I completely agree - if only for the environmental advantages. Snap is so prodigiously wasteful of storage and bandwidth - not everyone has it, and for those that do, it's still a waste of money and CO2. We already solved the shared-libraries problem.
Except that AGPL is the GPL we wish we'd all used if we had forseen that we would be delivering software that would be used on the web.
Nextcloud (who use AGPLv3+) got it right.
Imagine how much better Android would have been if the core libraries had been GPL not LGPL.
I'd love to see more projects use Affero GPL (which solves the service-as-a-software substitute) issue, and to have a better migration path from GPLv3+ to AfferoGPLv3+.
It would also really help if there were more GPLv3 libraries in JS and PHP - many developers have a (technical) choice as to which libraries to build from which would allow them to make their code GPL-dependent, but at the same time, the company lawyers prevent developers from making a "license choice" for GPL, unless they can say "but I used a GPL library".
Finally, it's insufficiently clear what exactly you have to do to make a web (or python) application into a fully covered work - because there is no "compile" step.
As a Tesla owner, I just wish there were some way to report bugs!
It's really frustrating how bad some of the software is.
For example:
* the wing mirrors auto-fold at my home location, but won't auto-unfold for about 100m.
* the rearview parking cameras are sepia-tinted - perfect for blending in concrete pillars!
* the guideline white lines on reversing shows where the wheels will go, not the "hips" of the car. So you follow them into a tight-space, and crunch!
* summon never works where you need it to (i.e. in tight spaces in car-parks where there is no cellular, only bluetooth)
* every unrecognised voice command falls through to navigation. Eg. "Wiper off" is misheard as "Waipa off" which is mis-recognised as "Wifi
* "Phone Mum" doesn't work - because I don't have a "Mom" in my phonebook (that's an Americanism).
* The Phone keyboard has no ability to quickly enter names by typing the first letters (e.g. to identify "Peter", you might start typing "7 3 8", as P E T). Instead, you have to scroll through the whole list - and that's really hard to do safely when driving.
* Also, I expected that the self-driving would,at minimum, be able to park the car with greater precision than I can, in tight spots.
* When you restart, the car takes ages to re-acquire GPS, and it doesn't realise that it is in the same place it was when you parked! So it can be 500m off - and it takes up to 2 minutes to find itself - this is quite long enough to be satnav'd into going the wrong way.
* If there is no cellular, then trying to find a destination on the map gives as "destination not found" error, rather than a "No data available".
* If the headlights are in auto-mode, it's impossible to get them to stay on full-beam in a dark, narrow, isolated country-lane - even without any other cars, the nearby trees turn them to dipped.
Tesla has no way to contact them to tell them stuff - even when I went into a Tesla store, the owner just said, sorry, we can't feed it back. This is so frustrating, as I could get so much of it fixed, if they would only LISTEN.
What we really need is the requirement that these large platforms provide a free API for interoperability.
For example:
* If my friends use Gmail and I use Hotmail, then there is no problem for me to email them.
* But if my friends use Facebook, and I use Diaspora, then I can't share posts.
Email is an open, interoperable protocol between multiple platforms; Facebook (etc) lack this.
So, what we need is a requirement that people can communicate with users of a platform (eg Facebook) without being a member of that platform.
This is the only way that competing services will be able to exist, and that uses will have meaningful data portability.
The other thing I would do is require that every advertising-funded service should also be required to offer a paid service at the same (effective) price, where the user is in control.
In every other text field, clicking once places the cursor. Chrome changed this so clicking in the URL-bar selected the entire line. Then Firefox followed. This is really annoying when you're a web developer, and you often want to quickly edit the url parameters. I do still love Firefox (and it's my browser of choice), but it isn't getting better, and bugfixes take too long, if at all. As a developer, I do still try to check things work in both Fx and Chromium (and at least it's not the IE6 days of insanity).
That's a really interesting idea. I love the Unix approach, but I'm not sure how one could treat a (graphical) display as either a block or character device - and besides which, you'd need a way to handle windows and multiple access.
On the other hand, X11 does this anyway.
If you haven't yet seen it, have a go with "xpra" - it has the speed of VNC, but the desktop integration of X-over-ssh.
Even here, it doesn't help. Blockchain doesn't cryptographically verify objective reality, merely what someone says is real. For example, I as a consumer might want to cryptographically verify that the strawberries I bought are organic. I check the label and get a digitally signed verification. This tells me the thing I never doubted (that the supermarket is supplying in good faith), but doesn't prove the thing I want to actually check (that the farmer actually used the right chemicals), rather than just forging the paperwork. Similarly: counterfeit goods with a verified-genuine label, or blockchained shipping manifests (when the loader hasn't physically loaded the goods).
Also, all BC technology is either a "permissioned blockchain" or a "non-permissioned blockchain". The former has to be access controlled (which means that someone is already running a central API for trust... so use a real database instead). The latter is more distributed, but anyone can inject garbage.
One thing that would work is if Firefox implemented a simple and encrypted micropayments approach. This could be a huge improvement wrt advertising.
At the moment, about 90% of the web data is advertising, yet authors never get compensated. How about a simple approach where any site can request $0.01 per page view, transferred seamlessly and automatically via cryptocurrency, in return for not serving ads. We could then have some simple management tools and a way for users to measure/monitor etc. Brave does something similar, but only a mainstream browser can drive the adoption.
This would also fix a lot of privacy problems, because it would end ads and trackers - at least for many people. We'd also be supporting the content we care about, not the advertisers.
One thing they could do (same with Libreoffice) is implement a bug bounty.
I can't be the only one that would contribute some money towards having specific bugs fixed.
Arguably, some companies might need this... but if so, at least:
- Alice needs to be able to explicit in her non-consent.
- Charlie needs to be able to find out that it is happening in order to have the choice to say "if you want to inspect, that's fine, but in which case, we simply won't provide service to you".
- Bob should know what's happening: i.e. Charlie should be able to take a technical measure to say to Bob via the infected browser: "your connection is not safe, you should not trust your work machine, please connect from something you trust". At the very least, it should not allow the green padlock to be faked.
For what it's worth, we have some nitwits in our company who are SSL inspecting things, and I am trying to stop them breaking the secure end-to-end services we are trying to run. I would really like at least to be able to know it's happening.
We also need a way to tell the browser that the server operator does not consent to SSL inspection. For example:
1. Alice and Bob wish to communicate privately, by means of a server operated by Charlie.
2. Eve runs the corporate network, on which Bob's PC sits. She has installed an SSL proxy in the way, and has put a bogus cert on Bob's PC to allow this to function.
3. Alice, Bob and Charlie are all unaware of this, and none of them consent to snooping (and indeed, Charlie takes defensive measures using SSL).
[Bob may have given uninformed consent, or coerced consent when signing his work contract]
4. Charlie needs a way to tell Bob's browser that it should not trust a certificate that is signed by Eve (and if Eve disagrees, and owns the browser, Charlie needs a way to at least know that this is happening, in order to present a warning to Bob).
However, at the moment, there is no way to work around this. Browser vendors are uninterested in fixing this:
https://bugs.chromium.org/p/ch...
https://groups.google.com/foru...
Of course an MITM can do what it likes, so technically, it's game over at that point. But surely there is some way to make sure that the endpoint that runs the JS can return to the server the brower's view of what the server's SSL fingerprint is?
There is of course a question here of ethics and property rights, but it seems to me that any of the endpoints should have the right to ensure that the other endpoint is trustworthy.
How is it legal to sell an exploit?
Can't some of the authors sue them for having a "blackmail-based business model"?
Two things stop me being able to recommend Firefox as the top preference,both trivial, but these are things that work in Chrome, and not Fx:
1. input type=date. Chrome has a native widget, Firefox simply doesn't do anything other than treat it as text - result, we have to embed lots of JS for this alone. Fx has had a huge debate on bugzilla about how to make the datepicker look best, and they got stuck with the debate for ages, and never implemented - I don't really care which widget set it uses, but it just needs to work.
2. the progressive web app on Chrome (Android) will run full-screen. But Firefox won't full-screen it.
Also it would be rather nice if the now 17-year-old bug with several hundred comments on "please don't let a fat-fingered ctrl-Q (when we meant ctrl-W) quit the entire browser without confirmation" could be fixed. Lastly, given that Google is clearly not Mozilla's friend, perhaps Firefox could start auto-blocking mis-features such as google-analytics tracking?
I really want Fx to do well though.
As a developer, I have to agree. Though I really don't want Google to dominate[*], and for there to be a good alternative to Chrome (and I keep using Firefox myself on principle), it's very hard to avoid recommending against using Firefox when they just don't try to keep pace with simple features. Two examples:
* Firefox still doesn't support "input type=date". There's a long thread, arguing about which UI widget would make the best native experience, but for a developer, all I care about is that there should be *some* widget, however imperfect it might be.
* Firefox on Android doesn't support "mobile-web-app-capable". That's essential for us, because it allows mobile sites to be launched full-screen from a desktop icon, without showing the URL-bar and back/forward controls. For our warehousing application (running on an android hand-held terminal with barcode-scanner), this is critical to prevent user-confusion.
On the other hand, at least Firefox isn't the terribly obsolete mobile-safari (still no WebRTC!), which will only get fixed if the a developers' lawsuit succeeds in forcing Apple to open up.
[*] Google have far too much power, and abuse of Chrome could be much more dangerous to the open internet than IE could have been back at the time.
If you have a procedure with 10 parameters, you probably missed some.
