At the office, our app doesn’t quite work correctly at the client‘s site because of security issues, we think. Something about the Internet Explorer handling sandboxes when links are followed and how to enable JavaScript at the target location.
Just reading that paragraph gives me slight nausea. The simple fact that I need to know about Content Security Policy (CSP) tells me that some serious overengineering has taken place.
It should be as easy as 1-2-3!
1. HTTP 1.0
2. HTML 2.0
3. CSS 3.0
Something like this.
I feel like I want a web browser for iOS that looks like lynx. I want to use the mouse to scroll and click. But I think I can do without pictures, videos, and JavaScript. I can even do without fonts and colors and text sizes.
I feel silly for saying it but reading gopher sites using VF-1 is so pleasant it amazes me every day. Just text.
#Web #Gopher
(Please contact me if you want to remove your comment.)
⁂
A comment I recently read by @aral:
It is quite mindblowing to me to see a criticism of the Web that entirely ignores the socioeconomic reasons for its being the way it is. The Web isn’t broken “because JavaScript”, mainstream technology, including the Web is broken because Surveillance Capitalism doesn’t build tools for people, it builds tools to farm people. All that bloat is the farming mechanisms: tracking you, profiling you, addicting you and placating you.
– Alex Schroeder 2018-08-22 08:04 UTC
---
I recently released Phoebe 4 and working on Phoebe reminded me of the things I hate about the web, because Phoebe also has code dealing with web requests; and they reminded me on the various things I ran into while working on Odmuse, too. I started posting on Mastodon… Here’s what I wrote, slightly edited.
When I write Phoebe code (my Gemini-first wiki), I often write code that also works for the web. It’s Gemini-first but also Web-second. Again and again I find reasons to dislike web tech.
First example: When making requests, will you consider all the ways caching works? A response can tell you for how long it will stay fresh no matter what. It can also tell you when it was last modified so you can request a new copy only if it was modified. Or it can send a token to represent its state.
Second example of things that make life difficult: if you get a response, the server will let you know what encoding it used. When rendering it, will you remember to check that, decode correctly, and then check for XML processing instructions, or HTML meta tags that may or not provide yet another encoding? Did you handle transfer encoding like chunked and gzipped?
And don’t think you can avoid it. Even if you’re writing a simple client and contact a host that’s hosted virtually, you can’t use HTTP/1.0 since you need that host header; but if you use HTTP/1.1 you must be able to handle chunked transfer-encoding. Some of these things are not optional.
More examples of web complexity I’m meeting all the time when I’m trying my hands at writing my own clients and servers – let’s talk about forms and how they are encoded. POST requests have more than one way to encode data; you can sometimes send them along as GET requests as well. You can separate URL parameters using & or using ; except that this won’t always work as expected.
Oh and escaping the & in your HTML and XML, also entertaining.
That is why I consider the web to be broken: not just because people write or generate terrible web pages using cookies and inline frames (iframe) and JavaScript and multimedia tags, and not just because HTML has become “a living document” (i.e. an impossible goal to reach) but even the simple things are hard. Did you ever parse language preferences of users and serve them the best match of the translations you have? Did it interact with your caching proxy or did you remember to set it all up correctly?
You might be tempted to say that most of it is optional, and you’re not wrong. And in a way that’s exactly what I’m doing with Phoebe. I’m writing a simple HTML generator, a simple HTTP generator. An yet, In short order I was wondering where to put the CSS. It’s available from a separate URL. How to serve it? Unless I was going to get punished by browsers, I had to add “Cache-Control: public, max-age=86400, immutable” or something like that. Now, you could say I should go for even simpler, and maybe I should. But this is the trade-off that I can manage, while still being annoyed, I guess.
– Alex 2021-07-23 17:18 UTC
---
I found more reasons to dislike the web. Here’s something: you have a website that works perfectly fine. It looks good in windows of various sizes. But when you look at it on your phone, it’s unreadable. What‽ Ah, right, you now need to add a new header, didn’t you know? Or fiddle with the CSS. Or something! You have to read up on it, or your site will look like it was designed for ants.
<meta name="viewport" content="width=device-width"/>
Oh, and speaking of the mobile experience: have you noticed that on some sites random strings of numbers are suddenly links? You didn’t add the links. The phone is adding the links because if there are enough numbers, it could be a phone number. If you think that’s a bad idea, you have to tell the phone that. You have to fix your site, again. I hope you read up on that, too!
<meta name="format-detection" content="telephone=no">
Yeah, this is fine. 🔥 🔥 🔥
– Alex 2021-08-03 07:01 UTC
---
I found even more reasons to hate the web. The Korero web app receives some text via a POST request and sends back an MP3. It works on the laptop. It shows as unplayable on the iPhone. Looking at the logs, I see that the phone tries to follow up with a GET request. No idea why it does that.
So I compared it with the response my web server sends when replying with a static MP3 file, and tried to make some changes:
Changing the Content-Type so that it doesn’t add a name didn’t help.
Removing the Content-Disposition didn’t help.
Adding Accept-Ranges didn’t help.
Splitting it up into a POST and GET request such that the POST request generates the file, sticks it into the session, and the GET request then serves the file, that also didn’t work.
I give up. 🔥 🔥 🔥
– Alex 2021-08-06 12:21 UTC
---
The standard approach people have towards technology is to treet it as things that necessarily need to expand in order to fit our desires. If the current state of the web is broken, it is not merely because it is run by exploitative multinational corporations, but it is run by corporations that exploit our desires: for inclusion, for validation, for attention, for power. Gemini subverts these desires. – Gemini and Desire
– Alex 2021-10-31 19:33 UTC