Infrequently Noted

Alex Russell on browsers, standards, and the process of progress.


So I'm having lunch on 6th street at a place named "Jazz" which plays nothing but the blues. Not that I mind it. I've got a shiner (draught!) on the table and an open AP in close proximity. It's really hard to beat this.

Last night I got a chance to see my old roomate from school who is working at AMD these days. After stuffing ourselves on amazing barbecue (SF might have food, but it doesn't have this), we spent some of the evening on 6th street, a couple of blocks up from the hotel I'm staying at for the conference. Like a lot of things here, it hasn't changed much from when I lived here, and that's generally a good thing.

I also got a chance to stop Sam Ruby in the hall of the hotel and pitch my idea of signing Atom posts. He seemed generally receptive, even giving that I'm something of a nobody. He raised several good points in relation to it (what about metadata?, lots of interesting attacks there). I'm going to have to work up a set of proposals before I do what he suggested and post to the Atom syntax list. I'm sure I'll have more on that later.

I think my blackened shrimp is almost here, and I've got a shiner that needs tending. More later.

Sat keynote/opening

So I'm waiting for the beginning of today's opening keynote by Brenda Laurel. So far I've gotten into an argument with cellular industry reps and government regulators, and had lunch with a wireless industry columnist. It's been a good start to the conference.

Basically, I asked the question "so why are you colluding to keep your development and app deployment platforms closed? Can't you just make money transiting data?" Seems the cell industry guys have this funny notion that if they "open up" their networks to multi-billion dollar companies to provide another outlet for recycled "content", then they've effected a sea-change in the way business is done. What I think really got my goat was all of the bogus discussion about how competitive the market for cellular services is, yet when pressured about what minor steps the carriers can take right now to open up new markets on existing networks, there's an automatic "oh, that's 5 years away" response. I say that's bogus (and I think I offended them by saying so somewhat frankly). The tools are there NOW. MIDP 2.0 is being deployed ubiquitously, most new devices have some sort of HTTP-capable client, IP stacks, and many have processors fast enough to do crypto and/or media of some form. The ONLY thing missing from this equation that would allow independent (read: open source) app developers to start exploiting this platform is a willingness on the part of the carriers to get the hell out of the way of the impending network effects.

Given their reactions to my points today, I don't think I'll be writing very many J2ME apps for distribution any time soon, which is a shame, because as the carriers keep trying to point out, these phones can do some really neat stuff. They just want to be the censors, not just the toll takers.

Live, from Austin...

I'm at SXSW until Tuesday, so if you're here in Austin as well, drop me a line and we'll drink some Shiner.

Attention, bloggers.

I'm something of a pessimist when it comes to new technology, and I think Atom, RSS (not really new, but it's hype springs eternal), FOAF, and other XML serialization/aggregation efforts keep missing one important point: people lie. People lied yesterday, they lie today, and they will lie in the future. Spam is just one way for people to lie, and XML is soon going to take over as the preferred medium for liars everywhere...Primarily because our tools are so trusting. We need to start building in distrust into the processing and authoring tools for XML, or we're collectively hosed.

Scenario A: Bob gets a list of email addresses, uses a worm/virus to install thousands of proxies for mail relay and goes about the task of spreading his revolutionary message about how to enlarge bodily organs via these new zombie SMTP relays.

Scenario B: Alice (being smarter than Bob) decides that spam is too inefficient and uses a worm to attack web servers. The worms payload looks for Atom and RSS XML files on disk and replaces them with her revolutionary message about how to amass great wealth through penny stocks.

While Bob is abusing shared resources and near-zero incremental costs of distribution via the commons that is the network, Alice is doing all of that plus throwing in a little trust relationship abuse in order to have a higher probability of getting her message "through". Why does this work? Because the tools on either end don't know how to validate a feed as from a particular entity. Trust is implicit in that when you request a URL and get an XML document back, all of these tools assume that the content comes from the owner of the URL and is un-molested in transit or at rest. It's like assuming that sending your credit card information to a website is safe without checking that an SSL cert is valid because, well, it came from that URL didn't it?

The upshot of this is that integrity checking (not just validity checking) is going to have to become a primary requirement of these homegrown or community-grown schemes sooner or later. GPG signing your blog posts and other content generation activities must become second nature, and seamless through the tools. I do think it's too late for Atom to get clueful about this, but I can hope.

XMLHTTP everywhere

Looks like Safari now has XMLHTTP, but in addition to that it now seems to support document.load as well. A quick test with Konq shows document.load support there too.

It's a good time to be a DHTML developer = )

Older Posts

Newer Posts