[HN Gopher] Did you know you can put a whole game inside of a pu... ___________________________________________________________________ Did you know you can put a whole game inside of a push notification Author : ig0r0 Score : 149 points Date : 2021-04-10 13:48 UTC (9 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | xwdv wrote: | When they said notifications are the platform of the future, this | is what they meant. | | It's not desktops, it's not mobile, it's _notifications_. | vmception wrote: | Who said that | Razengan wrote: | They | elliotkillick wrote: | That's interesting. You can also put an entire game inside of a | bootloader. | [deleted] | swen-rekcah wrote: | Great. I'd love a little game, but the reality is that if anybody | uses this it will just be for ads | bluefirebrand wrote: | Seems like too much code to allow in a notification. Doesn't that | seem like it would be just rife with potential exploits? | JonathonW wrote: | These are not delivered along with the notification-- they're | provided (client-side) by the application that the notification | was sent for. So, while a notification _could_ display dynamic | content here depending on the content of the notification (for | example, this is the same mechanism as used by Mail on iOS for | mail previews) and the preview code should take the untrusted | nature of the content into account if it does, it doesn 't have | to and it's not any different than running the application | itself in terms of security issues. | lupire wrote: | A web browser displayed dynamic content all the time and is | considered safe. | chmod775 wrote: | No. Nowadays you should _still_ disable JavaScript as well | as video playback in your browser if you want to be safe. | | There was a brief period some years ago where browsers | looked "pretty safe", but we have quickly backtracked by | stuffing JS and browsers full of new APIs that are creating | new vulnerabilities. | djsavvy wrote: | Does anyone know if there's a similar API/technique for windows? | YeGoblynQueenne wrote: | Did you know you can put a question mark at the end of a sentence | _even on twitter_? | Minenash wrote: | Did you know you can capitalize a proper noun, even on Hacker | News? | nicky0 wrote: | OK boomer | grawprog wrote: | Why necessarily at the end? It could have been one of these: | | Did you know? You can put a whole game inside of a push | notification. | | Or maybe even: | | Did you know? You can put a whole game inside of a push | notification! | YeGoblynQueenne wrote: | Even better. | startup_boner wrote: | punctuation is an obsolete historical artifact in the digital | age just like captitalization i would rejoice if text encodings | removed them altogether | reaperducer wrote: | Stop clubbing baby seals | | http://oddlovescompany.com/wp- | content/uploads/2012/09/Februa... | ShaneMcGowan wrote: | why use lot word when few word do trick | wizzwizz4 wrote: | Why so verbose? Concision is sufficient. | fargo wrote: | when you president, they see | ineedasername wrote: | y use lot wrd wn few wrd do trk | itsDario1 wrote: | y use lot | tobr wrote: | Guessing YeGoblynQueenne got the memo about capitalization, | given how they spell "Twitter". | HPsquared wrote: | whitespaceisalsovestigialifind | turnerc wrote: | I cannot tell if this is satirical, I hope so. | [deleted] | markus_zhang wrote: | Just curious is it possible to abuse this for malicious code? | Just a thought... | djrogers wrote: | The code isn't delivered with the push notification, it's code | from an application already installed. | jjeaff wrote: | If it can be exploited, then it likely has already been | exploited. | Andrew_nenakhov wrote: | I'd prefer Apple to fix horrible notifications on iOS. Since they | broke VoIP background notifications, developers have no way to | reliably perform silent delivery of information to device. | | For example in a chat app that syncs with desktop you can deliver | incoming messages, showing them as alerts, but you can't deliver | your own, because you MUST show alert on every push notification. | Another use case is removing notifications: once you message on | another device, you want to remove notification on iOS as well. | With current notifications it is extremely problematic. | | (Remaining background notifications in iOS work like shit - and | please, do not start discussion that 'it is not needed' - It is | BADLY needed, just ask anyone who has developer experience with | this wreck) | tomrod wrote: | > Since they broke VoIP background notifications, developers | have no way to reliably perform silent delivery of information | to device. | | Surely you mean _fixed_ , not broken, as absolutely no one | should be delivering information silently to a device they | don't own. | wizzwizz4 wrote: | The Apple philosophy is "give users zero agency" - and from | that stance, yes, this is a fix. But I remember the days when | a computer program was either a game, an extension of the | user's will or the BIOS; by _that_ philosophy, this should | absolutely be possible. (But computers have been artificially | complexified to the point that this isn 't viable.) | varenc wrote: | I'm with you. | | Story time: Years ago the Signal app would silently wake up | in the background, upload 20MB+ of my contacts' photos, and | then shutdown and do it all over again every time I received | a silent notification. Due to my membership in a few large | groups this was very often. The result was gigabytes of | cellar data usage in a week. | | Fortunately my experience was rare because I both had a lot | of contacts with photos and I ran the desktop app. But it was | infuriating to track down and it made me realize that silent | wake ups were even possible on iOS. (Or used to be) | | I don't know what the right balance is, but I think there | should be some middle ground. | Andrew_nenakhov wrote: | Fun fact: Apple still allows signal, telegram, WhatsApp and | few other high profile developers to use VoIP notifications | without mandatory calling up VoiceKit. Because they can't | work as smooth as users are used to they work with these | new rules for notifications. | | So, no, nothing 'improved' in your Signal experience. At | least, not yet. | | All developers are equal, but some are more equal than | others. | Andrew_nenakhov wrote: | > as absolutely no one should be delivering information | silently to a device they don't own. | | That's a very very _very_ shallow thinking. You are | advocating to break the internet. You are destroying every | internet protocol that ever existed. They _all_ silently | deliver information to devices you likely don 't own. | | Actually, we wouldn't need these dirty perversions with | notifications if we had a proper background mode for apps. | Like, you know, proper computers had for maybe 60 years. | kitsunesoba wrote: | > Actually, we wouldn't need these dirty perversions with | notifications if we had a proper background mode for apps. | Like, you know, proper computers had for maybe 60 years. | | It's worth noting, however, that desktop and laptop PCs | have a surplus of energy relative to mobile phones, so it's | no big deal if there's a bunch of processes running in the | background doing their thing... _usually_ , anyway, because | on PCs it's also shockingly common for background processes | to misbehave and consume far more resources than they have | any right to. Point in case, the daemon for my Logitech | mouse will sometimes consume 120% CPU for no apparent | reason for extended periods if I allow it to run. | | I could see an argument for extending background | capabilities in iOS while also heavily also reducing their | potential for bad behavior, though. For example, allowing | apps to run in the background indefinitely, but on low | power cores only with heavily capped CPU and memory | consumption, along with a new Settings page that shows a | list of persistent background processes and gives the user | direct control over them. | TeMPOraL wrote: | Or, give people easy to use task manager that shows | background processes, with big buttons labeled "kill", | and "kill and keep down". | | Android doesn't have anything like it either. It's my | number 1 complaint about smartphone experience ever since | I bought my first one: the phone actively refuses to give | user insight and control over what's running on their | device. | masom wrote: | > Android doesn't have anything like it either. | | Uh, it sure does through the applications section. You | can see running services, which ones are taking battery, | and stop/disable those as well. | Andrew_nenakhov wrote: | I agree. User should decide, how he will use his battery | power. If an app requires background running, it should | be allowed to, with full control over data and battery | used. That's all users need. | [deleted] | [deleted] | [deleted] | figbert wrote: | Neil Sardesai is a joy to follow - I highly recommend it. He | probably knows more about internal macOS APIs than the devs. ___________________________________________________________________ (page generated 2021-04-10 23:00 UTC)