I remember the dawn of the new millennium well. The Internet boom was in full swing and we were predicting the death of the PC. Fat-client machines would no longer be needed in an Internet driven world as people would require only an Internet capable device to access everything they had ever dreamed of. Companies like Netpliance quickly jumped on the bandwagon, offering cheap Internet appliances such as the i-Opener. The game plan was to take a loss on hardware and recoup the cost by selling Internet services. Many agreed that this was the future, but after only a couple of years in business and a measly $230,000 in sales, the writing was on the wall - we weren't ready to give up our beloved PC. Netpliance became TippingPoint and the days of the 'Internet toaster' were...well...toast.
Cloud computing has once again promised a world in which thin clients will rein supreme - all data and processing will occur in the cloud so you'll only need a basic device with minimal processing power. This time around, everyone is jumping on the netbook bandwagon - cheap, mini-laptops with minimal processing power. Is it a fad this time as well, or are we finally ready to turn in our PCs?
Interestingly, browsers are moving in the opposite direction. They've been suffering from feature bloat for a while now (email clients, RSS readers, etc.), but now we're actually changing the architecture of web applications to push data and processing to the client. Adobe Flash has been around forever but the Rich Internet Application room is now getting pretty crowded with the likes of Google Gears, Microsoft Silverlight, JavaFX, etc. Google has also recently released Native Client, an effort to run x86 native code in web applications. All of these projects are blurring the line between desktop and web applications.
Is this a good thing? Time will tell. Does it present new security challenges? Certainly. Applications are becoming increasingly complex and distributed. This always raises the bar and makes makes security a greater challenge. We're no longer dealing with simple static HTML. Now we may have interpreted scripts alongside compiled binaries, all of which are sitting on different machines and may well include untrusted code written by a third party. Webapp security has gone from being a profession for those who didn't have the time/skill/interest in learning reverse engineering skills to the cutting edge of security and suddenly, those RE skills are starting to look pretty valuable once again. Another security issue involves pushing data to the client for storage and processing. It's relatively easy to secure data on a server (we finally seem to be getting a handle to the SQLi thing...after a decade of preaching), but it's a different story when data sits on every client. Developers must take great care in deciding what is pushed to clients as the gloves come off any time you no longer have control of the device where sensitive data resides. Will developers understand the security challenges of this new architecture? History suggests that it will simply open another chapter in the many challenges which we face in enterprise security.
So what will it be - streamlined thin clients or powerful workhorses? What does the future have in store for us? As a guy that just can't help but buy the most powerful device available, I expect that client side storage/processing has just started to evolve - netbooks on the other hand may well go the way of the Internet toaster.
- michael
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment