Forgot your password?
typodupeerror
Google Chrome Software

Google Is Building a Way To Launch Chrome Apps Without Installation 135

Posted by timothy
from the playing-the-long-game dept.
An anonymous reader writes "Google really wants Chrome apps to take off. Not only has the company added rich notifications, in-app payments, and an app launcher into its browser, but now it's developing ephemeral apps that launch by just clicking a link. There are two separate components here. Ephemeral apps (you can enable this under the chrome://flags/#enable-ephemeral-apps flag) let you try a Chrome app before installing it. Linkable ephemeral apps (under the chrome://flags/#enable-linkable-ephemeral-apps flag) meanwhile allow you to launch said apps from hyperlinks."
This discussion has been archived. No new comments can be posted.

Google Is Building a Way To Launch Chrome Apps Without Installation

Comments Filter:
  • It still becomes a brick when you have no wi-fi or you don't have an over-priced GSM subscription.

    • Re: (Score:2, Flamebait)

      by Splab (574204)

      Yeah, my 4G subscription is $40 a month, includes 10GB of data, unlimited voice, SMS and MMS and two sim cards (one for the phone, one for the laptop).

      (Disclaimer, I live in socialist Denmark)

      • How hard is it for an American to qualify for residency in "socialist Denmark" where the RF spectrum owners don't gouge as much?
        • by MightyYar (622222)

          To save 10 or 20 bucks a month?

          • by tepples (727027)
            Actually, to broaden my job search beyond my home country in general.
            • by Splab (574204)

              Hey sorry for the late reply :-)

              If you are a talented programmer, it's fairly easy to get a job - green cards can be a bit of pain since there are requirements to minimum wage, however, in programming, those requirements should be no problem.

    • by swillden (191260)

      It still becomes a brick when you have no wi-fi or you don't have an over-priced GSM subscription.

      Actually, that's a difference between Chrome Apps and web pages... it's up to the App developer to code for it, but if they do the work Apps can work just fine offline, and the data model[*] is such that changes made offline can almost always be merged seamlessly to the online copy when a data connection becomes available, even if someone else has modified the online copy in the meantime.

      [*] I haven't looked at it in detail, but I attended a talk about App development a couple of years ago, in which the p

    • by SunTzuWarmaster (930093) on Saturday November 30, 2013 @10:23AM (#45560739) Homepage

      This isn't true at all... I made a "Mirror" app yesterday (https://chrome.google.com/webstore/detail/mirror-tds/fapfdhoailemkonegpjdhngmjfpmdjdj) on my Chromebook which works just as well as a "flipped webcam image" offline as it does online.

      My other app to graph relationships between objects (https://chrome.google.com/webstore/detail/tensity-grapher/keomiemppflejbjkafeaepbdhigggifd) also works offline.

      As does Google Docs (Offline), as the calculator, as does a timer, and my calendar, and many of the apps I have installed (I'm frequently offline).

      I don't have a GSM subscription (I use wifi), Google Chrome doesn't sell such a subscription (try it with your own laptop, with whatever wifi/service you have), and many apps work without internet connection.

  • C:\$App (Score:3, Insightful)

    by mbstone (457308) on Saturday November 30, 2013 @07:40AM (#45560327)

    The truest words ever spoken on the subject were penned by Nicholas Petreley, the IT industry columnist, who opined that:

    1) There should not be a "registry" or an :"install" program.

    2) Everything needed to run $App should reside in C:\$App.

    This of course would enable $App to be copied freely from machine to machine, which is probably why there is a Windows Registry.

    • Re: (Score:2, Insightful)

      by drinkypoo (153816)

      Some programs work fine without their registry entries. Some don't. The ones that do probably assume defaults, or load defaults into the registry on firstrun. I haven't done a survey. Either way, dependence on install-time registry values isn't a necessity for Windows programs.

      • by nashv (1479253)

        All programs can be written to work without using the concept of a registry.

