What's wrong with HTTP?

Kragen Sitaker kragen at pobox.com
Mon Nov 27 03:37:02 EST 2006


[third draft, thanks for your patience]

What's Wrong With HTTP?
=======================

In this essay, the first of a pair on browser apps, I explore how
they are better than traditional desktop apps in some ways, but
worse in others.  Some of the disadvantages of browser apps are
deeply rooted in the use of HTTP URLs for naming.  In the second
essay, I will present a design sketch for a new platform, a
replacement for HTTP combining both styles' advantages.

Right now, we're seeing a massive shift to browser apps, largely
server-side browser apps.  As I warned in "People, places, things,
and ideas," [18] this move to server-side browser apps imperils
our software freedom; I outlined how to solve this problem in "The
equivalent of free software for online services."  [19] This pair
of essays represents more detail on this problem and proposed
solution.

What's the Big Deal About Browser Apps?
---------------------------------------

By "browser app", I mean a computer program whose user interface
is a web browser --- for example, Hotmail, PBWiki, Slashdot,
Flickr, del.icio.us, Google Search, Google Maps, Sproutliner [45],
Babelfish, LiveJournal, NumSum, and the Trimpath Spreadsheet
embedded in NumSum.  I'm not including programs like Macromedia
Flash Player or Windows Media Player, which are traditional GUI
applications that merely display their GUIs inside a web browser.

There are browser apps that run entirely on the server side,
browser apps that run entirely on the client side, and browser
apps that have parts on both sides; most of this essay discusses
all three without differentiation.

Kevin Barnes [16] and Yaron Goland [17] have written a bit about
why so many new computer programs are written as browser apps,
even browser apps with difficult-to-write client-side parts.
Yaron explains:

    I think one of the key aspects of the browser's success is
    that it is, in essence, a pain free application installation,
    execution and de-installation environment.

    You can 'install' software just by navigating to it, no
    install dialogs to worry about, no disk space issues to check,
    to permissions to fret over, no conflicts to deal with, and
    when you are done with the "software" (a.k.a. web page) the
    software just vanishes (well mostly...).

    All of which leads me to point out that when we look for the
    new browser to replace the AJAX [49] browser we must make sure
    it keeps the same 'pain free' execution environment
    characteristics of the browser.

Philip Greenspun [20] and Paul Graham [21] have also written quite a
bit on the advantages of browser apps, although they mostly focused on
pure server-side browser apps.

I find myself writing more and more of my kragen-hacks posts as
client-side browser apps in DHTML so people can run them more easily.

However, browser apps have some serious drawbacks.

How Browser Apps Are Different
------------------------------

Browser apps are different from traditional desktop apps in
several ways, listed briefly here and then in more detail.  They
do each of the following:

* Install painlessly.
* Run in a sandbox.
* Are location-transparent.
* Are part of the web.
* Support collaboration.
* Don't integrate with the desktop.
* Don't work offline.
* Upgrade instantly.
* Support "view source".
* Run slowly.
* Aren't trustworthy.
* Have a higher-level GUI toolkit.
* Have a quicker edit-run cycle.

In more detail:

* Install painlessly

As Yaron pointed out, you don't have to "install" browser apps;
your computer still downloads and runs them, but you don't have to
engage in a long dialog with it just to get them running.

* Run in a sandbox

Insecure or malicious browser apps can't steal or delete your
files, because they only have access to the files you explicitly
give them, and they can't spread viruses to other browser apps,
because they don't have access to them.

* Are location-transparent

You can use any browser app from any computer, and access all of
its data.

* Are part of the web

You can link from any web page to your photos on Flickr or to
search results on Google; Google can index your LiveJournal blog
if you let it; you can print a Slashdot conversation, or
text-search your del.icio.us bookmarks from the browser.  In
general, data in a browser app is usually a first-class citizen of
the web.

All of these virtues come from two aspects of the architecture of
the web: REST [22] and the Rule of Least Power [23]; browser apps
not designed with them in mind do not integrate well with the rest
of the web.

* Support collaboration

Partly because they're location-transparent and web-integrated,
browser apps support social interaction more easily than desktop
apps.

