Google Is Building a Way To Launch Chrome Apps Without Installation 135
An anonymous reader writes "Google really wants Chrome apps to take off. Not only has the company added rich notifications, in-app payments, and an app launcher into its browser, but now it's developing ephemeral apps that launch by just clicking a link. There are two separate components here. Ephemeral apps (you can enable this under the chrome://flags/#enable-ephemeral-apps flag) let you try a Chrome app before installing it. Linkable ephemeral apps (under the chrome://flags/#enable-linkable-ephemeral-apps flag) meanwhile allow you to launch said apps from hyperlinks."
Still becomes a brick. (Score:1, Insightful)
It still becomes a brick when you have no wi-fi or you don't have an over-priced GSM subscription.
Re:Still becomes a brick. (Score:4, Insightful)
While niggers in their native setting are still chucking spears at each other and niggers taken out of their native setting are chucking bullets and gang signs at each other. But you're not supposed to notice. That would make you a bad terrible person and we will brand you "racist" to make you a modern heretic
I'm gonna go with another theory: repeatedly using 'nigger' in a sentence to describe dark-skinned people is the likely cause of you being branded a 'racist'.
Re: (Score:2)
While niggers in their native setting are still chucking spears at each other and niggers taken out of their native setting are chucking bullets and gang signs at each other. But you're not supposed to notice. That would make you a bad terrible person and we will brand you "racist" to make you a modern heretic
I'm gonna go with another theory: repeatedly using 'nigger' in a sentence to describe dark-skinned people is the likely cause of you being branded a 'racist'.
That demeaning word comes from the Spanish Négro, (for black skinned person). It was the British and Americans who made its use despicable .
Re: (Score:2)
Straw man. Show me where I was preaching, please.
I provided a simple logical statement that you cannot refute. BTW, I'm not in the US.
Re: (Score:2, Flamebait)
Yeah, my 4G subscription is $40 a month, includes 10GB of data, unlimited voice, SMS and MMS and two sim cards (one for the phone, one for the laptop).
(Disclaimer, I live in socialist Denmark)
Immigration (Score:2)
Re: (Score:2)
To save 10 or 20 bucks a month?
Re: (Score:2)
Re: (Score:2)
Hey sorry for the late reply :-)
If you are a talented programmer, it's fairly easy to get a job - green cards can be a bit of pain since there are requirements to minimum wage, however, in programming, those requirements should be no problem.
Re: (Score:3)
It still becomes a brick when you have no wi-fi or you don't have an over-priced GSM subscription.
Actually, that's a difference between Chrome Apps and web pages... it's up to the App developer to code for it, but if they do the work Apps can work just fine offline, and the data model[*] is such that changes made offline can almost always be merged seamlessly to the online copy when a data connection becomes available, even if someone else has modified the online copy in the meantime.
[*] I haven't looked at it in detail, but I attended a talk about App development a couple of years ago, in which the p
Re:Still becomes a brick. (Score:4, Informative)
I am a Chrome app developer (a bad one, but whatever), and all of the apps I've made work offline.
Re: (Score:2)
I am a Chrome app developer (a bad one, but whatever), and all of the apps I've made work offline.
Cool. Please feel free to correct anything I misrepresented. Like I said, I'm speaking from a two year-old memory of a one-hour talk, not any kind of actual knowledge.
Re:Still becomes a brick. (Score:4, Informative)
It mostly works the way that you have represented. The majority of your post in on the back-end propagation of updates, which works well, and obviously doesn't work when offline. Generally apps work offline by default (like a saved webpage), unless your app needs to reach to an online site.
Re:Still becomes a brick. (Score:5, Informative)
This isn't true at all... I made a "Mirror" app yesterday (https://chrome.google.com/webstore/detail/mirror-tds/fapfdhoailemkonegpjdhngmjfpmdjdj) on my Chromebook which works just as well as a "flipped webcam image" offline as it does online.
