January 30, 2008

Yahoo! OpenID Provider service now available as a public beta

Today, we are launching the public beta of the much-anticipated Yahoo! OpenID Provider service. This means that users with a Yahoo! account - all 248 million of them - will be able to sign in to any website that supports OpenID 2.0, the latest version of the OpenID specification.

In case you are curious, here are the key features of this release:

• Usability - Users will not have to understand the technical details of OpenID simply to use the technology. Thanks to features introduced in the OpenID 2.0 specification, users will not have to type their OpenID URL while signing in to websites. They can simply type yahoo.com in the OpenID textbox or, if the Relying Party website provides it, click a button that takes them to Yahoo!. By not requiring users to understand the meaning of an OpenID URL, we hope that more users will be able to overcome the initial hurdles of using this new echnology. For those of you who want to set up a custom URL, we will provide a way to do so, including the ability to use your Flickr photos page as your OpenID URL.
• User education - We have spent a great deal of time thinking about educating users on the proper use of OpenID and you will see some of these thoughts implemented throughout our service - whether it's an explanation of the benefits of OpenID, our OpenID tour, or messaging on the safe use of OpenID at various locations.
• Anti-phishing measures - We suggest that users of the Yahoo! OpenID service set up and look for their Sign-in Seal to confirm that they are entering their password on a genuine Yahoo! page. A Sign-in Seal is a user-created image or a message that will only appear on genuine Yahoo! pages. We hope to continue working with the OpenID community to combat phishing and provide more secure experiences to users.

We are also actively working on non-US English versions of the service. It is already available for 17 countries and we expect to roll out even more international support in the very near future.

If you'd like to use the Yahoo! OpenID service, feel free to start at Plaxo, Jyte, Pibb, or any other OpenID 2.0-compliant website (this list is growing everyday). Alternatively, visit http://openid.yahoo.com to set up your account for OpenID access. We would love to hear your feedback!

We'd like to take this opportunity to thank the OpenID community for educating us over the past 1 year and helping us make this happen. In particular, we'd like to say "Thank you" to Bill Washburn, Brian Ellin, David Recordon, Dick Hardt, Johannes Ernst, Johnny Bufu, Joseph Smarr, Josh Hoyt, Kaliya Hamlin, Kevin Turner, Larry Drebes, Mike Graves, Scott Kveton, and Simon Willison.

Finally, we would not be here without the efforts of the Yahoo! Membership Platform team. Our special thanks go out to: Aanchal Gupta, Aaron Faupell, Anand Sankaralingam, Arockiasamy Mohanraj, Balaji Narayanan, Dhruv Manek, John Jawed, Michael Partridge, Naveen Agarwal, Nik Bonaddio, Rob Metzgar, Sabari Devadoss, Shrirang Ramachandra Kulkarni, Vish Shetty, Vivian Fernandez, Yu Wang. Thanks also to the all the other Yahoos that supported us in this effort.

We are obviously very excited about what this day means for our users, the OpenID technology, and the web in general. We are just getting
started and we hope to release more OpenID-enabled features in the future.

Shreyas Doshi and Allen Tom
Yahoo! Membership Platform team

Also: Jeremy Zawodny and Allen Tom sat down yesterday to briefly discuss OpenID at Yahoo. Here's the video...

Posted at 9:30 AM | Comments (15) | Permalink

Interview: Simon Willison on OpenID

OpenID expert Simon Willison shared some of his thoughts with Yahoo!'s Christian Heilmann on OpenID and the recent support by Yahoo!.

Hello Simon, it is quite hard to search for OpenID without stumbling over your name. What is it about the topic that fascinates you most?

It's really a combination of things. The first is that OpenID tackles a very real problem which affects everyone using the Web. The second is that it actually does very little - all OpenID really lets you do is "prove" that you own a specific URL, and everything else gets built on top of that one ability. Finally, I like that it's politically neutral - there have been plenty of other attempts at web- wide SSO that have failed because they relied on either a single organisation or a coalition, failing to respect the critical decentralised nature of the web.

What exactly is the problem that OpenID solves and how does it do that?

Fundamentally OpenID is about solving web-scale single sign-on. The number of sites which require users to sign in continues to explode, while those same users suffer from a severe case of sign-up fatigue. The most severe consequence of this is poor password management - users re-use the same password on many different sites, but this dramatically increases the chance that their password will be compromised - if just one of those sites has a security problem all of the user's accounts might be stolen.

With OpenID, user's just need to set one password with their OpenID provider. They can securely use that account to sign in to many different sites, without needing to manage many different passwords. Rather than having dozens of potential attack targets, they need only focus on securing their relationship with one site.

