I don't know anything about Thom, but I've kind of grown to prefer the pissy opinionated tones of blog posts. I think impartiality is difficult or impossible for a lot of tasks, and I'd rather people lay out their opinions plainly than trying to pretend that what they're saying is "objective".
Also, I think writing only when you have things to criticize is a valid enough thing to do; what's the point of writing a glorified "I agree!" article?
I only ever blog when I have something that I think is unique to say, and as such a lot of the time my posts end up being kind of negative. I don't think I'm that negative of a person, I just don't see the point of flooding the internet with more echo-chambers.
It's one thing when it's the Associated Press, where they are trying to be a somewhat impartial source of news and reporting raw facts to the best of their ability; stuff like that probably should not have an opinionated tone at all.
But I think for things like blogs, without opinions being clear, posts can feel kind of soulless. Even before LLMs I felt that way, and now it has been amplified ten fold with people just cranking out low-effort posts with ChatGPT for reasons that I do not understand.
When I write stuff for my blog, I like to think of it as a time capsule of the entirety of the thing I'm writing about. This doesn't just include the raw subject matter, but also my mood and opinions about the subject matter. I'm egotistical enough to occasionally read through my old posts and the ones that I like the best are the ones where I feel like I was expressing myself the most, and where I make no effort whatsoever to try and be impartial.
> No, it's not a stupid reason. Reason is OK, the execution is controversial.
This is a muddled statement. It is a stupid reason to "execute" the act of silently modifying your host file.
If I murder somebody to keep them from stepping on my foot, and the judge says that it's a stupid reason to murder somebody, it's silly to say that the reason is "OK" because it hurts to have one's foot stepped on.
And even then, only controversial to nerds with opinions. Nothing else about it is controversial.
If anything, knowing whether the app is installed or not is kinda important? If you open a file shared with you in the browser, the option to "Open in Desktop" versus "Install Desktop App" actually works correctly?
You can't detect whether a URL handler worked correctly in a browser; otherwise Windows will appear with a "Select an app to open YOURPROTOCOLHERE://" which is completely nonsensical to the user.
As for option 2; ask them every time, or edit their hosts file. Easiest decision in the world: Edit their hosts file, every time, no question. The 1% of nerds who care, and oddly enough don't buy Adobe software, are completely meaningless to the 99% of customers who experience the decision positively.
Why does Adobe need to exfiltrate some information from my machine anyway? If I'm a customer, then they should know this when I sign into my account. They absolutely don't need this information if I'm visiting their website without logging in.
Modifying a global system file is something their software shouldn't be doing in the first place, but relying on this abuse to track me on their website is on another level of insidious behavior.
If you're worried about device fingerprinting, Adobe has far more reliable ways to do it already. Canvas fingerprinting, IP tracking, cookies. A hosts entry tells them almost nothing they couldn't get elsewhere, provides them with almost no entropy, and attributing insidious intent to what is most plausibly a UX feature is conspiratorial.
I'm not worried about this, since I don't use Adobe products. I'm just calling out what's clearly user hostile behavior. Considering the amount of hostility Adobe has exhibited towards its users over the years, I'm inclined to believe this is yet another example. Nothing conspiratorial about that. If anything, calling this a "UX feature" without any evidence either way is suspiciously dismissive.
> If anything, knowing whether the app is installed or not is kinda important? If you open a file shared with you in the browser, the option to "Open in Desktop" versus "Install Desktop App" actually works correctly?
This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not.
If you want the browser to be able to give the OS a file handler and have the OS present an option to install the app if it's not installed, that should be handled at the platform level, not on the website using a hack like this.
Why can a file not simply be downloaded with a page displayed showing a link to install the app and also instructions to open the file, trusting the user will know if they already have it installed? At best, you're talking about a very small UX optimization. Emphasis on the "kinda" in "kinda important."
> This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not.
How many apps are you installing that it becomes "unsustainable"? Host file entries are extremely cheap, and it's not like the app needs more than one. Of all the arguments against this, sustainability is a comically weak one. If anything, it's using less contested resources than the "hitting random ports on localhost" approach...
The "sustainable" comment wasn't about the hosts file ballooning to the point of causing performance problems. It was more about the engineering effort required for every program ever (or at least every commercial program that might want this sort of analytic) to have to parse and edit a text file on both installation and removal, without messing that important text file up.
Do you really not see scripted editing of shared system-wide text files as a step back compared to the general containerization that app development has moved towards? This sort of approach would be explicitly incompatible with sandboxes. Adobe can only get away with it because they're already very entrenched with their own app store on their users' machines.
