李保存

概述

Taobao Open Platform(TOP)，淘宝开放平台，是淘宝将一些（不是全部）数据（店铺，商品等）通过编程接口开放给开发者。说简单点是这样，一般我们大家都是在网页里面点点点，来装修店铺，买卖东西的，是人肉通过鼠标和键盘完成的。TOP API，可以帮助大家用程序来完成同样的事情。

目标

该文主要回答一下几个问题：

1) 淘宝为什么开放平台？对于开发者意味着什么？

2) 开放了些什么东东？

3) 如何写一个简单的基于开放平台应用？

淘宝开放的缘由

Taobao经过几年的发展，已经成为国内X2C的头块品牌。它发起并完善了广大的网商，用户，以及与之相关的支付，物流，信用等系统。现在基本无人不淘宝。我的一位同事，所有的东西基本上都在taobao上买，还有一位朋友一大爱好就是周末在taobao上买东西。

但淘宝已经差不多到了不得不开放的地步。在内部，大的卖家渴望走出去，店主渴望以某种方式在300w个网店中脱颖而出，各种购买方式层出不穷，团购、限时拍卖等；在外部，社区、sns、购物搜索已经开始直接或间接涉足X2C市场。面对这么多元化的需求，淘宝自己去满足，肯定会力不从心；视而不见，那会引起积怨，累计到一定程度，必然有后来者取而代之。那怎么办？简单。既然这个钱，我不想赚，那就帮别人去赚，但你们得围绕着我来玩。开放应运而生。如果要看fancy版本的同样解释，请看博文：

小前端、大后台 路鹏（淘宝副总裁）

业务方向

现在淘宝主推三大业务方向：独立网店、社区电子商务化、第三方开发的工具海。

· 淘宝不讳言独立网店，真是很令人佩服。独立网店的样品工程就是优衣库，基本思路就是网站的域名和UI是独立网店的，其他的东西都是淘宝的，比如用户、支付、商品信息等。ShopEx在这方面是淘宝的合作伙伴。

· 社区电子商务化。简单来说，就是在bbs（如天涯）和sns（如人人网）中通过TOP API展示淘宝上商品，一但成交，大家分钱。

· 工具海。做垂直行业的商家管理工具，卖给旺铺卖家。

当然还有其他。参考：TOP业务方向

盈利模式

光炒概念，没有盈利模式的事情，我一向是只看不碰。那大多只是烧钱者的游戏，一般人玩儿不起。淘宝开放还是有比较清楚的变现模式的（包括但不限于）：

· 淘宝客佣金。淘宝客是按成交计费的，CPA模式。而且API中允许用户加入一些自定义数据，用于确定购买行为过程中的贡献方，使得分享利润成为可能。以前写过篇文章，就提到分享利润的一个应用。

· 插件分成。插件分为店铺管理插件和淘江湖SNS平台插件。前者是方便管理店铺用的，后者偏重娱乐性，概念类似Facebook的应用。

· 软件销售。C/S模式，或者ShopEx独立网店大多属于这种模式。

· 传统广告。比如你调用淘宝API生成网页，加Google AdSense进入，也是可以的。

参考：TOP盈利模式

API

参考：TOP API文档

API/角色

六个基本角色，权限从低到高依次为：公开查询应用、买家应用、卖家应用、商家应用、高级应用、专业应用。较高角色的权限包含较低角色的权限。

还有三个独立角色，社区应用、媒体应用、淘宝客应用。相互独立，与六个基本角色不存在依赖关系。

API/分类

API操作的对象，有如下11种：用户，产品，类目，商品，交易，评价，物流，店铺，淘宝客，淘江湖(v=2.0)，图片空间。

API基本的命名规则是<namespace>.<object>.<action>，如taobao.item.get用于获取单个商品的详细信息。

API/如何进行API调用

基于REST协议的API。调用接口地址是：

测试环境地址：http://gw.api.tbsandbox.com/router/rest

正式环境地址：http://gw.api.taobao.com/router/rest

TOP会给每个应用分配app_key和app_secret，相当于该应用的用户名和密码。API调用传入的参数分为系统参数（每个API都需要，且格式相同）和API专有参数（随API不同而不同）两类。系统参数中，app_key由系统分配所得，session通过下列方法获得，而sign是根据签名规则生成，其实就是通过一个hash函数完成了加密和校验的双重功能。这和Facebook的那一套东西很像。

