I think the ship has sailed and we won't have a new browser from scratch any time soon. If two of the richest companies in the world can't do it ( Apple's Safari is always late with features, has significant bugs; MS abandoned their Edge), who could and why? What would be the value add over just using Chromium? It'd be a massive undertaking which you can't profit off because the competition is free.

PS: I'd like someone like the EU Commission ( for instance in the upcoming Digital Markets Act) to force Google to give away Chromium to an independent committee. It is the basis for Internet consumption, it shouldn't be in the hands of a single company.

SerenityOS Browser now passes the Acid3 test (https://news.ycombinator.com/item?id=30853392)

That is a new browser from scratch, (well actually, it is a full OS from scratch). I got the impression this is developed by very few persons.

So to answer your rhetorical questions:

Q: who could?

A: Andreas Kling, Linus Groh and Sam Atkins

Q: why?

A: Because they want to use it. "This is a system by us, for us, based on the things we like."

In a few years when they have achieved feature parity with Chromium or at least Safari we can discuss this again, but for now it's not ready for real life use.

The lone effort of a handful of developers that got equally far is worthy of a mention as a "new browser" even if it's not fit for human consumption yet.

So until then, why moan about the things people are doing to innovate in the space even though they’re using an off the shelf core.

Mozilla.. basically they're lingering on due to Google's fear of having the only browser available and the scrutiny associated. Ideally Firefox should be funded by public funds ( like thr EU donating money to FOSS projects they use like VLC, 7 Zip, etc.). But if a browser company at it for a long time can barely survive while also having a browser that's not "fully featured"... and Microsoft, with their infinite pockets, also abandoned theirs... what hope is there for anyone succeeding at it? And make no mistake, for any browser to succeed it would need the full feature set of Chromium.

> What would be the value add over just using Chromium?

Like what the sibling comment said: [0] Until it has achieved feature parity with at least Safari, then you can talk about 'value' or realistically using this browser over a Chromium one.

I can use a Chromium-derived browser today like Brave or ungoogled-chromium and have no 'Google' in it. The SerenityOS browser doesn't even qualify to be compared with the rest on usability other than being 'built from scratch'.

[0] https://news.ycombinator.com/item?id=31165497

A hard fork of Chrome would also be nice; would be a great way to create another fully independent browser without needing to do all the work of building a browser from scratch (though maintaining it would still require a lot of resources).

This is just a generic gripe with the overall state of the web though; obviously it's not up to OP specifically to solve it if that's not the goal of this project.

While I agree on bugs, "late on features" is at least partly a lie. Features are pumped out by Chrome at a rate of ~400 new Web APIs per year [1]. And Chrome pretends they are standard even if often both Safari and Mozilla are against them (e.g., most hardware APIs, constructible stylesheets in their original form etc.)

[1] https://web-confluence.appspot.com/#!/confluence

What about Flow? It's a a clean-slate closed-source browser and engine, designed to make effective use of parallelism: https://en.wikipedia.org/wiki/Flow_(web_browser)

Aaaand I'm out. Still not over Opera abandoning presto. With open source there's at least a chance it can be continued by someone else.

Aside: you could make the argument that both Chrome and Safari are only open source because they were not built from scratch.

Somehow I agree with you but this is a slippery path.

Should we do the same with x86 ISA?

Should we do the same with Windows?

YouTube?

Where should we draw the line?

Yes

Yes

Yes

Infrastructure should as well not rest in the hands of a single company, so somewhere past that?

Really? Who are these people, and where are they saying this thing?

I think the big mistake is that we let the HTML spec get so complicated that it's essentially become Google's platform. Although it's technically open, it certainly looks and smells like a monopoly.

How do we fix it? Maybe someone could make alternate rendering engines that use Canvas and WASM?

1. "We" didn't "let" HTML5 become anything. HTML5 reflects whatever browser makers choose to ship, which is why it's un-versioned. The attempt at an industry wide consensus building effort around what HTML should be failed (W3C), largely because it spent most of its political capital on implementation-independent academic dreams rather than incremental improvements. But if you're shipping a browser then what you want is incremental improvemetns.

2. I think by alternative rendering engines you mean different approaches to rendering UI and documents, that aren't HTML. But then you describe something that would have to fit entirely within the constraints of whatever browser makers impose. You'd be trying to build a competitor to browsers on top of browsers. The industry has a history of that and it doesn't work - browser makers always find reasons to kill them off. Flash, Java, Shockwave, ActiveX. Some were more secure than others but in the end, browsers killed them all. They won't tolerate competing platforms that ride inside the browser. That means to make a competitor to HTML5 you need to go outside the browser and build new kinds of browser and document/app technology.

