Browser vendors must start to move away from top-down innovation, where they hoard APIs such as TCP and UDP and release sub-standard specs in their stead. Instead they must expose only the bare minimum OS low-level APIs (TCP, UDP, POSIX), keeping the surface area as small and powerful and direct as possible, and then let open source grow around this. Innovation needs to be decentralized, bottom-up. Not designed by committee.
For that to happen, we need to stop conflating "web apps" (trusted, installed, annointed with machine power) with "web pages" (accessed by single link click). At present, Web Apps are suffering and crippled by being lumped under the same security policy as web pages. But Web Apps need to have access to raw machine resources in the same way that Native Apps have access.
Those that don't seem to care for any of this insistence, tend also to be naive as to the massive differences between TCP and WebSockets, and IP and TCP and the whole stack in general. The WebSocket spec is a good example of people doing things in the most indirect way possible, with a maximum of red tape, as opposed to people doing things in the most direct way possible, with a minimum of red tape.
The Web as we have it in these respects is very much Animal Farm and 1984. There appears to be little thought leadership from the major stakeholders in this regard. People like Tim Berners-Lee are asking for change (http://lists.w3.org/Archives/Public/public-webapps/2012JanMa...), but the new incumbents don't seem to want to see.
I don't understand the point you're trying to make. Are you against standardization? What specific actions would you take to "minimize red tape"? You do know that TCP, UDP, and POSIX were all developed by committees right? How exactly is the Web in any way like Animal Farm or 1984?
Standardisation for the web targets too much surface area. Browser vendors need to agree on a smaller set of more powerful, more dangerous, more direct APIs so as to put the responsibility for innovation back in the hands of developers. Developers are being wedged further and further away from bare metal, with no right to return, even if they should so wish - this process needs to be reversed.
Raw TCP was considered for WebSockets, however briefly. Due to security reasons, WebSocket was designed so that it's impossible for a WebSocket client to spoof any existing protocol.
I would argue that things are actually swinging to the opposite direction right now. WebGL is very close to OpenGL ES 2.0, Web Audio API includes low level features, WebRTC 1.0 is slated to include datagram channels... Recent standards efforts are striking pretty good balance of flexibility, interoperability and security, IMHO.
I am referring to networking and storage, not graphics or audio.
At first glance it looks like the top-down massive surface area standards approach is making progress. But the APIs are really sub-par when compared to TCP, UDP, POSIX and what open source could do if given the chance to grow around them.
The security reasons keeping raw TCP out of the browser apply to web pages, not web apps (trusted, installed, annointed with raw machine power to act on the user's behalf). This means that it is not possible to build a SMTP/POP/IMAP etc. client in the browser without the use of a third-party proxy (which introduces additional security concerns). This is a terrible blow to web apps. WebSockets are a diversion.
WebRTC is a herculean effort. UDP should be beneath WebRTC not bundled alongside it. Again, web page security issues have been projected onto web apps, hence no directly exposed UDP.
There is no decent offline storage mechanism in the browser. No POSIX. No fsync. No way to build any kind of performant database. IndexedDB is the only thing available. It is poorly designed to begin with and implementations at present are slow, buggy or lacking. It looks good in the to-do list demo's but beyond that is a pain to work with. I have seen Chrome's IndexedDB reboot Windows over and over again on occasion. All the great open source database implementations are locked out. Everyone is forced to grow over IndexedDB. Much better if LevelDB were directly exposed. But POSIX is what is needed.
The major issue going forward with regard to web apps, is that they need to be seen as distinct from web pages, and when installed by the user, given access to the last 40 years of computing progress.
For that to happen, we need to stop conflating "web apps" (trusted, installed, annointed with machine power) with "web pages" (accessed by single link click). At present, Web Apps are suffering and crippled by being lumped under the same security policy as web pages. But Web Apps need to have access to raw machine resources in the same way that Native Apps have access.
Those that don't seem to care for any of this insistence, tend also to be naive as to the massive differences between TCP and WebSockets, and IP and TCP and the whole stack in general. The WebSocket spec is a good example of people doing things in the most indirect way possible, with a maximum of red tape, as opposed to people doing things in the most direct way possible, with a minimum of red tape.
The Web as we have it in these respects is very much Animal Farm and 1984. There appears to be little thought leadership from the major stakeholders in this regard. People like Tim Berners-Lee are asking for change (http://lists.w3.org/Archives/Public/public-webapps/2012JanMa...), but the new incumbents don't seem to want to see.