Why Sebae? The Internet has become large and diverse. One of the major causes of the success of the Internet is that the technology it is built on was created by technologists - people that love the technology. These people, being academics mostly, kept the technology open and available to everyone. They want all people to be able to learn the details of the technology and make new technology. When the Internet was opened to business, suddenly there was a flood of people who have a different agenda. The purpose of business is to make money. The sharing of knowledge and free technology is often not in the interests of a money making person. Often times the technology created by money makers is of lesser flexiblity than that produced by true technologists. The original HTML data format was elementary and naive. It was certainly not the best possible technology for the application it was designed. But it was basic and open, and it did its job well. HTML 2.0 ironed out a lot of bugs and solved a lot of problems. HTTP is simple and elegant. These two technologies created a powerful network applications platform which is now known as the World Wide Web. This moniker is not exactly accurate because HTML and HTTP really only support languages that may be written with Latin character sets. Support for the complex writing of some of the Asian languages has been shoe-horned into the WWW in a very inelegant fashion. HTML 3.0 is ok. It adds some capabilities that are considered BAD. I'm quite sure they seemed like a good idea at the time. For instance, frames were introduced in HTML 3.0. A lot of things were added to HTML3 and subsequent versions that are not neccessary. They make a few `nifty' features possible, but they add a load of problems and abuses. JavaScript is an interesting programming language in and of itself. It should not be embedded into HTML pages. Web browsers should not export so many capabilities to scripts that run in web pages. JavaScript abuses abound. The most popular web browsers were created by businesses - by people who put money at a higher value that user experience. There is absolutely no reason for popup windows. The latest HTML scripting abuse to proliferate on the Internet is pop-behind ads. They are an abomination and serve only to annoy users. When a user sits down at a computer, he should feel in control - and he should be in control. The user has an expectation of the behavior of each part of the computer, and that expectation should not be violated. When a user clicks on a link and expects the screen to display the referenced page, that is what should happen. It is a violation of user trust for a site to open a new window and clutter the user's interface. If the user wants a new window, he can very easily accomplish this by requesting it from the web browser. When a user closes the browser window, he is explicitly commanding the computer to destroy that browser window. The application shows disrespect to the user if it obeys an HTML script that says `When the user wants to leave this site, bug him by popping up this window.' An application must obey the user no matter what information it is being displayed. An application that displays information from an unknown source must assert its responsibility to obey the user at all times. ---- What I see today is a good technology being stretched to its useful limit. The WWW is comprised of HTML documents that reference other documents. This works great for providing information. Elementary interactivity is present in HTML FORMs. A FORM is an area of an HTML document which the user can interact with. When the user clicks the SUBMIT button, a request for a new document is sent to the server. Embedded in this request is the state of the FORM at the time the user clicked the SUBMIT button. FORM submissions are processed by CGI programs running on the server. The CGI program interprets the data from the request and generates a special response to send back to the client. The most common use of CGI programs is to create a special document which contains information that the user requested. This is how search engines like Google and Yahoo work. Forms are useful for simple user interactions. This includes selecting items from a list and providing textual information. The new information is only displayed when the user clicks the Submit button. This means that there is no way for the server to initiate a change in the information displayed. The server must wait till the user requests a new document. Some applications are forced to poll the server so as to get timely information. In this case, a request is issued every 10 seconds or so for a new HTML document. Polling is wasteful of computer and network resources. When all you have is a hammer, everything begins to look like a nail. As the WWW becomes more popular, businesses employ artists to create their websites. Too often these artists are not assisted by technical people in their projects. They wantexciting HTML pages. They wanted glitter and pizazze. They want capabilities that have only aesthetic value. Enter JavaScript. This scripting language allows HTML authors to add logic to their documents. The web browser interprets this logic to create special effects when displaying the document. JavaScript also creates many more capabilities for user interactivity. JavaScript still can only communicate with the server by issuing requests for new documents. Dynamic applications still require polling. Also the information displayed is limited to precreated text, graphs, and sound. JavaScript adds