It's obvious what GP meant - we can verify that the apps we download are the apps everyone else downloads.

We can't do this with Proton where our mail is supposedly end-to-end encrypted. They can easily view our mail if they can send us a different code when we load their site.

> That isn't what "sandboxed" means, it has nothing to do with checking hashes. And no, mobile apps are not really sandboxed

Apps ARE somewhat sandboxes and GP didn't mean than sandboxing == checking hashes. It was 2 sentences appearing one after the other.

You cannot. An app can update just like a browser tab. In fact, a very many apps are just frickin' webviews.

Well, you can verify that the code that you downloaded is the same that everyone else downloaded. Even if it contains webviews.

Now if it contains webviews, it brings the security issue of... the webapps, of course.

Personally, I want an open source app. You can audit an open source app and even compile it yourself. You can't really do that with a website. And I don't mean just mobile apps, that applies to desktop apps, too. I wouldn't run a web-based terminal, for instance (do people actually do that?).

>Well, you can verify that the code that you downloaded is the same that everyone else downloaded. Even if it contains webviews.

Not impossible to do with websites, if the need to do it was there. It would take about 15 minutes to create a browser extension that could make a hash of all the files loaded, to compare with other users with the extension installed - but honestly that's just not needed because if you're connecting via HTTPS, then you're getting the files that are intended to be served, presumably not malicious if you trust the source. And if you don't trust the source, then why are you loading it to begin with??

>Now if it contains webviews, it brings the security issue of... the webapps, of course.

Web applications are sandboxed in the web browser. Very little issue with that, outside of browser bugs/exploits, but bugs and exploits are found in every system ever.

>I wouldn't run a web-based terminal, for instance (do people actually do that?).

AWS has a web-based terminal for EC2 instances. It's not a problem, a lot of people use it.

> It would take about 15 minutes to create a browser extension that could make a hash of all the files loaded, to compare with other users with the extension installed

You completely underestimate it. I am absolutely certain that you cannot create a browser extension that meaningfully solves this problem in 15 minutes.

> Web applications are sandboxed in the web browser. Very little issue with that

Except that when we are talking about end-to-end encryption, the sandbox has nothing to do with it. The sandbox defends against something else, not the server serving you an end-to-end encryption program abusing it.

> AWS has a web-based terminal for EC2 instances. It's not a problem, a lot of people use it.

I genuinely can't see if you just don't understand the point being discussed at all, or if you keep saying off-topic things as a way to divert the discussion.

>You completely underestimate it. I am absolutely certain that you cannot create a browser extension that meaningfully solves this problem in 15 minutes.

You are absolutely wrong. I write browser extensions, I can spin up a new one in a minute, and the code to monitor and hash all resources loaded by a webpage is trivially easy to do. It would be simple to set up a server to allow comparing the hashes, in a POC. I'm not talking about making this a robust service that everyone can use, I'm only talking about how easy it is to do in a general way. It's far easier than you think it is.

>>>I wouldn't run a web-based terminal, for instance (do people actually do that?).

>> AWS has a web-based terminal for EC2 instances. It's not a problem, a lot of people use it.

>I genuinely can't see if you just don't understand the point being discussed at all, or if you keep saying off-topic things as a way to divert the discussion.

You're right, I certainly don't understand the nonsense you're trying to convey.

I'm also tired of this pointless internet interaction. Goodbye.

> I'm not talking about making this a robust service that everyone can use

Right. So you cannot do it. Thank you.

> I'm also tired of this pointless internet interaction. Goodbye.

Seems to me that you don't enjoy discussing with people who behave like jerks, which I admittedly did, just for you). You may not have realised it, but you started it. I am happy to disagree in a respectful tone, but you broke it first. Maybe that's something to think about in your next totally meaningful internet interaction, though it sounds like you like telling others that you know better because you are older.

>We can't do this with Proton where our mail is supposedly end-to-end encrypted. They can easily view our mail if they can send us a different code when we load their site.