3. To do (2) it really helps to have a good, easy to use deployment technology.

Watch this space.

Could you take a look at my comment in this thread and also at https://github.com/runvnc/tersenet

I have not totally updated that but my current thinking is that we really want to finish deconstructing the overlay operating system that the "web browser" has become. For example, we should actually not bundle the information browsing program and application VM together, but rather have a simple standard for them to work together. Such as, the info browser can save the list of the application binaries to a file or directory that the VM system knows to watch.

We also actually want to further decompose this into a multilevel window manager concept. On the first level, just a rule that applications save and reload window layouts when the user adjusts them.

I really think it should be a goal to standardize on some web assembly extension with simple UI features like canvas or framebuffer and keyboard events.

Hydraulic's first product is currently in private beta. If you like, email me and I'll add you so you can see what it is. Actually email me anyway, because I'm putting together a list of people who are interested in post-web technologies for perhaps a podcast/interview series. My address is in my profile.

That's why I suggested "Canvas and WASM." It's very trivial to get a "Canvas and WASM" program running in the browser. All you need to do is plan the API inside of WASM very carefully, because...

> That means to make a competitor to HTML5 you need to go outside the browser and build new kinds of browser and document/app technology.

... the next step is to remove the HTML & Javascript adaptors, and "build new kinds of browser"s that are compatible with the WASM API in the "Canvas and WASM" hack!

In this case, the newer browser would probably perform much better than the "Canvas and WASM" hack. :)

Edit: If you read this and want to talk further, my profile has a link to my web page. You can email me or track me down on LinkedIn.

Re: canvas+HTML5. Yeah, you can definitely go that way but there are some issues. My own analysis took me down a slightly different route. The issue with using WASM/Canvas is:

1. You need a UI toolkit that can draw into the canvas. Those are hard work. Making a simple one that gets abandoned after a year is easy, making one that's got a competitive feature set and which is maintained over the long term; much harder. Some do exist and it'd make sense to leverage them.

2. Of the toolkits that do exist, none are particularly well suited to wasm (maybe Qt could work?). In particular you normally want to write GUIs in high level GCd languages, but wasm doesn't support GC nor language-specific JITCs.

3. If you look at things developers are expressing a need for today when they go outside the limits of HTML5, it's often a combination of things like performance, OS integration, hardware integration, a wish or need to use other programming languages etc. HTML5 is a poor UI toolkit or really barely a UI toolkit at all, but that's not what's driving people currently. So the question is what would your offer be in the short term if you're restricted to wasm and canvas?

4. Finally, if you look at where HTML5 is weak and not innovating, or not even in the game at all, in my view there's lots of areas but they mostly require you to be outside the browser to fix them.

So I think the way to go is to make being outside the browser a much more hospitable place and in that way encourage people to build competing neo-browsers. Let 1000 flowers bloom, if you see what I mean.

FYI: You can do GC in WASM. I'm actively working in Blazor right now, which is C# compiled to WASM. Even though it's GC, it still relies on the Dispose pattern. (IE, if an object has a resource or needs explicit cleanup, it can't rely on the garbage collector to know when to release its resource or otherwise do its cleanup.)

But I'd be careful about being too opinionated about forcing a language onto the consumers of an API. I believe WinForms (the first C# UI API) was a thin wrapper around the Windows UI API, but I never did a Windows UI in Win32 directly to fully validate my assumption.

Interesting. Can you elaborate on what some of those academic dreams are/were that derailed things? Did they end up in the spec or were they just bikeshedded to death?

During the era when the W3C was firmly in charge, their tech output was all oriented around making the web stack more rigorous and - as they saw it - better suited for training AI. HTML itself was more or less abandoned and everyone told to move to XHTML, the benefits of which would be the ability to embed new DSLs like SVG, app-specific markup, and the ability to express abstracted "knowledge" in the form of RDF triples. All these specs still exist of course and they were all implemented in browsers, but hardly anyone uses them.

There were several big problems:

1. XML has strict validation rules. Much, much easier to build a parser and tools for, but, not compatible with most web content which is full of markup errors. For a brief period some people heroically tried to fix all the errors in their markup and make it fully validating, but the effort involved was high especially for big sites and the reward was ... well, there was no reward really. The only tool most people care about is the browser and browsers had complicated hacky HTML parsers nobody understood. But, pixels got to the screen and they got their reliably.

Especially consider how important that is given the prevalence of HTML-by-string-concatenation. In XHTML if you made a tiny error in that process then the browser would stop and render an error page, meaning a site outage that doesn't show up in your server logs. HTML has the opposite philosophy: keep on trucking no matter what. Your page might render a bit garbled at worst, but users can tolerate that occasionally.

