mf - story #5934 - Just to be clear, th

posted by dsk on September 5th, 2011 at 10:37PM

Just to be clear, this is argument is about your particular eccentricity. The market has spoken. A richer web is what everyone wants. The debate is over. You can hardly find anyone who thinks that the people of early 90s when hypertext was developed, somehow achieved perfection because the web consisted of simple markup and request-based architectures. Smart people are on this side too.

>You would do online banking on a stranger's computer?!

Depends, but yes, I would. At some point you have to trust somebody.
Oh, you don't trust any computer that isn't yours? Well then do you trust all the intermediaries that your packets will jump through to get to the banking server? Oh, you don't have to because you use SSL? Well, do you trust the cert issuers?

>Yes, server-pushing-browser via HTTP is sacrilege

I meant to segue into WebSockets, a protocol which is completely separate from HTTP, but uses it in the "handshake" step. It's supported by every major browser.

Why not?

> That's why we have other protocols, like SSH and IRC and SMTP and IMAP etc etc.

Well shit ... by that definition HTTP also re-invents the wheel. There's nothing intrinsically revolutionary about HTTP.

>"Web-based" is also a fad buzzword, by the way.

That's needlessly pedantic. "Web-based" is a perfectly valid way of describing a particular architecture.

>Why the fuck would you want to change the html-dom tree?

Are you retarded? What kind of a question is that? My Gmail will instantly show me an alert when a new email has arrived, without a page refresh - which you may not want to do arbitrarily (what if I'm typing an email). You can't do that without having a client-side script like javascript. The only alternative is that I use an installed program - but the market has spoken, millions of people don't want to do that. They want web-based with the bells and whistles.

>That's what plugins are for, if you absolutely need them. That's also what other programs are for.

Do you just decide to go full retard? The fuckin point of web-based application (and let's face it, gmail and others are applications), is that you can use any browser, on any computer to get access, even computers that I may not have user privileges to install full-fledged application.

I'm having a hard time discerning if your hangup is that you genuinely not know why anyone would want to access, say, email with a browser, or whether you don't see a difference between an installed application, or one that runs in a browser.

I don't know which of the two is more idiotic.

>Why does a browser need to be a compiler again

"Interpreter" ... and see above.

Link | Parent

posted by dennisn on September 5th, 2011 at 11:27PM

Compromising an SSL certificate authority, and a no-name kiosk, are vastly different things. No, I wouldn't do banking on a stranger's computer.

"Why not?" websockets, or whatever other new-fangled browser protocols come up? Well, that's an excellent question. If you derive fun from reinventing wheels, that's none of my business. But if you then break old wheels, or pretend they don't exist, and expect everyone to hop on your new wheel every year, then it becomes absurd. (Ie. JavaScript-only sites are more often then not absurd.)

I don't think HTTP reinvented any wheels? Unless maybe the FTP wheel? Anyways, I can give you a valid thing or two that HTTP/HTML offered that FTP (or whatever else) didn't. Can you give me a single new thing that these fads offer?

Also, I think you're a bit too caught up in this web-based fad. I actually don't think "the market has spoken" in it's favor. I certainly would agree that it has captured the retarded masses -- simplicity does that. Of course, there are serious costs to that simplicity -- non-trusted source code, more centralized points of failure, bloat, less control/customization. For example, Ubuntu certainly is popular among newbies, it is pretty easy to use -- but the people who really matter don't use it personally.

You seem to be suggesting that using other people's computers (to access your programs via their browser/hardware) is a good thing. It really isn't. It is an absolute last resort -- and if it require any kind of real security, it's incredibly stupid. So, -1 for that reasoning.

I also do have a hangup understanding why you would prefer google to read and store your (sensitive?) information, and not your own personal program that you have complete control over. But, whatever, you're free to do whatever you feel like. As I mentioned earlier, my only concern is when old/working things get broken/ignored, by over-zealous (and confused :p) fads.

