“Chrome” set to reignite old tensions

Continuing my recent tradition of expressing what are likely to be fairly unpopular opinions with my peers, tonight I’m going to rag on Google‘s “Chrome” project and tell you why this is a Bad Idea ™.  I’ll try to keep this short (update: I failed).  This is considered to be a discussion starter, not a final statement.  I’ll probably elaborate on these discussion points on the next NO CARRIER, so be sure and give me some feedback here.

Key points:

The Browser War is Pointless

Anyone who still thinks the browser war is anything worth fighting is absolutely delusional.  The whole point of having a web browser is to serve as an open portal to content, not to give your company the biggest tool at the urinal.  The web was created for serving content regardless of what application you used to view that content.  In that spirit, what’s the point of fighting over this?

I understand the key differences between browsers and that some browsers have perceived advantages over others.  I understand that all too well.  One of the things you used to give up when you made a conscious decision to be a Mac or Linux user was the fact that the de facto browser on the net that had no intention whatsoever of conforming to a standard is no longer in your pocket.  Being a Mac or Linux user means you have more than one browser installed and you use the right tool for the job.  The fact is, the right tool for the job shouldn’t matter because HTML…er, XHTML or whatever it is this week is a standard, right?

Companies do not live or die based on whether or not you use their browser.  Well, unless you’re Opera, maybe.  But I digress.

We all know Microsoft is starting to wake up to this fact and has indeed promised to help further this idea.  That’s great.  It only bolsters my argument then.  It used to be that the browser war was about dominating in your interpretation of the standard.  Now that’s less and less important because standards are being followed (well, in general).  So… why bother?  What does it do for Google to compete in this browser market?

I know the answer to this and so do you.  We’ll talk about that later.  But for now, just believe me.  This market share thing is pointless.  I felt the same way when Steve Jobs declared war on IE with Safari on Windows.  That just upset me.  All that does is tie a huge steel ball around Apple’s ankle and toss it in the ocean.  Apply that to Google now too.

Moving on.

Browsers are “planet” apps

Browsers are becoming “planet” applications with lots of satellites (plugins).  For example, I use MobileMe which hooks into Safari or IE for bookmark synchronization… but not Firefox!  Many people I know and love prefer Firefox because of the various plugins that “better” their browser.

The point I’m trying to make here is that the browser is not a monolithic application.  You spend time adding whipped topping and chocolate shavings on top to get it just the way you want to work with it.  You’ve now installed satellite applications that better your experience for you.

Now along comes a new browser with no support for those satellites.  You have a new planet that will support no moon.  Are you going to pack up your cheese and move to it?  What happens when Chrome doesn’t support your favorite plugins?  Okie, fine.  I know they have said they plan to support Firefox plugins.  But will MobileMe bookmark sync work?  Probably not.  That’s so crucial for me that it’s a deal killer.

As a matter of fact, there’s a good solution to this – and it would help out everyone’s favorite argument: security.  Don’t support these plugins.  Just be monolithic and require extra functionality to be external to your application.  That would change the game entirely… for the better.

A New Security Nightmare

The story you didn’t read the other day was how enterprise administrators everywhere were groaning about the release of Chrome.  While they salivated about using it at home perhaps, what’s happening in the workplace is a whole nutha story.

Google woke up and unleashed Chrome on the world this week and millions of people downloaded it.  I’ll bet a great deal of those people were at work when they did it.  I bet they installed it on their work PC’s.

So.  You’ve just taken a brand new application with no record of security (and let’s face it, Google’s security record is not clean)… an application that is now your portal to the most insecure and infested part of the Internet and added it to your company’s PC.  You’ve just made your PC a tremendous liability and your enterprise administrator is likely ready to kick your ass.

The web is the most dangerous place on the net.  Everywhere you look it’s teeming with viruses, javascript exploits, cross-site scripting bugs and other nasties.  The web browser is the simplest and quickest way into your PC.  So let me get this straight.  You just installed that thing on your nice and secure corporate PC?

“Well, it’s not Internet Explorer, so I’m good!” you might say.  Nice argument.  Nevermind the fact that a large percentage of web exploits occur in Javascript itself.  Guess what Chrome’s focus is?  Making Javascript a “better experience” for the web browsing public.  Did you just get a shiver?  If not, you’re not paying attention.

Indeed, within hours of release, Chrome was proven to be subject to a carpet bombing flaw.  Look it up if you don’t know what that is.  I’m too fired up to bother linking it 😉

A Cloud OS Should be Standards Based

Now we get to the strategic part of the discussion.  This is where Google’s motive comes in.  They’ve been building the “cloud OS” so to speak for years now.  They envision a world where you can sign in with a single username and password from anywhere and use applications just as you would your desktop, complete with the data you work with.  Chrome is their method of furthering that agenda.

That’s great, except that the cloud as a business data model hasn’t really shaken out to be a good idea.

I still do not know of any large enterprise business willing to put their data up on the public web.  Better yet, I do not know of any large enterprise willing to compromise on SLA’s for their critical data.  They’d better start thinking about that if they plan on moving to the “cloud.”  The “cloud” has already shit itself more than once.  Google, Amazon, Apple and all other types of cloud computing folks have had severe troubles recently.  It’s an unproven model and with the way you hear people talk about it like it’s the second coming… you’ve got another dotBomb shaping up here.

Chrome is supposed to make Google’s cloud computing experience better, since Javascript was their focus and Javascript is their operating system.  Neat.  I’d suggest you stay off of other sites, since their new interpretation of Javascript and the Java VM could leave you open to all sorts of other vulnerabilities (see: security).  How about you make sure that business model is intact before you put too much time and money into it?

Open Source – Who Cares?

A lot is being ballyhooed about the fact that Chrome is open source.  Hooray!  Why is that a win, exactly?  Because you can send patches to Google?  Think they’re going to include your code in their release when they have a fairly clear agenda?

Red herring, folks.  They could give a shit about your code.  They just wanted something else on the PR.  Honestly, what does it buy them to be open source for this project?

It sure bought them an interesting blog post (see: security) about how everything you type is sent back to the Google mothership, including sites you visit.  Shivering yet?  Woo, aren’t you glad you installed that on your CORPORATE PC!?!?

And Finally…

Just in case you’re still wondering what the purpose might be of the Chrome browser and why you’re using it… 

Google’s business model is advertising.

Think about it, H.I.

Reblog this post [with Zemanta]