Google Is Building a Way To Launch Chrome Apps Without Installation

An anonymous reader writes "Google really wants Chrome apps to take off. Not only has the company added rich notifications, in-app payments, and an app launcher into its browser, but now it's developing ephemeral apps that launch by just clicking a link. There are two separate components here. Ephemeral apps (you can enable this under the chrome://flags/#enable-ephemeral-apps flag) let you try a Chrome app before installing it. Linkable ephemeral apps (under the chrome://flags/#enable-linkable-ephemeral-apps flag) meanwhile allow you to launch said apps from hyperlinks."

Still becomes a brick.

[SimonTheSoundMan]

It still becomes a brick when you have no wi-fi or you don't have an over-priced GSM subscription.

Re:Still becomes a brick.

It shouldn't be much of an issue. We are western aristocratic people who have fast Internet connections at their fingertips all times.

Re:Still becomes a brick.

[Splab]

Yeah, my 4G subscription is $40 a month, includes 10GB of data, unlimited voice, SMS and MMS and two sim cards (one for the phone, one for the laptop).

(Disclaimer, I live in socialist Denmark)

Re:Still becomes a brick.

[swillden]

It still becomes a brick when you have no wi-fi or you don't have an over-priced GSM subscription.

Actually, that's a difference between Chrome Apps and web pages... it's up to the App developer to code for it, but if they do the work Apps can work just fine offline, and the data model[*] is such that changes made offline can almost always be merged seamlessly to the online copy when a data connection becomes available, even if someone else has modified the online copy in the meantime.

[*] I haven't looked at it in detail, but I attended a talk about App development a couple of years ago, in which the presenter explained that all documents are managed as a sequence of changes and that the current version is always constructed by applying the change history. I believe there's also infrastructure for caching snapshots at points in time, so the current version can be constructed from the latest snapshot plus subsequent changes, but the snapshots are only considered caches. This makes for a little more complex development model, but it's gives you arbitrary undo, full document history and is necessary for real-time collaboration.

Re:Still becomes a brick.

[SunTzuWarmaster]

This isn't true at all... I made a "Mirror" app yesterday (https://chrome.google.com/webstore/detail/mirror-tds/fapfdhoailemkonegpjdhngmjfpmdjdj) on my Chromebook which works just as well as a "flipped webcam image" offline as it does online.

My other app to graph relationships between objects (https://chrome.google.com/webstore/detail/tensity-grapher/keomiemppflejbjkafeaepbdhigggifd) also works offline.

As does Google Docs (Offline), as the calculator, as does a timer, and my calendar, and many of the apps I have installed (I'm frequently offline).

I don't have a GSM subscription (I use wifi), Google Chrome doesn't sell such a subscription (try it with your own laptop, with whatever wifi/service you have), and many apps work without internet connection.

Re:Still becomes a brick.

[SunTzuWarmaster]

I am a Chrome app developer (a bad one, but whatever), and all of the apps I've made work offline.

Re:Still becomes a brick.

Unless you flash it with a build of coreboot that contains SeaBIOS. In which case you can load and happy days!

See http://johnlewis.ie/pre-built-coreboot-firmware-for-chromebooks/ for more info.

Re:Still becomes a brick.

Meant to say *load a distro*

Re:Still becomes a brick.

[swillden]

I am a Chrome app developer (a bad one, but whatever), and all of the apps I've made work offline.

Cool. Please feel free to correct anything I misrepresented. Like I said, I'm speaking from a two year-old memory of a one-hour talk, not any kind of actual knowledge.

Re:Still becomes a brick.

Mid life computer crisis: Wow, computing has really gone to shit.
Someone say cloud or cyber, go ahead, I'll punch you right in the neck.

Re:Still becomes a brick.

[SunTzuWarmaster]

It mostly works the way that you have represented. The majority of your post in on the back-end propagation of updates, which works well, and obviously doesn't work when offline. Generally apps work offline by default (like a saved webpage), unless your app needs to reach to an online site.

Re:Still becomes a brick.

Good, but can you develop to standards, not for one single browser.

Re:Still becomes a brick.

[Sardaukar86]

While niggers in their native setting are still chucking spears at each other and niggers taken out of their native setting are chucking bullets and gang signs at each other. But you're not supposed to notice. That would make you a bad terrible person and we will brand you "racist" to make you a modern heretic

I'm gonna go with another theory: repeatedly using 'nigger' in a sentence to describe dark-skinned people is the likely cause of you being branded a 'racist'.

Re:Still becomes a brick.

Why the hell is this conversation even modded up??

Re:Still becomes a brick.

I'm gonna go with another theory: repeatedly using 'nigger' in a sentence to describe dark-skinned people is the likely cause of you being branded a 'racist'.

So ... which majority-black inner-city area do you plan to relocate to? Detroit? How about Harlem? Maybe Chicago? Try practicing what you preach. Think they're just fine, then go be with them but I'm telling you, it's a bad idea. Oh. What's that? You don't want to live with them after all?

Re:Still becomes a brick.

[Sardaukar86]

Straw man. Show me where I was preaching, please.

I provided a simple logical statement that you cannot refute. BTW, I'm not in the US.

Re:Still becomes a brick.

[lsatenstein]

While niggers in their native setting are still chucking spears at each other and niggers taken out of their native setting are chucking bullets and gang signs at each other. But you're not supposed to notice. That would make you a bad terrible person and we will brand you "racist" to make you a modern heretic

I'm gonna go with another theory: repeatedly using 'nigger' in a sentence to describe dark-skinned people is the likely cause of you being branded a 'racist'.

That demeaning word comes from the Spanish Négro, (for black skinned person). It was the British and Americans who made its use despicable .

