Walled Gardens are Driving me to JavaScript
I fear that someday soon, native programs that I have written and rely on won't run on my own computers because I won't have the money to buy a vendor specific compiler tool chain or a vendor provided signing certificate. Because of this, I'm going to make an effort to port all of my applications to generic JavaScript and hope that the vendors won't try to devise ways in which to stop that from running.
Here's a demo of SHA1_Pass in generic JavaScript http://16s.us/sha1_pass/why. It's not as functional as the native, desktop application, but it's works for my needs. Edit: This demo only works with Chrome and FireFox.
As a kid who began writing code on a C64, it's really sad to see the move to app stores, signed code, approval processes and vendor required dev tools. What do others on HN think? Is there a future for independent developers who write native code? Will our native apps stop running on our own computers?
72 comments
[ 3.4 ms ] story [ 136 ms ] threadThe Mono situation is actually pretty ideal practically, because much of what would be patented is known and not submarine patents, and it would be far harder than you suggest for Microsoft to start suing over that stuff after issuing their legally binding patent promise.
It's a given that Objective-C is entirely within Apple's domain and C# is within Microsoft's just as Java is now Oracle's. These languages are not independent of the organizations involved.
Other more standard-based languages, which has traditionally included things like C, C++, JavaScript and now Ruby are less likely to be disrupted because of shared ownership.
I'm worried about all the people chugging C# Kool-Aid when Microsoft wasn't the least bit concerned about taking SilverLight back out behind the barn...
Silverlight could only be killed like it was because it's on the client. Classic ASP, a 15 year old technology, still runs easily on IIS 8 / Windows 8. Yes, Microsoft could kill CLI on the desktop and stop distributing .net frameworks (or by removing the desktop mode from Windows 9 and removing .NET support from metro etc), but it's almost as safe a bet as there is that you'll be able to use it on the server for at least the next decade.
a) Money is a bit of a red herring. Or rather, if Apple gave away keys for free, would you no longer have a problem?
b) If you have physical layer access, you can override any security settings. Gatekeeper et al cannot change this fact. You will be able to write/run code, just not necessarily distribute it.
c) Code signing will nuke a large portion of malware. 99% of users are not developers, so why should the default state of the operating system be configured for our needs?
d) Code signing could be implemented on a javascript level, as well. Flash is/was an attempt at signed codebases/binaries distributed over the web. Presumably, for example, a site could required to pull resources from an HTML5 manifest style local cache that has been signed/verified. This could eliminate MITM style attacks (changing ads) that are already in use. Difficult? Yes. Impossible? No.
e) There's always Linux/BSD. Until the TPM security protocols of 2018 are implemented, of course.
That is not necessarily true. It is a "simple"[1] matter to have non-overridable security programming arbitrarily close to core hardware, from a chip on the motherboard to etched directly into the same silicon as the processor or BIOS. This isn't just a theoretical concern: plans to do this are already underway, see http://en.wikipedia.org/wiki/UEFI#Secure_Boot
[1]: By "simple" I mean the concept is simple, the implementation is plenty complicated.
Also you need to spend some time without the tinfoil hat. App stores have resulted in a lot more independent developers because it provides them a cheap distribution channel. Likewise vendor required development tools have always been around. There really isn't anything to be afraid of.
The problem is when it is the hardware manufacturer that dictates which signatures are to be trusted and which are not. The user should be the one that is free to choose the software that runs on its hardware, not the hardware maker.
I suggest «The coming war on general computation: the copyright war was just the beginning» by Cory Doctorow https://www.youtube.com/watch?v=HUEvRyemKSg .
BTW, many non-developer will always be bound to what their distro provide them with. I am OK with that, as long as I can override all these security restrictions whenever I want and for whatever reason.
I think that Chromebook-like operating systems could provide an interesting middle-ground. By default the system is locked down and only Google can update the software. At the same time you can unlock the bootloader whenever you want and install your own things if you want to escape the walled garden.
The Android app stores have some housekeeping problems. There are apps that shouldn't be in there because they're malicious. Is it restricting "freedom" to prevent people from installing these?
Cory is turning into a cantankerous crank lately. The future is not these general purpose computation platforms, naturally it is smaller more application focused devices that provide a safe environment for the user.
