The Disappearing Desktop - It's Real This Time

[Geoff Canyon]

On Nov 16, 2005, at 11:01 AM, Dan Shafer wrote:

> So *if* -- and that's a big "if" -- the *only* advantages of Rev  
> over AJAX is the UI componentry, then Rev has essentially little or  
> no advantage.

Based on what I've seen of AJAX apps, it's not a small advantage.

But I should have expanded on the difference that I think really  
matters:

> Revolution -- data and code can be more easily stored on the user's  
> computer, during and between sessions.
> AJAX -- applications can be used more freely without worrying about  
> the security of information on your hard drive.

For apps that don't require local storage, AJAX is a compelling  
solution, and Rev's ability to erase the user's hard drive is a  
serious liability.

For apps that require local storage, AJAX has no reasonable answer at  
this time. It will be interesting to see what they do to address this  
(if they do).

It's interesting that we freely download applications with full file  
system access from web sites and run them, and there are few cases  
where someone actually created a trojan application, but we are  
paranoid to allow the same file system functionality within a browser- 
based application.

In essence we currently have security through barrier-to-entry --  
it's theoretically harder to write an application in C (or even  
REALbasic) than it is to put up a web page.

But that isn't true, as we well know. Just as it is for benign  
applications, it is far easier to put together a hostile  application  
in Revolution than it would be to write a similar application in  
AJAX, even if AJAX had access to the file system. I'd bet "Good-bye,  
World," a sample program to overwrite the user's hard drive file by  
file, could be written in under 50 lines of code.

So if AJAX apps are secure but need local storage, and Rev apps have  
local storage but need security, which will get what it needs first?

gc