Infrequently Noted

Alex Russell on browsers, standards, and the process of progress.

Live, from Austin...

I'm at SXSW until Tuesday, so if you're here in Austin as well, drop me a line and we'll drink some Shiner.

Attention, bloggers.

I'm something of a pessimist when it comes to new technology, and I think Atom, RSS (not really new, but it's hype springs eternal), FOAF, and other XML serialization/aggregation efforts keep missing one important point: people lie. People lied yesterday, they lie today, and they will lie in the future. Spam is just one way for people to lie, and XML is soon going to take over as the preferred medium for liars everywhere...Primarily because our tools are so trusting. We need to start building in distrust into the processing and authoring tools for XML, or we're collectively hosed.

Scenario A: Bob gets a list of email addresses, uses a worm/virus to install thousands of proxies for mail relay and goes about the task of spreading his revolutionary message about how to enlarge bodily organs via these new zombie SMTP relays.

Scenario B: Alice (being smarter than Bob) decides that spam is too inefficient and uses a worm to attack web servers. The worms payload looks for Atom and RSS XML files on disk and replaces them with her revolutionary message about how to amass great wealth through penny stocks.

While Bob is abusing shared resources and near-zero incremental costs of distribution via the commons that is the network, Alice is doing all of that plus throwing in a little trust relationship abuse in order to have a higher probability of getting her message "through". Why does this work? Because the tools on either end don't know how to validate a feed as from a particular entity. Trust is implicit in that when you request a URL and get an XML document back, all of these tools assume that the content comes from the owner of the URL and is un-molested in transit or at rest. It's like assuming that sending your credit card information to a website is safe without checking that an SSL cert is valid because, well, it came from that URL didn't it?

The upshot of this is that integrity checking (not just validity checking) is going to have to become a primary requirement of these homegrown or community-grown schemes sooner or later. GPG signing your blog posts and other content generation activities must become second nature, and seamless through the tools. I do think it's too late for Atom to get clueful about this, but I can hope.

XMLHTTP everywhere

Looks like Safari now has XMLHTTP, but in addition to that it now seems to support document.load as well. A quick test with Konq shows document.load support there too.

It's a good time to be a DHTML developer = )

giving

It's that time of year again: have you given more to the EFF than you have to the RIAA/MPAA/SCO/etc...?

Why Napster was All That(TM)

Jennifer and I were talking last night over dinner (pork-apple sausages and risoto...mmm) and we started comparing notes about what made the early days of music sharing so engaging. Well, that's not what we started talking about, but that's where we wound up, and as we talked it over, we kind of came to one of those "aha!" moments when we both realized that what we loved about the early days was the relative openess of the sharing (no fear of reprisal) and the ability to find new music through people whose tastes we trusted. These weren't friends, but people whose collections we could look through and then sample something we'd never ever heard before.

For us (and I suspect a lot of other people), that's what it was all about. Finding NEW stuff, not buying the same old shit you've heard played to death (and then ressucitated and played to death again) on top-40 radio. The music stores that exist today (even iTMS, for as good an experience as it provides) fall down hard when presented with this task. Apple has tried to get some of this back with "celebrity play lists", but that's a poor excuse for searching preferences by preference nexus. That was the really powerful thing: being able to search, in essence, for other people who had the same tastes you did based on what they already had that you had (or wanted) in common. For instance, I would have NEVER found The Samples if I hadn't found someone that loved Better Than Ezra the same way I did. They're not the same kind of band by any stretch, but it doesn't matter. I trusted that persons taste, not some shared cultural norm we were expected to share.

Music discovery through trust networks. It's better than collaborative filtering because it lets you have complete control over who is a "celebrity" in your world. The filtering happens because you find a nexus, and find things that are, mathematically speaking, close in vector space.

This is the next big addition to music stores. Apple has taken the wrong tack with Billboard Top 40 playlists that you can purchase. Whoever builds a trust network for taste is going to have their margins be a hell of a lot higher with small artists, which should let them give the bird to the big labels at some point in the future when the best part of their business becomes a music ecosystem where they provide the platform for. Taste is a fickle thing, and the labels have tried for decades (with varying degrees of success) to determine who and what should get a shot at the "big time". What Napster showed us was that there's a viable market for the small time and that it only thrives when "taste transaction" or "taste accumulation" costs decrease below some threshold well below the cost of getting into a Clear Channel rotation.

So how do we get to point b? My first inclination is to write an add-on to iTunes or a daemon that uses the iTunes database. iTunes is the first application to really make use of ID3 tags (and the metadata sections of other formats) to get a coherent view of your music collection. Generally speaking, this means that most people have pretty good metadata on at least one aspect of their files (title, artist, genre, or something else). Any of these aspects is enough to start making connections with. Best case, any such tool could query iTMS (or a similar music store service) to determine availability of the track (or tracks by the same artist, etc...). I guess what I'm proposing isn't peer-to-peer file sharing, it's peer-to-peer preference sharing with good-ole-capitalism as the logical endpoint. Another option is to VPN-enable this kind of tool and use iTunes builtin streaming capability to give such a tool "preview" capability. It's a frigging direct marketing nirvana: consumers don't really have to make their own decisions (they still get to rely on someone else to tell them what's good), and there's an approved point of purchase. It falls down, however, if iTMS (or whatever store backend) can't get enough of the requested content. Having smaller artists as a part of the ecosystem is the only thing that's going to make it work long-term.

Now if only I had spare time to implement this in...