This is a terrible clickbait headline. Having access to online file editor utilities (instead of having to install software) is good for users. It'd be great to have a means to update files in...
This is a terrible clickbait headline. Having access to online file editor utilities (instead of having to install software) is good for users. It'd be great to have a means to update files in online editors other than having to "download" and re-save the file. This kind of fearmongering simply drives clicks and makes the process of finding a good solution harder.
It's a spot on headline, and this is a terrible plan that will not be realised, hopefully. Otherwise, we can all but hope that there will be an option to disable it at least on Firefox. A good...
It's a spot on headline, and this is a terrible plan that will not be realised, hopefully. Otherwise, we can all but hope that there will be an option to disable it at least on Firefox.
A good solution: use a program that you've installed on your computer. There isn't a need for a solution.
you'd rather install a program and give it access to your entire filesystem? at least with this they only get one specific folder they're limited to that are segregated by origin.
you'd rather install a program and give it access to your entire filesystem? at least with this they only get one specific folder they're limited to that are segregated by origin.
Dude it's not like this is gonna let random websites snoop around your filesystem. It doesn't even need an option to disable it, if you don't like it just literally don't give any website...
Dude it's not like this is gonna let random websites snoop around your filesystem. It doesn't even need an option to disable it, if you don't like it just literally don't give any website permission to access any file on your PC.
Yeah, one bug, one exploit and we're screwed. It's not like escaping sandboxes and permission bugs or bypasses are uncommon. And I'll be able to avoid this one way or another, but what will...
And I'll be able to avoid this one way or another, but what will non-techies do? Will apps that will trick users into uploading private files or stealing files when they got the permission not pop up? Didn't we catch Facebook just doing that many times (see this and this and this; also I recall reading that they scraped photos from the photo picker in the app, i.e. as you were looking for a photo to upload, the other photos were being grabbed and uploaded, IIRC someone found it in their takeout, but can't find the link)?
Practical attacks are very uncommon. They're also quickly patched in the age of evergreen browsers. If "users can be tricked" is the argument, then the natural solution is to remove any and all...
It's not like escaping sandboxes and permission bugs or bypasses are uncommon.
Practical attacks are very uncommon. They're also quickly patched in the age of evergreen browsers.
Will apps that will trick users into uploading private files or stealing files when they got the permission not pop up?
If "users can be tricked" is the argument, then the natural solution is to remove any and all functionality of modern computers. Just in case they be used for ill somehow.
Except that’s already possible, in fact required for any browser based app. This new API makes it possible to edit those same files in the browser without upload, which will only make it safer.
Will apps that will trick users into uploading private files or stealing files when they got the permission not pop up?
Except that’s already possible, in fact required for any browser based app. This new API makes it possible to edit those same files in the browser without upload, which will only make it safer.
He didn't say impossible to upload he said possible WITHOUT upload. Although I think it is still possible to "upload" a file to a web app without it leaving your computer even now.
He didn't say impossible to upload he said possible WITHOUT upload. Although I think it is still possible to "upload" a file to a web app without it leaving your computer even now.
It's not possible to edit files with upload now in a way that will be possible without upload in the future. Right here right now, you can accept files, modify them, and re-download them without...
It's not possible to edit files with upload now in a way that will be possible without upload in the future. Right here right now, you can accept files, modify them, and re-download them without them ever actually leaving the browser. But it's still downloading a new file, not modifying an existing one.
I can see why the writable part may be concerning, but there is very little actual gain from just being able to write. While it is true that malicious actors could exploit this vulnerability to...
I can see why the writable part may be concerning, but there is very little actual gain from just being able to write. While it is true that malicious actors could exploit this vulnerability to erase everything from one's hard drive, I fail to see why they would, considering these actors seek to make money or obtain one's data.
Wait... did someone change the title of my post? I could have sworn I just copy and pasted the title of the article, and then after this comment it seems like it was changed. I mean, I don't care...
Wait... did someone change the title of my post? I could have sworn I just copy and pasted the title of the article, and then after this comment it seems like it was changed. I mean, I don't care if people have issues with the title and wanted me to change it, but it's kind of fucked up that an admin would just change it without even talking to me.
I have what's maybe a very stupid question for webdevs out there. Given all of the security concerns we're seeing with browsers evolving into, basically, a download-and-execute system for...
I have what's maybe a very stupid question for webdevs out there.
Given all of the security concerns we're seeing with browsers evolving into, basically, a download-and-execute system for websites-become-applications - why can't we just jail every 'page' into a virtual machine-like instance that can't access or interact with anything other than its own data and files, which are also stored in some kind of instanced jail? Barring bugs in the code for the vm, wouldn't this basically solve the issues we've been seeing? I know modern browsers do a bit of this already, but I don't think the design is really aiming for this kind of total isolation.
This might be what you were getting at towards the end of your comment, but browsers are already heavily sandboxed today. This is why tabs run in isolated processes, as well as browser extensions....
This might be what you were getting at towards the end of your comment, but browsers are already heavily sandboxed today. This is why tabs run in isolated processes, as well as browser extensions. It's also why tabs cost so much ram now. They don't share resources like they used to.
They did it before in the securest way possible, where file write access was only allowed per origin. But this API was only implemented in Chrome so they project was dropped. If they do anything...
They did it before in the securest way possible, where file write access was only allowed per origin. But this API was only implemented in Chrome so they project was dropped. If they do anything other than that add a way to share Blobs, they're doing it wrong.
Google creeping onto my desktop is my personal horror scenario. At least Microsoft is too incompetent to do push evil things via their monopoly position. Google isn't. Mozilla, don't be an enabler!
Google creeping onto my desktop is my personal horror scenario. At least Microsoft is too incompetent to do push evil things via their monopoly position. Google isn't. Mozilla, don't be an enabler!
Windows 10 is a bit of a bit of mess if you're used to something like Linux but... Microsoft isn't "incompetent". Since the 80s they have effectively destroyed competition by varying methods to...
Windows 10 is a bit of a bit of mess if you're used to something like Linux but...
Microsoft isn't "incompetent". Since the 80s they have effectively destroyed competition by varying methods to create and maintain their monopoly.
Windows 10 is just shitty because there is a huge market of people who don't care about or notice a lot of "evil" aspects.
To be fair, Linux isn't a viable option for most people.
Anyways, I can see the enabler argument but they have to keep up and stay ahead of the trends. I don't mind them offering this if they give an appropriate disclaimer and allow me to shut it off.
GFWL. The "Zune". Windows Store. The Windows 8 Metro design. Windows Phone. The list goes on. I am currently sitting at a Word document where I want to make a hyperlink not purple. I'm trying to...
Microsoft isn't "incompetent".
GFWL. The "Zune". Windows Store. The Windows 8 Metro design. Windows Phone. The list goes on.
I am currently sitting at a Word document where I want to make a hyperlink not purple. I'm trying to solve that problem for 45 minutes now and I'm deep in some Word support forum and every single suggestion doesn't work. Whenever I want to click the text to edit it, it opens the damn link. When I edit the style sheet, it changes everything. But the color. That's Word 2016.
They're IMO still monetizing being first/cheapest in their field some 30 years ago. That's literally the only thing they have. They built up a monopoly for Office software which is near-impossible to break free from (mostly because any new competitor had to make their shit compatible) and they have the only hardware-agnostic operating system that understands that users don't want to learn terminal commands. They also have the money/leverage to push a lot of things really far through marketing, literally forcing people to use it (trust me, I don't want to use Word, this is for a client who wants a harmless little template with their name on it).
I know other companies who have similar quasi-monopolies in certain fields, including Google, Adobe maybe, Valve with Steam, etc. None of them have this amazingly consistent gap between widespread use and horrible UX and software design. Like, nothing is perfect. But this lack of quality absolutely baffling.
They have no idea how to make a decent product but they know how to stay on top in spite of it. They perfected quite a few techniques and invented some new ones. Which they then went onto perfect.
They have no idea how to make a decent product but they know how to stay on top in spite of it. They perfected quite a few techniques and invented some new ones. Which they then went onto perfect.
Even that's not really true, IMO. MS is doing incredibly well in the hardware space and more or less always has. The Zune and Windows Phones are actually the exception rather than the rule. The...
They have no idea how to make a decent product
Even that's not really true, IMO. MS is doing incredibly well in the hardware space and more or less always has. The Zune and Windows Phones are actually the exception rather than the rule. The new Surface line is well lauded and for good reason, and their desktop PC peripherals have always been solid.
Even Zune ended up being an amazing device. I had a Zune HD and it was one of the best pieces of hardware I've ever had. But their marketing and other circumstances doomed the Zune brand.
Even Zune ended up being an amazing device. I had a Zune HD and it was one of the best pieces of hardware I've ever had. But their marketing and other circumstances doomed the Zune brand.
Personally I find Opera is a great alternative for anyone looking for something that's not Chrome. I switched about 2 years ago when I noticed that Chrome was responsible for my poor laptop...
Personally I find Opera is a great alternative for anyone looking for something that's not Chrome. I switched about 2 years ago when I noticed that Chrome was responsible for my poor laptop battery life. It's got built-in VPN and ad-blocker and isn't a crazy resource hog.
Well, ignoring all the privacy concerns everyone's talking about Opera being Chinese, it still uses Blink. So in my view, you still contribute to the Chrome/Blink monopoly, so it really doesn't...
Well, ignoring all the privacy concerns everyone's talking about Opera being Chinese, it still uses Blink. So in my view, you still contribute to the Chrome/Blink monopoly, so it really doesn't make a difference if you're looking to get away from Chrome.
Honestly, I can't remember why I picked Opera over Firefox when I was testing out browsers. It's been a few years though and it's always good to see where everything is at so I'm going to install...
Honestly, I can't remember why I picked Opera over Firefox when I was testing out browsers. It's been a few years though and it's always good to see where everything is at so I'm going to install it and take it for a test ride this week.
if it's been a few years, then opera probably was the much better option. but ever since mozilla made rust and completely overhauled firefox from the group up, it's a completely different engine...
if it's been a few years, then opera probably was the much better option. but ever since mozilla made rust and completely overhauled firefox from the group up, it's a completely different engine now. i'd definitely give it a shot if you're interested.
This is a terrible clickbait headline. Having access to online file editor utilities (instead of having to install software) is good for users. It'd be great to have a means to update files in online editors other than having to "download" and re-save the file. This kind of fearmongering simply drives clicks and makes the process of finding a good solution harder.
It's a spot on headline, and this is a terrible plan that will not be realised, hopefully. Otherwise, we can all but hope that there will be an option to disable it at least on Firefox.
A good solution: use a program that you've installed on your computer. There isn't a need for a solution.
you'd rather install a program and give it access to your entire filesystem? at least with this they only get one specific folder they're limited to that are segregated by origin.
Dude it's not like this is gonna let random websites snoop around your filesystem. It doesn't even need an option to disable it, if you don't like it just literally don't give any website permission to access any file on your PC.
Yeah, one bug, one exploit and we're screwed. It's not like escaping sandboxes and permission bugs or bypasses are uncommon.
And I'll be able to avoid this one way or another, but what will non-techies do? Will apps that will trick users into uploading private files or stealing files when they got the permission not pop up? Didn't we catch Facebook just doing that many times (see this and this and this; also I recall reading that they scraped photos from the photo picker in the app, i.e. as you were looking for a photo to upload, the other photos were being grabbed and uploaded, IIRC someone found it in their takeout, but can't find the link)?
Edit: See also: The HN discussion about this API: https://news.ycombinator.com/item?id=18434639
Practical attacks are very uncommon. They're also quickly patched in the age of evergreen browsers.
If "users can be tricked" is the argument, then the natural solution is to remove any and all functionality of modern computers. Just in case they be used for ill somehow.
This logic applies right now. There isn't actually that much that changes if you add the APIs for it.
Except that’s already possible, in fact required for any browser based app. This new API makes it possible to edit those same files in the browser without upload, which will only make it safer.
Once in the browser I can't see how it will be impossible to upload. And don't forget the "Writable" part.
He didn't say impossible to upload he said possible WITHOUT upload. Although I think it is still possible to "upload" a file to a web app without it leaving your computer even now.
That's exactly my point. It is already possible; now they're making it possible to edit files without uploading them.
It's not possible to edit files with upload now in a way that will be possible without upload in the future. Right here right now, you can accept files, modify them, and re-download them without them ever actually leaving the browser. But it's still downloading a new file, not modifying an existing one.
I think we agree but I’m just a little unclear.
I can see why the writable part may be concerning, but there is very little actual gain from just being able to write. While it is true that malicious actors could exploit this vulnerability to erase everything from one's hard drive, I fail to see why they would, considering these actors seek to make money or obtain one's data.
It seems very reasonable to me. Security has been the #1 topic of discussion. Which part of the spec do you disagree with?
Wait... did someone change the title of my post? I could have sworn I just copy and pasted the title of the article, and then after this comment it seems like it was changed. I mean, I don't care if people have issues with the title and wanted me to change it, but it's kind of fucked up that an admin would just change it without even talking to me.
I have what's maybe a very stupid question for webdevs out there.
Given all of the security concerns we're seeing with browsers evolving into, basically, a download-and-execute system for websites-become-applications - why can't we just jail every 'page' into a virtual machine-like instance that can't access or interact with anything other than its own data and files, which are also stored in some kind of instanced jail? Barring bugs in the code for the vm, wouldn't this basically solve the issues we've been seeing? I know modern browsers do a bit of this already, but I don't think the design is really aiming for this kind of total isolation.
This might be what you were getting at towards the end of your comment, but browsers are already heavily sandboxed today. This is why tabs run in isolated processes, as well as browser extensions. It's also why tabs cost so much ram now. They don't share resources like they used to.
They did it before in the securest way possible, where file write access was only allowed per origin. But this API was only implemented in Chrome so they project was dropped. If they do anything other than that add a way to share Blobs, they're doing it wrong.
For anyone who's interested in the real, official details of what this API is about, their repository explainer does a great job of that.
Until web-share-target is added too, the file writing api won't be adding anything we can't do already.
I was so hopeful for WebIntents. It will be interesting to see how v2 does.
Aww yiss, I've been excited for this API. A Chromebook as a developer device will become much more viable.
Google creeping onto my desktop is my personal horror scenario. At least Microsoft is too incompetent to do push evil things via their monopoly position. Google isn't. Mozilla, don't be an enabler!
Windows 10 is a bit of a bit of mess if you're used to something like Linux but...
Microsoft isn't "incompetent". Since the 80s they have effectively destroyed competition by varying methods to create and maintain their monopoly.
Windows 10 is just shitty because there is a huge market of people who don't care about or notice a lot of "evil" aspects.
To be fair, Linux isn't a viable option for most people.
Anyways, I can see the enabler argument but they have to keep up and stay ahead of the trends. I don't mind them offering this if they give an appropriate disclaimer and allow me to shut it off.
GFWL. The "Zune". Windows Store. The Windows 8 Metro design. Windows Phone. The list goes on.
I am currently sitting at a Word document where I want to make a hyperlink not purple. I'm trying to solve that problem for 45 minutes now and I'm deep in some Word support forum and every single suggestion doesn't work. Whenever I want to click the text to edit it, it opens the damn link. When I edit the style sheet, it changes everything. But the color. That's Word 2016.
They're IMO still monetizing being first/cheapest in their field some 30 years ago. That's literally the only thing they have. They built up a monopoly for Office software which is near-impossible to break free from (mostly because any new competitor had to make their shit compatible) and they have the only hardware-agnostic operating system that understands that users don't want to learn terminal commands. They also have the money/leverage to push a lot of things really far through marketing, literally forcing people to use it (trust me, I don't want to use Word, this is for a client who wants a harmless little template with their name on it).
I know other companies who have similar quasi-monopolies in certain fields, including Google, Adobe maybe, Valve with Steam, etc. None of them have this amazingly consistent gap between widespread use and horrible UX and software design. Like, nothing is perfect. But this lack of quality absolutely baffling.
They have no idea how to make a decent product but they know how to stay on top in spite of it. They perfected quite a few techniques and invented some new ones. Which they then went onto perfect.
Even that's not really true, IMO. MS is doing incredibly well in the hardware space and more or less always has. The Zune and Windows Phones are actually the exception rather than the rule. The new Surface line is well lauded and for good reason, and their desktop PC peripherals have always been solid.
Even Zune ended up being an amazing device. I had a Zune HD and it was one of the best pieces of hardware I've ever had. But their marketing and other circumstances doomed the Zune brand.
Personally I find Opera is a great alternative for anyone looking for something that's not Chrome. I switched about 2 years ago when I noticed that Chrome was responsible for my poor laptop battery life. It's got built-in VPN and ad-blocker and isn't a crazy resource hog.
Well, ignoring all the privacy concerns everyone's talking about Opera being Chinese, it still uses Blink. So in my view, you still contribute to the Chrome/Blink monopoly, so it really doesn't make a difference if you're looking to get away from Chrome.
It does if you don't want your browser tracking everything you do on the internet.
why not use Firefox?
Honestly, I can't remember why I picked Opera over Firefox when I was testing out browsers. It's been a few years though and it's always good to see where everything is at so I'm going to install it and take it for a test ride this week.
if it's been a few years, then opera probably was the much better option. but ever since mozilla made rust and completely overhauled firefox from the group up, it's a completely different engine now. i'd definitely give it a shot if you're interested.