undefined | Better HN

0 pointsConst-me3y ago0 comments

I don't like another app store. Not as a user, nor as a developer.

I would prefer first-class support for self publishing. Want to install some app, open some-app.com in a browser, and click "download" button.

The security issues should be solved with technical measures on the OS side. Modern phones have sufficient resources for proper sandboxing at the OS level. Modern ARM CPUs even support hardware-assisted virtualization. Virtualization might be an overkill for the problem though, there're simpler ways, like abusing multi-user nature of all modern OS kernels.

Modern phones have sufficient resources for verifying digital signatures. We already have relatively decentralized global infrastructure for that, not too expensive to buy a signing certificate from verisign/comodo/digicert/etc. Can be optional, as long as end users see a clear warning "you're installing an app of unknown identity. Continue?"

Software updates don't need to be centralized either. When a user installs 100 apps from 100 publishers, I think it's OK to run 100 small HTTP requests to web sites of different publishers, couple times a month when checking for updates.

0 comments

16 comments · 7 top-level

jnwatson3y ago· 4 in thread

If one could solve the app validation problem with OS enforcement, Apple and Google certainly would have already. (Though both have made incremental progress). They spend a huge amount of resources in the app review pipelines.

In particular, validating privacy policies is an unsolved area. How would one enforce that an app is allowed to access health data but doesn't forward it to the internet? One might envision some language environment that can track taint-style the flow of data through an application, but this seems beyond state-of-the-art.

holoduke3y ago

In future one can only do API calls via a Google owned firebase like environment. Your services need to run there and each service is reviewed and constantly monitored by smart AI bots who can detect abuse and flag your services as dangerous if needed and in result reject and remove your app from the app store. You can appeal against very smart AI which sometimes tell you what to do to resolve the issue by sending you a link of 1000 pages of terms and conditions. Google finally added a personal contact phone number for a developer. You can request support 24 hours per day. The extremely intelligent and responsive AI will solve every issue for you.

Const-meOP3y ago

> How would one enforce that an app is allowed to access health data but doesn't forward it to the internet?

User-mode code can’t do any IO or networking by itself. Instead, apps call OS kernels asking to open files or sockets for them.

It’s impossible to disable forwarding just for the health data, but it’s easy for an OS to completely disable any TCP/IP networking for an app which uses health data.

Apple and Google are struggling with that problem because in their ecosystems many developers rely on in-app advertisements, and Google is even running its own ads network.

orlp3y ago

> One might envision some language environment that can track taint-style the flow of data through an application, but this seems beyond state-of-the-art.

World of Warcraft has had this in its addon system for over 15 years: https://wowpedia.fandom.com/wiki/Secure_Execution_and_Tainti... . It completely controls the language (embedded Lua) and execution environment though.

saagarjha3y ago

Most developers are generally unable to write apps in an environment like this.

klabb33y ago· 2 in thread

> I don't like another app store.

Second this. The existing trust system of the web is much preferable to inventing closed store. Plus the web isn't going anywhere.

Here's what should happen:

Some site says "get our app". Click. A banner shows up showing the app name, icon, screenshots?, highlights the domain.

It declares what capabilities it needs, but most permissions are temporary and on-demand. Apps that have sensitive perms (mic, camera) are highlighted whenever they use it.

Aggregators, blogs, (heck even governments), trust pilot can all have their own ad hoc review systems and warn against whatever, for those that want. You could even have a pre-installed whitelist for extra safety for non-techies for all I care.

Ready to download? Just press get app. There can even be an option to run the app once if it's something stupid that should have been a web page. Once downloaded, the signature is verified against a tls cert.

Something like that.

saagarjha3y ago

> Some site says "get our app". Click. A banner shows up showing the app name, icon, screenshots?, highlights the domain.

> It declares what capabilities it needs, but most permissions are temporary and on-demand.

Remember when Android would give you a list of permissions that an app needs and everyone clicked through it because it was impossible to make an informed decision on what the app did?

klabb33y ago

Absolutely. This is partly a UX problem and partly user education. But yeah requiring all permissions upfront was a terrible model, but that was long ago.

m-p-33y ago· 2 in thread

I personally like the idea of repositories that F-Droid uses. Each app vendors could have their own repos that users subscribe to, but one of the strength you give up by moving away from a centralized app store is discoverability, but that didn't stop us from having great desktop softwares in the past, all distributed by the vendor/developer.

ncr1003y ago

I wonder if F-Droid can be a basis re-distribution to e.g commercial and other-managed app stores, today? IDK enough about F-Droid.

m-p-33y ago

F-Droid (the service) is focused on providing apps that are compiled by them using the original source code (they can redistribute the developers' APK if the build process is reproducible).

F-Droid (the client) is simply a way to easily access the F-Droid repository (which is there out of the box), but anyone can create a repository and male it available to be registered in the F-Droid client as another source, completely independent from the F-Droid service.

throw_a_grenade3y ago· 1 in thread

> I don't like another app store. Not as a user, nor as a developer.

> I would prefer first-class support for self publishing. Want to install some app, open some-app.com in a browser, and click "download" button.

Self-publishing, web-style, is suboptimal, because developers are never concerned about anything but their precious software. They're essentialy primadonnas who think that world revolves around them and computers around their "app". The results are predictable, resource utilisation of js-heavy websites is tested on high-end boxen with a single tab opened and various "self-publishing" bundles like Flatpack have 200× size vs normal deb packages. Well, I want to open more than 1 tab and install more than 1 software package, not necessarily on maxxed out machine.

And this is just technical issues, because after them there are social ones. DFSG and Social Contract are there for a reason, because far too many times software authors had in mind something other than user's best interest (two days ago there was a thread which started with lenovo, but quickly filled with plenty of other examples).

Maybe it's a good time to remember that PC stands for Personal Computer, not App Developer's.

Const-meOP3y ago

Some programs need gigabytes of memory, and all CPU cores, for legitimate reasons.

I believe the actual problem here is the UX. Modern operating systems aren’t doing a great job communicating per-app resource consumption to end users.

I think that can be solved at the OS level. Operating systems actually collecting that data: various task managers, powertop, netstat, etc. But they fail to present these values in a way which would alert users.

If the UX problem is solved, users wouldn’t be using resource-heavy apps for long. Then software developers would be motivated to pick better technologies for their apps, and/or optimize their code.

tremon3y ago

I would prefer first-class support for self publishing. Want to install some app, open some-app.com in a browser, and click "download" button.

Since the parent mentioned Debian: this is the model that Debian provides (and yum as well), and Ubuntu extensively uses: https://help.ubuntu.com/community/AptURL

Open some-app.com in a browser, click the apt:// button, and the system will not only install the requested app, but also use the configured channel for updating your apps.

There are numerous improvements to be made in this area, for example to automatically pin a package to an origin, or to limit third-party origins to only installing in /opt/$origin, but the mechanism has been available for two decades.

friend_and_foe3y ago

FYI you can host an f-droid repository of your own for your application, and f-droid users can keep up to date with it. If you host your own repo you don't even have to publish source code.

_nalply3y ago

That's a nice vision.

However there are other issues than security ones. Some stuff is not allowed, like for example doing some grown-up things (sorry to be so vague). Self-publishing only works if a third party efficiently controls forbidden things.

And that's an app store.

j / k navigate · click thread line to collapse

0 comments

16 comments · 7 top-level

jnwatson3y ago· 4 in thread

holoduke3y ago

Const-meOP3y ago

> How would one enforce that an app is allowed to access health data but doesn't forward it to the internet?

User-mode code can’t do any IO or networking by itself. Instead, apps call OS kernels asking to open files or sockets for them.

It’s impossible to disable forwarding just for the health data, but it’s easy for an OS to completely disable any TCP/IP networking for an app which uses health data.

Apple and Google are struggling with that problem because in their ecosystems many developers rely on in-app advertisements, and Google is even running its own ads network.

orlp3y ago

> One might envision some language environment that can track taint-style the flow of data through an application, but this seems beyond state-of-the-art.

saagarjha3y ago

Most developers are generally unable to write apps in an environment like this.

klabb33y ago· 2 in thread

> I don't like another app store.

Second this. The existing trust system of the web is much preferable to inventing closed store. Plus the web isn't going anywhere.

Here's what should happen:

Some site says "get our app". Click. A banner shows up showing the app name, icon, screenshots?, highlights the domain.

It declares what capabilities it needs, but most permissions are temporary and on-demand. Apps that have sensitive perms (mic, camera) are highlighted whenever they use it.

Something like that.

saagarjha3y ago

> Some site says "get our app". Click. A banner shows up showing the app name, icon, screenshots?, highlights the domain.

> It declares what capabilities it needs, but most permissions are temporary and on-demand.

Remember when Android would give you a list of permissions that an app needs and everyone clicked through it because it was impossible to make an informed decision on what the app did?

klabb33y ago

Absolutely. This is partly a UX problem and partly user education. But yeah requiring all permissions upfront was a terrible model, but that was long ago.

m-p-33y ago· 2 in thread

ncr1003y ago

I wonder if F-Droid can be a basis re-distribution to e.g commercial and other-managed app stores, today? IDK enough about F-Droid.

m-p-33y ago

F-Droid (the service) is focused on providing apps that are compiled by them using the original source code (they can redistribute the developers' APK if the build process is reproducible).

throw_a_grenade3y ago· 1 in thread

> I don't like another app store. Not as a user, nor as a developer.

> I would prefer first-class support for self publishing. Want to install some app, open some-app.com in a browser, and click "download" button.

Maybe it's a good time to remember that PC stands for Personal Computer, not App Developer's.

Const-meOP3y ago

Some programs need gigabytes of memory, and all CPU cores, for legitimate reasons.

I believe the actual problem here is the UX. Modern operating systems aren’t doing a great job communicating per-app resource consumption to end users.

tremon3y ago

I would prefer first-class support for self publishing. Want to install some app, open some-app.com in a browser, and click "download" button.

Since the parent mentioned Debian: this is the model that Debian provides (and yum as well), and Ubuntu extensively uses: https://help.ubuntu.com/community/AptURL

Open some-app.com in a browser, click the apt:// button, and the system will not only install the requested app, but also use the configured channel for updating your apps.

friend_and_foe3y ago

FYI you can host an f-droid repository of your own for your application, and f-droid users can keep up to date with it. If you host your own repo you don't even have to publish source code.

_nalply3y ago

That's a nice vision.

And that's an app store.

j / k navigate · click thread line to collapse