19 votes

Topic deleted by author

35 comments

  1. [16]
    chromakode
    Link
    This is a terrible clickbait headline. Having access to online file editor utilities (instead of having to install software) is good for users. It'd be great to have a means to update files in...

    This is a terrible clickbait headline. Having access to online file editor utilities (instead of having to install software) is good for users. It'd be great to have a means to update files in online editors other than having to "download" and re-save the file. This kind of fearmongering simply drives clicks and makes the process of finding a good solution harder.

    17 votes
    1. [14]
      unknown user
      Link Parent
      It's a spot on headline, and this is a terrible plan that will not be realised, hopefully. Otherwise, we can all but hope that there will be an option to disable it at least on Firefox. A good...

      It's a spot on headline, and this is a terrible plan that will not be realised, hopefully. Otherwise, we can all but hope that there will be an option to disable it at least on Firefox.

      A good solution: use a program that you've installed on your computer. There isn't a need for a solution.

      5 votes
      1. meghan
        Link Parent
        you'd rather install a program and give it access to your entire filesystem? at least with this they only get one specific folder they're limited to that are segregated by origin.

        you'd rather install a program and give it access to your entire filesystem? at least with this they only get one specific folder they're limited to that are segregated by origin.

        12 votes
      2. [11]
        Diff
        Link Parent
        Dude it's not like this is gonna let random websites snoop around your filesystem. It doesn't even need an option to disable it, if you don't like it just literally don't give any website...

        Dude it's not like this is gonna let random websites snoop around your filesystem. It doesn't even need an option to disable it, if you don't like it just literally don't give any website permission to access any file on your PC.

        8 votes
        1. [10]
          unknown user
          (edited )
          Link Parent
          Yeah, one bug, one exploit and we're screwed. It's not like escaping sandboxes and permission bugs or bypasses are uncommon. And I'll be able to avoid this one way or another, but what will...

          Yeah, one bug, one exploit and we're screwed. It's not like escaping sandboxes and permission bugs or bypasses are uncommon.

          And I'll be able to avoid this one way or another, but what will non-techies do? Will apps that will trick users into uploading private files or stealing files when they got the permission not pop up? Didn't we catch Facebook just doing that many times (see this and this and this; also I recall reading that they scraped photos from the photo picker in the app, i.e. as you were looking for a photo to upload, the other photos were being grabbed and uploaded, IIRC someone found it in their takeout, but can't find the link)?

          Edit: See also: The HN discussion about this API: https://news.ycombinator.com/item?id=18434639

          2 votes
          1. Wes
            Link Parent
            Practical attacks are very uncommon. They're also quickly patched in the age of evergreen browsers. If "users can be tricked" is the argument, then the natural solution is to remove any and all...

            It's not like escaping sandboxes and permission bugs or bypasses are uncommon.

            Practical attacks are very uncommon. They're also quickly patched in the age of evergreen browsers.

            Will apps that will trick users into uploading private files or stealing files when they got the permission not pop up?

            If "users can be tricked" is the argument, then the natural solution is to remove any and all functionality of modern computers. Just in case they be used for ill somehow.

            9 votes
          2. Adys
            Link Parent
            This logic applies right now. There isn't actually that much that changes if you add the APIs for it.

            Yeah, one bug, one exploit and we're screwed. It's not like escaping sandboxes and permission bugs or bypasses are uncommon.

            This logic applies right now. There isn't actually that much that changes if you add the APIs for it.

            7 votes
          3. [7]
            ClearlyAlive
            Link Parent
            Except that’s already possible, in fact required for any browser based app. This new API makes it possible to edit those same files in the browser without upload, which will only make it safer.

            Will apps that will trick users into uploading private files or stealing files when they got the permission not pop up?

            Except that’s already possible, in fact required for any browser based app. This new API makes it possible to edit those same files in the browser without upload, which will only make it safer.

            4 votes
            1. [6]
              unknown user
              Link Parent
              Once in the browser I can't see how it will be impossible to upload. And don't forget the "Writable" part.

              Once in the browser I can't see how it will be impossible to upload. And don't forget the "Writable" part.

              3 votes
              1. [4]
                Diff
                Link Parent
                He didn't say impossible to upload he said possible WITHOUT upload. Although I think it is still possible to "upload" a file to a web app without it leaving your computer even now.

                He didn't say impossible to upload he said possible WITHOUT upload. Although I think it is still possible to "upload" a file to a web app without it leaving your computer even now.

                1. [3]
                  ClearlyAlive
                  Link Parent
                  That's exactly my point. It is already possible; now they're making it possible to edit files without uploading them.

                  Although I think it is still possible to "upload" a file to a web app without it leaving your computer even now.

                  That's exactly my point. It is already possible; now they're making it possible to edit files without uploading them.

                  1. [2]
                    Diff
                    Link Parent
                    It's not possible to edit files with upload now in a way that will be possible without upload in the future. Right here right now, you can accept files, modify them, and re-download them without...

