Google Wants Chrome To Offer Instantaneous and Native App-Like Experiences (venturebeat.com) 45
An anonymous reader writes: At Chrome Dev Summit in San Francisco today, Google shared its latest vision for the web. First, the company is trying to make loading disappear via instantaneous experiences. The company demoed Web Bundles, a new platform primitive that lets developers distribute their content across any format without a constant connection, and Portals, an experimental API that lets developers instantly give users access to their web experiences. Secondly, Google wants to have Chrome offer native app-like experiences. The Background Sync API will proactively cache web content and SMS Retriever adds two factor SMS functionality to web apps.
SMS authentication? (Score:3, Insightful)
These days, SMS authentication is the least secure part of any security setup because of the phishing happening via the tech support of the phone carriers. SMS is dead, get over it.
Re: (Score:3)
Hyperbolic much? SMS auth is very effective, period. The fact that it has flaws that with some luck and effort can be exploited doesn't make it dead.
If you're a high value target then sure, you will need to take additional precautions but for the other 99.5% of us it's great.
Incoming texts cost money in USA (Score:2)
Even in fourth quarter 2019, entry-level cell phone plans in the United States are still charging the subscriber for incoming text messages. For example, the $3 per month plan from Ultra Mobile [ultramobile.com] includes only 30 outgoing or incoming minutes or outgoing or incoming text messages per month, with overages billed at 10 cents per minute or message. Having to complete SMS-based two-factor authentication daily on multiple websites can add up quickly. Plans with unlimited text messages exist, but they cost tens of d
Re: (Score:2)
Re: (Score:2)
Generally speaking, anyone who has the kind of job that requires regular use of SMS for 2FA generally has a salary that means they can afford a phone or they can get their employer to provide them with one.
Unless they're between jobs (like myself at the moment) and need to regularly use SMS for 2FA to access websites through which to find a new job.
Additionally options like Google Voice exist
In my experience, SMS 2FA providers explicitly block numbers serviced by Google Voice or similar services.
Re: (Score:2)
Hyperbolic much? SMS auth is very effective, period. The fact that it has flaws that with some luck and effort can be exploited doesn't make it dead.
If you're a high value target then sure, you will need to take additional precautions but for the other 99.5% of us it's great.
Your reassurance is hollow when I am part of your 99.5% and have lost my Ebay, Paypal, and several Google accounts to phone fraud. Phone fraud is now routine, increasing, and abetted by the phone companies.
What could possibly go wrong (Score:1)
This better be at least as secure as what we have today or it will blow up in Google's face.
Re: (Score:3)
In other news: Google wants us to do all our computing via "Chrome" so it can get access to all the data that's currently hidden from them (in other apps).
Re: (Score:2)
I'm wondering why the anti-Systemd crowd is not making the same arguments about Google Chrome. Chrome certainly is trying to be the browser that ate the operating system, the world, and everything.
Remember that Firefox had XUL (Score:2)
Firefox will also get background sync (Score:2)
I don't understand how Chrome's implementation of the background sync API would increase Google's monopoly, seeing as Firefox lists the background sync API as in development [mozilla.org].
Re:Remember that Firefox had XUL (Score:4, Informative)
And XUL allowed powerful applications that offered app like experiences back in 2004
XUL is a UI markup language. It doesn't specify the interactions. The scripts inside a XUL file have to be passed to a JS engine to process. Additionally, a XUL file can specify XBL to change how UI elements bind to the underlying engine. Those applications are only as good as the backing engine that powers it. Which that backing engine that backed XUL standalone desktop applications....
Now Mozilla killed it
...was a dumb bloated framework that was invented by Netscape back in the 1990s when some engineers got way too drunk on the KoolAid at the time of Object Orientated Everything. It was literally everything wrong with OOP turned up to 11. Netscape thought it would be cool to invent something to compete with Microsoft DCOM and build a web browser on top of it, and that's how we got XPCOM. Eventually everyone figured out how bad an idea that was and we all moved on. I'm going to go into a discussion of pros and cons of going overboard on OOP design, but you needn't go very far on Slashdot to find someone who has already gone on at length about why it's a bad idea.
It's not too late, XUL lives in Waterfox, Pale Moon and Basilisk, keep extension diversity alive
And more power to them. However, that's not XULRunner. Nobody is supporting XULRunner which is the thing that supports your own stand-alone applications. Waterfox, Pale Moon, and so on do support the old XUL extensions, but that's not XULRunner. There's a vast difference between what's needed to get a XUL extension running and what's needed to get a XUL application running. You can go grab an archived copy of XULRunner, but no one is working on it and it very likely has a lot of unpatched security holes by now.
Google is offering a replacement that will increase their monopoly and allow them to put ad viewing enforcement in chrome due to the new extension manifest
You're confusing two different things. Standalone applications and extensions are two different things. This whole thing that's being talked about here has nothing to do with the whole manifest snafu. The majority of your argument is correct, but your argument is for a completely different topic than the one being discussed here. Just because Mozilla used XUL to do extensions AND standalone applications, doesn't mean everyone does it that way. I can see where you can get confused if you felt that everyone reused the same technology for both kinds of applications. Chrome and new FireFox add-ons use WebExtensions which is an API that deals with extending a web browser, which is a specific type of application. The part of this that's talking about desktop applications is talking about Web Bundles which is a method for packaging an HTML 5 application for specific offline use.
Oh boy (Score:3)
"Secondly, Google wants to have Chrome offer native app-like experiences."
Come into my parlor, said the spider to the fly.
How else to make multi-platform apps? (Score:3)
Come into my parlor, said the spider to the fly.
This sounds like the "web applications are so dangerous that they should never have existed in the first place" fringe that inhabit parts of this site and SoylentNews.
But say you want to make a graphical application available to users of more than one operating system and make it resistant to content-based censorship by the curator of each platform's primary app store, particularly Apple. Is there a more efficient way of doing this than building the application as a Progressive Web Application?
Re: (Score:2)
Yes build it as an APPLICATION.
In what executable format is "an APPLICATION" delivered? Or instead, would one need to build five different APPLICATIONS, one for Windows, one for macOS, one for X11/Linux, one for iOS, and one for Android, and then pray that Apple's App Review doesn't reject the iOS version for content reasons?
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Come into my parlor, said the spider to the fly.
This sounds like the "web applications are so dangerous that they should never have existed in the first place" fringe that inhabit parts of this site and SoylentNews.
Nope, you got me all wrong. I prefer a web site to any downloadable app with the same functionality. I'm actually all for using JS and whatnot to provide a rich, full-featured interface and experience. There, I said it- I like what judicious use of javascript can do for a site.
What I cast a wary eye at is Google deciding they're going to do something so sweeping, and I wonder if it'll be freely accessible to all or will it have some proprietary hooks or terms.
Re: (Score:2)
Thank you for clarifying. Now that we're on the same page:
What I cast a wary eye at is Google deciding they're going to do something so sweeping, and I wonder if it'll be freely accessible to all or will it have some proprietary hooks or terms.
For the first few months, while a new web platform feature is in development in Chromium, the new feature is gated behind an "Origin Trial". This means the feature will work only if served over HTTPS from a hostname whose webmaster has opted into the feature through a form on Chrome's website. In addition, an Origin Trial is time-limited to a few months and frequency-limited to a fraction of a percent of total Chromium page loads. During this trial,
Gonna be like Youtube (Score:1)
Yay! (Score:3)
Re: (Score:2)
Google is going to finally invent "installing things" ... (sigh)
Essentially what I came to say.
So, instead of wasting your bandwidth and time to install something once, you get to "install" pieces-parts of it again and again on a daily basis.
Wotta deal! Where do I sign?
Re: (Score:2)
you get to "install" pieces-parts of it again and again on a daily basis.
I fail to see how that differs from the automatic update practice of any network-connected native application, with regular "Update this app to continue using it" notices if you disable automatic updates, such as the Dropbox client.
Real network GUI standard sorely needed (Score:3)
I'm not sure if it solves the entire "instantaneous" criteria, but there is a big need for a statefull GUI-over-HTTP standard for desktop and CRUD "cubicle productivity" applications.
Perhaps it can be based off the Qt or Tk GUI branches* to make a XAML- or XUL-like GUI markup language standard and reference implementations. Getting HTML/CSS/JS to emulate a real desktop reliably has proven a bear at many shops.
I realize the "in thing" is to focus on mobile and "finger" devices, but desktops and mice are what most businesses use and need and there's still a standards gap there.
* There's a constant battle over which desktop conventions to support: Windows, Mac, or Linux. Since the work-world uses mostly Windows, I suggest sticking with Windows conventions to reduce learning curves. I'm just the messenger.
Re: (Score:2)
Re: (Score:1)
Do you mean "nice" aesthetically, or functionally? JavaScript components seem to "rot" over time and have more bugs unless you are always upgrading and re-testing against newer browser versions. What's a good data-centric front-end framework in your opinion? I'd like to see something that can make mock applications without a server, in part to kick the tires.
Re: (Score:2)
I spoke to the NeXTStep team at WWDC '98 about targeting XUL from IB/WebObjects but while they agreed it was technically straightforward they didn't see a viable market.
Ultimately WO was killed to sell more Macs so it wouldn't have lasted anyway.
Re: (Score:2)
I would think all the major vendors except Microsoft would help out with such a standard, for it would help them compete with Microsoft in the business app and desktop market.
90s calling, want our horrible ideas back (Score:5, Interesting)
Re:90s calling, want our horrible ideas back (Score:4, Interesting)
When I first heard about Active X to compete against Java Applets I was in general appalled. While at the time I was a zealot against everything Microsoft. It was still a really bad idea, especially as it supported File access in its design. Allowing for programs to have full access to your computer that was just a click away on the web. Being at the time Most people needed to login to Windows 9x system with Admin access for most applications to run, and the fact that most people had such a hard time using computers, if it asked them to approve or reject something they will approve it.
Now this doesn't seem as bad. But having stuff sitting on your PC to save on wait time, mostly because the Web Developer sucks at their job/the management wouldn't give them enough time to get it done right. Is opening the door for future problems.
Re: (Score:2)
having stuff sitting on your PC to save on wait time, mostly because the Web Developer sucks at their job/the management wouldn't give them enough time to get it done right
What would you consider "right", particularly for devices that run a minority operating system and/or whose connection to the Internet is intermittent?
Re: (Score:2)
For the most part if you are running a Minority OS that doesn't support an HTML5 complaint browser like Chrome, Firefox or Edge then chances are it is really a far out there OS and the End User of the way off OS is probably knowledgeable enough to know if it can't run a major browser, then it won't be able to access a modern website.
For places with poor connections, HTML5 offers local storage (not full access to the file syst
Re: (Score:2)
For the most part if you are running a Minority OS that doesn't support an HTML5 complaint browser like Chrome, Firefox or Edge then chances are it is really a far out there OS
Agreed. I had in mind a more "mainstream" niche OS, such as macOS or X11/Linux, both of which can run Firefox and Google Chrome. The preference by some for native applications over web applications encourages developers to ship something that's Windows-only, Android-only, or iOS-only.
For places with poor connections, HTML5 offers local storage (not full access to the file system) in which JS can be coded to read from it
How would the user get files and folders in the file system into local storage, and changes made back out into the file system, without APIs to read and write user-chosen files?
Re: (Score:3)
What exactly did you mean by drawing the analogy to ActiveX? It isn't a perfect analogy for two reasons that I consider important:
Re: (Score:2)
Other ways? How about tracking and privacy? If websites can do drive-by installation of persistent code, it is all but certain to be a good way to track individual users.
Yes, because sandbox escape exploits have never happened in the past.
Re: (Score:2)
Re:90s calling, want our horrible ideas back (Score:4, Interesting)
these web platform technologies run in a sandbox, with the same same-origin or same-registrable-domain policies as the rest of the rest of the web
How about tracking and privacy? If websites can do drive-by installation of persistent code, it is all but certain to be a good way to track individual users.
A website can track individual users by requiring them to log in before using it. So can a networked native desktop application, such as the Dropbox or iTunes Store client or any Adobe Creative Cloud application.
A website can report all usage of an application to a third party and rely on that third party's confirmations to continue working. So can a networked native desktop application, and a native application isn't even limited by a same-origin policy.
So what "tracking and privacy" benefit does a networked native desktop application necessarily offer over a Progressive Web Application?
Yes, because sandbox escape exploits have never happened in the past.
A native desktop application doesn't need to escape because it typically isn't sandboxed at all in the first place. Yet the fringe find this superior to a sandbox that the browser publisher can quickly patch once discovered.
The Cycle Continues. (Score:2)
We then moved to mainframes with Multi-tasking that allowed many people via terminals to run their stuff.
We then moved to the Desktop PC, where software was installed on the PC and ran.
We are now where most applications are really web based, over the internet.
Then we are moving back to Applications installed on the system again.
Now this isn't a perfect cycle.
Dumb Terminals in the mainframe era could only connect to one mainframe.
PC had the
The best way of making 'loading instantaneous' (Score:2)
is to remove the huge amount of crud that comes with web pages these days. HTML, a few small images + CSS and web pages appear really quickly. This is all slowed down by needless amounts of Javascript most of which serve little purpose for the end user. I would suggest that we start by removing: google analytics, then stuff from facebook, twitter, ...
If they really must have this gunge then move it from the HEAD to the bottom of the BODY - where it usually works just as well - but the user can see the web p
Re: (Score:2)
Google wants? (Score:3)
Re: (Score:2)