I was looking forward to this talk with great anticipation because this guy is one of the elder statesman of microcomputers (“elder” not quite the affront to vanity it may seem given how quickly this industry has evolved) and I am pretty sure I have enjoyed a few programs of his since I was a kid (how many Douglas Crockfords are there in the world who are computer guys and the right age to have been the author of these programs?).
Like Alan Kay and other luminaries, if I am right, he did a stint at Atari where he wrote some really cool 3d ball bouncing demos and a 3d tunnel demo. Besides being perspective-correct immersive 3d on an 8 bit computer, the ball demos also employed anti-aliasing which was pretty rare at the time. The Lucasfilm games that came out for that computer a few years later for that computer (Atari 8 bit) are the only other examples that occur to me off the top of my head. Well anyway, I was not disappointed by the talk.
He began by pointing out what I would call the classic security versus usability tradeoff. For example, any browser that does not allow XSS vulnerabilities is not standards compliant. There are and will continue to be ever more standards such that no developer can be expected to encompass the lot of them in his/her mind and thereby code securely. I was particularly amused by Crockford’s characterization of the browser wars in the 1990’s. Basically, by making them as fault tolerant as possible of badly formed HTML and other faults, the companies were essentially in a race to see who could produce the most insecure expose-the-user-to-maximum-risk browser. Usability was the priority and security was an afterthought.
Tossing in my own 2¢ on that: this is also a fine description of Windows and the internet. Windows started on rather limited micros so one kind of expects that and I do not think it is any disparagement of Microsoft. In any alternate history, whatever company got to be the 900 pound gorilla of 80’s micros, the same thing would have evolved I think. But the internet is a bit ironic since packet switching communications protocols, i.e. TCP/IP, were invented specifically to be virtually immune to Soviet attack by having no single point of failure, so one would think those designers would be hyper-security-minded. So there is my offering of historical framework.