Monday, September 4th, 2006

Slashdot Having COWS over Ajax

Category: Editorial

I’ve been a reader of Slashdot since, well, the beginning. In that time I’ve learned two things about the venerable blog: expect at least one inflammatory Microsoft article a day and don’t expect much from them on bleeding edge technology. They seem more like a mainstream media company these days, with a tin ear for technologies like Ajax.

Their latest posting on the topic of Ajax, COWS Ajax – Ajax Evolved, is pretty much par for the course. It breathlessly tells us about a new technology — Changeable Origin Web Services (COWS) Ajax — that is supposed to take all the hassle and effort out of Ajax development.

Why is this a big deal? It’s Ajax evolved! First you must understand the current limitation, and then you must understand the potential. Rather than sorting through the techno-babble, let’s just say that it is currently such a pain to pull off cross-site web applications that it’s simply infeasible (installation, maintenance, resources). COWS Ajax makes this cross-site, asynchronous, tri-directional communication (the user, your site, the application host) a no-brainer.

As a proof of concept, they’ve developed a tool — called SpellingCow — that will spellcheck a text area on a remote webpage.

A quick trip over to their site reveals a rudimentary API that uses that old Ajax chestnut, DOM-based on-demand JavaScript. This technology has been around at least since the Stone Age, since it’s been used extensively for ad serving. It’s also been in use by Google maps, and a number of projects (here, here and here) are investigating it as a way of seamlessly emulating cross domain XHR. So there’s nothing new here from that perspective.

So, viewed charitably, does COWS Ajax help you with the development of the actual Ajax application that is to be included on your website? Barely. Certainly you get all it has to offer and more from Dojo or the recently released dynamic script pattern support for Prototype. So there’s not much here to qualify this item as newsworthy. I don’t fault the developers for trying to promote their project; I do fault Slashdot for reporting it as news.

A more interesting question is whether these third-party plug-in web applets, or favelets as the COWS folks call them, present security challenges. They do, but in the same way that third-party JavaScript such as Google maps, Google analytics and ad serving technology present a security risk. If you include third-party source JavaScript on your site, you run the risk of inviting malware onto your site. The fundamental question is, how much do you trust that third-party? Large reputable companies like Google, or midsized companies with which you have a contractual relationship, are less likely to pose a risk. But anyone who includes such JavaScript from small and poorly vetted sources is just asking for trouble.

Posted by Dietrich Kappe at 5:48 pm

3.2 rating from 29 votes


Comments feed TrackBack URI

SpellingCow also ripped off WebFX:

Comment by Dean Edwards — September 4, 2006

I think for a long time, the only safe way to do a cross-domain xhr of any kind will be dojo’s iframe-within-an-iframe location.hash message-passing trick, since that’s the only kind of data which documents from different domains can share without making the DOM available to one another.

Comment by henrah — September 4, 2006

@henrah: Or you can use a server proxy with a good handshaking (auth) mechanism and request/response validation.

Comment by Ryan Gahl — September 5, 2006

well, okay, but did you at least write your complaints about the article as a comment on slashdot so you could get your alloted “-1 Troll” mods?

I think the criticism should be more to the effect of “Slashdot moderators are hopelessly behind the times on technology X”, which is going to be true for anything, really. If you’re not keeping abreast of developments in a particular area, you wouldn’t know about the prior efforts at conquering a particular issue (like, say, if you were me, and actually thought that it *was* news).

The good thing about slashdot, in thus respect (and it’s gotten better with the tagging feature) is the ability of contributors to chime in with exactly this kind of criticism or clarification and have others say “hey, he’s right, mod parent up”.

The mods should do a minimal job of seperating wheat from chaff (which they pretty much do), and slashdotters should do a thorough job of discussing, correcting, and eviscerating each article (which they pretty much do).

I’d recommend tagging the article “notnews” and entering the flamewar of your choice in the article comments.

Comment by drakaan — September 5, 2006


In a word, yes.

Comment by Dietrich Kappe — September 5, 2006

a) Slashdot isn’t a blog.

b) It’s just a story that was submitted and accepted. Don’t have a cow about it, okay?

Seriously, you sound like a lame cheerleader for the “other side” (in this case it worked perfectly — pandering to Digg was pretty good), just inventing “facts” to support your lack of argument.

Who gives a shit?

Comment by Dennis Forbes — September 6, 2006

I would agree with the last three comments. Just because the Slashdot editors are not right up-to-date with every technology and facet of human life doesn’t mean it’s a bad news story. Slashdot is more about the ensuing discussion rather than the story itself, and I’m sure there’s a good one going on with that story, as always. As drakaan said, correcting and flaming stories like you are is up to the slashdotters, not the editors.

Comment by Philip Withnall — September 6, 2006

Dean Edwards – if you read the follow up, you’ll see this:

Now that it has been settled that it’s not a cheap ripoff but rather a service inspired (and partly based on) my work it feels a lot better.

His other claims are true too, quite a few of the bugs and limitations found in my implementation has been resolved, and his description of the conceptual changes required for that could prove quite valuable.

Thanks and sorry about my accusations.

Also, henrah – can you post a link describing the iframe-within-iframe technique?

Comment by zelnaga — September 6, 2006

[…] Ajaxian reports that tech dinosaur Slashdot (and master of the tech universe) is running behind the times with new web tech. […]

Pingback by Slashdot goes nuts for COWS over Ajax — September 6, 2006

I disagree with this editorial on many points and feel there are a number of mischaracterizations. COWS Ajax was not meant to speed development, does not speed development, and was never touted as such. The notion of dynamic script tag Ajax being an “old chestnut” from the “Stone Age” is ridiculous and misleading. I do thank the author for correctly identifying that the real question is that of trusting third-parties.

I have written an article that is a bit of a rebuttal, but also attempts to focus on the third-party debate and some of the real questions we should be asking and trying to solve. I hope the Ajaxian staff would consider addressing the question more fully….


Comment by Craig Nuttall — September 10, 2006

[…] Their latest posting on the topic of Ajax, COWS Ajax – Ajax Evolved, is pretty much par for the course. It breathlessly tells us about a new technology Changeable Origin Web Services (COWS) Ajax that is supposed to take all the hassle and effort out of Ajax more | digg story […]

Pingback by EveryDigg » Blog Archive » Slashdot Having COWS over Ajax — October 4, 2006

Leave a comment

You must be logged in to post a comment.