Open source software security

ablog_Why Mashups Aren't Cooler than PB&J

30 November -0001
Mash ups are the latest cause celebre on the internet (now that corporate blogs have cooled off) and I have to say, as a developer I'm not impressed. Now, I'll admit that I'm notorious for having negative reactions as a knee jerk response, but I think "mashups" are just another facade in the internet hype cycle. Of course, it's easy for me to be negative about any new, unproven technology, but mashups aren't anything new. Mashups are derived out of a long and less than illustrious heritage that includes portals, SOAP and remote XML. At its core a mashup is nothing more than a refactoring of remotely available data. Of course, this is why the mavens point to mashups as the next big thing. They're taking data from all corners of the web and combining it in new and interesting ways! The problem is though, that the data is volatile. It doesn't belong to the mashup developer and the developer has absolutely no control over delivery, reliability, or quality. Basically the reliability of your application falls to somewhere around zero percent with a mashup. The developer creates a portal that accesses data with no assurance of the data's availability. Mashups look great, and I've seen some really cool ones, but when it comes down to it mashups only succeed in one scenario. That scenario is when an organization uses a mashup to refactor or present their own data in clever or unique new ways. When Google combines Google News with Google Earth and Google Financial data you can find some really interesting things, and while you can call this a "mashup" it's really nothing more than Google putting a new skin on data analysis from their own archives. This "mashup" works because Google can ensure availability and data quality, but if Joe Coder does his own mashup with information from four or five different sources, all it takes is one change in the Google Maps API or the data feed from Craigs List and the whole thing falls apart. Basically mashups are transitory blips on the internet radar screen. They're only as cool and relevant as the sources of the data allow them to be, and without any assurance that the data source will remain consistent there's no way to insure the mashup will function from one request to the next. Ultimately I think mashups are a travesty because in the end they don't highlight anything but the data sources. You have a bunch of really gifted coders coming up with interesting data abstractions that serve as advertising for the underlying data providers and nothing else. Think about it, if you create an awesome mashup that utilizes data from a source so well that you start siphoning traffic from that source how long do you think the source's API will remain static? Mashups, by their nature, are relegated to effectiveness that can never exceed curiosity because the "open" data that they rely on really isn't open at all. It's proprietary data that content owners have developed an open API for to generate new buzz about their product, and developers are happily lining up to jump on the "mashup" bandwagon and make neat looking toy site that in the end is just free advertising.