The work of Billy Hoffman, lead security researcher for SPI Dynamics (www.spidynamics.com), which was purchased by Hewlett-Packard last year, has been featured in Wired, Make magazine, Slashdot, G4TechTV, and in various other journals and Web sites. Today though he is in full flow at the inaugural AJAX Security Bootcamp, an all-day deep dive into Web application vulnerabilities being held on Day One of the 5th International AJAXWorld Conference & Expo in New York City.

Google said Tuesday that it's going mobile with its Google Gears technology, the stuff that's supposed to let web-based apps run unconnected to the web, beginning with Windows Mobile 5 and 6 devices ahead of its own nascent Android platform. Same day, Microsoft came out and made a victory-over-Adobe-Flash statement saying that Nokia and its Symbian OS-based phones and Internet tablets are going to embed its Silverlight plug-in, Microsoft's Flash-competitive crossbrowser/ cross-platform approach to delivering rich media and web applications.

This year Comet is more and more popular, and it is reflected at conferences in terms of the number of sessions talking about Comet. This is interesting, as it wasn't the case last year. Just for fun, here is a unofficial list of conferences where Comet was discussed in 2007, and the number of Comet sessions for each.

Stratavia announced the availability of its latest release, Data Palette 5.0. This new version introduces an AJAX-based user interface design, providing a rich user experience for centralized global IT administration. It also features advances in standardizing and automating complex, error prone tasks that traditionally require days, of manual intervention and oversight.

Just as with advertising measurement for AJAX, I continue to follow the technology known as Comet (open up an HTTP request from browser to server, then keep it open, pushing content down periodically) to see if it is ready for prime time. I thought I'd share my reading list from the last few months.

I frequently hear the question: 'Does Dojo have an AJAX method that updates a div?' - The answer is that there's no Dojo-approved way of doing something like this. Updating a div is such an easy process, that implementing a de facto solution is not only extra code, but you also hit a wall as soon as you want to do 'something more'. The short and sweet solution looks something like this...

IBM says it's found a way to make mashups secure enough for business. Because of inherent browser insecurity, mashups aren't really viable for widespread business adoption. But what's a little thing like viability compared to the pressure of keeping up with the Joneses - in this case the consumer mashup rage. So to keep the enterprise from hurting itself - and being held hostage by some cyber crook - IBM has come up with SMash, which basically lets information from different sources talk to each other - and create the one unified view mashups are famous for - but keeps them isolated so it's harder for malicious code to inject itself into the company system.

IBM announced new technology to secure 'mashups,' web applications that pull information from multiple sources, such as Web sites, enterprise databases or emails, to create one unified view. Mashups are attractive for business use, as they allow non-technical users to gain insight on complex situations in minutes, but as with all Web-based initiatives, security has been a concern.

Sun Microsystems, a creator and industry leading advocate of emerging technologies, is revolutionizing and redefining system-wide management of rich, standards-compliant, Internet applications for the next generation Web. A singular vision -- 'The Network Is The Computer' -- guides Sun in the development of state-of-the-art, power-efficient servers and storage systems to award-winning, open-source based software offerings. When it comes to Web 2.0 technologies, Sun provides best-of-breed solutions to enterprises and startups worldwide for developing, deploying, and managing the next wave of computing. For more information about Sun Microsystems, visit http: //developers.sun.com/web/

Acquia has yet to price its maintenance and support subscriptions - there should be a variety of SLAs - but they're supposed to include an electronic update notification system code named Spokes for updates that have been reviewed for security and compatibility and are supported by Acquia. Acquia is currently at 12 people, expecting to be 25 by the end of the year. Its Series A money comes from Northbridge Venture Partners, Sigma Partners and O'Reilly AlphaTech Ventures. According to Dries' blog, Drupal 7 should offer the ability to create, share and mashup managed content, letting Drupal be a data repository accessed by tools and web sites across the network.

NeboWeb announced the launch of the new ReGen Biologics corporate website powered by NeboWeb's AJAX-based Content Management System. The CMS includes intuitive content management features for page creation. With integrated editing tools, file history views with rollback functionality, a newsroom/pressroom manager, multiple levels of users and permissions, and more, ReGen now has the ability to optimize content for search engines from within the CMS.

Hot on the heels of Apple's announced iPhone SDK, Relevantis released its Dynamic Ads solution for iPhone. The platform is to enable interactive AJAX advertisements on mobile phones, allowing advertisers to interact with customers in a personalized and engaging manner.

There is now a spectrum of Rich Internet Application (RIA) technologies - including Adobe Flex, Adobe AIR, Microsoft Silverlight and Curl - that go beyond the traditional functionality that AJAX provides. These platforms provide distinct benefits for moving complex desktop and client-server applications to the Web. An independent study by Sonata Software compared the performance and ease of development of applications using Curl, AJAX, and Flex, highlighting strengths and weaknesses of each platform This session will look at the application characteristics that developers should consider before choosing a platform, as well as provide specific examples of the interactivity and performance that these platforms offer.

Complex event processing and RIA used together turbo charge application development. In this presentation we base our story around real life success in building a real-time trading application. A thrilling demo is included.

Fueled by the explosive growth in digital media and user generated content, the demand for storage has increased exponentially, placing significant stress on current 'in house' storage architectures and costly overcapacity build-outs. Factoring in time-to-market pressures as well as power, space, large capital expenditures, global performance, load balancing and availability issues, companies are faced with an exploding challenges and costs to go with the exploding storage demand. Bottom line, companies must take a new approach to storage. Companies need to move from the old and out-dated storage 1.0 model of 'do everything yourself' to a new storage 2.0 model. The storage 2.0 model delivers persistent storage on demand to applications regardless of location and pre-defined boundaries and meets the performance and scalability characteristics of the Web applications.

In this presentation, we'll introduce Laszlo Webtop 1.2, a framework built on OpenLaszlo for delivering multiple RIA/AJAX-based communications and collaboration applications. Coupled with Webtop's breakthrough cinematic user interface is a corresponding server-based SOA framework that provides advanced data management APIs, manages authentication and single-sign on, and includes other features that make an extensible, performant desktop-in-a browser a reality. Attendees will experience a live Webtop demo, showcasing applications including an address book, a mail client, IM, and photo viewing - all with breakthrough integration via drag and drop of Smart Objects. Finally, they will be shown how the world's leading service providers are already using Webtop today to deliver a unified communications experience and to consistently engage their subscribers.

AJAX Data Services is a JavaScript library that lets AJAX developers access the messaging and data management capabilities of Flex Data Services directly from JavaScript. It lets you use Flex clients and AJAX clients that share data in the same messaging application or distributed data application. Many AJAX applications are taking on the responsibilities of round tripping data. Adding the Flex Data Management Service to these applications adds the benefit of pushed updates, conflict management, lazy loading, and direct integration with back end domain models. This session will show how AJAX Data Services is useful for any AJAX application to which you want add the capabilities of the Flex Management Service or Messaging service.

Last year, the overall demand for RIAs outpaced the qualified supply chain. Industry analysts expect the explosive growth to continue in 2008. Anthony Franco, President, EffectiveUI, will discuss how this unprecedented increase in RIA adoption - especially by the Fortune 500 - will enable companies to hone their competitive edge and improve core business practices with fast, reliable, productivity-enhancing tools. While the world of RIAs can be fraught with costly risk, the flip side of the coin is that good RIAs can provide your customers with user experiences that leave your competition in the dust. If you keep the risks and rewards front of mind, you can turn the 2008 RIA challenge into successful opportunities.

Enterprises are enthusiastically embracing the shift from traditional client/server computing to SaaS. Inspired by customers who have embraced the Web, developers are using RIA tools to create innovative new on-demand business applications. One important factor in the shift from traditional computing to SaaS has been ease of use through vendors' careful attention to the user experience utilizing RIA technologies. This session will present how RIA technologies such as AJAX and Flex - in combination with the Force.com platform - provide all the tools necessary for developers to build an enterprise-class application - sometimes within hours!

New interaction paradigms and complex user interface controls of AJAX have raised concerns about access and usability for users of all backgrounds and abilities. Client-side JavaScript code may assume certain language or cultural conventions, alienating vast audiences. Graphical and mouse-based user interaction is often assumed, preventing use by keyboard or assistive technology users. This presentation will review the issues and provide best practices for building accessible and globalized AJAX applications today, including the new W3C Accessible Rich Internet Application (ARIA) specification. This and other strategies used to provide full accessibility and globalization in the Dojo Toolkit will be shown.

Microsoft introduced Silverlight as cross-platform, cross-browser next generation RIA solution. No matter you have LAMP, ASP.NET or JAVA Web application, you can take advantage of Silverlight to impress your user with the 'WOW' effects. This session will use real world implementations to show you how to build a Silverlight application from start to finish, as well overall strategy why we should or shouldn't use Silverlight.

