add electron link

This commit is contained in:
fria 2024-11-21 14:13:58 -06:00 committed by GitHub
parent 4aca2c54b7
commit 6fdefbe8be
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -14,6 +14,6 @@ license: BY-SA
The concept of a Progressive Web App is enticing: an app using web technologies thats inherently cross platform (since it runs in a browser) and acts like a native app, even working offline. Support in traditionally locked-down platforms like iOS means that PWAs can give users the freedom to install apps without having to go through Apples App Store. The concept of a Progressive Web App is enticing: an app using web technologies thats inherently cross platform (since it runs in a browser) and acts like a native app, even working offline. Support in traditionally locked-down platforms like iOS means that PWAs can give users the freedom to install apps without having to go through Apples App Store.
Attempts at similar things have been made before, notably the infamous Electron allows developers to easily create cross-platform apps by essentially bundling the browser in with the app. This has its drawbacks, though. Browsers have huge attack surface so it's important to keep them updated, but many Electron apps ship outdated versions, leaving those apps vulnerable. Attempts at similar things have been made before, notably the infamous [Electron](https://www.electronjs.org) allows developers to easily create cross-platform apps by essentially bundling the browser in with the app. This has its drawbacks, though. Browsers have huge attack surface so it's important to keep them updated, but many Electron apps ship outdated versions, leaving those apps vulnerable.
So why isn't every app shipping as a PWA? The answer is an old problem with web content: the fact that you have to trust the server every time you use it. You make an HTML GET request and you're served the content, but if the server is compromised, you'll be served a compromised website. This is a problem for security-sensitive applications like messengers. An attacker that gains access to their server even just temporarily, could distribute compromised clients to millions of people, potentially breaking E2EE or any other number of malicious actions. So why isn't every app shipping as a PWA? The answer is an old problem with web content: the fact that you have to trust the server every time you use it. You make an HTML GET request and you're served the content, but if the server is compromised, you'll be served a compromised website. This is a problem for security-sensitive applications like messengers. An attacker that gains access to their server even just temporarily, could distribute compromised clients to millions of people, potentially breaking E2EE or any other number of malicious actions.