Building the User-centered Web

By establishing a general standard for social application interactions, the services and technologies used to make connections become less relevant; the Internet is people, one big social network, and users no longer have to worry about how they connect. We can all get on with communicating and collaborating in contextually appropriate ways. In this talk, I’ll discuss how to build a decentralized, user-centered web using existing and emerging technologies. I hope you’ll join me.

If you’d like to see this at the next SXSW, please visit this page to vote.

Paul Adrian also has submitted a talk, this time about the future of journalism, and how technology can help:

Technology Can Create a Press for the People

I believe it is time for a “news” revolution. A new press should produce comprehensive streams of rigorously non-partisan original reporting on the issues that are most important to our lives. Once informed, we the people should have a space where we can discuss the important issues of our times without having to submit to intolerance, deceptive campaigning and fear-mongering. Through the use of technology and new business models, news innovators can provide more credible information and space for civil discussions. The goal is to empower citizens by providing access to superior reporting and the platform for community organization necessary for the People once again to become powerful participants in democracy.

As well as being an award-winning journalist and technology entrepreneur, Paul is an inspiring speaker who is worth listening to. You can vote for his talk over here.

Related entries

• The death of newspapers, and why it matters (2)
• Last.fm isn’t selling your data to the RIAA, apparently (0)
• Facebook location vs the ACLU (0)

Real-time web applications are networked applications, with web-based user interfaces, that display Internet information as soon as it’s published. Examples include social news aggregators and monitoring tools that continually update themselves with data from an external source. In this tutorial, you will create Pingstream, a small notification tool that uses PHP and JavaScript to communicate over the Extensible Messaging and Presence Protocol (XMPP), a set of XML technologies designed to support presence and real-time-communications functionality.

You can read the whole tutorial here. IBM have made it a featured article, commenting, “bet you have it up and running before lunch.” I hope you find it useful. (And don’t forget to check out my introduction to Activity Streams, also written for IBM.)

Photo: IBM by antonfortunato, released under a Creative Commons license.

Related entries

• An introduction to Activity Streams (0)
• XMPP: powering the real-time, really live web (7)

Enter Activity Streams, an evolving standard that extends Atom for expressing social objects. Although it is a young standard, Activity Streams is fast becoming the de facto method for syndicating activity between web applications. For example, MySpace, Facebook, and TypePad all now produce Activity Streams XML feeds. But this technology isn’t just for the consumer web environment. As corporate intranets and internal software become more social, solid business reasons support implementing Activity Streams as a feature. This article describes Activity Streams in detail, considers its potential uses in enterprise environments, and provides some examples for interpreting Activity Streams feeds using PHP.

The full article is over here.

Related entries

• Write real-time web applications with XMPP, PHP, and JavaScript (0)
• Direct messaging in a social web architecture (3)
• Activity Streams and OAuth: a social web architecture (3)

• Status.net
• DiSo
• 6D
• Kopal
• DSNP
• Noserub
• Appleseed
• OneSocialWeb
• Diaspora (included for completeness, but there isn’t any code yet)

Wow, that’s a lot! And following Diaspora’s flurry of both coverage and cash, you can bet there’ll be plenty more to come. But of all the projects listed above, I’d argue that only Status.net is orientated around consumer need. As a result, it’s the one most likely to survive, become self-sufficient and prosper. Several more – including DiSo and DSNP – are seeking to build out technologies that can support such products, rather than the products themselves. DiSo is certainly working with other vendors and projects, is full of super-smart people, and should do very well.

However, the others are basing their product on ideology and technology rather than a human use case. I worry that a lot of these projects will disappear – which is a shame, because they’re all doing great work.

Here’s a use case distinction I’ve been thinking about:

• A social networking platform allows you to communicate and share with a specific group or community.
• Distributed social networking software allows you to store and organize your own content and – optionally – share it with whoever you like.

Or to put it another way, in social networking platforms, sharing is the feature. In distributed social software, sharing is a feature. The two use cases are genuinely different: rather than being a competition between “monolithic” social communities and distributed social software, they’re used for different things. There is a place for both in the ecosystem – and there’s no real reason why they can’t work together.

As I pointed out in The Internet is People, in order to be successful, any social software you build either has to plug into an existing community, or be useful for the first user who joins. In distributed social software, you only ever have one user: distributed sharing, then, should be a piece of infrastructure that can be plugged into any kind of software.

Related entries

• Building the user-centered web (8)
• Facebook location vs the ACLU (0)
• Direct messaging in a social web architecture (3)

A little pre-history

When I was a kid, I had an Atari 130XE. You’ve probably never heard of it. It was an 8-bit, all-in-one box that booted straight into BASIC; a flexible, well-built, sturdy computer.

There was just one problem: it wasn’t a ZX Spectrum or a Commodore Amiga.

At the time, Britain was undergoing a low-budget computing renaissance. Bedrooms up and down the country were filled with skinny boys (and yes, it was mostly boys) noisily loading games from cassette tapes and dutifully copying down source code listings from specialist magazines. The two engines of this renaissance were the Spectrum and the Amiga, and as such, the games, the tutorials and the social infrastructure were built for these two machines. Perhaps this helped me become more of a creative self-starter: I wrote my own games and stories instead of consuming other peoples’.

Later on, 16 bit computers became popular, and everyone upgraded to the Atari ST: a home machine powerful enough for creatives and musicians, but cool enough for game-playing kids. Except, perhaps inevitably, we had a PC. Running DOS. With a black-and-white Hercules display. Great if you wanted to plug economic figures through a spreadsheet, but lousy if you were a twelve-year-old who was mostly interested in playing The Secret of Monkey Island. Not only was the wholly PC incompatible with the Atari ST, but the PC was actually incompatible with itself: a game that worked on PCs with an EGA or VGA screen wouldn’t work with CGA or Hercules. Back then, the parts inside your computer were at least as important as the operating system you ran or the software you bought.

Plug and Play

Through heavy force and heavy lifting, Microsoft changed all that. Windows 95 was the first widely-accessible operating system that unified hardware platforms. Sure, you had to have an Intel-compatible processor, and it took them a while to get it right (for a while the system was redubbed “plug and pray”), but you didn’t have to mess with configuration files to get your computer working. This was a Big Deal.

Today, we’re used to not having to tinker with our machines. Windows will adapt to just about any hardware you throw it at, and even Linux has become an easy-to-use operating system (relatively speaking).

Better yet, we have data portability: in my house we’re running Windows 7, Mac OS X and Ubuntu, and I can move my documents between them interchangeably. Thanks to the web, and Java before it, we even have applications that don’t care what kind of operating system they run on. For an end user, things just work. That’s exactly how it should be.

Finally, computing is simple, data is interoperable and consumers are in control.

Uh oh: enter the portables

So just as we get a unified computing platform that’s easy to use and relatively simple for consumers to navigate, in comes a new device market that’s as fragmented and consumer-unfriendly as the computing market was in the eighties.

Android. iPhone OS. Windows 7 tablet edition. Windows Embedded Compact. Windows Phone. WebOS. ChromeOS. Kindle OS. Whew! It’s like 1986 all over again.

As a publisher or developer, figuring out which device to build for is a headache. Each one has a different operating system, possibly a different app store (something nobody had to worry about in the eighties), and a different set of underlying technologies. Do you exploit the iPad’s current success and develop for the locked-down Apple platform? Do you take advantage of Amazon’s huge built-in market and write a Kindle app? Do you hold out and wait for HP’s exciting-looking WebOS-powered tablet (which caused a storm recently by publicly moving away from Windows)?

Plug and Play (again)

The truth is, market forces are going to apply the same pressures to the mobile market that the personal computing sector felt in the early nineties. This story has played itself out several times now: one platform will emerge victorious. Judging by the lessons learned by IBM with their Personal Computer architecture, and both Microsoft and Linux for operating systems, it’s likely to be one which is:

• Open: anyone can add it to their system for little cost, allowing hardware manufacturers to maximize profits by concentrating on the device itself rather than the ecosystem around it
• Sustainable: it’s powered by a solid business ecosystem that will ensure the longevity of the platform
• Friendly: it’s a system for everyone, not just hobbyists or developers
• Flexible: it can be used in multiple contexts, from living rooms to science labs

By this measure, Apple is condemned to be a niche player, operating at the premium end of the market. Sure, right now technophiles everywhere are salivating over the iPad, but that will last until someone comes out with something nicer. In any event, Apple’s grasp is limited to the wealthier western nations – there are far more people seeking more affordable devices waiting in the wings in other places. The third world computer revolution is very much underway.

