Follow up to previous post regarding SAAVIS

Leen Besselink leen at consolejunkie.net
Sat Aug 15 18:46:33 CDT 2009


Keith Medcalf wrote:
>> ... Dont know what web 2.0 is but the new portal is a web based 
>> object management system complete
>> with "recommended" changes and inconsistency lists.
>> We just added prefix allocation check with backend information
>> from PCH (prefix checker tool).
> 
> Web 2.0 is marketroid drivel-speak for a method of continuing to ensure that Web Applications
> are uninspectable and unsecurable.  It is based on doing partial document refreshes using code
> executing within the browser, usually in such a fashion that it modifies the document tree
> directly through foreign (ie, from the net) code execution in the context of the current
> user (or, because of the zillions of holes in those browsers supporting code execution,
> with the priviledges of the OS itself).
> 
> It is highly insecure and cannot be secured by any products currently available.  It is best
> to stay as far as possible from anything claiming that it is Web 2.0.  Hallmarks of Web 2.0
> are gratuitous javascript and java applications which cannot be disabled.  Enabling any type
> of even minimal security on any web site that is "Web 2.0" buzzword compliant results in the
> display of completely blank pages.  Web 2.0 pages will indirect all hyperlinks and navigation
> through javascript.  Not because it provides anything useful but rather in order to force
> people to enable dangerous crap in their browsers (javascript, java, Flash Virus, &c)
> 
> 

Their are people who do understand how to do these things right.

It's called progressive enhancement. [0] [1] Which means you don't need any fancy stuff to be
able to use it or read the content, but if you have support for it, it will add extra
convenience-features like search suggestions.

Also in certain ways things are starting to improve for example the HTML5 spec has a video-tag
[2] that's the only kinda of useful thing Flash is used for these days. Their is SVG and Canvas-
tag in the HTML5-spec as well, which means even less reason to use plugins.

The Chrome browser uses seperate processes with less priviledges to render the pages and run
scripts and plugins.

I'm just saying it's not all bad.

[0] http://en.wikipedia.org/wiki/Progressive_enhancement
[1] http://www.alistapart.com/articles/understandingprogressiveenhancement/
[2] Some may say, but their are no codecs specified, but the same is true for images, etc. and
I think images did pretty well
[3] http://en.wikipedia.org/wiki/Google_Chrome#Security




More information about the NANOG mailing list