I can imagine he'd be railing against roads a hundred years ago as "the coming war on general driving" because they restrict a person's freedom to drive anywhere they want.
At the same time, users have never had more options when it comes to free and open in other spaces like Arduino or the new ARM-based machines. People can get a very capable computer for $25-35 and run a robust open-source environment like Ubuntu on it. What more do you want?
Nonsense. Or you could as well talk about "freedom to not hear unhealthy opinions", "freedom from the burden of choosing your profession", etc.
How about "freedom from unnecessarily dangerous professions" where you won't have to concern yourself with being just another casualty in the factory?
Usually when people "give up" freedom they're just trading it for a different form.
It is extremely liberating for non-technical people to be able to browse an app store catalog and install things without concern that it will wreck their device.
Go tell that to the many people who are fighting for more freedom.
You expect me to have sympathy for people that are whinging about their iPhone not being as open as their Raspberry Pi? Where's your rage about refrigerators or washing machines? Why isn't your car's firmware open-source?
You want freedom, you can get freedom. You want a polished, appliance-like phone, you can choose that.
It is a matter of corporate domination of technology and restriction of use through signed packages and security. ;)
Which do you want?
The harsh truth is we've tried the 'run whatever you want' model and it sucks ass for the end user as they get infested with malware.
I say, which do you want?
I really don't buy that Apple's absurdly draconian control is better than something akin to Chrome's warnings. You should make it difficult to install something potentially malicious by accident our without thought, but you should definitely not go out of your way to stop determined users from installing what they want either! Apple goes well beyond the reasonable and helpful and into the absurd.
My point stands, we tried the run anything model and millions of machines are infested with malware as anyone with any basic computer experience can attest.The number of times I've had to clean friends or families computers I cannot count. There is a very good argument for these sandboxes.
To tell the story again: my brother runs a cash intensive business that regularly moves hundreds of thousands of dollars a month. He narrowly escaped having a mid six figure sum stolen after his computer was hacked, and his solution now is to have a separate laptop that is only used for accessing the bank website and not a single other site on the internet. He's not stupid, he makes way more money than the majority of people reading this, and he finished a math undergrad with honors. And yet his computer got spyware on it that harvested the bank login. It's time to admit that our current security models have absolutely failed their users. At least on an ipad it's more likely than not that an application that will run is safe to run.
For all their warts, Javascript and the web are the first truly universal computing platform, and their capabilities only continue to grow, slowly but surely. And without hating on the (highly profitable) walled gardens, the open jungle is where I prefer my energies to go.
Every day I wake up this is staring me in the face. On the one hand I feel a sense of inevitability about the whole thing. On the other hand I really really want to stop it but I'm not sure how. I look up from what I'm doing, ponder it for some minutes, then go back to work.
And then I do it again a few hours later. It's driving me crazy.
Whatever one may think of him, it is hard not to see Richard Stallman as prophetic in these regards (see "the right to read", etc). Gnu and the General Public License were efforts to deal with the kinds of software "unfreedoms" that have been creeping over the years (copyrights, patents, trademarks, walled gardens, controlled compiler, etc, etc).
Free software still has many warts and problems but if you are concerned with the many ways that software unfreedom is making inroads, you might consider trying to improve a free project as a way of fighting back.
Otherwise your code can simply be co-opted to build platforms which are very much closed (see OSX/BSD).
In fact it should really be argued that GPL isn't good enough and you should be using AGPL which also gives rights to users who use the program on a networked basis.
The OP's question by the way, reminds me of this discussion http://news.ycombinator.com/item?id=3802516 , in which some argue against the GPL as "unfair" and ruining their day because it prevents usage in walled gardens (http://news.ycombinator.com/item?id=3803492).
Would it be more pragmatic to keep the discussion on HN going instead of developing evasive concepts?
A lot of GNU was replicating work that had been done by other Unixes but the goal was to have it available as GPL.
Next to that: I would only call it ideological if it was for some higher, intangible value in a future yet to discover. But I find the purpose of the GPL from inception until now only pragmatic.
1) Linux is going to be around for a long time. However nefarious the intentions of large corporations might be, there is now too much written on top of it for it for it vanish and too many distinct users for any one to control it.
2) Making portable that runs on both walled gardens and open system still helps the wall gardens by adding to their codebase.
http://www.zdnet.co.uk/news/desktop-os/2011/09/23/microsoft-...