C:\$App

[mbstone]

The truest words ever spoken on the subject were penned by Nicholas Petreley, the IT industry columnist, who opined that:

1) There should not be a "registry" or an :"install" program.

2) Everything needed to run $App should reside in C:\$App.

This of course would enable $App to be copied freely from machine to machine, which is probably why there is a Windows Registry.

Re:C:\$App

[drinkypoo]

Some programs work fine without their registry entries. Some don't. The ones that do probably assume defaults, or load defaults into the registry on firstrun. I haven't done a survey. Either way, dependence on install-time registry values isn't a necessity for Windows programs.

Re:C:\$App

[nashv]

All programs can be written to work without using the concept of a registry.

Re:C:\$App

[occasional_dabbler]

Sometimes using the registry is just easier. For example if I need a high port I let the OS grab a randon free one and store the number in a user hive registry entry - saves having to worry about the different user directory configs you can get on the different versions or on networked corporate setups.

Re:C:\$App

[drinkypoo]

All programs can be written to work without using the concept of a registry.

If you take the time to read and understand my comment, when I say "without their registry entries" I'm clearly implying those which actually have registry entries. I didn't feel a need to make that statement, because it is already obvious to anyone with an interest.

Re:C:\$App

They can; although, the registory was added to solve various race conditions involving INI files when Windows made the transition to multitasking. It was not added for the heck of it.

Having to deal with annoying lock files in the bowels of the system isn't much better then the mess the registory introduces for the average user.

Re:C:\$App

If you want to save some settings without linking to a 3rd party xml library (this might have happened 20 years ago!), there are these easy window api functions to do that. They are transparent to the application, those values could go to a file next to the exe (they went to win.ini long time ago, and can still), to make it easier to copy with the application. Using regedit, instead of file explorer is not much harder either, both have a tree view on the left side...

Re:C:\$App

[mcgrew]

1. Agreed, the Windows way is stupid.
2. Disagreed, Windows is the only OS with C:\$App. All the others have user/$file. The Windows way is stupid. And copying the subdirectory to another machine won't install $App because the execute bit is reset on copy. To enable the app you have to flip the execute bit, adding a bit of safety to it.

One of the reasons Windows has been historically insecure is that they have no execute bit, but treat data as code if it has a certain extension.

Re:C:\$App

2) Everything needed to run $App should reside in C:\$App.

This of course would enable $App to be copied freely from machine to machine, which is probably why there is a Windows Registry.

Isn't that how most OS X applications run? I think Android & iOS do that as well (though they have some DRM shenanigans injected into the apps to tie them to a specific device).

captcha: walled (thanks Apple!)

Re:C:\$App

The main reason why this couldn't work that way was because of shared libraries. Those libraries were a neat concept so you don't use too much RAM on frequently used stuff. The install program was important because of multi-disk installations. Of course, there are a lot of things you can consider legacy, but in my opinion, from all the stuff I have used, OS X is the closest thing to the holy grail in this regard even with its flaws.

Re:C:\$App

Nicholas Petreley should have his C:\ d..DOSssed by 512 M$ $App$ like in the legends of the old.

Re:C:\$App

[ceoyoyo]

He was looking in the wrong place. They're in /Applications/$App.app.

Re: C:\$App

and /etc

Google Chrome virtual machine?

[jez9999]

Am I the only one thinking that Google are basically making Chrome into another VM? Its "apps" are programs that the Chrome VM can run, JavaScript is the main language you use to code stuff for it, but that can even be compiled into obscured JS which is about as readable as bytecode (or less), the DOM is the mechanism you use to create the UI, etc. Apart from being arguably faster, what are the fundamental differences between what Google wants Chrome to be, and Java?

Re:Google Chrome virtual machine?

[cmdr_tofu]

Indeed it seems like Java was the holy grail and Chrome is trying to reinvent Java applets (on a different VM). At least for this feature, it seems like addressing issues with Java applet security might be more productive.

I have a Chromebook with Ubuntu chroot, and I do find I spend a lot of time in ChromeOS-mode.

Re:Google Chrome virtual machine?

That it will be in native web code as opposed to a plugin.
Ideally, these apps would be easily translated to any other browser too, you'd only need to write one and run anywhere, just like Java.

It sounds like a good idea, but there are various problems with it and web dev in general that will likely hinder it.
That is mainly to do with various sections of JavaScript that simply do not agree with each other across browsers and require library-heavy code to deal with it, which steals precious cycles and battery life if portable.
Then there is CSS which is just awful. No, it is awful, accept it and move on. Ease doesn't = good, it is still awful.
CSS has been around for years and up until just a couple years ago there was no concrete simple way to make columns, or menus (STILL ISN'T), or other interface things we take for granted in native app development.
And even then, flex boxes are still horrific creations that should be launched in to Mt Doom.
How fucking hard can it be to just emulate horizontal placement VERTICALLY?! God damn it get your shit together people!
You couldn't even center things vertically for crying out loud. You'd expect those geniuses would have let you do margin-top:auto and margin-bottom:auto, NOPE, NOPENOPENOPE, TOO SIMPLE, GOTTA MAKE IT COMPLEX.

HTML is the only concrete thing. It Just Works. The HTML5 extensions and improvements more so.
Sandboxed iframes and seamless iframes will equally improve that even more, the thing that would have happened years ago if it wasn't for those hacky-as-shit XMLHTTPRequests that took over instead.
And the new templating engine, wonderful, just wonderful.
So glad XHTML is DEAD. What a worthless waste of effort that was. XML is AWFUL. HTML will NEVER be XML, DEAL WITH IT W3C!
WHATWG is the best thing to have happened to the evolution of web tech. It truly is.
Sure, there is fear over Googlers trying to turn the web in to GoogleWeb, but it is still better than the shit we had.

