Loading ...
Sorry, an error occurred while loading the content.
 

Re: JSON syntax grammar is missing 'undefined' literal value

Expand Messages
  • Shelby Moore
    ... On further thought, this is not any more a security concern, than JavaScript (or the web page) itself. Agreed, it should be made read-only to prevent
    Message 1 of 19 , May 27, 2008
      > Douglas Crockford wrote:
      > > As a name, it is implemented as a writable global
      > > variable, a feature with alarming security and reliability
      > > consequences.

      On further thought, this is not any more a security concern, than
      JavaScript (or the web page) itself. Agreed, it should be made
      read-only to prevent against non-malicious untended modification.

      There is no security in any JavaScript, because rogue code can change
      any user code. The entire current concept of browser security is
      conceptually flawed, and the solution is as follows:

      http://www.coolpage.com/commentary/economic/shelby/security.html

      The only trustable web page is the one where ALL referents (resources)
      come from a trusted source. Security is fundamentally trust.
      Increasing granularity of trust, decreases security conflicts. I give
      a proposal using sub-frames to segregate private data from the rest of
      the web page.
    • Tatu Saloranta
      How about moving security-related discussion to another thread or group? And with regards to adding keyword undefined to json, I would be strongly against
      Message 2 of 19 , May 27, 2008
        How about moving security-related discussion to another thread or group?

        And with regards to adding keyword 'undefined' to json, I would be
        strongly against adding any such language-specific keywords. As a
        non-javascript-user of json I would find it a rather silly and useless
        addition. Json's goals are not, as far as I understand, to be
        javascript(-only) serialization format, but rather serve as a
        minimalistic generalized object notation.

        -+ Tatu +-

        On Tue, May 27, 2008 at 3:04 AM, Shelby Moore <shelby@...> wrote:
        >> Douglas Crockford wrote:
        >> > As a name, it is implemented as a writable global
        >> > variable, a feature with alarming security and reliability
        >> > consequences.
        >
        > On further thought, this is not any more a security concern, than
        > JavaScript (or the web page) itself. Agreed, it should be made
        > read-only to prevent against non-malicious untended modification.
        >
        > There is no security in any JavaScript, because rogue code can change
        > any user code. The entire current concept of browser security is
        > conceptually flawed, and the solution is as follows:
        >
        > http://www.coolpage.com/commentary/economic/shelby/security.html
        >
        > The only trustable web page is the one where ALL referents (resources)
        > come from a trusted source. Security is fundamentally trust.
        > Increasing granularity of trust, decreases security conflicts. I give
        > a proposal using sub-frames to segregate private data from the rest of
        > the web page.
        >
        >
        > ------------------------------------
        >
        > Yahoo! Groups Links
        >
        >
        >
        >
      • Greg Patnude
        I ve been following this particular thread with some interest -- Most modern programming languages HAVE defined undefined -- Undefined is NOT 0 and NOT 1,
        Message 3 of 19 , May 27, 2008
          I've been following this particular thread with some interest --

          Most modern programming languages HAVE defined "undefined" --
          Undefined is NOT 0 and NOT 1, and NOT 'null' AND NOT 'not null', and
          NOT true and NOT false... Bottom line: undefined is actually defined
          as something that is NOT DEFINED...

          As far as JSON goes -- by definition: it is "JavaScript Object
          Notation" -- so -- on the technical definition -- JSON is in fact a
          "JavaScript-ONLY" object notation mechanism. The great thing about
          JSON is that it is pretty much generalized -- there are
          implementations in a ton of different languages.

          I have thought for a long time that there probably ought to be a
          strict "generalized object-notation" group [GONF ? Generalized Object
          Notation Format ???].

          An underlying issue with JSON is the name itself -- because JSON is
          so versatile, has support in a multitude of languages, and 100%
          flexible [I use it for many things including: server-server
          communication in lieu of serialized objects, client-server
          communication, browser-server [Web 2.x]] --

          I use JSON everywhere: even when not using a JavaScript client or web
          browser -- that is the beauty of it...

          Maybe it is time to think about how big JSON really is and how
          completely useful it is as a high-speed data transfer mechanism and
          re-consider the name -- it ain't just plain ol' JavaScript anymore...
          It REALLY IS a multi-purpose, multi-platform data interchange and
          transmission format. Maybe it shuld be called something more
          appropriate to it's function.





