Sunday, May 28, 2006

What's Missing in Web 2.0?

Web applications replacing the desktop? Here are two problems we need to solve before that can happen.

I'm sitting in the New York Café in Budapest, Hungary. It recently got redone after being in a sorry state since 1956, when it had a run-in with a Russian tank. It happens to be just two blocks from the college where my dad used to teach, so I remember walking by it when I was a little kid. Back then, it looked unceremonious. Now, with all the shiny gold plating everywhere, this place looks opulent and luxurious, if not a bit over-the-top. A smart girl once remarked that I have the tendency for big-picture philosophizing when surrounded by luxury, so here we go.

In 1995, Netscape offered the vision that one day, everything will run inside the browser. The operating system would be just another layer of computer architecture. The golden copy of your files would reside on central servers. Your word processor, spreadsheet application, and e-mail client would all be displayed inside a window with a meteor shower animation in the top-right corner.

Well, that didn't happen. Microsoft bulldozed Netscape and for a while, blue e's and rotating globes are still everywhere. But the vision is still alive.

Moving applications and data to the network makes a lot of sense. For storage, Google and Amazon can offer higher reliability at lower cost than home-brewed solutions. In fact, consumers often completely forget to backup their data. For applications, Firefox is available for all popular operating systems, and may easily become a popular application platform with some massaging. Imagine being able to log on with any computer in the world and having your data and favorite applications instantly available, just like you have it at home.

We're not there yet. The Web 2.0 boom introduced many applications that were formerly desktop-only territory: Google Calendar, GMail Chats, Kiko, Writely, Pixoh, and DabbleDB come to mind. But imagine spending an entire workday using only your browser, without any desktop applications. For anyone who uses more than just e-mail, that day would be a very unproductive one.

I believe that before web applications can truly make the desktop obsolete, we need to solve two important problems. Both might seem a bit surprising at first. Even though Javascript is a mess, neither of these points concerns building better AJAX UIs or frameworks to write them. (It's pretty obvious that client-side scripting could greatly profit from cleaner, more cross-compatible features, but there are people more qualified than me to discuss that.)

One of my pet problems is engineering, not science; the second is science, not engineering:
  1. Offline Access
  2. Encrypted, searchable storage

Problem 1: Offline Access

We won't be able to cover the entire planet with always-on Internet access. We need a simple, standardized way to run web-based applications offline.

Earlier this year in Mountain View, I saw huge boxes on lampposts, designed to cover the area with WiFi. This is a great idea for populated areas, but don't extrapolate too far: Even if these boxes were a lot smaller and had much higher range, even if UMTS became free and universally available, even if Connexion receivers were reduced to the size of cell phones – even then, we wouldn't be able to cover the entire planet with Internet access. There will always be a long, dark train tunnel that will spoil the master plan. [1] On top of that, I doubt all this infrastructure could be provided for free, and my tolerance for paying $6/hour for spotty T-Mobile Hotspot reception is low.

An online application becomes completely useless the moment you lose connection. That's why we need to find a way to make online applications work offline.

This isn't the first time I complain about this. In a previous post titled "How do we solve the offline problem?", I described the technical challenges and options.

Today, it seems to me like the most natural way to do this is via a mechanism similar to extensions in Firefox. [2] First, take a browser you can run on any platform, then add a mechanism to easily create applications that perform three things:
  1. Caching: keep a copy of your online data locally.
  2. Presentation: Display the UI in the browser, either by faking it or by actually running an application server locally.
  3. Synchronizing online and offline data.
In essence, you would want to re-create the presentation logic of web applications offline, in the browser. I have to admit that this is a very ambitious goal: You can't just take your server code and distribute it to clients: They may not be able to run it in their environment and you may not be too enthusiastic about giving out your server-side source code, however obfuscated it may be.

Creating offline-enabled web applications will take a lot of work. But without an offline option, web apps will never overtake Microsoft Office.

Problem 2: Encrypted, Searchable Storage

We need to devise a scheme where we can store encrypted data remotely, with the ability to quickly and efficiently search it.