My other app to graph relationships between objects (https://chrome.google.com/webstore/detail/tensity-grapher/keomiemppflejbjkafeaepbdhigggifd) also works offline.
As does Google Docs (Offline), as the calculator, as does a timer, and my calendar, and many of the apps I have installed (I'm frequently offline).
I don't have a GSM subscription (I use wifi), Google Chrome doesn't sell such a subscription (try it with your own laptop, with whatever wifi/service you have), and many apps work without internet connection.
C:\$App (Score:3, Insightful)
The truest words ever spoken on the subject were penned by Nicholas Petreley, the IT industry columnist, who opined that:
1) There should not be a "registry" or an :"install" program.
2) Everything needed to run $App should reside in C:\$App.
This of course would enable $App to be copied freely from machine to machine, which is probably why there is a Windows Registry.
Re: (Score:2, Insightful)
Some programs work fine without their registry entries. Some don't. The ones that do probably assume defaults, or load defaults into the registry on firstrun. I haven't done a survey. Either way, dependence on install-time registry values isn't a necessity for Windows programs.
Re: (Score:2)
All programs can be written to work without using the concept of a registry.
Re: (Score:2)
Local vs. roaming preferences (Score:2)
saves having to worry about the different user directory configs you can get on the different versions or on networked corporate setups
But it only has to be done once per publisher, and then you can reuse the folder locating code across multiple applications. As for "networked corporate setups", Windows provides two folders: local application data and roaming application data. I don't see what's so hard about deciding whether a particular preference goes in your application's SQLite file for local preferences or its SQLite file for roaming preferences. If it's machine-specific, such as game control settings or a random free TCP port, or if
Re: (Score:2)
Non-AD roaming and non-Windows OSes (Score:2)
Re: (Score:3)
and then you can reuse the folder locating code across multiple applications.
And thats what the registry does. You just talk to it, and the system stores the data where it wants, even going so far as to sync it between multiple machines automatically.
And that differs from just using the filesystem interface how?
You seem to want to reinvent the wheel because you're too ignorant to use the existing solution, or just too much of a fanboy to see the forest for the trees.
There's a third option, and also, you lack perspective.
Once upon a time, computer files had formats. Along came UNIX, with the concept that everything's just a file, and parsing the contents is the job of the program. And with libraries, you could feasibly abstract that away, and not have to write it over and over again. This enabled portability in a way that you didn't get with competing mainframe systems, and the modern age of computing was bor
Re: (Score:2)
All programs can be written to work without using the concept of a registry.
If you take the time to read and understand my comment, when I say "without their registry entries" I'm clearly implying those which actually have registry entries. I didn't feel a need to make that statement, because it is already obvious to anyone with an interest.
Re: (Score:1)
They can; although, the registory was added to solve various race conditions involving INI files when Windows made the transition to multitasking. It was not added for the heck of it.
Having to deal with annoying lock files in the bowels of the system isn't much better then the mess the registory introduces for the average user.
Re: (Score:1)
Re: (Score:1)
1. Agreed, the Windows way is stupid.
2. Disagreed, Windows is the only OS with C:\$App. All the others have user/$file. The Windows way is stupid. And copying the subdirectory to another machine won't install $App because the execute bit is reset on copy. To enable the app you have to flip the execute bit, adding a bit of safety to it.
One of the reasons Windows has been historically insecure is that they have no execute bit, but treat data as code if it has a certain extension.
When more than one user of a PC uses the same app (Score:2)
All the others have user/$file.
Under your preferred setup, for a home PC with five users (mom, dad, and three kids), must all applications be installed five times, using five times the disk space and five times the data transfer (which counts against the house's monthly Internet cap) for updates?
Re: (Score:2)
I assumed he meant /usr like on Linux.
Re: (Score:2)
You can install an app under /usr and anyone's /usr/home directory can run it if they have the proper permissions. Their configuration files for that app are stored in their own space; one size does not fit all.
Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature) unless you're logged in as root ("Admin" in Windows-speak).