My bet, of course, is on web technologies. But it isn’t necessarily on the Internet: it’s time we separated web technologies from the World Wide Web. Indeed, connectivity isn’t ubiquitous, and isn’t likely to become ubiquitous world-wide for a very long time. Therefore, the ability to download, install and run apps offline, as we always have with software applications, is incredibly important.

With its Chrome Web App Store, Google is leading the way, and showing that it understands what it takes to create a next-generation application platform. It’s also shown leadership over HTML 5, which it is clearly investing in as a genuine method for powering both content and software. The genius is this: anyone can build using web technologies, and web technologies can run on virtually any hardware. Google makes its money through value-added services, like advertising (to allow both device manufacturers and software developers to supplement their incomes), its app store and underlying logic via some powerful APIs. It’s not an operating system, but for most end-users, they’re making the operating system irrelevant: it’s simply the thing that runs the web browser.

My advice: ignore the hardware

Computers as we know them today will always exist, but they won’t be for everybody. If you’re developing for non-technical end users, the plethora of hardware devices available to you is a red herring. You should be thinking of the web as the platform your products will be based on. Make no mistake: you need to become an expert in web technologies now – or, of course, find someone who is.

Images:

• My ‘new’ Atari 130 XE by qnr, released under a Creative Commons license.
• HTC Tablet PC – evolve by nDevilTV, released under a Creative Commons license.
• Amazon Kindle & Sony eBook by jblyberg, released under a Creative Commons license.
• iPad & Friends by Yutaka Tsutano, released under a Creative Commons license
• Web browsers by smemon87, released under a Creative Commons license

Related entries

• So why do we need apps anyway? (3)
• Charging for software in the age of web apps (2)
• Some alternative views of the iPad (1)

NB (May 20, 2010): A lot of my suggestions for web-based apps are part of the Google Chrome Web App Store. In fact, the .crx file used there is a zip file with very similar characteristics to epub. (I assume, as Chromium is open source, that .crx files are also open source – so the web app store is not limited to Google.) This post can be reread as an argument for building for the Web App Store.

At Intersection: Publishing in London the other week, there was a lot of discussion from publishers looking at mobile apps as their mobile publishing solution. Rather than creating ebooks, there seemed to be a general feeling that dedicated applications presented more of an opportunity for richer content, while closing the door to pirates and ensuring that publications remained a paid commodity.

The piracy argument is kind of spurious: although app stores tend to be locked down, this presents a false security blanket for publishers. It only takes one person to crack a store for piracy to be generally possible; technology only ever becomes less secure over time. A cynical person might suggest that the piracy argument is largely spread by the people who own the app stores or provide related services. The people who will suffer are authors and publishers.

Why apps rock

However, there’s definitely an argument for using apps – not just for publishers, but for anyone who wants to create dynamic content. Anyone who’s ever owned an iPhone will tell you that native applications can still provide a smoother, more consistent experience than a web app, without the hassle of remembering website addresses or waiting for pages to load. Tweetie is a million miles better than Twitter’s mobile website – something they themselves acknowledged when they acquired the iPhone application last month.

Above, mobile Twitter is on the left; Tweetie is on the right.

• The app doesn’t need to load its interface from the web; only the underlying data is downloaded, meaning the app can appear instantaneously, loads data faster, and provides a better user experience.
• The mobile web app needs to sit within the browser chrome (URL and search boxes, browser buttons on the bottom, and in my case, a debug toolbar). The app, on the other hand, has a full-screen UI dedicated to Twitter.

Why the web rocks

The mobile landscape right now is a bit like the personal computing landscape circa 1985. There are a bunch of different platforms to code for:

• Apple iPhone and iPad
• Android
• Symbian
• Windows Phone
• Blackberry
• WebOS (now more important in the wake of HP’s acquisition)

Each of these platforms is different under the hood, and must be developed for separately. Most developers and publishers can’t afford to do this – there isn’t a way to write once and cross-compile to many platforms at once. In fact, Apple recently specifically forbade this: if you’re developing an Apple app, you’re doing so natively, or you’re violating that platform’s terms of use.

However, each of these platforms have one thing in common: they support the web.

HTML5 and ePub: a new platform for apps

As you’re probably aware already, the upcoming HTML5 standard revises the web platform to become far more suitable for apps. Improvements include:

• Methods for offline and cached usage (so interfaces can load immediately)
• Built-in databases and storage (so web pages can natively store their own data)
• A paintable canvas element and WebGL 3D graphics functionality (so web pages can display interfaces more like real applications; the 3D shooter Quake II has already been ported to native HTML)
• Native video and audio support (no Flash required)
• Websockets (a more efficient way to connect to Internet data from web pages)
• Built-in support for advanced functionality like geolocation

This is a big deal. Compliant browsers like Firefox, Safari, Chrome and even the upcoming Microsoft Internet Explorer 9 will be able to run applications that look and feel like native software but are powered by web standards. Between those browser engines, that’s most of the mobile platforms covered: those that don’t have an HTML5 browser built in by default should have one available to download. What’s more, both Firefox’s Gecko HTML rendering engine and the WebKit engine that powers both Chrome and Safari are open source, so anyone can pick them up and build software around them.

So sites on the wider web can be more like applications. That’s fantastic news in itself, but what about the app store model? A lot of people depend on that for revenue, and there’s no reason why that should be incompatible with using web standards.

Luckily, it turns out that ePub – the ebook standard – is really just a bunch of XHTML 1.1 pages drawn together in a specialized way and bundled up in a modified zip file. There are already established best practices for buying and selling ebooks.

If the ePub standard was updated to allow HTML5, it would evolve into a format for self-contained, multi-platform apps that could be sold in the same way as ebooks, music, videos, or apps in something like the iTunes App Store. Except app publishers would only need to build once to support many different kinds of mobile platform, thereby reducing the barrier to entry and allowing their budgets to be concentrated on building just one really awesome piece of software instead of spread across multiple devices.

This would be in a lot of peoples’ interests: app publishers, device manufacturers, browser vendors and consumers alike. There’s a lot of money tied up in a venture like this. The only question is, will the International Digital Publishing Forum, which controls the ePub standard, be foresighted enough to see this opportunity?

Update: Steve Jobs weighs in

Apple’s CEO has written a little about why HTML5 is the future of mobile apps (albeit in the context of his platform’s refusal to support Flash):

HTML5, the new web standard that has been adopted by Apple, Google and many others, lets web developers create advanced graphics, typography, animations and transitions without relying on third party browser plug-ins (like Flash). HTML5 is completely open and controlled by a standards committee, of which Apple is a member.

[…] Flash was created during the PC era – for PCs and mice. Flash is a successful business for Adobe, and we can understand why they want to push it beyond PCs. But the mobile era is about low power devices, touch interfaces and open web standards – all areas where Flash falls short.

[…] New open standards created in the mobile era, such as HTML5, will win on mobile devices (and PCs too). Perhaps Adobe should focus more on creating great HTML5 tools for the future, and less on criticizing Apple for leaving the past behind.

Make no mistake: HTML5 is the platform to bet on.

Related entries

• Devices and desires: why the portable device wars are a red herring (2)
• The future of publishing (1)
• Intersection: Publishing is today! (0)

So what about direct messaging?

In my previous post, I described content notifications in the social web as being Activity Streams updates in response to requests signed with an OAuth key. Each individual contact would have his or her own OAuth key, and the system would adjust delivered content depending on access permissions I had assigned to them.

A private message in this architecture could just be represented as an item of content restricted to a small set of recipients (in the email use case, this is typically just one), with replies delivered using Salmon. The advantage of this approach is that the message doesn’t have to be text; it can be audio, video, a link to live software, or something else entirely.

However, while this is technically feasible, it may not always be desirable. We know from Google Wave, which also pushes the boundaries of person-to-person messaging, that an open definition of what a message contains can get very messy very quickly. Although I was one of the first people to have one, I no longer check my Wave account regularly. I believe this is mostly a user interface issue: Wave is an awesome collaborative document editor (what I’ve heard described as “a massively multiplayer whiteboard”), but not in any way the evolution of email that its development team claimed.

