← Back to context

Comment by dpark

3 months ago

The proposal is to remove support and change the standard. Standards evolve. Sometimes features are removed because they are costly to maintain or security problems or both.

The fact is that all the major browsers are looking to deprecate this functionality because they all agree it’s a security bug farm and too underutilized to justify fixing.

> You love a closed web. That’s why you’re backing Google and arguing for this. I can’t change that there are so many weak minded “yes daddy Google” people in the world.

Don’t do this. We can just disagree without resorting to strawman and ad hominem attacks. No one insulted you for holding your opinion.

Before this my mental model of you was an engineer who’s frustrated that he’s going to have to do work to deal with the deprecation. I can empathize with that even if I think you are wrong in believing that browsers should invest further in support of xslt. Now I realize you just lack empathy for other engineers who are also forced to make real world trade offs. The fact that you happen to use xslt in the browser does not make it important relative to all the other features browsers support.

12 comments

dpark

Reply
righthand  3 months ago

> Sometimes features are removed because they are costly to maintain or security problems or both.

But the features and tech doesn’t have security problems. The library implementation does. This is exactly the kind of bad faith argument I’m talking about. Please just for one second try making an argument pro-XSLT and then try to compare the two mind sets about technology here.

There is no negative trade off by maintaining XSLT other than not being lazy developers. I have no empathy for people who hide behind billion dollar corporations and do their bidding. This is not some sort of critical situation, this is a Google engineer doing things because it’s easier, not “right” or “the difficult choice”.

  • dpark  3 months ago

    > There is no negative trade off by maintaining XSLT other than not being lazy developers.

    Only because it’s not your money or time being traded. Yes, if we pretend that engineering effort is free then there’s no reason Google couldn’t just rewrite this entire library in Rust or whatever. But if that were true you would just rewrite the library yourself and send the pull request to Chromium.

    In the real world where engineering costs time and money, every decision is a trade off. Someone rewriting libxslt to be secure is someone who’s not implementing other features and who’s not fixing other bugs on the backlog.

    Resources allocated to Chromium are finite and while sure, Google could hire 2 more engineers to do this, in reality those 2 new engineers could and would be assigned to higher priority work.

    > this is a Google engineer doing things because it’s easier, not “right” or “the difficult choice”.

    You keep blaming Google specifically. All of the major browsers are planning to drop this though. They all agree this is the right trade off.

    • righthand  3 months ago

      Surprise, there’s already an effort to write xml related libraries in Rust: xrust library for one.

      It doesn’t have to be this pearl gripping bitching and moaning about budgets and practicality. That’s just what Google wants you to believe.

      No all of the major browsers weren’t planning to drop this. It literally only started happening because of Google. And Google is essentially forcing the hand. Again this is bad faith argument. I will not concede on my thoughts on this unnecessary destruction of XSLT in the browser while other technologies get a pass.

      4 replies →

  • shadowgovt  3 months ago

    There's a lot of people saying "All we need to do is maintain libxslt" and a distinct lack of people actually stepping up to maintain libxslt.

    I, for one, won't. Not for the purpose of keeping it in the browser. There are just too many other ways to do what it does for me to want that (and that's before we get into conversations about whether I want to be working with XML in the first place on the input side).

    > not being lazy developers

    Laziness is one of the three great virtues of programming. Every second not spent maintaining libxslt is a second we can spend on something more people care about.

    It's a rule for writers, but it applies to software architecture also: kill your darlings.

    • righthand  3 months ago

      Sure. But since this announcement I’ve been planning ways to support xslt. Here are the projects I’m considering:

      - iced-ui browser with xslt + servo

      - contribute to xslt xrust project

      - investigate sandboxing xslt in firefox and implementing xrust

      - same as the previous but for Chrome

      - have an llm generate 1000s of static websites built in xslt and deploy them across the internet

      - promote and contribute to the recent Show HN post of an xslt framework

      I figure if I can generate enough effort to spam the web with xslt sites then they can’t remove it. Ultimately the first goal is to delay the removal from Chrome. This will delay the removal in other browsers. I don’t care if it’s ineffective. It’s better than doing nothing.

      So you can take your lazy tenants of software engineering and your “hyuck Google knows best” eslewhere.

      3 replies →