SlideShare a Scribd company logo

Douglas Crockford - Ajax Security

Download as PPT, PDF
Web Directions, profile picture
Web Directions

The document discusses the limitations of software development in relation to Moore's Law, emphasizing that while hardware capabilities are steadily increasing, software productivity is lagging. It raises concerns about browser security models that hinder innovation and create vulnerabilities, suggesting that current web standards impede progress and require significant changes. The author advocates for a reevaluation of standards and more effective competition to foster innovation in web development.

Technology
1 of 78
Downloaded 262 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
Web Forward! Douglas Crockford Yahoo!
Gordon E. Moore
The complexity for minimum component costs has increased at a rate of roughly a factor of two per year ... Over the longer term, the rate of increase is a bit more uncertain, although there is no reason to believe it will not remain nearly constant for at least 10 years . 1965
 
Moore's prediction became a self-fulfilling prophesy. It cannot hold forever, but it is still holding now.
Processors, memory, disk storage, network bandwidth. Everything except software.
Software is not subject to Moore's Law. Software is subject to Murphy's Law.
Software productivity improves at a much slower rate. Doubling in 10-20 years, rather than 2 years.
Great Leaps of Software Plug boards. Machine codes. Symbolic assembly language. High level languages. Structured programming. Object oriented programming.
The next leap is overdue. Object oriented milestones: 1967 Simula 1980 Smalltalk 80 1995 Java
The next great leap might realize the dream of assembling software like Lego. Applications can be built by putting together components, each produced at an independent foundry. Components communicate, cooperate with each other.
Mashups! JavaScript is the mashup language! It is better suited to dynamic mashing than the conventional OO languages.
Unfortunately ...
The Web Is Under Attack!
Browser Security The biggest problem with the browser is its security model. The browser security model is inadequate to deal with the current generation of Ajax applications. The browser was not designed to do the things we are asking of it. Its weaknesses are blocking innovation.
The browser is not a safe programming environment. It is inherently insecure.
What can an attacker do when he gets some script into your page?
An attacker can request additional scripts from any server in the world. Once it gets a foothold, it can obtain all of the scripts it needs.
An attacker can make requests of your server. Your server cannot detect that the request did not originate with your application.
An attacker can read the document. The attacker can see everything the user sees.
An attacker has control over the display and can request information from the user. The user cannot detect that the request did not originate with your application.
An attacker can send information to servers anywhere in the world.
The browser does not prevent any of these. That's why they happen.
The consequences of a successful attack are horrible. Harm to customers. Loss of trust. Legal liabilities. Possible criminal penalties.
The vulnerabilities are required by Web Standards. The consequences of standard behavior, not bugs.
“ and God gave us the Web Standards, and deviation from the Web Standards is the source of All Evil!” There is no truth in that statement.
The web was once a driver of innovation. The web is now the obstacle of innovation. Web development requires mastery of the workaround. You can't work around security.
If there is script from two or more sources, the application is not secure. A mashup is a self- inflicted XSS attack.
Confusion of Interest Computer System Mode
Confusion of Interest System System Mode User
Confusion of Interest System System Mode User User User
Confusion of Interest CP/M MS-DOS MacOS Windows System Mode
Confusion of Interest System Mode The System cannot distinguish the interest of the user from the interest of any program. This enables floppy-borne viruses.
Confusion of Interest System Mode When networking is introduced, network-borne viruses are enabled.
Confusion of Interest User Browser System Mode Site Site Site The browser is a significant improvement, able to distinguish the interests of users and sites (in some cases).
But within a page, interests are confused. An ad or a widget or an Ajax library gets the same rights as the site's own scripts.
