Ajax ?

[surfunbear]

I have started studying an Ajax book I bought. It occured to me to ask
if Ajax could have found a niche that Java doesn't have and if that
could develop into a new technology or paradigm ? I have studied java
and applets a bit, but it seems to me that Ajax is doing something that
java never was designed to do (except with a plug in etc) and that Ajax
is possibly moving twards a new web technology. Will Java also move in
that direction ?
Might future versions of IE allow applets without a plug in or would
Micros Soft try to prevent that ?

 

[dingbat]

It occured to me to ask
if Ajax could have found a niche that Java doesn't have and if that
could develop into a new technology or paradigm ?

Ajax doesn't do anything that can't be done with Java, but it's clear
that Ajax _is_ doing things that were never widely done with Java
applets. Ajax has a relatively lightweight footprint on the client,
particularly for download and first-execution times. It seems that the
marketplace out there prefers one large heavyweight control installed
once, then a very thin scripting language, rather than a medium-weight
Java applet each time.

Java applets also typically provided a different user interface, where
they took over a rectangle of browser window and operated within it
with AWT, whereas Ajax apps are typically light on "GUI features" and
instead work much more with the browser's HTML DOM. Again there's no
hard and fast rule about one or the other, but popularity seems to
align with practicality more closely for Ajax than for Java applets.

Java applets are also basically unfashionable. A technology of the late
'90s that peaked before the platform could really cope (JVM or network
bandwidth). As a result they've always been regarded as slow, unwieldy
and ugly. Ajax is almost as old (it really began in '99) but stayed
hidden for some years before it was noticeable. By the time Ajax
emerged into public view, it was already a powerful and well-developed
technology.

 

[Thomas Weidenfeller]

I have started studying an Ajax book I bought. It occured to me to ask
if Ajax could have found a niche that Java doesn't have

No, it doesn't. AJAX is a rehearsal of a very, very old theme:

Client/Server computing

The idea is even much older than the web. With the added twist that the
client code is loaded from remote. But that added twist is also not
exactly new. It is only that the New Bubble 2.0 guys need to find some
poster child "breakthrough technology" to start to pump up the bubble
again.

Regarding Java, Java could do that right from the beginning, and of
course still can do it. The Java technology to deliver and execute
client software in a web-based client/server setup is called Applets.

Applets didn't catch up due to a number of reasons (to early, to slow
for the networks at that time, horrible VM implementations in browsers,
incompatible VMs in browsers, to long startup times, too much nonsense
demo applications (dancing whatever stuff), very few experienced
programmers, to much hype, etc.).

and if that
could develop into a new technology or paradigm ?

People who want to get rich quick on the 2.0 thing will of course agree.
From a technical point of view it is stone age (in computer terms). It
already smells.

I have studied java
and applets a bit, but it seems to me that Ajax is doing something that
java never was designed to do (except with a plug in etc)

Applets were right from the beginning designed to do client/server
computing the way AJAX does.

The need for a plug-in is an implementation detail. Just like JavaScript
(the lanaguage for AJAX) today is build-in into all mainstream browsers,
there once was a time when a Java VM was build into them.

Might future versions of IE allow applets without a plug in or would
Micros Soft try to prevent that ?

MS flighted very hard and paid a lot of money in compensation to Sun to
keep Java out of the Windows world and make the Java experience on IE as
painful as possible. The plugin-solution is probably here to stay for a
long time.

/Thomas

 

[Roedy Green]

I have started studying an Ajax book I bought. It occured to me to ask
if Ajax could have found a niche that Java doesn't have and if that
could develop into a new technology or paradigm ? I have studied java
and applets a bit, but it seems to me that Ajax is doing something that
java never was designed to do (except with a plug in etc) and that Ajax
is possibly moving twards a new web technology. Will Java also move in
that direction ?
Might future versions of IE allow applets without a plug in or would
Micros Soft try to prevent that ?

Personally I think Ajax is a piece of bailing wire and chewing gum
trying to handle problems that Java or some other secure client side
technology should be doing. However, Microsoft has at every
opportunity done all it could to derail Java. They can't very well
deliberately derail their own piece of garbage, now dignified as
ECMASCRIPT.

It is only a matter of time until a big security scare pulls
JavaScript from corporate desktops. Then where will everyone be who
built their houses on the JavaScript sand?

 

[Daniel Dyer]

Personally I think Ajax is a piece of bailing wire and chewing gum
trying to handle problems that Java or some other secure client side
technology should be doing. However, Microsoft has at every
opportunity done all it could to derail Java. They can't very well
deliberately derail their own piece of garbage, now dignified as
ECMASCRIPT.

I agree with the first point, but for historical accuracy, it was Netscape
Corp. that first forced JavaScript upon us. Microsoft was pushing its own
VBScript. When Microsoft implemented JavaScript-work-alike JScript in IE
the choice became one of using VBScript and only having your script work
in IE, or use JavaScript and have it work in Netscape and IE. I vaguely
recall that there was also a PerlScript language that worked in at least
one of the major browsers.

It is only a matter of time until a big security scare pulls
JavaScript from corporate desktops. Then where will everyone be who
built their houses on the JavaScript sand?

