Transfer money using your mobile phone

Saturday, Apr 3, 2010 12:01 pm
William Barnes

Here is my idea for a mobile phone payment system that doesn’t require extra equipment or crazy wireless work.

  1. You have an application on both phones
  2. The seller inputs the amount and it generates a barcode that contains the payment information
  3. The buyer scans the barcode with his phone, loading the payment information
  4. Buyer clicks pay
  5. Money is transferred
  6. Seller receives a notification on his phone

By putting the pay button in the hands of the buyer, this eliminates the chance that the seller can steal your credit card information. The seller will still get confirmation from a trusted third party that the money has been transferred. Ideally, there will be some sort of authentication done on the buyer’s phone.

If prices are set in advance, it wouldn’t even be necessary for the seller to generate a barcode on his phone. Imagine you want to buy a hotdog from a street vendor but you don’t have cash. Instead of just having a sign with prices, the vendor might have a sign with prices and a pre-generated barcode. You scan the barcode on the sign, press pay, and a few seconds later the vendor gets a message on his phone confirming your payment. Likewise, a barcode could be printed on your bill at a restaurant (to avoid the server disappearing with your credit card). Or how about an internet-enabled soda machine that displays a barcode and lets you pay with your phone?

Note: the mockup above shows an Android phone, but any phone with a decent camera should work. It’s also not very pretty, I’d expect anyone who steals my idea to make it look nicer.

Two ideas someone should steal from me

Tuesday, Sep 22, 2009 7:48 pm
William Barnes

I’m never going to get around to creating these web services myself, so somebody steal the ideas and do it for me… and send me a cheque if it works out for you.

Request a VCard by Email

A VCard is an XML (I believe) file that contains information about you (a virtual business card). It could contain things like your name, email, phone number, picture and address. I was thinking that it might be useful to have my phone number on my website, but I don’t like the idea of just listing it for anybody to copy down. This is where my web service comes in. I create a VCard at the website and place a link to it on my site. When a visitor needs my phone number, they go to this other website and enter their own email (free email addresses would probably need to be banned). The VCard is emailed to them. This would allow somebody to get my number easily but, in most cases, also let me know who is requesting it.

The other one

I forgot what it was. Honestly, I knew what it was just a few minutes ago. We got new carpet put in the house and I’m fairly certain that it is frying my brain. The whole house smells like a carpet store and I’ve had a headache and allergies for days. Maybe it will come back to me if I sleep a bit. ‘Tis late. I’ll probably remember the other idea when I’m driving on the highway and can’t write it down.

Graduate Guess Who

Sunday, Dec 28, 2008 12:18 am
William Barnes

hasbro-guess-who

Guess Who is a game where each player has a board with a bunch of pictures of people with different features. Each player draws a card with a picture of one of these characters on it and by asking question about the features (“Male or Female?”, “Does he have red hair?”, “Does he wear glasses?”) they try to guess who the other player drew.

Do this with college graduation photos and you have a wonderful gift to give to a graduate.

Owning your network

Thursday, Dec 11, 2008 12:47 pm
William Barnes

I know I’m not the first to lament the imprisonment of our social graphs. It was quite a trendy topic last year and last year I came up with a solution (only semi-original). Listening to the last episode of Net@Nite, I heard Amber and Leo hit quite close to my idea (then veer off) so I decided to write it down. I don’t claim that it is totally original–Google, Facebook, Google, and Google have come up with similar-ish ideas–but I think the scope is somewhat broader than they have in mind. All of these solutions still leave your data walled up on their servers.

The Problem

The basic problem is that I have accounts on countless social networks. I have Facebook, MySpace, LiveJournal, Digg, Twitter, Pownce, Jaiku, Flickr, and tons more that are abandoned completely. I have at least two websites. On each network I have different groups of friends, different profile information, different statuses. I’m in high school on some, undergrad on others, and law school on a few. Each one likely has a different email address for me. This is my online identity. I’m the digital equivalent of a schizophrenic. And I’m sure it’s not just me. No doubt there are few people out there who have only a single social network, but there must be enough that have too many.

The further problem is that according to Facebook I have 200 or so friends. Most of these people are probably also on other networks, but I don’t know that. I have no way of moving my list of friends from one site to another. If I leave Facebook, then I lose this list. I have no control over something that is inherently mine (this was the trendy topic of last year: ownership of your own list of friends).

Solution?

A lot of the work towards a solution has already been done. OpenID, Google Friend Connect, and Facebook Connect allow you to login to other sites with a profile established someplace else. There exist open standards for transmitting friend information like XFN and FOAF. But it’s not enough.

Central Identity

First, you need a central identity site. With good standardization, this could be hosted by anybody. It could be your Facebook profile, MySpace, Google, or some other service that pops up. And if you’re the sort who likes lots of control over their identity or just likes to play, you could host it yourself with some open source platform that would surely pop up. I will refer to the URL for this site as your CI. So, for example, my CI would be something like ‘webarnes.ca’ or ‘facebook.com/profile.php?id=28116640′ (I’m sure Facebook could come up with a prettier URL).

Your CI has to have tools for managing your friend list and your profile information since it’s going to be the location where the authoritative version of your graph is stored. It should have a display of activity on your different networks (like FriendFeed). So when I log in to my CI, it should inform me about wall posts on Facebook and @replies on Twitter. Some of the networks will be complex enough that I have to go there to use them, but I want a central dashboard to let me know when I need to go.

Signing up

When you sign on to another social network, you should have the option of making it your CI or making it subservient (a more PC term might be more appropriate) to a CI hosted someplace else. So assuming I’m using ‘webarnes.ca’ to host my CI and I want to sign up for Facebook. I tell Facebook where my CI is and we do that little handshake that you should be familiar with if you’ve used OpenID or Facebook Apps. My CI gives Facebook permission to access my profile information (and I should be able to select exactly what I want to share) and lets it download an XML list of my friends (all identified by their own CIs). Facebook goes through its database to find out if any of my friends have accounts and automatically adds them. In theory, my friends should have me listed as friends at their CI, so it shouldn’t even require authorization.

Now I’ve signed up, filled out my profile and added my friends in half a dozen mouse clicks and a line of text. What next?

Finding friends

Let’s say I find a friend on Facebook that I haven’t met elsewhere. I add him, he accepts (his name is John Smith). Facebook then pings my CI with this new information. My CI adds this new guy to this list and then starts contacting all the other social networks I’m a part of (it knows this because I linked them at sign up). Soon John Smith is added to my friends list at Flickr and wherever else. The way this works could be customized by different CI hosts. Perhaps I want to log in to my CI and selectively add John to only MySpace and LiveJournal; I don’t want to add him on Twitter perhaps. There might be some networks–like Twitter–where you don’t necessarily want to add everyone you know. That should be possible.

Blogging and status-ing (for lack of a better term)

Streams of information on different sites could be published as RSS feeds. They could be pushed to your CI and disseminated to your other profiles. A status change on Facebook might also change my status on MSN or MySpace. A blog post on WordPress would show up as a note on Facebook. Ideally comments on all of these would be synced back to my CI (because it is so very annoying when people comment on my Facebook notes instead of on the original blog post). There would be some privacy issues to work out, I’m sure, but it could be done.

Summary

This probably won’t happen. It’s too complex for most people. But it could be done behind their backs. Why should I have to confine myself to Facebook because most of friends do? My Facebook profile could easily be a mirror of a profile someplace else. Facebook would compete by providing the best central identity site. I really wish it would happen.

I apologize if this was a bit rambling. I might post some more ideas in the future that are more in depth and clear. I just felt the need to write something about since I’ve been thinking on it for so long.

Image source: terinea

My two cents

Wednesday, Dec 10, 2008 1:10 pm
William Barnes

How much is an opinion worth nowadays? I was inspired by a comment on LifeHacker that ended “Just my $0.10″. It would seem to indicate that this particular user valued his opinion at five times the value of your average two cent opinion. It’s interesting because I often see a two cent valuation on long and thought out articles, whereas this ten cent opinion was pretty short and of dubious value. But it got me thinking. What does this phrase say about the value of our opinions?

One source cites poker as the origin of this phrase. “Put my two cents in” is a modernization of “put my two bits in.” A bit is an eighth of something and if Groundhog Day is assumed to be authoritative, then two bits is equal to one quarter ($0.25). That would seem to indicate that once we got rid of pieces o’ eight, our opinions devalued by 92%.

Another source suggests that the phrase comes from a time when postage in Britain was two pence: sending someone your opinion cost a tuppence. It makes sense that the wording would change on the other side of the Atlantic, but does this mean that a British opinion is worth (at the moment) 1.86 times a Canadian one? And, for that matter, is an American opinion worth 1.25 times a Canadian one? Was the American opinion worth slightly less over the summer relative to Canadian opinions? Some might argue that the fact that we elected Harper and the Americans Obama shows the wisdom of this method of valuation. Those people would be Liberals.

Also problematic with this explanation is the switch to decimal money in the UK. The old penny was worth 5/12 of a decimal penny. So on Decimal Day, the value of a British opinion jumped to 240% of its previous value. And even more problematic is that once we start taking into consideration the exchange rates and decimal conversion, we have to account for inflation.

The two penny stamp was introduced in 1840. 2d in 1840 should be worth about 146d now or 61p (taking into account inflation and the decimal change). So at about the time Dickens was writing A Christmas Carol, his opinion was worth roughly 73 times that of JK Rowling’s today. This does lead us down an interesting alley. Perhaps the worth of an opinion is tied to the cost of carrying it. That would make a modern British opinion worth 36p, a Canadian worth $0.52CAD, and an American worth $0.42. There is a certain elegance to this method, but it suffers because the same thought could be worth different amounts based on where you send it or what method you use. Email is free. Wait, that probably works in favour of the postage theory. A letter to the States costs $0.96CAD. So my opinion would be worth more if I gave it to an American than to a Canadian. That doesn’t seem right.

I’m not quite sure how to calculate the relative value of opinions. The only certain thing is that opinions are worth less now than they used to be. That may well be true; it’s supply and demand. 150 years ago there were fewer opinions. Nowadays there’s an opinion everywhere you look, whether you want it or not, so people attach less value. That’s my two cents (I couldn’t resist, I’m sorry).

DNS Spoofing

Saturday, Aug 16, 2008 8:29 pm
William Barnes

I have been thinking about the big deal in security at the moment: DNS spoofing. Everybody, it seems, is all caught up in trying to figure out how to add more bits. They want to make DNS replies harder to spoof.

It seems to me that they are missing the problem. The problem is the way DNS servers handle in-bailiwick additional records. If I request an NXDOMAIN from an ISP, I can be reasonable assured that a request will be made by the ISP to Google’s nameservers (which are probably already cached). I can then spam the ISP DNS server with fake replies hoping I stumble on the right combination of port and transaction ID. My replies will include a record for my NXDOMAIN and also an additional record giving new IP address for Google’s nameservers. From then on, the ISP will turn to my provided IP rather than Google. Eventually I can provide it with fake records for www.google.com and other useful subdomains.

My question: why should the ISP overwrite the information it has already cached? Additional records should be ignored unless they are needed for the current query (as in the case of glue).

I know this doesn’t prevent DNS spoofing, but it does significantly lower the value of the attack. You may be able to plant a record for as7230hf.google.com, but you won’t be able to overwrite their nameservers.

Maybe I’m missing something. Maybe there really is a critical reason to allow a nameserver to tell you that it isn’t where it is. But I don’t think so.

Course Waiting Lists

Sunday, Jul 13, 2008 2:01 pm
William Barnes

They don’t work.

Prior to UTM bringing in course waiting lists last year, I had never failed to get into a course I wanted on account of it being full. Last year, I was denied three courses. Yet, everybody seems to think they’re a great idea.

Fairness

The argument goes: fairness dictates that courses be first come first serve. Prior to the wait list, if a course was full, you had to log on to ROSI every few hours waiting for a spot to be available. A wait list preserves your spot in the queue. Consider a course with an enrollment limit of 50 students. Prior to the wait list, the 51st student to try to sign up would not be guaranteed the first opening if someone dropped the course. If the 100th student to attempt to sign up happened to do so just after a drop, then he would be successful. Or, if the 52nd student kept coming back every few hours, he might get the spot even though number 51 got there first. A wait list ensures that number 51 gets the 51st chance to sign up. Fair, no?

No. If number 52 cares so much about getting into the course, then, in all fairness, he should get in.

A bird in hand…

People seem to think that they will be more likely to get the courses they want if they can just put their name on a wait list. There are two problems. One, as stated above, a person who is only marginally interested in the course is granted the same priority as a person who is desperate to take the class. Two, wait lists result in dead lock: no sane person is going to drop a course they have while they sit on a wait list in the course that they really want.

