July 25, 2012


After 2 years, I'm convinced I will not get back to posting to this blog. Accordingly, Oversighting is now officially discontinued. I'm leaving the article online as they might be useful for someone in the future, but won't post any more updates.

August 24, 2010

Online Mockup Solutions

The more I dwelve into the world of quick development (be it a Metasploit plugin or a proof of concept website) the more I feel the need to be able to quickly sketch what's in my mind.
Ok, this might have something to do with the fact that I try to delegate coding, but still, I'm always positive that shipping is a feature. Accordingly, being able to ship a design and sketch idea is better than nothing. Maybe there will be a social network one day for aborted design and ideas...

In the meantime, I've explored online solutions which lets you build a sketch (or mockup, or wireframe). I've been focusing on tools to build web sites/web applications, not binary interfaces, able to work with Chrome under Linux (or Firefox, if needed). And no lenghty registrations or lame trials.

So, here is my personal top 10 (9, ok) of mockup software

Lumzy is 100% free, and it only took me 10 seconds to sign up and be able to save projects. It can export in various format, it is easy to share projects, has a big library of ready-made objects and does even support a basic scripting language which can make the mockup browsable and actionable!

IPlotz takes a more integrated approach, providing very basic project management features which "real" designers will love. Anyway, even in its free mode where you only have one project it is as good as Lumzy

balsamiq.com, an Italian (!) startup provides very professional-looking mockups: unfortunately, they focus on the desktop version of their application. The web based editor would be superior to anything else, but it is apparent it is a demo and lacks feature such as saving or sharing.

Pencil project is a bit out of scope here: it requires a Firefox addon to be used in the browser: as such it is similar to a desktop application in the fact that it runs completely on the local machine. However, since it is embedded in the browser once it has been installed, I'm considering it here. Overall, the user experience is inferior when compared to the other solutions, even though I do appreciate the presence of various types of the same control: from a prototyping app I expect a lot of readymade components, otherwise I will just go for a standard "paintlike" software.

I appreciated Mockingbird for its great library of icons and web-oriented stuff. However, it will be non-free starting form the 1st of September, and that puts it off our competition.

In my opinion MockFlow doesn't really add anything from a tool perspective. However, it is still worth mentioning thanks to its wonderful store! Great idea.

ForeUI also only has a demo online, and in Java too. Doesn't meet the requirements, just like Inpreso which nags you with a billion popups even while you're testing it.

Fluidia looks promising but it's still in early alpha.

So, what did I like the most? In the end, I went for iPlotz: the rest are presented in my personal ranking.

PS: obviously, for the color palette I went for Kuler !

January 30, 2010

Unconfirmed technologies

Sometimes you see a technology which looks like magic. Happens all the time in security, more often in IT, not so often in real world.

Steorn, for instance, just demonstrated Orbo, its new free energy technology. Violating one of the core principles of (not so) modern science. However, the demo itself was nothing worth of note. It's the tiny, small quote at the end "next week, come and try: measure with your own equipment".

The trick is not showing some magic. It's having people actually use it. It's one of the oldest techniques in the world, and made fortunes in IT (remember? Shareware). Any product has to learn from that: put down the barrier, release "easy to try at home" products, have people see for themselves. A video won't do it, nor will a live demo. OpenSource developers (including me) should learn it.

January 13, 2010

You get what you pay for

As you might know, since the news made its way to Slashdot, Moscow cameras streamed false pictures for a while.

Citing from the article:

According to the contract with StroyMontageService, the Moscow government only paid for working cameras. Dumalkina said the company unreasonably received around one million dollars for the northeastern district alone.

This is a very well-known problem: if you measure performance of a given service (and pay according to performance) the way you choose to actually perform the measurement changes the service itself. If you measure the number of calls which get out from the call center, people will do a lot of very short and possibly useless calls... and so on.

This is a very interesting point when applied to modern IT services. What are you going to measure? Availability of the application? Sure, a Cloud (citing an interesting, new topic) will give you more of that. But how are you measuring the tradeoff in security here?
Are you taking into account know-how your administrators are not building for themselves, when you outsource?

You get what you paid for: if you're just paying for your machines to be 100% available on a remote Cloud, that's exactly what you get. The more your infrastructure gets fuzzy - or "cloudy" - the less you know about it. The less you measure, the less you get (and hopefully pay, but that's not the point).

But hey - I can hear you think - weren't you an advocate of virtualization and cloud-based-stuff? Sure I am, but I really do think that we have to understand what we're doing. We have not built, yet, any meaningful measure of virtual-cloud-fuzzy efficiency: what we do have is some vendor-biased and -piloted accounting methodology, if we're lucky.

Think about what you're asking, what you're stating and what you're losing when you think about outsourcing. Maybe even virtualizing your hardware is outsourcing it in some way...