Monday, November 18, 2019 [Tweets] [Favorites]

The Hotel Cupertino Clause

Alex Russell (Google employee):

There seems to be confusion about how, exactly, Apple keeps the web second-class on iOS. Understandable! It’s the interplay of several interlocking effects. Let’s examine them (thread).

First, no matter how app-like it is, Section 4.2 of the App Store Review Guidelines excludes web experiences from being discovered via the search box where users go to add things to their homescreen.

[…]

Next, Apple under-invests in Safari’s engine (WebKit) in ways that cumulatively make it difficult to do anything new and ambitious.

[…]

On every other OS, the way we have dealt with laggard browsers is through competition.

[…]

Section 2.5.6 is the Hotel Cupertino clause: you can pick any browser you like, but you can’t choose a better web. In fact, iOS prevents other browsers from even replacing Safari as the system default.

2.5.6 caps web progress at the rate that Apple (under) invests.

All of this has been done to preserve the linkage between proprietary OS/APIs, an exclusive software ecosystem, and the hardware sales that software ecosystem supports.

If you’re a web developer, this means that iOS -- the whole OS -- is the new IE6. Your CEO and wealthiest users won’t switch off it, so it taxes everything you do. They also can’t imagine the web being great because, for them, it isn’t.

Russ Bishop (Apple employee):

That’s rich, coming from the company that abused its #1 search position to drive adoption of Chrome, forked Blink from WebKit, and slams new APIs through without considering perf/privacy.

“Open Web” from Google is code for “whatever Is best for Google and ad-tech this week”

You were the ones that decided to fork from WebKit, dividing what had been the largest community of devs working on web technologies.

You did it because YOU want control of the web.

As if best battery life and privacy is “under-investing”.

Tony Arnold:

Google forking WebKit was a thin cover for breaking down standards bodies of the time.

It wasn’t altruistic. It wasn’t about users.

Google are an advertising company that uses their tech to gather data to better sell ads.

Miguel de Icaza (Microsoft employee):

1. This has the upside of preventing the web to have a single provider in the form of Chromium. This is the last bastion of defense for diverse engines.

2. It also slows down the standardization of fringe features that are done purely for Google’s needs and have no reason to be standardized.

Orta Therox (Microsoft Employee):

I’m pretty glad for the App Store rules that keep chrome from monopolizing all web browsers in every context, personally. Never been a Chrome user, but I think Safari do a good balance on user features vs dev wants.

Matt Aimonetti:

Both companies are terrible and both of you have valid points. Apple opts to be conservative and closed (therefore safer but also in a closed ecosystem), Google is pushing features, often for its own benefit, which leads to fragmentation and security threads

Yes, both companies are pursuing policies that benefit them and which they also think are better for users. Users have multiple concerns, which are only partially addressed by each browser.

On the Mac, I choose Safari because I like its emphasis on privacy, and I think it’s a better Mac app. But seemingly everyone I know who is not picky about such things uses Chrome because it’s always compatible. (Or, perhaps, it has such marketshare that sites are forced to adapt to it, but to the user that amounts to the same thing.) I am seeing increasingly many sites that don’t work properly with Safari, so for them I use Chrome or Firefox. The WebKit Goals for 2020 (via Hacker News) don’t have much to say about this. It also annoys me that Safari beachballs for a few seconds every time it auto-fills a login. So I am always tempted to switch, but I don’t like any of the other choices that much.

On iOS, of course, there is no choice. Microsoft famously got in trouble merely for privileging its browser, not actively blocking competing browsers from running.

Kyle Pflug:

There’s a third axis here, which is “good for competition.” It’s difficult to deny (at least, in good faith) that iOS policies have the effect of making it more difficult for compelling alternate device ecosystems to take root (Google Play policies do the same thing.)

The web has remarkable potential to be an equalizer and Apple is strongly disincentivized to invest in capabilities that enable that.

Even when there are also good-faith reasons to prefer a walled garden (and there are many), it’s hard to not notice the more cynical motivations.

Jamie Gaskins:

I really wish people would stop using the phrase “the new IE6”. There is literally nothing in web development today that compares to developing for IE6.

Nathanael Anderson:

Actually I tend to agree it is the new ie6. Been around since pre-ie6. IE6 froze API in that era; so all these cool new API were unusable because of IE6. Safari is doing the same thing now. Lots of new shipping api’s are unusable because of having to support iOS...

Bridger Maxwell:

FWIW, when I port features from my iOS app to the web app version it is often Safari that is missing the APIs. The little examples add up. For example, touch and scroll input APIs don’t support Retina resolutions yet (they are all whole numbers). Other browsers do.

