Senator Dick Durbin has announced an online forum about broadband policy that started last night. Today’s news that iPhone sales are disappointing provides one illustration of the importance of this issue. While the device is overpriced, I have no doubt that a key drag on its uptake is the slow network AT&T has devoted to it. This would have been considered ludicrous in East Asia.
US Government, as we all know, is fleeing from openness as fast as its so-called leaders can run. At Tim O’Reilly’s open source briefing yesterday, open source advocate and version control expert Karl Fogel presented a case for recording and releasing all communications that go into making laws. Apparently the New York Times picked up Tim’s blog on the subject.
The briefing also presented open web APIs, open source hardware, and other examples of how the open source movement has spilled over its origins in free software. The most popular free software packages are still infrastructure: operating systems, languages and language tools, system administration packages, and so forth. But there’s no doubt that everybody is evolving in response to this powerful model for encouraging creativity.
Karl half-joked yesterday, “One could almost cite it as an invariable rule that no open system becomes interesting until it generates spam.” In other words, the presence of malicious actors is the sign that a system is free enough from controls to be a foundation for positive innovation as well.”
There’s a tight symbiosis between open data sources and open interfaces. It was the presence of open data sources (Google maps being the example everybody cites) that made thousands of developers take a fresh look at browsers and create the mash-up revolution. Visualization followed data acquisition. But now that the are so many great frameworks for doing creative visualization, developers are turning back to the server side and asking, “how can we present data better for all these tools?”
Under Ajax, you can request a single item of data from a web server, which normally queries a database to return the data. Mike Pittaro suggested that the data source could be separated from the web server. Why not create dedicated servers (running probably on the same host but a different port) that handle HTTPRequest queries from browers directly? Static content (HTML, served by web servers) is segregated from the data (served by the data servers). He described SnapLogic’s open source solution as somewhere between Yahoo! Pipes and Microsoft’s project having the code name Astoria.
Toby Segaran presented some open-source data mining applications based on publicly available data sources and Python, related to his book Programming Collective Intelligence. Describing how widespread data mining and analysis is, he pointed out that “sixty to seventy percent of all stock trades now are totally automatic, with no human intervention at all.” Given the heavy investment by pension funds and other formerly conservative investors in hedge funds, do enough of us worry about the risks of borg stock trading?
Mash-ups and other highly distributed applications call for distributed authentication. OpenID is a long-awaited protocol that gives people pseudo-identities. That is, it doesn’t help you prove that the Salmon Pasha who’s sending you email is the same Salmon Pasha you shared a meal with at a cafe last week, but it helps you prove that it’s the same Salmon Pasha who runs a popular web site on bicycle repair, or the same Salmon Pasha who bought a sprocket wrench from your web site a month ago. (That is, if Salmon used OpenID to authenticate each time.)
Consider OpenID an enabling platform. As Simon Willison said at OScon’s OpenID Bootcamp tutorial, “All the interesting things take place on top of OpenID.” Thus, it highlights a lot of weaknesses that have existed for a decade or more on the Internet. For instance, I asked how OpenID interacts with traditional certificate authorities, and pointed out that everybody routinely clicks through pop-up dialog boxes telling them that a site’s certificate can’t be validated. And indeed, the presenters said that SSL certificates are central to the authentication of the servers that host OpenID identities, so current weaknesses in maintaing certificates by browsers and web servers carry over to OpenID.
Today I’ll give my presentation on free documentation. As soon as I get a moment to pause, I’ll blog about the reactions I’ve been getting from readers, audience members, and other colleagues, as well as say more about OSCon.