My experiences in travel has been the same. Airbnb competition has been awesome just like Uber has been awesome for taxis in many places.
The narrative is always that "it's worse and making things worse" and gets blamed for everything such as the housing crisis which is insane but it's been an awesome asset to humanity. Not just Airbnb but other similar search lodging offerings.
Unfortunately looking sane and being a good model are different.
One of Reacts greatest features is you’re just using JS for the logic - loops and conditionals are type checked, autocompleted, and already universally understood.
Template based solutions have existed since forever, but if given the choice I’d never use them.
The examples are contrived & the comparison to React in the first place isn't in any way like-for-like (the first example is comparing ShadCN, an entirely different library, not just React).
React is a view state management library. Hyper is a DSL for a framework called Nue. They're not like-for-like tech. A better comparison would be something like Svelte which is a similar DSL (used with a framework called SvelteKit).
Fwiw JSX is also a minimal DSL used by React but if this article compared bare Hyper (without Nue) with bare JSX (without React), JSX would come out much much more minimal in the examples.
WebUSB is not a web standard. It’s a Blink-only API cooked up by Google and rejected by both Mozilla and Apple on privacy and security grounds. It cannot become a web standard without two independent implementations, and Google have failed to convince anybody outside of Google to implement it. Nevertheless, it pops up on various websites as things Firefox and Safari are “failing” to support.
> This specification was published by the Web Platform Incubator Community Group. It is not a W3C Standard nor is it on the W3C Standards Track.
> WebKit declined to implement several APIs, including WebUSB, due to concerns over fingerprinting
> We have previously stated privacy concerns, thus the concerns: privacy label. We agree with Mozilla's security concerns raised in their standards position issue, thus the concerns: security label.
> Because many USB devices are not designed to handle potentially-malicious interactions over the USB protocols and because those devices can have significant effects on the computer they're connected to, we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent. It also poses risks that sites could use USB device identity or data stored on USB devices as tracking identifiers.
You are not losing functionality if it was never implemented in the first place.
WebUSB and WebSerial are not standards, so your rage is misdirected. Keep using your security cheese of a browser if you need that feature. Otherwise others (like myself) are okay with having fewer security risks in their browsers.
I don't know the general political disagreements, but I personally don't want WebUSB and think it's a garbage idea.
The browser can already access the USB devices it needs through normal OS interfaces (the keyboard and mouse being the obvious examples). I don't see why any website should need special direct access. The only use-cases seem to be giving access to web programmers who can't be bothered to write a standalone application (not a group I trust) or to provide additional ways to track users (something I don't want).
I don't even trust Google and Mozilla enough to give them access, much less any random stranger who's setup a website.
Not everything needs to be accessible from the web. I don't know where the line is, but for me USB access is across the line.
> I don't see why any website should need special direct access.
And this also holds back things like better security from USB security keys.
You have to access the key in exactly the way that is implemented ... even if that implementation sucks or has bugs or has security failures.
Everybody hates Electron .. but then want to hamstring the browsers. Well, people still want do do the thing they want even if you don't let them. They will find a way around .. and currently that way around is Electron.
I believe USB security keys are covered under a different API.
But even then, you can use this argument against it. When this type of USB access is allowed, it gives phishing attacks even more power. Now, you’ll click prompts for authentication and little did you know that malicious actors and read/write the entire USB drive!
The politics of exposing users to security issues VS giving the web more capabilities.
A fight which is usually won by people who just want features now. Security flaws tend to look hypothetical until people actually exploit them in the wild.
If history teaches us anything, it's the fact that we will come full circle, the browser will become the os at some point. People with money want it to happen and they have resources to make us think that we want it too. Might as well enjoy the ride
Fingerprinting, basically, and whether browsers should gain any more capabilities at this point which just deepens the dependency on Chrome further and further.
While fingerprinting is a concern with many web extensions, the bigger problem here is the security risks inherent in exposing on the open internet a bunch of USB devices that were not designed with adversarial inputs in mind...
As I user who cares deeply about privacy and has almost everything enabled -- "strict" anti tracking protection on the browser, uBlock origin, DNS level filtering etc -- I discovered that any the fingerprint for my Firefox is pretty much unique on the entire Internet.
One thing that astonished me was that the number of hardware cores of my CPU is easily accessible from JavaScript. I have an AMD machine with 8 cores and 16 threads. Somehow it is on the high end of machines that access the Internet, and only a small fraction of users have a 8 core CPU. Combined with just a few other parameters, especially IP address, it is easy to uniquely identify this computer.
Just one additional channel of information from WebUSB barely matters at all.
About fingerprinting - was the WebUSB made poorly? I believe the device information can be strictly restricted and given only on user consent. E.g. by default browser sees only plugged-in status of certain device categories.
I don't think, I wrote enough code with those APIs.
You call `navigator.usb.requestDevice({filters})`. It returns a promise and browser displays a window with device list according to the given filter. User chooses device or presses "cancel". The promise resolves with single device or rejects with error. You can't fingerprint anything without user interaction. Also there's block list which does not allow to connect to keyboard, mouse, so typical user does not even have any USB devices to choose from.
should a browser have api-s allowing websites to access directly the file system and usb devices which might be insecure and help in fingerprinting or it should not. a.k.a chrome against all the ants.
It already does though. It's the type=upload box we've had for decades. Think of it as how smartphones let you give access to only a specific file or see a subset of files. The "UI" is just using a system control. You can also drag and drop files into the browser too. This is all available to javascript.
It doesn't. Websites don't have access to your file system.
> It's the type=upload box we've had for decades.
It isn't. That isn't giving the access to your file system to a website. That is simply providing a file to a website. The website doesn't even get the real path to the file but a C:\fakepath\filename.
> You can also drag and drop files into the browser too. This is all available to javascript.
Again, that is not giving access to your filesystem to a website. That is giving a file to a website.
I do agree partially but I don't see a difference in practice
Using your definition every app on Android and Apple doesn't have access to your filesystem either.
Just like you have to select which image from your camera roll that Facebook is allowed to see / access. It gets that one image, and only that image, on purpose. It doesn't get to have a free for all through your files.
In this case, Safari also doesn't implement the API, and that's far from an ant. Plenty of cases where something is effectively everywhere but in Firefox, but this time Apple also decided against it.
The DB is rarely our bottleneck.
Our reads are very simple, mostly paged sets from a table with a 1 level join.
When we need complex abstractions or transformations, instead of using function or views, we listen to table changes, and with a TS transformation layer we save a new row in a specific table for the abstraction. That way the BL is handled in TS, and performed in writes asynchronously instead of in-line in reads. The only downside is that the transformed data is not real time.
That mechanism allowed us to scale our data very easily without any performance hits.
These days? It doesn't really matter. For most purposes, you can just hold the entire important dataset in RAM.
For example, a humongous company with 500000 employees (Amazon) can trivially hold on a fairly low-end server the database of all the personnel, and all their salary payments, and all their employment history, badge photos, and office access logs.
Any data to back it up, please?
reply