JavaScript got close to getting it right. Except for the Global Object. And some other bad parts. It can be repaired, becoming an object capability language.
An Introduction to Object Capabilities
A is an Object. Object A has state and behavior.
has-a Object A has a reference to Object B. An object can have references to other objects.
...because it has a reference to Object B. Object A can communicate with Object B...
Object B provides an interface that constrains access to its own state and references. Object A does not get access to Object B's innards.
Object A does not have a reference to Object C, so Object A cannot communicate with Object C. In an Object Capability System, an object can only communicate with objects that it has references to.
An Object Capability System is produced by constraining the ways that references are obtained. A reference cannot be obtained simply by knowing the name of a global variable or a public class.
There are exactly three ways to obtain a reference. By Creation. By Construction. By Introduction.
1. By Creation If a function creates an object, it gets a reference to that object.
2. By Construction An object may be endowed by its constructor with references. This can include references in the constructor's context and inherited references.
3. By Introduction A has a references to B and C. B has no references, so it cannot communicate with A or C. C has no references, so it cannot communicate with A or B.
3. By Introduction A calls B, passing a reference to C.
3. By Introduction B is now able to communicate with C. It has the capability .
If references can only be obtained by Creation, Construction, or Introduction, then you may have a safe system.
If references can be obtained in any other way, you do not have a safe system.
Good Object Capability Design is Good Object Oriented Design
Short term fixes Safe JavaScript subsets can offer some safety now. Caja, Cajita, ADsafe. Progress is also being made in Vat architecture. A vat is a leak-proof computing vessel. Capabilities can be used to allow communication between vats. Browser plugins, Google Gears.
Three Possible Solutions Safe JavaScript subsets. Timeframe: Immediate Communicating Vats. Timeframe: Intermediate Secure Programming Language. Timeframe: Distant All of the Above.
How Do We Move the Web Forward?
Browser War! Never again.
The Web Depends on Standards Openness is hugely attractive. The standards are bad. In order to change the web, we must change its standards.
A revision to a standard is an act of violence. Surgery. Pain. Injury. Inconvenience. Users of web standards cannot opt out.
Not only are the web's standards broken, the web's standards process is broken.
Design by Committee. Porkbarrel standards making.
Minimalism should be highly valued in standards. Committees are not good at minimalism.
The standards process is entertaining too much speculative technology. ECMAScript's Close Call
ECMAScript The ES4 Proposal contained a lot of pork. It lacked a credible value proposition. The design progress went years over schedule. ES4 was ultimately abandoned. Instead, the modest ES3.1 Proposal brings the standard more inline with reality. It adds a small set of necessary features.
A standards process must be risk averse. Once an error gets into a standard, it can be virtually impossible to get it out.
The Dilemma: Good Standards happen slowly and our need is urgent. The web standards are currently frustrating progress and endangering everyone who uses the web.
Web Time used to mean really fast . ECMAScript 3: 1999. HTML 4.01: 1999.
Browser War! We need a Browser War!
The only thing worse than where we were is where we are.
Bring It On It turns out that Browser War is a good thing. It introduces chaos into the marketplace. Most of the cost of that chaos is borne by web developers and users. The market is generally better than self-selected committees in determining the value of things.
The marketplace must be more effective this time in punishing bad behavior. Yahoo!’s Graded Browser Support Program
This Site Requires Netscape 3
Innovation should happen in research laboratories, startups, and forward-looking companies. Not in Standards bodies.
Standards should have a conservative process that documents the best of what has been proven useful.
The drafting of standards is difficult, important business.
Standards should not be inventions. Standards should be agreements. Standards should work.
We should also be looking past the Web. The web was a disruptive technology. The Web needs to be disrupted.
I’ll see you in the trenches!