        • Sometimes using the registry is just easier. For example if I need a high port I let the OS grab a randon free one and store the number in a user hive registry entry - saves having to worry about the different user directory configs you can get on the different versions or on networked corporate setups.
          • saves having to worry about the different user directory configs you can get on the different versions or on networked corporate setups

            But it only has to be done once per publisher, and then you can reuse the folder locating code across multiple applications. As for "networked corporate setups", Windows provides two folders: local application data and roaming application data. I don't see what's so hard about deciding whether a particular preference goes in your application's SQLite file for local preferences or its SQLite file for roaming preferences. If it's machine-specific, such as game control settings or a random free TCP port, or if

            • It was for a TCP server for sending new file open calls to a single running instance, It was a feature I added to an existing app where all the preferences do get saved to Roaming, but because I'd already coded a 'reset' function that completely overwrites the preference directory with a fresh set of defaults it was just easier to store the port number somewhere else.
        • by drinkypoo (153816)

          All programs can be written to work without using the concept of a registry.

          If you take the time to read and understand my comment, when I say "without their registry entries" I'm clearly implying those which actually have registry entries. I didn't feel a need to make that statement, because it is already obvious to anyone with an interest.

        • by Anonymous Coward

          They can; although, the registory was added to solve various race conditions involving INI files when Windows made the transition to multitasking. It was not added for the heck of it.

          Having to deal with annoying lock files in the bowels of the system isn't much better then the mess the registory introduces for the average user.

        • by Anonymous Coward
          If you want to save some settings without linking to a 3rd party xml library (this might have happened 20 years ago!), there are these easy window api functions to do that. They are transparent to the application, those values could go to a file next to the exe (they went to win.ini long time ago, and can still), to make it easier to copy with the application. Using regedit, instead of file explorer is not much harder either, both have a tree view on the left side...
    • by mcgrew (92797) *

      1. Agreed, the Windows way is stupid.
      2. Disagreed, Windows is the only OS with C:\$App. All the others have user/$file. The Windows way is stupid. And copying the subdirectory to another machine won't install $App because the execute bit is reset on copy. To enable the app you have to flip the execute bit, adding a bit of safety to it.

      One of the reasons Windows has been historically insecure is that they have no execute bit, but treat data as code if it has a certain extension.

      • All the others have user/$file.

        Under your preferred setup, for a home PC with five users (mom, dad, and three kids), must all applications be installed five times, using five times the disk space and five times the data transfer (which counts against the house's monthly Internet cap) for updates?

        • I assumed he meant /usr like on Linux.

        • by mcgrew (92797) *

          You can install an app under /usr and anyone's /usr/home directory can run it if they have the proper permissions. Their configuration files for that app are stored in their own space; one size does not fit all.

          Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature) unless you're logged in as root ("Admin" in Windows-speak).

          Your desktop is your desktop. If you install an app in your own space it doesn't affect any other user. In Linux, most any app you might

          • by tepples (727027)

            Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature)

            Nonstandard? "Folders" have meant the same thing as directories since Mac OS 2.1 introduced HFS in September 1985, years before Linux and 4.4BSD-Lite were released.

            Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature) unless you're logged in as root ("Admin" in Windows-speak).

            UNIX is this way for files and folders that have no world permissions, such as those created under a umask ending in 7. But it's common for a UNIX system used by a single household or small organization to have a umask of 022, which makes documents 644 (all read, owner write) and folders 755 (all list, owner write, all traverse).

            In Linux, most any app you might want is installed with the OS anyway.

            True, a common se

          • by exomondo (1725132)

            Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature)

            You mean Apple's (as introduced in the Lisa) nonstandard nomenclature? Though I'm not sure what you think the 'standard' is or why.

            • by mcgrew (92797) *

              There was no real standard when the Lisa was out, but these days *nix is the standard -- Unix, Linux, BSD. Most mainframes and all the 100 fastest computers run Linux (which is taking over for Unix), Android is Linux, Apple is BSD. Microsoft is way behind everyone.

              • by exomondo (1725132)
                Well that's odd, you say Apple is BSD and BSD is a *nix yet OSX still calls them folders. Could it be there is no standard on what to call them? I can see you desperately want to make out that Microsoft is so far behind but in fact Apple and Microsoft both call them the same thing.
    • So without a registry, how would a program inform the system of the intents it can handle, such as the file types and URL types it can open? And how would programs that need to run in the background starting at login time, such as a weather widget or a service that opens a peripheral's related application when the peripheral is plugged in, get loaded?
      • by Todd Knarr (15451)

        Same way we do it with Linux desktop environments: applications put a standardized config file into an application-specific spot under a folder in your user home directory containing that information. The desktop environment reads those files, combines them with the user's configuration of what programs they want to handle what, and sets things up accordingly. Note that the configuration of what programs the desktop environment will use to handle each file type is part of the desktop environment's configura

        • by vux984 (928602)

          There is REALLY no difference between HKEY Current User/Software/appname and a "application-specific spot under a folder in your user home directory containing that information"

          Note that the configuration of what programs the desktop environment will use to handle each file type is part of the desktop environment's configuration, not the application or the operating system.

          Same with windows, except that the desktop environment is part of the operating system (and even that is becoming less true with core s

          • by Todd Knarr (15451)

            One major difference between the registry and Unix config file folders: the folders aren't integrated into a single blob, the registry is (well, technically a couple of blobs corresponding to the top-level keys). Bluntly put, the files are more robust than the registry's proven to be. Less prone to corruption, less prone to damage, easier to back up and restore or transfer between machines. I can tar up my home directory on one Unix machine, untar it on another (even one running a different Unix) and everyt

            • by vux984 (928602)

              Bluntly put, the files are more robust than the registry's proven to be.

              Database vs File Structure. There are advantages and disadvantages to both. I don't dispute that the historical record suggest you may be right that the files are more robust... but then we never had a linux with a registry that was mainstream.

              I attribute a lot of the problems with windows registry to the application culture -- of supporting mainstream consumer users.

              [...] Assuming you know where the registry hives are located physical

            • by tepples (727027)

              when you go to install a personal music player and it asks for root the instinctive response is to hit "Cancel" and go looking for confirmation that what you downloaded is really legit because legit stuff Doesn't Do That.

              "Unless you install this media device management application for all users, you will not be able to use it to transfer media to or from your media device. You will have to ask your administrator to install it for all users." Would users be fine with this behavior?

              On Windows it's unusual to see an installer that even gives you the option of choosing per-user vs. system-wide.

              And on common X11/Linux distributions the packages provided by your distribution are intended for a system-wide installation, not an installation to /home/staisy. In order to install something for one user, you usually have to compile it from sourc

      • In linux we have /etc/mailcap and /etc/mime.types and both can be overridden by similar files in each user's $HOME directory.

    • by ceoyoyo (59147)

      He was looking in the wrong place. They're in /Applications/$App.app.

  • by jez9999 (618189) on Saturday November 30, 2013 @07:56AM (#45560357) Homepage Journal

    Am I the only one thinking that Google are basically making Chrome into another VM? Its "apps" are programs that the Chrome VM can run, JavaScript is the main language you use to code stuff for it, but that can even be compiled into obscured JS which is about as readable as bytecode (or less), the DOM is the mechanism you use to create the UI, etc. Apart from being arguably faster, what are the fundamental differences between what Google wants Chrome to be, and Java?

    • by cmdr_tofu (826352) on Saturday November 30, 2013 @08:07AM (#45560391) Homepage

      Indeed it seems like Java was the holy grail and Chrome is trying to reinvent Java applets (on a different VM). At least for this feature, it seems like addressing issues with Java applet security might be more productive.

      I have a Chromebook with Ubuntu chroot, and I do find I spend a lot of time in ChromeOS-mode.

    • Re: (Score:2, Insightful)

      Considering Google's track record with the amount of malware for Android, perhaps they are now trying to get Chrome into the #1 spot for "most unsafe browser out there" in spite of Internet Explorer?

      Poor Steve Balmer. He left Microsoft too early to witness this event, and will now have to cool his anger on some chairs...oh wait.

