Loading ...
Sorry, an error occurred while loading the content.

Re: JSON syntax grammar is missing 'undefined' literal value

Expand Messages
  • Shelby Moore
    ... Agreed this is an exciting frontier, based on a conceptually RISC-like, yet data complete model that is JSON. A point I grasped probably due to your
    Message 1 of 19 , May 26, 2008
    • 0 Attachment
      Douglas Crockford wrote:
      > I anticipate that there will be other languages that are based on or
      > inspired by JSON. These will push the model in interesting directions.
      > But there will be always be a simple JSON because there is a benefit
      > in having something that is reliable and minimally adequate.

      Agreed this is an exciting frontier, based on a conceptually
      RISC-like, yet data complete model that is JSON. A point I grasped
      probably due to your writings (your blog included) over the past year.
      However, even after reading your much appreciated insight and
      experience, I still think JSON is missing one crucial literal type.

      > In my view, JavaScript's undefined was a mistake. There are too many
      > similar falsy values in the the language.

      In my view, false, null, and undefined are not all similar, and each
      is a critical fundamental primitive for the semantic web. Boolean and
      null Object both are referent data types. The Boolean false is
      fundamental binary gate of digital logic. The null Object means
      semantically we require an Object, but we don't know which object.
      Requiring an Object is not the same as requiring a true/false outcome.
      Requiring an Object and getting a null outcome, is not the same as
      requiring a Boolean and getting false. Those are very different semantics.

      The undefined Object means we know the identifier that refers, but the
      referent (to which it refers) is unspecified. Thus, undefined is
      necessary for distinguishing between unspecified data and data that
      the application does not contemplate. If we use null to represent
      unspecified data, then we no longer have a way to distinguish between
      unspecified data (no referent) and specified data (referent) that has
      no value.

      If I have an application that expects a data structure with two
      members, "one" and "two", then if it receives:

      { "one" : null }

      then it is clear that "one" is specified as no value, but it is
      ambiguous whether the received data is saying that "two" is
      unspecified, or if it is saying that "two" is not even contemplated.
      In the latter case, the sending application might be in error, because
      it doesn't even contemplate "two" in it's output.

      If { "one" : null, "two" : null } is received, then it is ambiguous
      whether "one" and "two" are specified as no value, or whether they
      were contemplated but are not specified.

      Whereas, if { "one" : null, "two" : undefined } is received, then
      there is no ambiguity.

      The distinction between null and undefined becomes more noticeable,
      when one gets into specifying semantics in data structures, as became
      evident when I decided to use the pair names as the semantic data
      types implicitly, to avoid the overhead (and reduction in human
      readability) of an orthogonal schema language. In my formulation, the
      data is the schema, via inheritance. Thus the critical need to
      distinguish between optional, unspecified and required, no value in
      inheritance.


      > Most programmers are
      > confused about the differences.

      That may be true. Douglas, afaik your web site (crockford.com) has
      helped clarify many things about JavaScript, perhaps my explanations
      above may be helpful in this regard at some point. I claim no
      copyright nor recognition. Be it as it may.

      > The undefined property is
      > inconsistent. It indicates a missing member, but it can be the value
      > of present members.

      As I detailed above, I think it is critical to view undefined as the
      type of the identifier, not of the referent. Then there is no
      inconsistency, because undefined is not concerned with assignment, as
      it is not a property of the referent of the identifier. You are not
      asking "is the identifier not attached to a referent?", but instead
      "was this identifier assigned to undefined?". Per my first post of
      this thread, one can distinguish from a property identifier which was
      never assigned to undefined, using the 'in' operator, but that is
      orthogonal to the question that "=== undefined" asks about the identifier.

      > As a name, it is implemented as a writable global
      > variable, a feature with alarming security and reliability
      > consequences.

      Thanks for making me aware that this.undefined is a writable property
      of the global this object. I did some testing in Firebug's console,
      and even after undefined has been modified (e.g. this.undefined =
      null;), new instances of uninitialized var or missing properties,
      still get assigned to the original undefined object. So it means to be
      safe against malicious code, we need to re-initialize upon any call backs:

      var undefined;
      this.undefined = undefined;


      > This is not a feature to fight for. It is a mistake that
      > cannot be rectified.

