> Motivation: Users often depend on websites trusting the client environment they run in.
Aka corporations insist on control & want to make sure users are powerless when using the site. And Chrome is absolutely here to help the megacorp's radically progress the War On General Purpose Computing and make sure users are safe & securely tied to environments where they are powerless.
There's notably absolutely no discussion or mention of what kind of checks an attestation authority might give, other than "maybe Google Play might attest for the environment" as a throwaway abstract example with no details. Any browser could do whatever they want with this spec, go as afar as they want to say, yes, this is a pristine development environment. If you open DevTools, Google will probably fail you.
It appalls me to imagine how much time & mind-warping it must have taken to concoct such a banal "user motivation" statement as this. This is by the far the lowest & most sold-out passed-over bullshit I have ever seen from Chrome, who generally I actually really do trust to be doing good & who I look forward to hearing more from.
I reject having only short, one dimensional views.
Generally I am pro Project Fugu & pro building bigger better web. Google spends an enormous amount of effort working on specs with w3c, wicg, and other browser implementers advancing incredibly good & useful causes. They spend huge effort enhancing DevTools so everyone can work the web.
Building a good & capable web is necessary for Google to survive. An open & capable web is the only sustainable viable alternative the world has seen to closed proprietary systems, which from history we can see have far more risks hazards & entailed pernicious or particular behaviors.
Generally Googles effort to make the web a good viable & healthy platform aligns with my vision. That they want to do good things & make a great connected world wide web because the web's thriving helps them run their advertising business typically does not create a big conflict for me. I'm usually happy with the patronage the web receives & I dread it ever drying up, and it saddens me people are so monofocused, so selective in focusing on only on bad, and I think that perception hurts us all.
I agree to an extend that you shouldn’t focus on bad only, but as the old saying goes “so much is lost for the lack of a little more.”
What my experience has taught me is that you have these 80% things that are good, but there is the one person or thing that ruins it for everyone. One person, one manager or CEO who pushes something through because he wants some gain, or one selfish move that is born out of short term profit or thinking.
From climate change, to wars, to ill-willed software, history sometimes get bend by those bad decisions sometimes stemming from a comparatively small but powerful group who yield too much power. Google is for all purposes a monopoly which makes all their decisions at least suspect since they aren’t competing on the same level as a Mozilla, or name any other search engine. This is bad for any ecosystem.
I wish I was still seeing the early Google that was optimistic, people focused, approachable, but that time is at least some years in the past. There are probably good people working for Google still with that ethos, but it gets overshadowed by those nagging decisions that are suspect.
Agreed & uovoted. I do tend to think it's incredible what a massive impact small influences can have.
Thankfully the web still is a very multiparty system, with various w3c group reviews & various implementer signals all being registered well ahead of time. Comments on blink-dev were strong & fast. Unlike almost every other system on the planet I think the mediation here is real & strong!
In general, Googlers tend to be in favor of initiatives like this.
You have to remember, from their point of view they are writing the web software and when a user agent is non-compliant, it gets in their way. UAs with weird quirks translate to impossible-to-reproduce bugs, so the default bias is in favor of standardization and regularity.
You do not, the user is responsible for the operation of their device. Most of the time this should be caught by whatever malicious software detector the user runs. Also, Chrome and Firefox very heavily guard against extensions being installed from outside of the usual way, i.e. by outside programs.
> You do not, the user is responsible for the operation of their device.
As time goes on hand-waving the matter as "user's responsibility" is becoming a less and less acceptable answer. Hard assurances are being demanded and applied technologies are progressively patching the existing loopholes.
Organization executives and lawmakers are increasingly demanding that digital services be made un-hackable. Someone with an attitude and trying to shirk duty by claiming we just have to trust that all of the users will always be responsible and non-abusive all of the time, will at best be laughed and shooed out of the room. More realistically be given a final PIP. Telling your bosses "no I'm not going to do that" is a resume generating event.
Both groups of people who have no direct understanding of how any of this works.
You can demand change all you want but it doesn't change how the real world works. These people need to come off their high horse and come join the rest of us. So sick and tired of C-level people demanding shit they know nothing about.
Why do you, as a website owner, think that it is your responsibility to protect your users from mistyping the name of Python packages they are installing via pip?
At some point you don't. The cure becomes worse than the disease. Maybe if you could give users the option to enable it. But let's be honest, if this ships every bank will require it. Good luck checking your balance on Linux or a rooted Android phone. You will get an approved operating system to keep your cash under your bed.
Aka corporations insist on control & want to make sure users are powerless when using the site. And Chrome is absolutely here to help the megacorp's radically progress the War On General Purpose Computing and make sure users are safe & securely tied to environments where they are powerless.
There's notably absolutely no discussion or mention of what kind of checks an attestation authority might give, other than "maybe Google Play might attest for the environment" as a throwaway abstract example with no details. Any browser could do whatever they want with this spec, go as afar as they want to say, yes, this is a pristine development environment. If you open DevTools, Google will probably fail you.
It appalls me to imagine how much time & mind-warping it must have taken to concoct such a banal "user motivation" statement as this. This is by the far the lowest & most sold-out passed-over bullshit I have ever seen from Chrome, who generally I actually really do trust to be doing good & who I look forward to hearing more from.