      • by daveime (1253762) on Saturday November 30, 2013 @10:11AM (#45560691)
        This. Did we learn nothing from IE6 and the ActiveX legacy?

        At a time when developers should be writing stuff that works across any browser (HTML5, CSS, JS), Chrome is trying to divide the web again with things that "only work" in their browser.
        • Not quite the same thing. Internet Explorer was almost a monopoly back then, which ended by Mozilla. Today there are options, IE does not suck that much and people are known to have all three major browsers installed. So, whatever. Let them try and segregate the web if they think they can. It's not that Chrome will have *the* killer feature that will make us stop using anything else. Or that will prevent the community from creating similar plugins for Firefox.

        • by Aighearach (97333)

          This. Did we learn nothing from IE6 and the ActiveX legacy?

          At a time when developers should be writing stuff that works across any browser (HTML5, CSS, JS), Chrome is trying to divide the web again with things that "only work" in their browser.

          We learned it is hard to get right, and it takes a whole bunch of tries to get good client side execution without requiring traditional installation.

          It remains to be seen if this will end up being a portable standard or not. It is too early to accuse chrome of trying to divide the web. I agree we should think about it and keep an eye out.

    • Re: (Score:3, Insightful)

      by ArtFart (578813)
      For those of us who've grown weary of badmouthing Java, .NET and Flash, Google and Facebook are now determined to turn Javascript into the scourge of humanity.
      • by Aighearach (97333)

        I thought JS was the scourge before .NET was written, and later we found out JS was good it just had a community of harmful practices built around it.

    • I wish it was a virtual machine, it would mean I could write my applications in any language that can be compiled into it. Plus if you ever done any DOM programming at all you would beg for a proper user interface API.

      • by ceoyoyo (59147)

        Well, there are several translators for javascript from other languages. So it's sort of like a virtual machine. It just uses a really crappy machine language.

    • by Aighearach (97333)

      A modern formalized distribution mechanism and a modern interpretation of security boundaries.

  • Chrome Apps (Score:5, Funny)

    by Anonymous Coward on Saturday November 30, 2013 @08:02AM (#45560377)

    Alternatively, "chrapps" for short.

  • by rvw (755107) on Saturday November 30, 2013 @08:18AM (#45560411)

    If I remember correctly, Microsoft did this years ago, although.... It was the exact opposite: apps would install without launching them.

  • by Anonymous Coward on Saturday November 30, 2013 @09:03AM (#45560505)

    I'm as guilty as anyone else, but when MS windows did this it was a major security problem, is this really any different?
    Launch a program by clicking a link? Did we not call people retards every time they did this?

    It seems like every new platform just repeats the same crap from every previous platform. Vendor bloatware should have been the blatant warning sign.

    • by Anonymous Coward
      I agree: "What could possibly go wrong?" --and this sounds like ActiveX stuff all over again. When the browser is supposed to let you interact with the Internet without the Internet messing up your computer, and a browser developer deliberately pokes holes in the browser to bypass its protections for admittedly-useful things, the result is that the bypassings will get mis-used, too.
      • People depend on the operating system to protect delicate file system data structures from misbehaving desktop applications. Because the web browser has become an operating system for web applications, Chromium (and by extension Google Chrome) implements a similar sandbox. Your claim that a browser can't properly sandbox a web application sounds like the claim that Windows can't properly sandbox a desktop application, which was true on Windows 98 but hasn't been true for a decade. Even on Windows XP, an app
        • by ceoyoyo (59147) on Saturday November 30, 2013 @12:39PM (#45561587)

          It was a bad idea for Windows to autoplay CDs and automatically run any attachment sent to you in an e-mail, because it can't sandbox apps in a foolproof way. Chrome can't sandbox webapps in a foolproof way either, so it's a bad idea to be able to run random programs by clicking on a link.

          • by MightyYar (622222)

            Even Linux gets the occasional security update for a privilege escalation issue. I wish them luck if they choose to depend on their sandbox.

          • by tepples (727027)

            Chrome can't sandbox webapps in a foolproof way either

            We appear to be at a disagreement. To find exactly what we disagree on, let's start at an extreme and work inward. Can VirtualBox or VMware sandbox operating systems in a foolproof way?

