Well, it's live and I've downloaded it and am using it to write this blog entry. It's Google Chrome. It's a beta, but from what I've seen in the couple of minutes I've used it, it's delivering as promised. Very fast and smooth, even typing here. Better than Firefox? Seems like it, but maybe it's the chrome blinding me. And given the news volume about it, there's a lot of people speculating about what Google is trying to accomplish with this thing.
At any rate, if it is about making the Web the OS as we've been trying to do for centuries now, what does it mean to C++ application developers? How do they make their applications relevant in this new world? Is it all over? Do we throw away our C++ compilers and pick up a book on PHP?
I strongly believe there will always be a role for a close to the silicon programming language like C++. Whether it's for resource constrained devices like mobile platforms, or whether it's for high performance apps like image processing or simulations, there's still that need.
What may change is how these C++ apps communicate with the user. I can easily imagine a Web-based UI for C++ apps, similar to other Web 2.0 platforms. Who says the server side needs to be Java or PHP? It could easily be a C++ app. What we need, though, is a clean way to program such a UI. C++ widget programming has always been a challenge, but wait until you change the paradigm like this.
This is one reason I'm keeping an eye on the "Webification of SWT" part of the Eclipse e4 project. The lessons learned and the technology choices made there should be portable to a similar effort in C++. Maybe there's already a C++ widget set out there that we could use to start, like wxWidgets, maybe something else, maybe something new. Either way, it's time for C++ developers to start thinking about what this all means to them.
IMO the big barrier to Web programming in C/C++ is security. The main task of a typical Web application is parsing input from the user, translating it into SQL calls, then producing HTML output. Each of those steps has opportunities for errors that can have tragic security consequences. Higher-level languages are able to protect the programmer from many of these problems by default, which tends to make them much less vulnerable to security problems. C and C++, on the other hand, require great care and knowledge to prevent simple coding errors from causing your application to lose control of the CPU to a malicious user via buffer overflows and other attack vectors.
ReplyDeleteAt least for me, detection and prevention of possible attacks will have to mature a great deal before C and C++ are options I would consider seriously for Web application development.
"We are so, so happy with Google Chrome," mumbled Mozilla CEO John Lilly through gritted teeth. "That most of our income is from Google has no bearing on me making this statement." - http://notnews.today.com/?p=57
ReplyDeleteUsing it now. Looks good but Incognito mode...
ReplyDeleteWhy didn't they just call it Porn Mode?
If you like SWT and component based programming you should check out the Apache Wicket framework for Java. It's a perfect webification of SWT if you ask me.
ReplyDeletescott #1: you've been drinking the anti C++ Kool-aid. Anyway, I'm not talking about writing web apps in C++, I'm talking about writing C++ apps with Web UIs. A good widget toolkit would take care of the security issues.
ReplyDeletescott #2: the same reason Microsoft calls it InPrivate in IE8 ;).
peter: Apache Wicket, seems like it's worth a deeper look. Thanks!
BTW, to follow up my own post, the lack of native widgets in this thing tells me they are very close to being able to slap it into a Windows-less device. Stay tuned.
ReplyDeleteDoug,
ReplyDeleteIt's simplistic to attribute criticism of the difficulty of writing secure C++ code as "drinking the Kool-Aid". I'm not C++ bashing at all, just wishing for the kinds of protection that I have when programming in Perl or Java. For example, smart pointers have made it much easier to do memory management right in C++; similar mechanisms to help with secure programming would be a big help.
Experience has shown that it's much harder to write secure code in C or C++ than in higher level languages; look through the more severe bug reports on cve.mitre.org, bugtraq, Microsoft's security advisories, or the security advisories of any Linux distribution.
Of course, it's also much harder to write high-performance code in higher level languages than in C++.
But it seems to me the communities surrounding Java, PHP, and C# are working much harder to improve performance than the C++ community is working to improve security. I hope that changes.
After a day of use, I have to say that Chrome seems pretty cool. Not only does it work for writing your blog, it works for reading it too. -:)
ReplyDeleteI just kinda wish they did this through an open source organization like Mozilla. Seems like a possible start for the next firefox. Possibly f4?
Yeah, to comment a little more on-topic, I've been using Chrome all day and like it so far. From what I've read it's the security features that are most interesting. If after learning more they still seem interesting I may stick with this browser.
ReplyDeleteMy apologies Scott. I just take offense when people blame quality issues, and that's what the security issues you point out are, on C++. Use the right libraries and you can write just as secure applications as easily as you can with Java and PHP.
ReplyDeleteBTW, neither of these are a higher level language than C++. They just have good standard libraries.
But yes this is off topic. The point is to webify C++ apps, not to use C++ for web services that are easier to do in Java or PHP which have better libraries that support this.
Most of the software stack for a webapp is written in C/C++. The server OS, HTTP server, JVM, Relational Database and Browser... all probably written in C/C++.
ReplyDeleteMike,
ReplyDeleteNot to belabor my offtopic point, but while you are right that a good part of the LAMP/browser stack is made up of C/C++ code, much of that code has a mixed security record at best. Visit CERT and search for some popular parts of this stack, for example. You will find that Apache httpd, OpenSSL, Mozilla Firefox, and even the Linux kernel have all had security problems that let attackers take control of the attached machine via buffer overflows that other languages manage to prevent by default.
To me, this is evidence that currently writing secure C/C++ applications is very difficult even for the most skilled developers working in the most mature environments with access to the best resources. Since I am less of an expert in C/C++ than these developers, I figure I have little chance of writing secure C/C++ code, so I generally avoid doing it unless I don't care about security.
I certainly hope the situation improves; I've been working with C++ a lot lately for an internal project, and I'm rather enjoying it.
To bring this post back ontopic: The security features of Chrome are very interesting. According to the docs, it isolates different tabs into different processes so that a security problem in one tab can't get access to data from another. It runs plugins in a separate process and communicates with them over a thin channel, so they can't compromise security either. I've been hoping for a browser to start taking security seriously for a long time, and it seems Google is doing it.
Have you seen the recent news about Chrome (in)security?
ReplyDeletehttp://blogs.zdnet.com/security/?p=1843
Simply speaking, that's why I prefer to hold my enthusiasm and wait month or two before trying the thing out. ;)
It is a beta, so I'm sure they have kinks like this to work out. It's just interesting what a splash it is making, especially since there isn't really any new technology here. Sometimes we pay too much attention to what Google is doing. But then, how can you not...
ReplyDeleteTry: http://pocoproject.org/poco/blog/?p=136
ReplyDeleteI've been using Chrome for a couple of weeks as my default browser, and I can tell it's beta-quality. I've caught it screwing up the javascript 3 times, there's no home page, which I miss (ironically, Google.com on Firefox), Flash games don't perform right, and pop-ups are handled in a nonintuitive way, resulting in your computer blaring sound from a mysterious source if the pop-up loads that way. Worst of all, the whole deal freezes for about 5 seconds intermittently every 3 minutes or so.
ReplyDeleteOn the plus side, it's more responsive than Firefox and doesn't leak memory as much. I'm anxious to see the second beta release.
I found it a bit ridiculous when Google advertised Chrome on google.pl mainpage. Well why not, but I have seen no warnings at all that this beta contains _several_ _known_ security issues (= is a potential danger for users' machines). Not so fair on their side, I'd say.
ReplyDelete