Came across this article recently: Dangers of Remote Scripting
This does raise an interesting problem that is hard to solve. Partnerships that involve running remote javascript are an important part of a lot of web sites. Its a powerful technology, allowing richer ads, content syndication, and outsourcing of page components, so business logic in javascript isn’t going to go away. It does increase your attack surface because a compromise of any of your partners can effect your site, as it did here.
You can’t really do any sort of validation in javascript, because the logic to do so would be out in the open and easily faked. I think a hybrid approach might be the best solution. Have your server do a “secret handshake” with the partner every so often, and if it fails then don’t display the script tag for their service. The handshake could go as far a cryptographic signing system that requires active support on the partner’s server, or it could be a passive system that checks for the existence of certain hidden urls and that the whois information hasn’t changed.
Any other ideas?
Sunday, January 20, 2008
Thursday, January 17, 2008
Apple as a Cable Company
Apple's recent announcement for Apple TV take 2, with movie rentals, got me thinking. This thing is basically a new sort of cable box, one where everything is on demand. I think its the direction television is going on. One day there will be no channels, just RSS feeds of shows (podcasts), with new installments posting at regular times. With all the new tech, a big strike going on, and my huge cable bill, I thought I would do some math and see what the real costs are.
First the basic assumptions, using me as an example. I pay about $180 a month for Comcast cable. About $100 of that is for the video part, which gets me digital cable and DVR on two boxes, and no premium channels. I watch about 8 shows somewhat regularly, Simpsons, Family Guy, Daily Show, Colbert Report, Ugly Betty, Heroes, Torchwood, Dr. Who. I won't count news because that is usually free podcasts already.
iTunes charges $1.99 per show. Weekly shows have about 4 episodes a month for 6 months, for a total of 20 to 24 episodes in a season. The season pass saves you a little, so the cost per month per show runs around $7.50. Since you only actually have to pay that half the year, its more like $3.75 per show. Daily shows run more like $10 per month, and air about 10 months of the year, for a cost of $8.30 per month. So my 8 shows are $39.10 per month.
So $39.10 is cheaper than the $52.50 Comcast wants for standard cable, and is taxed less. Not everything I watch is available on iTunes, and some of those shows I can watch for free online, although not on an Apple TV. So dropping the video part of my cable would save me money on regular tv.
iTunes rents movies for $2.99 to $4.99 each, depending on the age and resolution of the movie. So I'll assume $4.00 per movie. With the $60.90 I have left after getting rid of video cable I could rent 15 movies, thats one every other day, a lot more than I usually watch.
Now I am a rather light TV user. I think for the heavy watcher iTunes may cost as much or more than cable. Consider someone who watches prime time shows 4 nights a week. That is about 5 shows each night, for a total of 20 shows at $3.75 a show per month is $75 a month. Still better than digital cable. Plus you actually own copies of the shows when you are done, you can watch again whenever you like.
Network television made about $48 billion in ad revenue in 2006. So with a years worth of a $3.75 a month show costing $45 a year, and assuming the network sees 80% of that, or $36, that means to make $48 billion about 1.1 billion shows need to be watched. If the average person is me and watches 8 shows, that means about 167 million people have to watch 8 series a year for them to make the same money as they do now.
The population of the United States is about 301 million as of July 2007. We all watch TV, and a lot of it, so assuming the whole population watches an average of 8 shows network TV would make about $86.5 billion. You can see why everyone is going nuts, and why the writers strike is so important. This model of people directly paying for only what they want has a lot of potential to it. Also imagine Apple or Microsoft getting the other 20%, thats $21 billion.
The average person watches about 4 hours of television a day, or 28 hours a week. Some shows are 30 minutes, some are one hour, some are weekly, some are daily, so lets assume 45 minutes per show, and 3/4 of the shows are weekly. Things cancel out nicely, meaning this average person watches 28 shows. Lets assume 16 shows, and the rest is 2 hour movies, 8 of them, at $4 each. (16 x $3.75 + 8 x $4) x 12 x 301,000,000 = $332 billion, of which $266 billion goes to the network, and $66 billion goes to the provider.
Now things are a little more complex then this. I haven't included the effect of the loss of DVD sales. I also only considered ad revenue, which would disappear in theory, but in practice there is product placement and other revenue streams. I think having to pay for each show individually may alter viewing habits, causing less viewing, and since you own a copy, reruns wouldn't deliver any profit, and some shows like news may still be free. Someone needs to provide all the bandwidth to deliver this to both ends, and be paid for it, but networks would no longer have satellite and broadcast affiliate infrastructure to maintain, and cable would be reduced to an ISP.