                    It's not possible to edit files with upload now in a way that will be possible without upload in the future. Right here right now, you can accept files, modify them, and re-download them without them ever actually leaving the browser. But it's still downloading a new file, not modifying an existing one.

                    1. ClearlyAlive
                      Link Parent
                      I think we agree but I’m just a little unclear.

                      I think we agree but I’m just a little unclear.

              2. ClearlyAlive
                Link Parent
                I can see why the writable part may be concerning, but there is very little actual gain from just being able to write. While it is true that malicious actors could exploit this vulnerability to...

                I can see why the writable part may be concerning, but there is very little actual gain from just being able to write. While it is true that malicious actors could exploit this vulnerability to erase everything from one's hard drive, I fail to see why they would, considering these actors seek to make money or obtain one's data.

      3. Wes
        Link Parent
        It seems very reasonable to me. Security has been the #1 topic of discussion. Which part of the spec do you disagree with?

        It seems very reasonable to me. Security has been the #1 topic of discussion. Which part of the spec do you disagree with?

        7 votes
    2. piedpiper
      Link Parent
      Wait... did someone change the title of my post? I could have sworn I just copy and pasted the title of the article, and then after this comment it seems like it was changed. I mean, I don't care...

      Wait... did someone change the title of my post? I could have sworn I just copy and pasted the title of the article, and then after this comment it seems like it was changed. I mean, I don't care if people have issues with the title and wanted me to change it, but it's kind of fucked up that an admin would just change it without even talking to me.

  2. [3]
    Amarok
    Link
    I have what's maybe a very stupid question for webdevs out there. Given all of the security concerns we're seeing with browsers evolving into, basically, a download-and-execute system for...

    I have what's maybe a very stupid question for webdevs out there.

    Given all of the security concerns we're seeing with browsers evolving into, basically, a download-and-execute system for websites-become-applications - why can't we just jail every 'page' into a virtual machine-like instance that can't access or interact with anything other than its own data and files, which are also stored in some kind of instanced jail? Barring bugs in the code for the vm, wouldn't this basically solve the issues we've been seeing? I know modern browsers do a bit of this already, but I don't think the design is really aiming for this kind of total isolation.

    7 votes
    1. Wes
      Link Parent
      This might be what you were getting at towards the end of your comment, but browsers are already heavily sandboxed today. This is why tabs run in isolated processes, as well as browser extensions....

      This might be what you were getting at towards the end of your comment, but browsers are already heavily sandboxed today. This is why tabs run in isolated processes, as well as browser extensions. It's also why tabs cost so much ram now. They don't share resources like they used to.

      11 votes
    2. meghan
      Link Parent
      They did it before in the securest way possible, where file write access was only allowed per origin. But this API was only implemented in Chrome so they project was dropped. If they do anything...

      They did it before in the securest way possible, where file write access was only allowed per origin. But this API was only implemented in Chrome so they project was dropped. If they do anything other than that add a way to share Blobs, they're doing it wrong.

      3 votes
  3. [3]
    jackson
    Link
    For anyone who's interested in the real, official details of what this API is about, their repository explainer does a great job of that.

    For anyone who's interested in the real, official details of what this API is about, their repository explainer does a great job of that.

    6 votes
    1. [2]
      meghan
      Link Parent
      Until web-share-target is added too, the file writing api won't be adding anything we can't do already.

      Until web-share-target is added too, the file writing api won't be adding anything we can't do already.

      1 vote
      1. Wes
        Link Parent
        I was so hopeful for WebIntents. It will be interesting to see how v2 does.

        I was so hopeful for WebIntents. It will be interesting to see how v2 does.

        1 vote
  4. Wes
    Link
    Aww yiss, I've been excited for this API. A Chromebook as a developer device will become much more viable.

    Aww yiss, I've been excited for this API. A Chromebook as a developer device will become much more viable.

    5 votes
  5. [6]
    nothis
    Link
    Google creeping onto my desktop is my personal horror scenario. At least Microsoft is too incompetent to do push evil things via their monopoly position. Google isn't. Mozilla, don't be an enabler!

    Google creeping onto my desktop is my personal horror scenario. At least Microsoft is too incompetent to do push evil things via their monopoly position. Google isn't. Mozilla, don't be an enabler!

    4 votes
    1. [5]
      Parameter
      Link Parent
      Windows 10 is a bit of a bit of mess if you're used to something like Linux but... Microsoft isn't "incompetent". Since the 80s they have effectively destroyed competition by varying methods to...

      Windows 10 is a bit of a bit of mess if you're used to something like Linux but...

      Microsoft isn't "incompetent". Since the 80s they have effectively destroyed competition by varying methods to create and maintain their monopoly.

      Windows 10 is just shitty because there is a huge market of people who don't care about or notice a lot of "evil" aspects.

      To be fair, Linux isn't a viable option for most people.


      Anyways, I can see the enabler argument but they have to keep up and stay ahead of the trends. I don't mind them offering this if they give an appropriate disclaimer and allow me to shut it off.

      8 votes
      1. [4]
        nothis
        Link Parent
        GFWL. The "Zune". Windows Store. The Windows 8 Metro design. Windows Phone. The list goes on. I am currently sitting at a Word document where I want to make a hyperlink not purple. I'm trying to...

        Microsoft isn't "incompetent".

        GFWL. The "Zune". Windows Store. The Windows 8 Metro design. Windows Phone. The list goes on.

        I am currently sitting at a Word document where I want to make a hyperlink not purple. I'm trying to solve that problem for 45 minutes now and I'm deep in some Word support forum and every single suggestion doesn't work. Whenever I want to click the text to edit it, it opens the damn link. When I edit the style sheet, it changes everything. But the color. That's Word 2016.

        They're IMO still monetizing being first/cheapest in their field some 30 years ago. That's literally the only thing they have. They built up a monopoly for Office software which is near-impossible to break free from (mostly because any new competitor had to make their shit compatible) and they have the only hardware-agnostic operating system that understands that users don't want to learn terminal commands. They also have the money/leverage to push a lot of things really far through marketing, literally forcing people to use it (trust me, I don't want to use Word, this is for a client who wants a harmless little template with their name on it).

        I know other companies who have similar quasi-monopolies in certain fields, including Google, Adobe maybe, Valve with Steam, etc. None of them have this amazingly consistent gap between widespread use and horrible UX and software design. Like, nothing is perfect. But this lack of quality absolutely baffling.

        5 votes
        1. [3]
          Diff
          Link Parent
          They have no idea how to make a decent product but they know how to stay on top in spite of it. They perfected quite a few techniques and invented some new ones. Which they then went onto perfect.

          They have no idea how to make a decent product but they know how to stay on top in spite of it. They perfected quite a few techniques and invented some new ones. Which they then went onto perfect.

          3 votes
          1. [2]
            cfabbro
            Link Parent
            Even that's not really true, IMO. MS is doing incredibly well in the hardware space and more or less always has. The Zune and Windows Phones are actually the exception rather than the rule. The...

            They have no idea how to make a decent product

            Even that's not really true, IMO. MS is doing incredibly well in the hardware space and more or less always has. The Zune and Windows Phones are actually the exception rather than the rule. The new Surface line is well lauded and for good reason, and their desktop PC peripherals have always been solid.

            2 votes
            1. Rocket_Man
              Link Parent
              Even Zune ended up being an amazing device. I had a Zune HD and it was one of the best pieces of hardware I've ever had. But their marketing and other circumstances doomed the Zune brand.

              Even Zune ended up being an amazing device. I had a Zune HD and it was one of the best pieces of hardware I've ever had. But their marketing and other circumstances doomed the Zune brand.

              4 votes
  6. [6]
    yai
    Link
    Personally I find Opera is a great alternative for anyone looking for something that's not Chrome. I switched about 2 years ago when I noticed that Chrome was responsible for my poor laptop...

    Personally I find Opera is a great alternative for anyone looking for something that's not Chrome. I switched about 2 years ago when I noticed that Chrome was responsible for my poor laptop battery life. It's got built-in VPN and ad-blocker and isn't a crazy resource hog.

    1 vote
    1. [5]
      admicos
      Link Parent
      Well, ignoring all the privacy concerns everyone's talking about Opera being Chinese, it still uses Blink. So in my view, you still contribute to the Chrome/Blink monopoly, so it really doesn't...

      Well, ignoring all the privacy concerns everyone's talking about Opera being Chinese, it still uses Blink. So in my view, you still contribute to the Chrome/Blink monopoly, so it really doesn't make a difference if you're looking to get away from Chrome.

      6 votes
      1. [4]
        yai
        Link Parent
        It does if you don't want your browser tracking everything you do on the internet.

        It does if you don't want your browser tracking everything you do on the internet.

        1 vote
        1. [3]
          meghan
          Link Parent
          why not use Firefox?

          why not use Firefox?

          4 votes
          1. [2]
            yai
            Link Parent
            Honestly, I can't remember why I picked Opera over Firefox when I was testing out browsers. It's been a few years though and it's always good to see where everything is at so I'm going to install...

            Honestly, I can't remember why I picked Opera over Firefox when I was testing out browsers. It's been a few years though and it's always good to see where everything is at so I'm going to install it and take it for a test ride this week.

            3 votes
            1. meghan
              Link Parent
              if it's been a few years, then opera probably was the much better option. but ever since mozilla made rust and completely overhauled firefox from the group up, it's a completely different engine...

              if it's been a few years, then opera probably was the much better option. but ever since mozilla made rust and completely overhauled firefox from the group up, it's a completely different engine now. i'd definitely give it a shot if you're interested.

              4 votes