* Don't integrate with the desktop

Browser apps are clumsy at cooperating with your desktop ---
exchanging data and so forth --- and sometimes this makes them
clumsy to use.  On the other hand, you can pretty much use them
regardless of what operating system or installed DLLs you have ---
incompatibilities are rare and mostly easy to fix.

* Don't work offline

Most browser apps run partly on the server side, and at present,
there's no good way for them to run offline.

* Upgrade instantly

Whether you want to or not, as soon as you hit reload, you're
running the latest version installed on the web server.  This is
often a great benefit, but it induces a single point of failure
--- the server operator can install a new version that violates
your privacy, and you are defenseless.

* Support "view source"

While you can't view the source code that runs on the server side,
you can see all the UI elements.  But with Ajax [49] and
Greasemonkey [40], it's easier and easier to view and customize
the app logic.

* Run slowly

While the part that runs on the server can be fast (although you
may have to share that server with hundreds of thousands of other
users), the communication with the server rarely is, and any
client-side part runs in a slow JavaScript interpreter.  (The
JavaScript interpreter may speed up quite a bit soon with the
Tamarin project [31].)

* Aren't trustworthy

Today, browser apps always have a single point of failure --- the
owner of the server can turn it off, lock you out, or steal all
your private data.  Desktop apps don't have this problem, as long
as you control your own computer.  This is induced by the
particular approaches taken to the instant upgrade and
location-transparency problems.

* Have a higher-level GUI toolkit

Browser apps use the HTML DOM for their GUI toolkit.  HTML is easy
to style with CSS; it's easy to put images into; it pervasively
supports Unicode; and the CSS box model layout system is much more
flexible than the model in any of the standard GUI toolkits.  On
the other hand, it's often very slow.

* Have a quicker edit-run cycle

Unless you're the kind of person who writes their browser apps in
Java, it's very quick to see the results of your changes, without
losing any of your data; this speeds development.

The Postweb Browser Debate
--------------------------

There's been some discussion [50] [51] about how to remedy the
shortcomings of the browser as an application platform; this essay
was inspired by a discussion thread on ask.slashdot.org this month
[0] about the subject.  In the original post, cyclomedia [1]
wonders:

    "I've been thinking about this for a while now, and a recent
    article posturing about Web 3.0 [2] brought forward some other
    suggestions which basically boiled down to 'what should be
    next.'  Everyone here knows that HTML, Javascript and
    HTTPRequest are not the tools for building feature-rich
    interactive networked applications, but that doesn't stop
    Google, Microsoft and others from trying their best to use
    them to build office suites and the like. As one project puts
    it: 'we need to replace the Document Browser with an
    Application Browser.'  So, let's get the ball rolling with my
    question: What type of platform would you like to see
    delivering the 'true' Web 2.0 in the not too distant future?"

The earlier-cited essays by Kevin Barnes [16] and Yaron Goland
[17] also touch on this question.

Although Slashdot's design rewards brevity and speed of response
over depth of thought, there were still some interesting comments
in the ask.slashdot thread; the main points as I understood them
follow:

* Java applets and Flash are intended as platforms for
  zero-install feature-rich interactive networked GUI
  applications. [3] [4] [10] [12]
* XUL [36] is a platform for such things too. [14]
* Such a platform needs sandboxing --- support for safely running
  untrusted code. [5] [9] [11]
* Such a platform needs to store local state, like cookies, but
  usable for more things --- for example, in files. [5] [11]
* It's better for users if code runs on the server, not on their
  computer. [10] [15]
* Documents are better than applications, because they give more
  control to the user. [9] [10]
* Documents are better represented in HTML than as programs. [6]
  [8] [9] [[maybe "HTML is better than
* JavaScript is a terrible programming language. [6] [17] [37]
  [38] [39]
* There's nothing wrong with the traditional desktop-app approach,
  and AJAX and JavaScript and DHTML are just dumb ideas. [7] [8]
  [13] [14]
* DHTML is too slow and memory-intensive. [8] [10]
* Yes, we need an "application browser" platform that's designed
  for applications rather than documents, but has the advantages
  of a web browser. [10] [11]
* What's wrong with the Web is mostly that it doesn't work
  reliably, not that it's insufficiently feature-rich. [15]

I disagree with most of these points.