That isn't a problem with how the web works vs how apps work, that's a problem with you trusting Protonmail.

If you really wanted to be secure sending an email or any communication, you wouldn't trust any third party, be it an app or a website - you would encrypt your message on an air-gapped system, preferably a minimal known safe linux installation, and move the encrypted file to a USB, and then insert the USB into a system with network access, and then send the encrypted file to your destination through any service out there, even plain old unencrypted http would work at that point, because your message is already encrypted.

The second you give your unencrypted message to any third-party on any device with an input box and a network connection, is the moment you made it public. If I had to be extremely sure that my message isn't read by anyone else, typing it into a mobile app or a web browser isn't the place I'd start - it would only be done as a last resort.

That is a problem with you not understanding how security works.

> If you really wanted to be secure

There is no such thing as "being really secure". There are threat models, and implementations that defend you against them. Because you can't prevent a bulldozer from destroying your front door does not mean that it is useless to ever lock it.

Even your air-gapped example is wrong, because it means that you have to trust that system (unless you are capable of building a computer from scratch in your garage, which I doubt).

Sending an encrypted over the Signal app is a lot more secure than sending an email over the ProtonMail website, which itself is more secure than sending it in a non-secret Telegram channel. It's a gradient, it can be "more" or "less" secure, it doesn't have to be "all or nothing" as you seem to believe.

>That is a problem with you not understanding how security works.

That's hilariously wrong.

>There is no such thing as "being really secure".

Sure there is. "Being really secure" isn't what I said at all, and it's a vague statement to make. You're reaching to create an internet argument, and I'm frankly bored of this, you're out of your depth.

>Even your air-gapped example is wrong, because it means that you have to trust that system

I'd trust a system that I set up. I'm not going to do it on a system that you set up, that much is for certain.

> (unless you are capable of building a computer from scratch in your garage, which I doubt).

I still have an EPROM burner, so yes, I could, and I have.

>Sending an encrypted over the Signal app is a lot more secure than sending an email over the ProtonMail website

If you really think that, then nobody should be taking security advice from you.

I'm really tired of this pointless internet interaction. Goodbye.

> I'm really tired of this pointless internet interaction. Goodbye.

Good, that was my goal. Next time maybe don't start it.

> And that you can't check the "hash" of the webapp, like you can with an app?

Can someone reading this make an addon for this?

Meta and Cloudflare did something like that for WhatsApp Web, there is a nice blog post about it here: https://blog.cloudflare.com/key-transparency/

Now it only ensures that Cloudflare doesn't tamper with the WhatsApp Web code they serve, you still have to trust Meta.

I feel like reaching the same level as "checking the hash for the app" would be very hard in practice. I.e. the web is not built around doing that. Your extension would have to scan all the files you download when you reach a page, somehow make a hash of it, somehow compare it to... something, but then make the difference between "tampered with" and "just a normal update".

Also you just can't "download the sources, audit them and compile them yourself" with a webapp. If you do that, it's just "an app built with web tech", like Electron, I guess?

Being required to use an Android app sucks and is annoying, but an AOSP VM would solve the issue. Perhaps MITM-ing the app would be harder than MITM-ing a site without reversing the app. And not everyone has the hardware resources for an Android VM.

But for me the main issues with "you need our app" BS is that they don't give you the apk but tell you to download it from the Google Play Store. They don't give you the source for the apk as well, as if it's such a huge trade secret how some shitty API works. The worst offenders ask for all the attestation shit (unrooted phone and so on). That's what's wrong with apps vs sites, not just the format itself. We should fight for FOSS apks with no attestation if companies want to invest so heavily in apps.

> Computers screens have gotten wider and wider, and UIs bigger and bigger

Sadly, most websites forcefully limit the width of the text. It's like they pretend our monitors are oriented to be tall rather than wide. Even HN has unnecessarily big margins. So unless I try to cram another window in my FHD monitor, I have ~50% or more completely wasted space. Margins should be 2-3 pixels wide, not 20-30% of the screen.