the nifty-gee-whiz features to HTML that the artists wanted, but it is a hack. It is not a well designed solution for fancy web sites. Web site designers want their sites to do so many things, and JavaScript does not do most of these things. A manipulative business has created an alternative to JavaScript called VBScript. VBScript offers no technical advantages over JavaScript. VBScript was created in an effort to gain dominance in various business markets. This effort seems to be succeeding. Again we see sub-par technology created by corporations for the purpose of making money. ---- Give them what THEY want, not what you want them to have. The Internet has so much potential. Network applications are in their infancy. Website designers want to make websites that are fancy and have excellent aesthetics. Programmers want the flexibility in their applications platform that will allow them to design their network applications in the way that best suits their system. Users want to use a computer and have it behave in the way they expect; they want to get their work done and not be annoyed. Current Internet technology is not giving us this. HTML4 is a complex beast. XHTML is worse. The people that design this shit have money on their agenda - not user experience. New technology is mixing everything up. Microsoft's .NET will encapsulate RPC data in XML fields and exchange it via the HTTP protocol. To a technologist, this scheme is heresy. Every juicy rumor has a seed of truth in it. Microsoft's .NET has a seed of insight, but this seed is rendered insignificant by the mass of dung in which it is embedded. I am making a platform which I hope will give them what they want. I want artists to have the freedom to create sites that live up to their imaginations. I want programmers to have the freedom to choose their tools and techniques. I want the user to use applications and sites with confidence. I want to provide good technology for consumers. ---- Make the site designers happy. The best site designers are artists. They have creative minds and come up with ideas that no programmer could ever conceive. A site designer's workload is in converting these ideas into a computer format that works for the users. An assortment of data formats would be required to support the sites that exist today. Then tomorrow an artist would come up with a new idea that would require a new data format. In order for a data format to be useful, the user's computer requires special logic designed specifically for that data format. It is inefficient to require the user to install that logic into his computer each time a new data format arises. There are automated systems for maintaining support for current file formats, but these systems have numerous problems which make them prohibitive. A viable option is to embed the logic for displaying the data into the site itself. The data would be self-displaying. It would be Active Data. This brings up two major concerns. First is the question of the safety and reliability of the display logic obtained from unknown sources. Second is the computing and network resources required to transfer and interpret the display logic. ---- Making it safe and reliable. The electronic hardware inside a computer operates from instructions stored in the computer's memory. A set of instructions is called a program. Programs that most people are familiar with include Microsoft Word and AOL Instant Messenger. These programs are called applications. Personal Computers all run a main program, called the Operating System. The application programs do not have total control over the computer's hardware; they must communicate with the Operating System. The Operating System sets up what is called a virtual machine for each application. An application's capabilities are determined by the Operating System. Many computer capabilities are denied to the applications. For instance, an application may not read or write data directly to the computer's disk drive. For these privelaged capabilities, the application must communicate with the Operating System and request specific actions. The application makes these requests with a mechanism called an API, that is an Application Programming Interface. This is the interface between the application and the Operating System. Every computer program on your computer runs in a virtual machine and operates by using the Operating System's API. Logic from a site shall run in a virtual machine. The API provided to the virtual machine will be limited so as to prevent the logic from performing undesirable actions on the user's computer. This will allow each artist to choose the appropriate data format for his site. The users will be able to use the site because the logic for displaying the data will be downloaded and run in a virtual machine. The user will not have to worry about the integrity of his computer because the logic will be prevented from mischief. The user also will not have to worry about file formats, plugins, and versions because the appropriate display logic will be provided by the site. The site will display to the user, and the user will have control over the display. The user will be able to destroy the display at any time. The user will be able to dismiss the display and return to it at a later time. Most importantly, it will always be clear to the user what information is from the site. The site's display logic will not be allowed to trick the user into performing actions on his computer. The display of the site will be constrained to a special region of the computer's screen. This