In quite possibly the fastest update of any software I've ever made, I just released Version 0.3 of my Jajah Dialer widget. This new version adds easy update checking. Now lets hope I make this feature useful by actually updating the widget in future!

It's available here: http://www.gregsmithies.us/jajahdialer/

I just released the second version of my Jajah Dialer Mac OS X Dashboard Widget. The Widget allows you to place calls to any phone in the world using the Jajah internet telephony (VoIP) service. You can get more information and download it at the Jajah Dialer Page.

Update: Apparently there's problem with the links to the page that are being shown in the RSS feed, I'm working on it and will hopefully fix it soon.
Update: With a lot of sed editing and shell scripting, I've fixed the problem.

It's not every day that someone claims to have created a new, clean and cheap energy solutions. It's still even rarer that the inventors claim to do it through a violation of one of the most fundamental rules of physics - conservation of energy. Well, that's exactly what Steorn, a new start-up tech firm is claiming. Not only is their method of creating cheap and clean, but "energy produced is done so without recourse to external source" and "with the exception of mechanical failure the technology will continue to operate indefinitely." Wow - some pretty mightly claims!

The company then goes on to do some other very interesting things. For one, they act like a completely proprietary firm that is aiming to make millions licensing the technology. This, in itself is not strange, it is probably what I would do were I sitting on such a potential gold-mine. In order to protect their interests they are conducting private third party validation of their technology, which is also a logical move, especially for such lofty claims. However, what is strange is that they claim to eventually release the technology under a modified version of the GNU General Public License (GPL). I'd beg the question, how modified, because as it stands, the GPL leaves very little room for an individual or company to make money from an invention in anything other than the supplying of support services.

Well, good luck to them either way - apparently all will be revealed at the end of the first quarter 2007. Every part of me wants to laugh this off as a complete hoax, but the idealist in me loves to ask - what if?

So it's Oscar nomination time of year again, and many of us are going to pile into crowded cinemas in West Philly to hear people shouting at the heroine "Don't open the door girlfriend!" or laughing in the sad parts, or screaming in the scary parts, of this years nominations. Then, when it actually comes to oscar night, you still haven't seen three quarters of the movies, especially not the foreign language ones, which are never showing anywhere nearby and are generally the best of the lot. And finally, to top it all off, the final judging is done by a panel of people who, it seems, were selected expressly for their lack of touch with reality and inability to give the honours to the people who truly deserve them most. All in all, a balls-up.

Well, along come those fantastic Swedes who started the Pirate Bay torrent site. They've started a new site called OscarTorrents.com. You can go there RIGHT NOW and download every single movie that is up for an oscar nomination. After watching them, you can then vote for which you think should win in each category. They have every single nominee available, illegally, but available nontheless. So, grab your favourite BitTorrent client, and head over to OscarTorrents.com. It'll help you a lot with your procrastination efforts!

After working for the online security department of a bank it becomes very clear that there are two problems with doing any type of secure transactions online. Unfortunately, both of them are generally out of the system designer's hands. It's not the cryptographic algorithms used are flawed and hence allow hackers to listen in on your transactions. In fact, cryptographic systems used by banks and online retailers at the moment (when you see the lock in your browser and the address starts with https) are so complex that even a farm of the world's fastest computers would take hundreds of years to crack them. So, if the algorithms aren't the problem, what is? The two main problems are firstly that people are gullible, and second that people don't look after their own computers. Both of these are completely out of the service provider's hands.

The first issue, that people are gullible, is what leads to phishing attacks. These are when you get an email say something along the lines of: there is a problem with your account, and if you don't verify your account details, we're going to delete your account. Please go to the following website and verify your account." When you click on the link it takes you to a site that looks, for all intents and purposes, like your bank's website. Some of the more sophisticated ones will even log you into your real banking website after you enter your username and password. But either way, in any population, there will always be a certain percentage of users gullible enough to fall for this ruse, go to the fake website, and essentially give their login details away.

THe second issue is that of users who either are too lazy, or too ignorant to be able to protect their computers from viruses and malware. These users generally run Windows, which is unfortunate, as it is such an easily compromised operating system. Either way, they end up with key-loggers on their computer which record all of their keystrokes and submit them to a malicious third party. This person can then obviously see all of their usernames and passwords.

It is obvious that educating end users isn't working, and the security of customer computers is generally out of the scope of control of most service providers. Thus, they have to rethink their login processes to circumvent these human errors. Along comes the token (which Paypal calls the security key.) This is a small device (small enough to be kept on a bunch of keys.) Whenever the customer goes to the bank, or service provider's website, they are asked for their usual username and password, and also for a numeric code that is provided by the token. THis is a continually changing number, based either on the time of login, or the number of logins. Either way, the token is synchronized with the bank's server so the server knows what the next number the token should spit out is. If the number it is expecting doesn't match the one provided by the person login on, the bank knows that the person is not in possession of the token. IN other words, now you can actually go ahead and hand out your username and password to anyone you wish (though I wouldn't recommend it) and as long as you don't give them the actual physical device that is the token, they still won't be able to log in as you.

This sounds like the kind of system that should have been in place for years - it doesn't rely on customer intelligence.

Either way, the point of this post is that Paypal, the online payment scheme, is now offering such a device, for a once off fee of $5. If you're a paypal user, and have your paypal account linked to your bank account, as most people do, then it would be a fantastic idea to order one, because then at least you can be certain that unless you're stupid enough to give someone else your username, password, and your security key, your money is going to be safe from the more nefarious people out there in internet land.