Mark Anders (Adobe) – Enabling Next Generation Web Apps In and Beyond the Browser
Wednesday’s sessions started with Mark Anders, Senior Principal Scientist at Adobe. Mark previously led the ASP.NET development at Microsoft from 1998 and then left to join Macromedia because he was fascinated by Flash. He showed a couple of example Flash applications: Spacializer, and the Intelligent Finance mortgage calculator.
He then went on to talk about Flex, which is a “developer-friendly way to create Flash applications with code” (instead of a time line editor). Architecturally Flex lives somewhere between HTML/CSS and Flash. He gave a demo which retrieved Flickr photos using the free Eclipse-based IDE Flex Builder.
Mark then brought on Faizan Buzdar, CEO of Scrybe (blog), who demonstrated the significant performance improvements achieved in ActionScript 3; for example, encrypting 256KB of text takes 12 seconds in ActionScript 2, but only 1 second in version 3; there were also improvements demonstrated in graphical rendering and retrieving e-mail data for auto-completion in a contacts application. Mark also mentioned that Adobe will be contributing the source code for the ActionScript Virtual Machine to Mozilla’s Tamarin project.
Mark finished by covering Apollo, which allows you to build applications with online and offline/local (e.g. file/clipboard access, background processing, multiple window support) characteristics. Example Apollo apps are: Maptacular, and the Ebay desktop installer.
Chris Wilson (Microsoft) – The Past, Present and Future of the Browser
Chris is Platform Architect for Internet Explorer and has worked on versions 2 through to 7.
Chris said that he is often asked what Microsoft has been doing since 2001 (when IE6 was released), and noted that at the time although the platform existed for rich web applications, there was little actual adoption; it was also hard to build these applications – Outlook Web Access was Microsoft’s biggest application; and the dot com bubble had burst. Hacking also became much more lucrative, and so Microsoft became heavily focused on improving security through Windows XP Service Pack 2. (Microsoft did actually ship another browser version, in SP2, but it was security-focused.) Then in 2005 Ajax was given a name (most applications still run on IE6), and RSS was gaining increased exposure.
He then went on to extol the virtues of IE7, and emphasised that Microsoft has become very standards-focused (the IE team’s mantra is apparently “Don’t break the web!”).
In response to a common question, he said that it’s technically not possible to have exact multiple IE versions side-by-side on a single Windows install (they aren’t designed to work that way – they share settings .. the registry etc.). However, he mentioned that in November Microsoft released a free Virtual PC image that contains Windows XP SP2 and IE6 (VPC is already free – there is more information on his blog).
He ended the talk by introducing a couple of developers who had produced a very cool screen saver (Twingly), which shows the frequency of blog posts around the world.
Khoi Vinh from Nytimes.com (blog) observed that the internet allows for instantaneous publishing, but doesn’t yet allow for instantaneous design, so features with involved customised layouts (5th anniversary of September 11th, the U.S. elections) require long lead times.
Nytimes.com is changing from a platform for the delivery of news, to a platform for news-centric interactivity. They are building discrete applications to supplement the news experience (MyTimes, TimesFile, TimesTopics, TimesReader); also, content is evolving into functionality (e.g. inline audio and video), and they are including sharing tools for one-click access to Digg, Newsvine, etc. as well as blogger-friendly permalinks which stay available for much longer in front of the “paywall”.
Some principles for design:
- There is no such thing as free software (additional code, testing, support, “feature noise” that user may be forced to tune out)
- The cost of expression – in digital media users bear at least half the cost of expression
- Thinking of an application as a physical machine emphasises the cost of functionality
- Every feature should have multiple reasons for its existence
- Options are obstructions – having a preferences centre suggests that there were issues that you couldn’t resolve in the main interface
- Offend experts, not beginners – experts are less easily offended; most users are beginner/intermediate; most features are for experts
- Provide navigation within reason – users don’t have to navigate everywhere from everywhere; Amazon doesn’t display all product categories by default
- Undertake user testing, not executive testing; this should be usability testing, not acceptance testing
- Writing is interface design – labels have a big impact
- Let a thing be what it is – tabs are tabs, buttons are buttons, links are links
- Design with a maximum of elegance through a minimum of ornamentation
- Use a grid
Simon Willison (blog) gave a detailed and enthusiastic talk on “The Future of OpenID”, which has been gaining widespread support recently (both Digg and Netvibes confirmed that they will be supporting it during the conference).
Web authentication is problematic – too many user names, too many passwords; the temptation to re-use passwords across accounts. Can you remember the account name you used to sign up? Do you still have access to the e-mail address you originally specified?
Open ID gives you single sign-on without a single point of control. Your identity is a URL (which gives you a global unique identifier), and you can choose who you want to manage your identity. Simon’s example OpenID is hosted at LiveJournal (who invented OpenID) – when he logs in to Zoomr (and isn’t yet authenticated by LiveJournal) he will be redirected to LiveJournal to enter his password, and then back to Zoomr. OpenID supports exchange of attributes (e.g. full name, e-mail address) between OpenID-enabled sites using personas.
Decentralisation comes from specifying the URI assigned by your OpenID provider, in the page that you actually want to use as your identity (described in detail in the authentication specification). This indirection gives you flexibility to change providers. Simon has also come up with a way of enabling us to use our Yahoo! accounts to log in to sites that support OpenID.
From the perspective of a site owner, it makes sense to support OpenID since it avoids users having to create yet another account.
Simon gave some example uses for OpenID: pre-approved accounts/social white lists (e.g. for group web sites), corporate sign-on, micro-formats (your OpenID can embed contact details). He also proposed potential workarounds/solutions for some of the issues facing OpenID: the main issue is phishing, where your stolen identity could be used to log on to multiple sites; he proposes forcing the user to log on to idproxy.net (for example) by typing the address into the browser, or using a bookmark, rather than providing a potentially bogus link; you can also use multiple OpenID’s to spread your risk, which will help to mitigate privacy concerns with having a single identity across multiple sites (you still reduce your overall number of accounts).
To guard against your OpenID provider being unavailable for any reason, you can give your users the option to create a local acount or log in using an OpenID (possibly supporting multiple OpenID’s against a single account).
Simon finished by mentioning freeyourid.com, which takes the pain out of signing up for OpenID, and challenged the audience to think new features in your web application that OpenID enables.
Unfortunately I missed the first half or so of Jonathan Rochelle’s talk on how Google Docs & Spreadsheets were built, as I was back late from the panel discussion (covered by Read/Write web).