So much fighting over how best to draw the UI that will launch various instances of the Chrome engine.
Want to know why everything is written in Electron or as a web app? Because literally every desktop platform over the last decade has decided to play design and engineering games instead of just make a really solid stable base to write apps on top of.
I don't think that's really the reason for Electron's popularity. While GTK and Qt are cross-platform, my (limited, to be fair) experience with building for multiple platforms was that it was a huge pain in the ass, and Windows and macOS platform integration often felt clunky and out of place.
The big draw for Electron is that we have way way way more web developers out there these days than native-code desktop UI developers, so it's easy to leverage those people and get results fairly quickly, even if the resulting apps don't really conform to any desktop's standard look-and-feel (which I guess avoids the uncanny valley effect of cross-platform toolkits that try to be native, but fail in subtle and not-so-subtle ways). People can even just (sorta) repackage their existing webapp, and end up with more or less a single code base for all desktop platforms + web.
I do agree with you that most of the desktop platforms are pretty annoying to develop for if you want a solid, stable base, but I don't think that's the prevailing reason for Electron's uptake.
My experience of building an electron application for multiple platforms was similarly painful. When you are writing native specific code, you have to write native specific code regardless of if you use Qt or electron. Something has to interface with the operating system. Either you use someone else's code that is cross platform, or you write your own cross platform code.
It's way easier to develop and customize a user interface with the building blocks found in a browser, rather than doing the same with Gtk or QT. To the extent that those have gotten easier, they are emulating html+js+css.
I'm not sure how they've kept up, as I haven't used Qt in some time, but back in the 4.x days the documentation was absolutely stellar. Extremely thorough and almost every non-trivial feature came with code samples. I couldn't for the life of me understand why anyone was using GTK at the time.
My point is not about lack of usability or documentation. Rather that the nature of HTML+CSS+JS lets you do things you can't do as easily in either GTK or QT. In the latter, yes you can easily achieve a certain kind of UI, but not deviate from it, and even formatting/displaying a significant amount of information that doesn't fit into one of the classic widgets can be a bit of a pain.
That depends a lot on what you're used to. It takes me far less time to implement a custom widget that can format/display a significant amount of information that doesn't fit into one of the classic widgets than it takes me to fiddle with CSS to get it to center things correctly ¯\_(ツ)_/¯.
a big part of why browser engines are so unwieldy is the implied compatibility with every website ever, right?
but the "way way more web developers" you mention are not, at least in the context of electron apps, interested in that feature except tangentially..
so while everyone knows a full web-ready browser engine is impractical to design from scratch, maybe a simplified engine that supports a conservative subset of best-practices web-style design is in order?
There are a bunch of “small subset of HTML” UI toolkits already. The first that comes to mind is Sciter: https://sciter.com/ which bundles QuickJS interpreter, built in support for React-like syntax, and a HTML/CSS like markup and rendering environment. You’ll see on the homepage how it’s used in many products you might have heard of.
The issue here is re-use - Sciter is small and very fast, but won’t run an arbitrary existing web app that targets Chrome. Maybe you could argue for a middler-ground, add more HTML features to Sciter until it can run “most” things… but you’ll end up back to having the whole banana.
That's a really interesting idea, but in practice you might find that the "conservative sunset" ends up being different for every toolkit and developer.
Maybe something a bit opinionated, like a React Native-only runtime, could fit the bill here.
TCL/TK is still both easier than electron and will produce nicer apps. I think the Electron thing is the result of the popularity of web development more than native API failures (other than mobile development being an incredible pain in the ass.)
And then the calculator app, which is native, is wrapped up in some sort of isolating container that makes it take as long to start up as an electron app.
I sometimes, by accident, launched LibreOffice Calc. It launched faster than the calculator app :). I believe they changed that. The calculator app isn't shipped in a snap package anymore.
OpenBSD went that route, and when they introduced pledge(2) and later unveil(2), they've applied these to every single program in the base system (over the course of a single release cycle!).
There's absolutely zero reason for bc(1) to accept network connections, or for grep(1) to execve(2) into arbitrary programs. But both of these programs need to process and interpret arbitrary input, which makes them potential targets for exploits.
You don't technically "need" security, just like you don't "need" seatbelts... until you actually are in an accident.
Look, you gave the openbsd example, and that's the right way to do it.
Flatpack's are for packaged software-deployment, those are two different things.
Why the need for a sandbox if you could do it much cleaner with things like pledge? But in typical linux fashion, just put another layer on top the pile of garbage so it stop's to stink for a while.
>Well - why would I not want that?
Then please start with the most obvious application sometimes called kernel.
Instead of rigorously integrate something like SElinux they throw layers over layers of half-backed "sandboxes", up to the point to separate applications with Xen (Qube-os), then you find out about Meltdown, and we are back in 1990.
Pledge is a bad example, it isn't applied to a lot of packages in the ports tree and it's infeasible to do it for every program. In the end you'll find you end up with the same situation as Linux: another layer on top with daemons implementing blanket security policies using pledge on behalf of the programs. Kind of like... a sandbox.
SELinux is also a bad example, even if you decide you're using that as the underlying technology you still need to implement a sandbox with various on top of it. SELinux does nothing without those rules.
No why? If you have the right (and correct) rules, SELinux absolutely act's as a "sandbox", that's exactly what i meant, a sandbox don't need's to be another layer of software. Run in your "namespace", can just create/access/execute/read your port, files, memory..that's it, that's a sandboxed application.
For example that "namespace-sandbox" is standard in Plan9/9front...without any additional software, just the filesystem and 9p.
Yeah but I mean you still have to set up the sandbox rules and maintain them and the tools if you want a user-friendly sandbox or a nice GUI to manage it.
>For example that "namespace-sandbox" is standard in Plan9/9front...without any additional software, just the filesystem and 9p.
This is what I mean, Plan9 style mount namespaces are also available in Linux and are preferable to SELinux for containers and sandboxes because they're actually simpler and less trouble.
Because there is a push for software developers to be able to package directly for end users. Without devolving into the usual flame war of whether it's a good idea or not, once you install any piece of software you incur some security risks. It's not like distro maintainers are a 100% guarantee there won't be a backdoor in the binary, and compiling software from source doesn't free you from risks either, unless you code-review everything you install.
My point is, containerisation on Linux isn't necessarily slow—in fact it's unnoticeable if implemented correctly—and I prefer to default to having a decent amount of security by containerising as much software as I can, whatever the origin. Including, and especially software like the calculator, since it should not be able to do anything more than show a GUI and add numbers together.
That's not what i asked, why do you trust a no name dev more then the distro your kernel is coming from? And do you really think flatpack prevents you from running packed malware?
Why do you assume the flatpak comes from a no name dev? My calculator flatpak comes from the same people who wrote it, and I obviously trust them, otherwise I wouldn't be using their application.
So why should I trust them less than my distribution?
With my calculator flatpak I only have to trust one person and to a much lesser degree, because they declared that the calculator can't access my personal files to begin with. The same app in my distribution repository has full read-write access to all my users files, network access and much more. So yeah, I trust it more.
Distribution maintainers are nothing but a middle man, which don't even audit the code they package, so there's nothing I gain from them.
In my particular case: I don't want to wait months or even years for updates to arrive in my distribution. With the Flatpak version I get updates usually on the same day they are published, since the Flatpak is also maintained by the calculator developers, and I also get a calculator which can't access my ssh keys or the internet, due to sandboxing. And in case of any breakage, I can also quickly roll back to the last version.
Without flatpak I'd need to use some rolling release distribution, where not just a few applications get updated quickly, but also the rest of the system, which I'm not interested in.
I once installed Linux with Gnome 3 on a USB stick and used that as my primary operating system for six months. My number one application was a web browser. I don't think I ever bothered installing anything other than code editors, language runtimes/compilers and steam. Gnome works just fine.
The only annoyance was the breakage that Wayland introduced in 2016. Suddenly you couldn't screen capture the whole screen anymore. It's kinda the same issue as switching from python 2 to 3 but the difference here is that it is a major upgrade that is worth the effort. The reasons why python 3 isn't backwards compatible are incredibly petty for the most part. However, firefox has received Wayland support for screensharing and some people developed a plugin for OBS. Wayland works just fine now too.
Want to know why everything is written in Electron or as a web app? Because literally every desktop platform over the last decade has decided to play design and engineering games instead of just make a really solid stable base to write apps on top of.