With so many RIA options out there, many people get confused about which technology to hitch their wagon to in order to build an RIA. Unfortunatley many RIAs are built with the wrong stuff. Here are some general guidelines to help you make better choices.

1. Performance is still important. Consumers are even less patient now with poorly performing web sites. Just because a lot of people have broadband-speed Internet access is no excuse for building poorly performing web sites.
2. Maintainability is important. The more complex your technology the higher the risk and cost of maintainability.
3. Most applications need to support multiple platforms. IE, Firefox, Safari, Opera, the iPhone, Windows, Mac, Linux - are all major market segments. Understand which platforms you ned to support.
4. Accessibility is important and may be legally mandated for your RIA.
5. Re-use may be important from a cost management perspective.

Taking these things into account I try to use the strategy of choosing the simplest technical solution, with the least amount of code to maintain, that works on most browsers, that will support my requirements.

My technology ladder usually looks like this:

1. Plain Old Semantic HTML (POSH) +  JavaScript
2. Hand written DHTML / Ajax
3. Flash
4. Some Ajax toolkit (like Dojo, or Prototype)
5. Flex
6. A custom plugin (which I have never done)

Even though Flex is #5, it's sometimes the best solution for dynamic charting. Even though the toolkits like Dojo handle Ajax beautifully, I don't always want that much code to do a simple XHR. Flash is great for a lot of controls, and some charting applications.

I sometimes find that developers choose a technology merely because they are more comfortable with it. That is a compelling reason, however it doesn't lead to the best technology decisions.

I have a problem with design patterns. I know - I should be thrown out the window by the development police. Design patterns are there to help developers use tested and appropriate ways of building software which includes tasks that are common to many programs. In that respect - they are just super.

My problem is that they are often, like many technologies, inappropriately applied. I was recently reving some javascript code which did a simple Ajax call to get some JSON data and stick it into a list. The developers (and yes there were more than one) built a complex, difficult to debug MVC (Model View Controller) framework for this task.

"Oh yes," I can hear you say, "but now that component can be reused and it has a known interface...etc...etc...etc." Sure, but I could have built a reusable component that did the same thing, with a known interface, with aboout 1/10th of the code. It would be easier to maintain, and it would perform better.

I can't tell you how many conversations about Flex I've had that began with someone asking me about PureMVC or Carngorm. They are both great frameworks, but they are not meant for every Flex application.

The wrong way to apply design patterns is to look for opportunities to apply them. You can honestly figure out how to apply almost any design pattern to any problem. The one and only right way to apply a design pattern is to start with a problem and find the best way to solve that particular problem. If the design pattern is the best way - then it's good. If it can be simpler, easier to maintain, requires less code, and more performant - then fantastic.

I personally find that a lot of MVC frameworks get totally out of hand and, rather than reducing complexity, make applications more complex.

Understanding design patterns is an impotant part of a devlopers knowledge set. Knowing when to apply them is wisdom. 

The cross site scripting restrictions imposed by the browsers are both very important - for security reasons, and very frustrating - for the limitations they impose. If your not familliar with the single origin restrictions on XHR (XMLHTTPRequest object - the backbone of Ajax), they basically say that all requests must go to the same domain as the page that's requesting them.

For security, this is a very good thing.  Otherwise hackers could set up web pages with JavaScript that could steal all the info from sites you had logged into - such as your bank information, and the prescription for your herpes medication. Adobe's Flash Player has implemented a method of securing a domain, but opening it up to trusted domains using a cross domain policy file. Alas, no such thing exists for the browsers yet.

But let's say that there is some data you want to get to using XHR that isn't private - like search results, stock quotes, news about your favorite reality TV show. Along comes JSONP (padded JSON) to the rescue.

JSON, if you don't know is a data format for passing along well formed JavaScript objects. It happens to be very terse (tends to be smaller than XML), and much easier for the browser to parse than XML. JSONP is an unofficial standard where the JSON is sent back to the browser wrapped in a function call.

Using JavaScript, the clever coder creates a script tag node, set's the url to the service that passes back JSONP, and adds a unique tag (usually a timestamp) to prevent caching. The function call that wraps the JSONP is mapped to a callback which then cracks the data and does brilliant things with it.

It's great

I should repeat, however, that this format is not secure. It basically opens this data up to anybody - so personal or private data should NEVER be passed this way. You are also trusting the data source not to pass malicious code back to the page. You should be OK to grab search results from Yahoo or Google, but I wouldn't be pulling down script from any colleges in Russia.