I need to blog about the Principle of Minimal Client Complexity, but one way to understand why I push back so hard on huge stacks of JS is that when you move thing to the client, you don't add risks from each uncontrolled dimension, you _multiply_ them.

What are those risks? By way of disclaimer, know that while I platonically wish for your datacenter stack to not suck, I do not *care* if your datacenter stack is a frankenstein's monster of microservices and graphql and docker kubernetes in a single rack.

Do. Not. Care.

Managers!

Times are tough, and profits are at a premium right now. Here's one weird trick for making more money: HTML.

That's right! JS is costing you. Rip it out of your site and watch engagement/conversions rise. If you're a frontender, know a few things:

- bad results have been leading to frontend teams getting quietly flushed for *years*
- bad site outcomes aren't always material..
- ...but now that there's more focus, it can help our teams to deliver better

Frontend needs to stop looking for silver bullets. The correct answer in almost every case is *moderation* coupled with *product understanding*.

If you don't know who you're serving, you can't make good tech choices, and we should be conservative abt client complexity regardless I've called this the Principle of Minimum Client Complexity, and it holds across both native and web. Everything you run on the client is _at risk_.

At risk from hardware and network foibles. At risk from OS wonkiness. At risk from a lack of control. So *do less* there.

One consequence of Apple kneecapping web apps has been that native is now the default, and because native gives away so much by default, huge amounts of personal data are at risk. Far from being a privacy champion, Apple has facilitated its erosion:

forbes.com/sites/emilybak… Where web is the dominant platform, users can pick browsers that have their interests in mind rather than the app developer's. This shrinks the space for performative, white-knighting actions (e.g. ATT) by platform vendors, but it's structurally more effective.

The frontend community wants to wash its hands of the decade we lost without naming the causes and consequences of the dogma that swept away better, more grounded approaches and replaced them with MBs of JS.

That's not a recipe for healing what was broken. I'm constantly seeing fresh disasters based on popular-yet-fading tech stacks on a daily basis.

Sites built on this stuff won't blink out of existence when the devs who made these messes decide they no longer want to Angular/React/CSS-in-JS/Apollo/redux their way to failure.

Wild.

Mozilla (finally!!!) published something that argues for its own survival in the face of mobile OS fsckery[1] but has not blogged about it, AFAICT.

🦗🦗🦗

research.mozilla.org
blog.mozilla.org/netpolicy/
blog.mozilla.org/en/

🤦🤦🤦

[1]: infrequently.org/2022/06/apple-…

https://twitter.com/OpenWebAdvocacy/status/1573184074101161984

Can't make this up. Truly surreal:

google.com/search?q=site%…

This is a great question, so I'm going to answer it in a short thead, but to summarize:

1.) don't assume your site will benefit from SPA tech
2.) don't adopt tech w/o a bakeoff
3.) don't assume you are anything like your user(s)

https://twitter.com/contis2908/status/1573092255241478145

Longer form: SPAs only net-improve a narrow band of experiences.

Why is this? Because most sites have shallow sessions, which means that frontloading for future performance is *mostly* the wrong trade. See:

infrequently.org/2022/03/a-unif…

It's so great to see this new generation of HTML-first frontend frameworks dispensing with the last decade of unnecessary complexity and narratives spun to justify it. Just a few to check out:

Astro: astro.build

There's a lot in this that's objectionable (in terms of Google/Meta behavior), but there are implications for frontend that are not obvious.

The first is that the always-unearned premium for doing the same thing in JS that CSS/HTML did better is going to evaporate.

https://twitter.com/voxdotcom/status/1572964209402548225

The way this premium will go is going to be surprising. It won't mean the end of JS jobs, or rewrites (nobody will pony up for one in this environment, obvs)...but underperforming stacks will come to be understood as regretted, legacy tech.

A lot of folks think I'm hating on React/Angular/etc. when, in fact, my about culture.

I dissent from the idea that "DX" is more than a second-order concern.

The highest good for frontend is great *user* experiences, particularly for folks on the margins. Take, for example, the work of building browsers. We do not write them in C++ or Rust because it's nice or fun. Imagine how much less code it would take to do it all in Python! The freedom!

But we don't.

Why not? Users. They always come first.

The positive path forward for frontend is not going to be found in the norms and values of the last decade of JS excesses.

That will mean we drop React and other tools whose community narratives center developers and not users.

That's ok. The positive path puts users at the margins first, accepts the constraints the come with serving them well, and works to ground our choices in evidence.

infrequently.org/2022/03/a-unif…

a16z is morally compromised to a degree that is surprising, even by the lights of situational VC ethics

https://twitter.com/Noahpinion/status/1568826103611162627

It's most recent rounds of financial debauchery have been facilitated by a mismatch in regulation around securities and the nebulous regime of crypto securities (yes, they're securities. obviously).

VCs, generally, were not making trades that affected retail until the "end".

A pattern I can't unsee: many fights about browser privacy and security eventually come down to assertions about "what users understand".

Meanwhile, the best UXR shows users do not understand, and even if they did, our ideas about which things they understand are wrong. The pernicious part about this industry-wide failure is that security and privacy "knowers of things" (engineers, PMs, etc.) are trapped fighting over who can posture as most conservative, not about who can demonstrate least harm for the most utility.

The real scandal regarding FB's In-App "Browser" isn't the extra tracking, it's the subversion of browser choice.

I'm sure it's totally coincidental that this *also* has the effect of removing tracker blocking that real browsers might apply. Subverting browser choice is a structural erosion of privacy. It neuters user preferences, and FB knows it.

How could FB cure the harms?

Simple: *be* a browser. Become subject to choice. Win the business.

Just stop cheating to steal traffic.

I've given @mozilla a hard time over previous milquetoast responses to regulators regarding the potential for true browser competition on the world's most important OSes.

Today I want to thank them. Their filing with the US NTIA is truly excellent:

regulations.gov/comment/NTIA-2… IDK what awakened Mozilla to the need for browser competition and the potential for it to impact the lives of users, but this sort of writing cuts to the core of the problem:

This is a truly excellent piece. Worth reading every word.

One small thing I might add is that the reason modern CDNs sit in front of your whole origin is to avoid connection setup. In the H/1 world, that was unavoidable, but now that we're in an H/[2,3] world, it's a footgun.

https://twitter.com/malchata/status/1525211221728837638

Why does this matter? Now that everything is encrypted, we need to do all of these steps for every resource that comes from a different origin:

- resolve DNS
- set up a TCP connection (H/2)
- set up a TLS link

That is traffic that is competing w/ other resources!

Another day, another team totally hosed by React being so bad at DOM that it can't even component correctly. Embarrassing for everyone, but mostly FB. Amateur hour nonsense. FB: use our component system! It's fast* and helps you encapsulate!
Smart teams: so it puts UI complexity into Shadow DOM where it can't contribute to non-linear slowness?
FB: ...
STs: ...and it encourages efficient use of CSS?
FB: ...
STs: ...and it's memory and CPU efficient?

My tweet on the perils of CSS-in-JS got a lot of questions, and I think this is the best one. Instead of burying the answer(s) down-thread, wanted to extract it into a separate conversation. A short 🧵👇

https://twitter.com/moonriseTK/status/1516953602987896833

So, first, consider how the browser produces pixels. We take HTML + CSS, turn it into DOM + rulesets, then match selectors against DOM to create a "layout tree" from which we raster.

For the best overview I know of, here's the inimitable Steve Kobes:

AMP the format is fine. Its critique of sites is correct; folks who think their pages are otherwise fast enough are almost always wrong.

But AMP the search feature – and URL-breaking nonsense that hubris birthed – is trash. Nice to see this:

theverge.com/2022/4/19/2303… If your answer to "people's websites are too slow" is a totalising system that forces them to rebuild everything, and only admits a single implementation, you're high on your own supply.

Hot tip: don't buy absolutist takes on web privacy from folks that can't ship fixes to improve privacy in a timely manner and still want to pitch you *wildly* invasive native apps. Better takes are available. Nuance is possible. There's an under-explored area of what it even means to improve privacy that isn't constrained by broken taxonomies that only consider collection.

Caveat emptor.

4 must-watch videos about blockchains, cryptocurrencies NFTs, and "web3":

#1, @molly0xFFF on "Abuse on the blockchain":

#2, @FoldableHuman with "Line Goes Up -- The Problem With NFTs":