💾 Archived View for bbs.geminispace.org › s › SmallWeb › 15126 captured on 2024-09-29 at 03:00:05. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-08-31)

➡️ Next capture (2024-12-17)

🚧 View Differences

-=-=-=-=-=-=-

Which parts of the web want saving? Which can we do without?

Let’s have an unrealistic hypothetical here. Suppose the http web were replaced entirely by a new protocol (or maybe set of protocols?) which allowed for client side scripting, unrestricted styling, and all the other aspects of the web which make it distinct.

Except this time, everything was being built from scratch, with person-first values in mind, like privacy, accessibility, ease of use, etc. The designers of this protocol are wary of browser monopolies like chromium has on the web. They want advertising to be disincentivized.

They will be accused of trying to create a technical solution to societal problem, but they understand how societal problems were baked into the technology of the http web and they can do a part in making progress easier.

Assume that these people are positioned in a way where mass adoption will be practically guaranteed unless they design an unuseable system.

What would this protocol or set of protocols look like? What bits of the current web can we do away with entirely? What new innovations can we incorporate? What are your ideas?

This question is extremely open ended and there are no right answers, so please don’t argue with other others you disagree with as they are probably just being a little more or less idealistic or pragmatic than you.

Posted in: s/SmallWeb

🐐 satch

Feb 18 · 7 months ago · 👍 klemperer, leoperbo · 🤔 1

22 Comments ↓

🦉 ResetReboot · 2024-02-18 at 16:28:

Well, I'm not sure if client side scripting would be a thing that could really preserve the privacy and security of the protocol. If at all... I think it should be *heavily* cut down to avoid precisely being too creative.

But I think that again, this would be trying to solve through technology a problem that is societal.

Anyway, to not disgress much, I would try to make it SO easy to create your site, your place, or your service so easily you don't need a company to make it for you. That would democratize it a lot.

😺 kotovalexarian · 2024-02-18 at 19:40:

I think that the biggest mistake of Gemini specification was the absence of content length information in the header. The other major problem is now fixed with the Titan protocol. I don't miss anything else, even Geminispace applications are really powerful and convenient, and simple static capsules are perfect for reading.

🐙 norayr · 2024-02-19 at 01:04:

i also think client side scripting is bad. however i am not an android or ios user and it saves me that(when) i can use web browser instead of an app.

and apps can do more harm that browser, those often have more accesses, and able to spy better.

however here api comes to mind. if there's an api we can write floss apps that respect us. for example i use songrec - it is a shazam client written with gtk and it runs on my pinephone (postmarketos) an computer.

so if i had an open source bank app that would be cool.

i think by comparing these options: client side scripting or floss app, i prefer the latter. especially considering that script can be obfuscated.

🐐 satch [OP] · 2024-02-19 at 01:09:

The good of client side scripting on the web is the enormous accomplishment of having created a universal basis for distributed software applications that work on any architecture.

if you think that's something to throw out, explain why.

or (more in the spirit of this post) explain how you'd replace the current system

🐙 norayr · 2024-02-19 at 01:13:

if the question is to me then i think i explained: floss apps that use api.

🔭 Supernova · 2024-02-19 at 04:03:

I think that client side script IS the problem. Internet browsers now are a running environment all to themselves now, you can even run complete operating systems in a browser (older Mac OS). The browser has become so complicated that only the largest of corporations can now support the development of them. This is the problem.

Maybe have client side scripting, but place strict limits on it's capability. No single person creating a personal or hobby website can easily use all the power available in today's browser. By limiting the capability, bloat and web apps only supportable by large teams is discouraged.

👻 mediocregopher [...] · 2024-02-19 at 07:09:

We could cut out a huge swath of security issues (and complexity associated with remediating those security issues) by disallowing loading of resources from third-party domains. No more CORS, CSRF, or CSP, amongst many others.

This wouldn't get rid of ads/tracking, but it would make them harder to implement, so that'd be another positive.

I would also love to see browser support for document formats beyond HTML and PDF. Markdown and gemtext come to mind immediately. By supporting these natively web browsers can tailor to users who don't wish to deal with the complexity of HTML/CSS/JS.

🌲 Half_Elf_Monk · 2024-02-19 at 22:47:

I like the simplicity of gemtext, but I get why minimalist aesthetics aren't for everyone. We're in this mess because human psychology is exploitable. Perhaps an inversion of the question would be helpful: What if all cross-site resource links had to be loaded through an advert:// protocol? If a site still wants to serve me giant intrusive ads, they've gotta do the work on THEIR servers/connections. I can choose to block/limit the advert:// protocol as my router sees fit.

🐙 norayr · 2024-02-20 at 14:16:

advert:// is a good idea, but can you convince advertisers to use it? the whole purpose of advertising is to make anything to make people, who don't even want to see it, see it.

btw, i was surprised to learn that some folks want to see ads. they tell me how they love that google or facebook fingerprints them since it shows them relevant ads.

i was thinking nobody loves ads.

🐙 norayr · 2024-02-20 at 14:18:

@mediocregopher i agree, but in today's web most of the web pages will stop working. they load shitload of scripts from different domains.

so the problem is indeed a human problem. i think we can get more people to know about gemini. i didn't know for years when gemini already existed.

and i consider myself curious.

🐐 satch [OP] · 2024-02-20 at 16:53:

Yes @norayr some people have complained to me when watching YouTube (on their browser with no adblock) that I skip ads when they want to watch them... very interesting to think about why

🐙 norayr · 2024-02-20 at 17:41:

unbelievable.

we don't have youtube ads here in armenia, our region is not (yet?) interesting to advertisers, but i force vpn from our apartment via openwrt wifi router, so my wife has to tolerate youtube ads, as well as has one less reason to tolerate me, which i don't know why she still does.

🖥️ mrrobinhood5 · 2024-02-20 at 18:24:

@norayr that's so funny. but for reals most YT ads are.really bad and not entertaining to watch. I remember TV ads (commercials) and they were light, original, creative, and interesting to watch.

🦉 ResetReboot · 2024-02-20 at 21:35:

@norayr @mrrobinhood5 With how many examples that a well thought advertising campaign can install itself into the social collective conscience, advertisers decided to go the annoying route.

Given too, that nowadays anyone can really launch an ad campaign. So that show in the quality of those and the things sold...

👻 mediocregopher [...] · 2024-02-21 at 07:45:

@norayr

in today's web most of the web pages will stop working. they load shitload of scripts from different domains.

True, but I consider this a good thing... people will have to bear the bandwidth burden of their bloated JavaScript monstrosities themselves, rather than outsourcing to some cdn which is selling analytics data and centralizing the web besides.

🐐 satch [OP] · 2024-02-21 at 14:24:

Loading JavaScript from CDNs is bad and unnecessary. But using an iframe to embed? Not so clear.

🦉 ResetReboot · 2024-03-02 at 21:43:

I was thinking about the "throwing the distributed application system" and I have a few handful reasons to throw it away.

1- Ownership. It is something being talked about a lot in videogames, with everything turning into digital downloads tied to an account on a service. The day the company goes belly up... you lose what you paid for. Same principle here, and I will cite Google Reader and its untimely demise.

2- The freedom to know what your computer is running. A coworker, sysadmin, asked the frontend team "Can we see what's exactly the code that is running on the client". The reply was "You doin' drugs, mate?". Not even the devs can really say

(Goes on)

🦉 ResetReboot · 2024-03-02 at 21:46:

3- Overcomplicated system to develop: Try to start a new JS application. Do a simple hello world. You have a lot of frameworks (phased out in mere months!) with a lot of dependencies and requirements. With other programming languages, you can get the compiler, create your hello world and in a minute, you are up and running. There's a lot of well seasoned developers that sigh and reach to see how to start a new JS project.

4- (And this is a personal take!) Starting your base on a language that was only thought to be a glue with Java applets and make a couple nice effects. Then drop a ton of patches to make it more usable.

☕️ tenno-seremel · 2024-03-19 at 17:23:

I’m with no-scripters. Once you allow scripting it is only a matter of time before it will be extended. Exactly as it already happened. Forms, which can be validated client-side, should stay, though, so every website didn't have to do things this one had to do. And they should be useable without spending lots of time to drag them to present times.

🐙 norayr · 2024-03-20 at 01:17:

btw there is now this new technology called nextjs which runs js only in backend and only gives the browser prerendered html and css but i doubt corporations will give up browser side scriytss, they need their tracking scripts in your machine.

😎 decant · May 28 at 04:01:

script must go, we all know not to download software from random website in cybersec 101, why run script from random website? javascript is the worst case, I mean, webusb? webmidi? webgl? I think if you need rich graphical designs you could just put up some compressed bitmap. Printed media are just images on paper, we will do ok with image over the wire. even pdf over gemini:// is ok. I like what lab6 are doing.

🦂 zzo38 · Sep 09 at 03:01:

I think there are certainly things that should be changed, and that could be completely redesigned. There are also some things that you probably should do away with entirely, e.g. DRM/EME (which are not the same thing; EME is not DRM but is a API for it and is rather worthless anyways).

One thing that should be done is to make it simpler. The protocols and file formats could be designed better to avoid the mess that they currently use, is one thing. For example, many of the security issues and compatibility issues and other issues can be avoided if it is designed better. You could also hopefully reduce power usage (by reducing complexity and by reducing unnecessary requirements, e.g. don't require user-specified proxies to be encrypted, and other ways too).

Other things that should be done is to improve possibility of user control, and to use them in better ways (the specifications are also used badly). Using data files is also helpful, since user can use their own data handling software with it, and interoperate with other software in a better way. And, it won't be appropriate to use one protocol or one file format or one character set or one programming language etc, for everything, anyways.

Other things should be done with better user controls, e.g.: If you have scripting, allow the user to override scripts with their own (which might also be native code). If you have styling, allow the user to override styles with their own. etc.

I wrote a protocol specification that is intended to be between Gemini and "WWW as it should be if it was designed better", so some of its innovations would be appropriate for "WWW as it should be if it was designed better", too, such as:

In reply to comment 15133: I agree that it is a problem (I made up the protocol to fix this problem, and other (in my opinion) issues too).

In reply to comment 15142: WWW is a rather complicated way to do "a universal basis for distributed oftware applications that work on any architecture", and has many other problems too. Making the scripts execute automatically in a document is one problem (e.g. TerseNet insisted on putting them in a separate menu, which must be manually selected by the user, to avoid this), but also there is complexity and there is many other issues (although some are more of issues that could be fixed by an improved implementation; e.g. access to camera does not necessarily mean a camera but can be any video source specified by the user (including other programs running on the computer)). There are much simpler ways, including uxn for some programs, and/or other protocols for some uses, etc.

In reply to comment 15136: There are benefits to avoid (at least automatically) third-party loading. Even if you can do automatic first-party loading, being able to turn them off and select them manually can sometimes be desirable. Supporting more document formats (that are simpler than HTML and PDF) is something that I think is helpful too. However, different implementations might not all support the same formats, which is why I had the "conversion file" that I mentioned above.

In reply to comment 15172: The aesthetics could be not entirely controlled by the author but also controllable by the user. The user could configure to disable most (or all) styles and external resources, which would also redice it. Your idea of marking cross-site resources by the URI scheme seems unnecessary and unhelpful; the user could be able to configure the browser to disable them, and this can be identified easily enough regardless of the URI scheme; the router does not need to be involved in this.

In reply to comment 15463: These are very good points, and are also my reasons why I would want to avoid these scripting, but the top message says, what if you keep that capability? There are still ways to do that and to allow ownership and freedom to know and reprogram what your computer is running. Sometimes it might be useful to have server-side code, either when you deliberately want communication with others in the same server, or if your computer cannot run the program locally (e.g. not enough RAM or CPU speed, or unsupported instruction set, etc); however, being able to download a local copy that does not require an internet connection, is also helpful. They do not necessarily need to be mutually exclusive nor overly complicated. And they should definitely not be executed automatically.

In reply to comment 15464: You do not need "a lot of frameworks" to do "a simple hello world". (Many people (unfortunately) do anyways, but this is not a requirement.)