

Node.js used to mirror DOM across browsers - kurotek
http://www.screentoaster.com/watch/stUE5XQEVMRFtXQ1xVXFlYVlZX/serrano_session_sharing

======
peteforde
I am not prone to melodramatic statements, but seeing this I had the same
feeling I had the first time I started using GMail.

It's not necessarily the DOM sharing, which is cool enough. I just think that
the emergence of sockets in new browsers is going to bring in the "next
level", whatever that ends up being.

Seriously incredible, especially considering the development timeframe.

~~~
points
It's fun, yes, but at the same time, it's nostalgic.

We've had such technology for decades. There have been desktop sharing apps
for years, in Java applets etc.

So whilst it's cool that the browser wars are generating a ton of
improvements, none of them so far are really things that will blow users
minds. HTML5 is just catching up to where other platforms were 10 years ago.

~~~
benkant
Agreed. In some ways the browser actually lowered people's expectations of
what "computers" can do.

Perhaps the focus shifted.

When I first saw Wolf3D as a kid I was amazed that the computer could do that.
Same when I first used a GIS.

These days when people get "excited" about something like Facebook, it's not
because it's a technical achievement. It's something more human. Which perhaps
is why I don't get it.

Maybe browser technology is "good enough". Perhaps the point is to be able to
get apps out to people as simply as possible. It's just a URL.

Due to the fact I don't feel a point coming on any time soon I'll end here.

~~~
rictic
I think that your final point has the most explanatory power.

Everyone knows that a sufficiently geeky person can make a computer do magical
things.

However, apps (in the general sense) become much more exciting when they gain
wide appeal, and the difficult discovery, install, setup, and maintenance
experience of earlier approaches were an enormous drag on their wide success.

------
mcmc
This is a cool demo; props to the guys who made it.

I have done a few demos like this, and it turns out to be surprisingly hard to
turn it into a product. For instance, just because you can send over changes
to the DOM, you can't necessarily reproduce the javascript side-effects,
exactly. You can't just poll the state of the DOM because it doesn't reflect
all of the state that lives in javascript closures that you can't even see.

One easier method, and probably what they did in this demo, is simply catch
_any_ user-generated event in browser A and re-emit it in browser B, thus
letting the existing javascript code / browser logic do any actual DOM/state
modification.

But what happens when each user triggers an DOM event at the same time? They
end up getting applied in reverse order on the two browsers. In many cases
this can cause the two browsers to fall out of sync.

Anyway, I love seeing WebSocket demos, and this is pretty fun. Just be sure
you realize what a rabbit hole this is if you want to make a product.

------
mike-cardwell
I'd love to be able to just add a script tag to my website, and then log into
some web based service which shows me a list of the current sessions on my
website allowing me to click on one of those sessions and monitor their
progress through the site using this dom mirroring technique.

There must be money to be made in this sort of service?

~~~
spyder
<http://www.clicktale.com>

------
symmet
Thanks for all the great feedback, everyone! This was our Node Knockout
submission, so if you get a chance, please give us a vote. Give us some big
points for innovation!

[http://nodeknockout.com/teams/starcraft-2-destroyed-my-
marri...](http://nodeknockout.com/teams/starcraft-2-destroyed-my-marriage)

------
Groxx
Pretty cool, potentially very handy, though I wonder why they didn't
synchronize scrolling.

~~~
js4all
I asked myself the same. Anyway this is an impressive demo and I voted
accordingly. :)

------
lyime
Really good demo. I see multiple business ideas in there.

~~~
statenjason
Definitely has potential for the live support market

~~~
nichol4s
Actually, I have been working on something like this for some time now.

------
Kliment
Sounds like a security risk to me. If someone tricks you into starting this
they could follow you to other websites and collect data.

~~~
tlrobinson
Security risk in what? Users not paying attention to the URL bar?

~~~
Kliment
Suppose I send you a link to a page I own. I start this thing on said page and
track what you do with the rest of the session on the off-chance that you do
something sensitive with it. It's like a single-tab key/screenlogger. Combine
this with traditional phishing methods (which already work) and you might get
valuable data. It's going to be at least as effective as current phishing
methods, with the added advantage of not asking for personal data on the
landing page as well (so users don't get scared off).

A similar attack would be to override the back button. You know those sites
where the back button takes you to a redirect that takes you to the same page?
Take one of those, but on the redirect page save the referring URL. Then when
the user hits back, have the redirect page start the session sharing and
redirect to the referrer. Sounds plenty dangerous to me.

~~~
jorangreef
Re: "sounds plenty dangerous to me"

Often, it's the "sounds plenty dangerous" innovations (fire, automobile,
chainsaw, theory of relativity), that provide the most utility.

~~~
Kliment
Oh, certainly. The fact that it can be used for evil makes it no less
impressive and useful for other purposes. But thinking of this attack makes me
wonder if our browser security models are getting outdated. With things like
this possible, and so much valuable data being web-based these days, is there
any way of using cool things like that yet avoiding the major risks?

------
jorangreef
I was thinking through something like this just last night, after reading up
on Smalltalk and system images. Are you loading each domain in an iframe? How
did you manage to overcome Twitter's clickjacking protection? Using the new
sandboxed iframe attribute? High five!

~~~
CrabDude
It's done via proxy, node.js, and websockets =) No iFraming. Since we're
proxying, we can dynamically hijack the links and insert JS.

~~~
jbr
What are you using for server side dom manipulation? jsdom? apricot? node-xml?
libxmljs? I spent a lot of the weekend working on a webcrawler, but couldn't
find a xml parser that didn't choke on the internet-at-large.

Any chance you'd consider open-sourcing?

~~~
lftl
I haven't seen their code, but I'm not sure why you'd need server side DOM
manipulation for this. I'd implement all of that in the browser, and just let
the server handle passing events back and forth.

~~~
jbr
Since they're proxying the page, they replace all <a>s with proxy <a>s, as
well as adding a <script> and a <div> with some content to the bottom. Try
viewing source on <http://starcraft2destroyedmymarrage.no.de:3000/app/4>

------
phoenix24
this is cool!

I made a similar nodejs application too sometime back, but mine is still with
some bugs.