There are lots of people making fun of Google for counting the number of Web APIs implemented. But what other metric would make sense? It’s pretty funny because in the early days Apple bragged about the percentage of Web specs Safari implemented vs. other browsers, and at each WWDC it touts the number of new iOS and macOS APIs that it’s added.

Previously:

Update (2019-11-20): Apple responds to Congress (via Hacker News):

Users cannot uninstall Safari, which is an essential part of iPhone functionality; however, users have many alternative third-party browsers they can download from the App Store.

[…]

iPhone users cannot set another browser as the default browser. Safari is one of the apps that Apple believes defines the core user experience on iOS, with industry-leading security and privacy features.

[…]

The purpose of this rule is to protect user privacy and security. Nefarious websites have analyzed other web browser engines and found flaws that have not been disclosed, and exploit those flaws when a user goes to a particular website to silently violate user privacy or security. This presents an acute danger to users, considering the vast amount of private and sensitive data that is typically accessed on a mobile device. By requiring apps to use WebKit, Apple can rapidly and accurately address exploits across our entire user base and most effectively secure their privacy and security. Also, allowing other web browser engines could put users at risk if developers abandon their apps or fail to address a security flaw quickly. By requiring use of WebKit, Apple can provide security updates to all our users quickly and accurately, no matter which browser they decide to download from the App Store.

rgovostes:

Google pioneered the out-of-process architecture that Safari now uses, developed the Safe Browsing program that Safari also uses, drove the adoption of HTTPS, put pressure on misbehaving certificate authorities and shepherded certificate pinning and then Certificate Transparency, and found many vulnerabilities in WebKit through security research that Apple was not itself doing.

Moreover, on the desktop, Chrome and Firefox both have automatic update channels that allow them to push out security fixes much more rapidly than Apple’s heavy OS updates. (On iOS, they would be limited by Apple’s App Store approval process.)

15 Comments

Sören Nils Kuklau

Both companies are terrible and both of you have valid points. Apple opts to be conservative and closed (therefore safer but also in a closed ecosystem), Google is pushing features, often for its own benefit, which leads to fragmentation and security threads

Yup.

I don’t think either company is in the right. I think:

it is tragic and ironic that Microsoft(!) has pulled out of this.
we must not allow a Web monoculture to happen, whether it’s Netscape, Microsoft, Apple, or now Google. (Or even Mozilla.) It has been a constant threat since the 90s, and nothing about Chromium being “open” changes that. An implementation is not a standard.
there are some very concerning developments, like calling HTML a “living standard” (IMHO a euphemism for “we’ll never actually settle for a spec”), giving up W3C control (which had a much broader selection of viewpoints) in favor of the WHAT WG, or just generally the decay of the WHAT WG, which used to have four major browser vendors contributing equitably, but now largely just has Google pointing in a direction, and others being more or less forced to follow.
also concerning is how web developers have become pawns. Just because it’s sparkly and Chrome supports it doesn’t mean it’s good for the Web.
but conversely, just because Apple doesn’t want to implement it doesn’t mean it’s bad for the Web.

In practice, lately, I often find myself frustrated by problems in Safari. Websites refusing to load, it getting stuck because a network request failed, that sort of thing. But that’s a different story…

Actually I tend to agree it is the new ie6. Been around since pre-ie6. IE6 froze API in that era; so all these cool new API were unusable because of IE6. Safari is doing the same thing now. Lots of new shipping api’s are unusable because of having to support iOS…

There was gap of over five years between IE 6 and IE 7. (Largely because of strategic meandering and/or arrogance on Microsoft’s part.)

Safari is absolutely nothing like that. The comparison is superficial and insulting.

The web has remarkable potential to be an equalizer and Apple is strongly disincentivized to invest in capabilities that enable that.

Yup.

For better or worse, the Web as an app platform is a threat to Apple’s platforms. That’s true regardless of App Stores. Make the Web good enough, and it becomes hard to argue why everyone shouldn’t be on a Chromebook.

"But seemingly everyone I know who is not picky about such things uses Chrome because it’s always compatible"

It's probably more compatible because it's updated for a longer period of time for a given macOS version.

On the Mac, I choose Safari because I like its emphasis on privacy, and I think it’s a better Mac app. But seemingly everyone I know who is not picky about such things uses Chrome because it’s always compatible.

I do care about privacy so I want to run both Ghostery and uBlock Origin, which is not possible in Safari anymore because they are forcing extensions to their store and they have limited capability. Or at least that's how I understand it, I might be wrong of course. Also, as you pointed out recently, there are other privacy concerns with Safari and iCloud.