Extremely unlikely. If security problems exist they will be patched
somehow. There are far too many sites that rely on JavaScript in order to
work properly for it to be practical for any corporate IT department to
banish it.

Dan.

 

[Roedy Green]

Extremely unlikely. If security problems exist they will be patched
somehow. There are far too many sites that rely on JavaScript in order to
work properly for it to be practical for any corporate IT department to
banish it.

JavaScript installs software. If you take that away from it, a lot
will stop working.

 

[David Segall]

It is only a matter of time until a big security scare pulls
JavaScript from corporate desktops. Then where will everyone be who
built their houses on the JavaScript sand?

How do you justify this assertion? JavaScript does not provide any way
to alter the file system or gain net access which are the most likely
causes of trouble.

It has not yet happened and I don't doubt that many clever people have
worked on it. Meanwhile, browsers have been hardened against several
other attacks on privacy and security.

JavaScript may be involved in a "big security scare" for the same
reasons of convenience and responsiveness that makes it used in other
applications. I can't see how it will be the cause of the problem.

 

[David Segall]

I have started studying an Ajax book I bought. It occured to me to ask
if Ajax could have found a niche that Java doesn't have and if that
could develop into a new technology or paradigm ? I have studied java
and applets a bit, but it seems to me that Ajax is doing something that
java never was designed to do (except with a plug in etc) and that Ajax
is possibly moving twards a new web technology. Will Java also move in
that direction ?
Might future versions of IE allow applets without a plug in or would
Micros Soft try to prevent that ?

Microsoft are fully supporting Ajax. So much so that they have renamed
it Atlas <http://atlas.asp.net/> and, no doubt, are working on ways to
make it totally incompatible with J2EE Application Servers. Meanwhile,
they claim it is "Based on existing standards – DHTML, JScript,
XMLHttp, CSS, etc.".

 

[Roedy Green]

JavaScript does not provide any way
to alter the file system or gain net access which are the most likely
causes of trouble.

You are saying that JavaScript has a sandbox like Java? How then do
so many programs install themselves with it?

 

[Timo Stamm]

You are saying that JavaScript has a sandbox like Java? How then do
so many programs install themselves with it?

JavaScript is ECMA262 + DOM. These specs do not define any methods for
file system access.

You can't install anything using JavaScript on a web site.


Timo

 

[Lasse Reichstein Nielsen]

You are saying that JavaScript has a sandbox like Java?

Not really. The language has no security model at all, mostly because
there is nothing in the language that can be unsafe.

JavaScript/ECMAScript is a "pure" language with no standard library or
expected runtime environment. It has no I/O facilities.

When an ECMAScript implementation (like JavaScript, JScript or the
script engine in Opera) runs in a browser, the runtime environment
is populated with a suite of host objects, e.g., the W3C DOM
and the so-called DOM 0 (which includes methods like setTimeout
and alert).

If the host objects allow access to abusable resources, they must
have their own security model to prevent abuse. Since security
is hard, this sometimes fails.

Javascript running in the scope of a PDF document would have a
different runtime environment, with different objects and methods
available.

How then do so many programs install themselves with it?

Not understood. Are you referring to malicious code abusing
flaws in the security of a browser to install malware?

/L

 

[David Segall]

You are saying that JavaScript has a sandbox like Java?

I suppose it does although I would not have looked at it that way.
From that view point the interpreter in the browser is the virtual
machine and the JavaScript downloaded from the web can only perform
operations that are permitted by the browsers "VM". There are no
instructions in the JavaScript language, and hence in the VM, to alter
the local file system or gain Internet access. Modern browsers also
impose additional restrictions. e.g. the interpreter will not permit
the script to close a window it did not open or create a window the
user can't see.

How then do
so many programs install themselves with it?

I don't understand this question. The JavaScript that is downloaded
from a web site by a browser is not installed (i.e. written to the
user's file system).

If a program is installed by the user then it can install almost
anything it likes "with it". However, I assumed we were discussing the
potential risks of JavaScript embedded in web pages and interpreted by
web browsers.

 

[Roedy Green]

I don't understand this question. The JavaScript that is downloaded
from a web site by a browser is not installed (i.e. written to the
user's file system).

I have always blamed the holes in JavaScript for abortions like Comet
Cursor that simply by visiting a website suddenly your cursor turns
into Nelson Mandela's head. They somehow installed software on my
machine without my permission.

JavaScript most certainly sends data to servers without my permission
and does all kinds of downloading of JavaScript texts I cannot follow.
It also generates HTML pages it refuses to show me.

There is also the matter of websites tormenting you opening a million
windows. Like the Hydra of Greek mythology, every time you close
one, two more spring in its place.

It seems to me turning JavaScript off goes a long way to protecting
you from malicious websites. If JavaScript is as blameless as you
claim, why would that be? What components are causing the trouble?

JavaScript seems to be able to take over your entire browser, not just
the display from a single site.

 

[Gordon Beaton]

It seems to me turning JavaScript off goes a long way to protecting
you from malicious websites. If JavaScript is as blameless as you
claim, why would that be? What components are causing the trouble?

JavaScript seems to be able to take over your entire browser, not
just the display from a single site.

I think your *browser* is to blame for allowing these things to
happen, not the language per se.

/gordon