from the now-you-see-it-now-you-don't dept.
Where's our data, Google? Chrome 79 update 'a catastrophe' for Android devs with WebView apps:
A change to the location of profile data in Chrome 79 on Android, the new version rolling out now, means that applications using the WebView component lose data stored locally.
"This is a catastrophe; our users' data are being deleted as they receive the update," complained one developer.
[...] Google said it has halted the rollout, which is estimated at 50 per cent of devices.
The problem appears to stem from a change to the location of profile data in Chromium, the open source project on which Google Chrome is based. Some applications, such as those built with Apache Cordova, use the WebView component extensively, and in these cases the location of local data is determined by this component.
The upgrade to Chrome 79 should migrate this data to the new location, but a Chromium engineer remarked that "unfortunately local storage was missed off the list of files migrated."
[...] It gets worse. "There are several more missed migrations. 'databases' contains the websql dbs 'QuotaManager', and 'QuotaManager-journal' tracks site storage quotas," said another engineer.
One would think that after the deleting of user's files by a Microsoft Windows auto-update raised such a backlash, that testing for loss of data would be a top priority.
(Score: 5, Insightful) by VLM on Wednesday December 18 2019, @12:58PM (4 children)
Its not your data if its inside someone elses locked down auto-updating cloudy corporate software.
The biggest problem chrome has can be seen in many other corporate software products; got a hundred well paid devs who NEED to "innovate" by random unwanted changes, or else they'll get downsized and the project will have about as many paid employees as gpsd or home-assistant.io (single digits). So we get "innovation" that mostly screws stuff up requiring more effort to fix etc.
Really the worst thing that could ever happen to something like home-assistant.io would be getting bought by {insert random megacorporation name} and 100x the devs now need to create 100x busywork, ruining the software.
(Score: 0) by Anonymous Coward on Wednesday December 18 2019, @01:25PM (2 children)
RTFA.
It's locally stored data that is now being stored elsewhere on android devices -- without migrating existing date or notifying the thousands of third-party developers who use Webview
Which makes the fuck up even *more* idiotic.
But hey. What do you want for nothing? Your money back?
(Score: 4, Insightful) by Anonymous Coward on Wednesday December 18 2019, @01:44PM
You don't control the application. You don't control the updates. You don't control what it does with your data. You only THINK you do. And updates like this show you just how precarious of a position that is to be in.
Helps people better understand why before the cloud so many people kept using the same applications for years or decades without feeling the need to upgrade. There is a certain security in it compared to a random slew of new bugs, changes, and omissions in later revisions of a software application or platform.
(Score: 2) by maxwell demon on Wednesday December 18 2019, @04:15PM
Since you pay with your data, you should demand your data back.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Insightful) by legont on Wednesday December 18 2019, @07:09PM
Exactly.
I would like to add that there is perhaps a deeper reason for this kind of innovation, namely the way inflation is calculated. If a car gets another cap holder and a corresponding price increase, it is not counted as inflation. The reported overall car's prices stay the same even though one can't get a car for the old price (presumably without the extra holder).
This strategy makes it possible to claim low inflation and allows money printing. Some, if not most of the innovation is an accounting scam designed to rob middle class.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 4, Insightful) by Nuke on Wednesday December 18 2019, @01:41PM (12 children)
It is assumed that anyone using local storage these days is some kind of eccentric crackpot dinosaur who deserves to be locked up and left behind. Local storage is not given a moment's thought by these hip developers.
(Score: 3, Interesting) by pdfernhout on Wednesday December 18 2019, @02:19PM (11 children)
LocalStorage and IndexedDB are useful as caches or to store trivial-to-reconfigure preferences, but I explain here why I gave up on them as a primary store of data and accepted that data needs to be stored in a server even if it is just running on the same machine as the web browser:
https://pdfernhout.net/thunderbirds-are-grow-manifesto.html [pdfernhout.net]
=====
For example, here is a Firefox issue I filed a year and a half ago [2014], and is still unfixed, related to IndexedDB. I discovered it while trying to write a JavaScript IDE that ran purely within Firefox. Essentially, almost nobody cares about it, even to disagree whether it should be fixed.
