I concur

Steven Vaughan-Nichols of eWeek is saying that its now just too dangerous to run Internet Explorer any more. As of last Friday he ditched Exploder as his #1 browser on Windows and switched to Mozilla Firefox. I concur with his opinion and have been running Mozilla as my #1 browser for a long time - in fact since about Mozilla 1.2 came out.

For the record I have recently switched to Mozilla Thunderbird as my mail client, before that I was using just pure Mozilla and I haven't used Outlook or any alternative unless forced to by work policies for years. In fact the only thing I use Outlook for is as an address book since I'm afraid its address book facility still beats the pants of any alternative. That's only be because Outlook supports almost every field under-the-sun for each contact, so many that I've never had the need to add a custom field. I wish Thunderbird or some other common LDAP schema did as much.

The only time I ever fire up Internet Explorer is when Windows XP relies on some funky IE only Active X control to do stuff like an upgrade. I find it very iritating that I still have to do this, why can't we have a standalone application so I can finally ban the IE icon from my desktop?

Instant messaging is dead - long live instant mail

I really don't get it. Just how did we end up in this stupid messed up instant messaging situation. I mean, how did several proprietary, centralized and for the most part incompatible messaging networks end up usurping the existing distributed and highly compatible messaging system we all use daily and have been for decades, that is email?

Maybe the question is so obvious no one has bothered asking it before. Let me phrase it another way. What exactly is the difference between "instant messaging" and email?

Well, I guess its because its "instant" isn't it? And it has that "on-line" indicator, and all those rinky-dinky icons and a separate little window for typing your messages in.

I see, is that it?

Well in case you haven't noticed, email is now, for all intents and purposes, pretty much instant. Most, if not all the delay in getting email these days is largely the delay for you to hit the "get messages" button in your email client. If there is any difference we're probably talking the difference between 1 second and 5 seconds. Occasionally it takes a minute or so, and once in a while when Yahoo screws up, a few hours. But really, so what? How often in IM have you hit "send" and you didn't get a reply for minutes or until hours later?

It turns out for the most part people use IM in quite a asynchronous way, one expects delays because people usually time-slice while they are using IM. I'm doing it right now. There's an answered question in my IM client and I feel no compunction to get right to it and bash in my response. Isn't that completely the idea of IM - its instant but you expect that the person may not respond. If its really urgent well then, pick up the phone!

About that "on-line" indicator... In my experience its usually a lie. Half the time someone who says they are on-line is actually not there or didn't actually mean to be. They turned on their computer and it put them on-line automatically, or they intentionally told their IM client not to announce when they are idle. So when you send them a message you don't get a response, or not until much later - just like email!

The converse is also true - half the time when they are off-line they are actually available. They either forgot to start their IM client, or are up for receiving important messages from a few people, but didn't want to announce their presence to people just wanting a chat. I find a lot of people send me messages when I'm off-line anyway - just to probe my status.

So, that leaves the separate window and icons and... Lets face it, all that is just window dressing. Yes, window dressing. One could easily build an email client just like an instant messenger (see below).

Thus, here is my suggestion: ditch all that proprietary instant messenger stuff, its time is gone and the inconvenience of IM spam, viruses and having to deal with multiple IM networks is just not worth it. In its place will be a separate email client, or extensions to existing clients (in the same way that RSS/blog reading functionality is now being integrated into mail clients).

The client will have a list of your favorite email buddies on the right and allow someone to click on a name to start "messaging" with them. The client will fill out the email From: and To: fields behind the scenes and the user will type in the message just like in a regular IM client. When they hit send the client tags the email to adds to indicate its a message intended to be read with, or intercepted by, an instant messaging tool. There are many options to do this - perhaps a special X-Instant-Message heading, maybe just a special X-Priority header value "0 (Instant)", or even just use something like putting "[IM]" in the subject line (which has the advantage its easily filterable by existing email reading technology).

On the other end the recipient, if they are running a client compatible with "instant" email will see the message in the mailbox with its "instant" header and pop it up in an "instant" message client window - again just like in a regular IM client. The recipient can then just type in a reply message and hit send - again the client fills in all those other fields normally in an email.

If the recipient should happen not to be using a compatible instant email client then they'll still get the message, it'll just appear in their regular mailbox as normal and they can still reply! If the tagging method used is something in the subject line then their reply will even appear back in the senders IM tool. So, in effect all email clients are capable of being compatible with such a protocol.

And as for that pesky on-line and off-line status? Well that's easily implemented by having IM capable email clients act as auto-responders. When someone's client starts up it goes through their buddy list and pings all their buddies email with a status query. Again this either has a specific header to indicate its just a status query, or it uses the subject line setting it to something like "[IM] on-line?". The recipient's IM tool, if its on, sees the message and responds to it based on the current users preference, adding in their status message if any. Until any response is received the other client will assume them to be off-line. Again, someone without an IM compatible client can still manually generate a response if they want to, or filter out such messages to the trash.

Finally, to deal with communication delays the IM clients can send message with receipt confirmation request. That way you can know the difference between a delivered but unread message, and an undelivered message. This will enable the client to show an animated icon for each message indicating when its delivered, read and finally when its responded to. Yeah, the "xxx is typing a message" could be synthesized too, but really, I don't think its worth it.

