Tough on Grease but Easy on Web Servers
LJ: For our readers who are unfamiliar with Ajax, can you describe what it is and what need it's filling?
Technically, Ajax refers to a specific technique: allowing a Web page to spawn a background thread to send a request to a server, receive a response and update the Web page dynamically without ever refreshing the page. In other words, with Ajax, you don't have to click on Form Submit and wait for the browser to come back with a new page to interact with a Web application. Instead, the Web app can be sending and receiving data constantly while you interact with a Web page.
A great example of how this changes the game is www.tadalist.com. That Web site offers a simple service: creating your own personal to-do list. But, if you use it, you'll quickly see that instead of the traditional clunky Web interface for marking to-do items as completed and adding new items and so on, you get this rich interface that lets you do things like add, complete and modify items, all without reloading the page.
For years, Web applications have had this awful reputation for sucky interfaces. We've all wished we could do better, and Ajax makes that possible.
LJ: A lot of people are using the phrase Web 2.0 now. What is Web 2.0, and what role is Ajax playing in building it?
BG: It turns out that the changes wrought on conventional Web applications by Ajax are so great that many folks are claiming it represents a rebirth of the Web—Web 2.0, as it were. Some people hate the meme, and others love it; I'm indifferent. But what is clear is that as of 2005, we're seeing a new wave of exciting Web applications, and Ajaxian techniques are at the heart of them.
For years, the de facto Web e-mail experience sucked. Sure, there was the odd browser-specific offering, such as Oddpost, but most of us were stuck with this crap interface that paled in comparison to a desktop app. Now, Google, Yahoo and others are offering these rich, cross-browser mail apps that rival and in some ways trump desktop offerings.
The Web computer store has followed the same UI that Dell pioneered in the late 1990s all this time—scroll down to the bottom of the screen and click on the refresh price button to figure out costs and so on—up until Ajax. Recently, Apple introduced a 2.0 revision of their Web store, and they finally got it right, introducing a live page that refreshes the price of the computer live as you change new options.
Amazon used to have this annoying little rating page—they had it for years—where you'd go and fill out this tedious Web form to rank your products. This year, using Ajax, they introduced a live rating system that lets you rank your stuff without leaving to go to a separate page or filling out a form—and reportedly the number of items being rated has increased by an order of magnitude.
On Ajaxian.com, the Web site I co-founded with Dion Almaer to track Ajax, we see new ventures based on new Ajax-powered Web applications springing up all the time. There's investment capital behind a lot of these concerns. It feels a little like the 1990s again.
So that's Web 2.0—a new energy in the Web, leading to exciting changes to some of our favorite sites, and a bunch of new sites we'll see over the next few months and years. This new energy is directly caused by Ajax—by the realization that this tired old Web medium has a bunch of new tricks in it after all.
Some might say, “Wait a minute—this Ajax stuff isn't new! It's been around for ages.” And indeed, that's true. Ajax is pretty much exactly what Microsoft called DHTML in 1997 (actually, it's a subset). Why has it caused all kinds of excitement in 2005? Well, it turns out that with the release of Mozilla 1.0, the key Ajax technologies become cross-browser. There wasn't a big press release or announcement—I think the Moz folks just did it to increase their compatibility with IE-specific sites—but as people discovered that DHTML was possible and easy in a cross-browser way, the Web lit up.
LJ: One of the biggest roadblocks to the deployment of Linux on the desktop is the requirement to run in-house developed applications, because in many companies these applications are written using Microsoft technologies that require Windows to be on the desktop. In those companies, this keeps Linux off the desktop. Is it realistic to think that Ajax could provide a way to build business applications that are truly OS-independent?
BG: Absolutely. The excitement of Ajax is what happens when you free developers from the Microsoft cage. All of the techniques that are lumped under the Ajax bandwagon were generally available on Internet Explorer first—some of them as long as eight years ago. These technologies—the ability to send a request from a Web page without refreshing, the ability to interact easily with the Web page DOM and so forth—were ignored by most developers until they become available in Mozilla/Firefox and Safari. Even though during this period IE enjoyed a ridiculously dominant share, the community just wasn't interested in cutting minority players out of the loop.
So I think that Ajax is all about platform independence, and the Web 2.0 meme took off only once the Ajaxian technologies were truly cross-platform.
Is Ajax powerful enough to build full-on business apps that are competitive with desktop offerings? That's hard to say. Certainly, the folks at zimbra.com think it is. Like many before them, they've created a Web-based PIM using Ajaxian techniques, but unlike many of their predecessors, they're openly gunning for Microsoft market share. Having seen the eye candy coming in Office 12, I wish them luck.
In fact, that leads me to an interesting point. Ajax means dramatically better Web applications than we've ever had before. But at the same time, we're seeing desktop technologies poised to take a quantum leap. Apple pioneered the revolution, introducing their beautiful OpenGL-based Quartz-rendering engine years ago. But now Microsoft, with their version (Direct3D-based Avalon), is taking gorgeous graphics mainstream, and they're going beyond Apple by making it easier to develop such applications than it is with Apple's tools.