Responses to points in the Slashdot thread
------------------------------------------

* Java applets and Flash are intended as platforms for
  zero-install feature-rich interactive networked GUI
  applications. [3] [4] [10] [12]

That's true, but they lack several of the advantages of normal
browser apps.  They don't integrate well into the web, so you
can't print them, text-search them, index their data with a search
engine, and so on.  Things HTML makes easy, like scrollable
paragraphs of rich text wrapped to your screen width, become
difficult to write and difficult to use.  You can't "view source"
on them or use Greasemonkey [40] to change how they work.  They
still aren't desktop-integrated, but they suffer from the
compatibility problems DHTML mostly avoids.

However, they are faster, and they still install painlessly,
support collaboration easily, upgrade instantly, and you still
can't use them reliably offline.

* XUL [36] is a platform for such things too. [14]

It looks like you can run XUL as if it were a web page or as if it
were a desktop app, with mostly the advantages and disadvantages
of whichever mode you choose --- except that a JavaScript+XUL
desktop app will be more view-source-able than a desktop app
written in C++, and still painfully slow.

So I don't think XUL is very interesting.  It's nice that it has
elements such as <treecontrol>, <tabbox>, and <radiogroup>, but
I don't think fancy widgets are a major advantage desktop apps
currently have over browser apps.

* Such a platform needs sandboxing --- support for safely running
  untrusted code. [5] [9] [11]

You wouldn't really want painless installs and
location-transparency without sandboxing --- that would mean your
computer automatically installed programs with complete control
over your computer, without you even being awware of it.  That's
why you don't use Internet Explorer, or you turn off ActiveX,
right?

So I agree; sandboxing is crucial.

* Such a platform needs to store local state, like cookies, but
  usable for more things --- for example, in files. [5] [11]

Browser apps currently achieve location-transparency and web
integration by storing all your important information on servers
on the internet, addressable by URLs.  This is one major reason
they aren't trustworthy --- whoever runs the server can delete
your information.

However, if you implement local state the way desktop applications
do --- as the WHATWG proposal for client-local storage does ---
you lose location-transparency and web integration, and you impede
collaboration.

In the next essay, I will explain a different way to make
browser applications location-transparent, without giving up
desktop-app-like trustworthiness.

* It's better for users if code runs on the server, not on their
  computer. [10] [15]

I think it's better for users if code runs (sandboxed) on their
computer, because then they can see the code and change what it
does.  That's why Google Maps had all kind of mashups coming out
within two or three months after it was announced, while MapQuest
had none even after years --- because the Google code was running
where people could "view source" and modify it: in their browsers,
not on Google's servers. [52]

* Documents are better than applications, because they give more
  control to the user. [9] [10]

I agree with this --- you can index, print, search, and otherwise
analyze documents, things you cannot do in general with computer
programs that produce documents.  This is an example of the Rule
of Least Power [23], one of the fundamental principles of the
web's design.

However, it's not really relevant to the question.  Clearly we
should represent salmon recipes as HTML files rather than Java
applets; but how should we represent Flickr?  We can't replace
Flickr with a mere static document.  Maybe we could replace it
with a desktop app.

There's still the question of how much of people's data is
represented as documents they have access to, and how much is
locked away inside programs.  Ajax tends to encourage servers to
make data available in a more document-like form --- rather than
running code on the server, outside of my control, to turn the
data something I can understand but my computer perhaps cannot,
the server sends the data in a document down to the Ajax code
running on my browser.

We still need better tools for making access to that data
practical for the majority of people, though.

* Documents are better represented in HTML than as programs. [6]
  [8] [9]

This is a special case of the preceding point, and of course it is
correct, but it is still not relevant to the design of a platform
for non-document-like browser apps.  XUL (and, perhaps, Visual
Basic) demonstrates that program user interfaces are mostly better
represented in simple static languages than in programming
languages, too.

* JavaScript is a terrible programming language. [6] [17] [37]
  [38] [39]

I hear this a lot, but I don't agree.  JavaScript is worse than
Perl or Python, but it's much better than C, C++, PHP, Java,
PostScript, or bash --- for most things.

Yaron complains [17]:

    From its lack of modularity to its lack of typing to its
    single threaded nature, to its dirt slow processing speed, to
    its lack of a decent transient local storage model to its
    inability to act as a true server, writing real code in
    Javascript really and truly does suck. I realize some of these
    complaints are more about the browser environment then
    Javascript but separating the two is nearly impossible so I'll
    pile them together.

Only three of these are complaints with JavaScript itself; I'll
address Yaron's complaints point by point.

I assume by "modularity" he means "a module system", and Dojo [24]
and JSAN [25] have added module systems more or less similar to
what you'd expect in modern languages like Python, Perl, or OCaml.
Presumably something like these systems will become standardized
soon.

JavaScript is dynamically typed, which is what Yaron means by
"lack of typing", and this has advantages and disadvantages.  A
lot of people choose dynamically-typed languages (like Lisp, Perl,
and Python) on purpose, because they have some advantages for
readability and level of abstraction. [53] [54] [55] [56] [57]
[58]

Single-threaded programming can be easier and less bug-prone than
multithreaded programming [26] [27] [30], but only if you have the
right tools, like Twisted Python [28].  MochiKit [29] provides
facilities like these for JavaScript, and those facilities are
being incorporated into Dojo as well.

JavaScript-the-language could support multithreaded programming to
the same degree that C++ or Python does, of course, but that
doesn't make it a good idea.

The Tamarin project [31] should bring JavaScript's performance to
equal or better that of Perl and Python, which would be a major
improvement.  It still probably won't make Yaron happy, since it
will still be one or two orders of magnitude slower than Java and
C#, but the things people will complain are too slow will be
things they don't even try now.

So of Yaron's three complaints about JavaScript-the-language, he
is simply wrong about two of them --- they are advantages of
JavaScript, not disadvantages --- and the third should improve
dramatically soon.

With regard to the other problems:

Yaron is acutely aware of the importance of location-transparency,
which is why he says "*transient* local storage model".  I agree
with this complaint, but obviously it's a problem with the browser
environment, not JavaScript the language.  Brad Neuberg's
dojo.storage [32] uses Flash to get around the problem, and the
entire section 5.3 [33] of the new HTML 5 or "Web Applications
1.0" spec [34] is devoted to solving this problem in the browser;
this facility as described in the HTML5 spec is shipping in
Firefox 2.0.

The "inability to act as a true server" is also just an
environmental problem.  I think it's a helpful inability for
sandboxing, but it's not just untrusted JavaScript apps that can't
support incoming connections from the outside world --- neither
can the browser as a whole, so any information you store locally
is not available to the rest of the world (defeating
location-transparency).  So I agree with this complaint as well.

Most of the other complaints I've heard about JavaScript are
either relatively inconsequential annoyances, or duplications of
the above [37] [38] [39].

* There's nothing wrong with the traditional desktop-app approach,
  and AJAX and JavaScript and DHTML are just dumb ideas. [7] [8]
  [13] [14]

I hope I haven't oversimplified the argument in the Slashdot
comments I cited; I think I have already sufficiently rebutted
this argument above.

* DHTML is too slow and memory-intensive. [8] [10]

This is true, and it's also true of XUL.  Tamarin [31] will
probably help some with this.  I don't know how to solve it in
general.

* Yes, we need an "application browser" platform that's designed
  for applications rather than documents, but has the advantages
  of a web browser. [10] [11]

That's my point of view.  The next essay is about what it should
look like.

* What's wrong with the Web is mostly that it doesn't work
  reliably, not that it's insufficiently feature-rich. [15]

Also, it's slow.  The solution I will propose in the next essay
focuses primarily on removing reliability problems rather than
adding features.

Conclusion
----------

Today there are many compelling advantages to writing new programs
as browser apps, but the browser has some disadvantages as an
application platform as well.

In this essay, I have rejected many solutions proposed by Slashdot
posters.  In the next essay, which I plan to publish Thursday, I
will present a design sketch for a browser platform that
eliminates the browser-app disadvantages I've identified here, by
means of a peer-to-peer document namespace, supporting browser
apps as rich as those we have today, but without the problems of
security and trustworthiness that plague current browser apps.

Thanks
------

Danny O'Brien, Lawton Chan, Alex Russell, Donovan Preston, David
Braginsky, Ben Sittler, and Eric Tiedemann have helped with this
essay; I greatly appreciate their help and their insights.  But
it's not their fault.

Footnotes
---------

(a few of these pertain to the next part of the essay)

[0] "How Would You Usurp the Web Browser?", ask.Slashdot article,
2006-11-21
 > http://ask.slashdot.org/article.pl?sid=06/11/21/0433212

[1] "cyclomedia"
 > http://www.cyclomedia.co.uk/

[2] "Can the Web Survive v3.0", Slashdot article, 2006-11-19
 > http://slashdot.org/article.pl?sid=06/11/19/1516236&tid=95

[3] Comment from "Z0mb1eman" (http://www.bloored.com/)
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16925626

[4] Comment from "suv4x4"
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16927666

[5] Comment from "plopez"
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16925652

[6] Comment from "illuminatedwax"
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16925814

[7] Comment from "SuperKendall"
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16925854

[8] Comment from "jd"
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16925856

[9] Comment from "Animats" (http://www.animats.com/)
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16926148

[10] Comment from "wikinerd" (http://www.wikinerds.org/)
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16926626

[11] Comment from "Pfhorrest"
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16926220

[12] Comment from "nickos"
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16925676

[13] Comment from "Squid" (http://flyingmice.com/squid/)
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16926372

[14] Comment by "scdeimos"
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16926372

[15] Comment from "dpbsmith" (htttp://www.dpbsmith.com/)
 > http://ask.slashdot.org/comments.pl?sid=207664&cid=16928458

[16] "The next software revolution wears black leather", by Kevin
Barnes, 2005-11-09
 > http://codecraft.info/index.php/archives/41/

[17] "AJAX is great, except for the J and the X", by Yaron Goland,
2006-12-19
 > http://www.goland.org/beyondthebrowser/

[18] "People, places, things, and ideas," by Kragen Sitaker,
originally posted to kragen-tol on 1999-01-06
 > http://lists.canonical.org/pipermail/kragen-tol/1999-January/000322.html
Also available on the GNU "Philosophy" pages at
 > http://www.gnu.org/philosophy/kragen-software.html

[19] "The equivalent of free software for online services," draft
by Kragen Sitaker, posted to kragen-tol on 2006-07-28
 > http://lists.canonical.org/pipermail/kragen-tol/2006-July/000818.html
Referenced in Mike Linksvayer's "Free software needs P2P"
 > http://gondwanaland.com/mlog/2006/07/28/free-software-p2p/
and in "open data, APIs, and data formats - lots of small pieces
and a platform" by John Allsopp, 2006-09-04
 > http://microformatique.com/?p=22
and in "Was ist ein freier Webdienst? (Beinahe zurück aus dem
Urlaub...)", 2006-08-01
 > http://log.netbib.de/archives/2006/08/01/was-ist-ein-freier-webdienst-beinahe-zuruck-aus-dem-urlaub/
and in "kragen rides again-", by Luis Villa, 2006-08-05
 > http://xent.com/pipermail/fork/Week-of-Mon-20060731/042375.html

[20] Some of Greenspun's writing along these lines is in "A Future
So Bright You'll Need to Wear Sunglasses", one of the chapters of
his book, "Philip & Alex's Guide to Web Publishing", online at
 > http://philip.greenspun.com/panda/future
Warning, this page contains photographs of naked women.

