1. 25

    I think ads are the worst way to support any organization, even one I would rate as highly as Mozilla. People however are reluctant to do so otherwise, so we get to suffer all the negative sides of ads.

    I just donated to Mozilla with https://donate.mozilla.org, please consider doing the same if you think ads/sponsored stories are the wrong path for Firefox.

    1. 14

      Mozilla has more than enough money to accomplish their core task. I think it’s the same problem as with Wikimedia; if you give them more money, they’re just going to find increasingly irrelevant things to spend it on. Both organizations could benefit tremendously from a huge reduction in bureaucracy, not just more money.

      1. 9

        I’ve definitely seen this with Wikimedia, as someone who was heavily involved with it in the early years (now I still edit, but have pulled back from meta/organizational involvement). The people running it are reasonably good and I can certainly imagine it having had worse stewardship. They have been careful not to break any of the core things that make it work. But they do, yeah, basically have more money than they know what to do with. Yet there is an organizational impulse to always get more money and launch more initiatives, just because they can (it’s a high-traffic “valuable” internet property).

        The annual fundraising campaign is even a bit dishonest, strongly implying that they’re raising this money to keep the lights on, when doing that is a small part of the total budget. I think the overall issue is that all these organizations are now run by the same NGO/nonprofit management types who are not that different from the people who work in the C-suites at corporations. Universities are going in this direction too, as faculty senates have been weakened in favor of the same kinds of professional administrators. You can get a better administration or a worse one, but barring some real outliers, like organizations still run by their idiosyncratic founders, you’re getting basically the same class of people in most cases.

      2. 21

        So Mozilla does something bad, and as a result I am supposed to give it money?? Sorry, that doesn’t make any sense to me. If they need my money, they should convince me to donate willingly. What you are describing is a form of extortion.

        I donate every month to various organizations; EFF, ACLU, Wikipedia, OpenBSD, etc. So far Mozilla has never managed to convince me to give them my money. On the contrary, why would I give money to a dysfunctional, bureaucratic organization that doesn’t seem to have a clear and focused agenda?

        1. 9

          They may be a dysfunctional bureaucratic organisation without a focused agenda (wouldn’t know as I don’t work for it) which would surely make them less effective, but shouldn’t the question instead be how effective they are? Is what they produce a useful, positive change and can you get that same thing elsewhere more cost-effectively?

          If I really want to get to a destination, I will take a run-down bus if that is the only transport going there. And if you don’t care about the destination, then transport options don’t matter.

          1. 17

            They may be a dysfunctional bureaucratic organisation without a focused agenda (wouldn’t know as I don’t work for it) which would surely make them less effective, but shouldn’t the question instead be how effective they are? Is what they produce a useful, positive change and can you get that same thing elsewhere more cost-effectively?

            I am frequently in touch with Mozilla and while I sometimes feel like fighting with windmills, other parts of the org are very quick moving and highly cost effective. For example, they do a lot of very efficient training for community members like the open leadership training and the Mozilla Tech speakers. They run MDN, a prime resource for web development and documentation. Mozilla Research has high reputation.

            Firefox in itself is in constant rebuild and is developed. MozFest is the best conferences you can go to in this world if you want to speak tech and social subjects.

            I still find their developer relationship very lacking, which is probably the most visible part to us, but hey, it’s only one aspect.

            1. 9

              The fact that Mozilla is going to spend money on community activities and conferences is why I don’t donate to them. The only activity I and 99% of people care about is Firefox. All I want is a good web browser. I don’t really care about the other stuff.

              Maybe if they focused on what they’re good at, their hundreds of millions of dollars of revenue would be sufficient and they wouldn’t have to start selling “sponsored stories”.

              1. 18

                The only activity I and 99% of people care about is Firefox.

                This is a very easy statement to throw around. It’s very hard to back up.

                Also, what’s the point of having a FOSS organisation if they don’t share their learnings? This whole field is fresh and we have maintainers hurting left and right, but people complain when organisations do more then just code.

                1. 6

                  To have a competitive, web browser we can trust plus exemplary software in a number of categories. Mozilla couldve been building trustworthy versions of useful products like SpiderOak, VPN services, and so on. Any revenue from business licensing could get them off ad revenue more over time.

                  Instead, they waste money on lots of BS. Also, they could do whaf I say plus community work. It’s not either or. I support both.

                  1. 8

                    To have a competitive, web browser we can trust plus exemplary software in a number of categories. Mozilla couldve been building trustworthy versions of useful products like SpiderOak, VPN services, and so on. Any revenue from business licensing could get them off ad revenue more over time.

                    In my opinion, the point of FOSS is sharing and I’m pretty radical that this involves approaches and practices. I agree that all you write is important, I don’t agree that it should be the sole focus. Also, Mozilla trainings are incredibly good, I have actually at some point suggested them to sell them :D.

                    Instead, they waste money on lots of BS. Also, they could do whaf I say plus community work. It’s not either or. I support both.

                    BS is very much in the eye of the beholder. I also haven’t said that they couldn’t do what you describe.

                    Also, be aware that they often collaborate with other foundations and bring knowledge and connections into the deal, not everything is funded from the money MozCorp has or from donations.

                    1. 1

                      “Also, Mozilla trainings are incredibly good, I have actually at some point suggested them to sell them :D.”

                      Well, there’s a good idea! :)

                  2. 3

                    That’s a false dichotomy because there are other ways to make money in the software industry that don’t involve selling users to advertisers.

                    It’s unfortunate, but advertisers have so thoroughly ruined their reputation that I simply will not use ad supported services any more.

                    I feel like Mozilla is so focused on making money for itself that it’s lost sight of what’s best for their users.

                    1. 2

                      That’s a false dichotomy because there are other ways to make money in the software industry that don’t involve selling users to advertisers.

                      Ummm… sorry? The post you are replying to doesn’t speak about money at all, but what people carry about?

                      Yes, advertising and Mozilla is an interesting debate and it’s also not like Mozilla is only doing advertisement. But flat-out criticism of the kind “Mozilla is making X amount of money” or “Mozilla supports things I don’t like” is not it

                    2. 3

                      This is a very easy statement to throw around. It’s very hard to back up.

                      Would you care to back up the opposite, that over 1% of mozilla’s userbase supports the random crap Mozilla does? That’s over a million people.

                      I think my statement is extremely likely a priori.

                      1. 1

                        I’d venture to guess most of them barely know what Firefox is past how they do stuff on the Internet. They want it to load up quickly, let them use their favorite sites, do that quickly, and not toast their computer with malware. If mobile tablet, maybe add not using too much battery. Those probably represent most people on Firefox along with most of its revenue. Some chunk of them will also want specific plugins to stay on Firefox but I don’t have data on their ratio.

                        If my “probably” is correct, then what you say is probably true too.

                    3. 5

                      This is a valid point of view, just shedding a bit of light on why Mozilla does all this “other stuff”.

                      Mozilla’s mission statement is to “fight for the health of the internet”, notably this is not quite the same mission statement as “make Firefox a kickass browser”. Happily, these two missions are extremely closely aligned (thus the substantial investment that went into making Quantum). Firefox provides revenue, buys Mozilla a seat at the standards table, allows Mozilla to weigh in on policy and legislation and has great brand recognition.

                      But while developing Firefox is hugely beneficial to the health of the web, it isn’t enough. Legislation, proprietary technologies, corporations and entities of all shapes and sizes are fighting to push the web in different directions, some more beneficial to users than others. So Mozilla needs to wield the influence granted to it by Firefox to try and steer the direction of the web to a better place for all of us. That means weighing in on policy, outreach, education, experimentation, and yes, developing technology.

                      So I get that a lot of people don’t care about Mozilla’s mission statement, and just want a kickass browser. There’s nothing wrong with that. But keep in mind that from Mozilla’s point of view, Firefox is a means to an end, not the end itself.

                      1. 1

                        I don’t think Mozilla does a good job at any of that other stuff. The only thing they really seem able to do well (until some clueless PR or marketing exec fucks it up) is browser tech. I donate to the EFF because they actually seem able to effect the goals you stated and don’t get distracted with random things they don’t know how to do.

                2. 3

                  What if, and bear with me here, what they did ISN’T bad? What if instead they are actually making a choice that will make Firefox more attractive to new users?

                3. 9

                  The upside is that atleast Mozilla is trying to make privacy respecting ads instead of simply opening up the flood gates.

