Those people are doing a very stupid thing. I don't think that the world should be ordered around "let's make it so people can do stupid things without consequence".

Those people are the public buying the phones. Companies make phones that more people will buy. Turns out your desire for a bulky phone with a replaceable battery is less common than their desire for a phone that does not get destroyed when dropped into a pool.

You can in fact do that. Kids do stupid things all the time. We need to teach them, not ostracize them.

> At some point, you have to cut off previous technologies because virtually everyone's moved to something better.

Perhaps. But in this case, they've moved to something worse. Digital tickets have their benefits, but paper tickets are still superior because they don't tie you into big tech relationships and don't require supporting infrastructure to work.

Paper also does not run out of battery or smash if you drop it.

It does, however, easily get lost or left behind.

Phones, on the other hand, can be charged. And if they're smashed, you can just log into your account on a friend's phone if you haven't replaced yours yet. If you can't even do that, you can go to the ticket window and they can look up your account information and verify your ticket.

Paper doesn't spy on you.

> It doesn't have any more information than the info you give it to buy the tickets in the first place.

Many apps ask for permission to use your GPS position and other sensor data, even though they don't need it. Most non-technical people don't understand what that means and will just allow it.

I have absolutely never in 15+ years of having an iPhone had an app ask for GPS or sensor data when it clearly wasn’t necessary for functionality like a maps app or Uber.

What is clearly necessary? I have had a supermarket app (on Android, I do not know the behaviour of the Apple app) ask for location to direct me to their click and collect point, but then keep requesting location data afterwards.

On iOS, once an app requests a permission once, it is never again allowed to request that permission, the dialog won’t show.

> Many apps ask for permission to use your GPS position and other sensor data, even though they don't need it.

What on earth are you talking about? I've installed hundreds of apps in my life and literally never seen that.

It does when the ticket app demands Location access "to protect your security"

You can set location to only while you're using the app. And when you open it to scan the ticket, they already know where you are. You're at the entrance to the stadium where they scan your tickets.

And that's when you find out the app considers this usage pattern as a signal of fraud, so then you can't get into the event and have no recourse. Their app, their rules, your loss.

Sorry but you've made that up. That's not a thing.

I saw your other comment, and that was your fault for not having access to your own e-mail account. Asking you to sign in with a verification code isn't blocking your ticket with "no recourse".

Not to mention, you can usually just go to the ticket office and they can look up your ticket if your app isn't working. Obviously they don't advertise this because they don't have enough people to handle if everybody did that. But they're not trying to lock you out from your own ticket.

And as I have just explained in that other comment, they did not ask for a verification code when I bought the ticket. They also did not ask for one when I tested that I could pull up the ticket after I installed their app. They only did so shortly before the show.

Perhaps somewhere deep in the terms of service that approximately zero customers have ever read, it says "Use of this ticket is contingent upon having immediate access to the email address associated with your account." Regardless, it seems unreasonable for them to expect that every user will have connectivity. If that is a requirement, they should state it more clearly.

What does it matter that they didn't ask for a verification code when you bought the ticket? They do that when something looks different, like you're using a new browser or you're in a new location.

Websites and apps commonly require you to log in again when you haven't used them for some time period anyways.

These days, yes, having connectivity and being able to verify a code is just standard practice. It's just security.

>I saw your other comment, and that was your fault for not having access to your own e-mail account.

That's the point, though - we shouldn't need always-on, 24/7-access to email for everything always and forever. You're just victim-blaming at this point.

>Sorry but you've made that up. That's not a thing.

I have a very fun and exciting story about being locked out of my Google Wallet account for that very thing while on vacation. My primary Google account is still banned from performing any monetary transactions as a result, 10+ years later.

If you need to log in to something, yes you need always-on, 24-7 access to email or to SMS depending on how the service/account is configured. That's a very common form of 2FA. I'm not victim-blaming, this is just bog-standard security.

And what I said is "not a thing" is TicketMaster preventing you from entering an event because you've changed location and that you "have no recourse". You definitely have recourse, there are a number of ways, just like it seems like that person did.

Again, the point is that that shouldn't need to be how things function. That you ignore that point of my comment and continue to blame the person for not adhering to how things are misses the point and just continues this circular conversation. Enjoy your day.

Companies don't implement security measures for the fun of it. They do it to prevent hacking, theft, and fraud.

So funny, HN is usually pro-security and pro-2FA.

