HackerTrans
TopNewTrendsCommentsPastAskShowJobs

crazyloglad

no profile record

comments

crazyloglad
·4 miesiące temu·discuss
That is pretty much what we've done, but not in as "narrow" a scope as just Desktop but more as 'everything user facing in computing'. Full breakdown will be covered later this year as 'Arcan As OS Implementation' in a section on "Lua at every layer".
crazyloglad
·5 miesięcy temu·discuss
The entire article is from the browser internals angle. The page-writer one comes when we have tools to compile pages into app and layer in user features. The rough path for that is simpler ones first (Sile typesetter and Pandoc), then more exotic ones. An example of the later would be a "print to" modification to a browser that can preserve more content like animations and audio and not be restricted to fixed sized pages.

It is forever backwards compatible. API levels is for the rare few cases where we need to deprecate or break something on the engine side but can apply a runtime fix-up script to replicate the behaviour on the scripting level.

Decode/Encode/Network/Terminal is user-relevant insofar as the set of those are interchangeable binaries. If you want more or less (paranoia, legal environment restrictions) media format support, export or streaming capabilities, etc. those can be swapped out per site without any changes to the engine. What is being considered is to be explicit about expected formats in the manifest so that incompatibilities can be detected.

SHMIF is user relevant insofar as "wasm or low-level compiled code" running as local software can be embedded and controlled by the app, allow-listed by the user.

> No third-party storage, and maybe first-party is optional too (not sure what's the plat for this.. user prompt? explicit action?)

Can you clarify what you mean by this?
crazyloglad
·5 miesięcy temu·discuss
Et tu, Brute? Posit this. If you want to catch a rare kind of elusive fish that both has in-depth knowledge of a very niche topic and, rarer still, willingness to play for the greater good, how would you approach finding such a swimmer?

Failing to do so, that ticking clock, the tell-tale heart, means the engaging article will be an obit called 'Bowing Out'.
crazyloglad
·5 miesięcy temu·discuss
see also: the reply to you in the web post.

> User comes to an artistic website whose author thinks purple on red is a great color schema.

The outer app used as your desktop/browser-UI has two mechanisms at its disposal. The first is collaborative - it can convey the preferred colour-scheme so the 'page' you are browsing to can pick accordingly. That's actually how the terminal emulator and non-terminal shell both gets their colour schemes.

The other is enforced - just as tone mapping is needed on the composition level to deal with HDR, you can use the same facility to apply colour grading per 'page'. That's what I do to chrome right now without it knowing. If the average luminosity exceeds a threshold, it picks a colour map that enforces a dark mode regardless of what the browser wants. Similarly, if a game doesn't respond to resize requests but continues to provide a low 256x240 like output I apply an NTSC signal degradation shader pass into a CRT simulation one. By having it as a composition effect means that I can have my own view of colours, but if I 'share desktop' to someone else the original form is retained.

> - User opens the very newest website, which uses all the latest website standards, including new video codec, new font and new text rendering effect. (In regular web, this would only happen once most clients update to the very latest version of the browser, and telemetry says enough clients have updated)

It's similar to Android API_LEVELS. API breaks (we've had, I think two, since 2013) have been handled with a hook script that exposes the old behaviour. New video codec deployment is a bit special and there's a protocol level degradation path for that with a few nuances. It has mainly been used for hardware accelerated web cameras as a remote data source where it starts with direct pass-through of whatever streams it provides. If the client fails to decode (stream-cancel:reason=codec failure) it signals that and the source end reverts to a safer default from a hierarchy (h264 into zstd).

> In current web, I'd use "reader mode", or a custom UserScript if I plan to go to website often. What happens in Arcan - is this up to the "decode client"? What if the site author chose a "decode client" which has no such functionality?

Decode can be used for that but it is overkill. The hook-script facility (arcan -Hmyscript1.lua -Hmyscript2.lua myapp) can interpose every function the app has access to transparently. Reroute patterns like "load_image_asynch("something.jpg") into null_surface() there. These and other options like the set of encode/decode/permitted integration with allow-list of local software can* be preset per authentication key.

There is a PoC 'more than adblock' that uses an LLMed version of 'decode' in my bin of experiments. The first part is a hookscript that routes all image loading through a version of decode with a local classifier model asked to 'describe the contents of this image and tell me if it looks like an advertisment'. If not the default path applies. If yes it substitutes an image of puppies playing tug of war with a rubber chicken.

* code being written as we speak.
crazyloglad
·5 miesięcy temu·discuss
> Author's inspirations are BBS + 'offline first", and together, this produces something like Android Instant Apps. On first visit, your client downloads some remote code, as a signed package. Then the code gets run, and it can only talk back to the originating server. The overall result gives all powers to server owners, and IMHO is pretty terrible for users.

Except 'One desktop many devices' and 'your desktop, reaching out' and 'the tools used to browse, are used to host'. The first server in your network is.. yours. So it gives all controls to you. That's IMHO pretty excellent for users. Have your home directory (even if it is just localhost) be proxy, cache and external resolver. Preset for this is included in the next release.

