Yahoo! User Interface Blog
Cooperating applications, such as mashups, must be able to exchange objects
with robust interfaces. An object must be able to encapsulate its state such
that the state can be modified only as permitted by its own methods.
include any means to harden them, so an attacker can easily access the fields
directly and replace the methods with his own.
can perfectly guard their state by using a variation of the Module Pattern.
You’ll recall that the Module Pattern makes it possible to make an
object with privileged methods. Privileged methods are able to access the
private state of the constructor’s closure. By adding one simple rule,
we can easily generate secure objects: A durable object c... (more)
"There is much that is attractive about HTML5," says Douglas Crockford, known
Notation), the widely used lightweight data-interchange format.
"But ultimately," Crockford continues, "the thing that made the browser into
workaround tool." The problem is that there is what he calls "a painful gap"
result? XSS and other maladies. The responsible course of action, Crockford... (more)
Douglas Crockford's Blog
I was invited to speak at XML 2007 last month. I was given the topic "Does
XML have a future on the web?" My answer was "yes." As evidence, I offered
that there are still people selling Cobol compilers. Once this stuff gets
into the enterprise, it can take generations to get rid of it.
A more interesting question is "Is XML on the web trending up or trending
down?" Clearly, it is trending down. For data transfer applications, XML is
losing ground to JSON because JSON is simply a better data transfer format.
And XHTML has failed to displace HTML in the mark... (more)
Douglas Crockford's Blog
DRM is sometimes called an enabling technology, in that it is supposed to
enable new business models. But it is really a disabling technology. As DRM
fails, there have been suggestions that the name be changed to something that
includes the word enabling; give it a better image; something more right than
DRM isn't just a disabling technology, it is also a disabling contractual
framework. To sell a DVD device, you must make a deal with the DVD Copy
Control Association in order to use the CSS copy protection system that was
broken nine years ago.
Douglas Crockford's "Department of Style" Blog
Browser sniffing is a bad practice inspired by even worse practice. In
browser sniffing, a program attempts to determine what sort of browser it is
dealing with so that it can act accordingly. Sniffing can be done on the
server, or by scripts in the browser.
When browser sniffing is done badly, it becomes a harsh barrier to
innovation. Old applications will refuse to work correctly with new browsers
because of assumptions that all future versions of a particular brand of
browser will always require the same workarounds, or old applicat... (more)