By Deane Barker on May 27, 2003

HTML/OS is a Web development platform from Aestiva that has an interesting angle — the database is built into the binary kernel. So unlike ASP, JSP, etc. where you have a scripting language as middleware between a Web server and a database, in this case the same executable does both, which I imagine leads to a lot less code (you’d think, anyway, but I looked at some of the sample code and it didn’t look like less…).

It’s also cross-platform — you wrap your entire app up into a single executable, and drop it on a server. Interesting concept. It costs $1,499 and there doesn’t appear to be a trial version.

(Here’s something annoying — the above links may not work because it appears a session ID or something is embedded in the URL. I just tried to click one of those links about an hour after I last visited, and it backed me up to Aestiva’s home page. I copied the sample code link again, and I got a different URL this time. This would seem to prevent deep-linked into an HTML/OS site. However, in the spirit of full-disclosure, I will email them and ask what’s up.)



  1. Aestiva sent me back what seemed to be an auto-response or “the email to send when we don’t know what else to send.” I’m curious if they even followed the link to this posting.

  2. I have been a sysadmin dealing with the nightmare of HTML/OS for a while now. The reason you are not able to view the links above is because of the session information that HTML/OS uses to direct you to a page. HTML/OS is a poorly designed concept at best, especially given the session problem. For example, start a session that invloves logging in using a password. Then visit a website on which you can view the logs. Take the referer line out of your log, and IM it to a friend, they will then be able to click it and start where you left off. Aestiva denies this cross-site-scripting vulnerability. My 2 cents about using HTML/OS: don’t.

  3. I’ve used HTML/OS for years now and there is indeed less code involved on average. A good coder will use less code anyway, but HTML/OS reduces it even more. The cross site scripting vulnerability is no issue one you understand how environment variables work with Aestiva applications. Deep linking can be enabled from its control panel so you can get back to the page after it expires. As for sharing a URL with a friend after you have logged in with a password and having them get into your session, there is a cookie security setting in the control panel to turn that off. HTML/OS is now back at about $800 where it used to be, and there is a free version called H2O, which limits databases to 500 records. There is also an intermediate version that allows 10,000 records.. Maybe sysadmins don’t like it, but as a long time end user I recommend it wole-heartedly.

  4. I second the recommendation. Although Aestiva (the company) is sorely lacking in some areas, the software (HTML/OS) is fantastic. It’s easy to learn to develop dynamic sites with a much lower overall cost than many other solutions. Many of the criticisms leveled are overcomeable if you learn advanced features and program properly.

  5. PHP5 includes integrated SQLLite support. It strikes me that’s getting pretty close to the HTML/OS model of putting the language and the database together.

  6. Have also been developing website with HTML/OS and have never had a problem with it. have gotten into a few fixes but always found a workaround. Like the way it performs and with a little creativity, you can do very much with it. My customers like it too!

  7. I have been using H2O, the free version of HTML/OS, for a couple of projects. That cross-site vulnerability is rumoured to have been solved by posts on some security sites. But it strikes me that only 500 records are allowed? I must check that.

    The sites I developed.. were developed in 15 times less effort than with PHP. Like writing an online stock management system with backend in 1 day! without overtime!

    It’s really worth it. And especially useful when you have small applications to develop within tight timeframes. However the lack of direct interactivity with mySQL is the reason my company refuses to adopt it as the main development platform (since all our databases are in mySQL).

  8. I just came across HTML/OS and it has everything in it that a language like PHP is missing. For years I have fought to separate design from content and struggled with template engines.

    The way HTML/OS overlays HTML cuts file clutter and makes code extremely clear and easy to read.

    I approach this as a designer rather than a programmer, so I start with Dreamweaver and simply note where I want the HTML/OS to go, then work at adding it later.

    For menus I use Rapidweaver and again just add the HTML/OS.

    My only regret is that HTML/OS is not Opensource. I think it would have millions of users rather than a few thousand.

  9. I have been using Aestiva’s HTMLOS for the last 3 or 4 years.

    Here is my review:

    It is a good platform for non-programmers to get started, like myself.

    Integrates with HTML very well. It is simply a case of putting tags in the place where you want the code to run.

    It is very easy to use, and can produce simple to very complex database driven software applications.