参考：TOP API系统级参数定义 How Facebook Authenticates Your Application

Demo

TOP开放的是基于REST的API，和编程语言无关的。下面用Java语言为例，写个hello world。

不用TOP Java SDK的demo：http://open.taobao.com/demo/javaDemo.zip

用TOP SDK的demo: http://wiki.open.taobao.com/index.php/FAQ

注意：SDK给的其实Java源文件，需要copy到源文件的目录下，进行编译。

早上，习惯性地打开新浪，小心地在广告链接中穿行，点新闻看。一则关于淘宝一元秒杀的新闻，很有意思。故事大概是：9/25日晚8时，淘宝将价值数千元的商品，以一元标价在淘宝上拍卖，庆祝成立6周年。结果搞砸了。很多用户还未看到开始页面就结束了，还有人用作弊器同时拍到了多个商品。

此事从商务角度来说，淘宝是毫无疑问的赢家。此次拍卖的目的并非真的拍卖，而是赚人气，赚眼球。尚不清楚，淘宝是否真的故意造成争议话题，让大家去议论，正如电影拍摄中常常传出男女主角的桃色新闻一样。从技术角度来说，如果要较完善设计此系统的话，至少有几点值得商榷。

（1）Use server push instead of client pull. 有淘宝用户留言，

我从19:50开始，不断刷新页面，都是显示“即将开始”，再刷新，活动已经结束！MLGB…

在线拍卖讲究的就是时效性，大家都想以最低的价格得到某样商品，所以非常想知道最新的价格，这时候就疯狂刷页面，造成服务器压力很大。另外一种做法是Server Push, “你们都不要刷了，有消息会告诉你们的，回家等着吧。” 这种东东就叫做Server Push。也不是什么新的概念，用Java applet等插件N年前都能实现，但让每个人都装这么个插件显然代价太大。现在的SilverLight, Flex也能实现类似功能，但需要安装插件。Dojo的Comet很好地解决了这个问题。code在这里。不用装插件，可以穿越防火墙，而且scalability很好，也可以做cluster。淘宝的兄弟们真应该考虑一下这个东西。对Java天然支持。很可能将是Servlet 3.0的一部分，HTML5中也有类似的概念了。Server Push的应用范围主要在Server需要主动传递信息给client的情况，如在线拍卖，聊天，股票报价等。下面是一个介绍的slide，有兴趣的朋友，仔细看看。5分钟就可以用maven弄一个玩玩。

（2）用一点anti-spamming技术吧，在这里就是验证码(CAPTCHA)。只有人能拍，程序不能拍。

（3）防一下DoS攻击，把疯狂刷页面的同学的IP暂时放入黑名单，或者弹出一个验证码页面。

Fast Company recently published its version of the world’s top 50 most innovative companies. Although I would question why Intel is among top10, what surprised me most is the fact that Hulu is listed #3. I know there might be political things about the particular order, as it goes with most ranking, but it would be also interesting to find out “why Hulu, not others”.

Origin

Hulu, an online video streaming company, managed to do something which YouTube failed to do. Copyright is one of YouTube’s headaches, but it is incredible positive thing for Hulu, because it is built intentionally aimed to server property content by two major stream media dogs, NBC Universal and Fox.

{YouTube, watch someone’s DIY video} VS { Hulu, watch TV & Movies online legally} -> Similar but different market niche.

People might be asking, why NBC and Fox executives don’t rely on YouTube to serve their plays? You can imagine following conversation which probably happened behind the scene:

This is the first site who delivers property video to your computer for free. Traditional Media Company gradually realized that they have to embrace the changes if they are not able to prevent them. It is online streaming, in this case. Hulu has more than 120 sources now.

Key is property content sources are nonrenewable rare resources.

Independence

Hulu’s CEO said to capital angels, “I don’t think you’ll be seeing the name Fox or NBC on the site hardly at all, Hulu is about the shows, not the networks. The shows are the brands that users care about.” Another quote, “the key to Hulu’s success is its freedom to operate essentially as a stand-alone company…”

From startup’s perspective, captical can be good thing, or bad thing. It can help you grow much faster, but it can also easily enable you miss your initial goals. Capital often appoints some seemingly smart guy, who is with XYZ MBA degree or n years of experience in ABC company, to take over the company as one of its investment agreements.

That is indeed one of the worst investment risk controls, although it happens again and again. Give money to most passionate guys, and letting them be passionate always is the only way to maximize the probability of getting most out of your investment.

