Random Precision

According to CNET, HP is diving headfirst into the Netbook market. The interesting part of the article, though, is not so much about HP, as about netbooks in general, and how they are being marketed in Europe and Asia:

It’s a dramatic increase, and the difference is all coming out of Europe, the Middle East, and Africa (EMEA), where Asus and Acer have been incredibly aggressive about their Netbooks, the Eee PC and Aspire One, respectively. Of the 10.9 million units that are estimated to ship worldwide by the end of 2008, 8.1 million will go to EMEA, says IDC.

Acer and Asus have done well in the region, as evidenced by Acer’s quick rise to the top of the portable PC market there. But they’ve been aided by local telecom companies, who are subsidizing Netbooks in exchange for a signed wireless service contract. It’s a model that in the past few months has thrived in Europe.

Dell signed up Vodafone for this kind of deal on its Netbook, the Inspiron Mini 9 in September, but HP’s mostly been on the sidelines in this regard, and representatives for the company haven’t indicated if a similar deal with wireless providers are in the works.

Wireless service contract to subsidize a Linux-based device optimized for mobile Internet access. Other than the physical size of the device, how is this different from Android (and, Linux notwithstanding, the iPhone)?

At some point in the near future, somebody is going to put Android on a netbook-class device, and the shape of the future of client computing will become clearly visible. And the day that happens is the day that Microsoft’s desktop monopoly will be truly broken.

Model-View-Controller (MVC) is a design style that dates back (as so much does) to the pioneering work of the Xerox PARC facility. The idea is that applications should be separated into:

• Model: the data that the application manipulates, and the fundamental operations it performs on that data
• View: How the application looks to the user.
• Controller: How user, view, and model interact.

(Yes, yes, I’m sure anyone who cares to can pick apart my definitions. Don’t care.)

The idea is, views change all the time (today it’s radio buttons, tomorrow it’s drop-downs), controllers change moderately (add a confirmation step, tighten up the authentication), and models hardly change at all (an accounting program isn’t going to change into an MMORPG). So isolate the fast-changing bits from the slow-changing ones. And also allow different specialties — database hackers, usability analysts, graphical designers — to put apply themselves to their own field exclusively.

How do you do that in web applications? The received wisdom of the day is:

• Model: database + ORM (e.g., Hibernate, ActiveRecord)
• View: templating language
• Controller: application framework (Struts, Spring, Rails, etc.)

In other words, do it all on the server, all in one language (which, of course, fits all purposes, because it is the One True Language). Maintain separation of concerns with iron discipline and wishful thinking.

My own view:

• Model: database + RESTful web service, delivering information in JSON
• View: Static (X)HTML/CSS
• Controller: Javascript/AJAX

The controller code can be implemented in any server-side language: Java, C#, Ruby, Python, Erlang, whatever; it just needs to be able to talk to the database and send JSON over the wire. The view can be created in an HTML/CSS environment like Dreamweaver, with no worries about whether it’s compatible with the developer toolset. And the controller logic… Well, I’ve been playing with jQuery lately, and it may shock some folks to learn that coding client-side Javascript with a good compatibility layer library is actually fun.

Dividing tasks by physical location and implementation language creates a strict separation of concerns. Server-side code does not generate HTML. Controller code does not do SQL queries. View markup contains no executable code at all: there is no template language. There is zero possibility of the parts bleeding together.

Why wouldn’t this work? Am I missing something?

Paul Ford publishes an excellent essay on intellectual property laws, and the chilling effect they have on innovation, in Learning to Fear the Semantic Web.

As a bonus, it includes this lovely turn of phrase:

I believe, as in don’t-get-him-started, that…

I will now have to use this in everyday conversation on a regular basis. Consider yourself warned.

Okay, I’m a week late hearing the news, but it seems the EcmaScript (aka JavaScript, JScript, etc.) committee has cut its losses, and settled on a less ambitious next version of the standard, ECMAScript Harmony. Packages, namespaces, and early binding are gone. Which kind of leaves Adobe with a problem, as they had started implementing a lot of the ES4 features in ActionScript for Flash/Flex.

Namespaces are, in other languages, an important means of controlling complexity by partitioning the code into well-defined pieces. Maybe it’s not so essential in Jav(ahem) EcmaScript, especially in web browsers, which account for 99% of the current use cases. I think dropping them reduces the chance that EcmaScript will break out into other domains, and I think that’s unfortunate. But I’ll admit, the technical trade-offs involved are beyond my current understanding.

I’d very much like to know how this is going to affect the Tamarin project, though.

I just got an alert from Google that my website was on a danger list, that it included a link to some malware. (It’s gone now.) Sure enough, the Yahoo post below contained an IFRAME with a reference to Ghod-knows-what. After excising that, I found some link spam buried in two other posts, pointing to a gambling site. Also gone now.

