Products we needed yesterday but still don’t have
In a perfectly networked world, the people and information you need are just a push-button away, and you never have to type anything twice — or ever worry about security or backing up. OK, we admit this may be too much to ask in 2004, but there are a number of products that would make our digital lives easier and that should exist today. But we still don’t have them.
Intrusion detection that detects intruders
To date, intrusion detection systems have been rendered useless by their inability to separate actual intrusions from the vastly greater volume of normal traffic on the networks on which they are installed. This means that network administrators must spend weeks or months weeding out normal traffic in hopes of finding an intruder who may or may not actually be there. It’s likely that the time required to make today’s solutions truly useful would exceed the time needed to remediate an actual intrusion, or the cost required to fix one.
Booting from iSCSI
It’s nice that major operating systems support iSCSI, but shouldn’t we extend that support to every system motherboard’s BIOS? If the BIOS contained code that could find a target iSCSI drive across the network and could handle IP addressing and security requirements, then IT shops could deploy diskless servers and PCs, concentrating their boot volumes on a central, easy-to-administer array.
E-mail reply bombs for spammers
OK, maybe this isn’t a real product, but after all, isn’t spam simply an extremely low-grade form of terrorism? The first spammer we meet in the flesh gets a cigarette and a blindfold, because we’re tired of wading through pitches for the Paris Hilton video, $50 online degrees, and miracle diet pills.
Lightweight identity federation
In an enterprise context, we face serious liability and high risk, so we need strong assurances. The emerging Web-services-oriented approaches to federation aim to deliver them. But we also use and provide identities for which weaker assurances might often be appropriate. If you want to read a white paper on a corporate Web site, you shouldn’t have to create an account to do it. And if you provide that whitepaper, you shouldn’t have to wrestle with SAML (Security Assertion Markup Language) assertions, or deal with complex SDKs in order to enable reuse of standard kinds of credentials. Along the continuum of digital identity solutions, there’s a need and an opportunity at the low end for a lightweight, cross-platform, Web-friendly solution.
High-speed Internet everywhere
We’ve heard the promises from carriers, but we’re not sure it will ever happen. We’d be happy if providers were honest about where it is, where it’s not, and how much it really costs to use it. Hot spots are a nice sideline for retailers and airports, but they’re utterly impractical for consumers. How many minutes online should one cup of coffee entitle you to? Airport coverage diagrams are practically unreadable. You have to pay every month, but whether you can connect from this gate in that terminal is mostly the luck of the draw. And don’t get us started on hotels that offer high-speed Internet “in select rooms” but that won’t block one of these rooms for you in advance.
Bluetooth in everything
Granted, it’s not nearly as fast as 802.11, but it’s fast enough for syncing. It’s also very battery-friendly. The wired society can’t become the unwired society if we have to think about how we connect. Bluetooth can be built into devices with none of the configuration hassles of Wi-Fi or cellular.
Disposable credit card numbers to mobile phones
For several years, American Express, Discover, and MBNA Visa have offered a service that generates single-use credit card numbers for online shoppers. Each number has a dollar limit and an expiration date. Consumers use it once, then throw it away. This clever scheme plugs one of the worst security holes in the e-commerce system, which is not that a snoop might capture a card number as it travels over the wire, but rather that the destination server where the number is stored will be compromised. Disposable numbers relieve merchants and consumers of that worry.
Current single-use schemes assume the consumer is at a desktop computer, running an application to generate the number that gets plugged into the merchant’s online form. But why not use a mobile phone, from a store or restaurant, to retrieve the number? It needn’t even be a data call; voice could suffice. Of course, that would require universal and reliable mobile phone encryption, something else we needed yesterday and still don’t have.
Universal IM interoperability
This may be unrealistic, given that ISPs such as AOL and Yahoo rely on their IM services to tether customers. The next best thing would be a user-friendly method of federating identity between IM services. But it might be too much to ask for even that. In a pinch, we’d settle for a broad adoption of IM gateway services by the major providers.