More Related Content

PDF
Douglas - Real JavaScript
d0nn9n
 
PDF
Reflected File Download Vulnerability - Narendra Bhati
Narendra Bhati
 
PPT
Setting Your Sites On The Internet - Dina Amadril
Credit Management Association
 
PPTX
Our Digital World - A look at E-safety issues for teenagers
Brian Sharland
 
PPT
Extension 2.0
cccowman
 
PPTX
Owasp web application security trends
beched
 
PPT
Network GRC Delivery
iansadler
 
PDF
Secure webdev 3.0
toots marcelo
 
Douglas - Real JavaScript
d0nn9n
 
Reflected File Download Vulnerability - Narendra Bhati
Narendra Bhati
 
Setting Your Sites On The Internet - Dina Amadril
Credit Management Association
 
Our Digital World - A look at E-safety issues for teenagers
Brian Sharland
 
Extension 2.0
cccowman
 
Owasp web application security trends
beched
 
Network GRC Delivery
iansadler
 
Secure webdev 3.0
toots marcelo
 

Viewers also liked (20)

PPT
The JSON Saga
kaven yan
 
PPT
Ajax Performance
kaven yan
 
KEY
Douglas Crockford - Programming Style and Your Brain
Web Directions
 
PPT
The Theory Of The Dom
kaven yan
 
PDF
Performance, Games, and Distributed Testing in JavaScript
jeresig
 
PDF
Performance Improvements in Browsers
jeresig
 
PDF
Building a JavaScript Library
jeresig
 
PPT
Json
elliando dias
 
PPT
OOP in JavaScript
manugoel2003
 
PDF
Good Parts of JavaScript Douglas Crockford
rajivmordani
 
PPT
Advanced Javascript
Adieu
 
PPTX
Advanced JavaScript Concepts
Naresh Kumar
 
PDF
Safe Browsing in 2016
Gabor Szathmari
 
PDF
Help! I am an Investigative Journalist in 2017
Gabor Szathmari
 
PPTX
Browser Security 101
Stormpath
 
PDF
Scalable JavaScript Application Architecture
Nicholas Zakas
 
PPT
Laurens Van Den Oever Xopus Presentation
Ajax Experience 2009
 
PDF
The DOM is a Mess @ Yahoo
jeresig
 
PDF
The JavaScript Programming Language
guestceb98b
 
PDF
Speed Up Your JavaScript
Nicholas Zakas
 
The JSON Saga
kaven yan
 
Ajax Performance
kaven yan
 
Douglas Crockford - Programming Style and Your Brain
Web Directions
 
The Theory Of The Dom
kaven yan
 
Performance, Games, and Distributed Testing in JavaScript
jeresig
 
Performance Improvements in Browsers
jeresig
 
Building a JavaScript Library
jeresig
 
Json
elliando dias
 
OOP in JavaScript
manugoel2003
 
Good Parts of JavaScript Douglas Crockford
rajivmordani
 
Advanced Javascript
Adieu
 
Advanced JavaScript Concepts
Naresh Kumar
 
Safe Browsing in 2016
Gabor Szathmari
 
Help! I am an Investigative Journalist in 2017
Gabor Szathmari
 
Browser Security 101
Stormpath
 
Scalable JavaScript Application Architecture
Nicholas Zakas
 
Laurens Van Den Oever Xopus Presentation
Ajax Experience 2009
 
The DOM is a Mess @ Yahoo
jeresig
 
The JavaScript Programming Language
guestceb98b
 
Speed Up Your JavaScript
Nicholas Zakas
 
Ad

Similar to Douglas Crockford - Ajax Security (20)

PPT
Test slideshow
legacye
 
PPT
Test slideshow
legacye
 
PPT
Test slideshow
legacye
 
PPT
Test slideshow
legacye
 
PPT
Moving The Web Forward (Chris Wilson WDS 2007 Keynote)
Chris Wilson
 
PDF
Do Try This At Home Ajax Bookmarking, Cross Site Scripting, And Other Web 2 ...
jward5519
 
PDF
Overboard.js - where are we going with with jsconfasia / devfestasia
Christian Heilmann
 
PDF
A call to JS Developers - Let’s stop trying to impress each other and start b...
Christian Heilmann
 
PDF
Moore vs. May - everything is faster and better: we can fix that
Christian Heilmann
 
PDF
Javascript State of the Union 2015 - English
Huge
 
PPT
Security for javascript
Hữu Đại
 
PDF
Technology for Teachers
edfactor
 
PDF
Of innovation and impatience - Future Decoded 2015
Christian Heilmann
 
PDF
Internet technology and web engineering
Professor Lili Saghafi
 
PPT
Beyond the Browser
John Coggeshall
 
PPTX
Transforming the web into a real application platform
Mohanadarshan Vivekanandalingam
 
PDF
Rich Web Applications with Aspenware
Aspenware
 
PPTX
Criticizing and Modernizing Computing Curriculum: The Case of the Web and the...
Randy Connolly
 
