The bandwidth problem can be solved, you can either store and process the canonical version on the server or on the client and transfer low-res versions between.

As for the free software implications, I think we need to either start taking AGPL3 seriously and using it everywhere or focus really hard on open protocol and open data as a consumer right.

Sure, not all the user-side is quite there yet, but with a few plugins that give the browser more native access to the hardware, you can do a lot. Look at Firefox’s geolocation API, for example, or the Flash webcam/microphone API.

Even considering bandwidth-intensive applications (video and music editing are the first two I can think of off the top of my head) you can always store that data locally and just serve up the application. When you finish, render straight to YouTube, and sync the data to your personal data store while you sleep that night.

It is sadly ironic that if this Linux-derived approach were successful it would be crippling to the open source community. Good luck trying to fork Facebook, or Flickr. I imagine this development would lead to a strong open-data movement. In a future where everything is a web app, who owns my list of Facebook contacts? And whose decision is it if I want to take my photo collection from Flickr and take it elsewhere?

While I still want my compiler and editor local I actually want the web version of basically everything else.

I hope Microsoft’s incompetent operations management doesn’t delay too much the adoption of good ideas.

We miss you guys. Hope ur having fun. I loved Cairo and Aswan when I visited, but never made it to Morroco.

The issues mentioned in the blog post have all been address in Rails. All Rails’ form helpers include a hidden field to protect against CSRF. You rarely have to even think about this issue anymore.

Rails also now discourages allowing GET requests when they shouldn’t be allowed.