“OMG, I’m a server!”: widgets and the exciting future of mobiles

I’ve been doing my fair share of traveling lately. I went to the W3C TPAC in Boston, which was great, and I just got back from vacation in Tropical North Queensland (Port Douglas) a few days ago. I went whitewater rafting, and snorkeling in the (sadly dyingGreat Barrier Reef, got to swim with a turtle, and some sharks.

While I was in Boston for the TPAC, I bought myself an IPod touch and a Nokia N95. The first thing I did when I got my iPod was to jail break it. I have to say, the iPod touch is simply awesome… however, I wont go into a rant because I don’t want to expose myself too much as an Apple fanboy:) The first thing that struck me as I was navigating the list of apps to install on the jail broken iPhone was the availability of the Apache Web Server and PHP. When I saw that, I instantly thought “OMG! this changes everything: I am a server!”. Sure enough, I installed them and they worked. I got my friends from Australia to log onto my IPod – very cool! It was only a few weeks later that I heard that Nokia was also going to release a phone with Apache, PHP, and MySQL (APM) which I’m keen to try out on my N95. I think this is a significant development while we wait for the standardization and eventual implementation of HTML5 (which will provide similar functionality).

Putting aside all security and privacy concerns for a minute, I think the idea of everyone now being a web server is a very exciting and disruptive innovation. Imagine a widgets ecosystem that intertwines phones and desktops and integrate ideas from social networking and the unique aspects of the mobile in a single container (widgets).

I don’t know what Nokia is going to do with their APM phones (and I am sure that Apple Iphone/IPod and Google Android will both feature web servers really soon), but here is a simple future scenario: I buy a new phone with the APM capability. When I connect the phone to the internet, people can access the phone via its IP address (which kinda sucks, but fixable… more on this later). Pre-installed with the phone is a widget engine, which allows the user to either manually install widgets or use pre-installed widgets. The widget engine provides an admin interface, accessible only via, say, “http://widgetengine/” or something, which allows me to add/customize/remove widgets. Widgets in this contexts are little PHP apps, packaged to conform with the widgets 1.0 spec. Lets says the default widget that ships with the phone is a Nokia-build one that shows some info about the phone, and generates a photo gallery of the pictures stored on the device.  Although impressive, is not really of much use to me because everyone I care about is on Facebook ( or some OpenSocial network).

Given that the phone has a widget engine that runs on top of the server, a developer could create a Facebook widget that gathers all the phone numbers and details from my facebook friends list and packages them into a widgets. When the widget is installed, all those phone numbers and details get stored into the MySQL database. I can then ask the widget to either SMS or simply message, via Facebook, all the preferred contacts to let them know that my phone server is up. Better still, the widget, via PHP, can monitor the phone to see when it is assigned an IP address, and automatically connect to Facebook to let my contacts know that I am online. From there, my contacts can check out, for example, photos that I have just taken on my phone or other things the widget may allow viewers to do.

The things that I would want to share as a user (my profile: things that define me publicly as an individual and associate me as part of a group) and some simple app ideas:

  • My location (exact (gps) or derived (eg. brisbane) or abstract (eg. the office))
    • Apps: Where am I now? Where I’ve been (recently, travelling, etc)? What exercise path did I take (and times, calories burnt)?
  • My pictures (sortable, in sets, searchable)
    • Apps: my picture gallery; my picture gallery and with pictures taken from similar location (eg. mix locally stored pictures with flickr)
  • My music (what I’ve got on my device, what I am listening to right now)
    • App: my music and music people around me are listening to?
  • My details (maybe my social wants and needs. link to my blog online)
    • App: a dating widget? Syndication of my blog combined with my locally stored pictures?

The effect of these apps is very interesting because it means that I can bypass services such as flickr, or I can integrate both flickr and my phone. I can also merge the means of communication with my contacts, via SMS or the web.

These applications require additional infrastructure to connect me to other users:

  • Global peer-to-peer infrastructure: when my phone connects to the internet, I want my contacts to know about it!
  • Local peer-to-peer infrastructure: when my phone connects to the internet in this place, let those near me know: eg, for playing location-based games, or other multiplayer games; or, for example, for letting people know at this place that I’ve arrived.

This also requires a place where phone widgets are distributed by developers and scrutinized by the community for security and quality.

The future looks pretty nice if AMP enabled phones and services take off…. and if the security and privacy issues are handled with care.

Widgets 1.0 (v2)

Today the W3C published the Second Public Working Draft of the Widgets 1.0 Specification. It’s been nearly a year since we published the first public working draft (11 Nov, 2006) and much has changed and been added to the spec (…and it still has a long long way to go yet before it will be finished!). The most notable addition to this version of the spec are in the attempt to standardize a subset of the Zip specification and support for digital signatures using XML Digital Signatures. Unfortunately, a lot of exciting things that are under discussion by those participating in the standardization effort have not made it into this latest draft. For example, we are still trying to work out a nice model for automatic updates, but we should have something drafted up fairly soon.

