"Megafreeze" development broken, Abstract User Interfaces

Melt the Megafreeze, let it trickle

Tuomo Valkonen writes that The megafreeze development model is broken in GNU/Linux distributions. He argues for a very long release cycle for an extremely stable base system (in line with Kernel releases) and then separate repositories for applications which are constantly upgraded.

I've often thought that in a world where security updates can be trickled over the Internet as they become available, it's odd that new features come in big chunks with each new release of a distribution. With Ubuntu, I upgrade every 6 months to see new features, why can't the features just appear as they become available like we're used to with Software as a Service?

Sam has tried to explain the reasons for the status quo to me on numerous occasions (him knowing a lot more about building Linux distributions than I), but like Valkonen I still remain unconvinced that the Megafreeze is the best approach.

Abstract User Interfaces: “Plasticity”

While I was on Tuomo Valkonen's homepage I noticed the Ion window manager that he developed. I found the UI ideas very interesting because they're very similar to a lot of things I'm trying to achieve with Webscope.

Ion has “tiling workspaces with tabbed frames” and the screen is always filled at any one time, like the multi-level resource tabs I want to create.

Ion also has a “query module” which “implements a line editor similar to mini buffers in many text editors. It is used to implement many different queries with tab-completion support: show manual page, run program, open SSH session, view file, goto named client window or workspace, etc.” which is a similar concept to the Natural Language Command Line I am trying to develop.

In a paper entitled Vis/Vapourware Interface Synthesiser Valkonen describes a system for describing user interface semantics and then automatically generating actual interfaces based on user's preferences with the use of stylesheets. This seems very much like a transform view in a Model View Controller design pattern and he's essentially talking about doing for the desktop what I want to do for the multimodal web. Starting with a semantic description of a user interface (e.g. using DIAL) and then transforming that semantic description into various different presentations using XSL stylesheets.

In his bibliography, he links to papers which use the term “Plasticity” in user interfaces, which I might explore further. User interfaces these days have to go “above the level of a single device” — O'Reilly.

Why *not* to make the "Metaverse" a direct extension of the web

Further to my previous blog entry, Why I would make the “Metaverse” a direct extension of the web I have found a strong argument to the contrary in the documentation of the Virtual Object System.

In a section of their manual called The 3D Web the authors point out “three basic limitations of HTTP which have caused 10 years of pain, suffering and hacky workarounds for developers trying to build interactive applications over the web. These are that HTTP is a stateless protocol, that URLs represent opaque handles to resources, on which no reliable introspection is possible, and that HTTP is explicitly asymmetric so that a server typically cannot initiate sending new data to a client.”

The reponse of the Virtual Object System community is to create an entirely new protocol stack which is a mirror of the technologies used on the web, but with a new technology for each layer:

  • VIP is like TCP
  • VOS is like HTTP
  • A3DL is like HTML
  • CSVOSA3DL is like an HTML rendering engine such as Gecko or KHTML
  • Ter'Angreal is like the web browser

The fact that HTTP is a synchronous, stateless protocol has come up in the past with regards to web applications – raising the possibility that AJAX is just a hack, waiting for a new protocol to replace it. Perhaps a replacement or extension of HTTP is due.

The current approach I am taking to a 3D Web client for Webscope is:

  • TCP is TCP
  • HTTP is HTTP
  • X3D is like XHTML
  • FreeWRL (and others) are like an HTML rendering engine such as Gecko
  • Webscope is the web browser.

Because of the limitations of HTTP I have considered building a protocol like XMMP into Webscope, and the argument the Virtual Object System community make will certainly prompt me to explore alternatives further.

What I think I would like to see is a solution that sits somewhere between the plain X3D over HTTP approach and the radical VOS approach of replacing the whole protocol stack. I don't want to throw away HTTP entirely because of its Content Negotiation abilities and the vision of the Multimodal Web.

I'd like to see some discussion on this by some people who know more about networking than I do.

Distributed Social Networking, Internet identity and trust

Distributed Social Networking

Social networking is a huge phenomenon on the Internet and web sites such as Facebook, MySpace and Orkut have enormous user bases. All of these social networks are currently centralised and controlled by a single company and do not allow users to interact between different networks. This can be frustrating for users who may have to sign up to several social networking web sites just to keep in touch with different groups of friends. Several efforts are in place to attempt to cross the boundaries between social networks, but most of these efforts work on the basis of another centralised system which aggregates all of the networks together using their respective proprietary APIs where they exist.

Open standards like FOAF and XFN already exist for expressing the relationships between people on the web, using semantic markup. In fact, I would argue that an open standard exists for every aspect of current social networking sites. By creating applications which use these open standards we can form a distributed social network which uses the web itself and does not require users to sign up to an isolated network. Each user need only create a personal home page using a service which supports the open standards to be part of the worldwide network.

I have started a new design concept on my web site listing common social networking features and corresponding open standards which could be used to implement them in Distributed Social Networking.

It's worth noting that services like Videntity are already supporting standards like FOAF.

Identity and Trust on the Internet

An interesting article in the New York Magazine a couple of weeks ago described how social networking sites are creating the biggest generation gap since Rock and Roll as teenagers are developing a completely separate concept of privacy to their parents. Teens can be very willing to talk about their personal lives and post pictures on public web sites. I don't even believe this is because they don't understand the issues of privacy, I just think they have a different attitude to privacy and are perhaps more open about their feelings than previous generations.

However, this did get me thinking. Whilst compiling this list I realised that one thing I wasn't sure how to achieve was the privacy features of social networking sites. Many of the sites allow you to define which information will be visible to which users. In a distributed system with no central authority to authenticate against it can be very difficult to define trust and granular permissions for information.

I searched the web for a solution and came up with OpenID, SAML and XDI.

OpenID

Being an ex-LiveJournal user I'm familiar with OpenID but hadn't realised how big it has become. AOL and Yahoo have now adopted the standard and even Microsoft are talking about integrating OpenID into Windows Vista.

“OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI”. Once someone has confirmed that they own a particular URI and they come across a web site which supports OpenID, they can use their URI to identify themselves. They are simply redirected to their URI's OpenID authentication if they need to log in. No more signing up for an account on every. site. you. visit!

XDI

An article called The Social Web: Creating An Open Social Network with XDI describes an ambitious project to create a new system of unique identifiers for information resources to create a Social Web of people, or more generally, a Data Web. The new scheme uses eXtensible Resource Identifiers (XRIs) to identify resources independent of a specific physical network path, location, or protocol – in a way which is compatible with URIs and IRIs. XRIs are then linked with “link contracts” which express authority, security, privacy, and data sharing rights in a machine-readable format.

Analogies are drawn with the identification and authentication system used in banking where “I-brokers” are “a trusted third party that helps individuals and organizations share private data the same way banks help exchange funds”. The XDI project also has ambitious aims like anti-spam protection and identity theft protection.

SAML

According to Wikipedia, SAML is an “XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider.” Google are using SAML for Google Apps. Basically it allows a service provider to assert that a user has the permission to access a certain resource, by querying a separate identity provider (which could be common across all service providers).

Converging

It turns out that all of these technologies are converging and moving towards the holy grail of system administration – the “Single Sign On”. OpenID can now use an XRI to identify a user and there is talk of using SAML in conjunction with OpenID to assert privledges.