It’s a shame I have to wait until February to check out the book for myself!

WRONG, idiot.  Junior developers always fail to realize that simple apps quickly become sophisticated apps. 

And while it might be fun for you to be the millionth person to recreate the wheel, remember that the libraries have solved the first round of bugs/shortcomings that your implementation will inevitably have, and it’s easier for the next developer at your company to pick up a library than it is to learn your stupid ass custom library (because the code will grow).

Additionally, don’t hate on a library because it adds 20k to your app.  There’s no perceptible difference to the user.

Finally, use Dojo.  It has all this and a bag of chips.

If the proxies are being a real pain and SSL isn’t an option then things would probably fallback to standard HTTP Polling. If it’s just an Intranet then I’m guessing there won’t be too many users – unless it’s a global Intranet? If the user base is small then normal polling won’t be too big an issue as scaling isn’t such a problem. That said, your users miss out on a true realtime experience.

A wildcard SSL certificate (*.yourdomain.com) can be purchased from GoDaddy for £127.99 a year. But I understand it’s still a bit of a hassle.

If rich user experiences are really required within a web app in a corporate network then it’s getting to the stage that the corporation needs to start upgrading their infrastructure. Whether that’s by encouraging users to install the Google Chrome frame (http://code.google.com/chrome/chromeframe/ – which doesn’t require admin privileges), changing the the users default browser, upgrading their OS, allowing Flash to be installed or changing the configuration of their proxies or firewalls to be a bit more realistic.

The simple fact is that IE6, which shipped over 10 years ago, doesn’t cut it any more. New technologies and JavaScript libraries aren’t being developed with it in mind. How many of their servers and desktop PCs from 10 years ago are still in operation…. ok, I don’t want to know

It’s bad news that proxies are likely to have a bad effect on *all* such technologies.  Hopefully a good fallback library will cope?

Re. SSL, the problem is that internal servers need certificates that are recognised by the browsers.  That means either buying certificates from commercial authorities for all your servers, or using your own root CA and installing its certificate in all your users’ browsers.  Either way it’s a hassle, and on a trusted intranet there’s no perceived need to jump through those hoops – SSL “isn’t needed” because the whole network is secure. Remember, this isn’t about internet-facing servers.