Re:Google Chrome virtual machine?

That it will be in native web code as opposed to a plugin.

The main difference seems to be that Google has built the "plugin" to run these apps directly into Chrome.

Re:Google Chrome virtual machine?

[Keyboard+Rage]

Considering Google's track record with the amount of malware for Android, perhaps they are now trying to get Chrome into the #1 spot for "most unsafe browser out there" in spite of Internet Explorer?

Poor Steve Balmer. He left Microsoft too early to witness this event, and will now have to cool his anger on some chairs...oh wait.

Re:Google Chrome virtual machine?

[ArtFart]

For those of us who've grown weary of badmouthing Java, .NET and Flash, Google and Facebook are now determined to turn Javascript into the scourge of humanity.

Re:Google Chrome virtual machine?

what are the fundamental differences between what Google wants Chrome to be, and Java?

Java sucks balls, and google sucks balls, so no fundamental difference.

Re:Google Chrome virtual machine?

[daveime]

This. Did we learn nothing from IE6 and the ActiveX legacy?

At a time when developers should be writing stuff that works across any browser (HTML5, CSS, JS), Chrome is trying to divide the web again with things that "only work" in their browser.

Re:Google Chrome virtual machine?

[Daniel+Hoffmann]

I wish it was a virtual machine, it would mean I could write my applications in any language that can be compiled into it. Plus if you ever done any DOM programming at all you would beg for a proper user interface API.

Re:Google Chrome virtual machine?

[BitZtream]

This. Did we learn nothing from IE6 and the ActiveX legacy?

Apparently you did not. You still seem to think ActiveX is magically evil when you couldn't be any further from the truth. ActiveX is nothing more than a plugin system. A plugin system that has provisions built in from the start to prevent all the security issues that came with IE ... but between stupid developers who marked any ActiveX they made as 'safe for remove scripting', which then created all sorts of exploits. Had they simply left the flag unset, most of IEs issues wouldn't have existed.

But the real flaw in the system was IE, which was initially configured to install ActiveX components from anyone without prompting.

ActiveX is the exact same thing as Mozilla/Firefox extensions made with DLLs, you know, the good ones ... They work EXACTLY THE SAME as ActiveX ... they just use a different name for the same tech, CORBA instead of DCOM. Functionally, they are identical.

Re:Google Chrome virtual machine?

The main difference (aside from the improved security) between Native Client and Active X here is that Native Client is on a BSD license and anyone who makes a browser can implement it if they care to. It's hardly Google's fault that no one has chosen to do so. So no, Chrome isn't an attempt to divide the web into things that only work in their browser.

Re:Google Chrome virtual machine?

Chrome (PNaCl) is not comparable to ActiveX, no matter how many times people regurgitate this.

Re:Google Chrome virtual machine?

[ceoyoyo]

Well, there are several translators for javascript from other languages. So it's sort of like a virtual machine. It just uses a really crappy machine language.

Re:Google Chrome virtual machine?

[TangoMargarine]

Because stupid developers are limited to IE?

Re:Google Chrome virtual machine?

[excelsior_gr]

Not quite the same thing. Internet Explorer was almost a monopoly back then, which ended by Mozilla. Today there are options, IE does not suck that much and people are known to have all three major browsers installed. So, whatever. Let them try and segregate the web if they think they can. It's not that Chrome will have *the* killer feature that will make us stop using anything else. Or that will prevent the community from creating similar plugins for Firefox.

Re:Google Chrome virtual machine?

[Aighearach]

A modern formalized distribution mechanism and a modern interpretation of security boundaries.

Re:Google Chrome virtual machine?

[Aighearach]

This. Did we learn nothing from IE6 and the ActiveX legacy?

At a time when developers should be writing stuff that works across any browser (HTML5, CSS, JS), Chrome is trying to divide the web again with things that "only work" in their browser.

We learned it is hard to get right, and it takes a whole bunch of tries to get good client side execution without requiring traditional installation.

It remains to be seen if this will end up being a portable standard or not. It is too early to accuse chrome of trying to divide the web. I agree we should think about it and keep an eye out.

Re:Google Chrome virtual machine?

[Aighearach]

I thought JS was the scourge before .NET was written, and later we found out JS was good it just had a community of harmful practices built around it.

Chrome Apps

Alternatively, "chrapps" for short.

Re:Chrome Apps

just "craps" please

Re:Chrome Apps

Or good old fellow "Chapps"

I Wuv Wuv Wuv Gwugul

Becwuz Gwugul is my seekwet wuver!

Microsoft did this years ago, although....

[rvw]

If I remember correctly, Microsoft did this years ago, although.... It was the exact opposite: apps would install without launching them.

Re:Microsoft did this years ago, although....

Microsoft has done this several times. ActiveX was a disaster. Microsoft seemed to learn from that, and they went on to create OneClick, which is a lot like Java Web Start (except without the added layer of suck). It also seems to be the same wheel Google is reinventing now.

Good job, Google. 10 years late to the party that even Microsoft was stylishly late to (OneClick was a big whoop-de-do with the "Whidbey" release of .Net 2.0 in 2005). They should go back to not poorly rehashing everyone else's stuff ...But With Ads(tm). Automated search was amazing. Now do something similarly awesome and stop wasting time/money on making the same damned dumb mistakes everyone else made last decade.

Missing Tag..

..whatcouldpossiblygowrong

Re:Why is the serpent always portrayed incorrectly

From which version is this? TV movie? Amazon fiction? But since you asked (and I know the answer) the snake was but a worm in an apple so you see there was not much to change. Action/Cut/Print.

Your Lord
God
(Bow down to me - you are Garbage)

Google Can't Be Trusted

Why would I want to make myself more dependent on a collaborator's infrastructure? I don't want to add dependency on Chrome "apps".
Anybody with a brain is running away from Google as fast as they can.

Re: Google Can't Be Trusted

Anyone with a brain already did that years ago.

kill old browsers

that would be awesome. i built a html5 web app recently and specifically put in contract shit browser compatibility (IE8-) will be provided by giving them portable chrome install which will launch the app. it was still a major pain to set up in an user convenient way. ended up wrapping it in node-webkit.

Re:Why is the serpent always portrayed incorrectly

[Gavagai80]

Since it's Genesis 3:14, representing pi, we can gather that the serpent's original shape was circular. What comes to mind when you think circular? The google chrome logo of course! The fall of humanity was caused by Adam being tempted by chrome to click the devil's ephemeral app link on his apple macbook. The proof is all there.

We all slated Windows for doing this

I'm as guilty as anyone else, but when MS windows did this it was a major security problem, is this really any different?
Launch a program by clicking a link? Did we not call people retards every time they did this?

It seems like every new platform just repeats the same crap from every previous platform. Vendor bloatware should have been the blatant warning sign.

Re:We all slated Windows for doing this

I agree: "What could possibly go wrong?" --and this sounds like ActiveX stuff all over again. When the browser is supposed to let you interact with the Internet without the Internet messing up your computer, and a browser developer deliberately pokes holes in the browser to bypass its protections for admittedly-useful things, the result is that the bypassings will get mis-used, too.

Re:We all slated Windows for doing this

[SunTzuWarmaster]

Chrome apps are submitted in a manifest along with all of their files to Google, which charges a fee to be a developer ($5), establishes a limit on the number of apps, and has automated checks to make sure that security precautions are applied.

Re:We all slated Windows for doing this

[pitchpipe]

Chrome apps are submitted in a manifest along with all of their files to Google, which charges a fee to be a developer ($5), establishes a limit on the number of apps, and has automated checks to make sure that security precautions are applied.

Translation: With Google apps U can feel real good about ur security. We check it with Norton ANTI-virus and then run it in a VIRTUAL machine for extra protection. We care about U.

Re:We all slated Windows for doing this

[ceoyoyo]

Yup. This sounds like an excellent reason not to use Chrome.

Re:We all slated Windows for doing this

[ceoyoyo]

Sure, because Google has demonstrated they do an excellent job of curating with the Play store.

Re:We all slated Windows for doing this

Isn't ChromeOS designed to be unbreakable? It might not quite achieve that, but does much better on that front than Windows. I think the main purpose of these Chrome apps is to make ChromeOS more viable. And unlike Microsoft, Google might actually make this work securely.

Re:We all slated Windows for doing this

[Your.Master]

Do we have any evidence that ChromeOS is any better on this front?

And unlike Microsoft, Google might actually make this work securely.

That's a bizarre assumption. The proper assumption is that nobody can make this work securely (regardless of the company, closed/open source policy, etc.), and it's on them to prove you wrong 99% of the time (knowing that there *will* be cracks in any nontrivial system).

Now, on the flip side -- HTML & javascript applications are essentially ephemeral apps, and that's literally what browsers are designed to run. So are Flash apps, essentially, especially since Chrome and IE (the two dominant desktop web browsers) have Flash bundled right into the browser install, essentially making it a part of the browser. And we get along with that right now.

Of course, some slashdotters go hardcore with noscript and flashblock etc., but most people don't (I'd venture that even most slashdotters don't, it's just that slashdotters *consciously* don't). Then there's the fact that Flash is infamous for its vulnerabilities...

Re:We all slated Windows for doing this

[Aighearach]

Yep. Play Store has f-droid, and I can get OSS-only apps from there. Google gives me everything I need to get my device set up the way I want.

Other than ad blocking, that is. But that isn't a play store issue.

Re:We all slated Windows for doing this

[ceoyoyo]

I think you missed the point. The Play store has lots of malware on it. Google is not good at making sure their software stores are spotless. If they can't do it for Android, why would they be able to do it for Chrome?

Re:We all slated Windows for doing this

[Aighearach]

There isn't actually lots of malware at all. That is just FUD. The vast majority of what is in the google play store is not malware.

Except in the sense that most of it sucks.

The whole point of what google is doing with chrome is packaging up a set of capabilities that can do something useful without being dangerous. Being dangerous is based on having trust, which is misplaced. Instead of asking for trust, apps will simply be run in a safe container.

There are lots sandboxes that have survived without major security holes, especially ones with an arbitrarily small set of capabilities. Google isn't Microsoft. I'm more worried about, why do I want this? What is the use case that isn't already served in an open way? Is this really a browser war, or a phone war?

Re:We all slated Windows for doing this

[ceoyoyo]

Numbers, and damn good ones, or it didn't happen. If you want to argue that auto-installation is a good idea because Google is so good at catching and eliminating malicious software (and that includes software that does things like track my web browsing, location, whatever I might not want installed) then you'd better be able to show that they're essentially perfect at it. They're not.

Google isn't Microsoft? That's your argument? It's a poor one. Google is pulling a very Microsoft-in-the-90s move here. Convenience over security, taken to excess. It's likely to bite them in the ass, just like it did MS.

Re:We all slated Windows for doing this

[Aighearach]

That isn't what I argued at all, I said that their engineers might very well be good enough to construct a safe sandbox so that trust isn't needed. Javascript is already handled safely without trusting it by dozens or hundreds of browsers.

If it is installed or not shouldn't even matter, except to the user's logistics choices.

Re:Why is the serpent always portrayed incorrectly

[JustOK]

It was a velociraptor, not a worm.

Chrome

Major stories about chrome on the verge and now slashdot on a slow news but everybody home Saturday. Googles pr team is working overtime.

So... Java

So, Google is going to use Java or Ecma script for their apps now?

Edgy.

Re:So... Java

[tepples]

Chrome Web Store applications have always been written in ECMAScript, except those few that use Native Client.

Its almost like Chrome has its own OS and DE

H'mmm. I've got an idea. Take a cheap netbook, throw a minimal linux environment on it with Xorg, and lock it down so that only Google chrome and its apps can run on it. I'd call it NSA/Google OS.

Crap

[Hognoxious]

Want-O-Meter(tm) switched on? Check.
Batteries? Fully charged.
Sensitivity setting? Max!

Reading? Not the faintest fuck of a flicker.

Immigration

[tepples]

How hard is it for an American to qualify for residency in "socialist Denmark" where the RF spectrum owners don't gouge as much?

Re:Immigration

Um, I'm waiting for a reply to this... as a very "skilled"(employable) American, I'd like to jump ship as soon as possible.

Re:Immigration

Do you have good mathematical skills for engineering?

Re:Immigration

[MightyYar]

To save 10 or 20 bucks a month?

Re:Immigration

[tepples]

Actually, to broaden my job search beyond my home country in general.

Re:Immigration

[Splab]

Hey sorry for the late reply :-)

If you are a talented programmer, it's fairly easy to get a job - green cards can be a bit of pain since there are requirements to minimum wage, however, in programming, those requirements should be no problem.

Local vs. roaming preferences

[tepples]

saves having to worry about the different user directory configs you can get on the different versions or on networked corporate setups

But it only has to be done once per publisher, and then you can reuse the folder locating code across multiple applications. As for "networked corporate setups", Windows provides two folders: local application data and roaming application data. I don't see what's so hard about deciding whether a particular preference goes in your application's SQLite file for local preferences or its SQLite file for roaming preferences. If it's machine-specific, such as game control settings or a random free TCP port, or if it's a cache, it's local; otherwise it's roaming.

Re:Local vs. roaming preferences

[BitZtream]

and then you can reuse the folder locating code across multiple applications.

And thats what the registry does. You just talk to it, and the system stores the data where it wants, even going so far as to sync it between multiple machines automatically.

I don't see what's so hard about deciding whether a particular preference goes in your application's SQLite file for local preferences or its SQLite file for roaming preferences.

So you want to use a 3rd party database not intended for storing configuration information instead of the OS provided database designed to store configuration information with a far simpler API to use than a bunch of SQL queries? Thats pretty dumb.

You seem to want to reinvent the wheel because you're too ignorant to use the existing solution, or just too much of a fanboy to see the forest for the trees.

Re:Local vs. roaming preferences

[occasional_dabbler]

It was for a TCP server for sending new file open calls to a single running instance, It was a feature I added to an existing app where all the preferences do get saved to Roaming, but because I'd already coded a 'reset' function that completely overwrites the preference directory with a fresh set of defaults it was just easier to store the port number somewhere else.

Re:Local vs. roaming preferences

[drinkypoo]

and then you can reuse the folder locating code across multiple applications.

And thats what the registry does. You just talk to it, and the system stores the data where it wants, even going so far as to sync it between multiple machines automatically.

And that differs from just using the filesystem interface how?

You seem to want to reinvent the wheel because you're too ignorant to use the existing solution, or just too much of a fanboy to see the forest for the trees.

There's a third option, and also, you lack perspective.

Once upon a time, computer files had formats. Along came UNIX, with the concept that everything's just a file, and parsing the contents is the job of the program. And with libraries, you could feasibly abstract that away, and not have to write it over and over again. This enabled portability in a way that you didn't get with competing mainframe systems, and the modern age of computing was born. There's the perspective. Note that Windows shares this approach to file formats, as does every other modern operating system. While every significant operating system provides a facility for decoding certain types of media data, in every case it's simply a set of userspace libraries.

The third option is that you want to take advantage of the simplicity of the filesystem-based approach. Systems as early as Apollo included the broadly networked filesystem, but there are and have been lots of other systems throughout time. For instance, when the Windows registry was still a new thing, people were using automounted NFS to centralize whole programs including their configuration files.

The truth is that there's benefits to both approaches. GNOME took the Windowslike approach and built a registry of their own, because they agree with you that it's desirable. Everyone else stuck with flat files, and though some of them have been given dimensionality again with XML they remain nominally (even sometimes fully) human-readable.

The real argument against the registry database is that with modern filesystems and networking there's really no good reason to use a special facility. The filesystem is a hierarchical database, and the only reason it was necessary for Windows to invent another one is that at the time, their filesystems were all shit. Today, Microsoft has perfectly adequate and highly-featured filesystems, but the registry persists from the time when they did not, and today it is a pain in the ass that doesn't need to be there. The UNIX way has been proven out, and all the benefits of the Windows registry have been eliminated as UNIX (and Unixlike) systems have gained high-performance filesystems which can handle many small files efficiently and with acceptable or even excellent performance.

TL;DR: The registry came about because Microsoft was bad at both filesystems and networking, and today it is an utterly useless and rubbish concept which actually requires more maintenance at every level, not less.

Intents and background apps without registry

[tepples]

So without a registry, how would a program inform the system of the intents it can handle, such as the file types and URL types it can open? And how would programs that need to run in the background starting at login time, such as a weather widget or a service that opens a peripheral's related application when the peripheral is plugged in, get loaded?