constrainment will be explicit to the user. ---- Isn't it wasteful to download display logic for each site? There will be a trade-off. Network resources will be used to download the display logic from each site. Network resources will be saved because the capability of the display logic will eliminate a majority of the waste we see with HTML today. Web sites today often transmit a large portion of identical information for each page viewed. This information includes site layout, scripts, navigation bars, and footers. It is true that CSS allows a site to transfer such information just once. CSS is part of HTML4, which I despise. When the site designer is freed from the encumberance of HTML, he will be free to use more efficient technologies. Downloading display logic from the site will use some resources, but I believe that this increased resource usage will not be prohibitive. Today when people think of `display logic' they envision a web browser plugin like Shockwave, a multi-megabyte download. These plugins must support every version of the data format ever produced. They also must support the complex browser plugin APIs. Often they ship with large program libraries which contain excess and unused logic. In short, the plugins are not optimized for download. They are created to be a single download item. Little or no effort is expended to make them size-efficient. A site's display logic would be optimized for size. It would be written specifically for the virtual machine, and it would be compressed. I believe that with a little effort, display logic will be created such that the added download time will be negligable. ---- Make the programmers happy. HTTP is great for downloading files. It is even ok for submitting form data. But today's network applications and sites have more complex communications needs. The virtual machine I propose will contain a communications API. This API will allow the site's logic to communicate with the server. The communications medium will be a simple two way pipe. This will give the programmers the freedom to choose communications protocols. This will also allow the programmers to create systems that have logic at the server and the client. ---- SSL sucks. Face it. SSL was designed for businesses. Greedy bastards like VeriSign are happy with its crappiness because it maintains their business model. The complexity of SSL serves to limit its flexiblity and keep it from being deployed in situations where VeriSign, et. al., would not make any money. ---- Authentication for everyone. I propose a new data format and communications protocol for use in all computer applications. The system will be a for digital tokens. The data format will define the format of the tokens. The communications protocols will define three actions: 1) the issuance of a token, 2) the verification of a token, and 3) the transferrence of a token. The data format will be textual and consist of lines of textual data terminated by a newline character. The first line will contain the name of the cryptographic hash function, the length of the token, and the cryptographic hash of the token. The token proper will begin on the second line. When the specified hash matches the proper hash of the token, the token is said to be verified. The second line of the token will be a random sequence of characters. It will be of random length and will be terminated by a newline character. The token will contain the name and public key of the issuing entity. The token will contain the name and public key of the recipient entity. The token will also have a line which states the total size of the token. The token will have a data field which may contain any data. This field could be used by application designers to store authorization details, messages, or cryptographic keys. Because the protocol is standardized, this digital object system will allow sites to issue objects to users and accept objects from users. That is, a site will be able to verify the authenticity of the object, and the user will be able to transfer the object to the site for use. Physical tokens would be excellent for use with this system. A user could physically insert his `key' into the computer to provide the credentials in the form of a digital object. ---- Privacy for everyone. The communications between the user's computer and the server will be encrypted. All communications will occur through a single logical network pipe. This pipe will be encrypted. The protocol for negotiating this encryption will be standardized. It will not be complex, like SSL. It will be simpler and similar to SMTP. The negotiation will involve the exchange of public keys and random number initializers. Session keys will then be exchanged, encrypted with the public keys. At that point, the communications channel will become encrypted. All data being sent and received will be encrypted with a stream cipher. The first encrypted data that is sent will be a block of random length consisting of random data. This block will serve to strengthen the encryption of the connection. Proper anonymous communication may be acheived by generating a public/private key pair for each connection. This encryption will slightly increase the required network resources. The required computing resources will increase substantially, but not prohibitively. Modern computer systems are up to the task of encrypting this data. Encrypting the data will greatly enhance the security and privacy of communications. ---- All of these ideas I wish to create in Sebae. -Mike_L Mike Leonhard mike at tamale dot net