This conversation isn't circular, you're the one who seems to be missing that this is just standard practice, and for good reason. People try to pull all kinds of scams with tickets. Requiring you merely to log in with 2FA is not problematic.

>If you don't give the app any permissions, it doesn't spy on you either.

We're talking about an 81 year-old who has never had a smartphone before and you're starting the sentence with "if"? And that's just that app, not the phone itself or anything else that someone brand new to, and ignorant towards, this ecosystem is going to encounter and not know what to do with.

> If you don't give the app any permissions, it doesn't spy on you either.

What about the other apps? What about the phone itself?

The guy already has a phone. Flip phones still track your location.

If you don't want other apps, don't install other apps.

>The guy already has a phone. Flip phones still track your location.

Locations from flip phones have to be triangulated. Smartphones track more precise locations and a lot more than just location data.

In New York the commuter trains use etickets and if you smash your phone you can just log into your account on a friends phone, but they track how many times you do that any only allow 3 switches. They don't say 3 switches in a certain period, it just says you can only log in 3 times and then the account is locked. After that you have to call them -- and who knows what....

Which is why I usually put tickets on my phone and have a printout.

> If you can't even do that, you can go to the ticket window and they can look up your account information and verify your ticket.

Queues and not long to catch a train, stations with no staff present... The latter has happened to be on the Tube and I had a problem exiting (with a conventional ticket!).

>If you can't even do that, you can go to the ticket window and they can look up your account information and verify your ticket.

So, the app isn't necessary then?

For people in an emergency, usually no.

Obviously they can only accommodate this for well under 1% of attendees. And you'd better have a good story as to what happened to your phone and have an ID.

Well, depends where you drop it, paper is very fragile medium. Ever dropped an important paper into a puddle, or spilled a coffee on it?

The point is it doesn't have to be life. We can make things so that you don't need a smartphone, but we choose not to. That's a choice, not some immutable reality of the universe.

Can we make things so that you don't need a smartphone? I don't think this is as trivial as you're making it out to be.

Having a non-exfiltratable bearer token is really really hard. In order to present a zero-knowledge proof of the possession of a token you need to have some sort of challenge-response protocol. The simplest one, and the one in most common use (such as this) is a time-based method, where the shared knowledge of the current time represents the challenge.

The other method is to use civil identity as the challenge, and use government-issued IDs as the bearer token that the ticket is tied to. This doesn't scale well to larger events, and presents real challenges involved centralization of ticket exchange.

You can argue whether or not forgery is a significant enough problem to be worth this trouble, but that's a business decision, and as live events like this get more expensive forgery and resale become more and more of a problem, which end up locking out people like this who have legally and legitimately bought tickets but can't gain access to events because someone has stolen and resold their ticket.

Yet, somehow Major League had been selling tickets just fine for more than a century without smartphones.

It's a moving target. Forging tickets has gotten easier and easier, and as tickets get more expensive it becomes more and more lucrative. Law enforcement is generally not helpful for this sort of petty larceny so they are looking for structural ways to prevent it.

In past eras they used holograms and watermarks and special papers in an attempt to prevent forgery but these methods keep getting challenged by an ever more sophisticated criminal element. Moving into cryptographically secure methods is the last barrier here.

They could also rely on the state to match identities to tickets, but this approach does not scale and is frankly undesirable for the majority of people anyway.

Forgery is a non-issue -- this guy is a season ticket holder. Literally all they need is his government ID checked against a list.

The "problem" they were trying to "solve" is letting people sell some of their tickets to third parties, but not all of them. That is understandably how they arrived at a mobile application as a solution

But the problem of admitting the original ticket holder is simple as shit. Just .... check his ID?

What? We sold tickets for literally decades upon decades before smartphones came out. Of course you can do it, it's already been done!

Decades upon decades of holograms and watermarks on tickets to make them unforgeable. But it keeps getting easier to forge them. Meanwhile ticket prices keep increasing (venue space is one of the last things that's truly scarce) and the incentives for forgery keep increasing.

Even if we could make them truly unforgeable, people generally want electronically transferrable tickets. How do you propose to do this?

Go ahead and require a special gadget to get an "electronically transferrable ticket," no skin off my back. That is a feature I will never use.

Don't bother your season ticket holders about getting their own person admitted! I am standing in front of you, bearing identification, and you are whining about a mobile app?

At this point couldn't we have all tickets be printed with a QR code that is used to look up if it's a valid ticket or not (if you have the QR code you have the ticket)? I don't get why forgary would be a thing if the ticket ID's were GUIDs or something else that you can't brute force while physically in line at the event.