Feature?Solution? Experience!

Question: If you are given a task to build a video streaming site within less than 3 months, what would you do?

We were taught this way:

1) Identify who will be using your site

2) Draw use case diagram

3) List scenarios for each user role

4) To support each scenarios, figure out needed features

5) Design/Code/test your features

6) Go live

7) Yeah! Party! :- )

If you follow this in your next interview, I can almost guarantee a pass. Do we miss anything? Actually we missed most critical one – Experience! Experience is a combination of brand/feeling/easy-to-use/enjoyable process. For example, given below requirement:

“Design something which is used to sit on, commonly for use by one person. It often has the seat raised above floor level, supported by legs.”

People will respond immediately, “Chair!”. You may notice that there are at least hundreds of types of chairs in the world, if not thousands of, if not millions of. Only most imaginative ones who deeply understand that particular set of users’ needs, care about their feelings and eventually apply those into product designs can do the best work. Let us take a look at “art of chair”.

Be COOL, in show time, although you might have the similar hard time figuring out what some of them really are. Just like someone said about iTune – “iTune is not selling features. iTune is selling experience.”

Hulu’s key experiences:

1) Simple

2) Larger screen

3) High-resolution video

4) Clutter-free

5) Quality control

6) Free to users

7) No download

Obsessed with users

Memory leaks are always headache of developers. Do .NET developers no longer bother to worry about memory leaks because of garbage collection? Yes and NO. GC periodically find objects that cannot be accessed in the future and then reclaim the resources used by the objects. GC achieves this by maintaining a list of references to live objects. When this mechanism is broken, memory leak happens.

There are many reasons to leak memory. In addition to calling unmanaged code from managed code, another one of general cases is about event handler. If you do this:

Foo.FooEvent += new EventHandler(MemoryLeaksHere.Method);

When you complete using MemoryLeaksHere, but you are still using Foo, then MemoryLeaksHere will still remain alive as well. MemoryLeaksHere object will leak memory as a result of failing to GC.

Let us take a look at one simple example first.

In MemoryLeaksHere object’s constructor, Foo starts to hold a reference to MemoryLeaksHere by registering event handler. In MemoryLeaksHere.TryQuit(), if we don’t unregister, memory leak will happen.

To be more intuitive, you can copy/paste sample code to VS2008, and then enable unmanged code debugging by following:

Project->Properties->Debug->Enable Unmanaged Code debugging

Now set a breakpoint at “Check memory leak here”, and start build/debug. When being asked leak me or not, you can choose either yes or no. For example:

Here, looks like we leak two of them. Finally app will hit the breakpoint and stop. At this point, we can go to VS immedate window to load sos.dll, and then check how many objects in the heap:

So now we know there are two object instances are not recycled. Why are they not GC-ed? Because someone has a reference to them. Choose one of them, and use gcroot command.

Now we can see that MemoryLeakSample.Foo is still referencing MemoryLeakSample.MemoryLeaksHere via event handler. If it is not 5 iterations, image what would happen if every incoming request results in a slice of memory leak… Soon or later, you online service will be down.

See also:

http://www.codeproject.com/KB/dotnet/Memory_Leak_Detection.aspx

http://blogs.msdn.com/jgoldb/archive/2008/02/04/finding-memory-leaks-in-wpf-based-applications.aspx

http://blogs.msdn.com/calvin_hsia/archive/2008/04/11/8381838.aspx

http://www.automatedqa.com/techpapers/net_allocation_profiler.asp

http://blogs.msdn.com/greg_schechter/archive/2004/05/27/143605.aspx

Cuil, another so-called Google killer, is at its last gasp. I just knew it. I am not predicting present. Cuil is not the first one, and apparently not the last. For upcoming cuils, here are my words.

Brand. Brand. Brand.