Therefore, I think it’s useful to think about the difference between a document and a message:

• A message is the body of a communication.
• A document is a bounded representation of some kind of information.

While in many ways they’re the same, I think it makes sense to make a separation on the UI level. As we’re discussing a decentralized architecture here, some kind of semantic marker in our activity stream feed to mark something as a message would be a useful feature.

Messaging “out of the blue”

You know where you are with an email address. Mine is ben@benwerd.com. Anyone who encounters that string of characters, whether on a website like this one, a business card or a scribbled note on a piece of paper, is able to send me a message from anywhere in the world. In the 17 years I’ve had an email address, the list of friendships and business connections I’ve made, and opportunities I’ve received and developed, through this simple mechanism has been uncountable. It’s also likely to continue far into the future.

Compared to this, visiting someone’s social web profile and sending them a message from their web presence is a hassle. Compare these steps:

1. Receive the address of someone’s profile
2. Click the “follow” button either on the profile itself or on the toolbar of your social web compatible browser
3. Wait for the contact to follow you back
4. Send your message

To:

1. Receive someone’s email address
2. Send a message to that address

It’s simple, ubiquitous, decentralized and universally compatible. In fact, it seems hard to improve on, doesn’t it?

However, as this is a thought experiment about how social networking can replace email, let’s see if we can simplify this process somewhat. In my previous post, I discussed how a connection could be established with OpenID and OAuth through a web-based interface on a social web profile. How can we make this as simple as emailing someone, and cut out most of the steps I’ve listed above?

Connecting programmatically

I propose two additions to my previously discussed mechanism. The first is to expand the connection protocol to include a message. If someone connects to me on LinkedIn or Facebook, I receive some explanatory text from them, so it makes sense to include this feature in our decentralized social web architecture. It is likely that this would be an added parameter to the OAuth request token procedure.

The second is to allow connections to be made programmatically through a custom application. Just as we use email clients now, a social web client could automatically send a connection request. In keeping with our principle of using existing technology where possible, this is a simple OAuth connection request from the application, which includes a user message as described above. The application knows our details because we’ve set our preferences, so we’re never visibly redirected to a web browser to complete authentication. (In fact, this could take place using xAuth, a version of the OAuth protocol being developed for just these sorts of browser-free use cases.)

Whether we can send a follow-up message now depends on the receiving party. We have our OAuth token, and while it remains valid, the receiving social web node may choose to ignore any follow-up requests.

Our procedure has become:

1. Obtain address of someone’s social web node (you could even infer it using WebFinger)
2. Send a message to that node, bundled with a connection request

This is significantly better, and is comparable to the simplicity of email.

You may be wondering about the wisdom of adding everyone you contact as a connection. In fact, there’s some precedent for this already in applications like GMail. It’s important to note that not every connection need be a friend: in some ways, you can think of your total list of connections as your contact book. Some are important, some can be safely squirreled away until you need to contact them again. In this context (or any context where people you have a relationship with and people you’ve contacted are merged into one set), an adequate person management interface – or CRM to you and me – becomes important.

Next, and finally: let’s make our distributed social web architecture reliable enough to use in enterprise environments, using message queue protocols like ZeroMQ and AMQP.

Related entries

• Activity Streams and OAuth: a social web architecture (3)
• How social networks can replace email (11)
• Social networking: beyond the silo (1)

• Ease of use
• Ubiquity across devices
• Platform, service and infrastructure independence

My argument boiled down to the following statement:

Email has succeeded because it’s open, standard and decentralized; for social networks to replace it, they must also be open, standard and decentralized.

Email is useful because just about everybody has an email address. I can get in touch with my clients in London, my friends here in Oxford or my grandfather in Austin, Texas, with equal ease, even though all of them are using different infrastructure and software provided by different companies. I use Gmail, but there doesn’t need to be any kind of formal agreement between Google and whoever’s providing my grandfather’s email, say. It just works; nobody owns email as a communications method, and anyone can set up an email server. The same is true with websites: anyone can set one up, and nobody owns the web.

For social communications to be as popular and ubiquitous as email, there must be one social web, and it must be owned by nobody. That means that each socially-aware site or application must implement the same social communication standards.

The best standards aren’t dictated: they evolve through common usage. If you look at HTTP (the protocol that the web relies on), SMTP (one of the protocols behind email) and file formats like RSS and HTML, the common thread behind them is that they’re simple. It turns out that through excellent work at companies like Google, Plaxo, SixApart, Twitter, JanRain and – perhaps incredibly – JPMorgan Chase & co, we already have a number of technologies that collectively embody the properties I listed above.

Notes and server architecture for one possible social web

These are my ideas about how these standards might be used. These aren’t intended as replacements for existing social networking platforms or services; rather, they could easily be added as additional features both to those and to many other types of application. The ability to share isn’t a uniquely required feature of social networking software – think about its usefulness in applications like Word or Google Docs, for example.

With email, you use a software client (Outlook, say, or the Gmail web interface) that speaks to an email server which does the hard business of sending and receiving messages to and from the wider Internet. Here, I will be describing a system where everyone has their own node on the social web, which effectively acts as a client and server. Mine might be here at benwerd.com, for example. It’s my website – my profile on the social web – and it’s where I send social communications. That’s the server side. However, it also acts as the client when I’m accessing resources stored on other peoples’ servers.

Establishing connections and granting permissions

Let’s say I want to make a resource available to my clients. With email, I’d send them each a separate copy. This is both insecure and inefficient: I have no control over what happens to that copy, and each time I send it I create a new version. With some back-and-forth, there could easily be ten or twenty individual copies of a document floating around. (I often bounce software specifications – typically Word documents – around with my clients, and this is something that happens to me regularly. Google Docs is probably a better solution, but not everybody has a Google account.)

With the social web, only one version needs to exist, which I own. If my clients have established a connection with me, I can restrict that resource so that only they may see it. The tricky bit is that in order to know if it’s really them, they must be authenticated in some way.

In monolithic systems like Facebook, where everyone uses the same website, that’s easy: my client must be logged in, and we must have established a friend connection. In a decentralized system, that’s a much harder problem, but not insurmountable. Two technologies will help us:

• OpenID: the open, decentralized authentication standard, which currently uses a website address as a kind of universal username
• OAuth: an open protocol that “allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their username and password.” OAuth provides a secret token to applications that they can use to access authenticated services and resources behind the scenes

Specifically, we’ll need OpenID Connect (or, until that’s up and running, the OpenID / OAuth hybrid protocol), because we’ll be using OpenID to authenticate, OAuth to power our decentralized access permissions, and a number of other protocols and endpoints along the way. It’s much neater if these are all established at once.

Making friends and getting updates

The process would work in the following way. Let’s say I want to make a connection with my friend Marcus Povey.

1. I visit his site, and see that he is displaying a “connect to me” icon, indicating that it is a node on the social web. Later on, perhaps my browser would detect that this was a social web node in the same way that most browsers detect RSS feeds today, and light up an icon. Chris Messina has started a five part series on the browser as a social agent, which is worth a read.
2. Either way, I click on “connect to me”. Marcus’s site prompts me for the address of my profile, which I enter. (Later on, my browser does this bit for me.)
3. My profile address is an OpenID, and through the authentication process my social web node receives an OAuth token from him. No further authentication is required.
4. On his social web node dashboard, Marcus sees that I’ve established a connection with him. He can ignore it, in which case nothing happens, or he can mark me as a friend (or any other arbitrary designation, which could be unique to the software he’s using).
5. My social web node periodically checks for activity updates from Marcus’s, signing each request with that OAuth token so it knows who I am. This may be at my direct request; through repeated polling, RSS-style; or the update may be pushed to me through a PubSubHubbub ping.
6. Depending on the assignation he’s given me, Marcus’s node either responds with just a feed of public activity (if he’s ignored the request), or with additional activity he’s allowed me to see, in Activity Streams format.
7. Marcus can change my assignation or withdraw my OAuth token at any time from his dashboard. (Of course, throughout all this, the OAuth token mechanism is invisible to both users: it’s simply presented as a social connection.)