The real reason, I fear, that we need the apps is data harvesting to be sold to data brokers.

Forgery here would be stealing someone else's ticket code for resale, or selling the same ticket multiple times.

If ticket prices keep increasing, it would seem the capability to print harder-to-forge tickets could be done with the extra revenue.

They could even do something like give him a little RFID token that can be used once. Tap it, gates open, go in, done.

If you scroll up, there's a link to an example of why at the very top of this page.

Why should we be beholden to the two mega-corporations who control the smartphone market?

Whoops! Looks like your device isn't secure. Google Play Protect validation failed.

If you work in an industry that is solely based off of customer delight, stories like these are what you are looking avoid due to brand damage. It is going to cost more time/energy to deal with the backlash than just coming up with a simple solution in the first place.

If your imagination is that anemic then the process is compete.

Because the future will be very dystopian if we place two tech companies as gatekeepers of everything in life. If Google locks your account and won't help you (which happens!), you don't want that to also take away your ability to bank, go to baseball games, etc.

If that is your threat model (it isn't for 99.999% of people), you can set up your own email domain for few bucks a year and it takes 20 minutes. Now no one can debank you and take away your ability to go to baseball games simply by killing your email.

But that's not the reason the guy in the video isn't using a smartphone. It's because he literally never bothered to learn or keep up.

Right? This is no country for old men.

privacy for one.

No, in that case I won't do business with you.

Unfortunately you won't be able to submit any expenses then, because the company uses this other company who only offers an app for accounting.

That comparison to the Sith is great! I'm going to try to adopt that approach in my life. If nothing else, it will keep me amused, which is worth something.

Presumably he doesn't "admit" it because it isn't true. You aren't going to get anywhere convincing people if you make attacks on your interlocutor like this.

I agree with the thesis of your post, but where we differ is that I think both of those were (are) bad things. Both web apps and vibe coding are causing the market to be flooded with low quality software, not only making the market worse but also giving future generations fewer examples of well-made software to look up to.

> Web apps work everywhere. The web has grown increasingly powerful and capable. Why would I invest in a technology that can only run on a single OS?

There are other options besides "web app" and "only one OS". A cross platform app which uses something like GTK or QT will be a massively better experience for your users, one a web app cannot hope to equal.

I know one of the GTK developers who dropped out of my research group in the 1990s who's been in charge of triaging tickets and he's the kind of guy who doesn't care if there is just 1.05:1 contrast between text and background and will refuse a one-line patch to make menus render right in rootless X windows because he wants to punish you for doing things in a way he thinks is wrong.

And he probably wonders why it is never "the year of the Linux desktop" but hey it is OK because Red Hat Linux is something enterprises subject their users to and if it had the slightest bit of flair customers would complain.

So when I hear GTK I think Nein Danke!

In general Linux has the kind of fanbois problem that MacOS had maybe 10 years ago. There are so many things that still "just don't work" after years and they never get fixed because you can live without them. For instance I can tell you how to install some package like

   sudo apt-get install mypackage

and that's all! I can make 10 pages of screenshots to tell you to click and click and click and click and click to install "mypackage" with the GUI [1] and you may wind up looking at a spinner for 10 minutes or longer (eventually you give up) and you might wind up corrupting your package database and not being able to install or update anything until you look up how to rebuild it. The Linux desktop is stuck with having done the 20% of the work that gets it 80% done and never does the rest of the work because you can use the command line anyway.

[1] and you still might misunderstand it and need intensive tech support

What’s an example of a well made GTK or QT app in your opinion? And what would be the steel man Web app to compare that to?

Telegram Desktop (Qt)

We might contrast that with Slack, yes?

This thread comes to mind: https://www.0xsid.com/blog/wont-download-your-app With Slack that’s trivial, Telegram impossible.

Except Telegram Desktop is opensource and they also have full-functional Web version.

But tdesktop is really well-made Qt piece of software, snappy, feature-rich and multi-platform.

Interesting, at first pass I’d say the source availability has little to do with the topic at hand. But on second thought it might be rather significant. No company would finance making 2x identical cross platform apps, but if you have a pool of OS folks who are free to contribute at their leisure, the calculus changes a bit.

But isn't the whole point of linked article is that author doesn't like regular apps because it lacks control over UI and functionality compared to Web apps?

Being open-source is kinda even better in that regard.

A lot of grandeur but zero substance. Aside from performance, what would being written in GTL/Qt bring to VSCode or Obsidian?