
New in Chrome 70 - guzik
https://developers.google.com/web/updates/2018/10/nic70
======
cromwellian
HackerNews is starting to become less and less useful for reading tech news as
of late. I come here to read stuff that's interesting in tech/science/etc,
because the signal-to-noise was great.

The vast majority of comments on this article are complaining about a single
thing: a bluetooth API behind permissions check, and then spilling over into
political arguments about what the Web should be (documents only!) and
hyperbole (e.g. "i'll be bombarded by permission requests" \-- lots of Web
APIs can ask for permissions already like the Mic and Webcam, why isn't there
an epidemic of permission spam from those, but you expect BT?)

For example, if I hadn't read the link in detail, I wouldn't have even known
about the Web Authentication API extension ([https://developer.mozilla.org/en-
US/docs/Web/API/Web_Authent...](https://developer.mozilla.org/en-
US/docs/Web/API/Web_Authentication_API)) to the Credential Management API.
Improving authentication on the Web should be an interesting topic for HN, but
no one even mentioned it.

The ship has sailed, we're 20+ years into this open ecosystem of ephemeral,
mobile code execution, with Web Assembly poised to take it even further. We're
not going back to documents-only, so either we improve the Web, it's security,
performance, and capability, or we freeze in place, and hand our lives over to
the App Stores of the world (the security world of native-platforms with side-
load app capability isn't very impressive at this point)

~~~
tialaramex
> The vast majority of comments on this article are complaining about a single
> thing: a bluetooth API behind permissions check,

A HackerNews staffer wrote, some time ago:

> We've reverted the title from “Chrome 70 supports Web Bluetooth on Windows
> 10”, which breaks the guidelines by editorializing.

So that's your proximate cause. Somebody editorialized the article and the
initial responses are to that editorialized title.

~~~
cromwellian
Good point, and an excellent justification for the no-editorializing-policy!
They should link that policy to this thread to show what happens to S/N when
people editorialize for clickbait.

------
bjt2n3904
The other day I was scrolling past a panoramic picture on Facebook. I happened
to jostle my phone, and was surprised to find I could look around the picture
by tilting my phone.

When the fsck did this become a feature? Why did nothing ask me if I was ok
giving Facebook access to my hardware? How do I turn it off? Who thought this
was a good idea!?

These same questions apply to Bluetooth. Already, such a terrible standard
when it comes to privacy. And now, random websites can grab control of my
radios? With JavaScript? Nothing wrong can happen with this, for sure!

FFS. This is like the battery api. Too much time spent on "can we", too little
time spent on "should we".

~~~
lucideer
The Web Bluetooth API asks you for permission every time. Like every new web
standard like it. It's still something many users will blindly click through
but at least there's that.

At least this doesn't seem to be a priority feature for Mozilla yet. MDN
doesn't even have proper docs for it. So I'm a bit thankful for that, for now.

As for Facebook and the accelerometer, I'm presuming you're on Android, so you
can definitely blame Google for that.

~~~
zawerf
> It's still something many users will blindly click through but at least
> there's that.

Malicious sites can trick you into accepting too:

[https://www.reddit.com/r/assholedesign/comments/9p3172/yeah_...](https://www.reddit.com/r/assholedesign/comments/9p3172/yeah_no_thanks/)

~~~
tomp
That “allow notifications” popup is _way_ too small... instead, it should pop
up in the middle of the screen, have big bold letters, and gray out the
website in the background. Then wevsites would be much more careful about
asking you about it...

------
userbinator
Great, another feature that is probably useful for <1% of websites but will
likely be used for anti-user functionality like tracking and surveillance more
than that.

Maybe I'm just old, but I find this trend of exposing more to the outside over
the network quite disturbing, and it's also becoming rare for me to be joyful
about a new version of software instead of "what did they break or bloat this
time"... the Web was far more pleasant when it was about hyperlinked documents
and not this cloud-computing-inspired frenzy.

~~~
onion2k
_the Web was far more pleasant when it was about hyperlinked documents and not
this cloud-computing-inspired frenzy_

It was also a lot less useful though, as it was mostly about consumption. All
of the creating happened elsewhere. People made things on their computer in
other apps and then published them to the web. Now though, the web platform is
shifting towards being a creative place in itself. People can make and share
things entirely within a browser. I'd think that's a _significant_ positive
change.

~~~
swiley
I would disagree that the web was more about consumption.

There where more personal pages because html was simple and there was little
reason for large businesses to build pages around consumption or write html
for you. Older browsers even had edit modes and would use the http PUT method
to send updated versions of the document.

The original intention of the web was a sort of global wiki, not this tool to
connect you to some coorperate service.

~~~
onion2k
_There where more personal pages..._

Than Instagram accounts? YouTube channels? Facebook pages? Twitter profiles?
No. There's far more now.

The landscape has changed and things look very different, but those things
_are_ personal pages where people publish what they want to say. The only
thing that's changed is that the platforms people publish to have far less
scope for personalisation.

I'd definitely agree that those pages are worse than homepages we had in the
90s as far as a personal voice is concerned. They're mostly boring,
homogeneous things that only very close friends of the owner want to read (and
even then...). Nonetheless though, they _are_ homepages.

~~~
908087
I'd argue that things like "likes" have created an environment where people
generally publish what they think other people would want them to say (e.g.
things that will be "rewarded" with internet points), rather than what they
actually want to say.

~~~
onion2k
That's just 'better' metrics. Back in the day we had hit counters and server
logs, and some of us tweaked our content to drive them up. There were early
forms of SEO, clickbait, content marketing ("content is king" was something
every web person knew). The desire for recognition was there at the start.

------
emsy
So many I'll informed comments on top of this submission. First, the web
Bluetooth API requires a permission. It's useful for more fully featured PWAs.
Even though I personally think the browser shouldn't have become an app
platform, that's the world we live in now. The best cross platform solution is
the one most platforms support and today this is the browser.

~~~
baybal2
>First, the web Bluetooth API requires a permission.

ActiveX also required a permission...

------
limeblack
Mac has supported beginner friendly ways of sshing into let's say a Raspberry
Pi over Bluetooth[0]. I would love to see a progressive really any app for
Windows like this.

[0]: [https://hacks.mozilla.org/2017/02/headless-raspberry-pi-
conf...](https://hacks.mozilla.org/2017/02/headless-raspberry-pi-
configuration-over-bluetooth/)

------
jatsign
Aside - It also lets you install progressive web apps onto the desktop. Has
anyone built PWAs, and if so, why? Do they work cross-platform/mobile well?

~~~
Scirra_Tom
Installing as app works great for our PWA:
[https://editor.construct.net/](https://editor.construct.net/)

> Has anyone built PWAs, and if so, why? Do they work cross-platform/mobile
> well?

Works cross platform great. Construct 3 is a sophisticated productivity app,
although it works on mobile devices it's not the ideal environment to get lots
of stuff done with it.

Coming from a Windows native app, main advantage in developing a PWA is that
it allows easy cross platform support (Chromebooks especially good for
educational markets) and much more agility in developing compared to say a
native app.

~~~
jatsign
Very cool. Do you happen to have any links to read about getting started? Any
specific technologies (frameworks/libraries/etc) that helped out? Any lessons
learned?

~~~
Scirra_Tom
My brother (and co-founder) actually develops the product with 2 other full
time engineers, I'm not involved in the product development directly.

It was all built from the ground up though. I think we were well ahead of the
curve when it was started to be developed 3-4 years ago.

Mentioned in another comment yesterday that we decided against using third
party UI because we were worried about bloat, third party dependencies and
general responsiveness. Whole app is usable in ~1mb of network load (less than
lots of big-corp homepages) and we get comments from users saying after using
it for a while they forget they are in the browser which is great and a strong
indicator we've hit the mark.

If we were to start again today, we'd still roll our own UI.

My brothers blog is very good and often technical and goes into a lot of
interesting web tech stuff relating to Construct 3 and PWA's:
[https://www.construct.net/en/blogs/ashleys-
blog-2?orderID=1](https://www.construct.net/en/blogs/ashleys-blog-2?orderID=1)

There are a whole raft of benefits of PWA's, probably too many to list
especially coming from our native predecessor Construct 2. Auto updating users
to latest versions, no download/installation which helps significantly with
converting users into just trying the product, faster load times than our
native Windows predecessor, easier distribution etc etc.