But even besides that I choose Chrome over Safari as main browser (although I use all three – Chrome, Safari and Firefox – every day, for different tasks). Using Safari is like death by a thousand paper cuts for me, there are small things here and there that is annoying. Also the dev tools in Chrome is better and develops faster IMO.

I know Safari has plenty of challenges, but I don't think "under invests" is true. Safari is certainly not as important to Apple as Chrome is to Google, but it does evolve and does improve.

And yes, Safari is lacking some APIs but, IMO, it's got quite a lot of modern JS. Look at this chart. Chrome is leading, but not by a huge margin. Safari is ahead of FF, and everyone is WAY ahead of Edge.
https://kangax.github.io/compat-table/es2016plus/

There are things Apple can, and probably should do to keep web apps feeling native, but I don't think the situation is *that* dire. I certainly want a good counter to Chrome, and FF is just not that. (I say this as a person who builds web apps and not native apps).

"Apple hates the web" is a chronic complaint. The last blog post I wrote on my old blog in mid-2015 was in response to a contemporaneous flare-up.

Back then, Chrome's javascript implementation was so bad at things that a lot of web applications and javascript frameworks did that Chrome's native implementations of newer features were slower than than Safari was emulating them by executing polyfills.

These days, I don't know what's true, but I do still get the sense that a lot of the Apple critics are uncritical in their embrace of chrome. Developers who are impatient about having to deal with some amount of backwards compatibility certainly sound petulant and immature.

I'm fed up with the increasing number of desktop sites I encounter that don't work right in Safari.

As a mostly Firefox user, with some small Chromium based stuff thrown in, I am not an actual Chrome user. By choice, as in I actively avoid using Google's Chrome Browser. Yet, since Chromium is open and actively developed, it has proven a nice base for many different, non Chrome web browsers. If Webkit was as compelling, almost all the other non Safari teams would not have followed suit in leaving the fold (seriously, there are far fewer Webkit based browser these days, compared to Blink based browsers). While I do not prefer Chromium based browsers, Gecko is still my daily driver, I do appreciate the hard work Google and company have put into evolving the web as a a platform (even if I find AMP not to be particularly compelling, but that's a separate discussion).

It is hard for me to take seriously the legion of people arguing for Safari which seems to boil down to sour grapes. "When Google was working on making Webkit the dominant web platform, monoculture good! Since Google are now winning with their own rendering engine, monoculture bad!" Okay then. Never mind Apple does not even allow their users to pick their web platform on iOS. Maybe Safari is not the new IE, but it is hardly leading the way in web development and because Apple does not allow any other rendering engines on iOS, people have to care about Safari even if they would prefer not to, which definitely parallels IE 6 stagnation.

P.s. Did someone on Twitter, @drance, really bad mouth WebM? Am I the only person who likes open standards for media? Also, what's wrong with forking? If not for forking, Webkit would not exist!!!! People cannot be this clueless, right? Konqueror and KHTML ringing any bells?

> That’s rich, coming from...

Who cares who made the point, it's still valid. Apple clearly saw how the web ended Microsoft's stranglehold over the application market, and decided that this was not going to happen to them. That's great for Apple, but it's terrible for everybody else.

Also, as somebody who has been developing for the web since 1995, and actually did develop rich web applications for IE6, yeah, Safari is the new IE6. It's the worst browser still under active development by a major company by a huge margin, and if Apple isn't intentionally using it to sabotage web standards, then it's difficult to understand what exactly they're doing. The only difference between IE6 and Safari is that it's often feasible to just abandon Safari, tell Mac users to get something else, and just ignore iOS, since iOS isn't anywhere near as important as Windows used to be when IE6 was at the peak of its power.

Sören Nils Kuklau

If Webkit was as compelling, almost all the other non Safari teams would not have followed suit in leaving the fold (seriously, there are far fewer Webkit based browser these days, compared to Blink based browsers).

Sure.

Apple was only briefly interested in developing Safari for Windows, and was never interested in other platforms. Ports of WebKit to Gtk, Qt, various other platforms (including Nokia cellphones back in the day) are a thing, but not something Apple has ever spearheaded. In contrast, Chrome runs on macOS, Windows, Linux, and Android.

The Chromium project has done so much legwork in fact that its core appears in bizarre places like the Electron framework. Which in turn is, and I feel this could hardly be more absurd, used for the Visual Studio Installer. That’s right: someone at Microsoft was so disillusioned with their own UI framework efforts that they thought it was easier to ship an entire browser runtime (and not even their own), write the UI in HTML and the logic in JS, and bundle it up as an exe, all for the installer of an IDE. An IDE, of course, which gets used (among other things) to write GUI apps for Windows.

