1. 2

    On the upside, some of the earlier models of the XPS 13 I tested had a tendency to produce a high-pitched whine in some situations. If you read users’ complaints around the Web, you’ll get a mix of theories, the most likely being coil whine. Whatever it was, I have not noticed it with this model.

    As someone who has owned a few of these from the Haswell version up through the Kaby Lake version, and experienced the coil whine on every one[0], I really hope they solved that issue.

    1. Sometimes it took a few weeks before it showed up, but once it does it’s almost impossible for me to not hear.
    1.  

      I have the Kaby Lake version as well. For me, the coil whine got significantly better with later firmware versions.

      1.  

        Coil whine, or power supply whine seems to be a problem with modern laptops. Apple has had similar problems too - a colleague had to send their new top-of-the-line Macbook straight back because the whine was so loud.

        1.  

          Coil whine is not an easily fixable problem (tl;dw the whiny kind of inductors is the one that’s electrically superior)

          1.  

            I’ve got the Skylake version and indeed this is a problem. Besides, this laptop had so many issues over the years I’m actually wondering if I’m still using due to Stockholm Syndrome or did it get better over the years…

            Personally the biggest annoyance is extremely slow boot, can take up to 7 seconds until UEFI app (OS bootloader) kicks in (if using TB16 dock +3s as it cannot start until the dock “starts”). I don’t remember this kind of slowness in my 2 year older than Skylake XPS 12.

            1.  

              Does it whine always or on AC power? I have a chrome book that occasionally gets loud enough to annoy me, but only plugged in. So I just unplug it (and hope I remember to plug back in when I’m done).

            1.  

              I’ve got a 9360 model with the QHD screen, after years of hating on laptops because of the sub-par characteristics. Very satisfied with it.

              My criteria is pretty much just:

              • A screen resolution that isn’t 1377x768 (It’s 2018! Why are these still shipping?)
              • Screen must not have adaptive brightness, or at least have the ability to completely disable this
              • WiFi/Bluetooth must not be Broadcom. Linux support is a crapshoot when it comes to these chips.
              • User upgradeable components (Thankfully, Dell provides an user manual describing how to replace the M2 hard drive and wireless chip)
              • Standard UEFI implementation (i.e. ability to disable Secure Boot)
              • Standard keyboard layout (funky layouts are a pain)

              Unfortunately, laptop vendors are only in the game to make a buck, and their offerings aren’t acceptable. At least Apple does this right.

              1.  

                Screen must not have adaptive brightness

                Isn’t that a completely software thing? Are there implementations of adaptive brightness directly in firmware now?

                1.  

                  Standard UEFI implementation (i.e. ability to disable Secure Boot)

                  Any laptop that ships with Windows (or can ship with Windows) and is using x86 architecture must have “disable Secure Boot” option:

                  (…) Intel-based systems certified for Windows 8 must allow secure boot to enter custom mode or be disabled

                  Source: https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot_criticism

                  1.  

                    Or even better, add your own key to the chain of trust, remove the ones that aren’t yours, and sign your own kernel.

                    1.  

                      Exactly. That’s what I do (with sbupdate), additionally booting directly kernel as an EFI application (so kernel acts as a bootloader, no GRUB necessary!).

                  2.  

                    Maybe they (1377x768) are shipping because people still like them? I’d prefer my x230 for work on the go over both of the T4x0p I’ve used any day. So yeah, it’s a bit apples to oranges, but afaik the XPS 13 has a similar resolution compared to what the T4x0p has on 14” - I find it cramped and small.

                    1.  

                      The X200s isn’t really any bigger than the X230 but has a much better 1440x900 display.

                      1.  

                        Not saying stuff can’t be improved, but this was re: QHD ( 2560 × 1440 ) - and I’m absolutely not a fan of huge resolutions. At least until the support in Linux (with external screens) is on the level of OSX. Not that I’m a huge fan of OSX, but I’ve never seen any problems with Retina MBP + Normal screen vs Linux on HiDPI + normal screen.

                  1. 6

                    I’m on a Thinkpad T450 (swapped out the screen for an IPS display) and have only good things to say. The keyboard is probably the best I’ve ever worked on, and I love that this laptop has plenty of ports.

                    The one thing I’m concerned about on Linux laptops though is the touchpad. This review doesn’t mention anything about the XPS touchpad either. I don’t know if it’s a software thing or a hardware thing, but I haven’t seen a touchpad that works even half as nice as the one on a Mac.

                    1.  

                      I don’t know if it’s a software thing or a hardware thing

                      I don’t know what hardware is in the newest Apple touchpads, but historically it was the same Synaptics stuff that’s everywhere.

                      It is software. Use Wayland and GTK applications. I have a ThinkPad X240 and a 1st gen Apple Magic Trackpad on the desktop — scrolling and pinch zooming PDFs in Evince / images in EoG feels great with both.

                      1.  

                        In my experience all touchpads are abominable except for Mac and Surface.

                        1.  

                          And Pixelbook, and Pixel Slate.

                      1. 2

                        🎉🎉🎉

                        It’s odd that the biggest change is not mentioned anywhere in the release notes though.

                        […] and ThinkPad are trademarks of International Business Machines Corporation

                        heh, hasn’t it been a Lenovo trademark for years now?

                        1. 1

                          It’s odd that the biggest change is not mentioned anywhere in the release notes

                          That and there’s significant effort and new hardware support behind this dot point too:

                          • Various improvements to graphics support for current generation hardware.
                          1. 1

                            Anyone know if that includes haswell gfx?

                            1. 2

                              Yes I believe so:

                              A system with Haswell or newer Intel HD Graphics (see here for a list) or a system with AMD Radeon HD7000 AMD GPU or newer (see here for a list).

                              https://freebsddesktop.github.io/2018/12/08/drm-kmod-primer.html

                              1. 2

                                I’ve been using Haswell gfx since 2015 :) back then it was a fork of the base system, updating the directly ported drm in base to match Linux 3.8.

                                The current LinuxKPI based port is…

                                • actually available for FreeBSD 11.2 as well
                                • currently at 4.16 for 12
                                • (so for Intel, up to and including Coffee Lake I think)
                                • includes amdgpu with Display Core working
                                • includes vmwgfx
                            2. 1

                              I suppose that’s not a signature feature, but it’s definitely the kind of thing I’d want to know about. When something breaks it’s good to have some inkling about the change.

                            1. 4

                              As a Firefox user I feel like Firefox is really not playing up to its strengths. The recent releases have tried to make it more Chrome, thus alienating people who have used Firefox for a long time. One example is the deprecation of classic extensions replacing them with web extensions. This is largely fine and it is nice to be able to run Chrome extensions but I would’ve wanted it to provide a way of porting the functionality of old plugins (via extensions to webextentions) instead of saying “yeah, that’s it”. Then I might as well use Chrome.

                              Similarly, I would’ve liked them to add more privacy focus. There are plenty of extensions doing things that a privacy minded person needs to evaluate and install and hope that the developers don’t do a bait and switch.

                              1. 17

                                One example is the deprecation of classic extensions replacing them with web extensions.

                                The biggest problem with extensions is that they were dragging down Firefox. Classic extensions were allowed to eff up many things in Firefox in a big way.

                                Similarly, I would’ve liked them to add more privacy focus. There are plenty of extensions doing things that a privacy minded person needs to evaluate and install and hope that the developers don’t do a bait and switch.

                                One of the arguments against the old extensions API was that no privacy concerns could be enforced, which kind of makes this a contradicting post.

                                1. 2

                                  I am aware why they were removed. But I would’ve liked if Firefox added sensible extensions to the webextension interface that would allow to do at least 80% of what the previous extensions were able to do. If Firefox extensions have to cater to the lowest common denominator (aka what Chrome supports), there is less reason to use Firefox instead of Chrome directly.

                                  And the improved privacy support could be added into Firefox proper, instead of letting users have to figure it out, thus requiring users to use fewer extensions in the first place and moving the trust anchor from random developers on AMO to Mozilla proper. Similarly how pop-up blocking was added in early Firefox which was one of the reasons people liked Firefox before every other browser copied this.

                                  1. 10

                                    I am aware why they were removed. But I would’ve liked if Firefox added sensible extensions to the webextension interface that would allow to do at least 80% of what the previous extensions were able to do. If Firefox extensions have to cater to the lowest common denominator (aka what Chrome supports), there is less reason to use Firefox instead of Chrome directly.

                                    Webextensions are - in contrast to other standards - allowed to implement Browser-specific things. And they indeed do provide that. There is definitely the issue that things are still being reimplemented.

                                    And the improved privacy support could be added into Firefox proper

                                    Firefox does have such features, like content-blocking and a privacy-conscious sharing setup.

                                    TBH, I feel like this way of interacting with Firefox is exactly what this blog post is against: we are supercritical of Firefox, but cut Chrome a lot of slack. Indeed to the point where even Chrome bugs are considered expected behaviour, but FF is not allowed to misstep at any point.

                                    1. 2

                                      Firefox does have such features, like content-blocking and a privacy-conscious sharing setup.

                                      To some degree, but the amount of privacy-improving extensions show that there is clearly a demand for more. And many of these extensions have existed for a long time, so there was a long time to be integrated. Of course Google Chrome will never add a built-in adblocker…

                                      I feel like this way of interacting with Firefox is exactly what this blog post is against: we are supercritical of Firefox, but cut Chrome a lot of slack

                                      This blog post itself has a hard time to figure out what the advantages of Firefox are at this point. And thinking about it I can’t come up with much either. It is not extensibility anymore, it is not performance, it is not standards compliance. This is about the same in Chrome these days. Maybe it would be time to concentrate on very specific things, like many fringe-browsers do and do massively better in this regard.

                                      1. 6

                                        Of course Google Chrome will never add a built-in adblocker…

                                        It has one https://www.blog.google/technology/ads/building-better-web-everyone/

                                        This blog post itself has a hard time to figure out what the advantages of Firefox are at this point.

                                        Firefox has a different user interface from chrome, it has a sync functionality that does not require a Google account, it has integrated tracking protection (to the point where some news pages see stock Firefox as an ad blocker!). It’s performance is pretty fast after Quantum, often faster than Chrome. It’s memory usage is usually getting lower nowadays. It has a vastly different UX (and IMHO better), especially around the address bar. Also, it’s not unusual that Chrome actually adopts Firefox UX patterns, but we still paint FF against the wall for being a Chrome-like.

                                        1. 1

                                          not unusual that Chrome actually adopts Firefox UX patterns

                                          I wonder if they’ll ever adopt the scrollable tab bar :)

                                        2. 2

                                          It is not extensibility anymore

                                          It is, still.

                                          Of course it’s not “any addon can mess up the whole UI” extensible anymore, but everyone in internet comments has latched onto the idea of “it’s exactly like Chrome now”, which is just not true. Firefox provides a lot more APIs for WebExtensions, constantly adding more and more. Just in the latest release: custom context menus for extension pages, among other things.

                                          1. 1

                                            Want a killer app? Good web videoconferencing. Make that beautiful in firefox and you get a massive chunk of the market.

                                  1. 6

                                    This feels like a poster child for the knock on effects of a sizable increase in complexity. I get why distros are switching to systemd, it offers some very real benefits, but exploits like this remind us that said benefits come with a price tag.

                                    1. 5

                                      This specifically doesn’t seem like a good argument about complexity. Even the simplest program can confuse signed and unsigned integers.

                                      1. 3

                                        But you are more likely to find it in a smaller program

                                        1. 1

                                          It’s a lot harder in languages that don’t let you transparently mix the two up. Rust, natch, but C# did it first.

                                      1. 8

                                        yet in many respects, it is the most modern database management system there is

                                        It’s not though. No disrespect to PostgreSQL, but it just isn’t. In the world of free and open source databases it’s quite advanced, but commercial databases blow it out of the water.

                                        PostgreSQL shines by providing high quality implementations of relatively modest features, not highly advanced state of the art database tech. And it really does have loads of useful features, the author has only touched on a small fraction of them. Almost all those features exist in some other system. But not necessarily one single neatly integrated system.

                                        PostgreSQL isn’t great because it’s the most advanced database, it’s great because if you don’t need anything state of the art or extremely specialized, you can just use PostgreSQL for everything and it’ll do a solid job.

                                        1. 13

                                          but commercial databases blow it out of the water

                                          Can you provide some specific examples?

                                          1. 16

                                            Oracle has RAC, which is a basic install step for any Oracle DBA. Most Postgres users can’t implement something similar, and those that can appreciate it’s a significant undertaking that will lock you into a specific workflow so get it right.

                                            Oracle and MS-SQL also have clustered indexes. Not what Postgres has, but where updates are clustered as well. Getting Pg to perform sensibly in this situation is so painful, it’s worth spending a few grand to simply not worry about it.

                                            Ever run Postgres on a machine with over 100 cores? It’s not much faster than 2 cores without a lot of planning and partitioning, and even then, it’s got nothing on Oracle and MS-SQL: Open checkbook and it’s faster might sound like a lose, but programmers and sysadmins cost money too! Having them research how to get your “free” database to perform like a proper database isn’t cost effective for a lot of people.

                                            How about big tables. Try to update just one column, and Postgres still copies the whole row. Madness. This turns something that’s got to be a 100GB of IO into 10s of TBs of IO. Restructuring this into separate partitions would’ve been the smart thing to do if you’d remembered to do it a few months ago, but this is a surprise coming from commercial databases which haven’t had this problem for twenty years. Seriously! And don’t even try to VACUUM anything.

                                            MS-SQL also has some really great tools. Visual Studio actually understands the database, and its role in development and release. You can point it at two tables and it can build ALTER statements for you and help script up migrations that you can package up. Your autocomplete can recognise what version you’re pointing at. And so on.

                                            …and so on, and so on…

                                            1. 3

                                              Thanks for the detailed response. Not everyone has money to throw at a “real” enterprise DB solution, but (having never worked with Oracle and having only administered small MSSQL setups) I did wonder what some of the specific benefits that make a DBA’s life easier were.

                                              Of course, lots of the open source tools used for web development and such these days seem to prefer Postgres (and sometimes MySQL), and developers like Postgres’ APIs. With postgres-compatible databases like EnterpriseDB and redshift out there, my guess is we’ll see a Postgres-compatible Oracle offering at some point.

                                              1. 7

                                                Not everyone has money to throw at a “real” enterprise DB solution

                                                I work for a commercial database company, so I expect I see a lot more company-databases than you and most other crustaceans: Most companies have a strong preference to rely on an expert who will give them a fixed cost (even if it’s “money”) to implement their database, instead of trying to hire and build a team to do it open-source. Because it’s cheaper. Usually a lot cheaper.

                                                Part of the reason why: An expert can give them an SLA and has PI insurance, and the solution generally includes all costs. Building a engineering+sysadmin team is a big unknown for every company, and they usually need some kind of business analyst too (often a contractor anyway; more £££) to get the right schemas figured out.

                                                Professional opinion: Business logic may actually be some of the least logical stuff in the world.

                                                lots of the open source tools used for web development and such these days seem to prefer Postgres

                                                This is true, and if you’re building an application, I’d say Postgres wins big. Optimising queries for dbmail’s postgres queries was hands down much easier than any other database (including commercial ones!).

                                                But databases are used for a lot more than just applications, and companies who use databases don’t always (or even often) build all (or even much) of the software that interacts with the database. This should not be surprising.

                                                With postgres-compatible databases like EnterpriseDB and redshift out there, my guess is we’ll see a Postgres-compatible Oracle offering at some point.

                                                I’m not sure I disagree, but I don’t think this is a good thing. EnterpriseDB isn’t Postgres. Neither is redshift. Queries that work fine in a local Pg installation run like shit in redshift, and queries that are built for EnterpriseDB won’t work at all if you ever try and leave. These kinds of “hybrid open source” offerings are an anathema, often sold below a sustainable price (and much less than what a proper expert would charge), leaving uncertainty in the SLA, and with none of the benefits of owning your own stack that doing it on plain postgres would give you. I just don’t see the point.

                                                1. 3

                                                  Professional opinion: Business logic may actually be some of the least logical stuff in the world.

                                                  No kidding. Nice summary also.

                                                  1. 0

                                                    Queries that work fine in a local Pg installation run like shit in redshift

                                                    Not necessarily true, when building your redshift schema you optimize for certain queries (like your old pg queries).

                                                2. 4

                                                  And yet the cost of putting your data into a proprietary database format is enough to make people find other solutions when limitations are reached.

                                                  Don’t forget great database conversion stories like WI Circuit Courts system or Yandex where the conversion to Postgres from proprietary databases saved millions of dollars and improved performance…

                                                  1. 2

                                                    Links to those stories?

                                                    1. 1

                                                      That Yandex can implement clickhouse doesn’t mean everyone else can (or should). How many $100k developers do they employ to save a few $10k database cores?

                                                      1. 2

                                                        ClickHouse has nothing to do with Postgres, it’s a custom column oriented database for analytics. Yandex Mail actually migrated to Postgres. Just Postgres.

                                                    2. 2

                                                      You’re right about RAC but over last couple of major releases Postgres has gotten alot better about using multiple cores and modifying big tables. Maybe not at the Oracle level yet bit its catching up quickly in my opinion.

                                                      1. 3

                                                        Not Oracle-related, but a friend of mine tried to replace a disk-based kdb+ with Postgres, and it was something like 1000x slower. This isn’t even a RAC situation, this is one kdb+ core, versus a 32-core server with Postgresql on it (no failover even!).

                                                        Postgres is getting better. It may even be closing the gap. But gosh, what a gap…

                                                        1. 1

                                                          Not to be that guy, but when tossing around claims of 1000x, please back that up with actual data/blogpost or something..

                                                          1. 6

                                                            You remember Mark’s benchmarks.

                                                            kdb doing 0.051sec what postgres was taking 152sec to complete.

                                                            1000x is nothing.

                                                            Nobody should be surprised by that. It just means you’re asking the computer to do the wrong thing.

                                                            Btw, starting a sentence with “not to be that guy” means you’re that guy. There’s a completely normal way to express curiosity in what my friend was doing (he’s also on lobsters), or to start a conversation about why it was so much easier to get right in kdb+. Both could be interesting, but I don’t owe you anything, and you owe me an apology.

                                                            1. 2

                                                              Thanks for sharing the source, that helps in understanding.

                                                              That’s a benchmark comparing a server grade setup vs essentially laptop grade hardware (quad-core i5), running the default configuration right out of the sample file from the Git repo, with a query that reads a single small column out of a very wide dataset without using an index. I don’t doubt these numbers, but they aren’t terribly exciting/relevant to compare.

                                                              Also, there was no disrespect intended, not being a native english speaker I may have come off clumsy though.

                                                              1. 1

                                                                kdb doing 0.051sec what postgres was taking 152sec to complete.

                                                                That benchmarks summary points to https://tech.marksblogg.com/billion-nyc-taxi-rides-postgresql.html which was testing first a pre-9.6 master and then a PG 9.5 with cstore_fdw. Seems to me that neither was fair and I’d like to do it myself, but I don’t have the resources.

                                                                1. 1

                                                                  If you think a substantially different disk layout of Pg, and/or substantially different queries would be more appropriate, I think I’d find that interesting.

                                                                  I wouldn’t like to see a tuning exercise including a post-query exercise looking for the best indexes to install for these queries though: The real world rarely has an opportunity to do that outside of applications (i.e. Enterprise).

                                                            2. 1

                                                              Isn’t kdb+ really good at stuff that postgres (and other RDBMS) is bad at? So not that surprising.

