techno

Sensitive to user experience on mobile ? Think about security !

User, user, user. All strategies for consumer services are user centric. Which is a good plan.. User centric design, usability, user convenience, easy user purchase. The key challenge is to differentiate from other service providers, to ward of the terrible disease of this century : customer churn. Keeping a customer is a big deal. Specially when this user is paying to get a service, which is – obviously – supposed to be exclusive, high quality, guaranteed…. When a company is delivering a high quality paid service to a kind consumer, it may insure that :

i) the user is the one he pretends to be – to make sure it can be billed, ii) the user did not – by accident or intentionally – copied his rights for someone else consumption, and iii) the user does not weaken the service because he runs the service in an uncontrolled environment – e.g. a cracked device, with non protected communication…

And this is where security can help.

(more…)

W3C : this is all about spirit, tools and fun

For people doing me the favor to visit my blog, they know that I am a big fan of W3C. Not by principle, but because W3C as an organization brings a lot, in a good spirit. Let me explain you a bit how, sharing with you an amazing experience : the  W3C TPAC meeting. TPAC (Technical Plenary and Advisory Council) is the W3C yearly general assembly, combined with a large number of Working Group meetings – the actual specifications writers. This is where all W3C members meet, with an amazing mixing of population, engineers, strategist, representing startup, big companies, public organizations. The event gathered this year 480 people attending the technical plenary and 30 Working Groups. And the magic relies in the fact that this group of human, gathered once a year, fully benefit from that by constantly sharing, talking, learning, being all equals.

A spirit. Anyone you speak to here is nice, this is just a mindset that anyone naturally endorse. The reason for that is that any exchange is valuable here, and people are looking for it.

(more…)

ParisWeb 2012 : Tailor the web for the society you want

Yes ! A third contribution related to ParisWeb 2012 ! Because this event covered so much of the web that is deserves to spend pages on it. The web is not just a tool. It has an impact on the society. The way you use the web has an impact, the way you work for the web has an impact. I am gathering here some talks that touch some of the problems I find key for the “web society”.

Hacktivism. Origin : hack and activism. Fréderic Bardeau @fbardeau is working for Agence Limite, a web agency which serves non governmental organization to help them to build their digital strategy. Frédéric announced after few seconds of talk that he was not part of the cyber-enthousiast (like everything from the web is super cool), but rather a person with strong opinion, value, and positions [1]. He reminded us the definition and history of activist and hacking, to lead us to an approximate definition of what the hacktivist is, a.k.a someone who likes to crack things, perform, code and use digital communication, driven by art, politic or transgression. He admitted that this definition was flexible depending on regions, periods, aggressiveness, political commitment… But at least based on that we could start to discuss the new usage of hacktivist in the society today. (more…)

ParisWeb 2012 : Make an accessible web, make an accessible world

The web should be accessible to everyone, including people with disabilities thanks to assistive technologies. Once you have claimed that, you should be on the right side of the good-thinking people, but it may happen that this would not change anything to your life. Not being neither deaf, sighted person or blind, I am part of the people who accepted this notion of accessibility as a must have, but kept it purely theoretical … until ParisWeb 2012. This was my first time I actually realized that accessibility was needed and possible. Let me share with you few concrete actions that Paris Web deployed to make everyone on the same page during the event.

Sign language all day long. The conference was held in different rooms and each of it has a team of 2 or 3 people providing all day long live translation with sign language.This support was completed by velotypie (meaning, a screen displayed on stage, where each and any words pronounced by the speaker, including jokes, was typed) and french live translation via headsets when speakers where expressing themselves in English. As you can guess, this is simple to organize : what you need is people with appropriate skills such as sign language, english translation (@porteneuve made the job), good typers… The best challenge here was to make the choice (and associated investment) to make the event accessible. (more…)

ParisWeb 2012 : Make a beautiful web

As announced in a previous post, last week was the week of the francophone web, with Paris Web 2012 conference. 600 people including 70 speakers gathered in IBM conference center in Paris, orchestrated by a team characterized by a great kindness and smartness. The conference covered so much various topics that it was just like having a walk around the best monuments making the web today. We reviewed the state of the art of the web technology, society impact, usage trends, with a shared worry among speakers to have target speech, avoid bullshit, useless introspection and starring traps.

I am proposing here several posts to share some pieces I have been delighted to listen. Lets start with the design aspects : several speakers shared with the public their vision on how to be a good craftsman of the web, in terms of design.

(more…)

Experiencing #ParisWeb this week !

ParisWeb is one of the great web developer event held in Paris. Based on an amazing team of volunteer, this conference is gathering motivated attendees, 70 speakers (including me) in a collaborative framework. Everyone getting there seems to be ready to participate, share and learn.

The conference is happening this week, from the 18 to 20 of October, with 2 days of conference and one day of workshops. This year the program will cover various themes such as (frenglish list extracted from Paris Web official website) ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; .