            • by ceoyoyo (59147)

              No, they can't. There are exploits that can break out of VMs. [wikipedia.org]

              • If you're willing to bring up an article that only mentions an escape that was probably patched four years ago, I'll bring up old exploits that can shut down the bare hardware, such as Pentium invalid operand with locked CMPXCHG8B [wikipedia.org] and the Cyrix coma [wikipedia.org].
                • by ceoyoyo (59147)

                  Exactly. You can't make a sandbox foolproof. Even if your "sandbox" is hardware. There were lots of exploits proposed for the execute bit as well. If you're relying on your sandbox, whatever it is, to be foolproof, you're a fool.

                  Good security is always multilayered. Yes, sandboxing, possibly at multiple levels, improves security. So does not being able to install things just by clicking on a link.

                  • by tepples (727027)

                    Yes, sandboxing, possibly at multiple levels, improves security. So does not being able to install things just by clicking on a link.

                    So going forward, should all web developers start to anticipate JavaScript being turned off, with "Sorry, this web application requires JavaScript; here's how to reenable it" considered unacceptable in a web application? Good luck making an efficient user interface to, say, pan and zoom across a map without JavaScript. We'd be back to the clunky-ass "click to zoom in or out or pan half a screen" UI of everything that preceded Google Maps.

                    • by ceoyoyo (59147)

                      Your post doesn't really seem to make sense. If you've got JS turned off then yes, it's quite reasonable that if a web app wants to run the browser says "turn JS back on, here's how, or use the clunky non-JS interface". If a web app wants to install itself onto my computer it's quite reasonable (very highly desirable, actually) that the browser ask me if it's okay first.

                    • by tepples (727027)

                      If a web app wants to install itself onto my computer it's quite reasonable (very highly desirable, actually) that the browser ask me if it's okay first.

                      I agree, but it could go one of two ways. In one scenario, enough web sites would say "allow us to install this JavaScript application on your computer or this web site will operate with severely reduced functionality" that it'd become yet another way to train the user to just click Yes. Arguably, JavaScript in web applications has already reached this point, and most web browsers default to running JavaScript. In the other scenario, enough users would set their browsers to "never install, never prompt" tha

    • Chrome apps are submitted in a manifest along with all of their files to Google, which charges a fee to be a developer ($5), establishes a limit on the number of apps, and has automated checks to make sure that security precautions are applied.

      • by pitchpipe (708843)

        Chrome apps are submitted in a manifest along with all of their files to Google, which charges a fee to be a developer ($5), establishes a limit on the number of apps, and has automated checks to make sure that security precautions are applied.

        Translation: With Google apps U can feel real good about ur security. We check it with Norton ANTI-virus and then run it in a VIRTUAL machine for extra protection. We care about U.

      • by ceoyoyo (59147)

        Sure, because Google has demonstrated they do an excellent job of curating with the Play store.

        • by Aighearach (97333)

          Yep. Play Store has f-droid, and I can get OSS-only apps from there. Google gives me everything I need to get my device set up the way I want.

          Other than ad blocking, that is. But that isn't a play store issue.

          • by ceoyoyo (59147)

            I think you missed the point. The Play store has lots of malware on it. Google is not good at making sure their software stores are spotless. If they can't do it for Android, why would they be able to do it for Chrome?

            • by Aighearach (97333)

              There isn't actually lots of malware at all. That is just FUD. The vast majority of what is in the google play store is not malware.

              Except in the sense that most of it sucks.

              The whole point of what google is doing with chrome is packaging up a set of capabilities that can do something useful without being dangerous. Being dangerous is based on having trust, which is misplaced. Instead of asking for trust, apps will simply be run in a safe container.

              There are lots sandboxes that have survived without major s

              • by ceoyoyo (59147)

                Numbers, and damn good ones, or it didn't happen. If you want to argue that auto-installation is a good idea because Google is so good at catching and eliminating malicious software (and that includes software that does things like track my web browsing, location, whatever I might not want installed) then you'd better be able to show that they're essentially perfect at it. They're not.