For many people, word of Google has close sentimental connection with bunch of splendid words such as cool, innovation, unselfish, impartial, revolution, and powerful, etc… With brand, Google claims that “People don’t work at Google for the money. They work at Google because they want to change the world!”. With brand, debut of Google’s every new service always arouses buzzes, but seldom notices that Live also has compelling equivalence. With brand, people think only Google can provide best results, but often they can’t tell who is search provider when presented anonymous results set. It is very interesting to take a look at curve of Cuil’s daily unique visitors:

At launch momentum, people rushed to see what this Google killer looks like because of Google’s brand. Ridiculous? Not actually. It is everyone’s inherent attributes as people love to check out events of small probability such as Shoes thrown at Bush, one crazy million-dollar idea. As part of branding strategy, naming is essential. Cuil might not a good name actually. Let me share a story of mine. Back to several years ago, a group of my friends decided to build a website aimed to provide 3^rd service for franchising, called JiaMeng in Chinese. The guys with solid academic management background came with the domain name of 51franchise.com. It turned out a real trouble – hard to explain to customers, not localized. Even ordinary college students don’t know the word franchise, not to mention clients with much less schooling. So, ditu.live.com for Chinese is much better than chinamap.live.com if you take a look at average education level of internet users. All in all, BRAND works like religion, and it takes lifetime to build.

“A Google approach to email” – see how brand helps product marketing.

Infrastructure

GFS. BigTable. MapReduce. They can be competitive advantages. With these put in place, Google can roll out new internet services faster, cheaper, and at scale at few others can compete with. They are designed solely for Internet services. Users quit quickly after dissatisfied performance experience in Cuil. Microsoft software is mainly for an enterprise, supporting 100K concurrent users is “good enough”, but it is far more perfect in internet scenario.

Understand/Repsect Customers

There is no one-size-fits-all solution given the growingly diversified market. Of course you can educate customers, but never expect to change their inherent attributes coming from culture/history/economic development level. If you doubt this claim, check out this article: Search site moves at the speed of China, which reports, “But appreciating such cultural differences is what Baidu.com Inc.’s chief financial officer, Shawn Wang, says gives the Chinese search giant unique insight into the country’s 1.3 billion people as it competes with American rivals such as Google Inc. and Yahoo Inc.” As a result:

Culture

Per Wikipedia, culture means the set of shared attitudes, values, goals, and practices that characterizes an institution, organization or group. Google’s business is built on top of internet, so its organization/knowledge base is built for the internet, just like Microsoft is built for software, mainly enterprise software. I met strong feature PM with deep knowledge needed for enterprise software, say reporting, admin UI, DB admin UI, and information work flow. They understand their customers so much after years of interactions with them. It takes time to accumulate. Top-down hierarchy, heavyweight development process, years of in-house development can hardly catch up with the pace of internet evolution. The same thing is applied to Google – I am equally not optimistic if Google step into enterprise software because of the same reason – culture, enterprise’s DNA.

Web Competition Strategy

What is Cuil’s selling point? (1) Fancy UI. UI is critical for adoption and usage, but it hardly provides a moat. This is provided by two case studies of Apple computer of the nineties and the “X window” system on *nix OS. Both these systems with more attractive UI couldn’t beat windows OS with lower cost and rich applications available. (2) More relevant result. This is an ambiguous area which lacks of widely accepted measure criteria. (3) Cheaper solution. There is a question of sunk cost, of course you can claim you are 1/10 cheaper once reaching Google’s current scale. None of these is compelling from users’ point of view. Why do users bother to go to your site instead? One of the significant differences between web service (say, search) and traditional software business(say, DB) is purchasing decision making process. DB vendors can send to salesmen to target customers’ office and argue the deal. Only quite a few key persons have the final call. They are more analytical, love data. As comparison, everyone can be customers of search, we are more emotional. If I don’t miss anything, looks like the best strategy to monetize Cuil is to be acquired by Google.

No chance to win in search?

Definitely No. But you are doomed to fail if following essential parts are missed:

1. Remember brand. Remember “winners take all”.
2. Build your DNA towards internet. DNA = SUM(people, team arch, process, knowledge, …)
3. Put infrastructure in place. This is the way to help turn your idea into profitable traffic. Not scale-up, scale-out instead.
4. One thumb rule to compete with dominant market leader
   • Avoid playing games whose rules are set by opponents. You can hardly win. In this case, better search engine defined by Google are faster, relevant results, simple UI, magic algorithm, PB of data, … Let us think of solving same problems with different approaches. Why search? Help explore and share information. If someone tries to solve this problem by following Yahoo’s tail light to build yet another portal, he has little change to take off. Another example is download – P2P technology solved the download problem without adding more expensive servers/bandwidth.
   • Attack opponents’ weak points. Google is designed to search everything, but it may not be good at all vertical industries, say shopping. Nibble at its market share if we can’t win in head-to-head way.
5. Before rolling up sleeves, why we have to win? Why not step away and go find next big thing? Let Google be Google.