Category Archives: internet

internet, software development

Hosted platforms and the risk of lock-in

Two interesting posts for anyone considering building an application on a hosted platform like force.com (Salesforce). Onstartups has a thoughtful article about what it would be like to succeed on such a platform, and how much money and control you might end up ceding to the hosting vendor. Bob Warfield’s Smoothspan blog takes up the theme with a response that is longer than the original. What does it all boil down to? This, I think (from Smoothspan):

First, it has to be possible for you to move your software in a reasonable amount of time to new lodging if it gets too ugly.

As Smoothspan notes, this is what makes a service like Amazon S3, which you can easily switch out for another service, more attractive from this point of view than force.com, with its proprietary Apex language and forms.

That does not mean force.com is necessarily a bad deal. It means there has to be a lot of added value – such as productivity, high-level components, rich services – before it makes business sense to accept the lock-in.

internet, multimedia

Radiohead’s pay-what-you-like download: 160kbps MP3

Radiohead’s distribution experiment, in which customers are invited to pay what they like for the band’s latest album, In Rainbows, in digital form, will be available from tomorrow as 160kbps DRM-free MP3s.

That bitrate is likely to be sufficient for most listeners. 128kbps is sometimes considered the minimum acceptable for reasonable fidelity in MP3. Audiophiles will prefer to purchase the “discbox” which includes a CD, a bonus CD, and vinyl formats, or wait in the hope that a conventional CD release will appear, as it probably will.

My earlier comment is here.

Technorati tags: , , ,
internet, software development

An SLA for Amazon S3

5 Comments

Amazon has announced an SLA (Service Level Agreement) for its Simple Storage Service (S3).

S3 is great, and I noticed how it kept getting mentioned at the Future of Web Apps conference last week. The fact that people are using it, and liking both the performance and the price, says far more about it than any amount of PR.

The lack of an SLA was a snag for enterprise users who need assurance of reliability. So now there is one – but how much is it worth? Not much. The SLA guarantees 99.9% uptime, but you only get between 10% and 25% discount on your usage fees if it slips below that. There’s no coverage for consequential loss:

…your sole and exclusive remedy for any unavailability or non-performance of Amazon S3 or other failure by us to provide Amazon S3 is the receipt of a Service Credit

Given the keen pricing of S3 that’s not surprising. Still, the SLA does have some value, if only for setting expectations about what level of service S3 is likely to deliver.

Update: WordPress is now using S3 as its primary store, but Matt Mullenweg says the SLA means little to him. 

Technorati tags: , , , ,

internet, security, web authoring

Paying on the web? Look for the small padlock, not the big one

6 Comments

A friend drew my attention to a security issue on thetrainline.com, a UK website for purchasing train tickets.

She planned her journey and then entered her credit card details, noting that the browser confirmed that she was on a secure page:

In this case, Internet Explorer shows the url in green, which means it uses an Extended Validation (EV) SSL certificate, giving extra confidence that all is well. Indeed, in normal circumstances it would have been.

Unfortunately she made a small error with the card details. The site then bounced her to an insecure page, inviting her to re-submit her details but this time over HTTP. The image below shows part of the web page, including the credit card details (albeit with whatever errors caused the validation to fail) and the IE property dialog confirming that the page is not encrypted:

Now the comforting green url is gone, replaced by plain black on white:

However, the big padlock graphic is still in place, along with logos for Verified by Vista and MasterCard SecureCode.

It looks to me as if the card details are sent in plain text twice, first when bounced back to the user for correction, and second when re-submitted.

The site was advised of the problem 24 hours ago, but I was able to replicate the issue just now. Moral: look for the small padlock in the address bar, not the big reassuring graphic on the page itself.

Is this a big security risk? As far as I’m aware, the chance of a criminal intercepting internet traffic to look for useful information is slim. That’s just as well, given the number of sites that do bad things like emailing password reminders in plain text. The risk is not just theoretical though; the traffic could be logged or intercepted.

