Fri, 28 Apr 2006 5:18 UTC
Well, it’s been long enough. It’s time to polish off the ol’ blog and start blogging again. So, while everyone’s down in sunny Orlando blogging about php|tek, I’m sitting right here 12 hours away (by car; 1.5 hours by plane) in Atlanta in my new home office, enjoying the scent of new office furniture—which is most likely just the scent of pressed fiberboard, or something. But, hey, I don’t care how it smells as long as it’s a good tax write-off.
Speaking of the new home office, I’ll take a short little aside to remedy something of which Lig reminded me: “if it’s not blogged, then it didn’t happen.” In short, I have a shiny, new job as an Engineer with Art & Logic, and that’s all I’ll say about that for now.
Now, for the more interesting piece of this post, as indicated by the title. Apparently, the Web APIs Working Group at the World Wide Web Consortium (W3C) published on April 5th a working draft for a forthcoming recommendation on the XMLHttpRequest object, the JavaScript object that gives AJAX it’s power.
The draft does not yet introduce any new features to XMLHttpRequest and serves merely to advance the purpose of the Web APIs WG, which is to document existing APIs, as well as develop new ones. Nevertheless, I think this is a great step forward for standardizing AJAX. Currently, developers must take into consideration both the (now) standard way of creating an XMLHttpRequest object:
var req = new XMLHttpRequest();
and the MSIE way of creating one (which was actually the first way of doing it, though it uses Microsoft’s ActiveX technology):
var req = new ActiveXObject("Microsoft.XMLHTTP");A standard would provide grounds for agreement between browser makers and developers. Unfortunately, as history has shown, browser makers—ahem Microsoft—are wont to follow their own whims, creating their own standards. The working draft of the recommendation addresses this problem:
The XMLHttpRequest object is implemented today, in some form, by many popular Web browsers. Unfortunately the implementations are not completely interoperable. The goal of this specification is to document a minimum set of interoperable features based on existing implementations, allowing Web developers to use these features without platform-specific code. In order to do this, only features that are already implemented are considered. In the case where there is a feature with no interoperable implementations, the authors have specified what they believe to be the most correct behavior.
The recommendation will seek to provide developers with a standard form of AJAX that will work across all browsers. This is only one of the W3C’s first forays into Web API standardization, though, and it appears that they have many others planned.
The W3C has consistently provided Web developers with good, solid recommendations over the course of the past twelve years, and I laud their efforts as they continue their work by providing recommendations for Web APIs.
7 Comments »
Permalink
Tags: ajax, standards, w3c, web-2.0
Thu, 27 Oct 2005 15:36 UTC
I’ve just finished reading Chris Shiflett’s Essential PHP Security, and I have to say that it’s a great book. It’s very small—weighing in at only 109 pages (including the appendices and index)—but I think Chris feels this is its main draw. Indeed, it’s a quick and easy read, but that doesn’t mean it’s lacking in thoughtful and careful attention to detail—on the contrary. Rather, Chris has created a very concise and easy-to-read guide to Web application security. The language is clear, as are the examples.
For anyone who’s ever attended one of Chris’s talks on PHP security, this is the ultimate companion. For those who haven’t had the privilege of sitting in on his talks, this book is everything that you’re missing.
It’s available on Amazon for $19.77.
Now, for some fun, I used the Rednoize MD5 database mentioned in Chapter 3 of Essential PHP Security to create a little AJAX application to create MD5 hashes of strings, as well as check for the existence of a hash in the MD5 database. According to the Rednoize blog, there are over 2 million MD5 hashes stored with their counterparts in the database. In addition, I’m using Paul Johnston’s JavaScript MD5 library to handle the string-to-MD5 conversion on the client side (rather than sending an extra request to the server).
Now, on the Rednoize MD5 site, when you enter a string (as opposed to an MD5 hash) that does not exist in the database, it automatically creates a hash of that string and adds it to the database. Thus, you should beware if you enter your own passwords, for then, your passwords and their corresponding MD5 hashes will be in the database. My implementation does not do this, however. If the string entered is not exactly 32 alpha-numeric characters, then it will not try to retrieve a value for it from the MD5 database.
If you want, give my little MD5 reversal application a try.
UPDATE: The MD5 database does not appear to store string values longer than 32 characters; it appears to truncate strings at 32 characters and save the MD5 hash of the truncated string. So, be sure all your passwords are > 32 characters. 
UPDATE (6 Nov ‘05): I’ve moved my MD5 hash lookup application to http://md5.benramsey.com/, where it will live on a permanent basis.
8 Comments »
Permalink
Tags: ajax, books, md5, php, security
Mon, 13 Jun 2005 14:30 UTC
I was recently asked about my thoughts on Ajax, and I thought my response would make for a good, though-provoking post. Here’s how I responded:
Ajax strikes me as one of those fads that pops up from time to time. The difference here is that we’ve had the technologies to use what is now known as Ajax for years—it’s just that now it has a snazzy name and some people are doing very cool things with it (i.e. Google Maps). The other difference is that Internet accessibility has vastly improved: browsers today are more standards-compliant and have greater support of Javascript/DHTML and XML; more people are connected via broadband connections than ever before. So, we can no longer say that people on dial-up or people using old browsers are holding us back from making use of this technology.
Hmm… I think I’ve just convinced myself that it’s here to stay.
However, if it is just a fad, then it hasn’t yet peaked. I think we’ll at least see some very cool things come out of Ajax use over the next couple of years before Ajax itself evolves into something else. Hey, if anyone thought that DHTML had come and gone, then take a look at Ajax—it’s really what DHTML is evolving into.
In just a few short months, Adaptive Path has coined a new term and managed to create a frenzy around this “new” technology that’s already about eight years old. I find this in and of itself utterly amazing! The term Ajax has become a meme among Web developers.
Still, the introduction of the name seems to have created a bit of confusion among the developer community over what it really is, as evidenced by some of the questions from the Ajax Q&A.
What are your thoughts on Ajax?
For more reading on Ajax, check out the following blog posts:
1 Comment »
Permalink
Tags: adaptive-path, ajax, memes
