… and I can’t even continue the chat from my phone.
Such is the state of Electron.
I’m slowly stopping to care about web apps, however the amount of shit Electron causes is through the roof. Discord, Element, Signal, even Steam is full of it, so you just end up having 8 different “programs” running with every single one using at least around 400MB of RAM.
Can’t wait to see something using Rust and Tauri. Graphite wink winkSteam is close but actually not electron, they use CEF - Chromium Embedded Framework which is something Electron uses too under the hood (afair)
Thanks for the correction, appreciate it. Not sure it changes much though.
Steam used an embedded browser long before it was cool.
Electron doesn’t use CEF, they directly bundle Chromium.
deleted by creator
I use a whole bunch of Linux distros at work (CentOS, alpine, ubuntu, debian, opensuse) and a bunch on my devices at home (mint, fedora, nobara, and manjaro), and so far the only distro I’ve seen ship decoupled shared electron libs like you described is Manjaro (and presumably Arch).
I wouldn’t mind so much if they all just used the same bundle of stuff, and you could install that once, and then the apps were all like 2MB each.
But no, big fucking bundle of shit, every single time.
Eh, that’s not the joy you think it is.
That’s how software used to be distributed and that’s where the terms DLL / Dependency Hell come from and why programs used to not uninstall cleanly and break other programs, etc.
It’s more efficient, but it’s also brittler and a lot more complex to manage. Conversely, bundling everything together with all its dependencies is a lot easier to manage, and a lot more robust overall, but comes at the expense of storage capacity and network bandwidth.
Would be kind of cool to allow people to choose an install method. As someone who has experienced low bandwidth in rural homes, it would be nice to avoid the waste at the cost of possibly managing chromium versions myself.
I really want to see the zygote approach worked out for electron. It’s working really well for android but with electron there are just too many different versions used by the different programs for that to make sense.
Can’t wait to see something using Rust and Tauri.
What about sciter?
Of the apps you mentioned, I can use Discord and Element in my browser. WhatsApp even installs as a PWA. And Steam games can be launched through Lutris afaik?
There is no such option with Signal though.
With Discord in browser, you lose Krisp, RPC ipc socket support (aRPC might work, no clue), and from what I remember screensharing only worked with browser tab capture.
Element will eat your RAM no matter where it’s running. You could add it as a Nextcloud app to triple your RAM usage! Woo
And you can’t run Steam games without the Steam client running. That’s how their DRM works. (Unless you use the goldberg steam emulator, which is a whole another thing to talk about)Using an E2E chat app in your browser necessarily makes the keys and decrypted messages available to your browser. They would have the ability to read messages, impersonate users, alter messages, etc. It would defeat the purpose of a secure messaging platform.
I don’t get it. Who is “they”? Why can’t you fetch the encrypted message from the server and then decrypt it client side?
“They” is the browser/browser maker. The browser, acting as the client, would have access to the keys and data. The browser maker could do whatever they want with it.
To be clear, I’m not saying they would, only that it defeats the purpose of an E2E chat, where your goal is to minimize/eliminate the possibility of snooping.
You realize that your kernel which loads keys into memory can also access all this right? So can anything which shares memory space on the platform.
The bigger risk is browser exploits, not just who develops it. There’s more attack surface and more ways to exfiltrate data
I think the encrypted messages are not saved in the server. You probably have to backup from phone and restore it on pc. “They” is the other programs running on browser
410mb for chat app seems very unoptimized
Hey now, the three React Native for Windows apps would be very offended if they were stable enough to read text input.
It’s because it’s an electron app. So in addition to the chat app itself, it also includes a full Chromium runtime. Worse still, the Electron architecture doesn’t really lend itself towards reusing electron itself; this means you might have several copies of the same version of electron on your machine for various apps.
People complain about the sizes of things like flatpaks and snaps, but tbh the whole architecture of applications is like this these days. Ironically, flatpaks and snaps could help with this because their formats can work decently with filesystem level deduplication.
wait till you meet Line 😶
The inability to continue chat from phone is a feature.
New messages will show on all your devices, but yes, it is intentional that old messages are not available to new devices.
This is because they don’t retain your (encrypted) messages on their servers right? Is this for storage reasons, or more just security philosophy of not being able to access past chats when you login from elsewhere?
This is not entirely correct. Messages are stored on their servers temporarily (last I saw, for up to 30 days), so that even if your device is offline for a while, you still get all your messages.
In theory, you could have messages waiting in your queue for device A, when you add device B, but device B will still not get the messages, even though the encrypted message is still on their servers.
This is because messages are encrypted per device, rather than per user. So if you have a friend who uses a phone and computer, and you also use a phone and computer, the client sending the message encrypts it three times, and sends each encrypted copy to the server. Each client then pulls its copy, and decrypts it. If a device does not exist when the message is encrypted and sent, it is never encrypted for that device, so that new device cannot pull the message down and decrypt it.
For more details: https://signal.org/docs/specifications/sesame/
That’s for your insightful comment. I’m now going down the rabbit hole of the signal spec :)
Correct
Okay, but can’t it be an optional feature? I’d like it if a new device could download message history from an old device by having both online at the same time.
Optional how so? It’s a rotating key. Unless you have all of those keys to export into your computer, then you’ll be stuck with the current synced key.
I don’t see why the current key can’t encrypt old messages and send those. I admit I might be missing something obvious though. Maybe something like not wanting to accidentally leak old messages? As in it’s less attack surface or something?
You can still push old message history from your main device to your other devices, you can re-encrypt
No shit. I’ll need to look into this. Thanks for learning me up.
Matrix does it this way
deleted by creator
Thanks
Unabilifiedness
What does this mean? I use my phone and computer, and they sync up in real-time without any issues.
It means that if you have chats on one device and install Signal on another one, the chats don’t transfer to it. After you link new device, new chats do sync perfectly fine.
After they dropped SMS support and called that a feature, now I can’t wait for their hottest new bug!
Signal’s desktop app is as horrendously unusably bad as the project as a whole is good, tbh.
It’s no wonder people prefer stuff like Telegram. It has native apps and all. Or can be used in a browser. Meanwhile Signal is only used in a browser, but you have to download it and it fucks up font scaling and it shits the bed on font antialiasing and it can’t even get UI design consistent with the OS it’s running on and it won’t even use the OS emoji font.
Let’s not even mention how you still cannot use Signal on a tablet.
Signal’s desktop app is as horrendously unusably bad
I think this is a bit dramatic. I’ve been using it for years, no problems.
Yeah, I was going to say that I’ve used Signal on my Linux laptop and it’s janky af
Care to elaborate?
I use the app from the AUR and I don’t think I’ve had a single problem in 3 years.
I’ve recently had an issue where it wasn’t let me paste anything that I had copied from outside the app
The best version of the Signal app was back when it was available as an actual web app.
And anytime you clicked on a link or image in the chat, you’ll have to click into the message field again (or press Ctrl+t) to be able to type a reply. I don’t understand how this absolutely infuriating thing hasn’t been fixed in years. Is nobody bothered by this? I want to be able to alt+tab into signal and just start typing ffs.
telegram has an “advantage” of not having e2e encryption by default, which makes stuff like sync much easier as chats are fully stored on the server (encrypted with your user password).
and if you enable encryption (aka start a secret chat), the chat will only exist on the device you started it on and stop getting synced
it won’t even use the OS emoji font.
im still amused by the fact that discord mobile uses two yes, you read that correctly, TWO emojis sets, it uses one in app, and the selector, and then uses another for the text input line, because.
For the most part, I don’t care about App Size. Storage is cheap. What I miss with the Signal Desktop App is the option to save everything in an encrypted container.
Wouldn’t having full disk encryption achieve most of the benefits of that? In case of someone having access to your unlocked machine what is stopping them from launching the app and looking though it?
Yes, full disk encryption helps against intruders with device access, but not against the files being indexed by other application. My phone is encrypted, but I still use a signal client that is encrypted again.
Hm, but wouldn’t such an application be malicious by default? Having protection against attackers on your device seems of out scope for a messaging application, at that point I would consider something like Tails. Though this may be a rare case when moving to an appimage could help matters.
Yes and no. I personally would like to be asked permission for such behaviour, but a gallery application, for example, could have legitimate reasons to index all photos on your system. I personally prefer to manually set the folders it is supposed to index, but that doesn’t seem to be a generally accepted paradigm.
In general, I see why you need to trust that a system your app runs on is uncompromised to a a certain degree, but measures to potentially limit harm in case it is still seem sensible, especially for an app with a focus on privacy and security.
We set the threshold of sensible protections provided by the app (signal) itself differently.
On desktop having a gallery app, as you say, or running an application like windirstat for example I expect the user to understand that anything stored on device can be “seen” by the app and that, if they dont trust it, having sensitive files deleted or sandboxed might be prudent. Messages are stored at least somewhat encrypted (albeit with the key in a config file) so a random (non targeted/malicious) scan would gt blobs there.
On mobile due to how opaque the os is I am thankful for the extra encyption and I would consider it a much more critical flaw. On desktop less so. Still I appreciate your point of view and a passkey to encrypt at least messages on the desktop app would be a welcome addition.
Am encrypted container doesn’t help if the directory is mounted and accessible or if the key is in plaintext. Also doesn’t help if the process isn’t isolated. You need a bunch of extra measures like using the OS keystore set to only allow the correct program to retrieve the key, keeping secrets only in process memory, etc.
Tldr it’s a lot of work to do it right. If you do it the simple way like throwing it all in SQLite with encryption active you still leak metadata.
deleted by creator
I have never worked on a properly hardened desktop app, so I don’t have much of a perspective on that, and can definitely see that it might not be worthwhile for the signal team.
I would appreciate some level of encryption, thinking that it might help with less targeted attacks. I’d also appreciate a Web client, like Threema’s with none permanent sessions. But all that’s, as you’d say in German, “Meckern auf hohem Niveau”, especially since I’m not currently contributing to Signal.
Same. I’ve seen the alternative called dependency hell too often… Yes, you can.share stuff between apps, but then, versioning is a nightmare.
That’s why I am so happy that I switched to Matrix - selfhosted with Signal and WhatsApp Bridges(amongst others) and now I only need to keep one App on our mobiles, Notebooks,desktop,etc. but I can still communicate with everyone. (we have have a few mixed groups now)
Your post encouraged me to self host Matrix ^^ That’ll be a nice project for the next rainy day
I self-hosted it few months ago, and it’s actually surprisingly easy! Someone has made an Ansible script for Matrix with Element and some bridges, that (at least a month ago, IaaC tends to be pretty fragile) worked out of the box on a first try. I just set up some config values (mostly about enabling bridges I want) based on their amazing documentation, and then ran it once and everything is working so far. I even updated it several times already, and every time it was smooth, and it was basically just running a single ansible command. Their documentation is pretty well written, and with my basic cloud, IT and Linux knowledge I had no issues with following it. All you need to know is how to set up cloud VM, get a domain and set DNS, and set up SSH keys to access the server.
In total it took me about two hours in total, from when I decided “I’m setting up Matrix tonight” without any prior knowledge, looking up my options and finding the ansible script, setting up cloud and getting Matrix up and running.
I’m renting a VM on Hetzner for like 6$ per month, and it worked without issues so far. I use it for Discord and Messenger, although the Meta bridge does have some problems, for example I didn’t figure out how to message someone with whom I haven’t had a conversation since I set up the bridge, since only then it creates the room for it. But that can be solved by keeping the Messenger app or usign the browser to send a first message, and it immediately shows in your Matrix bridge (and stays there forever).
Thank you for sharing your setup, this kind of information is always extremely valuable <3
Thanks,welcome to the club! It can be a bit “tricky” at times (and I use a container manager,cloudron, meanwhile as I got too deep into the rabbit hole and now host too many things to maintain them myself) but once you get it set up it’s rock solid.
And I am really optimistic for Element X/Matrix 2.0.
It’s a great standard.
Gonna repeat what I said to Mikina - Thank you for sharing your setup, this kind of information is always extremely valuable <3
I can switch to Matrix and talk to the two other users on this platform! Can’t wait!
Yeah, 115 Million users atm. And as I said - you can easily bridge it to other services so you only use Matrix but communicate with others.
I’ll give you a little anecdote. I joined a casual server on Matrix recently. Two minutes into the conversation, it turns out the person I was talking to is installing some Linux stuff and watching an episode of classic Doctor Who. That’s two of my biggest interests right there that we immediately connected over. If there are only two users on Matrix, they’re the only two I need.
I think the vast majority of people are more interested in talking to people they know in real life.
bingo. if my irl peeps would use it i’d switch in a heartbeat; as it is i have trouble convincing them to install an ad blocker, let alone set up a whole new account on a new app.
Debian Linux installation ISO is only 336 MB, FFS. And that’s a whole operating system with user land!
No, that’s a tarball of a kernel, basic command line tools, apt and a network stack that lets you download most of the operating system.
Um, no? The 336 megabyte usb installation media contains everything you need to install base Debian. Most people will want a desktop environment and other packages, they can connect to the network to download those additional packages.
Even the how-to says the network is optional.
https://www.debian.org/releases/stable/amd64/ch02s04.en.html#idm368
me when i spread misinformation
Signal package has Electron (which is built on top of Chromium and NodeJS) + Signal app code and assets. So not surprised that it’s bigger than Chromium.
Like I know native apps are always better, but why doesn’t electron ship an installable runtime so we don’t have to have a shitload of inert chromium installs on one machine?
You don’t understand. This way if some app crashes it will not cause others to crash too.
This is how google introduced the “multiprocess architecture” of Chrome.
You can still have separate processes and everything else with a shared runtime, you just save having all this wasted storage with every application bringing its own bundled runtime.
.net or Java applications work in a similar way, one Java app crashing won’t take out another just because they’re sharing the same runtime
I’d rather not have frameworks based on web browsers. Programming is not that difficult.
For most uses of electron I’d agree, but if some engineers are going to use it anyway, I’d prefer the approach I’ve described.
Programming is not that difficult.
Learning how to do something in a new language and framework isn’t that tough, I agree, but no one is going to become an expert in something overnight. I don’t reckon many desktop native engineers are choosing electron unless they actually need it, so if you imagine the case of an expert web engineer building a desktop UI, they’re going to do a much better job with their main skillset than something they have just learned.
but no one is going to become an expert in something overnight
It’s not like they need to become experts. But also that’s actually possible (at least the effects of that), especially with all the AI around.
It’s not like they need to become experts
I mean if they would produce a better UI by using their expertise, how would not becoming an expert in the new thing be better? The reality is that the people paying the engineer are going to want the better UX over the benefits of not using electron in most cases.
But also that’s actually possible
Respectfully, no it’s not, not with software engineering unless you’re talking about learning a simple library or something.
If someone can genuinely master something in a day it wasn’t much of a skill to begin with.
I’ve been in this industry for about 20 years now, I would find it very hard to believe an engineer who says they’ve gone from no knowledge to expert in a new framework/language in any short period of time. I would either assume they’re trying to pull a fast one or more charitably just in the “naively confident” phase of learning:
especially with all the AI around.