"IndexedDB same-origin policy implementation for local files with query string"
https://bugzilla.mozilla.org/show_bug.cgi?id=1005634 [mozilla.org]
As I eventually wrote there in a bit of frustration a couple months ago:
"In general, and given that this (in my opinion) bug has been sitting around for so long (both on the user side and on the Mozilla side), it seems to me this situation relates in part to changing cultural expectations on the use of a web browser. For me, I increasingly see the web browser with JavaScript as a new non-proprietary well-supported cross-platform technology to deliver applications of all sorts for the desktop, mobile, and embedded (a bit like the proprietary VisualWorks Smalltalk could do in the 1980s way before Java). I can think that even if at the same time I feel we should have better standards for exchanging information in structured ways. To me, the app part of that means a web browser should fully support running applications from local files including all functionality -- but in a "sandbox" with fine-grained security permissions (something any OS should ideally be supporting from the ground up for all apps and subapps, but that's another story). Full functionality could include support for peer-to-peer web browser interactions without the need for a central server (like WebRTC moves towards). However, I get the feeling most people using web browsers (including likely many at Mozilla) still see a web browser as something always connecting to servers which host web pages. Even Mozilla's Webmaker movement focuses on using a server to make content, not to edit local files. To make things worse, web site creators have adopted approaches involving loading code from many sites just to make basic functionality work (which is also in part based on a third-party-advertising-based revenue model). So, thinking through this sort of security issues related to running code from local files is presumably not a priority or seems just [too] big an issue to wrestle with. So, it is easier to just deny all access as much as possible when loading from files (as a choice between security and convenience, as opposed to devoting substantial resources to innovation to deliver both security and convenience). In many ways the entire web browser security model (including with per-origin cookies) was unfortunately just not well thought through from the start. As Jeremiah Grossman suggests, "... Web Security is Fundamentally Broken". Opening files saved from the web in FireFox pushes on pain points from a fundamentally broken web security model. ... [A possible resolution] might even end up with local pages being served from some internal webserver in FireFox and other browsers as some sort of new "local web server for browsers" standard? ... Until then, it seems the most predictable behavior results from running apps from local servers (like say NodeJS wrapped into a desktop application), which at least then just creates the usual security and user expectation issues and not extra ones and additional confusion from loading directly from files. It's a sad situation though. ..."
You know where the code I wrote on Firefox actually works as I might expect? Chrome. :-(
So, as I know from personal experience (and don't get me started on Mozilla's WebSQL decision), Firefox does not seem to really prioritize making it easy for developers to store local data in the web browser in a generally usable way -- or to load fully useable web pages that are stored in local files. Yes there are good reasons for most of of Firefox's security and standards decisions -- but having good theoretical reasons doesn't matter if the end result is still unusable in practice. :-( https://en.wikipedia.org/wiki/Usage_share_of_web_browsers [wikipedia.org]
But, it is not just Mozilla's choices here. As Daniel Glazman wrote: "The dismissal of the File API a while ago is one of the crucial holes in the platform."
The biggest challenge of the 21st century: the irony of technologies of abundance used by scarcity-minded people.
(Score: 3, Interesting) by barbara hudson on Wednesday December 18 2019, @04:56PM (10 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 3, Interesting) by HiThere on Wednesday December 18 2019, @06:56PM (9 children)
Maybe. The last time I checked into using Java the GUI interface was so poorly documented that I decided to use wxPython. And I've built Java GUIs before, though admittedly not in the last couple of decades.
Recently GUI interface tools seem to be going to hell. Qt want's you to use their automated screen builder, GTK is poorly documented. Fltk is poorly documented. Etc. Even with wx, the C++ version had bugs that made the screen unbuildable for undecipherable reasons. (Somebody had posted it as a bug a year ago, but I couldn't find a resolution.), where wxPython, which is built on the underlying same code, worked without problems.
My guess is that native code GUIs are being ignored and turned into craft secrets. Everybody is expected to use web interfaces, which is an extremely poor choice for my purposes.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by arslan on Wednesday December 18 2019, @11:17PM (8 children)
Umm... have you use VSCode or Atom IDEs? They're local IDEs written in Javascript. VSCode in particular is gaining user share very rapidly. I've done a lot of Swing Dev before in the 90s.
Heck I've used at least 2 different internally created UI framework over Swing to allow rapid dev. They end up looking like HTML. One of them was called PDML (Panel definition Markup Language) where you layout your UI declaratively with hooks back into our Java code for UI events - guess what that's how the HTML DOM behaves.
(Score: 2) by barbara hudson on Thursday December 19 2019, @12:18AM (3 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by arslan on Thursday December 19 2019, @04:41AM (2 children)
It is easy to be an armchair critic. Perhaps you'd like to share better alternatives, I'd be more than happy to look at better alternatives - so please enlighten us.
(Score: 2) by barbara hudson on Thursday December 19 2019, @06:43PM (1 child)
Simple - anything except a web browser. How hard was that, given that we know that the more links in a chain, the weaker the chain, and the web browser is a really weak link.
It would probably have been easier to harden Flash, since it wasn't trying to be and do everything - until it too fell into the same trap.
The more features you have, the more formats you support, the more you're screwed, and the more hoops you have to jump through.
To get back to essentials, the first question is do we even need a GUI? Many/most applications don't.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by arslan on Thursday December 19 2019, @10:39PM
"Don't use this" isn't really an alternative. I sure hope you're not proposing Flash...
And yes, some problems don't need a GUI, but fact is there still is a need to for GUIs in some cases, hence a good UI dev platform.
(Score: 3, Interesting) by HiThere on Thursday December 19 2019, @01:06AM (3 children)
Somehow I think you didn't understand my comment. Visual Studio is not something I would consider. ... Yeah, I did some GUIs with Visual Basic (actually MSAccess) back in the late 1990's. They worked. But that's not the environment I'm interested in anymore. Java at least is portable. And I don't consider looking like HTML a plus.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Informative) by arslan on Thursday December 19 2019, @04:27AM (2 children)
VSCode has nothing to do with Visual Studio. The only thing similar is it inherited the initials. It is also a desktop IDE like you get with eclipse/intellij, not a in browser thingie.
(Score: 2) by HiThere on Thursday December 19 2019, @04:41PM (1 child)
If that's true, you couldn't prove it from the search results I got. And it's not in the Debian system repository, so I'd need a good reason to trust it before trying it.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by arslan on Thursday December 19 2019, @10:42PM
That comment does absolutely nothing to validate your claims it is Visual Studio... I'm just pointing out to you that it isn't Visual Studio. Trust what you want or don't, I don't care.
(Score: 4, Insightful) by Anonymous Coward on Wednesday December 18 2019, @01:54PM (1 child)
Yes friends, from simple crashes and downtime, to backdoors and telemetry, and now data obliteration, automatic updates, and better yet, FORCED automatic updates, are bringing all the features of your favorite malware straight to your device! Even easier than going out to a sketchy website, if it isn't compromised out of the box, your favorite tech giants will go far out of its way to bring malware, spyware and even ransomware features straight to you, FOR FREE! Move over Russian hackers, the tech giants are here to stay! They're really stepping up to keep your business here!
...er, oh yeah, updates are... something something... security, yeah, they're... security. Yeah, that'll work.
(Score: 2) by arslan on Thursday December 19 2019, @10:46PM
I'm not a big fan of auto-updates either and I'd rather have control of when and how. However, I can see the flip side where there's a big chunk of non-techie users who would _never_ update/patch if left to their own and a lot of issues are caused by compromised assets.
Short of stripping the sheeple, and bear in mind they massively outnumber us geeks, of their shiny devices - what do you propose?
(Score: 0) by Anonymous Coward on Wednesday December 18 2019, @02:12PM (3 children)
Will be interesting to see how much the next Chrome "un-does". It probably won't stop removing the "www" from the displayed URL, but one can hope that the higher ups will now start looking a little more closely at what their minions are doing.
(Score: 1, Interesting) by Anonymous Coward on Wednesday December 18 2019, @04:40PM (1 child)
In the case of eliminating WWW, I'm pretty sure the higher ups knew, and likely ordered it. They've wanted that "feature" for a while.
(Score: 2) by HiThere on Wednesday December 18 2019, @07:00PM
I'm not sure whether your assertion that it's a top-down request is correct, but it's definitely another reason I'd never use Chrome. My first reason is that I don't like the way it handles bookmarks, but since then lots of other reasons have appeared.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Wednesday December 18 2019, @07:01PM
Please let me know. I don't use that garbage, so I won't be able to see for myself.
On second thought, don't bother -- I don't care.
(Score: 5, Insightful) by The Shire on Wednesday December 18 2019, @05:19PM
Or is this Google telling you not to use data that isn't visible to them on their own cloud servers.
In other words, give us your user data or risk losing it all.
Mob henchmen voice: "Sure would be a pity if something bad happened to your clients data now wouldn't it. Maybe you should let us hold on to it for ya."
(Score: 0) by Anonymous Coward on Wednesday December 18 2019, @06:40PM (1 child)
in my opinion, perfect code does not lead to well compensated developers so we get the slop we see today
(Score: 2) by barbara hudson on Thursday December 19 2019, @03:50AM
People who write shit code on the other hand can't be fired because nobody else understands stun that looks like a winner in an obfuscated code contest. So over time, code tends to degrade as a job security technique.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.