Re:Intents and background apps without registry

[Todd+Knarr]

Same way we do it with Linux desktop environments: applications put a standardized config file into an application-specific spot under a folder in your user home directory containing that information. The desktop environment reads those files, combines them with the user's configuration of what programs they want to handle what, and sets things up accordingly. Note that the configuration of what programs the desktop environment will use to handle each file type is part of the desktop environment's configuration, not the application or the operating system. And the user's settings are part of the user's configuration, they don't exist at the system level. There are of course system-level default settings and application configuration for applications that've been installed system-wide that get read before user-specific settings and configuration. As for user-specific widgets that start when hardware's plugged in, again that's handled by small daemons or the like that get started when the user logs in that monitor for such events. That can't be an operating-system-level thing, though, because the operating system has to work on systems where you have 80 people logged in to the machine simultaneously. What works on a desktop dedicated to a single person doesn't work on a server used by many people at the same time, and the OS must accommodate both.

Re:Intents and background apps without registry

[vux984]

There is REALLY no difference between HKEY Current User/Software/appname and a "application-specific spot under a folder in your user home directory containing that information"

Note that the configuration of what programs the desktop environment will use to handle each file type is part of the desktop environment's configuration, not the application or the operating system.

Same with windows, except that the desktop environment is part of the operating system (and even that is becoming less true with core server installs).

That doesn't change the fact that the "desktop environment" whether its the desktop in windows or gnome it still needs to store all these settings somewhere.

nd the user's settings are part of the user's configuration, they don't exist at the system level.

Same with windows. HKLM and HKU are separate spaces for local machine settings, and user settings. HKU for user settings.

There are of course system-level default settings and application configuration for applications that've been installed system-wide that get read before user-specific settings and configuration.

HKLM for system wide settings.

As for user-specific widgets that start when hardware's plugged in, again that's handled by small daemons or the like that get started when the user logs in that monitor for such events.

Nope. You plug in a sata drive, or a USB device like a printer or scanner and the operating system establishes communication with it below the user level. And then again at the user level.

Linux isn't any different than windows here. (And even windows has this separation and abstraction visibly in place when you install terminal services.)

Re:Intents and background apps without registry

[Todd+Knarr]

One major difference between the registry and Unix config file folders: the folders aren't integrated into a single blob, the registry is (well, technically a couple of blobs corresponding to the top-level keys). Bluntly put, the files are more robust than the registry's proven to be. Less prone to corruption, less prone to damage, easier to back up and restore or transfer between machines. I can tar up my home directory on one Unix machine, untar it on another (even one running a different Unix) and everything's as I expect it modulo the expected things like differences in system-installed applications and monitor sizes. And since the config files are plain text (usually), it's trivial to go in and fix problems or make changes. Doing that with the registry... requires either that the registry be intact enough to get you into Windows and regedit, or requires lots of special tools to work on it off-line. Assuming you know where the registry hives are located physically, many people have no clue.

As far as SATA or USB drives, you're talking two different things. One is a system-level interaction, loading device drivers and connecting the physical device into the system. That's properly a system-level thing, until that's done the device doesn't exist as far as software is concerned. The second part is where Windows and Linux diverge. Windows puts a lot of the stuff to watch for devices at the system level. For instance, the Samsung software for my phone, iTunes, the Citrix ICA client, all of that is system level and none of that is system-wide. Linux... doesn't give software a choice. If it's an ordinary user installing the software, the installer doesn't get permission to put stuff at the system level, period full stop. Only sysadmins get to do that, and regular users aren't sysadmins. The only way to do it requires a manual step: entering the root password to give the installer root privileges to install things at the system level. And Linux users are taught early to be allergic to those requests. It's OK if you go in intending to install something system-wide, but when you go to install a personal music player and it asks for root the instinctive response is to hit "Cancel" and go looking for confirmation that what you downloaded is really legit because legit stuff Doesn't Do That. On Windows it's unusual to see an installer that even gives you the option of choosing per-user vs. system-wide.

Re:Intents and background apps without registry

[vux984]

Bluntly put, the files are more robust than the registry's proven to be.

Database vs File Structure. There are advantages and disadvantages to both. I don't dispute that the historical record suggest you may be right that the files are more robust... but then we never had a linux with a registry that was mainstream.

I attribute a lot of the problems with windows registry to the application culture -- of supporting mainstream consumer users.

[...] Assuming you know where the registry hives are located physically, many people have no clue.

The same people would be up shit creek with linux config files too when things go south.

Windows puts a lot of the stuff to watch for devices at the system level. For instance, the Samsung software for my phone, iTunes, the Citrix ICA client, all of that is system level and none of that is system-wide.

And if Linux was mainstream and samsung's phone tools and itunes were available it would need root to install. That's nothing to do with the system architecture of registry vs config files or proper separation of admin and user roles.

Agreed, of course, that Windows historically did not properly differentiate or enforce regular users vs system administrator although since Vista that's been more or less resolved.

On Windows it's unusual to see an installer that even gives you the option of choosing per-user vs. system-wide.

Right, in that the Windows model is that software installation in general is an administrative task. And I'd say there is a legitimate argument that their customer base (particularly businesses) that consider that a feature.

Re:Intents and background apps without registry

[knorthern+knight]

In linux we have /etc/mailcap and /etc/mime.types and both can be overridden by similar files in each user's $HOME directory.

Re:Intents and background apps without registry

[tepples]

when you go to install a personal music player and it asks for root the instinctive response is to hit "Cancel" and go looking for confirmation that what you downloaded is really legit because legit stuff Doesn't Do That.

