Internet Explorer has come under attack in recent weeks not just from malicious coders but also from CERT (the U.S. Computer Emergency Readiness Team) and now, the most devious opponent of all, RSS.
The latest exploits have leveraged IEs ActiveX and Active scripting, and IIS (Internet Information Server) security holes to unleash a wave of keystroke loggers and other malware designed to capture personal and financial data.
CERT has gone so far as to recommend dumping IE in favor of Mozilla, Firefox, Opera or—on the Mac—Safari browsers that are free of IEs dependencies. Alternatively, you can disable ActiveX and Active scripting, with the kind of diminishing results Larry Seltzer reports. And Microsoft is hoping well just put up with patches until Windows XP SP2 rolls around later this summer.
I mention the Mac and Safari because it remains the default free zone—largely free not just of the actual attacks but more importantly of the fear of such attacks. The Mac has prospered in the information economy, with OS Xs suite of system services providing rich support for RSS routers (NetNewsWire), IP videoconferencing (iChatAV) and collaboration tools (SubEthaEdit).
Apple CEO Steve Jobs recent WWDC keynote provided an early look at OS X Tigers extensions of these underlying services, with an RSS-enabled Safari, four-way videoconferencing and 10-way audio conferencing, and a powerful visual scripting tool that will give power users a way to integrate, automate and bootstrap these features. But none of these tools is planned to appear until sometime next year, when the new OS ships.
Then, too, Jobs may have been a bit too ahead of the curve with Safari RSS. The audience reaction was muted, and Jobs demo seemed to suffer from a lack of familiarity with the use case for the technology. As with Sun Microsystems, the first RSS platform efforts seem focused on the developer community proposition. Further, embedding RSS in a read-only container—the browser—is only a half-step forward.
Nonetheless, the Mac remains a critical beachhead for the industry, providing a pool of power users and communicators with enough market clout to maintain an alternative to IEs dominant position.
Web site designs may overwhelmingly favor IE dynamics, but Apple has kept the door ajar for what is becoming a standards-based approach. The recent agreement to develop a plug-in standard across Safari, Opera and Mozilla browsers opens the door even further.
A Little Bit of
Given that there are viable alternatives to IE for consumption of most sites, switching browsers is becoming more acceptable provided that IE remains available for forms-based Web apps, important personal tools such as banking, and multimedia sites common to increased broadband usage. At the height of this weeks paranoia, I ended up using IE on a Mac to pay a traffic fine that wouldnt work on Safari, Firefox or car (my wife lost the ticket).
Switching to Firefox proves reasonably seamless, with nice, quick auto-migration of bookmarks and favorites. But gone is my Google bar, or more strategically, its page-rank meter. Also my Subscribe in NewsGator button, my eSpell button and my Pluck button.
eSpell lets me spell-check my blog posts in the browser and the NewsGator button automatically sniffs out the resident RSS feed on a site. But Pluck, now theres a problem.
Where NewsGator embeds itself in Outlook, Pluck commandeers IE. In effect, its a Safari RSS play a year early, creating a mail client-like, three-pane interface with search, RSS and Web sharing spaces. Plucks business model appears to be a hybrid of Google and Bloglines, a sort of Gmail-for-RSS concoction that depends on a blend of targeted search and community.
Before you go all Dick Cheney on me and suggest I go Pluck myself, let me tell you why a mix of RSS, IE, Google AdSense and social networking makes a lot of sense. First, its free, and free always wins. Next, theres absolutely no reason why advertising wont work in RSS, any more than it didnt work on the Web. As Doc Searls is fond of quoting Don Marti: Information doesnt want to be free; it wants to be $6.95.
Furthermore, customers—or users, if you prefer—want to know just what business model is going to work. As were seeing with the trend to open-source key framework components in the Java space, people are more willing to invest in platforms that have a reasonable chance of surviving, driving innovation and encouraging loosely coupled partnering.
Launching Pluck on IE may be the most counterintuitive—and clever—part of the strategy. Remember the law of disruptive technologies, where timing, combination and community play equal roles in adaptive evolution. The timing: Microsoft has painted itself into a corner with IE, moving all innovative development to Longhorn while fighting a losing battle against security breaches by turning off the very functionality that bought them market share.
The combination: Marrying the browser with persistent storage provides a reasonable subset of NewsGators value proposition while removing Outlooks brain-dead restrictions on browser integration and search dynamics. Separating RSS from e-mail is a feature, not a bug. And the community: 94 percent market share aint all bad, for starters. Plucks OPML (Outline Processor Markup Language) import lets you synchronize your subscription lists today, and your attention.xml metadata tomorrow.
Power of Contracts
But its IE, for heavens sake. Unbreakable? No. Untrustable? Yes. This latest series of exploits is so damaging because it doesnt require any action on the part of the user. No opening an attachment, no virus signature to detect. And the only vehicle for patching the problem is Windows Update, which requires IE to auto-download the fix.
RSS interrupts that cycle of addiction by establishing a contract between customer and service. Subscribing to a feed initiates a relationship, where services are provided in return for attention.
If that trust is violated, the customer unsubscribes. By contrast, e-mail requires no such contract; the receiver does not have control of incoming data. And Web pages typically dont require an understanding of attention, identity or responsibility.
The implied consent of the subscription model offers a framework for parsing responsibility for security, quality of service and other accountable performance factors. As business models emerge that provide useful attention data, publishers can recoup the investment they must make in providing safe, full text content and dynamic advertising data.
It will increasingly pay to port IE-based applications, plug-ins and RSS feeds to the Mozilla, Opera and Safari container. Work is already under way to integrate BEA chief architect Adam Bosworths Alchemy intelligent caching framework with the cross-platform Mozilla. And pressure is building for a synchronization standard to ease switching costs between RSS aggregators.
Still in its early stages, Pluck has its deficiencies: It doesnt expose the full contents of posts in its persistent view, you cant set global preferences for polling feeds or post retention, and theres no way to organize feeds by drag-and-drop.
But just as it was so easy to drag and drop my NewsGator subscription list into Pluck, it will be just as easy to migrate away if Pluck doesnt mature. NewsGators proprietary synchronization of subscriptions and read/unread marks across multiple machines is a great start, but the synchronization standards process will soon engulf attempts by market leaders to lock in their customers.
Plucks Trojan horse strategy underlines the profoundly disruptive nature of the RSS transformation. The synchronization genie, once out of the bottle, will act as an accelerant for RSS client market share as a percentage of overall browser usage. At some point, perhaps as early as Inauguration Day, IE—and the Web—will be subsumed by the RSS platform.