[21] "The Other Road Ahead", by Paul Graham, September 2001,
 > http://www.paulgraham.com/road.html

[22] "Architectural Styles and the Design of Network-based
Software Architectures", Roy Fielding's doctoral dissertation,
2000; see chapter 5 in particular for the explanation of REST.
 > http://roy.gbiv.com/pubs/dissertation/top.htm

[23] "The Rule of Least Power", W3C Technical Architecture Group
Finding, edited by Tim Berners-Lee and Noah Mendelsohn, 2001-02-23
 > http://www.w3.org/2001/tag/doc/leastPower.html

[24] The Dojo Toolkit is a successor to, among other things,
NetWindows, and it includes a module system for JavaScript in the
browser.
 > http://www.dojotoolkit.org/

[25] JSAN, the JavaScript Archive Network, also has a module
system for JavaScript in the browser; I only know about this
because MochiKit [29] supports both the Dojo and JSAN module
systems.
 > http://www.openjsan.org/doc/c/cw/cwest/JSAN/0.10/lib/JSAN.html
 > http://use.perl.org/~schwern/journal/24112

[26] "Why Multithreading Sucks, Using Mojo Nation As An Example",
by Zooko O'Whielacronx, 2001-07-17, describing real-world
experience changing from threading to event-driven processing.
 > http://www.eros-os.org/pipermail/e-lang/2001-July/005410.html

[27] "Why Threads are a Bad Idea (for most purposes)", by John
C. Ousterhout, 1995-09-28 --- a PowerPoint presentation,
unfortunately.
 > http://www.softpanorama.org/People/Ousterhout/Threads/index.shtml

[28] Twisted Python is an industrial-strength framework for
building single-threaded event-driven programs (especially
networked programs) in Python.
 > http://www.twistedmatrix.com/

[29] MochiKit is a JavaScript library from some Twisted hackers;
it includes more than Twisted-style asynchronous-event handling
with Deferreds, but it does have that.
 > http://mochikit.com/

[30] "The right default: concurrent components with message
passing", by Peter van Roy, on the Lambda the Ultimate blog's
discussion forums, 2004-08-16
 > http://lambda-the-ultimate.org/node/view/193
referring to "Concurrent Components With Message Passing"
 > http://www.info.ucl.ac.be/~pvr/bookcc.html

[31] The Tamarin project is the integration of Macromedia's
newly-open-source ECMAScript (JavaScript) implementation into the
Mozilla core, in order to make Mozilla (Firefox, Iceweasel,
Thunderbird, etc.) run JavaScript faster.  This is the
ActionScript engine from Flash, and it's about an order of
magnitude faster than the JavaScript engine currently in Mozilla.
 > http://www.mozilla.org/projects/tamarin/

[32] dojo.storage is part of the Dojo Toolkit [24].  It started
life as "AMASS".
 > http://codinginparadise.org/weblog/2006/04/now-in-browser-near-you-offline-access.html

[33] Currently section "5.3. Client-side session and persistent
storage" of "Web Applications 1.0 Working Draft --- 23 November
2006", also known as HTML5.
 > http://whatwg.org/specs/web-apps/current-work/#scs-client-side

[34] Since the W3C abandoned the development of the HTML spec in
the wake of the 1990s browser wars, the WHATWG or Web Hypertext
Application Technology Working Group recently began a new version
of the HTML specification:
 > http://whatwg.org/specs/web-apps/current-work/

[35] "Client-local storage", currently section 6.1.1 of the "Gecko
1.9 Roadmap", in a "desired" section --- so it may not make it in.
 > http://wiki.mozilla.org/Gecko_1.9_Roadmap#Client-local_storage

[36] XUL is an "XML user-interface language" similar to HTML (and
which can embed HTML elements) used for defining UIs for Firefox,
Thunderbird, and other Mozilla apps.  You can also load XUL files
in Firefox as web pages.  It's just like HTML, but with normal GUI
widgets instead of text.
 > http://www.mozilla.org/projects/xul/

[37] "JavaScript sucks ass, part one million", by Donovan Preston,
2005-10-05
 > http://ulaluma.com/pyx/archives/2005/10/javascript_suck.html

[38] "JavaScript Sucks (volume 2)", by Bob Ippolito, 2005-07-18;
this explains a lot of the motivation behind creating MochiKit
[29].  See also [39].
 > http://bob.pythonmac.org/archives/2005/07/18/javascript-sucks-volume-2/

[39] "JavaScript Sucks (volume 1)", by Bob Ippolito, 2005-06-02;
see also [38].
 > http://bob.pythonmac.org/archives/2005/06/02/javascript-sucks-volume-1/

[40] Greasemonkey is a Firefox extension that runs user-specified
bits of JavaScript when web pages load, so that users have as much
control over the page as the page author.  It uses "deep
XPCNativeWrappers [42]" to interpose a membrane [41] between the
user's JavaScript and the page's, so that the user's script can do
things the page JavaScript can't, such as talk to other web
servers.
 > http://greasemonkey.mozdev.org/

[41] The Membrane Pattern is a common access-control abstraction
in capability security systems; it supports revocability, and in
some circumstances can compensate for violations of security
hygiene by other parts of the system.
 > http://www.eros-os.org/pipermail/e-lang/2003-January/008434.html

[42] XPCNativeWrappers are proxy objects used to amplify the
authority (in a capability-security sense) granted by holding a
reference.
 > http://kb.mozillazine.org/XPCNativeWrapper

[43] "DHTML persistence: a design for a generic Ajax server-side",
by Kragen Sitaker, 2005-04-10
 > http://lists.canonical.org/pipermail/kragen-tol/2005-April/000769.html

[44] Alex Russell publicized the term "Comet," invented by
Jennifer Tharp, to describe a technique independently invented in
1999-2001 by him, some part of the team that started KnowNow
(Rohit Khare, Adam Rifkin, Peyman Oreizy, Dave Long), Brad
Fitzpatrick, Donovan Preston, Just van den Broecke, and probably
several other groups; the technique allows a web server to send
events asynchronously to a web browser by virtue of continuing an
HTTP response for a long time.  Alex introduced the term in a talk
at Emerging Technologies Conference 2006, and in a blog post
"Comet: Low Latency Data for the Browser" on 2006-03-03.
 > http://alex.dojotoolkit.org/?p=545

[45] Sproutliner is a free-software AJAX outliner with columns,
intended for use as a to-do list.
 > http://sproutliner.com/

[46] "MAGNET v0.1", by Gordon Mohr, 2002-06-17, draft of the
MAGNET URI specification for (among other things) linking to files
by content hashes.  May or may not be suitable for things like
inline images, since it specifies that the link leads to "a page
of options", not the linked file itself.
 > http://magnet-uri.sourceforge.net/magnet-draft-overview.txt

[47] David's Advanced Revision Control System is a radically
decentralized system similar to Arch.  [need more explanation]
 > http://www.darcs.net/

[48] "Robust Composition: Towards a Unified Approach to Access
Control and Concurrency Control", by Mark Samuel Miller, 2006-05;
describes the capability security landscape more clearly than
anything I've read previously.
 > http://www.cypherpunks.to/erights/talks/thesis/markm-thesis.pdf

[49] Ajax is a style of building web applications in which
JavaScript in the web page communicates with the server without
reloading the page; see "Ajax: A New Approach to Web Applications"
by Jesse James Garrett, 2005-02-18
 > http://www.adaptivepath.com/publications/essays/archives/000385.php

[50] "NewI\O"
 > http://newio.blogspot.com/

[51] "Macromedia Central", by John Dowdell, no date given
 > http://www.adobe.com/devnet/jd_forum/jd027.html

[52] A timeline of early Google Maps mashup development; see also
http://en.wikipedia.org/wiki/Google_Maps#Development, which
includes most of these dates.

  2005-02-08 Google Maps announced:
    > http://news.com.com/Google+finds+its+map+service/2100-1024_3-5567274.html
      "Google finds its map service" by Margaret Kane, 2005-02-08
    > http://googleblog.blogspot.com/2005/02/mapping-your-way.html
      "Mapping your way", by Bret Taylor, 2005-02-08 (the announcement)
  2005-03-15 or earlier: Paul Rademacher unveils HousingMaps,
    which merges Craigslist apartment listings with Google Maps
    > http://www.housingmaps.com/
    > http://www.ramsayhome.com/2006/03/15/housingmaps-new-home-research-tool/
      "HousingMaps - a web mashup, great for home researching", by
      an anonymous author on ramsayhome.com, 2006-03-15
    > http://googleblog.blogspot.com/2005/04/bird-view_15.html 
      "Bird view" by Michael Krantz, 2005-04-15, points at
      HousingMaps
    > http://ajax.sys-con.com/read/211147.htm 
      "Founder of HousingMaps.com Drills Down at "Real-World AJAX"
      Seminar in San Jose: Paul Rademacher Reveals the
      Nitty-Gritty Aspects of Building AJAX Apps", author
      anonymous, 2006-04-24
    > http://www.newmediamusings.com/blog/2005/05/housingmaps_bri.html
      "Housingmaps: brilliant!", by JD Lasica, 2005-05-31
  2005-04-09: chicagocrime.org domain first registered, later used
    for mashup of Chicago police blotter information and Google
    Maps (this date is from whois)
  2005-04-19: Adrian Holovaty unveils Chicago Transit Authority
    map using Google Maps
    > http://www.holovaty.com/blog/archive/2005/04/19/0215
      "Chicago Transit Authority map on Google Maps", by Adrian
      Holovaty, 2005-04-19
    > http://news.com.com/2061-10803_3-5687691.html 
      "Google Maps, meet Craigslist real estate", by Stephen
      Shankland, 2005-04-27, mentions Housingmaps and Adrian
      Holovaty's Chicago Transportation Authority maps
  2005-05-16 or earlier: Daniel Catt unveils Geobloggers, a mashup
    of Flickr with Google Maps; Gregory Sadetsky unveils a mashup
    of real-time traffic information with Google Maps
    > http://www.wired.com/news/culture/0,1284,67514,00.html 
      "Hey Google, Map This!", by Daniel Terdiman, 2005-05-16,
      mentions that the Google API didn't exist yet at publication
      time, and also lists Gregory Sadetsky's traffic-information
      mashup, Adrian Holovaty's Chicago transit map, and Daniel
      Catt's Geobloggers Flickr/Maps mashup;
  2005-05-23 or earlier: Adrian Holovaty (anonymously?) unveils
    ChicagoCrime.org, a mashup of Chicago police blotter
    information with Google Maps
    > http://slashdot.org/articles/05/05/23/115204.shtml 
      "Google Map Hack & Chicago Crime Data", by Hemos,
      2005-05-23, lists HousingMaps and ChicagoCrime.org
  2005-06-29: Google announces Google Maps API
    > http://googleblog.blogspot.com/2005/06/world-is-your-javascript-enabled_29.html
      "The world is your JavaScript-enabled oyster", by Bret
      Taylor, 2005-06-29, announcing the Google Maps API
    > http://www.google.com/press/annc/maps_api.html
      "Google Maps API", 2005-06-29, by some anonymous illiterate
      inside Google, also announcing the Google Maps API
    > http://google.dirson.com/post/1444/ 
      "Lanzada la API para Google Maps", by an anonymous author,
      2005-06-30, says that Google had just launched a Google Maps
      API

[53] "DynamicTyping" by Martin Fowler, 2005-03-14
 > http://www.martinfowler.com/bliki/DynamicTyping.html

[54] "Are Dynamic Languages Going to Replace Static Languages?" by
Robert C. Martin, 2003-04-26
 > http://www.artima.com/weblogs/viewpost.jsp?thread=4639

[55] "Strong Typing vs. Strong Testing" by Bruce Eckel, 2005-02-03
 > http://mindview.net/WebLog/log-0025 

[56] "Crossing borders: Delayed binding" by Bruce Tate, 2006-11-07
 > http://www-128.ibm.com/developerworks/java/library/j-cb11076.html?ca=drs

[57] "Language Fermentation", by Tim Bray, 2003-05-08
 > http://www.tbray.org/ongoing/When/200x/2003/05/08/FutureLanguage

[58] "Duck Typing Defended", by Hans Fugal, 2006-07-08
 > http://hans.fugal.net/typo/articles/2006/07/08/duck-typing-defended


More information about the Kragen-tol mailing list