Event is sold out – actually few hours after tickets were made available – but all attendees will definitely return their experience via social media, blogs, press. Live streaming is set up and in addition all material is usually now available on-line after the event, so in a way or in another you’ll get something from ParisWeb [1].

Anyway, if you wanna feel the ParisWeb energy this week, follow #ParisWeb hashtag on Twitter…

 

[1] Program and conference material under http://www.paris-web.fr/2012/conferences/

Grasping mood of the security industry during Chip to Cloud

Nice, the italian french town, with its car and boat parking lying in front of gigantic buildings, with amazing sea view. Nice with its old town and its awful modern contrast. Nice, with its World Smart Week [1], made of buzz words such as NFC, identity and cloud, held in Acropolis, offering a common exhibition area, demonstrating maturity of any-form-of-NFC solutions. An interesting initiative was conducted aside, called Université NFC des Territoires [2], allowing different french cities going NFC to share their experience and brainstorm in workshops.

I attended the Chip To Cloud Security Forum which tries every year to show a state of the art in terms of security (hardware, software), or progress on any tricky topics such as authentication (of machine, people, devices) and smart secure distributed services, including cloud. I captured this year, several interesting topics that fed the conversations during the coffee breaks.

(more…)

One step toward interoperable security on the web !

One year ago, discussions about identity and security were crowded in W3C meetings.

Crowded and controversial.

How to bring more security and interoperability in web app ? How to serve use cases such as identity management ? Why not having interoperable features for protecting peer to peer communications ? In case it happens, isn’t it a dream to think that javascript may be secured one day ?

Mozilla was key in those exchanges, driven by their strategy to develop some cryptographic function [1] and roll out their strategy on identity and Persona [2]. But other companies such as Microsoft, Google, Netflix and gemalto – I am with – were also interested to actually move on. After turning the question and gathering contributions, reactions, W3C made his mind and launched a working group with the mission to provide with the developers the basics of cryptography. The charter was defined, the chair was chosen (by chance, me), the W3C team contact assigned (Harry Halpin and Wendy Seltzer) and the group was kicked off in May 2012 [3]. With 19 organizations represented, plus 11 invited experts [4], the working group has been working 4 months on a very regular basis, including summer, investing 20 hours of conference call, 2 days of face to face meeting, and almost 1000 mails exchanged, and the result is here : the Web Crypto AP is now going for First Public Working Draft [5]. The particular dedication of Ryan Sleevi, one of the editor from Google, was key to define this API and offer it to the web developers.

But what is exactly offered there ? Basic tools for generating random, generating key, and performing basic cryptographic operation such as cipher and sign. This will allow any webapp to build its own security policy, in addition to HTTPS usage.

Is it perfect ? No. Of course there is a room for improvements, stories about key transfer, key cloning, key identifiers, access control on the key, need to be elaborated. The working group is already engaged in solving those issues, in addition to analyzing  comments from the industry – which is exactly the purpose the the First Public Working Draft in W3C process. This is a basis, on which the industry concerned with security and interoperability can start discussing with, testing, and argue !

If you feel this javascript API is important, read it ! If you find it awful, say it ! The working group and the chair will be definitely be happy to hear more from you on the public mailing list public-webcrypto-comments@w3.org !

[1] DOM Crypto by Mozilla; [2] Persona by Mozilla ; [3] W3C Web Crypto WG wiki  ; [4] Web Crypto WG participants  ; [5] Web Crypto API for comments

One day, Mobile WebApps will be Super WebApps !

A new step in the evil strategy to have the open web platform becoming the universal development framework for mobile app developers has been unveiled this summer by the World Wide Web Consortium (W3C).

Up to now ,W3C plan was to have mobile web app executed in smartphone and tablet browsers, offering features based on HTML5, CSS and some additional javascript features developed by the Device API Working Group (so called DAP for the people attending this club). Features like : network information – (how is the device connected ? 3G, 2G, Wifi…), battery status information, service discovery (is there any payment webapp on the device another webapp can use ?), vibration capability (bzzz, bzzz), management of media from the webapp … A complete list of items and corresponding specifications are publicly available on DAP wiki [1]. And in addition, if you want to follow when this will land in your favorite browsers, Dominique Hazaël-Massieux @dontcallmedom from W3C Office, is maintaining all devices and browsers implementing the standard HTML and javascript APIs [2]. Great. That was 2012 year plan roll out.

(more…)

Can I drive my smartphone safely ?

On the matter of safety, it may happen that the old and established car industry has things to teach to the young and dynamic mobile industry.

 Middle social class passengers getting into their car do not even think that their car security may be a problem. This peace of mind was not given from the beginning of this industry. We all know that first cars were dangerous. But due to citizen and governments pressure – driven by a willpower to protect lives and save national health budget – combined with automotive manufacturing collaboration – agreeing on a minimal barrier to access the safe and comfortable car market – a vehicle has now to survive several security steps, including crash tests, before being driven by a smiling father of a family (well know that only fathers are conducting in families, right ?).

(more…)