                                                              1. 1

                                                                Sort of? Kdb+ isn’t a big program, and most of what it does is the sort of thing you’d do in C anyway (if you liked writing databases in C): Got some tall skinny table? Try mmaping as much as possible. That’s basically what kdb does.

                                                                What was surprising was just how difficult it was to get that in Pg. I think we expected, with more cores and more disks it’d be fast enough? But this was pretty demoralising! I think the fantasy was that by switching the application to Postgres it’d be possible to get access to the Pg tooling (which is much bigger than kdb!), and we massively underestimated how expensive Pg is/can be.

                                                                1. 3

                                                                  Kdb+ isn’t a big program, and most of what it does is the sort of thing you’d do in C anyway (if you liked writing databases in C)

                                                                  Well, kdb+ is columnar, which is pretty different than how most people approach naive database implementation. That makes it very good for some things, but really rough for others. Notably, columnar storage is doesn’t deal with update statements very well at all (to the degree that some columnar DBs simply don’t allow them).

                                                                  Even on reads, though, I’ve definitely seen postgres beat it on a queries that work better on a row-based system.

                                                                  But, yes, if your primary use cases favor a columnar approach, kdb+ will outperform vanilla postgres (as will monetdb, clickhouse, and wrappers around parquet files).

                                                                  You can get the best of both worlds You can get decent chunks of both worlds by using either the cstore_fdw or imcs extensions to postgres.

                                                                  1. 1

                                                                    which is pretty different than how most people approach naive database implementation.

                                                                    I blame foolish CS professors emphasising linked lists and binary trees.

                                                                    If you simply count cycles, it’s exactly how you should approach database implementation.

                                                                    Notably, columnar storage is doesn’t deal with update statements very well at all (to the degree that some columnar DBs simply don’t allow them).

                                                                    So I haven’t done that kind of UPDATE in any production work, but I also don’t need it: Every customer always wants an audit trail which means my database builds are INSERT+some materialised view, so that’s exactly what kdb+ does. If you can build the view fast enough, you don’t need UPDATE.

                                                                    Even on reads, though, I’ve definitely seen postgres beat it on a queries that work better on a row-based system.

                                                                    If I have data that I need horizontal grabs from, I arrange it that way in memory. I don’t make my life harder by putting it on the disk in the wrong shape, and if I do run into an application like that, I don’t think gosh using postgres would really speed this part up.

                                                        2. 3

                                                          Spanner provides globally consistent transactions even across multiple data centers.

                                                          Disclosure: I work for Google. I am speaking only for myself in this matter and my views do not represent the views of Google. I have tried my best to make this description factually accurate. It’s a short description because doing that is hard. The disclosure is long because disclaimers are easier to write than useful information is. ;)

                                                          1. 2

                                                            @geocar covered most of what I wanted to say. I also have worked for a commercial database company, and same as @geocar I expect I have seen a lot more database use cases deployed at various companies.

                                                            The opinions stated here are my own, not those of my former or current company.

                                                            To put it bluntly, if you’re building a Rails app, PostgreSQL is a solid choice. But if you’ve just bought a petabyte of PCIe SSDs for your 2000 core rack of servers, you might want to buy a commercial database that’s a bit more heavy duty.

                                                            I worked at MemSQL, and nearly every deployment I worked with would have murdered PostgreSQL on performance requirements alone. Compared to PostgreSQL, MemSQL has more advanced query planning, query execution, replication, data storage, and so on and so forth. It has state of the art features like Pipelines. It has crucial-at-scale features like Workload Profiling. MemSQL’s competitors obviously have their own distinguishing features and qualities that make them worth money. @geocar mentioned some.

                                                            PostgreSQL works great at smaller scale. It has loads useful features for small scale application development. The original post talks about how Arcentry uses NOTIFY to great effect, facilitating their realtime collaboration functionality. This already tells us something about their scale: PostgreSQL uses a fairly heavyweight process-per-connection model, meaning they can’t have a huge number of concurrent connections participating in this notification layer. We can conclude Arcentry deployments using this strategy probably don’t have a massive number of concurrent users. Thus they probably don’t need a state of the art commercial database.

                                                            There are great counterexamples where specific applications need to scale in a very particular way, and some clever engineers made a free database work for them. One of my favorites is Expensify running 4 million queries per second on SQLite. SQLite can only perform nested loop joins using 1 index per table, making it a non-starter for applications that require any kind of sophisticated queries. But if you think about Expensify, its workload is mostly point look ups and simple joins on single indexes. Perfect for SQLite!

                                                            1. 1

                                                              But MemSQL is a distributed in-memory database? Aren’t you comparing apples and oranges?

                                                              I also highly recommend reading the post about Expensify usage of SQLite: it’s a great example of thinking out of the box.

                                                              1. 1

                                                                No. The author’s claims “Postgres might just be the most advanced database yet.” MemSQL is a database. If you think they’re apples and oranges different, might that be because MemSQL is substantially more advanced? And I used MemSQL as one example of a commercial database. For a more apples-to-apples comparison, I also think MSSQL more advanced than PostgreSQL, which geocar covered.

                                                                And MemSQL’s in-memory rowstore serves the same purpose as PostgreSQL’s native storage format. It stores rows. It’s persistent. It’s transactional. It’s indexed. It does all the same things PostgreSQL does.

                                                                And MemSQL isn’t only in-memory, it also has an advanced on-disk column store.

                                                        1. 81

                                                          I beg all my fellow crustaceans to please, please use Firefox. Not because you think it’s better, but because it needs our support. Technology only gets better with investment, and if we don’t invest in Firefox, we will lose the web to chrome.

                                                          1. 59

                                                            Not because you think it’s better

                                                            But that certainly helps too. It is a great browser.

                                                            • privacy stuff — the cookie container API for things like Facebook Container, built-in tracker blocker, various anti-fingerprinting things they’re backporting from the Tor Browser
                                                            • honestly just the UI and the visual design! I strongly dislike the latest Chrome redesign >_<
                                                            • nice devtools things — e.g. the CSS Grid inspector
                                                            • more WebExtension APIs (nice example: only on Firefox can Signed Pages actually prevent the page from even loading when the signature check fails)
                                                            • the fastest (IIRC) WASM engine (+ now in Nightly behind a pref: even better codegen backend based on Cranelift)
                                                            • ongoing but already usable Wayland implementation (directly in the official tree now, not as a fork)
                                                            • WebRender!!!
                                                            1. 7

                                                              On the other hand, WebSocket debugging (mostly frame inspection) is impossible in Firefox without an extension. I try not to install any extensions that I don’t absolutely need and Chrome has been treating me just fine in this regard[1].

                                                              Whether or not I agree with Google’s direction is now a moot point. I need Chrome to do what I do with extensions.

                                                              As soon as Firefox supports WebSocket debugging natively, I will be perfectly happy to switch.

                                                              [1] I mostly oppose extensions because of questionable maintenance cycles. I allow uBlock and aXe because they have large communities backing them.

                                                              1. 3

                                                                Axe (https://www.deque.com/axe/) seems amazing. I know it wasn’t the focus of your post – but I somehow missed this when debugging an accessibility issue just recently, I wish I had stumbled onto it. Thanks!

                                                                1. 1

                                                                  You’re welcome!

                                                                  At $work, we used aXe and NVDA to make our webcomponents AA compliant with WCAG. aXe was invaluable for things like contrast and missing role attributes.

                                                                2. 3

                                                                  WebSocket debugging (mostly frame inspection) is impossible in Firefox without an extension

                                                                  Is it possible with an extension? I can’t seem to find one.

                                                                  1. 1

                                                                    I have never needed to debug WebSockets and see no reason for that functionality to bloat the basic browser for everybody. Too many extensions might not be a good thing but if you need specific functionality, there’s no reason to hold back. If it really bothers you, run separate profiles for web development and browsing. I have somewhat more than two extensions and haven’t had any problems.

                                                                    1. 1

                                                                      I do understand your sentiment, but the only extension that I see these days is marked “Experimental”.

                                                                      On the other hand, I don’t see how it would “bloat” a browser very much. (Disclaimer: I have never written a browser or contributed to any. I am open to being proved wrong.) I have written a WebSockets library myself, and it’s not a complex protocol. It can’t be too expensive to update a UI element on every (websocket) frame.

                                                                  2. 5

                                                                    Yes! I don’t know about you, but I love the fact that Firefox uses so much less ram than chrome.

                                                                    1. 2

                                                                      This was one of the major reasons I stuck with FF for a long time. It is still a pronounced difference.

                                                                    2. 3

                                                                      honestly just the UI and the visual design! I strongly dislike the latest Chrome redesign >_<

                                                                      Yeah, what’s the deal with the latest version of Chrome? All those bubbly menus feel very mid-2000’s. Everything old is new again.

                                                                      1. 3

                                                                        I found a way to go back to the old ui from https://www.c0ffee.net/blog/openbsd-on-a-laptop/ (it was posted here a few weeks ago):

                                                                        Also, set the following in chrome://flags:

                                                                        • Smooth Scrolling: (personal preference)
                                                                        • UI Layout for the browser’s top chrome: set to “Normal” to get the classic Chromium look back
                                                                        • Identity consistency between browser and cookie jar: set to “Disabled” to keep Google from hijacking any Google > - login to sign you into Chrome
                                                                        • SafeSearch URLs reporting: disabled

                                                                        (emphasis mine)

                                                                      2. 1

                                                                        The Wayland implementation is not usable quite yet, though, but it is close. I tried it under Sway, but it was crashy.

                                                                        1. -3

                                                                          Not really. Not to mention Pocked integration and recent vpn advertisement. Ah, and they have removed RSS support.

                                                                          It’s just another product made by a for-profit corporation.

                                                                          I think web got over-complicated. There are none usable truly independent browsers and probably will never be. It’s a read-only “opensource”.

                                                                          1. 16

                                                                            It’s just another product made by a for-profit corporation.