And of course, the Linux community is keeping right up, offering the same type of effects on top of the Cairo-rendering library.
It will be very interesting to see what happens. Ajax takes the Web to the types of UIs that we've been doing in desktop applications for the past ten years, but just as this is happening, desktop applications are literally blasting off to the next level, and who knows when cross-browser techniques will catch up. Some might say it's all about meaningless eye candy, but man, sex sells.
Still, there's hope for Ajax. Firefox 1.5 and Safari .next introduce SVG support, meaning that Web applications will be able to render high-quality, interactive vector graphics live in the browser, and drive these graphics using Ajax techniques (SVG can be modified on the fly using the same DOM API that we use to modify HTML). That may make up some of the difference, but it's entirely unclear how well IE will support SVG (there may be a way to do it by bridging SVG to Microsoft-specific stuff, but it's unlikely IE will provide seamless native support).
Further complicating the mix is Java. Java hasn't had a good reputation for desktop applications in the past, but there are some major innovations in the desktop space coming in Java 6 (the next version, due out sometime in 2006), and they've got some exciting things on the drawing board for Java 7. With Quartz, Cairo, and D3D/Avalon, each of the major OS platforms has a really high-quality graphics rendering engine, able to power cool applications. If the Java folks can successfully bridge all of those engines into a meaningful common denominator—that would be amazing for the industry. I'm not holding my breath, but it's a real opportunity.
I got off on a tangent there, but yes—Ajax will power some exciting new cross-browser business applications, but at the same time, we're going to see desktop applications get jaw-dropping amazing. Time will tell which versions the market prefers.
LJ: I'm seeing the emergence of IDEs supporting Ajax development. Which of these do you see gaining traction? Or is everybody still just using vi and emacs?
BG: I see most folks using their traditional editors. There are some interesting Web-based editor tools out there, but nothing that I've seen anyone actually use.
LJ: As Ajax is really a client/browser-side technology, are you seeing server-side developers pick it up?
Prototype, Scriptaculous, dojo, DWR for Java folks, JSON for pretty much any language and many other tools can make it so easy to do all kinds of great Ajax effects.
LJ: Are there new security risks associated with Ajax development?
BG: Nothing fundamental, though there are a few exploits here and there that arise as we push the browsers in a new direction. However, I should mention Greasemonkey.
I hate Microsoft Money, and any other personal finance packages I've used. On the surface, they seem to have all of the right features, but the interface never quite works the way I want it to, and I'm constantly stuck doing these stupid manual tasks and jumping through hoops. What I really want is the ability to tweak the way the program's interface works.
While we've all known for ages that anything you send in HTML can be hacked and that our server endpoints need to be prepared to receive all kinds of malformed requests, as Ajax pushes more logic to the client, some of us may forget that lesson, and tools like Greasemonkey make it trivial for people to take advantage of poorly written applications.
Talk about exciting—finally, the ability for a community to take a commercial, off-the-shelf app and modify it easily to do all kinds of new things. You might argue that open source has empowered that for years, but the Greasemonkey concept takes that to a whole new level—a whole new audience that doesn't know how to use CVS, gcc, C++ and so on.
Ajax doesn't introduce new security risks, but it may facilitate the creation of insecure Web sites.
LJ: For many of our readers to get permission to use Ajax, they'll need reference sites to show their management. What are some good reference sites for Ajax development?
BG: Google Maps remains the flagship app. Of course, you should visit ajaxian.com, where we constantly showcase new Ajax applications. Check out zimbra.com to see the latest attempt at emulating a desktop app in a browser; Gmail is an example of a more Webish attempt at Ajax-style rich interaction. See some of the demos at script.aculo.us to see what's possible (easy drag and drop, transition effects and so on). Backbase.com (www.backbase.com) also offers some great demos of how Ajax can change specific vertical application types.
LJ: What are some good resources for our readers who are interested in learning?
BG: Some folks have said favorable things about our own site, Ajaxian.com, being a good resource. Dion Almaer—my Ajaxian partner and the site's editor—does a really good job of putting new information on the site daily. You'll definitely keep up with what's happening!
For the Ajax newbie, there are some great books coming out from all of the publishing houses, such as Ajax in Action from Manning, Ajax Foundations from Apress and more. Dion and I have got one coming out too: Pragmatic Ajax, published by the Pragmatic Press. My favorite bit in that book is a chapter where we walk you through building your own version of Google Maps from scratch.
LJ: Thanks for the opportunity to talk with you!
-- Kevin Bedell Editor in Chief, Linux Journal "Imagination is more important than knowledge" - Albert Einstein http://www.kbedell.com
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The Humble Hacker?
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
- New Container Image Standard Promises More Portable Apps
- Canonical and BQ's Aquaris M10 Ubuntu Edition Tablet
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide