Tim Anderson’s ITWriting

I am intensely interested in the BBC iPlayer, set to launch on 27 July. It’s a landmark in the convergence of the internet and broadcasting.

This is a convergence I welcome. I missed most of the Glastonbury 2007 broadcasts, but I’ve enjoyed the BBC’s watch and listen page which gives you immediate access to most of the sets*, despite the relatively low quality (225 kbps video, 64 kbps audio, according to the player). Just click a set and it plays, no chit-chat, no messing around with programme schedules or having to decide in advance what to record. The iPlayer promises bitrates of perhaps 750kbps to 1Mbps – effectively full broadcast quality. The immediate advantage is time-shifting, but longer term there are other interesting possibilities in internet broadcasting, such as greater interactivity and the ability to customize what you view. We saw some great demonstrations of this (using Silverlight) at Microsoft’s Mix07 earlier this year.

The iPlayer is also an important example of commercial use of peer-to-peer technology, using kontiki.  

The problem is that the BBC needs to restrict playback to seven days after first broadcast, otherwise it runs into copyright difficulties. I am sure people will put their energy into trying to bypass these restrictions, and may well succeed, but the BBC has to at least make a serious attempt to enforce it. It is this that pushed the BBC into the arms of Microsoft’s DRM, to the understandable upset of Mac users and Microsoft haters, although a Mac iPlayer is promised at some future time.

This aspect bothers me as well, not only because of cross-platform issues, but because I question whether Microsoft is able to deliver DRM that just works. See here for an amusing account of how a tech-savvy Windows user struggled to purchase and play an audio file using this system. The iPlayer appears to be based on Windows Media Player, which is notorious for its cryptic error messages and intricate, hard-to-solve problems. Here’s an example plucked from the windows.media.player newsgroup:

I just tried playing both some new songs I had just downloaded, and when those wouldn’t play, some older ones that have been on my computer awhile, but each time I try to open the songs, I get the following:  “…cannot play the file because a security upgrade is required.  Do you want to download the upgrade?”.  I click “upgrade”, but absolutely nothing happens.

I took a look at the iPlayer beta message boards, and there’s no shortage of folk with similar problems. I realise that that you must expect problem reports on internet forums, but my impression is that problems with Windows Media Player and Microsoft DRM are more prolific than they should be.

I can readily believe this, because Microsoft has woven so many dependencies into the fabric of Windows. This is what makes patching a Windows system so frustrating. You start off trying to fix a problem with, say, Microsoft Office, and end up having to install updates to seemingly unrelated components like Internet Explorer, ”Genuine Advantage” ActiveX controls, or Windows Installer, some of which inevitably require restarting the system. It’s bad enough when it all works as expected, but when something fails it is truly a challenge to recover.

I’ve not yet had an opportunity to try iPlayer myself. Nor do I know if the BBC intends to move from WMP to Silverlight, though I believe it may do since this would bring Intel Mac compatibility. I suspect it would also be more trouble-free, since Silverlight does not have as many dependencies – I was told at Mix07 that it has its own media player and does not try to embed WMP.

What chance is that that BBC iPlayer will have a smooth and untroubled launch when it goes public on 27th July 2007?

*PS on Glastonbury 2007: If you have time on your hands, watch the Iggy and the Stooges performance. It has amazing energy, particularly considering the man’s age, and you also get a hilarious stage invasion which has even the Ig pleading with the audience to back off and give him some space.

Technorati tags: bbc, iplayer, windows media player, drm, microsoft drm, windows drm, glastonbury 2007, iggy pop, iggy and the stooges

Here’s my profile:

http://www.facebook.com/profile.php?id=615492587

Adobe’s Paul Robertson has a thoughtful response to my complaint about AIR security. The point I made is that any AIR application has the same access to the file system as the user. This includes local SQLite databases as well as other documents. Robertson’s response:

In order for a user to access an AIR application, he or she must first choose to install the application, including going through a security dialog that will describe whether the application was signed with a security certificate. In this way, an AIR application is comparable to any other desktop application, such as one written in C++. Since any C++ application could theoretically include the SQLite library, installing an AIR application is no different from installing any C++ application in the sense that, by doing so, a user opens himself up to possible abuses and security risks.

The security risks of desktop apps are well-known, and that’s why users have learned to be cautious about installing them. A possible concern though is that Adobe wants to make installing AIR applications really easy. Here’s the description in the docs for seamless install:

The seamless install feature lets you provide a link in a web page that lets the user install an AIR application by simply clicking the link. If the AIR runtime is not installed, the user is given the option to install it. The seamless install feature also lets users install the AIR application without downloading the AIR file to their machine.