Given that the idea of OpenID has been around for a while it is strange that it hasn't had much mainstream acceptance and coverage. What would you consider the biggest stumbling block in the way of OpenID becoming a mainstream technology.

While OpenID has seen a great deal of take-up on the provider side, there is still a notable dearth of consumers - sites which one can sign in to using an OpenID. Sites have been cautious of adopting OpenID because they don't completely understand the implications of doing so, and are often concerned that being an OpenID consumer means giving up their valuable user database. This is not the case: accepting OpenIDs doesn't mean you stop gathering user details, it just means that you don't need to store a password for every user.

Yahoo! now has started supporting OpenID. What is your opinion of the direction Yahoo! is going with it and is there something you'd like to see improved?

The Yahoo! implementation is very impressive. A major sticking point with OpenID is explaining it to users in terms that they will understand, and it's obvious that Yahoo! have put a great deal of thought in to this problem. The use of an anti-phishing seal is a nice step as well, although I'd love to see more robust phishing protection in the form of Yahoo! toolbar integration in the future. The use of OpenID 2.0's directed identity to improve usability (by allowing user's to enter just "yahoo.com" instead of their full OpenID) is a great step towards making OpenID accessible to a more mainstream audience. I'm concerned that the lack of support for OpenID 1.x may result in confusion when Yahoo! users try to sign in to other sites that have not yet upgraded to OpenID 2.0, but with careful error message design this shouldn't prove too much of a problem.

My personal dream feature would be for every one of my Yahoo! profile pages - on del.ici.ous, Upcoming, Flickr, Yahoo! Answers and more - to work as an OpenID. I'd like this not for authentication purposes but to let me "prove" my ownership of those profiles to other sites - I envisage all sorts of interesting mashups in the future based on users using OpenID to prove who they are on many different services.

Do you think Yahoo!'s move will have an impact on the common attitude towards OpenID? Who else is considering participation?

AOL quietly launched OpenID support last year, but are yet to promote it in any big way. Google have experimented with OpenID support in Blogger but so far haven't publicly shown an interest outside of that product. Microsoft announced a commitment to OpenID early in 2007 but again they have yet to follow up with an actual product launch. I think Yahoo!'s support will be an enormous boost for the adoption OpenID 2.0 and will help put OpenID in general in front of a much wider audience.

Is there any technology that you consider to be obsolete if OpenID sees wider adoption?

I don't really see OpenID as a replacement for existing technologies; it's more of an enhancement. For example, I expect sites to continue to allow users who don't understand or wish to use OpenID to sign up using a regular username and password - there's no reason a user account can't be signed in to using either a password or an OpenID.

Before OpenID become a realistic option, a number of companies created their own proprietary authentication APIs. I would not be surprised to see these slowly phased out in favour of OpenID. It certainly would not make sense to invent new proprietary authentication mechanisms now that OpenID 2.0 is a published specification.

One of the biggest concerns about internet usage is security. Is OpenID safer than other technologies and what are its vulnerabilities? Can I steal someone's identity by getting access to his computer or are there more safeguards in place?

An interesting thing about OpenID is that it doesn't actually dictate how a user should authenticate with their OpenID provider. This has some interesting consequences: it's possible for providers to have very poor security (in fact one already exists that deliberately has no security at all, allowing anyone to use any of the OpenIDs hosted at that service), but other providers are actively competing in providing a more secure service. Personally I would love to see a provider that offers one-time passwords in a disposable booklet, as is the case with some banks.

Phishing remains the number one security concern, although it affects far more than just OpenID . The most promising avenues for protection against phishing involve direct integration with the browser, either as extensions or as features built in to the browser itself. I expect to see a lot of activity in this area over the next year.

What OpenID resources do you typically refer people to?

The official site, http://openid.net/, had an excellent redesign quite recently which made it a much friendlier place for new users to find out about the technology.

See Also

• Interview: Chris Messina on OpenID

Posted at 9:01 AM | Comments (3) | Permalink

Interview: Chris Messina on OpenID

Chris Messina, Citizen-Participant & Open Source Advocate-at-Large, answered some questions from Yahoo!'s Christian Heilmann about OpenID and Yahoo!'s recent announcement.

Hi there Chris! Your twitter network probably suffered the same fate as mine - being bombarded with tweets about OpenID. Care to share what the OpenID fascination is all about?

I've been a believer for quite some time. Tara likes to say that when I see a parade, I jump in front of it. I wouldn't necessarily say that that happened in this case, but I certainly joined in walking alongside the project from very early on. I knew it was going to be big, I could just sense it.

