Liminal Existence

In-Reply-To: Let’s Implement the Open Pile! It’ll Be Great! by Johannes Ernst.

You’re absolutely right. Try, as a new commenter, to leave a comment on your blog. Seriously. It’s horrendous. Here’s my approach:

Act 1: First, I saw the WordPress logo. So I tried to enter my WordPress username and password. Oops, I guess I shouldn’t have told you that, since now you can dig into your logs and pretend to be me on WordPress.com hosted blogs. When that didn’t work, I thought, well, maybe I’ve forgotten my login info. So, I tried a few other options, none of which worked. I guess you could probably log into a few more sites as me now, assuming you’ve been keeping careful logs…

Act 2: Giving up on the username / password option, but not wanting to go through the login dance for what was now clearly “just your blog,” I tried to use my OpenID login, for which Google has chosen a not-totally-unreasonable URL: http://google.com/profiles/romeda - but, of course, that didn’t work. So I tried again, this time using my experience as a web developer to change the URL to http://www.google.com/profiles/romeda, just in case http://www.google.com was returning something more useful than google.com, or in case your OpenID library wasn’t following a redirect or something. Fail.

Act 3: Now, since I *really* wanted to leave a comment on your blog, I clicked the dreaded ‘register’ button. And, to my delight, I saw that it wanted a username and an email address. Right, because I’m going to remember my username for the WordPress install at netmesh.info/jernst. Ha! Thankfully, I got my first choice. I guess the kids haven’t started lining up around the block…

Act 4: Being a good piece of software, WordPress did not ask for my password. So, off I go to my inbox to retrieve the password, which thankfully is sitting right there. It’s a horrendous mess (‘*QOj9rc8D$%X’ fwiw) and Chrome doesn’t like the idea of neatly selecting it, because it’s not really a word, y’know? I manage nevertheless, and go back to the other tab (whatever did we do before tabs?!).

Act 5: Now I enter my password, eager to make my blog post. Click enter, and *bam*, I’m pushed face-first into my brand-new netmesh.info/jernst WordPress profile page. W00t!

Wait.

Oh, right. I was trying to make a blog post.

Act 6: So, back I go to netmesh.info to find the post that I wanted to comment on. No, wait, wrong page. Rewind. Back I got to netmesh.info/jernst to find the post that I wanted to comment on. The post footer says I’m logged in as romeda (oh, wait, I guess I didn’t get my first choice - why did I use ‘romeda’ instead of ‘blaine’? D’Oh!), so I click on the textarea, and away I go!

Now, Umm, What was I going to say?

Oh, yeah:

Facebook Connect is the best experience for both parties, because chances are the commenter has a Facebook account (and if they don’t, do you really want to hear from them?) so that’s good for the site, and it’s really just one click on that pretty blue Facebook Connect button and then one click to approve the connection (nevermind the privacy implications, pshaw), so that’s great for the user.

But that only works if you trust Facebook. You Dumb Fuck.

So, if you’re like me, and try not to be a Dumb Fuck, you should just skip all the bullshit and use email addresses. That do automagical discovery, thanks to Webfinger. Which is a shitty name, but do you have a better idea? (no really, if you do, PLEASE tell me) Tantek’s called it RelMeAuth; I think we should forgo HTTP URLs altogether for this, simplify, simplify, simplify, and just use email addresses. Whatever happens under the covers doesn’t fucking matter one iota. You start from the user experience and then, as web developers, we make it work. Period.

So to say it again, you’re absolutely right. The Open Pile is a totally useless heap of marketing buzzwords. The only thing that matters is user experience (well, the experience of developers building this stuff matters, too, but it’s a secondary concern. We wouldn’t be in this business if we didn’t enjoy at least a little pain). Except that the Open Pile has some real gems in it, and I very much look forward to mining for them with you next week [at the IIW]!

Facebook's relentless drive away from privacy has garnered a lot of attention lately. For those of us who have been working towards building decentralised networks for some time now, the attention heaped upon Diaspora comes as no surprise. They've done a fantastic job raising the need for open alternatives to Facebook.

