Then there's the security issue. Both Google and Mozilla decided to shut off their implementation of WebSockets for the time being after researchers Lin-Shung Huang, Eric Y. Chen, Adam Barth, Eric Rescorla, and Collin Jackson found it was possible to fool the browser into caching fake data PDF. They propose a more sophisticated mechanism, and the browser developers seem to be sticking with the idea. The code in Firefox, for instance, still works if you flip a secret configuration bit so that WebSockets can be used for testing. Once everyone regains their confidence, the window.websocket object will magically reappear.
Server-sent events The number of options available to the modern HTML5 programmer can be a bit daunting. If an XMLHttpRequest fetches information from the server and WebSockets carry data in both directions, you might wonder if there's a way for the server to send information unilaterally. Naturally, there is such a plan, called server-sent events.
There's not much to the code. First, create an EventSource object pointing to the domain. Second, register a function to process the events if and when they arrive. There's no need to set up an open socket or to constantly poll a distant server. It's a spec that could save some battery power on handhelds.
A faster, simpler Web All of these ideas for richer communications among websites and browsers should be both familiar and attractive to both developers and the ISPs. They reduce the need for extraneous message passing, and this alone should help cut down on some of the traffic on the Internet. Websites will seem a bit zippier.
However, the question of security still lingers. To most developers, the new specs should seem like baby steps that the browsers began taking long ago. What could possibly go wrong? The browser teams already shut down the WebSockets feature after some smart scientists found a sophisticated way to abuse it. The ideas may seem simple, but the implementations may have mistakes.
Such pitfalls raise the question about how much users can do about these new features. Unlike some of the newer ideas with a fancy HTML5 logo, most browsers don't offer the standard user any way to turn these communications features on or off. It may be possible to check on the number and size of local databases that a website is setting up -- another feature often considered part of HTML5 -- but there's no easy way to open up a preferences box and flip switches on any of these data communications features.