                  1. 2

                    For now…

                1. 8

                  I appreciate the move, but “we’re paying wages based on a place and we found out it’s kind of arbitrary, so we now pay wages based on another, even more arbitrary place” is a weird argument.

                  1. 25

                    Not more than “we want to pay you less because you currently live in a cheaper place” as if any company has any business dictating what my appropriate level of living standard should be.

                    I somewhat disagree with San Francisco being another arbitrary place. It is probably the most expensive city with significant number of well paid developers which seemed to be the reason why they picked it.

                    1. 7

                      They spend quite a bit of the blog post arguing that picking a place for a distributed company is a little arbitrary. Then they pick another place. They could have just placed themselves on the wage scale at the price where they want to be.

                      That’s independent on why San Francisco wages are high. It’s just as much a place as Chicago is.

                      To make it clear: the argument amuses me, nothing more, nothing less.

                      I’m fully on board with the whole “wage depends on where you live, not the value you bring” stuff being completely off, I think the freedom to chose a different place of living also for financial reasons is important. Everyone talking “my employees should think business” and then pulling stuff like this is not practicing what they preach.

                      1. 6

                        We were sold the line that in the Real World, one’s salary is reflective of the value they bring to the company.

                        Then remote work enters the picture, along with the opportunity for employees to take part in arbitrage, and the line suddenly changes to talk about standard of living and other nonsense. It struck me as odd how quickly the Real World changed once employees had the potential for an upside.

                      2. 9

                        I don’t think they’ve now chosen an arbitrary place. Remote work is steadily gaining in popularity. Bay area companies pay the most, and make their salaries increasingly available (or within 10%) to remote devs. Basecamp is not picking a city out of a hat, they’re putting themselves at the top of the American market they’re competing in. It used to be that the market rate for remote work included a location adjustment, but the market is moving. (Moving slowly and incompletely, of course, as wages are illiquid and sticky.)

                        1. 1

                          I would expect to see compensation regress towards the mean in a national or international labor market. If the supply of labor changes without a change in the demand, wages should decrease.

                          1. 2

                            There’s a bunch of factors and I tried not to nerd-snipe myself. I’d predict that on the balance that there’s enough increasing demand to pull up salaries outside of the bay area, but I didn’t run the numbers.

                            1. 1

                              Great list of factors in the third tweet.

                            2. 1

                              Sure - but this isn’t “the market”, it’s a founder-controlled company.

                              The decisions are informed by the market, but not controlled by it.

                              1. 1

                                I would expect to see a decrease in compensation not because the market controls market actors but because free-ish markets tend towards economic equilibrium. I wasn’t referring directly to the actions taken by Basecamp but instead to “…the market is moving” in the parent.

                          2. 4

                            I’m with you. It’s nonsense trading place for place. I’ll add they have the better method built right into this article. Let me put it simply:

                            Goal: Pay workers really well.

                            Problem: Industry pays based on location. Capitalists also try to push wages down.

                            Solution: Look at pay ranges in IT, identify a pay rate for various job positions that meets their goal for baseline, and set starting pay for those positions to those points.

                            Done! Didn’t even need anything about location to pick a nice pay rate for programmers. Just need the national (or global) statistics on pay. They already did this by picking a number in the high end. They can finish by dropping the location part. Result is still the same.

                            Personally, though, I find the approaches that combine cost of living with a base pay for a position to be interesting. Example here. They may be more fair depending on how one looks at it in terms of what people are keeping after basic bills in exchange for their work. I’m far from decided on that topic. Far most businesses’ goals, getting talent in areas with lower cost of living will let them invest that savings back into their business. That can be a competitive advantage with more people getting stuff done or better tools for those they have. If not needing more programmers, quite a bit of QA, deployment, and marketing goods can be bought for savings of a few programmers in cheaper areas versus expensive ones.

                            1. 1

                              Goal: Pay workers really well.

                              I don’t think this is any real goal. The goal is more likely boost reputation and attract the best works.

                              Goal: Happy (productive) and skilled workers.

                              Actually, even then I don’t think it is right, if a company could operate effectively without staff it would.

                              1. 2

                                Their workers were already happy and skilled. Certainly a top priority for them. Although, the author writes as if having core principles about business on top of that. Putting their beliefs in practice to set an example is also a goal.

                                I’m just using pay because it’s an objective value that can be measured. They wanted that value to go up. I proposed a different method to make it go up.

                            2. 3

                              If they don’t use SF as their template they miss out on anyone living there as a potential employee as they’ve priced themselves out

                              1. 3

                                Honestly, Basecamp doesn’t feel like the company to me that would actually care that much about that. They’ve managed to be highly successful without.

                                1. 1

                                  Really? Basecamp is all about making the best product possible. It’s not about SF per se; SF just happens to be the top of the market for developer pay. They explain in the article:

                                  But in what other part of the business do we look at what we can merely get away with? Are we trying to make the bare minimum of a product we can get away selling to customers? Are we looking to do the bare minimum of a job marketing our business? No.

                                  Do better than what you can get away with. Do more than the bare minimum. Don’t wait for the pressure to build. Don’t wait for the requests to mount. The best time to take a step forward is right now.

                                  1. 2

                                    I read the article. But if your point is “top of the market”, just say “top of the market” and be done with it.

                                    IMHO, Basecamp is pretty good at giving their employees a fair share of their successes, and that’s fine. SF or not.

                              2. 2

                                I believe the logic here was “the place distinction is arbitrary, so we’ll take the most expensive place so that people can go anywhere with ease”

                              1. 1

                                It will be interesting to see where Apple goes with this. Will they stick with FaceID and /try/ to improve the tech further, or will they go back to fingerprint readers now that synaptics has announced functional in-display readers, or some combination?

                                1. 1

                                  Based on their statements so far I am sure they will stick with Face ID. It also works pretty well in practice.

                                  My wife has an iPhone X and while she wasn’t too fond of Face ID when she got her phone, it hasn’t really given her any problems since she stopped consciously using it at all times and light conditions (alas no glasses, scarves or whatnot). It is not better for all use cases since it was easier before to press on screen button to see received messages or time, but I expect she will get used to this eventually too.

                                1. 1

                                  I’ve been using Firefox as my main browser since I ditched Navigator back who knows when. v57 really is so much faster I couldn’t believe. Clear win for most of its users and congrats to everyone involved.

                                  Still, I am seriously thinking of going back to v56 or maybe ESR. I tried to use Tree Style Tab instead of Tab Groups, but it is simply not similar. Neither are other tab organizers suggested by Mozilla as they don’t provide real groups (trees require “leading” page) none of them hides “groups” I am not using. I’ll give it a few more days to see if I can get used to discomfort.

                                  1. 8

                                    I am genuinely curious why do people like posting Yegor’s articles?

                                    To me they read as shallow tripe of a self-centred egoistic person or at best like a very bad satire which I am reasonably sure is not author’s intention.

                                    1. 2

                                      Didn’t you read BOFH back in the day?

                                      TBH, there is a varying degree of Yegor in every one of us, as well as those we interact with daily, whether we realise it or not. Obviously, I don’t agree with a lot of stuff he has to say, but I still find it to be an interesting read nonetheless.

                                      I think you’re also mistaken that it’s not his intention for his posts to not be taken as a very bad satire — he sounds like the kind of guy who takes great pride in his work and the extensive knowledge and experience of being on different sides of the project management discipline, but at the end of the day, he is simply ‘trolling’ for the engagements, regardless whether they are those of praise or condemnation.

                                      I’d say that’s a very atypical mode nowadays, where the default modus operandi appears to be to simply block your opponent at first opportunity instead of engaging in a civilised discourse against your stated PoV.

                                      Yegor seems to take great pride in actually entertaining contradictory suggestions from the readers and engaging in the criticism of his own ideas, heavily participating in the discussions on his blog with all the interested visitors.

                                      1. 1

                                        Wow, blast from the past. I did read BOFH occasionally, but not a lot on the whole.

                                        I also read only about 3-4 articles from Yegor before I learned to recognize his domain so I can’t really speak to his oeuvre. Articles I read seem to paint a fairly consistent picture of a person, but obviously I can’t say with certainty that it is not just a well played act. In general I find life too short to try to prove that obnoxious pricks (in my view) are not just that. I am not sure I should even care about the difference even if I take your word that there’s more to the man.

                                        In any case thank you for responding and explaining.

                                    1. 3

                                      I agree with the “unneccessary urgency” observation: this is a clever trick. I never knew the actual last time was shown in the tooltip. However, I do like the fact that this urgency allows you to make quick decisions and book sooner: otherwise, you might spend a lot of time pondering your choices.