There are actual user studies to show that wider text is harder to read. https://baymard.com/blog/line-length-readability

The major difference is that in the era of print, it was pretty logical where a multicolumn wide layout could go like on a newspaper, but in an desktop experience the browser markup is theoretically endless.

The studies go back way earlier than that; there's a reason why they call them "newspaper columns"

afaict it applies to literally everyone. there's a variable "sweet spot" of course, but once you get out to "extremely wide" it's reliably worse for everyone, and there are LOADS of computer monitors that qualify for that label.

margins to control the width of large blocks of text have a ton of research in their favor, it's not just "more whitespace = more gooder" UI design madness. there's some of that of course, but there's a sane core underneath it all.

Solution: rotate your monitor 90 degrees, and inform your OS that you have done so. Now your monitor is 1080x1920. You'll actually be amazed how much more of a document fits on screen without sacrificing readability.

Preach. I have 4 monitors and one is a vertical 1440x2560. Massive productivity boost - terminals running claude code, reading docs, IDE panes, anything with lots of scrolling. Highly recommend it!

> I personally find the idea of doing homework on my phone horrifying but I suppose kids today are either used to it and comfortable with it, or they've simply never used a computer and don't know what they're missing. Though I'd wager they probably aren't comfortable typing on a keyboard.

First hand from a couple of ~16 year olds I know. Definitely not a representative sample. Some know how to type at an acceptable speed. They're awful at shortcuts (alt-tab, many of the browser shortcuts that also present in many other programs (ctrl-w,-t,-s,-q) and most text-selection and movement shortcuts (ctrl-a,-x,-c,-v and (ctrl-)shift-left,-right)) so they navigate clumsily compared to us. They feel awkward when performing simple tasks but they do it faster than on a smartphone. They don't understand some of the terms and abstractions, likely because the smartphones keep that away from them.

Seeing them navigate things like homework or spreadsheets or multiple tabs in a browser from a smartphone is like watching a caveman trying to use a piece of brittle rock as a hammer. It will work in the end, but it's slow. I haven't looked at them closely enough, but I doubt they can comfortably keep more than 10 tabs open and navigate between them with the same speed as on a laptop or a desktop. I assume their browsing habits are qualitatively different than ours because of that. You can't really do adequate research on a smartphone.

My partner is a therapist and so I wind up in a lot of therapist groups and support groups for therapists. Many of them are youth therapists. I also coach kids and help coordinate youth athletics. My best friend is also a middle school teacher, along with his partner. So I think I have a decent grasp on where kids are at nowadays. At least in my area.

Most people I know who work with kids agree that the majority of children nowadays lack basic skills that will really handicap them in life. From a lack of basic reading/writing/typing/math skills to an ability to handle any kind of confrontation. The anti-social stuff is really, really bad and it compounds as life goes on, where kids never learn skills as they need to. Avoidance is really prevalent in people nowadays and this leads to never learning or atrophying basic skill sets. Then it also leads to not learning how to learn, or asking for help, etc.

Kids also lack the basic ability to put a series of tasks together to accomplish a larger goal. Critical thinking is severely lacking. Kids have grown up being able to ask a search engine a question or have an AI do tasks for them. The ability to understand how things work, then manipulate those things to meet a goal is just not there for a large amount of kids. I think we really need to bring back things like shop class, home ec, etc to get kids using their hands more. Kids need to be able to have an idea and then implement it in the real world. This is a skill I rarely see in kids nowadays. Way too often kids are told to avoid making mistakes and to get someone/something else to do things for them. The agency is just not there.

I really feel terrible for a lot of kids nowadays. Luckily, since I work with athletics and STEM kids, most of my tribe are eager to learn and move about. This is definitely not the norm nowadays though. My teacher friends are really struggling to feel like they're making a difference or benefitting these kids. It's sad because the problems are mostly related to their parents, not really the school system.