I recently upgraded to WordPress 2.5, which I understand closed a major security hole. I hope that this closed that hole, and I’ll see no more of this evil nonsense.

Fucking parasites. Pardon my Anglo-Saxon, but this crap just makes me furious. Now my page is marked as “Evil! Unclean!” in Google’s index, until they get around to reviewing it again. And it wasn’t just someone having fun punking my site; this is how hackers build their botnets, using openings like this to subvert anyone unlucky enough to read a hacked web page.

(I repeat, the offending code has been removed, and if the programmers at Automattic know what they’re doing, it won’t be back. If you’re still worried, try switching to a more secure browser… like anything other than Internet Explorer. Like this or this or this.)

Despite my earlier, skeptical thoughts on the subject, I have been following Twitter (although not contributing a lot, I’ll admit) and starting to appreciate it.

Granted, it’s yet another time sink, and I haven’t found an actual productive use for it yet. But I still marvel at how spam-free it remains so far. Since you only follow people you want to follow, you don’t hear from complete strangers. Yes, a stranger can make a message appear in your feed by including @yourname, but that’s a one-to-one channel, not the one-to-gazillions type of channel that spammers feed on. It works as a way to say ‘hi’, but not as a way to mass-market.

We do need some kind of middle ground between the new proprietary walled gardens like Facebook, and the all-you-can-spam communications channels like email and Usenet. IM isn’t quite it, it’s too much hassle to set up anything other than ad hoc one-to-one conversations. IRC seems to have some kind of karmic “Geeks Only” sign on it, it hasn’t caught on in a big way.

Twitter has about the right social model: opt-in, but make it easy to make connections; but we need to supplement the microcontent format, and an economic model that can keep the servers running as the scale gets truly massive. And finally, it should not be tied to the fortunes and whims of any one company, no matter how enlightened they may seem.

Much virtual ink has been spilled over the past day about Robert Scoble’s banishment from Facebook (temporary, it turns out) and the reasons for it, and whether he deserved it. One point of view, espoused by no less than Jeff Jarvis, is that the contents of Scoble’s Facebook address book should be kept in Facebook, not exported to a system of Scoble’s choosing. It violates one’s privacy, apparently.

This is a ludicrously naive position.

Facebook and others may say they will protect your data as if it were their own. They are lying. To some of us, this lie was transparent from the start; but if you still believed the lie after the Beacon fiasco, and stories of information leaks from even the most secure government agencies, then you are a fool.

Once you put information in Facebook, or any other website, and allow others to access it, it is out there, no take-backs. If you want it kept private, then keep it private; and putting it on the web and letting other people see it is not “keeping it private”.

Consider this: Scoble did what he did in broad daylight, blogging about it once he had permission to do so. And he did it with apparently noble intentions, willing to sacrifice his Facebook account for the cause of data portability. (At least, that’s how he presents it after the fact, though I have no reason to doubt him.) And he did it badly; his activity was detected because the Plaxo script was too fast; the simple expedient of slowing it down and adding a little randomness might have allowed him to evade detection.

Now, do you really think the Plaxo developers were the first ones to come up with this idea? Do you think maybe someone else might be doing exactly the same thing, but more quietly, more competently, and with less noble intentions? In view of that, do you really think it’s even theoretically possible for your Facebook data to remain protected?

Do not count on Facebook to do your information security for you; they can’t do it, even if they sincerely mean to. (And are you really sure they do mean to? No matter how much revenue it would cost them?) If you want privacy, you have to manage it yourself. If you don’t want your data out there, then don’t put it out there. Be judicious in what information you supply to the social network; and consider salting it with disinformation.

That, or stop caring so much about privacy: embrace the Transparent Society, learn to stop worrying and love the social. Seriously, that’s a perfectly legitimate stance; privacy is optional. Or find your own personal balance between hiding everything and revealing everything.

But don’t fool yourself into thinking that you can escape the fundamental tension between social networking and privacy.

One Revolution Per Child

The OLPC project is laudable even on the basis of its stated goals; but I think there’s more going on here. As this article describes, the OLPC device is by its nature subversive. But why assume that that subversion will only take place in the underdeveloped countries that are the ostensible market?

After all, I want one. Don’t you? And if it really will just cost $100 — or even a smidge more — that makes it almost an impulse buy, at least as gadgets go. And what will happen when thousands of these are in the hands of gadget-fans here in the US, and elsewhere in the developed world?

Revolution begins at home.

Update: the Revolution marches forward. Applications as online services (e.g., Zoho, Google Apps) dovetail nicely with this trend. I remain convinced that Google Android is yet another manifestation of this, approaching the same destination by a different route.