                                                                            They (Mozilla) are actually a non-profit.

                                                                            1. 2

                                                                              There is also Mozilla corporation.

                                                                              1. 12

                                                                                …which is 100% owned by the Mozilla Foundation, and:

                                                                                The Mozilla Corporation reinvests all of its profits back into the Mozilla projects.

                                                                                Forming for-profit corporations is not uncommon for NGOs, because NGOs in many countries are severely legally limited in the amount of commercial activities they’re able to do.

                                                                                1. 3

                                                                                  Adding to that, funding FOSS software development is not considered 501(c)3-eligible in the US.

                                                                            2. 5

                                                                              I had the same impression with that over-complication of JS into ES6. CSS is also looking more like a programming language. HTTP/2 is now a binary protocol. So to have a modern web platform, you need to support all of these, and none are trivial anymore. On the other hand, I find it amazing to be able to do netwroking, audio, video, 3d and highly customizable user interfaces with (relatively) few efforts at a pretty good speed. As a platform for creativity and experimentation, it is without equivalent.

                                                                              1. 2

                                                                                without equivalent.

                                                                                Java applets - done right?

                                                                                1. 3

                                                                                  Or Flash/Shockwave done openly and right?

                                                                                  1. 4

                                                                                    Both Java applets and Flash were actually more like trojan horses. See how Flash ( very good scenegraph at the time) became Air (ie. a tentative to take over the Web like Java) and thankfully died because Apple killed it with the iPhone. The intention was to run programs within a walled garden, not to interoperate with the Web at large. At least that’s how I read it.

                                                                                    1. 4

                                                                                      Good point on long-term risk. Do note I said Flash/Shockwave the tech. That was made by Macromedia, not Adobe. Macromedia was a company whose pricey tech was kick-ass but no attempt to be open or interoperate past maybe Dreamweaver. Catchy name many lay people could spell, too.

                                                                                      I think Adobe acquiring them made me drop some F-bombs, sigh a bit, eye rolls, and so on. I knew there would be short-term improvements before the large company FUBARed its value over time. Apple’s position sealed its fate.

                                                                                      1. 2

                                                                                        Indeed, Macromedia had a much better stewardship than Adobe in this respect. What I find really ironic is that before the acquisition, Adobe was pushing SVG and SVG animations as an alternative to Flash, embracing and pushing the web standards. After the acquisition, everything stalled and it’s only with Apple creating the Canvas API and standardizing it through the newly created WHATWG that we started to catch up and be able to do so fast interactive graphics on the Web. What we lost, though, is one of the best tool to create vector animations with programmatic behaviour. One step ahead, two steps back some might say.

                                                                                    2. 3

                                                                                      I think the difference is that aplets and flash were supposed to extend the web experience, new technologies are replacing it. It’s convenient but dangerous as it promotes monoculture. I don’t know if there is a safe middle ground.

                                                                                      1. 5

                                                                                        There is a lot being lost with the death of Flash. It was amazingly lightweight when it started out. You can take that Homestar Runner e-mail and the original Flash, resize it to 4k, and it will still render correctly and sharply. You can’t do that when you export animation to YouTube at a set resolution. Not to mention all the games that were made in Flash that we’ll loose soon.

                                                                                        Adobe really butchered all the Macromedia stuff when they acquired that company. It’s pretty sad.

                                                                                2. 2

                                                                                  What does “removes RSS support” mean? Was it possible to use it as a feed reader before?

                                                                                  1. 3

                                                                                    Yeah, it was called “Live Bookmarks” and basically made your RSS feed subs show up in your bookmarks bar (or accessible from a page). It actually looked really neat, but I only found about it when/because they removed it.

                                                                                    1. 10

                                                                                      “Live Bookmarks” still exist, in Firefox 63.0.3 released on Nov 15th, 2018. I use them. Go to any RSS feed in FF and they will pop up. I use them for multiple Discourse forums.

                                                                                        1. 1

                                                                                          Ah, sad times, thanks for the link!

                                                                                    2. -1

                                                                                      Sure, using live bookmarks and integrated reader. But RSS collided with the their new commercial and closed product namely Pocket.

                                                                                      1. 4

                                                                                        That’s not completely fair. I’m not sure if anything has happened yet, but Mozilla does have plans to open-source Pocket:

                                                                                        As a result of this strategic acquisition, Pocket will become a wholly owned subsidiary of Mozilla Corporation and will become part of the Mozilla open source project.

                                                                                3. 16

                                                                                  I switched to Firefox last year, and I have to say I don’t miss Chrome in the slightest.

                                                                                  1. 13

                                                                                    And those with a little financial liberty, consider donating to Mozilla. They do a lot of important work free a free and open web.

                                                                                    1. 10

                                                                                      I recently came back to Firefox from Vivaldi. That’s another Chromium/Webkit based browser and it’s closed source to boot.

                                                                                      Firefox has improved greatly in speed as of late and I feel like we’re back in the era of the mid-2000s, asking people to chose Firefox over Chrome this time instead of IE.

                                                                                      1. 2

                                                                                        I’d love to switch from Vivaldi, but it’s simply not an option given the current (terrible) state of vertical tab support in Firefox.

                                                                                        1. 2

                                                                                          How is it terrible? The hiding of the regular tab bar is not an API yet and you have to use CSS for that, sure, but there are some very good tree style tab webextensions.

                                                                                          1. 2

                                                                                            The extensions are all terrible – but what’s more important is that I lost the belief that any kind of vertical tab functionality has any chance of long-term survival. Even if support was added now, it would be a constant battle to keep it and I’m frankly not interested in such fights anymore.

                                                                                            Mozilla is chasing their idealized “average user” and is determined to push everyone into their one-size-fits-all idea of user interface design – anyone not happy with that can screw off, if it was for Mozilla.

                                                                                            It’s 2018 – I don’t see why I even have to argue for vertical tabs and mouse gestures anymore. I just pick a browser vendor which hasn’t been asleep on the wheel for the last 5 years and ships with these features out of the box.

                                                                                            And if the web in the future ends up as some proprietary API defined by whatever Google Chrome implements, because Firefox went down, Mozilla has only itself to blame.

                                                                                            1. 2

                                                                                              The extensions are all terrible – but what’s more important is that I lost the belief that any kind of vertical tab functionality has any chance of long-term survival. Even if support was added now, it would be a constant battle to keep it and I’m frankly not interested in such fights anymore. The whole point of moving to WebExtensions was long term support. They couldn’t make significant changes without breaking a lot of the old extensions. The whole point was to unhook extensions from the internals so they can refactor around them and keep supporting them.

                                                                                              1. 0

                                                                                                That’s like a car manufacturer removing all electronics from a car – sure it makes the car easier to support … but now the car doesn’t even turn on anymore!

                                                                                                Considering that cars are usually used for transportation, not for having them sit in the garage, you shouldn’t be surprised that customers buy other cars in the future.

                                                                                                (And no, blaming “car enthusiasts” for having unrealistic expectations, like it happens in the case of browser users, doesn’t cut it.)

                                                                                                1. 3

                                                                                                  So you’d rather they didn’t improve it at all? Or would you rather they broke most extensions every release?

                                                                                                  1. 3

                                                                                                    I’m not @soc, but I wish Firefox had delayed their disabling of old-style extensions in Firefox 57 until they had replicated more of the old functionality with the WebExtensions API – mainly functionality related to interface customization, tabs, and sessions.

                                                                                                    Yes, during the time of that delay, old-style extensions would continue to break with each release, but the maintainers of Tree Style Tabs and other powerful extensions had already been keeping up with each release by releasing fixed versions. They probably could have continued updating their extensions until WebExtensions supported their required functionality. And some users might prefer to run slightly-buggy older extensions for a bit instead of switching to the feature-lacking new extensions straight away – they should have that choice.

                                                                                                    1. 1

                                                                                                      What’s the improvement? The new API was so bad that they literally had to pull the plug on the existing API to force extension authors to migrate. That just doesn’t happen in cases where the API is “good”, developers are usually eager to adopt them and migrate their code.

                                                                                                      Let’s not accuse people you disagree with that they are “against improvements” – it’s just that the improvements have to actually exist, and in this case the API clearly wasn’t ready. This whole fiasco feels like another instance of CADT-driven development and the failure of management to reign in on it.

                                                                                                      1. 3

                                                                                                        The old extension API provided direct access to the JavaScript context of both the chrome and the tab within a single thread, so installing an XUL extension was disabling multiprocess mode. Multiprocess mode seems like an improvement; in old Firefox, a misbehaving piece of JavaScript would lock up the browser for about a second before eventually popping up a dialog offering to kill it, whereas in a multiprocess browser, it should be possible to switch and close tabs no matter what the web page inside does. The fact that nobody notices when it works correctly seems to make it the opposite of Attention-Deficient-Driven-Design; it’s the “focus on quality of implementation, even at the expense of features” design that we should be encouraging.

                                                                                                        The logical alternative to “WebExtension For The Future(tm)” would’ve been to just expose all of the relevant threads of execution directly to the XUL extensions. run-this-in-the-chome.xul and run-this-in-every-tab.xul and message pass between them. But at that point, we’re talking about having three different extension APIs in Firefox.

                                                                                                        Which isn’t to say that I think you’re against improvement. I am saying that you’re thinking too much like a developer, and not enough like the poor sod who has to do QA and Support triage.

                                                                                                        1. 2

                                                                                                          Improving the actual core of Firefox. They’re basically ripping out and replacing large components every other release. This would break large amount of plugins constantly. Hell, plugins wouldn’t even work in Nightly. I do agree with @roryokane that they should have tried to improve it before cutting support. The new API is definitely missing many things but it was the right decision to make for the long term stability of Firefox.

                                                                                                          1. 1

                                                                                                            They could have made the decision to ax the old API after extension authors adopted it. That adoption failed so hard that they had to force developers to use the new API speaks for itself.

                                                                                                            I’d rather have extension that I have to fix from time to time, than no working extensions at all.

                                                                                                  2. 1

                                                                                                    Why should Mozilla care that much about your niche use case? They already have a ton of stuff to deal with and barely enough funding.

                                                                                                    It’s open source, make your own VerticalTabFox fork :)

                                                                                                    1. 3

                                                                                                      Eh … WAT? Mozilla went the extra mile with their recent extension API changes to make things – that worked before – impossible to implement with a recent Firefox version. The current state of tab extensions is this terrible, because Mozilla explicitly made it this way.

                                                                                                      I used Firefox for more than 15 years – the only thing I wanted was to be left alone.

                                                                                                      It’s open source, make your own VerticalTabFox fork :)

                                                                                                      Feel free to read my comment above to understand why that doesn’t cut it.

                                                                                                      Also, Stuff that works >> open source. Sincerely, a happy Vivaldi user.

                                                                                                      1. 2

                                                                                                        It’s one of the laws of the internet at this point: Every thread about Firefox is always bound to attract someone complaining about WebExtensions not supporting their pet feature that was possible with the awful and insecure old extension system.

                                                                                                        If you’re care about “non terrible” (whatever that means — Tree Style Tab looks perfect to me) vertical tabs more than anything — sure, use a browser that has them.

                                                                                                        But you seem really convinced that Firefox could “go down” because of not supporting these relatively obscure power user features well?? The “average user” they’re “chasing” is not “idealized”. The actual vast majority of people do not choose browsers based on vertical tabs and mouse gestures. 50% of Firefox users do not have a single extension installed, according to telemetry. The majority of the other 50% probably only have an ad blocker.

                                                                                                        1. 3

                                                                                                          If you’re care about “non terrible” (whatever that means — Tree Style Tab looks perfect to me) vertical tabs more than anything — sure, use a browser that has them.

                                                                                                          If you compare the current state of the art of vertical tabs extensions, even Mozilla thinks they suck – just compare them to their own Tab Center experiment: https://testpilot.firefox.com/static/images/experiments/tab-center/details/tab-center-1.1957e169.jpg

                                                                                                          Picking just one example: Having the navigation bar at a higher level of the visual hierarchy is just wrong – the tab panel isn’t owned by the navigation bar, the navigation bar belongs to a specific tab! Needless to say, all of the vertical tab extensions are forced to be wrong, because they lack the API do implement the UI correctly.

                                                                                                          This is how my browser currently looks like, for comparison: https://i.imgur.com/5dTX8Do.png

                                                                                                          But you seem really convinced that Firefox could “go down” because of not supporting these relatively obscure power user features well?? The “average user” they’re “chasing” is not “idealized”. The actual vast majority of people do not choose browsers based on vertical tabs and mouse gestures. 50% of Firefox users do not have a single extension installed, according to telemetry. The majority of the other 50% probably only have an ad blocker.

                                                                                                          You can only go so far alienating the most loyal users that use Firefox for specific purposes until the stop installing/recommending it to their less technically-inclined friends and relatives.

                                                                                                          Mozilla is so busy chasing after Chrome that it doesn’t even realize that most Chrome users will never switch. They use Chrome because “the internet” (www.google.com) told them so. As long as Mozilla can’t make Google recommend Firefox on their frontpage, this will not change.

                                                                                                          Discarding their most loyal users while trying to get people to adopt Firefox who simply aren’t interested – this is a recipe for disaster.

                                                                                                      2. 1

                                                                                                        and barely enough funding

                                                                                                        Last I checked they pulled in half a billion in revenue (2016). Do you believe this is barely enough?

                                                                                                        1. 2

                                                                                                          For hundreds of millions users?

                                                                                                          Yeah.

                                                                                                    2. 1

                                                                                                      At least with multi-row tabs in CSS you can’t dragndrop tabs. That’s about as bad as it gets.

                                                                                                    3. 2

                                                                                                      Are vertical tabs so essential?

                                                                                                      1. 3

                                                                                                        Considering the change in screen ratios over the past ten years (displays get shorter and wider), yes, it absolutely is.

                                                                                                        With vertical tabs I can get almost 30 full-width tabs on screen, with horizontal tabs I can start fishing for the right tab after about 15, as the tab width gets increasingly smaller.

                                                                                                        Additionally, vertical tabs reduce the way of travel substantially when selecting a different tab.

                                                                                                        1. 1

                                                                                                          I still miss them, didn’t cripple me, but really hurt. The other thing about Tree (not just vertical) tabs that FF used to have was that the subtree was contextual to the parent tree. So, when you opened a link in a background tab, it was opened in a new tab that was a child of your current tab. For doing like documentation hunting / research it was amazing and I still haven’t found its peer.

                                                                                                      2. 1

                                                                                                        It’s at least partially open source. They provide tarballs.

                                                                                                        1. 4

                                                                                                          https://help.vivaldi.com/article/is-vivaldi-open-source/

                                                                                                          The chromium part is legally required to be open, the rest of their code is like readable source, don’t get me wrong that’s way better than unreadable source but it’s also very wut.

                                                                                                          1. 2

                                                                                                            Very wut. It’s a weird uneasy mix.

                                                                                                            1. 1

                                                                                                              that’s way better than unreadable source but it’s also very wut.

                                                                                                              I wouldn’t be sure of that. It makes it auditable, but has legal ramifications should you want to build something like vivaldi, but free.

                                                                                                        2. 8

                                                                                                          firefox does not get better with investment, it gets worse.

                                                                                                          the real solution is to use netsurf or dillo or mothra, so that webmasters have to come to us and write websites that work with browsers that are simple enough to be independently maintained.

                                                                                                          1. 9

                                                                                                            Good luck getting more than 1‰ adoption 😉

                                                                                                            1. 5

                                                                                                              good luck achieving independence from Google by using a browser funded by Google

                                                                                                              1. 1

                                                                                                                I can achieve independence from Google without using netsurf, dillo, or mothra; to be quite honest, those will never catch on.

                                                                                                                1. 2

                                                                                                                  can you achieve independence from google in a way that will catch on?

                                                                                                                  1. 1

                                                                                                                    I don’t think we’ll ever get the majority of browser share back into the hands of a (relatively) sane organization like Mozilla—but we can at least get enough people to make supporting alternative browsers a priority. On the other hand, the chances that web devs will ever feel pressured to support the browsers you mentioned, is close to nil. (No pun intended.)

                                                                                                                    1. 0

                                                                                                                      what is the value of having an alternative, if that alternative is funded by google and sends data to google by default?

                                                                                                                      1. 1

                                                                                                                        what is the value of having an alternative

                                                                                                                        What would you like me to say, that Firefox’s existence is worthless? This is an absurd thing to insinuate.

                                                                                                                        funded by google

                                                                                                                        No. I’m not sure whether you’re speaking in hyperbole, misunderstood what I was saying, and/or altogether skipped reading what I wrote. But this is just not correct. If Google really had Mozilla by the balls as you suggest, they would coerce them to stop adding privacy features to their browser that, e.g., block Google Analytics on all sites.

                                                                                                                        sends data to google by default

                                                                                                                        Yes, though it seems they’ve been as careful as one could be about this. Also to be fair, if you’re browsing with DNT off, you’re likely to get tracked by Google at some point anyway. But the fact that extensions can’t block this does have me worried.

                                                                                                                        1. 1

                                                                                                                          i’m sorry if i misread something you wrote. i’m just curious what benefit you expect to gain if more people start using firefox. if everyone switched to firefox, google could simply tighten their control over mozilla (continuing the trend of the past 10 years), and they would still have control over how people access the web.

                                                                                                                          1. 1

                                                                                                                            It seems you’re using “control” in a very abstract sense, and I’m having trouble following. Maybe I’m just missing some context, but what concrete actions have Google taken over the past decade to control the whole of Mozilla?

                                                                                                                            1. 1

                                                                                                                              Google has pushed through complex standards such as HTTP/2 and new rendering behaviors, which Mozilla implements in order to not “fall behind.” They are able implement and maintain such complexity due to funding they receive from Google, including their deal to make Google the default search engine in Firefox (as I said earlier, I couldn’t find any breakdown of what % of Mozilla’s funding comes from Google).

                                                                                                                              For evidence of the influence this funding has, compare the existence of Mozilla’s Facebook Container to the non-existence of a Google Container.

                                                                                                                              1. 1

                                                                                                                                what % of Mozilla’s funding comes from Google

                                                                                                                                No word on the exact breakdown. Visit their 2017 report and scroll all the way to the bottom, and you’ll get a couple of helpful links. One of them is to a wiki page that describes exactly what each search engine gets in return for their investment.

                                                                                                                                I would also like to know the exact breakdown, but I’d expect all those companies would get a little testy if the exact amount were disclosed. And anyway, we know what the lump sum is (around half a billion), and we can assume that most of it comes from Google.

                                                                                                                                the non-existence of a Google Container

                                                                                                                                They certainly haven’t made one themselves, but there’s nothing stopping others from forking one off! And anyway, I think it’s more so fear on Mozilla’s part than any concrete warning from Google against doing so.

                                                                                                                                Perhaps this is naïveté on my part, but I really do think Google just want their search engine to be the default for Firefox. In any case, if they really wanted to exert their dominance over the browser field, they could always just… you know… stop funding Mozilla. Remember: Google is in the “web market” first & the “software market” second. Having browser dominance is just one of many means to the same end. I believe their continued funding of Mozilla attests to that.

                                                                                                                                1. 2

                                                                                                                                  It doesn’t have to be a direct threat from Google to make a difference. Direct threats are a very narrow way in which power operates and there’s no reason that should be the only type of control we care about.

                                                                                                                                  Yes Google’s goal of dominating the browser market is secondary to their goal of dominating the web. Then we agree that Google’s funding of Firefox is in keeping with their long-term goal of web dominance.

                                                                                                                                  if they really wanted to exert their dominance over the browser field, they could always just… you know… stop funding Mozilla.

                                                                                                                                  Likewise, if Firefox was a threat to their primary goal of web dominance, they could stop funding Mozilla. So doesn’t it stand to reason that using Firefox is not an effective way to resist Google’s web dominance? At least Google doesn’t think so.

                                                                                                                                  1. 1

                                                                                                                                    Likewise, if Firefox was a threat to their primary goal of web dominance, they could stop funding Mozilla. So doesn’t it stand to reason that using Firefox is not an effective way to resist Google’s web dominance?

                                                                                                                                    You make some good points, but you’re ultimately using the language of a “black or white” argument here. In my view, if Google were to stop funding Mozilla they would still have other sponsors. And that’s not to mention the huge wave this would make in the press—even if most people don’t use Firefox, they’re at least aware of it. In a strange sense, Google cannot afford to stop funding Mozilla. If they do, they lose their influence over the Firefox project and get huge backlash.

                                                                                                                                    I think this is something the Mozilla organization were well aware of when they made the decision to accept search engines as a funding source. They made themselves the center of attention, something to be competed over. And in so doing, they ensured their longevity, even as Google’s influence continued to grow.

                                                                                                                                    Of course this has negative side effects, such as companies like Google having influence over them. But in this day & age, the game is no longer to be free of influence from Google; that’s Round 2. Round 1 is to achieve enough usage to exert influence on what technologies are actually adopted. In that sense, Mozilla is at the discussion table, while netsurf, dillo, and mothra (as much as I’d love to love them) are not and likely never will be.

                                                                                                              2. 3

                                                                                                                Just switch to Gopher.

                                                                                                                1. 5

                                                                                                                  Just switch to Gopher

                                                                                                                  I know you were joking, but I do feel like there is something to be said for the simplicity of systems like gopher. The web is so complicated nowadays that building a fully functional web browser requires software engineering on a grand scale.

                                                                                                                  1. 3

                                                                                                                    yeah. i miss when the web was simpler.

                                                                                                                    1. 1

                                                                                                                      I was partially joking. I know there are new ActivityPub tools like Pleroma that support Gopher and I’ve though about adding support to generate/server gopher content for my own blog. I realize it’s still kinda a joke within the community, but you’re right about there being something simple about just having content without all the noise.

                                                                                                                2. 1

                                                                                                                  Unless more than (rounded) 0% of people use it for Facebook, it won’t make a large enough blip for people to care. Also this is how IE was dominant, because so much only worked for them.

                                                                                                                  1. 1

                                                                                                                    yes, it would require masses of people. and yes it won’t happen, which is why the web is lost.

                                                                                                                3. 2

                                                                                                                  I’ve relatively recently switched to FF, but still use Chrome for web dev. The dev tools still seem quite more advanced and the browser is much less likely to lock up completely if I have a JS issue that’s chewing CPU.

                                                                                                                  1. 2

                                                                                                                    I tried to use Firefox on my desktop. It was okay, not any better or worse than Chrome for casual browsing apart from private browsing Not Working The Way It Should relative to Chrome (certain cookies didn’t work across tabs in the same Firefox private window). I’d actually want to use Firefox if this was my entire Firefox experience.

                                                                                                                    I tried to use Firefox on my laptop. Site icons from bookmarks don’t sync for whatever reason (I looked up the ticket and it seems to be a policy problem where the perfect is the enemy of the kinda good enough), but it’s just a minor annoyance. The laptop is also pretty old and for that or whatever reason has hardware accelerated video decoding blacklisted in Firefox with no way to turn it back on (it used to work a few years ago with Firefox until it didn’t), so I can’t even play 720p YouTube videos at an acceptable framerate and noise level.

                                                                                                                    I tried to use Firefox on my Android phone. Bookmarks were completely useless with no way to organize them. I couldn’t even organize on a desktop Firefox and sync them over to the phone since they just came out in some random order with no way to sort them alphabetically. There was also something buggy with the history where clearing history didn’t quite clear history (pages didn’t show up in history, but links remained colored as visited if I opened the page again) unless I also exited the app, but I don’t remember the details exactly. At least I could use UBO.

                                                                                                                    This was all within the last month. I used to use Firefox before I used Chrome, but Chrome just works right now.

                                                                                                                    1. 6

                                                                                                                      I definitely understand that Chrome works better for many users and you gave some good examples of where firefox fails. My point was that people need to use and support firefox despite it being worse than chrome in many ways. I’m asking people to make sacrifices by taking a principled position. I also recognize most users might not do that, but certainly, tech people might!? But maybe I’m wrong here, maybe the new kids don’t care about an open internet.

                                                                                                                  1. 3

                                                                                                                    to keep up, you need to transpile your code from the latest version to whatever

                                                                                                                    No you don’t! You only need to transpile your code if you care about old browsers. If you’re a Mainstream Commercial Website, you do need that of course. For personal projects, please feel free to say “screw it” and ship stuff like async/await and ES Modules directly to browsers with no build step!!

                                                                                                                    all these widgets are only framework-specific

                                                                                                                    That’s why everyone should use Web Components. With Custom Elements, HTML (and JS properties) is the interface, the DOM is the framework, everyone is happy.

                                                                                                                    1. 3

                                                                                                                      Last time I checked, “Web Components” is basically an abandoned project.

                                                                                                                        1. 0

                                                                                                                          That… really isn’t the point.

                                                                                                                          It’s too little, too late. If I remember correctly, the point of this is essentially DOM diffing, which is made obsolete by ReactJS and Elm before it.

                                                                                                                          And… Really? It landed recently? I thought spec was written about six years ago? What has taken them so long? I certainly wouldn’t bank my company on this.

                                                                                                                          And in any case, I don’t agree that “everyone should use Web Components”, in keeping with the spirit of the parent article.

                                                                                                                          1. 4

                                                                                                                            No, this has nothing to do with DOM diffing!

                                                                                                                            Custom Elements, as the name suggests, allows you to use real DOM elements as components. This is directly anti-“widgets that can only be used inside $framework” – a custom element is a real element, you can just write <my-thing> directly in HTML, you can createElement('my-thing'), etc.

                                                                                                                            Shadow DOM provides encapsulation for elements: it isolates the element from global CSS (except Custom Properties i.e. variables – these can be used for providing a “style API” for your element).

                                                                                                                            (You can do diffing in your rendering library, you can do whatever you want, the component model doesn’t dictate any particular way of rendering content. But the Cool™ thing now is lit-html which does precise updates without diffing.)

                                                                                                                            What has taken them so long?

                                                                                                                            It’s not easy to make proper specs that make the existing DOM extensible. Everyone has to agree on things. Corner cases should be handled.

                                                                                                                            Designing a proper native component model takes a lot more effort than making yet another isolated framework! The specs were rewritten from v0 to v1 because no one gets everything right on the first try.

                                                                                                                            And the Firefox implementation took a long time because of limited resources.

                                                                                                                            1. 4

                                                                                                                              Elm and React will use these standards behind the scenes as they get implemented. Simple reason, they’ll be more performant. I don’t understand why you would view this as mutually exclusive. As to why it takes so long, have you ever tried to get two people to work together? Now imagine two corporations.

                                                                                                                      1. 13

                                                                                                                        I think it’s disingenuous to equate “browsers in the Chrome/WebKit family” with “browsers that are subject to Google’s whims.” (I’m looking specifically at the bar chart where you’ve highlighted the Chrome/WebKit browsers in red.) Blink is a fork of WebKit; Google can do whatever they please with their version but that doesn’t mean that Apple has to (or necessarily can) integrate any of Google’s changes into upstream WebKit. It’s fine to point out that X% of user agents in use today share some part of their rendering-engine code, but that doesn’t imply that Google pulls the strings for all X% of those users.

                                                                                                                        And while I am mostly an Apple fan, I definitely don’t want to be in the position where we’re relying on Apple, of all people, to keep the open web afloat. But what is the solution? Like you say, it’s a lot of work to write a browser engine, and to some extent I think it’s a waste of effort for many companies to create their own. Is it possible to build on top of the existing FOSS engines in a way that consolidates effort as much as possible while still retaining the possibility of meaningful differences between the variants? Maybe a model a bit like the Linux kernel, where (1) people maintain very-long-running forks/branches that they keep up to date with upstream, and from which they occasionally contribute fixes, and (2) lots of people build on top of it to create distributions which tend to be broadly compatible with each other.

                                                                                                                        1. 7

                                                                                                                          I was going to make a similar comment. WebKit forked into WebKit and Blink. So we will still have three main competitors, Gecko, WebKit, and Blink.

                                                                                                                          I think, because all three of those are open source, and could be forked, that we will be doing just fine, even without proprietary, closed source Edge.

                                                                                                                          1. 2

                                                                                                                            I agree both with you and @Teckla below. I am not equating Apple WebKit with being under Google whims, still, WebKit as implemented by Apple is being used less and less outside or Apple own silo, most vendors, both large and tiny, preferring to go with a chromium + branded shell. Thats why in the chart, I mention Blink/WebKit family, I was just trying to highlight that those are all branches of the same tree even though different entities are controlling each branch, technically they are still somewhat closer to one another.

                                                                                                                            1. 3

                                                                                                                              Is it much easier to embed Chromium than WebKit or Servo? Maybe this should be an area of focus for Mozilla, if they’re interested in increasing their share of “browser engines embedded in things.” (I’m assuming that Apple has no interest in doing such a thing for WebKit.)

                                                                                                                              1. 4

                                                                                                                                WebKit: I don’t think it provides an embedding unified across platforms, but e.g. WebKitGTK is very nicely embeddable in GTK applications.

                                                                                                                                Servo: built to be embeddable, there are very good experiments already, but Servo itself is an experiment, not a production grade ready to use engine.

                                                                                                                                Gecko: completely abandoned the embeddability a long time ago (R.I.P. Camino), was too expensive to maintain & little benefit to Firefox. Now they’re re-doing some sort of embedding on Android though!

