Simon St. Laurent

Simon St. Laurent is a web developer, network administrator, computer book author, and XML troublemaker living in Ithaca, NY. His books include XML: A Primer, XML Elements of Style, Cookies, Office 2003 XML, and the XML Pocket Reference. You can find his writing on everything from technology to Quakerism to life in Dryden to gardening to New York State politics aggregated at

Keep me safe

Security is at the heart of the web.

Locks image: CC BY 2.0 Mike Baird  via Flickr

We want to share. We want to buy. We want help. We want to talk.

At the end of the day, though, we want to be able to go to sleep without worrying that all of those great conversations on the open web will endanger the rest of what we do.

Making the web work has always been a balancing act between enabling and forbidding, remembering and forgetting, and public and private. Managing identity, security, and privacy has always been complicated, both because of the challenges in each of those pieces and the tensions among them.

Complicating things further, the web has succeeded in large part because people — myself included — have been willing to lock their paranoias away so long as nothing too terrible happened.

I talked for years about expecting that the NSA was reading all my correspondence, but finding out that yes, indeed they were filtering pretty much everything, opened the door to a whole new set of conversations and concerns about what happens to my information. I made my home address readily available in an IETF RFC document years ago​. In an age of doxxing and SWATting, I wonder whether I was smart to do that. As the costs move from my imagination to reality, it’s harder to keep the door to my paranoia closed. Read more…


Power of the platforms

Uncertainty is a feature, not a bug.

Image: CC BY 2.0 NASA's Earth Observatory via Wikimedia Commons

After decades of work on programming, we finally got a development environment with massive reach and tremendous power. Somehow, though, the web isn’t centered on a comprehensive programming environment. The web succeeded with a (severely) lowest-common denominator, specification-driven approach that let it grow with time, technology, and multiple communities, across multiple platforms.

Almost two decades ago, I was all excited about Java. Write applets once, run anywhere, with libraries to make sure it all came out the same wherever anywhere might be. Java is still a powerhouse, but it all worked out differently than I expected. Even in Java’s early years, before the Java news was filled with security bulletins, applets felt like a strange mix with their surrounding web pages. Creating an applet demanded programmers to build every detail. Even with Java’s ever-improving libraries, creating a Java applet that did much was an intense experience focused on programming.

Java wasn’t the only comprehensive way to build web apps, of course. Flash demanded programming, but its values always incorporated design, action, and well, flash, in ways that meshed well with the way people built sites. Flash kept growing and growing before its ecosystem took a fatal hit from the iPhone as HTML5 offered replacements for some of its key strengths. I mostly notice Flash these days because it asks me to update it regularly and because pages tell me when it’s crashed.

Compared to either of those rich environments, web technology is a tangled mess. The early web was functional but unstyled, with no behavior beyond navigating among pages. That? That would dominate client-side computing? Read more…

Comment: 1

Web by default

You're using the Web even when you don't think you are.

Web by default

With the rise of native apps and the Internet of Things (IoT), you might think we’re leaving the Web behind.

We’re not. The Web continues to be the easiest way for developers to connect people and computers. Whether you think you’re “on the Web” or not, Web tools power a huge chunk of communications and a vast number of interfaces. While HTML, CSS, and JavaScript are common, even in installable apps, even native apps and back-end systems use JSON, HTTP, and Web services to communicate. IoT devices may not always use those protocols directly, but many of them have a Web interface lurking somewhere.

Other languages and approaches absolutely have their place, especially in the many environments where constraints matter more than connection, but the Web core is everywhere: in your phone, your apps, the kiosks you find in stores and museums. It lurks invisibly on corporate networks helping databases and messaging systems communicate.

That enormous set of Web-related possibilities includes more than a set of technologies, though. Tools and techniques are great, but applying them yields a richer set of sometimes happy and sometimes controversial conversations.

I’ll be exploring a core set of nine key themes over the next few months, but I’ve started with brief explanations below. These short tellings set the stage for deeper explorations of the Web’s potential for changing both computing and the broader world, as well as what you need to learn to join the fun.

Those pieces digging deeper will appear on this site, but you can also stay in the loop on our latest analysis and coverage through our weekly Web Platform newsletter.

Read more…


Programming in concert mode

Andrew Sorensen's cyberphysical music-making demonstrated programming real-time systems in real time.

Music and programming share deep mathematical roots, but have very different senses of “performance”. At OSCON, Andrew Sorensen reunited those two branches to give a live “concert” performance as a keynote. Sorensen brought his decade of “live coding musical concerts in front of an audience” to a real-time demonstration of Extempore, “a systems programming language designed to support the programming of real-time systems in real time”:

“Extempore is designed to support a style of programming dubbed ‘cyberphysical’ programming. Cyberphysical programming supports the notion of a human programmer operating as an active agent in a real-time distributed network of environmentally aware systems.”