For one thing, the approach was an open source approach, and no one could really claim to own the whole thing, so that was a good thing.

For another, there was a clear value in a protocol like OpenID as previously demonstrated by Passport. The major difference here was that the technology could be implemented in a distributed fashion, creating opportunity and competition where previously there was lockin and a monopolistic situation. The design of OpenID prevents that situation from re-emerging, and gives us a new building block with which to bring about new innovation.

In some senses, this is as big, if not bigger, than the mainstream realization and adoption of AJAX as a tenet of modern web design.

I am a big believer in solutions that solve a problem, rather than coming up with clever solutions to show off. What are the main problems the web suffers from that OpenID could solve?

Well, this is an interesting way to present the question, because OpenID 1.1 was a fairly straightforward solution to asserting, across sites, that the person who just showed up with a URL could actually prove that they had control over the URL. That was about it.

With OpenID 2.0, a lot of complexity was thrown into the mix, and as work on OpenID 3.0 gets underway, it will likely only get more complicated.

But that's only at the protocol level. So your question is actually two questions rolled into one phrasing.

From a human user perspective, OpenID solves a few problems:

1. It asserts that portable identity is important and useful (i.e. for carrying reputation between contexts).
2. It alleviates the burden of remembering countless usernames and passwords across many devices or contexts.
3. It supports the notion of developing multiple personas for each OpenID or for different OpenIDs.

Now, of course, with these basic benefits, it will only matter which actually get adopted in the wild. But, I think that, with these three benefits, many things become possible, and so as the benefits each unfold individually, there will become a greater and greater reason to adopt the technology and begin using OpenID. We're a ways off yet (maybe a couple years) but I think this direction is unavoidable (and heck, a good thing for people!).

Stretch your imagination a bit and imagine me as a non-geek. How would you try to sell me OpenID? What is in it for the common web consumer rather than participator?

Well, I rarely take that approach with technology. Technology that works for people needs to be self-evident, and honestly, OpenID is not -- not yet anyway.

However, in some contexts, OpenID makes absolute sense and demonstrates quantifiable value as in the case of Basecamp. If you use more than one Basecamp site, or any other 37Signals product, there's very clear and compelling value in using OpenID to unify your account logins between these sites. For example, I've had clients set up accounts for me on their Basecamps and have assigned me any of five different usernames! It's a nightmare remembering which is which, especially when I'm on my iPhone and don't have a password manager. Once Basecamp adopted OpenID, I was able to use the same account for all of them, solving the problem for me once and for all.

It's examples like that that should drive OpenID adoption, not any ideological view. I mean yeah, I can see how OpenID is great and I use my OpenID everyday, but I also love 1Password and I think insomuch as people have solved the basic password management problem for themselves, OpenID is yet another account.

Where it becomes compelling, I think, is when people find themselves using more and more internet-enabled devices that *don't* remember their accounts for them. That's when OpenID will suddenly become a mandatory feature.

What are the technical barriers to OpenID?

Well, a lot of people are put off by the size of the libraries. And there are still compatibility issues and documentation needs to be drastically improved. But motivated developers are pretty resilient, and there have been a number of implementations, so I'm less worried about the technical hurdles, which typically can all be overcome.

I'm more worried about 1) generating sufficient user value and 2) improving the basic OpenID user experience. If we don't nail the user experience for OpenID (without sacrificing the benefits of being able to use any OpenID), I think we're going to be hard pressed to convince folks to switch or to take it seriously.

Fortunately, we have momentum now with large providers like Yahoo! coming online, but even their implementations are confusing to bit-literate types like me. If *I* have a hard time with this stuff, I can't imagine that folks who don't care about the technology are going to wade through our mess.

And oh, one more thing. OpenID has to become a first class login citizen... it can't be relegated off to some "geeky no man's land". Of course this demands that we fix the user experience, but by putting it front and center, perhaps there'll be more motivation to take care of the unsightly and inconsistent mess that is OpenID consumption today.

You've recently been at the OpenIDDevCamp and chaired a discussion about openID usability. What were the outcomes? What are the big obstacles in terms of interfaces?

Well, we came up with three classes of OpenID login forms: inline (as in Dopplr), boxed (like in comment forms) and full page (seen in the WordPress plugin and on Moveable Type). From here we'll be developing guidelines for implementing login boxes that conform to best practices extracted from existing real-world implementations.

We also spent a lot of time coming up with all the potential error conditions for the OpenID login dance and will be documenting them soon and providing recommended language for reporting problems to users, and possibly even recommending ways to address common failures. Since OpenID relies on remote websites for logging in, when things go wrong, they can go really wrong. Helping people cope with such problems and get back on track is something that we desperately need to address.