ASP.NET AJAX is a natural candidate for RIA development under the .NET framework. However, there are other complementary or even alternative technologies that are worth your consideration. This session will start with a brief market overview and outline the pros and cons of some of the emerging and established frameworks, particularly JavaFX, Silverlight, and Flex. We will then dive into hands-on labs for delivering applications using Flex and .NET. You'll see specific implementations utilizing web services, FlourineFX (open source Flash remoting) and WebORB (commercial Flash remoting). We will also discuss delivering desktop applications using Adobe AIR, streaming video over the web, and engaging your audience with audio/video chat. Basically all the must-have features of today's Rich Internet Applications.

jMaki is an AJAX framework that provide a wrapper over rich widgets from multiple toolkits such as Yahoo!, Dojo and many others. jMaki-wrapped widgets can be easily used in a JSP, Rails, PHP and Phobos app. This session will explain what jMaki is and show using live code demos how easy it is to embed jMaki widgets in different pages.

PHP is the server-side technology behind the majority of Web 2.0 sites like Facebook, Flickr, Technorati, Ning, and Web 2.0 applications like IBM's QedWiki, Wordpress and SugarCRM, the new generation of Rich Internet Applications (RIAs). Zend's CTO Andi Gutmans will explain the three essential components of RIAs and provide an overview of the relevant features in PHP 5 and Zend Framework that make them suitable for building RIAs. He will explain why building beyond AJAX is desirable and necessary today: - to deliver richer desktop-like user experiences - to expose functionality as easy-to-consume Web services - to leverage the user-base to contribute, enhance, and categorize information. Andi will also demo a sample application and will explain details including best practices for its implementation.

In this session, Laurence Moroney, Microsoft, will introduce Silverlight 2.0 and how it can be used to easily and productively build next generation Rich Interactive Applications using C#, XAML, JavaScript, AJAX and more. He will demonstrate how to go from Zero-to-Hero as well as how to build more complex nTier applications with Silverlight at the front end, as well as using Silverlight with PHP, Java and other back-end technologies.

Open source, open platforms, open development environments... 'Open' can mean a lot of things, and the differences between one 'open' and another can be significant. David 'Lefty' Schelsinger will examine the various aspects and uses of the term 'open' as it relates to the current evolving mobile software space. Where does open source code make sense? Is simply being open source sufficient? Does openness necessarily mean fragmentation, and if so, what's the best way to forestall that? There are many platforms based on open source code to greater or lesser degrees, many 'open development platforms' and a number of initiatives--LiMo, LiPS, GNOME Mobile, the Open Handset Alliance, and others--dedicated to putting open source software on mobile devices. What are the differences between them? Are they competitive or cooperative? This discussion will describe the landscape, identify the players and contrast the approaches being taken. The ACCESS Linux Platform will be featured in this context as an alternative to the iPhone platform, as well as the approach to enabling third-party developers, and addressing the needs of the marketplace and the requirements of operators and device manufacturers.

This session will address issues to consider when selecting an AJAX toolkit and the most effective IDE for the implementation. It will identify the 30-40 UI components most commonly used in business and mission critical software applications that can be used as a benchmark for evaluating various toolkits, then explore the top evaluation criteria including component behaviors, customization, flexibility, frameworks, licensing and documentation. Attendess will be provided with a comparison survey for the 6-8 most widely used AJAX UI component libraries. Further discussion will address how to select the appropriate IDE once a commitment has been made to a AJAX UI toolkit.

Many business developers want to start using AJAX by enhancing the forms in their existing applications. This presentation will demonstrate how to quickly and easily add AJAX capabilities to standard HTML forms using the Dojo toolkit. The talk is geared to developers who want to enpower their forms quickly with a minimal learning curve. We'll cover client side validations, validations on the server without a page refresh, and adding specialized Dojo widgets to forms for selecting dates and providing a rich text editor. New released version 1.1 of Dojo will be discussed. Students will walk away with practical examples for adding AJAX capabilities to their forms.

Jeff Haynie will introduce the audience to Appcelerator's open-source RIA platform. Attendees will learn how Appcelerator has been able to help developers create AJAX-based RIAs in less than 1/3 of the time, with up to 90 percent less code, and with no Javascript or third-party toolkits. Key takeaways from the session will include: Developing fully-functional, client-only prototypes without writing a line of server codeCreating service-oriented UIs that can simultaneously access services in any language without code changes and Decoupling client and server components for accelerated development, simplified maintenance and rapid iterations. Haynie will also discuss the current technology options for rapid RIA development and how developers can leverage pre-built AJAX widgets, Web Expression Language, and other open standards-based languages to create RIAs with more functionality and less code.

