Archive for November, 2009

De-supporting the majority?

A little long for a tweet, so I’ll post it here… word on Techmeme is that changes in Snow Leopard broke Google’s “Gears” plugin, so Google Apps will be “dropping Gears” and moving to “HTML5” instead.

Instead of adding an invisible capability to whatever the user’s choice of configuration, would you present a “Looks Best in Browser X!” type of barrier…?

Maybe the story isn’t accurate — I haven’t found any source link in the first few retellings I’ve read [!!], so it could be just another blogospheric falsehood. But if the story is accurate, then that translates to “We’ll be dropping support for the majority of the world — people who use Microsoft browsers or older browsers — in order to reduce our development costs for the people who buy Apple’s hardware.” Sounds strange!

Corrections welcome… I’m not sure if the story is inclusively correct, or if I understood it correctly, and I’m not really interested enough at the moment to research it more deeply. But from the above LA Times piece, doesn’t it sound like going from a plugin to requiring a browser change would make the final work pragmatically inaccessible to more people?

Afterword: After re-reading the current webpages, I’m not sold… the original LA Times story purported to be a product announcement, but then only said they had an email from some unnamed person at Google. Sources which don’t cite their data tend to be bogus.

A commenting concern

The article is titled “Should Adobe Auto-Update Flash and PDF Reader?”, and I was about to point out to the writer that Adobe Flash Player and Adobe Reader have offered configurable auto-update for years.

But then I noticed the site said “You need to Login or Register to comment,” which implies realworld identification.

And then I noticed that this particular webpage also requested third-party content from a dozen other domains, few of which I recognized. Third-party content on a webpage can set a cookie or log an IP address, subsequently recognizing the surfer across varied webpage domains.

If the site happened to pass a commenter’s realworld identity along to any of these third-parties, then the commenters could be known by realworld name as they subsequently visit other pages, on other domains, which happen to host the same third-party content.

So I’ve got a dilemma — the reporter and site may be legit and may respond well to better info, but they’re recycling old content without original research and are notifying a list of a dozen domains upon each visit. I’m already using an ad-blocker to avoid many of those unexpected third-party requests, and have already invested many years in trying to help commercial commentators get their facts right. Is it worth signing up for an account, and hoping that a comment makes it out of moderation, and that the comment actually makes a difference, if the website already notifies third-party trackers when I arrive, and then wants my realworld details too?

Can we take such sites at face value?

How does video work?

When you open up a web browser and type in an URL, how do you then see a video in the webpage?

There are a couple of different levels of requirements, but it’s not hard to understand how they stack together. You’ve got to have a computer of some type, of course, as well as an operating system. This lets you load applications like WWW browsers.

The HTML markup that a browser processes could be written in any of several ways, but at some point will call up a locally-installed “codec” (short for “encoder/decoder”) to process the incoming video stream, and display it within the browser window.

Most of the time the markup asks the browser to ask Adobe Flash Player to render the video, because Player is already on (nearly) all the world’s machines, and Adobe has paid the licensing costs to distribute a good set of codecs. Sometimes the markup asks browsers to use other cross-browser plugins, such as QuickTime or Windows Media or Real Video. Sometimes the markup asks the browser to call a codec directly, as with the VIDEO tag or iPhone.

But that’s the gist of it — a given video file requires a corresponding local video decoder. It’s a pretty simple thing.

Of course, there are ways to make the story more complicated, by adding more details…. 😉

For instance, each codec has different strong points, different angles to appreciate. Some of the older codecs have been donated by their creators for any type of redistribution. The more efficient codecs usually charge a license for redistribution to recoup their development costs. Flamewars among codec fans have historically been amusing, but are a separate topic from understanding what a codec is and does.

The server can introduce additional complicating details too. For instance, some servers can deliver different video streams to different client requests, depending on what codecs and transfer rates the clients have. Other servers can confirm that the request comes from a paid-up subscriber (“DRM”) or offer playback amenities such as scrubbing and variable-speed playback. Still other video servers can make use of both the encoder and decoder on the playback machine, for videochat and such.

And, of course, the above is talking about only the most basic type of video, the linear playback stream that we’re used to seeing on movies and TV. Usually you’d also expect, at minimum, some type of playback interface in the webpage (stop/pause/play etc), and there are other interactive features such as captioning, bookmarking, branching, realtime editing, the list goes on. The codec handles just the linear video stream, which is usually only one part of the overall video experience.

But those are the basics: you’ve got one or more video files on the server, and the markup asks the browser to find an appropriate local decoder. That’s how your video gets viewed.

(My apologies if you already knew the above info, and I ended up wasting your reading time… I’m hoping it will be read and understood by more of the weblogs listed on Techmeme, so that in the future all of us readers will end up wasting less time reading soap-opera dramas atop a “web video” storyline.)

Beat back the hacks

Seems like Techememe is now listing that Business Week article “Can Adobe Beat Back the Hackers?”, which I mentioned on Twitter yesterday.