Read more…

Comments: 2

Your money or your life

Microsoft, Google and pushing business models too far.

Photo by Didier, used under a Creative Commons license.I know it’s hard to run a large company. I know that organizations can get too deep into their own visions to imagine conflicting values.

I realized yesterday, though, that:

  • Microsoft ruined their brand for me by holding too tightly to things that they considered theirs. (Software.)
  • Google is ruining their brand for me by holding too tightly to things that I consider mine. (Identity, everything they can possibly learn about me.)

It’s a weird difference, but the Google version makes me much sadder about the world. As I’d tell a mugger, “You can have my wallet, just don’t take me.”

Photo by Didier, used under a Creative Commons license.


It’s the end of the web as we knew it

You might feel fine.

For the past 15 years, Google has enforced the classic “HTML as foundation” architecture at the heart of the Web. Content creators and the developers who support them had to present content and link information as part of their pages’ HTML if they wanted Google’s spidering bots to see them. Google effectively punished developers who made links or content available only through JavaScript (or images, or CSS), giving them low or non-existent search results.

Google did this to keep their processing simple, not because of a deep fondness for HTML. Even as Google’s bots stuck to a simple diet of HTML, other parts of Google were developing JavaScript-centric approaches, like AngularJS: a “Superheroic JavaScript MVW Framework” that “is what HTML would have been, had it been designed for building web-apps.”

Angular is far from alone. As JavaScript grew, more and more programmers wanted to build their apps as programs, not as pages. Or, as Jen Simmons summarized it at Fluent, “Dang that stupid HTML, I’m just going to load an empty page… then I’ll run the real program, I’ll run the JavaScript.” Read more…


Applying design values to programming

Can we create more vibrant intersections?

Design by connection by Dave Gray, on FlickrFor the past two decades, the web has been a vibrant intersection of design and programming, a place where practices from art and engineering both apply. Though I’ve spent my career on the programming side – you don’t really want to see the things I design – I’ve loved the time I’ve spent working with designers.

Much of that time was frustrating, because I was frequently stuck telling designers that no, 1990s HTML couldn’t produce page layouts like QuarkXPress. The medium was different, with its own complications. However, as designers became familiar with the web, and found new ways to apply it, the conversations became richer and richer. Front-end web development became an amazing place where designers and technicians could work (and sometimes curse) together. Read more…


Who holds your keys?

DRM makes a mash of security and privacy.

Put your books, movies, and music on a gleaming shelf. Close the door to keep the dust off. Lock the door, so no one can take it, and hand me the key. I’ll let you have the key when you need it, if you promise not to share these with anyone else.

I might keep track of when you borrow the keys, and what you check in and out. You understand, of course, that it’s just data I need to collect and aggregate to keep my costs down, right? I wouldn’t want to have to charge you very much for my key-keeping service.

It’s the Deal of the Century!

Or at least it will be if some kinds of content publishers and distributors get their way. Terrified by the sudden collapse in the cost of duplication and distribution, locking everyone’s shelves down seems like the only way to maintain their balance (sheets). Worse, products from beyond publishing are appearing with the new key-management practices built in, including cars, coffee, and of course printer cartridges.

Read more…


Just fork it

Making forking the norm

Brian Kardell (вкαя∂εℓℓ)tweeted:

Kip Hamptonreplied:

Free and Open Source software licenses make forking legal. Git makes forking easy. GitHub makes it easy to fork sociably. Can we just make this normal?

The most visible recent fork – LibreSSL‘s blunt forking of OpenSSL – was widely reported as conflict. It’s certainly not a polite break, but the OpenSSL’s Apache-style license means it’s legal.

Meanwhile, in a reminder that specifications can fork too, Ian Hickson put his objections to the W3C forking a WHATWG spec on www-archive to make sure his complaints of plagiarism would be part of the permanent record. WHATWG specs are licensed CC0, so once again, it’s legal.

It seems to be a common pattern to want to grant rights, but only want other people to use those rights if they acknowledge our control. (I sometimes have similar tendencies, granted.) We hope that people will contribute to our works while recognizing our power and our ownership over those works. Even the fact that we have to choose licenses at the start of a project gives us a sense of ownership and control, often hiding the (excellent) lack of control that comes once those licenses are applied.

Read more…

Comments: 3

Fun, functional, and teachable?

Can Elixir bring functional programming to a much wider audience?

I was delighted to talk with Dave Thomas, co-founder of the The Pragmatic Programmers and author of their in-progress Programming Elixir. I’m writing Introducing Elixir for O’Reilly, and we both seem to be enjoying the progress of the language. Read more…