                                      Perhaps this post should be taken with a grain of salt: the author clearly booked a hotel which was not nice. However some guests prefer to stay in these kinds of “party-goer” hotels and might give a very high rating. So it seems fair that Booking shows these positive reviews:

                                      9.6: “Great location for canal street night out” 10: “… Had an unforgettable after party” 10: “Great place to stay, especially to party”

                                      It seems that guests that go to sleep at only 4 o’clock don’t mind the bar below. The blog author finally reconciles and takes the blame: “To be fair, this is more of the hotel’s fault than Booking’s. Also, I should have read the fine print.”

                                      1. 7

                                        I think the point of that anecdote was that the categories skew ratings very high. It’s almost impossible for a hotel to get less than 2-3 stars as they’ll all have at least some redeeming qualities. With a traditional 5 star rating system you can bet there would be a lot of 1 star reviews due to the noise, but that’s not the case here because the staff happens to be friendly. It also seems like booking.com only displays the most positive reviews (which is common practice on many sites.. but still).

                                        1. 3

                                          They don’t (we use them constantly). You can also filter reviews by guest type like family, business traveler etc. to find those that are more likely from those with similar expectations. It is always a good idea to ignore best reviews and check those with lower scores (can filter on that too).

                                          Reviews are not completely reliable (are they anywhere?) and booking certainly uses a lot of dark patterns, but I don’t think it is that difficult to have a generally positive experience. Unless my wife and I are so much luckier or more capable than others, which I doubt.

                                          1. 3

                                            I’ve had much worse experience with TripAdvisor than Booking as far as being able to narrow down reviews to “people like me”.

                                      1. 18

                                        When ad-blocking was obscure, we could free-load off of the majority who fund services by viewing ads… now Apple is taking my free lunch! :/

                                        1. 18

                                          I clicked on the article. It came up and I started reading it. I didn’t get very far when the window turned black, and said I had to rotate the screen to view it “properly” on my phone. First, I’m not on a phone, thank you very much. Second, I’m on an iPad, using it in landscape mode because I’m using it as a laptop [1].

                                          Fine, I turn the iPad to portrait mode. Page loads with this #@%@#$@$ vertical ad, covering the article, with no way to dismiss it. Thank you so very much. Thank you so very much that I’m not going to read your sob story about how blocking ads will destroy the Internet.

                                          [1] No power. Using iPhone as hot spot. Still waiting for power company to restore power after Hurricane Irma.

                                          1. 5

                                            Upvoted for your honesty. That’s exactly what ad-blocking is. The malware reduction argument some respond with is bogus. If they were about paying for what they consume and didn’t like malware, they’d just not use the ad-supported services. Free shit rocks, though, right? ;)

                                            1. [Comment removed by author]

                                              1. 21

                                                I worked at a streaming media company. A lot of our ads were supplied by brokers like Google. They were mostly harmless. Frequently, however, we’d get custom ads for special events (launch events for movies, TV shows, and games).

                                                The code in the special-event ads was a disaster. If I could, I’d clean it up so that it still worked. Problem mostly mitigated.

                                                However, in many of the embed snippets we’d receive the code was a script that would pull the real ad from the advertising company’s servers. Complete crap. Almost all of them would engage in some kind of DOM manipulation. If you didn’t isolate the ads they would break the layout.

                                                The ad code would often try to include its own trackers for unique-visit tracking. Flash ads were very popular. So the companies would try page-takeover techniques to block everything and force you to view 15 seconds of crap. (And let’s not forget pop-over and pop-under ads.)

                                                Very few companies were content with a simple image and an anchor tag to let the user follow-up for further information.

                                                And that’s the chief problem with online ads. They try to be way too smart. Many want to interact with the user, or worse, “demand” you pay attention. Advertisers frequently have an attitude of “I paid for this, you’re going to give me some time.” They’ll say they just want to inform the public. But no. They want ROI.

                                                And these are the “legit” advertisers. After that there are the skeezy “b” players (remember “X10”) who aren’t trying to rob you but are more like the used car salesman of the internet. Then there are the porn advertisers and lastly the purveyors of drive-by malware. This last group doesn’t even pay for ad space. They steal it.

                                                And don’t forget the ad networks and information aggregators who want to build detailed dossiers about everyone (Google and Facebook are the most public of these). Who do you think invented persistent cookies?

                                                No. Being suspicious of online advertising isn’t a sign of paranoia. It’s sensible.

                                                1. 4

                                                  Why aren’t ads just regular websites served in an iframe? That way, their shitty code couldn’t break anything about your website. Each site could have their own ID, sent in a query parameter in the iframe URL, to track which websites provide impressions. The ad could still be as flashy and interactive as it wants. The ad’s code could be as shitty as it wanted, and it wouldn’t have a negative impact on any users.

                                                  1. 9

                                                    That would make sense, but many ad networks ban displaying ads in iframes because they can’t check the contextuality of the ad to the page the user sees. The ban also helps mitigate fraud. If the ad could only “see” the iframe around it, it would make it easy to load the ad via techniques as simple as using curl, to more sophisticated uses of multiple javascript xhr requests.

                                                    Google still ban it today (AdSense Policy FAQ). Common phrasing for this is “posting on a non-content page”.

                                                    The online advertising industry created the cesspool and now they’re whining that Apple, Google, Mozilla, and dozens of ad-blocking companies are trying to force them to clean-up.

                                                    On a related note, it might seem weird that Google would try to force better practices with Chrome when they make their money on advertising. But for the most part, Google run a pretty tight ship and force advertisers to adhere to some reasonable standards.

                                                    Weeding out the worst players keeps the ecosystem sustainable. The last thing Google want to see is an end to online advertising. And it doesn’t hurt their chances of winning more advertising dollars from the gap left by their departure.

                                                    1. 6

                                                      because they can’t check the contextuality of the ad to the page the user sees.

                                                      Well they can: IFrame “busters” have been available for a long time, and since the ad network is usually more trustworthy than the publisher (to the Advertiser anyway) they could provide an interface to look up the page the user is on well before location.ancestorOrigins (and generate errors if parent!=top).

                                                      Indeed most of the display networks used to do this – all of them except Google, and now AdSense has edged everyone who wants to do impressions out.

                                                      On a related note, it might seem weird that Google would try to force better practices with Chrome when they make their money on advertising. But for the most part, Google run a pretty tight ship and force advertisers to adhere to some reasonable standards.

                                                      Google is probably the worst thing to come to advertising and is responsible for more ad fraud and the rise of blocking crap JavaScript than any other single force.

                                                      Google will let you serve whatever you want as long as their offshore “ad quality team” sees an ad. Everyone just rotates it out after 100 impressions and Google doesn’t care because they like money.

                                                      Google still lets you serve a page as an iframe – even if it has ten ads on it. Buy one ad, sell ten. Easy arbitrage. Even better if you can get video to load (or at least the tracking to fire). This has been trivial to stop for a long time, but hey, Google likes money.

                                                      Googles advertising tools are amongst the worst in the world (slow, buggy, etc) and make it difficult to block robots, datacentres, businesses, etc. using basic functionality that other tools support.

                                                      What’s amazing is Google’s PR. So many people love Android, good search, that quirky movie about an Intern, the promise of self-driving cars, and so on, that they don’t educate themselves about how Google actually makes their money out of fleecing advertisers and pinching publishers.

                                                      1. 1

                                                        Iframe busting is a technique for content in the iframe to “bust out” and replace the page with itself. It’s primarily used for ad-takeover and to prevent clickjacking. It’s not a technique for accessing the DOM of the parent. Browser bugs aside, accessing the DOM of the parent requires the child have the same origin as the parent (or other assistance).

                                                        location.ancestorOrigins might not give the ad network or advertiser the contextual information they want if the page the user is viewing varies by status (guest, authenticated user, basic membership, premium membership).

                                                        It’s easier (and better for data gathering) for ad networks to demand they’re on the same page the user is viewing. Whether that’s a good thing for the end user probably doesn’t matter to many content providers as long as the ad network isn’t serving up malware (or causing other issues that might hurt the provider/user relationship).

                                                        In short, you want to monetize your site, you find a way to convince users to pay, or you get advertising which means you play by the ad-networks’ rules.

                                                        Google definitely has issues, but they’ve made it easy enough and, compared to their competitors, less problematic such that many content providers accept it.