Here’s the hot line: “Vulnerabilities in such widely used software can cause myriad problems. More than a dozen sites, including those of The New York Times, USA Today, and Nature, have been infected with fake ads that exploit Adobe software.”

The latter phrase should read “exploit older, un-updated Adobe software.” Attackers will use the newest vulnerabilities in hopes of increasing their catch — no surprise. This article contains the worry, but not the general advice readers need: keep your Internet software current.

The more-interesting part of this exploit is mentioned only in passing… trusted websites cannot always assure the third-party content they serve. The Web, as we know it today, is infected… more last week and last June… even trustworthy sites are not sure what they’re serving you.

(There’s also a line later on: “Historically, Adobe hasn’t had to contend with attacks, so it hasn’t been focused on potential weaknesses.” The Internet Archive has pages from the Macromedia Security Zone dating back to 2002.)

Summary: Yes, criminals are trying to exploit you. But to reduce the risk, keep your Internet software current. And consider using browser software (such as an ad-blocker) to monitor third-party content which may be attached to a trusted site.

What drove Flash?

Michael Calore, at WIRED Webmonkey, has some current estimates of possible adoption dates for different features within “HTML5”. A useful read.

I’m more interested in a minor quote in there: “What’s driving the most successful [browser] plug-in, which is [Adobe Flash Player], is video support.”

I suspect that might be the other way ’round… Macromedia Flash Player had been solidly above 90% consumer support for many years before video was introduced in 2002. Early adopters started using video via Flash in 2003, but it wasn’t until 2004 that we started seeing businesses built atop it, and by 2006 there was widespread awareness.

Why? Video took off only after the production costs were lowered: once producers did not have to multiply-encode video for different audiences, and once support costs for consumer installations were removed. Adobe Flash Player added video in early 2002, then became a practical choice towards late 2004, after consumer support levels rose above 90%.

The same kind of dynamic occured with “Ajax” a few years back… consumer support was already high for Microsoft browsers, and as soon as browsers from Mozilla and Apple added support for live XML requests, developers could immediately build websites which large audiences could immediately view. When Jesse James Garrett coined the name on Feb 18 2005, those startling new “Ajax” projects would magically “just work” for their audiences.

Both Ajax and Flash video were considered “overnight sensations”, even though the groundwork had actually taken many years. The hype started only after the capability was already there.

Anyway, linear video playback on a notebook is certainly a lucrative area right now… lots of firms are making lots of money from massive audiences via their video content — popular video is certainly “a shiny object” these days — so I can understand the mental shortcut of thinking that video drove Flash.

But history shows that it was Flash’s total ecology of creators and audiences — all the exceptionally diverse people who found value in using Flash — which successfully drove the later practicality of in-browser video. In a sense, sites like JibJab and NewGrounds made sites like YouTube possible.

Adobe today? The company still establishes publishing technologies, then profits within these new, wider ecologies. That pattern is embedded deep within its corporate culture. Yesterday’s view of video will not be tomorrow’s view of video, and Adobe is trying to solve newer, harder problems.

Green card lawyers, my naked wife, and the too-open web

Remember Usenet? I was very excited by it… people were talking directly together, without barriers or intermediaries… incredibly democratizing, open to all. But, suddenly, that same uncritical openness was used to sell citizenship lotteries and atomic plans.

We were all quite shocked. But Usenet’s architecture naively trusted all inputs. Bound to happen.

Email surprised us with the same problem. It was very useful, particularly after Usenet started to get noisy. But then Email clients tried to compete with the colored fonts of HTML, and let anybody send a file to you, then executed JavaScript when an email was opened, and there were plenty of marketers urging them along on this road to perdition. The first big Flash security problem was My Naked Wife, a file-deleting .EXE which called itself a SWF… not all that much different than the latest issue, in wanting to trust any odd file which came along.

Email’s architecture also believed anything any stranger said, and so had an initial boom, before becoming parasitized. Like Usenet.

The World Wide Web is also very lauded, very useful. But we’ve got that same Usenet dynamic of wanting to listen to any speech or visit any site, while following the email-client dynamic of adding all types of extraneous features in hopes of becoming the universal client. The result is that more people are now asking “Can we trust the Web?”, not even knowing whose content they’re serving up.

“Green Card Lawyers” and “My Naked Wife” arose because they could, once Usenet or Email became attractive enough. Both Usenet and email were successful among early adopters, but neither system could really adapt to their eventual parasites. The Web has become popular too, and also has issues with accepting candy from strangers.

Fortunately, The Internet — the network of all networks — is bigger than The World Wide Web and its hyperlinks. Our connectivity is expanding from the desktop to the pocket and the wall. It’s time to change again.

Usenet may be moribund, and 90% of email may be spam, and the web’s search engines may be full of plagiarized or infected sites, but our networking strength has only increased. I suspect the next architectural design should offer more control over how strangers might gain our attention.