Search is a killer feature. The power you gain from being able to search your own data as quickly as you can search the web is immense. The more data you have, the more useful search becomes.

Recently, there has been a proliferation of new online storage providers, and there are rumors that even Google wants to get in the game pretty soon. For a list of current players, check out this comparison chart. Some of them, like Omnidrive, offer encrypted files, but some aren't even truly secure from a cryptographic perspective: XOR-ring data with the user password doesn't really help.

The key point is this: Many users won't completely trust their storage provider, and won't store the golden copy of their files online, unless they're really, positively sure it's encrypted, and no one else can read it. As an extra benefit of encryption, the storage provider won't even be able to hand data over to the DOJ for their 'statistical evaluations about children accessing pornography.'

That's why encryption should be default. It should take place on the client side, and storage providers should never even see user data in plaintext. [3]

Storing all files in an encrypted manner has a huge drawback. The storage provider won't be able to index and search them anymore. Unless, of course, you found a way to encrypt data but still be able to search it, without losing security. And that's exactly what we need.

Obviously, I'm not the first person to think of this problem, and there's plenty of research on this topic. For example, there's this paper by Song et al. titled "Practical Techniques for Searches on Encrypted Data". You can safely skip to Section 5.4, where they discuss building indexes. Their solution is relatively simple, but requires two round-trips to the server and the storage provider is still able to learn some information about the documents from the user's access patterns. But that seems tolerable.

Two side notes: Any client software for accessing encrypted software would need to be open source, at least in the core parts. With a closed-source client, how would your users know you're not really sending along your encryption key? Also, while it looks like I'm talking exclusively about online storage, this also applies to all data stored in a web application. Wouldn't it be great if Google Calendar didn't know the plaintext of your appointments but sent you an encrypted record which is then decrypted and rendered in your browser?

My opinion is that encryption should be standard in any kind of online storage solution. Without search, however, online storage is useless.

Conclusions

My speculation is that the current crop of web developers will at first resist solving problem 1, because they're too much in love with their server. Also, someone needs to come up with a good example solution that everyone else can copy - much like GMail and Google Maps first came up with neat uses of AJAX. This may be very hard, as it may require hacking deep inside the browser.

As for online storage, I believe it is an important problem. But will users appreciate this functionality? Not before the media makes a huge story out of teenagers hacking into some celebrity's online picture collection, or Chinese students getting arrested at a dissident meeting they had entered in Yahoo Calendar. With some public awareness for the issue, I think people will flock to the provider offering encryption, and they'll be happy to see a search box.

--

Acknowledgements
Thanks to Markus Egli and Bálint Miklós for reviewing drafts of this.

--

Footnotes
[1] I guess only someone who lives in Switzerland would come up with a train tunnel as the primary example.
[2] Dear readers, if you have an idea about how this can be done with current Firefox extensions or other, existing technologies, let me know.
[3] A successful online storage solution needs far more than encryption, the most important aspect being extremely good desktop integration. Also, with any encrypted storage solution, we'd need to train the user to keep offline backups of his encryption key: Without the key, all his data is lost.

57 comments:

Sean O'Donnell said...

There is some great work being done on
offline use in the dojo library.

See http://codinginparadise.org/weblog/2006/04/now-in-browser-near-you-offline-access.html

fad said...

You probably have read about using Derby as a plugin.
If not here's a link:
http://weblogs.java.net/blog/davidvc/archive/2005/12/apache_derby_as_1.html

Still I think that everytime you have to install a new plugin to use an application it will never be a mass market product. When I have to download s.th. I could also download a true fat client with all benefits and the entry barrier for a common user to click "Install" is the same.

So the only plugins common users will use are those already bundled with the browser. That's why there are far more flash games than Shockwave games though Shockwave is 3D.
If MS were to build something like Derby in IE7/Vista I think that would be it as everybody would jump on that train.

Gabor said...

Sean / fad: Thanks for the links! This is exactly what I'm hoping for: Informed readers. The only drawback is that they come up with quick solutions to things I'm touting as great and hard problems. :-)

Sean: dojo looks great, I'll give it a spin. Using Flash shared objects is a great idea, and doesn't even require getting everyone to switch to a particular browser.

fad: I thought Apache Derby was just a relational DB in Java. I don't understand how can that be used to run online apps offline. Any idea where one could find the demo mentioned on David Van Couvering's Blog?