    I like how it integrates everything you need in one package – such as a database engine and security.

    Performs very quick searches/calculations/actions.

    There are practically no resources on the net – only the Knowledge base on the Aestiva site, where you can also pay for answers to your problems! you cannot simply search the net for help.

    Search engine placement – when creating a shop or a site with many dynamic pages, as they are created on-the-fly, it doesn’t seem to list these pages in search engines. I could be mistaken here, but this is how I understand it.

    No-one else uses it. If you want to get a job as a programmer, learn one of the industry standard languages.

    It costs $799 (?405) per domain, which does sound a lot, but if you consider the price of setting up .NET (or similar) with a suitable database engine, the costs could be much higher.

    There is also a runtime edition ($249.00) which can install products created on the development version. It is used for deploying apps to different domains.

    There is a free version called H20, which is limited in database size (500 rather than unlimited), but more significantly, the user limit is tiny. If you get more than 20 people visiting your site in an hour, forget it! It is designed as an introduction to HTMLOS, to show how easy it it to use, so you will hopefully upgrade to the ‘full’ version.

    I would say it is perfect for creating web based applications and database driven/content managed sites. Not recommended if all you need it for is submitting forms, due to the price tag.

    I would recommend installing one version on your web server, and let all your other sites access this installation.

    Hope this helps some of you guys!

    (P.S. I believe the security flaw mentioned above has been resolved)


  10. I was working on a peer support site as a shared resource for HTML/OS developers. ( I use a site activity tool that captures the referral link and noticed a link from Aestiva. I clicked on the referral and to my surprise I ended up sitting in Aestiva’s HTML/OS MailBase e-mail client for the company controller. (logged in) I decided not to continue on with building the site and posted a notice on the home page that Aestiva had a serious security risk (showing the actual screen capture of the message in MailBase). The president of the company, David Silverberg linked to the message I posted from his MailBase e-mail client exposing all his e-mail as well.

    There is way to help prevent this from happening using cookie security (turned off by default in HTML/OS) but it seems the company that created the language and all it’s applications have ignored this issue and have exposed themselves and their customers to outside access of sensitive information.

    To date there has been no comment from Aestiva about the security breach or warning their customers of the issue.

  11. There has been a report that cookie security doesn’t work if SSL is enabled in the new Array (HTML/OS 4.15) version. This means that there is no solution to session hijacking if using SSL with your application. (like a shopping cart for example)

    Stay tuned for the latest developments (or lack of) using HTML/OS as a server scripting language.

    Other Aestiva news
    Over the holiday, Aestiva disabled access to their knowledge base and customer login section of their site for non-current customers. The knowledge base has been the only real source of information as the user guide is so poorly done. (been this way for years) It almost looks as if Aestiva is making it as difficult as possible to use their scripting language which may signal a shift in Aestiva’s direction to being an applications provider rather then a language vendor.

    If you use HTML/OS and these issues have you concerned, then send a e-mail to David Silverberg, president of Aestiva.

  12. I love HTML/OS. I have minimum programming skills, but have no problem developing large comprehensive solutions in it. I read David Silverberg’s book “Advanced Websites Made Easy”. It comes with a free trial to HTML/OS, and it makes it easy to get started with your project. Both the book and Aestiva will give you tons of little scripts to get around about any obstacle. It’s really a fantastic product. And I’ve found that, although the book only gives you a free 2-month trial, if you email Aestiva asking for an extension, they’ll extend your trial to at least 6 months. So… program away, and buy after you’re certain. Oh, the other thing is; after buying HTML/OS, you get to ask nearly unlimited questions to their Help Desk for 90 days. So… ask away. I intend on using HTML/OS for all my projects in the future. If you’re a non-programmer who wants to program cool stuff, don’t listen to the critics. It’s a solid and flexible program.

  13. One more thing. For those of you developing in HTML/OS, there’s an HTML/OS group in Yahoo Groups that you will definitely want to join. The members there answer your questions (and vice versa), and of course you can search all past questions/answers. It’s the best resource I know of for HTML/OS programmers, better than asking Aestiva directly. It’s also a good way to find/hire a good programmer. By researching their activity (i.e. looking at their questions and conversations posted) you can see their level of expertiese. Hope this helps someone.

