I saw a documentary a while back that identifies many major countries that have dedicated groups of people who monitors online activities to capture and snoop on online traffic on a daily basis. The documentary suggest that they not only track and monitor their own citizens but steals industrial information to help their own local companies to give them the added advantage.

I am not really surprised to know that but it came to my mind that there are many entities throughout the world that requires secure communications on the Internet. These sensitive groups include the military, government bodies, privacy groups, research labs and etc. In general, the online needs for these groups must meet a few basic requirements:

• Prevent easy ears dropping
• Identify the real identity of the server they are connecting to
• Able to host their own server hardware in secure data centers
• Software used cannot be dominated by a particular group, organization, country or company

I guess there are a lot more requirements but these are the common ones. The critical question then is how do you easily implement such a set of secure online communication tools for them without spending major time and effort? Well, if you do have such a need, why not try Hiitch out! Hiitch have build in features that solves those basic requirements out of the box. Plus it is open source so it allows you to customize your own solution under the GPL v3.

Depending on how your Hiitch setup is like, it can be customised to manage a small group of people to a reasonably sized organization of a few hundred or more. Happy making the lives of “Big Brother” a little harder.

Have you ever dream of becoming an entrepreneur? Sure most of us have. I guess we are all thinking about becoming successful entrepreneurs when we think about doing our own start ups. However, while in the excitement of our plans, we are often overly optimistic. The road taken by any true entrepreneur can only be described as “crazy”. My entrepreneur journey started four years ago. My life has been in constant struggle since then with the ups and downs of two start ups.

My first start up company was one based on Linux services. I have strong roots with open source software and development. So when the opportunity came for me to stretch out my entrepreneurial wings, I decided to venture into the arena that I am most familiar with; open source. As it turns out, Singapore was not ready for open source. Majority of all Singaporean companies use Microsoft products. Many choose the risk of using illegal software then try to use something new and legal like open source software. I finally admitted defeat when I was unable to sell any of my services. There is really nothing bad about failures but the need to manage ones own emotion and self image while spiraling into despair is indeed a real challenge. I fell into a deep depression soon after. Perhaps my strategy was wrong or because I was too inexperienced. The bottom line was that I failed!

The year that followed, I swear I will never do a start up again. I got myself a proper job like everyone else. A year later, a good friend of mine suggested that we band together to build a new product named Hiitch. They needed a technical geek to oversee the development and I was the chosen one. This time round I thought perhaps I had a better chance of success because the guys I was working with were very talented in their own fields of work. More importantly, I was well rested from my last defeat both emotionally and financially. This time round, I made sure that I prayed about it and got God on my side first.

We spend a year building the product and along the way, I had some pretty good job offers. But like any other true breed entrepreneur, I rejected them and stay on course. By the way, some people called that being stupid, which I feel is somewhat correct. Anyway, when the product was finally about to be released, we had exhausted our motivation and finance. Hiitch had lots of potential but the risks were high and the pressure is in learning to sell it or the value added services on top of it. We had done some pretty stupid things along the way, like refusing opportunities for funding and instead opt for another more painful strategy. Our current strategy is to self fund ourselves through the slow and painful steps of taking in external development projects. We hope to be financially viable while still staying focused on developing our own products for the technology market. This strategy helps us cover the short term financial needs of cash flow while also ensuring that our company has a long term future through our own products. The cycle for this strategy is probably slower and less spectacular but fits us well for now.

Technically, we are still not out of the woods yet but by God’s grace, we are finally growing financially. If there is anything in this company, it is talent. Talent doesn’t always put bread on the table but it sure helps our customer see our value. A typical work day in the office consist of product brain storming sessions, project developments, financial forecast, planning and projection, loud music, complaining about our poor internet connections, lots of jokes and plenty of meal breaks. It might not seem like it for now but we hope to be a commercial force to be reckon with in the near future. Make sure you watch out for us!

Following Google’s effort on open social, they are at it again, this time they are trying to do a similar stunt with mobile platforms. Honestly, as an entrepreneur I am a big fan of Google because of their ability to achieve so much success at such a short period of time. Google’s reputation was what got us interested in their Android platform. After discussing among ourselves, we decided to start exploring the possibility on creating an innovative solution on the Android platform.

The initial process to get the platform and development tools up and running is very simple. It took me merely 15 minutes to install and write my first “Hello World” application. Playing with the Android emulator was both impressive and fun. It has all the charm of the iPhone with the additional capability to allow developers to build real applications on it. As much as I like this new platform, there are down sides. These down sides become more apparent to me as I started reading through their documentation and following their tutorials.

Source Code Portability?

The first issue I discovered was the way Android was designed. Activity, intent, service and content providers was the new way Google wanted developers to think on their platform. But wait, the first warning signs lighted in my mind. That means that the applications I write for Android cannot be reused on another Java enabled phone without making major architectural changes to the source code. Bummer! There goes my source code portability, now I got to write one version for Android and another for other Java enabled phones. The new design concept on the whole is good except that it makes reusable code harder to write because now I got to add more layers of needless abstraction in my code to ensure it can be reused on other mobile phone platforms.

Hidden Complexity?

I might be wrong here but while running through the tutorial I started to get the feeling that Android was designed for and by web developers. The concepts and unnecessary complexity seem to have come from a web development mindset. Instead of thinking the normal Object programming model, Android’s programming model indirectly forces you to think tags for GUI, code for event handling, services for facility or code reuse and content providers for managing data. I understand why the web programming model is designed the way it is because the code is often broken up into server and client side then glued together by requests and passing parameters. But why does the Android’s non-web application development model resembles it so closely? Are they trying to attract web developers onto their mobile platform? I personally felt somewhat handicapped by the development model.

In summary, it will take a while before I get comfortable with this new platform. With the prize money that Google is offering, you can be sure that many others like ourselves will be giving it a go. However, whether this new platform can retain its users and developers is still an open question!

We are going to add compression to our 128 bit SSL streams. This will improve connection speeds on the whole but unfortunately break previous client binaries. In short, members of our current default network before the next upcoming release will have to uninstall, re-download and install the next upcoming client release that supports the new compression feature in order to sign in to our platform. Automatic upgrade is not available for this new release.

Our testings have shown that we are able to improve connection speeds by an average of 5.4 seconds using a common 512KB down stream 256KB up stream broadband line. We are pretty excited about this new improvement and hope that this new and improved technology will help better improve your experience on Hiitch. Therefore as an advance warning, you might want to take this into consideration in regard to your private network implementations of the Hiitch platform.

Do feel free to contact us if you have any questions, collaboration proposals or need better support from us with regard to your own network implementations using our platform.

The Hiitch server is a multi-threaded application server that you can tune to scale it to your desired hardware setup. It also implements customizable security features that you can use to secure your own network’s integrity and privacy. Hence, understanding some of the key concepts in its design implementation is important. We will begin by describing the detail interaction process that goes on in the server that is unique to every individual Hiitch network implementation.

Server Interaction Process

Before any information is communicated between the client and the server, the clients will first request for the authenticity of the server. Each client has an associated digital certificate that ties it to a particular server. The client will then verify the digital signature to see if the content is coming from the intended server and proceed to send its confidential information to sign in to the server. This whole verification process is unique to each network. During the server installation process, our default script will assist you to generate a set of public and private key pair, also known as a digital certificate, that identifies your particular network. Without generating this digital certificate and exporting the cert to your clients, the integrity of your network can be easily compromised. Once the verification process is correctly completed, the clients will start a new secure session with the server.

Read the rest of this entry »