Hacker News new | past | comments | ask | show | jobs | submit login
Safari 13 Is Out (developer.apple.com)
78 points by freediver on Sept 19, 2019 | hide | past | favorite | 73 comments

It really, really is a shame that they removed proper extensions. While Safari never had a good extension story, it was at least bearable, and in all other regards its simply the best Mac browser.

Now I have to take a really hard look at switching back to Firefox, and that would be a downgrade in almost every regard I care about. Pity.

I made the switch to FF 2 months ago after being a Safari zealot (for nearly 10-14 years). I did not notice any memory hogging (was an issue in past). I have not rebooted FF in 20+ days. I really enjoy the "container" concept in FF. (ymmv of course)

I've used FF almost exclusively for a large chunk of the aughts, so there is some familiarity left.

My main concern today is actually a matter of trust. Mozilla has had enough privacy-related debacles and questionable decisions that after each update, there is a lingering doubt in the back of my head whether I need to crawl through some settings again or worse, edit obscure config keys to keep it from doing what it shouldn't have been doing in the first place. It's the same feeling I have after a Windows update, albeit to a lesser extent.

I used to be a huge advocate for Firefox. My name is one of the many thousands of donors in their NYT ad from 2004. It pains me to say that these days, Firefox feels somewhat user hostile.

If I do find myself leaving Safari, it's merely the least-bad choice from a continuously shrinking field of options.

The only downside is that FF battery life is much worse than Safari. Supposedly they're working on being smarter about GPU usage to improve this, but I haven't checked lately to see if it has made a difference.

On newer versions (of Firefox Nightly), they use the native CoreAnimations library now for vastly improved battery life:


It's still a very long way from Safari on battery life. As is Google Chrome, by the way.

What's a "proper" extension? The only things in the release notes seem to be about broadening the API somewhat.

They did not just broaden the API. Previously, extensions were written in Javascript, roughly following open web standards[0]. This let you write your extension (nearly) once and have it work in all web browsers.

Now, all of those Javascript extensions are deprecated (users can no longer install them). If you want your extension to work, you now have to rewrite the majority of it from scratch in Swift[1]

[0] https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web... [1] https://developer.apple.com/documentation/safariservices/saf...

Thanks for this information. How do the capabilities of the new API differ from the old one? If a developer is willing to put in the effort to do what Apple says, what extra capabilities do users get, and what existing capabilities are taken away?

I'm not asking about ad- / content-blockers, because that issue has been discussed many times and there's no value in rehashing that discussion. I'm asking about OTHER TYPES of extensions.

There were legacy extensions delivered outside the app store. Those are deprecated and with Safari 13 were removed.

There are other extensions delivered through the App Store you can install. For example, there is a uBlock extension there.

The "uBlock" app extension in the store has nothing to do with uBlock Origin. Do not install it.

What could be driving that, I wonder? Are they concerned with malware?

Regardless, it seems like a big thing to omit from the notes.

If I were to guess, probably performance and battery life. They emphasized efficiency when they introduced their own compiled blacklist API for content blockers.

At a guess: Engineering overhead of two separate extension models, the "real extension" model can't do the kind of cross process communication a lot of extensions really need (password managers, etc).

Then performance problems of extensions injecting and running a pile of JS into all pages.

But yeah, I am not looking forward to losing ublock. I (Safari fanboy) will probably delay updating as long as possible.

> Removed support for Legacy Safari Extensions.

It was in the notes. That's the line.

So far I've managed to find a perfectly acceptable alternative to every extension I was using except for Tampermonkey.

Dang, that’s the only legacy one I use

What extensions do you miss?

* Added support for the Pointer Events API enabling consistent access to mouse, trackpad, touch, and Apple Pencil events.

https://caniuse.com/#feat=pointer - now you can use one unified event capture everywhere, instead of having to choose between "click" and "touch"!

The Pointer Events spec is a real joy.

For example, if you want to roll your own "drag" event for a given element, the API allows you to do this without reference to document or a parent container element. You can just declare that the element currently receiving pointer events capture subsequent pointer events until you release it[1].

Additionally, the API naturally lends itself to patterns that can easily be extended for multi-touch situations.

I'm quite curious which developer led the charge for this API and how they warded off committee meddling by people who lacked knowledge about the benefits of this approach.

[1] https://developer.mozilla.org/en-US/docs/Web/API/Element/set...

Nice to see that all browsers support Pointer Events now. This Microsoft proposed standard was initially fiercely opposed by Google and Apple some years ago.

Well that was before they were shipping devices with a stylus.

Mostly you can just need a click event now since "fastclick" can now work on all modern devices (albeit may need meta viewport or CSS).

In my experience writing a component suite I have found I don't use touch[a-z]+ events that much (just like mouse[a-z]+ events don't get used much either).

I would be very careful before believing the promise of Pointer Events, unless you need to be on the bleeding edge for some reason. When I first used Pointer Events, there were heaps of corner cases that bit me hard. I would be especially careful if using them with virtual Dom updates or very dynamic pages - one of the worst pain points was issues with events when elements were deleted/replaced.

I'm currently rewriting a legacy application to use Pointer Events + pepjs polyfill. Your experiences don't align super well with mine. I'm curious as to why.

What does vdom diffing / dynamic page content have to do with using pointer/touch/mouse events?

If anything, the last scenario you describe sounds like it would be mitigated by use of https://developer.mozilla.org/en-US/docs/Web/API/Element/set... which is only available to PointerEvent implementations?

I found setPointerCapture() caused multiple bugs in corner cases (including one regression a while ago that completely broke our touch support in Chrome desktop).

Maybe the support has improved in Chrome and Firefox, but I would be very careful to test Safari support before I relied 100% upon Touch Events.

This update kills Tampermonkey.

I only used it for a very specific reason - I had a script which removes multi-item eBay listings where one item is 99 cents (typically some kind of keychain) and the other items are the actual listed item at a much higher price.

It's a technique used to break the "sort by price" function, since it sorts by the cheapest item in a multi-item listing.

Just opened it again out of curiosity and the first message I got is that the Bitwarden and Pocket extensions are not supported anymore. Oh, well, as much as I'd like to use it, a desktop browser without extensions is dead to me. There are some extensions that provide me with little quality of life improvements and whatnot. Since, when I'm using my computer, I'm almost always using a browser, these things become important.

I wonder why Apple decided to axe extensions and not support WebExtensions, that at this point have become a standard shared by Firefox and Chrome. Too bad.

Apple removed the ability to use uBlock Origin or similar.

I tried few ad blocker from the app store, but non of them block Youtube's video ad, making it useless.

We still have Firefox for now I guess.

I think AdGuard will do what you want, but I feel uncomfortable about blocking ads from sites that provide you with an option to pay to remove them, as does YouTube Premium.

It's difficult to even use the malware defense with YouTube, since YouTube's ads are just videos.

wipr from the App Store is a serviceable ad blocker, not as good as ublock origin, but (mostly) does the job for me at least. I miss the ability to kill specific elements ad-hoc.

I payed for Wipr and I don't notice the difference between it an uBlock Origin on my windows machine. Can you report if it works on Safari 13?

They've had a natively compiled content blocking engine for years, and I've been using Ka-Block. It works really well without killing your battery.

Looks like it is only for iOS, is this true?


No, I use it on macOS too.


Extensions for Safari are distributed through the AppStore. I currently have uBlock (not Origin) installed as an extension.

You’re using it on 13?

uBlock (not origin) is by the same company as AdBlock Plus - "acceptable ads" (e.g. pay to play), privacy issues, general scummy behavior. I would suggest to steer away from it.

I use AdGuard on iOS and iPad OS and it works

I use 1blocker on both Mac and iOS. Its pretty decent.

> Added support for FIDO2-compliant USB security keys with the Web Authentication standard in Safari on macOS.

well this makes me happy at least

I wish there were a way for third parties to enter their protocols into the secure enclave on the Mac and iOS devices. Then you could pay yubikey but not have to carry an extra device.

Likely this would be difficult on levels I can't even imagine.

Any recommendations on security keys for personal use?

Does it work on IOS?

I believe iOS 13 does via NFC. Yubico was just talking about this: https://www.yubico.com/2019/09/yubico-ios-authentication-exp...

Sadly no, but perhaps next year if the rumors of a USB-C iPhone 12 are true.

It says for MacOS, so no.

no... but we're getting there...

One thing Safari really needs to fix: suggesting a secure password but then not save it. I have been trolled too many times.

This.. I'm sure it's happening because the respective websites use JavaScript to submit the form data via XHR, but I've been burned so many times by the password generator that I'm writing down the password from the field before submitting it. Very frustrating!

Entering it in the actual login form will then usually trigger a save of the credentials.

Nice thing about 1Password (just a user) is that when you submit a generated password it is also temporarily copied to the clipboard. I paste it somewhere (typically at a bash prompt) in case this happens if it does make or adjust the correct entry. Sucks, but there are, as they say, no standards.

The nice thing about it being at the bash prompt is I can just press ^U and it doesn't end up stored anywhere (and even if it did it would be a random, contextless string).

For those wondering how to install this update in macOS 10.14 Mojave; it is distributed as a Software Update in System Preferences.

> Added support for the Visual Viewport API for adjusting web content to avoid overlays, such as the onscreen keyboard.

This is awesome for WYSIWYG editors, most of which have struggled to keep the formatting toolbar visible on mobile screens because there's been no good way to detect whether the keyboard is open.

Can it play 4K videos on YouTube?

Nope, and probably ( I hope ) never will. The chances of Apple support VP9 is slim, and in case you want to point out Apple is a Founding Member of Open Media Alliance, as of today it still doesn't have Apple's Official Logo in its member page.

Compared to MC-IF, an industry forum focusing on next generation H.266 / VCC which Apple is also a Founding Member, has an official logo from Day 1.

> Added the ability to Safari for macOS to share your screen with others using only web technologies. Plug-ins are no longer required.

This is a nice enhancement. I previously used the Screen Sharing feature that was buried in Messages, which somehow stuck around from when it was iChat.

Upon completing the Safari upgrade, I was forced to upgrade to 1Password 7.x, which forced me to upgrade my Dropbox password storage to a new file format… an avalanche of changes and I am afraid I may corner myself into having to spend more on 1Password.

1Password is an amazing piece of software that is worth every penny.

I used to always buy my license instead of the subscription but recently switched because frankly, I know it's a better business model for them, and I get so much value our of 1P I don't mind paying.

I've been a 1P user since before 1.0.

It's too easy to always try to squeeze every penny out of these small companies, but I think it's worth really thinking hard about their reality, and how much their software is actually worth to us.

Safari continues to lead the path for privacy and security. WebAuthN is a welcome change although supporting the built in TouchID in Apple devices would have been nice. The new password change prompt is definitely a plus.

Safari is the very last major browser to support WebAuthN. If anything, it is following the path. https://caniuse.com/#search=webauthn

Safari is the new internet explorer. Too little, too late.

Nope. Chrome is the new IE. Standards don't matter when you have a high enough market share- you can do whatever you want and people have to support it.

IE was the reference browser for the web in the 90s, and Chrome is that today.

Yes, Safari is the new Opera. Technically superior in many ways but also barely competing. Opera went on to abandon their custom technology in favor of Chrome's after losing their dominant position in mobile to Safari and Chrome. As long as the EU doesn't force Apple to accept fair competition on iOS Safari's future looks bright!

Safari is the new IE6, because the version of Safari you have is locked to the version of iOS you have. Features like Pointer Events, visualViewport, ES2017 etc are available on Android 4.4, because Google still updates Chrome on old Android devices.

I struggle to support iOS 9 (Safari 9) and I barely support iOS 7, because we have a number of users with old devices and we are not a consumer app so we can't just ignore our users who cannot upgrade their browser.

I regularly check caniuse and mdn to see if I can use a useful feature that is in Firefox, Chrome and Edge, and I regularly can't because Safari doesn't support it. Or often I try to use a feature and it is buggy on Safari. Safari is the only browser that regularly breaks our web app (most recently Safari 13 changes for the iPad desktop mode). I also see old versions of Safari in use by some of our MacOS users (presumably because they can't or won't update?)

If our users hit a show-stopping bug in any other browser (browser bug or our bug), they can usually try a different browser. But iOS users can only use WebKit, so they are the most vulnerable to serious bugs.

I would say you can pretty much aim for iOS 10 or even 11 as a minimum. The number of devices running iOS 7 is quite small. My moms iPad 2 runs iOS 9 and that’s about one of the oldest Idevices going

You can do that if you don't have any poor users, or you don't have to care about them (e.g. many consumer apps).

Our clients are businesses, and our users are their employees (from a wide range of backgrounds). The employees must use our web app, and our clients mostly don't get to choose what their employees use.

We log how many users are on old browsers, and we try to support users on old browsers if it isn't too costly for us to do so.

In my experience, the majority of people using a iPhone 4 or an Android 4.4 device are doing so because they can't afford to update, and they are often otherwise marginalised. I try hard not to give them yet another kick in the teeth for stuff outside their control.

IIRC Opera was planning to adopt WebKit – but when Google forked WebKit, Opera went with Blink instead.

90s: Netscape 00s: IE 10s: Chrome

It's not quiet that precise -- there was a transition period at the end of the 90s and a period of multipolar quasi-equanimity before Chrome's dominance -- but it's a decent first approximation.

No nothing is the new internet explorer. We don’t have a situation even close to that. IE has over 90% share and wasn’t updated from version 6 for years and was way behind its competitors. Safari is frequently updated and at least on a par with its peers, supports standards.

It's not insightful commentary to just repeat a meme phrase


The Internet Explorer that is so hated was IE6. It wasn't too little, too late. It was frozen in time, with millions of corporate workers unable to upgrade. In 2010 IE6 was already 9 years old, yet we still had to support it for business customers.

I'm sure you don't have to support 9 years old Safari.

Mobile Safari, yes. At least from a webdev standpoint. Desktop Safari isn't as bad as IE imo.

I think the main problem in iOS is that Apple requires you to use Safari engine, even if you have the resources to create a competing browser (like Google or Mozilla). So all alternative browsers in iOS are simple skins of Safari.

If Apple allowed alternative browser engines in iOS, the situation wouldn't be so bad.

This. I was really hoping for EventTarget constructor to land: https://bugs.webkit.org/show_bug.cgi?id=174313

Safari now is the only evergreen browser that does not support it.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact