Replying to Avatar ๐‘ป๐’‰๐’† ๐‘ซ๐’‚๐’“๐’Œ ๐‘ด๐’†๐’•๐’†๐’๐’“ ๐‘ญ๐’“๐’๐’Ž ๐‘จ๐’๐’…๐’“๐’๐’Ž๐’†๐’…๐’‚ยณ๐ŸŒŒโ˜„๏ธ

PWA sucks. Forced updates, no decentralisation, reliant on a browser to use, just a patch for those who didn't create an APK.

Jumble is a great client, and indeed the PWA is very good, but it's not ideal. I prefer to use it on the PC rather than on my phone as a nice client, but not a definitive one.
Avatar
Cody 4mo ago

There are plenty of choices, and everyone can pick what they like. I also mostly just use Jumble on desktop, haha.

But I donโ€™t really see the points you listed as disadvantages of PWAs:

- Forced updates mean an early client can quickly fix bugs and ship features. You might be worried about โ€œmaliciousโ€ updates, but does an APK really solve that? How many people actually review Amethystโ€™s source code, and even if they do, how many compile it themselves?

- Jumble is a purely static site and could even be deployed directly on nostr via https://nsite.run/ . If needed, Iโ€™m sure someone would mirror it, itโ€™s open source after all. Isnโ€™t that actually more decentralized than an APK?

- Depending on the browser means Jumble runs anywhere a browser exists. An APK, in contrast, depends on Android and doesnโ€™t easily run elsewhere.

Reply to this note

Please Login to reply.

Discussion

Avatar
Sirius 4mo ago

Zapstore signing is something thatโ€™s better in apkโ€™s. PWAs rely on SSL certs that live on CDN or server: easier to hack when the code itself is not signed.

Avatar
Sirius 4mo ago

It's easy to wrap browser apps with tauri btw. Iris is on Zapstore, and I might try my luck with play store and ios app store one day. Why not have both options. I've grown a bit weary of cloudflare.

Avatar
Cody 4mo ago

Thatโ€™s a good idea.

Avatar
Cody 4mo ago

Iโ€™ve thought about packaging it with Tauri / Electron, but then I canโ€™t resist bundling a local relay inside, haha. And thatโ€™s when I start procrastinating.

Avatar
idsera 4mo ago

Please pack it. People like to install things.

Avatar
Cody 4mo ago

The real security is in keeping your keys safe and not signing events blindly, haha. When I use Jumble, every event (except AUTH) asks for my consent before itโ€™s signed. I know that with this configuration, many apps become almost unusable.

Avatar
daniele 4mo ago

Yes, many apps assume that as soon they detect an extension the sign is immediate, and miserably fall with some sort of timeout if the user take some seconds to approve (or didn't approve at all).