Anonymous said...

"The key point is this: Many users won't completely trust their storage provider, and won't store the golden copy of their files online, unless they're really, positively sure it's encrypted, and no one else can read it."

Um... Yeah! That makes a lot of sense! I mean, most users are crypto-experts, right? It's not like they are blindly trusting the company when it says "Encrypted". They know what "AES 128-Bit Encryption" actually means and why a 40-bit RC4 encryption is bad, right?

Give me a break. Users don't care about their data. Users don't care that Gmail isn't encrypted, that AIM is sent in clear text, that their hard drive isn't backed up, or anything else. Users are short-sighted: It's working now without problem, so lets keep using it.

Gabor said...

Anonymous #1. To some extent, I agree, users don't care if they haven't heard about these problems or can't easily solve them.

But I have greater confidence in the general smartness of users. If they know about a problem that affects them, and there's an easy solution to it, they'll use it.

For example, the reason why most people don't back up their data is because it's hard and takes a lot of discipline. If there was a super-simple way to backup all your stuff, they'd use it.

PRASHANT SINGH said...

problem of offline access is pretty much solved by webaroo.
www.webaroo.com

Gabor said...

Prashant: Webaroo seems pretty interesting, but does it really solve the problem I was talking about? It seems more like a neat solution to read and search your web pages offline, without support for actual web apps, which require presentation logic and uploading edited data from client to the server.

Anonymous said...

ubiquitous, uninterrupted online access will be available in developed countries within a decade. the first solutions are coming from cellco's: hspda, ev/do, and other 3G solutions...while not optimal, and expensive, these solutions are available now to those willing to pay.

the problem with this approach is the towers. the solution is airships.

orders of magnitude cheaper than satellites (or running fiber everywhere), low latency, widespread coverage, ability to loiter in a relatively fixed position for months (or longer)...only a matter of time. presumably the military will develop them first at great expense, then telcos (or entrepreneurs) will jump on.

Gabor said...

Anonymous #2: Airships? Fascinating idea ... But that, too suffers from problems: How are you going to cover the insides of buildings? Also, how are you going to cover Manhattan (line-of-sight problems: there's always a building in the way). You could say "we'll cover most stuff with airships and the rest with 3G," but how are you going to solve the resulting handoff problems (and sell users all the necessary receivers)?

Chris said...

The web was not designed to run programs across the internet. Rather than kludge the web to run programs, why not design something specifically to perform this task?

My attempt to do this is NewI\O.

I disagree with point #1. I think we are moving more and more to a world where we have network access basically everywhere. It is already far more accessible. I bought a cellular modem, and almost never use it because everyplace has wifi now.

I like your point #2 and may incorporate something along this line in my project.

malak said...

Another important things that I think you have missed is bandwidth. Sure, Web applications are nice for low bandwidth content such as calendars, but I don't think its going to be replacing my 50GB photo library anytime soon, no matter how convenient it would be to edit that content from anywhere in the world.

Anonymous said...

IIRC, XForms can "submit" to a file: URL, meaning that so long as your data can be stored in an XML instance, you can have a local store (and load).

Anonymous said...

I believe it is more about the application than the idea of online content. Is this a black and white discussion? I do not think so. In other words, if every road block was removed (IE offline access and best encryption), does everyone want, say Microsoft Word, online. No.

It is instead about building new apps and working on new ideas than simply "Online/Network Software". Would 37signals writeboard work offline? We should be looking at things the other way around.

Eric said...

I disagree with point #1.

Probably about 70% of my work is done on a desktop computer with a 24/7 connection. The rest of the time I use my laptop, and I can't remember the last time a connection wasn't available when I wanted it. Every hotel has got it now. Every coffee shop, every airport, every office, every friend's house... maybe it's not ubiquitous in that I can pull it out in the middle of a field in Kansas and get a connection... but why would I want to? Everywhere I want to use it I already can, with perhaps the exception of planes/trains/buses... but I think those are relatively minor problems to solve - internet connectivity is ubiquitous *enough* that working offline isn't any issue for 90% of the population.

