Brendan Eich's the father of JavaScript – 
– and opened the 2nd day of @mediaAjax. He started with some excellent geek movie/culture references (Star Wars, Lord of the Rings and Firefly!! Who could want more? Well, the audience apparently: Sadly hangovers were in evidence and these did not get the cheer they deserved — sorry, Brendan), followed-by general reasoning behind the need to extend JavaScript together with the info that JavaScript v1 arose out of 10 days work in May 1995
when Netscape rushed it to market (broken & out of his hands.) JavaScript is not going away (it's the most deployed & "fuzz tested" [?] programming language worldwide) and browsers need to evolve. All three of the following need to improve: security, APIs and language support. Things in motion already include Screaming Monkey, "rumours" of IE8, WHATWG HTML5, Opera/Safari/Mozilla runtimes and Google's Gears.
JavaScript 1 is too small in a bad way
(few primitives means hard to optimise, lacking integrity features and has bolted-on security) and JS1 is taught too infrequently (too many "Java U." programmers [are we guilty of this?!], too few middle-road JS programmers).
Opinion:
- Users deserve optional typing (not tedious error-checking that people don't do anyway!) so that APIs can
prove facts
about arguments. Most JS on the web won't use typing and doesn't need it. - Integrity: support static things const
- Namespaces
- Packages
- Compiled units
- Bug fixes (fix stuff ECMAScript v3 broke)
Distributed extensibility
-- thedream of Java
that dies in 1997 -- Flash/Tamarin is already the most distributed VM.
Non-issues: Performance? DOM is the client-side problem; trace-based JIT can deliver similar speed improvements to static typing JIT/approach Silverlight C# speed. Other language? No need! JS2 learns from ActionScript, Python etc.
Integrity is a real issue: JS1 global scope can be overwritten (CSRF), ECMA specification is a mess, JS2 will make things immutable. JS1 objects too mutable, JS2 classes not to follow Java but to permit immutable/private/protected objects and properties (maybe call them fixtures?). JS1 allowed hijacking of constructors and vars, JS2 will have const and final. Structural types in JS2 will make type-checking easy and therefore much more likely to be done: evolutionary programming
and gradual typing
.
Finished with a geek-tease demo of <video>: SVG embeddable, planned for Opera/Mozilla, currently implementing Ogg Theora and Vorbis, maybe finalising on H.264 -- multiple videos playing simultaneously, audio from the element with focus, 2D/3D rotation in realtime ;-)
1 comment:
Hi James,
Thanks for your kind words, especially regarding the normally-geekgasmic content at the front of my talk (I'll have my slides up with narrative blogging shortly).
Here are some links on fuzz testing:
jsfunfuzz
lithium
FuzzTesting
javascript-fuzz-testing
Fuzz testing is more productive than static analysis or traditional testing for finding exploitable security vulnerabilities -- at least in our experience. More evidence of soundness being overrated, or random algorithms being competitive at any rate ;-).
Hope this helps, and don't worry about the "Java U." issue, it is a symptom as much as a cause. See Joel Spolsky's ur-blogpost on this issue, which I think overstates the case (Ben Pierce, professor at U. Penn, assured me that ML was lost on the sophomores after a year or two, and better taught in the upper division curriculum).
/be
Post a Comment