Web Developers these days should use libraries, for the main reason that all libraries want the same thing: make it easier for developers to think about building their applications rather than worrying about quirks and failures of Web browsers. Some libraries go even further in giving a helping hand to the aspriring Web application architect. The YUI for example has a Custom Event feature which can be used to create massive applications that can be easily maintained and are fully extendable. This session explains the architectural ideas of event-driven application development and shows examples how this is helpful for AJAX applications.

Come learn how to take your UI to the next level with Silverlight. You'll see how powerful Zoomable interfaces can be built (hint: bring some 3D Red and Blue glasses!), how ink can be integrated into your Web UI, how internationalization is a piece of sushi and how rolling your own controls is well-easy.

Caucho presents a new API and infrastructure for Enterprise Comet applications which takes care of issues such as thread and session management, while using an interface familiar to Java developers who have used JavaEE Servlets. Demos will be presented which use this framework and GWT to streaming data in a financial application. Benchmarks will also be presented which show the server load and network impact of large numbers of clients. This Comet API, part of Caucho's Resin Enterprise Application Server, is available today for download and evaluation.

With Rich Internet Application credits that include Watson and Spring for Mac OS X, Robb Beal has directed user experience design in projects ranging from rich business intelligence to consumer stock trading to consumer news and entertainment portals. Currently he is the principal systems engineer at Laszlo Systems, where he works closely with customers to match Laszlo¹s products and technologies with their user experience and technical needs.

'The experience that web application users expect has changed profoundly as 'RIA' style application design has become prevalent,' says Microsoft's Joe Stagner. 'Companies developing web applications can't wait any longer to solidify their Rich Internet Application strategy.' Stagner was talking with SYS-CON.com as part of an informal, virtual round table on The Business Value of RIAs.

A round-up of the overall themes and topics being presented at AJAXWorld 2008 East at The Roosevelt Hotel in midtown Manhattan, March 18-20, 2008 - including Enterprise Mashups, Rich Internet Applications, Security, Enterprise AJAX, Silverlight, GWT, Reverse AJAX/'AJAX Push', AIR/Flash/Flex, JavaFX, ASP.NET AJAX, Seam, JSF, iPhone, Social Applications, YUI, jMaki, Appcelerator, Curl and more...

Leading RIA practitioner Jeff Tapper, who has been developing Internet-based applications since 1995 for a myriad of clients including Conde Nast, Harley Davidson, Toys R Us, IBM, Dow Jones, American Express and Morgan Stanley, is giving a session in mid-March at the 5th International AJAXWorld in New York City. His topic will appeal to all who have a keen eye not only on rich interactive experiences but also on the bottom line: 'Using Adobe Flex to Increase Return On Investment with RIAs.'

'Tutorials tend to focus on building new applications from the ground up,' notes Pathfinder's Brian Dillard, who has recently written an 'AJAX Overhaul' Tutorial. 'In the real world, programmers are more likely to constantly refine an existing app.' Dillard is a member of Pathfinder Development, whose Chief Technology Officer, Dietrich Kappe, is a speaker at the upcoming AJAXWorld Congference & Expo 2008 East in New York City. 'Brian's expertise and experience are tremendous assets to our clients and the AJAX community,' notes Kappe.

'There has been a lot of buzz around rich Web 2.0 applications, but they will not become mainstream until the next generation of web platforms emerge - fully integrated platforms that enable RIA + SOA.' That is the current state of the enterprise Web development union according to Appcelerator Co-Founder & CTO Nolan Wright.

The movement to empowering business users via Enterprise Mashups, which began to gather momentum in 2006 and 2007, has now gathered speed to the extent that at the upcoming AJAXWorld Conference & Expo 2008 East in New York City in mid-March, there is a dedicated track showcasing the industry's leaders in Enterprise Mashups and related Enterprise 2.0 and Enterprise Web 2.0 initiatives - all aimed at letting users join in data from outside the enterprise.

froglogic's upcoming Squish 4.0 release will bring many improvements to the automated development and QA process. One strategic move is to replace the current in-house implementation of the graphical test development environment with an Eclipse-based IDE that is completely re-designed and re-written from scratch. The new Eclipse-based IDE will be deployed as a stand-alone RCP application as well as a plugin for the Eclipse Workbench.