(In truth the bigger barrier to mobile computing is still battery life and finding a place to plug the power in when that runs dry.)

Further, these days working offline is an increasingly unviable option anyway because it seems everything I do is dependent on the internet. It's not just being able to take that spreadsheet offline, it's being able to look up the data online so I know what numbers to plug in. It's not just typing the document in a word processor - it's researching the topic online. So if I have a word processor/spreadsheet that doesn't work offline, so what? The fact that Word and Excel run locally doesn't do me much good when I don't have a connection anyway.

Anonymous said...

I have say this is a solution in search of a problem. Why not just use our local applications on out new machines with gigantic hard drives, enormous ram, and supper fast processors? The solution to multiple operating systems is standard file types, not the nightmare headache world of client sever, which would never even work for image editing, video editing, etc.

Anonymous said...

YOu make reference to Google being one of the first online places to utilise AJAX, when in fact, Microsoft first used it back in 1998 with it's 'Microsoft Outlook Web Access Client' which was a version of Outlook that ran entirely inside the users Web Browser.

Although it wasn't called AJAX back then, Microsoft was using the XMLHttp stuff to create this client, and it had no browser refreshing, everything was like it is with todays web applications.

Anonymous said...

Use "online applications" . . "offline"?

I have an idea, lets just use our applications, and not store our data remotely when a gigabyte only costs thirty three cents:

http://www.newegg.com/Product/Product.asp?Item=N82E16822148131

Use my applications anywhere? What's that little thing I keep on my lap again. I almost forgot it's name cause it's sooooo obsolete.

Oh yeah . . my LAPTOP.

Anonymous said...

Only one thing is keeping google from encrypting all our data... they want to sell us stuff. Googles income on its data centered services goes to zero if they cant see what were storing because they attach ads to that content. Instead google is just trying to get its users to trust the company enough to store personal data on its servers. I doubt that'll work out for them in the long term though... eh... who knows?

Anonymous said...

Given the general lack of reliability of Internet connections, and not seeing that improving any time soon, I think problem 1 should be obvious. I'll always avoid being dependent on anything that is subject to random outages.

dan said...

The Web 2.0 boom introduced many applications that were formerly desktop-only territory: Google Calendar, GMail Chats, Kiko, Writely, Pixoh, and DabbleDB come to mind.

Hello? Yahoo calendar? Really, I don't use it, and I love google and all it's wonderful usefulness, but people were using yahoo as an online calendar years ago. What is it about google that is so cool it makes people forget what came before it?

As for those who say number one is wrong, I'm guessing they can't see beyond the nose on their face. I live in a fairly large city and I rarely have access, much less free access. I also travel a lot, and other than hotels I have to search to find it.

We're no where close to covering even america in wifi, and who knows if it/when it will happen. So number one is even more important than number two.

And yet, you're complicating the issue. If ical syncs with gcal, that's all I need. Desktop and online, working together.

Anonymous said...

Regarding the offline accesss, I think Webaroo has come out with a solution to it.

Murty said...

I think in this context Groove is coming nearer to your expectations. http://www.groove.net

Anonymous said...

Web 2.0 needs more than just the two things you mentioned. One thing that programmers and web heads seem to always forget is that the UI is the application. To the end user the presentation layer or UI is EVERYTHING.

For Web 2.0 to overtake the desktop then the web browser is going to need a really good update that goes far beyond the HTML or even AJAX standards.

People like desktop applications because of these things:

1. They are much more pretty than web pages. Sorry but desktop applications almost always have a more polished "feel" to them than web apps.
2. Desktop applications are 20 times more responsive than web applications (even with AJAX, response times can make or break an application).
3. They are 10 times more reliable than web applications (how many times have you clicked on a web submit button to have a time out occur or 401 page not found as opposed to clicking on the save icon on a desktop application and have a hard drive failure message??)

There's more, but most of what is left is incidental.

Anonymous said...

the benefit of running web app offline is not really worth the efforts for solving all subsequent problems. why don't you keep your local apps as the "cached " web app intended for offline run?

rmdazwdv said...

Check out this article:

http://www.joelonsoftware.com/articles/APIWar.html

Gabor said...

Hmm ... Front page of digg again. That brings a steady stream of comments, too many to respond to right now.

Some interesting stuff has been said.

Eric: "internet connectivity is ubiquitous *enough* that working offline isn't any issue for 90% of the population."

Anonymous: "I'll always avoid being dependent on anything that is subject to random outages."

I agree with Anonymous. Lots of people have mentioned that they now have Internet everywhere. I, too, suffer often from outages or some part of the connection not working.

dan: "Hello? Yahoo calendar? Really, I don't use it, and I love google and all it's wonderful usefulness, but people were using yahoo as an online calendar years ago."

Yeah, but is Yahoo Calendar really "Web 2.0"? I think it came out around 2000.

Anonymous: "Only one thing is keeping google from encrypting all our data... they want to sell us stuff."

I'd be willing to pay Google (or whoever) a small but considerable amount to make up for lost ad income, as long as I know they don't see my data. Any other volunteers?

Anonymous: "You make reference to Google being one of the first online places to utilise AJAX, when in fact, Microsoft first used it back in 1998 with it's 'Microsoft Outlook Web Access Client' which was a version of Outlook that ran entirely inside the users Web Browser."

Yet, the whole Ajax thing started sometime after April 1, 2004, and not in 1998. Clearly, GMail made better use of the technology available, but I might be a bit biased on that one.

Side note: Guys, you've got to stop using the Anonymous posting option. Give yourself a name or an alias. It's not fun quoting everyone as "Anonymous:".

ralfgugginger said...

agree, great article
- bandwith > think about image editing online
- open standards > wifi nearly everywhere available. but configuring it for each and every place is nightmare

bonhamled said...

It is very interesting but i would add at least two more:

The way of integrating different web applications and user defined application in a common procedure/ specification.

The way storage can be assured in each and every situation.

i wrote about this in my site (in spanish):

http://almadormida.blogspot.com/2006/05/web-20-retos-los-que-enfrentarse.html

Peter Szinek said...

Well, the whole Earth won't be wired (or wi-fi-ed) in a matter of days (just enough to mention Africa), but most of the world already is - even the places you would not think about (e.g. according to slashdot, from an article older than a year 'An estimated two-thirds of Estonia is now covered by wireless hotspots', another example could be Greenland - and i did not even move out from Europe). I agree that Web as a platform does not make sense if you are offline, however what i would like to point out is the fact that today you don't have to be offline at all.

Let's look at it from the other end: Can you imagine your life without Internet? Without e-mail? google? amazon? blogs?
Can you imagine that you boot your machine and there is no Internet connection? No browser? No email software? Personally i can imagine this scenario even harder than to not have desktop software (well, i am a (web) developer/programmer, so your situation might be very different)

Take a peek here:
http://www.internetworldstats.com/stats.htm
Observe that the use of internet is rising with an incredible speed (in some countries it is measured in several thousand percents), so i think that in a few years Internet will be common in majority of households.

I think to eliminate the 'big brother' effect is much important (at least for the layer i am in - i.e. i am online 8 hours a day because of my work, then 8 hours because of my open source activities, then another 4 because of blogging etc). I think if this would be solved, this layer could really begin to use the Web as a platform, since these people are already online all the time anyway. Then the rest of the world might join later...

Steve said...

It's Oracle-specific, but Oracle has had web-to-go for a while now. It switches to offline mode with a lightweight database and app server, allowing you to run your web app while offline with Oracle.

Michael Shadle said...

Holy CRAP!

I have been recently posting to the NFSv4 mailing list about the need for encrypted storage, and I believe that it could be done in a way to meet the needs of what you're suggesting as well.

