Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

67% Positive

Analyzed from 789 words in the discussion.

Trending Topics

#element#quic#google#chrome#https#least#web#multicast#second#permission

Discussion (22 Comments)Read Original on HackerNews

phantomathkgabout 3 hours ago
Chrome basically is abusing its market position, 69.65% globally, and becomes the new IE. Implementing its own HTML/JS standard.

The sad truth is, some companies will look at Statcounter[0] and say because Firefox does not reach 5% global population and decided not supporting it, actively or passively.

[0]: https://gs.statcounter.com/

zdragnarabout 3 hours ago
This is literally how the standards are meant to work, at least on the JS side. The tc39 process requires at least two live implementations to exist before a spec can move to finished.

In this case, there's also people from Mozilla onboard, so there's no guarantee that it'll remain chrome only or that chrome will keep it if the spec doesn't go anywhere.

In fact, much of the web as we know it evolved this way. We have IE to thank for AJAX, after all.

sheeptabout 2 hours ago
Another reason why this is problematic is that their proposed standards follow Google's priorities for its own products, particularly Google Meet.[0][1]

[0]: https://developer.chrome.com/docs/web-platform/element-captu...

[1]: https://developer.chrome.com/docs/web-platform/document-pict...

austin-cheneyabout 2 hours ago
Another example is QUIC. What is the benefit of QUIC? On one hand Google boasts it greatly increases page load speed, which is contextually arguable. On the other hand, Google’s design priorities were to introduce UDP to the browser because UDP supports multicast, which lowers CPU utilization in data centers.
wahern39 minutes ago
They claimed and showed QUIC slightly-to-moderately reduced latency, particularly for mobile. This benefits Google by loading pages with third-party content, i.e. ads, faster.

But QUIC significantly increases CPU utilization on servers, at least the widely used userland stacks do. Unless/until Google deploys QUIC in the kernel (or puts the whole network stack in userland, a la DPDK), this won't change.

The multicast claim is kinda bizarre. I can see how QUIC could help eliminate UDP client barriers, but those barriers pale in comparison to multicast. Multicast routing just doesn't exist on the Internet; it's only supported within some independent, typically small networks. Most ISPs don't support it. Wherever you could manage to distribute content with multicast, you'd necessarily also be resolving the collateral routing problems which QUIC support resolves, whereas even ubiquitous QUIC doesn't materially improve the multicast situation.

chrisweeklyabout 1 hour ago
IIRC, QUIC was also the precursor to HTTP/3. I don't like Google's motivations for wanting a faster web, but many of the things they've encouraged and/or provided have made things faster and more efficient. I'm not a google apologist, there's so much wrong and so much harm done... just saying it's maybe worth separating the tech from the motives.
gorgoiler31 minutes ago
Interesting to see that on Desktop, Firefox (5.8%) just overtook Safari (5.0%) for third place. It doesn’t feel statistically significant but it’s a bit of data at least.

(I’m a big Firefox fan and idealist.)

akerstenabout 3 hours ago
Uughh why do we need this whole new html element and not simply make the getUserMedia API allowed to be called more than once if the initiator is a user click?
zamadatixabout 2 hours ago
I'm not all that happy with second chance options in the first place... but a dedicated element with browser-level protections on making sure it's clear clicking that particular element is going to second chance the permission prompt is at least much less likely to get abused.
akersten13 minutes ago
> protections on making sure it's clear clicking that particular element is going to second chance the permission prompt is at least much less likely to get abused.

I guess I really don't understand the abuse they're trying to guard against. The protections are like "the button isn't transparent and there's a 3:1 contrast ratio, because click jacking." Alright, so I will just make the button say 'click to view content' or 'click for free bitcoins' or really anything at all and people will happily press it.

And when they do they'll get the same permission dialog they would have if I had been allowed to make the button invisible anyway.

I understand the use case for the second chancing. I think it's really crazy to make it require this special HTML (!?) element that you can only have up to 3 of on your page at a time (because we all know as soon as you hit 4 of these buttons it means you're up to no good).

If it were me I would have allowed second chancing via JS API, only if initiated by user action (we have that pattern already for events), and with exponential back off between retries.

If they were really dead set on this whole concept of secure enclave essential oils elements, they had a decent idea with the `<permission>` element that they mentioned in the article - but then we decided to throw that out, but don't worry, specific `<camera>` and `<microphone>` elements are coming soon.

I'm probably getting too old for this...

usr1106about 3 hours ago
Is this Chrome only or something the other browsers are working on, too? A quick web search does not seem to produce any relevant hits.
sheeptabout 2 hours ago
At the very least, Firefox's position on the similar <geolocation> element is positive.[0] I would assume their position for other permissions elements would be the same.

[0]: https://github.com/mozilla/standards-positions/issues/1288

asqueellaabout 3 hours ago
Seems Chrome-only for now. But the spec (Working draft) has an editor from Mozilla as well, so maybe someday... https://w3c.github.io/mediacapture-extensions/#the-usermedia...
felooboolooombaabout 2 hours ago
Anything new I have to block so my ass can't be fingerprinted?
rho138about 3 hours ago
This won’t get abused. /s
saagarjhaabout 3 hours ago
How do you see it being abused?
unfocsoabout 3 hours ago
"Press here to view the content", there's already plenty in the wild that grant access to notifications with deceptive buttons.
sheeptabout 2 hours ago
The similar <geolocation> element has clickjacking prevention enforced by the browser[0], and even if the website finds a way around it, it still shows the normal permission prompt.[1]

[0]: https://developer.mozilla.org/en-US/docs/Web/API/HTMLGeoloca...

[1]: https://mdn.github.io/dom-examples/geolocation-element/basic... (requires Chromium)

cwmooreabout 3 hours ago
“targeted and functional controls for accessing camera and microphone streams”