> Do you really not see scripted editing of shared system-wide text files as a step back compared to the general containerization that app development has moved towards?
Sir, this is Windows. This is not Android, this is not iOS, this is not macOS. Wait until you learn about the registry.
Also, Microsoft has attempted to reign in and standardize app developers on numerous occasions over the past couple of decades, and their failure to do so doesn't impact my statement regarding the direction of app development in general (or the weaknesses of people doing whatever they want on Windows).
> This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not.
Actually it's completely sustainable. DNS was invented a decade after hosts files. The idea of your host file being almost completely empty is a modern aberration from the days it used to be thousands of lines long.
Do I wish there was a better mechanism? Sure. Would HN ever agree on a OS-level app-detection API for the browser? Never.
> Why can a file not simply be downloaded with a page displayed showing a link to install the app and also instructions to open the file, trusting the user will know if they already have it installed? At best, you're talking about a very small UX optimization. Emphasis on the "kinda" in "kinda important."
A small UX decision, adding up to tens of millions of times per day, affecting 99.9% of people who don't give a darn - versus a matter of slight software engineering principles of "we just don't do it that way." Easiest decision ever.
> There *already( is one. It just asks the user whether it's okay before it tells the website
The current implementation defines a way to launch (w/ the user's approval) but it lacks any signaling of success or failure of the request. Without such feedback, it falls short of being a detection API.
> NPM clients should not install freshly published packages.
That would be a beautiful example of Cobra effect: what about updates that fix vulnerabilities? You're gonna force users to wait couple days or a week before they can get malware removed?
In cases like this that isn’t an issue, NPM takes the malicious package down and you roll back to the previous version.
The problem would be new versions that fix security issues though, and because this is all open source as soon as you publish the fix everyone knows the vulnerability. You wouldn’t want everyone to stay on the insecure version with a basically public vulnerability for a week.
This could be controlled by npm. Client ask for available versions anyway. If package is security fix then it can be made available instantly. But this delay gives time for security scanners and time to notify maintainers that package was published.
Iran had one of the largest and most extensive integrated air defense networks in the world. US has been bombing Iran from day 0 of this war. Those are the air losses they took.
Being able to counter air defenses to this degree and operate with this level of impunity is a major SEAD/DEAD win.
No, they wouldn't annoy everyone around them, that's just your subjective projection. I, for one, found it an important distinction that highlights how easy it is to skew a narrative towards a more sympathetic one. It saw it as having similar value to those Instagram posts juxtaposing headlines reporting on "dead Palestinians" vs "killed Israeli victims".
No, I agree with him. Everyone knows Russia has territory inside Europe. Does that make it European? Post-Ukraine not a lot of people would call it European. It's just a word at the end of the day, the politics are more important to people that geography since both are made up. Why does Europe end at the Ural mountains? Because we said so.
Sure. Kazakhstan is also in Europe. Do you consider it European? Do you now understand where lies the problem with the use of "unquestionably" in this context?
Sorry, but as an European who roots for EU very much, I found that branding laughable, because it's absolutely not true at all. Those Eurooean alternatives are absolutely of significantly worse quality almost across the board, simply because there's less money thrown at them. It's also making it sound pretty, disingenuous, and adding to ongoing gamification of relationship with the US.
"Europe does it differently" would be so much better, because of the obvious better privacy, openness and standards compliance, as mandate by our regulations.
> because of the obvious better privacy, openness and standards compliance, as mandate by our regulations.
So Europe does it better.
Maybe you just have the wrong metric in mind.
And given the amount of problems exist with Office, Outlook etc. I‘m not even sure if Europe is worse on the quality site.
People are just used to US software faults.
I recently tried to replace Dropbox with Filen. Filen supports full encryption, so like you say better on privacy.
Then I mounted it as a drive on my MacBook, and moved some backup files there. The move took a while, and after it, no backups on my MacBook, and no backups on Filen. Just nothing, no log of it, nothing.
Going to stay with Dropbox.
So in this case, Europe definitely does not do it better.
Edit: I also tried to replace Sendgrid. All European alternatives are crazy expensive, so not going to replace that either.
Instead of focussing on old tech, and keep running behind US and China, maybe we should jump on the next boat.
Better software pertains to quality of software, as long as software exists, not one's privacy. So while the latter is increasingly important, let's not bend the reality, OK?
I cannot stomach Thom's articles. So borderline judgmental, holier than thou, feels like he only writes whenever there's something to criticize.
No, it's not a stupid reason. Reason is OK, the execution is controversial.
reply