PDF
Mastering ASP NET with Visual C 1st Edition A. Russell Jones
llancojenem63
 
PDF
Web application development - The past, the present, the future
Juho Vepsäläinen
 
Test slideshow
legacye
 
Test slideshow
legacye
 
Test slideshow
legacye
 
Test slideshow
legacye
 
Moving The Web Forward (Chris Wilson WDS 2007 Keynote)
Chris Wilson
 
Do Try This At Home Ajax Bookmarking, Cross Site Scripting, And Other Web 2 ...
jward5519
 
Overboard.js - where are we going with with jsconfasia / devfestasia
Christian Heilmann
 
A call to JS Developers - Let’s stop trying to impress each other and start b...
Christian Heilmann
 
Moore vs. May - everything is faster and better: we can fix that
Christian Heilmann
 
Javascript State of the Union 2015 - English
Huge
 
Security for javascript
Hữu Đại
 
Technology for Teachers
edfactor
 
Of innovation and impatience - Future Decoded 2015
Christian Heilmann
 
Internet technology and web engineering
Professor Lili Saghafi
 
Beyond the Browser
John Coggeshall
 
Transforming the web into a real application platform
Mohanadarshan Vivekanandalingam
 
Rich Web Applications with Aspenware
Aspenware
 
Criticizing and Modernizing Computing Curriculum: The Case of the Web and the...
Randy Connolly
 
Mastering ASP NET with Visual C 1st Edition A. Russell Jones
llancojenem63
 
Web application development - The past, the present, the future
Juho Vepsäläinen
 
Ad

More from Web Directions (20)

PDF
Kim Heras - So, You've Got an Idea
Web Directions
 
PPTX
Arunan Skanthan - Roll Your own Style Guide
Web Directions
 
KEY
Alan Downie and Matt Milosavljevic - BugHerd, the Incubator Experience
Web Directions
 
PDF
Five things I know about running a digital agency
Web Directions
 
PPTX
Dave Orchard - Offline Web Apps with HTML5
Web Directions
 
PPTX
Robby Ingebretsen - Get your game on: HTML5 for game building
Web Directions
 
PPTX
Ross Boucher - Quality Control: Testing and debugging your apps
Web Directions
 
PDF
Juliette Melton - Mobile User Experience Research
Web Directions
 
PPTX
Lisa Herrod - The Age of Awareness
Web Directions
 
PPTX
Practising Web Standards in the Large
Web Directions
 
PDF
15 years in - Dan Hill
Web Directions
 
PPT
WCAG2 - Gian Wild
Web Directions
 
KEY
CSS Frameworks
Web Directions
 
PDF
Kerry Taylor - Semantics & sensors
Web Directions
 
PPT
Boosting new media accessibility - Scott Hollier
Web Directions
 
PDF
Opening up social networks - Renato Iannella
Web Directions
 
PDF
Jeffrey Veen - Designing our way through data
Web Directions
 
PPT
Nick Bolton - The evolution and commercialisation of online video
Web Directions
 
PDF
Designing The User Experience Curve
Web Directions
 
PPT
GovDex – Collaborating online in a secure environment
Web Directions
 
Kim Heras - So, You've Got an Idea
Web Directions
 
Arunan Skanthan - Roll Your own Style Guide
Web Directions
 
Alan Downie and Matt Milosavljevic - BugHerd, the Incubator Experience
Web Directions
 
Five things I know about running a digital agency
Web Directions
 
Dave Orchard - Offline Web Apps with HTML5
Web Directions
 
Robby Ingebretsen - Get your game on: HTML5 for game building
Web Directions
 
Ross Boucher - Quality Control: Testing and debugging your apps
Web Directions
 
Juliette Melton - Mobile User Experience Research
Web Directions
 
Lisa Herrod - The Age of Awareness
Web Directions
 
Practising Web Standards in the Large
Web Directions
 
15 years in - Dan Hill
Web Directions
 
WCAG2 - Gian Wild
Web Directions
 
CSS Frameworks
Web Directions
 
Kerry Taylor - Semantics & sensors
Web Directions
 
Boosting new media accessibility - Scott Hollier
Web Directions
 
Opening up social networks - Renato Iannella
Web Directions
 
Jeffrey Veen - Designing our way through data
Web Directions
 
Nick Bolton - The evolution and commercialisation of online video
Web Directions
 
Designing The User Experience Curve
Web Directions
 
GovDex – Collaborating online in a secure environment
Web Directions
 

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PDF
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Software Development Methodologies in 2025
KodekX
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
The Future of Artificial Intelligence (AI)
Mukul
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Software Development Methodologies in 2025
KodekX
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 

Douglas Crockford - Ajax Security

  • 1. Web Forward! Douglas Crockford Yahoo!
  • 3. The complexity for minimum component costs has increased at a rate of roughly a factor of two per year ... Over the longer term, the rate of increase is a bit more uncertain, although there is no reason to believe it will not remain nearly constant for at least 10 years . 1965
  • 4.  
  • 5. Moore's prediction became a self-fulfilling prophesy. It cannot hold forever, but it is still holding now.
  • 6. Processors, memory, disk storage, network bandwidth. Everything except software.
  • 7. Software is not subject to Moore's Law. Software is subject to Murphy's Law.
  • 8. Software productivity improves at a much slower rate. Doubling in 10-20 years, rather than 2 years.
  • 9. Great Leaps of Software Plug boards. Machine codes. Symbolic assembly language. High level languages. Structured programming. Object oriented programming.
  • 10. The next leap is overdue. Object oriented milestones: 1967 Simula 1980 Smalltalk 80 1995 Java
  • 11. The next great leap might realize the dream of assembling software like Lego. Applications can be built by putting together components, each produced at an independent foundry. Components communicate, cooperate with each other.
  • 12. Mashups! JavaScript is the mashup language! It is better suited to dynamic mashing than the conventional OO languages.
  • 14. The Web Is Under Attack!
  • 15. Browser Security The biggest problem with the browser is its security model. The browser security model is inadequate to deal with the current generation of Ajax applications. The browser was not designed to do the things we are asking of it. Its weaknesses are blocking innovation.
  • 16. The browser is not a safe programming environment. It is inherently insecure.
  • 17. What can an attacker do when he gets some script into your page?
  • 18. An attacker can request additional scripts from any server in the world. Once it gets a foothold, it can obtain all of the scripts it needs.
  • 19. An attacker can make requests of your server. Your server cannot detect that the request did not originate with your application.
  • 20. An attacker can read the document. The attacker can see everything the user sees.
  • 21. An attacker has control over the display and can request information from the user. The user cannot detect that the request did not originate with your application.
  • 22. An attacker can send information to servers anywhere in the world.
  • 23. The browser does not prevent any of these. That's why they happen.
  • 24. The consequences of a successful attack are horrible. Harm to customers. Loss of trust. Legal liabilities. Possible criminal penalties.
  • 25. The vulnerabilities are required by Web Standards. The consequences of standard behavior, not bugs.
  • 26. “ and God gave us the Web Standards, and deviation from the Web Standards is the source of All Evil!” There is no truth in that statement.
  • 27. The web was once a driver of innovation. The web is now the obstacle of innovation. Web development requires mastery of the workaround. You can't work around security.
  • 28. If there is script from two or more sources, the application is not secure. A mashup is a self- inflicted XSS attack.
  • 29. Confusion of Interest Computer System Mode
  • 30. Confusion of Interest System System Mode User
  • 31. Confusion of Interest System System Mode User User User
  • 32. Confusion of Interest CP/M MS-DOS MacOS Windows System Mode
  • 33. Confusion of Interest System Mode The System cannot distinguish the interest of the user from the interest of any program. This enables floppy-borne viruses.
  • 34. Confusion of Interest System Mode When networking is introduced, network-borne viruses are enabled.
  • 35. Confusion of Interest User Browser System Mode Site Site Site The browser is a significant improvement, able to distinguish the interests of users and sites (in some cases).
  • 36. But within a page, interests are confused. An ad or a widget or an Ajax library gets the same rights as the site's own scripts.
  • 37. JavaScript got close to getting it right. Except for the Global Object. And some other bad parts. It can be repaired, becoming an object capability language.
  • 38. An Introduction to Object Capabilities
  • 39. A is an Object. Object A has state and behavior.
  • 40. has-a Object A has a reference to Object B. An object can have references to other objects.
  • 41. ...because it has a reference to Object B. Object A can communicate with Object B...