In this post I wondered why no one (that I knew of) had proposed using JavaScript as a server-side language, and developed tools to support it. Well, they say it steam-engines when it comes steam-engine time. A lot of other people had the same idea; and unlike me, some of them did more than just blog about it.

Googler and blogger Steve Yegge (whose keynote at OSCON I am going to miss, dammit) made a splash by porting Rails to JavaScript — specifically, the Rhino JavaScript-on-Java interpreter that is bundled with Java SE 6. He calls it “Rhino on Rails”, the clever bastard.

In an effort to increase developer productivity at Google, Steve tried to convince the company to adopt Rails (and consequently Ruby) as a programming language. When that fell on deaf ears (Google really does not want to increase the number of languages that must be supported by their infrastructure), Steve decided to do what any other frustrated programmer would do: he ported Rails to JavaScript. Line by line. In 6 months. Working 2000 hours. Steve is a coding stud.

And he is not alone: witness Project Phobos.

Phobos is a lightweight, scripting-friendly, web application environment running on the Java platform.

It comes with a set of plugins for the NetBeans IDE that cover the complete development process. These include a fully-featured debugger; wizards to help you get started faster; a palette of Ajax widgets that can be dropped on a page, thanks to jMaki; and the ability to generate a standard web application for deployment on any servlet container or Java EE application server.

Currently, the primary language supported by Phobos is JavaScript. By leveraging JavaScript on the server, Phobos allows developers to use the same language on the client and server tier of a web application, eliminating the impedance mismatch that characterizes other approaches to Ajax.

Digging farther back in Steve Yegge’s archive, one finds he has been thinking along these lines for some time:

JavaScript is probably the most important language in the world today. Funny, huh? You’d think it would be Java or C++ or something. But I think it just might be JavaScript.

For one thing, despite JavaScript’s inevitable quirks and flaws and warts and hairy boogers and severe body odor, it possesses that magical property that you can get stuff done really fast with it…

See, JavaScript has a captive audience. It’s one of those languages you just have to know, or you get to miss out on Web programming, and in case you hadn’t noticed, thick clients are like Big Hair these days. Most non-technical people I know pretty much live in their browsers, and they only emerge periodically to stare in puzzlement at iTunes or a game or something, and wonder why isn’t it in the browser, because everything else useful seems to be. It’s where the whole world is. To non-technical people, of course. Which is, like, practically everyone.

What other language is supported, in a reasonably cross-platform manner, on the Windows, MacOS X, and Linux native APIs, the Java virtual machine, the .Net virtual machine, the Parrot virtual machine, the Flash runtime, the Silverlight runtime, and 99% of the web browsers in the world? (And, oh yeah, what’s that new thingamajig from Apple? I vaguely remember reading something about it. Can’t seem to recall the name…) In other words, JavaScript not only runs on every platform of interest; it is the only language that runs on every platform. [1]

JavaScript isn’t winning the fight to be the Next Big Language; it’s already won.

[1] Actually, I don’t know if it runs natively on PlayStation3 and XBox 360. But given the little-bitty interpreter and the great big storage media, the games could ship with their own JS runtime and not miss the space.

Silly season [dive into mark]

Mark’s rant is red and meaty, just the way I like it, but in the end I have to disagree.

The fundamental wisdom at work here is not, “stay away from proprietary platforms”; it’s “don’t marry the platform… any platform”. If you think that open source is insurance against your technology choices going wrong, I have to ask: how many job openings do you see these days for Tcl/Tk hackers? And doesn’t Perl seem to be going down the same path? (And no, I am not a Perl hater; on the contrary, I am a Perl lover who’s feeling kind of unrequited these days…)

I’ve been itching to dig into Flex (darn SCWCD certification still to do first…), and I feel fairly confident that the time will not be wasted. After all, at its base Flex is just ECMAScript and XML. Learning Flex is, in fact, good practice for programming the next generation of browsers: it’s the first available implementation of ECMAScript 4, the standard to which the browsers will eventually hew. And learning a new XML dialect is something that a professional programmer is going to have to do over and over and over in the decade or so to come. So where’s the risk?

That Adobe is going to hose the runtime? Backward compatibility with gazillions of Flash apps is their main selling point; and keeping it free-as-in-beer is how they (okay, Macromedia) established their amazing level of market penetration. Why the hell would they give any of that up? And they are open-sourcing the SDK, so no sale there either. Where’s the downside, honestly?

(Now Silverlight is another matter; Microsoft has neither an installed base to appease nor any commitment to open source anything; the only thing keeping them semi-honest is, well, competition from Adobe. So I’ll be steering clear of that.)