Projections

the future called, they want their tower back.

Being more and more involved into the Web2.0 world and having the opportunity to collaborate with some of the best minds in this field, I must say that it becomes clearer where the world is going to, Web-wise. I am not saying that I have the complete picture, but it is common to find patterns withing the subject of interest, once you get into this state of mind which I would like to call hackmode. Well, I do fall into hackmode quite often so let me share with you my vision.

In this post, I am going to look at a few of the key aspects of the future of the Web the way I see them now. I am sure that at some point latter, I will stumbles across my ramblings and laugh at myself and my own stupidity and boldness. However, it feels like I a duty I have to bound to, so here I come:

Web1.0 vs. Web2.0

Some may say that the only difference between Web1.0 and Web2.0 is withing the syntactical semantics of both terms. In a sense this is true, since Web2.0 is primary based on Web1.0 technology. Though, philosophically, they mean completely different things. While Web1.0 was all about pages, Web2.0 is about applications. The second implies more interaction then the first. If you think about it ,Web2.0 is a result of the natural progression of the web.

When first Tim Berners-Lee, whom I respect a lot, came up with the hypertext as a model for social interaction, we were bound to pages. I guess at that time the human mind was not capable of perceiving something more that goes beyond the 2-dimensional sheet of paper. Today we still perceive websites as composition of pages, although the rules of has changed slightly in order to fit the rest of the world withing the boundaries of the game. Today, the Web is social interaction tool. It is a tool for collaboration, communication and general interaction. Pages do not fit into the picture any more, they have become redundant. Today, we talk about web applications.

Web Applications are set to work on different terms. They must be interactive enough in order to engage the regular user. They also must be as agile as possible in order to satisfy the never ending market for more. The web has turned into highly demanding industry.

Data, Structure, Content

Throughout the years, we have learned a few important lessons, which were all result of previous mistakes. We’ve learned that software must be composed of modules which fit together like mechanical gears – a model that allow us to build simpler and easier to develop and understand systems, while still being part of huge and complicated structure. We’ve learned that there is a great deal about separating the data, from the logic, from the presentation – something that was brought by the MVC (Modal View Controller) and other design patterns. We’ve learned about semantics and pragmatics, yet we don’t understand all of them, but I guess the time will come when we switch to RDF to OWA.

What I am trying to say is that the simple 2-dimensional page has turned into a well structured data source, a feed. Feeds represent pieces of information which are machine readable and not that human/user friendly. Today we find feeds in a form of RSS and ATOM structured documents, XML and even JSON (JavaScript Object Notation). In the future we are going to see even more of these in addition to a whole range of new Micro-formats, and semantically structured documents.

The separation of the data from the presentation was our first step towards the future. Machine consumable data can be easily processed with computer algorithms and meaning can be extracted. This was not possible with the old Web. Machine readable data is also the core of the Web – the memory of existence.

System Calls, Inter-application/process Communication

There is no need for memory unless we put it into action. Here we define the actuators. System calls, IPC (Inter Process Communications) and RPC (Remote Procedure Call) are terms that we use in general computing and especially Operating Systems. Today, they apply to the web.

I mentioned earlier that the data is separated from the logic, but also the logic is separated from the presentation. The free form of logic that has appeared as a result of this are the client-side and the server-side centric systems. The server-side is responsible for providing the facilities for the client-side, while the client-side provides facilities to the user. IMHO, this delineation between roles of responsibilities may disappear with the time, a trend that we see with the raise of AJAX technology.

It is important to understand that the free form of logic is also in a machine consumable format. We call this API or Application Programmable Interfaces. If you follow the latest trends, you will see that more and more on-line entities provide some sort of interfaces for machine interaction that resemble to a great extend the situation that we have with System Calls, RPC and IPC, which we currently use in modern operating systesms.

Web Operating System (WebOS)

Here we are. When we take the data and put it through the free form of logic we end up with interaction between machines, as we established earlier. Now slam the human interface on the top and the result will be what we reffer today as Operating System. It is a different Operating System though, but also very similar to the OSs that we use today. The main difference is that the WebOS does not have centralized memory, processing and power units. The structure of this OS is dispersed across the boundries of the Web. Every single user, or application is part of this system.

The WebOS is not a graphical interface, neigher it is represented by a single entity such as Microsoft, Yahoo or Google. The WebOS can be accessed streight from your browser, although that may not be always the most convienient way. The WebOS is about putting the people in charge of the technology.

