Googlers Joe Walnes and Adam Connors gave a presentation on testable Ajax back in September (we didn’t cover it at the time) … “Does my button look big in this? Building testable AJAX applications.” at the Google London Test Automation Conference. The theme is how to automate website testing with all the complexity Ajax adds. They talk mostly about testing strategies and technologies (like JUnit), but also mention the importance of architecting for testability.
YAHOO! PERFORMANCE ENGINEERS DISCUSS WHAT THE 80/20 RULE TELLS US ABOUT REDUCING HTTP REQUESTS
Tenni Theurer, a performance engineer at Yahoo!, has written a post on What the 80/20 Rule Tells Us about Reducing HTTP Requests.
It focuses on looking at the entirety of a page load, using the example of yahoo.com:
ASIDE: I have been using the beta of Firebug to see exactly this kind of data when I go to my own pages. It is invaluable, and I couldn’t live without the current Firebug beta.
Our experience shows that reducing the number of HTTP requests has the biggest impact on reducing response time and is often the easiest performance improvement to make.
There is a lot more to this of course. Setting up the correct cache-control settings for items that do not change often is important. The backend is also important. A few architecture changes and you can spend magnitudes more time in the backend processing. We obviously want to start shoving HTML back down the pipe as quickly as possible.
It also shows how much of a difference parallel downloads can make. If you can tweak your browser to do more at once, it can make a big difference (as chances are your bandwidth isn’t the bottleneck).
DOES AJAX CAUSE A LARGER “ATTACK SURFACE”? NO.
What Hat Security digs deep into the mess of “Ajax is insecure” hype with their article on Myth-Busting AJAX (In)security.
They discuss:
- Does AJAX cause a larger “Attack Surface”? No.
- Does AJAX make the “Attack Surface” harder to find? Yes and No.
- Can AJAX cause “Denial of Service”? Not really.
- Does AJAX rely on client-side security? No.
- Does AJAX lead to poor security decisions? Sort of.
- Does AJAX make Cross-Site Scripting (XSS) attacks worse? I hope not.
- Does AJAX change security best practices? No.
Does this article exhibit common sense? Yes. Does it answer its own questions like Donald Rumsfeld? Yes.