Your desktop is your desktop. If you install an app in your own space it doesn't affect any other user. In Linux, most any app you might
Re: (Score:2)
Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature)
Nonstandard? "Folders" have meant the same thing as directories since Mac OS 2.1 introduced HFS in September 1985, years before Linux and 4.4BSD-Lite were released.
Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature) unless you're logged in as root ("Admin" in Windows-speak).
UNIX is this way for files and folders that have no world permissions, such as those created under a umask ending in 7. But it's common for a UNIX system used by a single household or small organization to have a umask of 022, which makes documents 644 (all read, owner write) and folders 755 (all list, owner write, all traverse).
In Linux, most any app you might want is installed with the OS anyway.
True, a common se
Re: (Score:2)
Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature)
You mean Apple's (as introduced in the Lisa) nonstandard nomenclature? Though I'm not sure what you think the 'standard' is or why.
Re: (Score:2)
There was no real standard when the Lisa was out, but these days *nix is the standard -- Unix, Linux, BSD. Most mainframes and all the 100 fastest computers run Linux (which is taking over for Unix), Android is Linux, Apple is BSD. Microsoft is way behind everyone.
Re: (Score:2)
Intents and background apps without registry (Score:2)
Re: (Score:2)
Same way we do it with Linux desktop environments: applications put a standardized config file into an application-specific spot under a folder in your user home directory containing that information. The desktop environment reads those files, combines them with the user's configuration of what programs they want to handle what, and sets things up accordingly. Note that the configuration of what programs the desktop environment will use to handle each file type is part of the desktop environment's configura
Re: (Score:2)
There is REALLY no difference between HKEY Current User/Software/appname and a "application-specific spot under a folder in your user home directory containing that information"
Note that the configuration of what programs the desktop environment will use to handle each file type is part of the desktop environment's configuration, not the application or the operating system.
Same with windows, except that the desktop environment is part of the operating system (and even that is becoming less true with core s
Re: (Score:2)
One major difference between the registry and Unix config file folders: the folders aren't integrated into a single blob, the registry is (well, technically a couple of blobs corresponding to the top-level keys). Bluntly put, the files are more robust than the registry's proven to be. Less prone to corruption, less prone to damage, easier to back up and restore or transfer between machines. I can tar up my home directory on one Unix machine, untar it on another (even one running a different Unix) and everyt
Re: (Score:2)
Bluntly put, the files are more robust than the registry's proven to be.
Database vs File Structure. There are advantages and disadvantages to both. I don't dispute that the historical record suggest you may be right that the files are more robust... but then we never had a linux with a registry that was mainstream.
I attribute a lot of the problems with windows registry to the application culture -- of supporting mainstream consumer users.
[...] Assuming you know where the registry hives are located physical
Re: (Score:2)
when you go to install a personal music player and it asks for root the instinctive response is to hit "Cancel" and go looking for confirmation that what you downloaded is really legit because legit stuff Doesn't Do That.
"Unless you install this media device management application for all users, you will not be able to use it to transfer media to or from your media device. You will have to ask your administrator to install it for all users." Would users be fine with this behavior?
On Windows it's unusual to see an installer that even gives you the option of choosing per-user vs. system-wide.
And on common X11/Linux distributions the packages provided by your distribution are intended for a system-wide installation, not an installation to /home/staisy. In order to install something for one user, you usually have to compile it from sourc
Re: (Score:2)
In linux we have /etc/mailcap and /etc/mime.types and both can be overridden by similar files in each user's $HOME directory.
Re: (Score:2)
He was looking in the wrong place. They're in /Applications/$App.app.
Google Chrome virtual machine? (Score:5, Insightful)
Am I the only one thinking that Google are basically making Chrome into another VM? Its "apps" are programs that the Chrome VM can run, JavaScript is the main language you use to code stuff for it, but that can even be compiled into obscured JS which is about as readable as bytecode (or less), the DOM is the mechanism you use to create the UI, etc. Apart from being arguably faster, what are the fundamental differences between what Google wants Chrome to be, and Java?
