Wednesday, January 30, 2013

Some thoughts on Chrome Packaged Apps.


At Google I/O 2012 the Google Chrome team made an awesome announcement. They were unveiling Chrome Packaged Apps, Chrome's new amazing apps that would act like native apps, but were developed in HTML, Javascript, and CSS. Since then I have been obsessed with packaged apps. The whole idea excites me because it can turn a $250 Chromebook that only runs the web into a fully functional computer with apps that work offline and can use hardware features. 


One of the biggest features are the new Chrome Apps API's. They include many features that work with the hardware. These API's make Chrome Apps not just web apps. They are extremely powerful. Developers have used them from making a code editor, to controlling a lego mindstorm.  They are also extremely easy to add since it is built through javascript.

Chrome is going to be the future for computers. These apps just show how powerful the modern web has become. I am now doing almost everything on my Chromebook even building websites because I can. I have a successful app called CodeKnit which I can program in basically any language in. I know I said it in the last post, but the web is what you make of it. If we want it to be as powerful as desktop apps all we need to do is build it.

Monday, January 28, 2013

Some thoughts on the Content Security Policy.




The web is becoming a scarier place. Hackers are releasing fraudulent code for developers and they are being tricked into giving hackers their users important information. This is a serious issue and must be fixed. But how?

Introducing Content Security Policy, the most annoying, helpful feature on the web. For a short explanation Content Security Policy is a way to white list certain websites as trusted websites, so other websites do not have access to developers code. For example as Mike West at html5rocks.com said, "Code from https://mybank.com should only have access to https://mybank.com’s data, and https://evil.example.com should certainly never be allowed access." Now here is the annoying part. You have to make sure your resources that are coming outside your websites server are on that white list, so it requires a bit more code.

Many developers just put all their resources on their website, but that slows it down. For example Jquery and AngularJS take up space on your server, while they could be from Google's API website. With Content Security Policy you must white list the https://apis.google.com before you can actually use its resources.

The second part of Content Security Policy is that inline scripts are a big no. We all know every developer likes to cut corners and inline scripts are one of them. Hackers can take advantage of inline scripts and compromise your website. We need to start getting away from inline scripts and with Content Security Policy it is the perfect transition.

I think Content Security Policy is going to be the future. It will make the web a much more secure place  where web applications can be finally compared to native applications. When the Google Chrome team says, "The web is what you make of it," It really is. We need to make the web a safer place and with Content Security Policy we can welcome the web to a much safe place. To find out more about Content Security Policy visit html5rocks' article http://www.html5rocks.com/en/tutorials/security/content-security-policy/