By Sterling “Chip” Camden
Contributing Writer, [GAS]
Well, paint me in a two-tone pattern of “smug” and “disappointed”. I correctly predicted that Opera’s self-styled “reinvention of the web” would have something to do with breaking the traditional model of web client/server that we’ve all come to know and curse. But their execution on that grand plan leaves me feeling like I ordered a steak but they brought me the bull.
Opera’s “revolutionary” new idea is called Opera Unite, and it’s built into a version of Opera 10. In a nutshell, it’s a web server built into your browser. It provides an HTTP server that has access to your local file system, as well as a number of applications built on top of that: file sharing, photo sharing, chat room, media player, and “the fridge” (a place where people can leave notes for you).
Each of these has its own URL, which you can send to someone to give them access. Some of the services provide for password access control, but they can all be made public. You can also write your own services, using the Unite API.
The grand vision here is that you are now freed from the shackles of depending on a dedicated web server. No need for uploading, hosting fees, or domain registration! Just serve everything right off your desktop. But like Vitaly, I see a few gotchas with this approach:
- You’re still relying on a server. Every request has to go through a subdomain of operaunite.com in order to be relayed to and from your desktop.
- Does anyone think that a lightweight web server running inside a browser will be able to scale on demand? In my tests, it was dog slow, even for one client. So much so that external clients kept timing out.
- What about the drag it places on your workstation? Should you get some major traffic, expect to crash.
- The workstation not only has to be up and logged in, but it also has to be running Opera. If you close Opera, all of your web clients go down.
- This significantly broadens the attack surface for security threats. I ran it on a VMWare virtual machine, behind two layers of NAT and a firewall device with all incoming requests denied. The URL was still accessible by my good friend Joseph in Tennessee. Furthermore, the files to which I gave him access resided on another system in my local network on which I had a drive mapped. If my daughter decided to set this up on her workstation, she could open a huge tunnel into my local network. Of course, I’m smart enough to set up different access privileges for each of my home users, but how many family computers out in the wild have any user privilege distinctions at all, yet contain quite a bit of sensitive material? What happens when Junior decides to share C:\ publicly and Mom and Dad haven’t even heard of Opera Unite?
- Even when a site is password protected, the URL is http: – which means the password is being sent in plain text.
It’s likely that Opera will offer improvements to this service in the future, but to me the design seems flawed from the start. There’s a reason why we have web servers that can be available 24/7 and don’t place a drag on our desktops and handhelds. I think the future is leaning more towards commoditized server horsepower in the cloud, rather than a web server in every browser. Perhaps at some point that server glue may become completely invisible to everyone but us geeks, but I don’t think that will happen by placing server responsibilities on the client.