Archive for November 7, 2023

Tuesday, November 7, 2023

The Negative Impact of Mobile-First Web Design on Desktop

Kim Salazar, Tim Neusesser, and Nishi Chitale (via Hacker News):

Many modern websites are designed with a mobile-first approach. When these pages render on desktop devices, the content can appear overly large and stretched out. Screen-covering images, large bloated text, and excessive negative space result in long pages requiring more scrolling to consume all content. We call this design trend content dispersion.


Long pages also make it harder for users to find specific information on the page because the content is spread out over many viewports. Indeed, our study participants had more difficulty finding information on the dispersed product page than on its condensed version.


Because many websites with dispersed content are the result of a mobile-first design approach, they often use mobile design patterns that frustrate desktop users. For example, accordions work very well on mobile devices because they collapse a large amount of information into a smaller space, shortening the mobile page and making the information more accessible. They also provide a high-level overview of the content available, allowing users to access the area they are interested in directly. However, on large screens, long pages are less of a problem. Accordions can contribute to content fragmentation and significantly increase the interaction cost of finding crucial information, without the benefit they bring on mobile.

Unfortunately, mobile-first design affects apps, too.


Update (2023-11-20): Jerry Nilson:

Was really irritated over this the other day – Google want to dictate how web sites are designed and will give it higher rating even if it looks like shit if you adhere to their nonsense. I decided to revert and make sure my website looks good on mobile despite Google.

Update (2023-11-22): Sam Rowlands:

Fundamentally I agree with this statement, but I have a ton of mixed feelings.

As an engineer, I understand it.
As a pragmatist, I believe it is inevitable.
As an optimist, I believe it will get better.
As a Mac only developer, I hate it.

Learning SwiftUI, I think I've accepted a unified future.

iLeakage: Browser-Based Timerless Speculative Execution Attacks on Apple Devices

Jason Kim et al. (Hacker News):

We present iLeakage, a transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones. iLeakage shows that the Spectre attack is still relevant and exploitable, even after nearly 6 years of effort to mitigate it since its discovery. We show how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution. In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.


Code running in one web browser tab should be isolated and not be able to infer anything about other tabs that a user has open. However, with iLeakage, malicious JavaScript and WebAssembly can read the content of a target webpage when a target visits and clicks on an attacker's webpage. This content includes personal information, passwords, or credit card information.


At the time of public release, Apple has implemented a mitigation for iLeakage in Safari. However, this mitigation is not enabled by default, and enabling it is possible only on macOS [in Safari’s Debug menu]. Furthermore, it is marked as unstable.


We disclosed our results to Apple on September 12, 2022 (408 days before public release).

It’s still possible in Lockdown Mode, but slower.

Dan Goodin:

iLeakage represents several breakthroughs. First is its ability to defeat these defenses with Safari running on A- and M-series chips by exploiting a type confusion vulnerability. Secondly, it's a variant that doesn’t rely on timing but rather on what’s known as a race condition. A third key ingredient is the unique ability of WebKit to consolidate websites from different domains into the same renderer process using the common JavaScript method

So Chrome and Firefox are not vulnerable, but of course Apple doesn’t allow their browser engines on iOS.


Microsoft Finalizes Activision Blizzard Acquisition

Dan Milmo (Hacker News, MacRumors):

Microsoft has completed its $69bn (£57bn) deal to buy Activision Blizzard, the maker of games including Call of Duty and World of Warcraft, after the UK’s competition watchdog cleared the acquisition.

The Competition and Markets Authority (CMA) had moved to block the deal in April, citing concerns that Microsoft – the maker of the Xbox gaming console – would dominate the nascent cloud gaming market.

Last month, however, the watchdog said a revised deal that included selling cloud gaming rights outside Europe to Activision’s French rival Ubisoft had substantially addressed its concerns, indicating the tie-up would be approved.

Andrew Plotkin (Hacker News):

The peculiar side effect in my corner of the world is that Microsoft now owns the dusty remains of Infocom. Microsoft owns all the classic Infocom games (except maybe Hitchhiker and Shogun). They own the rights to sell the games. They own the rights to make more Zork spinoffs.

Of course, from a corporate point of view, this means exactly nothing. Activision has kept a few Infocom games up on GOG (EDIT: and Steam). For a while they sold them for iOS, but that was too much work so they stopped. In 2009 they flirted with a casual Zork tie-in that went nowhere. None of this rates even a footnote in the Microsoft acquisition prospectus, which I imagine is six hundred pages of Candy Crush stats with an appendix mentioning WoW and CoD as “also nice to have”.


For twenty years, Infocom properties have existed in a foggy hinterland of “Well, Activision owns it, but… you know. You can find the stuff online.” I don’t just mean the games! It’s also the manuals, the advertisements, the packaging, all the ephemera. It’s all available, but… you know. Illegally. […] Anyhow. I say it is time to end this liminality and bring all this work into the legal daylight.


Update (2024-01-30): Tom Warren (via Hacker News):

Microsoft is laying off 1,900 employees at Activision Blizzard and Xbox this week. While Microsoft is primarily laying off roles at Activision Blizzard, some Xbox and ZeniMax employees will also be impacted by the cuts.

The cuts work out to roughly 8 percent of the overall Microsoft Gaming division that stands at around 22,000 employees in total.


Swift Proposal: Pack Iteration


Currently, it is possible to express list operations on value packs using pack expansion expressions. This approach requires putting code involving statements into a function or closure. For example, limiting repetition patterns to expressions does not allow for short-circuiting with break or continue statements, so the pattern expression will always be evaluated once for every element in the pack. The only way to stop evaluation would be to mark the function/closure containing the pattern expression throwing, and catch the error in a do/catch block to return, which is unnatural for Swift users.


We propose allowing iteration over value packs using for-in loops. With the adoption of pack iteration, the implementation of the standard library methods like == operator for tuples of any number of elements will become straightforward.

It’s accepted.