While not directly to the desktop, it could be defined as a standard and allow for remote mappings using desktop clients; or, not a fully server-transparent method, but still secure end-to-end as long as the server isn't doing anything with your data would be SSL wrapped HTTP/choose your protocol -> server, which implements the encrypted network storage suggested in my mailing list post http://linux-nfs.org/pipermail/nfsv4/2006-May/004277.html (I hope this is the right one, it's currently down)

Now if only I could get some momentum, it could help address all types of concerns, including SOHO/sneakernet storage, to desktop->central server, to enterprise... anyone could use it.

Alfred Kayser said...

Check out the IBM Workplace Client technology. It combines the Web 2.0 thinking using an Eclipse framework combined with replication/synchronisation to provide a online/offline application environment including the data replication, encryption and search.

Mark said...

XUL anybody?

Cross platform "in-the-browser" client application (aka Firefox) that provides offline access to data AND syncronous remote storgae via a configured Server.

For example, www.celtx.com

Mike Griffiths said...

I thought that JavaScript was a mess as well - until I started writing Ajax enabled applications. I then learned that this is a pretty full featured language with a lot of support for good OOP programming techniques.

Take the trouble to learn the language and it's capabilities and I think you will be impressed enough to count JavaScript as one of the assets in the coming Web2 world.

Liam @ Web 2.5 Blog said...

I've got a solution for you, though it's not exactly what you had in mind. I call it the "always-on-you" web. See my blog for more.

Anonymous said...

whatever happened to desktop.com (not the current one, the one back in the urbanfetch and kozmo's days, 1999/2000)? you could check POP3 mail, browse web sites within it, read news, and miscellaneous other things. wasn't that web 2.0-ish?

Gabor said...

Liam: I read your blog entry, thanks for pointing it out.

It seems to me like the "always-on-you" devices do solve a problem, although it isn't exaclty the problem I had in mind :-)

Two things aren't clear to me:
1. In the illustration, how does the link (3) work, i.e. how does the phone communicate to the PC's Browser?
2. It seems to me like it would be hard to port existing web apps to Nokia phones. Sure, they run J2ME and Python, but wouldn't have a breadth and depth of web frameworks and libraries on the phone that you currently have on a web server running Linux on a Dell box.

Liam @ Web 2.5 Blog said...

See the link on my blog to the Nokia site for more detail on the phone-based web server. As I write in that post, that's not a model I'm endorsing for the always-on-you web, but it's related.

I think my model does solve the problem you describe, but with a radically different architecture than you envisioned.

I don't think you port many existing web apps to a personal web app server. You really want the "apps" to be plugins to a wiki environment, i.e. format editors, not separate silos like they are on the desktop.

As I describe in a much earlier post, you'd also want to surface existing desktop apps on these modular wiki pages.

Anonymous said...

1. using online apps offline - currently almost the same as asking bird to fly without wings.
In the future it depends on development of storage and communication technologies. If there's a breakthrough in storage size (and I mean the physical size, think storing all you data in an implanted chip, encrypted, wirelessly accessible), then half of the problem is solved. If there is a brekthrough in comm tech (think terabyte/sec bandwidth) there we're fine, but _only_ unless there is not a breakthrough in computing power at the same time, as that would make the size of datasets we work with again much bigger, rendering storage and bandwidth tech too weak again.

As of now, the price of developing offline access for online apps is way too high and unprofitable, especially when tomorrow's apps are too old today.
The offline acces, as I see it, would take copying a part of your server data along with a part of the server logic - the parts you will need when offline, maybe all of it, which I doubt will be possible in the nearest future. Aside from that, there's the hassle with knowing, in advance, _what_ part of logic and data you'll need offline, and the hassle with synchronizing (say merging) the data when you come back online, as I think it's wise to expect that parts of your online data is going to change during the time you'll be working with a copy of it offline.
Not mentioning that keeping the server logic out of reach of decompiler guys is a very strong point of web apps.

2. people here provided pretty good points already - providers need to see your stuff to show targeted adds and to provide search; people really don't care about privacy; and let me add another one: national security has to have access to all your data, whatever it takes - just wait for a few terrorist events to take place and there won't be no opponents to that issue; ID chips alike.

Lord Pi said...

Gabor, I'm sorry to 'strawman', but I found some offense with your reasoning about Web 2.0 and AJAX history.