It kind of sound to me like you're surrounded by a lot of people who will tell you stories about kids, but only the ones who are having problems. Either because there's a selection that happened before they even encountered the kids (being a therapist), or because there's just no reason to talk about the ones that are doing fine (teacher)

> skills to an ability to handle any kind of confrontation. > Avoidance is really prevalent in people nowadays

I see both of those in plenty of middle aged people (my age). Conflict is a hard skill to learn, and avoidance often works.

When dealing with someone who maximally escalates, avoidance can be the alternative to violence.

> [Conflict] Avoidance is really prevalent in people nowadays

Nowadays? Fight Club was joking about it quarter century ago. Relevant clip:

https://youtu.be/WWNrPCakd2I?si=tOaYgRd3g0Zarbzl&t=8

Western society is made of the weaklings (I think the term nowadays is snowflakes) who will do anything to avoid fight/conflict, I realized it when I returned back after few years in China and saw everywhere these weak people. In China you have to be rude/fast to survive, ignoring other people's interests.

Same experience when I was kid before serving in military vs after serving in military, you really grow up fast over there from teenager.

They should be teaching assertiveness in the schools, western people will nowadays just complain on internet (internet heroes) or find excuse "oh it's just a dollar" to avoid conflict instead of complaining directly where it's suitable.

Interesting (I read this all) and wonder if it is a local issue vs a larger issue? Meaning are you seeing the influence of your local social economy class and how they parent?

I'm guessing this is a urban city area of upper middle class? I could be completely off.

> For that reason when I'm hiring I've stopped asking for someone's previous salary, and just ask them what they want instead.

Why don't you post what you're paying in the job ad/offer? Some people even skip ads without a salary or a salary range because of all the uncertainty. As a potential employee somewhere, you've obviously already calculated a range or a fixed number - so why ask the employee?

Everyone just says the top of the range.

I wish I could select "between 2.5 and 6 minutes". That search can translate to 2 queries to YouTube (<4 and 4-20), then the results can be combined and pruned to keep only those between 2.5 and 6. To get enough videos if there aren't enough after pruning, we could access the 2nd, 3rd and so on pages from the results. But I doubt YouTube will like 6 searches in a row.

Yea and I'm doubtful we'll see a service willing to do their own post-processing per-query while also being at the whim of Youtube's API (official or not).

Ultimately, I would like these features to come to Youtube itself since there's a lot of nice features built into it that would be hard for a third-party to replicate without permission (such as playing videos inline on hover, with captions).

I doubt it will ever happen. This is Google after all, not a small company we can hope will get it right after a while. They've left the search parameters shitty for years. Google, arguably the most advanced search company ever, can't make an efficient filter for custom time ranges? They obviously can, but, as other comments have noted, they seem to think that good search is an anti-feature.

> It was a short, not a normal video mind you.

If anyone doesn't know, you can change shorts/<ID> with watch?v=<ID> in the URL and it gives you the same UI as for other videos, including the controls (the time line). Not sure why YouTube doesn't have controls for shorts. I've seen some Facebook videos not having controls, either, when I've been sent a link. I imagine it's the same for Instagram and TikTok.

In electric kettles or a microwave or even in a moka pot or another small container on a decent induction stove it's just 2-3 minutes. There was a video I can't find where they increased the voltage or something for a kettle and at one point it boiled the water in like 10-15 seconds.

Technology Connections?

https://youtu.be/INZybkX8tLI

It was another, shorter video, not by TC. Just different voltages (or maybe there were other variables) one after the other until the water boiled really quickly and afterwards the kettle blew a fuse or broke (can't remember).

I guess many people have tried doing something like this. But I'll watch TC's video, too - he hasn't disappointed me so far.

Edit: Watched it. Not the same video, but this one had a lot more info and troubleshooting than what the one I had in mind.

Most countries could easily adapt to other types of food. There are multiple source for carbs, fat and proteins, as well for various micronutrients. Some countries where obesity is rampant could also adapt to eating a lot less than they do now. That would bring the number from 3 (assuming that's true) to a lot more.