Action and Reaction

Miguel nails the key threats in XAML/Avalon/whatever: fancy graphics, widgets, and layout; easier XML-based authoring; better “managed code” model for when you have to hack; and a web-like deployment model with sandboxing for security.

The deployment model is a huge advantage over conventional app development. Web browsers and FlashPlayer have benefited from it, even as they’ve been held back by HTML and plugin stagnation. You can see Macromedia trying to escape the “plugin prison” now, and they’ve got a good chance of succeeding, thanks to FlashPlayer’s ubiquity.

The challenge for Mozilla and other open source projects is not to “react to Microsoft”, any more than it is to “react to Macromedia”. MS and MM are reacting to the same fields of force that govern everybody. The prize we seek is a better way to develop common kinds of networked, graphical applications.

People are using web standards to build web apps, and running into limitations in the deployed standards, and speedbumps in the standardization process. Other people are developing desktop apps using, e.g. Glade and GTK+, but wanting web-style deployment and even cross-platform portability. We should make it easy to do advanced, native-looking UI and fancy graphics in a web-like way, and portably.
This doesn’t require building an IDE, although who could object? The best case success story for any open source advanced layout/rendering/GUI-app platform would use the same network effects and low entry cost structure that helped the web explode to 5 billion or so public pages (but without the tag soup this time, please). People should be able to copy and mutate cool content. You should be able to edit by hand, even if the IDE generated the content, and have everything work (maybe your pretty formatting might even be preserved, what a concept!).

To make a difference on the web requires distribution, ideally in the form of support for new standards in all browsers including IE. That’s not going to happen with Mozilla code unless someone makes an Active X plugin out of Gecko, and distributes it widely. Fortunately, we have such a plugin. Distribution will be the hard part. But even without Mozilla, IE6’s behaviors (HTCs) allow a lot of extensibility. What if the minority browsers started incrementally improving HTML, DOM, etc. — and the emulation layer for modern IE were thin enough to download, if necessary?

Another requirement for web-like deployment of rich apps: a sandbox security model that allows trust to be delegated only to critical sections in the app. You shouldn’t trust a big pile of compiled C++ *or* compiled/interpreted JS/JScript/C#. Object signing is not enough — what’s need is a way to minimize the “trusted computing base” extensions, the critical sections in the app that actually need privilege. Also, those sections should automatically downgrade on exit (return from privilege-enabling method, e.g.).

I hope to blog more on these and related topics, as time allows.