AI can assist you if you more-or-less know what you’re doing, but a novice replacing proper learning with ChatGPT pairing is going to write some shitty code. I use AI in my role semi-regularly, and in my experience, no model has consistently produced me anything (non-boilerplate) longer than a couple of lines that didn’t need some kind of refactor for it to actually be up to our code quality standards. Sometimes you see them spit out some ancient way of doing things that have been outright replaced by a more modern approach, if you don’t have the experience, you’ll not know any better.
I mean if they would produce a better UI by using their expertise, how would not becoming an expert in the new thing be better?
I failed to understand the meaning of this sentence. It doesn’t make sense to me. Producing a better ui is not even on the table when we are talking ui frameworks and native programming - you use what’s available, and if you are a graphics designer then maybe you should’ve sticked to that instead. Becoming expert in native ui is super cool but I wouldn’t expect such miracles from everyone. Just producing a valid low level code is enough to meet my standards of performance. That’s because those standards were heavily affected by web frameworks existence.
The reality is that the people paying the engineer are going to want the better UX
And I hoped it would be customers who would pay for a software or a service who would send valid feedback.
AI can assist you if you more-or-less know what you’re doing
Assuming web devs creating apps don’t know what they’re doing?
but a novice replacing proper learning with ChatGPT pairing is going to write some shitty code.
Chances are that code would be much more optimized than anything electron/CEF wrapped.
to actually be up to our code quality standards
Quality standards are great. But seeing companies shipping fixes to simple CSS issues that were breaking some of main app functions made me realize most of them don’t care about quality standards. If that’s how it is and if there will still be a lot of broken stuff across app updates - might as well just go all the way to proper low level languages.
Well obviously it is, or we wouldn’t have electron in the first place.
We have it only because some devs are lazy.
May be, but I don’t think apps use it. Afaik Teams, Discord and such are all epectron apps, yet they have not much in term of dependencies and large install sizes, so they must ship with their own versions.
Haha, WeChat is even more outrageous than this. All your forwarded files will be automatically stored again. Your chat records will always be stored on the disk, but WeChat will tell you that the chat records have expired. In addition, it has recently been discovered that every Once you log in to WeChat, your avatar will be saved more than ten times
Given that they have a native, non-Electron iOS version, it’s a shame that they haven’t built a desktop macOS version using mostly the same code. (To make it look like a proper Mac app, they’d need different UI code, though even without that, they could build a version that looks like the iPad version with no changes, and it would look no worse than the Electron web-app UI and run an order of magnitude more efficiently.)
They don’t even need to built a separate app if they have an iPad app. they just need to not „not allow“ the execution on macOS.
On my phone is only 171mb.
And that’s also a lot for an app that doesn’t have that many binary assets like images or videos. I do wonder what makes up most of these sizes. I see other apps that are arguably more complicated - like AntennaPod - using under 40MB; So I guess it has to do with actual native apps vs cross platform ones.
They’re talking about the desktop application.
“Only”
ignoring the fact that it’s absolutely horrid.
An install of ICUE on windows takes up multiple gigabytes. Why? Uhm, good question.
they just went dd if=/dev/urandom count=1 bs=1G of=./ICUEAppData
three times over, no less.
An install of ICUE on windows takes up multiple gigabytes. Why? Uhm, good question.
same with razers software you gotta sign in
synapse also tried to automatically install itself through windows update, which i didnt appreciate, though im pretty sure that was windows fault, not synapse, though it still sucks so fuck synapse.
And when you plug your razer mouse into a windows host or computer it will get you to download synapse
ah yes the classic “trust me bro i’m safe” usb trick
fr
Sadly, it’s the only way I can contact someone to buy a decent quantity of weed in this state. I get less even if I go to a state where it’s legal and I pay more.
What’s so sad about it? You have the ability to securely send E2EE messages for free. I’m very pleased with Signal after using it for years.
If you mean it’s sad about the weed being hard to get / illegal… yeah, I concur. Hopefully Schedule III happens soon and nationwide Medical will be legal.
even the phone app is larger than telegram and whatsapp