OSCON 2008

I've been going to these for several years now, and it's great to see that each conference is better than the last - the sessions are more interesting, and the expo hall has more - and more interesting - vendors.

Evan Henshaw-Plath and Kellan Elliott-McCrea gave a very thought-provoking - and entertaining - presentation offering a way to provide subscription updates when RSS becomes untenable. Kellan gave an eye-opening example: on 7/21/08, FriendFeed requested RSS updates from Flickr almost 3 million times! That alone caused the audience to laugh. But then he said that these requests were for updates of only 46,000 Flickr users, and only 6700 of them had logged onto Flickr in the past 24 hours! And he hadn't gone one step further - only a subset of those 6700 actually uploaded new pictures! That's so head-slapping that I have to state it once again - 3 million update requests for less than 6700 updates! So is there a better way? Evan and Kellan's idea is to use the Jabber XMPP protocol. The client (in this case FriendFeed) opens a connection with the server (in this case Flickr) and tells the server what updates it wants (in this case the web pages of the 46,000 users). The server then communicates updates to the client when one of those web pages is updated. Much more efficient than RSS. Check out their slides - they are entertaining as well as informative.

Dave O'Flynn gave an interesting presentation about Atlassian's attempt to define a generic set of api's for authentication and authorization. A couple months ago Atlassian realized that its separate solution for each product was becoming more and more burdensome. Rather than creating a solution for them alone, they decided that a public, open specification would be good for the whole industry. With a generic api, the back-end implementation could be swapped out without breaking the client applications. Several people in the audience were skeptical, mentioning that alternatives already exist, such as OpenID, Higgins and OAuth. Dave's response was that the current options are either incomplete or too difficult to use; and that, under the covers, implementations can use those utilities if you want - the api's would simply hide a lot of the complexity. It's a good idea that, if it comes to fruition, could make application development easier within organizations by leading them to the development of common authorization/authentication utilities.

John Ferraiolo gave a hopeful presentation on the OpenAjax Alliance, and its work to create a standard for Ajax frameworks and widgets (allowing them to coexist and interoperate) and a framework that enables widgets from different domains to communicate with each other on a single page. It's a great idea - as he said, right now we're building a tower of Babel. I've already seen how frustrating it can be to not be able to use multiple Ajax frameworks simultaneously, so I applaud their work. And I look forward to seeing how valuable multi-domain mashups become.

On the Expo floor, I talked with Yahoo about Zimbra. Yahoo is providing a valuable service in offering a compelling alternative to Exchange and Outlook for the enterprise space (competition is always good). My initial concern was about committing to this given Microsoft's interest in acquiring Yahoo. I'm sure Microsoft would love nothing more than to kill this product. It is open source, so Microsoft can't kill it outright; but if it acquires Yahoo, it could kill Yahoo's commercial licensing and support. The Yahoo representative I spoke to believes that Zimbra customers would be so up in arms that they would force Microsoft to continue supporting it. For example, Comcast is licensing Zimbra for its millions of customers. Angering customers so large would be a risky move, but Microsoft doesn't seem to mind making risky moves sometimes. Even so, my belief is that, even if Microsoft were to acquire Yahoo and kill Zimbra support, another organization would immediately offer Zimbra support. I have one recommendation for Yahoo - if a Microsoft acquisition ever gets to the point of seeming imminent, Yahoo should open source the closed-source, value-added functionality of its commercial offering.

I had also hoped to learn more about Yahoo's plan to make IndexTools freely available. The Yahooites I spoke with today didn't know anything about this. Hopefully I'll be able to find out more tomorrow.