I have to admit, Amy (Reeter)'s question during our Web Dev meeting on Tuesday, of what I think are the next new technologies, caught me a little off guard. Because of that, I don't think my response was as complete as it should have been. I'd like to expand a bit on what I stated.
The next new technology that will affect our jobs, in my opinion (and this is PURELY speculation), is mash-ups. If you are unfamiliar with mash-ups, it is a new breed of interactive web application. It takes data from multiple, external/internal sources (using web services and/or online application APIs), and "mashes" that data into a brand new online service.
- Planet-WebSecurity Combines multiple security feeds into one
- IP to Location Shows an IP address's geographic location on a google map
- GasBuddy (MO specific link) Shows gas prices at various fueling stations on a google map
- PackageMapping Shows the geographic location of your package on a google map as it is in transit
- DailyMashUp
- US Job Market Overview
For additional examples, see Programmable Web and the Mashup Awards.
And to go with it, a whole new breed of mash-up-editors are popping up. Examples include:- Microsoft's PopFly
- Yahoo's Pipes
- Dapper
- Netvibes
- XFruits
- IBM Mashup Starter Kit (QEDWiki was integrated into the Starter Kit)
Mash-ups allow for web sites to offer a whole new level of sophisticated interaction with their end users. Now, how does that fit into the University setting? To be honest, I'm not sure. I can envision all kinds of uses for it. Everything from providing employees with information on MU news + Benefits deadlines + job openings all on one page, to providing students a central place for information on financial aid deadlines, class information, upcoming sporting and social events, etc. The possibilities are endless. With that said, I haven't seen a distinct need for a campus-specific mash-up.... yet.
Now, combine mash-ups with the next generation of browser technologies (namely, offline capabilities: offline cache, offline DOMstorage and offline specific events) and you have a VERY interesting platform to build some really incredible services.
Now for the downside... First of all, most of the mash-up editors are either in alpha or beta stage and the actual mashing is done on a remote service. So if you create something at say, Yahoo Pipes, and then integrate that as a critical piece into your site, and later, Yahoo decides to drop support for Pipes, or gets rid of it altogether, you'll be scrambling trying to find a replacement. At least with typical open source software, if the project is abandoned, barring any new exploits, the last stable release will continue to work for you until you are able to find a suitable replacement. But since these services are all hosted online, remotely, if they go down, that piece of your site goes down as well.
We have the same issue with the online application API's that power most of the mash-ups. If you are using the Flickr API to retrieve data into your mash-up, and Flickr drops support for the API, or decides to charge for it, you are back to having a problem.
Along those same lines, the mash-up "market" is still in its infancy. It is not unreasonable to think that there will be a lot of shifting in the market space for the next several years as new vendors pop-up and larger vendors gobble up smaller vendors.
There are also numerous unresolved/unknown legal issues with mash-ups.
Last, in its current form, mash-ups open up a whole new can of worms when it comes to security. In addition to just increasing the attack surface area (more complexity = more exploitable areas), you have the big problem of removing, or bypassing, the Same Origin Policy. (SoP) In order for the javascript to be able to retrieve these foreign sources of data, it has to be unrestrained from the SoP. However, when you do that, cross-site scripting attacks become extremely easy. And not just cross site scripting attacks, but cross-site cookie access becomes possible. Meaning, scripts from one site can access cookies from another site. So if you are logged into your bank's website, and a mash-up, the javascript from the mash-up site would be able to read the cookie from your bank. That would be a HUGE security risk.
And what about the data sources? Who is to say that the data coming from these various feeds is untainted? What happens if someone finds a hole in Flickr and then forces Flickr to push out data that includes a cross-site scripting payload? Now your site is putting your users at risk. Then we're back to the legal problems again... Whose responsible? Is Flickr responsible since they are the source of data? Are you responsible since you trusted Flickr's data without first validating it?
Mash-ups are going to be a very exciting area of web development in the coming years. But as with all new technologies, from a University setting, it's best to proceed with a bit of caution until we know exactly what we are getting into....
Leave a comment
Note: Comments are moderated. If published, comments may be edited for length, style and clarity.