I’ve seen how much kids love playing Flash games on the Web. Some of these games would be a natural fit for AIR: play the game from a desktop shortcut, option to save your game locally, no browser baggage. What if a lot of these games turn into AIR apps? Suddenly, instead of online Flash games being relatively safe, they become relatively risky. If users become complacent about passing the AIR install dialog, then all the bad guy needs to do is to create a whizzy game that does a background search of your computer looking for online banking passwords.

The risks will be mitigated if Adobe restricts AIR to signed applications. That’s not the case with the beta:

A further point is that despite the scary dialog, AIR apps are actually tightly locked down from a developer perspective, with no access to native code such as the operating system API, scripts, or native dynamic libraries. While that’s good in one way, it’s arguably the worst of both worlds: not secure (because of full file system access), and not extensible either.

The appearance of the words “System Access: UNRESTRICTED” in the above dialog suggests that Adobe has or is planning a richer security model. If the default were no file I/O, or file I/O isolated to the source domain of the AIR application, that would help considerably. Add compulsory application signing and it would look better still.

I’ll add that I’m most impressed with Paul Robertson’s willingness to enter into this dialog. I wish other software vendors were equally responsive. AIR is in beta so there’s time to fix problems.

If you happen to search on eBay for Microsoft Office, you will likely notice ads like this offering a good value office suite:

Don’t buy it. Just head over to http://www.openoffice.org/ (more than 3 available) and download for free. Nevertheless, it is an amusing example of the free market at work. Go out looking for Microsoft Office, come back with Open Office, and judging by the guy’s 99.8% positive feedback, be content.

I’m surprised that there are enough people out there who can use eBay but not, apparently, Google. The other interesting question is for how long Microsoft can succeed with Office when for many people (not all) the free alternative is more than good enough.

CodeGear has updated its Delphi Roadmap. Newly added is Delphi codename “Commodore”, set for Winter 2008, which is to include native 64-bit development. After that the company is promising to focus on multi-core/multi-threaded development.

What else is coming? Delphi ”Highlander”, due later this year, is a belated update to Delphi .NET, will support .NET 2.0, and has a new .NET database called SQL Datastore (likely some sort of port of JDataStore). No word on WPF or LINQ though – CodeGear is still playing catch-up here.

Delphi “Tiburón”, due next year, will bring another long-requested feature: full Unicode compatibility in the Win32 Delphi language and VCL (Visual Component Library), along with parameterized types. C++Builder “Barracuda” will follow, bringing the same features to C++.

The really interesting stuff comes at the end. CodeGear is “researching” a number of areas includes development for mobile devices, Rich Internet Applications, and cross-compilation to other operating systems. All this is at the “sometime, never” end of the time scale, so don’t get too excited.

All the above will be welcomed by Delphi developers, though I fear most of the potential .NET market has already been ceded to Visual Studio.

It’s not a bad roadmap though. That said, to my mind the most critical issue for CodeGear is quality control. Poor quality is what spoilt the launch of Delphi for PHP earlier this year. I discussed this issue with the new CEO Jim Douglas and EMEA product Director Jason Vokes when I was researching a recent article for The Register, and got the sense that the familiar pressure of having to release product (ready or not) to hit particular financial quarters is still a problem. Still, Delphi 2007 was a smoother launch than Delphi 2006, and that was miles better than Delphi 2005, so leaving aside Delphi for PHP things are improving.

There’s a buzz building about a session at the O’Reilly Tools of Change for Publishing Conference (which looks great, I wish I could have attended) from Manolis Kelaidis on his ”blueBook”. Kelaidis is a designer at the Royal College of Art in London. His idea is to bring electronics to the book, rather than making books virtual. Here is the brief, from his presentation:

• Design a book consisting of sheets of paper with printed buttons (hyperlinks), which when touched allow the user to access and control digital information.
• Information accessed in this way could then be stored either locally (within the book) or remotely (PC, handheld devices, Web, other books).
• The book should have the look-and-feel of a regular book, with flipping pages and conventional binding, while technology should be non-intrusive, portable and robust.
• Manufacturing should be based on traditional bookbinding techniques minimizing complexity and costs.

Using conductive ink and embedded electronics, such a book can include multimedia (play music or video) and live links to web content or interactive discussions, perhaps in conjunction with a wireless-connected PC. Printed words become hyperlinks. The presentation is amazing and thought-provoking. See also Tim O’Reilly’s post on the subject and its comments.