"Unless you install this media device management application for all users, you will not be able to use it to transfer media to or from your media device. You will have to ask your administrator to install it for all users." Would users be fine with this behavior?

On Windows it's unusual to see an installer that even gives you the option of choosing per-user vs. system-wide.

And on common X11/Linux distributions the packages provided by your distribution are intended for a system-wide installation, not an installation to /home/staisy. In order to install something for one user, you usually have to compile it from source code, and common GUIs used under X11/Linux tend not to provide a button for this.

When more than one user of a PC uses the same app

[tepples]

All the others have user/$file.

Under your preferred setup, for a home PC with five users (mom, dad, and three kids), must all applications be installed five times, using five times the disk space and five times the data transfer (which counts against the house's monthly Internet cap) for updates?

Every OS is a sandbox, including browsers

[tepples]

People depend on the operating system to protect delicate file system data structures from misbehaving desktop applications. Because the web browser has become an operating system for web applications, Chromium (and by extension Google Chrome) implements a similar sandbox. Your claim that a browser can't properly sandbox a web application sounds like the claim that Windows can't properly sandbox a desktop application, which was true on Windows 98 but hasn't been true for a decade. Even on Windows XP, an application running as a limited user in a separate user account can't do much to fcuk up the system.

Re:Every OS is a sandbox, including browsers

[ceoyoyo]

It was a bad idea for Windows to autoplay CDs and automatically run any attachment sent to you in an e-mail, because it can't sandbox apps in a foolproof way. Chrome can't sandbox webapps in a foolproof way either, so it's a bad idea to be able to run random programs by clicking on a link.

Re:Every OS is a sandbox, including browsers

[MightyYar]

Even Linux gets the occasional security update for a privilege escalation issue. I wish them luck if they choose to depend on their sandbox.

Re:Every OS is a sandbox, including browsers

[tepples]

Chrome can't sandbox webapps in a foolproof way either

We appear to be at a disagreement. To find exactly what we disagree on, let's start at an extreme and work inward. Can VirtualBox or VMware sandbox operating systems in a foolproof way?

Re:Every OS is a sandbox, including browsers

[ceoyoyo]

No, they can't. There are exploits that can break out of VMs.

Re:Why is the serpent always portrayed incorrectly

I would have to say the reason is because everyone intelligent knows the Bible is a bunch of made up fairy tales that contradict each other. Which of the two accounts of creation in Genesis is the accurate one? Which of accounts of the Resurrection, is the real one? But people who believe in the bible are like the world's worst and most obsessive comic book geeks. They will insist preferred publishing house, their preferred characters, their interpretations and selective hand waving of all the plot holes is the correct one and all others are all wrong. But rarely to you see fans of DC comic books killing fans of Marvel comic books and vice versa.

i thought this is what you wanted?

[Gravis+Zero]

Put everything in the cloud! WebOS is the future! HTML5 apps should replace native apps!

Everyone who ever agreed with any of this crap has only themselves to blame. Also, no bitching when they change the layout/functionality/something else you can't control because IT'S NOT YOUR SYSTEM.

I called my brother on this multiple times and now he finally see the "cloud apps" for what they are, a farce!

Re:i thought this is what you wanted?

You mean like gmail/webmail? Salesforce.com... Instapaper, Google Calendar, Hangouts, Drive/docs, RDIO, WordPress, Drupal, Tumblr, Pandora, Google Maps, Evernote, OWA...

Yeah... There is no future for web apps... The cloud is a lie. You seem to ignore the fact that apps can be abandoned and or updated that are installed locally as well. Oh the new update breaks legacy support? Web Apps at least can be OS agnostic, and not be beholden to the Whimsy of a closed ecosystem. (iOS and WP8 and Android.)

Re:i thought this is what you wanted?

[Aighearach]

The important thing in many contexts is control of the data, portability of the data. If the data is portable, a commodity cloud owned by whoever might be just fine. Especially where you can just run your own private cloud if you have a use case that requires control.

Apps also are learning to use caches these days, so they still work fine offline.

Can't control malware

From TFA:

As for the launching ephemeral apps from hyperlinks, Google separated the two features into two separate flags to ensure that only links appearing on a Google search results page will launch the app. This should give the company more control over stopping malware from just launching:

Google has stated repeatedly that they lack the resources to reliably filter illegal MP3 download sites from their search results. How can they stop the much more sophisticated malware vendors?

Re:Can't control malware

[Aighearach]

They'd need access to the NSA's database to do that! How about having the NSA just flag all the packets that have malware, and then everybody can drop those at the routers.

/s ;p

Re:Why is the serpent always portrayed incorrectly

[ceoyoyo]

A huge glaring error! They can fix it as soon as they stop depicting Jesus as a white dude.

FirefoxOS

[kangsterizer]

The apps already run everywhere (well, Android, FirefoxOS, Firefox Desktop), already are one-click-to-use on FirefoxOS, and also they don't require you to be online to use them. And they're not pushing an agenda. Just sayin'.

Re:When more than one user of a PC uses the same a

[Hognoxious]

I assumed he meant /usr like on Linux.

Re:When more than one user of a PC uses the same a

[mcgrew]

You can install an app under /usr and anyone's /usr/home directory can run it if they have the proper permissions. Their configuration files for that app are stored in their own space; one size does not fit all.

Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature) unless you're logged in as root ("Admin" in Windows-speak).

Your desktop is your desktop. If you install an app in your own space it doesn't affect any other user. In Linux, most any app you might want is installed with the OS anyway.

Didn't we do this already?

