I was restless because of this idea for quite a long time now, I have shared this with my close circle of friends and they felt that it’s a good one and hence I am sharing it with you. Let me know what you think.
So what is the idea?
It is about a web platform including a web server, browser and a transfer protocol that can make web applications as powerful as desktop applications and as flexible and scalable as current day web applications. Why do we need that? Because what we have now as web, is not enough!
What is limiting the web now?
I got this feeling that the web is not powerful enough. We can do much better things in web but there are a lot of things limiting our freedom.
It all started as a network through which we can access HTML documents and slowly it added scripting functionalities to make it more and more interactive instead of the plain static documents we were used to. Then we started hearing about the web applications, which changed the way we looked at web. Instead of accessing information in web we were able to do ‘things’ in web, like shopping, collaborating – online. We got platforms like ActiveX, Java and Flash but all this were limited because a user cannot trust the code coming from a remote machine in web and this limited the power of web applications and thus the web itself.
How I came to think about it?
There were times when I had to run programs which were not safe. Like I know that the program is infected with some virus/spyware but I just need to run it once, do something using it and then forget it. But If I run it, it’s surely going to trouble my system in one way or another. So I used to run this kind of programs in a virtual PC (Microsoft Virtual PC, Sun Virtual Box, etc) and once my job is done with the program I simply turn off the Virtual Machine. Nothing is saved to the virtual hard disk and my virtual machine as well as my real machine are safe and as clean as they were before. Sounds good?
Now, I thought of another problem. Why are we limiting the web based client side scripting languages to do less powerful things? Like, most of the time they are run using an interpreter or framework or runtime which allows only a set of predefined functionalities. You cannot write a program in JavaScript that allows some OS functionality because with that much power, people can easily write viruses and the moment you go to such sites your machine will be infected like it was infected with a desktop virus program and you will be in total trouble. That’s why no client side scripting language offer powerful features. If you have power, you can use it for evil things than good and people do that.
What if you have a web browser that allows you to execute C language code on your client side? You can write wonderful web applications using that. You are no longer limited by the inabilities of the client side scripting languages. But how can we make such a browser safe that it will not harm the OS or machine in which the user is opening a web site with possible malware?
Virtualization can provide a solution to this. Instead of running the code on the real machine’s CPU, we can run it on a virtual machine.
How it works?
When a user requests a web application by typing in the address of the web application in the browser, the browser gets a copy of the application from the web server. It then starts a virtual machine with very limited functionalities, like basic IO (display, keyboard, pointing device, sound subsystem, camera, etc), storage (primary and secondary), network, etc running probably a minimal version of an open source OS. It then executes the downloaded code in the virtual machine. The program has got full power and it will appear to the program that it is running in a real box. The specification of the hardware and software available in the virtual machine will be standardized and common in all the browsers so that web application developers will get standard platform to target on. If the program behaves naughty, the user can turn of the virtual machine through a kill switch provided by the browser and things will be safe.
For each web application requested, a separate instance of virtual machine will be created and applications will be totally disconnected from one another. Each application can have its own virtual hard disk where it can store client side data (much advanced than the storage in cookies and all) and the size of a virtual hard disk will be controlled by the browser software. An application can store both code and data locally. Caching the code in the local storage can improve the experience as it will reduce the slow downs due to network delays. To enhance the caching, programs should be divided in to as many smaller modules/DLLs as possible with proper versioning. Before executing a module of the program, a checksum check can be done against the version at the server and if a match is found for check sum and version, the module need not be downloaded again. This means that, much heavier web applications (in terms of size of code) can be downloaded and executed easily and frequently without any delays. Of course the first time you visit a new site, things will be bit slower but it will be faster for further visits. For requesting the application, checking the version and checksum, etc a new protocol will be required (may be we can call it as Executable Transfer Protocol – XTP ? ). We will also need a web server software which can deliver the particular version of the code a browser requests and do the checksum based sanity check and all.
The browser can be designed cleverly to share common resources used by multiple instances of virtual machines so that the memory utilization is lower. When an application is loaded, a boot loader kind of module will be loaded first which in turn loads other modules as the user interacts with the application and the loaded modules are cached in virtual hard disk. The entire desktop screen of guest OS need not be shown but only the window of the application, just like the XP mode in Windows 7. A call to load a module of the application (like the DLL stub) will be handled by the browser as an interrupt handling and the necessary code will be made available to the application.
What are the benefits?
- We get web applications as powerful and richer as desktop applications (think of going to hotmail.com and you getting Outlook 2010 running in a couple of seconds, directly from web)
- Still scalable and flexible
- Safer than current day web applications
- All users get the latest version of the software, just like a web application
- Web developers can program in any language that produces native code which is executable in the virtual machine (most of the desktop applications can be easily recompiled to run as web applications)
- Code need not be downloaded every time as it is cached locally
- More data stored locally means applications can manage to run in offline mode as well
What could be the next thing after this?
I have already shared that long back, check out DynaOS.