2. RDF/XML/Tim Berners-Lee turned out to have the wrong idea about AI. Or, well, maybe. I suspect the jury is still out on that one given that stuff like GPT-3 doesn't really meet people's prior expectations of what AI will be like, but still. The idea of expressing human knowledge in the form of an abstracted graph of nodes, in which all the nodes and edges are labelled with URIs, and then serializing that to XML and embedding it into XHTML web pages. Yeah, no. Big, big specs. No tools that actually used any of it to do anything useful.

Meanwhile in all of this HTML4 was stagnant, missing lots of small quality of life fixes that ordinary webmasters and browser makers really wanted. So you can't blame browser makers for killing off the W3C. It wasn't meeting the world's needs.

On the other hand, once unleashed from any kind of broad consensus or standards process, HTML more or less ceased to be a spec you could actually implement. You can't even say you're compliant with it because a week after your statement it might have had another 100 pages added to it.

>"I suspect the jury is still out on that one given that stuff like GPT-3 doesn't really meet people's prior expectations of what AI will be like, but still."

I apologize if this is a naive question but what is the connection between GPT-3, browsers and Berners-Lee?

TBL/W3C felt like the next big upgrade for humanity would be AI that could understand the web. To achieve that, you need web pages to be encoded in the form of logical triples. Cyc used a custom lisp-ish language called CycL to do that, RDF was the same concept but 'web-ified' i.e. using XML and URIs for everything.

Of course that approach never took off. Even by 2003 Google was starting to master machine learning techniques like scalable logistic regression, the webbiest of web companies just didn't care about this symbolic AI approach at all because in reality nobody was using it. Too complicated, too abstract, no tools or cool demos. Pure vapourware in other words. GPT-3 has now shown that you don't need everyone to learn new syntaxes or predicate logic to train AI on the web. You can rely purely on statistical techniques and neural networks.

The issue is that "browser" now is code for a specific type of complex operating system that runs inside of another.

That should be split up again, and also reset to content-centric networking (such as IPFS).

- View information: just need something like markdown or RST. The Info browser

- Simple applications: web assembly with framebuffer, audio and mouse/keyboard input. Media browser

- Complex applications: Web assembly plus every device I can think of. Web assembly plus a flexible pluggable and granularly permissioned device driver system. Extended media browsers.

https://github.com/runvnc/tersenet

It great to have Edge, Brave and other, but they provide very little of interest.

I think this indirectly slowed down the foreverdomains server with the HN traffic.

Since you advertise "decentralized internet" vs blockchain, I'd love to see this also support some more non-blockchain protocols such as Dat (https://dat.foundation/) and IPFS directly. Maybe even Bittorrent and Tor (Onion router).

It may already do some of that, I just couldn't tell from your wording.

In what ways does it compare?

> the boys

I hope it's a much bigger world than that!

Citation needed

and again https://github.com/imperviousinc/beacon/blob/main/tools/src/...

This trend of "I'm going to invent some build tool because there are not enough build tools in the world" is evidently leaking out of the node ecosystem

For clarity, I did see that this was inspired by the brave-browser model, but of the ones to draw inspiration from, that's for sure not it given that their CI is closed source and they're trying to use npm in lieu of a more structured, comprehensible system

I like trying out alternate browsers, so congratulations on the launch, and I'll for sure try to build it, but I wanted to draw these to your attention because my experience with software is that error handling is about 80% of the job

Glad you're looking at the code! There's still some refactoring needed for butil. It will get more polished soon ;)

> This trend of "I'm going to invent some build tool because there are not enough build tools in the world" is evidently leaking out of the node ecosystem

butil applies string replacements, patches and overrides all under one tool using a statically typed language but still usable like a scripting lang since it can rebuild the actual tool as needed. You can technically do something similar with various python scripts I suppose and use chromium's GN build system . GN would just end up calling various scripts so I think i prefer this more unless you have some other ideas.

And I hear you about "but scripting!!1", however, using one of the existing tools means there is a non-zero chance of someone having experience with them and maybe even having reasonable editor support for it

It's your project, so I know I'm just some rando on the Internet, but I wanted to make sure you were choosing the contribution path you wanted to build upon, and not just hacking something together for expedience that then has to be unwound later. In this specific case, that goes double because it already has tight coupling to GN due to Chromium

> that goes double because it already has tight coupling to GN due to Chromium

Interesting i'll experiment with moving this to GN. I have more high priority things to deal with atm but i'll get to that.

It's easy to install an app and start browsing. No hacks or workarounds and the UX can be much more tailored (even for desktop).

