Yeah good question. I do a lot of email on planes and travel where there is no internet. In fact I refuse to use any software that isn’t offline first these days.
I was a Fastmail customer for many years but moved to apple’s iCloud+ when they introduced custom domain support as that works entirely offline on all my devices. Also that gives iPhone/mac integrated contacts and calendars with zero hassle that actually syncs to everything properly. It’s cheaper per seat as well (£25 a month for that plus Apple Music for 6 people a month). No brainer.
Got it. Fuck that. JSON has no part in an email stack. Have we not learned from our failures as a species.
Edit: I've got 99 problems and 98 of them are JSON on a regular basis. Poor parsers, problems dealing with numeric values, terrible terrible schema support, poor encapsulation support, large things attached to it in base64 (difficult to stream on most parsers), difficult to read without external tools which actually tend to mung or fix the problem you are trying to see (jq does this), completely arbitrary and random metadata jammed in everywhere by everyone trying to make it self-describing, shitty enapsulated types i.e. ISO 8601 date in a text field rather than a principal type.
Urgh kill me. It's a hammer made of poo and no one knows any better any more. It's the PHP of wire formats. The COBOL of representation encapsulation.
Edit 2: the only positive is it's probably less bad than CalDAV but that's not even supposed to be part of an email stack is it? Everyone has outlook brain.
Why is JSON inherently unfit for an email stack...? It's just a transfer format. If it's designed well, it shouldn't matter if it's JSON or CBOR or anything else.
Yep. Microservices! AWS! Everything Gartner and Thoughtworks says! It'll look good on my resume...
..several years later..
Escalating cloud costs, high staffing cost, staff turnover, heavily reduced margins, decreased productivity, burnout, clients unsatisfied, C-suite paving over this by hiring more marketers...
I wonder how many early stage businesses went tits up because they drank the microservice kool-aid and burned valuable engineering cycles that should have been spent on features on docker spaghetti.
I once interviewed at Fast. One of the questions they asked was how to scale up a rate limiter. In my mind I was wondering why you'd ever need to worry about scaling up a rate limiter. The answer apparently was some kind of microservice.
The company eventually folded[1]. Turns out the company was burning millions of dollars in hiring + infra, while generating only $600,000 in revenue.
How would suddenly disallowing users to run a PWA that worked for years improve platform security? How would having Spotify be able to use their own subscription system compromise platform security?
Being able to install software without needing an OK from the hardware manufacturer has been standard for over 40 years now. People do it on Windows PCs, on Linux PCs, on MacBooks and on Android phones, and that very clearly has not caused the extinction of the dinosaurs yet :)
The document Apple has published to me reads like it's written by a 5 year old that just was served too many sweets shortly before bed time.
IMHO this is about revenge, not about platform security.
They are not allowed to give their browser an advantage under the DMA. If you take a look at BrowserEngineKit and BrowserKit there is a significant API surface area they offer for third-party browser engines. They must have been building this for some time. It's really detailed, down to allowing developers to implement their own JIT! [1] they have custom UI components replacing their standard scroll views with ones that better support nested scrollable DOM elements. It's a staggering amount of engineering effort
I can totally believe that there is not enough time to re-think and re-architect how to implement push notifications, local storage and whatever other perks PWAs get for non-Safari third-party browser engines running as "apps." They may have lots of money and engineers, but throwing more of them at this problem is not going to build a well designed, thoroughly tested, and secure implementation any faster
I am not even sure that the EU has mandated that PWAs must be able to run in other browsers. Did you see any such regulation?
From what I understand, the regulation is about allowing users to install third-party apps including browser and of course PWAs. I doubt they mandate what browser engine the app uses, that's the apps business only.
I think the DMA mandates that Apple not give Safari advantages over other browsers. Being able to run PWAs seems like it could be considered an advantage? Not sure though
It's pretty obvious. They're not disallowing it. They are removing the integration with the home screen so that it will run in third party browsers. That limits it to the smallest common API surface which is "open link". Everything else was a luxury.
I don't think you work in IT if you haven't had an infested windows, android or macOS box before. Hell I just spent the other day cleaning my father's Mac out of two VPN turds fighting with each other he installed after watching crap on YouTube. My daughter's windows machine got destroyed by unsigned crap from a Sims mod. You just don't get that on iOS apart from the odd calendar subscription turd.
As for spotify, they use their own subscription system, not the app store.
Not my intention to brag about it, but I run an R&D company and have invented and patents on quite a lot of network technologies :)
The only time in my life where I had an infected devices was in the year 1993 - a boot sector virus on a floppy disk I got from someone.
Luckily my wife is a nerd, too, by sister is trained and has not yet fallen for any of the social engineering tricks before. So no, I do not have to deal with other people's infected boxes either.
Well, on the other hand it implies that most of my family is dead and buried already, and therefore would have a hard time annoying me with their IT problems.
If that's a good deal is a matter of perspective ;)
Ah yes, the poor end users suffering and the security being bullshit.
I really can't wait to clean the first malicious browser out of a relative's iPhone and try and unsubscribe from Tim Sweeny's app store with his own 30% margin to spend on blackjack and hookers.
The new status quo will be worse than the old one.
Somehow this is not a problem on Android even though they have sideloading and alternative app stores even beyond what Apple is going to allow. (Apple still requires apps to go though a review process, even if distributed outside of the App Store, and will enforce this using digital signatures.)
This is actually a big problem on Android. My ex father-in-law literally had his bank account ripped off (£18000) from rogue app installed from outside the app store. And Google's stewardship of the play store is terrible.
ALL problems are human problems. Don't try and write this off with that one.
I can go all day on these. Second one ... corp Android phone. App update ships own browser engine to display about box. Flaw in about box implementation allows user to hit Google. End user uses about box to exfiltrate data from device.
Not possible on iOS. Same browser engine and controls.
As mentioned I'm an Android user, just a better human than most when it comes to using the devices.
Uh, no it isn't. Otherwise screentime would work in browsers other than Safari. Maybe corporate limits use a different system and checks, but that would be silly.
Ignoring this kind of absurd distinction is what made Apple the most valuable company on earth. (That doesn't justify their behaviour in this case, as PWAs are a secure alternative to sideloading.)
That story sounds rather fishy. So your father has found the hidden option to enable developer mode which allows APKs to be sideloaded, and then went to some website to download and install an APK?
By the way: According to Kasparsky [1] last year there have been 600 Million downloads of malware that was installed from Google play store, without any sideloading or alternative App stores involved.
And of course the Apple App store also is full of malware and shady stuff, think of all the chinese IoT apps that are phoning home etc.
Yeah he was persuaded to do it, ironically considering YT is Google, using a video on YT which was trying to sell him VPN software. I blame the paranoia from the constant VPN industry adds being forced down your throat really but the point is that it still does happen.
I will add that I have a lot of unsigned APKs on my device as well, but not from those sources!
Ok, but then we are talking about social engineering, and not a technical matter. Social engineering works no matter what the platform is. The caller could have convinced him to give him banking TAN numbers, or send them money etc.
And when it comes to malware it's easier for those attackers to have the malware App on the Google Play store, as this way it's much easier to convince the user to install it...
A friend of mine recently suddenly had someone drawing money from her account using an ATM that was 200 km away while she was shopping with her card. I had a look at her Android phone - nothing Sideloaded on it, they simply appear to have used a fake banking website to make her create a new card without her seeing it.
Long story short: I believe that people need to be taught on how to detect social engineering attempts. And kids should be trained on this in school already.
It is somewhat of a problem for android when it comes to sideloading, and this is an additional advantages of PWAs. PWAs are the freedom of sideloading, without the security risk.
I like clown-fiesta. That's accurate. I've been a clown.
It's about plastering layers of shit on top of something which was never designed to do the job it is doing by people who have no idea what they are doing and selling this as an ideology while sticking your fingers in your ears and hiding from the numerous security problems and smoke coming out.
Personally I avoid the hell out of web applications of any sort these days. HN is the limit of my tolerance. I will go out of my way to find something that is an actual desktop application so I have my data local, my experience local and I don't have to teeter my entire existence on the top of this stack. Please just leave the web for content delivery and put together some apps that aren't shit in native UI frameworks please please please.
No they haven't but they have destroyed usability, my laptop battery and left a lot of brain damaged people who are incapable of seeing when a simple solution for a problem will do.
Case in point, a number of years ago I built a static web page for delivering software distribution for an SME. This is hosted in S3 on cloudfront. It is one HTML page, one image and one CSS file. There is a bit of plain DOM javascript which pulls the software versions out of metadata files on the CDN and updates a SPAN in the page. Someone came along and couldn't work it out so rewrote the whole fucking thing with AngularJS. It looks the same. There was no benefit to doing this. It was just that's how we do things. The first page hit is 220k. I don't even know how they managed to do that.
It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration.
I've heard this a lot over the years but I disagree entirely. It's a matter of self motivation. I started on BASIC in 1981. They taught us Pascal at university. I moved to C on Unix and eventually into embedded C. Then back out to C++ and then more recently Go.
What I tend to see from the FE developers I've worked with is someone told them this was a gold mine and they did a code camp to get where they did. There is no care, consideration or self motivation past getting paid thus the understanding is limited only to the direct thing that needs to be done via whatever means it can be done quickly.
If it's a means to an end, then you do not learn. You have to enjoy and care for what you do and cultivate it.
I've heard this a lot over the years but I disagree entirely.
It's a quote from a semi-humorous essay by Dijkstra from 1975. The essay is basically Dijkstra making fun of all the popular programming languages and technologies of the time and pointing out how they all suck.
I started with Commodore 64 basic, then progressed to PASCAL, 'C', C++, this and that ... finally landing on the "Python" tile on that particular board game.
I won't say I'm a virtuoso, or aLawful Good Paladin Programmer weilding patterns or clean code, or whatever, but by and large BASIC's influence on my tinkering is down to the ways I don't do things.
It's a harmful perception.
As the great Yoda says, "you must unlearn what you have learned", but that doesn't mean that you are "mentally mutilated" by something. It's only if you stop learning and growing, that's where there real harm is.
I had a girlfriend who unpackaged a lot of stuff she bought at the checkout so she wouldn't have to deal with the trash. I thought it was insane for a bit but no it's quite reasonable actually when you think about it.
I've seen this in places where they charge by the bag for trash pickup. Stores have bins set up for exactly that purpose. (Not sure if that's required or if they volunteer it.)
I've seen it in Germany and Switzerland, but I have no idea how widespread it is.
I was a Fastmail customer for many years but moved to apple’s iCloud+ when they introduced custom domain support as that works entirely offline on all my devices. Also that gives iPhone/mac integrated contacts and calendars with zero hassle that actually syncs to everything properly. It’s cheaper per seat as well (£25 a month for that plus Apple Music for 6 people a month). No brainer.