If you haven’t been following Ted Nelson on YouTube, you’re missing out. Recently, he’s been posting a series of informational videos on the Xanadu architecture and concepts. Even more recently, he hosted a live Q&A session, taking questions from Twitter.
What’s Xanadu, you ask? It’s the original concept for a hypertext system, designed well before the web was a gleam in Tim BL’s eye. Nelson himself coined the term ‘hypertext’. It can be hard to wrap your head around a hypertext system not based on markup or HTML. For a brief technical overview, check out this article, now nearly a decade old.
One of the biggest points of contention between the “current web” and Xanadu is the de-facto security restrictions (such that they are) on browsers with the Same Origin policy. With several loopholes, once your browser loads a page from xyzzy.com, other content, excluding images and other things, have to be loaded from the same site. [Yes, it’s possible, via preflights, to get around this, but the kind of per-site configuration needed flies against the notion of a global “docuverse”.] In contrast, the central construct of Xanadu is that documents consist of a central list of chunks of content and links to load.
Because we’ve lived in a web-wide-world for so long, it’s hard to think clearly about this alternate reality. What role would something like JavaScript play in a Xanadu-docuverse? I haven’t been able to find any detailed studies about how security design on a web-scale Xanadu deployment. What would be the nearest equivalents to cookies or webapps? To web forms (or dare I say, XForms)? To untrusted content surreptitiously leaking personal information? To CSRF attacks? To the OWASP security checklist?
It seems like Xanadu wants to consist of purely documents, and is less friendly toward other media types, and outright hostile to what we today call webapp technology. This makes for a clean and elegant design, but I can’t help wonder whether it’s also a factor in the takeover of one-ended “jumplinks” as seen in HTML, and the mountain of web architecture that came along with it.
My gut says that not all hope is lost. Large chunks of web technology, including HTTP, could be hugely useful in a global docuverse. One way or another, the browser ship has sailed, so it would have to work with modern web browsers. So what can we do about the Same-origin problem? How can we design a docuverse on top of today’s web? -m
P.S. I still have the same question from the earlier article:
“Our enfilade data structures and methods effectively refute Donald Knuth’s list of desirable features that he says you can’t have all at once (in his book Fundamental Algorithms: Sorting and Searching)â€. I’m curious if anyone knows more about this, or if Knuth ever got to know enough details to verify that claim, or revise his.
Maybe Ted will comment about this on YouTube.
P.S.2. Xanadu is a registered trademark, here used for specific identifying purpose.