The 1996 JavaWorld article Is JavaScript here to stay? is almost amusing in retrospect. John Lam recently observed that
Unfortunately ‘Code Darwinism’ worked operates on the same timscales as real Darwinism.
All too often, bad practices are seen, copied and made worse. Eventually, the projects based upon these practices will fail, but not before leaving a trail of destruction and frustration behind them.
Ultimately, people fall into one of 2 camps (and this applies in general behaviour too, not just software development)…
Those who use the bad behaviour of others as an excuse for behaving the same way themselves.
Those who see the good behaviour of others as a example to follow.
The difference is very subtle, but it’s an important one.
I do agree, though, that being able to examine other people’s code is one of the best tools for self improvement.
“I think in 2 years we will be awash in a lot of bad AJAXified apps.”
10 years so far and we’re still saddled with many applications written in C++ with buffer overflow flaws.
Don’t blame the saw, blame the carpenter.
Jon: excellent stuff. Beefing up the language (E4X) is definitely a step in the right direction. Thanks for the light.
Sorry Scott, I have good and bad tools in my garage, and the bad tools just make things hard to do.
.NET’s transparency is the very reason companies that write and sell software are not adopting it en masse. The truth is that software companies need to protect their IP. If they can’t do that, they won’t stay in business. Your Desaware example is an exeption to the rule - they provide components to developers. I don’t think Microsoft or Adobe will be licensing any of their source code anytime soon.
In fact, Microsoft’s biggest .NET app to-date (Small Business Accounting 2006) is obfuscated.
One of the strengths of Smalltalk systems comes from the fact that all source code is delivered with the system. This holds true for both commercial systems (like VisualWorks and Dolphin Smalltalk) and open source systems (like Squeak).
Smalltalk and its IDE are written in Smalltalk itself, and there is really no difference in the access you have to view and modify your own code and someone else’s code. No extra source files to be hunted for, and no settings in the IDE to change.
I agree that the open source model has a place in the software world. However, it isn’t something that can be applied realistically across the board for every software category.
I work for a small ISV, and we create stand alone as well as web based applications. It never fails that as soon as we create a unique product that starts selling well, someone will re-create our product and start selling it on their site. Some time ago, we rolled out a VB based application that was quite popular. Within a month of roll-out, we noticed that someone had taken our app, modified the string-table (changing such things as the app title, copyright, etc.) to brand the app as their own.
People that usually are evangelizers of a blanket open source software model often aren’t dependent on their software sales for a living, and/or aren’t familiar with the fact that there is a large portion of the Internet that will stop at nothing to make a buck - even if it means stealing from someone to do it.
For these reasons alone, we haven’t migrated to .NET yet, and have spent more time on web based development where our code is securely stored on our servers - away from prying eyes. If someone wants to duplicate our functionality, let THEM figure it out - I don’t need to “donate” my time telling them how I did it so they can go make a buck on it. That code represents my livelihood.
JavaScript can be obfuscated very well indeed thanks to it’s dynamic nature. You can nest eval’s and proceed through several layers of decoding from hex, base-64 or your own confusing mess.
If you think .NET code is difficult to decompile perhaps you should grab a copy of .NET Reflector.
[)amien
Thank you for pointing this out to people! Javascript is a wonderful language, and while doing web development this summer, have acquired a sense of “home” when I’m in Javascript that just doesn’t happen in the server-side ASPPHP. It’s so nice to be able to “create a function there on the fly, not even bothering to name it, just picking it up by its ears and tossing it into a function.” ( http://www.joelonsoftware.com/items/2006/08/01.html )
Javascript is seriously underappreciated, and I wish more work would be put into browsers to make it more useful (and crash-free; I’m looking at all browsers, not just IE6!)
“I work for a small ISV, and we create stand alone as well as web based applications. It never fails that as soon as we create a unique product that starts selling well, someone will re-create our product and start selling it on their site. Some time ago, we rolled out a VB based application that was quite popular. Within a month of roll-out, we noticed that someone had taken our app, modified the string-table (changing such things as the app title, copyright, etc.) to brand the app as their own.”
If you are being ripped off that easily, then your apps are too simple to really be hard to duplicate via traditional methods and you are not availing yourself to the legal system. Something so blatant is a slam dunk to get squashed.
Not making enough to pursue them in the courts? Then I wonder how it could possibly be sustaining your livelihood to a degree you care.
We provide source upon request to our customers. A few even tried to make a copy our service, but the reality is that our product is complex enough that they flame out in the attempt. Then get a nice letter and a bit later we get a nice check for their troubles. Simple really: provide something of true value and protect it via the laws that were put in place to do so.
Damien is right about JavaScript obfuscation. A company called Stunnix sells a product that does it ( http://www.stunnix.com/prod/jo/overview.shtml ).
Interesting enough, one of Paul Grahams startups Snipshot (formerly pixoh) were very surprised to find that a competitor had coped “massive chunks” of the javascript powering SnipShot (an online image editor).
The author says he was “naive about obfuscation”, ironically enough it was the quality and modularity of the javascript code that made it soo easy for the competitors to steal and use.
The details are here.
http://hartshorne.ca/2006/06/27/this_looks_familiar/
Factor is a well-thought-out language with ‘view source’ built-in. Most of the language is written in Factor except for a small C runtime, and since source code is saved, you can access the source code and documentation at any time. Languages like Factor, Smalltalk, and Self have to be the future of computation due to the stupid syntactical messes of languages like Javascript.
Just because it’s ubiquitous and open does not make it good. JS is not a great language. I think in 2 years we will be awash in a lot of bad AJAXified apps.
Hi,
please not again this discussion.
Opensource can work for apps that need loads of service afterwards - that means things, where the source alone is next to worthless like complex OS’ses.
However, for “simple” products that dont warrant a support contract, giving the source is a shot in the own foot imho…
Best regards
Tam Hanna
The entire JavaScript development community is predicated on instant, ubiquitous access to source code.
This leads to what I call “Code Darwinism”: good techniques are seen immediately and reproduce promiscuously.
Bad techniques never reproduce and die out.
This would be nice if it worked. Unfortunately it doesn’t, for two reasons:
I personally want people to see my code. If someone out there can teach me how to write better, more efficient code, as far as I’m concerned, the more power to me.
If someone sees my code and learns from it, the more power to them.
-www.thesol.com
Unfortunately, I think that there’s some JS obfuscation software - ant it’s doing its job pretty well (taking a script, assigning random names to all identifiers, encrypting that source code into function that creates this code from seemingly random characters - caesar’s crypt and some xoring involved - just into a variable and then executes it)… Bye bye OS.
check out google’s java to javascript compiler, no way to read that
All is not goodness and flowers–you’re forgetting about malicious intent.
IP needs to be protected, plain and simple.