Imagine I really want to take PHL245 but it is full with a wait list of 14 people. I add my name to the wait list but, realizing my odds are slim, I sign up for a class I don’t want to take (PHL274) just in case. PHL274 fills up with people doing the same thing because nobody wants to get caught without a full course load. This happens to all the courses. Every course is full and wait listed. A few weeks pass and people start reconsidering their original decisions. Someone in PHL245 decides that PHL274 looks like fun. But, whoops, the course has a wait list of 20 people and is filled with people who are either reconsidering their decision or never wanted the course in the first place. Very few people will move.

Without wait lists, I would drop a course I didn’t want to take because I know that something will open up if I am persistent. But with wait lists, I know that nothing is going to open up.

Without wait lists, I will get into the courses that I really want, because I will put extra effort in. With wait lists, I will get into the courses that are available on sign up day and people who want courses less than me will get into courses that I really want because their start time was earlier than mine.

Improving Tabs

Sunday, Jul 6, 2008 2:00 pm
William Barnes

Tabs are great. Nobody wants to have a window for every document they currently have open. However, they’re not perfect. Every implementation I’ve ever run across has the same flaw: when you have too many tabs they scroll off to the side. This is especially annoying when editing source code. I often have 10 or so files open at once, but Quanta’s tab bar will only display about 5 or 6. So when I want to switch files, I have to click the arrow multiple times until the tab I want scrolls into view. Annoying.

Tabs Before

Here’s my idea:

Instead of having buttons to scroll back and forth, have a button that extends the tabs vertically. So if you have three times as many tabs as can be displayed, it should show three rows of tabs. The extension should float on top of the document rather than resizing the chrome.

Rows of tabs

I used Firefox as an example because I figured it would be most familiar to potential readers, but this could (and maybe should) be used in any tab bar implementation.

I should also note that Firefox has a little vertical arrow that gives you a dropdown list of your tabs. This is ok, but it means a second kind of UI element for users to interact with and eventually, you will run out of vertical space as well. Plus, I find it more tiring to move the mouse vertically than horizontally. Maybe I’m just weird.

Why a bandwidth cap won't work

Sunday, Jun 29, 2008 1:41 pm
William Barnes

Background

ISPs pay for capacity. They pay to have the ability to deliver a certain amount of data per second. They do not pay for the amount of data transferred. If an ISP is capable of transferring 1Tbps (terabit per second, to pick a number) over its network, then its costs are the same whether it transfers 324,000TB (terabyte, as data is measured in bytes whereas transfer is measured in bits for marketing reasons) or 1MB. So an ISP is not primarily limited by the amount of data it can transfer, but by how fast it can transfer that data.

The problem comes in when ISPs oversell their bandwidth. They have made the bet that not everybody will want to download at full speed at the exact same time. So while our hypothetical ISP has a capacity of 1Tbps, it may actually sell 10Mbps to one million customers for a total of 10Tbps. Now, this works out. Most people use the internet in short bursts. They download a web page, or they download a file which takes just a few minutes. But then you have the people that ISPs call bandwidth hogs. These are people that download huge files all the time. If one tenth of hypoISP’s customers do this, then none of the “regular” customers will be able to reach full-speed.

Response

To counter this, ISPs want to introduce caps. Caps would discourage users from downloading constantly because they would then reach their limit before the month is up.

Better Response

Caps are short-sighted. They try to reduce the impact of heavy users by making them use less, but the problem is not the amount people download. ISPs are not reaching their practical limit (imposed by their maximum speed) and probably never will. The reason: peak hours. Most people are online during the day and the ISP has to have enough bandwidth to supply the peak demand at that time. During off-peak hours, the ISP has plenty of unused capacity.

Rather than applying a monthly limit to the amount you can download, ISPs should enforce rules to discourage bandwidth hogging during peak hours. To manage their network in the long-run they should be trying to encourage good habits in their consumers. This isn’t served by monthly caps. If I have a limit of (let’s say) 60GB, I will download whenever I feel like downloading (and I will probably overuse at the end of the month).

A few ideas

  1. Have a cap that only counts during peak hours.
  2. Have “happy hours” at night when usage is lowest
    • During happy hours the ISP could increase the maximum speed to compensate for the loss of daytime downloading time, for example: if you have a 10Mbps connection, you can get up to 20Mbps overnight
    • Make a speed increase dependent on bandwidth use during peak hours: you only get the speed boost if you used less than 500MB during peak time