…Unless you’re actually a techie. In which case you probably already know that the above description — let’s call it the Classic Web — is increasingly completely false.
What follows is a little technical, but bear with me, I have a larger point. (Also, even if you’re not a techie yourself, you need to have some understanding of what today’s tech does, and how it does it, in order to make intelligent decisions.)
Why doesn’t Chrome show the iconic “http://” before web addresses any more? Because it, like Amazon’s Silk and soon Firefox, doesn’t necessarily use HTTP any more. Instead, where possible they use Google’s far-faster replacement, SPDY, which also lets servers push data to browsers, instead of having to wait for requests.
That Domain Name System? It’s increasingly actually DNSSEC, an extension which guards against the massive security holes in the original system.
And your so-called secure connections? Well, SSL was actually replaced by TLS some time ago, which fixed some security holes, but not the biggest: browsers automatically accept security certificates for any site from literally hundreds of different authorities, any of which can be, and often are, compromised. Yes, this is insane. The EFF’s Sovereign Keys initiative might eventually solve the problem; in the interim, Chrome is more secure than other browsers, because it lets site owners specify which certificates are OK.
(Do I sound like I’m telling you to use Chrome? Not exactly. I mostly use Firefox, because Chrome doesn’t support any equivalent of Firefox’s security- and sanity-enhancing NoScript plugin, and probably never will.)
In Google’s defense, their new server-side language Go is widely admired — even though, ironically, it signally fails the “The name of your language makes it impossible to find on Google” test — and their Native Client tech is powerful and interesting. Alas, I can’t see any other browser supporting it anytime soon.
But at the end of the day, your browser is still mostly getting and rendering HTML, right? Don’t be so sure. For one thing, “vanilla” HTML is a smaller and smaller part of the average web page. For another, it’s increasingly HTML5, whatever that means.
What’s more, there’s an interesting trend towards web servers that serve no HTML at all. Battlefield 3’s “Battlelog” web site is pure JSON between client and server. My former co-worker Michael Dykman (whose co-workers generally, without provocation, suffixed his name with “the greatest programmer who ever lived”) has developed a pure XML/XSLT web framework, Gossamer: as its introductory rant says, “wouldn’t it be nice if we could handle page requests from web browsers with the same simple elegance the web service model provides?”
The Classic Web is beginning to look like a kludge. Mostly because it was. Slowly, fitfully, three-steps-forward-two-steps-back, the tech community is finally refining it into something more secure, streamlined, and powerful. The last time something like this happened was when AJAX support hit modern browsers. Non-techies don’t realize it, but it was that innovation which ushered in Flickr, Google Maps, and the whole Web 2.0 boom. I expect HTML5 — greatly aided by the little-known back-end iterations I’ve tried to itemize above — to have a similar effect on the web and everything we do there.
Including, maybe, the much-foretold, long-forestalled decline and fall of the Empires of Apps. But more on that in next week’s column…
Points clarified by commenters below: OK, so there’s no real evidence that the removal of HTTP from Chrome’s address bar is actually related to its use of SPDY. “No HTML at all” up above is too extreme: “no dynamically generated HTML” would be better, as the very first pageload still has to be HTML.
Image credit: QbiT, Flickr.