The biggest obstacle for OpenID is going to be enforcing consistency in interfaces. While I'm all for experimentation, when it comes to something like logging in to a website, you shouldn't mess around. Streamlining the look of login boxes is something that really needs some attention and unification. It's not that all login forms need to necessarily look identical, but that standards are needed, and meeting people's expectations is a huge part of that. The more confusion we can save from the login experience, the better. And so providing clear, consistent and usable interfaces is a primary means to that end.

In December you published a wishlist on OpenID and support by Yahoo! was one of the wishes. Have you taken a look at what was done, how do you think we are doing so far and what would you want to see next?

Well, I think it's excellent to see Yahoo! become a provider. That's huge and really gives OpenID a needed push in both its longterm viability and in validating the investment people will make in becoming OpenID consumers. But providing OpenIDs is the easy part; for Yahoo to really earn full credit, it needs to consume OpenIDs, and so I'm hopeful that that will happen in time as well.

So far I'm actually a bit under... or over... whelmed by Yahoo's OpenID implementation. I think the process feels too heavy when compared with getting a regular account, and is sold to the user defensively (especially talking about "geeky stuff", which seems to be dismissive of the value of picking a unique and memorable OpenID).

That said, I'm excited to see a good implementation of directed identity, and if someone only needs to enter "yahoo.com" as their OpenID provider (or click a button), we're getting closer to an ideal user experience.

Next steps I think include working on profile portability and pushing forward the use of microformats and OAuth for secondary data and authorization use cases.

Do you think a big player like Yahoo! supporting OpenID will have an impact? Could it be that there might be a geek retaliation?

I think it has already. I don't think there will be a retaliation, but it certainly would go a long way to avoid one if Yahoo! became an OpenID consumer!

What do you see as the big opportunities a wider-known OpenID would bring us? What is your dream implementation?

Well, my dream is moving towards a "citizen-centric web", where web citizens can come and go to services they choose to use and choose to broker their data to for limited or specific purposes and where they're always in charge.

I see this as restoring the village model of the web, where big and small players compete on a similar level, as opposed to the way things are now, where so many people are locked up in proprietary highrises that it's hard to develop external web services that get any lasting pickup because people are content to stay put in places that are uniform and familiar (like Facebook).

Long term, OpenID and web citizen identity restores balance to the open nature of the web, and provides yet another building block with which to create compelling and useful applications.

As I've said, we have a long way to go, and we're just getting started, but I see a bright future ahead for identity-centric service delivery on the web, where you can be friends with your friends based on *who* they are, not based on which network they're in. And a lot of this stuff is just political and inertia, but with OpenID, I see advances in the state and architecture of web technologies that will keep us busy for the next several years, easily.

Exciting times, exciting times indeed.

See Also

• Interview: Simon WIllison on OpenID

Posted at 9:00 AM | Comments (0) | Permalink

January 25, 2008

Using Yahoo! APIs With the Zend Framework

Interested in taking your mashup to the next level? Toby Somerville has a tutorial on Sitepoint.com which shows how to use the Zend PHP Framework with the Flickr, Yahoo! News, and Audioscrobbler APIs to create an interesting mashup. The Zend Framework has built-in classes to handle many Yahoo! APIs. Like some other PHP frameworks, it offers up an MVC (Model - View - Controller) design approach which typically results in an application that is easier to extend and modify while still maintaining a clean, modular code structure. If performance is critical to your mashup, consider coding in the MVC style without using a dedicated framework package. Our own Rasmus Lerdorf has his take on a no-framework PHP MVC Framework.

Jason Levitt

Posted at 9:20 AM | Comments (1) | Permalink

January 23, 2008

The Art and Science of JavaScript

There is a big problem with JavaScript books: they are either just not sexy or lack in technical detail. For years we've either had the hard-core references or the "teach yourself how to make blinking menus in 24 hours" kind of books on the subject.

This is partly because of the diverse nature of the audience: everybody who works as a web developer is sooner or later asked to write or implement some JavaScript. However not many people are dedicated to really dive into the world's most misunderstood programming language - as Douglas Crockford put it.

Therefore books historically either tried to explain every detail of the language or made sure to give the reader some quick to apply solutions that don't necessarily need much effort on the part of the implementer.

When Sitepoint approached me about the Art and Science of JavaScript I was not only holding a drink (as it was the @media2007 afterparty) but they had just released a CSS book with a similar title. I didn't really want to write another book chapter but they managed to convince me when I saw the lineup of authors for it. A few weeks later we had the topics and the authors nailed down:

• Ara Pehlivanian (an up and coming writer on JavaScript, remember this name - I know it is hard) writes in "fun with tables" about a script that turns an HTML table into a sortable table widget that also allows for dragging columns around.
• I talk about how to create a client-side badge using JSON data from REST APIs without adding extra overhead to the loading time of your site
• Cameron Adams writes about a CANVAS solution for graphs and pie charts
• Michael Mahemoff tells the reader how to debug and profile with Firebug
• Dan Webb opens JavaScript's hood and pokes around in the engine with metaprogramming
• James Edwards shows you how to create an accessible 3D maze with JavaScript and CSS slants
• Simon Willison explains how to create a quick mashup of Google Maps and Flickr

All in all this covers a lot of interesting topics and on the sly tells you about tricks and techniques of JavaScript you might not have known about before. The mix of applying JavaScript to create an effect, access and use APIs, details about the language itself and how to tame it with browser tools is a good one and should speak to both the hard-core JavaScript fans and the people who want to see what the language helps them to achieve and in James' case push the limits of browsers.

One very nice detail is also that the book comes in full colour. You can get all the information you need and download a sample chapter on its information page.

Christian Heilmann

Posted at 11:46 AM | Comments (0) | Permalink

January 17, 2008

OpenID Support at Yahoo!

In case you missed the news (official press release), we announced support (starting at the end of the month) for OpenID 2.0 on both yahoo.com and flickr.com earlier today.

As explained on the What is OpenID page:

OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience.

We've added an OpenID section to the Yahoo! Developer Network that provides more details for anyone wishing to integrated with Yahoo! using OpenID. Included there is a FAQ that covers a few things you may need to know.

We're looking forward to a whole new wave of lightweight personalized applications as adoption of OpenID increases around the Web.

Jeremy Zawodny
Yahoo! Developer Network

Posted at 10:03 AM | Comments (8) | Permalink

MyBlogLog API Launches Invite-Only Beta

You've seen those catchy Recent Reader widgets all over the web, and maybe you've even added your profile and web sites to MyBlogLog.com. Now, the MyBlogLog team is happy to announce that the MyBlogLog API is opening up for an invite-only beta which you can signup for here. You can use the API to retrieve lists of readers, tags, and members of MyBlogLog communities, search for members, get a member's profile data including sites authored, tags, and identities on other sites, and more.

Once your beta invitation is accepted, you'll be able to use the MyBlogLog API Console to test the various API calls. Want to see a sample application? Our own Kent Brewster offers up this tutorial.

Jason Levitt

Posted at 9:00 AM | Comments (2) | Permalink

January 16, 2008

How To Make A Better Music Blog

Remember those old cassette mixtapes you used to pass around with your friends? Blog Remix is a new application from Yahoo!'s Media Innovation Group that lets you mix together blog posts and MP3's from your favorite music blogs and then share them. Part of the challenge in creating this application, according to developer William White, was dealing with the differences in how music blogs syndicate their content. Some music blogs don't expose their MP3's in a consistent fashion -- some don't even provide RSS or ATOM feeds. He suggests a five level classification system to rate a music blog according to how well it shares its music and posts. For music blogs on the cutting edge, he suggests developers use the new hAudio microformat. Read more details in his blog post.

Jason Levitt

Posted at 2:30 PM | Comments (3) | Permalink

Developer Spotlight: Not Just A Number homicide mashup

In YDN Theater this week, we're featuring an interview with Sean Connelly and Katy Newton, creators of the award-winning Not Just A Number homicide mashup produced in partnership with The Oakland Tribune newspaper.

The Oakland Tribune hosts this amazing community-driven service that attempts to humanize the violence occurring on Oakland's streets. There were 127 homicides officially reported in the city of Oakland, California in 2007 and 148 in 2006. The web site serves the victims' families and helps to tell their story which is often lost in the traditional media process.

Sean and Katy built what was initially intended to be a simple crime mashup into a deeply interactive Flash user experience. They leveraged the Yahoo! Maps Flash API and Yahoo! Geocoder.

"We saw how easy it was to integrate the mapping service from Yahoo!. It made more sense coming from a newspaper business where we're always looking to cut corners. And it was so easy. It took me like 5 minutes to get everything in there. It was so simple."

In this short video by Ricky Montalvo and Matt McAlister, you can hear where the idea came from and get some insight into how they built the site.

Posted at 10:58 AM | Comments (2) | Permalink

January 10, 2008

It's Mashup Time In Korea

Developers in Korea are enjoying a four month long series of events that comprise Mashup Contest Korea 2008 (November 2007 - February 2008). At the first major event in late November, the Yahoo! Korea engineering team introduced the Korean AJAX Maps API and geocoding web service, and helped developers with the Flickr API which has had Korean language API documentation and a consumer front-end since last June. Yahoo! Korea also showed off their beautiful consumer maps implementation based on their AJAX Maps API. The event included a vendor expo and a conference. More than 150 developers and hundreds of users visited the Yahoo! booth at the event where many vendors showed off their API efforts (check out more photos from the expo and the conference sessions). Although the winning mashups for Mashup Contest Korea 2008 won't be chosen until February, you can sample last year's winners here which included this Del.icio.us and Y! Search mashup.

Jason Levitt and Jinho Jung

Photo by Jinho Jung

Posted at 11:05 AM | Comments (3) | Permalink

January 8, 2008

Yahoo! Music Launches New Media Player

The second iteration of our browser-based player is coming out in beta today. Here's how it works:

1. Link to MP3s in your web page. These can be anywhere on the web.
2. Add a line of code to insert our Javascript library. We host this, so you just have to point to our URL.
3. Working play buttons appear next to MP3s.

The first iteration of this project, which we released last summer, enabled playback of 30-second samples and tracks from our own music subscription service on the Yahoo! Music web site. It was our own media and our own site. What's new is supporting third party media on third party web pages.

The Flash player that we recently released on next.yahoo.net is a sibling. It has many of the same roots, code, and features and it is maintained by the same team. Although they don't look the same, in a way they are different skins over a single underlying product. Sometimes you need Flash and sometimes you need Javascript, but either way you're playing the page.

The documentation and community home for the project is a public wiki at Wikia. Why use a wiki for documentation? Because documentation and community are two sides of the same coin, and wikis integrate them. Why go outside of Yahoo for such an important part of our project? The goal is to make the developer community healthier by making it truly independent.

Some things that are interesting about the player:

• The interface between your document and our library is unobtrusive Javascript and semantic HTML: even though our library is Javascript internally, the API is HTML.
• The API is fairly rich. You can set the image we use for album art. You can control the playlist sequence. You can tell us the song title. You can operate in strict mode or quirks mode. To learn more, see How To Link on the wiki.
• We're creating a new generation of playlist technology by turning the page into a playlist. Our player knits all the songs in the page together so that they play one after the other. The result is continuous play within the hosting web page.
• This is different from a badge in that we don't provide the content. It doesn't make sense for these to always be tied together.
• It's different from a normal library in that users don't need to install their own copy. This makes it easier for users to adopt, and it allows us to do ongoing maintenance at web speed.
• If you fool around with the player you'll find that you can click through to a Yahoo! search on the song title. This is a simple and unintrusive way to for us to monetize the traffic, and it keeps our business goals aligned with user needs because the search has to be adding value if we want people to use it.

Our design principle is: we eat the complexity so that you don't have to. There's no reason for a user to have to think about syntax for embedding an object. Plain vanilla links to media are all you should need. So I'd say to TechCrunch that we're up to something small and simple.

Links:

• Player homepage on Yahoo! Developer Network
• Mailing list
• Public wiki
• Hack sharing

Posted at 11:31 AM | Comments (36) | Permalink

January 7, 2008

The 7 Habits for Exceptional Performance

In July 2007 I took over the reins from Steve Souders (my former boss, performance co-hort, and someone I greatly respect) as manager of Yahoo!’s Exceptional Performance team. I was humbled and excited about the opportunity to lead Yahoo!’s now worldwide effort on accelerating the user experience and making our products faster, better, and more efficient.

Improvements in web site performance are similar to improvements in energy or fuel efficiency. We make good progress yet we continue to consume more, which reverse the results of our improvements. The net effect is that optimizing performance is an on-going battle. To ring in the New Year, the Exceptional Performance team would like to share our 7 Habits for Exceptional Performance:

1. LOFNO – Look out for number one, that is, your users. Be an advocate for your users. You do control the user experience, so don’t settle for excuses and don’t make excuses. A lot of people shift the blame towards things they don’t control. The truth is that even if it’s slow ads or the framework that’s slowing down your site, chances are there are still things you can do personally to optimize performance for your users. Has every image been optimized? Have you evaluated whether users really use that feature you pushed so hard for? Did you run YSlow? Have you set the right tone and leadership so that others know performance is a top priority for your product? Focus on what you can do, not what you can’t do. Leave no stone unturned.

2. Harvest the low hanging fruit – Find the optimizations that give you the biggest bang for your buck. If your web site has many pages, prioritize the pages. Look first at pages with higher traffic since those are the ones your users visit most. Identify strategic pages, ones that are important for the business. Create a list of performance optimizations and then prioritize that list starting with what will improve performance most. Then prioritize the same list again based on how much effort is required. Remember that removing just one image can often improve the user’s perceived response time by as much as an entire rewrite of the backend. Implement the Rules for High Performance Web Sites (aka YSlow Rules). These rules were identified at Yahoo! as the low hanging fruit for making web sites faster without compromising design or features.

3. Balance features with speed – Exceptional performance is a cross-team discipline. Our performance golden rule tells us that 80-90% of the time a user waits for a page to load is spent on the front-end. This makes the decision about what goes into the product (design, features, etc.) a major chunk of the time a user spends waiting for the components (images, JavaScript, CSS, etc.) to come down the wire. Think Yin and Yang, a constant flux of alternating forces. Designers add visual appealing elements. Product managers add functionally rich features. Engineers add flexible frameworks. All this equates to more time a user waits for your page to load. Remove images, eliminate features, compress components – all that equates to less time a user waits. Faster response time reduces site abandonment and increases usability. Less abandonment and better usability increases page views. And hey, you’ll also have a happier, less frustrated user.

4. Start early and make performance part of the process – Don’t wait until right before your product is about to be launched to discover that your product performs badly. By then, it’ll be too late. Incorporate performance into the product roadmap at design time and requirements gathering. Make performance part of the process early in the development cycle. Run performance tests at every major milestone. Every feature has a performance cost associated with it. Develop a test methodology and measure that cost. If your website requires a login, profile your most-valued users and create test accounts with the features you anticipate them to use. If your most-valued users are on dialup or broadband bandwidth speeds, make sure you run performance tests over these types of bandwidth speeds.

5. Quantify and track results – Let’s face it, we all want recognition for good work. There are lots of things we can do to improve the user’s experience. It’s more rewarding when we can quantify those optimizations. Have a portfolio of tools. Quantify performance so that it matches the experience of your users. Understand the differences between the various methodologies and tools your organization uses. If you don’t see an improvement after implementing an optimization, it could be a bad measurement methodology. There are many tools out there and different tools can show you different results. Make sure you are comparing apples to apples. Each tool has its differences, but together they can provide you a complete picture of how your product performs.

6. Set targets – Once you’ve established a methodology to quantify results, set and agree upon a target. Look at your competitors to help you determine a target. Better yet, look at the performance of pages where your users came from. From a quantitative perspective, two pages might take the same amount of time to load but qualitative research has shown us that users’ perception can vary depending on the performance of pages that load right before. Aim high and set a winning target for you, your team, and more importantly, your users.

7. Ask questions and challenge answers – Even smart people make assumptions or repeat incorrect statements. The best thing you can do is ask lots of questions, challenge answers, and if you have time verify the answers yourself. There’s no such thing as a bad question, but there are bad answers. Ask questions that give you the high-level overview. Ask questions that allow you to probe beneath the surface. Where did the information come from? How old is the data? What method was used to obtain the data? What alternative methods were considered and why weren’t they chosen? What assumptions were made? What were the drawbacks to an approach? If there was more time, what else might you have tried? Ask questions before hastily drawing a conclusion.

8. (Bonus) Run YSlow – YSlow analyzes web pages and tells you why they’re slow. Download today and run YSlow on all the pages you visit!

Happy Optimizing and Happy New Year!

[Tenni Theurer is a Product Optimization Manager and manages Yahoo!’s Exceptional Performance team. Tenni has spoken at several conferences including Web 2.0 Exp, The Ajax Experience, The Rich Web Experience, AJAXWorld, BlogHer, and CSDN-DrDobbs. She also blogs regularly on Yahoo! Developer Network and Yahoo! User Interface Blog.]

Posted at 2:01 PM | Comments (7) | TrackBack | Permalink

Microformats at Yahoo! - A Firefox 3 Opportunity

Microformats are open data formats that some Yahoo! sites support. You can't see them (unless you do a "view source" on a web page), but they're there -- bits of HTML that describe things like contact information (hcard), a review (hreview), an event (hcalendar), or a listing (hlisting). Microformats make data in web pages reuseable since the data is in a standard, canonical, format instead of just a jumble of HTML. Thousands of sites expose their data in Microformats, and that data is available for developers to use. One of the best opportunities for developers to make use of Microformats is in the forthcoming Firefox 3 web browser which features a new global Microformats object and API. The new API makes finding and parsing Microformats trivial and efficient. Although Firefox 3 is still in beta, you can download the latest version here to start working on extensions.

Yahoo's Kelkoo online shopping site is the latest Yahoo! site to use Microformats. Kelkoo uses the hlisting Microformat to expose product information. Kelkoo Product Manager Nicolas Leroy imagines three efficiencies from widespread use of the hlisting Microformat in his blog post:

* Auto-discovery of offers on merchant websites is made trivial by the adoption of hlisting by merchants. Comparison engines can rely on easier and more reliable crawler technologies to retrieve offers.....merchants could even stop pushing feeds to comparison engines -- only a list of URLs or just their domain name might be needed.
* Social shopping: bookmarking of listings is now trivial as structured data can be easily extracted from browsed pages -- no more complex bookmarking tools that ask the end user to identify the product name, the image, etc.
* We can imagine a browser extension (like the Operator plugin for Firefox) that lets users bookmark offers from various sites and call comparison engines to compare prices for similar offers.

If you want to see Microformats in web pages you browse, you can install the Tails Export or Operator Firefox extensions which work in your Firefox 2 web browser. Then you can see the hcalendar, hreview, and hcard support in Yahoo! Local, the hcard support in Flickr, the hcalendar and hcard support in Upcoming.org, the hlisting support on Kelkoo, and the hreview support on Yahoo! Tech. You may also notice other Microformats popping up such as rel-tag and XFN. Look for more Microformats to appear on Yahoo! sites in 2008.

Jason Levitt

Posted at 11:10 AM | Comments (3) | Permalink

January 4, 2008

First-ever PipesCamp held in India

The first PipesCamp unconference was held in India in late December. The event was organized independently by "technopreneurs" Prabhu Subramanaian and Bhasker V Kode, also known as Bosky, and sponsored by their partner Arun Prabhudesai of hover.in.

"It'll be interesting to bring the community together and just see can be hacked up, track work being done , and generally see how yahoo! pipes could churn out some amazing hacks and brilliant applications for bloggers, developers and end-users - at the same.

What: unconference for yahoo! pipes hackers and hobbyists. sessions, workshops and a "hackday" for showcasing pipes.

Why: why not! building a community around the yahoo! pipes enthusiasts, share ways to maximise the power of the utility itself, learn how your favourite pipes are built, show off neat tricks of your own , and spread some "pipes" love to the community."

The event included some presentations and time for collaborative hacking and demos. RL.Narayana of Equvia Webservices gave a presentation about the Mashup Economy:

Several very cool Pipes came out of the event. The first presented was Ego Search, a pipe for finding out how popular you are on the web. Then came Siddharta Govindaraj's MTC Mashup.

"You can type a bus number in the input box on the top and it displays (or tries to display :P) the places visited by the bus on a map.

The raw data comes from the Chennai MTC website (Yes, they have a website). There is a section that gives the stages visited for the bus number that you enter in a form. However, the output is quite a messy bit of HTML, quite a pain to parse through. Luckily, Rabin Vincent has taken this data and put out a much cleaner bus query interface over it."

You can read the play-by-play of the event here. There's also a new Yahoo! Group for past and future PipesCampers and a Flickr photostream of the event.

(via Pipes Blog. Photo by srinieth)

Matt McAlister

Posted at 2:13 PM | Comments (3) | Permalink

January 2, 2008

Developer Spotlight: Reconcile debts with your friends using Short Reckonings

Mikaël Gravé, VP Technology at Webmotion Inc. based in Ottawa, Ontario, built a great little tool for reconciling debts with your friends called Short Reckonings.

"I had the idea of Short Reckonings when I was a student and was often sharing expenses with friends. Having such a tool at the time would have been great but this was before the Web."

Users of Short Reckonings first create an expense sheet and the group of people associated with it. Then they enter each expense, indicating who paid how much for what and for whom. Finally, Short Reckonings calculates the fewest number of payments needed to even the debts back out for each person.

Mikaël uses several YUI components such as DataTable, DataSource and TabView to make a very fluid AJAXy user experience.

"I was conducting some research on Web 2.0 Javascript libraries for my professional needs and I discovered YUI. There are quite a few Web 2.0 libraries out there but I was very impressed by the thorough way YUI was addressing cross-browser issues.

The level of customization of the widgets is excellent, especially with the custom events.

I am also using Firebug and YSlow. Those are two tools that change a developer's life."

Mikaël was born in France and moved to Canada in the late '90's where he co-founded Webmotion. His latest project is a free collaborative Web 2.0 tool called Taskado which also relies heavily on YUI.

Both apps are available in the YDN Gallery.

Matt McAlister

Posted at 4:24 PM | Comments (4) | Permalink