Brad Neuberg, Google Gears, and the Future of the Web

Linux.com has an interesting look at Google Gears and one of its leading evangelists, Brad Neuberg. "For Neuberg -- as for most developers -- the idea of expanding the Web's capabilities is intriguing in itself. But both inside and outside Google, his argument is that there's more at stake than just a particular piece of technology. In fact, he does not even seem particularly concerned whether Gears or some rival project takes on the role he envisions. What matters, he says, is that finding a solution to the problems of the Web is essential not only to the continued evolution of the Web, but also to its continued freedom. "

Expanding Kills The Web

[_bug_]

First off, the web isn't even stable. Why try to bloat it further? Didn't anyone take a lesson from Microsoft? Bloating before you've stabilized what you have IS BAD and leads to Vista.

JavaScript, ActionScript, embedded video, even IMAGES, can all be exploited with quite a bit of ease. Ever wonder where all those botnets come from? It ain't from e-mail attachments. People have had that lesson drained into their heads for over a decade now.

No, the botnets come from loading exploited web sites that ask the user to install something (usually an ActiveX control) in order to continue. That something is typically a virus, trojan, zombie client, etc.

How did we get to the point that web sites can install malicious software on PCs?!

The answer: The Brad Neubergs from 20 years ago. The advocates to pair some sort of client-side scripting language with HTML to create an infinite number of possibilities. And now every user has a technology built-into their browser that they should have disabled by default. But if they get proactive and disable it half the web's functionality goes away now because we've had nearly 20 years of web development with the assumption of a javascript on the client.

What we need is a push away from this stuff. Get back to what the web was originally created for: serving hypertext document. If you want a thin client into your application WRITE THE THIN CLIENT APPLICATION. You want compatibility? Write it in JAVA. Or MONO. Or whatever.

Just ask yourself this: did we need Javascript on the web 20 years ago. If we didn't have javascript embedded into every browser out there today would we have anything like the Storm botnet? Would we have as much installed malware out there today?

I say no. And I think it's a pretty safe and obvious no.

So instead of creating new attack vectors for kids and crackers, how about we look at securing what we have now? How about we start advocating white-lists built into each browser that allow things like Javascript and the like. How about we, BY DEFAULT, keep Javascript disabled.

Ah, but mister Brad won't be so keen on that. A user will go to one of his web sites without Javascript, won't see ANYTHING and the site will simply not work, and they'll move on to another web page.

So let's keep bloating the web! Let's keep bloating the browser. And say FUCK ALL to protecting the end user.

Re:Further adoption

[BradNeuberg]

After reading the article (really!) I can see how Gears is more than just offline storage, but extending the browser to do what it should. Right now it is only available as a FF plugin right? Could it be expanded into the google toolbar? ported to IE in the toolbar?

I want to look at this as a way to make even more powerful webapps, but until it gets more widespread it only seems appealing to apps that have a clear offline use.

Gears is currently available on Firefox 1.5+ (Firefox 3 soon), Internet Explorer 6+, and Windows Mobile 5 and 6. It works across Linux, Mac OS X, and Windows. Safari support is coming soon, Opera is being worked on, Firefox 3 support is done but is being dogfooded and tested. Expect to see Gears on other mobile browsers as well at some point.

Best,
    Brad Neuberg