Embedded content and interacting directly on other social web nodes

Activity Streams is based on Atom, so content for items like blog posts (and resources like photos, using Atom Media) can be embedded directly in the activity feed. (Rob Dolin from Windows Live has some great examples.)

However, not all content is standard enough to be embeddable. In those cases, I can simply click through from Marcus’s activity update to his site, possibly log in again using OpenID, and interact with the content there. Additionally, by allowing users to log directly into his site via OpenID, Marcus can show selected people restricted content even if they don’t have the full range of social web software.

Friends lists and commenting

Further standards help us add extra functionality. If Marcus gives me permission, I might be able to download his contacts via Portable Contacts. Salmon is a protocol for commenting on distributed resources and allowing those comments to find their way upstream to the original, which is compatible with Activity Streams. Using this, I might be able to comment on Marcus’s activity items from within my dashboard and have them show up in his. Through this mechanism, all his friends could have a conversation on his activity stream items.

Reliability

So far, so good: we have a simple technological basis for permissive social communications. But if the social web is really going to replace email, we have to address one of the most important features for enterprise users: reliability. Businesses will not accept their critical communications being subject to fail whales.

In my next posts in the series, then, I’ll discuss person-to-person messaging and the thorny issue of guaranteed delivery.

Related entries

• Direct messaging in a social web architecture (3)
• How social networks can replace email (11)
• The Open Stack and truly open APIs (0)

A podcast is just an RSS feed with a file enclosure – part of the RSS standard – that points to an MP3 file. Similarly, video podcasts point to video files. An obvious evolution, then, is the pubcast: periodical publications delivered through RSS feeds.

Free publication subscriptions

In the free case, a user would simply subscribe to a public pubcast feed with a compatible reader. The reader software would check regularly for updates, and new publications would be downloaded and fed into the user’s ereader software on release. Easy.

Paid publication subscriptions

In the case of paid publications, there are two options:

An authenticated pubcast feed. When you subscribe to a publication, you get an address to an RSS feed that requires a username and password to download content. (Gmail is an example of an application which already does this.) This authentication ensures that only paid subscribers can access the file, but you could go a step further and watermark the publications themselves.

Activation within the ebook file. The RSS feed itself is public, but each downloaded publication could require an access code to read. This would open the door for public feeds of paid journals, where users could buy each issue individually to read.

Making subscriptions an open standard

Either way, this approach would allow any ereader using any compatible software solution to subscribe to periodicals. It could be used for newspapers, magazines, journals, zines, or new kinds of periodical; they could be hosted anywhere and, in the case of paid content, use any payment provider. I love reading, but dislike monopolies, so this is something I’d like to see.

Related entries

• The future of publishing (1)
• Intersection: Publishing is today! (0)
• Intersection: Publishing (0)

One: this isn’t a device for the tech community. I think Rafe Colburn hits it on the head:

It’s just an iPod Touch with a big screen, but that’s all that many people need from a computer. You can use it to surf the Web, read email, listen to music, watch video, or compose documents. That’s the personal computer use case for many people. And I think a lot of people are going to buy them.

He goes on to discuss the locked-down nature of the device, which I agree is a setback that may have a profound impact on the consumer computing industry. (On the other hand, as Yehuda Katz argues, this is a major win for standards-based web applications.)

Two: for me, the big news wasn’t the iPad at all. It was iBooks: Apple’s new iTunes-like store for ebooks. You may remember that iTunes pretty much revolutionized how we buy music, and this is the same; the books are stored in the open ePub standard, so they’ll play with other ereaders, and the experience is seamless. (You almost certainly won’t need an iPad to buy from iBooks.)

Mashable notes that some big players are on board:

iBooks is backed by big-time launch partners Penguin, Simon and Schuster, HarperCollins, Macmillan and Hachette, all publishing powerhouses in their own rights.

You can think about the iPad as a kind of $499 catwalk model, that other devices will slowly emulate over the next couple of years. But iBooks? That’s a store that anyone will be able to use right away, which just might change the publishing industry forever.

Photo by kennymatic, released under a Creative Commons license.

Related entries

• Devices and desires: why the portable device wars are a red herring (2)
• So why do we need apps anyway? (3)
• The future of publishing (1)

At launch, Data.gov.uk has nearly 3,000 data sets available for developers to build mashups with. The U.S. site, Data.gov, has less than 1,000 data sets today.

[…][Unlike the US equivalent, the site] includes 22 military data sets at launch, including one called Suicide and Open Verdict Deaths in the U.K. Regular Armed Forces.

However, these are raw datasets. As Paul Clarke points out, the site only pays lip service to openness until someone comes along and turns these sets into useful reports and applications:

The only test of real success is: use. Not usefulness. Not theoretical use. Real use. Getting beyond the novelty application, the demonstrator, and the hobby lies at the heart of really untapping the potential of data.gov.uk.

Indeed, the figures that Techcrunch Europe report suggest that turning this data into something useful may be harder than it sounds:

So far over 2,400 developers have registered to test the site and provide feedback, [while] 10 applications have been created.

I left a comment on Paul Clarke’s post pointing out some potential pitfalls that may inhibit innovation, including the government’s insistence on licensing the data under Crown Copyright and their impartiality regarding Twitter. There’s also been some criticism around the lack of a common data format for each feed (although the RDF triple proudly displayed on the front page suggests this is likely to change).

Nonetheless, I believe this represents a huge step forward. Turning raw materials into useful, compelling applications that improve the users’ quality of life requires a huge amount of creativity and talent, and providing the data feeds in the first place is a crucial first step.

You can list all the available datasets here.

Related entries

• The mechanics of "open" (0)
• Public IT project hell: let’s make government work for us (1)
• Direct messaging in a social web architecture (3)

Back in 2005, Daring Fireball’s John Gruber described Google’s business as follows:

Judged by their profits, Google is an advertising company. They don’t profit from search, they don’t profit from software. They profit by selling ads. This isn’t to belittle them — I think Google is a terrific company, and they are profiting handsomely from ad revenue ($369 million last quarter). […] If Google has a platform, it’s an advertising platform, not a developer platform. I’m not even saying Google should have a developer platform — I’m just saying they don’t.

Fast forward to 2009, and Internet advertising is beginning to fail, declining slightly during the first half of the year. Sites like TechCrunch were quick to herald its demise with articles like Why Advertising Is Failing On The Internet, which declared:

My basic premise is that the internet is not replacing advertising but shattering it, and all the king’s horses, all the king’s men, and all the creative talent of Madison Avenue cannot put it together again.

It’s become clear that for a lot of purposes, advertising is not a viable or useful business model. Although it may still be suitable for very high-volume, mass-market sites and applications, it’s almost impossible to make money through advertising with niche or specialized content in most areas. (Some areas, like real estate, remain relatively lucrative.) Additionally, targeted ads require the advertising software to track your activity and store data about you, which more consumers are becoming concerned about. And perhaps most importantly of all, nobody actually wants to see ads – and advertisers are having to become more creative and invasive in order to compensate.

Similarly, if you want to make headway in the enterprise or educational spaces, targeted ads are inappropriate or impossible, for legal and policy reasons. For publicly-funded organizations like educational institutions, allowing commercial companies to track users is an ethical nightmare. For private enterprise, the data collection required for ad targeting is unacceptable, and the visual presence of advertising threatens their brands.

However, they are willing to pay for software, to the tune of $222.6 billion worldwide.

Boldly going to the enterprise & paid software.

The web is fast becoming a viable platform for applications: rather than visiting websites, we are increasingly using applications that happen to use the web as an interface. Google is at the forefront of this change.

On November 11, Google announced SPDY, an “embrace and extend” version of the HTTP protocol that underpins the web (it’s how browsers and web servers talk to each other). This new version has numerous tweaks that result in pages that load up to 55% faster – important if you’re trying to build responsive applications with web interfaces. Google have also been betting big on HTML 5, which extends the web’s UI infrastructure to provide support for a much richer experience without falling back on plugins like Flash. Two of the most important requirements for enterprise applications that use a web-based interface are offline capability (the ability to use the application with no Internet connection) and support for concurrent processes (allowing your web interface to perform more than one task at once). HTML 5 has both.

Google has evolved from a consumer search and advertising company, into one that provides enterprise infrastructure applications. Its plan is clearly to dominate Microsoft’s leadership and become a bona-fide software power. Recently, Microsoft has been playing catch-up, by including web-based versions of its applications in its enterprise Sharepoint intranet offering. It has also be moving against the tide by planning on offering advertising-supported versions.

Google’s CEO, Eric Schmidt, told the Garner Symposium last month why it was charging for their enterprise applications:

"Enterprise is a huge priority for the management team and me personally […] It’s the next big billion-dollar opportunity after our display (ad) business. […] We looked at ad-supported enterprise applications and decided most corporations would not be comfortable with random ads showing up on somebody’s desktop."

The web is moving away from advertising.

It’s not just Google that is moving away from a purely ad-supported, consumer strategy. Markus Witte, co-founder of the language learning portal Babbel, wrote on their blog about adjusting their business model:

Our plan, in fact, was to partially finance Babbel with advertising. We intended to provide a “freemium” product that would have a basic version that was public, while providing additional premium content for those who might want to dig deeper. But now we see this just doesn’t work. It simply is not possible to build a high-quality online learning environment while simultaneously selling ad space effectively. We tried to bring these two objectives together. But ultimately we had to accept that a business model appropriate for social networks and news services is plain wrong when applied to online education.

The numbers speak for themselves. The US paid e-learning market has been estimated to be worth $16.7 billion in 2009 and has a relatively small number of players; the US advertising revenues for the Internet as a whole were estimated to be $10.9 billion for the first half of 2009. (That’s $10.9 billion to the advertising companies, rather than the amount content and site owners see, which will be a subset of that amount.) When you run a startup company, you can either put your trust in display advertising and number of eyeballs looking at your site, or you can employ a sales team and ask for cash. Entranced by the model that Google originally promoted, Babbel tried the former, and discovered that it didn’t work; recognizing that they were a software company rather than a mass-media outlet, they then reverted to traditional business methods.

Using a centralized software service for non-core activities like language learning is probably fine. However, enterprise organizations can be uneasy about trusting software hosted by third parties (in what’s almost ubiquitously called “the Cloud”). Blog posts and photos are one thing, but it’s quite another to place your internal strategy documents, confidential discussions and financial data on servers owned by another firm with no real guarantee that they’ll remain unseen by prying eyes. It’s also insecure on a technical level: by using the Cloud, you’re outsourcing the fidelity and availability of your data. A much more preferential option would be to gain the ease of use of web applications, but store them securely on local infrastructure.

Open source software is commercial.

Later in Markus Witte’s post, he discusses some of the things that are successfully given away for free on the Internet; among them is open source.

In contrast to Open Source software and Creative Commons, where developers and authors often work for free, ad-sponsored services are designed to make money – and they do. […] But there is another, more insidious, drawback of ad-sponsoring that is less visible to the naked eye: the true customers of these ad-sponsored services are not the users but rather the advertisers. And as everywhere else, the Customer is King.

His remark about open source developers is a misconception: most open source development is done for profit. For example, over 70% of Linux kernel development is done by paid professionals, with a commercial goal in mind. This may be the basis of directly commercial activities like support; a market-based goal, for example to diminish Microsoft’s share; or it may be to ensure the longevity of the infrastructure that a company relies on. (More web servers are powered by open source than not; Netcraft reported this month that 55.33% of active websites are running Apache.) Make no mistake: open source is a business model – one that marries the free ethos of the Internet with paid commerce.

The most common open source business strategy is to use your “community edition” – the unadulterated open source software – as a loss leader that brings users to your commercial products and services. Releasing your software under an open source license theoretically means you gain a community of developers; if your software doesn’t work in a particular set of circumstances, they will often contribute back a fix for the problem. They may also contribute plugins and extra code that extends the functionality of your product. They get software that works for them (and the security that they can always use and modify the code to fit their needs); you get a wider market that you can sell commercial services to, using a wider, more solid set of functionality. Whereas, as Markus points out, the advertiser is king in ad-supported software, in open source the user is king.

Here are some examples you’ve probably heard of:

• The database software MySQL is released for free under the GNU Public License. Unusually, you’re allowed to mix and match it with software released under other open source licenses (but not closed-source software): they really want their product to spread. This is because they’ve got commercial options based on training, certification, partner agreements and consultancy services, as well as extra features for power users that aren’t available in the community product. (See the article MySQL’s Quid Pro Quo.)
• Ubuntu is a version of Linux designed with ease of use in mind; it riffs on the interfaces of operating systems like Microsoft Windows and Mac OS X. Canonical, the company behind it, make money through extensive commercial support and partner services. The partner ecosystem is their main bread and butter; the more companies pay, the better access they get to the core Ubuntu team and project strategy, marketing materials, rights to use Ubuntu branding and so on. In turn, those things help the partner companies earn more through their downstream Ubuntu services.
• Android is an open source operating system sponsored by Google. Although it’s mostly been used on mobile phones so far, it can actually run on a much wider range of devices; Android-powered netbooks are beginning to appear. This has the benefit of holding back Microsoft’s market share – Google is positioning its application suite, which is paid software, against Microsoft Office. (Windows 7 is said to run well on netbooks, and Google will soon have two open source netbook operating systems out: Android and Chrome OS.) There is also a directly commercial component: although Android is open source, it has direct links to Google’s consumer applications like Gmail and Calendar. Those applications, both within Android and on the web, are not open source, and must be licensed.

There are many more. Check out Network World’s list of 10 open source companies to watch, and note that one thing links them: they are all providing services aimed at the business market.

Charging for web-based software.

Google and Microsoft have both demonstrated that the market is ready for web-based business software: products that have the benefits of the web (you can access it from anywhere, on any compatible device) but are designed with the needs of enterprise organizations in mind. It must be secure, have the ability to be installed on an organization’s own infrastructure, and have a solid business model that ensures longevity of the product.

I also strongly believe that an open source development and licensing model, when coupled with a strong commercial strategy from the outset, is a great way to build a product’s feature set, userbase and reputation on the kinds of budgets that web startups are used to. It also makes it easily available to students, as well as a vast talent pool in places where buying software at western license prices is a trickier proposition; two groups that can be invaluable for promotion, feedback and involvement.

Finally, the commercial open source model for web-based applications allows you to easily create an ecosystem: if you create a compelling application that really does have a solid business model, other companies will be very interested in taking a cut. The more people who have an interest in your product succeeding, the better. If you give them a solid commercial reason to invest upstream, and create a great product that makes end-users’ lives easier, everyone wins.

Related entries

• Devices and desires: why the portable device wars are a red herring (2)
• Using game dynamics to drive participation (2)
• Direct messaging in a social web architecture (3)

The T-Mobile storm

Over the weekend there’s been a storm surrounding the T-Mobile Sidekick, which is produced by Microsoft’s Danger subsidiary. It turns out the device stores the primary copy of data like calendar and address book information in the cloud rather than on each device; perhaps a fair proposition if you knew you could trust Microsoft’s servers. Unfortunately, said servers went down last week, and Microsoft didn’t have a working backup. Sidekick users suddenly found themselves without their personal information.

Is cloud computing safe?

Understandably, this has sparked a wider conversation about computing in the cloud. AppleInsider summed it up:

More immediate types of cloud services take away users’ control in managing their own data.

While Ina Fried over at CNet noted:

The Danger outage comes just a month before Microsoft is expected to launch its operating system in the cloud–Windows Azure. That announcement is expected at November’s Professional Developer Conference. One of the characteristics of Azure is that programs written for it can be run only via Microsoft’s data centers and not on a company’s own servers.

The issues surrounding cloud computing have been discussed for a while, and aren’t limited to these sorts of accidents; here’s a post I wrote in 2007 about the rights we ought to have over our cloud data. Partially because of the risks involved, and the risk of leaky data, some kinds of organizations and enterprises simply can’t use cloud computing services. (In the UK, for example, check out the requirements imposed by the Data Protection Act.) At the same time, the Sidekick debacle shows there are clear risks to end-user consumers too.

Despite this, the benefits of cloud computing are obvious, particularly for the organizations that can’t use them: device-independent applications and data we can access and use from anywhere.

Can we have the best of both worlds?

