Yesterday, I posted some commentary on Tim O’Reilly’s take on the web as an application platform, and agreed that Microsoft championing the open web would be a very smart strategy for them.

Previously, I’d talked about the issues with cloud computing at the moment, and how an iPhone App Store approach to web applications would dramatically increase security and ease-of-use, and therefore the whole experience:

What if we could fix all of these things at once? Enterprises, organizations and individuals could have their own, more secure environment that would allow them to use the cloud applications they needed with fewer security risks, while enjoying the ease-of-use and immediacy that the cloud provides.

[…] Imagine if you could get your own server environment that was as easy to use as the iPhone.

Windows Azure is that product, built on their web platform infrastructure. Jorge Escobar took a look:

It picked my interest. A Web Platform Installer? Microsoft doing PHP?

I went to the URL provided and I was blown away with the concept behind this application. Basically Windows has introduced point-and-click cloud computing for the masses and it’s doing it in a way that resembles the iPhone application directory but for web applications.

The app gallery is available to browse today, and includes well known applications like WordPress, Moodle and SugarCRM. They also have a product, the Web Platform Installer, available right now, which allows you to use these apps and easily set up a web environment on your own computer or server. Windows Azure will use the same model, but without the need for your own server: the applications will install seamlessly into the cloud. Personal users get their own cloud application space; enterprise users get to use their own infrastructure for extra security. This is where Microsoft’s going, and it’s very clever indeed.

Tim O’Reilly has a great piece up on Radar:

If you’ve followed my thinking about Web 2.0 from the beginning, you know that I believe we are engaged in a long term project to build an internet operating system. (Check out the program for the first O’Reilly Emerging Technology Conference in 2002 (pdf).) In my talks over the years, I’ve argued that there are two models of operating system, which I have characterized as "One Ring to Rule Them All" and "Small Pieces Loosely Joined," with the latter represented by a routing map of the Internet.

This is exactly it (although for technical accuracy, I prefer the term “application platform” to “operating system”). The “one ring to rule them all” approach is the game being played by companies like Facebook and Google. “Small pieces loosely joined” is the open approach, which seeks to create an Internet application platform that isn’t reliant on any one service provider – much like most of the rest of the Internet works today. (Anyone can run an email server, for example, without having to hook up to a central email provider.) I strongly believe that this second approach is the only one that can ensure a secure future for the web.

The full article is worth a read. Most intriguing, for me, is Tim’s postscript:

P.S. One prediction: Microsoft will emerge as a champion of the open web platform, supporting interoperable web services from many independent players, much as IBM emerged as the leading enterprise backer of Linux.

I had a conversation yesterday with someone related to Microsoft which suggests that this isn’t the case. Nonetheless, it’s a genius strategy, and I hope someone up there in MicrosoftLand is listening. (And hey, Microsoft, if that’s what you’re up to – I want in.)

Google was an advertising company.

Back in 2005, Daring Fireball’s John Gruber described Google’s business as follows:

Judged by their profits, Google is an advertising company. They don’t profit from search, they don’t profit from software. They profit by selling ads. This isn’t to belittle them — I think Google is a terrific company, and they are profiting handsomely from ad revenue ($369 million last quarter). […] If Google has a platform, it’s an advertising platform, not a developer platform. I’m not even saying Google should have a developer platform — I’m just saying they don’t.

Fast forward to 2009, and Internet advertising is beginning to fail, declining slightly during the first half of the year. Sites like TechCrunch were quick to herald its demise with articles like Why Advertising Is Failing On The Internet, which declared:

My basic premise is that the internet is not replacing advertising but shattering it, and all the king’s horses, all the king’s men, and all the creative talent of Madison Avenue cannot put it together again.

It’s become clear that for a lot of purposes, advertising is not a viable or useful business model. Although it may still be suitable for very high-volume, mass-market sites and applications, it’s almost impossible to make money through advertising with niche or specialized content in most areas. (Some areas, like real estate, remain relatively lucrative.) Additionally, targeted ads require the advertising software to track your activity and store data about you, which more consumers are becoming concerned about. And perhaps most importantly of all, nobody actually wants to see ads – and advertisers are having to become more creative and invasive in order to compensate.

Similarly, if you want to make headway in the enterprise or educational spaces, targeted ads are inappropriate or impossible, for legal and policy reasons. For publicly-funded organizations like educational institutions, allowing commercial companies to track users is an ethical nightmare. For private enterprise, the data collection required for ad targeting is unacceptable, and the visual presence of advertising threatens their brands.

However, they are willing to pay for software, to the tune of $222.6 billion worldwide.

Boldly going to the enterprise & paid software.

The web is fast becoming a viable platform for applications: rather than visiting websites, we are increasingly using applications that happen to use the web as an interface. Google is at the forefront of this change.

On November 11, Google announced SPDY, an “embrace and extend” version of the HTTP protocol that underpins the web (it’s how browsers and web servers talk to each other). This new version has numerous tweaks that result in pages that load up to 55% faster – important if you’re trying to build responsive applications with web interfaces. Google have also been betting big on HTML 5, which extends the web’s UI infrastructure to provide support for a much richer experience without falling back on plugins like Flash. Two of the most important requirements for enterprise applications that use a web-based interface are offline capability (the ability to use the application with no Internet connection) and support for concurrent processes (allowing your web interface to perform more than one task at once). HTML 5 has both.

Google has evolved from a consumer search and advertising company, into one that provides enterprise infrastructure applications. Its plan is clearly to dominate Microsoft’s leadership and become a bona-fide software power. Recently, Microsoft has been playing catch-up, by including web-based versions of its applications in its enterprise Sharepoint intranet offering. It has also be moving against the tide by planning on offering advertising-supported versions.

Google’s CEO, Eric Schmidt, told the Garner Symposium last month why it was charging for their enterprise applications:

"Enterprise is a huge priority for the management team and me personally […] It’s the next big billion-dollar opportunity after our display (ad) business. […] We looked at ad-supported enterprise applications and decided most corporations would not be comfortable with random ads showing up on somebody’s desktop."

The web is moving away from advertising.

It’s not just Google that is moving away from a purely ad-supported, consumer strategy. Markus Witte, co-founder of the language learning portal Babbel, wrote on their blog about adjusting their business model:

Our plan, in fact, was to partially finance Babbel with advertising. We intended to provide a “freemium” product that would have a basic version that was public, while providing additional premium content for those who might want to dig deeper. But now we see this just doesn’t work. It simply is not possible to build a high-quality online learning environment while simultaneously selling ad space effectively. We tried to bring these two objectives together. But ultimately we had to accept that a business model appropriate for social networks and news services is plain wrong when applied to online education.

The numbers speak for themselves. The US paid e-learning market has been estimated to be worth $16.7 billion in 2009 and has a relatively small number of players; the US advertising revenues for the Internet as a whole were estimated to be $10.9 billion for the first half of 2009. (That’s $10.9 billion to the advertising companies, rather than the amount content and site owners see, which will be a subset of that amount.) When you run a startup company, you can either put your trust in display advertising and number of eyeballs looking at your site, or you can employ a sales team and ask for cash. Entranced by the model that Google originally promoted, Babbel tried the former, and discovered that it didn’t work; recognizing that they were a software company rather than a mass-media outlet, they then reverted to traditional business methods.

Using a centralized software service for non-core activities like language learning is probably fine. However, enterprise organizations can be uneasy about trusting software hosted by third parties (in what’s almost ubiquitously called “the Cloud”). Blog posts and photos are one thing, but it’s quite another to place your internal strategy documents, confidential discussions and financial data on servers owned by another firm with no real guarantee that they’ll remain unseen by prying eyes. It’s also insecure on a technical level: by using the Cloud, you’re outsourcing the fidelity and availability of your data. A much more preferential option would be to gain the ease of use of web applications, but store them securely on local infrastructure.

Open source software is commercial.

Later in Markus Witte’s post, he discusses some of the things that are successfully given away for free on the Internet; among them is open source.

In contrast to Open Source software and Creative Commons, where developers and authors often work for free, ad-sponsored services are designed to make money – and they do. […] But there is another, more insidious, drawback of ad-sponsoring that is less visible to the naked eye: the true customers of these ad-sponsored services are not the users but rather the advertisers. And as everywhere else, the Customer is King.

His remark about open source developers is a misconception: most open source development is done for profit. For example, over 70% of Linux kernel development is done by paid professionals, with a commercial goal in mind. This may be the basis of directly commercial activities like support; a market-based goal, for example to diminish Microsoft’s share; or it may be to ensure the longevity of the infrastructure that a company relies on. (More web servers are powered by open source than not; Netcraft reported this month that 55.33% of active websites are running Apache.) Make no mistake: open source is a business model – one that marries the free ethos of the Internet with paid commerce.

The most common open source business strategy is to use your “community edition” – the unadulterated open source software – as a loss leader that brings users to your commercial products and services. Releasing your software under an open source license theoretically means you gain a community of developers; if your software doesn’t work in a particular set of circumstances, they will often contribute back a fix for the problem. They may also contribute plugins and extra code that extends the functionality of your product. They get software that works for them (and the security that they can always use and modify the code to fit their needs); you get a wider market that you can sell commercial services to, using a wider, more solid set of functionality. Whereas, as Markus points out, the advertiser is king in ad-supported software, in open source the user is king.