                                                        1. 1

                                                          Iframe busting is a technique for content in the iframe to “bust out” and replace the page with itself. It’s primarily used for ad-takeover and to prevent clickjacking. It’s not a technique for accessing the DOM of the parent.

                                                          The same API ad servers provide to iframes for doing these rich media operations, also carry other capabilities, e.g. EyeBlaster’s _defaultDisplayPageLocation

                                                          Since (hypothetically) the ad network is more trustworthy than the publisher, this could have been used to trivially unmask naughty publishers.

                                                          The only reason I can come up with for the sell-side platforms not doing this is that they like money.

                                                          Google definitely has issues, but they’ve made it easy enough and, compared to their competitors, less problematic such that many content providers accept it.

                                                          They don’t really have any display/impression competitors for small sites anymore… although I’ve been thinking about making one.

                                                2. 4

                                                  Well, I respect you for trying to avoid freeloading. I should also add I think it’s ethical for people to use ad blockers for security who otherwise avoid ad-supported site. Just trying to stop any sneaky stuff.

                                                  1. [Comment removed by author]

                                                    1. 2

                                                      That’s reasonable. Similar to AdBlocks Acceptable Ads where being obnoxious or sneaky is unacceptable but ads themselves are OK.

                                                3. 5

                                                  I disagree with that viewpoint. It’s right up there with, “Our service would be secure if people would just stop requesting these specific URLs.”

                                                  I just don’t see ad-blocking as freeloading. It doesn’t make any sense to pay for something when there’s an equally good free alternative.

                                                  I’m a happy paying customer of GitHub, Fastmail, SmugMug, Amazon Prime, Flickr, Netflix, and probably some services I’m forgetting. At the same time, I’m not stupid, and I’m not going to be annoyed and look at ads.

                                                  1. 1

                                                    ““Our service would be secure if people would just stop requesting these specific URLs.””

                                                    It’s certainly not. Managing the risk your product or service has for consumers is totally different than getting a good you know is ad-supported, has ads built-in by default, and stripping the benefit to the other party while enjoying the content. They’ve put work into something you enjoyed and a way to be compensated for it. You only put work into removing the compensation.

                                                    “ It doesn’t make any sense to pay for something when there’s an equally good free alternative.”

                                                    I agree. I then make the distinction of whether I’m doing it in a way that benefits the author (ads, patreonage, even a positive comment or thanks) or just me at their expense since they didn’t legally stop me. I’m usually a pirate like most of the Internet in that I surf the web with an ad blocker. I’m against ad markets and I.P. law, too broke to donate regularly, and favor paid/privacy-preserving alternatives where possible (i.e. my Swiss email). When I get past financial issues, I’ll be using donations for stuff where possible. I still do that occasionally. Meanwhile, you won’t catch me pretending like I’m not freeloading off the surveillance profiles of others on top of whatever they have on me.

                                                    1. 6

                                                      These anti-adblock sentiments seem to always assume the content creator will get paid if I don’t block the ads. But that assumes that either (1) they get paid by impression – which is vanishingly rare or (2) I would click on ads, which I won’t blocked or not.

                                                      1. 1

                                                        Now that’s a good counter worth thinking about. It still fits into my overall claim of freeloading, though.

                                                  2. 2

                                                    Mostly it doesn’t which is why most of the time I don’t bother to look for ways to pay for it. But setting aside vast majority of websites where I might visit only once or twice why should I go out of my way to avoid sites that don’t offer any (to me) reasonable way of paying for them?

                                                    From practical point of view using ad-blocker I don’t even know about most websites approach to monetisation if there is one. I do bail on those that notify me about my ad-blocking which I guess is ethical in your book?

                                                    For what is worth I do pay for a bunch of online services, few patrons and sponsor/subscribe to a couple of news media organisations.

                                                    1. 2

                                                      why should I go out of my way to avoid sites that don’t offer any (to me) reasonable way of paying for them?

                                                      A good point. The authors concerned with money should at least have something set up to receive easy payments with a credit card or something. If they make it hard to pay them, the fault is partly on them when they don’t get paid.

                                                  3. 3

                                                    While I agree content needs to be paid for in some manner - network ads use a not insignificant amount of bandwidth which I pay for on my mobile data allowance and at home through my ISP. The infrastructure costs of advertising, and spam email are not all bourne by the producers of that content. From my perspective the advertisers are not funding the content that I want…

                                                    1. 1

                                                      Well, that’s interesting. I can relate on trying to keep the mobile bill down. It still falls in with freeloading where you don’t agree to offer back what they expect in return for their content. Yet, it’s a valid gripe which might justify advertisers choosing between getting ads blocked or something like progressive enhancement for ads. They offer text, a pic, and/or video with what people see determined by whether a browser setting indicates they have slow or expensive Internet. So, they always serve something but less bandwidth is used when less is available.

                                                  1. 18

                                                    Maybe your single page app is different, but the ones that I know break most of my browser’s features, such as the back and forward buttons, page refresh, bookmarking, sending a link, or opening a link in a new window or tab.

                                                    Eh. I’ve been building SPAs for four years now, and not even my first hacks prototypes suffered from these issues. They’ve been solved for a long time.

                                                    I only rarely encounter SPAs that have these problems (usually some business app originally built more than ten years ago), but frequently see ones that have been competently built to handle those cases.

                                                    1. 7

                                                      In general I agree, but Twitter for some reason likes to load wrong tweets when I follow a shared link. I know they are wrong because username in URL is clearly not the same as tweet’s author.

                                                      Luckily I don’t have to do that often and this behaviour comes and goes. Still, while listed problems may be overstated I think they still exist.

                                                      1. 2

                                                        Yeah — pretty much all the SPA tooling that exists includes a URL routing library/component/thingy. I literally never saw a public web app where URL stuff is broken.

                                                        1. 16

                                                          As an example: Twitter. If you click on an image, but it is still to small to view it and then right click (“View image”) it to be able to see it at the original size. Then use the back button in your browser to go back it will jump to the start of your timeline instead of the place where you started from. Very annoying!

                                                          1. 2

                                                            I still don’t come into contact with too many SPAs (that I am aware of at least) in most of my browsing / web usage.

                                                            1. 1

                                                              I can never tell if this is the result of different sites or different expectations. Do people who write SPAs expect other sites to work like theirs without realizing that other users haven’t internalized the same model?

                                                              I don’t think people are making up these complaints. I’d have to do a lot more research than I’m inclined to do to discover issues that might go wrong but never actually do. When I say an errant click causes a view transition I can’t reverse with the back button, it’s because that’s happened to me.

                                                              1. 3

                                                                I don’t think they are making up their complaints, but I suspect that they often don’t notice SPAs unless they are broken in obvious ways. And a lot of the things that get attributed to SPAs, I see more frequently on apps that are partially traditional server apps with lots of jQuery soup added to make things more dynamic.

                                                              2. 1

                                                                Microsoft’s Dynamics 360 CRM is horribly broken in this regard.

                                                            1. 9

                                                              Is it Electron, or is it Slack? Because whenever I see developers enjoying bashing Electron, which is definitely the pitchfork-bait of our time, the complaint seems to be really about Slack. I’d say it breaks down to

                                                              • 85% Slack
                                                              • 10% Atom (usually someone mentions that VSCode is a text editor also built on Electron, and says that it performs a lot better)
                                                              • 5% Spotify and everything else

                                                              No-one seems to complain that Github Desktop is horribly slow, but there must be a decent number of people out there using it. Spotify is barely mentioned considering that there are probably as many (or more) people using it all day, every day, than there are using Slack. Like Slack it displays a lot of lists, and graphics. And recently someone was claiming that Slack runs the development build of React in production, which seems like it could be a problem…

                                                              An empty Electron project consumes 40mb of RAM on my 2013 Macbook Air. Right now Spotify is using 104mb, and I’ve had it playing for hours. In the meantime, WebStorm and PyCharm are consuming 1.5gb each - by far the most of any applications I have running. PyCharm only has one small project open. I have to wonder what on earth they’re using all the RAM for. My conclusion: The JVM sucks!

                                                              1. 5

                                                                It is both. Empty project consumes 40MB of RAM and that doesn’t strike you as unreasonable? I ran desktop publishing software on Amiga 500 in less than 1/80 of this.

                                                                I think it is likely that I will choose to use Electron within next year at the company I currently work for with perfectly valid business reasons for its use. But I certainly will not pretend that such solution is not technically hacky and very wasteful.

                                                                I agree that Electron doesn’t have a monopoly on being wasteful.

                                                                1. 4

                                                                  Empty project consumes 40MB of RAM and that doesn’t strike you as unreasonable?

                                                                  Well, it’s empty in that it’s rendering a single page React project that says “Welcome to React” on the screen. And I have the React developer tools installed, too. 40mb of RAM is less than 1% of my 8gb. Sure, it could be done with a lot fewer resources in a native app (shout-out to Sublime Text for it’s stinginess!) But less than 1%? I just don’t really care about that level of usage. Dropbox uses a lot more, and I don’t even know what it’s doing.

                                                                  As for Slack, they must be aware of these complaints by now. It’s hard to imagine they don’t have people at least looking into it. I imagine we’ll see improvements in the next few months that lead to less resource usage, and snappier performance.

                                                                  1. 2

                                                                    But less than 1%? I just don’t really care about that level of usage.

                                                                    and yet a moment before you shouted out to Sublime Text indicating that you do notice that level of usage.

                                                                    Performance matters.

                                                                    1. 2

                                                                      No, I noticed Sublime only because I was looking through Activity Monitor seeing what apps were using RAM. I thought that compared to PyCharm (which admittedly does more stuff) it was pretty low on RAM usage. But they both perform just fine. If I hadn’t looked I wouldn’t have realized.

                                                                      Also, RAM usage and performance are not the same thing.

                                                                2. 1

                                                                  Re 1.5GB

                                                                  The reason might be because it’s a native app. One running on a Linux distro they like running on an x86 emulator running on JS all with window manager set up to keep app full screen. You just cant see the extra layers.

                                                                  They swear it was a great portability solution for the app they already wrote for that one distro. No need to maintain several versions of your native app when you can containerize it for multiple platforms in same browser. Really efficient for cash-strapped startups targeting Linux market snagging people on side who use inferior platforms.

                                                                  1. 2

                                                                    Sorry, I’m struggling to parse your post. I’m not sure what any of this has to do with Linux or x86 emulation, and I’m not sure who “they” is. Are you saying that JetBrains’ IDEs run inside Linux VMs? I thought they were all Java (or at least JVM-language) applications?

                                                                    1. 1

                                                                      It was just a joke. I thought this was about Electron applications that were all bloated. So I just ran with it. Maybe a big miss on my part.

                                                                1. 7

                                                                  Thoughts - perhaps there’s value in attempting something like the focus the original Palm and Newton devices had, despite their differences, and perhaps modern accoutrements like sync. They were both focused on trimming the cruft from pocket devices that accumulated, and focused on a few thing. Palm focused on the “core four” of contacts, calendar, tasks, and notes, and did them simply and did them well, while making a few additions. Newton focused on being able to write anywhere and make it useful anywhere - the closest to that today, I’d say, is OneNote.

                                                                  1. 3

                                                                    I used to be a Palm PDA owner for years and my sister used hers until few years back when empty batteries wiped her data.

                                                                    I am not sure I would describe Palm’s work as focusing on trimming the cruft. I think they correctly identified those 4 apps as the one that are most important and need to be polished, but otherwise was mainly a story of limited resources. Certainly platform itself let people add apps and there was a healthy market of different ones.

                                                                    1. 3

                                                                      I never made the connection before, but Plan 9 and acme come to mind as a similar model, in that everything is text and almost free-form and you can assign meaning to text while still being able to “just click and type anywhere”

                                                                      1. 7

                                                                        Acme ripped much off much of its metaphors from Oberon, and a little bit the Raskin UIs of SwyftCard, Canon Cat, and Archy. (MPW later was inspired by Acme and Oberon. Another little-known thing is that MPW and Plan 9 itself were also influenced by Apollo Domain.) Newtons focused on pen input for notetaking, which is why I suggested OneNote.

                                                                        1. 1

                                                                          Is there any way to run Aegis or Domain/OS under emulation, rather than trying to find and run aging Apollo DN* hardware, commercially or otherwise? Does anyone know the licensing situation with, I assume, HPe?

                                                                      2. 3

                                                                        I found value in them for privacy purposes. Simple, non-wireless devices are easier to secure. One designed to not trust anything outside the SOC boundary far as info storage and processing would be a step up over current smartphones or desktops. It could also run a lot of software (eg even Linux) based on prior work in CompSci. It could also be cheap as prior work used things like MIPS or SPARC processors with Leon3 being open-source. Now we have Rocket with its chip generator.

                                                                        There’s also potential to use them for improved speed, UI, or battery life while doing basic apps. No cruft = less stuff going on. Maybe program them to use modern components from smartphones like the battery or even touchscreen. Just more focused UX on top of that hardware.

                                                                        1. 3

                                                                          Even if they still had wireless functionality (required for any modern market), you could still do it 10x better than extant smartphones. Give much more fine-grained permissioning of peripheral access and stop the whole “wireless chips get DMA” thing. If you put all your wireless peripherals over untrusted ports (and, ideally, tried to make the peripherals themselves more trustworthy) that would be substantially better than the current situation. I know there have been several efforts to move the baseband in cell phones to USB, but as I understand these efforts have died due primarily to regulatory concerns.

                                                                          1. 4

                                                                            wireless chips get DMA

                                                                            This is a good thing, otherwise performance would be trash - what’s not a good thing is unrestricted DMA. This is why IOMMUs exist.

                                                                            1. 1

                                                                              My original concept was a knockoff of the Nokia Communicator given the low-cost, secure components take up more space due to extra isolation. The original even had an Intel processor with segments that could’ve run GEMSOS security kernel assuming memory requirements didn’t prevent it. Today, we got lightweight kernels like Muen or OKL4 with embedded chips that have MMU’s and such for as low as $4 per 100 units. New version might be even smaller. :)

                                                                              https://en.wikipedia.org/wiki/Nokia_Communicator

                                                                        1. [Comment removed by author]

                                                                          1. 6

                                                                            I’m starting a new job in September working on in-situ gene sequencing. We’ll see how it goes, but from the outside it sounds pretty useful.

                                                                            1. 4

                                                                              This is my least favorite sort of troll dialogue:

                                                                              • A: there is a problem with system X, here’s why we should work on that
                                                                              • B: oh! but you either participate in, or have not completely solved X!
                                                                              • C: is now aware of, and can work on the problem, no thanks to (B)
                                                                              1. 1

                                                                                How often does that happen, compared to people just unhelpfully telling other people to do stuff?

                                                                                1. 3

                                                                                  Probably more often than one would think. I know little about authors and their lives of most ideas that influenced me.

                                                                                  And how often does this need to happen? What harm is done when it doesn’t?

                                                                                  1. 2

                                                                                    Well, I find hypocrisy and haraunging inherently annoying to a certain extent. On a broader level I think taking what people say too seriously in relation to what they do is contributing to a destructive political polarization.

                                                                            1. 6

                                                                              From my biased perspective, it is difficult to see how these “personal improvement programs” for a disappointing employee can ever be a constructive force. At best they seem misguided. At worst they appear to be a cynical HR ploy to save face before terminating an employee.

                                                                              They are always a way to terminate while protecting the company from any wrongful termination lawsuit.

                                                                              1. 3

                                                                                I am not sure if you mean PIP specifically or any suchlike program in which case I politely disagree with “always”.

                                                                                Maybe I am biased since I relatively recently went through experience which regretfully ended with us letting go of someone, but that wasn’t our intention to begin with. Finding people when you grow is difficult enough, replacing them is even more annoying since you need all that effort just to get where you were and that is after all the on-boarding which also takes time. We decided to part ways when it became clear that after few months of effort we didn’t make any noticeable progress.

                                                                                One signal that separates honest effort from dishonest one is the kind of feedback person is getting: mainly how specific and focused it is.

                                                                                In my case I made certain that I explained on concrete examples not only what I was dissatisfied with, but also why; what the impact of those actions was on work and team and what specifically I wanted to see improved and again why that change is important. My aim was also not to reinvent the person wholly, but instead limiting our work on couple of areas that were proving to be most disruptive to the organisation.

                                                                                I live and work in EU country with fairly good worker protection. If those problems were just bullshit, then it would be easy to successfully sue us.

                                                                              1. 4

                                                                                Now imagine a world where bitcoin is world 1st monetary unit (e.g. like dollar is today) and someday it will get into “maintenance mode” for a day, two or month. Will world halt for that time?

                                                                                1. 4

                                                                                  With far more serious bitcoin deflationary problem this would be the least of our problems.

