slanted W3C logo
Cover page images (keys)

How fast does the Web Change?

Dan Connolly, W3C
Park University Department of Information and Computer Science
Sep 2008

Web Architecture Quiz

Consider an on-line todo list:

ToDo List

Can you spot the problem with this design?

<h2>ToDo List</h2>
  <li>Buy milk <a href="/items/1/delete">[delete]</a></li>
  <li>Feed dog <a href="/items/2/delete">[delete]</a></li>

Web Architecture: HTML and HTTP

When this link is activated:

  <a href="/items/1/delete">[delete]</a></li>

the client sends this:

GET /items/1/delete HTTP/1.1

Web Architecture: exploration is safe

People have certain expectations about questions as opposed to statements or orders or requests. They apply to safe methods in HTTP, such as GET:

Customer Does that book come in paperback? Client
GET /items/1/delete HTTP/1.1
Seller We've charged $11.50 for that book to your credit card. Nice doing business with you. Server
200 OK

item 1 deleted
Customer WHAT?! Client :-/

Web Architecture Quiz (Key)

Using HTTP as designed:

ToDo List

  • Buy milk
  • Feed dog

<h2>ToDo List</h2>
<form method="post" action="/update">
  <li>Buy milk <input type="checkbox" name="1" /></li>
  <li>Feed dog <input type="checkbox" name="2" /></li>
<p><input type="submit" value="Delete checked" /></p>

*Yes, you can use AJAX to avoid a full page update, but be sure you know about unobtrusive javascript before you use it.

GET and POST: Innovation

Nov 1993

Changes and additions in this prerelease include:

  • Implemented FORM METHOD="POST" with optional ENCTYPE="application/x-www-form-urlencoded".
NCSA Mosaic for X 2.0 prerelease 8 available
Marc Andreessen (
Sun, 7 Nov 93 21:14:34 -0800

GET and POST: Rough Consensus and Running Code

HTTP reaches Draft Standard status in the IETF, where TCP/IP, DNS, and SMTP are standardized.

June 1999

... the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

9.1.1 Safe Methods of Hypertext Transfer Protocol -- HTTP/1.1

Web Architecture Volume 1

Dec 2004

Nadia's retrieval of weather information (an example of a read-only query or lookup) qualifies as a "safe" interaction; a safe interaction is one where the agent does not incur any obligation beyond the interaction. An agent may incur an obligation through other means (such as by signing a contract). If an agent does not have an obligation before a safe interaction, it does not have that obligation afterwards.

3.4. Safe Interactions in Architecture of the World Wide Web, Volume One
photo of W3C TAG members in Basel in 2004

Web Architecture: in practice

May 2005

So, the Google Web Accelerator prefetches links. Not a big surprise. Unless clicking on a link destroys or alters data and you can't figure out why your stuff is gone. This is not actually the web accelerators fault.

37Signals and the Google Web Accelerator
Jun 2005

I've always known that using GETs when I should be using POSTs wasn't kosher, but there were never any ramifications until now.

What Have We Learned From the Google Web Accelerator?
Chris Cantrell June 01, 2005

Web Architecture in W3C

The W3C Technical Architecture Group works on principles underlying the 30 or 40 technologies W3C is developing.

HTML, CSS, and many other W3C technologies

How fast does W3C change?

Founded in 1994, we celebrated our 10th anniversary in 2004 and collected a historical matierials for the event.

W3C timeline

How fast does HTML change?

How fast does the browser marketplace change?

Web Security: How fast do the bad guys make zombies?

(1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic
(1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic

Source: Zombie computer article in Wikipedia

Web Security: How fast do the bad guys make zombies?

The number of compromised zombie PCs in botnet networks has quadrupled over the last three months, according to figures from the Shadowserver Foundation. ... The clear trend within these figures is upwards, with a rise in botnet numbers of 100,000 to 400,000 (if 30 day entropy is factored into equations) or from 20,000 to 60,000 (for five day entropy).

Zombie network explosion
By John Leyden in The Register 2nd September 2008

How fast does the web change publishing?

There is no way to overstate what the dismemberment of The Star means, adversely, to this metropolitan area.

Sadly, this event is of historic proportions
By: Steve Rose, Publisher, Sep 3, 2008

Ads on the Web: Craigslist, Google

How fast does the Web change the free press?

How fast does the web change government?


Follow-up resources: