Are AJAX applications less secure than non-AJAX apps?

are AJAX apps, by nature of the technology they use, less secure than non-AJAX apps?
No, they are not.

are AJAX apps usually easier to hack?
Yes.

Why?
because AJAX apps are often built with less attention paid to security.

The attack methods in an AJAX app are the same as you have in a non-AJAxified app. to wit: SQL injection, Cross-site scripting, authentication hacks, resource enumeration, Request forgery, Phishing, DoS, brute-force scraping. Did I miss any? All of the above can happen to an AJAXified or non-AJAXified app.

A major problem in AJAX apps is that client-side AJAX technology inspires developers to build lots of poorly-secured APIs. The more complex the app, the more likely someone built a whole fleet of specialized scripts that do mini-processes on the back end to return little fragments of HTML or JSON. Each one of them could be a SQL injection target.

To put it another way, an AJAX app usually has a larger surface area.

Can my boss really read my email / see my IM messages / read my browsing history?

Are you logged in to a company network? Then absolutely, they can do all that.

And as long as you are using their equipment, using their bandwidth, on their network, they are legally allowed to do so. (according to Canadian law, AFAIK)

Not all employers do. But most that I've ever worked for, did. I wish I were kidding, but you mustn't be surprised that people will whet their curiosity by invading the pseudo-false-privacy of another person, just because they can and may.

If you're on someone else's network, even VPN remotely, or using a company-owned machine, don't do anything you wouldn't do if they were standing behind you looking over your shoulder. This isn't paranoia, it's reality.

What do you think of HTML 5?

Most of it looks interesting and useful. I'm most excited by Structured Client-side Storage. Though most of the new elements are good, semantic, common literary document structures, others schmeck a tad dispensable.

Is google using user behaviour from the toolbar (like time spent on page, times revisiting same page) to affect rankings?

How the heck should I know.

But I'll tell you why I suspect it is the case:
1) there's nothing fraudulent or ethically wrong about it
2) it would make their product better
3) they stand to benefit financially from it
4) if they're smart they would
5) I believe they are, actually, pretty smart
6) no one would notice

What do you think of my web site?

It's lovely, but please fix the JavaScript errors

Which is better, .NET or PHP?

PHP. (hww ducks to avoid projectiles from the right side of the room)

Is it worthwhile to hire an SEO consultant?

It depends:
1) can you afford to
2) can you afford not to

Truth is, if you're involved in any kind of online sales, your competitors - you know, the ones that rank better than you? they're already using pro SEO services. So it's not a question of whether to hire help, but whether the help you're hiring is good at their vocation.

Not everyone needs to put effort into SEO. Some companies have no need for organic search rankings, or perhaps they just have no competition.

I want to put a shopping cart on my site, and it needs features X Y and Z. but I'm pretty new and I don't know where to start. Do I need to use Cookie programming? How do I do Cookie programming?

I'm usually enthusiastically DIY. Want something built to spec? Build it yourself! And I admire people who have the diligence, motivation and talent to pursue Web Development as a new vocation.

But this project is - to be blunt - advanced stuff. You will seriously need to spend 3+ years learning about 4 new programming and scripting languages before you can build a shopping cart from scratch.

I strongly recommend:
1) spend a few hundred $ to buy one that sort-of does everything you need, or
2) hire an experienced developer to build one for you.

I refuse to use any of these newfangled Javascript libraries. (like mootools, prototype, Jquery, Dojo...)

Well then you're wasting a lot of your own time. JavaScript must be a special hobby for you, like building boats inside bottles, or rolling cigars by hand. Because those of us who do Javascript professionally do use common script libraries.

Any new book recommendations?

Programming Collective Intelligence by Toby Segaran. What an EXCELLENT book that was, one of O'Reilly's best offerings ever. If you run a site that gobbles up data, this book will teach you (or refresh your familiarity with) methods for analyzing and choreographing that data in dozens of meaningful ways.

Regular expression to validate an email address?

Remember, a regex will only flag obvious syntactic problems with an email address. It doesn't validate whether the name is spelled right or actually goes to a person's Inbox. That said, this one works OK for me:

^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$

I don't use free software - you're getting what you pay for

That's an excellent argument, if you're buying wine or chocolate. Not so with software, as any Linux, Apache or Firefox user will attest... I've noticed that (especially in the web development world) almost every category has a really good contender available for free. And in some categories, the free software is uncontestably superior.

Don't get me wrong - I use lots of purchased software too. But I will never buy another text editor or web browser or instant messenger or FTP client... and I paid nothing for my server software, database, blog platform, etc etc. To date I've probably saved hundreds of thousands of $ by embracing free open-source technology. I pay it back in ways I can.