Web applications and diversity concerns
Benoit Chesneau
using javascript, html5 and css [1]. Links are handled in fragments
parts of uri and content is loaded via ajax or any other technologies to
make it easier like websockets [2], eventsource [3], comet [4], HTTP
streaming, long-polling ... Some CouchDB users are using a lot of these
technologies to build CouchApps [5] which are self hosted application on
top of Apache CouchDB that just require a "modern browser" and Apache
CouchDB (this statements isn't totally true as we will see later). In
the future databases like CouchDB may be embedded in browsers. You
already find sqlite in most of them. "WEB SQL Database" API [6] isn't
maintained any more, but webstorage [7] and IndexedDB [8] specifications
are still active.
These applications are supposed to solve known problems: portability
across platforms, no hardware dependencies (you just need a working
browser implementing specs), offline [9] usage (save the data in the db
embedded in your browser or offline DB like Apache CouchDB), etc... We
have also technologies that help to access to resources directly [10].
While there are many good reasons for such applications, I'm starting to
worry that we have lost some part of the promise.
A lot of these applications are often using a backend. They access them
via API and let the backends do the hard work. It can be done
asynchrounously etc. This trend arised recently in CouchDB where more
and more people are using external applications to do the hard work. For
example twebz [11] which use nodejs to fetch tweets, applications using
couchdb-lucene [12] or Couchdb River [13] to do full text indexing. Some
CouchApps are even using external platform [14]. There are also
facilities in couchdb allowing you to plug external scripts, making your
couchdb some kind of API point: external processes [15] or in 1.1x, http
externals [16]. This isn't only Apache CouchDB, the well known twitter
which new interface is a full HTML5 apps has based his service on
different backends behind one API [17].
In my mind, web applications were supposed to solve one problem we have
with the current web. At the beginning, we had static html pages, we
could just copy them on our hard disk and read the web. Then came the need of
dynamic websites. We started to add some logics in the web servers. With
the growth of Internet we started to be worried about the load on the
webservers and start to port some of its load to the clients, using flash
and more and more javascript. But with these possibilities we lost the
possibility to just copy a website on our disk and read it while we are
offline. Most of webapps require a backend, we can't use them
disconnected. Some mobile apps require installation of backends or
framework to access to the hardware [18]. You can't just click on a
button to take a photo in your smartphone and save it on the local disk.
These things are OK, but aren't anymore true decentralised or mobile
applications. It rely on one external service, I have to install
manually external scripts, ...
Back to the CouchApps for example. One awesome feature of CouchDB is the
replication. I can replicate data easily from one couch to another. Put
a couchdb on my laptop, working on data offline then sync when I come
online. And one promise of CouchApps was here, having applications in my
couch I can easily replicate etc. But if I have to install external
applications manually that's not true anymore. Some people in CouchDB
think that embedding something like node [19] or using an app engine
based for example on emonk [20] and load applications from documents
could be enough. That's work somehow, but it means that I have to
rewrite the world in javascript. And sorry, for javascript lovers, that
won't happen. We need diversity. Like we don't want chinese, english,
spanish, french,... as the only languages in the world, we sometimes
need to use different languages. Using different languages isn't good
only for technical reasons, but because like any languages they are
carring they own way to think an application or code. When you code in
Python you won't think your app the same, you think it in Erlang (or
you're wrong in that case). Also some complex applications are already
existing and rather than reinventing the wheel, it's often better to
reuse them. I'm speaking about CouchDB, because this is one good
implementation of what could be webapps, but this example can be applied
to pure HTML5 applications with offline handling [21]. You often rely on
external services to do the final work.
While using external services may be good sometimes, for example by
using cloud computing for intensive calcultation needs, or to store some
large datasets (though I hope that in the near future we will be abble
to have them on our machines) we need a better system to manage external
applications. We need a common standard to install plugings or external
programs from the web in any machine. There are of course some security
concerns. We need to sandbox any applications, stuff like it. I want to
install automatically from a remote source the geocouch plugin in my
couchdb. I need when I load an offline web application to be abble to
fetch automatically any external applications I need later to do all the
work. Related, I need a way to just share my web application with my
friends without any centralized service. I need to share this indexing
system with my data. And these systems should be multiplatform and
hardware independant.
Some implemetations are already existing. The android application
environment allows the use of any languages and the installation from
any part of the world. I just have to install an application. Maybe
chrome os will allows that. Maybe someday a linux system. I'm not aware
yet of any independant and free implementation (and no, installing apps
via deb packages doesn't solve that). CouchDB allows or could allow me to
replicate applications with my friends. Opera unite [22] is also another
good implementation of this concept, allowing installation of
applications managed via the browser. These applications allow you to
share your data with your friends, chat with them... Unfortunatly, these
applications can only be used via the opera domain name or by opera
users. A standard is missing.
We need to put back the diversity in the web. Maybe with the diversity,
originality will come back too.
[1] http://www.quirksmode.org/blog/archives/2010/03/html5_apps.html
[1] http://dev.w3.org/html5/websockets/
[3] http://dev.w3.org/html5/eventsource/
[4] http://en.wikipedia.org/wiki/Comet_(programming)
[4] http://couchdb.apache.org
[5] http://couchapp.org
[6] http://www.w3.org/TR/webdatabase/
[7] http://www.w3.org/TR/webstorage/
[8] http://www.w3.org/TR/IndexedDB/
[9] http://www.w3.org/TR/offline-webapps/
[10] http://code.google.com/web/ajaxcrawling/docs/getting-started.html
[11] https://github.com/jchris/twebz
[12] https://github.com/rnewson/couchdb-lucene
[13] http://www.elasticsearch.com/docs/elasticsearch/river/couchdb/
[14] http://blog.tropo.com/2010/12/25/unlocking-government-data-with-tropo-and-open-source-software/
[15] http://wiki.apache.org/couchdb/ExternalProcesses
[16] http://www.davispj.com/2010/09/26/new-couchdb-externals-api.html
[17] http://engineering.twitter.com/2010/09/tech-behind-new-twittercom.html
[18] http://www.phonegap.com/
[19] http://nodejs.org/
[20] https://github.com/davisp/emonk
[21] http://www.w3.org/TR/html5/offline.html
[22] http://unite.opera.com/overview/
rodahum
anyway, you can't expect browsers to let you run anything you want on
client machines.
Even if the code is sandboxed, you have to think of security
implications of what your code is allowed to do (for example, you
can't let any webpage to take control of the webcam, at least without
user permissions[1]).
Browsers have to put artificial limits on capabilities of web pages,
like a max number of worker threads by page, or the machine will be
vulnerable to websites that trashes the machine with fork bombs (the
least damage is a drained battery).
Offline capabilities are nice but they have to be limited too or
website will start to full the disk of the clients faster [2].
rhight now, web development is pretty constrained on client side,
because that machine is not yours. Server side, you can run whatever
you like.
excuse my english
[1] even with asking user for permission, you have to take in account
that many user simply aren't in position to judge if some random
website has the right to use a capability.
[2] many of the value of web applications is that they can be 'new'
every times they are run, and i don't know another way to do that
without a connection. Right now with my desktop computer, i just can't
go for many hours without network before start feeling 'cold turkey'
and start calling my ISP.
benoitc
On Thursday, December 30, 2010 4:21:05 PM UTC+1, rodahum wrote:
it sounds like you are describing something like chrome native client
anyway, you can't expect browsers to let you run anything you want on
client machines.
Even if the code is sandboxed, you have to think of security
implications of what your code is allowed to do (for example, you
can't let any webpage to take control of the webcam, at least without
user permissions[1]).
Browsers have to put artificial limits on capabilities of web pages,
like a max number of worker threads by page, or the machine will be
vulnerable to websites that trashes the machine with fork bombs (the
least damage is a drained battery).
Offline capabilities are nice but they have to be limited too or
website will start to full the disk of the clients faster [2].
rhight now, web development is pretty constrained on client side,
because that machine is not yours. Server side, you can run whatever
you like.
excuse my english
[1] even with asking user for permission, you have to take in account
that many user simply aren't in position to judge if some random
website has the right to use a capability.
[2] many of the value of web applications is that they can be 'new'
every times they are run, and i don't know another way to do that
without a connection. Right now with my desktop computer, i just can't
go for many hours without network before start feeling 'cold turkey'
and start calling my ISP.