  14. I have been using Aestiva for 9 years. I love it. I have developed several large scale projects with it and it “just works”. The session hijacking issue is one that has been addressed and I personally use my own solution that makes the SSL issue a dead one.

    I have a blog where I post about using HTML/OS and I would also recommend the Yahoo group for answers to any questions you might have regarding HTML/OS

  15. I know this article is old, but for anyone new coming along – for God’s sake, don’t use HTML/OS!

    Having the database embedded within the system actually just means that they’re saving EVERY SINGLE VARIABLE (that’s not local) in the session. This means that there are weird issues, like limitations on how many checkboxes you can have on a page before HTML/OS craps out.

    There is little to no documentation out there for getting help online because no one friggin’ uses HTML/OS.

    Exception handling? FORGET ABOUT IT. The best error message you’re going to get is “ERROR” in big red letters. No line number where the error occurred, no normal indication of what might have gone wrong, just “ERROR”. Oh, by the way, a null variable is actually = “ERROR”. As in, if (myVar == “ERROR”) then display ‘ myVar is null!’ /display /if. Debugging is nearly impossible.

  16. Aestiva recently raised their prices of a copy of HTML/OS (Array) to $4995.00 / URL from $899. (retail pricing) The H2O version is gone and a ‘personal version’ is now available for non-commercial use.

    To keep up to date with the latest fun and games from Aestiva, visit the customer feedback blog.

  17. Besides the increase in price to $4995, Aestiva has a new support policy.

    Professional support is based on “Time and Billing.” The annual retainer for Aestiva’s Professional Support starts at $1,250.00. Time is currently billed at $165 per hour in 15 minute increments.

    Easy to use is getting hard to swallow.

  18. Be very careful if you choose the personal version of Array for your web site(s). Any indication you may be generating a revenue source (AdWords, Donations, …) even if your non-profit can trigger a response from David Silverberg.

    You may want to rename your login.html to something else and .htaccess protect the file. I wouldn’t dismiss the idea of a Aestiva backdoor log in or in-house access session key . If Aestiva wasn’t making money at $900 a copy and the $5000 price is to squeeze the remaining hold outs, revenue by detected misuse is low hanging fruit. (and pick up a few new applications as a bonus) The following is from the Aestiva license agreement.

    PERSONAL editions of Array may only be used for personal and development use, and not for commercial-use. LIMITED editions of Array may only be used to run commercial products but may not be used as a software development environment or an engine for retail web sites. PROFESSIONAL editions of Array may be used for commercial, non-commercial and software development use. EDUCATIONAL editions may only be used for training and educational purposes. Aestiva reserves the right to clarify the scope of use of each edition from time to time (see for clarifications) and introduce new editions, as it sees fit.


  19. Please be warned that the user posting his name as “Aestiva” is not Aestiva but represents a competitor. The same individual has set up a web site called containing incorrect information.

    Gadgetopia: Can you please remove this individual and his postings from this forum. He has already been removed from other forums, as he should, due to his improper behavior. The content is not a service to your readers or to the reputation of Aestiva Software. If you have questions please call Aestiva Software at 310-697-0338. Thank you.

  20. In addition to the user “Aestiva” being not form Aestiva, it appears the user JRS is also this same individual who acted like he was Aestiva when he was representing a competitor. I suspect your IP logs will probably verify this. Note how the user called out David Silverberg at Aestiva Software. More recently this individual asked Aestiva to pay him $5,000 in return for him shutting down his anti-Aestiva web site. We would be happy to provide you copies of those emails. For further information feel free to call Aestiva at 310-697-0338. Thank You.

  21. Dave,

    I registered the and sites years ago when I had a HTML/OS peer support site going. I offered both sites to you back then for a grand and you said you had no interest in those URL’s.

    I’m doing conversions of HTML/OS user applications because no one is willing to pay your outrageous price for a entry level product, high cost of support and updates.

    The value of those sites have increased over the years (unlike your software) and I gave you one last chance to purchase the URL’s for the cost of one copy of Array. ($4995.00) I guess you feel that’s too expensive. (just how your customers feel about spending that kind of money on a single copy of Array)

    I would guess that the .info sites has cost you well over a 1/2 million in sales to date so it looks like your the idiot for not purchasing them when I first offered them to you. The funny part is everyone knows your penny pitching J.B. and would spend a fortune trying to save a dime. It would of cost you less then $20 to register the .info site as a set with .com / .org but you passed. I’m amazed you were able to stay in business this long.