Here are some examples you’ve probably heard of:

• The database software MySQL is released for free under the GNU Public License. Unusually, you’re allowed to mix and match it with software released under other open source licenses (but not closed-source software): they really want their product to spread. This is because they’ve got commercial options based on training, certification, partner agreements and consultancy services, as well as extra features for power users that aren’t available in the community product. (See the article MySQL’s Quid Pro Quo.)
• Ubuntu is a version of Linux designed with ease of use in mind; it riffs on the interfaces of operating systems like Microsoft Windows and Mac OS X. Canonical, the company behind it, make money through extensive commercial support and partner services. The partner ecosystem is their main bread and butter; the more companies pay, the better access they get to the core Ubuntu team and project strategy, marketing materials, rights to use Ubuntu branding and so on. In turn, those things help the partner companies earn more through their downstream Ubuntu services.
• Android is an open source operating system sponsored by Google. Although it’s mostly been used on mobile phones so far, it can actually run on a much wider range of devices; Android-powered netbooks are beginning to appear. This has the benefit of holding back Microsoft’s market share – Google is positioning its application suite, which is paid software, against Microsoft Office. (Windows 7 is said to run well on netbooks, and Google will soon have two open source netbook operating systems out: Android and Chrome OS.) There is also a directly commercial component: although Android is open source, it has direct links to Google’s consumer applications like Gmail and Calendar. Those applications, both within Android and on the web, are not open source, and must be licensed.

There are many more. Check out Network World’s list of 10 open source companies to watch, and note that one thing links them: they are all providing services aimed at the business market.

Charging for web-based software.

Google and Microsoft have both demonstrated that the market is ready for web-based business software: products that have the benefits of the web (you can access it from anywhere, on any compatible device) but are designed with the needs of enterprise organizations in mind. It must be secure, have the ability to be installed on an organization’s own infrastructure, and have a solid business model that ensures longevity of the product.

I also strongly believe that an open source development and licensing model, when coupled with a strong commercial strategy from the outset, is a great way to build a product’s feature set, userbase and reputation on the kinds of budgets that web startups are used to. It also makes it easily available to students, as well as a vast talent pool in places where buying software at western license prices is a trickier proposition; two groups that can be invaluable for promotion, feedback and involvement.

Finally, the commercial open source model for web-based applications allows you to easily create an ecosystem: if you create a compelling application that really does have a solid business model, other companies will be very interested in taking a cut. The more people who have an interest in your product succeeding, the better. If you give them a solid commercial reason to invest upstream, and create a great product that makes end-users’ lives easier, everyone wins.

In response to recent events, I’d like to propose a different kind of web service that overcomes the privacy and reliability issues with cloud web applications, while providing a solid business model for both application developers and service providers, as well as a seamless, easy-to-use experience for end users.

The T-Mobile storm

Over the weekend there’s been a storm surrounding the T-Mobile Sidekick, which is produced by Microsoft’s Danger subsidiary. It turns out the device stores the primary copy of data like calendar and address book information in the cloud rather than on each device; perhaps a fair proposition if you knew you could trust Microsoft’s servers. Unfortunately, said servers went down last week, and Microsoft didn’t have a working backup. Sidekick users suddenly found themselves without their personal information.

Is cloud computing safe?

Understandably, this has sparked a wider conversation about computing in the cloud. AppleInsider summed it up:

More immediate types of cloud services take away users’ control in managing their own data.

While Ina Fried over at CNet noted:

The Danger outage comes just a month before Microsoft is expected to launch its operating system in the cloud–Windows Azure. That announcement is expected at November’s Professional Developer Conference. One of the characteristics of Azure is that programs written for it can be run only via Microsoft’s data centers and not on a company’s own servers.

The issues surrounding cloud computing have been discussed for a while, and aren’t limited to these sorts of accidents; here’s a post I wrote in 2007 about the rights we ought to have over our cloud data. Partially because of the risks involved, and the risk of leaky data, some kinds of organizations and enterprises simply can’t use cloud computing services. (In the UK, for example, check out the requirements imposed by the Data Protection Act.) At the same time, the Sidekick debacle shows there are clear risks to end-user consumers too.

Despite this, the benefits of cloud computing are obvious, particularly for the organizations that can’t use them: device-independent applications and data we can access and use from anywhere.

Can we have the best of both worlds?

The personal computing model is relatively secure: you install applications on your computer, and they sit on your local hard drive, along with your data. Assuming there hasn’t been a security breach, or you haven’t explicitly provided access to your data over a network or through a direct action like emailing it, it’s safe.

On the other hand, because your applications and data are locked away on your hard drive, you generally have to have direct access to it in order to use them. There are remote desktop solutions like VNC, but these are clunky and fairly useless over a low bandwidth connection.

Web applications that store their data in the cloud overcome this obstacle, but lose the security of sitting on your own computer.

What if there was a halfway house between these two situations?

The personal web server that works

Theoretically, anyone can run their own web server, right now, that allows them to install web applications in a more secure, controlled environment and access them from anywhere. But there are some very good reasons why they don’t:

• You need system administrator skills, usually on top of Linux skills, to do it.
• Web applications – even relatively easy-to-install ones like WordPress or Elgg – are fiddly. There are configuration files, directory permissions and (potentially) source repositories to contend with.
• The web applications you can install on your own server are often not as good as the ones you can get in the cloud.
• When something breaks, it’s your own responsibility to fix it.
• Servers are expensive.

What if we could fix all of these things at once? Enterprises, organizations and individuals could have their own, more secure environment that would allow them to use the cloud applications they needed with fewer security risks, while enjoying the ease-of-use and immediacy that the cloud provides.

One of the reasons everyone’s leaping to copy the iPhone’s app store business model is that it just works. Sure, you’re forced to delegate root control of the phone to iTunes, and the operating system places some seemingly arbitrary restrictions on what applications can and can’t do. But the handset works, and installing software is easier than on any other platform. The truth is, most ordinary users don’t care about those restrictions. Hell, I’m a computer scientist software developer entrepreneur power user, and I’m just happy the thing works. (Context: my previous phone ran Windows Mobile, which doesn’t.)

Imagine if you could get your own server environment that was as easy to use as the iPhone. It would look something like this:

Front end & business model

• You sign up for the service, possibly for a small monthly fee, possibly for free (depending on the service provider). Alternatively, if you’re more technical / an enterprise / an organization, you install it on your own infrastructure. The platform is available for free and could be open source.
• From a secure web-based admin panel, you can add and remove users (although the platform optionally also supports Active Directory and similar standards, as well as OpenID), and install / uninstall applications from a centralized app store with the usual features: ratings, search, similar apps, etc. Installation is one-click, and upgrades are similarly seamless. (That WordPress “what, I have to upgrade again?” problem: solved.)
• Much like the iTunes app store, applications may be free, or may cost a small amount. Applications may impose licensing restrictions based on number of users: for example, the app costs $4.99 for up to 5 users, $19.99 for up to 25, etc.
• As with the iTunes app store, the application store provider takes a cut – and so does the service provider. This creates a strong incentive for multiple vendors to provide hosted services for little cost. It also effectively creates a discount for enterprise, organizational and technical users, who can bypass a service provider. The payment to the web application developer also, for the first time, creates a solid commercial marketplace for high quality web application products, while the free option allows open source vendors to distribute as normal.

Technology

• Behind the scenes, the server runs existing open source technology: Apache, Tomcat, PHP, Perl, Python, Ruby on Rails, MySQL, Postgres, etc. However, there are restrictions on how applications must be structured, behave and share their data. This allows the one-click install and upgrades to function correctly. Importantly, though, users of the system need never worry about the underlying framework.
• The platform has a central data store that all applications may access via an API. This data store is fully exportable, allowing (for example) a datastore stored with a service provider to be moved to an internal setup as an organization expands. As with the iTunes app store, applications are linked to a store account rather than a physical machine, so the application licenses are portable too.

Of course, this wouldn’t replace standard web servers. What it does provide, however, is a simple cloud operating system that simultaneously works in a more secure, dependable way than existing services, would be more acceptable to many organizational users, and provides a genuine business model for web application developers.

The web is now an end user application platform, but still behaves like a lightweight document store. To obtain the level of software customization we all enjoy on our home PCs, a much higher level of technical competence is required. I strongly believe that this situation must change for the web to be a viable commercial application framework.

In advance of the announcement later today, I Started Something have uncovered videos about the new Microsoft Office suite.

Microsoft Office turns to the web

As anticipated, Office 2010 includes web-based versions of applications contained in the suite. These don’t have the complete feature set, but are designed so that company employees can create and make changes to documents (including Word documents, Excel spreadsheets and Powerpoint presentations) on the road.

Web applications: now running in the enterprise

Centralized cloud applications have a difficult time gaining traction in most enterprise environments, and Microsoft have wisely taken note of this: it appears that the web-based versions are installed as part of Sharepoint. By doing this, they’ve allowed organizations to keep tight control of their data, as well as legitimizing web-based applications in the enterprise and revitalizing Sharepoint as an organizational product. In other words this is big news, with sweeping implications across the entire software industry.

Open standards must work for everyone

This is another reason why all open web standards must be browser agnostic. I always argue hard for a transparent browser: one that contains support for web standards, but doesn’t carry any extra baggage for any specific purpose. As web applications move into the enterprise, it’s important that a standard that works on a souped-up Firefox or Chrome browser also works great in Internet Explorer. By integrating web applications into Sharepoint, Microsoft are actually leading the industry, and have made themselves relevant on the web again. In doing so, they’ve opened up an important market, and that can’t be ignored.

Here’s a video introduction (although it keeps going down for me): See What’s New in Microsoft Web Applications 2010.