So I don't think anyone is going to make such insanely huge numbers, and there are winners and losers, but the direct approach does have some enormous upside potential. Current ad revenue is only about 18% of the potential revenue I calculated, so even with rampant piracy, a decline in viewers, and other troubles, the television industry could do pretty well. Also think of the potential difference in programming if it has to serve viewers directly to get their dollar, instead of being a vehicle to deliver eyes to advertisers who usually hold more sway than the audience.
All in all, I think this gives an interesting glimpse into what the future could hold if it were allowed to happen. Media companies have to stop being so scared and just give people what they want, and the money will come.
First the basic assumptions, using me as an example. I pay about $180 a month for Comcast cable. About $100 of that is for the video part, which gets me digital cable and DVR on two boxes, and no premium channels. I watch about 8 shows somewhat regularly, Simpsons, Family Guy, Daily Show, Colbert Report, Ugly Betty, Heroes, Torchwood, Dr. Who. I won't count news because that is usually free podcasts already.
iTunes charges $1.99 per show. Weekly shows have about 4 episodes a month for 6 months, for a total of 20 to 24 episodes in a season. The season pass saves you a little, so the cost per month per show runs around $7.50. Since you only actually have to pay that half the year, its more like $3.75 per show. Daily shows run more like $10 per month, and air about 10 months of the year, for a cost of $8.30 per month. So my 8 shows are $39.10 per month.
So $39.10 is cheaper than the $52.50 Comcast wants for standard cable, and is taxed less. Not everything I watch is available on iTunes, and some of those shows I can watch for free online, although not on an Apple TV. So dropping the video part of my cable would save me money on regular tv.
iTunes rents movies for $2.99 to $4.99 each, depending on the age and resolution of the movie. So I'll assume $4.00 per movie. With the $60.90 I have left after getting rid of video cable I could rent 15 movies, thats one every other day, a lot more than I usually watch.
Now I am a rather light TV user. I think for the heavy watcher iTunes may cost as much or more than cable. Consider someone who watches prime time shows 4 nights a week. That is about 5 shows each night, for a total of 20 shows at $3.75 a show per month is $75 a month. Still better than digital cable. Plus you actually own copies of the shows when you are done, you can watch again whenever you like.
Network television made about $48 billion in ad revenue in 2006. So with a years worth of a $3.75 a month show costing $45 a year, and assuming the network sees 80% of that, or $36, that means to make $48 billion about 1.1 billion shows need to be watched. If the average person is me and watches 8 shows, that means about 167 million people have to watch 8 series a year for them to make the same money as they do now.
The population of the United States is about 301 million as of July 2007. We all watch TV, and a lot of it, so assuming the whole population watches an average of 8 shows network TV would make about $86.5 billion. You can see why everyone is going nuts, and why the writers strike is so important. This model of people directly paying for only what they want has a lot of potential to it. Also imagine Apple or Microsoft getting the other 20%, thats $21 billion.
The average person watches about 4 hours of television a day, or 28 hours a week. Some shows are 30 minutes, some are one hour, some are weekly, some are daily, so lets assume 45 minutes per show, and 3/4 of the shows are weekly. Things cancel out nicely, meaning this average person watches 28 shows. Lets assume 16 shows, and the rest is 2 hour movies, 8 of them, at $4 each. (16 x $3.75 + 8 x $4) x 12 x 301,000,000 = $332 billion, of which $266 billion goes to the network, and $66 billion goes to the provider.
Now things are a little more complex then this. I haven't included the effect of the loss of DVD sales. I also only considered ad revenue, which would disappear in theory, but in practice there is product placement and other revenue streams. I think having to pay for each show individually may alter viewing habits, causing less viewing, and since you own a copy, reruns wouldn't deliver any profit, and some shows like news may still be free. Someone needs to provide all the bandwidth to deliver this to both ends, and be paid for it, but networks would no longer have satellite and broadcast affiliate infrastructure to maintain, and cable would be reduced to an ISP.
So I don't think anyone is going to make such insanely huge numbers, and there are winners and losers, but the direct approach does have some enormous upside potential. Current ad revenue is only about 18% of the potential revenue I calculated, so even with rampant piracy, a decline in viewers, and other troubles, the television industry could do pretty well. Also think of the potential difference in programming if it has to serve viewers directly to get their dollar, instead of being a vehicle to deliver eyes to advertisers who usually hold more sway than the audience.
All in all, I think this gives an interesting glimpse into what the future could hold if it were allowed to happen. Media companies have to stop being so scared and just give people what they want, and the money will come.
Friday, January 11, 2008
Do What I Mean
Computers always do precisely what you tell them too. That's the problem. People don't do that. They understand what isn't said. They know about context, past experiences, accepted norms, what doesn't make sense, and can look at what they are given and figure out what it is and what it can do. When learning programming many people often get frustrated quickly when they realize computers by default do none of the above. You need to break problems down into smaller and more specific chunks than you are used to, and there can be a big up front learning curve to knowing what the building blocks are.