Re:Google Chrome virtual machine? (Score:4, Insightful)
Indeed it seems like Java was the holy grail and Chrome is trying to reinvent Java applets (on a different VM). At least for this feature, it seems like addressing issues with Java applet security might be more productive.
I have a Chromebook with Ubuntu chroot, and I do find I spend a lot of time in ChromeOS-mode.
Re: (Score:2, Insightful)
Considering Google's track record with the amount of malware for Android, perhaps they are now trying to get Chrome into the #1 spot for "most unsafe browser out there" in spite of Internet Explorer?
Poor Steve Balmer. He left Microsoft too early to witness this event, and will now have to cool his anger on some chairs...oh wait.
Re:Google Chrome virtual machine? (Score:5, Insightful)
At a time when developers should be writing stuff that works across any browser (HTML5, CSS, JS), Chrome is trying to divide the web again with things that "only work" in their browser.
Re: (Score:2)
Not quite the same thing. Internet Explorer was almost a monopoly back then, which ended by Mozilla. Today there are options, IE does not suck that much and people are known to have all three major browsers installed. So, whatever. Let them try and segregate the web if they think they can. It's not that Chrome will have *the* killer feature that will make us stop using anything else. Or that will prevent the community from creating similar plugins for Firefox.
Re: (Score:2)
This. Did we learn nothing from IE6 and the ActiveX legacy?
At a time when developers should be writing stuff that works across any browser (HTML5, CSS, JS), Chrome is trying to divide the web again with things that "only work" in their browser.
We learned it is hard to get right, and it takes a whole bunch of tries to get good client side execution without requiring traditional installation.
It remains to be seen if this will end up being a portable standard or not. It is too early to accuse chrome of trying to divide the web. I agree we should think about it and keep an eye out.
Re: (Score:2)
Because stupid developers are limited to IE?
Re: (Score:3, Insightful)
Re: (Score:2)
I thought JS was the scourge before .NET was written, and later we found out JS was good it just had a community of harmful practices built around it.
Re: (Score:1)
I wish it was a virtual machine, it would mean I could write my applications in any language that can be compiled into it. Plus if you ever done any DOM programming at all you would beg for a proper user interface API.
Re: (Score:2)
Well, there are several translators for javascript from other languages. So it's sort of like a virtual machine. It just uses a really crappy machine language.
Re: (Score:2)
A modern formalized distribution mechanism and a modern interpretation of security boundaries.
Chrome Apps (Score:5, Funny)
Alternatively, "chrapps" for short.
Microsoft did this years ago, although.... (Score:3)
If I remember correctly, Microsoft did this years ago, although.... It was the exact opposite: apps would install without launching them.
We all slated Windows for doing this (Score:5, Insightful)
I'm as guilty as anyone else, but when MS windows did this it was a major security problem, is this really any different?
Launch a program by clicking a link? Did we not call people retards every time they did this?
It seems like every new platform just repeats the same crap from every previous platform. Vendor bloatware should have been the blatant warning sign.
Re: (Score:1)
Every OS is a sandbox, including browsers (Score:2)
Re:Every OS is a sandbox, including browsers (Score:4, Insightful)
It was a bad idea for Windows to autoplay CDs and automatically run any attachment sent to you in an e-mail, because it can't sandbox apps in a foolproof way. Chrome can't sandbox webapps in a foolproof way either, so it's a bad idea to be able to run random programs by clicking on a link.
Re: (Score:3)
Even Linux gets the occasional security update for a privilege escalation issue. I wish them luck if they choose to depend on their sandbox.
Re: (Score:2)
Chrome can't sandbox webapps in a foolproof way either
We appear to be at a disagreement. To find exactly what we disagree on, let's start at an extreme and work inward. Can VirtualBox or VMware sandbox operating systems in a foolproof way?
Re: (Score:3)
No, they can't. There are exploits that can break out of VMs. [wikipedia.org]
That one's patched (Score:2)
Re: (Score:2)
Exactly. You can't make a sandbox foolproof. Even if your "sandbox" is hardware. There were lots of exploits proposed for the execute bit as well. If you're relying on your sandbox, whatever it is, to be foolproof, you're a fool.
Good security is always multilayered. Yes, sandboxing, possibly at multiple levels, improves security. So does not being able to install things just by clicking on a link.
Re: (Score:2)
Yes, sandboxing, possibly at multiple levels, improves security. So does not being able to install things just by clicking on a link.
So going forward, should all web developers start to anticipate JavaScript being turned off, with "Sorry, this web application requires JavaScript; here's how to reenable it" considered unacceptable in a web application? Good luck making an efficient user interface to, say, pan and zoom across a map without JavaScript. We'd be back to the clunky-ass "click to zoom in or out or pan half a screen" UI of everything that preceded Google Maps.
Re: (Score:2)
Your post doesn't really seem to make sense. If you've got JS turned off then yes, it's quite reasonable that if a web app wants to run the browser says "turn JS back on, here's how, or use the clunky non-JS interface". If a web app wants to install itself onto my computer it's quite reasonable (very highly desirable, actually) that the browser ask me if it's okay first.
Re: (Score:2)
If a web app wants to install itself onto my computer it's quite reasonable (very highly desirable, actually) that the browser ask me if it's okay first.
I agree, but it could go one of two ways. In one scenario, enough web sites would say "allow us to install this JavaScript application on your computer or this web site will operate with severely reduced functionality" that it'd become yet another way to train the user to just click Yes. Arguably, JavaScript in web applications has already reached this point, and most web browsers default to running JavaScript. In the other scenario, enough users would set their browsers to "never install, never prompt" tha
Re: (Score:2)
Re: (Score:3)
Do we have any evidence that ChromeOS is any better on this front?
And unlike Microsoft, Google might actually make this work securely.
That's a bizarre assumption. The proper assumption is that nobody can make this work securely (regardless of the company, closed/open source policy, etc.), and it's on them to prove you wrong 99% of the time (knowing that there *will* be cracks in any nontrivial system).
Now, on the flip side -- HTML & javascript applications are essentially ephemeral apps, and that's literally what browsers are designed to run. So are Flash apps, essent
Re: (Score:2)
Chrome apps are submitted in a manifest along with all of their files to Google, which charges a fee to be a developer ($5), establishes a limit on the number of apps, and has automated checks to make sure that security precautions are applied.
Re: (Score:2)
Chrome apps are submitted in a manifest along with all of their files to Google, which charges a fee to be a developer ($5), establishes a limit on the number of apps, and has automated checks to make sure that security precautions are applied.
Translation: With Google apps U can feel real good about ur security. We check it with Norton ANTI-virus and then run it in a VIRTUAL machine for extra protection. We care about U.
Re: (Score:2)
Sure, because Google has demonstrated they do an excellent job of curating with the Play store.
Re: (Score:2)
Yep. Play Store has f-droid, and I can get OSS-only apps from there. Google gives me everything I need to get my device set up the way I want.
Other than ad blocking, that is. But that isn't a play store issue.
Re: (Score:2)
I think you missed the point. The Play store has lots of malware on it. Google is not good at making sure their software stores are spotless. If they can't do it for Android, why would they be able to do it for Chrome?
Re: (Score:2)
There isn't actually lots of malware at all. That is just FUD. The vast majority of what is in the google play store is not malware.
Except in the sense that most of it sucks.
The whole point of what google is doing with chrome is packaging up a set of capabilities that can do something useful without being dangerous. Being dangerous is based on having trust, which is misplaced. Instead of asking for trust, apps will simply be run in a safe container.
There are lots sandboxes that have survived without major s
Re: (Score:2)
Numbers, and damn good ones, or it didn't happen. If you want to argue that auto-installation is a good idea because Google is so good at catching and eliminating malicious software (and that includes software that does things like track my web browsing, location, whatever I might not want installed) then you'd better be able to show that they're essentially perfect at it. They're not.
