Web 2.0: Day 2 Recap – Sessions

Of course I am recapping here and reviewing most of my notes now that I am home. I still wanted to share what I had experiences so I’m posting this information a little late. Day 3 and 4 will be coming as well.

The New Hybrid Designer

This was a panel discussion that included Kelly Goto, Jeremy Keith, and Chris Messina. Unfortunately it become more of an introduction to the Design related track that really getting down the what it means to be a Hybrid Designer. Getting the designers to learn more about application design and architecture are some of the most important key points here. Using documentation such as that from Apple, their Application Design Guidelines is a great suggestion. Remembering as well that the line between design and development continues to grow thinner. Continuing to place strong consideration on “placelessness” – the idea that not only should content be separated from design but as well as context and device limitations. Chris Messina also made strong mention against applications such as Adobe’s Apollo which will end the “View Source” option, noting that many of todays developers have learned using the method of learning from someone else’s work. I was differently that person and I’m sure many of today’s beginners learned HTML are doing the same. It is important we don’t kill the growth of our community by developing applications that eradicate it’s growth.

Rich Internet Applications with Apollo

Sadly, the presentation with Mike Chambers as he tried to show the benefits of Apollo left me desiring more in general. I can’t blame Mike for it completely because the network was extremely congested and he was unable to demo many of the features of online application access. The thing that really has got me bothered by the platform in general is that, in a bad way, it feels like “half a product”. Now I’m a strong advocate of building “half a product” more then a “half ass product”. Perhaps I would lean to being more enthusiastic about this product if I felt the features planned for inclusion in their initial release was the “correct half” of the product.

If you are wanting to streamline application development to “bridge the gap” between the web and desktop platforms you need to create a way to easy deploy the single page/controller level updates to all the desktop clients. Streamlined, without interruption – with no option to not update the functionality. It would be a replica of the features you are mimicking from the web application you are converting. Not necessarily in user interface, but function and user experience.

Vulnerabilities 2.0 in Web 2.0: Next Generation Web Apps from a Hacker’s Perspective

This was an amazing conference session. Given by a partner of iSEC Partners a security research firm and pen-testing company. I’m hoping to get a copy of the slides as the presenter did tell us that they would be available. Getting into topics that were far more advanced then just simple cross-site scripting issues. Major vulnerabilities exist in all current AJAX framework implementations as well a big issue with most AJAX sites is that the functions and methods are rightly available to all visitors to the application. Having methods within your code for “MakeMeAdmin()” is ridiculous! But it still happens. Remembering as well using cross site forgery techniques are assisted because browsers will pass the cookie if it is active in the other window or tab – because cookies are shared among windows. It turns out the guys over at iSEC Partners are going to be publishing the new Hacking Exposed book in December 2007 entitled ‘Hacking Exposed: Web 2.0’.

The Arrival of Web 2.0: The State of the Union on Browser Technology

I’ll be honest and say I don’t know how much really came out of this session other then, “Browser companies are starting to work today.” People representing Opera, Mozilla, and IE were on the panel. Other then continuing to hear that Firefox 3 will offer local store so you can natively develop offline applications and that the Mozilla foundation is working on issues that exist in JavaScript as it is currently being implemented using Ajax (the previous session was of course stuck in my head at the time). That was about it on that one.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s