Simon St. Laurent
Security is at the heart of the web.
We want to share. We want to buy. We want help. We want to talk.
At the end of the day, though, we want to be able to go to sleep without worrying that all of those great conversations on the open web will endanger the rest of what we do.
Making the web work has always been a balancing act between enabling and forbidding, remembering and forgetting, and public and private. Managing identity, security, and privacy has always been complicated, both because of the challenges in each of those pieces and the tensions among them.
Complicating things further, the web has succeeded in large part because people — myself included — have been willing to lock their paranoias away so long as nothing too terrible happened.
I talked for years about expecting that the NSA was reading all my correspondence, but finding out that yes, indeed they were filtering pretty much everything, opened the door to a whole new set of conversations and concerns about what happens to my information. I made my home address readily available in an IETF RFC document years ago. In an age of doxxing and SWATting, I wonder whether I was smart to do that. As the costs move from my imagination to reality, it’s harder to keep the door to my paranoia closed. Read more…
Uncertainty is a feature, not a bug.
After decades of work on programming, we finally got a development environment with massive reach and tremendous power. Somehow, though, the web isn’t centered on a comprehensive programming environment. The web succeeded with a (severely) lowest-common denominator, specification-driven approach that let it grow with time, technology, and multiple communities, across multiple platforms.
Almost two decades ago, I was all excited about Java. Write applets once, run anywhere, with libraries to make sure it all came out the same wherever anywhere might be. Java is still a powerhouse, but it all worked out differently than I expected. Even in Java’s early years, before the Java news was filled with security bulletins, applets felt like a strange mix with their surrounding web pages. Creating an applet demanded programmers to build every detail. Even with Java’s ever-improving libraries, creating a Java applet that did much was an intense experience focused on programming.
Java wasn’t the only comprehensive way to build web apps, of course. Flash demanded programming, but its values always incorporated design, action, and well, flash, in ways that meshed well with the way people built sites. Flash kept growing and growing before its ecosystem took a fatal hit from the iPhone as HTML5 offered replacements for some of its key strengths. I mostly notice Flash these days because it asks me to update it regularly and because pages tell me when it’s crashed.
Compared to either of those rich environments, web technology is a tangled mess. The early web was functional but unstyled, with no behavior beyond navigating among pages. That? That would dominate client-side computing? Read more…
You're using the Web even when you don't think you are.
With the rise of native apps and the Internet of Things (IoT), you might think we’re leaving the Web behind.
Other languages and approaches absolutely have their place, especially in the many environments where constraints matter more than connection, but the Web core is everywhere: in your phone, your apps, the kiosks you find in stores and museums. It lurks invisibly on corporate networks helping databases and messaging systems communicate.
That enormous set of Web-related possibilities includes more than a set of technologies, though. Tools and techniques are great, but applying them yields a richer set of sometimes happy and sometimes controversial conversations.
I’ll be exploring a core set of nine key themes over the next few months, but I’ve started with brief explanations below. These short tellings set the stage for deeper explorations of the Web’s potential for changing both computing and the broader world, as well as what you need to learn to join the fun.
Those pieces digging deeper will appear on this site, but you can also stay in the loop on our latest analysis and coverage through our weekly Web Platform newsletter.
Andrew Sorensen's cyberphysical music-making demonstrated programming real-time systems in real time.
Music and programming share deep mathematical roots, but have very different senses of “performance”. At OSCON, Andrew Sorensen reunited those two branches to give a live “concert” performance as a keynote. Sorensen brought his decade of “live coding musical concerts in front of an audience” to a real-time demonstration of Extempore, “a systems programming language designed to support the programming of real-time systems in real time”:
“Extempore is designed to support a style of programming dubbed ‘cyberphysical’ programming. Cyberphysical programming supports the notion of a human programmer operating as an active agent in a real-time distributed network of environmentally aware systems.”
Microsoft, Google and pushing business models too far.
I realized yesterday, though, that:
- Microsoft ruined their brand for me by holding too tightly to things that they considered theirs. (Software.)
- Google is ruining their brand for me by holding too tightly to things that I consider mine. (Identity, everything they can possibly learn about me.)
It’s a weird difference, but the Google version makes me much sadder about the world. As I’d tell a mugger, “You can have my wallet, just don’t take me.”
You might feel fine.
Can we create more vibrant intersections?
For the past two decades, the web has been a vibrant intersection of design and programming, a place where practices from art and engineering both apply. Though I’ve spent my career on the programming side – you don’t really want to see the things I design – I’ve loved the time I’ve spent working with designers.
Much of that time was frustrating, because I was frequently stuck telling designers that no, 1990s HTML couldn’t produce page layouts like QuarkXPress. The medium was different, with its own complications. However, as designers became familiar with the web, and found new ways to apply it, the conversations became richer and richer. Front-end web development became an amazing place where designers and technicians could work (and sometimes curse) together. Read more…
DRM makes a mash of security and privacy.
Put your books, movies, and music on a gleaming shelf. Close the door to keep the dust off. Lock the door, so no one can take it, and hand me the key. I’ll let you have the key when you need it, if you promise not to share these with anyone else.
I might keep track of when you borrow the keys, and what you check in and out. You understand, of course, that it’s just data I need to collect and aggregate to keep my costs down, right? I wouldn’t want to have to charge you very much for my key-keeping service.
It’s the Deal of the Century!
Or at least it will be if some kinds of content publishers and distributors get their way. Terrified by the sudden collapse in the cost of duplication and distribution, locking everyone’s shelves down seems like the only way to maintain their balance (sheets). Worse, products from beyond publishing are appearing with the new key-management practices built in, including cars, coffee, and of course printer cartridges.
Making forking the norm
Forking another spec: generally less than ideal. Spooning w another spec: weird. Knifing another spec: generally indicative of larger issues
— вкαя∂εℓℓ (@briankardell) April 28, 2014
— Kip Hampton (@kiphampton) April 28, 2014
Free and Open Source software licenses make forking legal. Git makes forking easy. GitHub makes it easy to fork sociably. Can we just make this normal?
Meanwhile, in a reminder that specifications can fork too, Ian Hickson put his objections to the W3C forking a WHATWG spec on www-archive to make sure his complaints of plagiarism would be part of the permanent record. WHATWG specs are licensed CC0, so once again, it’s legal.
It seems to be a common pattern to want to grant rights, but only want other people to use those rights if they acknowledge our control. (I sometimes have similar tendencies, granted.) We hope that people will contribute to our works while recognizing our power and our ownership over those works. Even the fact that we have to choose licenses at the start of a project gives us a sense of ownership and control, often hiding the (excellent) lack of control that comes once those licenses are applied.
Can Elixir bring functional programming to a much wider audience?
I was delighted to talk with Dave Thomas, co-founder of the The Pragmatic Programmers and author of their in-progress Programming Elixir. I’m writing Introducing Elixir for O’Reilly, and we both seem to be enjoying the progress of the language. Read more…