      Why can't the writeable security hole be rectified?


      > At the time I formulated JSON, JavaScript was not a popular language,
      > and it was generally held in very low esteem. One of my design goals
      > was to hide JavaScript's defects. That is why keys must be quoted in
      > JSON, because I did not want to explain JavaScript's absurd reserved
      > word policy in the JSON spec. The undefined value was excluded for the
      > similar reasons.

      I am not following you? If undefined was a literal in JSON, afaics it
      would work fine in eval(), as long as this.undefined is patched up
      before calling eval, just in case it was overwritten.


      > JavaScript could use a generalized serialization format, something
      > that understands functions and prototypes and undefined. That language
      > could be derived from JSON, but JSON should never be that language
      > because it would violate the goal of being minimal, stable, and
      > independent.

      That may be true, but that is not at all what I am here for. I am
      also working on a language agnostic, minimalistic primitive syntax. I
      am merely trying to enable the minimum necessary to launch the
      Semantic Web, in much simpler manner than all that RDF+XML complexity.
      I simply believe that automated code reuse is not only for science
      fiction. And I believe OpenSocial, MySpace, FaceBook, etc are all
      wrong and very vulnerable.
    • Shelby Moore
      Douglas, your insightful replies are helping me to understand better your and my concepts. Perhaps it was Einstein who said (paraphrased) that until one is
      Message 2 of 19 , May 26, 2008
      • 0 Attachment
        Douglas, your insightful replies are helping me to understand better
        your and my concepts. Perhaps it was Einstein who said (paraphrased)
        that until one is forced to explain their concepts, they don't really
        understand them well. I appreciate the sound reasoning that got JSON
        to where it is today, but I remain yet unconvinced that undefined is
        not a critically missing literal. I remain open-minded, and I
        respectfully do not desire to drag us into a long debate. Afaics,
        there is nothing wrong with JSON remaining static, and then some
        proposal for JSON+undefined for those who need it. I hope that is
        harmonious.
      • Shelby Moore
        ... On further thought, this is not any more a security concern, than JavaScript (or the web page) itself. Agreed, it should be made read-only to prevent
        Message 3 of 19 , May 27, 2008
        • 0 Attachment
          > Douglas Crockford wrote:
          > > As a name, it is implemented as a writable global
          > > variable, a feature with alarming security and reliability
          > > consequences.

          On further thought, this is not any more a security concern, than
          JavaScript (or the web page) itself. Agreed, it should be made
          read-only to prevent against non-malicious untended modification.

          There is no security in any JavaScript, because rogue code can change
          any user code. The entire current concept of browser security is
          conceptually flawed, and the solution is as follows:

          http://www.coolpage.com/commentary/economic/shelby/security.html

          The only trustable web page is the one where ALL referents (resources)
          come from a trusted source. Security is fundamentally trust.
          Increasing granularity of trust, decreases security conflicts. I give
          a proposal using sub-frames to segregate private data from the rest of
          the web page.
        • Tatu Saloranta
          How about moving security-related discussion to another thread or group? And with regards to adding keyword undefined to json, I would be strongly against
          Message 4 of 19 , May 27, 2008
          • 0 Attachment
            How about moving security-related discussion to another thread or group?

            And with regards to adding keyword 'undefined' to json, I would be
            strongly against adding any such language-specific keywords. As a
            non-javascript-user of json I would find it a rather silly and useless
            addition. Json's goals are not, as far as I understand, to be
            javascript(-only) serialization format, but rather serve as a
            minimalistic generalized object notation.