[Todd+Knarr]

Windows allowed the running of applications from Internet Explorer, remember? You even get the option still of running an application or saving it to disk when you click on a link to an executable program. And we've spent what, the better part of 2 decades trying to figure out reliable ways of PREVENTING this! Because it's so commonly abused to get people to run malware and other undesirable software. And now we want to make another attempt at letting people run anything J. Random Blackhat throws their way? Thanks, but no thanks.

Appblocker required

[johanw]

So, after the adblocker we now also need the appblocker when browsing.

Re:Appblocker required

[Aighearach]

Presumably the ad-blocker can just role that feature in. :)

So xul (Mozilla), Opera widgets, and active x

What's new or news here?

Re:So xul (Mozilla), Opera widgets, and active x

[Aighearach]

What's new or news here?

The implementation and distribution.

Re:When more than one user of a PC uses the same a

[tepples]

Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature)

Nonstandard? "Folders" have meant the same thing as directories since Mac OS 2.1 introduced HFS in September 1985, years before Linux and 4.4BSD-Lite were released.

Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature) unless you're logged in as root ("Admin" in Windows-speak).

UNIX is this way for files and folders that have no world permissions, such as those created under a umask ending in 7. But it's common for a UNIX system used by a single household or small organization to have a umask of 022, which makes documents 644 (all read, owner write) and folders 755 (all list, owner write, all traverse).

In Linux, most any app you might want is installed with the OS anyway.

True, a common set of applications is included with the operating system. But this doesn't include editors of less common data types (e.g. Synfig for vector animation), or newer versions of applications not backported to your OS version, or games that aren't Solitaire. AAA games especially have large install footprints.

Non-AD roaming and non-Windows OSes

[tepples]

So should ports of Windows applications that use the registry to desktop platforms other than Windows include the Wine libraries just to have a registry? And how should applications running from removable media (sometimes called "portable" apps) store configuration information in a way that roams to whatever machine the media is mounted on, even on a machine that isn't part of the same AD domain? One pattern is to store configuration in Application Data when installed to fixed media or in a separate Application Data folder next to the executable when installed to removable media.

Is this really that different?

[Jartan]

For the average user that does not use noscript, this isn't a big difference. They're already essentially trusting every site they visit.

Active-X

[hicksw]

Does nobody remember Active-X?

Don't download and run strange code. Ever.
--
There is nothing so useless as doing efficiently that which should not be done at all.

That one's patched

[tepples]

If you're willing to bring up an article that only mentions an escape that was probably patched four years ago, I'll bring up old exploits that can shut down the bare hardware, such as Pentium invalid operand with locked CMPXCHG8B and the Cyrix coma.

Re:That one's patched

[ceoyoyo]

Exactly. You can't make a sandbox foolproof. Even if your "sandbox" is hardware. There were lots of exploits proposed for the execute bit as well. If you're relying on your sandbox, whatever it is, to be foolproof, you're a fool.

Good security is always multilayered. Yes, sandboxing, possibly at multiple levels, improves security. So does not being able to install things just by clicking on a link.

Re:That one's patched

Well done, you've completely validated his concern (and disproved your own point) that no sandbox, software or hardware, is foolproof.

Re:That one's patched

[tepples]

Yes, sandboxing, possibly at multiple levels, improves security. So does not being able to install things just by clicking on a link.

So going forward, should all web developers start to anticipate JavaScript being turned off, with "Sorry, this web application requires JavaScript; here's how to reenable it" considered unacceptable in a web application? Good luck making an efficient user interface to, say, pan and zoom across a map without JavaScript. We'd be back to the clunky-ass "click to zoom in or out or pan half a screen" UI of everything that preceded Google Maps.

Re:That one's patched

[tepples]

So what's the way forward, other than abandoning computing?

Re:That one's patched

[ceoyoyo]

Your post doesn't really seem to make sense. If you've got JS turned off then yes, it's quite reasonable that if a web app wants to run the browser says "turn JS back on, here's how, or use the clunky non-JS interface". If a web app wants to install itself onto my computer it's quite reasonable (very highly desirable, actually) that the browser ask me if it's okay first.

Re:That one's patched

[tepples]

If a web app wants to install itself onto my computer it's quite reasonable (very highly desirable, actually) that the browser ask me if it's okay first.

I agree, but it could go one of two ways. In one scenario, enough web sites would say "allow us to install this JavaScript application on your computer or this web site will operate with severely reduced functionality" that it'd become yet another way to train the user to just click Yes. Arguably, JavaScript in web applications has already reached this point, and most web browsers default to running JavaScript. In the other scenario, enough users would set their browsers to "never install, never prompt" that it'd become like IE 8 or NoScript, with web developers having to make a tremendous effort to work around missing functionality to provide features that users of web applications expect.

Re:When more than one user of a PC uses the same a

[exomondo]

Unlike Windows, you also can't see other users' files or "folders" (using MS's nonstandard nomenclature)

You mean Apple's (as introduced in the Lisa) nonstandard nomenclature? Though I'm not sure what you think the 'standard' is or why.

Re:When more than one user of a PC uses the same a

[mcgrew]

There was no real standard when the Lisa was out, but these days *nix is the standard -- Unix, Linux, BSD. Most mainframes and all the 100 fastest computers run Linux (which is taking over for Unix), Android is Linux, Apple is BSD. Microsoft is way behind everyone.

Re:When more than one user of a PC uses the same a

[exomondo]

Well that's odd, you say Apple is BSD and BSD is a *nix yet OSX still calls them folders. Could it be there is no standard on what to call them? I can see you desperately want to make out that Microsoft is so far behind but in fact Apple and Microsoft both call them the same thing.