Recently in Communications Category

Personally I never understood how bluetooth didn't really take off. I don't recall it being that expensive, and functionally it works decently. I think it got stuck in a sort of chicken/egg problem, no one had it so manufacturers were reluctant to include it even if it was cheap, which also created the people didn't have it problem.

Then it slowly starts to take off, and somehow some people get the brilliant idea to create bluetooth profiles, most of which are wildly incompatible with each other and also causes some devices which clearly should have some profiles to not work with other devices.

I really like the idea, and it would be wonderful if bluetooth stacks and devices were a lot more prevalent... and if you could easily change profiles on devices when newer ones come along or need updating. My phone can't do stereo bluetooth headsets because its only got a profile for mono, thats dumb, and unfixable thanks to the bluetooth stack on it.

Just another of my, where did it go technology questions. I have some more interesting things I am working on, hopefully I can post them up soon. 
So I went ahead and attempted a basic, quick, and crude implementation of my previous idea to handle encryption and authentication myself, somewhat as a replacement for HTTPS.

It works great, so far everything seems to run smoothly and it wasn't really difficult to implement. The basis is still around the idea of a shared encryption key, which is never really transmitted except during the account creation process. This seems like a decent idea, I will need a chance to clean it up and attempt to implement a few more jazzy options such as encrypting arbitrary data for the communication instead of just a session key.

Also, as of right now a session and session key are all that is needed, with those one could potentially do man-in-the-middle by altering any other post/get parameters. To combat this I will be working to add a checksum into the unprotected parameters such that if anything is altered it will not match and would refuse to process. The only minor problem I have yet to consider a workaround for is dealing with the fact a person could take a given session/session key and pound the server with thousands of requests with slightly altered session keys. Since the session will wait for the correct key it is potentially possible for the correct session key to be guessed for the next session and it would then be accepted. I guess having the session always increment to the next expected value even on a bogus request would keep that from happening at the cost of broken sessions for the user when someone attempted to hijack theirs.

I have other updates to come, just need to get some stuff done before I write them up.
Just wondering, where exactly did push technology disappear too. Or rather, why has it not decided to appear?

Sure push email is great, for the limited few places it seems to exist and sometimes work. What I want to know though, is why doesn't push exist for things like RSS feeds. Large common services provided that people resort to making a web call every 5 minutes just to see if anything new happened. One would imagine that you could save on resources if you used a server push instead of a client pull to accomplish it. Especially with the whole web 2.0 thing, a lot of services are becomming instant-reaction in nature, expecting frequent and small updates which could be delt with far more effectivly with push.

I know, firewalls and NAT and all that jazz make it difficult, but really with upnp being a decent possibility (although I don't particularlly like it, it has advantages, it needs some sort of auth system really) it seems like it would be possible to allow push. At least offer it for people intending to use a lot of calls and let them worry about how to punch holes in the firewall, or provide you a webservice on their end to hit for the push notices. I don't even need the push to contain data really, just have it be a notification mechanism, it notifies the client to do a pull to fetch the new data. This seems like it could free up resources on both ends and on the internet in general, without really adding much complexity to things for the people who really need to use it.

I continue to dream, a dream where I could one day get status changes from dozens of services I use pushed to my various devices automatically. Or perhaps to a single server which could in turn update or notify my internal clients of the changes as needed.

About this Archive

This page is an archive of recent entries in the Communications category.

Security is the next category.

Find recent content on the main index or look in the archives to find all content.