View News by Category
- Adobe (2)
- Amazon (39)
- AOL (14)
- APIs (196)
- BestMashups (113)
- BestPractices (12)
- Books (5)
- CaseStudies (5)
- Code (4)
- Contests (52)
- ebay (6)
- Enterprise (38)
- Events (54)
- Examples (152)
- Facebook (14)
- Featured (10)
- fun (7)
- Games (2)
- General (16)
- Google (85)
- Gov (25)
- Green (2)
- Hardware (6)
- HowTo (15)
- Infrastructure (9)
- Issues (49)
- Java (1)
- JavaScript (7)
- Jobs (1)
- Law (21)
- Mapping (75)
- Media (12)
- Metrics (7)
- Microsoft (35)
- Mobile (8)
- Money (69)
- Music (10)
- News (115)
- Nonprofit (5)
- OpenSocial (16)
- photo (19)
- Popular (19)
- PopularAllTime (21)
- Press (17)
- Reference (2)
- Religion (1)
- RIA (5)
- roundup (1)
- Ruby (2)
- Salesforce (8)
- Search (5)
- Security (16)
- SemanticWeb (3)
- Shopping (17)
- Site News (55)
- Social (48)
- Source (2)
- Standards (6)
- Telephony (10)
- Tools (44)
- Video (23)
- Visualization (4)
- Widgets (20)
- wiki (1)
- Yahoo (47)
Archives
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
Douglas Crockford on the Mashup Problem
John Musser, October 1st, 2007 
Comments(5)
If you’re at all interested on the future of JavaScript as a mashup platform, be sure to watch this engaging talk by Douglas Crockford on Gears and the Mashup Problem (for those of you who don’t know Douglas he’s currently senior JavaScript architect at Yahoo and is arguably the foremost expert on JavaScript and JSON today). It’s a Google Tech Talk from last month and here’s the abstract:
Mashups are the most interesting innovation in software development in decades. Unfortunately, the browser’s security model did not anticipate this development, so mashups are not safe if there is any confidential information in the page. Since virtually every page has at least some confidential information in it, this is a big problem. Google Gears may lead to the solution.
A few notes from the interesting and thought-provoking video (with a good sense of humor to boot):
- He begins by noting that “security is the number 1 biggest with the whole World Wide Web”.
- This is often due to a “Ship it now. Secure it later.” attitude to application development along with a “blame the user” security model (like what happens these days when a user’s given a confusing “Do you grant this application access to all your data” pop-up login in a mashup).
- He traces the history of JavaScript from Netscape 2, thourgh Microsoft’s JScript and XMLHttpRequest, and points out that neither the HTML or JavaScript standards have been updated since 1999 (Web time no longer means doing things “really fast”).
- Java was a “huge failure” of “write once, run away screaming”.
- Argues that “Mashups are the most interesting innovation in software development in 20 years.”
- But, because mashups in the browser are insecure, “nothing but trivial applications” should be built there.
- All programs in a common global space; cross site scripting, XSS; in the DOM all elements can access siblings and parent
- To be secure, mashups require “Cooperation with mutual suspicion.”
- He is a big fan of Google Gears, which by virture of its Worker Pool architecture has the potential to address many of the key JavaScript security issues.
In the end Douglas proposes having a Mashup Solution Design Summit that ideally would have particpation from folks at Google, Yahoo, Microsoft, IBM, Adobe, and others. Sounds like a very good idea.
-
[…] Douglas Crockford on the Mashup Problem (tags: blog.programmableweb.com 2007 mes9 dia1 at_tecp mashups google_gears javascript web2.0 webservices security) […]
-
John,
This is extremely relevant and useful information. Thank you for reporting it.
Comment by: Kevin Curry - October 2nd, 2007 at 7:28 am -
This is an excellent overview of security issues and programmability issues on the web. As security researchers sink their teeth into solving XSS, SQL injection, input validation issues, and so on we should see a lot of change for the better in this respect. There’s no reason to limit yourself to “trivial applications” though. It didn’t stop Windows, Unix, or the web itself from being created and added to critical infrastructure.
Comment by: Joel Voss - October 5th, 2007 at 3:39 pm -
[…] expert Douglas Crockford calls the language and just this sort of vulnerability ‘the mashup problem’ since “mashups are not safe if there is any confidential information in the page. Since […]
-
[…] this is a small part of why Douglas Crockford says that “Mashups are the most interesting innovation in software development in […]
Leave a Reply
Our Sponsors
Member of