            -+ Tatu +-

            On Tue, May 27, 2008 at 3:04 AM, Shelby Moore <shelby@...> wrote:
            >> Douglas Crockford wrote:
            >> > As a name, it is implemented as a writable global
            >> > variable, a feature with alarming security and reliability
            >> > consequences.
            >
            > On further thought, this is not any more a security concern, than
            > JavaScript (or the web page) itself. Agreed, it should be made
            > read-only to prevent against non-malicious untended modification.
            >
            > There is no security in any JavaScript, because rogue code can change
            > any user code. The entire current concept of browser security is
            > conceptually flawed, and the solution is as follows:
            >
            > http://www.coolpage.com/commentary/economic/shelby/security.html
            >
            > The only trustable web page is the one where ALL referents (resources)
            > come from a trusted source. Security is fundamentally trust.
            > Increasing granularity of trust, decreases security conflicts. I give
            > a proposal using sub-frames to segregate private data from the rest of
            > the web page.
            >
            >
            > ------------------------------------
            >
            > Yahoo! Groups Links
            >
            >
            >
            >
          • Greg Patnude
            I ve been following this particular thread with some interest -- Most modern programming languages HAVE defined undefined -- Undefined is NOT 0 and NOT 1,
            Message 5 of 19 , May 27, 2008
            • 0 Attachment
              I've been following this particular thread with some interest --

              Most modern programming languages HAVE defined "undefined" --
              Undefined is NOT 0 and NOT 1, and NOT 'null' AND NOT 'not null', and
              NOT true and NOT false... Bottom line: undefined is actually defined
              as something that is NOT DEFINED...

              As far as JSON goes -- by definition: it is "JavaScript Object
              Notation" -- so -- on the technical definition -- JSON is in fact a
              "JavaScript-ONLY" object notation mechanism. The great thing about
              JSON is that it is pretty much generalized -- there are
              implementations in a ton of different languages.

              I have thought for a long time that there probably ought to be a
              strict "generalized object-notation" group [GONF ? Generalized Object
              Notation Format ???].

              An underlying issue with JSON is the name itself -- because JSON is
              so versatile, has support in a multitude of languages, and 100%
              flexible [I use it for many things including: server-server
              communication in lieu of serialized objects, client-server
              communication, browser-server [Web 2.x]] --

              I use JSON everywhere: even when not using a JavaScript client or web
              browser -- that is the beauty of it...

              Maybe it is time to think about how big JSON really is and how
              completely useful it is as a high-speed data transfer mechanism and
              re-consider the name -- it ain't just plain ol' JavaScript anymore...
              It REALLY IS a multi-purpose, multi-platform data interchange and
              transmission format. Maybe it shuld be called something more
              appropriate to it's function.





              --- In json@yahoogroups.com, "Tatu Saloranta" <tsaloranta@...> wrote:
              >
              > How about moving security-related discussion to another thread or
              group?
              >
              > And with regards to adding keyword 'undefined' to json, I would be
              > strongly against adding any such language-specific keywords. As a
              > non-javascript-user of json I would find it a rather silly and
              useless
              > addition. Json's goals are not, as far as I understand, to be
              > javascript(-only) serialization format, but rather serve as a
              > minimalistic generalized object notation.
              >
              > -+ Tatu +-
              >
              > On Tue, May 27, 2008 at 3:04 AM, Shelby Moore <shelby@...> wrote:
              > >> Douglas Crockford wrote:
              > >> > As a name, it is implemented as a writable global
              > >> > variable, a feature with alarming security and reliability
              > >> > consequences.
              > >
              > > On further thought, this is not any more a security concern, than
              > > JavaScript (or the web page) itself. Agreed, it should be made
              > > read-only to prevent against non-malicious untended modification.
              > >
              > > There is no security in any JavaScript, because rogue code can
              change
              > > any user code. The entire current concept of browser security is
              > > conceptually flawed, and the solution is as follows:
              > >
              > > http://www.coolpage.com/commentary/economic/shelby/security.html
              > >
              > > The only trustable web page is the one where ALL referents
              (resources)
              > > come from a trusted source. Security is fundamentally trust.
              > > Increasing granularity of trust, decreases security conflicts. I
              give
              > > a proposal using sub-frames to segregate private data from the
              rest of
              > > the web page.
              > >
              > >
              > > ------------------------------------
              > >
              > > Yahoo! Groups Links
              > >
              > >
              > >
              > >
              >
            • Mark Joseph
              I agree with this totally. And frankly I am finding the current discussion a bit boring and a waste of time. Best, Mark P6R, Inc On Tue, 27 May 2008 09:46:23
              Message 6 of 19 , May 27, 2008
              • 0 Attachment
                I agree with this totally. And frankly I am finding the
                current discussion a bit boring and a waste of time.

                Best,
                Mark
                P6R, Inc


                On Tue, 27 May 2008 09:46:23 -0700
                "Tatu Saloranta" <tsaloranta@...> wrote:
                > How about moving security-related discussion to another
                >thread or group?
                >
                > And with regards to adding keyword 'undefined' to json,
                >I would be
                > strongly against adding any such language-specific
                >keywords. As a
                > non-javascript-user of json I would find it a rather
                >silly and useless
                > addition. Json's goals are not, as far as I understand,
                >to be
                > javascript(-only) serialization format, but rather serve
                >as a
                > minimalistic generalized object notation.
                >
                > -+ Tatu +-
                >
                > On Tue, May 27, 2008 at 3:04 AM, Shelby Moore
                ><shelby@...> wrote:
                >>> Douglas Crockford wrote:
                >>> > As a name, it is implemented as a writable global
                >>> > variable, a feature with alarming security and
                >>>reliability
                >>> > consequences.
                >>
                >> On further thought, this is not any more a security
                >>concern, than
                >> JavaScript (or the web page) itself. Agreed, it should
                >>be made
                >> read-only to prevent against non-malicious untended
                >>modification.
                >>
                >> There is no security in any JavaScript, because rogue
                >>code can change
                >> any user code. The entire current concept of browser
                >>security is
                >> conceptually flawed, and the solution is as follows:
                >>
                >> http://www.coolpage.com/commentary/economic/shelby/security.html
                >>
                >> The only trustable web page is the one where ALL
                >>referents (resources)
                >> come from a trusted source. Security is fundamentally
                >>trust.
                >> Increasing granularity of trust, decreases security
                >>conflicts. I give
                >> a proposal using sub-frames to segregate private data
                >>from the rest of
                >> the web page.
                >>
                >>
                >> ------------------------------------
                >>
                >> Yahoo! Groups Links
                >>
                >>
                >>
                >>

                -------------------------
                Mark Joseph, Ph.D.
                President and Secretary
                P6R, Inc.
                http://www.p6r.com
                408-205-0361
                Fax: 831-476-7490
                Skype: markjoseph_sc
                IM: (Yahoo) mjoseph8888
                (AIM) mjoseph8888
              • Michal Migurski
                Agree++. Shelby, when you ve got a next-generation semantic web 3.0 mashup demo that desperately needs undefined , we ll be able to see whether it s a useful
                Message 7 of 19 , May 27, 2008
                • 0 Attachment
                  Agree++.

                  Shelby, when you've got a next-generation semantic web 3.0 mashup demo
                  that desperately needs "undefined", we'll be able to see whether it's
                  a useful concept. Until then, I agree with Douglas that it's a waste
                  of energy to pull it in to JSON.

                  FWIW, I can see how the decision to include "javascript" in the JSON
                  name is leading to a mountain of confusion, but I've always seen the
                  format as a way to interop between a variety of languages and
                  platforms. "Undefined" would really muddy those waters.

                  -mike.

                  On May 27, 2008, at 10:30 AM, Mark Joseph wrote:

                  > I agree with this totally. And frankly I am finding the
                  > current discussion a bit boring and a waste of time.
                  >
                  > Best,
                  > Mark
                  > P6R, Inc
                  >
                  > On Tue, 27 May 2008 09:46:23 -0700
                  > "Tatu Saloranta" <tsaloranta@...> wrote:
                  > > How about moving security-related discussion to another
                  > >thread or group?
                  > >
                  > > And with regards to adding keyword 'undefined' to json,
                  > >I would be
                  > > strongly against adding any such language-specific
                  > >keywords. As a
                  > > non-javascript-user of json I would find it a rather
                  > >silly and useless
                  > > addition. Json's goals are not, as far as I understand,
                  > >to be
                  > > javascript(-only) serialization format, but rather serve
                  > >as a
                  > > minimalistic generalized object notation.
                  > >
                  > > -+ Tatu +-
                  > >
                  > > On Tue, May 27, 2008 at 3:04 AM, Shelby Moore
                  > ><shelby@...> wrote:
                  > >>> Douglas Crockford wrote:
                  > >>> > As a name, it is implemented as a writable global
                  > >>> > variable, a feature with alarming security and
                  > >>>reliability
                  > >>> > consequences.
                  > >>
                  > >> On further thought, this is not any more a security
                  > >>concern, than
                  > >> JavaScript (or the web page) itself. Agreed, it should
                  > >>be made
                  > >> read-only to prevent against non-malicious untended
                  > >>modification.
                  > >>
                  > >> There is no security in any JavaScript, because rogue
                  > >>code can change
                  > >> any user code. The entire current concept of browser
                  > >>security is
                  > >> conceptually flawed, and the solution is as follows:
                  > >>
                  > >> http://www.coolpage.com/commentary/economic/shelby/security.html
                  > >>
                  > >> The only trustable web page is the one where ALL
                  > >>referents (resources)
                  > >> come from a trusted source. Security is fundamentally
                  > >>trust.
                  > >> Increasing granularity of trust, decreases security
                  > >>conflicts. I give
                  > >> a proposal using sub-frames to segregate private data
                  > >>from the rest of
                  > >> the web page.
                  > >>
                  > >>
                  > >> ------------------------------------
                  > >>
                  > >> Yahoo! Groups Links
                  > >>
                  > >>
                  > >>
                  > >>
                  >
                  > -------------------------
                  > Mark Joseph, Ph.D.
                  > President and Secretary
                  > P6R, Inc.
                  > http://www.p6r.com
                  > 408-205-0361
                  > Fax: 831-476-7490
                  > Skype: markjoseph_sc
                  > IM: (Yahoo) mjoseph8888
                  > (AIM) mjoseph8888
                  >
                  >

                  ----------------------------------------------------------------
                  michal migurski- mike@...
                  415.558.1610





                  [Non-text portions of this message have been removed]
                • Gregg Irwin
                  Hi Greg, GP As far as JSON goes -- by definition: it is JavaScript Object GP Notation -- so -- on the technical definition -- JSON is in fact a GP
                  Message 8 of 19 , May 27, 2008
                  • 0 Attachment
                    Hi Greg,

                    GP> As far as JSON goes -- by definition: it is "JavaScript Object
                    GP> Notation" -- so -- on the technical definition -- JSON is in fact a
                    GP> "JavaScript-ONLY" object notation mechanism.

                    I've never interpreted it that way. I always took the JS part to mean
                    that JSON's syntax was based on JavaScript's syntax, which gives you
                    context (and a nice acronym :). From what I've read, JSON is meant to
                    be language independent. If they change the JS/ECMA standard to
                    something that doesn't support that goal, JSON won't work well with
                    its namesake.

                    On undefined, I don't think JSON needs it, even if some languages have
                    it. In my language of choice, as with some others, dealing with
                    undefined can make for more work, and not much more value (IMO). If
                    it's undefined, why is it there? Not to say it's never useful, but it
                    doesn't seem crucial in an object notation like JSON.

                    Ironically, it would probably be easier for me to add undefined/unset
                    support to the JSON module for REBOL (my language of choice) than it
                    is to support strings as keys in objects (which it can't, really).

                    --Gregg
                  • John Cowan
                    ... Not code. Not name. Not mind. Not things. Always changing, yet never changing. ... A cocky novice once said to Stallman: I can guess why the editor is
                    Message 9 of 19 , May 27, 2008
                    • 0 Attachment
                      Greg Patnude scripsit:

                      > Most modern programming languages HAVE defined "undefined" --
                      > Undefined is NOT 0 and NOT 1, and NOT 'null' AND NOT 'not null', and
                      > NOT true and NOT false... Bottom line: undefined is actually defined
                      > as something that is NOT DEFINED...

                      "Not code. Not name. Not mind. Not things. Always changing, yet never changing."

                      > As far as JSON goes -- by definition: it is "JavaScript Object
                      > Notation" -- so -- on the technical definition -- JSON is in fact a
                      > "JavaScript-ONLY" object notation mechanism.

                      A cocky novice once said to Stallman: "I can guess why the editor
                      is called Emacs, but why is the justifier called Bolio?" Stallman
                      replied forcefully, "Names are but names. 'Emack & Bolio's' is the
                      name of a popular ice cream shop in Boston-town. Neither of these men
                      had anything to do with the software."

                      His question answered, yet unanswered, the novice turned to go,
                      but Stallman called to him: "Neither Emack nor Bolio had anything
                      to do with the ice cream shop, either."

                      This koan is called the "ice cream koan".

                      --
                      John Cowan cowan@... http://www.ccil.org/~cowan
                      Thor Heyerdahl recounts his attempt to prove Rudyard Kipling's theory
                      that the mongoose first came to India on a raft from Polynesia.
                      --blurb for Rikki-Kon-Tiki-Tavi
                    • Tatu Saloranta
                      On Tue, May 27, 2008 at 10:19 AM, Greg Patnude wrote: ... I don t think it s true for most (modern) programming languages; although it
                      Message 10 of 19 , May 27, 2008
                      • 0 Attachment
                        On Tue, May 27, 2008 at 10:19 AM, Greg Patnude <gpatnude@...> wrote:
                        ...
                        > Most modern programming languages HAVE defined "undefined" --
                        > Undefined is NOT 0 and NOT 1, and NOT 'null' AND NOT 'not null', and
                        > NOT true and NOT false... Bottom line: undefined is actually defined
                        > as something that is NOT DEFINED...

                        I don't think it's true for most (modern) programming languages;
                        although it may be true for most _scripting_ languages. This is
                        different from, say, null, which has a counterpart in about any
                        language including c and c++ (unlike someone claimed earlier).

                        > As far as JSON goes -- by definition: it is "JavaScript Object
                        > Notation" -- so -- on the technical definition -- JSON is in fact a
                        > "JavaScript-ONLY" object notation mechanism. The great thing about

                        Not really: you can not derive semantics from etymology. Names are
                        just names and like you mention, they can lead to intuitive yet
                        incorrect guesses.

                        To understand goals, one could consult the author... and Doug has
                        already pointed out his view on the matter.

                        Additionally reading the JSON RFC, http://www.ietf.org/rfc/rfc4627.txt
                        one can find:

                        "JavaScript Object Notation (JSON) is a lightweight, text-based,
                        language-independent data interchange format"

                        Nowhere does it say anything about coupling with Javascript.
                        My understanding is that just JS syntax was used. In a funny way makes
                        sense: JavaScript has little to do with Java, beyond syntax; and
                        similarly JSON just took syntax from Javascript (or, from Java, if you
                        will).

                        Apologies for prolonging this flogging of a dead horse,

                        -+ Tatu +-
                      • Shelby Moore
                        Thanks to all that replied to my prior post. This is my reply to you all. 1) Undefined is essential in languages that treat identifiers as hash keys of an
                        Message 11 of 19 , May 27, 2008
                        • 0 Attachment
                          Thanks to all that replied to my prior post. This is my reply to you all.

                          1) Undefined is essential in languages that treat identifiers as hash
                          keys of an object (i.e. modern dynamic scripting languages). Static
                          identifier languages, can simulate dynamic identifiers with a hash
                          collection class.

                          2) Afair, K&R (ANSI) C did not have null, only void*. In K&R (ANSI) C,
                          void is not valid in a conditional nor assignment expression, and
                          identifiers are not dynamically constructed and typed.

                          3) Undefined is a critical primitive in any hash object data
                          structure, that supports inheritance. I already explained my logic in
                          prior post.

                          This will all become more obvious to you all, as someone actually
                          brings real world application of Semantic Web to reality.

                          4) I agree with Douglas not to modify the JSON standard specification,
                          but rather to usurp it (JSON+ or whatever it may be called) if the
                          market shall be so. I believe in de facto (competing) standards, not
                          in centrally managed ones, which is one of the main motivations of the
                          development I am working on. I believe in a million points of light
                          competing. I believe in freedom and liberty.

                          Okay enough talk from me. Your comments have encouraged me. Thanks
                          very much to all. And best wishes to all as well.
                        • doug furcht
                          Mark thinks it s boring... we should all move on. ... From: Mark Joseph To: json@yahoogroups.com Sent: Tuesday, May 27, 2008 11:30:20 AM
                          Message 12 of 19 , May 28, 2008
                          • 0 Attachment
                            Mark thinks it's boring... we should all move on.


                            ----- Original Message ----
                            From: Mark Joseph <mark@...>
                            To: json@yahoogroups.com
                            Sent: Tuesday, May 27, 2008 11:30:20 AM
                            Subject: Re: [json] Re: JSON syntax grammar is missing 'undefined' literal value


                            I agree with this totally. And frankly I am finding the
                            current discussion a bit boring and a waste of time.

                            Best,
                            Mark
                            P6R, Inc

                            On Tue, 27 May 2008 09:46:23 -0700
                            "Tatu Saloranta" <tsaloranta@gmail. com> wrote:
                            > How about moving security-related discussion to another
                            >thread or group?
                            >
                            > And with regards to adding keyword 'undefined' to json,
                            >I would be
                            > strongly against adding any such language-specific
                            >keywords. As a
                            > non-javascript- user of json I would find it a rather
                            >silly and useless
                            > addition. Json's goals are not, as far as I understand,
                            >to be
                            > javascript(- only) serialization format, but rather serve
                            >as a
                            > minimalistic generalized object notation.
                            >
                            > -+ Tatu +-
                            >
                            > On Tue, May 27, 2008 at 3:04 AM, Shelby Moore
                            ><shelby@coolpage. com> wrote:
                            >>> Douglas Crockford wrote:
                            >>> > As a name, it is implemented as a writable global
                            >>> > variable, a feature with alarming security and
                            >>>reliability
                            >>> > consequences.
                            >>
                            >> On further thought, this is not any more a security
                            >>concern, than
                            >> JavaScript (or the web page) itself. Agreed, it should
                            >>be made
                            >> read-only to prevent against non-malicious untended
                            >>modification.
                            >>
                            >> There is no security in any JavaScript, because rogue
                            >>code can change
                            >> any user code. The entire current concept of browser
                            >>security is
                            >> conceptually flawed, and the solution is as follows:
                            >>
                            >> http://www.coolpage .com/commentary/ economic/ shelby/security. html
                            >>
                            >> The only trustable web page is the one where ALL
                            >>referents (resources)
                            >> come from a trusted source. Security is fundamentally
                            >>trust.
                            >> Increasing granularity of trust, decreases security
                            >>conflicts. I give
                            >> a proposal using sub-frames to segregate private data
                            >>from the rest of
                            >> the web page.
                            >>
                            >>
                            >> ------------ --------- --------- ------
                            >>
                            >> Yahoo! Groups Links
                            >>
                            >>
                            >>
                            >>

                            ------------ --------- ----
                            Mark Joseph, Ph.D.
                            President and Secretary
                            P6R, Inc.
                            http://www.p6r com
                            408-205-0361
                            Fax: 831-476-7490
                            Skype: markjoseph_sc
                            IM: (Yahoo) mjoseph8888
                            (AIM) mjoseph8888





                            [Non-text portions of this message have been removed]
                          Your message has been successfully submitted and would be delivered to recipients shortly.