In conclusion, keep your js-gmail and your js-google-maps and your js-facebook, don't talk to me about them :p (unless you have an actual point), but simply leave a non-js version of them for the rest of us to use. Or, at the very least, don't expect all the rest of us to jump on your band-wagon, just because everyone else is doing it. That never works.

Link

posted by dsk on September 9th, 2011 at 8:49AM

>Compromising an SSL certificate authority, and a no-name kiosk, are vastly different things

There's a whole plethora of computers between your personal machine and a "no-name" kiosk that should illicit different trust levels. You wouldn't do banking on a no-name kiosk, but what about a locked-down university computer? Besides, as there's a whole bunch of certificate authorities that are based in despotic countries (e.g. China), or are run by people (all of them), you can be sure that your cert was / is probably compromised.

>Can you give me a single new thing that these fads offer?

Yes, it runs in a fuckin browser.

>For example, Ubuntu certainly is popular among newbies, it is pretty easy to use -- but the people who really matter don't use it personally.

LIKE WHO? Hell, Torvalds used Fedora 9, a few years back. Nobody uses something like Gentoo or minimalist distro, except hobbyists who? like to tinker. Who are these people that "really matter"

>You seem to be suggesting that using other people's computers (to access your programs via their browser/hardware) is a good thing.

It's deeper then that. You can distribute your "programs" (web-apps) and know that no matter what OS / architecture they use, as long as they have a modern browser, it'll work with ZERO hassle. You cannot get this kind of distribution with installed software.

>but simply leave a non-js version of them for the rest of us to use

You're going to find that difficult. At some point, it'll just be assumed that js is running.

> Or, at the very least, don't expect all the rest of us to jump on your band-wagon

Who are the rest of you, because the market already moved, you're still looking back at at mid 90s as some sort of a golden age (relevant: see Woody Allen's 'Midnight in Paris').

Also somewhat relevant: http://blog.mozilla.com/n...ess-observation/

"A web browser is not a document viewer, it is a full-blown programming environment with some very sophisticated text and graphical capabilities. A web page is not a document but a program."

Link

posted by dennisn on September 9th, 2011 at 9:47AM

No doubt there are trust issues all along the way. Trusting only reliable certificate authorities, perhaps only those who provide an extra layer of authentication -- not blindly accepting any CA your browser wants -- is definitely one step in the right direction. Using your own trusted hardware, however, should come way before that, and is way more important. (There is little difference between a public university computer, and a public kiosk -- it's probably even more risky, cuz of all the hackers who would do shit just for fun.)

When you say it "runs in a browser" -- you're absolutely right -- it only runs in *a* browser. I've tried a bunch of them, and only had luck with the bloated firefox. All my other webkit ones are a HUGE pain in the ass -- JavaShit sites consume 100% of cpu generally, they crash constantly -- it's a nightmare. Clearly web-designers only care about that one browser -- it shouldn't even be called JavaShit ... it should be called MozillaShit, or IEShit, practically speaking. Anyways, I don't see how that's a good thing. My C email program is far more responsive and workable. And secure! (I wonder what will happen to all those Iranians who used gmail with the fake/bad google-certificate. Lolz :|. Scary. Central point of failure: check. Non-trusted certificate authority added to make newbie's lives "easier", as per market demand: check. Outcome: I-told-you-so.)

Fedora isn't Ubuntu. The masses specifically want Ubuntu. Most of the famous people probably use debian or freebsd -- definitely not Ubuntu. For obvious reasons ... simplicity and power are two diametrically opposite things.

Regarding multi-platform development, this goal has been around forever. There already exist countless cross-platform frameworks (Qt/GTK/....) that can do it all for you. Just like you can package a massive bloated Firefox Platform, you can package GTK/etc into your distro -- which is far smaller and more powerful.)

RE: Midnight in Paris, will do.

RE: the browser as a programming environment paradigm -- that's exactly at the heart of our disagreement. It can all be solved if you simply separate your programming environment from the webpage-viewer (what a browser was originally meant to do!). I don't want my webpages loading programs and hacking my computer -- I already have a good and trusted distribution that does that.

Link