Random thought, perhaps for later: some form of keyboard-centric navigation functionality - boosts your UX differentiation and it likely speaks to your target audience. Something along the lines of Nyxt browser[1] or the popular Vimium extension[2].

[1] https://nyxt.atlas.engineer/

[2] https://github.com/philc/vimium

The key challenge with DNS is that it is hierarchical and that there's a root with an owner. That owner is an entity that we just have to trust to do the right things in terms of certificates, security, not censoring entries, implementing fair policies for allocating names, etc. Whether you trust the current owners is of course a bit political. Mostly I have no big issues with that myself but it is annoying to have to bribe certain companies for the privilege of using our registered trademark as a domain name. Literally the only service these companies deliver is 'maintaining' a record of that.

A blockchain can replace this with distributed ownership of a tamper proof ledger of ownership of domain names. Building an index of these names is not that hard. Any old search engine or database can do that. But the key part is administering ownership in a fair and transparent way.

It's one of those use cases where using a blockchain actually makes sense without devolving into some pyramid scheme for creating lots of wealth for some. When you think about it, existing DNS works exactly like a pyramid scheme (by design even). Millions of people are paying in the order of 10$ a year for a cheap database record in an ancient hierarchical database. The only value these companies deliver is monopolizing ownership of common endings like .com, .io, etc. And the only reason we need those is because it's an ancient hierarchical database.

With a blockchain, we get rid of those companies and potentially also the top level domains. I see no reason why google, twitter, etc. could not be top level domains.

Why use a ENS/Namecoin versus a petname solution like GNS?

I like the idea of such a browser integration, but I don't see this actually being used. Perhaps you could have upstreamed those as experimental features in firefox/Torbrowser.

Edit: I suppose you could upstream it to brave, they are very crypto-friendly. Also, no Linux support?

Edit 2: Most of my points have been made moot by this: https://impervious.com/fingertip

I’m going to have to give this a try.

Though I have greater concerns regarding privacy of the new browser. Is it like ungoogled-chromium? DANE should really be merged into upstream chromium.

Another problem with the current state of the web was explained in an article I read a few days ago [1].

[0]: https://slate.com/technology/2016/12/how-the-2011-hack-of-di...

[1]: https://www.politico.com/news/2022/04/09/website-domain-more...

But what about this “distributed domains“ thing though? Unless I’m understanding it wrong, there’s blockchain technology involved. Why?

Another user in this thread with the name 'jillesvangurp' has elaborated on the why, which is worth a read.

Props for that. I wish we moved away from CAs.

Where is the harm being caused?

Where are the risks of harm?

What are systematic negative effects?

And if those can be articulated, are blockchain resolutions a solution to those problems?

The standard IT pattern seems to be a dominant corporation vs a ragtag of small groups.

The browsers wars have already gone through this cycle and the ragtag group won the last time.

But there were also lots of speciality browsers built on IE and it's hard to tell where any new Chrome fork browser stands.

(don't think this makes much sense, just answering your question...)

Let's say I have a hosted wordpress blog with a custom domain. How do I get a static IP for it?

Might anyone have any good resources for blockchain DNS they could share?

I guess the Handshake people will make sure .eth (the ENS suffix) resolves to ENS on Handshake. Handshake would like to eclipse everything :)

https://theoldreader.com/

it's kinda like the old google rss reader and works really really well!

Thanks

However, I will never use it because a browser is one of those really important information gateways that I want to be very sure is not compromised.

The implication here is "not compromised by independent actors that wouldn't already be capable", right? You're delegating trust to closed source megacorp products or open-but-insanely-complex megacorp dependents (firefox/chromium babies?), all of which will naturally create a strong incentive to find or hide exploits, once they have some traction. Discussion on HN makes me think it's impossible to really trust a browser to be secure atm. The alternative is to hope there are no wide-sweeping exploits, and to try to remain anonymous.

I guess the real additional issue added by something like this is this introduction of another actor which you need to be inherently suspicious of since they're attempting to funnel you towards their system, which they have some control over. Just like other corps, but you've given them your trust already. It's not crazy, I don't know if it's even wrong.

But I'd say maybe we can reframe your issues adopting something like this. Would it be something you would trust to use daily if the following become true? :

- The team at Impervious, develop a sufficient reputation for being stewards of open software with healthy communities over the coming years. (I'm implying that's a good approach to get security researchers giving time to your project, maybe it'd be sufficient to have a really good bugbounty program, or just develop a sufficient security team)

- A large audience adopts this browser, so you're not one of the hundred beacon users that's easily picked out throughout the web (I assume fingerprinting techniques make this an issue though I admit I've little knowledge on the topic)

I'd love to hear what I'm missing, and if this conflicts with your approach to assessing security maybe you can help me see your perspective :)

Basically there are not enough signals here for me to believe they are life-or-death serious about it. I know it sounds dramatic, but people's finances, careers, lives, etc can be destroyed by mishandling the information that flows through the browser. They need to take it that seriously, and signal that to everyone.