Cross platform support is an incredible competitive advantage in some markets
such as education where Chromebooks are common and competition is sparse/non-
existent. It even runs on Raspberry Pi's and we're confident we're future
proofed for new devices.

Making your PWA fully functional online is tricky but doable and I believe
particular care needs to be taken here from the beginning. Retroactively
implementing offline support would be difficult.

It's also important to not get too fancy and building it for offline use helps
you avoid these traps. We've seen some PWA's record every user interaction
within the PWA which appears to be the basis of some features such as undo -
this brings in a huge raft of complexities.

A few shortcomings, but the gaps are being bridged slowly but surely. For
example copying images to clipboard:
[https://bugs.chromium.org/p/chromium/issues/detail?id=150835](https://bugs.chromium.org/p/chromium/issues/detail?id=150835)

------
fredoralive
The greatest threat to the web is those that want to turn it into an “app
platform” instead of a hypermedia system. Sadly the battle has probably been
lost.

~~~
koboll
HN commenters have such a strange cognitive dissonance on this issue.

On one hand, there's this consistent theme of web Luddism - a lament for the
simplicity of when the web was for documents, rather than apps.

On the other hand, there's this rage against increasing control of
distribution channels by tech giants like Apple. The whole point of the web as
app platform is to circumvent that.

~~~
duckerude
Those are not incompatible sentiments.

You can think centralized distribution is a problem and still think the modern
web is a bad solution to that problem.

A problem is that the web is being used for both applications and documents. I
don't mind if an application I explicitly launched as an application asks to
make Bluetooth connections, but I would mind if a blog post did that.

I think there's a lot of value in web applications, but I really don't like
how it interferes with the non-application web.

~~~
petecox
> I don't mind if an application I explicitly launched as an application asks
> to make Bluetooth connections

The security model for a desktop-installable 'app' is a superset of a webpage.
Or at least it was in Firefox OS, where additional permissions were required
for accessing the filesystem or hardware APIs. In this way they were not
available to websites to hijack the in-browser sandbox; the system web browser
was itself a 'browser app' with a restricted set of permissions.

(I presume it's similar in Chrome OS, while this blog post is in the context
of 'appifying' Windows desktop outside the browser.)

------
favorited
Making "Hold ⌘Q to Quit" the default on Mac is such a user-hostile change.
There is no reason to deviate from the platform default that literally every
other Mac app uses.

------
ravenstine
> Users can now install Desktop Progressive Web Apps on Windows & Linux!

This is great, but hopefully Safari(especially on iOS) will follow suit and
support PWAs. I recently wrote a PWA but changed it to use Cordova because
Safari on iOS doesn't support "Add to Desktop" for PWAs. If it does, I
definitely couldn't figure it out when running the latest iOS.

One thing I'd like to see Google do is allow PWAs to be listed in the Play
store. A lot of apps are already web views, and a PWA could be much more
practical, especially if they provide some APIs to fill the gap between web
and native.

EDIT: Nah, I take that back. Fuck the Play store. I hope people can become
comfortable with downloading PWAs directly. One of the things that held me
back from releasing a PWA is the people I tested it with weren't comfortable
downloading an app from a "random" website, which is pretty ridiculous seeing
how easy it is to release horseshit software on the Play store.

~~~
jf-
It definitely does. If it’s not appearing something is wrong. A common cause
is some asset being delivered over http rather than https.

Actually, it should allow you to add ordinary websites to the desktop, but
doesn’t display them full screen. Forgive me if this is a stupid question, but
did you just not scroll right on the menu in safari? I couldn’t find it the
first time I went to add a site to desktop either.

------
CyberDildonics
Most of this thread seems to be people upset that this exists. Do people not
realize can control javascript permissions?

~~~
fenwick67
They're rightly concerned that it will be used like notification permissions:
just one more thing you need to cancel when you use a site. Yes you need to
consent, but even being asked is audacious.

~~~
Ajedi32
Notification permissions are widely (mis)used because many sites already have
a legitimate use-case for that permission; keeping users updated on new
articles posted on the site.

It's not at all clear that a similar widely applicable use-case exists for
Bluetooth.

~~~
Outpox
This is just plain boring to be honest, I don't want to be notified when a new
article is released, I'd rather manually check a RSS app when I want to read
such news instead of receiving a notification while I'm working. To each its
own I guess.

------
Uhrheber
Being able to use Bluetooth REPL for microcontrollers running MicroPython is
somewhat cool, but also rises serious security concerns, if such a device is
used for IoT.

------
stephenr
I'm sure nothing terrible will happen by exposing Bluetooth to the world of
skeezy javascript malware.

------
nemodmarg
What is the realistic everyday use case for this?

~~~
zawerf
Pairing your phone with your pc for realtime inputs w/o going through
internet.

For example [https://www.airconsole.com/](https://www.airconsole.com/) turns
your phone into a gamepad for multiplayer browser games. But I think they are
using web sockets or webrtc right now which is kind of silly when everyone is
in the same room looking at the same browser.

~~~
KrishnaAnaril
Airconsole is awesome and it's a very innovative idea. This will really help
them to reduce the data usage.

------
emehrkay
I wonder how much of this is directly related to Google’s game streaming
ambitions. Chrome, the browser, is pretty much it’s own os at this point

~~~
Spivak
Gotta say though, the OSification of browsers has been the greatest thing to
happen for Linux compatibility. We can talk about efficiency and purity and
integration and things but hot damn a decade ago I would have never thought I
would be able to run so many apps without any sort of friction.

------
Serow225
Does anyone know of something like a search engine for PWAs? I'm kind of
intrigued by the new desktop PWA functionality described, but I don't know how
to find out which sites I can desktopify. Thanks!

------
kaffeemitsahne
I wonder what the next layer is gonna be after web browsers have completely
taken over all operating system functions.

~~~
pavlov
Web workers and service workers are already a new layer of tightened
sandboxing on top of the JavaScript sandbox whose volume of sand is soon
approximating Sahara.

------
LegendaryPatMan
Wait... Windows 10 allows applications to control radios...

So couldn't you go past some site doing a driveby, Chrome get's control of the
Bluetooth radio and then the site can just go Bluesnarfing against nearby
devices?

Or say have an extension in Chrome that gets control of the radio and you can
use the control of the radio and go sniffing for data like I don't know
messages or health data sent between phones and smartwatches?

------
oaiey
A pity that the classic RFCOMM interface is not supported (at least how I read
it).

------
pasbesoin
about://config (ok, _chrome_ ://config) is gone

Nothing Bluetooth is in chrome://flags

Google search results are their usual, these days, jumble of largely
uselessness.

In the context of a relatively quick search and results skimming, this result
is dated 2015 but still seems to be pertinent. It is also the link that is
cited in the OP's linked announcement.

[https://developers.google.com/web/updates/2015/07/interact-w...](https://developers.google.com/web/updates/2015/07/interact-
with-ble-devices-on-the-web)

In particular, where it says:

[https://developers.google.com/web/updates/2015/07/interact-w...](https://developers.google.com/web/updates/2015/07/interact-
with-ble-devices-on-the-web#dev_tips)

 _A "Bluetooth Internals" page is available in Chrome at chrome://bluetooth-
internals so that you can inspect everything about nearby Bluetooth devices:
status, services, characteristics, and descriptors._

Checking the system I'm on, I'm not hooked up to any Bluetooth devices. I see
the Status panel shown in the article, although it's not titled. Nothing else.
There are two left-side tab-ish controls that let me switch between "Adapter"
and "Devices". Devices shows the headset I was using the other week. It also
has a button to "Scan".

Nowhere, a browser-level control to turn this off.

This is _not acceptable_.

Google et al. are not going to stop. So, we are going to have to rewrite
support for these stacks, and/or reconfigure how we run their apps and under
what permissions, to cut them off.

OS development (on "free" OS's, at least) is going to have to start assuming
that applications the user actually wants and needs to run, can be and are at
the same time at least partially hostile.

Or, we just put up with this situation and being relegated to "cattle". I was
just at a dairy farm the other week, and they now tag _both_ ears -- so they
don't even potentially have to take a step to identify the cow.

This system uses Ubuntu 16.04, so supposedly control of this subsystem is more
limited than on e.g. Windows 10. But there's no way I'm "relying" on that, all
the more so going forward in time.

------
sctb
We've reverted the title from “Chrome 70 supports Web Bluetooth on Windows
10”, which breaks the guidelines by editorializing.

