There's no difference at all, at least in the US. The two job titles are entirely synonymous. Anyone who tries to argue otherwise is just lying to themselves to feel smarter.
If the Safari team could get their shit together and ship all the features they're missing that other browsers have supported for years, then perhaps I'd have more sympathy.
All I see here is that Safari still sucks in terms of feature support and developer experience.
What you're actually seeing is people who want Chrome to control the web and expect all other browsers to blindly follow whatever features they add to suit their business model.
I don't think this is true. Safari has terrible audio and video support, including for WebRTC. The reason is clear: they want people to use apps instead of webpages.
And that would be a conspiracy theory. I wouldn’t make such assumptions about why Safari goes in one way or another. Priorities, patents, security, privacy, marketing… there’s all kinds of motivations that drive a team.
So much this. Most of the new "features" Google keeps introducing and expressing irritation aren't supported in Safari offer significant privacy risk and dubious real world benefit.
I ran into issues needing OffscreenCanvas [1] recently. What privacy issues would that present? We were creating real world benefit with it and had to do some major over-architecting to get around it not working.
I would like to say, Firefox doesn't support it either.
Much of the Chrome-introduced API surfaces which aren't supported in Safari tend to be about direct access to hardware. WebUSB, WebSerial, Bluetooth API, WebXR API, etc. etc. etc.
I would generally consider the introduction of these APIs to be hostile to average users: Each one adds a new fingerprinting vector, an extremely easy malware vector, and the protections Chrome team and standards folks have designated are woefully inadequate: Average users accept basically anything, and nobody on the Chrome development team has learned that yet.
They don't introduce a fingerprinting risk if there's no permanent acceptance, only session based acceptance locked to the origin domain. And you're bashing WebXR? Without WebXR, we couldn't even have VR/AR displays work on the Web. The lack of WebXR would be hostile to any user who owns a VR headset these days.
So what, you want VR/AR to be centralized to app stores only, or to a Facebook metaverse? Because that's what's going to happen if there's no way to author and host your own VR software.
And most of the fingerprinting risk being used in the field hasn't even come from these newer APIs, but from much older APIs which surfaced versioning information or HW specific limits, or rasterization differences, without requiring any permission dialog. For example, canvas fingerprinting. Even plain old CSS could be used to detect previously visited links by styling a button and measuring it (before the bug was fixed) None of those were behind any kind of permisson dialog or container.
Can you provide an example of some ad network using WebUSB or WebSerial or Bluetooth in the wild?
> And you're bashing WebXR? Without WebXR, we couldn't even have VR/AR displays work on the Web. The lack of WebXR would be hostile to any user who owns a VR headset these days.
So, this is actually a huge part of my point, thanks for bringing it up. Nobody has a VR headset. I actually do have a very expensive VR headset, and it's sat in the box for a few years since I initially played with it. There was a craze three years back where everyone got one of those stupid Cardboards or a knockoff of it for Christmas, everyone hated it, and Google doesn't even support them anymore. I think Dell sent me one to promote one of their product lines once.
The problem here is Googlers have a completely unrealistic worldview, where stuff like having VR/AR displays work is something anyone actually cares about today. Go to a senior living complex, sit down with someone who is not in the tech industry, and see if you can help them figure out how to clean all the notifications permissions and sleezy browser extensions out of their Chrome install. Tonight I'm stopping by my parents' because my mother thinks a pinned site on her new tab page is something installed on her PC, and she wants it gone.
There are real world things Google could do to make their web browser help real human beings, but piling in new hardware APIs and then complaining other browser vendors aren't doing the same isn't what that looks like.
You should not be compromising your browser's core surface for something that at best applies to 1% of the population. Maybe these APIs have a use... as a separately installable plugin to add the functionality to the browser for the extremely niche crowd that needs them. This is true of connecting your serial device or your MIDI music interface to your browser too: It's just not something that belongs in a standard web browser toolset, and it's yet another thing I have to shut off to keep people safe on the web.
Atleast 2 million Oculus Quests have been sold. And if no one has these devices, then WebXR is mostly useless for fingerprinting anyway.
> I actually do have a very expensive VR headset, and it's sat in the box for a few years since I initially played with it.
Goody for you. I have a Switch, Playstation, and Xbox that mostly sit rusting on the shelf as I mostly play PC games with mouse/keyboard. So therefore, my anecdote transfers to everyone?
> The problem here is Googlers have a completely unrealistic worldview
No, the problem here is, you have a derangement syndrome around Google. You rarely mention Facebook for example. Every company is working on AR/VR. Facebook, Microsoft, and Mozilla contributed major parts of the spec, but I'd say Facebook cares way more about VR these days than Google and they are betting the future of their company on it.
> It's just not something that belongs in a standard web browser toolset, and it's yet another thing I have to shut off to keep people safe on the web.
Maybe you have a point with MIDI, but musicians would probably disagree, but USB devices are ubiquitous, and VR/AR will be in the tens of millions of users within a few years, 6.1 million units predicted to be shipped this year, that's an exponential gain. And we all know that once Apple ships AR glasses, it'll explode further.
The real irony of your post is, if Facebook succeeds, Oculus will own a majority of the market, and they will control VR browsing in a Chrome fork (Oculus Browser), so they will put whatever APIs they wish into it, and Google nor Mozilla's opinion won't matter.
And if VR/AR becomes way more popular, which it seems poised to do, the fact that Chrome is 'safe' won't matter very much, and Google and Firefox will both end up implementing whatever Facebook wants to make it into their app store.
> Go to a senior living complex, sit down with someone who is not in the tech industry, and see if you can help them figure out how to clean all the notifications permissions and sleezy browser extensions out of their Chrome install.
How about you check their iPhones for how many recurring subscriptions they've been tricked into buying "1 month free", and forgot to cancel. I regularly find these on ordinary people's phones. They install apps, start a 1-month trial, and end up paying $5-10/mo zombie subscriptions for a long time before they notice.
But hey, notification permissions are the real problem, not their bank account being drained.
Facebook is incredibly easy to not use and block. Google is a monopoly in almost every space it operates in, and I've been trying to escape the great beast for five years, and I still encounter a new problem daily that can be summed up with "someone at Google thought this was a good idea, and now we have to deal with it".
Facebook is trying crazy things because it is having an existential crisis with the reality that the most profitable target demographic does not care about Facebook anymore, and probably won't any time soon.
> Maybe you have a point with MIDI, but musicians would probably disagree
I think musicians can install some sort of feature pack that adds these sorts of APIs, as everyone else doesn't need them, and a massive bloated attack surface is a bad thing to do to web browsers just for the sake of a single group. (I similarly think if you buy a VR headset, you could probably install some addition to your browser along with the inevitable hardware driver nonsense and setup.)
> if Facebook succeeds
> if VR/AR becomes way more popular, which it seems poised to do
I do not think Facebook will convince everyone to strap monitors to their heads. It isn't the sort of concern that outweighs the massive problems I see day to day in real world scenarios.
> check their iPhones for how many recurring subscriptions they've been tricked into buying
This is arguably a very good concern, but Apple is probably the least worst offender here, as they wrap all those subscriptions into a single UI where you can easily remove them without having to call someone on the phone. Checking someone's credit card statement for these is far, far worse, and incredibly hard to get rid of. (Six months, two Better Business Bureau complaints, and a credit card dispute later, I finally cancelled a subscription recently.)
We have decades of experience about how this works in the real world. Which is that most people will blindly click whatever button is there in order to get the site to work.
For features which compromise privacy or security it’s not an acceptable approach.
That's a non-issue. If fingerprinting is your concern, people aren't going to blindly tap through 3-5 "allow ____ access to your device" dialogues before they get the hint. If it is dangerous, then Apple could issue a warning in the notification explicitly telling people that it could compromise their browsing.
WebRTC and WebMs don't compromise security anyways. Apple just reaches into their bag of canned excuses and happened to pull out "security" this time.
I think you missed the point: Nobody reads the warnings or notifications. Which is why it's absolutely an issue.
And yes, I routinely revoke permissions for dozens of sites from all sorts of Chrome permissions that the user doesn't even remember visiting, much less authorizing. People just click stuff.
> Which features are you thinking about that would present a privacy risk?
From this week?
>Since most of us keep our phones in our pocket or on our person, there is a lot of motion data generated on the device throughout the day. Google Chrome, by design, allows any website you click on to request that motion data, and hands it over with gusto. Researchers have found that these sites use accelerometer data to monitor ad interactions, check ad impressions, and to track your device.
Or where they just don't have the resources. None of this explains why Safari's WebRTC implementation was busted, or why a lot of their CSS was lagging.
it's a bit of both. safari often also fails to implement sensible features in a reasonable timeframe (my personal grudge example is webp), but I do agree that chrome/google is also doing its best to choke out all other engines via API attrition
> but the idea of having to learn different language constructs for loops and the like doesn't seem that herculean of a task.
I agree. As long as you understand the basic concepts, it's only a matter of learning the syntax, which is really not as big of a deal as the person you replied to is making it out to be.
It's not a herculean task... I agree, until you've learned 10+ (angular, vue, svelte, wordpress/php, jade templates, laravel, underscore/lodash, handlebars/mustache, hugo, etc..) of these "super simple templating languages"! And keep them all straight. I have no problem learning a new language if there is a compelling reason. But If it's just additional shit I have to remember for no clear reason... No thanks...
We can have a debate on unidirectional data flow vs 2-way binding, how each framework manages state changes, how opinionated each framework is... How mature and vibrant each developer community is... etc. These are all another discussion though. My question is why must we reinvent the wheel again and again.
You need to stop insisting that a wheel has been reinvented with Svelte. It shares 95% of the same DNA as other frameworks, with multiple improvements over them. So with that in mind, what you're actually suggesting is that the existing offerings were somehow perfect, and we don't ever need to improve on anything again. That is an absurd notion, especially given that the other frameworks have gone through MASSIVE changes since launch -- sometimes even complete rewrites, because they acknowledged they got it wrong the first time.
100% - Common guys we are programmers in a field that is know for changing consistently (probably a lot faster than other careers). If you see learning new "syntax" for the basics (loops,conditionals etc) then you going to have problems down the road. Weather you use svelte, or some other new tech. If you really never want to learn another syntax.. learn LISP and be done with it.
You are a programmer, you will need to learn new syntax a few times in your career.
If some of the "biggest" complaints are "oh no I have to learn how to write for-loops again" - I guess svelte is doing the important stuff right.
Wayyyy back in the day(ok not that long ago - 80/90's) when I was learning a new lang (Pascal,C, C++) I used to tell myself If I can get an working example of:
1) "user-input (readline,scanf etc)"
2) "printing input/output"
3) "calling functions/procedures"
4) "Do the loops + conditionals"
5) "file I/O"
6) "Memory schematics"
You basically mastered the "building blocks/mrk(min-req-knowledge)" of the new lang and like maths you only need now practice or a good project.
TL;DR
If you are a professional-career-programmer, learning "new syntax (we used to call them keywords)" is a requirement.
Oh but it‘s not just about the syntax, it‘s also about the semantics, scope rules etc. This is the reason I still like JSX best, because I have a fairly deep understanding of that stuff in javascript while vue templates still leave me scratching my head sometimes. But I can see the appeal either way.
I just tried googling "mitmproxy chromecast" and found a bit of a rabbithole of hacks and tweaks that can be done to Chromecasts to alter their behavior in ways they were definitely not intended for :)
I expect there are probably umpteen different ways to block ads with a little digging, although I can't vouch for any as I don't have a Chromecast (or TV) myself.
FWIW, a while back I reached my eye-twitch limit with Raid: Shadow Legends (deeply impressioning irritating ads: ...why...?), and so I stared at YouTube's load process to try and figure out if I could viably block everything.
The technique I ended up using exploited the fact I was running within a Chrome extension and overloaded JSON.parse (lmao), and was specific to the HTML delivered for desktop, but has worked for months.
I reckon it's quite possible the data sent to Chromecasts is similar enough that you could viably block it by MITMing the device then rewriting the JSON (or possibly gRPC) responses being sent to it.
Using YouTube Vanced on a no-name Android TV stick might be an alternative. (Untested but should presumably/theoretically work.)
I don't feel like rewarding a company for grabbing a monopoly on short form streaming video then making their service borderline unwatchable through aggressive, increasingly unskippable ads.
Plus (getting back to the topic at hand), having adblock for all your devices is so ... pleasant. You forgot how jarring and upsetting (and LOUD) advertisements are. Having them puncture your DNS adblock while using Chromecast is like getting a wet slap in the face.
It's truly unfortunate. I would love to try the Quest 2, I've heard some pretty great things.
The requirement to have a Facebook account makes it a complete nonstarter by itself. The fact that I can get locked out of my hardware that I purchased because Facebook's software decides my account isn't 'legit' enough? Gonna be a serious nope from me.
Easy to say when you haven't been detained for 12+ hours. They don't care if you're a U.S. citizen when they can just decide the law is optional. Safest solution is to just backup, wipe, enter the country, then restore.