Let me emphasise: thetrainline.com is a respectable web merchant and I am sure this is no more than a bit of careless coding. After all, there is no advantage to the web site if you send your card details unencrypted. They get them anyway.

Technorati tags: , ,
internet, search

Who’s got the best search engine?

Please try the test here and vote because this is fascinating. It’s simple: perform a search and pick which is the best result, as in, which result best corresponds with what you are looking for. The script gives you the top result from Google, Yahoo and Microsoft (not in that order), but – crucially – does not show which is which. Currently, after 1400 votes, 34% have voted for the first, 53% for the second, and 29% for the third.

Of course this is an inexact science. Two different people could perform the same search and prefer different results. Further, it is not quite fair, in that the search engines could have personalization algorithms that will not operate when you go via a third-party script. I also hope nobody is cheating here, since unfortunately the test is insecure, in that you can work out which search engine is which and vote accordingly.

It is still interesting because it removes branding from the search results. This counts against Google, which has the best brand for search. After all, the brand has become a verb, “to Google”. Some people probably think Google invented web search.

Although number two is significantly ahead, the figures are already closer than actual market share would suggest. That implies that factors other than pure results are of critical performance in the search wars – though I suppose you could argue that if one search engine gives you the best result 53% of the time, you will end up using it 100% of the time.

Has anyone done a more secure test, maybe showing the first page of results rather than just the top hit?

Technorati tags: , ,
internet, software development, web authoring

Facebook, Comet, FireEagle at Future of Web Apps

This will be my last post direct from the Future of Web Apps as day two draws to a close.

Dave Morin, Senior Platform Manager at Facebook, talked this morning about the site’s remarkable growth and its value as a developer platform. He says its user count is growing at 3% per week, which equates to doubling each 6 months or so. Even more impressive are its activity stats – 50 page views per user per day, according to Morin, with 50% of users logging in at least daily.

So what is the Facebook platform? Morin calls it “A standards-based advanced web service which enables you to access the social graph”, where “social graph” means the connections between people. If you build an application on this platform, you can hook into these connections. An attraction for developers is that applications can achieve rapid adoption through the viral networking that Facebook encourages.

For me, his talk was more notable for what it did not say, than for what it did. Morin referred to the oft-repeated Facebook problem, that developers fear their best ideas will simply get built into Facebook itself, but did not offer any comfort beyond bland reassurance. I’m also interested in the implications of Facebook becoming increasingly important as an identity provider. How does it compare to others such as Google, Microsoft, Yahoo, when measured against the laws of identity developed by Microsoft’s identity architect Kim Cameron, for example?

Joe Walker spoke on Comet, an API for two-way communication with the web browser. Fascinating session, if only for his description of the hacks required to make it work – web browsers are not designed for this. Interesting comment on IE and how it handles data in iFrames – “it’s not wrong, but all the other browsers do it better.”

Tom Coates from Yahoo spoke on FireEagle, the code name for a project which exposes an API for applications that provide location-based services. If you sign up, it uses a variety of techniques to detect your location. An application could then do things like advising the speed limit in your area, or giving you a weather forecast, or informing you of friends nearby, or any number of other possibilities. Intriguing stuff, but with security and privacy implications that have not been fully worked out. It will be interesting to track what happens once people begin to sign up, which will be possible shortly in the form of an early test release.

internet, software development, web authoring

Microsoft Seadragon: smooth scaling for web images, coming to Silverlight

2 Comments

I mentioned Microsoft’s short presentation yesterday here at the Future of Web Apps conference. The highlight was a single page showing the complete works of Charles Dickens, with every page on view. We then zoomed in to read a page; the performance was great and the type perfectly clear. However I am taking it on trust that it really was all of Dickens works…

The technology behind this is Seadragon, acquired by Microsoft in February this year. I’m told that it will be integrated into Silverlight 1.1, so I guess we will be able to use this cross-platform next year. It is also used in Photosynth.