                                                                                1. 10

                                                                                  OK, so look, here’s the question. I’m a reasonably savvy, reasonably not just tech-aware but also reasonably politically-aware Internet user; I’ve been online since like 1994, I get how the infrastructural stuff works, I understand the implications of the FCC stuff, all the rest of it. I’ve got what I think is a reasonably solid comprehension of the issues involved in this sort of thing; I’m aware of the the trajectory of the W3C over the last 20 years or so; I see how the big corps have gradually worked their way into greater influence, and I’ve seen the impact that’s had on open standards and I’ve been unable to avoid noticing the transmogrification of what the web and the net were into what they’ve become, not least through the direct impact that’s had on the kind of work I can get. I’ve seen TimBL shouting about RDF and semantic web and all the rest for long enough that I’ve got to the point - not even that recently - that I’ve almost stopped listening, and just gone “yeah Tim, sure, whatever you say”. But I’ve consistently seen him at least as one of the last few sane voices speaking out for a free, open web against the ever-increasing encroachment of the megacorps.

                                                                                  So when I read this, I just go, uh? What gives? Is there something I’m missing here? Isn’t it transparently obvious to anyone not just propagating the big-corp line that, actually, no, EME is going to fuck things up for everyone except the large corps? Have I massively misunderstood everything? Is there some way in which actually this is in the benefit of the many, rather than the few?

                                                                                  And if not, then, really, seriously, what the fuck, Tim? Are you being massively, grossly and unfairly misrepresented? Are you in fact still trying to fight for the freedoms and the openness that you always seemed to be fighting for? Or have you, like all the rest, just gone “fuck it” and toed the big-corp line? What does that even consist of? Did you actually just take a big check? Is that how it works? Or am I really, seriously, just completely missing the deal here?

                                                                                  I would really love to get some serious answers on this because on face value, of what the EFF say (and I generally think they don’t seem to be straight-out lying to us), and on the actual content of what I’ve been able to take in about EME, this really doesn’t seem to be a good thing, and if it’s not, what the fuck is TimBL doing approving it?

                                                                                  1. 9

                                                                                    Am I maybe the one missing the deal? I know I generally don’t care about the things the EFF does as much as they do, though I can generally understand their position, but this particular issue seems to generate a great deal of passion that I don’t get. Are DRM free web sites going to be taken away? Is somebody going to show up at my house and beat me with a stick until I put DRM on my website? No? I don’t really see what’s being taken away. There’s going to be this “new” (though that’s obviously not quite true, there’s nothing new about flash or silverlight) nonfree web, but is it really zero sum with the free web? Will it become impossible for all those artists who only want exposure to release their movies for free?

                                                                                    It seems like there’s a certain range of options which Netflix is going to do. And you can standardize them or not standardize, but Netflix is gonna be Netflix. So maybe some people get to watch Netflix in their browser, and some people don’t like running the DRM plugin and have to buy a Roku. The alternative would be to simply make everybody buy a Roku. Is that really a win?

                                                                                    1. 5

                                                                                      Here’s the thing: they’re putting in a lot of time and energy in a feature that hurts the end user, and doesn’t provide the benefits that it claims to. The question here is: who does the W3C represent? Are they operating in the best interests of the overall ecosystem, or the best interests of Netflix?

                                                                                      1. 4

                                                                                        Don’t use it if you don’t like it? I mean, there’s already a lot of W3C standards that do stuff I don’t like, so I turn that crap off. Is the ecosystem better if Netflix stuck with silverlight?

                                                                                        1. 4

                                                                                          Why standardize a feature that delivers no value to anyone (not even the people most aggressively agitating for the feature)? It’s a waste of time and energy. Netflix isn’t stuck with Silverlight, as the vast quantity of easily pirated Netflix content demonstrates, Silverlight isn’t giving them the protection they ask for anyway.

                                                                                          1. 5

                                                                                            Because the purpose of standards is to codify existing practice? EME is the interface Netflix uses to show video in chrome, Firefox, edge, etc. They’re not asking for permission to do this, they’re already doing it.

                                                                                          2. 2

                                                                                            Yes.

                                                                                            1. 1

                                                                                              Do we have a choice? Surely the writing is on the wall for Netflix over Flash/Silverlight. After the top 3 or 4 companies use EME exclusively, where can we get the latest movies DRM free or at least without running other people’s closed source code? The thing that annoys me is that no matter what they do all these shows will show up on torrents anyway, so they are really just abusing the paying customers, as always pirates get the best deal.

                                                                                            2. 2

                                                                                              DRM has always existed before this, and has been a thing people are willing to install plugins for.

                                                                                              By offering a standardised way of implementing DRM, end users will most likely be less vulnerable to the kind of bugs that “general plugins” like flash end up opening.

                                                                                              I can understand fighting this, but if you have the hypothesis that DRM is already present and won’t go away midterm, then this is a security improvement

                                                                                            3. 3

                                                                                              I’d imagine that Roku is Defective By Design as well, as such, it wouldn’t be an alternative.

                                                                                              The alternative would be to not watch Netflix, because Netflix by itself is defective by design as well. ¯\_(ツ)_/¯

                                                                                              1. 3

                                                                                                Do you develop software for Amiga or at least try to make sure yours run on one? Platform is still around even if it isn’t as actively supported as it used to be and has to be run on PC.

                                                                                                My guess is that no, because it doesn’t matter. Platforms or really ideas of any kind do not get to achieve some kind of world-wide enlightenment that would make them permanently anchored in our society. They have to fight for their little place as any other idea all the time. Technologies, languages, religions, they all die if there is not enough force of some kind behind pushing them.

                                                                                                I am an open web advocate because I think it benefits society even if it may not any particular company. Companies on the other hand, based on plenty of empirical evidence, clearly don’t take the same view neither when it comes to value of openness or the “constituency” of their actions.

                                                                                                Netflix could stream their stuff easily with technology already out there. The whole point of DRM and EME is to restrict access and control by running uncheckable binary blobs on our computers and I really don’t see nor believe that this would stop with video if it doesn’t have to.

                                                                                                In other words, EME is a way of getting to close parts of web since getting rid of it clearly did not work. It is true it would not get rid of all of it, but web would certainly have fewer teeth.

                                                                                                1. 5

                                                                                                  Netflix does stream their stuff with technology already out there: EME.

                                                                                                  I’m still unclear what’s meant by “getting to close parts of the web”. Which parts are those and when were they open? Are we talking about Netflix’s website? Is the issue here they made the mistake of using port 80 instead of port 81? If the encrypted video was hosted on port 81, and thus outside the web, would it no longer be a threat to the open web?

                                                                                                  1. 5

                                                                                                    Sure, but you don’t NEED EME to stream from purely tech perspective. You need it to meet other goals.

                                                                                                    As to the second point, in a narrow sense I agree that it doesn’t literally take anything away and therefore the quoted part is not the best way of putting it. I also think this is a very reductionist way of looking at what technology is and does.

                                                                                                    My worry is two fold. On a more technical side that this will enable pushing more closed stuff into browsers and thus enable companies to avoid finding an open and shared solution for new capabilities. Old, open stuff might still work, but would get less important and relatively smaller over time.

                                                                                                    Secondly, it normalizes closeness and confirms it as an option. Netflix & co. do not want to stream to browsers out of goodness of their hearts. They want to do this because their customers demand it and instead of getting them to yield eventually we folded. So even if DRM/EME itself does not offer yet tools to close off more than content, W3C effectively said that open is just a nice to have, negotiable with enough pressure.

                                                                                                    I can see how this decision might not look like a big deal, but it sure as hell isn’t a win for an open web.

                                                                                                    1. 4

                                                                                                      Ok, I can see the existential dread argument. But it’s kind of abstract, no? So when somebody asks, what the hell, why isn’t everyone angry, the answer is it’s pretty hard to articulate what to get angry about.

                                                                                                      From my perspective, I’ve been a Netflix customer since before streaming. Then they added streaming, with a very limited catalog, and it basically only worked with IE and silverlight. You could maybe try silverlight on other browsers, but pretty hit or miss. Of course, this made some people really angry. I needed to boycott Netflix or else someday I’d be really sorry. Well, here we are ten years later, and more people can watch more shows on more devices than ever. not just slightly more, but lots more. And so, despite all the screaming about how things were only going to get worse, they really don’t seem all that bad.

                                                                                                      If there’s an argument that things are going to go from bad to worse, I’d like to see it account for the past ten years as well. Explain how Netflix has actually made millions of people unhappy, or how this represents some new inflection point, etc.

                                                                                                2. 1

                                                                                                  A roku is going to be hard/impossible to use in all situations though, for example on the bus.

                                                                                                  I think the main objection is allowing/requiring third party, probably closed source code to run in the browser with less restrictions than javascript for example. However for something like Netflix you have to use either Flash/Silverlight or HTML5 + CRM currently anyway. I’m not sure what the difference will be between HTML5 + CRM vs EME though. Seems like you are going to be running someone else’s code no matter what.

                                                                                                3. 3

                                                                                                  So when I read this, I just go, uh? What gives? Is there something I’m missing here? Isn’t it transparently obvious to anyone not just propagating the big-corp line that, actually, no, EME is going to fuck things up for everyone except the large corps?

                                                                                                  The thing you’re missing is that EME is already going into into browsers. It’s going to be there and get used regardless of what the W3C does. The only question is who gets their names on the document, and whether it ends up being cross browser or not.

                                                                                                  This isn’t a fight that we’ve already lost, and Tim Berners-Lee seems to realize that.

                                                                                                1. 3

                                                                                                  Such a worthwhile article! I hope he’s preaching to the choir, because doing anything without tests up-front has started to feel like Russian roulette, but harder to do.

                                                                                                  1. 14

                                                                                                    Dijkstra, Mills (Cleanroom), and Praxis did it without tests up-front. Their results were better than TDD from what I’ve seen.

                                                                                                    https://en.wikipedia.org/wiki/THE_multiprogramming_system

                                                                                                    http://infohost.nmt.edu/~al/cseet-paper.html

                                                                                                    http://www.anthonyhall.org/c_by_c_secure_system.pdf

                                                                                                    Praxis approaches space shuttle in defect rate with a 50% premium on development. Their data indicates most defects were found before testing. Maybe something to these methods. ;)

                                                                                                    1. 2

                                                                                                      Caveat: I didn’t go very deep in these, but I have read about these back in the day.

                                                                                                      To me these are not mutually exclusive. You can do a lot of planning beforehand and still do all the testing you need.

                                                                                                      @alexkorban mentioned laying out the code to be tested. I believe this is also something that makes sense for testing regressions.

                                                                                                      Or am I missing something?

                                                                                                      1. 2

                                                                                                        “doing anything without tests up-front has started to feel like Russian roulette, but harder to do”

                                                                                                        That quote inspired my comment. It sounded like drinking the Kool-AID of TDD crowd. I got plenty of software working right first time without testing by using similarly-careful methods to what I described. Testing is definitely useful and caught errors in other stuff I built. It’s an extra method in the verification and validation toolbox. Using things other than TDD isn’t Russian roulette, though, if they got better results. Using no verification methods or only occasional verification would fit your metaphor.

                                                                                                        1. 2

                                                                                                          In my experience tests are most useful after a refactor or change in platform. Before that, they are about equal to careful review and testing your software by hand as you write it.

                                                                                                          1. 2

                                                                                                            I can understand that, but as it has been said, the tests are there to guard against regressions as well.

                                                                                                            Someone else can change a little thing in a large code base and there are two ways to find problems: complaints or tests.

                                                                                                            When you can hold the context in your head or your team is absolutely committed to making no changes without careful study of all the code, sure. But this is cumbersome and more prone to human errors.

                                                                                                            Not to say testing and TDD are fool-proof silver bullets, either.

                                                                                                            1. 3

                                                                                                              But now you are making an argument for having tests, not TDD.

                                                                                                              I write tests, but stopped practising TDD because it took comparatively forever and for reasons alexkorban stated.

                                                                                                              1. 3

                                                                                                                Exactly. Regressions are catching screwups after the design is done or in some usable, intermediate form. They’re not about whether tests drove that design in the first place. Like both ac and mjtorn, I’m all for tests to catch regression errors. They can be written after the fact, though. They can also be generated from specifications with some toolkits.

                                                                                                        2. 1

                                                                                                          My reading of the cseet-paper link made me think it was just careful code review.

                                                                                                          1. 2

                                                                                                            It uses box structures, a limited amount of formal specification, functional style of decomposition in hierarchical way, a simplified subset of programming constructs, code review to verify their proper use, tracking of data flows as he described it, and usage-centered testing to knock bugs out of intended use-cases. Quite a bit more than code review. Most important is the stuff before code review that makes the review more likely to catch problems.

                                                                                                      1. 4

                                                                                                        “When AT&T offered a $30 premium service that allowed user to opt-out of browser tracking for ad targeting, few users took it. This portends a future where most people will increasingly choose ever more invasive tracking in exchange for money, health advice, and entertainment”

                                                                                                        No. This says that few people want to pay $X for internet + $30 for the same company to also respect their privacy. It says nothing of customers that:
                                                                                                        a) Leave
                                                                                                        b) Didn’t hear of this policy change, didn’t know what the implications are, or didn’t care
                                                                                                        c) Join after this policy change and didn’t read the fine print
                                                                                                        d) Don’t believe anything will change for that $30

                                                                                                        Sure it says something about customers that don’t think their privacy is worth $30 and still stay, but we have no idea which customers those were.
                                                                                                        I would say $30 is too much for a basic right such as privacy. Why not build a basic right to privacy into our laws and require an opt-in. We could also require that no extra payment can be charged to provide privacy over their basic service.

                                                                                                        1. 4

                                                                                                          Agree. It also doesn’t scale for most people. 30$ per month is 360$ per year for ONE service. If this was common approach, most people would quickly run out of funds to protect their privacy even if this actually worked on every service.

                                                                                                          1. 2

                                                                                                            If people cared enough to have these made into law, they could as well support and endorse privacy-aware competition, like DDG.

                                                                                                            Problem is, online presence isn’t something as obvious as having sex in front of your kids or even enveloped mail. The financial abuse of users-as-the-product is enough to lobby politicians. These things are hard to oversee. And in the end, people find it more convenient than creepy that Facebook runs diaper ads for her before she knew she got pregnant.

                                                                                                            1. 3

                                                                                                              If people cared enough to have these made into law

                                                                                                              Well, they did, with telephone conversations and post. And I don’t really know why these laws weren’t automatically applied to computer networks.

                                                                                                              1. 2

                                                                                                                Because there is no generalizing in a world dominated by statute law.

                                                                                                            2. 2

                                                                                                              Why not build a basic right to privacy into our laws and require an opt-in. We could also require that no extra payment can be charged to provide privacy over their basic service.

                                                                                                              So basic service now costs $30 more with a $30 rebate if you let them provide you with ‘beneficial offers from our valued partners’.

                                                                                                              Not to mention you have to actually define what privacy actually is and then build a giant mechanism to verify if ISPs are compliant or not. So good luck trying to start a competing ISP on the basis of being a freedom respecting provider.

                                                                                                            1. 3

                                                                                                              If you don’t game or do something with lots of video or images or crunch numbers, the only reason to upgrade these days is to keep up with websites.

                                                                                                              1. 1

                                                                                                                And web browser security patches.

                                                                                                                1. 1

                                                                                                                  True. An old friend of mine got in contact recently to ask me for an advice regarding computer he intends to buy. After ~20 years he feels it is time to give up on his Pentium III. I am still astonished.

                                                                                                                  1. 1

                                                                                                                    I gave up on a PIII 600 (128MB RAM) in 2007 - it served me over a decade as my daily driver and the only thing that ever broke in it was the power supply. Wish I could tell the same on recent hardware.

                                                                                                                    1. 1

                                                                                                                      s/over/almost/

                                                                                                                      (didn’t know editing is blocked on lobste.rs after a while).

                                                                                                                1. 9

                                                                                                                  The comments in here…

                                                                                                                  • “Though I’m still waiting for my ‘Fetch Title’ button on the web UI”
                                                                                                                  • “Though I’m still waiting for a way to view my bookmarks with the twitter and twitter_favs filtered out”
                                                                                                                  • “Does this mean that we’ll get an official mobile version of Pinboard”

                                                                                                                  Along with my own thoughts when renewing my pinboard acct. recently (tag-suggestions, pay more $ for prettier pdf archiving, etc.) make me think there’s still room for a bootstrapped competitor if one’s really driven to do it. Either that or routes to improve other solutions (e.g. improving shaarli, extending standard notes, etc.)

                                                                                                                  (seriously, i love pinboard overall though)

                                                                                                                  1. 7

                                                                                                                    I’m pretty sure Maciej would love to have competition (seriously).

                                                                                                                    1. 4

                                                                                                                      I would renew my Pinboard account just for all the other work Maciej does, but getting few more features as a Pinboard user is nice too.

                                                                                                                      1. 2

                                                                                                                        Indeed, I still renewed. One nuance I should’ve pointed out about pinboards decision to not invest too much in the ui is that its opened up the opportunity for pinboard apps by other indie developers. I could actually see it being a reason for Maciej to be a bit afraid of squashing the “ui playground” of existing pinboard client apps in the process.

                                                                                                                        This is something I’ve explicitly observed in other services with a large tech-savvy userbase, where they’ve rejected acquiring native iOS apps that use their service because it would immediately make them a competitor / alienator to other client apps supporting the service.

                                                                                                                      2. 1

                                                                                                                        Bookmarking apps come and go, so I get that one reason people stick with Pinboard is that they’re fairly confident it’s going to be around in 5 years, regardless of lack of development. That’s fair. All the same, I’m trying to build something that competes by adding some stuff that Pinboard doesn’t do (syncing github starred repos, official Android client, iOS client is on the way) and backing that up with regular updates. I can’t really point to anything convincing that says my thing will be around in 5 years, but on the other hand, it costs barely anything to run, and I’m stubborn, so I don’t see why not.

                                                                                                                        Anyway, if anyone is shopping for an alternative and thinks Maciej is doing well enough already, you might like to take a look at https://larder.io.

                                                                                                                        1. 1

                                                                                                                          Nice! Wish I heard about this before resubscribing to pinboard for a few more years, bookmarked this for later (along with changemap).

                                                                                                                          You may want to consider doing some marketing (i.e. listing your site on places like alternativeto, etc.). I recall actively looking for some alternatives last month but didn’t find your service.

                                                                                                                      1. 1

                                                                                                                        Is there any research about why users switch browsers? I think that reversing the trend for Firefox has two components (that should be considered separately for desktop and mobile):

                                                                                                                        1. Why are users abandoning Firefox?
                                                                                                                        2. What would make users switch to Firefox from another browser?

                                                                                                                        A quick search didn’t return anything meaningful so I’m curious whether you’re aware of any research in this area.

                                                                                                                        1. 7

                                                                                                                          Speaking just for myself – thus this is just an anecdote – but I switched from Firefox to Chrome years ago because the Firefox UI would often become unresponsive for several seconds, which drove me crazy. Also, because of the (perhaps mistaken) perception that Chrome was more secure.

                                                                                                                          That being said, I recently switched back to Firefox at work, and it seems like they’ve fixed a lot of the UI latency issues in Firefox.

                                                                                                                          1. 1

                                                                                                                            With Electrolysis most of these features should have been fixed. You can also turn on multiple content processes somewhere in the settings which means that one slow site won’t slow down all your tabs.

                                                                                                                            1. 1

                                                                                                                              My hidden ricer side wakes up when I think about the potential speedups with multiple processes.

                                                                                                                              That’s because I use the -ck patches, including the MuQSS scheduler, which goes really well with multiple processes.

                                                                                                                            2. 4

                                                                                                                              I have piped up on this subject before and can speak only for myself, but here goes:

                                                                                                                              Firefox annoys the shit out of me at times. It slows down randomly. Sometimes, after a restart, it forgets I use two windows. It updates so often I don’t know which issue goes with which version, so I give up caring. Sometimes it corrupts its sessions.

                                                                                                                              Then I look at the competition. No multi-row tabs. No tab groups, lile the FF add-on I like. The Community(tm) gently points me to sub-par alternatives like lists or tree views. Good for you, if that works for you. Not my thing.

                                                                                                                              I half-way upgraded to Debian Stretch. I know you shouldn’t do that, things break between distro versions. Naturally some dependency unknown to me broke Mozilla’s build. So I tried the ESR build and it was slow. Like a retarded sloth doped on ketamine and stuck in tar.

                                                                                                                              So I concluded the experiment by upgrading everything. Firefox is usually fast enough, again.

                                                                                                                              I also learned to live with the various backup methods.

                                                                                                                              The reason I care about this? I use tabs in tab groups a bit like bookmarks, so I can switch contexts by switching all tabs depending on what I feel like doing.

                                                                                                                              I estimate there are roughly zero people on the planet who do this like I do.

                                                                                                                              I also estimate there are less than five people who’d be convinced by a demo of the addons, but they’d have neither the patience nor desire to be convinced.

                                                                                                                              1. 3

                                                                                                                                For what is worth this is exactly how I use tab groups :) No idea what I will use once they are gone.

                                                                                                                              2. 3

                                                                                                                                I switched off firefox because it’s unbearably slow. I will switch back if they make a browser based on servo.

                                                                                                                                When I remember that they have a 1000+ employees it makes me really uncomfortable.

                                                                                                                                1. 2

                                                                                                                                  What did you switch to?

                                                                                                                                  Why do 1000+ employees make you uncomfortable?

                                                                                                                                  1. 1

                                                                                                                                    If all goes well, the first Servo-based components should be in Firefox by the end of the year. Not all of Servo, just bits of it (currently it’s the style system and rendering stack)

                                                                                                                                  2. 2

                                                                                                                                    for desktop usage on linux, first it was lacking flash when it was common, then it was problems with H264 (which is patented), then EME/DRM, and now there’s still issues with netflix filtering it based on browser ID.

                                                                                                                                    looking at windows machines, it took longer to adopt auto updates. users who installed firefox before auto updates and when chrome did update are possibly comparing firefox 20 to the latest chrome. they’re unaware it’s much better if updated.

                                                                                                                                    the big numbers come from mobile. your phone already comes with a browser, and it’s never firefox. why would you get another (assuming you can)?

                                                                                                                                    1. 1

                                                                                                                                      I have a modernish computer with SSD and 16 GB of RAM, every year or so I try to Firefox but it is sluggish with 2 windows with 50-80 tabs each or so (yes I’m a hoarder and probably in the 99 percentile for tabs, but I just can’t find anything that can cope with my usage except Opera, Chrome and Chromium).

                                                                                                                                    1. 2

                                                                                                                                      All of this probably because some jackass decided to use OAuth+FB instead of putting on their big kid pants and deciding to own their own user system.

                                                                                                                                      1. 2

                                                                                                                                        That seems like a naive view. Minimizing sign-up friction helps get people on your platform faster, which can be helpful for a company. I’m not saying it’s good for the world but using FB for signups can be a very rational intelligent decision if you’re optimizing for your own financial longevity.

                                                                                                                                        1. 2

                                                                                                                                          Sure, as long as that is not your only option. Otherwise you are only share-cropping on FB.

                                                                                                                                          1. 1

                                                                                                                                            One way that seems to side-step this, is to allow FB login. Once this is done, use the data scraped from FB to auto-populate another account that’s unique to the website in question.

                                                                                                                                            It also means, if Facebook ever deletes/suspends the user, the user can still login via existing credentials. In effect, using Facebook to jump-start your own website.

                                                                                                                                          2. 2

                                                                                                                                            Well, if they’re tying their success to dependence on someone else, then I guess it’s for their own longevity up to the point where they can get bought, at least. Which makes sense from a purely short-(maybe medium-)term self-interest perspective. But … does literally no-one, anywhere, ever, try to balance their own financial longevity against what’s good for the world, even if only from the perspective of enlightened long-term self-interest?

                                                                                                                                            1. 1

                                                                                                                                              You’re saying slightly conflicting things, I think. Talking about long-term but there is no reason a company couldn’t add non-facebook signup in the long-term. In the short-term, making it possible for 2 billion people to easily sign up for your product could help quite a bit. Limited time/person power/etc.

                                                                                                                                              1. 2

                                                                                                                                                Fair point, maybe not conflicting, but perhaps inconclusive. Although having 2 billion people sign up for your product straight away might cause more problems than a young company could handle ;-)

                                                                                                                                                My point though, really, is just that it seems a shame that more people don’t try to accommodate or balance with what’s good for the world at any stage - and I think the reality is that if they don’t do it from the get-go, then the likelihood they’ll try to start later down the line, once they’re already invested in systems that don’t, seems even lower.

                                                                                                                                            2. 2

                                                                                                                                              Minimizing sign-up friction helps get people on your platform faster, which can be helpful for a company.

                                                                                                                                              Sure, but remember that according to the article, they already owned their own user system. The acquirer decided to break that.

                                                                                                                                              1. 1

                                                                                                                                                Then offer a choice: login with Facebook, Google, or another 3rd-party login system, or register an account with their system. Presto: low-friction signup for those that want it, and privacy-aware signup for those that care.