10 Forces Guiding the Future of Scripting

snydeq writes "InfoWorld examines the platforms and passions underlying today's popular dynamic languages, and though JavaScript, Perl, PHP, Python, Ruby, Groovy, and other scripting tools are fast achieving the critical mass necessary to flourish into the future, 10 forces in particular appear to be driving the evolution of this development domain. From the cooption of successful ideas across languages, to the infusion of application development into applications that are fast evolving beyond their traditional purpose, to the rise of frameworks, the cloud, and amateur code enablers, each will have a profound effect on the future of today's dynamic development tools."

Re:Fast javascript: MORE IMPORTANTLY? Secure DOM

"Does anyone know of a project to bring some of the fast Javascript implementations like V8 to the server?" - by cornicefire (610241) on Monday October 13, @06:40PM (#25362433)

More importantly than speed, imo @ least, would be to create a less 'faulty' (insecure) implementation of the Document Object Model (DOM) behind javascript... & of javascript itself!

(After all, anybody can take a peek over @ SECUNIA.COM &/or SECURITYFOCUS.COM (just to name a couple reputable sites in regards to security) & see that the majority of attacks ARE javascript driven the past 3-4 years now (sometimes in combination with plugins & iframes) that have even extended to not only bad site's code, but also adbanners as well).

Speed's nice, but judging by the state of things, such as the recent "ClickJack" shenanigans going on out there (which YES, stalling javascript does help stop, despite the init. headline here in regards to this on Sept. 25th 2008 ->

----

Alarm Raised For "Clickjacking" Browser Exploit:

http://it.slashdot.org/comments.pl?sid=976325&threshold=-1&commentsort=0&mode=thread&no_d2=1&cid=25158835

----

Which the /. article's poster had stated otherwise (verbatim: "The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you", which is blatantly untrue, if you read on you will see why & from whom (makers of NoScript iirc)), at the close of its initial posting?

Well, guess again:

----

SALIENT QUOTE:

http://www.securityfocus.com/news/11534/2

"JavaScript increases the effectiveness of this attacks hugely, because it ensures that user will click our target no matter where he points -- that is, we can move the target around to stay always under the mouse pointer"

----

Thus, as you can see? Well, contrary to the "clickjack" article initially posted here @ /. on Sept. 25th & its headline here from its initial poster??

It actually HELPS to stop javascript vs. Clickjacks, too (see the reference to SECURITYFOCUS.COM there in that URL above)... once more, see the URL above in regards to that & despite others also stating that 'stopping javascript would stall framebusting code, as well!

Speed's nice guys, but it only means you will get infected/infested, THAT MUCH FASTER is all, nowadays (& for the past 3-4 yrs. now)... heck, & the security suite folks are failing vs. these things too, with this latest COMPUTERWORLD excerpt:

----

Top security suites fail exploit tests (COMPUTERWORLD):

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042&intsrc=news_ts_head

&/or

Top security suites fail exploit tests (SECUNIA):

http://secunia.com/blog/29/

----

The "old-school methods" (what security suites use, like virus signatures, which only work vs. KNOWN threats, when they ought to be concentrating on white or blacklisting sites &/or HEURISTICS levels of detection ("smells like a duck, tastes like a duck: IT MUST BE A DUCK!" type logic)) aren't working that well nowadays guys!

After all, you know it, & I know it - The REAL, TRUE threat's coming thru your email, webbrowser, instant messenger programs (& even Adobe .pdf files with javascript active in the program, & plugins like Adobe Flash (which I guessed correctly on above no less, as to the "mystery program" that was involved that J. Grossman & crew (discoverers of the clickjack issue) kept

Re:Religion

[DragonWriter]

Most human wars throughout the ages are based on religion. Scary, isn't it?

Scary, perhaps, but not at all true. Almost every war is entered into for economic reasons by the decision makers; religion, nationalism, and other forms of identity appeals are often used in appeals to keep the masses behind the war, but they generally aren't the main reasons, and often not reasons at all, for the war.

Re:Clueless.

[oliderid]

Bless(you);

Re:Fast javascript

[kitgerrits]

So you want the client to be able to tell the server "Don't worry, I already checked it".
A very nice feature indeed.