My previous post was a response to Gartner’s prediction last month that social networking would replace email as the “primary vehicle for interpersonal communications for 20 percent of business users.” In it, I named some properties that would need to be held by any social networking system that would successfully replace email.

• Ease of use
• Ubiquity across devices
• Platform, service and infrastructure independence

My argument boiled down to the following statement:

Email has succeeded because it’s open, standard and decentralized; for social networks to replace it, they must also be open, standard and decentralized.

Email is useful because just about everybody has an email address. I can get in touch with my clients in London, my friends here in Oxford or my grandfather in Austin, Texas, with equal ease, even though all of them are using different infrastructure and software provided by different companies. I use Gmail, but there doesn’t need to be any kind of formal agreement between Google and whoever’s providing my grandfather’s email, say. It just works; nobody owns email as a communications method, and anyone can set up an email server. The same is true with websites: anyone can set one up, and nobody owns the web.

For social communications to be as popular and ubiquitous as email, there must be one social web, and it must be owned by nobody. That means that each socially-aware site or application must implement the same social communication standards.

The best standards aren’t dictated: they evolve through common usage. If you look at HTTP (the protocol that the web relies on), SMTP (one of the protocols behind email) and file formats like RSS and HTML, the common thread behind them is that they’re simple. It turns out that through excellent work at companies like Google, Plaxo, SixApart, Twitter, JanRain and – perhaps incredibly – JPMorgan Chase & co, we already have a number of technologies that collectively embody the properties I listed above.

Notes and server architecture for one possible social web

These are my ideas about how these standards might be used. These aren’t intended as replacements for existing social networking platforms or services; rather, they could easily be added as additional features both to those and to many other types of application. The ability to share isn’t a uniquely required feature of social networking software – think about its usefulness in applications like Word or Google Docs, for example.

With email, you use a software client (Outlook, say, or the Gmail web interface) that speaks to an email server which does the hard business of sending and receiving messages to and from the wider Internet. Here, I will be describing a system where everyone has their own node on the social web, which effectively acts as a client and server. Mine might be here at benwerd.com, for example. It’s my website – my profile on the social web – and it’s where I both send social communications. That’s the server side. However, it also acts as the client when I’m accessing resources stored on other peoples’ servers.

Establishing connections and granting permissions

Let’s say I want to make a resource available to my clients. With email, I’d send them each a separate copy. This is both insecure and inefficient: I have no control over what happens to that copy, and each time I send it I create a new version. With some back-and-forth, there could easily be ten or twenty individual copies of a document floating around. (I often bounce software specifications – typically Word documents – around with my clients, and this is something that happens to me regularly. Google Docs is probably a better solution, but not everybody has a Google account.)

With the social web, only one version needs to exist, which I own. If my clients have established a connection with me, I can restrict that resource so that only they may see it. The tricky bit is that in order to know if it’s really them, they must be authenticated in some way.

In monolithic systems like Facebook, where everyone uses the same website, that’s easy: my client must be logged in, and we must have established a friend connection. In a decentralized system, that’s a much harder problem, but not insurmountable. Two technologies will help us:

• OpenID: the open, decentralized authentication standard, which currently uses a website address as a kind of universal username
• OAuth: an open protocol that “allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their username and password.” OAuth provides a secret token to applications that they can use to access authenticated services and resources behind the scenes

Specifically, we’ll need OpenID Connect (or, until that’s up and running, the OpenID / OAuth hybrid protocol), because we’ll be using OpenID to authenticate, OAuth to power our decentralized access permissions, and a number of other protocols and endpoints along the way. It’s much neater if these are all established at once.

Making friends and getting updates

The process would work in the following way. Let’s say I want to make a connection with my friend Marcus Povey.

1. I visit his site, and see that he is displaying a “connect to me” icon, indicating that it is a node on the social web. Later on, perhaps my browser would detect that this was a social web node in the same way that most browsers detect RSS feeds today, and light up an icon. Chris Messina has started a five part series on the browser as a social agent, which is worth a read.
2. Either way, I click on “connect to me”. Marcus’s site prompts me for the address of my profile, which I enter. (Later on, my browser does this bit for me.)
3. My profile address is an OpenID, and through the authentication process my social web node receives an OAuth token from him. No further authentication is required.
4. On his social web node dashboard, Marcus sees that I’ve established a connection with him. He can ignore it, in which case nothing happens, or he can mark me as a friend (or any other arbitrary designation, which could be unique to the software he’s using).
5. My social web node periodically checks for activity updates from Marcus’s, signing each request with that OAuth token so it knows who I am. This may be at my direct request; through repeated polling, RSS-style; or the update may be pushed to me through a PubSubHubbub ping.
6. Depending on the assignation he’s given me, Marcus’s node either responds with just a feed of public activity (if he’s ignored the request), or with additional activity he’s allowed me to see, in Activity Streams format.
7. Marcus can change my assignation or withdraw my OAuth token at any time from his dashboard.

Embedded content and interacting directly on other social web nodes

Activity Streams is based on Atom, so content for items like blog posts (and resources like photos, using Atom Media) can be embedded directly in the activity feed. (Rob Dolin from Windows Live has some great examples.)

However, not all content is standard enough to be embeddable. In those cases, I can simply click through from Marcus’s activity update to his site, possibly log in again using OpenID, and interact with the content there. Additionally, by allowing users to log directly into his site via OpenID, Marcus can show selected people restricted content even if they don’t have the full range of social web software.

Friends lists and commenting

Further standards help us add extra functionality. If Marcus gives me permission, I might be able to download his contacts via Portable Contacts. Salmon is a protocol for commenting on distributed resources and allowing those comments to find their way upstream to the original, which is compatible with Activity Streams. Using this, I might be able to comment on Marcus’s activity items from within my dashboard and have them show up in his. Through this mechanism, all his friends could have a conversation on his activity stream items.

Reliability

So far, so good: we have a simple technological basis for permissive social communications. But if the social web is really going to replace email, we have to address one of the most important features for enterprise users: reliability. Businesses will not accept their critical communications being subject to fail whales.

In my next post, then, I’ll discuss person-to-person messaging and the thorny issue of guaranteed delivery.

This is inspired by the iBooks launch, but it’s applicable to any ereader that uses the ePub format. (Or, indeed, it could use any ebook format – MobiPocket, Kindle, DAISY, etc.)

A podcast is just an RSS feed with a file enclosure – part of the RSS standard – that points to an MP3 file. Similarly, video podcasts point to video files. An obvious evolution, then, is the pubcast: periodical publications delivered through RSS feeds.

Free publication subscriptions

In the free case, a user would simply subscribe to a public pubcast feed with a compatible reader. The reader software would check regularly for updates, and new publications would be downloaded and fed into the user’s ereader software on release. Easy.

Paid publication subscriptions

In the case of paid publications, there are two options:

An authenticated pubcast feed. When you subscribe to a publication, you get an address to an RSS feed that requires a username and password to download content. (Gmail is an example of an application which already does this.) This authentication ensures that only paid subscribers can access the file, but you could go a step further and watermark the publications themselves.

Activation within the ebook file. The RSS feed itself is public, but each downloaded publication could require an access code to read. This would open the door for public feeds of paid journals, where users could buy each issue individually to read.

Making subscriptions an open standard

Either way, this approach would allow any ereader using any compatible software solution to subscribe to periodicals. It could be used for newspapers, magazines, journals, zines, or new kinds of periodical; they could be hosted anywhere and, in the case of paid content, use any payment provider. I love reading, but dislike monopolies, so this is something I’d like to see.

If you pay any attention at all to the tech press, you’re probably sick to death of the iPad, Apple’s announced tablet device. I’m posting about it anyway, because there are two things that haven’t been discussed enough, which I think deserve a mention.

One: this isn’t a device for the tech community. I think Rafe Colburn hits it on the head:

It’s just an iPod Touch with a big screen, but that’s all that many people need from a computer. You can use it to surf the Web, read email, listen to music, watch video, or compose documents. That’s the personal computer use case for many people. And I think a lot of people are going to buy them.

He goes on to discuss the locked-down nature of the device, which I agree is a setback that may have a profound impact on the consumer computing industry. (On the other hand, as Yehuda Katz argues, this is a major win for standards-based web applications.)

Two: for me, the big news wasn’t the iPad at all. It was iBooks: Apple’s new iTunes-like store for ebooks. You may remember that iTunes pretty much revolutionized how we buy music, and this is the same; the books are stored in the open ePub standard, so they’ll play with other ereaders, and the experience is seamless. (You almost certainly won’t need an iPad to buy from iBooks.)

Mashable notes that some big players are on board:

iBooks is backed by big-time launch partners Penguin, Simon and Schuster, HarperCollins, Macmillan and Hachette, all publishing powerhouses in their own rights.

You can think about the iPad as a kind of $499 catwalk model, that other devices will slowly emulate over the next couple of years. But iBooks? That’s a store that anyone will be able to use right away, which just might change the publishing industry forever.

Photo by kennymatic, released under a Creative Commons license.

The British equivalent to Obama’s data.gov opened today. Over at ReadWriteWeb, Marshall Kirkpatrick points out the scale of the ambition involved:

At launch, Data.gov.uk has nearly 3,000 data sets available for developers to build mashups with. The U.S. site, Data.gov, has less than 1,000 data sets today.

[…][Unlike the US equivalent, the site] includes 22 military data sets at launch, including one called Suicide and Open Verdict Deaths in the U.K. Regular Armed Forces.

However, these are raw datasets. As Paul Clarke points out, the site only pays lip service to openness until someone comes along and turns these sets into useful reports and applications:

The only test of real success is: use. Not usefulness. Not theoretical use. Real use. Getting beyond the novelty application, the demonstrator, and the hobby lies at the heart of really untapping the potential of data.gov.uk.

Indeed, the figures that Techcrunch Europe report suggest that turning this data into something useful may be harder than it sounds:

So far over 2,400 developers have registered to test the site and provide feedback, [while] 10 applications have been created.

I left a comment on Paul Clarke’s post pointing out some potential pitfalls that may inhibit innovation, including the government’s insistence on licensing the data under Crown Copyright and their impartiality regarding Twitter. There’s also been some criticism around the lack of a common data format for each feed (although the RDF triple proudly displayed on the front page suggests this is likely to change).

Nonetheless, I believe this represents a huge step forward. Turning raw materials into useful, compelling applications that improve the users’ quality of life requires a huge amount of creativity and talent, and providing the data feeds in the first place is a crucial first step.

You can list all the available datasets here.

Google was an advertising company.

Back in 2005, Daring Fireball’s John Gruber described Google’s business as follows:

Judged by their profits, Google is an advertising company. They don’t profit from search, they don’t profit from software. They profit by selling ads. This isn’t to belittle them — I think Google is a terrific company, and they are profiting handsomely from ad revenue ($369 million last quarter). […] If Google has a platform, it’s an advertising platform, not a developer platform. I’m not even saying Google should have a developer platform — I’m just saying they don’t.

Fast forward to 2009, and Internet advertising is beginning to fail, declining slightly during the first half of the year. Sites like TechCrunch were quick to herald its demise with articles like Why Advertising Is Failing On The Internet, which declared:

My basic premise is that the internet is not replacing advertising but shattering it, and all the king’s horses, all the king’s men, and all the creative talent of Madison Avenue cannot put it together again.

It’s become clear that for a lot of purposes, advertising is not a viable or useful business model. Although it may still be suitable for very high-volume, mass-market sites and applications, it’s almost impossible to make money through advertising with niche or specialized content in most areas. (Some areas, like real estate, remain relatively lucrative.) Additionally, targeted ads require the advertising software to track your activity and store data about you, which more consumers are becoming concerned about. And perhaps most importantly of all, nobody actually wants to see ads – and advertisers are having to become more creative and invasive in order to compensate.

Similarly, if you want to make headway in the enterprise or educational spaces, targeted ads are inappropriate or impossible, for legal and policy reasons. For publicly-funded organizations like educational institutions, allowing commercial companies to track users is an ethical nightmare. For private enterprise, the data collection required for ad targeting is unacceptable, and the visual presence of advertising threatens their brands.

However, they are willing to pay for software, to the tune of $222.6 billion worldwide.

Boldly going to the enterprise & paid software.

The web is fast becoming a viable platform for applications: rather than visiting websites, we are increasingly using applications that happen to use the web as an interface. Google is at the forefront of this change.

On November 11, Google announced SPDY, an “embrace and extend” version of the HTTP protocol that underpins the web (it’s how browsers and web servers talk to each other). This new version has numerous tweaks that result in pages that load up to 55% faster – important if you’re trying to build responsive applications with web interfaces. Google have also been betting big on HTML 5, which extends the web’s UI infrastructure to provide support for a much richer experience without falling back on plugins like Flash. Two of the most important requirements for enterprise applications that use a web-based interface are offline capability (the ability to use the application with no Internet connection) and support for concurrent processes (allowing your web interface to perform more than one task at once). HTML 5 has both.

Google has evolved from a consumer search and advertising company, into one that provides enterprise infrastructure applications. Its plan is clearly to dominate Microsoft’s leadership and become a bona-fide software power. Recently, Microsoft has been playing catch-up, by including web-based versions of its applications in its enterprise Sharepoint intranet offering. It has also be moving against the tide by planning on offering advertising-supported versions.

Google’s CEO, Eric Schmidt, told the Garner Symposium last month why it was charging for their enterprise applications:

"Enterprise is a huge priority for the management team and me personally […] It’s the next big billion-dollar opportunity after our display (ad) business. […] We looked at ad-supported enterprise applications and decided most corporations would not be comfortable with random ads showing up on somebody’s desktop."

The web is moving away from advertising.

It’s not just Google that is moving away from a purely ad-supported, consumer strategy. Markus Witte, co-founder of the language learning portal Babbel, wrote on their blog about adjusting their business model:

Our plan, in fact, was to partially finance Babbel with advertising. We intended to provide a “freemium” product that would have a basic version that was public, while providing additional premium content for those who might want to dig deeper. But now we see this just doesn’t work. It simply is not possible to build a high-quality online learning environment while simultaneously selling ad space effectively. We tried to bring these two objectives together. But ultimately we had to accept that a business model appropriate for social networks and news services is plain wrong when applied to online education.

The numbers speak for themselves. The US paid e-learning market has been estimated to be worth $16.7 billion in 2009 and has a relatively small number of players; the US advertising revenues for the Internet as a whole were estimated to be $10.9 billion for the first half of 2009. (That’s $10.9 billion to the advertising companies, rather than the amount content and site owners see, which will be a subset of that amount.) When you run a startup company, you can either put your trust in display advertising and number of eyeballs looking at your site, or you can employ a sales team and ask for cash. Entranced by the model that Google originally promoted, Babbel tried the former, and discovered that it didn’t work; recognizing that they were a software company rather than a mass-media outlet, they then reverted to traditional business methods.

Using a centralized software service for non-core activities like language learning is probably fine. However, enterprise organizations can be uneasy about trusting software hosted by third parties (in what’s almost ubiquitously called “the Cloud”). Blog posts and photos are one thing, but it’s quite another to place your internal strategy documents, confidential discussions and financial data on servers owned by another firm with no real guarantee that they’ll remain unseen by prying eyes. It’s also insecure on a technical level: by using the Cloud, you’re outsourcing the fidelity and availability of your data. A much more preferential option would be to gain the ease of use of web applications, but store them securely on local infrastructure.

Open source software is commercial.

Later in Markus Witte’s post, he discusses some of the things that are successfully given away for free on the Internet; among them is open source.

In contrast to Open Source software and Creative Commons, where developers and authors often work for free, ad-sponsored services are designed to make money – and they do. […] But there is another, more insidious, drawback of ad-sponsoring that is less visible to the naked eye: the true customers of these ad-sponsored services are not the users but rather the advertisers. And as everywhere else, the Customer is King.

His remark about open source developers is a misconception: most open source development is done for profit. For example, over 70% of Linux kernel development is done by paid professionals, with a commercial goal in mind. This may be the basis of directly commercial activities like support; a market-based goal, for example to diminish Microsoft’s share; or it may be to ensure the longevity of the infrastructure that a company relies on. (More web servers are powered by open source than not; Netcraft reported this month that 55.33% of active websites are running Apache.) Make no mistake: open source is a business model – one that marries the free ethos of the Internet with paid commerce.

The most common open source business strategy is to use your “community edition” – the unadulterated open source software – as a loss leader that brings users to your commercial products and services. Releasing your software under an open source license theoretically means you gain a community of developers; if your software doesn’t work in a particular set of circumstances, they will often contribute back a fix for the problem. They may also contribute plugins and extra code that extends the functionality of your product. They get software that works for them (and the security that they can always use and modify the code to fit their needs); you get a wider market that you can sell commercial services to, using a wider, more solid set of functionality. Whereas, as Markus points out, the advertiser is king in ad-supported software, in open source the user is king.

