Slashdot Mirror
Advanced Requests and Responses in Ajax
An anonymous reader writes "The Web is no longer a place where simple applications are tolerated; 'users have become more advanced, customers expect robustness and advanced error reporting, and managers are fired because an application goes down 1 percent of the time. It's your job then, to go beyond a simple Ajax application that requires a more thorough understanding of XMLHttpRequest.' This DevWorks article tries to help developers use Ajax to build a solid foundation in which an application handles errors and problems smoothly."
In this day and age a lot of us are asked to program who are not by nature computer programmers. In a perfect world all the programmers would be CS majors. For example, I am an Aerospace Engineer, however I spend 6 hours a day writing code in c++. It isn't pretty but it works. Why? The company I work for could either:
:P
(a) Hire engineers who know engineering and are crappy programmers, and make them learn programming, or
(b) Hire CS majors who don't know engineering, and spend 4 years to teach them engineering
(a) makes more sense to me. A lot of my code looks like crap, and I know my CS friends could do better quicker, but they don't know the engineering principles I do. Long story short, I didn't have CS101, CS102, etc. There are a lot of us out here who are asked to code, who weren't brought up to be coders, who have to be taught some principles that aren't immediately apparent
My company uses a very popular ad system that relies on javascript to function. If the user doesn't have javascript turned on, then they can't see our ads. If they can't see our ads, then ... we really don't care if the site doesn't work for them.
For all of you who've got adblockers on and javascript and flash turned off, welcome to the beginning of the end. I hope you enjoy cruising the crusty bowels of the Internet while the rest of us enjoy Flickr and the rest of the really tasty web 2.0 apps that are coming down the pipe.
Every Ajax application uses the XMLHttpRequest object, so you'll want to be intimately familiar with it to make your Ajax applications perform and perform well.
I think this is true right now, at least to some extent, but as frameworks solidify and become proven, there will be less benefit to being "intimately familiar" with the XMLHttpRequest object. Of course, knowing more about the underlying technology can't hurt, and you will need to know them if you are the one writing a framework.
For a very good source on frameworks, take a look at http://ajaxpatterns.org/Ajax_Frameworks
FREE - Java, J2EE and Ajax Audiobooks for Software Developers - www.DeveloperAdvantage.com
For all of you who've got ad blockers on and JavaScript and flash turned off, welcome to the beginning of the end.
Oh the delicious irony of seeing this post immediately after a sensible poster mentions graceful degradation.
See, I actually see things differently then you do. I do run with JavaScript disabled for the most part and AdBlock turned on. And you know what? I don't really have that many issues with websites. And if I do run into issues? Well, I really don't care if my browser doesn't work for them.
I think perhaps just because you have "They're not seeing our ads? Well F them then!" attitude towards customers does not a) mean all companies do and more importantly b) not all developers do. Standards are generally designed to implement some backward compatibility. I don't think, despite your gloomy predictions, that this is likely to change anytime soon. The majority of (useful, interesting) sites will continue to keep this in mind in order to take advantage of as many eyeballs as possible.
So I think I'll continue to use ad block, watch all my TV on DVR and skip the commercials, avoid tracking tools, like toolbars that integrate with my browser and in general keep myself as ad free as possible.
Meanwhile you and the rest of the mass marketing industry can try the RIAA route and whine to the government about it. Maybe they'll make my DVR and ad blockers illegal. Then, I guess you win.
Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
Error handling wasn't taught well at my college. Yeah, you might fail one of Greenlee's assignments if you if you didn't check the return status of a system call, but that's not the same thing as knowing how to handle an error when you get one.
It wouldn't be difficult to add an error-handling module to an intermediate-level programming class. There are only a few basic response to any error situation: ignore it, propagate it, retry it, ask the user about it, log it to disk/email/syslog/database/whatever, log it to the GUI, and/or bail-and-quit. Talk about when and how to use each approach; throw in material about retry strategies, explicit vs. implicit error signaling, fail-fast behavior, ask-forgiveness, pitfalls of catching all exceptions, the needs of production systems, etc., and followup with an examination of a few platform-specific error-handling facilities.
If you're college taught all this, then great!!! Mine did not. Maybe I should email some of my old profs...
-1, Too Many Layers Of Abstraction
Ho Ho Ho. Why would anyone want to turn Adblockers off? Personally I keep javascript on (why should I disable an extremely useful browser extension because some advertising scum abuse it?) but run the Adblocking at the highest level I can. I rarely see any adverts and it seems to me that the adblockers are winning the arms race - we can have our web 2.0 applications just fine without the dregs of humanity that are advertiser messing things up for us.
Where's the ajax on slashdot? Are we supposed to be rebelling because it uses the traditional get/post methods instead of the (new name, old technology) "ajax" version?
.com's? Or on mainstream news sites?
Where's the ajax on msn & yahoo
Ajax is a "web two point oh" buzzword, and 99% of "web two point oh" services/systems aren't going to be a success just because they utilize it.
I'm not disputing it can be useful and add something to an application, but the hype outweighs the benefit.
One thing I fear about ajax is the poor standards many developers work to - how long before we see phpbb/phpnuke/et al tearing servers apart because each visitor is suddenly making an extra 10 database queries a minute while previously they'd alt-tab back and hit refresh every few minutes?
Forget about the back button...that is an annoyance I've grown to tolerate (for almost a decade we've had to deal with "sticky" web pages). MY biggest concerns centre on SECURITY and PRIVACY.
;-)
One thing about Javascript is that it is very aware of the client's environment--we can use it to determine screen size, colour depth, browser type, browser history and so forth. Until the introduction of the XMLHTTPRequest object, developers were limited in how they could bring this information into the server. It wasn't impossible (you could do stuff with traditional javascript and server-side programming involving hidden input tags, cookies, automatic page submits/reloads, etc), however the user would usually have a visual cue (IE would produce an audible "click" during page submits and redirects by default, the page would blink, the "throbber" icon and status bar would indicate an HTTP request was happening, etc). Furthermore, such schemes were more easily breakable (disablihng cookies, etc).
Now with AJAX, a coder could write client side script that (for example) enumerates your browser's history and ships it back using the XMLHTTPRequest object. The page does not need to use cookies, install special software like IE "browser helper objects" or need to expose itself through the use of hidden input tags. It's the greatest thing since sliced bread for spyware developers (multi-platform, lightweight, not yet easy to detect). I think javascript is generally better contained than, say, VBS, from a security standpoint, but I still have my concerns.
Worse yet, there isn't much in the way of user control--a person can disable Javascript entirely but then the whole app breaks. Browsers like Firefox can limit the use of javascript to do popo-up ads, alter toolbars and such, but I see nothing regarding security control of the XMLHTTPRequest object. As far as I can tell, if Javascript is enabled at all, a script can make full use of that object, and it'd be REALLY easy to use it to report my browsing history on a constant basis, without me knowing about it unless I do a lot of sleuthing in source files and cache.
In any case, I have some questions for "seasoned" AJAX coders (I am well-versed in Javascript but am a neophyte with ful-blown AJAX apps): What do you do to make sure your app is secure from client-side shenanigans (perhaps an AJAX-equivalent to SQL-injection), what can a user do to manage security within your AJAX app, and have you used AJAX techniques for potentially intrusive purposes (sniffing a client's environment in particular)? You can post anonymously if you've had to "do evil" as part of your job if you want
(BTW, a competent AJAX developer would at least take measures to disable the back button's functionality, and there are measures that can be taken to handle the back button gracefully. It is mostly a matter of sound design...)
There's always Anthem.Net for those that like C# as well... ;) I think JSON is much lighter for data than using xml... since the syntax can be *much* lighter with json, especially for somewhat complex relationships, and data.
Michael J. Ryan - tracker1.info
While AJAX is limited to acquiring data from within the same basedomain, it's trivial to use something on a local server like cURL wrapped with PHP/Perl to get & parse remote content. You can then do sanity & security checks on the acquired content before passing it along to your AJAX application.
(Silly, but it reminds me of my first few Perl scripts, and how I would get around "taint" checking by passing all input through a 's/(.)/$1/' regular expression)