Google isn't Microsoft? That's your argument? It's a poor one. Google is pulling a very Microsoft-in-the-90s move here.
Re: (Score:2)
That isn't what I argued at all, I said that their engineers might very well be good enough to construct a safe sandbox so that trust isn't needed. Javascript is already handled safely without trusting it by dozens or hundreds of browsers.
If it is installed or not shouldn't even matter, except to the user's logistics choices.
Re: (Score:2)
Yup. This sounds like an excellent reason not to use Chrome.
Crap (Score:4, Funny)
Want-O-Meter(tm) switched on? Check.
Batteries? Fully charged.
Sensitivity setting? Max!
Reading? Not the faintest fuck of a flicker.
i thought this is what you wanted? (Score:4, Insightful)
Put everything in the cloud! WebOS is the future! HTML5 apps should replace native apps!
Everyone who ever agreed with any of this crap has only themselves to blame. Also, no bitching when they change the layout/functionality/something else you can't control because IT'S NOT YOUR SYSTEM.
I called my brother on this multiple times and now he finally see the "cloud apps" for what they are, a farce!
Re: (Score:1)
You mean like gmail/webmail? Salesforce.com... Instapaper, Google Calendar, Hangouts, Drive/docs, RDIO, WordPress, Drupal, Tumblr, Pandora, Google Maps, Evernote, OWA...
Yeah... There is no future for web apps... The cloud is a lie. You seem to ignore the fact that apps can be abandoned and or updated that are installed locally as well. Oh the new update breaks legacy support? Web Apps at least can be OS agnostic, and not be beholden to the Whimsy of a closed ecosystem. (iOS and WP8 and Android.)
Re: (Score:2)
The important thing in many contexts is control of the data, portability of the data. If the data is portable, a commodity cloud owned by whoever might be just fine. Especially where you can just run your own private cloud if you have a use case that requires control.
Apps also are learning to use caches these days, so they still work fine offline.
Can't control malware (Score:1)
From TFA:
As for the launching ephemeral apps from hyperlinks, Google separated the two features into two separate flags to ensure that only links appearing on a Google search results page will launch the app. This should give the company more control over stopping malware from just launching:
Google has stated repeatedly that they lack the resources to reliably filter illegal MP3 download sites from their search results. How can they stop the much more sophisticated malware vendors?
Re: (Score:2)
They'd need access to the NSA's database to do that! How about having the NSA just flag all the packets that have malware, and then everybody can drop those at the routers.
FirefoxOS (Score:2)
The apps already run everywhere (well, Android, FirefoxOS, Firefox Desktop), already are one-click-to-use on FirefoxOS, and also they don't require you to be online to use them. And they're not pushing an agenda. Just sayin'.
Didn't we do this already? (Score:4, Insightful)
Windows allowed the running of applications from Internet Explorer, remember? You even get the option still of running an application or saving it to disk when you click on a link to an executable program. And we've spent what, the better part of 2 decades trying to figure out reliable ways of PREVENTING this! Because it's so commonly abused to get people to run malware and other undesirable software. And now we want to make another attempt at letting people run anything J. Random Blackhat throws their way? Thanks, but no thanks.
Appblocker required (Score:4, Insightful)
So, after the adblocker we now also need the appblocker when browsing.
Re: (Score:2)
Presumably the ad-blocker can just role that feature in. :)
Is this really that different? (Score:2)
For the average user that does not use noscript, this isn't a big difference. They're already essentially trusting every site they visit.
Active-X (Score:1)
Does nobody remember Active-X?
Don't download and run strange code. Ever.
--
There is nothing so useless as doing efficiently that which should not be done at all.
Re:Why is the serpent always portrayed incorrectly (Score:4, Funny)
Re: (Score:2)
A huge glaring error! They can fix it as soon as they stop depicting Jesus as a white dude.
Re: (Score:2)
It was a velociraptor, not a worm.
Re: (Score:2)
Re: (Score:2)
What's new or news here?
The implementation and distribution.