  • 42. Object B provides an interface that constrains access to its own state and references. Object A does not get access to Object B's innards.
  • 43. Object A does not have a reference to Object C, so Object A cannot communicate with Object C. In an Object Capability System, an object can only communicate with objects that it has references to.
  • 44. An Object Capability System is produced by constraining the ways that references are obtained. A reference cannot be obtained simply by knowing the name of a global variable or a public class.
  • 45. There are exactly three ways to obtain a reference. By Creation. By Construction. By Introduction.
  • 46. 1. By Creation If a function creates an object, it gets a reference to that object.
  • 47. 2. By Construction An object may be endowed by its constructor with references. This can include references in the constructor's context and inherited references.
  • 48. 3. By Introduction A has a references to B and C. B has no references, so it cannot communicate with A or C. C has no references, so it cannot communicate with A or B.
  • 49. 3. By Introduction A calls B, passing a reference to C.
  • 50. 3. By Introduction B is now able to communicate with C. It has the capability .
  • 51. If references can only be obtained by Creation, Construction, or Introduction, then you may have a safe system.
  • 52. If references can be obtained in any other way, you do not have a safe system.
  • 53. Good Object Capability Design is Good Object Oriented Design
  • 54. Short term fixes Safe JavaScript subsets can offer some safety now. Caja, Cajita, ADsafe. Progress is also being made in Vat architecture. A vat is a leak-proof computing vessel. Capabilities can be used to allow communication between vats. Browser plugins, Google Gears.
  • 55. Three Possible Solutions Safe JavaScript subsets. Timeframe: Immediate Communicating Vats. Timeframe: Intermediate Secure Programming Language. Timeframe: Distant All of the Above.
  • 56. How Do We Move the Web Forward?
  • 57. Browser War! Never again.
  • 58. The Web Depends on Standards Openness is hugely attractive. The standards are bad. In order to change the web, we must change its standards.
  • 59. A revision to a standard is an act of violence. Surgery. Pain. Injury. Inconvenience. Users of web standards cannot opt out.
  • 60. Not only are the web's standards broken, the web's standards process is broken.
  • 61. Design by Committee. Porkbarrel standards making.
  • 62. Minimalism should be highly valued in standards. Committees are not good at minimalism.
  • 63. The standards process is entertaining too much speculative technology. ECMAScript's Close Call
  • 64. ECMAScript The ES4 Proposal contained a lot of pork. It lacked a credible value proposition. The design progress went years over schedule. ES4 was ultimately abandoned. Instead, the modest ES3.1 Proposal brings the standard more inline with reality. It adds a small set of necessary features.
  • 65. A standards process must be risk averse. Once an error gets into a standard, it can be virtually impossible to get it out.
  • 66. The Dilemma: Good Standards happen slowly and our need is urgent. The web standards are currently frustrating progress and endangering everyone who uses the web.
  • 67. Web Time used to mean really fast . ECMAScript 3: 1999. HTML 4.01: 1999.
  • 68. Browser War! We need a Browser War!
  • 69. The only thing worse than where we were is where we are.
  • 70. Bring It On It turns out that Browser War is a good thing. It introduces chaos into the marketplace. Most of the cost of that chaos is borne by web developers and users. The market is generally better than self-selected committees in determining the value of things.
  • 71. The marketplace must be more effective this time in punishing bad behavior. Yahoo!’s Graded Browser Support Program
  • 72. This Site Requires Netscape 3
  • 73. Innovation should happen in research laboratories, startups, and forward-looking companies. Not in Standards bodies.
  • 74. Standards should have a conservative process that documents the best of what has been proven useful.
  • 75. The drafting of standards is difficult, important business.
  • 76. Standards should not be inventions. Standards should be agreements. Standards should work.
  • 77. We should also be looking past the Web. The web was a disruptive technology. The Web needs to be disrupted.
  • 78. I’ll see you in the trenches!