http://philringnalda.com/blog/2005/05/i_wonder_why_buttons_look_like_that.php

Actually, not being able to use links to do harmfull stuff isn’t that bad

What that sentiment betrayed was a sense that those who have been quietly evangelizing the web style were talking about the wrong thing and to the wrong people. We should have been like the web standards project and should have had a litany of examples of best current practices that everyone could have seen and understood. There is no reason that you should only now be aware of the importance of idempotency… Your first encounter with a web application or web site should have this lesson hardwired in it. The recipes that you did view source on to learn the about the web (like the thousands of sites that have lifted the stylesheets from the CSS Zen garden) should have been had such practices encoded in them so that it would be second nature…

All this to say that the things one thinks are obvious are often not…

By the way, on a different topic, I hope you carry on with Zoo, there is nothing like an itch to scratch and what little you’ve posted on the idea is making me ponder downloading and installing the .Net framework.

Or do you feel that users should install GWA to let put massive presure on the shoulders of developers, to fix their software.

Personally, my strategy would be this: 1) Warn, get your data safe. 2) Fix it.

Edit: I just read the BitWorking.org post and I get your point better now. Still don’t see how this is provocation, though. Partial look at the whole picture, sure. But to be honest, I wasn’t so aware of the badness of using GETs for this purpose until yesterday.

You’re forcing me to decloak and delurk after 10 months. Was this your intention? I’ve noticed a little more provocation in your writing of late.

Come on here, tell me that one isn’t going to need to have a REST intervention or Inquisition as the case may be.

There is an architecture to the World Wide Web.

Truly.

Really.

I kid you not, there is an architecture to this messy thing that we live on. This architecture was worked out in blood, sweat and tears (and a lot of fun during the dot com boom) over the past 14 years in countless mailing lists, with countless dear lessons learned.

Think about the HTTP spec, I know that nobody reads RFCs these days but people have been warned about this. Constantly and repeatedly.

HTTP GET should be safe and not have side-effects. Idempotency of GET is highlighted upfront as a Best Current Practice.

If you follow the web style, if you internalize its lessons,  You would know that you should use the right verbs and when. You will know instinctively that you should give visibility to intermediaries. You would that you that your application is broken and your users will suffer because for short term expediency.

Read Joel Spolsky on Leaky Abstractions. Let’s not fight against the underlying architecture; let’s understand what we’re building on. The tradeoffs that were made in the complex system that is the web were not made without care.

A caching intermediary like Google’s Web accelerator should be fair game. Caches are used everywhere in the internet and there were a lot of tradeoffs that were made in the architecture to accomodate them.

Almost all the differences betweeen HTTP 1.0 and HTTP 1.1 relate to this issue of giving visibilty to intermediaries. Berners-Lee prototype was turned into the “product” we know by repeated contact with the real world.

The Apache project, the Roy Fieldings of the world were deep in that mix making sure that the right thing was done.

Architectural Styles and the Design of Network-based Software Architectures is a big thing to digest but every software developer should read it and take away even the elevator pitch version.

Obviously best practices have have to be evangelized but I can’t say that wasn’t done. Some simply thought that this was obvious.

Placing a cache closer to the user which is what GWA is in effect is simply doing what Akamai have done. And it makes sense, caches should be as close to the user as possible, the benefits to the user in terms of the interaction experience are obvious.

I know that down at the ground level, one might be a designing a web site and the client might want prettified links instead of those unloved html buttons. The core of web user interfaces are not sexy yet they work and users understand it. The visual cues about what may or may not be safe are well known.

As application developers we should ask for better forms, we should be demanding of browser makers things like XForms or Web Forms 2.0 to make sure that we can go beyond the kind of stilted usability that we currently have. Our users would appreciate it our efforts in that vein but for now, they know what to expect. Until then application developers should push back when we are told to “do the wrong thing”.

Joe Gregario thinks of it as a parable of parenting lessons writ large on the web

I’m sorry, I can’t kiss it and make it better.

Read him and ponder.

I think he’s right.

Cross-posted on my scratch-pad.

Javascript is there to complement the server side validation, not to replace it.

Seriously, post for well … posting stuff, and get for getting stuff. It’s not that hard, is it?