> There is forced, instant auto-update. You don't get to postpone updates, and in fact, there is a system for real-time update of all of the clients.

Not forced, protocol level opt-in, the cli tool as a devtool does that by default because its a devtool. The variant the desktop appl can expose in UI does not. Protocol command to list new applications has a field for 'notify me of updates'.

> There is no inner links by design. It's like being in giant SPA, bookmarks are useless.

The inner links are not included in a textual representation to not repeat the URL degradation of 'arguments encoded in URL but also in cookie and you only share the url'. They are there but controlled to the user, not the application. There is protocol for 'snapshot appl state', 'restore from snapshot'. There is much more to this that was omitted because 6500 words already.

> User has zero power of customization (unless author designs a system for it). Adblock? Nope. Increase font size or change to more legible font? Not with A12. Custom userstyles? Not here.

Fonts, colors-theme, accessibility preferences etc. are all part of the interface between the browser-UI app and the hosted one without any other changes necessary. Engine itself gives available font-set a separate namespace for security. Every single exposed API function is hookable. On that note:

> - Oh, and if you want to extract information, there is no convenient HTML representation to parse, or an API to intercept. It's all internal state, driven by server. Maybe start reverse-engineering stuff.

Instead there is the scene graph of the browser to export as lua, exposed as a script function itself so you can hookscript it. As a trivial one: https://codeberg.org/letoram/arcan/src/branch/master/data/sc...

It reads as 'after n monotonic ticks, create a snapshot of the scenegraph and store.'. These are Lua scripts themselves. This can be triggered by the browser-UI app. Nodes with a text backed origin has the original text, with annotation for extra details or screen-reader accessibility.

> About cookies and privacy: each user gets identity, and it is immediately sent to a server at each connection. That identity is salted so it's different between app, but within app, it's permanent.

The tools for client side key management does key differentiation per directory by default and ephemeral by default. You opt-in explicitly with 'I want a persistent keypair tied to these sets of discovery points referenced by my-petname'.

> Apparently "eval()" is disabled, to prevent "‘middleboxes injecting code’ adtech style tampering." I had to read this twice and check the calendar.. it's 2026, the last time middleboxes could inject code was over a decade ago, before https was everywhere.

Travel more. They are still there. But also, outside of presence in XSS,CSRF,SSRF, ... that are still here, the rest moved to 'SSL removed here :-)' side as per the Snowden leaks. Then they moved to hijacking plugins, npm packages or just shady deals with the site's 888 partners because streaming pornsites need revenue.

> The only allowed connections are to originating host ("directory"), and it has to proxy whatever resources it has. It is no longer possible to keep control of HTML and offload large files to CDN - if you want CDN, you go all the way in and surrender all control.

Which leads into the 'external resolver' part. Large-files retrieved and reference by hash. Resolver mapping that. Swap that out for one that forwards to your CDN or IPFS or your local data-hoarder cache.

> Author talks a lot about local-first, and you can bundle media with code in initial downloads. But many examples are of regular remote apps. "image sharing" app which loads images on-demand. A video player which can only stream videos. A complex app which is backed by VNC-like remote desktop connection. None of this is local-first!

Yet all of the applications currently hosted, including the presentation slides one, are local first and the development workflow is such that you have to say "I want to access networked resources" and the default tooling response is "no".
crazyloglad
·5 miesięcy temu·discuss
clicks web page. clicks videos. sees flashy demos. https://arcan-fe.com/videos/
crazyloglad
·5 miesięcy temu·discuss
There's been a closed version of https://arcan-fe.com/2021/04/12/introducing-pipeworld/ that was VR centric as well as wilder 'layouters' to https://arcan-fe.com/2018/03/29/safespaces-an-open-source-vr... that is still around in my piles here somewhere.

For a handful of reasons (abusive and hostile actors being at the top) we focus elsewhere (https://www.divergent-desktop.org/blog/2026/01/26/a12web/ and https://arcan-fe.com/2025/01/27/sunsetting-cursed-terminal-e...).

AR/VR development in this space is a massive timesink for all the wrong reasons. Hardware vendors absolutely suck here. Everyone is openly or quietly dreaming of the vertically integrated 'app-store tax' being their real source of revenue rather than selling devices.

This means that if you don't want to fuzz around with half-baked proprietary SDKs that break more often than they do what they're supposed to, you get to sit around reverse engineering. As fun as that can be, it's much less so when that is not what you set out to be doing. Half my electronics 'donation boards bin' is discarded HMDs and input devices by now.

Even in the quirky missed opportunities like Tilt5 you have this situation.
crazyloglad
·8 miesięcy temu·discuss
It's still around. Still doing its thing. One developer drafted a backend to ratatui for it, but he's been silent lately. I'm only marginally interested in that angle as its endgame "just" lands in TurboVision but Rust! and having to stay compatible with the feature-set of terminal emulation defeats the point.