Browser Bias

Jeff Atwood writes about the higher expectations users have of internal software due exposure to Internet software.

It’s a good point, but there remains a stone unturned.  Why do users, who have no knowledge of the technical details, proclaim browser based software to be better.  One simple reason is, the internal software they were subjected to was not browser based, many times having been written before those tools were available.

Internal software sucks not because it’s not written in Javascript.  No, it sucks because no one cares enough to fix it.  Management can’t put a cost benefit study behind the fixes, users can’t switch to another platform, and developers aren’t half as motivated to create a piece of software for that overpaid salesperson (every company has at least one), as they are to create a piece of software that might bring them fame and fortune among the wider world.  And we haven’t even begun to consider the consequences of scale.

Thus internal software sucks, and when compared to a project someone loves, it looks horrible.  And that explains the irrational bias I’ve observed among pundits, executives and “hip” users toward browser based software.

Browser Bubble, Part 2

For the next part in the explanation of my feelings about browser-based software, I’ll offer up a real world example that I’ve personally dealt with, blogging.

There is a good chance you’re viewing this post in a browser, and there’s nothing wrong with that. In fact, unless you read this blog all the time and subscribe to the RSS feed, it’s the only way to do it. It wouldn’t make much sense for me to write a custom application for you to read this blog; it wouldn’t even make sense for Blogger to offer one. The web browser was specifically designed for this type of duty. I won’t belabor that point, since I doubt I’d find almost anyone who would disagree, but I just wanted to make it clear I’m not a lunatic, and I do know the browser is very good for some tasks.

On the other hand, there are two parts to a blog. You get to read it, and throw back some comments if I’m lucky, but there’s also the part where I write it, create the templates, etc. And this is where the overreliance upon the browser platform gets frustrating.

Blogger provides a browser based editor for blogging, much like other online blogging tools. Currently, Google has a new version in beta of the entire Blogger system. One of the biggest changes in the new system is a new layout system. The new system uses a lot of AJAX and a web based widget system to allow you to customize your layout. There are a lot of improvements, like the ability to categorize posts, and a more flexible archive control, both of which you can see and example of right here on this blog.

Despite all these improvements, there is one thing I really dislike about the new system. The problem is the new design locks you into Blogger’s AJAX based layout editor. It used to be you could create your template in a WYSIWYG CSS enabled HTML editor, and then upload it to Blogger. You still can, except the problem is, the new Blogger templates use lots of proprietary code that just doesn’t work in any HTML editor I know of.

And while the new AJAX editor is better than the old textbox, it’s still extremely limiting. For pretty much anything non-trivial, you’ll have to edit the code manually. To add insult to injury, the Blogger area to edit this template is really tiny, and isn’t anything more than a dumb textbox. And because it’s part of a web form, you could spend a lot of time editing it, just to be presented with a timeout or some other browser based failure.

So, I usually take the contents and copy-and-paste them out to a real editor. It used to be a HTML editor, but now it’s just a text editor, which means that if I want to see the results I have to copy-and-paste them back to Bloggers little text box, and hit preview. You can’t imagine how frustrating that process, especially when you’re trying to figure out why the sidebar is indented 40 pixels more in FireFox than IE.

That annoyance is a result of poorly specified HTML rules (although if you’re keeping score it turns out that IE uses margins as W3C later recommended, whereas FireFox uses padding). But HTML standards can be fixed, with time. Also, HTML standards are a problem regardless of what I’m using to create them, because in the end I want to be able to make my blog available to people with browsers.

What is more important, are the insane hoops the Blogger system forces me to jump through to get a halfway decent editing experience. The root cause is the lack of file system type integration. If Blogger allowed me to access my template with something like WebDAV, then I could edit it directly. Instead, they make an even more locked in system.

Also, consider the difference between the Blogger template editing experience and that of a desktop app that can validate the XML, invoke IE, FireFox, etc, or even provide inline previews of either or both browsers. It’s hard to emulate FireFox inside a IE browser window, or vice versa. And despite all the effort Google has put into their AJAX editor, it’s not even an attempt at WYSIWYG. I’m sure it’s something that can be done, but it’s a massive effort, and I just don’t see the point in all that effort when Google could just release a desktop app to edit the layouts. That app could execute a HTML editor of my choice, and pass out the editable sections of the template, and all kinds of other nifty functionality that would be difficult to impossible using AJAX.

If I’m going to write 90+ posts, I’m certainly willing to install a single app. But the dogmatic view that the browser is the solution to all problems kills this option.

Luckily, a bit more wisdom has prevailed in the area of posting, although it is still neglected. For posting, my current process is to load up Word and begin writing. I’m using Word 2007, and was using it to post, until Google broke that, so now I copy and paste out of Word into Windows Live Writer to post. Some shorter pieces I may write directly in Windows Live Writer.

Why do I use copy to Windows Live Writer rather than the Blogger edit post function? Two reasons. One is that when you copy and paste from Word to the Blogger post editor you’ll often get bad formatting. With Windows Live Writer, it just works. I don’t know whom to blame for this, but posting with IE or FireFox, both have the same problem.

More importantly, however, if you copy and paste to the Blogger post editor, you don’t actually know if it’s going to work until you post. There’s a preview button in the Blogger post editor, but it actually looks nothing like my site. It’s somewhat confusing what the purpose of that pseudo-preview is. Windows Live Writer, however, shows me exactly what my post will look like before I post it. Not only can I see what the post I’m submitting looks like, I can see what it’s going to look like on my home page, with all the navbars and other posts.

There are a few flaws in this system. There is the annoying copy-and-paste from Word to Windows Live Writer, but the only reason for that is that I like having Word’s spell/grammar checker. Windows Live Writer does spell checking, but not in the same fashion as Word, and has no grammar support at all. The other flaw is that Blogger does not allow Windows Live Writer to use the label system. I’ve used categories from Windows Live Writer with other blogging software, but Blogger for some reason has decided to use a crippled blog posting API, or something. So after I submit a post, I have to log in to Blogger and edit the labels through edit post. I wonder what effects this has on RSS readers, as far as double posts, but so far my aggregator hasn’t ended up with doubles (I’m not counting those that showed up during the labeling of old posts I did a bit ago).

Now, you might draw different conclusions from this tale, but to me, the conclusion is that life would be much easier if the developers at Google who are working on Blogger would accept that editing posts, and certainly templates isn’t something that’s appropriate for a browser. They’d be much better off spending some time on a good desktop app to handle part of it, and enhancing the support for posting API’s, WebDAV, etc. Also, a good desktop app could easily integrate with other desktop apps in other ways. For one, it could allow open/save that doesn’t require 5 clicks, like the upload/download template buttons on Blogger do (actually for practical purposes, it’s a lot more than 5 because you need to navigate to the proper folder).

I think, for my next post, I’ll start to discuss some of the technologies available for smart client development on the Java and .NET platforms. But like I said in the first part, this is going to take a while, so hang in.

Browser Bubble

Since the original mosaic browser, the ubiquity, power and importance of the browser has trended in one direction, upward. Many feel this is merely a sign of things to come, but to me, I see it as a bubble ready to burst. There is no denying the role and importance of the browser, and I see no reason to expect it to shrivel up and die, but today, and for the immediate future, the browser as a platform has been leveraged not just beyond its original design, but beyond reasonable limitations.

Like most trends, the browser started by fulfilling a role that was genuinely lacking. The browser provided an easy to use portal into vast amounts of data waiting to be poured onto Web Servers worldwide. Some of browsers competitors (AOL, Prodigy, CompuServe) applied more control to the content in an attempt to create a consistent user experience, and provide greater interactivity. But the browser trumped all of that by allowing a simple brain dump of data. Much of the initial data on the internet was simply text, with sparse hyperlink additions. Interactivity was put on hold in the interests of developing quantity, and the web flourished.

Retailers, like always, flocked to where the customers were and began to establish online stores. The browser adapted well to the online store concept, because much like the initial round of web development, retailers had large quantities of mostly unstructured product information. This data had a great deal of graphics and formatted text, and there were the order processing systems to worry about. But in the large, there was very little interactivity in a web store. Click on stuff you want, enter credit card, poof. In most cases, the back end systems remained unchanged, and the browser handled only the customer view.