I got to thinking about this while working on a project to covert some code from Actionscript 2 to 3. Actionscript (AS) is part of Flash, a Macromedia, and now Adobe product that started as a design application and slowly morphed over time into a rather capable software development tool. Designers are an unusual bunch, and they think us programmers are an unusual bunch. They tend to be some of the least technical people, but their work is done in some of the most complex and expensive software out there. The special hallmark of design software, is that it is focused around "do what I mean", letting you see a result right away, and then working in a feedback loop with the user to fine tune it.
So when I first heard that AS3 is strongly typed, I was really surprised and dismayed. Actionscript 3 borrows a lot of Java's ideas of how programming in the large should work. Java is great at programming in the large, and it also is great at making everything into a large program. It works great for big corporate bean counter types, since its static typing, and almost complete lack of anonymous data structures, make it easy to count the beans. In order to do that you have to write a lot of code. There are no assumptions, nothing that tries to look at what you are doing and fill in the missing bits with reasonable defaults, or switch its behavior.
Object oriented isn't good enough. People don't need to be told what object they are looking at, they can figure it out. They don't need to be told one object can do something and an other can not, they can look at it and figure it out. People can communicate in free form associations, without having to declare all the possible things they might say beforehand.
So how do you "do what I mean?". Its all about introspection and anonymous data. Write objects that manage sets of other objects, that can look at them and see what abilities they have (available methods), and which they do not, and use them accordingly. Take arguments as hashes (associative arrays, dictionaries, anonymous objects, whatever you like to call them). They let you say what you need to without either side needing to know all the possibilities. Use roles, so new objects can be built up by joining together existing ones, and make those roles do all the things I just mentioned.
Think of design software, showing a result right away and then working in a feedback loop with the user to fine tune it. This is how I write code. I start with something small, and work in a feedback loop with my debugger making correct and larger as I go. If you API does the above, working this way will make a lot of sense. If you are building a new API, doing the above will make it expandable without breaking code that already depends on it.
Think of design software, showing a result right away and then working in a feedback loop with the user to fine tune it. This is how I write code. I start with something small, and work in a feedback loop with my debugger making correct and larger as I go. If you API does the above, working this way will make a lot of sense. If you are building a new API, doing the above will make it expandable without breaking code that already depends on it.
"Human languages ... differ not so much in what you can say but in what you must say", Larry Wall, from "Programming is Hard, Lets go Scripting...". This statement, and the linked article, sum up where I am going with this quite nicely. I'm mostly a Perl programmer, and Larry Wall is the father of Perl, a highly dynamic language, some might consider the antithesis of Java.
AS2 was a lot like JavaScript, an other highly dynamic language. You could change definitions of objects, throw anonymous data around, use functions as objects, and do all sorts of introspection without too much trouble. In the Javascript world these things make wonderful libraries like prototype.js possible. AS3 now turns most of that off by default, preferring its Java-like static way of doing things, and making you jump through hoops to get back to the nice old dynamic world. AS2 had a horrible API to the flash runtime, but that wasn't the language's fault. What AS3 now needs is an API to make it dynamic again easily, letting the developer choose which approach is best, and bringing the magic back.
Saturday, January 5, 2008
Gave One Got One
I am writing this from my newly arrived One Laptop Per Child XO laptop.
Why did I get one? Its a part of history. Its a great program that strives to break poverty by the old saying "Give a man a fish he eats for a day. Teach a man to fish he eats for a lifetime". It represents a whole new direction for computing, that represents a whole lot more than this little laptop. It is an educational appliance.
The OLPC reminds me very much of my first computer, an Atari 800. An affordable all in one box that used a TV as a monitor, it ran one program at a time, and came with a BASIC languge cartridge so you could write your own.
The OLPC's interface is organized into activities. You work in one activity at a time, each taking up the whole screen, although multiple activities can be running at once. A simple home screen lets you choose activities. The activities you run and what your work in them are logged in a journal. An other screen lets you find networks and other OLPCs to share your work with.
That's it. There is no desktop, no file manager, control panel, start menu, or overlapping windows. Nothing to complicate or take away from the running activity. It is the simplicity of those first home computers reborn.
In this way the OLPC does more with less, and makes the creativity and discovery that technology can provide available to whole new groups of people in new places and ways. The hardware is simple and novel, but the specs are equivalent to what was state of the art maybe seven years ago.
For me, having a small computer that weighs just a couple pounds and is so simple is wonderful. I can browse, type, code, most anywhere. It fits in a sweet spot between the iPhone and a traditional laptop. That's a big gap not much else fills well, and may prove to be a new sweet spot for "computers for the rest of us".
Subscribe to:
Posts (Atom)