The main problem I’ve been working on over the last two months is trying to specify a subset of Zip that should be used by widgets. My goal has been to define a subset that is interoperable across all platforms and devices in such a way that it also ensures longevity. As you might imagine, this has proven to be quite a challenge…

The issues with Zip

The Zip file format is what is commonly referred to as a de facto standard: it is not formally specified by any standards body, but of it is so widely implemented that it is interoperable across OSs and devices. This seems great on the surface, but when you try to standardize it, it becomes quite a nightmare. The main issues are these:

  • There are competing Zip specifications and there are many versions of each of the Zip specifications.
  • Different version of the Zip specification are implemented across different platforms and OSs.
  • There are many features in Zip that are desirable (eg. UTF-8 support), but are not widely implemented.
  • Zip is not an “open standard”, it is the property of PKWARE.
  • Zip is periodically updated and PKWARE does not provide any links to previous versions of their specs.

Competing Zip specifications

There are essentially two Zip Specifications that applications make use of: the “official” PKWARE Zip Application Notes and the “unofficial”Info-Zip Application Notes (mostly on Unix). The unofficial notes basically take whatever PKWARE has officially published, and gets modified, or otherwise clarified, by the guys at Info-Zip. In this sense, much of what one finds in the Info-Zip specs is identical to the PKWARE Zip spec. But, because PKWARE actually maintains the official spec, the PKWARE spec is always more up-to-data than what Info-Zip has on its website (for instance, the latests version of Info-zip covers version 6.2.0 of the official Zip spec (26 April 2004); the latest version of Zip is version 6.3.2 which came out in September 2007!, so InfoZip is three years behind PKWARE!).

Problem: Info-zip contains details that pertain to how info-zip works and may not be compatible/interoperable with the PKZip Spec. For example, Info-zip contains details about how to handle Unix permissions, while PKWARE’s Zip spec does not. This might not make the file formats incompatible, but it does make them physically different. You can try this out yourself: zip up a file using Info-Zip’s zip implementation and then zip up the same file using Windows’ Compressed Folders. The results will be different, but you should still be able to decompress the Info-Zip file using Windows’ native Zip implementation.

Different version of the Zip specification are implemented across different platforms, OSs, Specs

Another significant issue form a standardization perspective is that packaging formats are making use of either some Info-Zip spec or some PWARE spec. Significant examples include:

Java/JAR (including WAR and EAR) :
Info-ZIP Application Note 19970311
Open Document Format (ODF):
Info-ZIP Application Note 19970311
Open Office XML – Open Packaging Convention (OOXML-OPC):
PKWARE Zip Application Note (version 6.2.1), but with a bunch of clarifications.
OEBPS Container Format 1.0:
PKWARE Zip Application Note (no explicit version, but at least version 2.0 needed to extract and version 4.5 needed to extract Zip64).

I still have little idea as to what version of the Zip specification is actually implemented on each OS, let alone on mobile devices (information that seems to be quite difficult to come by!). As a result, and after some discussion with Jon Ferraiolo of IBM, I decided to base the Widget Spec on the OEBPS-OCF’s conformance requirements for Zip packages. I was tempted to make the widgets specification conform to the OOXML-OPC spec (put away your tomatoes!) because, in my opinion, the container aspects and conformance requirements are well specified (even if the rest of OOXML is “evil”).

Desirable features in Zip (6.3.2)

There are a number of really cool features in Zip that would make specifying a container format for widgets much better. They include:

  • Strong Encryption (using x.509 digital certificates): basically solves the digital signature problem, I think.
  • UTF-8 support: solves a significant part of the internationalization problem.
  • Zip64: future proofing.

To require widget engines to actually support these features puts a fair bit of strain on makers of widget engines. At this point, we have required that implementers support UTF-8 and Zip64.

Zip is not an open standard

The fact that Zip is proprietary might be something that comes back to bite us on the ass. I’m no lawyer, but there of patents/IPR issues surrounding Zip. I’m also not sure about how PKWARE will feel about WAF specifying a subset of their specification. I’ve emailed PKWARE and informed them of what we are doing and requested that they review the spec. They have responded and said that they will look into it.

Where to from here…

Looking forward, I’d really like to get all the physical and logical packaging stuff done. That includes:

  • Anything Zip related
  • The inter-package addressing model
  • How to handle decompression
  • How to name files in ASCII and UT-8

I’d also really like to nail down the auto-updates model and make sure that the manifest language we are specifying is covers all the common use cases. The security model is the elephant in the room :) No one wants to touch it at this point; but we know its a massive issue. Another massive issue is the APIs… but that’s not something I want to get into now. A big issue for me is internationalization. I’ve been blocked a number of times when I’ve proposed doing internationalization using folders… every widget engine except Opera does it, so I think we should do it too.