          --- In json@yahoogroups.com, "Tatu Saloranta" <tsaloranta@...> wrote:
          >
          > How about moving security-related discussion to another thread or
          group?
          >
          > And with regards to adding keyword 'undefined' to json, I would be
          > strongly against adding any such language-specific keywords. As a
          > non-javascript-user of json I would find it a rather silly and
          useless
          > addition. Json's goals are not, as far as I understand, to be
          > javascript(-only) serialization format, but rather serve as a
          > minimalistic generalized object notation.
          >
          > -+ Tatu +-
          >
          > On Tue, May 27, 2008 at 3:04 AM, Shelby Moore <shelby@...> wrote:
          > >> Douglas Crockford wrote:
          > >> > As a name, it is implemented as a writable global
          > >> > variable, a feature with alarming security and reliability
          > >> > consequences.
          > >
          > > On further thought, this is not any more a security concern, than
          > > JavaScript (or the web page) itself. Agreed, it should be made
          > > read-only to prevent against non-malicious untended modification.
          > >
          > > There is no security in any JavaScript, because rogue code can
          change
          > > any user code. The entire current concept of browser security is
          > > conceptually flawed, and the solution is as follows:
          > >
          > > http://www.coolpage.com/commentary/economic/shelby/security.html
          > >
          > > The only trustable web page is the one where ALL referents
          (resources)
          > > come from a trusted source. Security is fundamentally trust.
          > > Increasing granularity of trust, decreases security conflicts. I
          give
          > > a proposal using sub-frames to segregate private data from the
          rest of
          > > the web page.
          > >
          > >
          > > ------------------------------------
          > >
          > > Yahoo! Groups Links
          > >
          > >
          > >
          > >
          >
        • Mark Joseph
          I agree with this totally. And frankly I am finding the current discussion a bit boring and a waste of time. Best, Mark P6R, Inc On Tue, 27 May 2008 09:46:23
          Message 4 of 19 , May 27, 2008
            I agree with this totally. And frankly I am finding the
            current discussion a bit boring and a waste of time.

            Best,
            Mark
            P6R, Inc


            On Tue, 27 May 2008 09:46:23 -0700
            "Tatu Saloranta" <tsaloranta@...> wrote:
            > How about moving security-related discussion to another
            >thread or group?
            >
            > And with regards to adding keyword 'undefined' to json,
            >I would be
            > strongly against adding any such language-specific
            >keywords. As a
            > non-javascript-user of json I would find it a rather
            >silly and useless
            > addition. Json's goals are not, as far as I understand,
            >to be
            > javascript(-only) serialization format, but rather serve
            >as a
            > minimalistic generalized object notation.
            >
            > -+ Tatu +-
            >
            > On Tue, May 27, 2008 at 3:04 AM, Shelby Moore
            ><shelby@...> wrote:
            >>> Douglas Crockford wrote:
            >>> > As a name, it is implemented as a writable global
            >>> > variable, a feature with alarming security and
            >>>reliability
            >>> > consequences.
            >>
            >> On further thought, this is not any more a security
            >>concern, than
            >> JavaScript (or the web page) itself. Agreed, it should
            >>be made
            >> read-only to prevent against non-malicious untended
            >>modification.
            >>
            >> There is no security in any JavaScript, because rogue
            >>code can change
            >> any user code. The entire current concept of browser
            >>security is
            >> conceptually flawed, and the solution is as follows:
            >>
            >> http://www.coolpage.com/commentary/economic/shelby/security.html
            >>
            >> The only trustable web page is the one where ALL
            >>referents (resources)
            >> come from a trusted source. Security is fundamentally
            >>trust.
            >> Increasing granularity of trust, decreases security
            >>conflicts. I give
            >> a proposal using sub-frames to segregate private data
            >>from the rest of
            >> the web page.
            >>
            >>
            >> ------------------------------------
            >>
            >> Yahoo! Groups Links
            >>
            >>
            >>
            >>

            -------------------------
            Mark Joseph, Ph.D.
            President and Secretary
            P6R, Inc.
            http://www.p6r.com
            408-205-0361
            Fax: 831-476-7490
            Skype: markjoseph_sc
            IM: (Yahoo) mjoseph8888
            (AIM) mjoseph8888
          • Michal Migurski
            Agree++. Shelby, when you ve got a next-generation semantic web 3.0 mashup demo that desperately needs undefined , we ll be able to see whether it s a useful
            Message 5 of 19 , May 27, 2008
              Agree++.

              Shelby, when you've got a next-generation semantic web 3.0 mashup demo
              that desperately needs "undefined", we'll be able to see whether it's
              a useful concept. Until then, I agree with Douglas that it's a waste
              of energy to pull it in to JSON.

              FWIW, I can see how the decision to include "javascript" in the JSON
              name is leading to a mountain of confusion, but I've always seen the
              format as a way to interop between a variety of languages and
              platforms. "Undefined" would really muddy those waters.

              -mike.

              On May 27, 2008, at 10:30 AM, Mark Joseph wrote:

              > I agree with this totally. And frankly I am finding the
              > current discussion a bit boring and a waste of time.
              >
              > Best,
              > Mark
              > P6R, Inc
              >
              > On Tue, 27 May 2008 09:46:23 -0700
              > "Tatu Saloranta" <tsaloranta@...> wrote:
              > > How about moving security-related discussion to another
              > >thread or group?
              > >
              > > And with regards to adding keyword 'undefined' to json,
              > >I would be
              > > strongly against adding any such language-specific
              > >keywords. As a
              > > non-javascript-user of json I would find it a rather
              > >silly and useless
              > > addition. Json's goals are not, as far as I understand,
              > >to be
              > > javascript(-only) serialization format, but rather serve
              > >as a
              > > minimalistic generalized object notation.
              > >
              > > -+ Tatu +-
              > >
              > > On Tue, May 27, 2008 at 3:04 AM, Shelby Moore
              > ><shelby@...> wrote:
              > >>> Douglas Crockford wrote:
              > >>> > As a name, it is implemented as a writable global
              > >>> > variable, a feature with alarming security and
              > >>>reliability
              > >>> > consequences.
              > >>
              > >> On further thought, this is not any more a security
              > >>concern, than
              > >> JavaScript (or the web page) itself. Agreed, it should
              > >>be made
              > >> read-only to prevent against non-malicious untended
              > >>modification.
              > >>
              > >> There is no security in any JavaScript, because rogue
              > >>code can change
              > >> any user code. The entire current concept of browser
              > >>security is
              > >> conceptually flawed, and the solution is as follows:
              > >>
              > >> http://www.coolpage.com/commentary/economic/shelby/security.html
              > >>
              > >> The only trustable web page is the one where ALL
              > >>referents (resources)
              > >> come from a trusted source. Security is fundamentally
              > >>trust.
              > >> Increasing granularity of trust, decreases security
              > >>conflicts. I give
              > >> a proposal using sub-frames to segregate private data
              > >>from the rest of
              > >> the web page.
              > >>
              > >>
              > >> ------------------------------------
              > >>
              > >> Yahoo! Groups Links
              > >>
              > >>
              > >>
              > >>
              >
              > -------------------------
              > Mark Joseph, Ph.D.
              > President and Secretary
              > P6R, Inc.
              > http://www.p6r.com
              > 408-205-0361
              > Fax: 831-476-7490
              > Skype: markjoseph_sc
              > IM: (Yahoo) mjoseph8888
              > (AIM) mjoseph8888
              >
              >

              ----------------------------------------------------------------
              michal migurski- mike@...
              415.558.1610





              [Non-text portions of this message have been removed]
            • Gregg Irwin
              Hi Greg, GP As far as JSON goes -- by definition: it is JavaScript Object GP Notation -- so -- on the technical definition -- JSON is in fact a GP
              Message 6 of 19 , May 27, 2008
                Hi Greg,

                GP> As far as JSON goes -- by definition: it is "JavaScript Object
                GP> Notation" -- so -- on the technical definition -- JSON is in fact a
                GP> "JavaScript-ONLY" object notation mechanism.

                I've never interpreted it that way. I always took the JS part to mean
                that JSON's syntax was based on JavaScript's syntax, which gives you
                context (and a nice acronym :). From what I've read, JSON is meant to
                be language independent. If they change the JS/ECMA standard to
                something that doesn't support that goal, JSON won't work well with
                its namesake.

                On undefined, I don't think JSON needs it, even if some languages have
                it. In my language of choice, as with some others, dealing with
                undefined can make for more work, and not much more value (IMO). If
                it's undefined, why is it there? Not to say it's never useful, but it
                doesn't seem crucial in an object notation like JSON.

                Ironically, it would probably be easier for me to add undefined/unset
                support to the JSON module for REBOL (my language of choice) than it
                is to support strings as keys in objects (which it can't, really).

                --Gregg
              • John Cowan
                ... Not code. Not name. Not mind. Not things. Always changing, yet never changing. ... A cocky novice once said to Stallman: I can guess why the editor is
                Message 7 of 19 , May 27, 2008
                  Greg Patnude scripsit:

                  > Most modern programming languages HAVE defined "undefined" --
                  > Undefined is NOT 0 and NOT 1, and NOT 'null' AND NOT 'not null', and
                  > NOT true and NOT false... Bottom line: undefined is actually defined
                  > as something that is NOT DEFINED...

                  "Not code. Not name. Not mind. Not things. Always changing, yet never changing."

                  > As far as JSON goes -- by definition: it is "JavaScript Object
                  > Notation" -- so -- on the technical definition -- JSON is in fact a
                  > "JavaScript-ONLY" object notation mechanism.

                  A cocky novice once said to Stallman: "I can guess why the editor
                  is called Emacs, but why is the justifier called Bolio?" Stallman
                  replied forcefully, "Names are but names. 'Emack & Bolio's' is the
                  name of a popular ice cream shop in Boston-town. Neither of these men
                  had anything to do with the software."

                  His question answered, yet unanswered, the novice turned to go,
                  but Stallman called to him: "Neither Emack nor Bolio had anything
                  to do with the ice cream shop, either."

                  This koan is called the "ice cream koan".

                  --
                  John Cowan cowan@... http://www.ccil.org/~cowan
                  Thor Heyerdahl recounts his attempt to prove Rudyard Kipling's theory
                  that the mongoose first came to India on a raft from Polynesia.
                  --blurb for Rikki-Kon-Tiki-Tavi
                • Tatu Saloranta
                  On Tue, May 27, 2008 at 10:19 AM, Greg Patnude wrote: ... I don t think it s true for most (modern) programming languages; although it
                  Message 8 of 19 , May 27, 2008
                    On Tue, May 27, 2008 at 10:19 AM, Greg Patnude <gpatnude@...> wrote:
                    ...
                    > Most modern programming languages HAVE defined "undefined" --
                    > Undefined is NOT 0 and NOT 1, and NOT 'null' AND NOT 'not null', and
                    > NOT true and NOT false... Bottom line: undefined is actually defined
                    > as something that is NOT DEFINED...

                    I don't think it's true for most (modern) programming languages;
                    although it may be true for most _scripting_ languages. This is
                    different from, say, null, which has a counterpart in about any
                    language including c and c++ (unlike someone claimed earlier).

                    > As far as JSON goes -- by definition: it is "JavaScript Object
                    > Notation" -- so -- on the technical definition -- JSON is in fact a
                    > "JavaScript-ONLY" object notation mechanism. The great thing about

                    Not really: you can not derive semantics from etymology. Names are
                    just names and like you mention, they can lead to intuitive yet
                    incorrect guesses.

                    To understand goals, one could consult the author... and Doug has
                    already pointed out his view on the matter.

                    Additionally reading the JSON RFC, http://www.ietf.org/rfc/rfc4627.txt
                    one can find:

                    "JavaScript Object Notation (JSON) is a lightweight, text-based,
                    language-independent data interchange format"

                    Nowhere does it say anything about coupling with Javascript.
                    My understanding is that just JS syntax was used. In a funny way makes
                    sense: JavaScript has little to do with Java, beyond syntax; and
                    similarly JSON just took syntax from Javascript (or, from Java, if you
                    will).

                    Apologies for prolonging this flogging of a dead horse,

                    -+ Tatu +-
                  • Shelby Moore
                    Thanks to all that replied to my prior post. This is my reply to you all. 1) Undefined is essential in languages that treat identifiers as hash keys of an
                    Message 9 of 19 , May 27, 2008
                      Thanks to all that replied to my prior post. This is my reply to you all.

                      1) Undefined is essential in languages that treat identifiers as hash
                      keys of an object (i.e. modern dynamic scripting languages). Static
                      identifier languages, can simulate dynamic identifiers with a hash
                      collection class.

                      2) Afair, K&R (ANSI) C did not have null, only void*. In K&R (ANSI) C,
                      void is not valid in a conditional nor assignment expression, and
                      identifiers are not dynamically constructed and typed.

                      3) Undefined is a critical primitive in any hash object data
                      structure, that supports inheritance. I already explained my logic in
                      prior post.

                      This will all become more obvious to you all, as someone actually
                      brings real world application of Semantic Web to reality.

                      4) I agree with Douglas not to modify the JSON standard specification,
                      but rather to usurp it (JSON+ or whatever it may be called) if the
                      market shall be so. I believe in de facto (competing) standards, not
                      in centrally managed ones, which is one of the main motivations of the
                      development I am working on. I believe in a million points of light
                      competing. I believe in freedom and liberty.

                      Okay enough talk from me. Your comments have encouraged me. Thanks
                      very much to all. And best wishes to all as well.
                    • doug furcht
                      Mark thinks it s boring... we should all move on. ... From: Mark Joseph To: json@yahoogroups.com Sent: Tuesday, May 27, 2008 11:30:20 AM
                      Message 10 of 19 , May 28, 2008
                        Mark thinks it's boring... we should all move on.


                        ----- Original Message ----
                        From: Mark Joseph <mark@...>
                        To: json@yahoogroups.com
                        Sent: Tuesday, May 27, 2008 11:30:20 AM
                        Subject: Re: [json] Re: JSON syntax grammar is missing 'undefined' literal value


                        I agree with this totally. And frankly I am finding the
                        current discussion a bit boring and a waste of time.

                        Best,
                        Mark
                        P6R, Inc

                        On Tue, 27 May 2008 09:46:23 -0700
                        "Tatu Saloranta" <tsaloranta@gmail. com> wrote:
                        > How about moving security-related discussion to another
                        >thread or group?
                        >
                        > And with regards to adding keyword 'undefined' to json,
                        >I would be
                        > strongly against adding any such language-specific
                        >keywords. As a
                        > non-javascript- user of json I would find it a rather
                        >silly and useless
                        > addition. Json's goals are not, as far as I understand,
                        >to be
                        > javascript(- only) serialization format, but rather serve
                        >as a
                        > minimalistic generalized object notation.
                        >
                        > -+ Tatu +-
                        >
                        > On Tue, May 27, 2008 at 3:04 AM, Shelby Moore
                        ><shelby@coolpage. com> wrote:
                        >>> Douglas Crockford wrote:
                        >>> > As a name, it is implemented as a writable global
                        >>> > variable, a feature with alarming security and
                        >>>reliability
                        >>> > consequences.
                        >>
                        >> On further thought, this is not any more a security
                        >>concern, than
                        >> JavaScript (or the web page) itself. Agreed, it should
                        >>be made
                        >> read-only to prevent against non-malicious untended
                        >>modification.
                        >>
                        >> There is no security in any JavaScript, because rogue
                        >>code can change
                        >> any user code. The entire current concept of browser
                        >>security is
                        >> conceptually flawed, and the solution is as follows:
                        >>
                        >> http://www.coolpage .com/commentary/ economic/ shelby/security. html
                        >>
                        >> The only trustable web page is the one where ALL
                        >>referents (resources)
                        >> come from a trusted source. Security is fundamentally
                        >>trust.
                        >> Increasing granularity of trust, decreases security
                        >>conflicts. I give
                        >> a proposal using sub-frames to segregate private data
                        >>from the rest of
                        >> the web page.
                        >>
                        >>
                        >> ------------ --------- --------- ------
                        >>
                        >> Yahoo! Groups Links
                        >>
                        >>
                        >>
                        >>

                        ------------ --------- ----
                        Mark Joseph, Ph.D.
                        President and Secretary
                        P6R, Inc.
                        http://www.p6r com
                        408-205-0361
                        Fax: 831-476-7490
                        Skype: markjoseph_sc
                        IM: (Yahoo) mjoseph8888
                        (AIM) mjoseph8888





                        [Non-text portions of this message have been removed]
                      Your message has been successfully submitted and would be delivered to recipients shortly.