                                                                                                                                1. 3

                                                                                                                                  I think Mozilla should do something like Electron and Chromebook. Do it better, too, in a way that wins bzck some market share.

                                                                                                                                  1. 4

                                                                                                                                    To be brutally honest, I wouldn’t have high expectations for a Mozilla version of Electron. The biggest knock against Electron is that it’s difficult or impossible to make native-feeling apps with it, but the 16-year-old Firefox evinces the same kinds of problems—its text entry fields on Macs are non-native in ways that still make me trip over my keys multiple times a week. (On the other hand, if Mozilla is moving away from XUL then maybe an Electron replacement would be a good testbed for the new thing.)

                                                                                                                                    It’s worth keeping in mind, too, that one of the reasons Chromebooks have been so successful is that the hardware/OS vendor also has a best-in-class web-based office suite. Would the users of a Mozilla Chromebook also end up using Google Docs, thus defeating the purpose of making a non-Google thing? Or is there a compelling alternative I’m forgetting?

                                                                                                                                    (Sorry this comment ended up being so pessimistic! I support Mozilla’s mission, and I use Firefox as my daily driver, but sometimes I’m not a big fan of how they allocate their time.)

                                                                                                                                    1. 3

                                                                                                                                      I appreciate the honesty. Yeah, that situation sucks in a lot of ways. Great point about Google Office. Didnt think about it. That woud still be fine if FireBooks took off given Mozilla’s revenue is mostly search-based.

                                                                                                                                      1. 3

                                                                                                                                        I feel like no one outside of education uses Chromebooks (from my view as a student in the United States). The reason they’re used is because…

                                                                                                                                        • Google provides business accounts with unlimited storage/fast access speeds to all Primary/Secondary schools for free.
                                                                                                                                        • Chromebooks are cheap.
                                                                                                                                        • Chromebooks have good battery life (last whole school day).
                                                                                                                                        • Many Chromebooks are sturdy and can take abuse.
                                                                                                                                        • Google’s tools for locking down, monitoring, etc. Chromebooks are powerful.
                                                                                                                                        • They update automatically and near-instantly, so for normal users they “just work”. (Compared to Windows or MacOS where updates take forever, and you might need to reimage occasionally for whatever reason.)

                                                                                                                                        Also, now that everyone is used to Google, there is a very close to 0% chance that they will ever want to switch away even if a “more user-friendly” or “better” version is to surface.

                                                                                                                                        1. 2

                                                                                                                                          Is native look still a thing? None of the websites are “native” when it comes to the user interface yet the usage of webapps explode in popularity. On Windows platform I’m not even sure what “native” means anymore, since MS itself uses at least two different UI toolkits (Visual Studio, Office and Win10 Control Panel all look completely different, like it’s done by different companies). Also huge apps like Photoshop use their own UI concepts.

                                                                                                                                          1. 1

                                                                                                                                            It’s true that you can skin form controls with CSS now, but I would still expect a text box to behave like a native Mac text box when I’m using a Mac. (System-wide UI consistency has always been more of a priority for Apple and Mac developers than for Microsoft and Windows developers, I think.)

                                                                                                                                      2. 1

                                                                                                                                        Chromium has CEF (Chromium Embedded Framework) and is pretty much the best (only?) option to embed a fully functional browser engine to an app. It’s typically behind Chromium as far as versions go, but it contains everyhing from the V8 engine, to blink, etc. Pretty solid IMO.

                                                                                                                                        1. 1

                                                                                                                                          I totally agree with you here.

                                                                                                                                    1. 3

                                                                                                                                      I see absolutely no reason why anything except cryptocurrency needs “blockchain”. And I’m the kind of guy with a bitcoin sticker on his laptop.

                                                                                                                                      1. 5

                                                                                                                                        I think DNS alias NameCoin is a good idea. Adoption is an unsolved problem though.

                                                                                                                                        1. 7

                                                                                                                                          Namecoin is a cryptocurrency. (coin is right in the name!) Yes, it’s neat that you can attach name registration to cryptocurrency, but you still have A Cryptocurrency and everything associated with that (51% attacks, PoW power waste or unproven experimental PoS schemes, etc.)

                                                                                                                                          1. 2

                                                                                                                                            Namecoin is the quintessential cool idea with no usage. Its main use case seems to be academic papers.

                                                                                                                                            1. 2

                                                                                                                                              NIST has this flowchart about blockchain use, which contains the question “Are the entities with write access having a hard time deciding who should be in control of the data store?”

                                                                                                                                              I’m not in the DNS business but it seems that the current system of centralized control is good enough for all involved parties. There is probably some conflict about that, but not in public.

                                                                                                                                        1. 5

                                                                                                                                          In the following Gif I recorded myself cold booting the emulator and running the default Flutter app. I took me a whopping 2 minutes and 40 seconds. Just image how much productive things could have happened during that time. What if I told you, you could be up and running in less than 10 seconds?

                                                                                                                                          Close, but no cigar. While the author correctly realizes that software requiring over two minutes to start is unacceptable, he then makes the mistake of believing a mere ten seconds is acceptable. It’s not and there’s no excuse a multi-gigahertz machine should need more than even half a second for something so trivial. You can make the argument for diminishing returns and all of that, but at least get it under a second.

                                                                                                                                          Last but not least: RAM. This is a pretty big deal for people working on notebooks and/or somewhat less beefy machines. The Android emulator eats up roughly 1GB of RAM. Now, imagine running two of those (testing a chat application or similar), IntelliJ, and the ever-RAM-hungry Chrome. That’s pretty heavy. Because the embedder is running natively, there is no need for Android. Which makes it much smaller. 100 MB of Ram for the native app

                                                                                                                                          That’s not at all impressive. Just what is possibly being done with all of those tens of megabytes? The author doesn’t mention what, so it seems fair to argue he doesn’t even know.

                                                                                                                                          In sum, this is nice to read for a laugh. It’s a competitor for Electron, sure, but that’s nothing worthwhile and it’s disconcerting to see something such as this being touted as lightweight and efficient.

                                                                                                                                          Lastly, as is evidenced in just the text I quoted, this article is rife with very trivial spelling errors and there’s no excuse for that, either.

                                                                                                                                          1. 7

                                                                                                                                            “and it’s disconcerting to see something such as this being touted as lightweight and efficient.”

                                                                                                                                            Where does it say that? It has a comparison to the the Android emulator and concludes that it is much smaller. It is. By a factor of 10x.

                                                                                                                                            What is more, this seems to be some sort of debugging binary with “hot-reloading and debugging capabilities”. That means that you do not need to wait 10s after a code change.

                                                                                                                                            I do not know but I imagine that the final binary would use significantly less RAM.

                                                                                                                                            “It’s not and there’s no excuse a multi-gigahertz machine should need more than even half a second for something so trivial.”

                                                                                                                                            Well, then make it fast. Complaining is easy and I think your tone is unnecessarily harsh.

                                                                                                                                            1. 3

                                                                                                                                              What is more, this seems to be some sort of debugging binary

                                                                                                                                              Also the “10 seconds” figure is counted from the “run” button in the IDE, so it includes some of the app build (with warm cache, i.e. just checking that source code didn’t change)

                                                                                                                                          1. 6

                                                                                                                                            Any Wayland compositor with libinput (all of them) and pointer gesture protocol support (GNOME Shell certainly, KWin probably, this patch for Weston, idk about wlroots stuff) is already much much closer to the macOS experience.

                                                                                                                                            I mean, instead of hacks that press keys like

                                                                                                                                            Pinch scaling down (move 2 fingers closer): trigger ctrl and - combination, which is zoom out in browsers and reduce font size in some apps

                                                                                                                                            I have rotation and actual smooth pinch-zoom working in GTK apps (Evince, eog..) with both my Thinkpad’s trackpad and the Apple Magic Trackpad on the desktop. No special config files, no arcane utilities :)

                                                                                                                                              1. 3

                                                                                                                                                ARM has Jazelle for this purpose too, although I don’t think it’s very popular.

                                                                                                                                                1. 1

                                                                                                                                                  There’s also Java processors like aJile and JOP. JOP’s comparison page lists more. I’m not sure how often they’re used. I can see the benefits of some, though.

                                                                                                                                                2. 1

                                                                                                                                                  Yeah, but I am pretty sure that it is dead because sitting to regular arm code was faster.

                                                                                                                                                1. 6

                                                                                                                                                  If you load the coretemp(4) kernel module with kldload(8) command you will get additional temperature information.

                                                                                                                                                  note: amdtemp on AMD CPUs

                                                                                                                                                  The biggest enemies of supend/resume mechanism are bugs in your BIOS/UEFI firmware for your hardware. Sometimes disabling Bluetooth helps – that is the option for ThinkPad T420s for example

                                                                                                                                                  On the X240 it was disabling the TPM!

                                                                                                                                                  powermon(8)

                                                                                                                                                  Huh. Looks much nicer than the overly detailed Intel pcm.x! Neat.

                                                                                                                                                  1. 3

                                                                                                                                                    Thank You for comment, I will write an update with amdtemp(4) and TPM for suspend/resume.

                                                                                                                                                  1. 6

                                                                                                                                                    This is big for the ARM ecosystem. Finally, The Big Player offers ARMv8 on public cloud! “Everything will be x86 only forever” pessimists can suck it, Arm is important enough for Supreme Cloud Overlord Bezos :D

                                                                                                                                                    I’ll see if I can boot FreeBSD on this. However…

                                                                                                                                                    instances are optimized for performance and cost

                                                                                                                                                    a1.medium vCPUs: 1 [Cortex-A72] RAM: 2 GiB Price: $0.0255/hr (~$18.36/mo)

                                                                                                                                                    WHAT?! Has anyone at AWS ever typed “scaleway dot com slash pricing” into their browser?

                                                                                                                                                    ARM64-2GB Cores: 4 [ThunderX] RAM: 2 GB Price: €2.99/mo (€0.006/hr)

                                                                                                                                                    Now, sure, AWS is a big reliable provider while Scaleway is nearly out of stock on these and has some odd quirks (like storage). But 1/4 the cores for 5x the price???

                                                                                                                                                    UPD: apparently Spot prices are much better. But still, fscking AWS, all this complexity with spot, reserved, extra payments for IP addresses, storage, bandwidth..

                                                                                                                                                    1. 2

                                                                                                                                                      cnl: not the same as cln.

                                                                                                                                                      1. 2

                                                                                                                                                        I literally inspired this, see bottom of the page :)

                                                                                                                                                        1. 27

                                                                                                                                                          I think people talking about inspecting the source before installing dependencies are being unreasonable to some degree.

                                                                                                                                                          1. The malicious code was present only in the minified version of the code. I suppose the red flag that tipped the reporter was the lack of history/popularity of the repository in question, but it doesn’t have to be like that
                                                                                                                                                          2. It can be released to npm in a way that’s not evident to casually browsing the github repo
                                                                                                                                                          3. There isn’t even any guarantee that the code on npm matches what’s on github at all

                                                                                                                                                          Meaning the ways to be safe are:

                                                                                                                                                          1. Hand-inspect the code in your node_modules directory (including — or especially— those that may be minified); or
                                                                                                                                                          2. Don’t use npm at all.

                                                                                                                                                          I don’t see these people (nor myself) doing either. From which it follows:

                                                                                                                                                          Any company desiring to buy into the so-called “modern” front end development (be it for productivity, performance or hiring purposes) does so by making itself vulnerable to attacks such as this.

                                                                                                                                                          I don’t know if that’s a reasonable price to pay to use, say, React, but it sure isn’t reasonable to me to pay that to use Node (versus, say, Golang, which can reasonably be used to build the same kinds of apps using little more than the standard library).

                                                                                                                                                          1. 21

                                                                                                                                                            The malicious code was present only in the minified version of the code. I suppose the red flag that tipped the reporter was the lack of history/popularity of the repository in question, but it doesn’t have to be like that

                                                                                                                                                            One more reason for reproducible builds… minified JS should be treated like compiled code and automated mechanisms should check if it matches the unminified version…

                                                                                                                                                            1. 6

                                                                                                                                                              This, a thousand times this. I can’t comprehend the reasoning that goes into committing derived code into source control. It’s a pain to remember to update it every time you commit, it’s hard to verify the code matches the original source and just pollutes the history. Diffing is mostly undoable too.

                                                                                                                                                              1. 3

                                                                                                                                                                I think the reasoning is to avoid build dependency. For some time, it was a usual practice to include Autoconf-derived configure script in release artifacts, so that users can avoid installing Autoconf.

                                                                                                                                                                1. 1

                                                                                                                                                                  Yeah, that’s annoying too (and a lot of projects still do it even though it’s not really good practice), but at least configure scripts don’t tend to/need to change with every single code change like these minified files do.

                                                                                                                                                                  1. 1

                                                                                                                                                                    generated autoconf configure scripts are pretty easy to read, I can say there were times I preferred them over the m4 source.

                                                                                                                                                              2. 11

                                                                                                                                                                It would be really nice if the package repositories (npm/pypi/rubygems/etc) did something:

                                                                                                                                                                • try to automatically detect obfuscated code
                                                                                                                                                                • stop letting maintainers upload packages from their dev machines, make sure any compilation happens on a public CI environment from a known git tag (this would also encourage non-compiled packages, i.e. just direct snapshots of git tags)
                                                                                                                                                                • have some popularity threshold for packages beyond which manual review from a trusted group of reviewers is required for each new release
                                                                                                                                                                • (also why not require the git tags to be gpg signed for these popular packages)
                                                                                                                                                                • maybe rethink the whole package handover thing, maybe only allowing “deprecation in favor of [a fork]” (i.e. requiring every update to be manual) is good
                                                                                                                                                                1. 3

                                                                                                                                                                  I wouldn’t even check the node_modules output either as package installation can execute arbitrary code (node-gyp, other node bindings producing code)

                                                                                                                                                                  1. 4

                                                                                                                                                                    I agree with you!

                                                                                                                                                                    People seems to like to hit on npm, but I don’t see how the core issue is different than say Pypi, Cargo or Go (Other than the issues you raised). I personnaly take easy and simple dependancies management over C/C++ fragmented package management because most of my project are not security critical anyway or my threat model doesn’t include targeted code injection in my stack.

                                                                                                                                                                    I find it annoying when people look at those issues and some fault is put on the maintainers. Maybe the issue is not that one of your application’s thousands of dependancies compromition, but the fact that your risk management for your wallet application relies on thousands of unvetted dependancies…

                                                                                                                                                                    Meaning the ways to be safe are:

                                                                                                                                                                    I guess a first start would be to gather a bunch of useful and common repositories and ensure they and all their dependancies are well vetted and signed by the maintainers for each release and prevent any new dependancies from being pulled in without proper review and ensuring those dependancies use the same process. Documenting and enforcing such process for a subset of widely used dependancies would allow to trust a few organization and avoid to code review any dependancies I pull in in my own project. I guess most distribution core repositories has similar process like Arch maintained packages vs AUR.

                                                                                                                                                                    1. 8

                                                                                                                                                                      Pypi absolutely has the the same potential issues, though in practice I think the dependency trees for popular projects are way smaller than what you get in the node ecosystem. So you’re much less likely to be hit by a transitive vulnerability. To me this is one of the advantages of a fairly comprehensive standard library, and a relatively small number (compared to node, at least) of popular, high quality third-party libraries that get a lot of eyeballs.

                                                                                                                                                                      1. 11

                                                                                                                                                                        On top of that, a lot of Python code is deployed to production by system engineers. Often it’s vetted, built, tested and baked in by distributions - and the same is true for other non-web languages.

                                                                                                                                                                        javascript, on the other hand, is more often deployed by the upstream developer and thrown at web browsers straight away without any 3rd party review.

                                                                                                                                                                        1. 3

                                                                                                                                                                          Definitely! But that somehow happened to be this way. It would be nice to look at the social side as to why Python ended up this way while nothing prevented it from ending up like NPM. Maybe some key aspect of the tooling drive the trend one way or the other or it might be just the community (Python being much older and the tooling has seen a lot of changes over the years).

                                                                                                                                                                          I would be looking forward to a someone doing a graph analysis of a few package repositories across languages and find some way to rate them and put some risk on packages. How many and how deep does their dependancies go? How many of them are maintained by external maintainer? Sounds like I found myself a new week-end project…

                                                                                                                                                                          1. 12

                                                                                                                                                                            Python has a decent class library. Good libraries that have general use migrate back into that class library, in some fashion or another. Thus, third party libraries don’t have to have long dependency chains to do anything.

                                                                                                                                                                            What NPM forgot was that this was the fundamental idea that made package management useful. This stretches back to the early days of Java, at least, and I’m sure you can find other similar examples. By having a rich class library which already provides most of what you need, you’re simply going to layer on dependencies to adapt that framework to your specific business needs. Java, .NET, Ruby, Python- they all have that going for them. JavaScript simply does not. So half the Internet unwittingly depends on leftpad because a dependency of a dependency of a dependency needed it, and there wasn’t anything in the core library which could do it.

                                                                                                                                                                            1. 1

                                                                                                                                                                              Maybe some key aspect of the tooling drive the trend one way or the other or it might be just the community (Python being much older and the tooling has seen a lot of changes over the years).

                                                                                                                                                                              I think this is a big part of it — Python’s tooling is generally less capable than the Node ecosystem’s.

                                                                                                                                                                              To this day Pip doesn’t have a dependency resolver, so the result of installing a dependency tree with conflicts at the transitive dependency level isn’t an error, but an arbitrary version getting installed. You can only have a single version of a Python module installed, too, because they are global state. Contrast with how npm has historically (still does?) install multiple versions of a package, effectively vendoring each dependency’s dependency tree, transitively.

                                                                                                                                                                              Additionally, publishing Python packages has long been messy and fraught. Today there is decent documentation but before that you were forced to rely on rumors, hearsay, and Stack Overflow. Putting anything nontrivial on PyPI (e.g., a C extension module) is asking for a long tail of support requests as it fails to install in odd environments.

                                                                                                                                                                              I think the end result was a culture that values larger distributions to amortize packaging overhead. For example, the popular Django web framework long had a no-dependencies policy (if dependencies were required, they were vendored — e.g. simplejson before it entered the standard library).

                                                                                                                                                                              Regardless of the reasons for it, I think that this is healthier than the Node culture of tiny dependencies with single contributors. More goes into distributing software than just coding and testing — documentation, support, evangelism, and legal legwork are all important — but tiny libraries have such limited scope that they’ll never grow a social ecosystem which can persist in the long term (of course, even Django has trouble with that).

                                                                                                                                                                              1. 1

                                                                                                                                                                                You can only have a single version of a Python module installed, too, because they are global state.

                                                                                                                                                                                That’s actually a pretty good point I think. I have fought myself a few time against Pip due to conflicting versions. It does benefits library with fewer dependancies.

                                                                                                                                                                          2. 1

                                                                                                                                                                            While I’m not generally a fan of it, I think minimal version selection that’s planned for the future go package manager would make this attack spread much more slowly.

                                                                                                                                                                        1. 3

                                                                                                                                                                          Which MacBook Pro is that? You might be able to dual boot FreeBSD with your current OS on it. You might even have WiFi working on it.

                                                                                                                                                                          Other than that: +1 to ThinkPads. You can go newer than the (X2|T4)20 generation if you find a good deal.

                                                                                                                                                                          1. 2

                                                                                                                                                                            Mid-2014 MBP

                                                                                                                                                                            1. 1

                                                                                                                                                                              Definitely worth trying then! :)