Any drawbacks to this scheme?

Well, it doesn't offer "chat rooms" or private multi-way conversations, or support the anonimity of IM services that let you create multiple identities. However why not use the existing Internet Relay Chat for that which is standardized, has an open protocol and has tons of free and mature clients available? Alternatively all you need is a hacked up SMTP server that can generate email aliases or mail lists on the fly by some simple email based request protocol. It then forwards emails it receives for the aliases and lists using the standard SMTP protocols. No rocket science required, no separate protocols and again completely compatible with all current email tools.

The huge benefit of this scheme is that its layered on current technology and can be implemented to be backward compatible with current email clients so you don't need to get everyman and his dog to adopt it before its useful. In fact its completely useful from day one. Plus your IM is inherently no less secure than email sent and received using your existing email client. All that good anti-virus technology you our your company bought that is scanning your email still works just like it always did. No special ports are required to be opened up so just like HTTP based protocols it works through all current firewalls with no changes.

Other benefits? Well there is no centralized IM server to go down. All messaging is distributed and the only failure comes from a mail server going down. So if AOL's email servers drop off the planet all you loose are clients using AOL email, not every single IM user on the planet. That means you're also not tied into someone proprietary system, its entirely open and clients and client extensions are easily developed.

Do the benefits outweigh the drawbacks? Well since as far as I can see the only drawback is the relative slowness of email, I say most definitely no. In my experience on average the speed of email delivery is entirely satisfactory for "instant" communication. In fact most of the "instant" feeling of IM is purely derived from its intrusive "pop up a window on receipt" behavior that demands some attention over email that will languish in an inbox. Hence its a usage problem not a delivery problem.

Next steps?

I say a standalone client and add-on for Mozilla mail should be developed immediately. A basic implementation is so easy it could be released within just a few weeks, and regular IM and its closed, proprietary messaging kingdoms would come crashing down in months. For me, that wouldn't be a moment too soon.

Share and enjoy - the great Gmail giveaway

I now have more Gmail invitations to give away than I know what to do with. So, the first three people to read this and send me their name and email address will get one.

Your undying gratitude is not necessary, just share and enjoy!

Java Faster Than C++?

Slashdot is reporting the conclusion of Keith Lea that Java is faster than C++ and C++ sucks.

Well this is no surprise at all to me - I reached the same conclusion years ago myself.

Anti-virus from Microsoft?

Well finally Microsoft is going to release an anti-virus solution. Isn't it about time? Of course many people have long ago decided the correct anti-virus solution is to just not use Microsoft Windows products lik Outlook, Internet Explorer and Windows operating system itself. However many of us actually prefer to use Windows vs. the other operating systems, and recent Mac problems show its not just Windows with some eserious security issues.

Like many others I've relied on third party AV products which cost money, often more than the OS itself over a lifetime of subscription charges, and also have many problems themselves. So Microsoft finally decides to bring out an AV solution and it doesn't even bundle it. Well I think it should bundle regardless of the impact on other AV companies because I have to admit to finding the businesses that exist from providing AV solutions particularly loathesome. I'm not even above suspecting AV companies deliberately foster a environment of fear and maybe even encourage virus writing.

Yes, they are providing a useful service, but relying on them just encourages carelessness from Microsoft and users. Its kind of like the observation that people with seatbelts, airbags and anti-lock brakes actually start driving worse than those who don't. Hence some auto insurers have stopped giving a discount for such things, they are after all devices designed to save you after you f**ked up vs. before. As I've said elsewhere, probably the best safety device for driving would be for everyone to have a big metal spike in the center of their steering wheel and no seat belts.

A similar thing could be useful for home computers - if you get one virus your machine just disintegrates completely and you're never able to use a computer again. Ditto for engineers who introduce security flaws - off with those hands!

Mobile device manufactures just don't get it

Really, the people designing mobile devices just don't get it. They keep churning out the same fixed function, limited lifetime devices with no upgrade path over and over again. I mean I ask you, how long has Bluetooth been around? Years! At least four I'll guess. And how long has it taken for them to utilize Bluetooth for anything other than cordless headsets? Almost as long.

Finally someone has come out with a bluetooth keyboard for mobile devices. But guess what, it doesn't work with regular phones, those devices most in need of a bluetooth keyboard, only PocketPC and SmartPhone devices. Your average phone with a 0-9 *# keypad these days often has a lot of CPU and memory going to waste and even a screen with more resolution than early Palm PDAs. That kind of phone is crying out for a proper keypad but not one that make the device so huge its inconvenient, and not one with keys so small you need a toothpick to use it.

And then there's the bluetooth ringer... Just how many times have you put your phone into vibrate mode and stuffed it in a pocket or bag at a movie and then promptly forgotten about it? Then several days later you discover your phone with half a dozen missed calls and everyone thinks you're out of town. Furthermore when you try to call your phone to figure out where it is its buzzing almost silently in the closet somewhere and you can't find it.

So how about a bluetooth ringer with a caller id display and answer/ignore button. Then strap it to your wrist or hang it around your neck and when you put your phone in vibrate mode you'll never miss the opportunity to call. To avoid the lost (or stolen!) phone problem the ringer alerts you to losing contact with its host phone so you know you're moving too far away or the phone is walking away...

Going even further for the geeks out there - just build such a feature into a watch. Because its just a ringer, 10 digit display and a few buttons and not an entire watch it doesn't have to be big, hefty and ugly like that Microsoft flop, the ....

Low and behold it does appear someone finally has their thinking cap on - Seiko - who are rumoured to be creating such a device. My guess is that they will quickly become very popular. Unfortunately Sieko's prototypes so far look to be, well nothing short of butt-ugly...

However all these things are just specific instances of the general problem. There is nothing fancy about a phone. A phone is really just a little piece of hardware containing a radio transmitter. Its entirely possible to put one in a compact flash sized package. All the rest of the crap doesn't need to be in the "phone" at all. Keyboard, display, memory, camera, "pda", MP3 player etc. can all just utilize the radio link provided by the "phone" radio via Bluetooth.

What people really need is a tiny pocket server with a CPU, bluetooth host, and a modest amount of RAM and permanent storage plus a decent power system. Then you need a physical system that allows all the other components to attach Lego-like to the mother system. When attached to the mother system they can suck down power from the main battery to recharge, tapping into any PSU that mother system is connected to. When detached they use thier own internal battery power and communicate with the mother system via Bluetooth.

Then device manufacturers can really start to innovate and consumers can really start to benefit. No more will people have to decide if they need a phone with camera, or a PDA with a camera, or a separate camera and a phone, or a PDA a camera and a phone. Not to mention all the possibilities with an MP3 player...

Now they can have a mother devices, a phone unit, PDA sized keyboard, minature and larger display, a minature keyboard for dialing, a music player, a storage drive, a headset, a minature camera and a fullsized camera. And guess what? They'll all work together. The cameras can send pictures over the phone or store them to the permanent storage. The MP3 player can stream music over the phone, or load it from storage. The keypads can access the mother device and make it appear like a PDA accessing whatever storage and output devices are available.

All the pieces will seemlessly fit together perhaps using some "mobile PCI" standard or whatever is appropriate. Given the ability of USB to stream a lot of data over very few wires it seems like a electrical bus based on USB wouldn't be that bad. Then all you need is some lovely industrial design as found in Apple systems.

How about making all the building blocks all magnetic so they just stick together? With extreme proximity maybe there is no need for any physical data bus connection between them at all - just Bluetooth with a higher data rate. Perhaps optional power connections for blocks requiring a recharge from an external source so no matter how many devices you have your only need one adapter and one plug to charge any and all of them. Yay!

This to me is the ultimate mobile device and put an end to closed, proprietary platforms that force consumers to buy multiple devices and upgrade a whole bunch of technology every time some new mobile gadget or radio technology comes along. Now you can just upgrade the phone radio, keypad, screen or storage completely independently.

It remains to be seen how long it will be before someone else "gets it" and figures out the packaging issues. Until then I guess you could synthesize something similar using a PDA style device without a display but with lot of SDIO Now! or CompactFlash slots. After all if you can get an entire 802.11b radio and 256Mb, or a GPRS receiver, or 2Gb of storage in one of those cards then there's not much you can't.

So to summarize: the mother device contains CPU, RAM, bluetooth radio, plus a small amount of non-volatile storage. Optionally it could have a small LCD display and a few buttons that could be shared by all devices too small or dumb to use a fancier display or keypad. They become the default input and output if no other display or keyboard is available. The battery, display, larger keyboards, network devices, screens, mass storage (1Gb and up), cameras, finger print readers, audio procesing (for MP3) and all that other good stuff are all separate, connectable and bluetooth enabled.

Needless to say the mother device runs some really clever software to sync and protect all data within its "mobile domain". If a wireless radio is available it can go out over a secure internet connection and trickle sync with an external system. Perhaps downloading your favourite blogs on the fly while it backs up your latest photos and phone numbers...

Make it so!

Spamhaus is in da house.

About a week ago I turned on a feature of my mail server that checks the source of incoming email against a realtime blackhole list, specifically that provided by Spamhaus. So far its been a great success and I'm now catching 50 to 100 bogus spam emails per day.

In case you don't know a realtime blackhole list contains a big list of all known sources of spam and can be queried by IP address via a DNS lookup. SpamHaus offers this service free to low volume users (even commercial ones) and suppliments it with an exploits block list. This list contains IP addresses that are know to have been taken over by viruses, trojans, worms and other exploits that send out spam.

The only problem I've had so far is that Ziff Davis is sending out their ExtremeTech and eWeek publications from an IP address listed in the SpamHaus RBL. Fortunately I've configured my mail server to send me a copy of all emails that are rejected while the sender gets the usual SMTP error. So it looks to the sender as if the email was never delivered - hopefully discouraging further spam and moving my email addresses of spammers lists (fingers crossed). But getting a copy of the email rejected does allow me to check for problems like the Ziff Davis situation. I've alerted ZD to the problem, or rather attempted to since the do not list any technical contacts on their web sites, just marketing and sales people.