cancel @cancel@merveilles.town

@gendor I make a cross-platform C++ GUI program, so I understand your plight. But I think the solution is to repair desktop OSs so that developing software isn't a nightmare for them, not to add more layers of stuff to web browsers.

@gendor Why is this stuff being added to web browsers?

@gendor So I guess they are finally fixing this problem, years later. Is this in consumer Chrome now, or just Chromium? (I'm using "Edgium" on this machine, which might lag behind a version or two?)

@gendor The prompt doesn't even appear if the site doesn't ask for SysEx access. Example: https://webaudiodemos.appspot.com/conway/index.html

Actually, I was wrong about Firefox: I did a full reset of it, and it defaults to "off"/"block" now! That's good.

@gendor I also write run-on sentences, and make typos that I can't fix. Maybe it's the narrow input box, and seeing the character counter tick down as I type.

@gendor Sorry, I'm really bad at communicating long thoughts like this on mastodon :P

Hope I don't sound too rude. I'm not mad at you.

I tend to cut out the extra stuff from sentences and go directly to the point I want to make.

You can hit me up on the merveilles Slack or IRC channel, too.

@gendor Slightly interesting, though. On the page you linked to, it says that browsers can choose to prompt the user for any access.

But just to verify it hadn't changed in the actual browsers, I just tried both Firefox and Chrome, and neither of them prompts -- the pages can send and receive MIDI immediately. There *is* a prompt, by default, to use SysEx messages. So, none of this has changed recently, and it's as I described.

@gendor Also, SysEx is an arbitrary choice to avoid permanent bricking via firmware update mechanisms. There is plenty of hardware that can be ruined by using other message types. The web browser makers have handed control over hardware that they don't know what it does with whatever inputs you give it to random JavaScript on the internet, and don't let you turn it off except to disable all JavaScript.

@gendor The web browsers keep breaking the rules for how things to work. It's not expected by people that random web pages can send whatever MIDI they want to any MIDI device on your system, without confirmation or prompting. Now suddenly the web browser creators unilaterally decide to change the rules. It's so bad.

@gendor Things like voltage controlled synths can control real voltage running on real hardware and hurt or kill people if it happens at an unexpected time. Maybe you say they shouldn't leave their equipment connected in such a state. Well, that's not for a web browser creator to decide.

@gendor There is plenty of MIDI hardware that can be damaged or bricked by non-SysEx messages. You can interfered and permanently erase data. You can cause mechanical failures -- like a grand or upright piano connected via MIDI can be damaged by spamming it with notes in the right way.

@gendor SSL certificates are free and anonymous and instant. There is no chain of liability.

But, OK, let's say the user disables WebMIDI. Except, they can't. You are misunderstanding the option. The user can only disable a certain type of message from being sent -- SysEx, which is one of the ways that firmware can be flashed on devices via MIDI. But there are other ways.

WebMIDI cannot be disabled Firefox or Chrome. You can only disable SysEx access.

@gendor I've had physical devices which can be damaged by having MIDI sequences sent to them connected to my PC. Or even damage my person! And now, without prompting or telling the user, or even providing a way to turn it off, they hand over access to all MIDI devices on the system to whatever JavaScript? Nuts.

@gendor The people who implemented it and forced it through have no idea what they're doing. It's insane that not only can users not disable it, it's on by default.

@gendor OK, here's one. WebMIDI cannot be disabled in Chrome/Chromium or Firefox. You can only disable SysEx messages. It used to not even prompt for access at all. Browser just hands control over to arbitrary foreign code to do whatever it wants with MIDI devices. This can do stuff like destroy hardware, if it's connected to something physical. It's shockingly stupid.

@gendor Sorry, that probably came off as too mean :) But I'm sick of the web expansionism and how I have little control over the web browsers I'm pretty much forced to choose from.

@gendor what? I'm not talking about phone apps. I'm talking about web browsers running on PCs.

But, OK, let's say we're comparing mobile phone software downloaded from App Stores. The user is choosing to run this software. And there is a chain of liability.

Web JavaScript is involuntary. The user gets no choice. They click some link and now random ass website can manipulate their hardware.

@gendor I pretty much disagree completely. Websites have way too much access to hardware and other stuff that it shouldn't have. Crap like WebMIDI has allowed users to have been involuntarily exposed to having their music hardware ruined by malicious websites.

Web expansionism needs to be stopped. I 100% support Apple not adopting this stuff.

I also didn't find the article well-written or convincing.