Providing a secure method of transferring information in the browser provided some hurdles, and still haunts some users today. Despite a few speed bumps, the browser eventually provided a connection to retailers that many users came to trust, at least a little.

For many users, this little bit of trust, developed into application phobia. To a degree, this is understandable, since an unknown application is certainly more dangerous than an unknown website, and until recently, applications provided few means to validate their authenticity. Today, however, platforms like Java and .NET can provide better guarantees of safety than the conglomeration of technologies that compose a complex web application. Unfortunately, neither platform yet provides great mechanisms for communicating these guarantees to potential application users. More importantly, even though there are some communication mechanisms, the average user does not yet understand them in the same way they understand their browsers.

That’s a big stumbling block for these platforms, but with time it can be resolved. More importantly, for many types of applications, such as those that users use every day, it just isn’t necessary. Only new applications scare users, not old ones. These types of applications also tend to be those where browsers perform the worst. Interactivity in your day to day life is simply a must.

AJAX is touted as the solution to interactivity on the browser platform. While AJAX is a great way to extend the browser platform, it’s not the panacea that it’s made out to be. It starts at a disadvantage by being built on top of the HTML/CSS layer that was never intended or designed to handle complex graphics, animations and all of the other elements that AJAX is being used for. As a result, speed, both of development and of execution, suffers.

Developers must learn a great deal of obscure details about several complete technologies, many of which overlap. Not only do they overlap, but the overlapping pieces are not cohesive in any sense. HTML, CSS, Javascript, Flash, etc. all require different tools. In the rare cases of tools that support one or more of these technologies, they are still treated as separate components or strategies.

All of this harms development speed for non-trivial applications. Trivial applications can benefit from the separated tools because if only one is needed, there is simply less to learn. But as you move into more complexity, the number of tools grows quite fast. Rather than simply learning existing tools in more depth, the web application developer will find they need to piece together a variety of tools.

As processor speeds continue to grow, speed of execution does continue to decline in importance, but most complex applications will still have a few key areas where performance is still a concern. Certainly today, the browser platform is incapable of achieving the same level of performance in these areas as a smart client, but it’s also likely that it will always be this way. A browser must be built on top of a client platform, which at the very least means it’s performance capability cannot exceed the performance capability of the underlying system. Performance capability doesn’t define actual performance, but a browser application is not just hampered by being built on top of one platform, but the need run on top of two layers of platforms, each with multiple implementations.

The first layer is of course the operating system. The browser platform can’t be specific to any operating system, which limits performance optimizations tremendously. The second layer is the browser itself, which is can be limiting not just in terms of performance, but functionality itself. I suppose it’s not entirely true that you can’t be specific to one browser, one platform, but if you are, you’re still limited by the way the browser chooses to hook together with the operating system. You should also begin to question what you’re really gaining from keeping the rest of your application browser based code. Are you really still writing a browser application at this point? Haven’t you lost one of the primary advantages of trust? And the secondary advantage of cross platform accessibility?

If these two concerns weren’t important in the end, why did you write a browser based application at all? Even if they were important, the browser isn’t the only way to get these capabilities.

I hate to stop a post at a point like this. I don’t feel like I’ve really proved anything yet, more just raised a lot of questions. But the question of these two platforms is a very complex one, and so unless I want to write the world’s longest blog post ever I’m going to have to break this up over time. For right now, I’m wondering how many others think the same way. Maybe I’m looking to stir up some controversy too, although I usually avoid that. Guess we’ll see.

Update: Part 2

Web Interoperability and Identity

I read an article recently that touched on a two topics I have been thinking about writing about for a while. I had not really related to two topics, as I was coming at them from different angles. The first topic is the incompatibility of different but similar web-based applications. The author is mostly concerned with the proliferation of user accounts, but I was looking at it more from the perspective of how the standards mantra of web development is not keeping pace with the rapid development of new services.

A lot of smart people have assumed that web applications are magically protected from the isolationism that they criticize desktop applications of. It is easy to see where this misconception comes from, today on average web applications have a higher success rate in interoperability, and it was higher in the past. With every passing day however this success rate falls.

Web based applications do have some natural advantages to interoperability, but they also have some significant and often overlooked obstacles as well. In terms of advantages, there is the heterogeneity of the data stored online, and the providers’ ability to manage and manipulate this data to enable interoperability. That ability is provided by not having to worry about the connection quality from a desktop, not having to worry about deploying updates to interoperability logic, and being able to observe, troubleshoot and correct errors when they occur.

But at the same time, the fact that the provider has the data presents a potentially huge obstacle to interoperability if the provider is non-cooperative. With a desktop application, if the provider is non-cooperative, you can hack the format. That can be a lot of work, but it is certainly much easier and less likely to get you sued then it would be to hack a web provider.

In truth, I believe that the desktop application platform long term has better merits for interoperability, because the advantages of the web platform are being addressed. Broadband connections are very reliable, and once Wireless goes through what will most likely be a tumultuous start, there will be no big “reach” jumps needed to sacrifice reliability for. Automatic update services are becoming a standard application feature, and gaining more standardized tool support. Lastly, error-reporting services are gaining more acceptance (if Google knows everything you do, what’s the problem with Microsoft knowing when you crash?).

The web interoperability disadvantage, however, is not going away it is getting worse. As the number of web applications explodes, and the number of providers per service reaches ever higher levels (ever check how many del.ico.us copies there are?) interoperability becomes unprofitable to providers. Another contributing factor is that more and more companies with not as altruistic intentions are adopting web platforms.

Even if standards can catch up with development, they may find that adoption does not happen as easily as it has in the past, as providers refuse to share “their” data.

Coming back to the article, the second topic was about treating users as users, and separating their identities from the different companies they do work for. Separating their identity offers the opportunity to unify their work environment, while still maintaining the individual and company based controls that both sides need. It is not really a one to one correspondence, but I’ve been thinking about how to treat different companies in connected systems, and how to insure each company their own space. Choosing the right place for borders is important to the establishment of the agent concept. I completely agree with his concept on how to setup user accounts (he forgot to mention having a personal user space, but I have a feeling he was thinking it).

The Maps, The Clients

Ran into some interesting map information tonight and it made me look at the different mapping tools out there right now. I actually started with Windows Live Local, which looks to have made some nice progress. The traffic and construction feature is my favorite improvement. I am not sure what areas are covered, Chicago is fully covered, and Columbus (my old hometown) only had construction, but not traffic.

They also have a new “bird’s eye” feature that shows some amazingly detailed zoom ins, but coverage of that is fairly limited at this time.

After seeing that, I realized I had not actually used Google for a bit, so I tried Google maps. As far as I can tell Google maps has not really changed at all for quite some time. It felt a bit faster, but otherwise unchanged.

Personally, I have always favored the rich client map programs over the AJAX apps, so I tried Google Earth next. The difference between Google Earth and Google Maps is extreme in terms of functionality. Not only is the speed difference incomparable, I also have access to so much more information in Google Earth. I went out and quickly found there a site with a Chicago traffic KML. It did not work quite as well as the Live Local traffic, since it did not cover as large an area, and did not have the construction information. The KML and Live Local both use traffic.com by the way. There might be a better, more complete KML out there, but I did not spend the time to find it.

Of course in Google Earth I had all the other Chicago KML’s I have downloaded before, like one that tracks weather, and one that shows close to real-time position for all flights into the local airports. For getting live information, Google Earth is unrivaled. I somewhat wonder why Microsoft has not yet adapted MapPoint (the CD based version) to have a rich client free version, much like Google Earth rather than spending so much on Live Local.

MapPoint is my tool of choice when traveling since I do not need an Internet connection. Unfortunately, I doubt the price of the CD version is something most people are willing to pay. I only have it because it’s part of the MSDN subscription. It is an awesome tool however, with quite a few advantages over Google Earth, but unfortunately without Google Earths online extensibility. I know a new version (2006) was released recently which I have not yet had the chance to try, but I have not been lead to believe it is anything other than updated maps. I will probably get it installed here in a few days since I will be traveling again in a few weeks, so I will see then what has changed.

There is another point to this post than comparing these tools. Notice, the great tools are not the AJAX tools that get so much press, but the rich client applications. AJAX is not the user experience savior it is made out to be. It is a major improvement over what web applications did before, but it is like moving from the Stone Age to the Bronze Age, while rich client applications are more like Rome. Everyone will tell you “the barbarians are at the gate” but is that really true? I think rich client applications can be designed do everything that a web application can, and except for basic things like a storefront, developer effort will come out as a net-win for the rich client application, while producing a better user experience.

Thoughts?

Toolbar not Searchbar

Both Google and Microsoft stopped calling them search bars a long time ago, but both toolbars still don’t let you remove the search box, which I’m finding to be a real annoyance. For one, with IE7 the search box (or FireFox) is pretty redundant, but it’s even more redundant if you like a feature from Windows Live toolbar, and one from Google toolbar. In most other aspects, both toolbars are pretty good about letting you disable such and such. For example, you can get rid of the auto-fills, popup blockers and other redundant junk.

However, the best you can do with those search boxes is try and make them as small as possible. It is a quandary for me because I still like the Desktop Search feature from Microsoft a lot better than the Google equivalent, but since I do searches with Google I prefer Google bookmarks to Live Favorites.

For those wondering, what I like about MS Desktop Search is the way it displays results, which offers a lot more flexibility than Google’s somewhat plain web-style. That style may be good for websites, but it is not nearly effective when working with my own files. With web-searches you are likely to pick one or three of the top results and that’s it, but when I’m searching through rafts of source code, documents, or such I’ll want to be able to sort by time/name/location, and scroll through the list easily, which the web-style does not make very easy with the multi-page style.

Actually, on the note of desktop search, can we get that into the IE7 search box? It is surprising Microsoft didn’t already do that, but I wouldn’t be surprised that it has something to do with feeling the need to make sure that Google desktop search can be added, and that it’s not just Live desktop search. Because if they didn’t Google would throwing even more of a fit than they already are.

So, while you two are at it, make it so the search box contents can be used to highlight terms on a page, the way the toolbars do.

Search Providers and Choice

A number of other people have pointed out Google’s double standard on search defaults, but there is big one I haven’t seen so far.

The Google Toolbar. You can’t customize the search provider for it, can you? The MSN\Windows Live Toolbars allow you to customize your search provider. In fact I’ve been using it this way ever since I switched from the Google Toolbar (I liked the way that MSN Desktop Search displays results alot better.. but that’s another topic). But the Google Toolbar (and probably Yahoo, etc.) doesn’t.

Several people have pointed out that IE7 doesn’t change the setting, it just reuses it. And this I can confirm as well, as when I started up IE7 Google was the only search provider listed. Microsoft didn’t even add themselves as an default second option, which they could have.

But here is another interesting point about that. The Google toolbar “offers” to change your default IE setting when you install it, so most all the IE users who have installed it will end up defaulting to Google when they install IE7. What I mean by “offers” by the way is one of those default on settings in a window that the average user is likely to just hit next… Much like the ones in Acrobat installs that tries to sneak the Google toolbar in, and other stuff.

With all of this, I half wonder if more users will default to MSN than Google.

Google.. I love ya but I think you have a bit of a climb before you can take the high ground on this one.

HTML Applications

Argh.. I was writing a post, in this stupid browser window about how I think HTML has been way overused. It got somewhat large so I decided to paste it into word to spell/grammar check it.

The result? I held down the control key and the up arrow, and somhow it deleted the whole thing. Well I suppose my elegant prose is gone for good, but I suppose this illustrates the point as well as anything. HTML applications do some really dumb things.

Beyond this they ignore so many features we take for granted elsewhere. Undo? HAH! And then what about those sites where you hit submit, only to find that the time you spent perfecting your submission was really just insuring that your session would timeout and you’d lose everything? Oh wait.. I know how to fix that… I’ll just keep this running timer in my brain and hit this “Update” button every 10 minutes. That won’t be a big distraction or annoying.

Why do we settle for this?

Thin vs. Thick

I started writing this after a series of discussions with one of the smarter people I work with, we disagreed a fair bit, but it got me to thinking, we disagreed a fair bit, but it got me to thinking, so here they are (my thoughts)..

No, I am not talking about pizza, though I am sure I could start up a great debate on that topic here in Chicago.

I am talking about hardware and software. Two separate yet related issues, which I think unfortunately are far often considered one issue.

That is a natural accident as they tend to get intertwined technically and the debates of both tend to devolve into the same basic issue of flexibility vs. control. One side sees the need of users to have control of their own systems and data.

Coming back to the separation of the thick vs. thin questions for hardware and software, consistency is not required. You can have thin hardware client yet still have a thick software client. To understand this you should understand where the hardware-software separation is in this context. It is not at the interface of machine code and CPU’s, as you might be apt to first assume.

The question of whether a hardware device is a thick or thin client occurs at the operating system level, and the question of whether software is thick or thin occurs anywhere above that. I think the best way to categorize if a hardware client is thick or thin is on the basis of whether it has “free-will” or not.

The best way to describe what I mean by free-will is that a client system without free-will when directed to a specific server will perform exactly the same as every other possible valid client system. In order to be purely thin, a client system must always do exactly what the server directs it to do.

Like most theoretical things this separation actually occurs as a sliding scale, but at least so far, thick and thin hardware clients have clustered fairly close to the two poles of this scale. The PC, at one pole, does not even assume the existence of a server and thus has more or less complete autonomy. Devices that range from text terminals to more advanced graphics terminals (also known as remote desktop) occupy the other pole. These terminal type devices generally have few if any difference in behavior given the same server and user activity.

Browser devices are a slight deviation from this design. These devices provide only one function, a web browser. The word device is important here because a browser is usually part of the software layer. Nevertheless, here the browser device is close to a hardware thin client because it restricts the interface method to the server.

I say it is close to a hardware thin client because as anyone who has used more one browser can attest, different browsers do not always produce the same result. Browsers have varying degrees of standards support, differences in interpretations. Even when implementing standards they have a degree of flexibility in rendering and interaction behavior. For example, the user interface outside of the web page is entirely defined by the browser (menus, back/forward, history, etc.). So two different browser devices may not perform exactly the same even given the same server, yet still provide connectivity. Still the browser device is far closer to the thin end of our scale than thick, as it intends to provide consistency, even if this is not absolute.

Unlike hardware thick/thin clients that are polarized, the software layer is distributed over a sliding scale. There are software solutions that emulate the remote desktop and browser device models. There are fully autonomous client applications. There are client applications that send commands to server and receive back workflow commands or scripts that they execute locally, and thus end up near the center of our scale. Between all of these types of clients are others that mix the different methodologies to greater or less degrees.

Therefore, software has a very broad range of implementations yet still maintains the basic measurement of thinness or thickness as the degree of free-will. Does the client obey the server, cooperate with the server, take suggestions from the server or act unilaterally?

Thinking this way, the terms thick and thin are somewhat unfortunate, as they describe what was observed as a common characteristic of the two designs rather than describing the actual design itself. Thin clients were observed to generally require fewer resources, but this is not an inherent characteristic, just a common one.

As a counter example, it is possible to create thick clients that require far fewer resources than a web browser to perform a specific function like ordering pens from Office Max. It would not be able to perform all the other operations a browser does, but it would be “thinner” in terms of resource usage, and still not fit the common concept of a thin client.

The assumption that thin clients use fewer resources does generally hold true, however some other assumptions about thin clients are far more conditional.

One common assumption is security. The reasoning is that by centrally administering the data and application logic, administrators will do a better job of insuring proper security management.

There are two flaws with this assumption however. Statistical evidence and common sense tells us that administrators will do a better job that the majority of users, but not all users. The original assumption does not qualify the fact that a portion of the users will do a better job than their administrators do. Also forgotten is that the administrators themselves are an added risk, except in corporate environments where they already have unfettered access.

Therefore, while centralized administration is appropriate in some scenarios, I think most would agree that it must have limits, since the purist end-game for centralized administration is a single authority with full access to all the world’s computers, and I am pretty sure no one wants that.

The other flaw is that thin clients do not have a monopoly on centralized administration. Many thick clients provide the ability for a great deal of centralized administration. At first, this appears be a “thinning” of the thick client by relinquishment of free-will. However, the design for central administration of thick clients allows not only for central control, but also allows central control to return free-will back to the client.

Thin clients “platforms” in converse have methods to conditionally return some free-will to the client. I say platform to highlight a nuance of how this is achieved. Often in thin client platforms the server acts as a client host. This is not a rule, web servers are not client hosts, but self-contained server applications, except for some rare exceptions. However, remote desktop servers are essentially client hosts, as they provide the equivalent of an operating system session. Depending upon the design this session may be the emulation of thick client hardware.

In such a case, centralized administration is barely more inherent in thin client hardware, then within thick client hardware. An extreme (though common) example would be a VMWare host that provides a user with an emulated X86 machine. Since the user can install the operating system, applications and configure them, he essentially has unfettered ability to muck up his entire virtual machine. In theory, the user has the ability to attack other virtual sessions on the same box if VMWare has any exploitable security flaws. At the very least, if the virtual sessions are not segmented into different virtual networks, then an infected virtual machine is as dangerous as any hardware thick client.

The only advantage that administrators would have in the above example is the ability to force shut down the infected virtual machine. However, through remote administration, a hardware thick client usually can usually be shut down. If that fails, modern switches could drop the machine from the network. Of course, there is also always the final recourse of a manual power off. There is a difference, but it is rather minor in the grand scheme of things.

Above the hardware level, thin clients can gain all the free-will of thick clients through emulation but cannot do so without also gaining the accompanying problems. Thick clients can also through centralized administration relinquish their free-will in small chunks to resolve those same problems. Also thick clients can run thin clients. Because of all of this, neither thick or thin hardware clients have any inherent advantage or binding to thick or thin software clients, so we can consider the two issues separately.

On the software side, thick vs. thin is a decision best left to the individual applications, as some are better suited to one design or the other. On the hardware side, the question is simplified down to one of physical realities. Thick hardware clients will generally require more resources, but will require fewer server resources to support, will cause less network traffic, and provide better graphics quality and input latency.

Depending upon the state of technology at any given point the quantitative value of more, fewer, less and better can vary from very small to very large.

Thin hardware clients allow central management of more of the hardware, but in today’s computer environment the vast majority of support and management time deals with software issues, not hardware.

Thick hardware clients provide limited insulation from network or other central outages and can support portability to locations where the network is unavailable.

Both sides have significant advantages, and depending upon what type of work you do, and in what environment what is best for you will vary.

Personal use currently clearly favors the thick hardware client. Since there is no trusted authority that already has access to user information, this would require a large relinquishment of privacy by users. In addition personal use is currently more likely to require high quality graphics and input latency, and less likely to have the necessary network bandwidth (and reliability) to support it. Personal users also require portability, but probably no more than organizational users.

For organizations, the question is far less clear. Most business applications do not make heavy use of graphics, although input latency can still be a very important factor. Network bandwidth and reliability is also generally greater when on-site. However, many users still require portability, and until high speed and high reliability wireless is ubiquitous this will remain an issue.

By using tools like VMWare organizations could save some money by moving users to thin client hardware, while still maintaining nearly the same user experience and capabilities. However, many users simply cannot now, and this complicates the issue. The best strategy is probably to start building the VMWare farms for secondary purposes like QA departments and experimental deployments. Primary machines should be handled on a case-by-case basis for the time being, or simply wait until ubiquitous wireless service allows the less technically demanding and savvy groups to accept a change.

This may sound like an endorsement of thin clients, but to generalize it that way would be a mistake. Thin client hardware still has no solution for a vast portion of the user base. I also feel it is important to keep things like user interfaces common between the two worlds and that is why I would recommend solutions like VMWare, which emulate thick clients. This notably does little to address most of the management issues, but I am of the opinion that giving thick client operating systems better centralized management support is a better way to addresses those issues.

Also on the issue of centralized management, I am of the opinion that it is far better to design management into software, rather than to design free-will out of a system. The difference is that in one case, you can release flexibility to users on a conditional basis through configuration, and in the other, you need an application rewrite. To me it is somewhat like the difference between having a door you can open and close or filling your doorway with bricks.

The overemphasis of draconian management is what has driven me away from thin client hardware for quite some time. Worse yet was that many systems provided no method by which individual users could step outside the box.