Web 2.0 is an arbitrary buzzword that doesn't really have a specific meaning. Every website seems to define it differently.

Personally, I think that is the primary thing missing from it -- a canonical definition.


Also, I disagree with your assessment on Microsoft's OWA. At the time the techonology was called DHTML, but it operated under the same principals (as did Microsoft's MapPoint, although it didn't have the drag ability that Google Maps popularized).

AJAX was a term invented in Feb 2005, way after GMail's launch. So by your reasoning, of not being able to classify previously-released applications, GMail wouldn't be AJAX either.

(NOTE: I'm basing some of this knowledge off of http://en.wikipedia.org/wiki/AJAX)

Gabor said...

ralfgugginger:

Yes, limited bandwidth is a problem, although it's getting better everyday. I'm not in any way claiming that web apps are suitable to replace all kinds of desktop apps, though :-)

Last anonymous:

I think you overestimate the effort needed to come up with a decent synchronization and caching logic for today's web apps. If you have a concrete example of a web application that exists today where the offline sync or caching logic would be hard to write, I'd be interested in hearing that.

Same thing for storage capacity. Even my 2-year old cell phone has 32+ megs of storage, I don't see how that would be an issue. What kind of offline-enabled web application were you thinking about?

"people really don't care about privacy; and let me add another one: national security has to have access to all your data, whatever it takes - just wait for a few terrorist events to take place and there won't be no opponents to that issue; ID chips alike."

We'll catch the not-so-smart terrorists anyway and the smart ones are already using encryption for communication.

"Not mentioning that keeping the server logic out of reach of decompiler guys is a very strong point of web apps."

Good point. This is indeed a problem. Today, someone wrote me about a technology that probably makes reverse engineering of programs provable impossible. But for now, we have to resort to code obfuscation, which is a bit like building a bank vault out of LEGO and hoping that people won't start taking away the blocks.

Lord Pi:

Yes, Web 2.0 is a buzzword, but you have to call by a name that people know, and I think there is at least some concensus on what it means. I didn't think people would take offense in my using it in the title. I used the term "web application" everywhere else, but judging from the comments, even that has a wide range of interpretations.

I'm sorry for being too harsh on OWA. My school uses it for student e-mail and I dislike it on taste, not technology. It's trying too hard to look like a desktop mail client when it's not. I'll try to be a bit more appreciative. I just love all things GMail, having worked on it myself. :-)

Anonymous said...

I like this answer.

http://os.newsforge.com/os/06/02/22/2221258.shtml

It can use as much net as you can get, but only if you want to. You are mobile, with or without the net, not restricted by it, but still able to exploit it where you can and how you want. Sweet.

Anonymous said...

Another example of an offline web app -- http://numsum.com/about/working_offline

Its technique predates and is not as seamless as the new Dojo/ Flash 8 SharedObject stuff by Brad Neuberg, but I consider it another datapoint to show if you try hard enough, you can really make javascript do some fun tricks.

Steve (yes I work at Num Sum)

Anonymous said...

Gabor, you can find the Derby Embedded demo in the browser at the following link:
http://developers.sun.com/prodtech/javadb/overview/product_tour/

and I have several entries in my blog:
http://blogs.sun.com/roller/page/FrancoisOrsini/20051214
(demo presented at ApacheCon 05')
http://blogs.sun.com/roller/page/FrancoisOrsini/20060507
(Local Ajax)
Remember this is just a demo - source code is available too. The database can be encrypted as well.

Cheers,

Francois Orsini

Gibu Thomas said...

Gabor,

A great blog post that I violently agree with. For a world of online only apps, there is also the problem of switching costs for the users. At Sharpcast (www.sharpcast.com), we have been working on for almost 3 years trying to make it irrelevant if you are online or offline to do what you want to do with a real-time push synchronization platform (real-time because you don't even want to think about the sync).

You can get a taste for how this future world would work with our Photos Alpha product (Since it still alpha, please be patient with the occasional quirks). The magic is in the platform though, which is general purpose, so can support any data type. Today, at D, we will demonstrate some of the cool, future possibilities (Think, a Blackberry for the rest of us, without the Exchange, the middleware and the IT guy).

If you have time, I would also encourage you to read a couple of blog posts I wrote a couple of months back on the offline-online topic:

http://www.sharpcast.com/blog/2006/03/06/real-web-20/

http://www.sharpcast.com/blog/2006/04/12/more-web-20-talk/

Offline is hugely important for another reason: most personal data is created by offline applications. So, even if your PC is connected, it doesn't help that your pictures end up in your My pics folder or your Office documents are trapped in your PC hard drive. Uploads are a horrible solution to get stuff online, because now you have done the tedious work to have two copies of your data. Sync is the new upload, because then my offline stuff makes its way automatically online and my online changes make it automatically offline, so I have the same view of my stuff everywhere and it is irrelevant whether I am online or offline.

I will bookmark your blog. Good stuff. Oh, and if you have any thoughts on the product or anything else, I would be curious to hear it.

Cheers,

Gibu Thomas, CEO, Sharpcast

Nicolai said...

I think one of the problems that needs to be solved is looking for complicated solutions! If you want offline access, why not just hack durable messaging into a local caching proxy? Both of these technologies are mature, well-understood, and don't require reinventing the wheel.

As for search, it sucks in general, and I'm certainly not smart enough to fix it.

Gabor said...

Steve: NumSum is neat, I was in actually searching for an online spreadsheet application example when I wrote this. Now I found one :-)

Francois: Thanks for the links. I haven't yet been able to digest all that information.

Does DerbyDB run entirely on the client side? Or does it back up data to a central server?

Gibu: I love your product idea - creating web, desktop, and mobile applications that all seamlessly share user data is a great thing. (Even if my favorite pet, the browser, plays no part in the offline component).

I completely agree with the point of your Web
2.0 posts
. I would love to live in a world in which you don't have to care what device your data is on, and whether you're off- or online.

Great site design and product video, by the way! For your first product, it'll be hard to convince me to switch from Picasa, though. :-)

adaptiveblue said...

i completely agree! there is a new wave of apps, including blueorganizer from our company, adaptiveblue, http://www.adaptiveblue.com that is looking to building intelligence and productivity into the browser.

i am pretty sure that we will be seeing more of this stuff in 2006-7. for more of my thoughts on the topic, please see two of my recent articles in web 2.0 journal.
Smart browser:
http://ajax.sys-con.com/read/227524.htm
and Webification of the desktop:
http://ajax.sys-con.com/read/224934.htm

Alex

Anonymous said...

> Gabor: Does DerbyDB run entirely
> on the client side? Or does it
> back up data to a central server?

Yes, Derby can run embedded in some client-side application (i.e. browser) - it can also run in client/server mode against a remote server instance (standalone server or embedded server mode as well).

Cheers - very nice site btw.

Francois Orsini

Anonymous said...

You can't have encrypted storage *and* efficient search. If you don't want your storage provider to access your work, the only solution is to decrypt it your end, which means searched on your local machine. To run a search across all your data means you first have to download and decrypt all your data which isn't fast.

In summary you can have:

Easy, fast search

*or*

Encrypted data the provider can't see

but not both.

Gabor said...

Last Anonymous: You obviously didn't get my point. You *can* have easy, fast search and encryption. For this, you need an encrypted index on the provider side.

What I'm saying is that these schemes - which already exist, for example in the paper I quoted - should start getting adopted outside of academia.

MI said...

I think first problem is not so big. Availability of internet should get to the level of availability of electricity. At that point, using your computer with online apps will be as reliable as using it with offline apps now.

Julien Couvreur said...

For those interested, I have written a wiki which works both online and offline. It's called "Take It With You" Wiki (TiwyWiki).

Here's a link to the demo and more information on the technical aspects:
http://blog.monstuff.com/archives/000272.html

Doug Tygar said...

I made some comments on this post in this blog entry.

beginner said...
This comment has been removed by a blog administrator.
Master said...

Interesting thinks!

daves said...

Great news!!! Thank you this fantastic job!
www.itsolusenz.com web applications