The personal computing model is relatively secure: you install applications on your computer, and they sit on your local hard drive, along with your data. Assuming there hasn’t been a security breach, or you haven’t explicitly provided access to your data over a network or through a direct action like emailing it, it’s safe.

On the other hand, because your applications and data are locked away on your hard drive, you generally have to have direct access to it in order to use them. There are remote desktop solutions like VNC, but these are clunky and fairly useless over a low bandwidth connection.

Web applications that store their data in the cloud overcome this obstacle, but lose the security of sitting on your own computer.

What if there was a halfway house between these two situations?

The personal web server that works

Theoretically, anyone can run their own web server, right now, that allows them to install web applications in a more secure, controlled environment and access them from anywhere. But there are some very good reasons why they don’t:

• You need system administrator skills, usually on top of Linux skills, to do it.
• Web applications – even relatively easy-to-install ones like WordPress or Elgg – are fiddly. There are configuration files, directory permissions and (potentially) source repositories to contend with.
• The web applications you can install on your own server are often not as good as the ones you can get in the cloud.
• When something breaks, it’s your own responsibility to fix it.
• Servers are expensive.

What if we could fix all of these things at once? Enterprises, organizations and individuals could have their own, more secure environment that would allow them to use the cloud applications they needed with fewer security risks, while enjoying the ease-of-use and immediacy that the cloud provides.

One of the reasons everyone’s leaping to copy the iPhone’s app store business model is that it just works. Sure, you’re forced to delegate root control of the phone to iTunes, and the operating system places some seemingly arbitrary restrictions on what applications can and can’t do. But the handset works, and installing software is easier than on any other platform. The truth is, most ordinary users don’t care about those restrictions. Hell, I’m a computer scientist software developer entrepreneur power user, and I’m just happy the thing works. (Context: my previous phone ran Windows Mobile, which doesn’t.)

Imagine if you could get your own server environment that was as easy to use as the iPhone. It would look something like this:

Front end & business model

• You sign up for the service, possibly for a small monthly fee, possibly for free (depending on the service provider). Alternatively, if you’re more technical / an enterprise / an organization, you install it on your own infrastructure. The platform is available for free and could be open source.
• From a secure web-based admin panel, you can add and remove users (although the platform optionally also supports Active Directory and similar standards, as well as OpenID), and install / uninstall applications from a centralized app store with the usual features: ratings, search, similar apps, etc. Installation is one-click, and upgrades are similarly seamless. (That WordPress “what, I have to upgrade again?” problem: solved.)
• Much like the iTunes app store, applications may be free, or may cost a small amount. Applications may impose licensing restrictions based on number of users: for example, the app costs $4.99 for up to 5 users, $19.99 for up to 25, etc.
• As with the iTunes app store, the application store provider takes a cut – and so does the service provider. This creates a strong incentive for multiple vendors to provide hosted services for little cost. It also effectively creates a discount for enterprise, organizational and technical users, who can bypass a service provider. The payment to the web application developer also, for the first time, creates a solid commercial marketplace for high quality web application products, while the free option allows open source vendors to distribute as normal.

Technology

• Behind the scenes, the server runs existing open source technology: Apache, Tomcat, PHP, Perl, Python, Ruby on Rails, MySQL, Postgres, etc. However, there are restrictions on how applications must be structured, behave and share their data. This allows the one-click install and upgrades to function correctly. Importantly, though, users of the system need never worry about the underlying framework.
• The platform has a central data store that all applications may access via an API. This data store is fully exportable, allowing (for example) a datastore stored with a service provider to be moved to an internal setup as an organization expands. As with the iTunes app store, applications are linked to a store account rather than a physical machine, so the application licenses are portable too.

Of course, this wouldn’t replace standard web servers. What it does provide, however, is a simple cloud operating system that simultaneously works in a more secure, dependable way than existing services, would be more acceptable to many organizational users, and provides a genuine business model for web application developers.

The web is now an end user application platform, but still behaves like a lightweight document store. To obtain the level of software customization we all enjoy on our home PCs, a much higher level of technical competence is required. I strongly believe that this situation must change for the web to be a viable commercial application framework.

Related entries

• Social networking: beyond the silo (1)
• So why do we need apps anyway? (3)
• Some alternative views of the iPad (1)

The headlines are highly strung to say the least:

• Twitter Attack Brings a Day Without Social Media (Gawker)
• A Day (Or Hour) Without Twitter Sucks (Twitterrati)
• Twitter Goes Down, Down, Down (Technologizer, who delightfully illustrated their post with an image of an anvil falling on a bird)

The stress of it all made TechCrunch come over all Mr Humphries:

• Oooh Dramatic! Twitter Gets DDOSed

Meanwhile, away from the hilarity, Dave Winer’s developing rssCloud and people are beginning to talk about Laconi.ca. The only model that makes sense is a distributed one: it’s a fundamentally harder problem to bring down a decentralized network, because there isn’t a single point of failure. So far, for example, DNS has remained pretty robust. As regular readers will know, I strongly believe there are very solid business and development reasons for going decentralized, too.

The web is becoming social, and those conversations are becoming more and more important. A malicious user or group shouldn’t be able to take down our conversation platform – or have the ability to dictate its direction. It’s time to think about a better way to build the social web.

Related entries

• Building the user-centered web (8)
• Social networking: beyond the silo (1)
• Facebook location vs the ACLU (0)

A couple of weeks ago, I created a page to test this feature. If your browser is geo capable, this will reveal exactly what data about your location is being sent to web applications that ask for it.

If you’re a developer, here’s how I created the page.

Developing for geolocation in Javascript

The following all occurs in a Javascript code block towards the bottom of the page. You could also include this in the jQuery $() function, if you use that framework – the point is that it needs to execute once the page layout has been written to the browser.

Testing for geolocation capability

To test whether the browser has geolocation capabilities, we need to test for the existence of navigator.geolocation:

if (navigator.geolocation) {
	// Execute geolocation code
} else {
	// Execute code for geolocation not available
}

Getting location data

The actual function to call in order to get the location data is: navigator.geolocation.getCurrentPosition(exportPosition, errorPosition);

Both exportPosition and errorPosition are functions that we must define. The former is called if the location is retrievable; the latter if it isn’t. (You can also omit the second parameter and neglect to have an error handler function.)

The exportPosition function takes one parameter: position. This in turn has a property, coords, which contains all of the major location data:

• position.coords.latitude: the latitude of the user
• position.coords.longitude: the longitude of the user
• position.coords.accuracy: a number representing the accuracy of the latitude and longitude (in metres)
• position.coords.altitude: the altitude of the user in metres above sea level
• position.coords.altitudeAccuracy: the accuracy of the above altitude reading, again in metres
• position.coords.heading: the heading of the user, in degrees clockwise from north
• position.coords.speed: the speed of the user in metres per second

This can then be fed into the functionality of your choice.

For an example of how this can be used, have a look at the source of my test page. Browsers that are known to support geolocation include:

• Firefox 3.5
• Safari in iPhone 3.0

Because geolocation is included in the HTML 5 specification, most browsers will support this soon.

Related entries

• Devices and desires: why the portable device wars are a red herring (2)
• So why do we need apps anyway? (3)
• Charging for software in the age of web apps (2)

Microsoft Office turns to the web

As anticipated, Office 2010 includes web-based versions of applications contained in the suite. These don’t have the complete feature set, but are designed so that company employees can create and make changes to documents (including Word documents, Excel spreadsheets and Powerpoint presentations) on the road.

Web applications: now running in the enterprise

Centralized cloud applications have a difficult time gaining traction in most enterprise environments, and Microsoft have wisely taken note of this: it appears that the web-based versions are installed as part of Sharepoint. By doing this, they’ve allowed organizations to keep tight control of their data, as well as legitimizing web-based applications in the enterprise and revitalizing Sharepoint as an organizational product. In other words this is big news, with sweeping implications across the entire software industry.

Open standards must work for everyone

This is another reason why all open web standards must be browser agnostic. I always argue hard for a transparent browser: one that contains support for web standards, but doesn’t carry any extra baggage for any specific purpose. As web applications move into the enterprise, it’s important that a standard that works on a souped-up Firefox or Chrome browser also works great in Internet Explorer. By integrating web applications into Sharepoint, Microsoft are actually leading the industry, and have made themselves relevant on the web again. In doing so, they’ve opened up an important market, and that can’t be ignored.

Here’s a video introduction (although it keeps going down for me): See What’s New in Microsoft Web Applications 2010.

Related entries

• Microsoft may rule the open web (3)
• The war for the Web (0)
• Charging for software in the age of web apps (2)

Google announced Chrome OS today – an operating system for netbooks, designed to boot up in seconds directly to a browser. Applications run using HTML 5 standards, which include support for offline applications and advanced interface capabilities.

More than that, it’s an attack – not just on Microsoft, but on the old model for operating systems and home computing. The web allows greater ease of use (no application installs!), lower resource requirements (perfect for those netbook CPUs) and instant connectivity. Social functionality becomes intrinsic to all software on the platform, rather than a product in itself. See Building the User-Centered Web for a detailed analysis of how software will change, and why.

Of course, if this revolution happens through Google Apps (or applications hosted on the Google App Engine), running Google advertising and saving to a central Google Account, well, they’ll just have to live with it. I’ve argued before that Google Wave is a Sharepoint killer, but this move makes that positioning explicit; Google is set to directly take on Microsoft. By making the operating system open source, they’ve invited everyone to join in.

It’ll be an interesting battle: while Windows 7 won’t ship with a browser in Europe, Chrome OS is all browser. More broadly, web applications could help with much-needed cost cutting in places like schools and public institutions, so there’s a lot at stake here.

As regular readers will know, I’m very interested in this change, and I plan on getting my hands dirty helping to build a decentralized user-centered web that, like the web at large, is owned by nobody. There’s still more to be done. Watch this space.

Related entries

• Building the user-centered web (8)
• Devices and desires: why the portable device wars are a red herring (2)
• Charging for software in the age of web apps (2)

What is a social network?

I would like to reclaim some language:

Social is an adjective that means relating to human society and its members.

A network is an interconnected system of things or people.

Therefore, I’d suggest that we can define a social network as just being an interconnected system of people.

The audience of this talk is a social network; so are your friends, colleagues, interest groups and so on. Social networking tools facilitate social networks. The universe of social tools certainly includes web applications with social functionality, but it also includes structured face to face interactions, telephone, post, SMS, email. In other words, the web is just one possible tool for this purpose – albeit a very effective one.

If you build it, they will come

You can’t install a social networking tool and instantly expect usage: Field of Dreams is not a good model for community development. The web is littered with ghost sites created using Ning, Elgg and more that have been established in the hope that a user-base will magically appear; however, if your main selling point is the social network itself, nobody’s going to join until that network of people exists and is actively using it. It’s a chicken-and-egg problem.

Therefore, you either need to have an existing network of people to facilitate interactions between (for example, when Facebook launched at Harvard) or compelling functionality that is useful without a network of existing users (for example, Delicious).

If we’re creating a tool that’s useful for the first user who signs up, without a pre-existing social network, then what we’re really talking is a software application that uses the web as an interface, and happens to have social functionality as one of its features.

The web as applications

When the web was conceived, it consisted of documents and pages linked with hypertext: linked words and phrases that, when clicked, would load another, relevant document. Each page had its own Uniform Resource Locator, which allowed you to return to that specific page at any time. Each page could be a destination in itself, and although the sites (collections of pages) could be linked together through hypertext, each one had no need to know about your activities elsewhere on the web. Why would they? Documents don’t have memory; their role is simply to impart information.

Step forward to today, and the web is not entirely made of pages: applications now represent a large amount of the web. (Princeton WordNet defines an application as “a program that gives a computer instructions that provide the user with tools to accomplish a task”; Google Docs, Remember The Milk, Flickr, Delicious etc are all applications by this definition.)

The benefits are tangible: you can access an application’s functionality from any web-compatible device, anywhere in the world. You’re no longer bound to the software you happen to have installed on a particular machine, and you no longer need to worry about whether you’ve remembered to save a particular file onto a particular drive. Because of historic resource limitations, web applications tend to be easier to use, and entirely bypass the need for IT departments, which have unfortunately earned a reputation for being obstacles to productivity in many organizations.

This change of web usage has been reflected in the ongoing development of HTML, the markup language that all web interfaces are written in. The first four versions were largely orientated towards documents; however, HTML 5, currently in development, is the first version that explicitly contains functionality to support web applications. That includes offline storage and usage, sessions, and more advanced interface features. However, aspects of the document-orientated model remain.

Silos of information

Each application is its own atomic destination with its own URL, and is by default only aware of data created within it. That means we need to register for each application we want to use, fragmenting our accounts over potentially hundreds of products and company data centers, and that the documents, files and data we create within them can’t easily be shared with other applications. On my desktop, I can write a document in Word and open it in OpenOffice, or take a Paint doodle and load it in Photoshop, but there’s no easy, generic way to take my bookmarks from Delicious into another bookmarking tool, or to take my Google Docs and open them in Acrobat.com.

Currently, each web application is like a silo: they exist on their own, and if they interoperate at all, it’s through specific links between applications that have to be individually developed. Certainly, data created in an application stays in that application; sometimes you can check your GMail address book for contacts in order to find existing friends on a service you’ve just signed up to, for example, but it’s rare that you can actually export data fully into another product. As many of these services are free, a significant portion of their business models revolve around being able to control user-contributed data, keep users coming back, and sell user-generated activity data for marketing purposes. (One has to question whether the market for personal details will continue to be profitable, or whether, like the web advertising market before it, it will saturate and crash.)

In a social networking tool, the site model means that your contacts, the information you share and any detailed access permissions all relate solely to the application they were created in. However, collaborative spaces in social web applications are like documents: they’re one of the currencies of the social web. Just as I need to be able to use my wordprocessor of choice to edit a document, I need to be able to use my social tool of choice to collaborate with others.

Turning the model upside down

Right now, we have to register with each application we want to use. What if we required each application we used to register with us, in digital identities under our own control?

What if, using these identities, anyone could connect to anyone else, and anyone could store their data anywhere as long as the storage provider followed the same broad standards?

The web itself would become a social networking tool.

This is far more flexible, and future-proof:

• Your ability to collaborate is not subject to a single company’s success: social functionality and application infrastructure are inherent in the web itself
• The possibilities for collaboration are not subject to technology beyond common open standards, which can evolve
• A wider range of application possibilities is ensured, because web applications gain the ability to interoperate in a general way
• Privacy and user control are established by allowing a person to determine which application has access to which data

By establishing a general standard for social application interactions, the services and technologies used to make connections become less relevant; the Internet is people, one big social network, and users no longer have to worry about how they connect. We can all get on with communicating and collaborating rather than worrying about where we connect.

User-centered identities

Under this model, providing the software that hosts your digital identity becomes big business. This hasn’t gone unnoticed by the main service providers, and they’re already fiercely competing to be your identity on the web:

• Facebook wants your central identity to be a Facebook account (and arguably have made the user-centric model for the web part of their strategy for a very long time)
• Google wants it to be a Google account
• Twitter wants it to be a Twitter account
• Microsoft wants it to be a Live ID
• OpenID want it to be any OpenID-capable URL

Because I use all of these services, the result is a very complicated identity space. These are a subset of my profiles:

• facebook.com/ben.werdmuller
• google.com/profiles/benwerd
• twitter.com/benwerd
• profiles.yahoo.com/u/4IZCH2K6PEV775MICYR3DXMAMQ
• benwerd@gmail.com [my Microsoft ID, ironically]
• benwerd.com [my OpenID]

For identities to be usable as a generic standard, you should be able to use any of these – or all of them. Nobody has just one facet (or persona) comprising their identity; everyone has a collection, representing the different parts of their lives. Ben Werdmuller the web strategist for hire doesn’t need to be connected to Ben Werdmuller the Doctor Who fan, who in turn doesn’t need to be connected to the Oxford resident. They can be connected if I choose to make them, but separating parts of your life is part of a user’s control over their identity.

However, that needs to be context-specific, not application-specific. Currently, for example, my Facebook account tends to be personal, while my Twitter tends to be professional. That doesn’t make sense: in order to write personally on Twitter, I either have to accept the collision of those two parts of my life, or I need to create an entirely separate, fragmented Twitter account. Wouldn’t it be better to be able to control who sees which interactions, and choose tools based on the functionality they add to a conversation? Otherwise you have the situation I present above: one identity per communication context per application. That will quickly become unmanageable, and the web will be littered with dead profiles.