Here are some examples you’ve probably heard of:

• The database software MySQL is released for free under the GNU Public License. Unusually, you’re allowed to mix and match it with software released under other open source licenses (but not closed-source software): they really want their product to spread. This is because they’ve got commercial options based on training, certification, partner agreements and consultancy services, as well as extra features for power users that aren’t available in the community product. (See the article MySQL’s Quid Pro Quo.)
• Ubuntu is a version of Linux designed with ease of use in mind; it riffs on the interfaces of operating systems like Microsoft Windows and Mac OS X. Canonical, the company behind it, make money through extensive commercial support and partner services. The partner ecosystem is their main bread and butter; the more companies pay, the better access they get to the core Ubuntu team and project strategy, marketing materials, rights to use Ubuntu branding and so on. In turn, those things help the partner companies earn more through their downstream Ubuntu services.
• Android is an open source operating system sponsored by Google. Although it’s mostly been used on mobile phones so far, it can actually run on a much wider range of devices; Android-powered netbooks are beginning to appear. This has the benefit of holding back Microsoft’s market share – Google is positioning its application suite, which is paid software, against Microsoft Office. (Windows 7 is said to run well on netbooks, and Google will soon have two open source netbook operating systems out: Android and Chrome OS.) There is also a directly commercial component: although Android is open source, it has direct links to Google’s consumer applications like Gmail and Calendar. Those applications, both within Android and on the web, are not open source, and must be licensed.

There are many more. Check out Network World’s list of 10 open source companies to watch, and note that one thing links them: they are all providing services aimed at the business market.

Charging for web-based software.

Google and Microsoft have both demonstrated that the market is ready for web-based business software: products that have the benefits of the web (you can access it from anywhere, on any compatible device) but are designed with the needs of enterprise organizations in mind. It must be secure, have the ability to be installed on an organization’s own infrastructure, and have a solid business model that ensures longevity of the product.

I also strongly believe that an open source development and licensing model, when coupled with a strong commercial strategy from the outset, is a great way to build a product’s feature set, userbase and reputation on the kinds of budgets that web startups are used to. It also makes it easily available to students, as well as a vast talent pool in places where buying software at western license prices is a trickier proposition; two groups that can be invaluable for promotion, feedback and involvement.

Finally, the commercial open source model for web-based applications allows you to easily create an ecosystem: if you create a compelling application that really does have a solid business model, other companies will be very interested in taking a cut. The more people who have an interest in your product succeeding, the better. If you give them a solid commercial reason to invest upstream, and create a great product that makes end-users’ lives easier, everyone wins.

In response to recent events, I’d like to propose a different kind of web service that overcomes the privacy and reliability issues with cloud web applications, while providing a solid business model for both application developers and service providers, as well as a seamless, easy-to-use experience for end users.

The T-Mobile storm

Over the weekend there’s been a storm surrounding the T-Mobile Sidekick, which is produced by Microsoft’s Danger subsidiary. It turns out the device stores the primary copy of data like calendar and address book information in the cloud rather than on each device; perhaps a fair proposition if you knew you could trust Microsoft’s servers. Unfortunately, said servers went down last week, and Microsoft didn’t have a working backup. Sidekick users suddenly found themselves without their personal information.

Is cloud computing safe?

Understandably, this has sparked a wider conversation about computing in the cloud. AppleInsider summed it up:

More immediate types of cloud services take away users’ control in managing their own data.

While Ina Fried over at CNet noted:

The Danger outage comes just a month before Microsoft is expected to launch its operating system in the cloud–Windows Azure. That announcement is expected at November’s Professional Developer Conference. One of the characteristics of Azure is that programs written for it can be run only via Microsoft’s data centers and not on a company’s own servers.

The issues surrounding cloud computing have been discussed for a while, and aren’t limited to these sorts of accidents; here’s a post I wrote in 2007 about the rights we ought to have over our cloud data. Partially because of the risks involved, and the risk of leaky data, some kinds of organizations and enterprises simply can’t use cloud computing services. (In the UK, for example, check out the requirements imposed by the Data Protection Act.) At the same time, the Sidekick debacle shows there are clear risks to end-user consumers too.

Despite this, the benefits of cloud computing are obvious, particularly for the organizations that can’t use them: device-independent applications and data we can access and use from anywhere.

Can we have the best of both worlds?

The personal computing model is relatively secure: you install applications on your computer, and they sit on your local hard drive, along with your data. Assuming there hasn’t been a security breach, or you haven’t explicitly provided access to your data over a network or through a direct action like emailing it, it’s safe.

On the other hand, because your applications and data are locked away on your hard drive, you generally have to have direct access to it in order to use them. There are remote desktop solutions like VNC, but these are clunky and fairly useless over a low bandwidth connection.

Web applications that store their data in the cloud overcome this obstacle, but lose the security of sitting on your own computer.

What if there was a halfway house between these two situations?

The personal web server that works

Theoretically, anyone can run their own web server, right now, that allows them to install web applications in a more secure, controlled environment and access them from anywhere. But there are some very good reasons why they don’t:

• You need system administrator skills, usually on top of Linux skills, to do it.
• Web applications – even relatively easy-to-install ones like WordPress or Elgg – are fiddly. There are configuration files, directory permissions and (potentially) source repositories to contend with.
• The web applications you can install on your own server are often not as good as the ones you can get in the cloud.
• When something breaks, it’s your own responsibility to fix it.
• Servers are expensive.

What if we could fix all of these things at once? Enterprises, organizations and individuals could have their own, more secure environment that would allow them to use the cloud applications they needed with fewer security risks, while enjoying the ease-of-use and immediacy that the cloud provides.

One of the reasons everyone’s leaping to copy the iPhone’s app store business model is that it just works. Sure, you’re forced to delegate root control of the phone to iTunes, and the operating system places some seemingly arbitrary restrictions on what applications can and can’t do. But the handset works, and installing software is easier than on any other platform. The truth is, most ordinary users don’t care about those restrictions. Hell, I’m a computer scientist software developer entrepreneur power user, and I’m just happy the thing works. (Context: my previous phone ran Windows Mobile, which doesn’t.)

Imagine if you could get your own server environment that was as easy to use as the iPhone. It would look something like this:

Front end & business model

• You sign up for the service, possibly for a small monthly fee, possibly for free (depending on the service provider). Alternatively, if you’re more technical / an enterprise / an organization, you install it on your own infrastructure. The platform is available for free and could be open source.
• From a secure web-based admin panel, you can add and remove users (although the platform optionally also supports Active Directory and similar standards, as well as OpenID), and install / uninstall applications from a centralized app store with the usual features: ratings, search, similar apps, etc. Installation is one-click, and upgrades are similarly seamless. (That WordPress “what, I have to upgrade again?” problem: solved.)
• Much like the iTunes app store, applications may be free, or may cost a small amount. Applications may impose licensing restrictions based on number of users: for example, the app costs $4.99 for up to 5 users, $19.99 for up to 25, etc.
• As with the iTunes app store, the application store provider takes a cut – and so does the service provider. This creates a strong incentive for multiple vendors to provide hosted services for little cost. It also effectively creates a discount for enterprise, organizational and technical users, who can bypass a service provider. The payment to the web application developer also, for the first time, creates a solid commercial marketplace for high quality web application products, while the free option allows open source vendors to distribute as normal.

Technology

• Behind the scenes, the server runs existing open source technology: Apache, Tomcat, PHP, Perl, Python, Ruby on Rails, MySQL, Postgres, etc. However, there are restrictions on how applications must be structured, behave and share their data. This allows the one-click install and upgrades to function correctly. Importantly, though, users of the system need never worry about the underlying framework.
• The platform has a central data store that all applications may access via an API. This data store is fully exportable, allowing (for example) a datastore stored with a service provider to be moved to an internal setup as an organization expands. As with the iTunes app store, applications are linked to a store account rather than a physical machine, so the application licenses are portable too.

Of course, this wouldn’t replace standard web servers. What it does provide, however, is a simple cloud operating system that simultaneously works in a more secure, dependable way than existing services, would be more acceptable to many organizational users, and provides a genuine business model for web application developers.

The web is now an end user application platform, but still behaves like a lightweight document store. To obtain the level of software customization we all enjoy on our home PCs, a much higher level of technical competence is required. I strongly believe that this situation must change for the web to be a viable commercial application framework.

Twitter went down today at the hand of a denial of service attack (alongside Facebook and Livejournal; the latter has also reported an attack). In the old days, you’d shrug it off and go and look at something else. Today, Twitter is such an integral part of the landscape, and some people’s businesses, that it made BBC News and was commented on all over the Internet.

The headlines are highly strung to say the least:

• Twitter Attack Brings a Day Without Social Media (Gawker)
• A Day (Or Hour) Without Twitter Sucks (Twitterrati)
• Twitter Goes Down, Down, Down (Technologizer, who delightfully illustrated their post with an image of an anvil falling on a bird)

The stress of it all made TechCrunch come over all Mr Humphries:

• Oooh Dramatic! Twitter Gets DDOSed

Meanwhile, away from the hilarity, Dave Winer’s developing rssCloud and people are beginning to talk about Laconi.ca. The only model that makes sense is a distributed one: it’s a fundamentally harder problem to bring down a decentralized network, because there isn’t a single point of failure. So far, for example, DNS has remained pretty robust. As regular readers will know, I strongly believe there are very solid business and development reasons for going decentralized, too.

The web is becoming social, and those conversations are becoming more and more important. A malicious user or group shouldn’t be able to take down our conversation platform – or have the ability to dictate its direction. It’s time to think about a better way to build the social web.

HTML 5 – as-yet unreleased, but shaping up well – contains a specification for finding the current location of the user. The API, if your browser supports it and you grant the web application access, returns your latitude, longitude, elevation, speed and some other details. (If your web-capable device doesn’t have GPS, these details will be estimated using your IP address and other factors.)

A couple of weeks ago, I created a page to test this feature. If your browser is geo capable, this will reveal exactly what data about your location is being sent to web applications that ask for it.

If you’re a developer, here’s how I created the page.

(more…)

In advance of the announcement later today, I Started Something have uncovered videos about the new Microsoft Office suite.

Microsoft Office turns to the web

As anticipated, Office 2010 includes web-based versions of applications contained in the suite. These don’t have the complete feature set, but are designed so that company employees can create and make changes to documents (including Word documents, Excel spreadsheets and Powerpoint presentations) on the road.

Web applications: now running in the enterprise

Centralized cloud applications have a difficult time gaining traction in most enterprise environments, and Microsoft have wisely taken note of this: it appears that the web-based versions are installed as part of Sharepoint. By doing this, they’ve allowed organizations to keep tight control of their data, as well as legitimizing web-based applications in the enterprise and revitalizing Sharepoint as an organizational product. In other words this is big news, with sweeping implications across the entire software industry.

Open standards must work for everyone

This is another reason why all open web standards must be browser agnostic. I always argue hard for a transparent browser: one that contains support for web standards, but doesn’t carry any extra baggage for any specific purpose. As web applications move into the enterprise, it’s important that a standard that works on a souped-up Firefox or Chrome browser also works great in Internet Explorer. By integrating web applications into Sharepoint, Microsoft are actually leading the industry, and have made themselves relevant on the web again. In doing so, they’ve opened up an important market, and that can’t be ignored.

Here’s a video introduction (although it keeps going down for me): See What’s New in Microsoft Web Applications 2010.

It’s not a Google strategy, but they’ve chosen to embrace and extend it: the web is turning into an application platform.

Google announced Chrome OS today – an operating system for netbooks, designed to boot up in seconds directly to a browser. Applications run using HTML 5 standards, which include support for offline applications and advanced interface capabilities.

More than that, it’s an attack – not just on Microsoft, but on the old model for operating systems and home computing. The web allows greater ease of use (no application installs!), lower resource requirements (perfect for those netbook CPUs) and instant connectivity. Social functionality becomes intrinsic to all software on the platform, rather than a product in itself. See Building the User-Centered Web for a detailed analysis of how software will change, and why.

Of course, if this revolution happens through Google Apps (or applications hosted on the Google App Engine), running Google advertising and saving to a central Google Account, well, they’ll just have to live with it. I’ve argued before that Google Wave is a Sharepoint killer, but this move makes that positioning explicit; Google is set to directly take on Microsoft. By making the operating system open source, they’ve invited everyone to join in.

It’ll be an interesting battle: while Windows 7 won’t ship with a browser in Europe, Chrome OS is all browser. More broadly, web applications could help with much-needed cost cutting in places like schools and public institutions, so there’s a lot at stake here.

As regular readers will know, I’m very interested in this change, and I plan on getting my hands dirty helping to build a decentralized user-centered web that, like the web at large, is owned by nobody. There’s still more to be done. Watch this space.