What is the reason you won't let us make our own browsers-in-a-browser?
I'm not talking about some module you have to build yourself in order to distribute a
browser as an executable. I'm talking about visiting a (secure/signed?) page on the web
and being asked permission to give it any or all powers including the ability to visit
and display other non-cross-domain-enabled sites, with the long-term possibility of
browsers becoming a mostly bare shell for installing full-featured browsers (utilizing
the possibility for APIs for these "browsers" to themselves accept, integrate,
and offline-cache add-on code from other websites, emulating their own add-on system).
Of course there are security risks, but a standardized, cross-platform,
re-envisioned and expanded equivalent of ActiveX, which can work well with
Firewalls, does not add to the risks already inherent in the web.
I am not interested in the argument that "It is just too dangerous". Browsers
already allow people to download executables with a couple clicks, not to mention install
privileged browser add-ons. Enough said. There is absolutely no real difference between
these and what I am proposing, except that executables offer the added inconvenience of
being non-cross-platform and awkward for requiring a separate, non-readily-unifiable
means of managing installations. Otherwise, please someone tell me what is the
/insurmountable/ difference?
I am not really interested in a prolonged technical discussion or debate about the
limitations of existing technologies. I am asking at a higher level why bright people
can't help us move to a web like this. As per Ian's signature, "Things that are
impossible just take longer", I see no logical reason why such a web can't be
envisioned and built.
From the resistance I have seen to the idea among otherwise bright people, I
can only reach the conclusion that there must be some ulterior motives behind
the resistance. The main browsers would not be able to corner the market as
easily anymore if such a thing happened. Because as long as there are these
oligopolic fiefdoms requiring a separate set of JavaScript API standards for
run-of-the-mill web developers to be able to develop privileged applications
easily---or for them to be unable to interact in a privileged fashion with
other such applications, there is less competition and sadly, the world won't
see competitive and collective innovations leading to better privileged
browsers. Rather we are stuck with a centralized model whereby, the main
browsers remain the gate-keepers of innovation.
The dream of "Write once, run anywhere" is thankfully becoming more realized with HTML5,
though there is still a need for an expanded dream, something along the lines of "Write once,
run anywhere, access any functionality desired", and the current albeit highly skilled
custodians of the web seem to sadly lack the vision at the moment to at least point us in that
direction, let alone have plans to achieve it. I would really like to know why others seem not to
have seen this problem or reacted to it...
Admittedly, such a concept could, if the existing browser add-on systems
adequately expose such high privileges to their add-ons, be initially
implemented itself as an add-on, allowing a cross-browser API initiated from
websites to trigger the add-on to ask for the granting of website privileges,
but in order to be well-designed, I would think that this effort should fall
under the umbrella of a wider, representative, consultative, and capable
effort, which is supported in principle by the browsers so that at the very
least they will not end up curtailing privileges to their add-ons down the line
on which the effort depends.
Best wishes,
Brett