    You have no one to blame but yourself. Screwing your customers and being a greedy bastard was sooner or later going to catch up with you.

    John HTML/OS Conversion Specialist ScriptBasic Open Source Project Manger

  22. The blog is not an Anti-Aestiva site. It contains important facts about the HTML/OS CGI wrapper that users should be aware of if using the product. Just because you allow open access to your company private e-mail due to an ignored security flaw, doesn’t mean your customers should be at risk as well.

    If you would listen to you customers instead of deleting their posts and ignoring their requests for support and fixes, you might still have a thriving business. You had a good 10 year run with your legacy entry level product so move on or retire.

    You screwed up and it going to be interesting to watch you BS your way back to the customers you abandoned that has lined your pockets over the years.

  23. I have used HTML/OS or Array as it now called since 1998. I started programming in 1965 so I think that I call myself a programmer. Array is a great product. Easy to code. Secure. But, Aestiva, the company, is very difficult to deal with.

  24. Dave,

    HTML/OS (Array, H2O, …) is a CGI application that parses embedded HTML and tries to mask the CGI aspect of web scripting. For newcomers to server side scripting that come from a top/down desktop environment, it seems like an easy to use solution. The problem is the cloaking effect keeps you locked in a box and you spend half your time looking for kluge like workarounds to get the job done.

    If you combine all the facts, (price, support and stability of the company) it doesn’t take a internet scientist to figure out Aestiva and their over prices applications are at the end of their life cycle. The owner of the company is clueless as to what the customers he has left need or want.

  25. Hi all! We are former HTML/OS’rs and I’d like to add in my 2 cents worth.

    It is true that HTML/OS brings a form of simplicity to website building and coding, but it comes at a HUGE cost (in addition to whatever $$ they are charging you for it now).

    HTML/OS is NOT SEO friendly AT ALL. Let me say this again. It is NOT search engine friendly. You will be trading off ‘ease-of-use’ for ‘poor-search-engine-performance’. NOTE: If you do not care about ranking high in search engines (Google, Yahoo, Bing, etc), then you should not even have a website!!

    It all stems from the use of the session data in the URL. To Google and the other search engines (SE’s), they see a NEW page each and every-time they visit your webpage. The SE’s end up thinking you have a ton of pages, and they paint you as being ‘miles wide but only an inch deep’.

    Best bet is what a number of us former HTML/OS’rs have done is drop it like a bad habit (yesterday is not soon enough) and immediately move to a PHP/MySQL platform.

    While you may suffer an initial learning curve during startup, trust me, you will be far far better off with PHP/MySQL instead of HTML/OS. Four years later we are still suffering from using HTML/OS and wish to this very day that we hadn’t!!

  26. BTW, did I mention that PHP/MySQL is FREE??? That’s $0 out of pocket. And there are tons of support websites out there to help and support you. Google any PHP MySql question you may have and you WILL find an answer real quick.

    And did I mention that PHP/MySQL is FREE?? Most web/isp hosting companies will install it for free and it is a snap to use.

    You would be way better off investing your time to learn PHP/MySQL instead of HTML/OS. In a few short months the return on your (time) investment will pay back in spades!! And you will be able to control your URL links for search engine compliance.

  27. I used HTML/OS Aestiva years ago to develop a e commerce website, i’m talking early 1990’s. For a non programmer it was relatively easy to use. In the end we got it to do all the things we needed it to do. But with the price now I would not use it. And as previously pointed out above the company is impossible to deal with, you would have more luck trying to pick up the phone and have a chat with the President of America! Company support for the product is non existent. Compared to what is available for free and widely accepted and supported the smart money would steer clear of Aestiva – sad but true


  28. Like Dave Barnes said, HTML/OS is free nowadays. And there’s nothing wrong with the SEO friendliness; Yes it has session id’s, but it’ll still be picked up by SE’s. And there’s a way around urls containing session id’s… so that obstacle is out of the way as well.


Comments are closed. If you have something you really want to say, tweet @gadgetopia.