I think it's fair to say that Safari is no longer late.
That comes with 3 caveats.
1. Safari isn't updated independently of the OS, so users who don't update or whose iPhones don't get updates anymore will be forever stuck on old Safari versions.
2. Being timely on new features does little to alleviate the pain that comes from all the old messiness.
3. Different priorities driven by economic incentives of protecting their 30% cut. Fair enough. But shutting out alternative web engines on iOS is definitely a dick move.
Unfortunately this is more misdirection from Apple.
When they were asking for community input as to what developers wanted to be a part of interop 2025 that then had to go for a further non-public round with the browser makers.
Apple then proceeded to veto all of the most popular suggestions and insist that then running grep over their codebase in order to fix a comparability bug [1] with chrome and Firefox version 1 was somehow a legitimate contribution precisely so they could game the interop stats that you’re citing here.
I saw this coming years ago when she left the NYT in 2020. The establishment media absolutely despises one of their own who defect, and the result is hit pieces like this.
The result is that Larry Ellison has to rely on federal intervention to acquire competitors that undermine his narrative. The "hit pieces" are warranted documentation of this phenomenon.
If everything about it is normal then your comment has rather explained basically nothing. It's normal behaviour that Bari Weiss's abnormal, anti free speech behaviour and sucking up to Trump is being documented. Okay.
The point he’s trying to make it’s that it’s become a default like react has. People pick things because they’re the default not because they’re the right tool for the job. Of course there’s less nuance in the article but I think there is something to be said about picking the right tool for the job and how it’s strangely not the norm in the field especially for web.
I get the authors intent at angry humor (especially since it's a response to justfuckingusetailwind.com) but it does feel hypocritical.
I also think CSS frameworks will be here to stay so long as many of the big backend frameworks like Ruby on Rails and Elixir Phoenix use generators. If they're generating pages they may as well throw CSS in there, and I don't want them using custom CSS. If I'm building a static site though I certainly wouldn't use a framework, and I think the author is right in some regards
I agree about frameworks but I never considered TW to be a framework. It's a tool for generating utility classes, the fact it has basic spacing and colours never seemed frameworkish to me.
I don't really see people getting angry about utility-based css, just tailwind for some reason.
You're getting downvoted but it's absolutely true that people simply don't want to (or are incapable) of considering second and third order effects that arise from applying interventions on systems that they do not understand.
HN should really just do away with the down/negative voting or at the least only use it for order sorting, not “points”. The point-punishment only enables abusive and toxic people and behaviors.
I for one believe every human has equal worth and right to speak whatever they want. It may not be relevant, important, smart, or even benevolent; but I still think they should be allowed to say it and even more importantly those who choose to, should be afforded the ability to see/read/hear it. Everything else is just authoritarian, even if it’s just some narcissist who believes HE/SHE is the authority over someone else.
It's a totally reasonable position that both regulation and companies exploiting users are wrong. And it's also entirely a moral assertion that markets should resolve to outcomes judged by members of some political apparatus. Likewise, the idea that a third party should interfere with economic relations between two consenting parties is also a moral judgement, not an absolute fact.
Most arguments in favour of regulation cherry pick what they feel are success stories and ignore everything else. Interfering with highly complex and dynamical self-regulating systems has a cost. There are many examples of regulation leading to negative outcomes, and it's also telling that large corporations push for regulation because it's one of the most effective obstacles for competition in a market.
Free market absolutists don’t know what they are talking about.
The actual originators of market capitalism, most famously Adam Smith, but also proponents like Milton Friedman, had no such confusion.
In reality, today’s free market absolutists don’t get their ideas from economists (even free market economists). Instead, they get their ideas from terrible mid 20th century novelists (I’ll let you figure out who I’m talking about), who didn’t know much about how anything worked, never mind economics.
What is the point of responding to someone if you're going to completely ignore everything they say? Serious question, I'm curious what compels you to do this. Especially in such an arrogant and condescending way.
What you said is a bigger fantasy than the complete history of fundamentalist Marxism. There are precisely zero examples of a Laissez-faire economy succeeding in the real world. It is a wholecloth fiction.
If you'd like to reconsider your stance from a realpolitik perspective, it might clarify the parent's response.
Can you be specific about what I said being a complete fantasy? I feel like you're trying to extrapolate some view of economics onto me when I was making the point that there are reasonable arguments that can be made against government intervention. Or is that it, you don't even think a reasonable argument can be made? If so I would call that ideological, not reasonable.
Markets depend on regulations. You can make any case you want, but you must acknowledge this root fact if you are discussing real-world capitalist policy. Otherwise you are advocating to change a system that does not exist in real life, or reflect any modern economy anywhere on the planet.
Your claim that the parent ignored everything you said is bad-faith and objectively wrong. They are critiquing your attack on regulation and pointing out that reality works in the opposite way. Case in point, you have no bombshell argument against regulating Apple in this instance. You cited no real-world examples and gestured at generic and irrelevant anti-regulation boogeymen. Then you used ad-hominem to attack them instead of refuting the point they made.
The notion that I'm the one arguing in bad faith is laughable. Nobody has actually addressed any of the points I brought up, instead defaulting to assertions that regulations are necessary and thus I'm "objectively wrong". This is not how you foster good discussions - you need to be willing to listen and address the opposing viewpoints that are brought up. If I wanted to do the same thing you are doing, I would simply assert that "Markets don't require regulations" and I've made an argument of equal strength, but of course a meaningless one.
If you're actually interested in having a discussion it would be worthwhile to explain your reasoning behind why you think markets depend on regulation. I can think of a few good arguments for that position, because I'm capable of considering multiple perspectives and I'm actually interested in having a debate. You seem more interested in shutting down opposing viewpoints and bullying the other participants into submission.
Right, but regulations are necessary. And ideological opposition to regulation, as a concept, in inherently wrong and always will be.
Some regulations are good, some are bad. In order to have a free market, you MUST have some regulations. It's not optional.
The reason is simple and intuitive - if you don't regulate the free market, it will just make itself un-free, which is what we're seeing with Apple. You need to actively push back against that.
The reason is all free market players, no exceptions, have the utmost fundamental incentive to make the market non-free. Everyone, all the time, is devising new and innovative ways to make the market they control non-free. Because this is how you maximize revenue.
I would push back a bit on the ideological comment, just to say that ideological acceptance of regulation is also probably wrong. This is different from a philosophical opposition/acceptance of political authority, although it often appears the same.
I think it's fairly obvious that the base prerequisites for market economies are property rights and some form of legal system to handle disputes. I don't consider that to be "regulation", especially not government regulation, but if that is what you mean by the term then of course I would concede that markets require it. However since even the most fervent proponents of laissez-faire economies accept the necessary role of property rights and a legal system, I would consider those to be separate from what we commonly refer to as regulation.
Ok to respond to your main point: It seems reasonable to me that in a competitive market there is an incentive to win, and companies can win by preventing others from being able to compete. This is commonly done via regulation, for example the big companies are lobbying for regulation on AI to help cement their position at the top. The thing is, just because companies are incentivized to win doesn't mean that it's possible to sustain a monopoly position for a significant amount of time. Unlike other competitive activities there isn't a time clock with winners declared at the end. Economists have shown that absent of external cofounders, a position where a company can charge monopoly prices is unsustainable.
There is of course a stronger position to be made for regulating so called natural monopolies, but even then there isn't much evidence that they really exist. Some of the most cited examples, like telecom providers, end up not being true - look at Eastern Europe and what happened when they deregulated that industry for example.
“There are two novels that can change a bookish fourteen-year old’s life: The Lord of the Rings and Atlas Shrugged. One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs." -- John Rogers
If one relies on the JS ecosystem to put food on the table and can't realistically make changes at their job to mitigate this, short of developing on a second airgapped work-only computer what can developers do to at least partially mitigate the risk? I've heard others mention doing all development in docker containers. Perhaps using a Linux VM?
I was responsible for dev-ops, ci, workstation security at my previous position.
Containerize all of your dev environments and lock dependency files to only resolve to a specific version of a dependency that is known safe.
Never do global installs directly, ideally don't even install node outside of a container.
Lag dependency updates by a couple weeks, and enable automated security scans like dependabot on GH. Do not allow automated updates, and verify every dependency prior to updating.
If you work on anything remotely sensitive, especially crypto adjacent, expect to be a target and use a dedicated workstation that you wipe regularly.
Sounds tedious, but thats the job.
Alternatively you could find a job outside the JS ecosystem, you'll likely get a pay bump too.
But none of those would have helped in this case, where each dev/user intentionally installed the package specifically so it could retrieve data from the WhatsApp API.
What would have helped is if the dev/user had the ability for the dev/user to confirm before the code connected to a new domain or IP - api.WhatsApp.com? Approve. JoesServer.com or a random IP? Block. Such functionality could be at the OS or Docker level, etc.
I run incus os, which is an operating system that is made for spinning up containers and VMs. Whenever I have to work on a JS project I launch a new container for development and then ssh into it from my laptop. You can also run incus on your computer without installing it as an operating system.
Containers still have some risk since they share the host kernel, but they're a pretty good choice for protection against the types of attacks we see in the JS ecosystem. I'll switch to VM's when we start seeing container escape exploits being published as npm packages :)
When I first started doing development this way it felt like I was being a bit too paranoid, but honestly it's so fast and easy it's not at all noticeable. I often have to work on projects that use outdated package managers and have hundreds of top-level dependencies, so it's worth the setup in my opinion.
Amazing suggestion. So you're running it inside a Docker container or something? I'm going to try this out. I guess the alternative is a VPS if all else fails.
Incus uses LXC containers under the hood, which is better for development since the containers are made for running systems/os. Docker is best for running applications, but not that great for active development containers (imo).
With LXC any changes you make to the os/filesystem are persisted and there after the container boots up and shutsdown. So I don't have to worry about ephemeral storage or changes being lost. It feels more like a "computer" if that makes sense.
I'm aware thanks, but if your company is doing the standard practice of using 10k dependencies for some JS webslop you don't really have any other options but to protect yourself.
I think you end up asking it basic questions about stuff you know little about, but much more complex/difficult questions for stuff you're already an expert in.
A lot of people are talking about the downsides and I get it - for me it's about authenticity. I think it's really lacking in today's world, and if you don't feel comfortable sharing on the internet (which is fair!) at least do it irl. We need more real human connection and people being themselves!
https://wpt.fyi/interop-2025?stable
I don't really buy the conspiratorial takes either. I think they just had different priorities for their browser.
reply