What’s wrong about the premise? We have been stuck with Windows and Unix for decades and instead of writing new systems capable of integrating fully into the internet instead “we” (mainly corpos) wrote an entirely new system (the system of web servers and web browsers) on top of current ones that is easily as large, complex, and featureful as any other operating system and forced everyone to use it. It takes enormous amounts of resources to maintain this infrastructure and stave off the flood of security vulnerabilities and bugs that are constantly discovered as a result of this system’s complexity and the interaction between this system and contemporary operating systems like Linux or Windows.
Even with modern protections built into web browsers now it is still a security and privacy nightmare. You are right though that it’s usually better than an app on Android or something but I don’t think that’s what they meant.
99.9999% of “clients” are way worse than any browser for same service — so just throwing such advice around is wildly irresponsible. Examples given were
alexandrite for desktop - does not exist and if it did it would be what, an electron app?
Gemini - impossible or unweildy to use web browser anyway. gemini is a revamped gopher. You can access gemini via a web proxy but i doubt that is substantially worse than using a client https://geminiprotocol.net/clients.html either a proxy or client could contain malicious or sloppy code
neon modem - a github project with 9 contributors https://github.com/mrusme/neonmodem. it is a TUI interface for an itty bitty nichy part of the web. Cool to find out there is a tui for lemmy i will try it because i am a total weirdo not a normal person. It took me years to learn enough to be able much less willing to try a tui for fun.
So we have zero examples. Better but still not great example would have been reddit with 3PA prior to the API changes. Or mail cient vs webmail. Or usenet vs forums. Or bittorrent streaming vs netflix. Ytdlp vs youtube. Rss vs most other options.
Web is universal and low barrier. If you want to move to clients for everything youd have to rework every kind of function done on the web. Personally i like using special FLOSS clients when i can (like the lemmy client i am using right now) but i dont want it for everything. And a lot of the coziness with volunteer small groups of devs would vanish with any degree of popularity. A lot of the vulnerabilities that persist are pervasive to the internet and need systemic solutions like net neutrality and enforcement of regulations. Same problems could easily reproduce themselves with the proposed solution. Security thru obscruity sux.
another PR by different user attempting to solve the same problem but it was closed due to existing (still today unmerged) PR
The devs are aware since many months. Have not even bothered in any way to alert users.
Lack of notice demonstrates total lack of concern for users which I’m sure is manifested in lots of other ways
Lots of people share computers, they have unencrypted hdds, they have auto cloud backup etc. Hopefully no need to describe all reasons why plain text credential storage is Bad.
Like the advice to prefer clients over web, this project in its current state is plain irresponsible.
Clear from the github/website that this is intended primarily to adhere to devs’ aesthetic tastes and nothing more.
What’s wrong about the premise? We have been stuck with Windows and Unix for decades and instead of writing new systems capable of integrating fully into the internet instead “we” (mainly corpos) wrote an entirely new system (the system of web servers and web browsers) on top of current ones that is easily as large, complex, and featureful as any other operating system and forced everyone to use it. It takes enormous amounts of resources to maintain this infrastructure and stave off the flood of security vulnerabilities and bugs that are constantly discovered as a result of this system’s complexity and the interaction between this system and contemporary operating systems like Linux or Windows.
Even with modern protections built into web browsers now it is still a security and privacy nightmare. You are right though that it’s usually better than an app on Android or something but I don’t think that’s what they meant.
The premise is wrong because
99.9999% of “clients” are way worse than any browser for same service — so just throwing such advice around is wildly irresponsible. Examples given were
alexandrite for desktop - does not exist and if it did it would be what, an electron app?
Gemini - impossible or unweildy to use web browser anyway. gemini is a revamped gopher. You can access gemini via a web proxy but i doubt that is substantially worse than using a client https://geminiprotocol.net/clients.html either a proxy or client could contain malicious or sloppy code
neon modem - a github project with 9 contributors https://github.com/mrusme/neonmodem. it is a TUI interface for an itty bitty nichy part of the web. Cool to find out there is a tui for lemmy i will try it because i am a total weirdo not a normal person. It took me years to learn enough to be able much less willing to try a tui for fun.
So we have zero examples. Better but still not great example would have been reddit with 3PA prior to the API changes. Or mail cient vs webmail. Or usenet vs forums. Or bittorrent streaming vs netflix. Ytdlp vs youtube. Rss vs most other options.
Web is universal and low barrier. If you want to move to clients for everything youd have to rework every kind of function done on the web. Personally i like using special FLOSS clients when i can (like the lemmy client i am using right now) but i dont want it for everything. And a lot of the coziness with volunteer small groups of devs would vanish with any degree of popularity. A lot of the vulnerabilities that persist are pervasive to the internet and need systemic solutions like net neutrality and enforcement of regulations. Same problems could easily reproduce themselves with the proposed solution. Security thru obscruity sux.
@PaX & @EatPotatoes I tried neonmodem. Was eventually able to login to hexbear.
username and password stored plain text wtf
--help
, the readme, the applicationLots of people share computers, they have unencrypted hdds, they have auto cloud backup etc. Hopefully no need to describe all reasons why plain text credential storage is Bad.
Like the advice to prefer clients over web, this project in its current state is plain irresponsible.
Clear from the github/website that this is intended primarily to adhere to devs’ aesthetic tastes and nothing more.