Which is to say, yes, Chromium is a good starting point to start your own cross-platform browser. WebKit isn’t as much. Neither is Gecko, incidentally. They had their XULRunner efforts and other independent browser efforts (like K-Meleon), but never really succeeded with that.

However, I don’t think that’s a good indicator of problems with Safari or WebKit.

It is hard for me to take seriously the legion of people arguing for Safari which seems to boil down to sour grapes. “When Google was working on making Webkit the dominant web platform, monoculture good! Since Google are now winning with their own rendering engine, monoculture bad!” Okay then.

That’s not true.

When Google was working on WebKit, we had a situation where Apple, Google, Mozilla, and Opera were all working at the WHAT WG together. Then Opera started running out of money, and Apple’s and Google’s interests started diverging too starkly.

It’s not just that Google forked WebKit. It’s that they now

propose standards
already have an implementation of their own at that point
encourage developers to use those standards

When Apple and Mozilla state concerns, they now get attacked by web developers and by Google as “lagging behind”, “being the new IE”, or, in your terms, “sour grapes”.

Should Apple push more standards proposals of their own? Sure. Is the process by which the standard is currently evolving healthy? Hell no.

Am I the only person who likes open standards for media?

The open standard is actually H.265. Yes, it’s also patent-encumbered, but it is developed by a consortium of NGOs, research institutes, and companies, in a long process, with a proper spec. WebM, meanwhile, is a proprietary technology developed in-house by Google. You can download its spec and implementation, but that doesn’t make it an open standard.

I can’t just write some code and document it and say “hey, I’m the open standard now”. And neither can Google.

Luckily, this stupid situation will be resolved once everyone agrees to move to AV1, which offers the best of both worlds: it’s a consortium, and it’s royalty-free. (But it’ll take a while until hardware encoders happen.)

just ignore iOS, since iOS isn’t anywhere near as important as Windows used to be when IE6 was at the peak of its power.

It’s not as important as Windows, but it’s absolutely massive in terms of web usage. You can’t really afford to run a public site without iOS support.

@Sören Is there any difference in how Google and Apple propose standards that they’ve already implemented themselves? Not following this too closely, it seems like they both do that and the difference is just in volume.

>You can’t really afford to run a public site without iOS support.

In cases where Safari is a problem for us, and investment in fixing the problem is deemed unreasonable (which is often the case), we do one of two things:

1. Not support Safari at all. This is possible in some cases, mainly for business-oriented internal software.
2. Not support the feature in Safari by just disabling it, or replacing it with a basic version that we can get to run on Safari with low effort. This is possible in all cases.

Since these problems sometimes resolve themselves without our input (due to an update to Safari), it's almost never worth investing into maintaining a separate Safari version of complex functionality.

@Sören
Yes, I remember when Webkit was everywhere actually, and it is additionally true Apple had nothing to do with pushing Webkit adoption other than contributing to a rapidly evolving, quality tool set. However, in recent years, since the Blink fork, Webkit use seems to have dramatically dropped. As you mention, starting with Chromium is much better than starting with Webkit. Safari on Windows!!!! Blast from the past. Yeah, I used that for a few months, but it was not very good frankly and Apple kicked it to the curb fairly quickly. Thanks for the reminder.

Interestingly enough, there are still a few Firefox/Gecko forks floating around but it is nothing like the days of Camino, where you could have a nice OS X Cocoa app with the Gecko rendering engine. Waterfox, IceCat, TenFourFox, Waterfox, and even further forks like stuff built on Goanna, such as Pale Moon and Basilisk.

Whoa, no wait, WebM is the open standard. Open as in freedom from patent encumbrance and freedom to use in your products without getting a license. I don't care how many companies are behind h.265 as they are largely the same group as behind h.264, which was assuredly not an open standard. I just checked, there are still licensing fees on h.265, depending on use case. I'm good, thanks! Also, WebM was developed by more than Google initially. On, who Google acquired, but also Xiph group and the Matroska project.

Watching Microsoft employees, like Miguel de Icaza (wow, how this guy has flip flopped his whole tech life) and Orta Therox defend the Apple app store approach of app distribution, all the while bemoaning Chromium dominance, while:
a. Their company threw in the the towel competing in mobile.
b. Microsoft has adopted Chromium as their default web browser!!!!

Okay then. Nice mixed message here.