Security

However, keep in mind that humans make mistakes. We make mistakes. This is where all security problems come from and the Web is not immune to them. On the contrary, it is more vulnerable then anything else. This is a subject that, as a security expert, I feel resposible to talk about.

The security principles of the WebOS are very different from those found in traditional operating systems. We no longer have to look at every system as an entity on its own. No! We must look at the Web as a whole. Some times, I get the feeling that old generation of security experts and hackers will never grasp this principles the way the upcomming waves will. Fortunately, whe web has turned many into souldiers that take either side although I hope that the good will preveil.

The reason why I am putting all this effort into this obviously useless article is to simple attrackt attention – not for myself, not for the GNUCITIZEN or any other organzation, but attention to the problem. Remember, XSS is not the only thing that you can do on the Web. SQL Injection exists but again it affects only parts of the entire electronic ecosystem. There are tones of other stuff we need to look at. Traditonal penetration testing no longer apply. In fact, it is useless, as useless as it could ever be.

My projections of the future are probably distorded and very incorrectly put but I do feel that they are right for the time we are currently leaving in. I hope that this article was helpful. If not, well, at least you have a different point of view on the matters.

Comments

.mario responds:

Just to add.. MVC = Model View Controller and it’s not a design pattern but a paradigm which results in the possibility to build (design) patterns around it – and it is around for generations but hit the webapp community comparably late – sometimes in pretty weird forms like MVC2.0 or WebMVC.

Problem is that its ontologies don’t really fit the requirements of modern web applications so workarounds were build (oh I hate CakePHP sometimes *g*)

The web application is not a desktop application and never will be – and the WebOS is the web itself – including all the problems evolving around it. XSS is not really an issue – and SQLI isn’t either. What should be put in focus is the the design flaws that come packaged with the web itself – beginning with HTTP and ending with application patterns resulting in tools way too powerful so the developers their selves aren’t capable of realizing what monsters the have created. A pretty ‘Oppenheimerish’ situation…

pdp responds:

I like that last paragraph that you wrote, and I totally agree. I hate CakePHP and RoR too. What I do like is to develop services, because the service can be consumed by whatever front-end. I know that this doesn’t work for marketing folks, but this is where we are going atm.

Aodhhan responds:

I could give a lecture on Web 2.0 since it has been a huge focus for me in my current position. You are right, the future for web technologies and web enabled (both client & server) applications is a huge security concern both now and in the future.

Although we are all aware of the inside threat many businesses today face, with Web 2.0 this threat is multiplied because with web services many individuals from different domains have some access to your system. You don’t have to just watch out for someone using common attack vectors, you must also watch out for malicious services being uploaded into a UDDI, as well as watch out for clients which have become web servers/hosts covertly on your network or a trusted partner.

I do disagree about older network experts having problem with the future of web services. Actually, I believe they will have no problem. Those of us who did networking prior to the Internet already faced this style of network interaction and some security concerns. Almost all processing was not done on your terminal, it was done on your central system or a link with another network; similar to where Web 2.0 is headed.

Back in the late 80s early 90s we moved away from this because personal computers were able to handle more and more, and applications were no longer written to be ran centrally.

Now we are coming full circle with an implementation of linking other terminals or desktop hosts with servers on another network. Although the technology has changed (instead of polling through my base network, I can use a browser interface), in reality the base is the same. Now we just need to scale it up a bit, due to the increase in individuals who have an education in networking, and access to our networks.

I do see changes coming in available protocols and languages for use on the Internet. For example, all applications we use now for Web2.0 is free of any mobile code (Ie javascript). PKI even at the lowest level will become a necessity for all data transactions. I wouldn’t be surprised if you will be required to have a personal certificate in the near future to use your credit card for online purchases for many websites.

Web 2.0 does bring us many new security challenges, because we will have to change the way business is handled now, and how we think & operate to ensure its security.

	Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.
	Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.
	Websecurify is a division of GNUCITIZEN. The initiative was established to provide a free web application security framework for automated and manual penetration testing. The service is still in private-beta.
	Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.
	Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.

GNUCITIZEN

Navigation

Web1.0 vs. Web2.0

Data, Structure, Content

System Calls, Inter-application/process Communication

Web Operating System (WebOS)

Security

Comments

Respond

The Others

GNUCITIZEN Products

Recent Posts

Random Posts

From The Cutting-edge Network