to inconvenience the forum admins that he have attacked, he could have placed all the forum admins credentials onto Stop Forum Spam too and fully lock out the owners and admins of the targeted forum they own.


Conclusion

The model used by Stop Forum Spam is extremely flawed and not trust worthy because of the nature of the Internet. It is a broken model in an attempt to fix something but fails very badly at doing so.


Solutions

The only solution that would make Stop Forum Spam, is for forum owners to register themselves and proof their ownership of the domain or website. 

All forums need to have the use of SSL/TLS or better security to protect their accounts from attacks.

For the owner of a forum to report an incident to Stop Forum Spam, the owner MUST produce database files (yes... the physical database files as it contain metadata) while redacting the sensitive credentials of all users. A fully qualified computer forensics staff would do the job of proving or disproving the entry of an incident. Stop Forum Spam and the reporting owner of a domain MUST enter into a legal contract of not revealing any details of the database files and protect the database files with utmost security and when the investigation is completed, the database files must be encrypted as best as possible with the highest security.

Thursday, April 7, 2011

ATTN! FORUM

From the title, you might have guessed, it's trying to grab your attention using all caps lock on. That's what you see when desperate people who are also probably inconsiderate post them thinking they can push their way through crowds to get to the beginning of the line and shout out what they want because they are "more important".

That's disorderly and unruly in all sense. Regardless of what excuses you have, simply waltzing in and caps lock on to grab attention, is seriously overused, overrated and over-annoying.

Forum etiquette is, if you need help, give the appropriate title that shows what help you truely need and post your questions with clarity. If there is no answers for a week, bump them up once in a while but don't be an annoying ass.

Urgency does not mean that you can waltz around and be bossy. You still have to wait for someone to answer (probably because someone don't have the answers to your questions or simply, there are too many questions and it takes time to help everyone).

So PLEASE mind your etiquette and don't caps the words and be patient. Being unruly would probably piss others off and may get you kicked, banned or removed from membership.

Be nice to others, others would be nice to you.

Disorientating Blogger

I was intending to post a blog post and I logged in, Blogger told me about some dynamic feed feature and I was curious and clicked the usual "Learn More" link. It brought me to some Google page that is disorientating because all the squeezed words sucks and makes reading harder.

Google, redesign it for goodness sake. Shorten the amount of words used and make it easier to read and easier on our eyes.

Below is a screenshot showing what I meant: