Sunday, January 20, 2008

Roxer - the easiest way to make a web page

I’m excited to let everyone know about a brand new Web-based technology (non-webappsec related) Lex Arquette and I have been developing over the last several years – mainly as a late night side project. It’s called Roxer and represents what we believe is the future of Web page design (screen shots). Targeted mostly for novices, where with Roxer anyone can build just about any Web page they want using a Web browser (no plug-ins) and without a single line of code (example sites). Think Visio, MS Word, or OmniGraffle, but extremely simple and completely on Web-based. I also have a page I treat as a personal playground.


Roxer beta-testers are using it primarily for personal and small business sites. The deal is they get free Web space and access to a cool toy - we get great feedback, a chance to quash bugs, and some insights to how people REALLY want to develop Web pages. Later we thought the readers here, even if all infosec related, might be interested and want to get in on the action. So we opened up beta testing to public registration.

There are a lot of cool features in Roxer, including cross-tab copy/paste, which were extremely difficult to implement. It’s only due to a background in JavaScript hacking were we successful. Other Web 2.0 / Ajax’ish stuff like Drag & Drop, Rich Text Editing, and Edit-in-Place were zip zap after that. Since WhiteHat Security is my responsibility during the day, and often night to, Lex (the one man army) does most/all the Roxer coding these days. Basically my job is helping solve some of the harder architectural problems and overcome the things that browsers were never really designed to do. BTW, The Dojo Toolkit totally kicks ass.



Now I know some reading this blog are probably going to try and hack Roxer to pieces. Nah, not you guys. :) Some may expect a 100% secure system since its been written by Web security experts. Fair enough, have at it, not like we can stop you anyway. But let me first say that we’re not perfect programmers (if only). The code is brand new, considered beta, and largely untested by outsiders. Our primary mission was just to make Roxer functional and we’re sure vulnerabilities exist. So if you find something, whether on purpose or accident, let us know and we’ll fix it. Just please don’t break the website. ;)

Other than that, have fun!

10 comments:

Anonymous said...

Looks like you need to go back to the drawing board and learn a little bit about plain old semantic HTML and progressive enhancement. Your editor may be clever, but that amounts to nothing if the output isn't of good quality.

The example sites show some really fundamental problems (dependancy on JavaScript, overlapping content at larger text sizes etc) that are more reminiscent of 1998 than 2008.

Jeremiah Grossman said...

Point taken, cleaning up the output is on the bug list. Presently though Google seems to index it fine and with a tiny amount of effort things will look out. But we'll smooth it out.

Anonymous said...

Hi it looks verry nice.
Is there a way to download it and build on the version you have?
I would love to program on a site like this for personal use.

greets
Krijn

Anonymous said...

Pretty cool. Can you tell us a bit about the process and technologies behind the application, besides the Dojo framework? I've created something similar for managing content in web pages, but that's pretty much just for text / images, and not for layout etc. Is there any (planned) support for internationalization and other more advanced technologies which are pretty important these days?

- Eirik Hoem

Jeremiah Grossman said...

@Krijn, developer support is something that's definitely on the Roxer roadmap. We plan to open up our APIs and create a web-based IDE so developers can make their own Boxes (widgets) just as you said.

In fact, we already have already have an ugly web-based IDE we use internally to code Roxer Boxes. Its just not ready for prime time as there are a lot of issues to iron out. But its coming!

@Eirik Hoem, I'll leave that question to Lex. He's the man in that dept. :)

Anonymous said...

Eirikhoem,

The basic technologies behind Roxer are MySQL and PERL running on Amazon's EC2 platform along w/ their S3 platform for storage.
Most of Roxer is custom code aside from the Dojo Toolkit (thanks guys!).

For Roxer to work we needed to compartmentalize the "things" that make up a web page into autonomous pieces. Their Javascript, style, HTML all had to be able to exist or not exist without effecting other things on the page.
Each "Box" has it's on mini-database where it can store information such as coordinates,dimensions, configurations, transparency level, color information, etc. When a page is "Locked" we look at all the Boxes that have changed since the last Lock. Their databases are sent to the server and stored.

We do have plans on making Roxer much more friendly to everyone, but our first goal is to stabilize it technologically.

Anonymous said...

perl, interesting choice

jmuhlbie said...

I think ROXER is fantastic. I'm a Dreamweaver user myself but I think the notion of a user-friendly web-based program is really cool. Of course...advanced photo editing should be left to Photoshop, the idea of"click-drag-done!" is something else. It's easy, fast, and interactive which in my opinion qualifies as a good technology.

Side note: I'll be writing a school paper for my course, "The next generation web" on ROXER, discussing how it works, how its viable and useful as well as comparing it to Dreamweaver and other programs of nature.

:)

Mark Kerzner said...

Jeremiah, thanks! I missed it when you published it, and I stumbled on it accidentally because of my research on Web 2.0 security (where else would I go? :)

For what it does, Roxer is totally cool. I know a few people who had an idea of doing very simple wiziwig html editor, and googlepages is of course one of them, but your has one advantage. It is fun to use! I am sure kids and novices will just love it.

I am putting it on my blog and sending to all my friends. More strength to you.

Jeremiah Grossman said...

@Mark, thanks for the kind words. Roxer is many years in the making and is getting better every day. Plus in just over a month, 4K users aint bad! :) But yah, teachers, students, and even my mother likes it. That's success right there! :)