← Back to context

Comment by cromwellian

5 years ago

Prior to canvas, you had Flash and server-side rendered round-tripped graphs. You really think this was better?

Browsers bring friction-free exploration, literally "surfing". Hit the back button, or clear all your caches, and you're done, but otherwise, it's fire and forget.

The installable App model creates "shit work". Everytime I install something, it permanently takes up both screen real estate, and storage, and creates a cleanup task for me to delete it at a later date. Steve Jobs said "don't give your users shit work", well, app install and uninstall is shit work.

I don't want to install stuff, I want to use stuff and get work done, and want things to go away if I don't want them without having to become a System Janitor.

You complain about notification janitor work, which is fair, but native apps have the same problem, my iphone is deluded with notification spam.

The whole app model is a complete reversal of decades of movement to thinner clients, back to the Windows model.

Every time I go to a new restaurant, a new milk tea place, a new airport, or a new airline, they're asking me to install their native app. How many god damned United/American/SFO/InAndOut/FiveGuys/Chipotle/Starbucks/et al apps do I need on my device?

And no, "Instant Apps" are a worse solution to this. Why do I need to download a friggin 5mb iOS executable, even if it isn't perma-installed, just to display a form with 4 boxes on it to pay for a parking meter.

Form-filling is literally the use case for SGML from the beginning.

No, we don't need a native-locked-down-walled garden for every physical point of sale in the real world. And since Apple will never own 100% of the market, this means developers will end up needing to write, x2, silly little point of sale apps which clog up people's phones.

Ephemerality, transparency, portability, are desirable properties in addition to security and privacy. Apple leans too much on the latter at the expense of the former with relatively dubious justifications that could be fixed with better design, instead of refusing to participate in improving the specs to meet the desired properties.

10 comments

cromwellian

Reply
saagarjha  5 years ago

I don't entirely understand your argument: I would love to use those things in the browser; in fact I do. But those are precisely the things I don't want to give random web API access to!

  • cromwellian  5 years ago

    Then don't. But if a web form at a coffee place wants to ask you for payment, it should be able to call up the WebPayment API to ask for one time permission, to which you can acknowledge. I shouldn't need a native app to do it.

    And once you acknowledge that asking for access to spend your credit card is ok on the Web (and it is, because Apple supports the W3C Payment Request API), why do you think it is far worse to plug into a USB device, and be prompted to ask if your Web page can access it. There are any number of reasons to do this, like Arduino projects, IoT devices, etc.

    I use a Chrome app that lets me install APKs over USB thanks to this API. Super helpful for installing built artifacts from a Continuous Integration result page for example.

    Or maybe you're at an airport, or your company, and you want interact with a vending machine through NFC or BlueTooth. Why is a one-off permission tied to that one use any worse than the previous example of payment approval.

    Most of the people responding on HackerNews seem to think Web apps can use these APIs without requesting user permission.

    • millstone  5 years ago

      > I use a Chrome app that lets me install APKs over USB thanks to this API

      What the fuck.

      > Most of the people responding on HackerNews seem to think Web apps can use these APIs without requesting user permission.

      Nobody will have malware sideloaded because it requires clicking an OK button?

      Most of the web is scams. Search for anything and most links will be scams. From that perspective, these APIs are profoundly reckless.

      1 reply →

    • saagarjha  5 years ago

      Because then the web process needs access to the USB stack in some way, which is a lot more complicated than simply providing credit card information…

      3 replies →

boomlinde  5 years ago

> Prior to canvas, you had Flash and server-side rendered round-tripped graphs. You really think this was better?

Bringing up flash here is like responding to an argument against capital punishment with "prior to lethal injection, you had firing squads, which do you think is better?"

> Hit the back button, or clear all your caches, and you're done, but otherwise, it's fire and forget.

Then of course websites can override the behavior of the navigation buttons...

> The installable App model creates "shit work". Everytime I install something, it permanently takes up both screen real estate, and storage, and creates a cleanup task for me to delete it at a later date. Steve Jobs said "don't give your users shit work", well, app install and uninstall is shit work.

Steve Jobs also thought he could cure his pancreatic cancer with a vegan diet. Perhaps shit work is a necessity if you don't shit laying around in inconvenient places, and this was one of Jobs' neuroticisms that didn't contribute to his genius.

That an app takes up permanent screen real estate is a matter of designing the operating system interface. On my computer, apps certainly don't take up permanent screen real estate.

> I want to use stuff and get work done, and want things to go away if I don't want them without having to become a System Janitor.

I feel the same way and my apartment is currently an absolute mess for this reason.

> The whole app model is a complete reversal of decades of movement to thinner clients, back to the Windows model.

So is the direction of the web, where clients are expected to do more and more work to make the server side application work. This is why computers that were sold as "thin clients" back when this concept was actually considered relevant are now pretty much useless for browsing the web. We're now working towards rich clients for better or for worse.

> Every time I go to a new restaurant, a new milk tea place, a new airport, or a new airline, they're asking me to install their native app. How many god damned United/American/SFO/InAndOut/FiveGuys/Chipotle/Starbucks/et al apps do I need on my device?

In my experience, none. I pay cash, debit card or in some cases using a single phone number based bank transfer app that's ubiquitous in my home country. In no cases have I needed a vendor-specific app to do this. Are you telling me that you can't go to Starbucks and buy coffee without installing their crapware?

> And no, "Instant Apps" are a worse solution to this.

No one mentioned "instant apps" and I've never heard of the concept until now. I agree that it's a stupid and pointless idea. This is not a problem that needs a solution in the first place, and "instant apps"/webapps/whatever are just part of a spectrum of stupid solutions to a stupid and incorrectly posed problem.

The problem they want to solve which is not as stupid, but all the more privacy invasive and manipulative to make up for it, is that of knowing as much about their customers as possible and to be able to push marketing information to them on that basis. To the credit of "instant apps" it only partially solves that problem.

> Form-filling is literally the use case for SGML from the beginning.

Yes, and if you limit your web app to the simple task of letting a user fill a form and submit it you don't need any of the stuff added to browsers in the last 25 years.

> No, we don't need a native-locked-down-walled garden for every physical point of sale in the real world. And since Apple will never own 100% of the market, this means developers will end up needing to write, x2, silly little point of sale apps which clog up people's phones.

No one needs to do that. If you mean that a big web API surface is necessary to create proprietary point of sale systems in a way that's more convenient to the vendor, I consider it only appropriate to limit the API surface to prevent them from doing so.

> Ephemerality, transparency, portability, are desirable properties in addition to security and privacy. Apple leans too much on the latter at the expense of the former with relatively dubious justifications that could be fixed with better design, instead of refusing to participate in improving the specs to meet the desired properties.

It is clearly the case now that security and privacy significantly suffers from the browser API surface.

  • cromwellian  5 years ago

    > Then of course websites can override the behavior of the navigation buttons...

    Really, in practice how often are you prevented from leaving a website? Except for porn and pirate websites, almost never, and taking over the back button/onWindowExit is now mitigated in most browsers. For the majority of the people on the planet, they browse hundreds of websites, without ever needing to give a cognitive thought of cleaning up their cache. Websites are effectively emphemeral from a cognitive standpoint to most people, whereas app installation is not.

    The web surfing is like channel surfing TV, when you change the channel, you're done. App installation eventually creates an environmental cleanup task for you.

    The install model is a giant regression to the ease of consumption and low cognitive overhead the web brought.

    > In my experience, none. I pay cash, debit card or in some cases using a single phone number based bank transfer app that's ubiquitous in my home country. In no cases have I needed a vendor-specific app to do this. Are you telling me that you can't go to Starbucks and buy coffee without installing their crapware?

    The purpose of POS apps is not just payment, but parallelization. A POS is a queue, which means customers have to wait in line to give their order. You've never had to stand in line in front of several indecisive people? POS apps provide the ability for you to conduct the entire transaction without getting in line, and indeed, place your order and then arrive just-in-time when its ready. I routinely order, and then arrive to pick up with zero wait. Hundreds of millions of Chinese who use WeChat for 'O2O' commerce like this and it is the ultimate in convenience.

    For people with disabilities, POS apps are a god send. And they're especially great for this pandemic. The only problem is, there's no need they be "apps" that get installed.

    > It is clearly the case now that security and privacy significantly suffers from the browser API surface.

    Browser security in the Firefox and Chrome world has been more solid than the 'apps' world. I'll take the browser sandbox over the app sandbox any day. And the browser API surface hardly matters when third party cookies, which have been around since 1995, are still widely used for tracking, and the biggest bit of fingerprinting entropy -- your IP address -- is core to the internet itself. And again, these APIs won't matter for fingerprinting if they are behind permission requests, because they can't be automatically used by third party ad networks.

    Now excuse me, I have to give back to a meeting on that App Store reviewed Zoom app to conduct my meetings. I have nothing to worry about eh?