Tuesday, June 22, 2010

A call to open source developers: Let's eliminate ICANN.

In the field of Internet development - ICANN and Network Solutions/Verisign are eyesores. There is a very unhealthy relationship between the two organizations and ICANN holds a monopoly on the Internet as a whole by holding the domain name infrastructure hostage.

On July 1, 2010, a price hike for .COM and .NET domain names will take place (VeriSign is the sole registrar for those TLDs). That means it will cost more to purchase and maintain those type of domain names.

The core problem is the Domain Name System (DNS) as a whole. It was designed in the dark ages of the Internet by a bunch of nerds to map a name to an IP address. It was wholly owned by InterNIC, now known as ICANN through various transactions - or at least that is the best I can explain it in a single sentence. The original Internet (ARPANET) was designed to supposedly be robust in the event of nuclear war and people like it for its supposed anonymity. Basically, the Internet was a United States Department of Defense project and it was robust enough at one time. Now the Internet is mostly commercialized and that means consolidation and therefore no longer capable of withstanding nuclear attack - or so I read somewhere. I digress. However, the United States, in essence, still owns the entire Internet because ICANN has an unhealthy relationship with the Internet as a whole - it is a U.S. "non-profit" organization that works in tandem with the U.S. Department of Commerce, which, in turn, reports directly to the President of the United States.

In other news, if current legislation passes, it will become possible for the President to virtually turn off the Internet for entire countries because everyone relies on DNS to map domain names to IP addresses. If the legislation passes, the President could turn off an entire country if there are enough "loopholes": Tell ICANN to delete/suspend root server DNS entries of every business and government website in the target country. ICANN could potentially have no recourse and therefore it would be "goodbye [country name goes here], nice knowing you". Not that it would ever happen. If it did happen, there would be a massive backlash, someone would deface the whitehouse.gov website, and a lot of backpedaling would take place.

Anyway...back to the actual topic.

In essence, purchasing a domain name is simply renting a sequence of human-readable letters, numbers, hyphens, and '.'s. You can never truly "own" the domain. But, more importantly, DNS is a creaky mess and rather poorly designed. Very few people truly understand how DNS operates, myself included, but this much I do know: There should not be one single organization dictating who owns what domain. But it really is much simpler than that: There should not even be a domain name system at all.

The purpose of DNS was to apply hierarchical, human-readable labels to an IP address. While it worked fairly well for a while, it has become a disaster. There are a whole slew of "record types" (A, CNAME, MX, SPF, DomainKeys, etc.) that are more confusing than useful. And .com, .net, .org, .co.uk, .xyz, .yourmom, www., etc. are increasingly meaningless and confuse most users. And, with ICANN's mandated DNSSEC extensions (which includes more "record types") being rolled out next month as well, there will potentially be a lot of broken infrastructure.

Here is what I want to see happen: Throw out DNS in favor of a cloud-based approach. Surely some of the technology surrounding the latest cloud-based computing initiatives can be applied to the basic underpinnings of the Internet. It would free the Internet from the tyranny of ICANN and every domain name registrar on the planet in the process. Registrars are expensive and greedy!

One of the things I also want to see go away is all the '.' nonsense. We need to stop thinking in terms of '.com'. It is only required because ICANN says so and they are constantly putting out new TLD extensions, which means defending a brand via the domain name system alone is nearly impossible unless you have millions of dollars burning a hole in your pocket. Most businesses know exactly what I mean.

Also, WHOIS needs to vanish. Under ICANN, correct WHOIS information is a requirement. Most people (mostly individuals) who register a domain do not realize that their personal information is being published to a publicly searchable, indexable database. Name, address, phone number, e-mail address. They might as well publish the person's social security number, a few bank accounts, and several credit cards in the process. Services have cropped up to replace public information and "privatize" it with other information. However, under ICANN rules, doing this effectively makes those companies have ownership of the domain! Plus you have to pay them extra beyond the cost of the domain. So you are paying someone else to own your domain for you so your information that should have been private in the first place is actually private...which doesn't make ANY sense. Public information in WHOIS is used by spammers, telemarketers, creepy stalkers, former employers, and competitors to harass and spy on both individuals and businesses. And who knows what governments do with the information! This invasion of privacy is completely unacceptable. On top of that, incorrect WHOIS information is grounds for letting someone else take your domain name. Wikipedia tries to give WHOIS a positive spin by saying that law enforcement benefits from this invasion of privacy. Great - so what is MY benefit?

I said before that the DNS system is old and crusty. So old in fact that it can't handle Unicode natively. Internationalization of domain names is done via a horrible hack known as Punycode. The hack takes the limited 37 allowed characters (a-z, 0-9, and the hyphen) in a domain name label and maps them to Unicode characters. On top of this, each domain name label is limited to 63 characters and the full domain name can't be longer than 253 characters. When you start talking international Unicode mappings, the 63 character limit starts to look more like 15 characters.

There needs to be a completely new system built that doesn't rely on ICANN, Network Solutions/Verisign or any other registrar, eliminates WHOIS, takes into account the fact that the Internet is international in nature, and that search engines are the primary means for finding most things these days. This is a task that some smart and creative open source software developers can take on.

Also, there needs to be a way for search engines to hook into this system to get a live feed of data. That would be a huge improvement over the scraping and crawling nature of the web. Google has made great strides in this regard with Sitemaps but I'd rather see this information being pushed to search engines instead of pulled. Pulling information is slow and error-prone. Pushed information can be formalized and result in live and/or near-immediate updates.

Also, this system needs to take into account internal networks, VPNs, and NATs. Maybe improve on the concepts somehow in a sort of Tor network/SSH tunnel way of doing things.

Being able to also declare temporary (optionally secured) resources on a network would be a great improvement over DNS. For example, if you want to send a 100MB file to someone - how do you do that now? E-mail? FTP?

As to the actual programming and implementation of this system, a Distributed Hash Table (DHT) approach would be a pretty good starting point. Obviously, since DNS has been around for a really long time, it will have the initial edge in terms of efficiency. However, if anything, Google has proven that cloud-based architectures are incredibly efficient and perhaps more than DNS is or ever will be. So a DHT or something similar has a pretty good chance of working rather well. Computers are staying mostly on these days, so there would be a massive network of nodes.

By the way, if this post doesn't seem well-thought-out, it is just a jumble of ideas that I want to get out there. Hopefully someone can take these ideas and create a legitimate open source product out of them. Everyone who owns a domain thinks that domains are expensive and that DNS is very confusing. DNS, ICANN, registrars, and the whole mess are in need of obsolescence. We need something better. Thankfully, search engines are already working toward making that possible.

Oh - and while you are at it creating this replacement system, feel free to obsolete the IETF in the process. They make spammers possible by ignoring the problem that SMTP represents. Redesigning the entire Internet infrastructure to handle future needs seems like something that the open source community could handle quite admirably and do better than formal organizations seem to be able to do.

Monday, June 21, 2010

What I've been doing for the past year...making a CMS.

Over the past year, I have, ever so slowly, been dropping off the radar of my usual stomping grounds. Basically, I've spent the past year positioning myself in the industry to stay relevant and gear up for the next decade of software development.

Where is the software industry headed? Simply put, we are headed to a very mobile realm. What exactly that will look like is anyone's guess. What fascinates and intrigues me is always-on Internet in the palm of my hand. THAT, to me, is mobile. The problem we currently face in the mobile arena is that no one is making a device I want to program for. I willingly program in two languages: C/C++ and PHP. Since no one makes a multitouch device that I can write plain ol' C/C++ for (yet), I'm left with PHP.

To that end, I've started down a rather interesting path: This past year, I wrote my own Content Management System (CMS). For the past few years I've experimented with all sorts of lame-brained product ideas (some more successful than others). This new CMS, however, is the game-changer I've been hunting for. I'm at the top of my game when I get to do things that are new and exciting that I'm actually interested in.

Without further ado, here is the website for a new open source product called Barebones CMS:

http://barebonecms.com/

Barebones CMS was born from talking and listening to people in the web design and development industry. I generalized each complaint, grouped them together with my own personal pet peeves in web development, and organized my thoughts on what a CMS should look like. I only wanted to write this software product one time, never requiring a major rewrite. The time spent upfront gleaning information was absolutely invaluable.

There was a secondary goal during this process: I was also waiting for enough stable third-party components to come into existence such that my life would be made easier. Barebones CMS relies on several bleeding edge components to get the job done. Three to four years ago, Barebones CMS would have been impossible. Only last year did the final pieces fall into place. There are some pretty obscure components involved.

One of the key goals that became apparent during my listening phase was that equal treatment needed to be given to programmers and web designers. I like to hand-code my websites as do many other people I know. This brought me to the realization that Barebones CMS needs to cater to three different and unique groups of people: Programmers, web designers, and content editors. Microsoft caters and shows love to developers, developers, developers, developers. That formula works really well for them. So, Barebones CMS caters to each group with a unique default widget: Programmers get the Code Widget, web designers get the Layout Widget, and content editors get the Content Widget. Each widget is incredibly unique and accomplishes the tasks of each group's needs.

I quickly realized that I was developing this product for a team environment. Each person has different talents they bring to the table and has different needs as a result. However, each person needs to be able to interact well with the other team members and I ended up deciding I wanted to make Barebones CMS a supporting tool in that team environment rather than creating my own team environment. What I mean is that instead of forcing developers to take a specific approach to developing a website, I made almost every feature of the Barebones CMS completely optional. This leaves the door wide open to developing a site in an infinite number of ways. Teams will feel right at home in Barebones CMS because they don't have to change how they do things if they don't want to.

I also wanted the core features of the product to not get in the way of creating and maintaining a website. For example, I've discovered the frustration of caching systems that tend to get in the way of developing a website. I made it a very specific goal to never have the caching system get in the way or any other system for that matter.

Finally, I spent almost three months carefully documenting each aspect of the Barebones CMS - attempting to make the documentation easy to understand for everyone. During the documentation process, I found numerous annoyances in the product itself that I fixed. When all was said and done, I had gone through 21 release candidates before releasing Barebones CMS 1.0. That is not a typo. Twenty-one release candidates. Most of the issues were annoyances - a few of the fixes resulted in new bugs that got squashed shortly after they were introduced.

If I had to summarize Barebones CMS and compare it against some other professional product, it would be this:

- Barebones CMS is Dreamweaver in your web browser.

However, I prefer not to make such comparisons. Please don't quote me on that :)

How does Barebones CMS relate to the future mobile development? Well, Barebones CMS is a website creation and editing tool inside a browser. With Barebones CMS, it is entirely possible to develop an entire website on a mobile device. Not that you would necessarily want to do that on a mobile device. It is possible though. And possibilities are the drive behind innovation and are what push us forward. The reality though is that mobile platforms have a long way to go yet.

Barebones CMS is a serious, professional, and ambitious project. It is professionally developed and produced, is heavily tested, everyone who has followed my efforts on this project absolutely loves it, and it meets and exceeds what I expect from a CMS. I personally find it an absolute joy to use. Plus I get to eat ice cream and homemade pie tomorrow at a celebration launch party for the Barebones CMS. I'm completely psyched about that. (I still have to make the pies though.)

There are so many more things I could say about Barebones CMS but, since I spent a year on this project, the least you can do is visit the Barebones CMS website. There is a ton of introductory material I haven't even covered here. I really just wanted this post to be a rationale on why I vanished for a year. If you look at my posts over the past year, you can see Barebones CMS in those posts. Anyway, go visit the Barebones CMS website.

One last thing: Barebones CMS is just a tool. My hope is that you will add Barebones CMS to your collection of tools for creating websites and that you will always use the right tool for the job.