That sounds like a disaster waiting to happen. The public once got a hold of a sample of the anonymized searches of AOL customers and it didn't take long for individuals to get identified. The amount of data google has on people goes far beyond the things they search for or the sites they visit. A web browser that publishes everyone's browsing habits for the public would also get collected by data brokers and 'google et al' to be exploited for their own gain. Who would sign up to use that?

I'm pretty sure that if the data google has were ever made available to the public, as soon as the first congress person reviewed their own dossier we'd see laws passed very quickly banning the use of that data and perhaps even preventing it from being collected in the first place. I imagine any popular browser or project exposing their users similarly would have the same problem.

And ultimately, it may not even matter. Snowden's leaks revealed that basically every single privacy related conspiracy theory of times past was true. They showed that the NSA had are not only trading your nudes [1], but even have spies all the way down into things like World of Warcraft and XBox Live [2]. They also demonstrated countless illegal acts that violated every single possible interpretation of the 4th amendment.

And now? Snowden is holed up in some place in Russia knowing full well he'll likely getting Assanged, or worse, if he ever steps foot in a place friendly to the US. And the powers that be? They've only become more flagrant in all of their violations, endlessly protected from the law by a mixture of national security and lack of standing legal claims.

Don't underestimate what genuinely leaking against the interests of the powerful entails. People like Snowden are truly unique and selfless individuals.

[1] - https://time.com/3010649/nsa-sexually-explicit-photographs-s...

[2] - https://www.smithsonianmag.com/smart-news/the-nsa-was-spying...

Whistleblowers are very rare creatures to begin with. Not too many people are willing to risk the legal, financial and career ending repercussions assuming that they even have both access to the data and a means to copy it in bulk to back up their revelations. Even now, a large number of people would sadly still consider Snowden to be a traitor.

I imagine Google keeps the data they collect (and more importantly what they've inferred about us using the data they collect) under tight controls to avoid that problem. With only a limited number of people able to access the trove of data at all, and those people being kept happy (or perhaps more pessimistically, kept in line by fear. I mean let's face it, Google likely has enough dirt to bury any one of us alive) it's not hard to imagine that no one has been willing or able to come forward.

Although I'll give you this. A massive leak might stir up the public outrage necessary to convince the US Congress to actually do something about it.

GDPR

And now consider the alternative world, the one we happen to live in, where it's all private unless it somehow ends up getting "hacked" or "leaked" to the public, indirectly of course. And it'd be a shame if that happened wouldn't it Mr. Senator.

List of web APIs: https://developer.mozilla.org/en-US/docs/Web/API Canvas API spec: https://html.spec.whatwg.org/multipage/canvas.html

Take one look at the docs for just rendering text and any sane developer would probably give up: https://www.w3.org/TR/css-text-3/

Mozilla had a project called Servo which aimed at replacing just a small slither of Firefox and the project ran for years with a huge monetary investment and eventually was canceled.

Haven't some parts of it been integrated in Firefox?

The project does still seem to go on, although outside of Mozilla: https://github.com/servo/servo

https://news.ycombinator.com/item?id=30968715

If only Firefox(Gecko) would get some more attention...

This is precisely the issue. The fact that Google has such a mass control over Internet rendering means that they are free to write their own standards with absolutely no pushback. It is essentially an Internet explorer situation, whereas if Google wants something to work a certain way, you have no choice but to adapt it least certain websites won’t work.

I don’t think a single commercial entity — let alone one with such a disastrous privacy record whose primary source of income is advertising — should be able to strongarm the Internet like it currently can.

Apple and Mozilla have basically just swapped places when it comes to keeping developers in check wrt adopting chrome-only features.

I don't know that more people using FF would change much at this point, to be honest.

It is an open source community driven project with contributions from, "Google, Facebook, Microsoft, Opera Software, Adobe, Intel, IBM, Samsung, and others"

There are so many stakeholders, it isn't just google dictating what occurs in blink

Well, for starters, uBlock Origin works as intended on Firefox as opposed to Chromium and this will become more apparent with manifest v3.

I don't know about others but I also like how Firefox lets me choose the fonts that I want to see on the web while Chromium browsers don't.

It is THE problem. Software should not be "standard".

Nobody can engage with your opinions if you don't express them.