More on the SSB thing
My love affair with site specific browsers has ended up a casualty of its confrontation with reality. As TechCrunch is getting ready to spin up the notion of Desktop/Web hybrid applications as the "New Old Thing," I figured it was time to point out the big hole that I did not realize until I started playing: managing security can really get you.
My interest in SSBs was borne out of two recent events: 1. that at HP there are now lots of people looking at this question of the Next Big Platform for application development and 2. that in my time here, I've also been forced to abandon Mail.app/IMAP for Gmail on the web due to all sorts of Firewall/IT complications and I've gotten tired of not having better desktop integration (drag-and-drop attachments, Ctrl-N for new messages, etc.). Figuring that I might be able both of these things from something like a Greasemonkey-enhanced Gmail, I started playing with Firefox 3 but quickly moved to Fluid due to the fact that Firefox was running like a resource pig on my Macbook. One of the apps mentioned in the TechCrunch piece cited above, Fluid does a great job of integrating a bunch of open source projects, specifically Webkit (great renderer), GreaseKit (Greasemonkey for Webkit), and Growl (desktop-level notifications). Together, I was hoping these three might let me get my drag-and-drop and keyboard shortcuts back. Or at the very least, give me a glimpse of the future of the desktop/web integration nirvana that everyone keeps theorizing about.
Unfortunately the black magic of this type of integration completely sidesteps the fact that you can quickly open up security holes worthy of trucks being driven through, especially around providing desktop-level Javascript access to the execution context of externally loaded Javascripts. In fact, even in the early days of Greasemonkey this was obvious to folks brighter than I and as a result, a whole re-architecture of the way Greasemonkey injects the local context into running web pages was needed. In the case of Greasekit however, the author felt it wiser just to pull out all of the GM_ objects that provide some of the more powerful features something that Fluid suffers as a result of.
Some of these issues can be overcome but an early brush with a big old security hole (that would give a malicious script access to my entire filesystem) got me back to thinking that we might want to wait to see how some of the big boys solve these problems. Because at least they have people whose jobs depend on not opening up huge security holes (then again, Microsoft has proven that this doesn't make a huge difference in the end).
So the romance is gone for the SSBs— at least until we a better handle on how to properly implement a security model that still exposes us to the cool guts at the intersection of the desktop and the web.
Next up: bookmarklets and AIR.
Comments
Antonio commented, on April 7, 2008 at 9:38 p.m.:
In fact Mailplane was what got me started on this stuff. $25 per client is steep though especially because I use 3 different laptops fairly regularly.
Also, Mailplane does a bunch of stuff that I don't know that I need.
Simon Pride commented, on April 7, 2008 at 9:55 p.m.:
Yes, had I not been able to benefit from the combination of beta-tester and academic discounts, I doubt I'd have gone with it.
Hi, I'm Antonio, living in Boston and working this whole net thing out...
Simon Pride commented, on April 7, 2008 at 8:59 p.m.:
Have you tried Mailplane?
http://mailplaneapp.com/
WebKit SSB with drag & drop, ? N for new, Shift ? D for Send etc.