Conversely, I believe the future of the web is in atomic digital identities based on permissive, open standards, linked together as an application framework.

How do we make this work?

Problem to solve: user control

First and foremost, the framework for decentralization must be established – in other words, the actual social mesh standards that will make it possible.

Technical mechanisms need to be established for controlling access to a resource or collaborative space, which should be easy to use without removing any of the flexibility of the platform, and should allow for the maintenance of multiple personas.

Another part of access control is allowing a resource to expire gracefully. It’s important to know when to lose data: sometimes documents, resources, spaces, personas or entire identities may be transient and only required for a certain length of time. There’s no need for everything on the web to exist indefinitely; currently, rigorous indexes like Google ensure that much of it does.

Finally, the tools and standards we create must be permissive of goals, content and structure that we might not have thought of. There certainly doesn’t need to be an overarching structure or taxonomy between individual identity spaces, and constraining the technology to a rigid set of activities and data types would limit the scope of the platform.

Problem to solve: ownership

Existing web applications tend to have a single-ownership model for resources. However, Silona Bonewald rightly pointed out to me that this isn’t always the case, and in a free-flowing social mesh, multiple ownership needs to be represented. For example, all collaborators on a resource should have ownership access, unless they explicitly choose to rescind that right.

In a company environment, a user’s employer may have shared ownership (or full ownership, with author access available to the employee). The same may be true with students in a university environment. On sites like Facebook, the service owner may in reality have some ownership rights over the content.

How can we maintain this granularity, but also retain user control?

Problem to solve: privacy & transparency

There is a very public attitude of "when you put something online, it’s published" in some parts of the software development community, which is a useful concept that gives developers carte blanche to share data freely. In a fully user-controlled environment, this public-or-completely-private binary situation can no longer be the case; a resource may have been published to a few select people. Ignoring this trait disallows the platform’s use in important environments like enterprises or public bodies.

When you sign up to a service, you agree to that service’s terms and conditions and privacy policy. However, your data may be farmed out to a collection of other, secondary services via APIs, without your knowledge or consent.

An important aspect of user control is knowing how your data is used and where it is transmitted by the applications you use, so I propose a simple, human-identifiable and machine-readable mark that:

1. Applies permissions to how my data can be used by applications (like Creative Commons does for shared content)
2. Tells you in a visual way what happens to your data when you visit a site
3. Incorporates multi-ownership

It may be that these issues are addressed within the terms and conditions of a service. However, it’s very unlikely that a user will actually read the full contract. Therefore, a simple graphic icon with a link to a plain-English description, with an underlying microformat for machine-readable use, would be a welcome addition to the user experience. As the web becomes more mesh-like and data moves around more freely, conveying what happens to data owned by less-technical end users will become more and more important.

Problem to solve: platform

Finally, while it’s great having a conversation about this, these ideas aren’t useful to anyone unless someone goes ahead and builds it.

There are some existing projects and thinkers who are on these tracks:

• The Diso Project is turning the WordPress open source blogging tool into a decentralized digital identity through an array of open standards, and the project’s Chris Messina has a lot of wise things to say about its development.
• Laconi.ca is a decentralized microblogging platform, whose Open Microblogging standard may be adaptable into a more widely-scoped technology.
• The Open Stack is a set of developing technologies that address some of the issues.
• Marc Canter’s Open Mesh treatise goes into detail on many of the issues.

All of these are important contributions that strongly address some of the issues; however, we’re still a long way away from the vision of an open, social web.

Conclusion

I believe strongly, for the reasons stated above, that a decentralized, user-centered model for the web is the best way to advance it as an application platform.

Needless to say, I have my own ideas about how to actually build the platform, based on my Making the most of the web principles. However, it has to be a collaborative process: there’s no sense in building an open collaborative standard by yourself. My main concern is that the platform is created and works in an open, lightweight, flexible, easy-to-develop-for way while remaining secure and yielding control to the main user. The result will be an entirely new kind of platform, and presents a unique opportunity for anyone who wants to jump on board.

Images:

• WOW! My 1000 Friends by Cavin was released under a CC Attribution Generic 2.0 License
• Lonely Tree by Jule Berlin was released under a CC Attribution Generic 2.0 License
• Logo 2.0 part II by Stabilo Boss was released under a CC Attribution-Noncommercial-Share Alike 2.0 Generic License
• Upside Down by Johnny Jet was released under a CC Attribution Generic 2.0 License
• Pro Control 24 by Aud1073cH was released under a CC Attribution-Share Alike Generic 2.0 License

Related entries

• Social networking: beyond the silo (1)
• The Internet is People (3)
• User control on the open web (9)

It seems like the shift in innovation in social tools has gone from developing new and interesting technologies to developing interesting models that happen to use technologies. This is a big step, and in some ways represents the space coming of age. There’s still plenty of technological development and innovation to do, but the platform and concepts are at a point where they can be adapted into all manner of social collaborative spaces, business tools, social experiments, games, art projects, and combinations of those things. It’s becoming a very exciting field to work in.

That said, some adaptation needs to happen, and it’s important to realize that these ideas only work in an effective way when they’re made relevant to the outside world. The social web is extremely political: it imposes an opinion about how the world should be open and social, democratic and centered on individual preferences, but ironically doesn’t allow for differences in that point of view. That makes it very hard for late adopters, enterprises, governments and public organizations to feel the benefit.

Over on Persona Prime, Silona makes this point about technology-inspired government transparency:

Where is the change management?  We are doing some big stuff here and we are poised to make serious mistakes and I see no prelim work being done to prevent this.  Where are the best practices in open govt documents?  All I see are “I want” lists.  I have not seen us doing anything serious to ally [the fears of people who might be wary of transparency].

It would be cool if every Fortune 500 company wanted to be on Twitter, but the reality is that they don’t, and often for very legitimate reasons. If what we’re doing is establishing a new, global, decentralized way to create, share, disseminate and discover information, then we have to take into account the differences in all the decentralized nodes. Embracing different corporate cultures, and different opinions on how communication should be, is part of that. Compromising and addressing the fears of companies and late adopters will build a larger userbase for all our tools, and make the platform much more useful in the long run.

Related entries

• For your consideration at SXSW Interactive (1)
• Direct messaging in a social web architecture (3)
• Activity Streams and OAuth: a social web architecture (3)

Yesterday, the BBC announced that they were using an open source framework called Hemlock in order to provide real-time web games on their Childrens’ site. Hemlock’s interfaces are built in Flash, but the real-time aspect is powered by XMPP. Developer Ron DeVera explained why over on the Hemlock blog:

XMPP is commonly used to enable chatrooms, like Gtalk or Facebook Chat. However, instead of just sending text, Hemlock lets you send all kinds of data at the speed of instant messaging. Even better, XMPP is designed to scale up and send data to many people at once, so you can push that data to multiple people in real-time.

In other words, it’s perfect for real-time applications on the web.

Traditionally, live web applications have used a development methodology called AJAX, which stands for Asynchronous Javascript And XML. In order to provide the illusion of a real-time application, the web browser needs to continue to ask the server if there’s any new data to ask, via a new AJAX request – which is a waste of bandwidth and resources both on the user and server side. XMPP, on the other hand, pings the client software whenever there’s new data.

Servers already need software to host and process dynamic web pages, as well as a database server to handle most types of user data. To use XMPP, you need to add an XMPP server to the mix – something that in the past was more fiddly than most people were willing to play with. However, times have changed, and ejabberd is free, open source and easy to install on Windows, Mac OS X and Linux servers. (I’m still at the early stages of playing with it; I’ll let you know how I get on.)

The XMPP community is still very small compared to the wider web, but developments like Wave and Hemlock should accelerate growth and interest in it. There are some interesting projects springing up, and lots of libraries available for XMPP development; XMPP programming is a skill developers should get in on now, before it really heats up.

Related entries

• Write real-time web applications with XMPP, PHP, and JavaScript (0)
• Social networking: beyond the silo (1)
• Google Wave is exciting and transformative (3)