[HN Gopher] Did you know you can put a whole game inside of a pu...
___________________________________________________________________
Did you know you can put a whole game inside of a push notification
Author : ig0r0
Score : 149 points
Date : 2021-04-10 13:48 UTC (9 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| xwdv wrote:
| When they said notifications are the platform of the future, this
| is what they meant.
|
| It's not desktops, it's not mobile, it's _notifications_.
| vmception wrote:
| Who said that
| Razengan wrote:
| They
| elliotkillick wrote:
| That's interesting. You can also put an entire game inside of a
| bootloader.
| [deleted]
| swen-rekcah wrote:
| Great. I'd love a little game, but the reality is that if anybody
| uses this it will just be for ads
| bluefirebrand wrote:
| Seems like too much code to allow in a notification. Doesn't that
| seem like it would be just rife with potential exploits?
| JonathonW wrote:
| These are not delivered along with the notification-- they're
| provided (client-side) by the application that the notification
| was sent for. So, while a notification _could_ display dynamic
| content here depending on the content of the notification (for
| example, this is the same mechanism as used by Mail on iOS for
| mail previews) and the preview code should take the untrusted
| nature of the content into account if it does, it doesn 't have
| to and it's not any different than running the application
| itself in terms of security issues.
| lupire wrote:
| A web browser displayed dynamic content all the time and is
| considered safe.
| chmod775 wrote:
| No. Nowadays you should _still_ disable JavaScript as well
| as video playback in your browser if you want to be safe.
|
| There was a brief period some years ago where browsers
| looked "pretty safe", but we have quickly backtracked by
| stuffing JS and browsers full of new APIs that are creating
| new vulnerabilities.
| djsavvy wrote:
| Does anyone know if there's a similar API/technique for windows?
| YeGoblynQueenne wrote:
| Did you know you can put a question mark at the end of a sentence
| _even on twitter_?
| Minenash wrote:
| Did you know you can capitalize a proper noun, even on Hacker
| News?
| nicky0 wrote:
| OK boomer
| grawprog wrote:
| Why necessarily at the end? It could have been one of these:
|
| Did you know? You can put a whole game inside of a push
| notification.
|
| Or maybe even:
|
| Did you know? You can put a whole game inside of a push
| notification!
| YeGoblynQueenne wrote:
| Even better.
| startup_boner wrote:
| punctuation is an obsolete historical artifact in the digital
| age just like captitalization i would rejoice if text encodings
| removed them altogether
| reaperducer wrote:
| Stop clubbing baby seals
|
| http://oddlovescompany.com/wp-
| content/uploads/2012/09/Februa...
| ShaneMcGowan wrote:
| why use lot word when few word do trick
| wizzwizz4 wrote:
| Why so verbose? Concision is sufficient.
| fargo wrote:
| when you president, they see
| ineedasername wrote:
| y use lot wrd wn few wrd do trk
| itsDario1 wrote:
| y use lot
| tobr wrote:
| Guessing YeGoblynQueenne got the memo about capitalization,
| given how they spell "Twitter".
| HPsquared wrote:
| whitespaceisalsovestigialifind
| turnerc wrote:
| I cannot tell if this is satirical, I hope so.
| [deleted]
| markus_zhang wrote:
| Just curious is it possible to abuse this for malicious code?
| Just a thought...
| djrogers wrote:
| The code isn't delivered with the push notification, it's code
| from an application already installed.
| jjeaff wrote:
| If it can be exploited, then it likely has already been
| exploited.
| Andrew_nenakhov wrote:
| I'd prefer Apple to fix horrible notifications on iOS. Since they
| broke VoIP background notifications, developers have no way to
| reliably perform silent delivery of information to device.
|
| For example in a chat app that syncs with desktop you can deliver
| incoming messages, showing them as alerts, but you can't deliver
| your own, because you MUST show alert on every push notification.
| Another use case is removing notifications: once you message on
| another device, you want to remove notification on iOS as well.
| With current notifications it is extremely problematic.
|
| (Remaining background notifications in iOS work like shit - and
| please, do not start discussion that 'it is not needed' - It is
| BADLY needed, just ask anyone who has developer experience with
| this wreck)
| tomrod wrote:
| > Since they broke VoIP background notifications, developers
| have no way to reliably perform silent delivery of information
| to device.
|
| Surely you mean _fixed_ , not broken, as absolutely no one
| should be delivering information silently to a device they
| don't own.
| wizzwizz4 wrote:
| The Apple philosophy is "give users zero agency" - and from
| that stance, yes, this is a fix. But I remember the days when
| a computer program was either a game, an extension of the
| user's will or the BIOS; by _that_ philosophy, this should
| absolutely be possible. (But computers have been artificially
| complexified to the point that this isn 't viable.)
| varenc wrote:
| I'm with you.
|
| Story time: Years ago the Signal app would silently wake up
| in the background, upload 20MB+ of my contacts' photos, and
| then shutdown and do it all over again every time I received
| a silent notification. Due to my membership in a few large
| groups this was very often. The result was gigabytes of
| cellar data usage in a week.
|
| Fortunately my experience was rare because I both had a lot
| of contacts with photos and I ran the desktop app. But it was
| infuriating to track down and it made me realize that silent
| wake ups were even possible on iOS. (Or used to be)
|
| I don't know what the right balance is, but I think there
| should be some middle ground.
| Andrew_nenakhov wrote:
| Fun fact: Apple still allows signal, telegram, WhatsApp and
| few other high profile developers to use VoIP notifications
| without mandatory calling up VoiceKit. Because they can't
| work as smooth as users are used to they work with these
| new rules for notifications.
|
| So, no, nothing 'improved' in your Signal experience. At
| least, not yet.
|
| All developers are equal, but some are more equal than
| others.
| Andrew_nenakhov wrote:
| > as absolutely no one should be delivering information
| silently to a device they don't own.
|
| That's a very very _very_ shallow thinking. You are
| advocating to break the internet. You are destroying every
| internet protocol that ever existed. They _all_ silently
| deliver information to devices you likely don 't own.
|
| Actually, we wouldn't need these dirty perversions with
| notifications if we had a proper background mode for apps.
| Like, you know, proper computers had for maybe 60 years.
| kitsunesoba wrote:
| > Actually, we wouldn't need these dirty perversions with
| notifications if we had a proper background mode for apps.
| Like, you know, proper computers had for maybe 60 years.
|
| It's worth noting, however, that desktop and laptop PCs
| have a surplus of energy relative to mobile phones, so it's
| no big deal if there's a bunch of processes running in the
| background doing their thing... _usually_ , anyway, because
| on PCs it's also shockingly common for background processes
| to misbehave and consume far more resources than they have
| any right to. Point in case, the daemon for my Logitech
| mouse will sometimes consume 120% CPU for no apparent
| reason for extended periods if I allow it to run.
|
| I could see an argument for extending background
| capabilities in iOS while also heavily also reducing their
| potential for bad behavior, though. For example, allowing
| apps to run in the background indefinitely, but on low
| power cores only with heavily capped CPU and memory
| consumption, along with a new Settings page that shows a
| list of persistent background processes and gives the user
| direct control over them.
| TeMPOraL wrote:
| Or, give people easy to use task manager that shows
| background processes, with big buttons labeled "kill",
| and "kill and keep down".
|
| Android doesn't have anything like it either. It's my
| number 1 complaint about smartphone experience ever since
| I bought my first one: the phone actively refuses to give
| user insight and control over what's running on their
| device.
| masom wrote:
| > Android doesn't have anything like it either.
|
| Uh, it sure does through the applications section. You
| can see running services, which ones are taking battery,
| and stop/disable those as well.
| Andrew_nenakhov wrote:
| I agree. User should decide, how he will use his battery
| power. If an app requires background running, it should
| be allowed to, with full control over data and battery
| used. That's all users need.
| [deleted]
| [deleted]
| [deleted]
| figbert wrote:
| Neil Sardesai is a joy to follow - I highly recommend it. He
| probably knows more about internal macOS APIs than the devs.
___________________________________________________________________
(page generated 2021-04-10 23:00 UTC)