What was it you were saying about walled gardens?
Edit: Thanks to timb it now works with IE 9. Thanks!
if you want to support IE 8 and lower you'll have to add a shim for String.prototype.trim. (see http://kangax.github.com/es5-compat-table/ )
In '78 I paid $800 for a computer kit which, when assembled, was waaaaay less capable than a Raspberry Pi. But there were maybe 10,000 ever made. My prediction is that the next 'gap' will be when the big players (HP, Apple, Asus, etc) move on to selling appliances for users.
Laptops might get eaten in this gap. But there will be the equivalent of a terminal program in the appliance thing you are using so you can program over the network. If you want to run code on the machine that you are typing on, you may have to have a 'deskside' type computer, which is living off the ecosystem of server machines.
Other risks are disk drives that are too smart for their own good (built in DRM as an example). Hard to build one from scratch, but flash is ok for now.
Overall you'll experience the same sort of changes car enthusiasts did where cars became less and less a motor and a transmission and a body and more all of that and a complex proprietary feedback control system to run it. Of course many kids these days don't care that they can't put 'glass packs' on their ride, they have other things to customize.
I've been working in Haxe for several years now, and have been targeting the Flash platform the entire time, but without really trying, the escape hatch has been built for me through the NME framework - a very close, open-source implementation of the Flash APIs for numerous client platforms(including native code). As a result I feel kind of distanced from worries about the platform; in fact, I benefit in several ways by having more platforms because they each have strengths and weaknesses w/r to iteration times, debugging, etc. I couldn't have gotten exactly this outcome if I were working in C++, because I would have been starting from too low-level a basis. Although there's a big effort afoot to get native code compiling to sandboxed platforms, my perception is that it strongly favors the platform owners.
Ultimately I think we're actually gaining by engaging in a platform arms race. We're forcing ourselves to confront some old problems with our existing technology stack by saying "rewrite in JS." We end up with another black box in the layer of native code, but our hardware already is, in practical terms, a black box, and we at least have a good groundwork of open code in browsers and operating systems.
I can definitely sympathise with the OP. But I have little motivation to learn Javascript. It is a workaround to get a little control through the browser, but it is still browser-centric and has so little power relative to lower level languages. It is not a long-term solution to the problem the OP describes.
They used to ask for a credit card, but I believe that's no longer required (if it were, you could just use a prepaid gift card).
Ah well, I guess I'll have to fork over that $99 when I want to install my own apps.
Also, if I install an app with a developer account, but don't renew it the next year, will my app still be usable, and will I be able to update it?
“Once you have something that grows faster than education grows, you’re always going to get a pop culture.” - Alan Kay
The problem with computing is not any particular platform or our tools. The problem is education. As tinkerers, we learned how to make computers do what we want, and eagerly raced ahead while leaving the majority of humanity in the dust. The direction computing is moving can only be attributed to our own selfishness.
We can now either accept the walled gardens as computing for the masses, or we can work to create doorways out for those trapped inside by simplifying access to computing and improving education.
Lay less bricks, build more doors.
I sometimes think there is a false dichotomy presented between usability/security and flexibility. This seems a little like suggesting that we should install a totalitarian dictator so that the masses don't have to worry about messy subjects like voting and politics.
I think that the popularization of "walled garden" computing really came with the iPhone. Since the iPhone was more usable than any other smartphone to date there was an assumption that everything apple did was right. When really it was just that other companies did (and continue to do) an inexcusably bad job on usability.
Let's assume that the iPhone had somewhat less restrictive policies about what was allowed onto the store (assuming that malware and scamware was still disallowed) and also allowed side loading onto the phone, would this have impacted it's popularity in a negative way?
Openness is about allowing alternatives, not guaranteeing their success.
They can either flat out block it or leave your browsing software in such a state that it would be difficult to build anything significant for it (see IE6).
On the app stores this is just business as usual and happens all the time every day.
What's the sense in spewing out endless chunks of code when no one (even the authors later on) can take the time to read it and understand it?
Why not review the code that's already been written (like the open source code Apple and other walled gardens rely on to build their systems)? This is the sort of tinkering that will help us develop alternatives.
To find the doors, and build new ones, we have to read old code, not simply write new code.
http://wiki.mozilla.org/Apps