Matt Asay's post yesterday, Facebook has problems, Diaspora isn't one of them, argues that being free and open isn't enough. The end-user experience of social networks is what matters, he says. Because a great user experience isn't at Diaspora's heart, it's doomed to fail. His argument is persuasive and, as anyone who's ever built a user-facing application knows, it's absolutely correct.

Here's the thing: while Diaspora's aim is freedom, that doesn't mean that open alternatives to Facebook are all prioritising the same thing. The biggest challenge that Facebook is facing, above privacy, above the threat of falling out of fashion, above up-and-coming competition from Twitter or Foursquare or that-social-network-you've-never-heard-of, is this:

Facebook is building a Boat-Car.

Boat-cars seem seem like a pretty awesome idea, but the fundamental challenge of combining a sealed hull with external wheels means that boat-cars will never be able to match the performance or aesthetics of cars or boats. Pursuing the entire social market, Facebook has attempted to adapt itself to every new feature of the social web. They started out as a Friendster-alike that emphasised intentional communities, and did it well, providing elegant social utilities to university students. But since then, they've systematically bolted on features in an attempt to build a vehicle that does everything that Flickr, Twitter, Foursquare, Email and IM do, to name a few examples. Increasingly, they're trying to become a framework for the web in general so that everything a web user does is done through Facebook. Instead of offering a carefully constructed vehicle that offers amazing social experiences, they have a created a clumsy boat-car that can never truly compete with more focused sites.

What Facebook does have, fundamentally, is the social graph. Where Flickr has a careful treatment of photo sharing, Facebook has photo sharing built on an expansive substrate of communities. Where Twitter has an insane ability to capture and amplify the low-level hum of human communication, Facebook has an insane ability to execute at scale unlike anyone since Google. Where Google has an intimate understanding of the flows of data on the web, Facebook has an intimate understanding of how to keep their users engaged. Most importantly, Facebook has hundreds of millions of users, and the network effects are in full force.

While no one will ever be able to overcome Facebook's advantage on Facebook's terms, just as no one was able to defeat Microsoft on Microsoft's terms, it's downright easy to create better social experiences than Facebook's. It's easy to create better tools than Facebook's. It's also easy to imagine a better social environment than theirs. Logging into Facebook is for me like walking into a room where everyone I've ever met is standing around, talking to each-other. My bosses, my family, friends old and new, co-workers, acquaintances, everyone! It's like attending a nightmare wedding in hell.

The challenge isn't social network portability; I regularly fly all the way around the world just to reconfigure my social network and have different conversations than the ones I normally have. I'll gladly log into a different site if it means I can see just work-related conversations, or just family photos. The challenge is that the only viable place for those activities today is Facebook. Their network effects are of so much larger a magnitude than anyone else's that creating a new social site without leveraging Facebook's network is a downright crazy idea. Therein lies Facebook's weakness, and the weakness of every dominant but "closed" network.

This is where open, decentralised alternatives come in. Instead of relying on Facebook's social graph, social web tools can be built on top of the one true social network: everyone. Instead of building boat-cars — ugly tools that try to do too much — developers could focus on building the best photo sharing site in the world, or the best recipe sharing site, or the best book sharing site. In this world, if someone wants to come along and compete, they do so on features and execution, without first having to steal away all the users from the site that got there first. We'd end up with better experiences and tools instead of just dominant ones.

Facebook's tools might be the very best for right now, but it's frankly ridiculous to think that Facebook will be able to provide either the tools or even the infrastructure for the next five or ten or twenty years of development of the web. The job of serious web developers today is to ignore the siren call of Facebook, Twitter, Apple, Adobe, or any other comers that would define the parameters of the web for them, and instead build the best experiences possible. If you protest, and say that Facebook allows you to connect your users with each-other more easily than any alternative, ask yourself if Facebook's interface is the best you can imagine, or if you feel closely connected to your network on Facebook (or Twitter, or any "platform" provider), or if your network on Facebook represents all of your social interactions. If the answer isn't emphatically YES!, then it's worth your while to consider the alternatives.

Hell, if you work at Facebook and you can't emphatically answer yes to those questions, then it's worth your while to consider the alternatives. After all, if you can't beat 'em, join 'em. And trust me, you can't beat the web, because in the long term, the web isn't subject to anti-trust suits, doesn't have financial constraints, and can keep evolving until something works.

I've had this draft sitting around for a while now, but prompted by Tim's and Ben's posts on HTML5 and the web as pertains rich applications and such, herewith some thoughts based on fighting with HTML5 Apps in the context of rePublish.

Cross Domain, Already

The largest barrier to HTML5 as a viable platform is cross-domain AJAX. Full stop. If you think I'm wrong or just whining and that I should just use JSONP or CORS, go try building any of the following without relying upon a server-side component and all the privacy, cost, and maintenance issues that such a beast entails:

• A .doc editor.
• An ePub reader.
• An image editor.
• A multi-protocol IM client.
• A P2P client.

The short answer: you can't do it. Yes, there are HTML5 Offline Apps which helps in that apps can work offline until they can sync to a server, but it's not a complete answer. Solutions exist (WRT, Widgets, etc) but they're for widgets, not apps, and in any event they're not a single-serving approach. You still need to repackage your app for each new runtime environment.

If we're going to build applications that read documents in HTML5, we need cross-domain requests. JSONP doesn't cut it. CORS doesn't cut it. Downloadable applications don't need CORS headers in order to make HTML requests; why should installable HTML5 Apps be subject to this crippling restriction, based fundamentally in a stupid policy decision around cookies?

With the advent of the FileAPI, client-side development can finally read local files (though not directories or recursive paths). So there's that.

Web Protocol Handlers

Once upon a time, when faced with a link like this one: mailto:riley@example.com, the operating system or browser would do the right thing, which is to look up the application that the user has chosen to handle mailto URIs in a system registry, launch it, and create a new message addressed to riley@example.com.

Email links don't work for me across all the browsers I use, because there aren't hooks to tell browsers (or the OS) to use a web URL as the handler instead of some application in my path. This is stupid, and based entirely in technology decisions made over twenty years ago. Thinking about the future, for example, wouldn't it be awesome if Delicious or Digg could register a "share" protocol handler, so that instead of having a horrible NASCAR mess of social sharing links, we could have our browser fill in the blanks with the site we use — "share this using your preferred tool" rather than "share this with any of these tools you've never heard of."

... and Content-Type Handlers

Likewise, when clicking a link like this one: http://example.com/zipfile.zip, the browser would check the Content-Type header for a mime-type (in this case application/zip), look up the application designated to handle application/zip files, and launch it with the file in question as an argument.

There's a W3C / WhatWG proposal based on a feature added in Firefox 3 to add both protocol and content-type handlers that can be fielded by HTML5 Apps, but all you get at the other end is a URL - there's explicitly no way for your HTML5 app to do anything with the URL, because of cross domain restrictions.

Sure, you can refer your app to your server component or build a "native app" for every OS to which you'd like to deploy, but there are a whole bunch of issues that arise if you're not trying to lay your dirty hands on every bit of your users' UGC. Privacy, performance, UX, policy, bandwidth, costs; these are all non-trivial factors that are much easier to deal with in the context of client-side applications than they are in the context of a vendor-owned website.

So, Browser Developers

This is the era of platform independent client-side web apps, right? Applications that are web-native, weaving and linking and knitting the strands of information and communication together, doing so using the underlying technology of the web. Cocoa apps can't carefully represent the sorts of information flows that happen on the web, nor can Windows apps or any traditional desktop app. The conceptual advantage that working in HTML and Javascript has over so-called "native" code is immense.

But, we need tools to build these things. CSS Animations are great, Canvas is amazing, but how about some low-level tools? Mobile Safari already has the "add to home screen" button, why not add something similar to the desktop browsers? "Install this [web] application [with extra permissions]" would be an amazing boost for the web, fill in missing pieces in Tim O'Reilly's Internet Operating System, and give us some real alternatives to the multifarious app stores that lurk in every corner.

tl;dr: HTML5 Apps need cross-domain requests, protocol handlers and content-type handlers in order to be first-class citizens. Browser developers can and should make this happen, sooner than later.