Update: Presentation seems to have been removed; if it reappears I imagine it will do so here.

Technorati tags: blink, oreilly toc, ebooks, publishing.manolis kelaidis

I interviewed Dr D Richard Hipp, the main author of SQLite, for the Guardian Newspaper.

Among the things I found interesting is that he attributes the high reliability of his database engine to the extensive test suite included in the code. I’m not sure whether he practices test-driven development as such, but it is a great case study for the advantages of integrating tests with your code. One of the points he made was that the test suite enables him to replace entire subsystems and be confident that nothing gets broken. By contrast, I have heard of cases where key sections of code in large, old applications is marked “do not touch” because nobody dares to risk the consequences.

I also asked him about the importance of standards in software development. He gave me an answer that somewhat surprised me:

When I coded up SQLite I did not refer to any official SQL standard. I used the PostgreSQL documentation. That was my reference. If you’ve ever picked up a copy of one of the official SQL standards you will find it largely inscrutable. They are next to impossible to make sense of. Even for particular details of syntax you can study it, and they are so vague that you can’t really understand what they mean. So a strategy we’ve used when there’s some question about how something should work is we write a little test script and run it on lots of popular SQL database engines, PostgreSQL, MySQL, Oracle, and try and find a consensus. Then we code to make SQLite work the same as everybody else does. Clearly that’s not the right way to do a standard, but in practice the implementations vary so widely that it’s the only practical thing to do.

Many companies boast about how they respect and observe software standards; sometimes the reality is more pragmatic than you might have thought.

My interview with Microsoft’s XML Architect Jean Paoli back in April was not the first time I had spoken to him. I also talked to him in February 2005. At that time Microsoft had no intention of submitting its Office XML specification to a standards body. I thought it should do so, and asked Paoli why not:

Backward compatibility. We have today 400 million users of Office, which means billions of documents. So we went and did a huge job of documenting electronically all these features and we put that into this WordML format. Well we need to maintain this damn thing, and we need to maintain this big format, we have like 1500 tags. Who is going to maintain that? A standard body? It doesn’t know what is inside of Word. That’s the problem. So we said we are going to give you a license, open and free… [Jean Paoli, February 2005].

Microsoft was forced to change its mind, because important customers (mostly governments) indicated their preference for standardised document formats. The quote remains relevant, because it says a lot about the goals of Office Open XML, which is an evolution of WordML and SpreadsheetML.

While on the subject, I also want to mention Simon Jones’ piece in the August 2007 PC Pro (article not online), perhaps a little one-sided but he does a good job of debunking some of the common objections to OOXML and exposing some of the politics in the standardisation process. He adds:

I’m not saying there aren’t any problems with the ECMA-376 standard. Nor am I saying ODF is bad. I do, however, believe OOXML is technically superior to ODF in many ways, and I want to see both as ISO standards so people can have the choice.

David Berlind reports on a case where 35% of developer time is spent on browser compatibility issues.

It’s a huge problem, though I’m cautious about attaching too much weight to a singe anecdotal report. Of course it’s nothing new. Browser compatibility issues are as old as the Web; it was getting better, until AJAX and a new focus on the web-as-platform meant greater stress on advanced browser features. For that matter, version issues are as old as computing. Yesterday, DLL Hell. Today, web browsers.

What’s the solution? All use the same browser? Not realistic. The browser developers could fix the incompatibilities? It’s happening to some degree, but even if Microsoft came out with a 100% FireFox-compatible IE8 tomorrow, there’s still a big legacy problem. My web site stats for this month:

IE7 24%

IE6 22%

IE5 4%

FireFox 2.x 22%

FireFox 1.x 3%

Opera 3.9%

Safari 2.3%

etc

Interesting that the FireFox folk seem to upgrade more quickly than those on IE – but even so, there are a lot of older browsers still in use. I suspect a lot of those IE6 users are corporates with conservative upgrade policies.

Another idea is to use AJAX libraries that hide the incompatibilities. That makes a lot of sense, though if you stress the libraries you might still find compatibility issues.

Finally, you can bypass the browser and use some other runtime, most likely Java or Flash. Unfortunately this doesn’t remove all version issues, but at least it means you are mainly dealing with one vendor’s evolving platform (Sun or Adobe). Silverlight could help as well, though its “cross-platform” only means Windows or Intel Mac at the moment, which is not broad enough.

This will be an important factor in the RIA (Rich Internet Application) wars.