← Back to context

Comment by girst

5 years ago

nearly all of those APIs are also considered 'harmful' by Mozilla[1]. Some have even been disabled after implementation because of this[2]. These were developed by Google for Chrome OS, and besides the privacy issues, they substantially increase attack surface for security vulnerabilities.

[1]: https://mozilla.github.io/standards-positions/

[2]: https://developer.mozilla.org/en-US/docs/Web/API/Battery_Sta...

28 comments

girst

Reply
j-pb  5 years ago

Mozilla also killed WebSQL because the existing implementation was too mature...

I don't know what they're driven by, but it's not pragmatism.

  • sitkack  5 years ago

    There is too much opinion in your statement.

    Mozilla opposed it, rightfully so, in that it would dictate that SQLite be the implementation used everywhere. Mandating the inclusion of SQLite is not a spec.

    As much as I like SQLite and looked forward to it being in 2/3 of browsers, Mozilla made the right call. The web should be implementable entirely by the specification.

    Google likes to define the spec as the identity function of the implementation. Popeye specs, "I yam what I yam and dats all that I yam".

    • j-pb  5 years ago

      WebSQL would have been a spec, could have been a living spec too. Start out with SQLite in all the major browsers, and then gradually have them diverge. Blink and Webkit started the same way. Independent implementation does not mean "implementation of uncommon history".

      But somehow "paving the cowpaths" doesn't apply to tech that they don't find attractive.

      Similarly, and that is actually a statement loaded with opinion, I've seen way to many self proclaimed "spec hackers" at mozilla. People who relish in the joy of writing out ideas, I mean who doesn't love building castles in the skys, but who completely ditch the implementation. It doesn't matter if you have the most beautiful spec in the world if the implementations are shoddy, or if it specifies the wrong thing.

      Web specs are the modern hackers "waterfall" design process. Sure everybody talks a lot, and there are many pretty documents that come out of it. But once you start implementing the stuff, you start to realise that all your assumptions were wrong, and now you've made a mess.

      I think specs actually produce less diverse implementations. Because they are so easy to write, in comparison to code, and because writing them doesn't give you immediate feedback on when you've reached a good minimal feature set, it's almost inevitable that you end up with way more stuff than you actually need. There is a reason that there are essentially only 2 Multitrillion dollar companies that can keep up with that mess. And mozilla would have died long ago if google wasn't keeping them alive to avoid anti-trust investigations.

      In all fairness Living Specs try to acknowledge this, but somehow we still collectively pretend that they are more than mere documentation, that by calling them a "specification" instead of "documentation" they somehow make the web run.

      Specs don't run the web. Code does.

      12 replies →

    • Mikhail_Edoshin  5 years ago

      I was under the impression that the "by specification" idea was generally tossed out with HTML 5, where the specification started to describe the current implementation. And this was cheered by everybody. What has changed?

      1 reply →

  • girst  5 years ago

    >because the existing implementation was too mature.

    That's not what I gathered from their official response to the deprecation[1]. But the major problem with WebSQL for Mozilla seems to be this:

    >We don’t think it is the right basis for an API exposed to general web content, not least of all because there isn’t a credible, widely accepted standard that subsets SQL in a useful way. Additionally, we don’t want changes to SQLite to affect the web later

    edit: and once again: security might have been a deciding factor, too[2].

    [1]: https://news.ycombinator.com/item?id=18685296

    • j-pb  5 years ago

      Yet years later there is still no good solution for that space and IndexedDB is a total clusterfuck.

      I'd be far more worried about the mess at the core of the web, css and rendering, than about exploitable bugs of SQLite. The fact that a RCE in SQLite is HN worthy is indicative of that. Browsers have tons of RCE that are fixed every year, but it happens silently because everybody is so numbed to it.

      The quoted argument is a copout of them. HTML is also a "Living Standard" a.k.a. we just implement whatever we feel like, and write it down once we feel like it has stabilised a bit. They could have done the same for SQL, but NoSQL was en vogue at the time so they pretended that SQL needs to somehow hold up to much higher standards than the usual mess they produce.

      SQLite is probably one of the few pieces of software that is actually trustworthy, unlike the dumpster fires of C++ and feel good essays, that we call browsers.

      8 replies →