Again, when everyone and their cousin was adopting Webkit, I do not remember much complaint from the Apples of the world. Which is why I intentionally kept using Gecko based browsers during that same time frame, as I desired a bit of choice. Even on Android, I tend to gravitate to Firefox and if Apple were to allow me to choose my iOS browser, I would likely do the same. Alas, I do not have that option, thanks to the very app store rules these two Microsoft (?!!?) employees are championing.

@rgovostes has it right. Apple is largely benefiting from tech and policy changes championed and/or initiated by Google, while actively keeping web browsing choice out of their app store. Never mind the fact my app store updated browsers get security updates faster than Apple releases Webkit fixes.

Furthermore, as Apple's latest ridiculous press release states, even if I choose a different wrapper for Webkit on iOS, I cannot make this browser my default. Apple does not have to do much to be the good guys in this narrative:
1. Stop downplaying web standards that compete against native apps.
2. Allow users to change their default browsr.
3. If hell were to freeze over, allow non Webkit browsers in the app store.

I'd love to deploy a progressive web app to iOS, but the lack of persistent storage (all data gets deleted if the app goes unused for 14 days) is a dealbreaker.

>> WebM is the open standard. Open as in freedom from patent encumbrance and freedom to use in your products without getting a license.

WebM/VP8/VP9/etc is a Trojan time bomb for companies like Apple. The license (which does exist) has a revocation clause: if Apple were to adopt WebM across its lineup, and discover in the future that one of its patents was being infringed by one of the codecs, they can't sue for infringement without immediately having their WebM license terminated, along with the related patent grants (which, again, do exist). Apple are then wide open to a countersuit for shipping unlicensed WebM implementations to the tune of hundreds of millions of devices, the full market value of which will likely be claimed as damages.

Sören Nils Kuklau

Is there any difference in how Google and Apple propose standards that they’ve already implemented themselves? Not following this too closely, it seems like they both do that and the difference is just in volume.

Volume is definitely a difference, and I do wish Apple would put their foot on the gas a little more again. (Stuff like canvas and video comes from them. I don’t know if they’ve reduced activity because they’re fairly content with the web as it is today, or for budgeting/priority reasons.)

As for already-implemented standards: vendor prefixes like -webkit- are one thing we used to have to prevent this from happening. Sure, they too got abused by web developers who wanted the latest and greatest, but it was much clearer that this was not in fact a standard yet, that the details are subject to change, and that it might not become a standard at all. Chrome has a policy against them, which doesn’t mention standardization at all.

And second, we now have a “living standard”. Yes, there are concerns that the HTML standardization process moved too slowly, but I contend now we’ve arrived at the opposite extreme where specs get pushes through so fast, no particularly snapshot of the HTML standard is meaningful.

Not support Safari at all. This is possible in some cases, mainly for business-oriented internal software.

Right, that’s why I said “public site”. For in-house stuff, the browser doesn’t matter as much, as IT is far more in control. (Though that, too, is changing in today’s world, and in part deservedly so. All it takes is one irate manager who wants to use the site on their iPhone.)

Safari on Windows!!!! Blast from the past. Yeah, I used that for a few months, but it was not very good frankly and Apple kicked it to the curb fairly quickly. Thanks for the reminder.

I liked it. Currently, I use Edge on Windows. I wish Microsoft gave it more love, just I wish Apple had given Safari for Windows more love.

Interestingly enough, there are still a few Firefox/Gecko forks floating around but it is nothing like the days of Camino, where you could have a nice OS X Cocoa app with the Gecko rendering engine.

Definitely.

Whoa, no wait, WebM is the open standard. Open as in freedom from patent encumbrance and freedom to use in your products without getting a license.

I get the argument that WebM is more open. But to call it a standard is highly problematic.

The imperial units of measure are still used by hundreds of millions of people, but they’re not the standard. The standard is determined by a consortium.

Watching Microsoft employees, like Miguel de Icaza (wow, how this guy has flip flopped his whole tech life)

Has he? He’s been making cool software for a long time. He’s just not as much of a tribalist emacs-vs-vim atari-vs-amiga microsoft-vs-linux guy. I’d say that’s a good thing.

a. Their company threw in the the towel competing in mobile.

Sure, but they did so years after they ran out of choices.

Again, when everyone and their cousin was adopting Webkit, I do not remember much complaint from the Apples of the world.

At the time, there was far more parity. IE held more weight, Mozilla did, Apple did. There wasn’t much to complain about, as we at worst now had an oligopoly of browsers, and at best arguably quite a collaborative environment.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment