1. 5
  1.  

  2. 7

    It pretty much turns your web browser into another operating system since it’s literally assembly to which you can compile other languages and run all kinds of “apps”. Of course, you can imagine all the new security vulnerabilities coming along with that.

    Sounds like the author misunderstands WebAssembly. Everything you can do in WebAssembly you can already do in JS, WebAssembly just makes it faster. Security vulnerabilities shouldn’t be any more of an issue than they are with JS, because WebAssembly runs in the same sandbox.

    The other points I can agree with. The lead devs look like a toxic bunch and are making some weird decisions.

    1. 5

      These forks are unsustainable because they tend be developed by people without the resources to develop a browser, leading to not actually being able to keep up with security patches from upstreams/able to support standards (real ones, not counting shit like WebUSB), and used/developed by the most finicky users that can never be pleased, causing a cycle of no one to be happy if anyone changes anything

      1. 2

        These forks are unsustainable because they tend be developed by people without the resources to develop a browser,

        This is the crux of it - the only people who HAVE the resources to develop a browser these days are MSFT and GOOG. I am Not an Expert, but it seems to me that a modern web browser is a beast of sufficient complexity that no independent FLOSS project could hope to be able to maintain one.

        IMO this complexity problem isn’t unique to browsers either. Modern graphical desktop environments are creatures of positively enormous complexity being developed by a small dedicated band of people, and they can’t hope to have the resources needed to keep up.

        Not sure if this is a solvable problem either, at least from the perspective of wanting FLOSS projects to be free of big corporate sponsorship.

        1. 3

          [T]he only people who HAVE the resources to develop a browser these days are MSFT and GOOG.

          Sorry for being nitpicky, but what we have today is large outfits including MSFT and GOOG able to change web standards at a fast pace and push out updates so the install base has them. From there, web developers start using them, which leaves it impossible for anyone without those resources to build a compatible web browser. But note the whole thing is circular - the existence of well funded outfits, auto updates, and living standards is self perpetuating.

          Modern graphical desktop environments are creatures of positively enormous complexity being developed by a small dedicated band of people, and they can’t hope to have the resources needed to keep up.

          Personally I think this is very different. For one, there’s no equivalent to the web ecosystem - people are free to use whichever desktop environment suits their needs without being shut out of current content. Secondly, it seems as though the well funded outfits are making lots of visual change in the hope of differentiating their current products from prior products, but users aren’t demanding those changes, and given a choice frequently wouldn’t want them.

          I’m writing this from FVWM (which doesn’t really count as a desktop environment), but if I wanted a full DE I’d probably use MATE, which is fairly similar to Pale Moon in terms of origin story. Even without a lot of development activity, it’s still a good DE, because there’s no intrinsic need for it to have adopted lots of changes in the last couple years.

          1. 1

            Sorry for being nitpicky, but what we have today is large outfits including MSFT and GOOG able to change web standards at a fast pace and push out updates so the install base has them. From there, web developers start using them, which leaves it impossible for anyone without those resources to build a compatible web browser. But note the whole thing is circular - the existence of well funded outfits, auto updates, and living standards is self perpetuating.

            I actually don’t think that’s nit-picky at all and is an important point worthy of note and discussion.

            It also IMO asks the question “What would the ideal evolution of the web look like?” and maybe the answer is something like “HTML + simpler CSS and call it a day” where rich interactive applications can be handled by some other technology better suited to it, but I dunno.

            If my 32 years in tech have taught me anything, it’s that technical excellence or elegance are rarely paramount where market adoption are concerned.

          2. 2

            the only people who HAVE the resources to develop a browser these days are MSFT and GOOG

            Hmmm some company seems to be missing from that list …

            1. 2

              Even if standards were as they were in say, 2009, it would still be likely irresponsibility developed from the perspective of “noooo not this feature” instead of trying to be a good steward of the web and keeping up with fixes.

              1. 2

                Totally agree. Part of the problem is that the web started out as one thing (A mechanism for presenting straight text with a relatively limited markup language) and evolved over time into something else entirely - a platform for delivering arbitrarily rich applications that’s as deep as native operating systems.

                1. 1

                  Are you suggesting that it would be irresponsible for web standards to evolve at a slower pace?

                  As a user, what new scenarios have been enabled to you as a result of the last decade of web standards?

                  To me at least, existing sites for social media or video streaming or online banking have been rewritten to use newer standards, thereby forcing me to upgrade, but the functionality they provide me with hasn’t appreciably changed. If I was less technical, I’d perceive that I’m being forced to upgrade in order to retain access to something I previously had access to.

                  Note that if standards weren’t evolving so quickly, and weren’t evolving to be more computationally intensive, we’d have other benefits. Our devices would have better battery life, last longer, be lighter and more portable, etc. We’d have a more competitive browser market, which would enable less dependence on large corporate actors, and that would enable things like cheap phones that respect privacy far more than exists today. We’d probably have more competition at the hardware level too, and be less beholden to a couple of huge companies that are pushing performance per watt of ARM as hard as they can.

                  IMO, we’re giving up more value than we’re getting, which is not accidental. The interests pushing web standards control the browser and the content, have interests in reducing privacy, and maintain control through continual upgrades which we pay for in terms of hardware. We are paying a high but hidden price for the status quo.

                  1. 2

                    I’m saying the problem Pale Moon et all face are independent of standards. I agree that web standards are kind of a mess right now, but that’s not the point. The point is that their issues come from their user and developer base, and the priorities they take.

            2. 1

              How do you browse the web if you think OCSP is unsolicited? I mean 5 minutes of browsing on articles posted here will probably generate more scary random requests.

              1. 1

                I can’t help but agree with the article. I’ve noticed the things mentioned, plus sources are included for the claims. I’ll have to check out the fork mentioned.