Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
User Journal

Journal severoon's Journal: A New Kind of Program, Part II 1

Journal by severoon

Before reading this, you might want to read Part I of what has apparently become a series.

This new approach to developing applications brings unprecendented customizability. So much so, in fact, that it's hard to handle on all of it, and it even calls into question whether two different installations of the same application can really be called the "same" application beyond some point. I've been thinking on this since I posted that last thought, and I think I may have something.

What if applications were multi-user like operating systems are multi-user? In other words, what if you had to log in to an application before you could use it? This may sound like a horrible inconvenience, but stick with me...you'll see where I'm going with this shortly.

I download a word processor, the core of which is actually just a framework for word processing plug-ins. This framework sports a standard plug-in that connects up with a web service, hosted by the application developer, and logs in using my account on that web site (yes, I can optionally register an account with the site to download the word processor). Once this app is installed, I browse the list of available plug-ins and customize to my heart's content. Each time I install a plug-in, the web service module updates my on-line account to reflect the current customization, including all plug-ins installed and configuration information.

I go to my friend's house and get on his computer. He has installed the same word processor and customized it to his liking. But when I start up the app, it prompts me for a login and password, which I provide. It downloads all of my plug-ins and configuration. Some of these are necessary for me to start using the application for the first time on my buddy's computer, so for those I have to wait. Once it's done installing those and updating the configurations, though, it lets me start using the application. Meanwhile, in the background, it keeps downloading and installing the rest of my plug-ins, and my configured functionality starts magically appearing as I use the application.

Ah, but every problem solved spawns a new set of problems. You're thinking, Wait a minute...I already have enough trouble keeping track of all the accounts I already have to maintain for sites like /., my online bank access, the Wall Street Journal...now I have to create logins and passwords for each and every application I use? I feel your pain. As someone who tries to go by the handle sever everywhere I go, I've recently been stung several times by the new requirement at several sites that handles be at least 6 characters long. Also, for some reason, some sites will not accept special characters in passwords such as |, &, or $. So this means that I have to have at least 2 logins (the login I naively used to intially create accounts, and the one I had to invent with more than 5 characters) and two passwords (one secure one with lots of special characters, one less secure one with none), making a total of four combinations. Oh, and let's not forget the login I use for accounts that are jointly accessible to both me and my fiancee (that login has 6 chars, but I still need two passwords...argh). I can tell you, I usually have to login using the guess'n'check method if I haven't used an account for a little while.

Technology to the rescue! The last few times I've installed Linux, I've noticed that most distributions now come with an application called keyring. It's a fairly simple idea--it's a little database that associates all of your username and password combinations with the appropriate site. It even performs the login for you automatically, I believe, when it senses you're being prompted for a login (cookies be damned--this is much better). Of course, it keeps all of this information securely, encrypting every bit of data that passes through it. I'll bet it even prefers HTTPS connections or uses a web service to perform the login if they're available.

What if we were to marry this keyring application with the above idea of an application login model? It works like this...you go to the website of your favorite keyring application and create an account. You download the keyring application and install it, and then from then on, whenever you add a account to it, it updates the information remotely for you. Voila! Now, even at your friend's house, you have access to your keyring (assuming he has that keyring application installed). You only must remember that one username and password to get access to everything on the Internet associated with you. Suddenly, having to log in to every application doesn't seem like such a burden--it's done automatically for you.

Here's several more possibilities, some food for thought. (1) Could a standard be developed for such keyring applications? This way, you'd be free to install whatever keyring app you like and they'd all share your encrypted information, meaning that when your friend visits you or you visit your friend, regardless of what keyring app he uses, you can still log in by providing the username/password and the URL for the database of your preferred keyring app. (2) Could such an idea be incorporated into OS logins? This way, you wouldn't log in to your friend's computer directly either--the login prompt would provide an option whereby you could login using your keyring account, whereupon it would look up the login credentials you chose for your friend's computer, just like any other website. (3) Could such a keyring application automatically create accounts for you? Let's say you find a new discussion board on the web that requires you to create an account before you can start posting. It would be nice if you could simply go to your keyring app, type in the URL of the site asking you to create an account, and it would do it automatically. It could even use a nonsense handle and password--who cares? You'd never need to know it anyway to access the site...let the keyring app do the work whenever you need to log in!

So, let's run through a quick example of how this might work. You download and install your favorite keyring application. You decide to install some applications: Firefox, a word processor, and a file server. As you download each one, your keyring app automatically creates an account, encrypts, and stores your credentials. You configure each app (including the keyring app) with the plug-ins you prefer and customize them according to your wishes. You create an account for yourself in your file server so you can access your own machine from remote locations, and you add the credentials and URL to your keyring app. You remember to add your login credentials for your own computer because your OS integrates access to your keyring--so now, you log in even to your own home computer using the keyring option. You also add your login credentials for the home computers of your friends.

Then you head over to your friend's house. You sit down at his machine and log in using your single keyring username/password and the URL of that keyring applications database. It fetches your login information for your friend's computer and logs you in. You open the word processor and your keyring provides your credentials, at which point it downloads and configures itself to your liking. You decide to save your document on your home computer. You map a network drive (I know, I know, Windows-speak) to your home machine, at which time your keyring logs you into your file server at home. You save the document to that network drive.

There is no reason this idea can't be applied across the board, to everything from logging in to the OS to using a file browser, web browser, command shell...whatever. The OS could even configure itself with applications. For instance, you use Firefox at home, as soon as you log in to your friend's computer it downloads and installs Firefox for you. This idea could even be applied to licensed software...say you have your very own license for IDEA IntelliJ. As long as keyring has all of your login credentials, there's no reason you shouldn't be able to install that and run it from your friend's machine as well.

So what are the flaws with this idea? I don't see any that are insurmountable, though the most important I've come up with are still worth mentioning.

This could use up a lot of space. Let's say you've created accounts for your 20 closest friends, and each one has their own set of plug-ins for Firefox, a word processor, a calculator program, etc. That's a lot of plug-ins that are floating around on your machine, only a subset of which get used at any one time. If one of these friends only visits you once a year, do you really want that person's 100MB of Firefox plug-ins taking up space? I would address this one by saying one of two things: (1) hard drives are cheap and getting cheaper, so yes, you could simply spare the room and (2) an application-independent plug-in manager could be invented that tracks all the plug-ins on your system and removes rarely used ones...if needed, they'll simply get downloaded again at the appropriate time. An app-independent plug-in manager is also cool because it could automatically download updated versions of plug-ins as they are released. Your applications are all in continuous upgrade mode all the time without you doing anything.

What about speed? Wouldn't downloading all these things add up to a lot of bandwidth? Yes, it would...but, only the first time you logged in to a particular machine. After that, assuming the plug-ins don't get deleted, they're there waiting for you. Besides, bandwidth is soon going to be a lot cheaper, with home connections now getting pushed up into the 3mbps range. Soon, we'll fly past that.

What about security? If I were a savvy programmer, I could create a Firefox plug-in, for example, that does malicious things or gives me backdoor access to the file system of the machine on which it resides. Normally, such a plug-in would be found out because there'd be lots of eyes on it, but let's say I don't put it out for general use...it's only available to me. So when I log in to my friend's machine, this plug-in gets installed by the keyring app and boom, now I've got back-door access to his machine any time I want it. This one I'm not sure how to solve, so discussion is welcome.

The more I think about it, the more I believe it; as applications evolve, we'll need applications that know how to behave as they're configured and this application-level login model might be just the thing.

This discussion has been archived. No new comments can be posted.

A New Kind of Program, Part II More

A New Kind of Program, Part II

Comments Filter:
  • or rather than having the plug-ins stored in individual directories, you could store them somewhere globally (on that computer) accessible...if I download the "save as pdf" plug-in for my word processor, when my buddy comes over it'll be installed and just need to be set up in his configuration file. Then the plug-in manager only needs to (1) keep track of which user gets which plug-in (a much less disk-intensive task than storing each plug-in for each user) and (2) occasionally purge the unused plug-ins.

    O

Slashdot Top Deals

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Close