Dear Sun,

You recently asked for my feedback as a previous attendee of JavaOne. I'd like to add the following to my comments about how to improve things:

Please, please, don't force the trademark lawyers to change my presentation.

Each year the lawyers get to hack about with my presentation. Last year I had a slide that said DWR could:

"Use Java EE role based security to declare roles that can access methods"

However, this got changed to:

"Use Java™ Platform, Enterprise Edition (Java EE platform) defined role based security to declare roles that can access methods"

And when I claimed that DWR could marshal:

"JavaBeans and Objects"

This was changed to"

"JavaBeans™ architecture and Objects"

This is now technically incorrect - DWR can't marshal the entire JavaBeans Architecture - it might be cool if it could, but it can't.

The logic behind the trademark changes are that Sun are seen as the publisher of the presentations, so for them to publish the talks without proper trademark usage could lead to a case that Sun have lost their trademarks.

However, in reality, Sun have published in literally thousands of places on the web without the correct trademark phrasing. The (TM) symbol is missing from virtually every use of the word 'Java' on Sun's website, so why confuse presentations by insisting on strange phrasing there. Why not worry about java.net, where I can freely alter text without worrying trademark lawyers?

Please, please, make the presentation template ultra-minimalist.

How many of the presentations on SlideShare would be improved by the use of a standard template? Talking of which, this presentation is one of the most popular presentations ever on SlideShare ever. It would be destroyed by a template.

The presentation from Asa Raskin's brilliant talk "Don’t make me click" from the Ajax Experience was just a series of icons, where the point was made through the icons. Again, a presentation template would have destroyed the talk. The same goes for Dick Hardt's seminal "Identity 2.0" talk from OSCon 2005.

Many postings on Presentation Zen are about the problems of bullet points, but the presentation templates encourage people to use bullet points and to get sucked into the trap of reading from the slides.

I totally understand the need for some branding, but it doesn't need to be on every slide, and it shouldn't discourage people from being creative in how they present.

I like creating a good presentation, but whenever it comes to creating a presentation with a mandated template, I feel that some of the opportunity for creativity has been taken away, and the presentation suffers as a result.

Thanks for listening,

Joe.

---

What do you think? Is a conference helped by having a common theme across all presentations?

Update: Hani makes the good point in the comments that there is time in the 'Speaker Ready Room' to fix the problem. This is true, and I've spent several hours doing just that. However, if Sun just dropped the whole lawyer review thing, they could push back the deadline for slides, which might mean that talks were not 6 months out of date by the time they were presented.

Cringely may know enough about social security fraud that the DHS want his advice, but I'm not sure he's got good advice about password security.

He starts well:

Identity thieves... can start a sweepstakes website that requires only free registration to win that cruise of a lifetime to Bora Bora. And in doing so the thieves can know that a majority of registrants will use a username and password combination that they also use at a lot of other sites, like bank and brokerage accounts. Not only don't they need to actually award the cruise, they don't even have to break into your bank account in order to benefit from the username/password combo. They just sell that information to another crook.

But the conclusion:

So CHANGE YOUR DAMNED PASSWORDS and put an end to this kind of scam. Perhaps remembering new character strings will help to stave off Alzheimer's.

This has to be terrible advice:

If the crook can get to your bank, and work out that you've used the same password details (he doesn't say how the crook is going to get your bank account number) then one thing is certain - the crook can get there faster than you want to change your passwords. Suppose the crook is going to sell the personal info that night in the pub to a mate whose going to plug the data into his account cracker later on that week. That means you should be changing all your passwords at least once per week. And that's only going to stop the slow crooks.

Things that help password security:

• Complex strings that are not guessable.
• Passwords that differ from site to site

I'm yet to see any situation where changing your passwords helps. If the bad guy once knows your password and can impersonate you, the chances are that he's changed your password and locked you out, or installed a backdoor so changing your password doesn't keep him out anyway.

So how do you use a different complex passwords on each site and still remember them all?

This is a good trick. It uses 3 components:

• Pick a random string of 4 characters containing upper/lower case letters and numbers. e.g. tS8j
• Decide on a way to mangle the domain name of the website to get 3 letters that are not obviously related to the domain. Suppose you want 3 letters from google.com. You could pick the 3 from the end in reverse order: elg, you could type the first three letters one key up on your keyboard: t99, you could Caesar shift: hpp, pick the middle 3: oog, etc, etc.
• A single digit/letter that you can increment (or decrement) when someone insists that you change your password.

Then put those characters together in some order, so you might end up with tS8jelg0 or oogAtS8j. Then use the same system, with the same set of 4 random characters, just changing the 3 characters per domain and the one character whenever someone forces you to change.

This may sound overly complex and paranoid, but it is lots easier than changing your passwords on a regular basis, and far more secure.

Using regularly changing passwords just forces you to use simpler passwords to avoid forgetting, and simpler passwords are far more of a risk than re-using passwords, or using guessable ones.

Comet Daily is new - dedicated to all things Comet. The idea, if we can get enough content, is to have regular - even daily, postings on the growth of Comet.

There are a whole bunch of people writing, and claiming that they are going to be writing.

It's easy to disparage Comet as just Push, and to remember PointCast. But 1995 was the wrong side of the Ajax boom and the wrong side of the whole social explosion. The tipping point is where those 2 trends crossover - which is the point of my first article: