New Java desktop UI toolkit: Amino brings some nice features

Authentication != Authorization (and more): Diaspora has a long way to go, but there are lots of things you can learn. Things like what you should never, ever do, that is.

Java obfuscation: the Android developers recommend ProGuard. It’s actually a very nice utility, but I don’t feel comfortable to apply a complicated technique to already complicated applications.

One Time Passwords, remote logout: Facebook adds new security features, and some questions are crossing my mind: why not add add OPIE-like features, with One Time Password Lists and/or two-factor authentication (with something you know and something you have)? We got lots of smartphones out there, just use them…? re “remote logout”: why not just invalidate existing web sessions on the next login of the user? Can Facebook make a difference between web and API (e.g. widget, apps) sessions?