Hi my name is Rob and I’m paranoid.
Actually let me quantify that – Hi my name is Rob and I’m a paranoid developer. I don’t mean that I spend my days imagining the worst scenarios under which my applications can fail or wondering if my clients are talking about me behind my back. No, I’m paranoid in the simplest sense – I don’t trust technology.
In the sphere of web application development, technology moves incredibly quickly and new libraries, classes and “concepts” are popping up daily. I can remember, without having to cast my mind back too far, the first time I heard the phrase AJAX in relation to web development (rather and toilet cleaning or Greek mythology).
There seems to be an equally strong driving force to adopt these technologies as soon as possible to provide the latest “cool” features and interface elements.
This is the crux of this post – I refuse, and indeed actively resist this addiction to early adoption. My reasons? Simple – the majority of this tech is well documented and relatively simple to implement in a DIY manner but to get the best of it you are having to relinquish control over part of your source and use work from a 3rd party. Take, for example, jQuery – an immensely popular JavaScript AJAX and UI library with 100′s of plugins to achieve pretty much anything you could want to on the web. I have no issue with the sites that use jQuery but I have, for the most part, avoided this and other JavaScript libraries for one simple reason – I don’t have the time (or the knowledge) to understand exactly what it is they’re doing hence I don’t have the tools needed to fix them if they break or to ensure they’re secure.
I spent 3+ years working for a firm who developed highly available, distributed and immensely secure hosted services and the implementation of a new version of anything was viewed as an exercise in integration testing and quality assurance hell. Even simple things like an in place upgrade of an existing application were treated to weeks of research, deployed in a “safe” mirrored environment and subjected to load tests, fuzz tests and pretty much any kind of test we could think of. This testing was not done because we enjoyed doing it but rather because we had to maintain 5 nines of uptime and the slightest glitch overlooked could spell disaster.
This role taught me to be paranoid in my adoption of new technologies and this reticence has stayed with me, often to the detriment of the interfaces I’ve designed. 3rd party classes have been accepted, begrudgingly, into my tool box only after a good couple of days researching, testing and reading of the source. Most AJAX libraries remain out in the cold (although I’m slowly warming to jQuery if only because the core has been around for long enough without a major security flaw (that couldn’t be addresses by common sense on the server side) to be worth considering for non critical apps.
There is one exception to this steadfast discipline. As a (predominately) ColdFusion developer I have spent quite a bit of time using the ColdFusion AJAX options. Why would this be acceptable when I have shunned the very libraries that power this functionality? Simple – ColdFusion costs money and as part of that contract we as developers receive an (unwritten) assurance from Adobe that the software will work, be as bug free as possible and be as secure as they can make it. In the event of a security issue being found and reported, it will be fixed as quickly as possible and an update to the core will be provided. I don’t have to monitor X mailing lists or subscirbe to the security RSS feeds as the community will let me know (via Twitter, blogs, you name it) almost as soon as any area for concern comes to light.
This combination of commercial backing and almost fanatical community support is enough to overcome my inherent paranoia and permit me to use those features without having to check over my sholder every time I update (or fail to).
So far as the rest of the web’s technology wave goes? I’m going to continue to be paranoid – it keeps me, my clients and my apps as safe as I can make them!
