I meant, what things do you do on your phone that wouldn’t be possible on a website if you were on another platform?
This is still begging the question: your question contains the assertion that the current smart phone model must continue. If you only think about the things you currently do with it, then of course you can do a lot of the same things with a browser model: they’re both restrictive sandboxes in similar ways. Interestingly though, I can name a few things already that are currently easy on an Android phone but not in a browser, the most obvious being running any sort of network server. You can’t take advantage of Linux’s configfs and functionfs APIs on a device that is ironically the best device made to use them. I mean, browsers were never even designed to allow filesystem access so an API would need to be added for that even, something so trivial. There are an almost infinite number of things you can do with direct access to an OS compared to through browsers; browsers are required to treat every single thing they do on behalf of the server they’re talking to as malicious. That’s the whole threat model, and it’s completely correct, but I don’t want that threat model applied to my entire device.
I think we’re just thinking of different things. You seem to be thinking about how to remake the current smart phone experience, and that’s pretty easy to do with a browser model. I think the current smart phone experience is pretty bad and incredibly limiting, so I see a move to the browser model pretty much… no different. I wouldn’t be particularly excited. I never understood the Boot2Gecko excitement anyway.
I’d like to see a smart phone that is just a small computer that happens to also have phone functionality. Where you actually have an entire Linux system available to you, and you’re allowed unconfined root access. You simply can’t get that if you’re being sandboxed by anything. To be honest if Android just stopped all the insanity around full, meaningful root access and unmodifiable hardware roots of trust, I wouldn’t need anything else. I like the availability of the tightly controlled application sandboxes. I love the use of SELinux throughout.
With respect to the development ecosystem… we can agree to disagree I guess. I’d rather leave the industry than deal with modern web development, but that’s just my personal opinion.
Google does at least maintain fairly solid web standards
I have to strongly disagree with this though. Google wants to bring it’s attestation APIs to browsers. What a nightmare. They also try to move browser addon development in user hostile ways, like trying to kill ad blocking. I don’t trust Google to have the user’s best interest in mind for a single second.
Anyway, I asked where you’re coming from so thanks for sharing.
I think I’d rather my phone be a little “dumber” than my laptop or desktop, though. Or I want it to be powerful enough to be the brains of both, but that would make it expensive enough that I would worry about losing it. Making it just a browser gives it enough utility to be broadly useful, but also enough friction that I won’t get sucked into it.
Also, I think a low-cost, low-power, mass-market B2G-type phone (a la the Chromebook) is way more likely than a mass-market Linux phone. Maybe that’s just me being cynical, though.
As for Google, yeah. I agree that they don’t have the users’ best interest in mind. But there’s currently enough of a pull from mobile Safari that they’re willing to play by the rules for now. My understanding is that the Web Attestation API was basically dead in the water—though maybe that’s me being too optimistic, ha.
Anyway, I asked where you’re coming from so thanks for sharing.
This is still begging the question: your question contains the assertion that the current smart phone model must continue. If you only think about the things you currently do with it, then of course you can do a lot of the same things with a browser model: they’re both restrictive sandboxes in similar ways. Interestingly though, I can name a few things already that are currently easy on an Android phone but not in a browser, the most obvious being running any sort of network server. You can’t take advantage of Linux’s configfs and functionfs APIs on a device that is ironically the best device made to use them. I mean, browsers were never even designed to allow filesystem access so an API would need to be added for that even, something so trivial. There are an almost infinite number of things you can do with direct access to an OS compared to through browsers; browsers are required to treat every single thing they do on behalf of the server they’re talking to as malicious. That’s the whole threat model, and it’s completely correct, but I don’t want that threat model applied to my entire device.
I think we’re just thinking of different things. You seem to be thinking about how to remake the current smart phone experience, and that’s pretty easy to do with a browser model. I think the current smart phone experience is pretty bad and incredibly limiting, so I see a move to the browser model pretty much… no different. I wouldn’t be particularly excited. I never understood the Boot2Gecko excitement anyway.
I’d like to see a smart phone that is just a small computer that happens to also have phone functionality. Where you actually have an entire Linux system available to you, and you’re allowed unconfined root access. You simply can’t get that if you’re being sandboxed by anything. To be honest if Android just stopped all the insanity around full, meaningful root access and unmodifiable hardware roots of trust, I wouldn’t need anything else. I like the availability of the tightly controlled application sandboxes. I love the use of SELinux throughout.
With respect to the development ecosystem… we can agree to disagree I guess. I’d rather leave the industry than deal with modern web development, but that’s just my personal opinion.
I have to strongly disagree with this though. Google wants to bring it’s attestation APIs to browsers. What a nightmare. They also try to move browser addon development in user hostile ways, like trying to kill ad blocking. I don’t trust Google to have the user’s best interest in mind for a single second.
Anyway, I asked where you’re coming from so thanks for sharing.
I think I’d rather my phone be a little “dumber” than my laptop or desktop, though. Or I want it to be powerful enough to be the brains of both, but that would make it expensive enough that I would worry about losing it. Making it just a browser gives it enough utility to be broadly useful, but also enough friction that I won’t get sucked into it.
Also, I think a low-cost, low-power, mass-market B2G-type phone (a la the Chromebook) is way more likely than a mass-market Linux phone. Maybe that’s just me being cynical, though.
As for Google, yeah. I agree that they don’t have the users’ best interest in mind. But there’s currently enough of a pull from mobile Safari that they’re willing to play by the rules for now. My understanding is that the Web Attestation API was basically dead in the water—though maybe that’s me being too optimistic, ha.
Same to you! Good conversation. I appreciate it.