Evil AJAX
Please consider the following article about some possible malicious uses of AJAX. I neither agree nor disagree with this writer. Every technology has implications. Does that mean that technology is bad? The English language itself has been used to incite violence, and to communicate terrible and frightful things. The door provides the means to admit people from one room to another, even bad people who have bad intentions, but does this mean that the door itself is evil? Does it make sense to nail the doors shut? Or to forbid the construction of houses with doors? What about the windows?!
The culture of “security” around web applications is interesting. The hammer can be used to break into a house, but nobody is proposing to ban the hammer. The hammer is far too useful. In my work, I have had to deal with overzealous server teams that close every digital door in the enterprise. One day, it took me 30 minutes to figure out how to send an important file to a colleague in another department. Everything I tried failed because the file appeared to be malicious.
People are afraid, fine. People want to maintain some privacy, fair enough. But would we all rather just be ghosts? We used to be afraid of computers because they made us anonymous: see W. H Auden’s poem, The Unknown Citizen. Being recognized by name by the people we do business with is comforting, and assures us that our business is important. Why is it frightening to be recognized by name by a machine? People remember things about us all the time, and they tattle and gossip. Is it really more frightening that a computer can remember things about us?
For my part, I try to live my life as if everything I do will eventually be known. I can weave paranoid scenarios with the best of them. But, every instrument that can be used for good can also be used for bad. Are the measures we are taking causing more problems? Is our fear of possible consequences depriving us of incredible benefits as well? To answer my own rhetorical questions: I think so.
What do you think?
AJAX And MVC
In his documentation of the AJAX.NET wrapper, Michael Schwarz says: “It should be pointed out that technologies such as AJAX are very likely going to lead to violations of layered architectures (N-Tier). My opinion is that AJAX increases the likelihood that the presentation logic layer (or worse, the business layer) will leak into the presentation layer.”
I have been away camping for a little over a week, and I have been thinking that this does not have to be so. I have been imagining a framework where the browser contains JavaScript that responds to events that originate on the server. AJAX would be used not to send content per se, but to trigger updates – elements of the user interface would subscribe to data, and the update event would trigger a screen refresh.
Update events would be managed by a timer, and/or by user interactions such as button clicks. Developers would design user interfaces and bind elements to data, but the application on the server could still adhere to the MVC pattern. The controller would service requests, the data would be managed by a model and the view would generate the initial screen.
In any event, I do expect that there will be a lot of sloppy AJAX based code out there that mixes the business layer with the presenation layer. Hell, I just finished working on a project that did not use AJAX that had the same problem. I sometimes think that it is not that every coder is an idiot, but that every idiot seems to be writing code.
Still, before I get too snide, I have also noticed that even bad code can often serve a useful purpose. I recently revisited some code I wrote a while back and was very disappointed in my efforts to be clever – trying to be clever often isn’t.