Is it any different from what you can already do with say Google Maps and related, or Virtual Earth? The answer I guess is that amazing zoom capability is nothing new, but Seadragon looks like an advance in smoothness and probably ease of programming. The goal:

visual information can be smoothly browsed regardless of the amount of data involved or the bandwidth of the network.

internet, web authoring

90% of web sites are illegal

2 Comments

That’s according to Robin Christopher of AbilityNet, who is speaking on accessibility here at FOWA. He is referring to UK legislation that is 8 years old, requiring web sites to meet certain accessibility standards. The bonus for developers is that accessible web sites are also generally better for all users, not just those with disabilities – Christopher quotes a 35% improvement, though I’m not sure how you measure ease of use in percentages.

Why don’t developers make their sites accessible? The problem I suspect is two-fold. First, lack of resources; many sites are thrown up quickly and it seems that some developers don’t go beyond testing that it looks kind of OK in Internet Explorer. Second, a lot depends on what the standard tools and libraries produce by default. I know Adobe has done significant work on this in Dreamweaver and in Flash. Is a typical WordPress blog accessible? A good question for Matt Mullenweg, whom I will be meeting shortly.

internet, software development, web authoring

Web identity, Facebook, iPhone debated at Future of Web Apps conference

1 Comment

I’m at the Future of Web Apps conference in London. Ryan Carson is interviewing Om Malik and Mike Arrington about – you guessed – the future of web applications.

Organizers Carson Systems seem to be testing the size of the market for their conference. This one follows another in London earlier this year, at a smaller venue. I suspect it is reaching its limit, though Carson consistently attracts high quality speakers. The conference aims to be an incubator for startups, though it attracts a wider audience than that implies.

As for the debate on stage, it is all pretty inconclusive as you would expect, but I’m interested in how the discussion keeps coming back to web identity issues. “Google pushing its identity mechanism, so is Yahoo, and so on,” says Malik. Carson asks how the problem of multiple identities will be fixed? Malik immediately turns pragmatist.  Developers should “support them all, what do you care? Let them fight it out”.

The conversation turns to Facebook. The participants flail around. Nobody knows how significant Facebook will prove long-term, or how viable Facebook applications are for developers. There is concern that Facebook itself may just copy all the good ideas. Further, Malik is dismissive of what has been done so far. “It is amateur, preliminary stuff,” says Malik. “If it is such as great web OS, where are the smart applications? I haven’t seen any.” Asked where Facebook will be in a year’s time, Arrington says it will go public; Malik says it will be embroiled in legal issues.

Malik is not altogether negative. He sees the real value of Facebook as an identity system. “”One application which shows the potential of Facebook is Free World Dialup [FWD]. Facebook becomes a directory service. That would be my idea of a disruptive application.” FWD integrated VOIP into Facebook.

Has Google been beaten by Facebook? “I don’t think the game is over with regard to social networking,” says Arrington.

What else? I liked Malik’s comment that “You should be building web-apps that are brain-dead simple.” According to him, many web apps “don’t address the principle of fixing someone’s pain point… a lot just do too much and it’s not clear who they are for”.

Malik also noted that European startups have an advantage over the US, though not necessarily Asia. “Europe has a much better broadband infrastructure. You are seeing the next broadband platform. Second, most European startups have the ability to incorporate mobile into their business plans.

Carson touches on mobile development. Is the iPhone a viable development platform? “Why support a platform where the guys who own it don’t want it to be supported?”, says Malik. What about iPhone vs Google Phone? “Google Phone is tackling the emerging markets. iPhone is the upper end of the market.”

One more quote from Malik. “Please stop doing offlice clones. However you might thing Google docs are great, people are not using them.”

Arrington’s big tip is not to spend much money. The beauty of the web is that bright ideas can be tested cheaply.

Technorati tags: , , , , , ,