                Google isn't Microsoft? That's your argument? It's a poor one. Google is pulling a very Microsoft-in-the-90s move here.

                • by Aighearach (97333)

                  That isn't what I argued at all, I said that their engineers might very well be good enough to construct a safe sandbox so that trust isn't needed. Javascript is already handled safely without trusting it by dozens or hundreds of browsers.

                  If it is installed or not shouldn't even matter, except to the user's logistics choices.

    • by ceoyoyo (59147)

      Yup. This sounds like an excellent reason not to use Chrome.

  • Crap (Score:4, Funny)

    by Hognoxious (631665) on Saturday November 30, 2013 @10:17AM (#45560719) Homepage Journal

    Want-O-Meter(tm) switched on? Check.
    Batteries? Fully charged.
    Sensitivity setting? Max!

    Reading? Not the faintest fuck of a flicker.

  • by Gravis Zero (934156) on Saturday November 30, 2013 @11:24AM (#45561137)

    Put everything in the cloud! WebOS is the future! HTML5 apps should replace native apps!

    Everyone who ever agreed with any of this crap has only themselves to blame. Also, no bitching when they change the layout/functionality/something else you can't control because IT'S NOT YOUR SYSTEM.

    I called my brother on this multiple times and now he finally see the "cloud apps" for what they are, a farce!

    • by Anonymous Coward

      You mean like gmail/webmail? Salesforce.com... Instapaper, Google Calendar, Hangouts, Drive/docs, RDIO, WordPress, Drupal, Tumblr, Pandora, Google Maps, Evernote, OWA...

      Yeah... There is no future for web apps... The cloud is a lie. You seem to ignore the fact that apps can be abandoned and or updated that are installed locally as well. Oh the new update breaks legacy support? Web Apps at least can be OS agnostic, and not be beholden to the Whimsy of a closed ecosystem. (iOS and WP8 and Android.)

    • by Aighearach (97333)

      The important thing in many contexts is control of the data, portability of the data. If the data is portable, a commodity cloud owned by whoever might be just fine. Especially where you can just run your own private cloud if you have a use case that requires control.

      Apps also are learning to use caches these days, so they still work fine offline.

  • by Anonymous Coward

    From TFA:

    As for the launching ephemeral apps from hyperlinks, Google separated the two features into two separate flags to ensure that only links appearing on a Google search results page will launch the app. This should give the company more control over stopping malware from just launching:

    Google has stated repeatedly that they lack the resources to reliably filter illegal MP3 download sites from their search results. How can they stop the much more sophisticated malware vendors?

    • by Aighearach (97333)

      They'd need access to the NSA's database to do that! How about having the NSA just flag all the packets that have malware, and then everybody can drop those at the routers.

      /s ;p

  • The apps already run everywhere (well, Android, FirefoxOS, Firefox Desktop), already are one-click-to-use on FirefoxOS, and also they don't require you to be online to use them. And they're not pushing an agenda. Just sayin'.

  • by Todd Knarr (15451) on Saturday November 30, 2013 @03:12PM (#45562559) Homepage

    Windows allowed the running of applications from Internet Explorer, remember? You even get the option still of running an application or saving it to disk when you click on a link to an executable program. And we've spent what, the better part of 2 decades trying to figure out reliable ways of PREVENTING this! Because it's so commonly abused to get people to run malware and other undesirable software. And now we want to make another attempt at letting people run anything J. Random Blackhat throws their way? Thanks, but no thanks.

  • by johanw (1001493) on Saturday November 30, 2013 @03:36PM (#45562689)

    So, after the adblocker we now also need the appblocker when browsing.

  • For the average user that does not use noscript, this isn't a big difference. They're already essentially trusting every site they visit.

  • Does nobody remember Active-X?

    Don't download and run strange code. Ever.
    --
    There is nothing so useless as doing efficiently that which should not be done at all.

Mathemeticians stand on each other's shoulders while computer scientists stand on each other's toes. -- Richard Hamming

Working...